How DENIC ID Works
The DENIC ID service is based on the ID4me standard. This standard has two functions:
- Authenticate users to access websites that support ID4me logins ("Single Sign-On")
- Pass on personal data in connection with the ID4me login in a data-privacy compliant way, leaving granular control to the user.
Each player assumes other functions:
ID4me adds two fundamental components to the underlying OpenID Connect-Standard:
1. Separate Responsibilities and Flexibility with Regard to ID Agent and ID Authority
Due to the distribution of responsibilities, it is the user who decides - and thus controls - whom they want to entrust with managing their identity and who can choose to keep their digital identity, even if they change the provider.
2. How Domains and the DNS Are Involved
ID4me accounts are linked to the Domain Name System (DNS) through domains. The ID identifier (user name) is based on a domain (e.g. marc.denic.de), and the user can personally determine by means of a TXT zone entry who shall be the responsible identity provider. When a new ID4me identity is registered, an ACME validation secures that the user has control of the DNS zone of the respective domain.