By Vittorio Bertola, Head of Policy & Innovation Open-Xchange
No matter how you use the Internet, I can almost guarantee we share a problem: managing our online accounts. We have hundreds of usernames and passwords, we can’t remember them, we end up reusing them or writing them down or storing them in the browser and still we often fail to make them work.
In the last couple of years, an alternative solution has emerged: Internet-wide single sign-on services run by the big OTTs. There is such a desire for this simple solution that almost all websites quickly started to let you “login with Google” or “login with Facebook”. Or with Twitter. Or with all of them: just pick one of a list of ten providers and use their credentials.
This is very convenient, but do you really want an American company whose business is based on monetizing user information to know all the places that you log into, track you as you move among these services, and exchange information on you with them?
This is why a group of European technical leaders that care about openness and freedom – Open-Xchange, 1&1 and Denic – have decided to develop an identity management framework that works just like those of the OTTs, but empowers the user rather than the provider, and protects the user’s privacy and digital freedoms; it is called iNetID.
This framework builds on an existing standard, OpenID Connect, which is the same one that Google and Facebook are using, but extends it to add the features that are necessary to create a single, public identity standard that everyone can implement in an open and interoperable manner.
iNetID allows you to use your own email address, or a hostname in an existing domain name, as an identifier, and uses the DNS to let users specify which company is managing your identity. If a user chooses to locate their identity inside their own personal domain name, they are then able to change their identity manager just by changing a record in the DNS. They can buy their identity service from a company, but then, if they lose trust in that company, they can just move it to another one.
In fact, a user could buy their identity service bundled in with their domain, provided by a domain registrar also acting as “identity agent”; and to give additional security, user credentials would be secured by a trusted third party such as Denic, acting as “identity authority”.
iNetID allows any number of identity agents and identity authorities to exist; you could even run yours off your own server. All the identities interoperate; websites only need to implement the client part of the standard once, and any identity from any authority and agent immediately works.
Only the identity authority actually gets to know a user’s password; the authority can implement any additional security measure, such as two factor authentication, and it is immediately effective for all logins. And if users are concerned about using the same identifier to log into all of their accounts they can create additional ones; exactly like people now use different email addresses to sign up for different services.
But there is more: if desired, customers can decide how much information to provide to their identity agents. A business identity and a separate personal identity? A pseudonymous identity? All possible.
Then, when users access a website for the first time, there is no need for them to re-register; just log in with their identifier, and authorize the website to access only the specific information that they want to share with them.
This may seem like an impossible dream, but the technology exists; we already have a working prototype, and we are publishing open specifications and encouraging people to join the effort.
We think that this is not just useful, but crucial for the future of the Internet. If the Internet community cannot produce an open standard and have it widely adopted, it is very likely that we will be left with a few non-interoperable, closed, opaque systems – and we will all lose an important chunk of our digital freedom and privacy.
So, if you are an ISP that wants to provide iNetID identifiers to customers, or if you are a website that wants to accept them, contact us and start building the future of online identities with us! We can be reached via email and will soon have a website; and you can find us in the Startup Alley at the NamesCon on January 28-31. See you soon!