Reports & Recommendations

Kantara Initiative’s expert led, open and collaborative based Recommendations & Reports, Technology Specifications, Profiles, and Frameworks bring clarity to complex issues and help to drive industry innovations regarding trust in digital services.

Kantara Initiative is an ethics based, mission-led non-profit international consortium passionate about giving control of data back to people and improving trustworthy use of identity and personal data through innovation, standardization and good practice. Kantara’s Recommendations and Reports are produced by Kantara member and non member participant volunteers as a service to themselves and to the global community of stakeholders that support Kantara’s philosophy. N.B. Each document carries IPR and Copyright notices that apply to your use and management of these artefacts.

Are you interested in associating your corporate logo with these or forthcoming Reports and Recommendations to increase your product’s visibility, credibility and thought leadership? Sponsorship packages are on a first come first served basis. Contact us for details.

Do you want to ensure you have the latest versions (note UMA 2.0 comprises 2 specifications), join the Groups that developed them, or opt in to receive ‘Keeping up with Kantara’ news emailer, please Contact us putting the title of your request into the Subject field.

Kantara Initiative Recommendations

Title
User Managed Access
Final Recommendation Approved by All Member Ballot Kantara Initiative Recommendations Link
User-Managed Access (UMA) 2.0 Grant for OAuth 2.0 Authorization
Editor: Eve Maler, ForgeRock Status: This technical specification is a Recommendation produced by the User-Managed Access Work Group and approved by the Membership of the Kantara Initiative according to its Operating Procedures. Abstract: This specification defines a means for a client, representing a requesting party, to use a permission ticket to request an OAuth 2.0 access token to gain access to a protected resource asynchronously from the time a resource owner authorizes access. Kantara Initiative Recommendations 2.0 Download
SAML V2.0 Implementation Profile for Federation Interoperability/a>
This document encompasses a set of software conformance requirements intended to facilitate interoperability within the context of full mesh identity federations, such as those found in the research and education sector. It attempts to address a number of common barriers to interoperability and details features that are necessary in order to use SAML metadata as a foundation for scalable trust fabrics. It supercedes the eGovernment Implementation Profile V2.0bis from June 2011. Kantara Initiative Recommendations 1.0 Download
Identity Assurance Framework (IAF)
The Kantara Identity Assurance Framework is a set of controlling documentation. Documents may evolve independently. Kantara Initiative Recommendations Link
Federation Operator Guidelines V1.0/a>
This document is a Kantara Initiative Recommendation, created by the IAWG WG (see section 3.8 of the Kantara Initiative Operating Procedures) Kantara Initiative Recommendations 1.0 Download
Federated Authorization for User-Managed Access (UMA) 2.0/a>
Editor: Eve Maler, ForgeRock Status: This technical specification is a Recommendation produced by the User-Managed Access Work Group and approved by the Membership of the Kantara Initiative according to its Operating Procedures. Abstract: This specification defines a means for an UMA-enabled authorization server and resource server to be loosely coupled, or federated, in a secure and authorized resource owner context. Kantara Initiative Recommendations 2.0 Download
Consent Receipt Specification
Editors: Mark Lizar, David Turner Status: This document is a Kantara Initiative Technical Specification Recommendation produced by the Consent & Information Sharing Work Group, and has been approved by the Group. The Public Comment and Intellectual Property Rights Review has been completed. It has been approved by the Membership of the Kantara Initiative. See the Kantara Initiative Operating Procedures for more information. Abstract: A Consent Receipt is record of authority granted by a Personally Identifiable Information (PII) Principal to a PII Controller for processing of the Principal’s PII. The record of consent is human-readable and can be represented as standard JSON. This specification defines the requirements for the creation of a consent record and the provision of a human-readable receipt. The standard includes requirements for links to existing privacy notices & policies as well as a description of what information has been or will be collected, the purposes for that collection as well as relevant information about how that information will be used or disclosed. This specification is based on current privacy and data protection principles as set out in various data protection laws, regulations and international standards. Kantara Initiative Recommendations 1.1.0 Download

    Kantara Initiative Reports

    Title
    User Managed Access
    Final Recommendation Approved by All Member Ballot Kantara Initiative Recommendations Link
    User-Managed Access (UMA) 2.0 Grant for OAuth 2.0 Authorization
    Editor: Eve Maler, ForgeRock Status: This technical specification is a Recommendation produced by the User-Managed Access Work Group and approved by the Membership of the Kantara Initiative according to its Operating Procedures. Abstract: This specification defines a means for a client, representing a requesting party, to use a permission ticket to request an OAuth 2.0 access token to gain access to a protected resource asynchronously from the time a resource owner authorizes access. Kantara Initiative Recommendations 2.0 Download
    SAML V2.0 Implementation Profile for Federation Interoperability/a>
    This document encompasses a set of software conformance requirements intended to facilitate interoperability within the context of full mesh identity federations, such as those found in the research and education sector. It attempts to address a number of common barriers to interoperability and details features that are necessary in order to use SAML metadata as a foundation for scalable trust fabrics. It supercedes the eGovernment Implementation Profile V2.0bis from June 2011. Kantara Initiative Recommendations 1.0 Download
    Identity Assurance Framework (IAF)
    The Kantara Identity Assurance Framework is a set of controlling documentation. Documents may evolve independently. Kantara Initiative Recommendations Link
    Federation Operator Guidelines V1.0/a>
    This document is a Kantara Initiative Recommendation, created by the IAWG WG (see section 3.8 of the Kantara Initiative Operating Procedures) Kantara Initiative Recommendations 1.0 Download
    Federated Authorization for User-Managed Access (UMA) 2.0/a>
    Editor: Eve Maler, ForgeRock Status: This technical specification is a Recommendation produced by the User-Managed Access Work Group and approved by the Membership of the Kantara Initiative according to its Operating Procedures. Abstract: This specification defines a means for an UMA-enabled authorization server and resource server to be loosely coupled, or federated, in a secure and authorized resource owner context. Kantara Initiative Recommendations 2.0 Download
    Consent Receipt Specification
    Editors: Mark Lizar, David Turner Status: This document is a Kantara Initiative Technical Specification Recommendation produced by the Consent & Information Sharing Work Group, and has been approved by the Group. The Public Comment and Intellectual Property Rights Review has been completed. It has been approved by the Membership of the Kantara Initiative. See the Kantara Initiative Operating Procedures for more information. Abstract: A Consent Receipt is record of authority granted by a Personally Identifiable Information (PII) Principal to a PII Controller for processing of the Principal’s PII. The record of consent is human-readable and can be represented as standard JSON. This specification defines the requirements for the creation of a consent record and the provision of a human-readable receipt. The standard includes requirements for links to existing privacy notices & policies as well as a description of what information has been or will be collected, the purposes for that collection as well as relevant information about how that information will be used or disclosed. This specification is based on current privacy and data protection principles as set out in various data protection laws, regulations and international standards. Kantara Initiative Recommendations 1.1.0 Download

       

      For Errata Repository, please visit Errata pages for Kantara Recommendations and Reports