OpenID Foundation names Kantara as authorised auditor

The OpenID Foundation has signed a memorandum of understanding with the Kantara Initiative, naming Kantara an Authorised Auditor in its conformance testing programme. The move adds an independent oversight role.

Under the arrangement, Kantara will assess organisations applying to become Approved Testing Service Providers, the independent bodies that carry out conformance testing against the foundation's specifications. The assessments are intended to verify that applicants are legitimate and meet the foundation's testing service criteria.

The agreement formalises closer collaboration between two non-profit organisations focused on digital identity standards and trust frameworks. It also advances the OpenID Foundation's effort to build an independent conformance testing structure around its specifications, which are used across identity and authentication systems.

Authorised Auditors carry out due diligence on testing service applicants and conduct structured assessments using documented plans and checklists. The role sits above approved testing providers, which perform the actual conformance testing for organisations seeking evidence that their implementations match OpenID Foundation standards.

The added oversight comes as the foundation expands the roster of organisations involved in the programme. It has already identified an initial group of testing service providers that signed memoranda of understanding to collaborate in the forthcoming independent conformance test programme: BixeLab, FIDO Alliance, Fime, Raidiam and TrustID Solutions.

Gail Hodges, Executive Director of the OpenID Foundation, said: "As the conformance testing program grows, independent oversight will play a vital role. The Kantara Initiative shares our commitment to trustworthy digital identity, and this collaboration strengthens the foundation on which the whole ecosystem depends."

Audit role

Kantara's remit includes identity assurance, trust marks and governance work across several markets. Its members span multiple sectors and geographies, bringing experience in trust frameworks, assurance programmes and identity governance to the auditor role.

In the United Kingdom, the group is an ISO 17065-accredited certification body for the UK digital identity and attributes trust framework. It also conducts conformity assessments and grants trustmarks for the National Institute of Standards and Technology's SP 800-63 digital identity guidelines.

The two organisations will also continue working together on delivery of the OpenID Foundation's Conformity Assessment Tool. The tool is aimed at implementers that need evidence of conformance with the foundation's specifications and standards, alongside self-assessment and certification activity.

The broader market for digital identity assurance has grown more complex as governments, banks, technology groups and service providers look for ways to prove that products follow common standards. Independent testing and oversight have become more important as identity systems are deployed in regulated sectors and across borders.

Kantara's appointment suggests the foundation wants a more formal assurance structure as adoption of its standards widens. OpenID Connect is widely used in sign-in systems, while related standards in the OAuth family have become common in open banking and data-sharing schemes.

Eve Maler, Board Member at the Kantara Initiative, said: "I work closely with both Kantara Initiative and the OpenID Foundation. Kantara's deep expertise in measuring assurance in identity and authentication complements the Foundation's deep expertise in providing effective tools to implementers for self-assessing conformance. I'm excited that these organizations will collaborate in scaling trustworthy identity systems."