WebAuthn/FIDOのUX徹底解説 ~実サービスへの導入イメージを添えて~ / builderscon tokyo 2019 ritou

by ritou

Slide 1

Slide 1 text

WebAuthn/FIDOͷUXపఈղઆ ~࣮αʔϏε΁ͷಋೖΠϝʔδΛఴ͑ͯ~ ͍ͱ͏Γΐ͏!SJUPV CVJMEFSTDPOUPLZP

Slide 2

Slide 2 text

͍ͱ͏Γΐ͏ • (ג)ϛΫγΟ ΤϯδχΞ - Identity / Platform / Payment? • OpenID ϑΝ΢ϯσʔγϣϯɾδϟύϯ ΤόϯδΣϦετ • Blog : ritou.hatenablog.com • Twitter : @ritou (ळాͷೣ) • ˌidcon, #iddance !2

Slide 3

Slide 3 text

WebAuthnؔ࿈ͷൃද !3 https://speakerdeck.com/ritou

Slide 4

Slide 4 text

ຊ୊ͷલʹ • ࠓ࢖ΘΕ͍ͯΔϢʔβʔೝূ • FIDO/WebAuthn֓ཁ !4

Slide 5

Slide 5 text

ύεϫʔυೝূ • ஌ࣝ৘ใ (SYK:Something You Know) Λར༻ • ཁ͕݅ຬͨ͞ΕΔͳΒ͹ࢸߴͷೝূํࣜ • Ϣʔβʔ • αʔϏε !5

Slide 6

Slide 6 text

ύεϫʔυೝূʹ͓͚Δཁ݅ • Ϣʔβʔ • ਪଌෆՄೳͳจࣈྻΛੜ੒ • αʔϏεຖʹҟͳΔจࣈྻΛ؅ཧ • ֘౰αʔϏεʹͷΈೖྗ !6

Slide 7

Slide 7 text

ύεϫʔυೝূͷݱঢ় • Ϣʔβʔ • ਪଌෆՄೳͳจࣈྻΛੜ੒ -> ؆୯ɺਪଌՄೳ • αʔϏεຖʹҟͳΔจࣈྻΛ؅ཧ -> ࢖͍ճ͠ • ֘౰αʔϏεʹͷΈೖྗ -> ॊೈͳରԠ !7

Slide 8

Slide 8 text

ύεϫʔυೝূʹ͓͚Δཁ݅ • αʔϏε • ਪଌෆՄೳͳจࣈྻΛڐ༰ • ύεϫʔυΛ҆શʹ؅ཧ • ༷ʑͳڴҖ΁ͷରࡦ !8

Slide 9

Slide 9 text

ύεϫʔυೝূͷݱঢ় • αʔϏε • ਪଌෆՄೳͳจࣈྻΛڐ༰ -> ӳ਺࠷େ8จࣈ • ύεϫʔυΛ҆શʹ؅ཧ -> ͦͷ··อଘ/࿙Ӯ • ༷ʑͳڴҖ΁ͷରࡦ -> Ϧετ߈ܸରࡦͳͲ !9

Slide 10

Slide 10 text

ύεϫʔυೝূͷݱঢ় • ͲͪΒ΋ཁ݅Λຬ͍ͨͯ͠ͳ͍ • ݪҼ͸ਓྨͷεϖοΫෆ଍(1೥ͿΓ2ճ໨) !10

Slide 11

Slide 11 text

ύεϫʔυೝূͷݱঢ় • Ϣʔβʔ͸ϋʔυ/ιϑτ΢ΣΞͷαϙʔτ͕ඞཁ • ύεϫʔυೖྗΦϖϨʔλͱͯ͠΋༏लͰ͸ͳ͍ • αʔϏεͷίετ΋όΧʹͳΒͳ͍ • Ϧετ߈ܸରࡦ͸Πλνͬ͜͝ʹʁ • ໌Δ͍ະདྷ͕ݟ͑ͳ͍ೝূํࣜɺ΍ΊͪΌ͑͹ʁ !11

