Slide 1
Slide 1 text
Auth0 Product
Roadmap Report
2019.12.10
Classmethod, Inc. SUWA Yuki
Slide 2
Slide 2 text
• Senior Specialist
• Developers.IO Blogger
• iOS Node.js Vue AWS etc…
ਡ๚ ༔لɹYuki Suwa
Auth0 Ambassador
Slide 3
Slide 3 text
ˌAuth0JP
Slide 4
Slide 4 text
November 2019
• Martin Gontovnikas ࢯདྷ
• Auth0 Day 19 ొஃ
• LINE Developer Day 2019 ొஃ
Slide 5
Slide 5 text
ຊͷ͓
• Gontoࢯ͕ޠͬͨηογϣϯͷৼΓฦΓ
• Auth0 Product RoadmapʢAuth0 Dayʣ
• Identity৽͍͠ϑΝΠΞʔΥʔϧ ʢLINE Dev Dayʣ
Slide 6
Slide 6 text
Auth0ͷઓུ
2013 2016 2019
։ൃऀ
֦ுੑ
ϓϥοτϑΥʔϜ
Slide 7
Slide 7 text
Auth0ͷߟ͑ํ
• ೝূ / ೝՄͷձࣾ
• IDཧ͚ͩͰͳ͘ɺ։ൃऀͷ͓ख͍͕͍ͨ͠
• ։ൃऀͷExperienceେʹ͍ͯ͠Δ
Slide 8
Slide 8 text
։ൃऀͷͨΊͷϓϥοτϑΥʔϜ
• 2, 3ߦͰ࢝ΊΒΕΔ
• ଟ͘ͷݴޠΛαϙʔτ
• Web͚ͩͰͳ͘ɺσεΫτοϓɺϞόΠϧͰ͑Δ
Slide 9
Slide 9 text
֦ுੑͷڧԽ
• RuleΛͬͯAuth0ͷػೳΛχʔζʹ߹ΘͤΒΕΔ
• ྫ : ຊҎ֎ͷIPΛϒϩοΫ͢Δ
• 87%ͷސ٬͕֦ு͍ͯ͠Δ
• ଞͷೝূϕϯμʔͱେ͖͘ҟͳΔ
Slide 10
Slide 10 text
Response
Optional Redirect
External Page
Your Code
MFA
Modified Access
& ID Tokens
Rules
Own
API
Access & ID
Tokens
Enrich
Profile
Send to
Intercom
Slide 11
Slide 11 text
Auth0ͷઓུ
2013 2016 2019
։ൃऀ
֦ுੑ
ϓϥοτϑΥʔϜ εέʔϥϏϦςΟ
৴པ & ίϯϓϥΠΞϯε
Slide 12
Slide 12 text
εέʔϥϏϦςΟ
• 30ԯҎ্/݄ͷϩάΠϯΛཧ
• 5ϲࠃɺ5ԯ1,200ສਓͷϓϩϑΝΠϧΛཧ
• 12ສͷΞϓϦέʔγϣϯʢΫϥΠΞϯτʣ
Slide 13
Slide 13 text
৴པͱίϯϓϥΠΞϯε
27001 SOC HIPAA 27018 PCI
Slide 14
Slide 14 text
Auth0ͷઓུ
2013 2016 2019
։ൃऀ
֦ுੑ
ϓϥοτϑΥʔϜ εέʔϥϏϦςΟ
৴པ & ίϯϓϥΠΞϯε
࣍Կʁ
Slide 15
Slide 15 text
ϫϯΫϦοΫͰ
͋ΒΏΔΞϓϦέʔγϣϯʹ
҆શʹΞΫηεͰ͖ΔΑ͏ʹ͢Δ
Slide 16
Slide 16 text
ΤϯυϢʔβʔͱͯ͠
• ϩάΠϯอͨΕͭͭɺηΩϡϦςΟΛҡ࣋ͯ͠ཉ͍͠
• ղܾ͢Δखஈͱͯ͠ίϯϑΟσϯεϨϕϧͷಋೖ
• ೝূͱ͍͏1ͭͷΠϕϯτʹରͯ͠Ϩϕϧ͕มΘΔ
• ྫ ) ৼΓࠐΈͳͲॏཁͳΞΫγϣϯͰMFA͕ൃಈ
• ܧଓతͳೝূ͕ߦΘΕΔ
Slide 17
Slide 17 text
No content
Slide 18
Slide 18 text
No content
Slide 19
Slide 19 text
ηΩϡϦςΟΤϯδχΞͱͯ͠
• Կ͕ى͖͍ͯͯɺԿΛ͙ͷ͔ΛѲ͍ͨ͠
• ⚠ Ϣʔβʔ͕10Ҏʹผͳࠃ͔ΒϩάΠϯ
ɹɹ ϑΟογϯά߈ܸΛݕग़
• ⚠ ଞͷࠃͷIPΞυϨε͔ΒϩάΠϯ
ɹɹ Credential Stuffing߈ܸΛݕग़
Slide 20
Slide 20 text
ཧऀͱͯ͠
• ৽نސ٬৭ʑͳཁٻΛ͍࣋ͬͯΔ
• ྫ ) ৽͍͠πʔϧͷಋೖɺ৽͍͠ϩάΠϯํࣜͷಋೖ
• அଓత / ܧଓతʹൃੜ͢Δӡ༻
• ྫ ) σόΠεฆࣦɺAPIͷೝূใͷऔಘ
• Auth0͕IFͱͳΓɺ֤IDཧऀࣗͨͪͰ࣮ࢪ͢Δ
Slide 21
Slide 21 text
࣮ऀͱͯ͠
• ඞཁͳݶΓγϯϓϧʹɺͦͯ͠ύϫϑϧʹ
