Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Web技術の基本 4回目 / Introduction to Web technologies 4th class

muttan
January 18, 2018

Web技術の基本 4回目 / Introduction to Web technologies 4th class

muttan

January 18, 2018
Tweet

More Decks by muttan

Other Decks in Technology

Transcript

  1. Webٕज़ͷجຊ 4ճ໨
    Keisuke KAMIYA

    View full-size slide

  2. ࠓճͷςʔϚ

    View full-size slide

  3. HTTPͰ΍ΓऔΓ͢Δ࢓૊Έ
    - ޙ൒ઓ -

    View full-size slide

  4. HTTPͷ͓͞Β͍

    View full-size slide

  5. HTTP/1.1ͷ෮श

    View full-size slide

  6. HTTP/1.1ͷ΍ΓͱΓʢ෮शʣ
    • HTTP/1.1͸1997೥ॳ಄ʹެ։͞Εͨ
    • ࠓ·Ͱʹ2౓վఆ͞Ε͍ͯΔ
    ‣ 1999೥1݄ʹൃߦ͞ΕͨRFC2616
    ‣ 2014೥6݄ʹൃߦ͞ΕͨRFC7230
    • HTTP/1.1ͷओͳಛ௃͸࣍ͷ௨Γ
    ‣ HTTPΩʔϓΞϥΠϒ
    ‣ HTTPύΠϓϥΠϯ
    ໰ɿ2ͭͷػೳͱ͸ԿͩͬͨͰ͠ΐ͏͔

    View full-size slide

  7. HTTP/1.1ͷ΍ΓͱΓʢ෮शʣ
    • HTTPΩʔϓΞϥΠϒ

    ίωΫγϣϯΛܧଓͯ͠ར༻͢Δ͜ͱ
    ‣ HTTP/1.0ҎલͰ͸, HTTPϦΫΤετΛ͢Δͨͼʹί
    ωΫγϣϯཱ֬Λ͍ͯͨ͠ʢ1౓௨৴ͨ͠Βͦͷͨͼ
    ʹίωΫγϣϯΛΫϩʔζ͍ͯͨ͠ʣ
    ‣ ඇৗʹޮ཰͕ѱ͍

    View full-size slide

  8. HTTP/1.1ͷ΍ΓͱΓʢ෮शʣ
    • HTTPΩʔϓΞϥΠϒ

    ͦͷͨΊ, HTTP/1.1Ҏ߱Ͱ͸ίωΫγϣϯΛܧଓͯ͠ར༻͢Δ͜ͱ͕Մ
    ೳʹͳͬͨ.
    ίωΫγϣϯཱ֬
    ϦΫΤετ
    Ϩεϙϯε
    ίωΫγϣϯ੾அ
    ίωΫγϣϯཱ֬
    ϦΫΤετ
    Ϩεϙϯε
    ίωΫγϣϯ੾அ
    ίωΫγϣϯཱ֬
    ϦΫΤετ
    Ϩεϙϯε
    ϦΫΤετ
    Ϩεϙϯε
    ίωΫγϣϯ੾அ
    ඇHTTPΩʔϓΞϥΠϒ HTTPΩʔϓΞϥΠϒ

    View full-size slide

  9. HTTP/1.1ͷ΍ΓͱΓʢ෮शʣ
    • HTTPύΠϓϥΠϯ
    ‣ HTTP͸, ௨ৗHTTPϨεϙϯεΛड͚औͬͨ͋ͱ࣍ͷ
    ϦΫΤετΛൃߦ͢Δ
    ‣ ωοτϫʔΫͷঢ়ଶʹΑͬͯ͸, ஶ͍͠஗Ԇ͕ൃੜ
    → HTTPϨεϙϯεΛ଴ͭ͜ͱແ͘, ෳ਺ͷHTTPϦΫ
    ΤετΛૹ৴͢Δ͜ͱΛՄೳʹ͢ΔػೳΛHTTPύ
    ΠϓϥΠϯͱ͍͏

    View full-size slide

  10. HTTP/1.1ͷ΍ΓͱΓʢ෮शʣ
    • HTTPύΠϓϥΠϯ
    ίωΫγϣϯཱ֬
    ϦΫΤετ
    Ϩεϙϯε
    ϦΫΤετ
    Ϩεϙϯε
    ίωΫγϣϯ੾அ
    ίωΫγϣϯཱ֬
    ίωΫγϣϯ੾அ
    ϦΫΤετ
    Ϩεϙϯε
    ϦΫΤετ
    Ϩεϙϯε
    ϨεϙϯεΛ଴ͨͣʹ

    ϦΫΤετΛૹ৴͢Δ
    HTTP/1.0Ҏલ HTTP/1.1Ҏ߱
    ࣌ؒ୹ॖ

    View full-size slide

  11. HTTP/2ͷ෮श

    View full-size slide

  12. HTTP/2ͷ΍ΓͱΓ
    • ࣌୅ͱڞʹWebϖʔδ͸ෳࡶԽ͍͖ͯ͠, ը૾αΠζ΍
    εΫϦϓταΠζ͕େ͖͘ͳ͍ͬͯͬͨ
    • HTTP/1.1ͰύΠϓϥΠϯػೳ͕௥Ճ͞Ε, ଟ͘ͷσʔλ
    Λޮ཰తʹసૹ͢Δ͜ͱ͕Մೳʹͳͬͨ΋ͷͷ, ύΠϓ
    ϥΠϯػೳ͸େ͖ͳΦʔόʔϔουʹͳΔ
    ‣ ৽ͨͳόʔδϣϯͰ͋ΔHTTP/2͕ఏҊ͞Εͨ

    View full-size slide

  13. HTTP/2ͷ΍ΓͱΓ
    • HTTP/2

    Googleͷ։ൃͨ͠, ௨৴ͷߴ଎ԽΛ໨తͱ࣮ͨ͠ݧతͳ
    ϓϩτίϧSPDYͱ͍͏ϓϩτίϧΛϕʔεʹ࡞੒ͨ͠ϓ
    ϩτίϧ. 2015೥ͷ5݄ʹਖ਼ࣜͳඪ४Խ͕ͳ͞Εͨ
    • ࣍ͷΑ͏ͳಛ௃͕͋Δ
    ‣ ετϦʔϜʹΑΔଟॏԽ
    ‣ όΠφϦܗࣜͰૹΔ͜ͱͰߋͳΔ࠷దԽ͕Մೳ
    ‣ ϔομʔͷѹॖ
    ‣ αʔόϓογϡ

    View full-size slide

  14. HTTP/2ͷ΍ΓͱΓʢετϦʔϜʹΑΔଟॏԽʣ
    • ετϦʔϜʹΑΔଟॏԽ
    ‣ HTTP/1.0Ҏલ

    HTTPϦΫΤετ͸, HTTPϨεϙϯεΛ଴ͬͨޙʹૹ৴
    ՄೳͱͳΔ
    ‣ HTTP/1.1

    ύΠϓϥΠϯʹΑΓ, ಉ࣌ʹෳ਺ͷϦΫΤετΛૹ৴͢
    Δ͜ͱ͕Մೳʹͳͬͨ
    → ʮHTTPϦΫΤετͷॱ൪ͰϨεϙϯεΛฦ͢ʯͱ͍
    ͏੍໿͕͍͍ͭͯͨ

