Service Provider Approval

Kantara Initiative grants Approval for services which have been found to be conformant to a set of Kantara-defined criteria typically specific to a particular standard or specification, such as NIST SP 800-63-3, for which a Service Provider seeks a third-party assessment of their conformity. In the case of NIST SP 800-63-3 for example, Kantara’s criteria focus on the operation of identity proofing, credential management and federated assertion functions at given levels of assurance. The Kantara service assessment criteria address the technical functionality of the target service, the service provider’s bona fides and the applicable information security management practices.

High Level View of the Kantara Service Provider Approval

The process shown below applies to Credential Service Providers seeking to gain Kantara Service Approval

1. Design & Build The Identity Service

which includes policy practice and technologies. Might be in development, implementation or full operation. May or may not initially conform to the Kantara Identity Assurance Framework (IAF) requirements, specifically the Service Assessment Criteria.

2. Read

Classes of Approval; Service Approval Handbook

3. Contact Kantara & Become a Kantara Member

Join Kantara

4. Complete the implementation of the Identity Service

in a way that meets the requirements of the Kantara IAF.

5. Initial Application

The Applicants shall submit an Initial Application Package essentially to introduce themselves and their service to Kantara, defining the scope and nature of their service, including which Service Assessment Criteria (SAC) and specific criteria therein they believe are applicable to their service.

Application for Service Approval (ASA);
Specification of a Service Subject to Assessment (S3A);
Statement of Criteria Applicability (SoCA)

Please see: Application Package – Service Approval

6. Be Assessed & Address Findings

Assurance Review Board accepts the initial application and applicant selects and engages a Kantara Accredited Assessor.
Accredited Assessor conducts assessment relative to appropriate Service Assessment Criteria and produces a Kantara Assessor Report (KAR) and Statement of Conformity (SoC).
Applicant works with the Assessor to address non-conforming service areas (if any).

7. Submit the approval package

Submit the Kantara Assessor Report, SoC, S3A, ASA

8. Kantara Evaluation & Decision

Assurance Review Board (ARB) evaluates material, seeking clarification if needed.
ARB makes a recommendation to the Kantara Board of Directors (KIBoD) to Approve License Grant, Approve License Grant with Conditions or Deny License Grant.
KIBoD ratifies ARB approval.

9. Trust Mark

If Approved, the Applicant enters the process to formalize the Grant of License to use the Kantara Initiative Identity Assurance Framework Trust Mark. A grant of Approval is valid for three years, with Annual Conformity Reviews taking place in the two intervening years.

More Information:

One-pager – High Level Description of the Kantara Initiative Identity Assurance Framework
Review Kantara Identity Assurance Framework Controlling Documents
Kantara Trust Status List – List of Kantara Approved CSPs and Accredited Assessors
Spotlights – Approved CSPs and Accredited Assessors Spotlights