ForgeRock Joins Key Industry and Government Leaders in Launching New Kantara Initiative Work Group to Foster Global Adoption of the User-Managed Access (UMA) Standard

Coalition Boosts Open-Source Developer Toolkits for Web Applications and the Internet of Things to Advance Consumer Digital Consent and Privacy

SAN FRANCISCO – July 29, 2015 – ForgeRock®, the leading open platform provider of identity management solutions, today announced a new digital consent and privacy initiative, led alongside other open-source technology companies and experts, to accelerate developer adoption of the User-Managed Access (UMA) standard. ForgeRock will help spearhead the new Kantara Initiative UMA Developer Resources Work Group (UMA Dev WG) to release new open-source UMA implementation toolkits for web applications and the Internet of Things (IoT).


UMA, launched by the Kantara Initiative in 2009, is an OAuth-based protocol that gives a web user a unified control point for authorizing who and what can get access to their online personal data. The UMA standard has already received support from major government and healthcare organizations such as the Government of New Zealand and Philips. ForgeRock’s forthcoming addition of OpenUMA support to the ForgeRock Identity Platform™ is designed to help deliver “Consent 2.0” experiences to customers and citizens who are increasingly more concerned about their ability to manage their digital privacy. According to recent Pew Research, 91 percent of Americans agree or strongly agree that consumers have lost control over collection and use of personal information.


“At Philips, we're on a mission to improve people’s lives and to empower people to take better care of themselves and others. With the rise of cloud-based data, health and wellness apps and consumer sensors, it's important to be able to share all those sources of data with family members, health professionals and others under close personal control,” said Jeroen Tas, CEO, Healthcare Informatics Solutions and Services, Philips. “With OpenUMA, we are able to design innovative data-sharing and consent technologies into our HealthSuite Digital Platform that make it possible to foster consumer and patient trust.”


The UMA standard enables both consumer privacy scenarios and next-generation business authorization scenarios. For example, instead of making copies of a child’s healthcare records at the beginning of the school year and walking it into the school office where it will be “filed,” a parent could give the school access to the online record for one week at the start of the school year. Once the school confirms the child’s health status and vaccinations, access to the digital record can be revoked, eliminating the need to duplicate personal healthcare records and maintaining privacy. In a similar fashion, financial records can be shared with tax accountants and loan officers and healthcare records can be shared with medical specialists. With UMA, individuals can grant access to digital records on a need-to-know basis and for only an appropriate length of time.


"Serving the needs of citizens in New Zealand in an efficient, privacy-preserving way calls for a customer-centric approach to access control and the tools to match. For example, students might want to share authoritative records of achievement with career advisors and potential employers. We are therefore currently undertaking a proof of concept to explore UMA as a scalable standard that can help citizens interact with government more efficiently and conveniently," said Stuart Wakefield, CIO, Ministry of Education, New Zealand.


The new Kantara Initiative Work Group will provide free and open-source software for developers incorporating UMA enablement and protection into applications, services and devices. The software, which will be available in languages such as Java, C++ and Python, will make it easy to add interoperable authorization, access control, privacy and consent features to application ecosystems.


Eve Maler, ForgeRock’s vice president of innovation and emerging technology, said, “As organizations collect more and more user information in order to deliver more personalized experiences to consumers, failing to offer those consumers a way to actually manage that personal information themselves is a privacy time-bomb. As a leader in the adoption of open identity standards, ForgeRock believes UMA is the right solution to apply before the problem explodes.”


“Kantara Initiative connects leaders from industry and governments to provide strategic vision and real-world innovation for the digital identity transformation. Kantara Board Member ForgeRock has played a critical role in driving innovations at Kantara Initiative, such as UMA,” said Joni Brennan, Kantara Initiative Executive Director.


Supporting Resources

ForgeRock OpenUMA (

ForgeRock Blog on UMA (

ForgeRock Identity Platform (

ForgeRock Customers (

ForgeRock on Twitter (

ForgeRock on Facebook (
About ForgeRock
The ForgeRock Identity Platform™ transforms the way millions of customers and citizens interact with businesses and governments online, providing better security, building relationships, and enabling new cloud, mobile, and IoT offerings from any device or connected thing. ForgeRock serves hundreds of brands like Morningstar, Vodafone, GEICO, TomTom, and Pearson, as well as governments like Norway, Canada, and Belgium, among many others. Headquartered in San Francisco, California, ForgeRock has offices in London, Bristol, Grenoble, Oslo, Singapore, and Vancouver, Washington. ForgeRock is privately held, backed by leading global venture capital firms Accel Partners, Foundation Capital, and Meritech Capital. For more information and free downloads, visit or follow ForgeRock on Twitter at


# # #
Press Contact
Travis Anderson
10Fold for ForgeRock
(925) 271-8227

[email protected]