September 2019 - Identity Management | Authentication

ID4me – the Identity Layer the Internet Founders Forgot to Build

Neal McPherson from 1&1 IONOS, on handing back control of data & identity management to the user through implementing the open ID4me single sign-on standard.

ID4me – the Identity Layer the Internet Founders Forgot to Build

© bowie15 | istockphoto.com

The Internet was designed without an identity layer, yet we all log in to multiple services and platforms every day where those services need to identify us for various reasons and with various levels of scrutiny. 

The solution at hand is a username and password for each of these services. This quickly becomes an unmanageable number. With social media logins on Google, Facebook, and the like, there is already a technical solution in place that requires only one username and password for many services. But users and the services utilizing such offerings should ask themselves: What are the costs of this convenience? Because it is certainly not free.

The social media giants use this login information to track user activity and interests in order to profit from their behavioral data. 

For end users, this may well be an upfront cost that they can live with. An often-unforeseen cost is vendor lock-in. Once the user begins using these logins, they need to keep their social media account activated in order to be able to log in to all other accounts. Given recent history, how long will people be wanting to be locked in to Facebook?

For a company offering services requiring a user login it is different. By allowing social media logins, they are essentially giving Google, Amazon, Facebook, etc. information that can be used strategically against them. Because the social login provider can see that the customer uses a certain type of service, they now have the information needed to advertise a competing service – possibly even a service they offer themselves.

Apple’s recent announcement to roll out their own single-sign-on mechanism, Apple ID, means that the next big tech company is jumping on the identity bandwagon. While unfortunately being yet another siloed solution, it shows the importance of data privacy, security, and usability for end users.

Having multiple proprietary systems that are not interoperable (Apple, Google, etc.) is neither user-friendly for the end user nor operationally friendly for services offering logins. In this situation, the identity service is the only winner.

 

"This is the identity solution the Internet founders would have built."  Andreas Gauger, Chairman ID4me Foundation

 

The good news is that the ID4me standard now offers a secure and non-profit solution. ID4me takes the benefits of social media logins and pairs them with open standards to create a federated open-identity protocol with a high level of usability and privacy by design.

The new standard allows users to log in to the hundreds of services they use with one ID – their domain or email address – and one password. It will enable them to review where they have logged in and what data has been provided to the service.

In the future, the ID4me protocol will be further developed to even allow users to recall data they have shared and transfer data updates to all their relevant services; say, for example, if an email address or telephone number changes. This will be a tremendous benefit for the user as well as for any services struggling with data that is incorrect or obsolete.

A cornerstone of the standard is the Domain Name System (DNS). This allows the discovery of which identity service is being used by which individual user, allows for competition, and prevents vendor lock-in.

The DNS handles billions of queries daily and is something most companies on the Internet already use on a daily basis, so ID4me does not force any massive technological change on users and services, unlike some of the blockchain ideas which are currently popular.

The central point for ID4me is the Identity Agent. The Agent is in direct contact with the end user, providing a service for managing identities and identity data. This identity data is provided upon request to Login Partners with valid access rights. The Agent is also responsible for ID4me registration and setting/changing the ID4me password, which is securely created by redirecting to the Identity Authority.

The Identity Authority acts as the neutral trust anchor that authenticates the end user. Its OpenID-based technology stores the corresponding password verifier for each ID4me Identifier and verifies ID4me registration requests from Identity Agents. It also provides a transfer mechanism for passing the right of the identity management for a given ID4me Identifier from one Identity Agent to another.

Much work has been done building resources in recent months. Plugins and software libraries are in place for easier testing and implementation of an ID4me login option. WordPress projects, for example, can now be accessed via the ID4me Plugin. Other important CMS systems such as Joomla, Drupal, and Typo3 are in the works.

 

“As groundbreaking as a single sign-on service might be, it has to be embraced by users. Someone has to get the ball rolling, create added value and a network effect for ID4me.  And this is exactly what we’ve set out to do.”
Achim Weiss, CEO at 1&1 IONOS

 

At Europe’s largest hosting company, 1&1 IONOS, customers increasingly demand a mix of different services to build and manage their web presence and other online applications. These services and platforms require online access and login.

This is especially true for those SME customers and their employees who are neither able to use social media logins nor implement expensive enterprise-grade login solutions. It’s almost as if there is a vacuum where there is no proper identity solution that is both reliable and cost efficient.

In order to help our SME customers deal with this issue, we were looking for a single-sign – one that customers could use to access all the various services inside and outside the 1&1 IONOS world. Ensuring that we maintained maximum and international reach meant that a proprietary solution was out of the question.

Being a firm believer in a free and open Internet (1&1 IONOS has used and contributed to open source software since its foundation), it quickly became obvious that any solution had to be federated and open source so that other organizations could also implement and build on it. In other words, a solution that benefits everyone in the Internet ecosystem, most of all the end users.

We decided to go for DENIC's ID4me solution DENICid, as it is a very good and mature setup of tech. and governance provided by an unbiased and trusted company – after all, DENIC is already running a major function of the German Internet, which scores highly in all the functionality and stability criteria we wanted.

First, we will be rolling out the ID4me login on our WordPress product and as a login option on the control panel and Webmailer. Alongside a number of 1&1 IONOS’ partners, an ID4me option will be implemented for services such as HiDrive, Ranking Coach, and Plesk by the end of 2019.

As groundbreaking as a single sign-on service might be, it has to be embraced by users. Someone has to get the ball rolling, create added value and a network effect for ID4me. And this is exactly what we’ve set out to do. We at 1&1 IONOS believe strongly in this, and are happy to be first movers and investors in this space. Not doing it – and letting proprietary solutions dominate the identity landscape – is a much greater risk.

 

“An identity layer that combines trust and ease-of-use with commercial opportunity.” 
Thomas Keller, Head of Domain Services at 1&1 IONOS

 

ID4me is making use of the Internet’s underlying infrastructure to finally provide users with a useful, secure, privacy-friendly, and open identity service, which has the potential to replace those existing single-sign-on solutions.

In a world where data management and privacy are more and more subject to threats of exploitation, a service that hands back control over data to the user – where it rightfully belongs – should be a no-brainer.

For the hosting community it should be obvious that helping their customers make their password management trusted, easier, and transparent will help them secure a position outside the walled gardens of the large conglomerates. At the same time, it provides them a new use case for a product they know how to manage, while simultaneously providing them new and important roles in the ID4me identity layer.

 

Neal McPherson has worked at 1&1 IONOS for 8 years in various roles within the Domain Department and specializes in finding new products and services for IONOS to fulfill SME customers’ needs. He is passionate about new technology and business models, currently helping to drive ID4me adoption.

 

 

Please note: The opinions expressed in Industry Insights published by dotmagazine are the author’s own and do not reflect the view of the publisher, eco – Association of the Internet Industry.