The newly announced and discussed feature “Sign in with Apple” It has not even come into operation, in fact, and is already criticized. THE OpenID Foundation was the one who issued some security and privacy risk alerts involving the news.
According to a letter from the foundation sent by Apple (addressed to its senior vice president of software engineering, Craig Federighi), the company should address four critical points before placing the “Sign in with Apple” in operation:
- Resolves the gaps between “Sign in with Apple” and OpenID Connect, based on feedbacks.
- Use OpenID Connect Self Certification Test Suite to improve interoperability and security of the “Sign in with Apple”.
- Specify publicly that the “Sign in with Apple” compatible and interoperable with widely available OpenID Connect Relying Party software.
- Join the OpenID Foundation.
It is quite clear, of course, that everything revolves around the OpenID Foundation's own interests in relation to the “Sign in with Apple”. She does have a strong reputation; but if it was Apple's interest that the feature was based on the OpenID framework, it would have done it from the start.
The biggest beneficiaries of this unlikely integration between Apple's system and OpenID would be developers, who would almost have to do nothing to adopt “Sign in with Apple” in your apps / services.
Current OpenID Foundation sponsoring members include Google, Microsoft, PayPal, and others.