    View full-size slide

  15. HTTP/2ͷ΍ΓͱΓʢετϦʔϜʹΑΔଟॏԽʣ
    • Webϒϥ΢β͔Βෳ਺ͷϦΫΤετ͕ඈΜͰ͖ͯ΋, ͋
    Δ1ͭͷHTTPϨεϙϯεͷॲཧʹ͕͔͔࣌ؒΔ৔߹, શ
    ͯͷϨεϙϯελΠϜ͕૿Ճ͢Δͱ͍͏໰୊఺͕͋ͬͨ
    ‣ ͜ͷ໰୊Λղܾ͢ΔͨΊ, 1ͭͷ઀ଓ্ʹετϦʔϜ
    ͱݺ͹ΕΔԾ૝తͳ૒ํ޲γʔέϯεΛ࡞ͬͯରࡦ

    View full-size slide

  16. HTTP/2ͷ΍ΓͱΓʢετϦʔϜʹΑΔଟॏԽʣ
    HTTP/2઀ଓʢ1ίωΫγϣϯʣ
    ετϦʔϜᶃ
    ετϦʔϜᶄ
    ετϦʔϜᶅ
    ετϦʔϜᶆ
    ϦΫΤετ
    Ϩεϙϯε
    ϦΫΤετ
    Ϩεϙϯε
    ϦΫΤετ
    Ϩεϙϯε
    ϦΫΤετ
    Ϩεϙϯε

    View full-size slide

  17. HTTP/2ͷ΍ΓͱΓʢετϦʔϜʹΑΔଟॏԽʣ
    ϦΫΤετᶃ
    Ϩεϙϯεᶃ
    Ϩεϙϯεᶄ
    HTTPύΠϓϥΠϯ ετϦʔϜʹΑΔଟॏԽ
    ࣌ؒ୹ॖ
    ϦΫΤετᶄ
    ϦΫΤετᶅ
    ॲཧ଴ͪ
    Ϩεϙϯεᶅ
    ϦΫΤετᶃ
    ϦΫΤετᶄ
    ϦΫΤετᶅ
    Ϩεϙϯεᶃ
    Ϩεϙϯεᶄ
    Ϩεϙϯεᶅ
    ϦΫΤετͷॱ൪Ͱ

    ϨεϙϯεΛฦ͢ඞཁ͋Γ
    ετϦʔϜ͕ҟͳΕ͹ 

    Ϩεϙϯεͷॱ൪͸

    ੍ݶ͞Εͳ͍
    ෮श͓ΘΓ

    View full-size slide

  18. ໨࣍
    9. HTTP/2Ͱͷվྑ఺
    10.HTTPSͷ࢓૊Έ
    11.HTTPSͷ΍ΓͱΓ
    12.εςʔτϑϧͱεςʔτϨε
    13.Cookie
    14.ηογϣϯ
    15.URI

    View full-size slide

  19. ໨࣍
    9. HTTP/2Ͱͷվྑ఺
    10.HTTPSͷ࢓૊Έ
    11.HTTPSͷ΍ΓͱΓ
    12.εςʔτϑϧͱεςʔτϨε
    13.Cookie
    14.ηογϣϯ
    15.URI

    View full-size slide

  20. HTTP/2ͷ΍ΓͱΓ
    • HTTP/2ͷಛ௃
    ‣ ετϦʔϜʹΑΔଟॏԽ
    ‣ όΠφϦܗࣜͰૹΔ͜ͱͰߋͳΔ࠷దԽ͕Մೳ
    ‣ ϔομʔͷѹॖ
    ‣ αʔόϓογϡ
    ࠓճ͸ͪ͜Βͷ಺༰

    View full-size slide

  21. όΠφϦܗࣜͷར༻

    View full-size slide

  22. HTTP/2Ͱͷվྑ఺ʢόΠφϦܗࣜͷར༻ʣ
    • HTTP/1.1ҎલͰ͸, HTTPϦΫΤετ΍HTTPϨεϙϯε
    ͸ςΩετܗࣜͷϑΥʔϚοτͰૹ͍ͬͯͨ
    ‣ όΠφϦܗࣜͷ΄͏͕, ࠷దԽΛ͔͚΍͍͢ʢαΠζ
    ͕ݮগ͢Δʣ
    ‣ όΠφϦσʔλΛૹ৴͢Δ৔߹, Ұ౓ςΩετܗࣜʹ
    ม׵͢Δඞཁ͕ແ͍ͨΊ, ॲཧ͕࣌ؒૣ͘ͳΔ
    ‣ ղੳ͕γϯϓϧ

    View full-size slide

  23. HTTP/2Ͱͷվྑ఺ʢόΠφϦܗࣜͷར༻ʣ
    • HTTP/1.1ҎલͰ͸, શͯͷσʔλ͕ςΩετܗࣜͰಉ࣌
    ʹૹΒΕ͍ͯͨ
    ‣ HTTP/2Ͱ͸, όΠφϦϑϨʔϜͱݺ͹ΕΔ୯Ґʹ෼ׂ
    ͞Εૹ৴͞ΕΔ
    )PTUFYBNQMFDPN
    $POUFOU5ZQFJNBHFKQFH
    6TFS"HFOU.P[JMMB
    .FTTBHF
    1045VQMPBE)551
    .FTTBHF
    NFUIPE1045
    TDIFNFIUUQT
    BVUIPSJUZFYBNQMFDPN
    QBUIVQMPBE
    DPOUFOUUZQFJNBHFKQFH
    VTFSBHFOU.P[JMMB
    HTTPϦΫΤετʢςΩετσʔλʣ
    HEADERSϑϨʔϜʢόΠφϦσʔλʣ
    DATAϑϨʔϜʢόΠφϦσʔλʣ

    View full-size slide

  24. ϔομʔѹॖ

    View full-size slide

  25. HTTP/2Ͱͷվྑ఺ʢϔομʔѹॖʣ
    • HTTP͸εςʔτϨεͳϓϩτίϧͳͷͰ, ඞཁͳ৘ใ͸
    ຖ౓ૹΔඞཁ͕͋Δ
    ‣ Ұ౓ૹͬͨ৘ใΛ࠶ͼૹΔඞཁ͕͋Γ, ৑௕
    - ϒϥ΢βͷछྨ, WebαʔόͷόʔδϣϯͳͲ
    • HTTP/1.xͰ͸, ͜ͷσʔλ͕ϓϨʔϯςΩετͰૹ৴͞
    Ε͓ͯΓ, సૹ1ճ͋ͨΓ500ʙ800όΠτ΄Ͳ͔͔Δ
    ‣ ΑΖ͍͠ͳΒ͹ѹॖͩ

