Kantara Initiative

Last updated
Kantara Initiative
Founded2009
TypeInformation Technology and Services – Industry consortium and professional trade organization
FocusTrust framework conformity assessment, assurance and Trust Mark operations for digital identity management and personal data privacy
OriginsFounded by private sector identity management industry vendors, later joined by government agencies and individual subject matter experts
MethodPrograms, Recommendations, Conferences, Publications
Key people
Kay Chopard
(Executive Director)
Lynzie Adams
(Executive Programs Manager)
Andrew Hughes
(Chair of the Leadership Council)
Website kantarainitiative.org

Kantara Initiative, Inc. is a non-profit trade association that works to develop standards for identity and personal data management. It focuses on improving the trustworthy use of identity and personal data in digital identity management and data privacy.

Contents

Kantara translates to “wooden bridge” in Kiswahili, which is the inspiration for the bridge of Kantara’s logo. The name is attributed[ by whom? ] to Nat Sakimura, a Kantara founding board director and Open ID Foundation chair, who spent his childhood in Africa.

Kantara drafts technical specifications and recommendations for industry use and submits them to standards development organizations, such as Organization for the Advancement of Structured Information Standards (OASIS), Worldwide Web Consortium (W3C), [1] Internet Engineering Task Force (IETF) [2] and SC27 (Security Techniques) Working Group 5 (Identity Management and Privacy) of the International Organization for Standardization (ISO).

Kantara provides input to policy bodies such as OECD as well as some inter-government initiatives related to identity management and personal data agency.

Projects

Of completed projects, the following are noteworthy:

History

The initiative was established in 2009 by a group of identity management (IDM) technical interoperability organizations using a bi-cameral system of governance. [15] Responding to industry consortia fragmentation, Kantara aimed to form a unified, transparent and inclusive member organization for digital identity community stakeholders.

In 2011, Kantara focused on serving the needs of relying parties. Kantara did so by developing assessment, assurance, and trust marks for federated trust frameworks, as well as developing urgently needed specifications quicker than the lengthy processes undertaken by Standards Development Organizations (SDOs). Private and public sector relying party organizations (initially from the United States, but globally as of 2024) joined the initiative to develop identity and credential requirements and operate conformance and assurance programs, thus complementing the missions and outputs of other industry consortia, such as PDEC (Personal Data Ecosystem Consortium), Customer Commons the CARIN Alliance, [16] Identity Commons, [17] FIDO Alliance and IDESG (assets transitioned to Kantara Educational Foundation in June 2018 [18] ).

Formerly an affiliate program under IEEE-ISTO, Kantara Initiative self-incorporated as a 501(c)6 nonprofit organization in January 2016. [19] In 2018, two financially separate but similarly missioned and branded organizations were establishedMittetulundusuhing Kantara Initiative Europe, an Estonian based Trade Association, and Kantara Initiative Educational Foundation Inc, a US incorporated 501(c)3 in the US.[ citation needed ]

Related Research Articles

Health Level Seven or HL7 is a range of global standards for the transfer of clinical and administrative health data between applications. The HL7 standards focus on the application layer, which is "layer 7" in the Open Systems Interconnection model. The standards are produced by Health Level Seven International, an international standards organization, and are adopted by other standards issuing bodies such as American National Standards Institute and International Organization for Standardization. There are a range of primary standards that are commonly used across the industry, as well as secondary standards which are less frequently adopted.

Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems.

Identity management (IdM), also known as identity and access management, is a framework of policies and technologies to ensure that the right users have the appropriate access to technology resources. IdM systems fall under the overarching umbrellas of IT security and data management. Identity and access management systems not only identify, authenticate, and control access for individuals who will be utilizing IT resources but also the hardware and applications employees need to access.

<span class="mw-page-title-main">Liberty Alliance</span> Computer trade group

The Liberty Alliance Project was an organization formed in September 2001 to establish standards, guidelines and best practices for identity management in computer systems. It grew to more than 150 organizations, including technology vendors, consumer-facing companies, educational organizations and governments. It released frameworks for federation, identity assurance, an Identity Governance Framework, and Identity Web Services.

Security Assertion Markup Language is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based markup language for security assertions. SAML is also:

A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.

<span class="mw-page-title-main">OpenID</span> Open and decentralized authentication protocol standard

OpenID is an open standard and decentralized authentication protocol promoted by the non-profit OpenID Foundation. It allows users to be authenticated by co-operating sites using a third-party identity provider (IDP) service, eliminating the need for webmasters to provide their own ad hoc login systems, and allowing users to log in to multiple unrelated websites without having to have a separate identity and password for each. Users create accounts by selecting an OpenID identity provider, and then use those accounts to sign on to any website that accepts OpenID authentication. Several large organizations either issue or accept OpenIDs on their websites.

Information security standards or cyber security standards are techniques generally outlined in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.

The ISO/IEC 27000-series comprises information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

OAuth is an open standard for access delegation, commonly used as a way for internet users to grant websites or applications access to their information on other websites but without giving them the passwords. This mechanism is used by companies such as Amazon, Google, Meta Platforms, Microsoft, and Twitter to permit users to share information about their accounts with third-party applications or websites.

The Identity Governance Framework was a project of the Liberty Alliance for standards to help enterprises determine and control how identity information is used, stored, and propagated using protocols such as LDAP, SAML, and WS-Trust and ID-WSF.

Identity assurance in the context of federated identity management is the ability for a party to determine, with some level of certainty, that an electronic credential representing an entity with which it interacts to effect a transaction, can be trusted to actually belong to the entity.

The National Strategy for Trusted Identities in Cyberspace (NSTIC) is a US government initiative announced in April 2011 to improve the privacy, security and convenience of sensitive online transactions through collaborative efforts with the private sector, advocacy groups, government agencies, and other organizations.

