Kantara Registry with API for Trusted Identifiers

The website demonstrates a registry of credentials for mobile phone applications and developers that conform to the evolving draft specification for a Mobile Authentication Assurance Statement. These credentials can be used to allow relying parties in healthcare (and other) communities to determine if the application on the user's phone can be trusted using a simple API call to the Registry. Once this concept is widely adopted, trust can be bootstrapped from a collection of trusted applications into a framework of trust actors across the web. Users will also need to know the identity and trustworthiness of the application running on the web before they agree to share data, that problem is not addressed on this site.

While stand-alone healthcare apps are the primary use case considered here, another would be the use of a Mobile Driver's License in Healthcare as well as any State Issued ID for Healthcare (for example a Medicaid card) is accepted with high assurance for patient verification.

High Level Goals
To put the user in control with:
  • Control of release or sharing of data.
  • Security, especially from breaches.
  • Notice and redress of discrepancies.
  • Good User Experience so they know what to expect.
  • High availability wherever and whenever it is needed.
For the relying party web site
  • User Retention and low user maintenance costs.
  • Interoperability with other sites and methods
  • Proof of Compliance with all regulations.
For the app developer
  • Clear, measurable acceptance criteria.
  • Multiple sources of certification.
  • Improved traction, retention and acceptance of your app.

Check out the Identity Principles on the Principles page.

Problems Addressed
  • Users want to know if applications can be trusted with some of their most private information.
  • Relying parties want to be able to prove that they have exercised due diligence before they release or change user private information.
  • App developers and relying parties need a simple means to assure that apps certified can be immediately accepted at any provider.
  • App developers want to be able to choose their delivery platform between native and web apps.

This soluition draws together discussion drafts published by Kantara, collaborator’s web sites and working papers from the IDESG wiki on the National Strategy for Trusted Identities in Cyberspace. In it Verifiable Credentials in W3C format, certificates that conform to existing X.509 standards and other places are all combined in the phone to establish user identification as well as high assurance authentication. Follow the development of these ideas on the Certification page.