OneID: Trustable (bring your own) Identity

General overview documents

OneID Executive Summary
A short summary of why OneID is important and the key features.

Introducing OneID
A longer summary of why OneID is important

OneID 9 page Overview.docx
A Microsoft Word document with an overview of OneID

Introductory videos

OneID checkout at Portero (40 seconds)
Typical OneID implementation at a high-end shopping site.

OneID on Magento: before and after
Shows difference of a OneID enabled site vs. traditional site

OneID Quick Tour Video (90 seconds)
A quick video tour of OneID from a consumer point of view explaining how it works and how to use it. This is the fastest way to get a pretty complete overview of many OneID capabilities.

OneID New User Intro video (120 seconds)
Video that is offered to new users after they create their OneID.

OneID benefits for e-commerce sites (video)
A short non-technical video of OneID benefits to e-commerce sites.

Using OneID with SSH (60 seconds)
Shows how you can pair the SSH app with your OneID, adding it as a new device. Then you can select the security level for that device. The net result is that when you SSH to a remote system, you can use your OneID to control the LoA. No changes are needed at the client. Only the server is modified. The step-up authentication can be set on a per public key basis so users without OneID are not affected. The security is set by the max of that required by the user and the server admin.

The world's most secure garage door opener (secured by OneID)
Use your OneID to open your garage door.

The technology behind OneID

OneID technology overview
Explanation of the core authentication protocol and some of the unique features

OneID An architectural overview v4.pdf
A 6 page whitepaper on how OneID is constructed

How OneID works: The basics
A short description of the basic concepts behind OneID. A simplified description of 4 key OneID operations.

How OneID works: The details
An in-depth description of how 9 core OneID operations work

OneID detailed protocol specifications
Detailed protocol specification for all of the OneID end-to-end secure protocols for authentication, authorization, and pairing.

OneID unique features
50 features of OneID that you won't find in other cloud identity services

Requirements for a trustable cloud identity provider
A list of 27 requirements for a trustable cloud-based federated identity provider. OneID meets all 27. Most other cloud identities ("bring your own identity") meet only a few.

Why I started OneID
The history of how OneID was started and why it was designed the way it was. Describes the limitations of existing solutions to digital identity and how OneID overcomes those problems. Explains why OneID is the safest, easiest to use, and most private identity available today.

OneID core authentication/authorization protocol (8 minute video)
Video explains the core OneID sign in protocol in detail

OneID fraud prevention
Anti-fraud techniques that OneID can deploy

OneID Threat Analysis
A preliminary threat analysis


Where you can use OneID today
Over 100 websites where you can use OneID today.

OneID key selling points
Key selling points for various industries

OneID and SSH: The best two-factor auth for SSH ever
Shows how to configure SSH to work with OneID. There are no client-side modifications. SSH with a 2-factor add on is still a single point of failure. SSH with OneID eliminates the security risk.

OneID interoperability
Describes Shibboleth, GLUU, OpenID 2.0, OpenID Connect, and SAML 2 interfaces to OneID so OneID can be used with those systems

60 Identity Problems that OneID can help solve
A list of 60 identity problems that OneID can help solve

OneID and Meaningful Use Stage 2 Standards and Certification
Using the capabilities inherent in OneID can make architecting solutions to the Meaningful Use healthcare requirements much easier.

The grand vision: Future applications of OneID
A list of some future applications that OneID enables

OneID and identity proofing
Users only have to go through the pain to identity proof their OneID identity once. We can then share those assertion(s) with you (with the user's permission).

OneID and PCI DSS 2.0: OneID is the world's best cardholder vault
OneID is better than storing at any PCI compliant vendor, better than handling cardholder data yourself. With OneID handling the transaction, you minimize that liability because the cardholder data in the vault can't be decrypted except by the user himself!

OneID and enterprise security: SSO, SSH, VPN, and an unbreakable data vault
OneID has a PAM module and can be used to secure SSO, VPN, and SSH. OneID is also the ideal repository for enterprise secrets, such as for storing a private key used with SSH. Today, these private keys are unprotected. With OneID, private keys can be retrieved on demand from the OneID servers (where they can never be decrypted), used for login on the server, and then discarded. OneID can also be used for authentication to SSO systems (replacing username and password). OneID is both  easier and much more secure (immunity to all known attacks).

Browser extensions
We have browser extensions for Chrome (publicly released), as well as unreleased extensions for Firefox, Safari, and Internet Explorer. The extensions are 100% optional. They allow you to use OneID to auto-fill information on websites which have not been modified to support OneID natively (which is most websites). The extensions currently do not do username/password at this time.

Mobile apps
OneID for mobile apps will be coming soon. Contact us if you would like to be a beta tester.

Desktop apps
OneID for desktop apps like Dropbox will be coming soon. Contact us if you would like to be a beta tester. We now have OneID working with SSH now. So OneID is now working outside of the browser.

Enterprise applications

OneID enterprise provisioning
Describes how to provision OneID with enterprise applications supporting OneID

OneID and enterprise SSO/IAM: SaasID, Imprivata, Ping Federate, ForgeRock, Quest One, Gluu, Centrify
Describes how OneID works with enterprise SSO and IAM products including step-up authentication.

Competitive comparisons

OneID compared with traditional cloud identity providers such as Facebook, and protocols such as OpenID and SAML2
Compares OneID to traditional cloud identity providers and protocols that are based on IdP-centric models such as OpenID 2.0 and SAML 2.0.

OneID compared with two-factor add-on solutions such as Authentify, PhoneFactor
Here's how OneID compares to Authentify, PhoneFactor, and other second-factor add-ons (although they aren't really comparable since OneID is a complete digital identity, not a second factor add-on). Also discusses why OneID has the best immunity to Eurograbber and other threats that can bypass two-factor add-ons.

Developer documentation

OneID developer site

OneID Integration Overview

Linking OneID with existing accounts

Javascript API (details)

Javascript API sum mary

Code example for login, step-up authentication, and RP server generated push notifications

Demo page

SDKs for .net, PHP, Drupal, Python, django, Java

OneID WordPress plug-in

SDK for Magento: Contact us at

Consumer FAQ and Q&A

OneID Support


OneID testimonials
Quotes from the press, corporate CIOs, identity architects, security bloggers, and CISOs

OneID awards
A list of awards and accolades

How Twitter could permanently end password breaches
2FA isn't the answer. Implementing OneID can make password breaches "go away."

Questions from readers on the content on this site.