Slide 12

Slide 12 text

࣍ͷҰख • 2(ஈ֊|ཁૉ)ೝূͱݺ͹ΕΔ௥Ճೝূ • ϫϯλΠϜύεϫʔυ • खݩͷεϚϗ/σόΠεͰڐՄ !12

Slide 13

Slide 13 text

ϫϯλΠϜύεϫʔυೝূ • ϫϯλΠϜύεϫʔυΛར༻ • ϝʔϧ/SMSʹΑΓ഑ૹ • ιϑτ/ϋʔυ΢ΣΞͰੜ੒ • όοΫΞοϓίʔυ͔Β !13

Slide 14

Slide 14 text

ϫϯλΠϜύεϫʔυೝূͷΩϞ • ϫϯλΠϜύεϫʔυΛར༻ • ϝʔϧ/SMSʹΑΓ഑ૹ -> ௨৴࿏ͱૹड৴ • ιϑτ/ϋʔυ΢ΣΞͰੜ੒ -> 伴ͷ؅ཧ • όοΫΞοϓίʔυ͔Β -> ίʔυҰཡͷ؅ཧ !14

Slide 15

Slide 15 text

ϫϯλΠϜύεϫʔυೝূͷΩϞ • ϫϯλΠϜύεϫʔυΛར༻ (※ࣗಈೖྗ΋͋Γ) • ϝʔϧ/SMSʹΑΓ഑ૹ -> Ϣʔβʔ͕ೖྗ • ιϑτ/ϋʔυ΢ΣΞͰੜ੒ -> Ϣʔβʔ͕ೖྗ • όοΫΞοϓίʔυ͔Β -> Ϣʔβʔ͕ೖྗ !15

Slide 16

Slide 16 text

ϫϯλΠϜύεϫʔυͱ ϑΟογϯά߈ܸ !16 ϑΟογϯάϝʔϧɺ ϝοηʔδ ϑΟογϯάαΠτ ʢFYBNQMFJOGPʣ ਖ਼نͷαΠτ FYBNQMFDPN *%ύεϫʔυ ϫϯλΠϜ ύεϫʔυ औಘͨ͠ *%ύεϫʔυ ϫϯλΠϜ ύεϫʔυ

Slide 17

Slide 17 text

खݩͷσόΠεͰڐՄ • खݩͷσόΠεʹ௨஌ • ϩοΫղআͱ૊Έ߹Θͤ • σόΠε΍ઐ༻ΞϓϦ΁ͷ ϓογϡͳͲͰ࣮ݱ !17

Slide 18

Slide 18 text

௥ՃೝূͷޮՌ • ϫϯλΠϜύεϫʔυ • ϑΟογϯάαΠτ͕ಉظతʹਖ਼نͷαΠτʹΞΫ ηε͢ΔͱೝূΛಥഁ͞ΕΔՄೳੑ΋ • खݩͷσόΠεͰڐՄ • ͳΜͰ΋͔ΜͰ΋ڐՄͨ͠ΒNG • ϑΟογϯάαΠτ͕ಉظతʹਖ਼نͷαΠτʹΞΫ ηε͢Δͱؾ෇͔ͳ͍ͰڐՄͯ͠͠·͏Մೳੑ΋ !18

Slide 19

Slide 19 text

FIDO / WebAuthn ֓ཁ

Slide 20

Slide 20 text

FIDO(First IDentity Online) • ϩʔΧϧೝূΛར༻ • ύεϫʔυ΍ੜମ৘ใ͕௨৴࿏ΛྲྀΕͳ͍ • (ੜମೝূʹݶΒͣ)༷ʑͳೝূํࣜͱͷ૊Έ߹Θͤ ͕Մೳ • ެ։伴҉߸ํࣜΛ༻͍ͨ̎ͭͷػೳ • ొ࿥ : ॺ໊ͱެ։伴৘ใΛૹ৴ • ೝূ : ॺ໊Λૹ৴ !20

