ID4me defines 3 essential roles in its Identity Ecosystem: Identity Agent, Identity Authority and Relying Party. Being an open and federated protocol ID4me enables everyone to fulfill one or several roles, according to the needs and use-cases of own users.
Each of the roles needs to implement a specific part of the protocol, therefore the resources have been organized into those 3 sections accordingly.
The Relying Party is a service that authenticates End-Users using the ID4me protocol. It redirects the End-User to its Identity Authority for authentication and contacts the Identity Agent to request identity data. If the End-User does not have an ID4me Identifier, it points the user to an Identity Agent (free choice whom to work with).
The Identity-Agent is in direct contact with the End-User. It provides a service to manage identities and identity data. This identity data is provided to Relying-Parties upon requests with valid access rights. It is also responsible for ID4me registrations and setting/changing the ID4me password, which is securely realized by redirecting to the Identity Authority.
The Identity-Authority is the neutral trust anchor that authenticates the End-User. It stores the corresponding password verifier for each ID4me Identifier and verifies ID4me registration requests from Identity Agents. It also provides a transfer mechanism for passing the right of the identity management for a given ID4me Identifier from one Identity Agent to another.