Great Debate: Apple needs to get off its island

Summary:ZDNet debate concludes Touch ID is not a game-changer

Update at 12:17 pm PDT with patch for Touch ID flaw

Apple's new Touch ID fingerprint reader sure has garnered a lot of comment given that today is the first day people can actually get their fingers on it.

While there is buzz, I successfully argued during this week's ZDNet Great Debate that there isn't significant game-changing appeal.

Biometrics are a slight improvement over usernames and passwords, but Touch ID is a proprietary Apple technology closed off from the rest of the authentication world.

That's Apple's MO. Look no further than iTunes and the App Store to see that Apple prefers the comfortable confines of its own temple. Apple's model is hardware and software in combination.

A connected cloud-based world, however, demands cross-domain, cross-device authentication and Apple can't see past its own screen.

My debate colleague David Braue argued that Touch ID is the first step in a long-term plan (SDK, multi-Apple device) and laid out all the potential integration points to come as Touch ID matures. Of course, none of that is confirmed by Apple, but deduced from prior art.

But enterprise IT can't build a strategy on speculation. It can't wait around for Apple to decide, and dictate, the course of action.

Today, the authentication and identity and access management game is changing fast. Vendors are multiplying, technologies are emerging (OpenID Connect) and maturing (two-factor authentication), interoperability tests are common, and standards are getting implemented (even one for provisioning!).

Waiting for Apple to build out its dream rests on the notion that once realized it will be nirvana; and that the rest of the tech world won't have budged in that 16-24 month period. In fact, Apple has already patched a fingerprint reader flaw in iOS7.

To wit, Apple's long-term authentication plan already has one slip. Touch ID was supposed to be spiced with iOS7's iCloud Keychain, a password management tool that fell out of the OS release.

The iCloud Keychain highlights Apple's mentality, a password vault - ala LastPass and others - for Safari, which has so far been walled off from those other password vault vendors in order to save the real estate for Apple's own authentication dreams.

The iCloud Keychain slip and deployment model doesn't instill confidence everything else tied to Touch ID's future will come in on time, be interoperable, and with spit and polish.

Apple wants to own the customer and that mentality won't work with current enterprise federated authentication ideals. And it didn't work with consumers when Microsoft tried it with Passport.

Regardless of how deep Touch ID's security may go, if Apple creates its own authentication environment it will alienate the enterprise - and consumers.

IT would have to build and support two identity infrastructures. One that adheres to Apple's strategy, and one that adheres to what the rest of the world is doing.

Value is the ultimate barometer and a split environment is of no value to anyone.

Apple needs to get off its island.

Topics: Apple, iOS, Security

About

John Fontana is a journalist focusing on access control, identity, privacy and security issues. Currently, he is the Identity Evangelist for strong authentication vendor Yubico, where he writes and edits a blog, as well as, directs several social media channels and represents Yubico at the FIDO Alliance. Prior to Yubico, John spent five y... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.