Privacy Policy

Origin and Context

This site was originally developed and maintained by the Identity Ecosystem Steering Group, Inc. (IDESG at with the support of the National Strategy for Trusted Identities in Cyberspace (NSTIC) National Institute of Standards and Technology (NIST). The views expressed do not necessarily reflect the official policies of the NSTIC or NIST; nor does mention of trade names, commercial practices, or organizations imply endorsement by the U.S. Government.

The National Strategy for Trusted Identities in Cyberspace (“NSTIC” or “Strategy”), signed by President Obama in April 2011, acknowledged and addressed a major weakness in cyberspace – a lack of confidence and assurance that people, organizations, and businesses are who they say they are online. The NSTIC called for the establishment of a private sector-led Identity Ecosystem Steering Group (IDESG) to administer the development and adoption of the Identity Ecosystem Framework. The IDESG received its authority to operate from the active participation of its membership in accordance with the Rules of Association (ROA). TFS was selected as the Secretariat to serve as the administrative arm of the IDESG.

As of June 25, 2018, Kantara Initiative and the Identity Ecosystem Steering Group (IDESG) jointly announced that Kantara would take on the work artifacts, current workstreams, committees and membership of the IDESG*. The work of IDESG will continue to be operated by the Kantara Initiative with the IDESG brand retained for selected US facing activities.

Kantara, and the newly formed IDEF working group committee at Kantara, value privacy, and we want you (“user”, “you”) to have the information you need to make your own decisions about your privacy.

This Privacy Policy (“Policy”) describes how we collect, use, share, and protect information about you, as well as the choices you may make about how we use this information.

Our Policy applies to:

  1. All individuals who provide information, such as individuals, individual member, member representatives, alternate member representatives or member associates of entities that provide information to the Registry.
  2. All methods of contact such as the Internet, including through our website, (“site”), direct mail, e-mail, fax, telephone, mobile, and other emerging technologies and methods.

This site contains links to other sites. Unless specifically stated otherwise, the collection and use of your personal information at other sites linked to from the site are not governed by this Policy.

We are in compliance with the requirements of COPPA (Children’s Online Privacy Protection Act). We do not knowingly collect any information from anyone under 13 years of age. Our site and services are all directed to people who are at least 13 years old.

Please read the following to learn more about our Policy before providing us with any information. By accessing the site or providing any information, you agree to our use of that information consistent with the Policy. If you have questions about this Policy, please contact us.


We will only use and share your information as described in this Policy. We use the information we collect to carry out administrative functions and to manage our sites and services. We may share the information we collect about you and the information you provide to us to perform the services you request, register you with our site, enroll you in communications from us, analyze the use of our products and services, make your next visit to the site more personalized, and contact you regarding administrative issues. We will only use and share your information as described in this Policy.

We rely on third-party service providers to perform a variety of services on our behalf. In so doing, we may need to share your information with them. Please note that we only provide our service providers with the information they need to perform their services and we require that they protect this information and not use it for any other purpose. Specific information shared with service providers is detailed in the subsections below. Some of these third party providers may operate outside the United States and may be subject to laws or regulations of other countries or communities such as the EU.

As detailed in the subsections below, certain information and user-provided content is made publicly available in accordance with the “Openness and Transparency Operating Principle” of the IDESG and the work products as transferred to Kantara. Since this publicly available information may be accessed by search engine crawlers, other web robots, or retrieved by individuals and posted on other sites outside of our control such as, it may remain publicly available even if later removed from Kantara or IDESG sites and services.

We will never sell, trade, or otherwise transfer to outside parties your personal information, except in the following cases:

  • Third party service providers as described above.
  • When release is required to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety.
  • Any information will be released to the NSTIC National Program Office (NPO) at NIST upon request about past IDESG activities.

Membership Information

In order to become a member of the Kantara you are required to provide certain information about yourself and any other individuals associated with your organization who will be participating in the continued work at Kantara, including: name, e-mail address, mailing address, and phone number. Initial membership information is stored by our third party service providers including: Digital Ocean’s CiviCRM, Virtual Inc’s MS Office System, and Confluence / Altassian.

IDESG Website

This section pertains to the website, including the wiki, and any other paths within

Website User Accounts

Most content is viewable without creating a user account or logging in. In this case no information is collected about you.

Certain services or features, such as contributing user-provided content, or activities which require membership such as voting, require creating a website user account and logging in. Users login to wiki using federated identity management. User credentials (passwords) or hashes are not stored within wiki databases. Rather, users are redirected to the website of their chosen identity provider (“IdP”), where credentials are entered. Currently supported identity providers are: Google, Yahoo, and Janrain. Only a pseudonymous identifier and user attributes such as first name, last name, and email address are sent to These attributes are used to pre-populate corresponding fields when creating an IDESG website account, and may be changed during account creation or at any later time. Privacy policy and terms of use covering your relationship with your chosen IdP, storage of user credentials, disclosure of personal information by IdP, are between you and your chosen IdP and outside the scope of this Policy.

The table below lists information which may be collected as part of the IDESG website user account, and how that information is used or disclosed.

