NTT docomo now an OpenID Provider

The largest mobile operator in Japan, NTT docomo, which covers approximately 50% of Japanese population, started offering OpenID authentication on March 9, 2010.

Every docomo user has an identifier called i-modeID. Using this, users can single sign-on to mobile sites using docomo handsets, making one-click payment and other authenticated actions.

These kind of features fueled the great success of mobile commerce in Japan. However, this success has not been extended to the non-docomo handset world of the PC. For the PC, docomo offered a separate identifier called “docomo ID”. As it remained independent of “i-modeID”, it did not enjoy the same kind of popularity.

This situation was remedied today by linking the two different identity systems with OpenID.

As of today, a user can login to a site using “docomo ID” as an OpenID, then the site can obtain “i-mode ID” that is linked to the “docomo ID” transparently. It is expected that the payment on the PC sites through “i-mode payment service” would accelerate content sales through PC.

Some technical idiosyncrasies

NTT docomo published the docomoID Authentication Technical Specification on their web site. As an OP Identifier, one should specify “https://i.mydocomo.com/“. As a normal claimed identifier, one should specify “https://i.mydocomo.com/id/{user_unique_identifier}” where {user_unique_identifier}” is a random alpha-numeric string that is unique to the user-realm pair.

One peculiar feature of docomo’s implementation is that, to provide “i-mode ID” to the content providers, content providers should call a very simple GET API after they obtained the OpenID Assertion. The decision seems to have been made to avoid the transmission of i-mode ID through browsers, which may act as a man-in-the-middle attack point as users’ PC environment is not particularly safe. Using OAuth for this purpose seems to have been an option, but docomo seems to have decided that requiring it on top of OpenID to the content providers seemed to be a little too demanding. Thus, they devised this extremely simple API. Together with it, docomo also defined a kind of contact service API, which allows the content providers to send mail [*1] to the user’s mobile phone without sharing the mail address.

According to their official page, there are 55,692,500 docomo subscribers as of February, 2010. Japan’s population over 15 as of Feb. 1, 2010 is 110,470,000.

[*1] Currently, this “contact service” is currently limited to send a mobile site URL

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.