Non-profit organization OpenID Foundation, that controls numerous universal sign-in platforms including PayPal and Google using its OpenID Connect platform, has questioned the security and privacy risks associated with Apple’s recently announced Sign In with Apple platform in a public letter to Apple SVP Craig Federighi (via 9to5Mac).
For those who don’t know, Apple unveiled a new Sign in with Apple button for users to create new logins on websites and apps at its annual WWDC event last month, giving users an alternative to sign-in platforms from Facebook and Google.
In its letter, the foundation points out the differences between Sign In with Apple and OpenID Connect, and argues that they limit the places customers can use Sign In with Apple which poses security and privacy risks. The foundation has also called on Apple to close the gaps between the two platforms while extending an invite to join the OpenID Foundation:
The current set of differences between OpenID Connect and Sign In with Apple reduces the places where users can use Sign In with Apple and exposes them to greater security and privacy risks. It also places an unnecessary burden on developers of both OpenID Connect and Sign In with Apple. By closing the current gaps, Apple would be interoperable with widely-available OpenID Connect Relying Party software.
You can read more about the differences highlighted by the OpenID Foundation between OpenID Connect and Apple’s platform at this link.