    View full-size slide

  26. HTTP/2Ͱͷվྑ఺ʢϔομʔѹॖʣ
    • HTTP/2Ͱ͸, ϔομʔ৘ใͷࠩ෼͚ͩΛૹ৴͢Δ
    HPACKͱ͍͏ѹॖํࣜΛར༻͍ͯ͠Δ
    NFUIPE(&5
    TDIFNFIUUQT
    BVUIPSJUZFYBNQMFDPN
    QBUIJOEFYIUNM
    DPOUFOUUZQFUFYUIUNM
    VTFSBHFOU.P[JMMB
    NFUIPE(&5
    TDIFNFIUUQT
    BVUIPSJUZFYBNQMFDPN
    QBUIJNBHFKQH
    DPOUFOUUZQFJNBHFKQFH
    VTFSBHFOU.P[JMMB
    1ճ໨ͷHTTPϦΫΤετ 2ճ໨ͷHTTPϦΫΤετ
    ͜ͷ෦෼ͷΈૹ৴

    View full-size slide

  27. HTTP/2Ͱͷվྑ఺ʢϔομʔѹॖʣ
    • ૹ৴ଆड৴ଆͰςʔϒϧΛ࣋ͭ
    ‣ ੩తςʔϒϧͱಈతςʔϒϧΛ࣋ͭ
    ‣ มߋΛه࿥͍ͯ͘͠Πϝʔδ
    • Ҏલʹग़ݱͨ͠σʔλʹؔͯ͠͸, ͦͷςʔϒϧͷΠϯ
    σοΫεΛૹΔ͜ͱͰσʔλྔΛ࡟ݮ
    • సૹ͞ΕΔσʔλʢมߋ͕͋ͬͨσʔλʣ͸, ϋϑϚϯ
    ූ߸Խ͞Εͯૹ৴͞ΕΔ

    View full-size slide

  28. HTTP/2Ͱͷվྑ఺ʢϔομʔѹॖʣ
    • ಈతςʔϒϧ(Dynamic Table)

    લճૹ৴ͨ͠ϔομʔ໊ͱ஋ͷϖΞΛΠϯσοΫεԽͨ͠
    Ϧετ
    • ੩తςʔϒϧ(Static Table)

    ૹ৴͞ΕΔස౓ͷߴ͍ϔομʔ໊ͱ஋ͷϖΞ. ΫϥΠΞϯτ
    ͱαʔόͷ྆ํͰอ࣋͞Ε͓ͯΓ, ૹ৴͢Δϔομʹςʔϒ
    ϧͷ಺༰ؚ͕·Ε͍ͯΔ৔߹͸, ΠϯσοΫεΛૹ৴͢Δ
    • ͔ͭͯ͸Reference setͱݴ͏΋ͷ͕͋Γ·ͯ͠…

    View full-size slide

  29. HTTP/2Ͱͷվྑ఺ʢϔομʔѹॖʣ
    NFUIPE(&5
    TDIFNFIUUQT
    BVUIPSJUZFYBNQMFDPN
    QBUI
    DPOUFOUUZQFUFYUIUNM
    VTFSBHFOU.P[JMMB
    1ճ໨ͷHTTPϦΫΤετ Reference set
    JE ϔομʔ໊ ஋
    NFUIPE (&5
    TDIFNF )5514
    QBUI
    BVUIPSJUZ
    Static table
    ᶃࠩ෼֬ೝ
    ᶄݕࡧ


    FYBNQMFDPN

    DPOUFOUUZQFUFYUIUNM
    VTFSBHFOU.P[JMMB
    ᶅΤϯίʔυ

    View full-size slide

  30. HTTP/2Ͱͷվྑ఺ʢϔομʔѹॖʣ
    NFUIPE(&5
    TDIFNFIUUQT
    BVUIPSJUZFYBNQMFDPN
    QBUIIPHFIUNM
    DPOUFOUUZQFUFYUIUNM
    VTFSBHFOU.P[JMMB
    1ճ໨ͷHTTPϦΫΤετ Reference set
    JE ϔομʔ໊ ஋
    NFUIPE (&5
    TDIFNF )5514
    QBUI
    BVUIPSJUZ
    Static table
    ᶃࠩ෼֬ೝ
    ᶄݕࡧ
    IPHFIUNM
    ᶅΤϯίʔυ
    : method GET
    : scheme https
    : authority example.com
    : path /
    content-type text/html
    user-agent Mozilla/5.0
    ݱࡏ͸Reference set͸࢓༷͔Β࡟আ͞Ε͍ͯΔ
    →ڞ༗͕େม, ॲཧ͕൥ࡶ

    View full-size slide

  31. αʔόϓογϡ

    View full-size slide

  32. HTTP/2Ͱͷվྑ఺ʢαʔόʔϓογϡʣ
    • HTTPϦΫΤετͷ಺༰Λجʹ, WebαʔόଆͰඞཁͳ
    ϑΝΠϧΛ൑அ͠, ࣄલʹWebϒϥ΢βʹૹ৴͢Δ
    ‣ HTML಺ʹը૾͕ຒΊࠐ·Ε͍ͯͨ৔߹, Webϒϥ΢
    β͔Βը૾ͷϦΫΤετΛड͚ͳͯ͘΋, ࣄલʹը૾
    σʔλΛసૹ͢Δࣄ͕Մೳ

    View full-size slide

  33. HTTP/2Ͱͷվྑ఺ʢαʔόʔϓογϡʣ
    HTTPϦΫΤετ
    JOEFYIUNMΛ͍ͩ͘͞
    αʔόʔϓογϡᶃ
    αʔόʔϓογϡᶄ
    HTTPϨεϙϯε
    KQH
    DTT
    IUNM
    JOEFYIUNMΛදࣔ͢ΔͨΊʹ
    ඞཁͳJNBHFKQHΛૹΓ·͢
    TUZMFDTT΋ඞཁͳͷͰૹΓ·͢
    JOEFYIUNMΛૹΓ·͢
    Webαʔό
    Webϒϥ΢β
    HTTP/2Ͱͷվྑ఺ ऴྃ
    ↑ຊདྷͷϨεϙϯε

    View full-size slide

  34. ໨࣍
    9. HTTP/2Ͱͷվྑ఺
    10.HTTPSͷ࢓૊Έ
    11.HTTPSͷ΍ΓͱΓ
    12.εςʔτϑϧͱεςʔτϨε
    13.Cookie
    14.ηογϣϯ
    15.URI

    View full-size slide

  35. HTTPSͷ࢓૊Έ
    • ۙ೥, WebαΠτΛ௨ͯ͡γϣοϐϯά΍όϯΩϯά,
    νέοτͷ༧໿ͳͲͷαʔϏεΛར༻͢Δػձ͕૿Ճ
    • Χʔυͷ൪߸ͳͲͷݸਓ৘ใ΍, ஫จ಺༰ͷվ͟ΜͳͲ
    ͷةݥੑʹৗʹ͞Β͞Ε͍ͯΔ
    • ΑΓηΩϡΞͳHTTPϓϩτίϧٴͼURIεΩʔϜΛ
    HTTPSͱݺͿ

    View full-size slide

  36. HTTPSͷ࢓૊Έ
    • HTTPS(HTTP over SSL/TLS)

    SSL(Secure Sockets Layer)΍TLS(Transport Layer
    Security)্ͰߦΘΕΔηΩϡΞͳHTTP௨৴ͷ͜ͱ
    • SSL/TLS

