Your Universal Digital Profile - Global open standard for ...€¦ · Open,global, federated...
Transcript of Your Universal Digital Profile - Global open standard for ...€¦ · Open,global, federated...
Your Universal Digital Profile -
Global open standard for every user’s digital identity
Universal Digital Profile
Agenda
ID4me Mission & Benefits
ID4me – Solution: How it works
ID4me today: Overview Members & Supporters
ID4me – how to engage
Open, global, federated standard for identities
Provide an open and internationally available SingleSignOn, adhering to security and data protection standards, which foster user choice and
avoid identity lock-ins.
Open federation of identity providers which are committing to an open, transparent and binding policy framework around the ID4me Standard
Strategic value for all players in the industry:
There is no public, open, federated, privacy-friendly, user-centered identity management standard yet.
Lack of proper, user-controlled authentication and identity management is the root of many abuse, security and usability issues.
Universal Digital Profile
DNS – with DNSSEC – should continue to be the Internet’s public directory, also for people and their services.
Existing SSO : SocialMedia Single Sign on
6
Not open. Not privacy friendly. No portability and choice for the user.
ID4me – What makes us different
Universal Digital Profile
ID4me – what makes us different
Open standard. Federated. Public. Full control on Data privacy.
Discovery functionality (DNS) → Portability → Choice of Provider.
Separation of roles between authorization (“identity authority”) and user data management (“identity agent”)
DNS (DNSSEC) hostname as ID4me identifier.DNS as the Internet’s public directory for people and services.
The users challenge
9
Today in the U.S. alone the average email address is associated with 130 accounts according to DigitalGuardian.*
* https://digitalguardian.com/blog/uncovering-password-habits-are-users-password-security-habits-improving-infographic
→ Strong need for universal identity providing login and data access.
ID4me – user benefits
Convenient: One ID for everything.
Privacy friendly: Full Data control.
More secure than existing solutions due to separation of roles.
→ Strong need for universal identity providing login and data access.
ID4me – How it works
ID4me – How it works
Based on OpenID Connect / Oauth 2.0 –certification in progress
Separation of roles between authorization (“identity authority”) and user data management (“identity agent”)
DNS (DNSSEC) hostname as ID4me identifier.DNS as the Internet’s public directory for people and services.
Universal Digital Profile
How ID4me differentiates
SSO
with
No discovery
but Customer
has to choose ID service
• Limitation of choice
• No standardization
• International footprint
controls offer
Web App
SSO
with
domain name
or
email Web App
Secure discovery of ID service
via DNSSEC
• No limitation of choice
• Open and standardized
• Compatible with existing systems
Universal Digital Profile
Universal Digital Profile
The roles in ID4me
Relying party
(any online service)
Identity
authority
User
Identity
agent
Personal information
Credentials and
consent
Keeps and verifies user credentials
Manages consent to data sharing
Provides service to user
Manages customer
Manages user data
Universal Digital Profile
ID4me – How does the user receive an ID4me identifier?
User Identity agent
TLD registry DNS
7. Provide identifier
2. Register
domain name
3. Set up
DNS records
4. Register identifier1. Acquire service
5. Verify
DNS records
6. Confirm identifier
8. Activate and set credentials
Any valid DNS hostname
(in a domain you can
access) can be your
ID4me identifier, e.g.
“user.open-xchange.net"
Identity
authority
Universal Digital Profile
ID4me – How to use it
User
DNS
Identity agent
Identity authority
Relying party
(any online service)
1. Provide identifier
2. Discover authority
and agent
3. Request
login
4. Enter password (or be
recognized by cookie)5. Login
OK
6. Request user data
7. Send user data8. Login completed
Universal Digital Profile
ID4me Sandbox at one glance
ID4me Documents & Sandbox https://id4me.org/documents
Gitlab Repository https://gitlab.com/ID4meSlack Channel https://ID4me.slack.com
Running EndpointsID4me Agent Dashboard https://identityagent.de/ID4me Authority Issuer https://auth.freedom-id.de/ID4me Authority Dashboard https://auth.freedom-id.de/dashboardACME directory at the Authority https://acme.freedom-id.de/directoryID4me Relying Party (OXAccount) https://hermes.open-xchange.com/ID4me DNS-based discovery https://lookup.freedom-id.de/
Launch
LaunchBeta
Overall Launch Strategy
Germany
Country 2
Country 3
Country …
Proof of Concept
Beta
MVP
LaunchBeta
LaunchBeta
Launch Phases
We are here
The login flow in action - Step 1
The login flow in action - Steps 2 & 3
Optional if you
already have an
open session
Optional if you
already provided
consent and marked
the checkbox
That‘s it!
My name has been
retrieved from my
identity kept by the
identity agent, and
passed on to the
relying party.
The relying party can
create an account
and populate it with
my information.
ID4me – Overview Members and Supporters
ID4me members & supporters
ID4me – How to engage
Become a member.
Subscribe to our mailing lists: https://id4me.org/engage
Join the ID4me Working Groups
Technical WG Governance WG Adoption WG
Vittorio Bertola
Head of Policy & Innovation
Open-Xchange
Katja Speck
General Manager
ID4me AISBL
Marcos Sanz
Head of Software
Engineering DENIC
Meet ID4me @ ICANN63 in Barcelona October 23, 2018
ID4me Workshop at 5:30pm – NamesCon Fiesta 7pmCor23 – The Gallery
Katja Speck
General Manager
www.ID4me.org
Vittorio Bertola
Chair Governance WG
www.ID4me.org