September 2018 - Identity Management | Domains | DNS

ID4me – An Open, Global, Federated Standard for Digital Identity Management

There is clearly a strong need for a universal digital identity – and the public, open, privacy-friendly ID4me protocol offers just the solution, as Katja Speck explains.


© Artystarty |

Many users are tired of remembering hundreds of usernames and passwords. On average, the approximately 4.1 billion global Internet users are managing between 100 and 200 accounts with different password requirements. Users are looking for a secure and convenient solution from trusted providers they can rely on. 

There is obviously a strong need for a universal digital identity providing login and data access. The process should be fast and convenient for the user, respect users’ data privacy, and provide data security.  But so far there has been no secure and convenient Single-Sign-On standard that respects users’ data privacy. Until now: ID4me. 

ID4me is a public, open, federated, privacy-friendly, global identity management protocol. It has been established to provide a global universal digital standard for identity management. The ID4me protocol offers just the solution users have been needing, and leaves the users the freedom to choose their provider or change their provider at any time without losing their digital identity.

The benefits of ID4me

One of the main benefits for users is the convenience of using one ID for everything. With ID4me, the initiative is aiming to provide a standard that enables users to log in to all their favorite portals, online shops, apps, cloud products etc. by using their ID4me. Of course, those portals have to offer ID4me as a login option first. But once ID4me is established, the “forgot password” and password recovery function will be history. That’s not only a lot more convenient for users; the ID4me organization believes it will relate to a higher conversion rate during the login process for every website, app, or portal offering a login.

ID4me is a Single-Sign-On that leaves the data control with the user. They decide to whom to give their data, e.g. their address for delivery services. Users are able to take that consent back at anytime. That’s a huge difference, as with most Social Media Single-Sign-Ons that decision is made for the user but not actively by the user. ID4me provides a data account statement with an overview to show ID4me users to whom they provided their data.  

In a nutshell, ID4me provides a full data sharing control: Once signed up, any data set can be safely added. The decision to share each set of data information with a provider happens on the fly and is controlled by the ID4me user. Access to the data can be revoked at anytime. With ID4me, users are on track concerning who has their data. 

ID4me is already considering adding a push-functionality that provides users with the ability to update data at Signed-up Services instead of updating their accounts individually. When people change their names or address, it’s usually a hassle to update all service providers.

Users are free to choose their identity provider. With a social media login, users are stuck for life. If they decide to delete their social media profile, they are no longer able to use it as a Single-Sign-On. ID4me users are not only free to choose their identity provider, they can change their provider at any time.

The ID4me mission

ID4me AISBL (in foundation) is an open group of Internet service providers, software developers, and other entities that care about the future of the Internet and want to defend its distributed and federated architecture when it comes to digital identities. The initiative’s mission is to provide end users with open and internationally available identity services that adhere to security and data protection standards, that foster user choice, and that avoid identity lock-ins. To do so, ID4me is aiming to set up an open federation of identity providers which are committed to an open, transparent, and binding policy framework around the ID4me standard. Leveraging this framework, ID4me will be able to enforce and to be held accountable to its mission.

To foster adoption and remove barriers to market entry, ID4me builds on public and open standards (OpenID Connect and DNSSEC) and releases all of its specifications as open, royalty-free standards, submitting them to the appropriate Internet standardization bodies. Entities already running Single Sign-On systems based on OpenID Connect should be able to extend them to provide ID4me identifiers quite easily.

The separation of roles between authentication and the user’s data management.

An important competitive advantage is the separation of roles between authentication, which is similar to the password check, and the management of the user’s data. The separation of roles is already provided in the OpenID Connect standard, but so far is only used by ID4me.  This is so important because it increases the security of the user’s identity. 

The ID4me standard provides two roles, called the Identity Agent and the Identity Authority, to ensure this security-related separation of powers. The Identity Authority is responsible for the authentication. The user’s data, however, is managed by the so-called Identity Agent. 

Users can pick and choose the provider to manage their identity (called the “Identity Agent”). This could be a registrar, a telco provider, or any trusted portal that users choose to manage their digital identities. 

The ID4me digital identifier

The Identifier is a domain name, and the identification takes place in the DNS (DNSSEC). The DNS (DNSSEC) host name (e.g. is chosen as the ID4me identifier by the Identity Authority.

The DNS, as the Internet’s public directory for people and services, has already been established as a global standard and has a proven track record to scale. A special DNS entry enables the Identity Agent that manages the user data to be located transparently. Based on the discovery functionality, it is possible to see who is responsible for the administration of the ID4me user data.

This transparent discovery, in turn, enables the portability of the ID4me digital identity.
As a result, each user has the free choice of identity agent, and can change it at any time.
That is unique among the Single-Sign-Ons. Social media logins, for example, do not provide discovery functionality. If a user no longer wants to use Facebook, they are not able to move their Facebook login to another provider.

ID4me founding members are 1&1, DENIC, and Open-Xchange. The members and supporters include DomainNameAssociation, DotBerlin, the eco Association, i2coalition, Nominet, Univention, and many more. This is an opportunity to create a global standard for identity management through a federated architecture for what relates to digital identities.

The ID4me documentation and Sandbox are public: 

Join ID4me.

All those who would like to get actively involved are welcome to join the ID4me working groups Adoption, Governance and Technology and become a member:

Want to learn more about ID4me? 

Feel free to reach out to or meet us at one of the upcoming conferences:

Katja Speck, General Manager at ID4me AISBL (in foundation) is establishing ID4me as a non-profit organization, managing the GoToMarket and driving business development for ID4me with the aim of establishing a global open standard for digital identity management. Katja has held senior positions in the online industry for more than 10 years and founded DigitalMarketExpert in 2014.

Please note: The opinions expressed in Industry Insights published by dotmagazine are the author’s own and do not reflect the view of the publisher, eco – Association of the Internet Industry.