Slide 21

Slide 21 text

FIDOͷϢʔεέʔε !21 • ύεϫʔυϨεೝূͱͯ͠ (ॴ࣋+ϩʔΧϧೝূ) • ௥Ճೝূͱͯ͠ (ॴ࣋) • ࠶ೝূͷํ๏ͱͯ͠

Slide 22

Slide 22 text

FIDO2 Project • FIDO2 : WebΞϓϦέʔγϣϯ͔Β΋FIDO • WebAuthn (Web Authentication API) • FIDOΛར༻͢ΔαʔϏε͕ݺͼग़͢ JavaScript API • CTAP (Client To Authenticator Protocol) • ηΩϡϦςΟΩʔͱ΍ΓͱΓ͢ΔͨΊͷ࢓༷ • ϒϥ΢β͕࣮૷ !22

Slide 23

Slide 23 text

WebAuthn(WebAuthentication API) • 2019/3/4 W3Cקࠂ https://www.w3.org/TR/ webauthn/ • ఆٛ͞Ε͍ͯΔ2ͭͷAPI • navigator.credentials.create() : ొ࿥ • navigator.credentials.get() : ೝূ !23

Slide 24

Slide 24 text

WebAuthn - ొ৔ਓ෺ !24 • Relying Party : WebΞϓϦ • Authenticator : ηΩϡϦςΟΩʔɺσόΠε • Client : Webϒϥ΢β

Slide 25

Slide 25 text

WebAuthn - ొ৔ਓ෺ !25 IUUQTHJIZPKQEFWDPMVNOOFXZFBSXFCBVUIO QBHF

Slide 26

Slide 26 text

WebAuthn - ొ৔ਓ෺ !26 IUUQTHJIZPKQEFWDPMVNOOFXZFBSXFCBVUIO QBHF

Slide 27

Slide 27 text

WebAuthn - ొ࿥ϑϩʔ !27 1. ొ࿥༻ύϥϝʔλ࡞੒  (RP৘ใ,Ϣʔβʔ৘ใ, ϩʔΧϧೝূͷ༗ແͳͲ) 3. Authenticator/Platform ͷػೳΛݺͼग़͢ 2. JS APIͷݺͼग़͠ 4.ϩʔΧϧೝূ 伴ϖΞੜ੒ ॺ໊࡞੒ 5. ৽͍͠ެ։伴ͱॺ໊ 6. JS API͔Βͷ໭Γ஋ 7.֤छݕূ ެ։伴ͷอଘ Authenticator (SecurityKey etc…) Client (ϒϥ΢β) Relying Party (αʔϏε)

Slide 28

Slide 28 text

ొ࿥༻ύϥϝʔλͷࢦఆྫ !28 • Attachment : Authenticatorͷछྨ • User Verification : ϩʔΧϧೝূͷཁٻ • Require ResidentKey : Ϣʔβʔ৘ใΛอଘ

Slide 29

Slide 29 text

Attachment : Undefined (macOS + Google Chrome) !29 Ϣʔβʔ͕ར༻͢Δ"VUIFOUJDBUJPSΛબ୒

Slide 30

Slide 30 text

Platform Authenticator (macOS + Google Chrome) !30

Slide 31

Slide 31 text

Cross-Platform Authenticator (macOS + Google Chrome) !31

Slide 32

Slide 32 text

Attachment : Undefined (Windows10 + MS Edge) !32 8JOEPXT)FMMP༏ઌ Ωϟϯηϧˠ$SPTT1MBUGPSN

Slide 33

Slide 33 text

ొ࿥༻ύϥϝʔλͷࢦఆྫ !33 • Attachment : Authenticatorͷछྨ • User Verification : ϩʔΧϧೝূͷཁٻ • Require ResidentKey : Ϣʔβʔ৘ใΛอଘ

Slide 34

Slide 34 text

AuthenticatorͱϩʔΧϧೝূ !34 '*%0ηΩϡϦςΟΩʔσόΠεʛ#JP1BTT'*%0cඈఱδϟύϯ  IUUQTGUTBGFDPKQQSPEVDUTGJEP

Slide 35

Slide 35 text

AuthenticatorͱϩʔΧϧೝূ !35 %JTDPWFS:VCJ,FZTc4USPOH5XP'BDUPS"VUIFOUJDBUJPOGPS4FDVSF-PHJOc:VCJDP  IUUQTXXXZVCJDPDPNQSPEVDUTZVCJLFZIBSEXBSF

