OpenID Foundation Says ‘Sign In with Apple’ is Not Secure Enough

The OpenID Foundation, the organization behind the OpenID open standard and decentralized authentication protocol, has penned an open letter to Apple in regards to the company’s recently announced “Sign In with Apple” feature. From a report: In its letter, the organization said that Apple has built Sign In with Apple on top of the OpenID Connect platform, but the Cupertino company’s implementation is not fully compliant with the OpenID standard, and as a result “exposes users to greater security and privacy risks.” “The current set of differences between OpenID Connect and Sign In with Apple reduces the places where users can use Sign In with Apple and exposes them to greater security and privacy risks,” said Nat Sakimura, OpenID Foundation Chairman.

The OpenID Foundation published a list of differences between Sign In with Apple and the OpenID Connect platform, which Sakimura urged Apple to address. The OpenID exec said these differences place an unnecessary burden on developers working with both OpenID Connect and Sign In with Apple, who now have to support two different authentication standards and deal with each one’s quirks. “By closing the current gaps, Apple would be interoperable with widely-available OpenID Connect Relying Party software,” Sakimura said.

https://apple.slashdot.org/story/19/07/04/1356232/openid-foundation-says-sign-in-with-apple-is-not-secure-enough?utm_source=rss1.0mainlinkanon&utm_medium=feed

Have a comment? Type it below!