Slide 1
Slide 1 text
ϚωʔϑΥϫʔυͷ
ೝূج൫ͷ͜Ε·Ͱ
ͱ͜Ε͔Β
גࣜձࣾϚωʔϑΥϫʔυ
@nhosoya
ࡉ୩थ
2023-01-19
Slide 2
Slide 2 text
@nhosoya ʢࡉ୩थʣ
גࣜձࣾϚωʔϑΥϫʔυ
IDαʔϏε։ൃ෦
2015 -
ϚωʔϑΥϫʔυMEͷ։ൃ
ʢAndroid/Rails/EMͬΆ͍ͳʹ͔ʣ
2018 - ݱࡏ
ೝূج൫ͷ։ൃ <- ࠓ͜ͷ
2
Slide 3
Slide 3 text
ϚωʔϑΥϫʔυͷαʔϏε
3
Slide 4
Slide 4 text
͜͜ʹςΩετ͕ೖΓ·͢͜͜ʹςΩετ͕
͜͜ʹςΩετ͕ೖΓ·͢͜͜ʹςΩετ͕
͜͜ʹςΩετ͕ೖΓ·͢͜͜ʹςΩετ͕
͜͜ʹςΩετ͕ೖΓ·͢͜͜ʹςΩετ͕
4
Slide 5
Slide 5 text
1ͭͷIDͰͯ͢ͷαʔϏεΛར༻Մೳ
31T
*E1 01
5
Slide 6
Slide 6 text
વɺ࠷ॳ͔Β͜͏ͳ͍ͬͯͨΘ͚Ͱͳ͍
6
Slide 7
Slide 7 text
2012
ϚωʔϑΥϫʔυ ME ϦϦʔε
7
Slide 8
Slide 8 text
1App 1DBͷγϯϓϧͳߏ
- ΞΧϯτ(ID/PW)
- ۚ༥ػؔͳͲ͔Βऔಘͨ͠ใ
- ͳͲͳͲ
8
Slide 9
Slide 9 text
2013
Ϋϥυձܭɾ֬ఆਃࠂ ϦϦʔε
9
Slide 10
Slide 10 text
ՈܭͷσʔλΛ֬ఆਃࠂͰ׆༻͍ͨ͠
10
Slide 11
Slide 11 text
ڞ༗͞ΕΔσʔλϕʔε
- ۚ༥ػؔͳͲ͔Βऔಘͨ͠ใ
- ՈܭαʔϏεͷΈ͕ར༻͢Δ
σʔλ
- ΞΧϯτใ (ID/PW)
- ձܭɾ֬ఆਃࠂαʔϏεͷΈ͕
ར༻͢Δσʔλ
11
Slide 12
Slide 12 text
2014
Ϋϥυٻॻ
2015
Ϋϥυڅ༩
ΫϥυϚΠφϯόʔ
2016
Ϋϥυܦඅ
12
Slide 13
Slide 13 text
ਐΉີ݁߹
- ΞΧϯτใ (ID/PW)
- ۚ༥ػؔͳͲ͔Βऔಘͨ͠ใ
- ՈܭαʔϏεͷΈ͕ར༻͢Δ
σʔλ
- ϚωʔϑΥʔϫʔυΫϥυͷ
αʔϏε͕ڞ௨Ͱར༻͢Δσʔλ
13
Slide 14
Slide 14 text
͜ͷͱ͖ͳʹ͕ى͖͍͔ͯͨ
සൃ͢Δো
ɾDBͷੑೳ
ɾεϩʔΫΤϦҰൃͰ
શαʔϏε͕োʹͳΔ
ɾڞ༗ϥΠϒϥϦͰޓੑ
Λอͭඞཁ͕͋Δ
ɾΫϥυαʔϏεΛ͑
ͳ͍
ɾӨڹ͕શαʔϏεʹٴͿ
ͷͰख͕ग़ͮ͠Β͍
ɾಉҰIDͰ͋Δ͜ͱΛ׆͔
ͤͳ͍
։ൃͷ੍ ਐԽ͠ͳ͍ೝূ
14
Slide 15
Slide 15 text
2018
ೝূج൫ͷ։ൃ։࢝
15
Slide 16
Slide 16 text
Ͳ͏ղܾ͢Δ
DBͷґଘΛ
ݮΒ͢
WebAPI ͷΈͰ
ΓऔΓ
ิॿͰͳ͘
ҕৡͯ͠Β͏
16
