Slide 1
Slide 1 text
ύεΩʔʹ͍ͭͯ
ࠓ࣌ͷ͕͍ͬͯΔ͜ͱ
Niigata 5 Tech #6
Yukiya Nakagawa a.k.a Nkzn / 2024.3.29
Slide 2
Slide 2 text
Who am I
• ͳ͔͕ΘΏ͖ / ͳ͔͟Μʢ@Nkznʣ
• גࣜձࣾϞχΫϧͰʮ͘Β͠ͱ͓ۚͷࣾձ՝Λղܾ͢Δʯ֤छࣄۀ
ͷΠϯϋε։ൃʹՃ୲͍ͯ͠·͢
• ٕज़ॻయ։ൃνʔϜͬͯ·͢
• ΩϟογϡϨεܾࡁΞϓϦͱWebϑϩϯτΤϯυ
Slide 3
Slide 3 text
ύεΩʔීٴ͖ͯ͠·ͨ͠Ͷ
Slide 4
Slide 4 text
ύεΩʔͬͯ·͔͢ʁ
Slide 5
Slide 5 text
ύεΩʔ࣮ͯ͠·͔͢ʁ
Slide 6
Slide 6 text
࠷࣮ۙͯ͠·͢
• ٕज़ॻయWebͷύεΩʔϩάΠϯΛ࣮த
• ۙʑϦϦʔε༧ఆͳͷͰָ͓͠Έʹ
• ͓͔͛͞·Ͱղ૾͕ΓΓ্͕͖ͬͯͨ
※ UIมΘΔՄೳੑ͕͋Γ·͢
Slide 7
Slide 7 text
·ͩษڧதͰ͕͢
಄ͷதͷཧʹ͓͖߹͍͍ͩ͘͞
Slide 8
Slide 8 text
ύεΩʔͷ
͋Δଆ໘ᶃ
• ϩάΠϯ࣌ެ։伴҉߸ͰຊਓੑΛ֬
ೝ͢Εɺαʔόʔ͔Βެ։伴͚ͩྲྀ
ग़ͯ͠ා͘ͳ͍͠࠷ߴ͡ΌͶʁ
• ϦΫΤετઌͷυϝΠϯͱηοτͰ
ൿີ伴Λอ͓͚ͯ͠ɺِυϝΠϯ
ͰϑΟογϯάαΠτΛ࡞ͬͯਅυ
ϝΠϯͷൿີ伴͕ΘΕΔ͜ͱͳ
͍͔Β࠷ߴ͡ΌͶʁ
αʔόʔίϯϐϡʔλʔ
IUUQTBVUIFYBNQMFDPN
ΫϥΠΞϯτίϯϐϡʔλʔ
*%OL[O!OL[OEFW
ɹެ։伴
IUUQTBVUIFYBNQMFDPN
*%OL[O!OL[OEFW
ɹൿີ伴
ϩάΠϯϦΫΤετ
ͷຊจ
IDͱॺ໊σʔλΛ
ຒΊࠐΉ
ϩάΠϯϦΫΤετΛߦ͏
ॺ໊σʔλΛݕূ͢Δ
ޭͨ͠Β
*%ͷຊਓੑ͕֬ೝͰ͖Δ
͜ͷαΠτͷϦΫΤετ͔࣌͠
औΓग़ͤͳ͍
Slide 9
Slide 9 text
ύεΩʔͷ
͋Δଆ໘ᶄ
• ൿີ伴ͷར༻ʹೝূثʹΑΔೝূ͕
ඞཁ
• ࠷Ͱॴ༗ೝূ͕গͳ͍ૢ࡞ͰߦΘ
ΕΔ
• Touch IDΛͬͨ߹ಉ࣌ʹੜମ
ೝূߦΘΕΔ
• ૢ࡞ͱͯ͠1ճͳͷͰ؆୯͔ͭૣ͍
ΫϥΠΞϯτίϯϐϡʔλʔ
IUUQTBVUIFYBNQMFDPN
*%OL[O!OL[OEFW
ɹൿີ伴
ϩάΠϯϦΫΤετ
ͷຊจ
ೝূث
ผͷεϚϗͰ
QRίʔυΛಡΈऔΔ
Touch ID
ൿີ伴ͷొɾಡΈग़͠ʹ
ೝূثʹΑΔೝূ͕ඞཁ
ηΩϡϦςΟΩʔ
Slide 10
Slide 10 text
ύεΩʔͷ͋Δଆ໘ᶅ
ΫϥΠΞϯτίϯϐϡʔλʔ
ύεϫʔυϚωʔδϟʔ
ύεΩʔ
IUUQTBVUIFYBNQMFDPN
*%OL[O!OL[OEFW
ɹൿີ伴
ΫϥΠΞϯτίϯϐϡʔλʔ`
ύεϫʔυϚωʔδϟʔ
ύεΩʔ
IUUQTBVUIFYBNQMFDPN
*%OL[O!OL[OEFW
ɹൿີ伴
ύεϫʔυϚωʔδϟʔͷ
ಉظઌͷΫϥυ
Ϋϥυܦ༝Ͱ
ൿີ伴͕ಉظ͞ΕΔ
σόΠεؒͰൿີ伴͕ڞ༗͞ΕΔͷͰɺॴ༗͍ͯ͠ΔଞͷσόΠεͰϩάΠϯ͕༰қ
Slide 11
Slide 11 text
ύεΩʔͷ͋Δଆ໘ᶅ
• ҟͳΔύεϫʔυϚωʔδϟʔಉ࢜ͰͷύεΩʔͷڞ༗αϙʔτ͞Ε͍ͯͳ͍
• GoogleύεϫʔυϚωʔδϟʔAndroidͱChromeͷύεΩʔ͚ͩΛڞ༗͢Δ
• iCloudΩʔνΣʔϯiOSܥͱmacOSͱSafariͷύεΩʔ͚ͩΛڞ༗͢Δ
• Microsoft AuthenticatorWindowsͷύεΩʔ͚ͩΛڞ༗͢Δ
• αʔυύʔςΟͷύεϫʔυϚωʔδϟʔϓϥοτϑΥʔϜΛލ͍Ͱڞ༗͢Δ