    ௨৴࿏҉߸ԽͷͨΊͷϓϩτίϧ. SSLͱTLS͸େ࿮ͱ
    ͯ͠͸ಉ͡΋ͷͰ͸͋Δ͕, ݫີʹ͸ผ෺(TLS͸SSL
    ΛҾ͖ܧ͍ͩ࣍ੈ୅ن֨)
    ࢀߟϦϯΫɿhttps://ssl.sakura.ad.jp/column/ssl_tls/

    View full-size slide

  37. HTTPSͷ࢓૊Έ
    • ௨ৗͷHTTPΛ࢖ͬͨ௨৴Ͱ͸, 80൪ϙʔτΛϦοεϯ͠
    ͍ͯΔ͕, HTTPSͷ৔߹͸443൪ϙʔτ(SSL/TLSͷϙʔ
    τ)ΛϦοεϯ͍ͯ͠Δ
    • ҎԼͷ3ͭͷ࢓૊ΈΛ༻͍ͯWebαΠτͷ҆શੑΛ֬อ
    ‣ ҉߸Խ௨৴ʢ౪೉๷ࢭʣ
    ‣ վ͟Μ๷ࢭ
    ‣ ͳΓ͢·͠๷ࢭ

    View full-size slide

  38. ౪೉๷ࢭʢ҉߸Խ௨৴ʣ

    View full-size slide

  39. HTTPSͷ࢓૊Έʢ҉߸Խ௨৴ʣ
    • WebαΠτΛӾཡ͢Δࡍʹ͸, ࣮ࡍʹ͸ز͔ͭͷαʔό
    Λܦ༝͢Δ
    ‣ ୈࡾऀͷ௨৴಺༰Λ๣ड͢Δ͜ͱ͸ൺֱత؆୯
    • ສ͕Ұ๣ड͞Εͯ΋಺༰Λղಡ͞Εͳ͍Α͏ʹ, σʔλ
    Λ҉߸Խͯ͠ૹ৴

    View full-size slide

  40. վ͟Μ๷ࢭ

    View full-size slide

  41. HTTPSͷ࢓૊Έʢվ͟Μ๷ࢭʣ
    • ௨৴࿏্Ͱσʔλ͕վ͟Μ͞Εͯ͠·͏ͷ͸ࠔΔ
    ‣ ωοτόϯΩϯάͷৼࠐઌΛม͑ΒΕΔͱ͔
    • ରࡦͱͯ͠, ϝοηʔδμΠδΣετ͕ར༻͞ΕΔ
    ‣ ϋογϡ஋Λ࢖ͬͨվ͟Μ๷ࢭ
    ৼࠐɿѼઌ
    #͞Μ
    ৼࠐɿѼઌ
    "͞Μ
    BCD
    μΠδΣετ
    ᶄվ͟Μ͞ΕΔ
    ৼࠐɿѼઌ
    #͞Μ
    BCD DEF
    ᶅड͚औͬͨσʔλ͔Β
    ϋογϡ஋Λܭࢉͯ͠ൺֱ
    ᶃϝοηʔδμΠδΣετΛར༻ͯ͠,
    ૹ৴͢Δσʔλͷϋογϡ஋ΛٻΊΔ
    ϝοηʔδμΠδΣετʹΑΔվ͟Μ๷ࢭ

    View full-size slide

  42. ͳΓ͢·͠๷ࢭ

    View full-size slide

  43. HTTPSͷ࢓૊ΈʢͳΓ͢·͠๷ࢭʣ
    • ৗ࣌SSLԽ͢ΔͨΊʹαʔόূ໌ॻ͕ඞਢ
    • SSLαʔόূ໌ॻͱݺ͹ΕΔిࢠূ໌ॻΛ഑ஔ͢Δ͜ͱ
    Ͱ, ΫϥΠΞϯτଆ͸WebαΠτΛӡӦ͢Δऀͷ਎ݩΛ
    ֬ೝ͢Δ͜ͱ͕ग़དྷΔ
    ‣ ূ໌ॻ͸ൃߦΛೝΊΒΕͨೝূہͷΈ͕ൃߦՄೳͰ
    ͋Γ, ৴པͰ͖ͳ͍ൃߦݩͷSSLαʔόূ໌ॻ͕ར༻
    ͞Ε͍ͯΔ৔߹͸Webϒϥ΢β্ʹܯࠂը໘͕දࣔ
    ͞ΕΔ

    View full-size slide

  44. HTTPSͷ࢓૊ΈʢͳΓ͢·͠๷ࢭʣ
    • ࠷ۙ͸ৗ࣌SSL͕ਪ঑͞Ε͍ͯΔ
    ‣ શͯͷϖʔδʢϑΥʔϜ౳͕ͳͯ͘΋ʣʹSSLΛ࢖༻
    ͢Δ͜ͱ
    • GoogleΛ࢝Ίͱͨ͠اۀ΋SSLԽʹڧͩ͘͜ΘͬͯΔ
    ‣ ΋͸΍HTTPͷ࣌୅Ͱ͸ͳ͍ɹάʔάϧ͕͜͜·Ͱ
    “SSLԽ”ʹͩ͜ΘΔΘ͚

    http://www.itmedia.co.jp/enterprise/articles/1710/
    24/news037.html
    HTTPSͷ࢓૊Έ ऴྃ

    View full-size slide

  45. ໨࣍
    9. HTTP/2Ͱͷվྑ఺
    10.HTTPSͷ࢓૊Έ
    11.HTTPSͷ΍ΓͱΓ
    12.εςʔτϑϧͱεςʔτϨε
    13.Cookie
    14.ηογϣϯ
    15.URI

    View full-size slide

  46. HTTPSͷ΍ΓͱΓ
    • SSL/TLSϋϯυγΣΠΫ

    HTTPSͰ௨৴Λ։࢝͢ΔͨΊʹߦͳ͏΍ΓऔΓ. TCPί
    ωΫγϣϯ͕֬ೝ͞Εͨޙ, େ͖͘෼͚ͯҎԼͷ4ͭͷ
    खॱΛ౿Ή͜ͱͰ௨৴͕։࢝͞ΕΔ
    1. ҉߸Խํࣜͷܾఆ
    2. ௨৴૬खͷূ໌
    3. 伴ͷަ׵
    4. ҉߸Խํࣜͷ֬ೝ

    View full-size slide

  47. HTTPSͷ΍ΓͱΓ
    1. ҉߸Խํࣜͷܾఆ
    • ੈͷதʹ҉߸Խํࣜ͸ଟ਺ଘࡏ͢Δ(SHA-2, RSAͳͲ)
    ͨΊ, Ͳͷ҉߸ԽํࣜΛར༻͢Δͷ͔ΛWebϒϥ΢β
    ͱWebαʔόͰܾΊ͓ͯ͘ඞཁ͕͋Δ.
    • HTTPSͰར༻͞ΕΔSSL or TLSͷόʔδϣϯ, ϝο
    ηʔδμΠδΣετͷํࣜʹ͍ͭͯ΋ಉ࣌ʹܾఆ

