Skip to content
Back Home

The Internet Identity Layer

The Internet Identity Layer

  • Membership
  • OpenID Foundation
    • Membership Benefits & Join
    • About Us
    • Sponsoring Members
    • Leadership
    • Intellectual Property
    • Presentations & Videos
    • OpenID Foundation Policies
    • OpenID Foundation Calendar
    • Chapters
    • Contact
    • Member Sign-in
  • Intellectual Property
    • OpenID IPR Policy, Contribution Agreement and Process Document
    • Executed Contribution Agreements
    • Software Grant and Contribution License Agreement
    • OpenID Foundation Policies
    • OpenID® Copyright License
    • OpenID® Logo Guidelines
  • Current Working Groups
    • How do working groups work?
    • AB/Connect Working Group
    • eKYC & Identity Assurance WG
    • Enhanced Authentication Profile (EAP) Working Group
    • Fast Federation (FastFed) WG
    • Financial-grade API (FAPI) WG
    • HEART (Health Relationship Trust) WG
    • International Government Assurance Profile (iGov) WG
    • MODRNA (Mobile Operator Discovery, Registration & autheNticAtion) WG
    • Research & Education (R&E) WG
    • Shared Signals and Events WG
  • Specs & Dev Info
    • Specifications
    • Libraries, Products, and Tools
    • Libraries for Obsolete Specifications
  • OpenID® Certification
    • OpenID Certification Frequently Asked Questions (FAQ)
    • OpenID Certification Instructions
    • OpenID Certification Fee Schedule
    • OpenID Certified Mark
    • Featured Certified Implementations for Developers
  • Resources
    • OpenID Connect FAQ and Q&As
    • Learn More About Open Banking & Financial-grade API (FAPI)
  • Workshops
    • OIDF Virtual Workshop – October 28, 2020
    • OIDF Virtual Workshop – May 21, 2020
    • OpenID Foundation and the UK Open Banking Implementation Entity Conformance and Certification Workshop — April 27, 2020
    • OIDF Workshop at Verizon Media – September 30, 2019
    • OIDF Workshop at 2019 European Identity Conference – May 14, 2019
    • OIDF Workshop at Verizon Media – April 29, 2019
    • OIDF Workshop at VMware – October 22, 2018
    • OIDF Workshop at EIC 2018 – May 15, 2018
    • OIDF Workshop at Oracle – April 2, 2018
    • Open Banking Workshop Hosted by OpenID Foundation and Open Identity Exchange – March 21, 2018
    • OIDF’s RISC Work Group Data Sharing Agreement Workshop – January 31, 2018
    • Open Banking Workshop Hosted by OpenID Foundation and Open Identity Exchange – January 30, 2018
    • OpenID Foundation & Open Banking Workshop: The Implications for the Banking Industry – November 6, 2017
    • OIDF Workshop at PayPal – October 16, 2017
Home » Certification Team » Thank You Too Apple

Thank You Too Apple

This entry was posted in Certification Team OpenID Connect and tagged Apple compliance hans zandbelt sign in with apple on October 22, 2019 by Mike Leszcz

As the technical lead of the OpenID Foundation Certification Team, I’d like to add a few comments to the open letter that OpenID Foundation Chairman, Nat Sakimura wrote to Apple (https://openid.net/2019/09/30/apple-successfully-implements-openid-connect-with-sign-in-with-apple/). Nat thanks Apple for their recent efforts to make “Sign In with Apple” compliant with the OpenID Connect standard. The OpenID Foundation has always been developer-focused. The widespread adoption of OpenID Connect is an example of a standards development process that incorporates input from engineers and architects worldwide and across industry use cases. It’s an organic and painstaking process that results in open standards with global adoption with a self certification option.

My take is from the viewpoint of developers: imagine a developer of a mobile app or a web application that requires users to sign in with their Apple account. As of last month there are literally dozens of implementations of OpenID Connect Relying Party functionality available that one can leverage today. Moreover, whether you want to leverage Sign in with Apple, Google Sign In, Microsoft Live, Microsoft Azure AD, Paypal or many others, you can do so with the very same Relying Party software implementation. There are still a few confused identity providers out there – I’m looking at you Facebook – but my guess is that in due time they will follow Apple’s example.

This means that developers do not have to write and maintain their own SSO integration to use Sign in with Apple. Today developers can leverage existing libraries and plugins that have been around for years and that are stable, mature and secure.Imagine that “Sign In with Apple” wasn’t OpenID Connect compliant. The same Relying Party software eco-system would have to be developed for Sign In with Apple, in parallel to the existing OpenID Connect Relying Party software eco-system. It would be a huge waste of time and resources since at the end of the day they solve exactly the same problem! Consider this: the development of programming language support, platform support, library support, bug fixing, security incident handling, protocol improvements, software packaging, software bundling, incorporation of new web developments, etc. Everything would have to be done twice. Valuable time and effort would be diluted by dividing them across two solutions for the same thing that exist in parallel.

Hence I want to thank Apple too, now on behalf of the developer community at large. We can spend time on more important problems like privacy, security and ease of use. We can optimize efforts to make identity software simpler and more secure by supporting OpenID Connect as the open, global SSO standard to build on in the future.
 

Hans Zandbelt – OpenID Foundation’s Certification Team Lead

 
 
About the Author

Hans Zandbelt is CTO at ZmartZone IAM. He holds an MSc. degree in Computer Science, Tele-Informatics and Open Systems from Twente University (1993). He has over 25 years of experience as a technical leader in research and innovation projects on digital identity. In 2007 he joined SURFnet as the founding father, architect and technical product manager of SURFfederatie, the national infrastructure for federated Single Sign-On for the research- and higher education community in the Netherlands. In 2011 he joined Ping Identity as an expert on Single Sign-On, cloud Identity & Access Management and large scale deployment of federation technology, representing the CTO Office in Europe. In 2017 he founded ZmartZone IAM to provide Identity & Access Management consultancy, to contribute to modern open IAM standards and to offer open source solutions implementing those. He is the technical team leader of the Certification Team within the OpenID Foundation.

Post navigation

  • ← Guest Blog: Implementing App-to-App Authorisation in OAuth2/OpenID Connect
  • Notice of Vote for Implementer’s Draft of OpenID Connect for Identity Assurance Specification →

News Archives

Categories

Recent Posts

  • “Exploring Financial-grade API (FAPI) with Torsten” Podcast is Live
  • OpenID Financial-grade API (FAPI) Conformance Tests Now Available for Australian Consumer Data Rights Participants & Push Authorization Requests (PAR)
  • Update on OpenID Foundation Leadership Transition
  • First Implementer’s Drafts of Three FastFed Specifications Approved
  • Second Implementer’s Draft of OpenID Connect User Questioning API Specification Approved

Tags

adoption board election board elections Certification certification program CIBA developers Don Thibeau election events FAPI FAPI-CIBA FastFed federation Final Specification Financial-grade API Foundation google government HEART Identity Assurance iGov Implementer's Draft MODRNA Nat Sakimura oidf OIDF workshop open banking open banking implementation entity openid openid certification program OpenID Connect openid foundation Public Review RISC security spec specification summit usability user experience vote working groups working group updates workshop

· © 2021 OpenID · Powered by · Designed with the Customizr theme ·

This website uses cookies to allow us to provide you the best experience while visiting our website. By continuing to use the site, you are agreeing to our use of cookies.
You can change your cookie settings at any time but if you do, you may lose some functionality. More information may be found in our Privacy Policy.
Confirm