How DENIC ID Works

The DENIC ID service is based on the ID4me standard. This standard has two functions:

  1. Authenticate users to access websites that support ID4me logins ("Single Sign-On")
  2. Pass on personal data in connection with the ID4me login in a data-privacy compliant way, leaving granular control to the user.

The roles listed in the ID4me standard are distributed among different players:

Each player assumes other functions:

User

  • Person (or machine) who wants to get access to an online service provider for the first time or on a recurring basis
  • ID Agents will provide DENIC ID to users (available in April)

Login Partner

  • Online service provider that accepts ID logins for users to register.

ID Agent

  • Offers users the possibility to purchase or set up an ID account
  • Usually manages the DNS entry of the ID account
  • Stores personal data of the user
  • Passes on data to login partners upon release by the user

ID Authority

  • Registers ID logins for ID agents after successful DNS verification
  • Manages login data of users for ID login
  • Authorises users to register with login partners
  • Manages data release of users for login partners

 

ID4me adds two fundamental components to the underlying OpenID Connect-Standard:

1. Separate Responsibilities and Flexibility with Regard to ID Agent and ID Authority

Due to the distribution of responsibilities, it is the user who decides - and thus controls - whom they want to entrust with managing their identity and who can choose to keep their digital identity, even if they change the provider.

2. How Domains and the DNS Are Involved

ID4me accounts are linked to the Domain Name System (DNS) through domains. The ID identifier (user name) is based on a domain (e.g. marc.denic.de), and the user can personally determine by means of a TXT zone entry who shall be the responsible identity provider. When a new ID4me identity is registered, an ACME validation secures that the user has control of the DNS zone of the respective domain.

When the ID4me login is used at a later date, the login partners in turn can find out via DNS query which ID authority is responsible for the login of the user.

Detailed Information for DENIC Members

Here, you find information on contract arrangements, the technical implementation and ideas for the product design as well as good selling arguments for DENIC ID.

 

Get information