The Self-Identification Network For Single Sign-On: With mIDm You Are Your Identity Server!

The purpose of this proposal is to eliminate the need for any central registry or authentication service.

The idea behind mIDm - pronounced "My - Dee - Me" - is that people using the web can log in once, on their own website, and then forget about logging in anywhere else.

Photo credit: Davide Guglielmo

It is, in essence, single sign-on for the people.

Billions of words have been written about user identity on the web. Numerous solutions have been proposed: to name a few, Passport, Liberty Alliance, LID, SxIP, PKI, CoSign and more...but no identity management solution has taken hold in any large measure on the World Wide Web...the vast majority of people, on the vast majority of websites, identity continues to be managed via a simple login with a username and a password.

The purpose of this proposal is to eliminate the need for any central registry or authentication service.

That does not mean that it decrees that they must not exist; ... Rather, it means that such registries and authentication services need not exist, that everything the website needs to know about users can come from the users themselves.

The key differences between what I propose and other systems, are:

a) You can self-declare the location of your identity server

b) You can self-identify, that is, you can state for yourself who you are and (say) how you can be reached

c) Self-authentication is good enough (and more to the point, any 'stronger' form of authentication doesn't buy you any greater security than self-authentication does)

What this does, in effect, is to establish a regime where a person's own declaration is the primary source of their identity, their own identity server; they do not need to depend on a proxy (such as a university registration, employment in a corporation, subscription to an internet service provider, or whatever).

Sure, they may at a later time refer to some external agency to provide a reference or recommendation, but even this referral is at the user's discretion.

Moreover, since people choose their own identification server, the level of security they require may be as weak or as strict as they desire. If a simple login with cookie support is enough (as it is for the vast majority of people on the vast majority of websites) then this is all they use; if they want secure sockets layer with IP verification, then they may opt for this as well.

Moreover, by creating a mechanism by which anyone may self-identify, it also creates a mechanism whereby any web service may request identification. A website does not need to belong to a federation, be some part of a trusted network, or some such other secret society.

The self-identification network is open: anybody can play.

Finally - it is necessary to stress again - what mIDm is not is an authentication service. That is, websites have to take the user's word that they are who they say they are. But what it does do is to provide any user who wants it with a unique identity. Also, it is not by itself a solution to other problems, such as comment spam. Though such solutions will rely on a system such as mIDm, they will require a second part (which, yes, I will illustrate in a subsequent work).

What I am trying to prove here is that we can get a free, open and distributed system of single sign-on self-identification off the ground using nothing more than Notepad, some common understandings, and a little ingenuity.

And what I believe we will prove, in the long run, is that this is all we ever needed.

read more about Stephen Downes ingenious proposal:

mIDm Part I

mIDm Part II

Recommended.