WebAuthn/FIDOのUX徹底解説 ~実サービスへの導入イメージを添えて~ / builderscon tokyo 2019 ritou

658c29959d8a9fd352afa440a5813137?s=47 ritou
August 30, 2019

WebAuthn/FIDOのUX徹底解説 ~実サービスへの導入イメージを添えて~ / builderscon tokyo 2019 ritou

658c29959d8a9fd352afa440a5813137?s=128

ritou

August 30, 2019
Tweet

Transcript

  1. WebAuthn/FIDOͷUXపఈղઆ ~࣮αʔϏε΁ͷಋೖΠϝʔδΛఴ͑ͯ~ ͍ͱ͏Γΐ͏!SJUPV  CVJMEFSTDPOUPLZP

  2. ͍ͱ͏Γΐ͏ • (ג)ϛΫγΟ ΤϯδχΞ - Identity / Platform / Payment?

    • OpenID ϑΝ΢ϯσʔγϣϯɾδϟύϯ ΤόϯδΣϦετ • Blog : ritou.hatenablog.com • Twitter : @ritou (ळాͷೣ) • ˌidcon, #iddance !2
  3. WebAuthnؔ࿈ͷൃද !3 https://speakerdeck.com/ritou

  4. ຊ୊ͷલʹ • ࠓ࢖ΘΕ͍ͯΔϢʔβʔೝূ • FIDO/WebAuthn֓ཁ !4

  5. ύεϫʔυೝূ • ஌ࣝ৘ใ (SYK:Something You Know) Λར༻ • ཁ͕݅ຬͨ͞ΕΔͳΒ͹ࢸߴͷೝূํࣜ •

    Ϣʔβʔ • αʔϏε !5
  6. ύεϫʔυೝূʹ͓͚Δཁ݅ • Ϣʔβʔ • ਪଌෆՄೳͳจࣈྻΛੜ੒ • αʔϏεຖʹҟͳΔจࣈྻΛ؅ཧ • ֘౰αʔϏεʹͷΈೖྗ !6

  7. ύεϫʔυೝূͷݱঢ় • Ϣʔβʔ • ਪଌෆՄೳͳจࣈྻΛੜ੒ -> ؆୯ɺਪଌՄೳ • αʔϏεຖʹҟͳΔจࣈྻΛ؅ཧ ->

    ࢖͍ճ͠ • ֘౰αʔϏεʹͷΈೖྗ -> ॊೈͳରԠ !7
  8. ύεϫʔυೝূʹ͓͚Δཁ݅ • αʔϏε • ਪଌෆՄೳͳจࣈྻΛڐ༰ • ύεϫʔυΛ҆શʹ؅ཧ • ༷ʑͳڴҖ΁ͷରࡦ !8

  9. ύεϫʔυೝূͷݱঢ় • αʔϏε • ਪଌෆՄೳͳจࣈྻΛڐ༰ -> ӳ਺࠷େ8จࣈ • ύεϫʔυΛ҆શʹ؅ཧ ->

    ͦͷ··อଘ/࿙Ӯ • ༷ʑͳڴҖ΁ͷରࡦ -> Ϧετ߈ܸରࡦͳͲ !9
  10. ύεϫʔυೝূͷݱঢ় • ͲͪΒ΋ཁ݅Λຬ͍ͨͯ͠ͳ͍ • ݪҼ͸ਓྨͷεϖοΫෆ଍(1೥ͿΓ2ճ໨) !10

  11. ύεϫʔυೝূͷݱঢ় • Ϣʔβʔ͸ϋʔυ/ιϑτ΢ΣΞͷαϙʔτ͕ඞཁ • ύεϫʔυೖྗΦϖϨʔλͱͯ͠΋༏लͰ͸ͳ͍ • αʔϏεͷίετ΋όΧʹͳΒͳ͍ • Ϧετ߈ܸରࡦ͸Πλνͬ͜͝ʹʁ •

    ໌Δ͍ະདྷ͕ݟ͑ͳ͍ೝূํࣜɺ΍ΊͪΌ͑͹ʁ !11
  12. ࣍ͷҰख • 2(ஈ֊|ཁૉ)ೝূͱݺ͹ΕΔ௥Ճೝূ • ϫϯλΠϜύεϫʔυ • खݩͷεϚϗ/σόΠεͰڐՄ !12

