Interoperability doesn’t seem to be important to Apple, eg. Firewire, Thunderbolt (now available elsewhere but not ubiquitous), Lightning, etc. I don’t think that will be an argument that sways them.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
OpenID Foundation Claims 'Sign In with Apple' Could Expose Users to Security and Privacy Risks
- Thread starter MacRumors
- Start date
- Sort by reaction score
I laughed out loud when big Pharma testified before Congress they were worried about terrorists intercepting and tampering with medicine that Americans mail ordered from pharmacies in Canada. They painted scary images of ISIS poisoning millions of Americans who used to buy their prescription drugs for a fraction of the cost from Canada - it was just a pure coincidence that getting Congress to outlaw mail order prescriptions from Canada would generate billions of additional dollars in sales for the Pharma companies - they wanted that law past to protect consumers!!
ROTFLMAO.
USB-C, well you can get charging only cables, you can get USB3.1 cables, you can get Thunderbolt3 cables, all with identical plugs , all with different specs. And that's just on the Mac side. It gets worse from there, some that are only USB2, some that are only USB3, etc etc etc.
I would suggest that Apples implantation removes the ability of Microsoft, Google, PayPal etc etc to track users across the web and collect all that yummy meta data, googles life blood.
Just remember, although Macs had USB they also had technically superior firewire and then Thunderbolt.
Nonsense. The OpenID foundation is not a consortium, but grew out of an opensource project. OpenID Connect is an open and freely implementable framework, and apparently Apple has largely adopted it already.
The main differentiator for Apple's sign-in service aren't the underlying federation protocols, but their more privacy-focused policies such as not tracking user logins across sites etc., as well as the integration with their existing Apple ID authentication system. None of this is prevented by being fully compliant with OpenID Connect. On the other hand, it would make every developer's life easier.
Apple gets accused of lock-in all the time but I can (and have) exported Messages conversations and content out of the app. How is that lock-in?
They're scared and anyone who knows how this tech works (i.e., developers, security experts, etc) knows this is a cop-out.
PCs may have had USB first, but there was no system level driver support for it in Windows until AFTER Apple had made it popular and the number of peripherals had increased.
sorry Open ID but didn't you get the memo? Apple never does things normally with open standards. Proprietary is THE GAME. Stop whining. Just accept the fact that you've been dissed and ignored.
First, a privacy org that counts Google as one of its members makes me grin.
Second, OIDF’s gripe wreaks of an organization whose end is now plainly in sight. “Umm, excuse me. Sorry to bother, but you’re not playing by the rules we established in order to ensure we’re a profitable organization.”
Third, when your entire business model hinges on a “free tools in exchange for selling customer data to any- and everyone” approach you’re definitely not liking that people are [albeit slowly] starting to say “hey, wait a minute...”
Second, OIDF’s gripe wreaks of an organization whose end is now plainly in sight. “Umm, excuse me. Sorry to bother, but you’re not playing by the rules we established in order to ensure we’re a profitable organization.”
Third, when your entire business model hinges on a “free tools in exchange for selling customer data to any- and everyone” approach you’re definitely not liking that people are [albeit slowly] starting to say “hey, wait a minute...”
Nailed it. If I have to trust a company from the list it will be Apple.
Everyone who has used OpenID to sign into a website put your hands up.
Everyone who has never heard of OpenID before Apple offered an alternative they could whine about put your hands up.
.
.
.
.
.
.
.
OpenID is irrelevant and hasn’t gotten any traction. They’re whining because Apple will have wider adoption within weeks of launch than OpenID wasn’t able to achieve in years of trying.
Everyone who has never heard of OpenID before Apple offered an alternative they could whine about put your hands up.
.
.
.
.
.
.
.
OpenID is irrelevant and hasn’t gotten any traction. They’re whining because Apple will have wider adoption within weeks of launch than OpenID wasn’t able to achieve in years of trying.
Amazing how many people here haven’t bothered to learn what OpenID is before spouting off (and even getting upvotes by other people who haven’t bothered).