Slide 36

Slide 36 text

User Verification : Required (macOS + Google Chrome) !36 ϩʔΧϧೝূͷͳ͍σόΠεͰ΋1*/ͷར༻͕Մೳ

Slide 37

Slide 37 text

User Verification : Required (Windows10 + MS Edge) !37

Slide 38

Slide 38 text

ొ࿥༻ύϥϝʔλͷࢦఆྫ !38 • Attachment : Authenticatorͷछྨ • User Verification : ϩʔΧϧೝূͷཁٻ • Require ResidentKey : Ϣʔβʔ৘ใΛอଘ

Slide 39

Slide 39 text

Require ResidentKey : True (macOS + Google Chrome) !39 69͕มΘΔ৔߹΋

Slide 40

Slide 40 text

WebAuthn - ೝূϑϩʔ !40 Authenticator (SecurityKey etc…) Client (ϒϥ΢β) Relying Party (αʔϏε) 1. ೝূ༻ύϥϝʔλ࡞੒  (ެ։伴৘ใ, ϩʔΧϧೝূͷ༗ແͳͲ) 3. Authenticator/Platform ͷػೳΛݺͼग़͢ 2. JS APIͷݺͼग़͠ 4.ϩʔΧϧೝূ ॺ໊࡞੒ 5. ॺ໊ 6. JS API͔Βͷ໭Γ஋ 7.֤छݕূ ೝূॲཧ

Slide 41

Slide 41 text

ೝূ༻ύϥϝʔλͷࢦఆྫ !41 • AllowCredentials : ެ։伴ͷࢦఆ • ͋Γ : RP͕อ͍࣋ͯ͠Δެ։伴Λࢦఆ • ͳ͠(ۭ) : Authenticator ʹอଘ͞Ε͍ͯΔ ৘ใΛར༻

Slide 42

Slide 42 text

allowCredentialsࢦఆ͋Γ (macOS + Google Chrome) !42 ࢦఆͨ͠ެ։ݤʹඥͮ͘"VUIFOUJDBUPSΛཁٻ

Slide 43

Slide 43 text

allowCredentialsࢦఆ͋Γ (Windows10 + MS Edge) !43

Slide 44

Slide 44 text

ೝূ༻ύϥϝʔλͷࢦఆྫ !44 • AllowCredentials : ެ։伴ͷࢦఆ • ͋Γ : RP͕อ͍࣋ͯ͠Δެ։伴Λࢦఆ • ͳ͠(ۭ) : Authenticator ʹอଘ͞Ε͍ͯΔ ৘ใΛར༻ -> Resident Key

Slide 45

Slide 45 text

allowCredentialsࢦఆͳ͠ (macOS + Google Chrome) !45 ϩʔΧϧೝূอଘ͞Ε͍ͯΔϢʔβʔ৘ใ͔Βબ୒

Slide 46

Slide 46 text

allowCredentialsࢦఆͳ͠ (macOS + Google Chrome) !46 ηΩϡϦςΟΩʔͷ৔߹΋࠷ޙʹϢʔβʔ৘ใબ୒

Slide 47

Slide 47 text

allowCredentialsࢦఆͳ͠ (Windows10 + MS Edge) !47 8JOEPXT)FMMPͰ͸Ϣʔβʔબ୒ϩʔΧϧೝূ

Slide 48

Slide 48 text

allowCredentialsࢦఆͳ͠ (Windows10 + MS Edge) !48 ηΩϡϦςΟΩʔͷ৔߹͸ϩʔΧϧೝূޙϢʔβʔબ୒

Slide 49

Slide 49 text

WebAuthnͷϑΟογϯά଱ੑ (௥Ճೝূ) !49 ϑΟογϯάϝʔϧɺ ϝοηʔδ ϑΟογϯάαΠτ ʢFYBNQMFJOGPʣ ਖ਼نͷαΠτ FYBNQMFDPN *%ύεϫʔυ Ξαʔγϣϯ ॺ໊ͳͲ औಘͨ͠ *%ύεϫʔυ Ξαʔγϣϯ