Slide 17
Slide 17 text
*%τʔΫϯͷऔಘͱݕূ
ೝূ
17
Slide 18
Slide 18 text
OpenID Connect ͷϝϦοτ
• ඪ४༷Ͱ͋Δ
• ηΩϡϦςΟݒ೦͕গͳ͍
• OSS͕ར༻Ͱ͖ΔʢΫϥΠΞϯτࢹʣ
• RESTful ͳ Web API ͷΈͰͷΓऔΓ
• ݴޠɺΠϯϑϥͱʹαʔϏεଆͷ੍͕ͳ͍
• IdP ଆͷ։ൃͷΈͰೝূڧԽ͕Մೳ
• ೝূॲཧࣗମ IdP ଆͷυϝΠϯͷΈͰߦΘΕΔ
18
Slide 19
Slide 19 text
େมͩͬͨ͜ͱ
• ༷ͷཧղɾղऍ͕͍͠
• Ͳ͏࡞Δ͔
• طଘαʔϏεͷ IdP ରԠ
19
Slide 20
Slide 20 text
༷ͷཧղɾղऍ͕͍͠
• ؔ࿈༷͕ଟ͍…
• Φϓγϣφϧ͕ଟ͍…
• IdP Λ࡞ΔͨΊʹඞཁͳ༷͕ͯ͢ࡌ͍ͬͯΔΘ͚Ͱͳ͍
→ OpenID Foundation Japan ͷ૬ஊ
→ ΤΩεύʔτͰ͋Δ @nov ͞ΜΛٕज़ސͱܴͯ͑͠Δʢͷͪೖࣾʣ
20
Slide 21
Slide 21 text
ࣗ࡞ / IDaaS / Managed
• طଘσʔλͷҠߦཁ݅
• ϕϯμʔϩοΫΠϯͷෆ҆
• ྉۚʹݟ߹͏ͷ͔
→ OSSϥΠϒϥϦΛͬͯࣗ࡞
ʢݸਓతʹΊͪΌͪ͘Όྑ͍ܦݧʹͳͬͨɻ4͘Β͍େ͖ͳͳ͘ӡ༻Ͱ͖͍ͯΔɻ
͚Ͳ͔ͳΓޭόΠΞεɻຊʹθϩ͔ΒΔͳΒ IDaaS ͬͯΈ͍ͨɻʣ
21
Slide 22
Slide 22 text
طଘαʔϏεͷ IdP ରԠ
• ঢ়گ
• ։ൃ։࢝࣌Ͱ7ͭͷαʔϏε͕ӡ༻த
• ৽ن2αʔϏεʢIdP ར༻લఏͰ։ൃʣϦϦʔεؒۙ
• ϏοάόϯϦϦʔεૣʑʹఘΊΔ
• IdP ͕ڞ௨DB Λར༻͢Δ͜ͱͰޓੑΛอͭ͜ͱʹͨ͠
22
Slide 23
Slide 23 text
ཧDBͷڞ༗͕ͳ͍ੈք
23
Slide 24
Slide 24 text
IdP͕ڞ༗DBʹใΛಉظ͢Δ
24
Slide 25
Slide 25 text
201812݄
ೝূج൫ͷϦϦʔε
25
Slide 26
Slide 26 text
ଓ͘৽نαʔϏε
2020
ϚωʔϑΥϫʔυ ͓ۚͷ૬ஊ
ϚωʔϑΥϫʔυ ΫϥυձܭPlus
ϚωʔϑΥϫʔυ ࣾձอݥ
ϚωʔϑΥϫʔυ ։ۀಧ
2021
ϚωʔϑΥϫʔυ Ϋϥυ࠴ࢧ
ϚωʔϑΥϫʔυ Ϋϥυܖ
ϚωʔϑΥϫʔυ ΫϥυٻॻPlus
ϚωʔϑΥϫʔυ Ϋϥυݻఆࢿ࢈
ϚωʔϑΥϫʔυ Ϋϥυਓࣄཧ
ϚωʔϑΥϫʔυ Ϋϥυௐ
ϚωʔϑΥϫʔυ ITཧΫϥυ
ϚωʔϑΥϫʔυ Pay for Business
26
Slide 27
Slide 27 text
1ͭͷIDͰͯ͢ͷαʔϏεΛར༻Մೳ
27
Slide 28
Slide 28 text
ϦϦʔε͔ͯ͠ΒԿͬͯͨͷʁ
28
Slide 29