Companies like Google, Microsoft - and Apple for that matter - provide financial support to lots of independent software projects which they deem important. A big one you may have heard of is the Apache Foundation, which offers (among other things) the most popular web server on earth. Sometimes they do so even if it’s competitive with their own products, often because they want to make sure things stay interoperable. But it doesn’t mean those projects are in the pocket of Google, or Microsoft, or Apple.
Heck, Facebook is a Gold Sponsor of OpenBSD... if you know anything about OpenBSD at all, you know they aren’t in anyone’s pocket.
Companies like Google, Microsoft - and Apple for that matter - provide financial support to lots of independent software projects which they deem important. A big one you may have heard of is the Apache Foundation, which offers (among other things) the most popular web server on earth. Sometimes they do so even if it’s competitive with their own products, often because they want to make sure things stay interoperable. But it doesn’t mean those projects are in the pocket of Google, or Microsoft, or Apple.
Heck, Facebook is a Gold Sponsor of OpenBSD... if you know anything about OpenBSD at all, you know they aren’t in anyone’s pocket.
Interesting you say developers are concerned yet a major developer site (Stackoverflow) stopped using it.
https://meta.stackexchange.com/questions/307647/support-for-openid-ended-on-july-25-2018
Stop the Madness !!!!!
At WWDC 2019 earlier this month, Apple announced Sign In with Apple, a new privacy-focused login feature that will allow macOS Catalina and iOS 13 users to sign into third-party apps and websites using their Apple ID.
The feature has been largely welcomed as a more secure alternative to similar sign-in services offered by Facebook, Google, and Twitter, since it authenticates the user with Face ID or Touch ID, and doesn't send personal information to app and website developers.
However the implementation of Sign In with Apple has now been questioned by the OpenID Foundation (OIDF), a non-profit organization whose members include Google, Microsoft, PayPal, and others.
In an open letter to Apple software chief Craig Federighi, the foundation praised Apple's authentication feature for having "largely adopted" OpenID Connect, a standardized protocol used by many existing sign-in platforms that lets developers authenticate users across websites and apps without them having to use separate passwords.
Yet it cautioned that several differences remain between OpenID Connect and Sign In with Apple that could potentially put users' security and privacy in jeopardy.
To remedy the situation, the foundation asked Apple to address the differences between Sign In with Apple and OpenID Connect, which have been recorded in a document managed by the OIDF certification team.
It also invited the company to use OpenID's suite of certification tests to improve the interoperability of the two platforms, publicly state their compatibility, and join the OpenID Foundation.
Shortly after unveiling Sign In with Apple, the tech giant told developers that if an app lets users log in using their Facebook or Google logins, then it must also provide an alternative Sign In with Apple option.
The company then raised some eyebrows when it emerged that its updated Human Interface Guidelines asked app developers to place its authentication feature above other rival third-party sign-in options wherever they appeared.
(Thanks, Jonathan!)
Article Link: OpenID Foundation Claims 'Sign In with Apple' Could Expose Users to Security and Privacy Risks
[doublepost=1561931775][/doublepost]Stop the Madness
Just because you don’t realize that you’re a regular user of OpenID doesn’t mean you aren’t. It was advertised as OpenID a long time ago, but nowadays, you just get asked to login with an account from a list of providers, like Google or Facebook.
It can also be used to login to Windows Server 2016 or later. It’s an open protocol used for authentication and authorization.
I’ve only started writing software that uses it this year, so my API experience is limited, but it’s at least clear that people in this thread are jumping to conclusions based on the names involved.
I’ll rephrase. It’s more like a “successful” product that’s also a “failure”. Successful in that it has a lot of users, a failure in that it’s not widespread or used by enough people/sites to make it ubiquitous.
"However the implementation of Sign In with Apple has now been questioned by the OpenID Foundation (OIDF), a non-profit organization whose members include Google, Microsoft, PayPal, and others."
That sentence tells me all I need to hear. I'll take my chances with Sign in with Apple.
OpenID is not a product.
And this claim is based on what exactly? FYI, here's a list of certified OpenID providers and the implementations they use:
https://openid.net/certification/
Because everybody necessarily uses what’s app for communicating outside the Apple ecosystem.
This organization seems sketchy for being non profit and supported by Google, no thanks !