I dont think thats quite the same thing as an Identity Service, its just a component. In Microsoft's world im either using my Microsoft Account to sign in OR using throwaway email addresses, not both.
.
Apple can get way ahead of the competition by combining about 3 things.
1) Ephemeral email addresses
2) OAuth or apples equivalent tokens
3) Keychain autogenerate and auto-populate
If all those products are integrated correctly, this becomes the SINGLE sign on of single sign ons. If a service supports Apple OAuth, your name is hidden, and you only have one Apple password to remember. If the service doesnt support Apple Tokens, then apple fills in a private email address and a random password, and abstracts away the fact that the service doesnt support Apple Tokens. The user experience is nearly the same regardless. Tokens and randomly generated passwords should be managed from the same interface, allowing you to either revoke access (token) or cycle the key (both.)
I've felt it for a while, but the banking industry needs to arrive at something similar. Chase, BoA, WF, and Citi should turn Zelle into a banking OAuth Identity Service.
Why do users need to have a 3rd party managing their identity? It seems like it would be _safer_ if users could setup their own OAuth infra which would then be certified for use with other systems. For people who lack the expertise or will to roll their own infra then they can use something like Apple ID.
How many people do you know running Mastodon nodes instead of using twitter or facebook?
>For people who lack the expertise or will to roll their own infra then they can use something like Apple ID.
SO 99.9% of the population. It's a nice sentiment, but for what apple is doing to work (random username generation, and identity obfuscation) the only way for it to work is strength in numbers, that the Apple userbase of people who will only use frictionless sign in, becomes too big to ignore, and to tempting too left uncourted.
>It seems like it would be _safer_
Im not sure I would say safer. Depending on millions of people to keep their software up to date hasnt historically worked super well for Windows and Wordpress. One central authority patching all its services and 24/7 devops sounds a lot safer than trusting millions of self hosted OAuth servers to be up to date and not compromised. What percent of people who have non-self-updating home routers, do you think go in regularly and press the update firmware button?
.
Apple can get way ahead of the competition by combining about 3 things.
1) Ephemeral email addresses
2) OAuth or apples equivalent tokens
3) Keychain autogenerate and auto-populate
If all those products are integrated correctly, this becomes the SINGLE sign on of single sign ons. If a service supports Apple OAuth, your name is hidden, and you only have one Apple password to remember. If the service doesnt support Apple Tokens, then apple fills in a private email address and a random password, and abstracts away the fact that the service doesnt support Apple Tokens. The user experience is nearly the same regardless. Tokens and randomly generated passwords should be managed from the same interface, allowing you to either revoke access (token) or cycle the key (both.)
I've felt it for a while, but the banking industry needs to arrive at something similar. Chase, BoA, WF, and Citi should turn Zelle into a banking OAuth Identity Service.