05 August 2019
Apple had a lot to announce at WWDC 2019 event and among them, it took wraps off a new online sign-in option called Sign in with Apple. It is a sign-in method aimed at making it easier for users to maintain their privacy while using websites and services online. Apple was even applauded for the offering but now, OpenID Foundation has warned about critical security flaws.
The foundation has written an open letter to Apple mentioning that the latter's sign-in solution seems to be quite similar to the OpenID Connect standard. It says that the current set of differences between the two methods means Sign in with Apple works with a significantly reduced number of websites.
It has also been added that this could lead to a number of security and privacy risks. The letter does not go into details about exactly what kind of risks thee are and in what way they will affect users. But it has listed a few ways that Apple can work on eliminating these risks as well as increase the number of websites compatible with its sign-in method.
- Address the gaps between Sign In with Apple and OpenID Connect based on the feedback.
- Use the OpenID Connect Self Certification Test Suite to improve the interoperability and security of Sign In with Apple.
- Publicly state that Sign In with Apple is compatible and interoperable with widely-available OpenID Connect Relying Party software.
- Join the OpenID Foundation.
It is quite clear that the foundation members want Apple to join them too. As expected, Apple is yet to offer any official statement or any kind of reply to the open letter. We will be keeping you updated as and when it will happen.