Kantara Initiative


Kantara Initiative, Inc. a 'commons' ethos and ethics operated 501 c non-profit industry professional trade association has a stated mission of "improving trustworthy use of identity and personal data through innovation, standardization and good practice in the domain of digital identity management and data privacy."

Description

The initiative was established in 2009 by a group of identity management technical interoperability organizations using a bi-cameral system of governance. Responding to industry consortia fragmentation, Kantara aimed to form a unified, transparent and inclusive member organization for digital identity community stakeholders. It marked its 10th Anniversary in 2019.
Kantara translates to “wooden bridge” in Kiswahili, a hybrid language between Arabic and Bantu, and that’s showcased in the bridge of Kantara’s logo. The name is attributed to Nat Sakimura, a Kantara founding Board Director and Open ID Foundation Chair, as he spent his childhood in Africa.
In 2011, Kantara focused on serving the needs of relying parties. Kantara did so by developing assessment, assurance and Trust Marks for federated trust frameworks, as well as developing urgently needed specifications quicker than the lengthy processes undertaken by Standards Development Organizations. Private and public sector relying party organizations joined the initiative to develop identity and credential requirements and operate conformance & assurance programs, thus complementing the missions and outputs of other industry consortia, such as PDEC, Customer Commons the CARIN Alliance, Identity Commons, FIDO Alliance and IDESG.
Formerly an affiliate program under IEEE-ISTO, Kantara Initiative self-incorporated as a 5016 nonprofit organization in January 2016. This change reflected the growing influence and stature of the organization, the need to expand globally and broaden its technical and legal innovation and trust framework operations in digital identity management and personal data privacy. In 2018 two financially separate but similarly missioned and branded organizations were established - Mittetulundusuhing Kantara Initiative Europe, an Estonian based Trade Association, and Kantara Initiative Educational Foundation Inc, a US incorporated 5013 in the US.

What Kantara Does

Kantara drafts technical specifications and recommendations for industry use and submits them to SDOs such as Organization for the Advancement of Structured Information Standards, World wide Web Consortium, Internet Engineering Task Force ) and SC27 Working Group 5 of the International Organization for Standardization .
Kantara provides input to policy bodies such as OECD via its seat on the ITAC, UNCITRAL Working Group IV as well as some inter-government initiatives related to identity management and personal data agency.
Kantara operates two distinct programs for the digital identity and personal data privacy community - Applied R&D and Trust Framework Assurance. The Trust Framework Assurance program involves the creating assessment criteria for publicly available and industry sector standards and specifications, undertaking conformity assessment of a provider's service seeking compliance and subsequent granting of Trust Marks, along with the associated governance.

Current projects

The Kantara Assurance Framework remains focussed on facilitating the 3rd party assessment and assurance of providers services seeking conformance to NIST 800-63-3 at IAL 2 and AAL2, expected to extend to FAL2 later this year.
The Kantara Consent Receipt specification v1.1 is undergoing a minor revision while simultaneously a more generic broader based information sharing framework is being developed in response to community feedback interested in standardizing an expanding suite of profiles. An example of the Consent Receipt is referenced in the standard ISO/IEC 29184 Online privacy notices and consent. According to the initiative's executive director, the idea behind the consent receipt is for individuals and companies to both be able to maintain and manage permissions for personal data.
The Kantara User-Managed Access specification - a set of standardized extensions to OAuth 2.0 aimed at asynchronous user permissioning and delegated authorization - has stabilized at V2.0 with the early adopter implementers now standardizing profiles and extensions. A Business and Legal framework is being developed to complement the technical protocol framework already completed. UMA received the Best Innovation Security Award from the European Identity & Cloud Conference 2014.
Of completed projects; the following are noteworthy;
Kantara completed the project of incubating the IDPro project in 2017. for digital identity professionals. Kantara will continue to develop the Body of Knowledge for the good of ID Pro and the community. This effort was kicked off in 2016 with an electronic pledge where digital identity professionals signify their support for a digital identity professional association and Kantara’s principles.
Kantara has all but completed the Applied R&D project with Rutgers University’s Command, Control and Interoperability Center for Advanced Data Analysis, a US Department of Homeland Security University Center of Excellence, a main component of the KIPI program. Two projects to progress through all three phases to transition to commercialization are Mobile Device Attribute Verification and NFC4PACS. Kantara's R&D grant funding currently centers around NGI_Trust where Kantara Europe is a consortium partner. Kantara's publishes the outputs from its workgroups on its website where they are free to download.