࣍ੈ୅WebೝূʮύεΩʔʯ Monicle ZATSUDAN LT Yukiya Nakagawa a.k.a Nkzn / 2024.4.5

஫ҙ • ͜ͷࢿྉ͸ɺࣾ಺ͷLTΠϕϯτͰٕज़৬Ҏ֎ͷϝϯόʔ޲͚ʹ͓࿩͠ ͨ͠΋ͷͰ͢ • ͬ͘͟ΓงғؾΛײͯ͡΋Β͏ͨΊʹந৅౓ߴΊʹ࡞͍ͬͯ·͢ • ந৅Խ͢ΔաఔͰਖ਼͘͠ͳ͍දݱʹͳͬͯ͠·͍ͬͯΔ෦෼΋ଟʑ͋ ΔͷͰɺΤϯδχΞ͕ଞਓʹύεΩʔΛઆ໌͢Δ࣌ͷࠜڌʹ͜ͷࢿྉ Λ࢖͏΂͖Ͱ͸͋Γ·ͤΜ

ΤϯδχΞͷਓ͸ͬͪ͜ಡΜͰͶ • https://goo.gle/passkeys • https:// fi doalliance.org/speci fi cations/ • https:// fi doalliance.org/ fi do2-2/ fi do2-web-authentication-webauthn/ • https://webauthn.io/ • https://blog.agektmr.com/2019/03/ fi do-webauthn • https://blog.agektmr.com/2022/12/passkey • https://blog.agektmr.com/2023/12/passkey-mythbusting • https:// fi rebase.uservoice.com/forums/948424-general/suggestions/46647016-support-authentication- with-passkeys • https://moneyforward-dev.jp/entry/2023/04/05/134721

ύεϫʔυೝূ͸ͳͥಈ͘ͷ͔

αʔόʔଆ ΞϓϦଆ ᶃύεϫʔυ͸ ɹɹɹɹɹɹͰ͢ "C$E&G( ϢʔβʔID: taro Ϣʔβʔ*% ύεϫʔυ Ӿཡݖݶ UBSP "C$E&G( ͋Γ σʔλϕʔε ᶄϩάΠϯ͍ͨ͠Ͱ͢ ᶅσʔλϕʔεΛ νΣοΫ͢ΔͶ ᶆૹ͖ͬͯͨύεϫʔυͱ σʔλϕʔεͷύεϫʔυ͕ Ұகͨ͠Α ᶇͳΔ΄Ͳ ܅͸UBSP͘Μͩ ᶈΑ͠ɺ௨Ε

ύεϫʔυೝূͷ໰୊఺

αʔόʔଆ IUUQTLBOFJSPKQ ϒϥ΢βଆ ᶃύεϫʔυ͸ ɹɹɹɹɹɹͰ͢ "C$E&G( ϢʔβʔID: taro Ϣʔβʔ*% ύεϫʔυ Ӿཡݖݶ UBSP "C$E&G( ͋Γ σʔλϕʔε ᶄϩάΠϯ͍ͨ͠Ͱ͢ ᶅσʔλϕʔεΛ νΣοΫ͢ΔͶ ᶆૹ͖ͬͯͨύεϫʔυͱ σʔλϕʔεͷύεϫʔυ͕ Ұகͨ͠Α ᶇͳΔ΄Ͳ ܅͸UBSP͘Μͩ ᶈΑ͠ɺ௨Ε Case 1: ๣ड ΢ΟϧεʹΑΔ ΩʔϘʔυೖྗͷ౪ௌ ʢύεϫʔυϚωʔδϟʔ ͰܰݮՄೳʣ ύεϫʔυΛ෇ᝦͰషͬͨ·· ελόͰ࢓ࣄͨ͠ ʢͲ͏ʹ΋ͳΒͳ͍ʣ IUUQͳ8FCαΠτ΍ ύεϫʔυͳ͠8J'JͳͲʹΑΔ ௨৴ͷ౪ௌ ʢIUUQT΍ύεϫʔυ෇͖8J'JͰରࡦՄೳʣ

αʔόʔଆ IUUQTLBOFJSPKQ ϒϥ΢βଆ ᶃύεϫʔυ͸ ɹɹɹɹɹɹͰ͢ "C$E&G( ϢʔβʔID: taro Ϣʔβʔ*% ύεϫʔυ Ӿཡݖݶ UBSP "C$E&G( ͋Γ σʔλϕʔε ᶄϩάΠϯ͍ͨ͠Ͱ͢ ᶅσʔλϕʔεΛ νΣοΫ͢ΔͶ ᶆૹ͖ͬͯͨύεϫʔυͱ σʔλϕʔεͷύεϫʔυ͕ Ұகͨ͠Α ᶇͳΔ΄Ͳ ܅͸UBSP͘Μͩ ᶈΑ͠ɺ௨Ε Case 2: ࿙Ӯ ηΩϡϦςΟࣄނʹΑΔ ύεϫʔυͷྲྀग़ ʢϋογϡԽͱ͍͏೉ಡԽख๏ʹΑͬͯҰఆͷରॲ͸Մೳʣ ʢͰ΋೉ಡԽ͕؁͍ͱ͘Β͍͸෮ݩͰ͖ͪΌ͏͜ͱ΋ʣ

