After criticism, “Sign in with Apple” starts to incorporate OpenID Connect protocol

Sign in with Apple

THE “Sign in with Apple” (“Sign in with Apple”) was introduced in the iOS 13 news package, as a more secure and private way to sign in to various apps and websites. Instead of logging into services with your Google or Facebook accounts, Apple promises a non-tracking login, where the user always knows exactly what is being shared.

Still, the appeal was not immune to criticism: the OpenID Foundation stated that the “Sign in with Apple” it could present some security and privacy risks for not bringing compliance with the institution’s standards – in other words, because it is a closed standard, the Apple feature could not have its reliability certified by third parties. Well… apparently, Apple took criticism into consideration.

In a post recently published on the OpenID blog, the foundation’s president, Nat Sakimura, congratulated Apple for incorporating the protocol OpenID Connect at the “Sign in with Apple”. In his words:

We applaud your team’s efforts to quickly address the critical security and compatibility issues we’ve identified – and implement them while “Sign in with Apple” is still in the testing phase. Now, users will no longer be limited in what services they can use, and can have complete confidence in their security and privacy.

More specifically, OpenID Connect is an “identity layer” that overlaps the OAuth 2.0 protocol, used by Apple. With it, an authorization server is used to verify the user’s identity, making the process more secure and faster.

Sakimura notes that, although Apple has given in to some of the foundation’s requests, the implementation of the “Sign in with Apple” it’s still not perfect. OpenID would still like to see, for example, Apple make a discovery document available, so that existing software and services include the resource more easily – which, apparently, the Cupertino giant has no plans to do.

via Apple World Today