    View full-size slide

  48. HTTPSͷ΍ΓͱΓ
    2. ௨৴૬खͷূ໌
    • Webϒϥ΢β͕௨৴͍ͯ͠ΔWebαʔό͕ਖ਼͍͠૬
    खͰ͋Δ͔Ͳ͏͔Λ, SSLαʔόূ໌ॻΛجʹݕূ
    • ਖ਼͍͠WebαʔόͰ͋Δͱ֬ೝͰ͖ͳ͔ͬͨ৔߹, ϒ
    ϥ΢β্ʹܯࠂ͕දࣔ͞ΕΔ

    View full-size slide

  49. HTTPSͷ΍ΓͱΓ
    3. 伴ͷަ׵
    • σʔλసૹʹར༻͢Δʮڞ௨伴ʯΛަ׵͢Δ
    • ͜ͷڞ௨伴Λ༻͍ͯσʔλΛ҉߸Խ, ෮߸͢Δ
    • ͜ͷ伴͸Ͳ͏ૹ৴͢Δͷ͔ʢ҉߸Խແ͠͸ةݥʣ
    ‣ ެ։伴҉߸ํࣜΛ༻͍ͯ҉߸Խ͠ૹ৴͢Δ
    • HTTPS͸, ެ։伴҉߸ํࣜͱڞ௨伴҉߸ํࣜΛ྆ํ
    ࢖ͬͨϋΠϒϦουํࣜ

    View full-size slide

  50. HTTPSͷ΍ΓͱΓ
    4. ҉߸Խํࣜͷ֬ೝ
    • ࣮ࡍʹར༻͢Δ҉߸Խํࣜͷ࠷ऴ֬ೝΛߦͳ͏
    • ͜ͷϑΣʔζ͕׬ྃ͢Δͱ, Webϒϥ΢βͱWebαʔ
    όؒʹ͓͍ͯ҉߸Խ௨৴͕։࢝͞ΕΔ

    View full-size slide

  51. HTTPSͷ΍ΓͱΓ
    ʲClient Helloʳ͜Μͳ҉߸Խํ͕ࣜར༻ՄೳͰ͢
    ʲServer Helloʳ͜ͷ҉߸ԽํࣜΛར༻͠·͠ΐ͏
    ҉߸Խํࣜͷܾఆ
    ʲServer CertificateʳࢲͷSSLαʔόূ໌ॻͰ͢
    ʲServer Hello Doneʳ͢΂ͯͷ৘ใΛૹΓ·ͨ͠
    ௨৴૬खͷূ໌
    ʲClient Key Exchangeʳڞ༗伴ΛૹΓ·͢ 伴ͷަ׵
    ʲFinishedʳ४උOKͰ͢
    ʲFinishedʳ४උOKͰ͢
    ʲChange Cipher Specʳ͜ͷ҉߸ԽํࣜΛ࢖͍·͠ΐ͏
    ʲChange Cipher Specʳ͜ͷ҉߸ԽํࣜͰOKͰ͢
    ҉߸Խํࣜͷ֬ೝ

    View full-size slide

  52. ໨࣍
    9. HTTP/2Ͱͷվྑ఺
    10.HTTPSͷ࢓૊Έ
    11.HTTPSͷ΍ΓͱΓ
    12.εςʔτϑϧͱεςʔτϨε
    13.Cookie
    14.ηογϣϯ
    15.URI

    View full-size slide

  53. εςʔτϑϧͱεςʔτϨε
    • HTTPͷಛ௃ͷ1ͭʹεςʔτϨε͕ڍ͛ΒΕΔ
    ‣ Ҏલͷঢ়ଶΛอ࣋͠ͳ͍ͨΊ, ෳ਺ͷॲཧΛؔ࿈෇͚
    Δ͜ͱ͕Ͱ͖ͳ͍
    • εςʔτϨεʹରͯ͠, εςʔτϑϧ΋ଘࡏ
    ‣ Ҏલͷঢ়ଶʢίϯςΫετʣΛอ͓࣋ͯ͘͠

    View full-size slide

  54. εςʔτϑϧͱεςʔτϨε
    • εςʔτϨε

    ϦΫΤετ͸ඞཁͳ৘ใΛશؚͯΜͰ͍ͳ͚Ε͹ͳΒ
    ͳ͍
    → ͸ʁͲ͏͍͏͜ͱʁʢྫΛݟͯΈ·͠ΐ͏ʣ

    View full-size slide

  55. εςʔτϑϧͱεςʔτϨε
    εςʔτϑϧͷྫ
    ٬: ϋϯόʔΨʔηοτΛ͓ئ͍͠·͢
    ళһ: αΠυϝχϡʔ͸Կʹͳ͍͞·͔͢?
    ٬: ϙςτͰ
    ళһ: υϦϯΫ͸Կʹͳ͍͞·͔͢?
    ٬: δϯδϟʔΤʔϧͰ
    ళһ: +50ԁͰυϦϯΫΛLαΠζʹͰ͖·͕͍͔͕͢Ͱ͔͢?
    ٬: MͰ͍͍Ͱ͢
    ళһ: Ҏ্ͰΑΖ͍͠Ͱ͔͢?
    ٬: ͸͍
    ళһ: ͔͜͠·Γ·ͨ͠
    Ҿ༻ɿhttp://yohei-y.blogspot.jp/2007/10/blog-post.html

    View full-size slide

  56. εςʔτϑϧͱεςʔτϨε
    εςʔτϨεͷྫ
    ٬: ϋϯόʔΨʔηοτΛ͓ئ͍͠·͢
    ళһ: αΠυϝχϡʔ͸Կʹͳ͍͞·͔͢?
    ٬: ϋϯόʔΨʔηοτΛϙςτͰ͓ئ͍͠·͢
    ళһ: υϦϯΫ͸Կʹͳ͍͞·͔͢?
    ٬: ϋϯόʔΨʔηοτΛϙςτͱδϯδϟʔΤʔϧͰ͓ئ͍͠·͢
    ళһ: +50ԁͰυϦϯΫΛLαΠζʹͰ͖·͕͍͔͕͢Ͱ͔͢?
    ٬: ϋϯόʔΨʔηοτΛϙςτͱδϯδϟʔΤʔϧ(M)Ͱ͓ئ͍͠·͢
    ళһ: Ҏ্ͰΑΖ͍͠Ͱ͔͢?
    ٬: ϋϯόʔΨʔηοτΛϙςτͱδϯδϟʔΤʔϧ(M)Ͱ͓ئ͍͠·͢ɻҎ্
    ళһ: ͔͜͠·Γ·ͨ͠
    Ҿ༻ɿhttp://yohei-y.blogspot.jp/2007/10/blog-post.html

    View full-size slide

  57. εςʔτϑϧͱεςʔτϨε
    ྆ऀͷҧ͍͸ͳʹ͔ʁ
    ‣ ళһ͞Μ͕͓٬͞ΜͷཔΜͩ৘ใ(ίϯςΩετ)Λ֮
    ͍͑ͯΔʢอ͍࣋ͯ͠Δʣ͔Ͳ͏͔
    ‣ εςʔτϨεͳγεςϜͰ͸, ళһ͞Μ͕৘ใΛอ࣋
    ͍ͯ͠ͳ͍ͨΊ, ϦΫΤετ͕ͲΜͲΜ௕͘ͳΓ৑௕
    ʹͳΔ
    → ͳͥ࢖͏ͷ͔ʁ

