As a result, you can post a photo to Facebook directly from the Photos app (or any number of third-party apps) or you can tweet from inside Safari and include a link to the page you're reading. You can even post something without opening any app as long as you include these accounts in the iOS Notification Center. Perhaps most important, you can manage what apps have access to your accounts just as you manage which ones can access your location or your photo library. These restrictions are set under Settings --> Privacy.
This is the foundation for enterprise single sign-on in iOS 7. Your enterprise account and its credentials are stored much like your Twitter or Facebook account info. You enter the information once and then simply allow other apps use it. And you can later revoke that access if you want.
This model is different from single sign-on on a PC or Mac, where you generally use your credentials to log in to a computer before you can use it. It's also different from how most mobile management systems tackle the issue. They usually require app developers to support a given provider's single sign-on mechanism and specific APIs or integrate them into a secure container using app-wrapping.
Apple's unique approach is something of an experiment -- and a gamble. It has enough of a consumer feel to it that some enterprise IT professionals may be reluctant to consider it. Apple may even find its new approach competing with established products on the market that use a more traditional model and support that model on Android devices (and potentially other mobile platforms).
That said, it's a solution that will almost certainly appeal to iPhone and iPad users. One complaint about container-based solutions that offer single sign-on across some, but not all, apps is that they feel limited to specific apps. Another is that it can be hard to discern which apps support single sign-on and other security features and which ones don't. That makes switching between them confusing.
Apple's approach will almost certainly feel more natural because the entire experience is based on the way people already use their iPhones and iPads.
The model is also likely to score some support with developers who want to offer a form of single sign-on but don't want to be forced to build support for multiple APIs into their apps. A single option created and supported by Apple could easily be a better option, particularly for commercial apps that will be used by many different business customers.
It's also worth noting that Apple itself doesn't really view containerization as an ideal approach to mobile security. That's because it divides the user experience rather than maintaining a consistent flow between work and personal apps and data. The company tackled that issue in iOS 7 with its new managed "open in" feature. That allows IT shops to restrict where data can go from a managed app by limiting the share or open in dialog within an app. It also limits the ability to copy text, images, or other content from within a managed app.
In doing so, Apple is taking some of the core elements of containerization and applying them in a more light-handed way. IT pros will be happy, as will developers. Best of all, end users get a healthy mix of security and the ease of use for which Apple is still known.
Ryan Faas is a freelance writer and technology consultant specializing in Mac and multiplatform network issues. He has been a Computerworld columnist since 2003 and is a frequent contributor to CITEworld.com. Faas is also the author of iPhone for Work (Apress, 2009). You can find out more about him at RyanFaas.com and follow him on Twitter ( @ryanfaas).
Read more about iOS in Computerworld's iOS Topic Center.