αʔόʔଆ IUUQTLBOFJSKQ ϒϥ΢βଆ ᶃύεϫʔυ͸ ɹɹɹɹɹɹͰ͢ "C$E&G( ϢʔβʔID: taro ᶄϩάΠϯ͍ͨ͠Ͱ͢ ᶅόΧΊʂ ύεϫʔυ͸͍͍ͨͩͨʂ ωλόϥγͱ͔ ద౰ʹYahooʹඈ͹͢ͱ͔ Case 3: ࠮শ Α͘ࣅِͨαΠτʹΑΔ ϑΟογϯά࠮ٗ ʢ4.4Ͱಧ͘εύϜͱ͔Ͱ༠ಋ͞ΕΔʣ ࣅͯΔ͚Ͳ ͪΐͬͱҧ͏

ཧ૝ͷύεϫʔυ

ཧ૝ͷύεϫʔυ • ๣ड͞Εͯ΋େৎ෉ʢ๣ड͞Εͳ͍͜ͱ͸ظ଴Ͱ͖ͳ͍ʣ • ࿙Ӯ͞Εͯ΋େৎ෉ʢͲΜͳʹ஫ҙ͍ͯͯ͠΋࿙Ӯ͸͋Δʣ • ِαΠτʹ͸ೖྗͰ͖ͳ͍ʢ෺ཧతʹෆՄೳͰ͋ͬͯ΄͍͠ʣ

҉߸ͷྺ࢙͔Βੜ·Εͨ΋ͷ

ʲ2000೥Ҏ্ଓ͘ઓ૪ʳ҉߸ղಡͷྺ࢙ʲΏͬ͘Γղઆʳ https://youtu.be/Bt6wcDtANgw?t=1401

҉߸ͷੈքͰ΋ʮ伴όϨʯ͸௕Β͘՝୊ͩͬͨ • ҉߸͸։෧Ͱ͖ͳ͍ͱҙຯ͕ͳ͍ • ҉߸Խ͢Δ࣌ʹ࢖ͬͨΩʔϫʔυΛ෮߸͢Δ࣌ʹ΋࢖͏ • ͋ΔΩʔϫʔυΛ࢖ͬͯม׵දΛ࡞Γग़͢Πϝʔδ • ҉߸Խͱ෮߸ʹಉ͡ΩʔϫʔυΛ࢖͏ͷͰɺڞ௨伴ํࣜͱ͍͏ ɹڞ௨伴 ɹڞ௨伴 ૹ৴ऀ ड৴ऀ

ڞ௨伴ํࣜͷ՝୊ • ͦͷੑ্࣭ɺҰ౓͸ʮૹ৴ऀ͔Βड৴ऀʹΩʔϫʔυΛૹ৴͢Δʯͱ͍ ͏௨৴͕ߦΘΕΔͨΊɺ͜ΕΛ๣डɾڧୣ͞ΕΔͱ෮߸͠์୊ʹͳΔ

ެ։伴ํࣜͷ҉߸͸ϖΞͰ࡞Δ ɹެ։伴 ɹൿີ伴 伴Λͭ͘Δͧʂ ૬खʹ౉͢伴 伴ΛดΊΔͨΊͷ伴 ࡞੒ऀ͕࣋ͪଓ͚Δ伴 伴Λ։͚ΔͨΊͷ伴 ୭ʹ΋౉͞ͳ͍

ड৴ऀ͔͠։͚Δ͜ͱ͕Ͱ͖ͳ͍伴 • ࣄલʹૹ৴ऀʹެ։伴͚ͩΛૹ͓ͬͯ͘ • ૹ৴ऀ͸ެ։伴Ͱ҉߸Խͯ͠ड৴ऀʹૹΔ • ड৴ऀ͸ൿີ伴Ͱ෮߸͢Δ ૹ৴ऀ ड৴ऀ ɹެ։伴 ɹൿີ伴

