The OpenID foundation has written an open letter to Apple arguing that the upcoming ‘Sign in with Apple’ feature bears similarities to OpenID Connect, but lacks privacy and security.
‘Sign in with Apple’ was launched at WWDC 2019 earlier this month. Users can simply use their Apple ID for authentication purpose instead of using a social account, or their email addresses, etc. Apple will be protecting users’ privacy by providing developers with a unique random ID. However, the OpenID Foundation is questioning some of the decisions Apple made for Sign In with Apple.
The OpenID Foundation is a non-profit organization with members such as PayPal, Google, Microsoft, and more. The OpenID Foundation controls numerous universal sign-in platforms using its OpenID Connect platform.
The letter states, “It appears Apple has largely adopted OpenID Connect for their Sign In with Apple implementation offering, or at least has intended to. However, there are differences between the two are tracked in a document managed by the OIDF certification team. The current set of differences between OpenID Connect and Sign In with Apple reduces the places where users can use Sign In with Apple and exposes them to greater security and privacy risks. It also places an unnecessary burden on developers of both OpenID Connect and Sign In with Apple.”
The OpenID team has listed down the differences between Apple’s Sign in and OpenID Connect. The differences were identified by the OpenID Foundation’s Certification team and the identity community at large.
The letter asks for Apple to “address the gaps,” use the OpenID Connect Self Certification Test Suite, state that Sign in with Apple is compatible with Relying Party software, and finally join the OpenID Foundation.
You can read the full open letter here. Testing of Sign in with Apple will start later this summer ahead of iOS 13’s fall launch window.
Apple showcases privacy innovations at WWDC 2019: Sign in with Apple, AdGuard Pro, and more.
I remember deciding to pursue my first IT certification, the CompTIA A+. I had signed…
Key takeaways The transformer architecture has proved to be revolutionary in outperforming the classical RNN…
Once we learn how to deploy an Ubuntu server, how to manage users, and how…
Key-takeaways: Clean code isn’t just a nice thing to have or a luxury in software projects; it's a necessity. If we…
While developing a web application, or setting dynamic pages and meta tags we need to deal with…
Software architecture is one of the most discussed topics in the software industry today, and…