David Goldstein - ID4me Developed For A Domain Name-Based Secure Login


    A secure identity online is extremely difficult to have these days. A multitude of usernames and passwords are not just insecure but extremely difficult for internet users to maintain and remember. And the common use of social media accounts to login to many websites is not without problems as it allows the social media provider, most commonly Facebook or Google, to track your online activities.

    So to help solve the problem, a consortium founded by Denic, the German ccTLD manager, 1&1 and Open-Xchange, have developed ID4me to allow one login ID for everything online. The service is promoted as an “open, federated protocol for digital identity management on the Internet” and is domain-based, using the Internet’s hierarchical naming system DNS as its underlying identifier technology.

    Using ID4me, the internet user has a universal digital identity for logging on to websites and other online services such as cloud services, portals and apps. And it helps promote the use of the domain name system (DNS) and domain names. Services using ID4me can be established that either provide identifiers inside their own domain names, thus promoting their brand in the customer’s online identity and gaining some degree of lock-in, or they could sell users a personal domain name, thus creating a new revenue stream.

    A user that owns an ID4me identifier can use it to log into any website or online service supporting ID4me, even without prior registration on first access to that service. The service can request access to the user’s personal information as per their profile. If the user consents, the requested information will be made available to the service, which can thus automatically create a local account or profile for the user associated to their ID4me identifier.

    Like email and other public Internet standards, but unlike any existing global single sign-on system, the ID4me service is federated, meaning that multiple interoperable providers of identifiers can exist, including personal providers self-hosted by their users, and that all of them are intrinsically supported by any online service implementing the ID4me standard. Users are free to pick any provider and (if they control the domain name that the identifier is in) to move their identifier to a different one whenever they want, simply by changing a record in the domain name’s zone.

    ID4me is, in itself, described as a “weak” identity standard. The purpose is to ensure that the user of a given identifier is always the same that initially acquired that identifier at registration. Accordingly, there is no authentication of the user’s identity, and their personal information is entirely self-declared, as it currently happens for most online registration systems. Users can have multiple identities (personal, business and so on). The standard may however be extended to support third-party validation of the user’s personal information and thus provide stronger proof of the user’s real world identity.

    To foster adoption and remove barriers to market entry, ID4me builds on public and open standards (OpenID Connect and DNSSEC) and releases all its specifications as open, royalty-free standards, submitting them to the appropriate Internet standardisation bodies. Entities already running single sign-on systems based on OpenID Connect should be able to extend them to provide ID4me identifiers quite easily.

    Since launching its prototype in early 2018, further members and supporters including connect2id, the Domain Name Association, dotBerlin, the Internet Infrastructure Coalition (i2Coalition), Merge Conference, Nominet, Univention and XignSys have joined the initiative.