If you are a participant of the CloudFest Hackathon and read about ID4me, would you like to try out a new digital profile? As a member of the ID4me Plugin Fiesta project, you will find all the information you need here: All of the preparation needed, the step-by-step instructions on how to register your ID for testing, completing the DNS Challenge, setting your password, logging in, and, finally, testing it with a real application.
Preparation and Requirements
ID4me is based on your domain name. In order to register your Digital Identity, your domain must be completely set up already.
In this article, we assume that you have a domain to begin with. If not, you will find all the necessary information on how to register your own here.
Throughout this article, we will use the domain id4me.family as an example.
Register the ID
There are several websites where ID4me identities are offered. We use the Demo Identity Agent service, which is available at https://identityagent.de. The service is free of charge and is not based on any specific domain provider. However, the identities are only suitable for testing purposes because they cannot be guaranteed that the Demo Identity Agent service will be available in the long term.
This service also allows you to manage your data after logging in. We will use these functions later, but for now, we only use the service to create a new ID with the name jon.id4me.family:
- Click on the Register link below the input field or follow this link: https://identityagent.de/register
A digital identity usually consists of two parts: The identifier and your domain name. In our example, the identifier is jon and the domain name is id4m.famliy. We therefore enter jon.id4me.family in the Domain field.
To create your own digital identity, proceed as follows:
- Enter your identifier and your domain name in the Domain field.
- Check the box to Agree to the General Terms and Conditions.
The second option I want to start registration for someone else is not necessary. This option is only intended for creating an ID for another person.
Complete the DNS Challenge
Before your digital identity is assigned to the domain name, a DNS check takes place. This helps to ensure that the domain is owned and controlled by the person who is creating the identity. Using this service, this is achieved by the DNS Challenge using the ACME protocol.
A special DNS configuration of the domain is also required. This configuration shows which service offers the authorization. The DNS entries required will be displayed in the browser.
The _acme-challenge entry is the TXT record needed to prove ownership and control of the domain. This entry can be removed after completion of the configuration.
_openid is the TXT entry with a pointer to the ID4me service. This value must always be set for your ID to work.
Both entries must be created with your DNS/hosting provider.
If your provider supports the Domain Connect option, you are lucky. You can avoid manual configuration and continue with the Do Settings with Domain Connect option. Since in our example the domain id4me.family is registered with IONOS, we can select this option and complete the configuration with a few easy clicks.
The DNS challenge is now complete.
Setting a Password
In the next step, the browser forwards you to the Identity authority. This is where you can set the password for your new identity.
- Enter the password twice in the respective fields and confirm with Save.
Once you have set the password for your ID, the Digital Identity setup is complete! Your ID can now be used
Once the ID has been created, log back in to the Demo Identity Agent service. Your browser will redirect you directly to the login screen, and you will land on the form where you can enter your personal data.
This is the data that is later made available to the services that you use with your digital identity.
In our example, we enter the first name, last name, email address, and name.
Let's give it a try!
In order to use the new digital identity, it must be supported by the service you try. Open-Xchange already supports ID4me, so use the URL https://hermes.open-xchange.com for the test.
- Enter the ID you just created. In our example this is the ID jon.id4me.family.
- Click on Login with ID4me.
Since the ID is still logged in, the Identity Authority will not request a password. However, you must confirm which data to share with the OpenExchange service. In this way, you have full control over which data is passed on and with which service.
The required data is preselected and printed in bold.
Once this step is complete, you will be logged in, and your data will be shared with the service.
Please try it out and give us your feedback in the comment section below!