Kantara Initiative is out with a new version of its user data access specs

While the upcoming General Data Protection Regulation (GDPR) is the largest and best-known effort to guard personal data, it’s not the first.

Founded in 2009 and based in Wakefield, Massachusetts, the Kantara Initiative is one of the other efforts. It’s a non-profit global consortium of about 70 companies that is designed to improve the trustworthy use of identity and personal data through specifications for software makers.

Toward that aim, the Initiative has recently released version 2.0 of its User-Managed Access (UMA) tech specs, replacing the 1.0 version approved in 2013. It is intended to provide a protocol for how an individual’s personal data can be accessed, wherever it lives.

Executive Director Colin Wallis told me that the new version simplifies the previous protocol and aligns it more closely with OAuth than version 1.0 did. OAuth, or Open Authorization, is an open standard for authorization to personal data, such as granting a website access to the list of your friends on Facebook without you having to enter your login credentials.

Version 2.0 also makes it easier for individuals to share their individual personal data — such as personal attributes, device data or a document — with multiple parties, without having to immediately consent to other uses. And it provides ways to authorize the sharing of personal data across Internet of Things devices without having a continual connection to an authorization server.

While GDPR is a European Union governmental regulation, Wallis noted, UMA 2.0 is a spec for building software products. Although Kantara’s protocols conform to GDPR, they relate to only some of that regulation’s envisioned scenaria.

Among other protocols, the group has also released a Consent Receipt spec that indicates what kind of confirmation a user might receive indicating they have actually given consent for the use of their personal data. The Initiative has also started a working group for ways to bring best practices to the management of consent, and it has an Identity Assurance Trust Framework Provider program for accrediting credential service providers.

About The Author

Barry Levine

Barry Levine covers marketing technology for Third Door Media. Previously, he covered this space as a Senior Writer for VentureBeat, and he has written about these and other tech subjects for such publications as CMSWire and NewsFactor. He founded and led the web site/unit at PBS station Thirteen/WNET; worked as an online Senior Producer/writer for Viacom; created a successful interactive game, PLAY IT BY EAR: The First CD Game; founded and led an independent film showcase, CENTER SCREEN, based at Harvard and M.I.T.; and served over five years as a consultant to the M.I.T. Media Lab. You can find him at LinkedIn, and on Twitter at xBarryLevine.