Field How set How used or disclosed
User ID Chosen by user during account setup. May be changed by user. May be publicly displayed with user contributions to the site, such as comments or page edits.
First, Last Namev Set by userv Not publicly displayed unless allowed by the user on a case-by-case basis, such as when joining a webinar.
User Picturev (Optionally) uploaded by userv May be publicly displayed with user contributions to the site, such as comments or page edits.v
Email Address Chosen by user during account setup. May be changed by user. Web services may send emails to this address. Not displayed publicly.
Timezone Set by user Used to convert displayed times displayed to the user. Not displayed publicly.
User Preferences These are settings which adapt the behavior of the website based on user choices. Set by user Not displayed publicly.


User-Provided Content

Numerous means of contributing content to the website are available, including but not limited to: participating in online discussion forums, creating or modifying web pages associated with Kantara IDEF working group committees, commenting on existing website content, uploading documents, creating calendar events, creating or modifying wiki pages. It should be understood that all such content is deemed to be published by the sender and made public without condition, in most cases labeled with your User ID and possibly with your User Picture. Any disclaimers that may be attached to said content that describe it as private or non-redistributable are self-contradictory and thus null and void. The Kantara is not responsible for removing or otherwise concealing your communication after you cause it to become public.

Automatically Collected Information

As with any website, the Kantara website and IDESG Wiki maintain logs of access to pages and resources, as well as administrative logs when certain user actions occur. Examples of information collected include the path to the requested page or resource, your IP address, the date/time of the request, and the user-agent header string sent by your browser. This information is collected primarily to facilitate investigation in the event of suspected problems with the site or services. This information is accessible only to website administrators.


A “cookie” is a small piece of information which a web site can send to your computer along with a web page. The Kantara website and IDESG wiki uses cookies in the following manner:

  • Login process. If you choose to login to our site, temporary (session) cookies are used during the federated login process, to facilitate single sign-on between the primary website and the wiki, and to maintain login sessions. These cookies do not contain personal information and are deleted from your computer upon closing your browser.
  • Site usability. We also use session cookies to improve how you navigate through and interact with the site.

This Policy does not cover the use of cookies by other sites, including sites linked to from the Kantara website and the IDESG Wiki, or sites of third party service providers such as identify providers (IdPs). Please reference the privacy policies of these external sites for information about their use of cookies.


We operate a number of mailing lists in Kantara ( to facilitate communication among IDESG members and participants. These mailing lists are implemented using Mailman software (

You can view archives of these mailing lists without subscribing or providing any information.

You can subscribe to these lists, meaning that messages posted to the list in the future will be emailed to you. In order to subscribe, you must provide an email address, and may optionally provide additional information. You must also either choose a password or allow a password to be generated for you. The password allows you to choose certain options controlling the behavior of your subscription to the mailing list. Your mailing list credentials (email address and password) are maintained and stored on Ditigal Ocean Hosting servers, distinct from the Kantara website. Once you subscribe to a mailing list, by default your email address will be listed on a subscriber list visible to all other subscribers. It is possible to subscribe but prevent your email address from being listed by altering the aforementioned options.

We reserve the right to remove your subscription at our sole discretion. In addition, if you are an Kantara member, or participating in the Kantara on behalf of a member organization, we reserve the right to automatically subscribe you to certain mailing list(s) in the interest of supporting Kantara administration and mission.

If you choose to post a message to a mailing list, the full message, including your email address, is sent to all subscribers and is also available publicly in mailing list archives.


In order to support IDEF Registry administration and mission, we send periodic email communications to Kantara members and/or IDESG Wiki website users. If you do not wish to receive such emails, you have the option to deactivate your account by contacting us. However, such action may result in the cancellation of your membership status in Kantara.


We take steps to make sure your personal information is accurately maintained. You may view the information you provided to us to make corrections or modify it at any time. If you wish to view or change the information you have provided to us, or request that we no longer use your information to provide you services, you may contact us.


If you have concerns about this Policy, its implementation, or other related inquiries or concerns, please contact us at Any improper collection or misuse of information in violation of this Policy or should reported by e-mail to The IDESG takes seriously any reported violations, and will investigate and correct any such violations.


The IDESG will take reasonable measures to secure the personal information users provide to us. We have implemented reasonable information security policies, rules and technical measures to protect the personal information we have under our control from unauthorized access, improper use or disclosure, unauthorized modification, and unlawful destruction or accidental loss.

All our employees, contractors and data processors who have access to, and are associated with the processing of your personal information, are obligated to keep the information confidential and not use it for any other purpose than to carry out the services they are performing for us.


Please also visit our Terms of Use section establishing the use, disclaimers, and limitations of liability governing the use of our website.

Privacy Statement Changes:

Due to the constantly changing nature of the Internet, we reserve the right to change, update or modify this statement at any time and will post any new privacy statement or related policy on the website. Minor changes to the statement or related policy may occur that will not affect our use of your information. When the privacy statement or related policy changes in a way that significantly affects the way we handle your personal information, we will not use the information we have previously gathered without notifying you and offering you a choice concerning any new uses of your information. We will post privacy statement and related policy changes on the web site in a timely manner. Any such change, update or modification will be effective immediately upon posting on the web site. Use of information that we gather will be subject to the privacy statement and related policy in effect at the time of use.

This Policy was last modified on July 29, 2018.