June 27, 2019
Mr. Craig Federighi
Apple Senior Vice President of Software Engineering
One Apple Park Way
Cupertino, CA 95014
RE: Open Letter from the OpenID Foundation to Apple Regarding Sign In with Apple
Dear Mr. Federighi,
The OpenID Foundation applauds Apple’s efforts to allow users to login to third-party mobile and Web applications with their Apple ID using OpenID Connect.
Over the course of the last decade, OpenID Connect was developed by a large number of companies and industry experts within the OpenID Foundation (OIDF). OpenID Connect is a modern, widely-adopted identity protocol built on OAuth 2.0 that enables third-party login to applications in a standard way.
It appears Apple has largely adopted OpenID Connect for their Sign In with Apple implementation offering, or at least has intended to. Known differences between the two are tracked in a document managed by the OIDF certification team, found here: https://bitbucket.org/openid/connect/src/master/How-Sign-in-with-Apple-differs-from-OpenID-Connect.md.
The current set of differences between OpenID Connect and Sign In with Apple reduces the places where users can use Sign In with Apple and exposes them to greater security and privacy risks. It also places an unnecessary burden on developers of both OpenID Connect and Sign In with Apple. By closing the current gaps, Apple would be interoperable with widely-available OpenID Connect Relying Party software. Therefore the OpenID Foundation invites Apple to:
The OpenID Foundation and the community at large would appreciate Apple’s feedback. Thank you for your consideration.
Regards,
Nat Sakimura
OpenID Foundation Chairman
On behalf of the Board of Directors of the OpenID Foundation
© Copyright | OpenID Foundation | All Rights Reserved l Read our Privacy Policy
Adjust Cookie Setting
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.