    View full-size slide

  58. εςʔτϑϧͱεςʔτϨε
    εςʔϨεͷར఺
    εςʔτϨεͷܽ఺
    • ୯ҰͷϦΫΤετʹશͯͷ৘ใؚ͕·ΕΔ
    • ηογϣϯͷ؅ཧ͕γϯϓϧʹͳΔ
    • εέʔϥϏϦςΟͷ޲্
    • ωοτϫʔΫύϑΥʔϚϯεͷ௿Լ

    View full-size slide

  59. ໨࣍
    9. HTTP/2Ͱͷվྑ఺
    10.HTTPSͷ࢓૊Έ
    11.HTTPSͷ΍ΓͱΓ
    12.εςʔτϑϧͱεςʔτϨε
    13.Cookie
    14.ηογϣϯ
    15.URI

    View full-size slide

  60. Cookie
    • Web͕ਐԽ͢Δʹ͚ͭͯ, εςʔτϨεͩͱෆศΛײ͡Δ৔
    ໘͕૿͑ͨ
    ‣ γϣοϐϯάαΠτͷʮ঎඼ΛબͿʯʮങ͍෺͔͝ʹೖ
    ΕΔʯʮ͔͝ͷத਎Λ֬ೝ͢Δʯʮܾࡁ͢Δʯͱ͍ͬͨ
    ಈ࡞͸, Webαʔόతʹ͸ҟͳΔϦΫΤετͰ΋, Webϒ
    ϥ΢βଆͰ͸ؔ࿈ͷ͋Δ1࿈ͷૢ࡞
    - ങ͍෺͔͝ʹ঎඼ΛೖΕͯ΋, ʮങ͍෺͔͝ʹ͍Εͨʯ
    ͱ͍͏ಈ࡞͕อ࣋͞Εͳ͍ͨΊ, ͔͝ͷத਎͕ແ͍ঢ়ଶ
    ʹͳͬͯ͠·͏

    View full-size slide

  61. Cookie
    • ࣮ࡍͷγϣοϐϯάαΠτͰ͸, ʮങ͍෺͔͝ʹೖΕͨ
    ͷʹೖ͍ͬͯͳ͍ʯͱ͍ͬͨΑ͏ͳ͜ͱ͸΄΅ແ͍
    ‣ ঢ়ଶΛอଘ͢Δผͷ࢓૊Έ͕ଘࡏ͍ͯ͠Δ͔Β
    - Cookieͱ͍͏࢓૊Έ͕ଘࡏ͢Δ

    View full-size slide

  62. Cookie
    • Cookie

    Webαʔό͕઀ଓ͖ͯͨ͠Webϒϥ΢βʹରͯ͠ૹ৴
    ͢Δখ͞ͳσʔλ. Ұൠʹ, Webϒϥ΢βʹอ࣋ͯ͠໯
    ͍͍ͨσʔλΛCookieͱͯ͠อ࣋͢Δ.
    • Cookie͸ओʹҎԼͷ3ͭͷ༻్Ͱ࢖༻͞ΕΔ
    1. ηογϣϯͷ؅ཧʢϩάΠϯ৘ใ, Χʔτ৘ใʣ
    2. ݸਓઃఆʢϢʔβʔͷઃఆʣ
    3. τϥοΩϯάʢϢʔβʔͷߦಈΛ෼ੳ͢Δʣ

    View full-size slide

  63. Cookie
    • Cookie΍ΓͱΓͷྲྀΕ
    1. Webαʔό΁઀ଓ͖ͯͨ͠Webϒϥ΢βʹରͯ͠,
    อଘͯ͠΋Β͍͍ͨ৘ใΛCookieͱͯ͠ૹΔʢϨε
    ϙϯεϔομʔʹ, Set-CookieଐੑΛ௥Ճʣ
    2. CookieΛड͚औͬͨWebϒϥ΢β͸ͦΕΛอଘ͠,
    ࣍ʹαʔόʹ઀ଓ͢Δࡍʹอଘ͓͍ͯͨ͠Cookie
    Λૹ৴͢Δ

    View full-size slide

  64. Cookie
    • γϣοϐϯάαΠτΛྫʹߟ͑Δͱ
    1. Webαʔό͸ΞΫηε͖ͯͨ͠Webϒϥ΢βΛࣝ
    ผ͢ΔͨΊͷ৘ใΛCookieͱͯ͠ૹΔ
    2. Webαʔό͕γϣοϐϯάαΠτʹΞΫηε͢Δࡍ
    ͸, ϒϥ΢βࣝผͷͨΊͷ৘ใʢCookieʣΛϦΫΤ
    ετϔομʹؚΊͯૹ৴͢Δ

    View full-size slide

  65. Cookie
    ᶃ࠷ॳͷWebαʔό΁ͷ઀ଓ
    ᶄCookie΋ಉ࣌ʹૹ৴
    ᶅ2ճΊͷWebαʔό΁ͷ઀ଓ
    ʜ
    4FU$PPLJFOBNFWBMVFFYQJSFTEBUFEPNBJO%*."*/@/".&
    ʜ
    .FTTBHF
    1045VQMPBE)551
    HTTPϨεϙϯε
    ॳճͷHTTPϨεϙϯεͷ
    ϝοηʔδϔομʔʹ
    CookieΛؚΊͯૹ৴
    ʜ
    $PPLJFOBNFWBMVF
    ʜ
    .FTTBHF
    1045VQMPBE)551
    HTTPϦΫΤετ
    CookieΛड͚औͬͨ͋ͱ͸,
    CookieΛHTTPϦΫΤετϔομʔʹ
    ؚΊͯૹ৴͢Δ

    View full-size slide

  66. Cookie
    • Cookieͷૹ৴ʹ͸ϝοηʔδϔομ͕ར༻͞ΕΔ(ਤͷ
    ྘৭ͷ෦෼Ͱͨ͠Ͷʁʣ
    • Webαʔό͸HTTPϨεϙϯεʹSet-CookieϔομʔΛ
    ؚΊΔ͜ͱͰCookieΛૹ৴͢Δ
    • Webϒϥ΢β͸, HTTPϦΫΤετʹCookieϔομΛؚ
    ΊΔ͜ͱͰ, CookieΛૹ৴͢Δ
    ʜ
    4FU$PPLJFOBNFWBMVFFYQJSFTEBUFEPNBJO%*."*/@/".&
    ʜ
    .FTTBHF
    1045VQMPBE)551
    ਤ: ϝοηʔδϔομ

    View full-size slide

  67. Cookie
    • Set-Cookieϔομ͸Cookieͷ஋Λઃఆ͢Δ͚ͩͰͳ͘, Cookieͷ༗ޮ
    ظݶ΍HTTPSͰͷΈ΍ΓऔΓΛߦͳ͏(Secure Cookie)ઃఆΛ͢Δ͜ͱ
    ͕Ͱ͖Δ.
    ‣ Secure CookieΛ࢖ͬͨ৔߹Ͱ΋, ػີ৘ใ͸ૹड৴ͯ͠͸͍͚ͳ͍
    • ༗ޮظݶΛઃఆ͠ͳ͍CookieΛηογϣϯCookieͱ͍͏ʢWebϒϥ
    ΢βΛফ͢ͱಉ࣌ʹফڈ͞ΕΔʣ
    ‣ ༗ޮظݶΛઃఆ͢Δͱͦͷظؒ͸࢒ΔͨΊ, γϣοϐϯάαΠτͳ
    ͲͰ͸҆શੑͷ؍఺͔ΒηογϣϯCookieΛ࢖͍ͬͯΔͱ͜Ζ͕
    ଟ͍

