The Identity Problem

The challenge with online identification lies in the fact that even though the underlying technology is similar everywhere on the Web, users still need to manage multiple accounts on different web sites. In fact, the Identity Management problem is three-fold:

  1. Users need to remember multiple passwords and usernames - one for each Web Site they are registered with.
  2. Users tend to use the same password on several Web Sites, thus creating a security risk.
  3. Whenever User's personal data changes, the User needs to update his personal data on several Web Sites. Some web sites are forgotten, contacts with customers are lost.

Most existing schemes require the WSP (Web Service Provider) to trust an Identity Provider to uphold certain security policies and to protect the privacy of the users. This trust link doesn't exist in today's Internet, and this is one of the main reasons why the users today have separate logins and passwords for each website they use.

The SlashID Solution

With SlashID, we manage to eliminate this artificial trust link. Our Patent-Pending technology assures the Users that only websites of their choice will have access to their data. On the other hand, the WSP can be assured that only the users that they have relationship with can login. SlashID is so secure that even a rogue employee within SlashID.com could not duplicate a users credentials.

How does SlashID work?

SlashID manages your passwords so that your password never leaves your computer. The SlashID doesn't know your password, and therefore cannot lose or disclose it to anyone.

SlashID never issues assertions, which means that no web sites have to ever rely on us for the authentication of their users. Instead, SlashID helps your browser decrypt your Shared Secret, which is then sent directly to the Website, without disclosing it to SlashID.

That's right, all that is happening inside your browser. Any information that is stored by SlashID is encrypted using your password - we couldn't decrypt it even if we wanted to!

What about my personal information?

That is also encrypted using your password, and stored by SlashID. Whenever you wish to disclose any of that information to a Website, it is decrypted in your browser and sent directly to the Website.

We manage your name and address, but we don't know who you are and where you live! This is why we call this Identity Management system "anonymous".

Is SlashID an alternative to OpenID?

These systems are applicable in different situations. OpenID is better when you can put a full trust in the Identity Provider, by giving them your password and telling them who you are.

SlashID is better when you need to be sure that you, and only you, know your password. It is also better if you want to remain anonymous towards the Identity Provider.

Is SlashID decentralized, like OpenID is?

Not yet, but we want it to be.

It is only possible to de-centralize SlashID when the system stops relying on Javascript issued from our website. This will happen when browser plugins or core browser modifications which support our protocol are widely available. Until then, the system must remain centralized.

Is the User Experience different from other Identity Management systems?

You can see for yourself on our sample blog. The SlashID experience is the same or easier than any other system. After you created your account you can register on websites with just a few clicks. When you have logged into a website, you can login to any other SlashID-enabled website with just one click (supported browsers only).

What if SlashID is down? Can I still log in?

Most websites offer a "Forgotten password" option, which in most cases will email you a temporary password and username. For such websites, you just use this option whenever SlashID is down, and keep using your temporary credentials until SlashID is back up.

More Information

For more information about SlashID solution and its benefits, please see our Whitepaper. A more technical and detailed whitepaper will be published shortly.

SlashID protocol is open and available for anyone to inspect. For the technical details on the internal workings of the SlashID system, please see the protocol documents:

© 2007 SlashID Corporation