Slide 50

Slide 50 text

WebAuthnͷϑΟογϯά଱ੑ (௥Ճೝূ) !50 ϑΟογϯάϝʔϧɺ ϝοηʔδ ϑΟογϯάαΠτ ʢFYBNQMFJOGPʣ ਖ਼نͷαΠτ FYBNQMFDPN *%ύεϫʔυ Ξαʔγϣϯ ॺ໊ͳͲ औಘͨ͠ *%ύεϫʔυ Ξαʔγϣϯ PSJHJO୯ҐͰ伴ϖΞΛ ੜ੒͍ͯ͠ΔͷͰ ϑΟογϯάαΠτʹ ϩάΠϯͰ͖ͳ͍

Slide 51

Slide 51 text

WebAuthnͷϑΟογϯά଱ੑ (௥Ճೝূ) !51 ϑΟογϯάϝʔϧɺ ϝοηʔδ ϑΟογϯάαΠτ ʢFYBNQMFJOGPʣ ਖ਼نͷαΠτ FYBNQMFDPN *%ύεϫʔυ Ξαʔγϣϯ ॺ໊ͳͲ औಘͨ͠ *%ύεϫʔυ Ξαʔγϣϯ PSJHJO୯ҐͰ伴ϖΞΛ ੜ੒͍ͯ͠ΔͷͰ ϑΟογϯάαΠτʹ ϩάΠϯͰ͖ͳ͍ ϑΟογϯάαΠτ޲͚ͷ ΞαʔγϣϯΛਖ਼نͷαΠτʹ ૹͬͯ΋ݕূࣦഊ͢Δ

Slide 52

Slide 52 text

࠷ۙ஫໨ͷFIDO/WebAuthnͷରԠঢ়گ !52 • Android • Authenticator: Android 7.0~, Security Key • Client: Chrome, Firefox • Windows 10 • Authenticator: Windows Hello, Security Key • Client : Microsoft Edge, Chrome, Firefox…

Slide 53

Slide 53 text

WebAuthnͷ࣮૷ʹ͍ͭͯ !53 • ͜͜Ͱ͸঺հ͠·ͤΜ

Slide 54

Slide 54 text

͍Α͍Αຊ୊ FIDO / WebAuthn UX

Slide 55

Slide 55 text

঺հ͢ΔϢʔεέʔε • ௥Ճͷೝূํࣜͱͯ͠: ύεϫʔυೝূ + FIDO • ϝΠϯͷೝূํࣜͱͯ͠: ύεϫʔυೝূ or FIDO !55

Slide 56

Slide 56 text

Dropbox

Slide 57

Slide 57 text

Dropbox - ొ࿥ !57 ઃఆલʹύεϫʔυ֬ೝΛཁٻ

Slide 58

Slide 58 text

Dropbox - ొ࿥ !58 σόΠε৘ใʹର͢Δ ΞΫηεڐՄ֬ೝΛཁٻ "UUFTUBUJPOOPOF

Slide 59

Slide 59 text

Dropbox - ొ࿥ !59 ໊લΛ͚ͭͯ׬ྃ

Slide 60

Slide 60 text

Dropbox - ೝূ !60 ύεϫʔυೝূͷޙʹೝূΛཁٻ

Slide 61

Slide 61 text

Dropbox - ೝূ !61 ιʔγϟϧϩάΠϯޙʹ΋ೝূΛཁٻ

Slide 62

Slide 62 text

Dropboxͷಋೖྫ • ̎ஈ֊ೝূͷ2ͭ໨Ҏ߱ͷೝূํࣜͱͯ͠ઃఆ • ར༻ՄೳͳAuthenticatorʹ੍ݶͳ͠ • ొ࿥ॲཧޙʹ໊લΛઃఆ • ύεϫʔυೝূ͚ͩͰ͸ͳ͘ɺιʔγϟϧϩάΠϯ ͷޙʹ΋ཁٻ͞ΕΔ !62

