Slide 1

Slide 1 text

Copyright © 2019 OPTiM Corp. All Rights Reserved. 1 . 2 / 0// 2 CAI D

Slide 2

Slide 2 text

Copyright © 2019 OPTiM Corp. All Rights Reserved. 2 p Yuu Kikuchi p Works at OPTiM Inc. (2014 ~) p Engineer at Platform business division p in OPTiM... • OPTiM Store (2016 ~) • OPTiM Cloud IoT OS/LANDLOG (2017 ~) p in OIDF-J… • Enterprise Identity WG Phase 3 (2016 ~) • KYC WG (2019 ~)

Slide 3

Slide 3 text

Copyright © 2019 OPTiM Corp. All Rights Reserved. 3 p SaaS Marketplace p O S p T M P

Slide 4

Slide 4 text

Copyright © 2019 OPTiM Corp. All Rights Reserved. 4 p AI/IoT M (PaaS) p P S O p (LANDLOG) T (AGRI EARTH) I C M

Slide 5

Slide 5 text

Copyright © 2019 OPTiM Corp. All Rights Reserved. 5 ( ) / (

Slide 6

Slide 6 text

Copyright © 2019 OPTiM Corp. All Rights Reserved. 6 I T p IoT Platform o S u p O I C C p Microservice Architecture C p OAuth Resource Server l • Access Token C d

Slide 7

Slide 7 text

Copyright © 2019 OPTiM Corp. All Rights Reserved. 7 p Shared Database • Authorization Server Resource Server Access Token e • eDB k S p Token Introspection • Access Token T R T Authorization Server • Authorization Server k p Formatted Access Token • Access Token A • Resource Server Access Token Resource Server k c S

Slide 8

Slide 8 text

Copyright © 2019 OPTiM Corp. All Rights Reserved. 8

Slide 9

Slide 9 text

Copyright © 2019 OPTiM Corp. All Rights Reserved. 9

Slide 10

Slide 10 text

Copyright © 2019 OPTiM Corp. All Rights Reserved. 10 JSON Web Token

Slide 11

Slide 11 text

Copyright © 2019 OPTiM Corp. All Rights Reserved. 11

Slide 12

Slide 12 text

Copyright © 2019 OPTiM Corp. All Rights Reserved. 12 OAuth 2.0Access TokenJSON Web Token(JSON Web Signature) - r-weblife (http://d.hatena.ne.jp/ritou/20140927/1411811648)

Slide 13

Slide 13 text

Copyright © 2019 OPTiM Corp. All Rights Reserved. 20 B p $!&'+57;#<4@=/6 OAuth PKCE (RFC7636) A3 p Device 57;08JWT Profile for OAuth 2.0 Client Authentication (RFC7523) A3 p '* "%(?9'+1 ,-.)D OpenID Connect Session Management A3 • :'+2C iOS 12 (ITP2.0) >

Slide 14

Slide 14 text

Copyright © 2019 OPTiM Corp. All Rights Reserved. 21 ( ( ) (

Slide 15

Slide 15 text

Copyright © 2019 OPTiM Corp. All Rights Reserved. 22 P S p SaaS Marketplace o • SaaS Marketplace T e • ID i p OPTiM Store • API t ”Contract API” • r M P SO ”SCIM API” • IDaaS Single-Sign On “OpenID Connect"

Slide 16

Slide 16 text

Copyright © 2019 OPTiM Corp. All Rights Reserved. 23 OPTiM Store API Docs (https://optim-corp.github.io/optim_store_api_docs/)

Slide 17

Slide 17 text

Copyright © 2019 OPTiM Corp. All Rights Reserved. 24 3ϥΠηϯεߪೖ 3ϥΠηϯεߪೖ ςφϯτ४උ׬ྃ ςφϯτ࡞੒ SCIM ॳظઃఆ OIDC ॳظઃఆ ϥΠηϯεߪೖ׬ྃ ϥΠηϯε෇༩ (3ਓ෼) ΞΧ΢ϯτ࡞੒ End User ʹ Push ௨஌

