By Vittorio Bertola, Head of Policy & Innovation
No matter how you use the Internet, I can almost guarantee that we have a common problem: managing our online accounts. We have hundreds of usernames and passwords, we can’t remember them, we end up reusing them or writing them down or storing them in the browser, and still we often fail to make them work.
In the last couple of years, an alternative solution has emerged: Internet-wide single sign-on services run by the big OTTs. There is such a desire for this simple solution that almost all websites quickly started to let you log in with Google, log in with Facebook, with Twitter, or with all of them—just pick one of a list of ten providers and use their credentials.
This is very convenient, but do you really want an American company whose business is based on monetizing user information to know all the places that you log into, track you as you move among these services, and exchange information on you with them?
This is why a group of European technical leaders that care about openness and freedom—Open-Xchange, 1&1, and Denic—have decided to develop an identity management framework that works just like those of the OTTs, but empowers the user rather than the provider, protecting the user’s privacy and digital freedoms. It is called iNetID.
This framework builds on an existing standard, OpenID Connect. This is the same one that Google and Facebook are using, but extends it to add the features that are necessary to create a single, public identity standard that everyone can implement in an open and interoperable manner.
iNetID allows the user to use his or her own email address or a hostname in an existing domain name as an identifier, and uses the DNS to let the user specify which company is managing his or her identity. If the user choose to locate his or her identity inside his or her own personal domain name, the user will then able to change identity managers simply by changing a record in the DNS. The user can buy his or her identity service from a company. But if the user lose trust in that company, you can just move it to another one.
In fact, a user could buy their identity service bundled in with their domain, provided by a domain registrar also acting as “identity agent.” To give additional security, user credentials would be secured by a trusted third party such as Denic, acting as “identity authority."
iNetID allows any number of identity agents and identity authorities to exist; the user could even run off his or her own server. All the identities interoperate. Websites only need to implement the client part of the standard once, and any identity from any authority and agent immediately works.
Only the identity authority actually gets to know a user’s password. The authority can implement any additional security measure, such as two factor authentication, and it is immediately effective for all logins. If users are concerned about using the same identifier to log into all of their accounts, they can create additional ones—exactly like people now use different email addresses to sign up for different services.
But there is more: if desired, customers can decide how much information to provide to their identity agents. A business identity and a separate personal identity? A pseudonymous identity? All possible.
Then, when users access a website for the first time, there is no need for them to re-register. All they have to do is log in with their identifier and authorize the website to access only the specific information that they want to share with them.
This may seem like an impossible dream, but the technology exists; we already have a working prototype, and we are publishing open specifications and encouraging people to join the effort.
We think that this is not just useful, but crucial for the future of the Internet. If the Internet community cannot produce an open standard and have it widely adopted, it is very likely that we will be left with a few non-interoperable, closed, opaque systems. And, we will all lose an important chunk of our digital freedom and privacy.
So, if you are an ISP that wants to provide iNetID identifiers to customers, or if you are a website that wants to accept them, contact us and start building the future of online identities with us. We can be reached via email and will soon have a website. You will also be able to find us in the Startup Alley at the NamesCon on January 28 to 31. See you soon!