Slide 29 text
1. طଘαʔϏεͷҠߦαϙʔτ
ɹɾશαʔϏε͕ͬͨͷ2020͘Β͍
29
Slide 30
Slide 30 text
2. ೝূڧԽ
ɹɾ2FA (TOTP/SMS)
ɹɾSign in with Apple
ɹɾϩάΠϯ௨
ɹɾύεϫʔυϙϦγʔมߋ
ɹɾύεϫʔυڧϝʔλʔ
ɹɾWebAuthn/Passkey
30
Slide 31
Slide 31 text
3. UX্ɺCVR্
ɹɾલճͷϩάΠϯํ๏ͷهԱ
ɹɾαʔϏεؒͷSSO
ɹɾB2C/B2B ʹ߹ΘͤͨΧελϚΠζ
ɹɾݸผͷ RP ʹ߹ΘͤͨΧελϚΠζ
31
Slide 32
Slide 32 text
4. ΤϯλʔϓϥΠζରԠ
ɹɾ৫ཧΞΧϯτ
ɹɾSAML
32
Slide 33
Slide 33 text
5. ͦͷଞݸผχʔζͷରԠ
ɹɾi18nʢӳޠʣ
33
Slide 34
Slide 34 text
6. IDج൫ࣗମͷΞʔΩςΫνϟվળ
ɹɾSakura -> AWS
ɹɾk8s
34
Slide 35
Slide 35 text
ࠓޙͳʹ͍͔ͬͯ͘
35
Slide 36
Slide 36 text
WebAuthn/Passkey ͷνϟϨϯδ
ɹɾ࣮ࡁΈ͕ͩར༻ଅਐ͍ͯ͠ͳ͍
ɹɾAutofill ͷಋೖ
ɹɾదͳλΠϛϯάͰͷొͷ༠ಋ
ɹɾ”ύεϫʔυϨε” ͷఏڙ
36
Slide 37
Slide 37 text
ΞΧϯτϦΧόϦͷվળ
37
Slide 38
Slide 38 text
αʔϏεͷಛੑίϯςΩετʹ߹Θͤͨ
ॊೈͳೝূͷఏڙ
38
Slide 39
Slide 39 text
ୀձ·ΘΓͷ Bad UX վળ
ɹɾαʔϏεͷୀձͱIdPͷୀձͷѻ͍
ɹɾҰՕॴͰશ෦ୀձ͍͕ͤͨ͞…
39
Slide 40
Slide 40 text
άϧʔϓձࣾͷαʔϏεͱͷID౷߹
40
Slide 41
Slide 41 text
3rd Party ͷ։์
41
Slide 42
Slide 42 text
Pull ͔Β Publish (Push)
RISCͷΑ͏ͳΓํͰ
https://openid.net/specs/openid-risc-profile-specification-1_0.html
https://developers.google.com/identity/protocols/risc
42
Slide 43
Slide 43 text
ϚϧνΞΧϯτɺϚϧνηογϣϯ
͜Μͳݴ༿͕͋Δ͔Θ͔ΒΜ͚ͲɺGoogle
Έ͍ͨʹΓସ͑
ݸਓͱձࣾͰΞΧϯτΛ͍͚Δਓ͚
43
Slide 44
Slide 44 text
ڞ༗ΞΧϯτʁ
44
Slide 45
Slide 45 text
ΞΫηείϯτϩʔϧ
45
Slide 46
Slide 46 text
Thank you!
46