Kantara Initiative Inc is the global ‘commons’ non-profit consortium passionate about giving control of personal data back to people, through innovation, standardization and good practice. Attracting established and emerging organizations, governments and individuals to its open collaborative ethos, Kantara operates Trust Frameworks to assess and assure digital identity and privacy solution service providers and is the home of 2 open specifications selected in the top 5 trends for 2018 - UMA, the OAuth extension enabling respecting user-controlled delegation, and the Consent Receipt. Kantara maintains leadership positions in OECD ITAC and ISO SC27 in topics around digital Trust, Privacy and Identity.
6. ‘the Rhythm of Kantara’
‘Nurture, Develop, Operate – that’s what we do’
Nurture emerging technical communities
through our discussion & working groups
and our incubators – present and past
examples: Identity and Privacy R&D (KIPI)
program, ID Pro incubator.
Develop and standardize community
practices with specifications companies can
understand, trust and implement.
Operate conformity assessment programs
to enable companies to meet their
adherence goals to standardized practices
needed to support their business.
10. Example deployments of Kantara’s specifications
Consent Receipt Specification
WSO
2
more..
The UMA specification
gives individuals a unified
control point for authorising
who & what can access
their digital assets at their
desired grain.
Gluu
Customer Commons/Kantara
Intent Casting UX and Human
Readable terms
more..
soon
13. Nurture. Develop. Operate.
– that’s what we do
colin@kantarainitiative.eu
Twitter:
@KantaraColin
@KantaraNews
Join us at https://kantarainitiative.org/membership/
Ethics & Conformance Trust Marked
Editor's Notes
Kantara is comprised of 3 separate entities to address 3 different legislative tax areas: industry consortium community development, charity public good grant funding, and Europe.
Kantara differentiates from other consortia variously, not least in its steadfast hold to the principles of openness, fairness and balance, to allow individual & small business contributions, international reach, and combined security-privacy scope.
Kantara uniquely scopes-in personal data privacy with digital identity, which while critical, Kantara views as a particular instance of personal data enrollment and data exchange.
Kantara’s business model relies on Board & corporate membership & sponsorship to sustain the low/no cost community development & publishing, while monetizing the Trust Framework and the R&D grant funding facilitation. ForgeRock & ISOC hold Officer positions on the Board – a mix of large & medium sized personal data focused orgs.
Kantara’s incubation of ID Pro, the digital identity professionals association, exemplifies its mission and altruistic ethos.
Kantara absorbed the assets of the public-private US identity ecosystem organisation, the IDentity Ecosystem Steering Group (IDESG)
The geographic location & scope of the Liaisons nicely complement Kantara’s international scope via membership, trust framework operations and R&D programs. Liaisons shown here: https://kantarainitiative.org/about/liaisons/
ISO, ITU-T and ITAC are exceptions since the nature of these liaisons is expert contribution to standards and policy development. https://kantarainitiative.org/about/liaisons/
Kantara attracts international membership, with each of these lines of corporate logos representing at least 4 different countries. >50% of Kantara’s members are non US. Kantara’s international reach is partly reflective of CGI’s own international presence, tho’ of course Kantara’s is smaller by comparison.
The appearance of international Research and Education federations amongst Kantara’s members is because they consider it the only ‘safe haven’ for their engagement.
Some organizations previously indicated a preference for their logo not to be displayed. See the full membership list here: https://kantarainitiative.org/members/
Kantara community working groups allow non member participants to contribute. X10 is an approximation given that the number constantly changes, lying somewhere between members around 100 and an email list of 1850.
Organizations wishing to contribute to and have a seat at the table of International standards organizations can use Kantara’s Liaisons as a direct channel or a supporting parallel channel to access these consortia.
Kantara’s ‘rhythm’ is typically a recurring cadence of 3 activities in a circular cycle; new ideas socialized and nurtured, some of those developed further into artefacts, and some of those operated as monetized programs. Examples are the Trust Framework Operations and Assurance program and the Kantara Identity & Privacy Incubator (KIPI) program.
External inputs can and do arrive at any stage in the cycle, to add to Kantara’s self-generated efforts.
Kantara operates a bi-cameral governance system; The Board primarily focusses on the overall strategic direction and risk posture of the organization, and while having Leadership Council representatives on the Board to provide balance and alignment, the Leadership Council operates largely autonomously of the Board. The Leadership Council (currently Chaired by Canadian Andrew Hughes) comprises the Officers of each Working Group that primarily focusses on the development and delivery of artefacts from the Working and Discussion Groups.
The UMA specification is an open specification for federated delegation and authorization, designed as an extension to the open standard OAuth 2.0, developed in Kantara’s open-consensus based environment to give a user a unified control point for authorizing who can access their online personal data.
The Consent Receipt is an open specification developed in Kantara’s open consensus-based environment and led by Canadian and UK experts. Its first deployments have been in Europe by companies complying with GDPR or EU based cloud providers. Well known US vendors have recently indicated intention to deploy.
Kantara has been an authorized Trust Framework Operator to the US Federal Government’s GSA FICAM Trust Framework Solutions (TFS) program since 2010, where it assesses and approves Identity and Credential Service Providers that deliver authenticated identities to US agency citizen facing digital services.
It has used its own scheme profiled from the US government’s mandated NIST SP 800-63-2, and more recently 63-3 guidelines. From late 2017, NIST has encouraged Kantara to support greater interoperability between jurisdiction schemes, and it remains active on Kantara’s roadmap awaiting funding to develop it.
The transition of IDESG’s assets to Kantara, adds IDESG’s IDEF self attestation scheme to Kantara’s own existing 3rd party schemes.
Kantara is receiving increased enquiries from both private and public sectors to operate their schemes on their behalf (i.e. their requirements, their assessment rules, their Trust Marks strap-lined with Kantara to reflect the collaboration) outsourced to Kantara to operate and govern, because of Kantara’s enviable reputation in this artform.
Examples of deployers of Kantara’s specifications
KuppingerCole put Kantara specifications at the top of its predictions for 2018.
Opportunities exist for brand association and sponsorship activities across much of the new work.
Members can bring their community and its work into Kantara as either a public or private working group.
The proximity of the R&D Program to the membership means that members get early visibility of new projects gaining traction, useful for downstream partnering and investment.
Kantara’s 3 entity structure, allows flexibility in choosing the US C6 business league, the C3 public good charity, or the Estonian trade association as vehicles.
Kantara has a steady stream of requests to contribute its identity assurance, trust framework, user control and privacy expertise to other consortia leading efforts in Financial Services and Healthcare in particular, allowing Kantara members to extend their influence into other consortia.
Kantara has evolved towards an approach based on 3’s. So it is not surprising that it’s slogan is comprised of 3 action verbs; Nurture – Develop – Operate.
Kantara Members have a wealth of experience: Identity Assurance, Privacy, Policy and Information Systems Assessment.
We’re here to help your community ensure Federated Identity, Access and Personal Data systems are verified for trust, privacy and best practice.