DENIC ID – Single Sign-On with my Domain
DENIC ID puts users in control of their digital identity. DENIC ID is based on the open standard ID4me. With the DENIC ID service, DENIC and its members offer secure, data privacy-compliant, universal logins. The solution is innovative: The login is domain-based and completely independent of social media.
A DENIC ID authorises the user to access all online offers that accept ID4me compatible logins, and it is the user's own decision which data they share with the respective provider.
Users Want Centralised Personal Data Management Under Their Own Control
Internet users have a multitude of accounts and related passwords for a variety of websites and online services, but they hardly have any control of their personal digital identity.
- Having numerous individual logins is inconvenient and often leads to choosing insecure passwords.
- The digital identity of a user is unmanageably scattered across the net.
- Unwanted data transfer and tracking of social media logins undermines the users' trust.
Online Service Providers Need Simple Login Solutions
The situation is hardly any better for online service providers. Every new customer needs an account, but all too often users abort the registration process when they have to laboriously enter ever the same profile data again.
- For online service providers, there is no real "open" alternative to proprietary single sign-on (SSO) solutions.
- The need to create accounts during the onboarding process is an obstacle to gaining new customers.
Despite countless password apps, social media logins and isolated solutions for single sign-on, identity management on the net is in a rather poor state.
How Does DENIC ID Work?
The DENIC ID service is based on the ID4me standard. This standard has two functions:
- Authenticate users to access websites that support ID4me logins ("Single Sign-On")
- Pass on personal data in connection with the ID4me login in a data-privacy compliant way, leaving granular control to the user.
Each player assumes other functions:
ID4me adds two fundamental components to the underlying OpenID Connect-Standard:
1. Separate Responsibilities and Flexibility with Regard to ID Agent and ID Authority
Due to the distribution of responsibilities, it is the user who decides - and thus controls - whom they want to entrust with managing their identity and who can choose to keep their digital identity, even if they change the provider.
2. How Domains and the DNS Are Involved
ID4me accounts are linked to the Domain Name System (DNS) through domains. The ID4me user name is based on a domain (e.g. marc.denic.de), and the user can personally determine the responsible login provider by means of a TXT zone entry. When a new ID4me identity is registered, an ACME validation secures that the user has control of the DNS zone of the respective domain.
What is the Role of DENIC and its Members?
DENIC is committed to and supports a free, open and secure Internet by actively promoting and developing open Internet standards.
True to this commitment, we are significantly involved in the design and implementation of the ID4me standard as a free and open single sign-on solution. DENIC is going to operate the DENIC ID Authority right from the start in spring 2019.
DENIC members can create their own ID products as ID agent and/or assume the role of login partners and offer their customers the comfortable registration solution with a DENIC ID.
By the time the ID4me standard goes to market, it will be well documented. Code libraries for a multitude of languages and environments will facilitate integration into existing systems.
How is DENIC ID Different from Other Login Solutions?
There are several other offers in the field of digital identity. Some are designed as closed systems, even though they use OpenID protocols, whereas others are configured much more openly and are well suited to supplement ID4me.
DENIC ID distinguishes itself from other options on the market by the following characteristics:
- Open, federated infrastructure, accessible by a multitude of providers and interoperable via the ID4me standard
- The digital identity is linked to a domain.
- Users can choose their identity provider freely, determine their provider independently via their domain and the DNS and move to another provider, if they like.
- Full transparency for the user when it comes to passing on personal data
- No hidden tracking by the DENIC ID provider or DENIC ID authority