Slide 63

Slide 63 text

GitHub

Slide 64

Slide 64 text

GitHub - ొ࿥ !64 ొ࿥ॲཧͷલʹ໊લΛઃఆͤ͞Δ

Slide 65

Slide 65 text

GitHub - ొ࿥ !65 1MBUGPSN"VUIFOUJDBUPS΋ར༻Մೳ

Slide 66

Slide 66 text

GitHub - ೝূ !66 ύεϫʔυೝূޙʹར༻

Slide 67

Slide 67 text

GitHub - ೝূ !67 ύεϫʔυ֬ೝ࣌ʹ΋ηΩϡϦςΟΩʔΛར༻Մೳ

Slide 68

Slide 68 text

GitHubͷಋೖྫ • ̎ཁૉೝূͷ2ͭ໨Ҏ߱ͷೝূํࣜͱͯ͠ઃఆ • ར༻ՄೳͳAuthenticatorʹ੍ݶͳ͠ • ొ࿥ॲཧલʹ໊લΛઃఆ • ύεϫʔυೝূͷޙ͚ͩͰ͸ͳ͘ɺ࠶ೝূ࣌ʹ΋η ΩϡϦςΟΩʔΛ༻͍ͨೝূ͕Մೳ !68

Slide 69

Slide 69 text

Google

Slide 70

Slide 70 text

Google - ొ࿥ !70 "OESPJEҎ߱ͷσόΠεΛ؆୯ʹઃఆͰ͖Δ

Slide 71

Slide 71 text

Google - ొ࿥ !71 $SPTT1MBUGPSN"VUIFOUJDBUPS 5JUBOFUDʜ ΋ొ࿥Մೳ

Slide 72

Slide 72 text

Google - ೝূ !72 ύεϫʔυೝূޙʹ௥ՃೝূΛཁٻ

Slide 73

Slide 73 text

Google - ೝূ !73 εϚϗͰڐՄ͢Δͱೝূ͕׬ྃ

Slide 74

Slide 74 text

Google - ೝূ !74 ηΩϡϦςΟΩʔΛબ୒ޙɺλοϓ͢Δͱ׬ྃ

Slide 75

Slide 75 text

Googleͷಋೖྫ • ̎ஈ֊ೝূͷ2ͭ໨Ҏ߱ͷೝূํࣜͱͯ͠ར༻Մೳ • Cross-platform Authenticator • Android୺຤΋ར༻Մೳ • ϖΞϦϯάͳ͠ͷBluetooth઀ଓ(caBLE) • ͍ۙ͏ͪʹ࠶ೝূ࣌ʹ΋ར༻ՄೳʹͳΓͦ͏ !75

Slide 76

Slide 76 text

ʮ௥Ճೝূͱͯ͠ͷಋೖʯ ͷϙΠϯτ • ෳ਺ͷೝূํࣜΛఏڙ : ʮ٧Έʹ͍͘ʯ࢓૊Έ • Authenticatorͷ੍ݶ • ໊લͷઃఆ • ೝূཁٻͷλΠϛϯά • ύεϫʔυೝূ / ιʔγϟϧϩάΠϯͷޙ • ύεϫʔυ֬ೝͷ୅ସͱͯ͠ !76

Slide 77

Slide 77 text

঺հ͢ΔϢʔεέʔε • ௥Ճͷೝূํࣜͱͯ͠: ύεϫʔυೝূ + FIDO • ϝΠϯͷೝূํࣜͱͯ͠: ύεϫʔυೝূ or FIDO !77

Slide 78

Slide 78 text

Yahoo! JAPAN

Slide 79

Slide 79 text

Yahoo! JAPAN - ొ࿥ !79 "OESPJE$ISPNF؀ڥʹݶఆ

Slide 80

Slide 80 text

Yahoo! JAPAN - ొ࿥ !80 4.4ϝʔϧ֬ೝίʔυ౳ͱͷซ༻΋Մೳ

Slide 81

Slide 81 text

Yahoo! JAPAN - ೝূ !81 Ϣʔβʔࣝผޙɺ"OESPJE$ISPNFͳΒೝূཁٻ

Slide 82

Slide 82 text

Yahoo! JAPANͷಋೖྫ • Android + Chrome ͱݴ͏૊Έ߹Θͤʹݶఆ • ͦΕҎ֎ͷ؀ڥͰ͸ϝʔϧ / SMSͰͷ֬ೝίʔ υૹ৴౳Λར༻ • ϢʔβʔࣝผޙʹೝূํࣜΛग़͠Θ͚ • ొ࿥ޙͷ࠶ೝূͰ΋ಉ͡ೝূํࣜ !82