• 1 Password1 PasswordΛར༻͢ΔՄೳͳݶΓͷϓϥοτϑΥʔϜύεΩʔΛ
ڞ༗͢Δ
Slide 12
Slide 12 text
伴ൃߦͱ
ೝূث
• FIDOΞϥΠΞϯε͔ΒೝఆΛ
ड͚ͨೝূث (Authenticator)
Ͱ伴Λൃߦ͢Δ
• Ͳ͜ͷύεϫʔυϚωʔ
δϟʔʹొ͢Δ͔Ϣʔ
βʔ͕બΔ
ɹΫϥΠΞϯτίϯϐϡʔλʔ
ೝূث
ύεΩʔ
IUUQTBVUIFYBNQMFDPN
*%OL[O!OL[OEFW
ɹൿີ伴
*%OL[O!OL[OEFW
ɹެ։伴
αʔόʔʹૹΔ
navigator.credentials.create()
Slide 13
Slide 13 text
FIDO2
• ϩάΠϯϦΫΤετͷϖΠϩʔυͷϑΥʔϚοτॺ໊ํ๏ɺೝূث
ͷن֨ϫʔΫϑϩʔͳͲ͕ϓϥοτϑΥʔϜ͝ͱʹ·ͪ·ͪͩͱࠔ
ΔͷͰɺFIDOΞϥΠΞϯε͕ඪ४Խͨ͠
• ओͳ༁࣍ͷ2ͭ
• W3C Web Authentication (WebAuthn)
• Client-to-Authenticator Protocols (CTAP)
Slide 14
Slide 14 text
ೝূͷUIΛදࣔ͢Δํ๏
ϘλϯͰ࢝ΊΔ
ʢmediation: “required”ʣ
ϑΥʔϜͷIDཝͰ࢝ΊΔ
ʢmediation: “conditional”ʣ
navigator.credentials.get() Λݺͼग़͢
ʢࣄલʹͱ͔ࠐΜͰ͓͘ʣ
Slide 15
Slide 15 text
αʔόʔαΠυͷ
• αʔόʔͷׂͱͯ࣍͠ͷ2ͭͱͳΔ
• navigator.credentials.get() ʹ͢ύϥϝʔλͷൃߦ
• navigator.credentials.get() Ͱॺ໊͞Εͨ݁ՌΛड͚औͬͯݕূ͢Δ
• 1ճͷϩάΠϯͰ navigator.credentials.get() ͷલޙʹ1ճͣͭαʔόʔʹϦΫΤετ͢Δ͜ͱʹͳΔ
• ύεϫʔυΛ֬ೝ͢ΔͷͱൺΕΔ͔ʹ͍͠ͷͰɺࣗલͰ࣮Ͱ͖ͳ͍ਓଟͦ͏
• IDaaSͷରԠ͕ਐΉͱύεΩʔ͕ීٴ͍͖ͯͦ͠͏
• Auth0, Okta, GMOτϥετϩάΠϯ, StartInͳͲɺύεΩʔରԠΛՎ͏IDaaS૿͖͍͑ͯͯΔ
• Firebase AuthenticationH1 2024ʹϓϨϏϡʔ൛͕ग़Δ͔
Slide 16
Slide 16 text
WebAuthn
• σϞαΠτ: https://webauthn.io/
Slide 17
Slide 17 text
ࢀߟจݙ
• https://goo.gle/passkeys
• https://
fi
doalliance.org/speci
fi
cations/
• https://
fi
doalliance.org/
fi
do2-2/
fi
do2-web-authentication-webauthn/
• https://webauthn.io/
• https://blog.agektmr.com/2019/03/
fi
do-webauthn
• https://blog.agektmr.com/2022/12/passkey
• https://blog.agektmr.com/2023/12/passkey-mythbusting
• https://
fi
rebase.uservoice.com/forums/948424-general/suggestions/46647016-support-authentication-
with-passkeys
• https://moneyforward-dev.jp/entry/2023/04/05/134721