    View full-size slide

  68. Cookie
    ໊લ ಺༰ छผ
    4FU$PPLJF
    ঢ়ଶΛอ࣋ɾ؅ཧ͢ΔͨΊͷ
    ৘ใʢ$PPLJFʣ
    ϨεϙϯεϔομϑΟʔϧυ
    $PPLJF
    8FCαʔό͔Βड͚औͬͨ
    $PPLJFͷ஋
    ϦΫΤετϔομϑΟʔϧυ
    CookieͰར༻͞ΕΔϔομϑΟʔϧυ

    View full-size slide

  69. Cookie
    ໊લ ಺༰
    OBNFWBMVF $PPLJFʹ෇͚Δ໊લͱͦͷ஋
    FYQJSFTEBUF $PPLJFͷ༗ޮظݶ͜ͷଐੑ͕ͳ͍৔߹ ηογϣϯ$PPLJFͱͯ͠ѻ͏
    NBYBHFTFDPOET $PPLJFͷੜଘ࣌ؒΛඵ਺Ͱࢦఆ
    TFDVSF )5514Ͱ௨৴ͯ͠Δ৔߹ͷΈ$PPLJFΛૹ৴
    IUUQPOMZ +BWB4DSJQU͔Βͷ$PPLJF΁ͷࢀর੍ݶʢ944Λ๷͙ͨΊʣ
    EPNBJO%0."*/@/".& $PPLJF͕ར༻͞ΕΔυϝΠϯ໊
    QBUI1"5) $PPLJF͕ར༻͞ΕΔαʔό্ͷύε
    Set-CookieϔομϑΟʔϧυʹهड़͢Δଐੑ

    View full-size slide

  70. ໨࣍
    9. HTTP/2Ͱͷվྑ఺
    10.HTTPSͷ࢓૊Έ
    11.HTTPSͷ΍ΓͱΓ
    12.εςʔτϑϧͱεςʔτϨε
    13.Cookie
    14.ηογϣϯ
    15.URI

    View full-size slide

  71. ηογϣϯ
    • ηογϣϯ

    ؔ࿈ͷ͋Δ1࿈ͷॲཧͷ։͔࢝Βऴྃ·Ͱͷશظؒ
    ૹ৴ଆ ड৴ଆ
    ঎඼ΛબͿ
    OK
    ങ͍෺͔͝ʹೖΕΔ
    OK
    ങ͍෺͔͝ͷத਎Λ֬ೝ
    OK
    ܾࡁ
    OK
    ηογϣϯ
    ίωΫγϣϯ

    View full-size slide

  72. ηογϣϯ
    • ෳ਺ͷΫϥΠΞϯτ͔ΒΞΫηε͞ΕΔWebαʔό͸, ηο
    γϣϯΛͲͷΑ͏ʹ؅ཧ͢Δͷ͔ʁ
    ‣ CookieΛ༻͍ͯηογϣϯΛ؅ཧ͢Δ
    ‣ Cookie͕࢖͑ͳ͍৔߹͸URLʹؚΊΔͱ͖΋͋Δ͕, ηΩϡ
    ϦςΟͷ໘͔Βਪ঑͞Εͳ͍ํ๏Ͱ͋Δ
    • ηογϣϯ؅ཧʹ͓͍ͯ, Webϒϥ΢βΛࣝผ͢ΔͨΊͷࣝผ
    ࢠ(id)ΛηογϣϯIDͱݺͿ
    ‣ ηογϣϯID͸WebαʔόͰੜ੒͞Ε, CookieʹؚΊͯWeb
    ϒϥ΢βʹૹ৴͞ΕΔ

    View full-size slide

  73. ηογϣϯ
    4*%BBBBBB
    4*%CCCCCC
    webαʔό
    webϒϥ΢βB
    webϒϥ΢βA
    ηογϣϯ*% Ϣʔβʔ ϩάΠϯ ങ͍෺͔͝
    BBBBBB TBUP 536&
    Ξ΢λʔº
    γϟπº
    CCCCCC HVFTU '"-4& γϡʔζº
    දɿWebαʔό͕อଘ͍ͯ͠Δηογϣϯσʔλ

    View full-size slide

  74. ηογϣϯ
    • ηογϣϯIDΛड͚औͬͯҎ߱͸, ϦΫΤετϔομʹ
    ηογϣϯIDΛؚΊͯૹ৴͢Δ͜ͱͰ, Webαʔόͱͷ
    ηογϣϯΛҡ࣋͢Δ͜ͱ͕ग़དྷΔ.
    • ʮങ͍෺͔͝ʹͳʹΛ͍Ε͔ͨʯͱݴͬͨ৘ใ͸, ηο
    γϣϯIDͱඥ෇͍ͯʮηογϣϯσʔλʯͱͯ͠Web
    αʔόʹอଘ͞ΕΔ.

    View full-size slide

  75. ηογϣϯ
    webαʔό
    webϒϥ΢βA
    Set-Cookie:SID=aaaaaa
    Cookie:SID=aaaaaa
    CookieʹؚΊͯ౉͢
    ϦϯΫͷURLʹؚΊΔ
    webαʔό
    webϒϥ΢βA
    http://example.com/cart?SID=aaaaaa
    ͱ͍͏ϦϯΫ෇͖ͷWebϖʔδΛૹ৴
    ϦϯΫ͕ΫϦοΫ͞ΕΔͱ, ηογϣϯID෇͖
    ͰWebαʔό΁ϦΫΤετ͕ૹ৴͞ΕΔ
    http://example.com/cart?SID=aaaaaa
    ηογϣϯIDΛURLͷύϥϝʔλͱͯ͠ૹ৴

    View full-size slide

  76. ໨࣍
    9. HTTP/2Ͱͷվྑ఺
    10.HTTPSͷ࢓૊Έ
    11.HTTPSͷ΍ΓͱΓ
    12.εςʔτϑϧͱεςʔτϨε
    13.Cookie
    14.ηογϣϯ
    15.URI

    View full-size slide

  77. URI
    • URI(Uniform Resource Identifier)

    ৘ใ΍σʔλͱ͍ͬͨϦιʔεΛࣝผ͢Δهड़ํ๏
    ‣ ಛʹ, Ϧιʔε͕ଘࡏ͢Δ৔ॴΛࣔ͢΋ͷΛ
    URL(Uniform Resource Locator)ͱ͍͏
    • URIͷ͏ͪ, ৔ॴ͸໰ΘͣʹϦιʔεͷ໊લΛࣔ͢΋ͷΛ
    URN(Uniform Resource Name)ͱ͍͏
    URIͷҰൠతͳදݱܗࣜ
    ʢεΩʔϜ໊ʣɿʢεΩʔϜ͝ͱͷදݱܗࣜʣ