• ͱͯ؆୯ʹελʔτͰ͖Δɺγϯϓϧ͞Λอͭ
• ඞཁͰ͋ΕConnection, Hook, RuleͳͲͰ֦ுͰ͖Δ
Slide 22
Slide 22 text
Features
Slide 23
Slide 23 text
ۙͰՃ͞Εͨػೳ
Authentication & Authorization
• Sign in with Apple
• LINE
• Enterprise OIDC Connections
Service Management
• Log Search Filtering
Slide 24
Slide 24 text
ۙͰՃ͞Εͨػೳ
• Explorer
• શͯͷઃఆΛ
ϏδϡΞϥΠζ
Slide 25
Slide 25 text
ۙͰՃ͞Εͨػೳ
• AWS Session Tag with Auth0 as SAML Provider
• SAML Provider͔ΒSSO͢ΔࡍʹΞαʔγϣϯΛ͚Δ
͜ͱͰResourceͷTagͰABAC (Attributed-Based
Access Control) Ͱ͖Δػೳ
https://dev.classmethod.jp/cloud/aws/session-tag-auth0/
Slide 26
Slide 26 text
Coming next (Q4 to 2020)
• Universal LoginͷΧελϜςΩετ
• ϋογϡࡁΈύεϫʔυͷΠϯϙʔτʢ֦ுʣ
• ύεϫʔυϨεͷωΠςΟϒ/όοΫΤϯυΞϓϦͷαϙʔτ
• ϦϑϨογϡτʔΫϯͷϩʔςʔγϣϯ (for ITP2 session interruptions)
• On-Behalf-Of-Flowͷαϙʔτ
IN PROGRESS
Slide 27
Slide 27 text
Coming next (Q4 to 2020)
• νʔϜΞΧϯτͷμογϡϘʔυͷΞΫηείϯτ
ϩʔϧ
• 3rd partyͷΑΓϦΞϧλΠϜͳϩάग़ྗ
• ෆਖ਼ϩάΠϯΛܰݮ͢ΔͨΊͷ৴པείΞϦϯά
IN PROGRESS
Slide 28
Slide 28 text
Coming next (Q4 to 2020)
• MFAͷཁૉΛબ͢Δػೳ
• Native FacebookϩάΠϯ
• RBACͷͨΊͷϓϩόΠμιʔε/ϗετάϧʔϓػೳ
• 3rd Party APIͷΞΫηείϯτϩʔϧ
PLANNED
Slide 29
Slide 29 text
Coming next (Q4 to 2020)
• ॺ໊Ωʔϩʔςʔγϣϯ
• ඇΞΫςΟϒޙͷϦϑϨογϡτʔΫϯͷߋ৽
• ϩάͷҰ؏ੑͷվળ
• Management APIͰͷHooksͷཧ
PLANNED
Slide 30
Slide 30 text
Coming next (Q4 to 2020)
• Universal Loginͷ͞ΒͳΔΧελϚΠζ
• Web AuthNͱॺ໊ΩʔͷͨΊͷMFAαϙʔτ
• ConsentͷΧελϚΠζͱϩʔΧϥΠζ
• ؆୯ͳΞϓϦϚΠάϨʔγϣϯ
CONCIDERING
Slide 31
Slide 31 text
Coming next (Q4 to 2020)
• Ϣʔβʔ͕ϒϩοΫ͞Εͨཧ༝ͷอ
• ύεϫʔυϦηοτϑϩʔͷΧελϚΠζ
• ߹ཧԽ͞ΕͨB2B SaaSͷOrganizationཧ
• Credential Stuffing߈ܸ (bot attack) ͷอޢ
CONCIDERING
Slide 32
Slide 32 text
Coming next (Q4 to 2020)
• σόΠε͝ͱʹΞΫςΟϒηογϣϯΛ੍ޚ͢Δػೳ
• ηογϣϯͷνΣοΫˍRevoke͕Ͱ͖ΔAPI
• HooksͷContextualͳΤϥʔϋϯυϦϯά
• ςφϯτͷ࡞ɺཧ͕Ͱ͖ΔAPI
CONCIDERING
Slide 33
Slide 33 text
Summary
• Auth0ͷϏδϣϯUXͱDXΛͱʹߴΊΔͱ͜Ζʹ͋Δ
• UXͱͯ͠ɺ
ϫϯΫϦοΫͰ҆શʹΞΫηεͰ͖ΔΑ͏ʹ͢Δ
• DXͱͯ͠ɺγϯϓϧΛอͪɺࣗ༝ʹ֦ுͰ͖ΔΑ͏ʹ͢Δ
Slide 34
Slide 34 text
"VUIύʔτφʔͱͯ͠
Resell Consulting Development
"84ͱͷ
Έ߹ΘͤͰ
͓҆͘ܖ
ೝূγεςϜͷઃܭ
ߏஙࢧԉΛ௨ͯ͠
εϐʔσΟʹಋೖ
"VUIΛͬͨ
ΞϓϦέʔγϣϯΛ
νʔϜͰ։ൃ