Your Universal Digital Profile -

Global open standard for every user’s digital identity

Universal Digital Profile

Agenda

ID4me Mission & Benefits

ID4me – Solution: How it works

ID4me today: Overview Members & Supporters

ID4me – how to engage

Open, global, federated standard for identities

Provide an open and internationally available SingleSignOn, adhering to security and data protection standards, which foster user choice and

avoid identity lock-ins.

Open federation of identity providers which are committing to an open, transparent and binding policy framework around the ID4me Standard

Strategic value for all players in the industry:

There is no public, open, federated, privacy-friendly, user-centered identity management standard yet.

Lack of proper, user-controlled authentication and identity management is the root of many abuse, security and usability issues.

Universal Digital Profile

DNS – with DNSSEC – should continue to be the Internet’s public directory, also for people and their services.

Existing SSO : SocialMedia Single Sign on

6

Not open. Not privacy friendly. No portability and choice for the user.

ID4me – What makes us different

Universal Digital Profile

ID4me – what makes us different

Open standard. Federated. Public. Full control on Data privacy.

Discovery functionality (DNS) → Portability → Choice of Provider.

Separation of roles between authorization (“identity authority”) and user data management (“identity agent”)

DNS (DNSSEC) hostname as ID4me identifier.DNS as the Internet’s public directory for people and services.

The users challenge

9

Today in the U.S. alone the average email address is associated with 130 accounts according to DigitalGuardian.*

* https://digitalguardian.com/blog/uncovering-password-habits-are-users-password-security-habits-improving-infographic

→ Strong need for universal identity providing login and data access.

ID4me – user benefits

Convenient: One ID for everything.

Privacy friendly: Full Data control.

More secure than existing solutions due to separation of roles.

→ Strong need for universal identity providing login and data access.

ID4me – How it works

ID4me – How it works

Based on OpenID Connect / Oauth 2.0 –certification in progress

Separation of roles between authorization (“identity authority”) and user data management (“identity agent”)

DNS (DNSSEC) hostname as ID4me identifier.DNS as the Internet’s public directory for people and services.

Universal Digital Profile

How ID4me differentiates

SSO

with

email

No discovery

but Customer

has to choose ID service

• Limitation of choice

• No standardization

• International footprint

controls offer

Web App

SSO

with

domain name

or

email Web App

Secure discovery of ID service

via DNSSEC

• No limitation of choice

• Open and standardized

• Compatible with existing systems

Universal Digital Profile

Universal Digital Profile

The roles in ID4me

Relying party

(any online service)

Identity

authority

User

Identity

agent

Personal information

Credentials and

consent

Keeps and verifies user credentials

Manages consent to data sharing

Provides service to user

Manages customer

Manages user data

Universal Digital Profile

ID4me – How does the user receive an ID4me identifier?

User Identity agent

TLD registry DNS

7. Provide identifier

2. Register

domain name

3. Set up

DNS records

4. Register identifier1. Acquire service

5. Verify

DNS records

6. Confirm identifier

8. Activate and set credentials

Any valid DNS hostname

(in a domain you can

access) can be your

ID4me identifier, e.g.

“user.open-xchange.net"

Identity

authority

Universal Digital Profile

ID4me – How to use it

User

DNS

Identity agent

Identity authority

Relying party

(any online service)

1. Provide identifier

2. Discover authority

and agent

3. Request

login

4. Enter password (or be

recognized by cookie)5. Login

OK

6. Request user data

7. Send user data8. Login completed

Universal Digital Profile

ID4me Sandbox at one glance

ID4me Documents & Sandbox https://id4me.org/documents

Gitlab Repository https://gitlab.com/ID4meSlack Channel https://ID4me.slack.com

Running EndpointsID4me Agent Dashboard https://identityagent.de/ID4me Authority Issuer https://auth.freedom-id.de/ID4me Authority Dashboard https://auth.freedom-id.de/dashboardACME directory at the Authority https://acme.freedom-id.de/directoryID4me Relying Party (OXAccount) https://hermes.open-xchange.com/ID4me DNS-based discovery https://lookup.freedom-id.de/

Launch

LaunchBeta

Overall Launch Strategy

Germany

Country 2

Country 3

Country …

Proof of Concept

Beta

MVP

LaunchBeta

LaunchBeta

Launch Phases

We are here

The login flow in action - Step 1

The login flow in action - Steps 2 & 3

Optional if you

already have an

open session

Optional if you

already provided

consent and marked

the checkbox

That‘s it!

My name has been

retrieved from my

identity kept by the

identity agent, and

passed on to the

relying party.

The relying party can

create an account

and populate it with

my information.

ID4me – Overview Members and Supporters

ID4me members & supporters

ID4me – How to engage

Become a member.

Subscribe to our mailing lists: https://id4me.org/engage

Join the ID4me Working Groups

Technical WG Governance WG Adoption WG

Vittorio Bertola

Head of Policy & Innovation

Open-Xchange

Katja Speck

General Manager

ID4me AISBL

Marcos Sanz

Head of Software

Engineering DENIC

Meet ID4me @ ICANN63 in Barcelona October 23, 2018

ID4me Workshop at 5:30pm – NamesCon Fiesta 7pmCor23 – The Gallery

Katja Speck

General Manager

katja@id4me.org

www.ID4me.org

Vittorio Bertola

Chair Governance WG

vittorio.bertola@open-xchange.com

www.ID4me.org