    View full-size slide

  78. URI
    εΩʔϜ εΩʔϜ͝ͱͷදݱܗࣜ
    IUUQ
    FYBNQMFDPNOFXTJOEFYIUNM

    FYBNQMFDPNʹ͋ΔOFXϑΥϧμ಺ͷJOEFYIUNMϑΝΠϧ
    GUQ
    FYBNQMFDPNEPDTOFXTEPD

    FYBNQMFDPNʹ͋ΔEPDTϑΥϧμ಺ͷOFXEPDϑΝΠϧ
    VSO
    JTCO
    JTCOίʔυͰࣔ͞ΕΔॻྨ
    VSO
    JFUGSGD
    JFUGʹΑͬͯ؅ཧ͞Ε͍ͯΔ3'$ͷॻྨ
    URIͷྫ
    εΩʔϜ໊ɿεΩʔϜ͝ͱͷදݱܗࣜ

    View full-size slide

  79. URI
    • ϦΫΤετURI

    HTTPʹ͓͍ͯ΋, ϦιʔεΛಛఆ͢ΔͨΊʹURIΛར༻
    ͍ͯ͠Δ. ઈରURIܗࣜͱ૬ରURIܗ͕ࣜ͋Δ
    ઈରURIͰͷදه
    ૬ରURIͰͷදه
    (&5IUUQFYBNQMFDPNOFXTJOEFYIUNM)551
    )PTUFYBNQMFDPN
    http͔Β࢝·ΔURIͰ, ϗετ໊ٴͼύε໊ͷશ͕ͯϦΫΤετߦʹهड़͞ΕΔ.
    HTTPϦΫΤετ͕ϓϩΩγαʔόΛܦ༝͢Δ৔߹, ઈରURI͕ར༻͞ΕΔ.
    (&5OFXTJOEFYIUNM)551
    )PTUFYBNQMFDPN
    /͔Β࢝·ΔURIͰ, ύε໊ͷΈϦΫΤετߦʹهड़͞ΕΔ
    ௨ৗ͸૬ରURIΛར༻ͯ͠HTTPϦΫΤετ͕ૹ৴͞ΕΔ

    View full-size slide

  80. URI
    • ύʔηϯτΤϯίʔσΟϯά

    URLͰར༻Ͱ͖Δจࣈ͸ఆΊΒΕ͓ͯΓ, ʮ༧໿จࣈʯ
    ͱʮඇ༧໿จࣈʯ͕ଘࡏ͢Δ.
    ‣ ༧໿จࣈ

    ҎԼͷΑ͏ͳ஋. ۠੾ΓͳͲͰ࢖ΘΕΔ
    reserved = gen-delims / sub-delims
    gen-delims = ":" / "/" / "?" / "#" / "[" / "]" / "@"
    sub-delims = "!" / "$" / "&" / "'" / "(" / ")"
    / "*" / "+" / "," / ";" / "="
    Ҿ༻ɿhttps://tools.ietf.org/html/rfc3986#page-11

    View full-size slide

  81. URI
    • ඇ༧໿จࣈ

    ਺ࣈ΍ΞϧϑΝϕοτͳͲࣗ༝ʹURIʹ࢖༻Ͱ͖ΔจࣈͰ, Ξϧ
    ϑΝϕοτͷେจࣈখจࣈ, ਺ࣈ, ϋΠϑϯ, υοτ, Ξϯμʔε
    ίΞ, νϧμؚ͕·ΕΔ

    • URIͰ͸ඇ༧໿จࣈ͔ࣗ͠༝ʹ࢖͏͜ͱ͕Ͱ͖ͳ͍
    ‣ ༧໿จࣈ, ඇ༧໿จࣈҎ֎ͷจࣈΛURIͰར༻͢Δ৔߹, ύʔ
    ηϯτΤϯίʔσΟϯάͱ͍͏ํ๏Λ༻͍ͯΤϯίʔυ͢
    Δඞཁ͕͋Δ
    unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"

    View full-size slide

  82. URI
    • ύʔηϯτΤϯίʔσΟϯάͰ͸, ʮ%ʯʹ͍ͭͮͯจ
    ࣈίʔυΛ16ਐ਺Ͱදͨ͠ܗʹม׵͞ΕΔ
    จࣈίʔυ ύʔηϯτΤϯίʔσΟϯάޙ
    4IJGU+*4 ""7#$
    &6$+1 """"$##"
    65'
    &&&"
    &&%
    “͍͍ఱؾ”ΛύʔηϯτΤϯίʔσΟϯά͢Δྫ

    View full-size slide

  83. URI
    • ੜ੒͞ΕͨURI͸, ৗʹύʔηϯτΤϯίʔσΟϯά͞
    Εͨঢ়ଶͰ͋Δ.
    ‣ ࣍ͷΑ͏ͳ΋ͷ͸URIͱͯ͠ೝΊΒΕͳ͍
    • ෳ਺ճσίʔυͯ͠͸͍͚ͳ͍
    http://example.com?foo=;ʔ&bar=%E3%81%B0%E3%83%BC

    View full-size slide

  84. ༨ஊ
    • ͳΜͰHTTP/2.0͡Όͳͯ͘HTTP/2ͳͷʁ

    The Working Group decided to drop the minor
    version (“.0”) because it has caused a lot of confusion
    in HTTP/1.x. In other words, the HTTP
    version only indicates wire compatibility, not feature
    sets or “marketing.”
    ‣ ϓϩτίϧͷޓ׵ੑ͚ͩΛද͢ͱ͸Ͳ͏͍͏͜ͱͳΜ
    Ͱ͠ΐ͏͔ʁ
    ‣ ͋ͱͲΜͳޡղ͕͋ͬͨΜͩΖ͏…
    Ҿ༻ɿhttps://http2.github.io/faq/#is-it-http20-or-http2

    View full-size slide

  85. ࢀߟαΠτ౳

    View full-size slide

  86. ࢀߟαΠτ౳
    • HTTP/2 Frequently Asked Questions

    https://http2.github.io/faq/
    • HTTP/2ͷ֓ཁ

    https://developers.google.com/web/fundamentals/
    performance/http2
    • HPACK:Header Compression for HTTP/2

    https://tools.ietf.org/html/rfc7541
    • HTTP/2 ೖ໳

    https://techblog.yahoo.co.jp/infrastructure/http2/
    introduction_to_http2/

    View full-size slide

  87. ࢀߟαΠτ౳
    • SSLͱTLSͷҧ͍ͱ͸

    https://ssl.sakura.ad.jp/column/ssl_tls/
    • SSLΛཧղ͢ΔͨΊͷجૅωΰγΤʔγϣϯ[PDF]

    https://www.jp.websecurity.symantec.com/welcome/pdf/
    wp_ssl_negotiation.pdf
    • HTTPSͷৄࡉ

    http://www.atmarkit.co.jp/ait/articles/1704/13/news030.html
    • Uniform Resource Identifier(URI): Generic Syntax

    https://tools.ietf.org/html/rfc3986

    View full-size slide