In Europe and Japan, a human-centric identity movement was growing. Kantara became its institutional backbone. They created a working group on Consent Receipts —a machine-readable record of exactly what data you let a company use, for how long, and for what purpose. It turned the GDPR’s abstract “right to consent” into a working protocol.
A Trust Framework acts as a rulebook for a specific ecosystem. It defines the rights and responsibilities of all parties involved—the identity provider, the relying party (the service being accessed), and the user. Kantara operates the Kantara Trust Mark, a certification program that assesses organizations against these frameworks. When a user sees a Kantara Trust Mark, they can be confident that the service adheres to strict privacy and security protocols, regardless of the technology stack behind it.
Imagine you’re a medieval traveler. You arrive at a city gate. The guard asks, “Who are you?” You can’t just claim to be a knight. You need a letter of provenance from a lord the guard recognizes, or a coin minted by a trusted city.