Apple announced the availability of "Sign In with Apple" button at WDDC 2019, which feature presents new option of accessing applications now that everyone is more concerned about privacy; but the safety of the sign-in button is currently being questioned by the OpenID Foundation.

According to the OpenID Foundation, there isn't much difference between Apple’s implementation of the “Sign In With Apple” and OpenID Connect protocol, with the former implementation taking some clue from the latter, though it isn't completely aligned.

The major differences between OpenID Connect and Sign In with Apple reduces only in places where users can use Sign In with Apple, and it exposes them to greater security and privacy risks, with unnecessary burdens saddled on developers of both the OpenID Connect and Sign In with Apple.

Apple will be required to adopt the OpenID Connect Relying Party software, the identity protocol built on OAuth 2.0 to become interoperable in order to close the current gaps, and enable third-party login to applications in a standard way.

The OpenID Foundation, however applauds Apple’s efforts in allowing users to login to third-party applications with the Apple ID, and calls on the company to implement the OpenID Connect Self Certification Test Suite to improve the interoperability and security of Sign In with Apple.

Apple Sig-in button is coming on the heels of the single sign-on (SSO) buttons of Google and Facebook, which are other options available for web users in accessing third-party web and mobile applications.

How Apple’s implementation of the "Sign In With Apple” button exposes users to more security risks



Apple announced the availability of "Sign In with Apple" button at WDDC 2019, which feature presents new option of accessing applications now that everyone is more concerned about privacy; but the safety of the sign-in button is currently being questioned by the OpenID Foundation.

According to the OpenID Foundation, there isn't much difference between Apple’s implementation of the “Sign In With Apple” and OpenID Connect protocol, with the former implementation taking some clue from the latter, though it isn't completely aligned.

The major differences between OpenID Connect and Sign In with Apple reduces only in places where users can use Sign In with Apple, and it exposes them to greater security and privacy risks, with unnecessary burdens saddled on developers of both the OpenID Connect and Sign In with Apple.

Apple will be required to adopt the OpenID Connect Relying Party software, the identity protocol built on OAuth 2.0 to become interoperable in order to close the current gaps, and enable third-party login to applications in a standard way.

The OpenID Foundation, however applauds Apple’s efforts in allowing users to login to third-party applications with the Apple ID, and calls on the company to implement the OpenID Connect Self Certification Test Suite to improve the interoperability and security of Sign In with Apple.

Apple Sig-in button is coming on the heels of the single sign-on (SSO) buttons of Google and Facebook, which are other options available for web users in accessing third-party web and mobile applications.

No comments