ެ։伴ํࣜͷϝϦοτ • ެ։伴͸๣ड͞ΕΔલఏͰ࡞ΒΕ͍ͯΔ • ެ։伴Ͱ҉߸Խͨ͠σʔλ͸ެ։伴Ͱ͸։͚ΒΕͳ͍ • ൿີ伴͸Ұ౓΋ड৴ऀͷखΛ཭Εͨ͜ͱ͕ͳ͍ͷͰ๣ड͞Εͳ͍ • ҆શʹσʔλΛૹ৴Ͱ͖Δ ૹ৴ऀ ड৴ऀ ɹެ։伴 ɹൿີ伴

ެ։伴҉߸Ͱೝূ͢Δ ύεΩʔ

αΠϯΞοϓ αʔόʔଆ IUUQTLBOFJSPKQ ΞϓϦଆ ϢʔβʔID: taro ͜ΕͰΑΖ͘͠ Φοέʔ ύεΩʔ IUUQTLBOFJSPKQ *%OL[O!OL[OEFW ɹൿີ伴 *%OL[O!OL[OEFW ɹެ։伴 *%OL[O!OL[OEFW ɹެ։伴

αΠϯΠϯ αʔόʔଆ IUUQTLBOFJSPKQ ΞϓϦଆ ϢʔβʔID: taro ᶃ ϩάΠϯ͍ͨ͠Ͱ͢ ᶄ ҉߸ԽσʔλૹΔ͔Βൿີ伴Ͱ ͍͍ײ͡ʹ࠶ܭࢉͯ͠ૹΓฦͯ͠ ύεΩʔ IUUQTLBOFJSPKQ *%OL[O!OL[OEFW ɹൿີ伴 *%OL[O!OL[OEFW ɹެ։伴 ᶅ ܭࢉ݁ՌΛૹΔ ᶆ ݕࢉͨ͠ΒᶄͷσʔλΛಋ͚ͨͷͰ ܅͸taro͘ΜͩͶʂ

αΠϯΠϯͷ༷ࢠ εϚϗ΍PC͕ରԠ͍ͯ͠Δ৔߹͸ ࢦ໲ೝূ΍إೝূͰϩάΠϯ͢Δ

ίϯϐϡʔλؒͰڞ༗ ΫϥΠΞϯτίϯϐϡʔλʔ ύεϫʔυϚωʔδϟʔ ύεΩʔ IUUQTLBOFJSPKQ *%OL[O!OL[OEFW ɹൿີ伴 ΫϥΠΞϯτίϯϐϡʔλʔ` ύεϫʔυϚωʔδϟʔ ύεΩʔ IUUQTLBOFJSPKQ *%OL[O!OL[OEFW ɹൿີ伴 ύεϫʔυϚωʔδϟʔͷ ಉظઌͷΫϥ΢υ Ϋϥ΢υܦ༝Ͱ ൿີ伴͕ಉظ͞ΕΔ σόΠεؒͰൿີ伴͕ڞ༗͞ΕΔͷͰɺॴ༗͍ͯ͠ΔଞͷσόΠεͰ΋ϩάΠϯ͕༰қ

ηΩϡϦςΟ্ͷϝϦοτ αʔόʔଆ IUUQTLBOFJSPKQ ΞϓϦଆ ϢʔβʔID: taro ᶃ ϩάΠϯ͍ͨ͠Ͱ͢ ᶄ ҉߸ԽσʔλૹΔ͔Βൿີ伴Ͱ ͍͍ײ͡ʹ࠶ܭࢉͯ͠ૹΓฦͯ͠ ύεΩʔ IUUQTLBOFJSPKQ *%OL[O!OL[OEFW ɹൿີ伴 *%OL[O!OL[OEFW ɹެ։伴 ᶅ ܭࢉ݁ՌΛૹΔ ᶆ ݕࢉͨ͠ΒᶄͷσʔλΛಋ͚ͨͷͰ ܅͸taro͘ΜͩͶʂ ύεϫʔυΛೖྗ͠ͳ͍ʢ๣डରࡦʣ ਖ਼͍͠αΠτʹ͔͠ૹ৴Ͱ͖ͳ͍ʢ࠮শରࡦʣ ਖ਼͍͠αΠτͰ͔͠ܭࢉ͕੒ޭ͠ͳ͍ʢ࠮শରࡦʣ ܭࢉ݁Ռ͚ͩݟͯ΋Θ͚͕Θ͔Βͳ͍ʢ๣डରࡦʣ ࿙Ӯͯ͠΋ൿີ伴͕ͳ͍ͷͰ Կ΋Ͱ͖ͳ͍ʢ࿙Ӯରࡦʣ

ύεΩʔͷ׆༻ࣄྫ

݁ߏ਎ۙʹͳ͖ͬͯ·ͨ͠

ύεΩʔ࢖͍ͬͯ͜͏ͳ