ISO/IEC JTC 1/SC 27 Information security, cybersecurity and privacy protection is a standardization subcommittee of the Joint Technical Committee ISO/IEC JTC 1 of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). ISO/IEC JTC 1/SC 27 develops International Standards, Technical Reports, and Technical Specifications within the field of information security. Standardization activity by this subcommittee includes general methods, management system requirements, techniques and guidelines to address information security, cybersecurity and privacy. Drafts of International Standards by ISO/IEC JTC 1 or any of its subcommittees are sent out to participating national standardization bodies for ballot, comments and contributions. Publication as an ISO/IEC International Standard requires approval by a minimum of 75% of the national bodies casting a vote. The international secretariat of ISO/IEC JTC 1/SC 27 is the Deutsches Institut für Normung (DIN) located in Germany.

Privacy by design is an approach to systems engineering initially developed by Ann Cavoukian and formalized in a joint report on privacy-enhancing technologies by a joint team of the Information and Privacy Commissioner of Ontario (Canada), the Dutch Data Protection Authority, and the Netherlands Organisation for Applied Scientific Research in 1995. The privacy by design framework was published in 2009 and adopted by the International Assembly of Privacy Commissioners and Data Protection Authorities in 2010. Privacy by design calls for privacy to be taken into account throughout the whole engineering process. The concept is an example of value sensitive design, i.e., taking human values into account in a well-defined manner throughout the process.

User-Managed Access (UMA) is an OAuth-based access management protocol standard for party-to-party authorization. Version 1.0 of the standard was approved by the Kantara Initiative on March 23, 2015.

ID.me is an American online identity network company that allows people to provide proof of their legal identity online. ID.me digital credentials can be used to access government services, healthcare logins, or discounts from retailers. The company is based in McLean, Virginia.

Token Binding is a proposed standard for a Transport Layer Security (TLS) extension that aims to increase TLS security by using cryptographic certificates on both ends of the TLS connection. Current practice often depends on bearer tokens, which may be lost or stolen. Bearer tokens are also vulnerable to man-in-the-middle attacks or replay attacks. In contrast, bound tokens are established by a user agent that generates a private-public key pair per target server, providing the public key to the server, and thereafter proving possession of the corresponding private key on every TLS connection to the server.

HIE of One is a free software project developing tools for patients to manage their own health records. HIE stands for Health Information Exchange, an electronic network for sharing health information across different organizations, hospitals, providers, and patients. This is one of a growing number of tools for encrypted data exchange within the healthcare sphere.

A mobile driving licence is a mobile app that replaces a physical driver's license. An International Organization for Standardization (ISO) standard for the mobile driving licence was approved on August 18, 2021 and published on 30 September 2021.

References

  1. Lizar, Mark. "Position Statement from Kantara to the W3C regarding Privacy Data Controls".
  2. Maler, Eve; Machulak, Maciej; Hardjono, Thomas; Richer, Justin (13 February 2019). "User-Managed Access (UMA) 2.0 Grant for OAuth 2.0 Authorization". tools.ietf.org. Retrieved 2019-08-14.
  3. "ID.me Strengthens Digital Identities for Government and Healthcare". KMWorld. 2018-08-17. Retrieved 2019-08-14.
  4. Experian. "Kantara Initiative approves Experian's CrossCore platform for conformance with NIST 800-63-3 IAL2". www.prnewswire.com. Retrieved 2019-08-14.
  5. Michele, Nati (September 2016). "Researching the transparency of PD sharing".{{cite journal}}: Cite journal requires |journal= (help)
  6. "Kantara Initiative Releases Consent Receipt Form for GDPR | SecurityWeek.Com". SecurityWeek. Retrieved 2019-08-14.
  7. "Kantara Initiative Releases Consent Receipt Form for GDPR | SecurityWeek.Com". SecurityWeek. Retrieved 2019-10-03.
  8. "Kantara Initiative Releases User-Managed Access Version 2.0 Specifications". Business Wire. 2018-02-13. Retrieved 2019-08-14.
  9. "A Quick Guide To User-Managed Access 2.0". wso2.com. Retrieved 2019-08-14.
  10. Fontana, John. "Identity experts forming non-profit professional organization". ZDNet. Retrieved 2019-08-14.
  11. "IDPro, the First-Ever Digital Identity Professionals Organization, Launches with Over 400 Pledged Members". www.businesswire.com. 2017-06-28. Retrieved 2019-08-14.
  12. "Principles – Kantara Initiative". kantarainitiative.org. Retrieved 2018-11-05.
  13. "Episode 163: Kantara Initiative receives grants to develop smartphone solutions for digital ID". SecureIDNews. Retrieved 2019-08-14.
  14. "Incubator Program Yields BLE and NFC Credentialing - 2018-12-07 - Page 1 - RFID Journal". www.rfidjournal.com. 7 December 2018. Retrieved 2019-08-14.
  15. "The Kantara Initiative–– A New Organization for Identity Management Technology | NTT Technical Review". www.ntt-review.jp. Retrieved 2019-08-14.
  16. "Kantara Initiative And The CARIN Alliance Sign Affiliated Alliance Agreement". Yahoo! Finance. Retrieved 2019-08-14.
  17. "ID Related Standards - IdCommons". wiki.idcommons.org. Retrieved 2019-08-14.
  18. "IDESG absorbed into Kantara Initiative". SecureIDNews. Retrieved 2019-08-14.
  19. Team, Kantara Initiative (2016-04-05). "Kantara Initiative Establishes New Status as Autonomous Corporation". Kantara Initiative: Trust through ID Assurance. Retrieved 2023-10-11.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.