FedID is a way for people to establish their own universal login credential – a portable representation of themselves that fits seamlessly into existing standard infrastructure.
Login with Google or Facebook actually runs on a web protocol called Open ID Connect, or OIDC. OIDC is the most widely used way to login on the web, also implemented by Microsoft, Linkedin, and many other large and small organizations.
FedID is short for Federated ID Connect, or FIDC. FIDC is perfectly interchangeable with OIDC. A developer can add FIDC by simply changing the URLs in two lines of code.
FIDC itself is built using a protocol borrowed from the “Fediverse” called Activity Pub, which connects, and federates, programs like Mastodon, Lemmy, and Threads. FIDC federates the records that provide identifiers for users. This makes FedIDs both interoperable and permanent. Even if the domain that originally issued a FedID to a person were to suddenly disappear, that user can continue to use their FedID to login to any other FIDC domain.
If Twitter had been an FIDC enabled domain, you could still use your @twitter handle to login to all other FIDC enabled services now. A FedID is like your Twitter handle with the domain you choose, that you can also use at every FIDC enabled service, forever.
In addition to that human-readable handle, your FedID is based on a new kind of key-based Decentralized Identifier, called a DID. You create and hold your FedID ‘master key’ on the first FedID enabled app that you install on your phone. After that, you can use your FedID ‘key’ tolog into any FIDC enabled site or add additional devices to your FedID. The FedID enabled app lets you control a FedID master key, without ever having to see or manage keys.
When you login with FedID, the FIDC servers talk to each other in the background using these keys, and you are securely logged in, without ever typing any login or password. You control the app with face or fingerprint.
A similar benefit is claimed for Passkey, but Passkey does not include a human-readable handle for discovery when connecting to new sites, and Passkey does not offer a secure way to manage your master key because anyone can airdrop Passkeys to anyone else.
A FedID is designed to give you a secure ‘remote control’ to manage other more powerful actions, such as online agents that act on your behalf. This allows you to use the app, and the keys that it contains, to control all of the agents and services you interact with online.
FIDC also offers a seamless path to evolve beyond the monopoly that Google and Facebook hold over OIDC. This may be especially important in the EU, where FIDC will offer regulators a viable alternative.
For full technical documentation see: FedID.me