Assurance Review Board

The Assurance Review Board (ARB) is the operational authoritative body of the Kantara Identity Assurance Framework (KIAF). The ARB is responsible for the day-to-day management and operation of the KIAF. Its principal functions are the accepting and reviewing of applications for Approval and for Accreditation. The ARB multistakeholder membership maintain confidentiality and impartiality throughout the lifecycle of the evaluation process and subject to NDA and recusal policies in the case of conflict of interest. Learn more: ARB Charter


(ARB Chair) Leif Johansson, Advisor, Office of the CEO SUNET – Leif Johansson leads the Kantara Initiative Assurance Review Board. His day job is spent working on identity management, strategy and business development for SUNET and various identity federations including He is actively engaged in several organizations that work for the good of the Internet including IETF, Kantara Initiative & OASIS. He serves on the board of directors for Netnod – the operator of i-root and the leading IX in northern Europe.


Richard Trevorah, Technical Manager for tScheme Limited – gained his degree in ‘Computing Science’ in 1978 and has worked for nearly forty years in the IT industry. Richard currently works as an independent consultant – primarily with tScheme but also in the payments industry and, more generally, advising on electronic signatures. Through tScheme, Richard has worked with a number of UK Government departments on Identity Management projects and, in particular, is working with GDS on establishing the standards & certification processes within the Identity Assurance program. Richard was also involved in the International Collaborative Identity Management Forum, an initiative of the Aerospace & Defence industries, to try and establish a reference standard for employee authentication that can be used as a baseline in sensitive, multi-national projects. He also helped define and support the trust mechanism to be used by the European Payments Council to support electronic mandates across the Single European Payments Area.



James Bryce Clark is a senior executive and General Counsel of OASIS.

He is an information technology and corporate attorney who began his practice as a restructuring lawyer on Wall Street in New York. Jamie represented banks and high technology companies in finance and corporate transactions; while a practicing attorney, he served two terms as chair of the ABA’s original subcommittee on electronic commerce, and was a co-editor of the business process standards for the ebXML project (ISO 15000) and chairman of its coordinating committee. Before OASIS, he was the general counsel of a healthcare e-commerce privacy & security company, and a corporate partner in a Los Angeles law firm. He continues to act of counsel to a Los Angeles trnsactional boutique law practice. Jamie served as a US delegate to the e-commerce working group of the United Nations Commission on International Trade Law (UNCITRAL) and is a member of advisory committees for the Kantara Initiative and the W3C.


Incommon/Internet 2

Tom Barton is retired from the University of Chicago, where he was Chief Information Security Officer and Senior Director for Architecture, Integration, and Security. He continues as a contractor for Internet2 working in the intersection of federation, research enablement, and security. He had a prior role at the University of Memphis as Director of IT Infrastructure, and was originally a member of the mathematics faculty there before turning to administration. He’s a member of the Internet2/InCommon CTAB governance group, chairs the REFEDS Sirtfi Working Group, and created and formerly led the Internet2 Grouper project.


Auditor representative


Name withheld by request

NIST representative


Name withheld by request