Slide 18

Slide 18 text

Copyright © 2019 OPTiM Corp. All Rights Reserved. 25 p CP JWT RP • RSA JWK p RP JWT I • RSA A • JWK

Slide 19

Slide 19 text

Copyright © 2019 OPTiM Corp. All Rights Reserved. 26 ) ( (

Slide 20

Slide 20 text

Copyright © 2019 OPTiM Corp. All Rights Reserved. 27 () ( (

Slide 21

Slide 21 text

Copyright © 2019 OPTiM Corp. All Rights Reserved. 28 ) ( ) (

Slide 22

Slide 22 text

Copyright © 2019 OPTiM Corp. All Rights Reserved. 29 3ϥΠηϯεߪೖ 3ϥΠηϯεߪೖ ςφϯτ४උ׬ྃ ςφϯτ࡞੒ SCIM ॳظઃఆ OIDC ॳظઃఆ ϥΠηϯεߪೖ׬ྃ ϥΠηϯε෇༩ (3ਓ෼) ΞΧ΢ϯτ࡞੒ End User ʹ Push ௨஌

Slide 23

Slide 23 text

Copyright © 2019 OPTiM Corp. All Rights Reserved. 30 p Contract API M JWT RP C • Payload SCIM Client A p RP I P OAuth Client

Slide 24

Slide 24 text

Copyright © 2019 OPTiM Corp. All Rights Reserved. 31 Request Response JWT Payload

Slide 25

Slide 25 text

Copyright © 2019 OPTiM Corp. All Rights Reserved. 32 3ϥΠηϯεߪೖ 3ϥΠηϯεߪೖ ςφϯτ४උ׬ྃ ςφϯτ࡞੒ SCIM ॳظઃఆ OIDC ॳظઃఆ ϥΠηϯεߪೖ׬ྃ ϥΠηϯε෇༩ (3ਓ෼) ΞΧ΢ϯτ࡞੒ End User ʹ Push ௨஌

Slide 26

Slide 26 text

Copyright © 2019 OPTiM Corp. All Rights Reserved. 33 p Contract API IA IAD JWT IdP p IdP IA OpenID Connect Client • OpenID Connect / OAuth 2.0 Dynamic Client Registration C

Slide 27

Slide 27 text

Copyright © 2019 OPTiM Corp. All Rights Reserved. 34 Request Response JWT Payload

Slide 28

Slide 28 text

Copyright © 2019 OPTiM Corp. All Rights Reserved. 35 3ϥΠηϯεߪೖ 3ϥΠηϯεߪೖ ςφϯτ४උ׬ྃ ςφϯτ࡞੒ SCIM ॳظઃఆ OIDC ॳظઃఆ ϥΠηϯεߪೖ׬ྃ ϥΠηϯε෇༩ (3ਓ෼) ΞΧ΢ϯτ࡞੒ End User ʹ Push ௨஌ SCIM

Slide 29

Slide 29 text

Copyright © 2019 OPTiM Corp. All Rights Reserved. 36

Slide 30

Slide 30 text

Copyright © 2019 OPTiM Corp. All Rights Reserved. 40 GR_ p OAuth Client / OIDC RP UX[ab W< • 3(16,58./,58ZEEQ `C>: • (BackendM ) &).-2)8%Cookie^! • 7*&'2%DF" H!AS #! • ">NIdP ./,58%=9LB] • PKCE code_challenge %J?IC>: p @\ ;$JWT iat/exp JPT+- >? • " IaaS ,-04@O KWYVF

Slide 31

Slide 31 text

Copyright © 2019 OPTiM Corp. All Rights Reserved. 41 dear Connect

Slide 32

Slide 32 text

Copyright © 2019 OPTiM Corp. All Rights Reserved. 42