contador web Skip to content

After criticism, “Sign in with Apple” incorporates OpenID Connect protocol

O “Sign in with Apple” (“Signing in with Apple”) was introduced in the iOS 13 news pack as a safer, more private way to sign in to multiple apps and websites. Instead of joining services with their Google or Facebook accounts, Apple promises an untracked login where the user always knows exactly what is being shared.

Still, the feature was not immune to the critics: the OpenID Foundation stated that the “Sign in with Apple” could pose some security and privacy risks by not bringing compliance with the institution's standards in other words, by being a closed standard, Ma's resource could not be trusted by third parties. Well apparently, Apple took the critics into consideration.

In a post recently published on the OpenID blog, Foundation President Nat Sakimura congratulated Apple on incorporating the protocol. OpenID Connect at the “Sign in with Apple”. In his words:

We applaud your team's efforts to quickly address the critical security and compatibility issues we have identified and implement while Sign in with Apple is still in the testing phase. Now users will no longer be limited to the services in which they can use the feature, and can have complete confidence in their security and privacy.

More specifically, OpenID Connect is an “identity layer” that overlaps Apple's OAuth 2.0 protocol. With it, an authorization server is used to verify the identity of the user, making the process safer and faster.

Sakimura notes that while Apple has given in to some of the foundation's requests, the implementation of the “Sign in with Apple” Still not perfect. OpenID would still like to see, for example, Ma make a discovery document available, so that existing software and services can more easily include the feature than the Cupertino giant apparently has no plans to do.

via Apple World Today