Note on Cookies

We use cookies and Google Analytics to provide a most user-friendly website and continuously improve the user experience for you. If you continue to visit the website, you agree to our use of cookies and Google Analytics.

You find more detailed information on the use of cookies and how to deactivate Google Analytics' recording of your visit to our website in our Data Privacy Statement.

O.k.

DENIC ID – Single Sign-On with my Domain

DENIC ID puts users in control of their digital identity. DENIC ID is based on the open standard ID4me. With the DENIC ID service, DENIC and its members offer secure, data privacy-compliant, universal logins. The solution is innovative: The login is domain-based and completely independent of social media.

A DENIC ID authorises the user to access all online offers that accept ID4me compatible logins, and it is the user's own decision which data they share with the respective provider.

Users Want Centralised Personal Data Management Under Their Own Control

Internet users have a multitude of accounts and related passwords for a variety of websites and online services, but they hardly have any control of their personal digital identity.

  • Having numerous individual logins is inconvenient and often leads to choosing insecure passwords.
  • The digital identity of a user is unmanageably scattered across the net.
  • Unwanted data transfer and tracking of social media logins undermines the users' trust.

Online Service Providers Need Simple Login Solutions

The situation is hardly any better for online service providers. Every new customer needs an account, but all too often users abort the registration process when they have to laboriously enter ever the same profile data again.

  • For online service providers, there is no real "open" alternative to proprietary single sign-on (SSO) solutions.
  • The need to create accounts during the onboarding process is an obstacle to gaining new customers.

Despite countless password apps, social media logins and isolated solutions for single sign-on, identity management on the net is in a rather poor state.

DENIC ID – Single Sign-On with my Domain

The open and DNS-based ID4me standard links domains and digital identity. This benefits users and providers alike. The DENIC ID service

  • Gives users control of their digital identity.
  • Enables users to login via one single account to all participating online services.
  • Leaves it to the user to decide which personal data they want to be passed on.
  • Offers online service providers access to an independent and data privacy-compliant solution for central user authentication.
  • Facilitates seamless onboarding of new customers for online service providers.
  • Adds new options how to use a domain and opens up new customer segments.

How Does DENIC ID Work?

The DENIC ID service is based on the ID4me standard. This standard has two functions:

  1. Authenticate users to access websites that support ID4me logins ("Single Sign-On")
  2. Pass on personal data in connection with the ID4me login in a data-privacy compliant way, leaving granular control to the user.

The roles listed in the ID4me standard are distributed among different players:

Each player assumes other functions:

User

  • Person (or machine) who wants to get access to an online service provider for the first time or on a recurring basis

Login Partner

  • Online service provider that accepts ID logins for users to register.

ID Agent

  • Offers users the possibility to purchase or set up an ID account
  • Usually manages the DNS entry of the ID account
  • Stores personal data of the user
  • Passes on data to login partners upon release by the user

ID Authority

  • Registers ID logins for ID agents after successful DNS verification
  • Manages login data of users for ID login
  • Authorises users to register with login partners
  • Manages data release of users for login partners

ID4me adds two fundamental components to the underlying OpenID Connect-Standard:

1. Separate Responsibilities and Flexibility with Regard to ID Agent and ID Authority

Due to the distribution of responsibilities, it is the user who decides - and thus controls - whom they want to entrust with managing their identity and who can choose to keep their digital identity, even if they change the provider.

2. How Domains and the DNS Are Involved

ID4me accounts are linked to the Domain Name System (DNS) through domains. The ID4me user name is based on a domain (e.g. marc.denic.de), and the user can personally determine the responsible login provider by means of a TXT zone entry. When a new ID4me identity is registered, an ACME validation secures that the user has control of the DNS zone of the respective domain.

When the ID4me login is used at a later date, the login partners can find out via DNS query which ID authority is responsible for the login of the user.

What is the Role of DENIC and its Members?

DENIC is committed to and supports a free, open and secure Internet by actively promoting and developing open Internet standards.

True to this commitment, we are significantly involved in the design and implementation of the ID4me standard as a free and open single sign-on solution. DENIC is going to operate the DENIC ID Authority right from the start in spring 2019.

DENIC members can create their own ID products as ID agent and/or assume the role of login partners and offer their customers the comfortable registration solution with a DENIC ID.

ID Agent

  • DENIC ID as an add-on service for domains
  • Registration of DENIC IDs with the DENIC ID Authority
  • Creation of DNS entries (DNSSEC-secured) for DENIC ID
  • Enhancement of customer retention
  • With a DENIC ID, customers have access to all complementary services that are ID4me compatible
  • Integration effort: medium

Login Partner

  • DENIC ID as login option
  • Simple onboarding of new customers with DENIC ID
  • Account information can conveniently be filled in in advance due to released user data
  • No separate password management required
  • Integration effort: low

 

By the time the ID4me standard goes to market, it will be well documented. Code libraries for a multitude of languages and environments will facilitate integration into existing systems.

How is DENIC ID Different from Other Login Solutions?

There are several other offers in the field of digital identity. Some are designed as closed systems, even though they use OpenID protocols, whereas others are configured much more openly and are well suited to supplement ID4me.

DENIC ID distinguishes itself from other options on the market by the following characteristics:

  • Open, federated infrastructure, accessible by a multitude of providers and interoperable via the ID4me standard
  • The digital identity is linked to a domain.
  • Users can choose their identity provider freely, determine their provider independently via their domain and the DNS and move to another provider, if they like.
  • Full transparency for the user when it comes to passing on personal data
  • No hidden tracking by the DENIC ID provider or DENIC ID authority

The Next Steps

The current schedule for the future reads as follows:

January 2019
Finalisation of interfaces, contracts and documentation; more detailed information about the DENIC ID authority in the member section of the DENIC website

February 2019
DENIC members can start integration as ID agent and/or login partner

March 2019
Official market launch of DENIC ID at CloudFest 2019

Ongoing al through 2019
Aquiring new login partners, in particular from the hosting, SaaS and domain industry