Slide 83

Slide 83 text

Microsoft

Slide 84

Slide 84 text

Microsoft - ొ࿥ !84 8JOEPXT)FMMP͕ಈ࡞͢Δ؀ڥͰ͋Ε͹ $SPTT1MBUGPSN"VUIFOUJDBUPS΋ར༻Մೳ

Slide 85

Slide 85 text

Microsoft - ొ࿥ !85 6TFS7FSJGJDBUJPOSFRVJSFE

Slide 86

Slide 86 text

Cross-Platform Authenticator !86 ΋ͪΖΜ8JOEPXT)FMMP୯ମͰ΋ొ࿥Մೳ

Slide 87

Slide 87 text

Microsoft - ೝূ !87 Ϣʔβʔࣝผલʹೝূཁٻ 3FTJEFOU,FZ

Slide 88

Slide 88 text

Microsoftͷಋೖྫ • Windows Hello͕࢖͑Δ؀ڥ + MS Edgeݶఆ • Windows Hello୯ମ • USB/NFCͳηΩϡϦςΟΩʔ΋ར༻Մೳ • αΠϯΠϯΦϓγϣϯͱͯ͠Ϣʔβʔࣝผલʹཁٻ • Resident KeyʹΑΔϢʔβʔબ୒ !88

Slide 89

Slide 89 text

Nulab(ψʔϥϘΞΧ΢ϯτ)

Slide 90

Slide 90 text

ψʔϥϘΞΧ΢ϯτ - ొ࿥ !90 ྆ํͷ"VUIFOUJDBUPSʹରԠ

Slide 91

Slide 91 text

ψʔϥϘΞΧ΢ϯτ - ొ࿥ !91 ొ࿥ॲཧ׬ྃ࣌ʹ໊લΛઃఆ

Slide 92

Slide 92 text

ψʔϥϘΞΧ΢ϯτ - ೝূ !92 ϝΞυͰࣝผޙʹ8FC"VUIOͷೝূཁٻ

Slide 93

Slide 93 text

ψʔϥϘΞΧ΢ϯτͷಋೖྫ • ϝΠϯͷೝূํࣜͱͯ͠ύεϫʔυೝূͱซ༻Մೳ • ར༻ՄೳͳAuthenticatorʹ੍ݶͳ͠ • ෳ਺ొ࿥ՄೳɺϢʔβʔ໊͕લΛ͚ͭΔ • Ϣʔβʔࣝผޙʹೝূཁٻ !93

Slide 94

Slide 94 text

ʮϝΠϯͷೝূํࣜͱͯ͠ͷಋೖʯ ͷϙΠϯτ • UserVerification͸ඞਢ • αϙʔτ؀ڥ(Authenticator/Client)ͷ੍ݶ • ੍ݶ͋Γ = ϝϯςφϯε͕ඞཁ • ੍ݶͳ͠ = FIDO2ରԠ؀ڥͳΒ͹উखʹରԠՄೳ • ೝূཁٻͷλΠϛϯά • ϝΞυͰࣝผޙʹઃఆͱ؀ڥͷ൑ఆ • ResidentKeyΛར༻ͯ͠Ϣʔβʔબ୒ !94

Slide 95

Slide 95 text

ύεϫʔυϨεʹ޲͚ͯ

Slide 96

Slide 96 text

ύεϫʔυϨε΁ͷಓ • ৽نαʔϏεͰ͸ύεϫʔυೝূΛಋೖ͠ͳ͍ • WebAuthn/FIDO͕࢖͑ͳ͍؀ڥͷέΞ • طଘͷαʔϏε͔ΒύεϫʔυೝূΛऔΓআ͘ 1. ґଘΛͳ͘͢ 2. (ڧ੍΋͘͠͸೚ҙͰ)ແޮԽ !96

