OX Blog

ID4me – a global open standard for every user’s digital Identity

Written by The Editorial Team | Jul 25, 2018

Many users are tired of remembering hundreds of usernames and passwords. Only a short percentage of users is changing their passwords on a regular base. And when choosing a password „easy to remember“ usually beats „secure, unique and complex“. Forcing users to do so often results in storing the login credentials in the browser. Some systems force their users to change the password on a regular base, resulting in frustrated users or employees. There is already a new expression describing the problem, it is called „password overload“.

Today in the U.S. alone the average email address is associated with 130 accounts according to digitalguardian’s recent research.(1) Dashlane estimates the average number of accounts per user will be 207 in 2020.(2)

The Single-Sign-on Technology offers a convenient way fort he user to login with one Login and password for everything.  In particular the Single-Sign-Ons (SSO) of Social Media Giants are widespread. Using a Social Media Login saves users annoying registration procedures or just another login to remember. But then those Tech Giants do not rate that great when it comes to security and users privacy management.

So how can the 4,1 billion global Internet users have a secure but as well convenient login process across the portals when managing between 100 and 200 accounts without using their Social Media Logins?

There is obviously a strong need for a universal digital identity providing login and data access. The process should be fast without any complex passwords to be remembered. More and more data security and data privacy is gaining importance not only in Europe. But there is no SSO standard yet respecting users data privacy.

There is a bright future for open Single-Sing-On technologies respecting users privacy. That means the user decides whom to provide access to his data and is able to take away this consent at anytime.

The Solution: ID4me universal digital Identity-Management

Except for ID4me there is no public, open, federated, privacy-friendly, user-centered Identity Management Standard yet.

ID4me AISBL is an open group of Internet service providers, software developers and other entities that care about the future of the Internet and want to defend its distributed and federated architecture for what relates to Digital Identities.

The initiative’s mission is to provide end users with open and internationally available Identity Services, adhering to security and data protection standards, which foster user choice and avoid identity lock-ins.

To do so, ID4me strives to set up an open federation of Identity providers which are committing to an open, transparent and binding policy framework around the ID4me Standard. Leveraging on this framework ID4me will be able to enforce and to be held accountable to its mission.

To foster adoption and remove barriers to market entry, ID4me builds on public and open standards (OpenID Connect and DNSSEC) and releases all its specifications as open, royalty-free standards, submitting them to the appropriate Internet standardization bodies.

Entities already running single sign-on systems based on OpenID Connect should be able to extend them to provide ID4me identifiers quite easily.

ID4me – what makes the difference?

First and foremost ID4me differentiates through the Governance. ID4me is a non profit federated initiative created by an open group of Internet service providers, software developers and other entities that care about the future of the Internet and want to defend its distributed and federated architecture for what relates to digital identities.

Everybody is invited to join the initiative creating a federated back-end for Identity Management. The ID4me documentation and Sandbox are public: https://id4me.org/documents

What makes ID4me unique is the users choice of his ID4me provider and the separation of roles between authentication and the users data management.

An important competitive advantage is the separation of roles between authentication, which is similar to the password check, and the management of the users data. The separation of roles is already provided in the OpenID Connect Standard, but so far is only used by ID4me. 

The ID4me Standard provides two roles, called the Identity Agent and the Identity Authority to ensure this security-related separation of powers.

The Identity Authority is responsible for the authentication. The users data however is managed by the so called Identity Agent.

DNS (DNSSEC) hostname e.g. id4me.org is chosen as ID4me identifier by the Identity Authority. The Identifier is a Domain-name and the identification takes place in the DNS (DNSSEC). DNS as the Internets public directory for people and services has already been established as global standard and has a proven track record to scale. A special DNS entry enables the Identity Agent, which manages the user data, to be located transparently. Based on the discovery functionality it is possible to see who is responsible for the administration of the ID4me user data.

This transparent discovery, in turn, enables the portability of the ID4me Digital Identity. As a result, each user has the free choice of Identity agent and can change it at any time.

That is unique among the Single-Sign-Ons. Social Media Logins for example do not provide a discovery functionality. If a user no longer wants to use Facebook, they will not be able to move their Facebook login to another provider.

Users can pick and choose who manages their identity („Identity Agent“). That could be a registrar, a telco or any trusted portal the user chooses to manage his Digital Identity.

Opportunity for the Hosting Industry to create a global Standard

The reason registrars are already ID4me members or supporting ID4me is because they want to provide a crucial value-added service to their customers by managing their customers’ Online Identity. That opens as well business opportunities like selling more personal domains and upsell add-on products like SSL. But there is much more: A domain-based Identity will strengthen domains position as the Internets Public Directory for People and Services.

DNS – with DNSSEC – should continue to be the Internet’s public directory, also for people and their services.

Who supports ID4me already?

ID4me founding members are 1&1, DENIC and Open-Xchange. The number of members and supporters includes DomainNameAssociation, DotBerlin, i2coalition, Nominet, Univention and more.

Be part of an initiative to support an open Internet and help to defend the Internets distributed and federated architecture for what relates to Digital Identities.

How can you join?

Everybody who likes to engage, is welcome to join the ID4me working groups Adoption, Governance and Technology and/or become a member: http://id4me.org/engage

Want to learn more about ID4me? Please register for the first ID4me Summit taking place on August 14, 2018 in Frankfurt, Germany. Please RSVP until August 10, 2018 at info(at)id4me.org and meet with the supporters and members of ID4me.

Sources:

(1)    https://digitalguardian.com/blog/uncovering-password-habits-are-users-password-security-habits-improving-infographic

(2)    https://blog.dashlane.com/infographic-online-overload-its-worse-than-you-thought/