The Kantara Initiative for Online Identity: A One-Year Progress Report

By: Eve Maler, Trent Adams

Date: January 1, 2010

line break image

By J. Trent Adams and Eve Maler

Founded in April 2009, the Kantara Initiative was conceived as an open, global organization with the mission of promoting interoperability and technology harmonization across the myriad identity solutions available and under development. With the proliferation of single-protocol solutions being pursued, the founders of the Kantara Initiative set out to promote the deployment of heterogeneous protocols, standards, and solutions for vendors and end users within the entire network identity ecosystem.

As can be expected, it was a huge undertaking to corral enough industry and community support for this idea to move onto the world stage. Key to the success in setting it up was the contribution of time, effort, and intellectual capital from the Liberty Alliance. In 2008, the Liberty Alliance board of trustees foresaw the need for a new organization that would support all of the major industry solutions and community standards, promoting component-level interoperability while also addressing the related business, legal, and regulatory issues. Thus, the Liberty Alliance began the effort of reaching out to other organizations to form Kantara.

Among the organizations agreeing to found Kantara with this mission were the Internet Society, the Information Card Foundation, the DataPortability Project, and This extended set of organizations added to the existing industry leaders within Liberty, such as AOL, British Telecommunications, CA, Intel, Oracle, and Sun Microsystems. Together, they began working on structuring an inclusive environment conducive to multiple points of view and to collaboration at a global scale. The result is an organization with no membership fees to participate and with a truly transparent operating structure.

Since its inception, the Kantara Initiative has fostered a robust environment in which a wide variety of identity ecosystem challenges are being tackled. Among the active work streams are:

Promoting component (i.e., protocol-level) interoperability
Ensuring global interoperability within a vertical market but also across markets (e.g., finance to health care)
Developing business and policy best practices related to end-user engagement (e.g., contractual intellectual property rights between entities, and privacy issues)
Advancing government and regulatory compliance; helping guide legislation that honours the privacy of end users and protects user-managed access to users’ data
Fostering identity assurance programmes to support business and government trust requirements
Promoting recognition of end-user usability needs in developing industry solutions
These threads can be seen in the various Kantara working groups. While all operate under one governance umbrella-and communication and coordination among groups are encouraged through joint membership on a Leadership Council-each working group has a distinct mandate and set of deliverables.

In order to support such a diverse set of activities, the Kantara Initiative took an unusual approach regarding the protection of intellectual property contributed to the groups in service of the Kantara charter. This approach (1) requires each group, at inception, to select the intellectual property rights (IPR) regime that best fits its goals and the eventual standards organization to which specifications may be submitted and (2) requires participants to agree to the regime before taking their places at the table. Such flexibility allows each group a quick and easy way to get up and running with the IPR option that suits the group’s members while helping protect developers of Kantara-incubated specifications. Of the 18 groups chartered since April, some of the most active are:

E-Government: Facilitates collaboration and discussion among Kantara groups with an interest in e-government identity management applications and services. This group acts as a forum to discuss best practices by government organizations on national, regional, and municipal levels and offers government-subject-matter expertise in the development of Kantara Initiative policy recommendations and specifications.
Healthcare Identity Assurance: Designs, implements, and tests reference applications for secure access to health information. One example use case under consideration is for consumers to be able to access their health records with a standardized login system. Another is a way for emergency workers to access critical health information during emergencies or natural disasters.
Identity Assurance: Fosters the adoption of trusted online identity services, identifying and resolving specific obstacles to their market and commercial acceptance. This group is actively working toward the development of a global standard framework necessary to support trusted identity service providers.

Information Sharing: Identifies and documents use cases that illustrate the benefits and challenges of user-driven information sharing. By focusing on the benefits and addressing the obstacles, the group specifies the policy and technology solutions that are required to enable a smooth and effective information flow.
Privacy and Public Policy: Focuses on the interplay between privacy, technology, and policy, and aims to ensure that Kantara contributes to better privacy outcomes for users, data custodians, and other stake-holders. This group engages with a diverse range of privacy stakeholders, understanding their different perspectives, translating and mediating between them as necessary, and documenting privacy-related principles and good practices applicable to a broad range of prevalent technology platforms.
User-Managed Access: Develops specifications that let an individual control the authorization of data sharing and service access made between online services on the individual’s behalf, and to facilitate interoperable implementations. The group expedites the process of collaborating with different communities on a draft solution that meets their shared goals that cross community boundaries.

Rather than setting up another standards body, the Kantara Initiative focuses on incubation of ideas and concepts. If specifications emerge from the groups, they are then submitted to other standards-setting organizations for adoption and operational maintenance. Each chartered group that anticipates producing specifications selects the standards body to which it expects to contribute its work when it is fleshed out. For example, some groups are targeting the W3C, others are looking to OASIS, and some have their sights on the IETF.

A prime example of this process is the User-Managed Access (UMA) working group. The work incubated in UMA illustrates how the Kantara Initiative fosters innovation, interoperability, and community. This group is developing specifications that empower an individual to control the authorization of data sharing and service access made between online services on an individual’s behalf, thereby allowing for permissioned data sharing even if the user’s entire set of data is hosted on many different servers.

To foster the adoption and building of a modular solution, the group is profiling and extending OAuth-related specifications already under development at the IETF (the ultimate destination identified for UMA specifications) while attracting participation from a wide variety of stakeholders who might normally have difficulty participating in such an effort were a membership fee required. One of the group’s goals is to facilitate multiple interoperable implementations, and it has worked with Kantara leadership to develop a bounty programme for attracting development interest in a UMA protocol validator.

With work like this under its umbrella, the Kantara Initiative has moved from concept to fully functioning reality with broad global support across all sectors of the identity ecosystem. And with a growing membership-including additions such as Neustar, PayPal, NTT, Danish National IT, Deutsche Telekom, and the government of Canada-the organization is healthy and beginning to hit its stride. Participation is key to the success of the mission, and with stakeholders easily able to sit at the table, the organization will surely realize its full potential.

To learn more and join the discussion, visit

This article was posted on 20 January 2010 .


Full Caption Text:
Image 1: IETF Scale model of Hiroshima city flattened after the detonation of the A-bomb. The red ball depicts the explosion point.  Image 2: IETF Model of the Hiroshima Peace Memorial at the Hiroshima Peace Museum.  Image 3: The A-Bomb Dome, which survived the A-bomb blast, is part of Hiroshimi Peace Memorial Park in Hiroshima, Japan.