Slide 97

Slide 97 text

ύεϫʔυೝূ΁ͷґଘͱ͸ • ৽نొ࿥ϑϩʔ • ύεϫʔυΛઃఆ͔ͯ͠Βϝʔϧ/SMS֬ೝ • ϩάΠϯͰ͖ͳ͍ϦϯΫ • ύεϫʔυϦηοτϑϩʔ΁ • ઃఆมߋͳͲॏཁͳॲཧ • ύεϫʔυ֬ೝ !97

Slide 98

Slide 98 text

ύεϫʔυೝূ΁ͷґଘΛऔΓআ͘ • ৽نొ࿥ϑϩʔ • ΫϨσϯγϟϧઃఆͱϝʔϧ/SMS֬ೝͷ෼཭ • ΫϨσϯγϟϧઃఆ෦෼Λ֦ுՄೳʹ͢Δ • ϩάΠϯͰ͖ͳ͍ϦϯΫ • ผͷೝূํࣜ΍ઃఆมߋ΁ͷ༠ಋ • ઃఆมߋͳͲॏཁͳॲཧ • ෳ਺ͷೝূํࣜΛڐ༰ !98

Slide 99

Slide 99 text

ψʔϥϘΞΧ΢ϯτͷ৽نొ࿥ • ࠷ॳʹύεϫʔυઃఆ • ґଘΛऔΓআͨ͘Ίʹ • ϝΞυ֬ೝΛઌʹʁ !99

Slide 100

Slide 100 text

Dropboxͷύεϫʔυ֬ೝ • ηΩϡϦςΟػೳͷલ ʹύεϫʔυཁٻ • ґଘΛऔΓআͨ͘Ίʹ • ઃఆࡁΈͷೝূํࣜ ʹ߹Θͤͨ࠶ೝূ • υϝΠϯ/origin੔ཧ !100

Slide 101

Slide 101 text

Yahoo! JAPANͷ࠶ೝূ • ύεϫʔυΛ֬ೝ͍ͯ͠ ͨͱ͜ΖͰϝΠϯͷೝ ূํࣜΛཁٻ • SMS / Email • WebAutnn • υϝΠϯ͕౷Ұ !101

Slide 102

Slide 102 text

ύεϫʔυೝূͷແޮԽ • ύεϫʔυΛ࢖Θͳ͍ʹϦετ߈ܸΛड͚ͳ͍ • Yahoo! JAPAN / ψʔϥϘΞΧ΢ϯτ !102

Slide 103

Slide 103 text

Yahoo! JAPANͷ ύεϫʔυೝূແޮԽ !103 ϝʔϧιϑτͳͲͷύεϫʔυ͸ผ్ઃఆՄೳ

Slide 104

Slide 104 text

ψʔϥϘΞΧ΢ϯτͷ ύεϫʔυ࡟আ !104 8FC"VUIOରԠ؀ڥͰ͔͠࢖Θͳ͍ͳΒ࡟আՄೳ

Slide 105

Slide 105 text

·ͱΊ

Slide 106

Slide 106 text

ࠓճͷ಺༰ • WebAuthnΛಋೖͨ͠αʔϏεͷUXΛ঺հͨ͠ • ࣮αʔϏε΁ͷಋೖ࣌ͷϙΠϯτΛ੔ཧͨ͠ • ύεϫʔυೝূ͕͋ΔαʔϏε΁ͷಋೖ • ύεϫʔυϨε΁ͷҠߦ !106

Slide 107

Slide 107 text

• ࣭͝໰ɺײ૝ͳͲ͓଴͓ͪͯ͠Γ·͢ • ϒϩάͰͷݴٴͳͲ • Twitter ͷϋογϡλά or ϝϯγϣϯ • ஏ͔͚ͣ͠Ε͹DMͰ΋ !107 ͝੩ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