ID4me is a public, open, federated digital identity service that aims to provide two main functions:
- Authorization of a user for access to any third party accepting ID4me identifiers (“single sign-on” on an Internet scale);
- Controlled communication of the user’s personal information to the third parties accessed by the user.
The ID4me identifier, consisting of a valid DNS hostname (or, potentially, of an email address), would allow users to log into any online service via a single account, similarly to the OTT-run services, but would also allow users to choose the manager of their identifier among any number of compatible providers. A user that owns an ID4me identifier can use it to log into any website or online service supporting ID4me, even without prior registration; on first access to that service, the service can request access to the user’s personal information as entered by him into his profile; if the user consents to this access, the requested information will be made available to the service, which can thus automatically create a local account or profile for the user, associated to his ID4me identifier. Like email and other public Internet standards, but unlike any existing global single sign-on system, the ID4me service is federated, meaning that multiple interoperable providers of identifiers can exist, including personal providers self-hosted by their users, and that all of them are intrinsically supported by any online service implementing the ID4me standard. Users are free to pick any provider and (if they control the domain name that the identifier is in) to move their identifier to a different one whenever they want, simply by changing a record in the domain name’s zone. ID4me is, in itself, a “weak” identity standard; the purpose is to ensure that the user of a given identifier is always the same that initially acquired that identifier at registration. Accordingly, there is no authentication of the user’s identity, and his personal information is entirely self-declared, as it currently happens for most online registration systems. Also, users are free to have multiple identities (e.g. a personal one, a business one etc.). The standard may however be extended to support third-party validation of the user’s personal information and thus provide stronger proof of the user’s real world identity. To foster adoption and remove barriers to market entry, ID4me builds on public and open standards (OpenID Connect and DNSSEC) and releases all its specifications as open, royalty-free standards, submitting them to the appropriate Internet standardization bodies. Entities already running single sign-on systems based on OpenID Connect should be able to extend them to provide ID4me identifiers quite easily.
To learn more
Please read the following documents; the general overview is aimed at a non-technical audience, while the technical overview describes the technologies and mechanisms used by ID4me.