  13. ϫϯλΠϜύεϫʔυೝূ • ϫϯλΠϜύεϫʔυΛར༻ • ϝʔϧ/SMSʹΑΓ഑ૹ • ιϑτ/ϋʔυ΢ΣΞͰੜ੒ • όοΫΞοϓίʔυ͔Β !13

  14. ϫϯλΠϜύεϫʔυೝূͷΩϞ • ϫϯλΠϜύεϫʔυΛར༻ • ϝʔϧ/SMSʹΑΓ഑ૹ -> ௨৴࿏ͱૹड৴ • ιϑτ/ϋʔυ΢ΣΞͰੜ੒ ->

    伴ͷ؅ཧ • όοΫΞοϓίʔυ͔Β -> ίʔυҰཡͷ؅ཧ !14
  15. ϫϯλΠϜύεϫʔυೝূͷΩϞ • ϫϯλΠϜύεϫʔυΛར༻ (※ࣗಈೖྗ΋͋Γ) • ϝʔϧ/SMSʹΑΓ഑ૹ -> Ϣʔβʔ͕ೖྗ • ιϑτ/ϋʔυ΢ΣΞͰੜ੒

    -> Ϣʔβʔ͕ೖྗ • όοΫΞοϓίʔυ͔Β -> Ϣʔβʔ͕ೖྗ !15
  16. ϫϯλΠϜύεϫʔυͱ ϑΟογϯά߈ܸ !16 ϑΟογϯάϝʔϧɺ ϝοηʔδ ϑΟογϯάαΠτ ʢFYBNQMFJOGPʣ ਖ਼نͷαΠτ FYBNQMFDPN *%ύεϫʔυ

     ϫϯλΠϜ ύεϫʔυ औಘͨ͠ *%ύεϫʔυ  ϫϯλΠϜ ύεϫʔυ
  17. खݩͷσόΠεͰڐՄ • खݩͷσόΠεʹ௨஌ • ϩοΫղআͱ૊Έ߹Θͤ • σόΠε΍ઐ༻ΞϓϦ΁ͷ ϓογϡͳͲͰ࣮ݱ !17

  18. ௥ՃೝূͷޮՌ • ϫϯλΠϜύεϫʔυ • ϑΟογϯάαΠτ͕ಉظతʹਖ਼نͷαΠτʹΞΫ ηε͢ΔͱೝূΛಥഁ͞ΕΔՄೳੑ΋ • खݩͷσόΠεͰڐՄ • ͳΜͰ΋͔ΜͰ΋ڐՄͨ͠ΒNG

    • ϑΟογϯάαΠτ͕ಉظతʹਖ਼نͷαΠτʹΞΫ ηε͢Δͱؾ෇͔ͳ͍ͰڐՄͯ͠͠·͏Մೳੑ΋ !18
  19. FIDO / WebAuthn ֓ཁ

  20. FIDO(First IDentity Online) • ϩʔΧϧೝূΛར༻ • ύεϫʔυ΍ੜମ৘ใ͕௨৴࿏ΛྲྀΕͳ͍ • (ੜମೝূʹݶΒͣ)༷ʑͳೝূํࣜͱͷ૊Έ߹Θͤ ͕Մೳ

    • ެ։伴҉߸ํࣜΛ༻͍ͨ̎ͭͷػೳ • ొ࿥ : ॺ໊ͱެ։伴৘ใΛૹ৴ • ೝূ : ॺ໊Λૹ৴ !20
  21. FIDOͷϢʔεέʔε !21 • ύεϫʔυϨεೝূͱͯ͠ (ॴ࣋+ϩʔΧϧೝূ) • ௥Ճೝূͱͯ͠ (ॴ࣋) • ࠶ೝূͷํ๏ͱͯ͠

  22. FIDO2 Project • FIDO2 : WebΞϓϦέʔγϣϯ͔Β΋FIDO • WebAuthn (Web Authentication

    API) • FIDOΛར༻͢ΔαʔϏε͕ݺͼग़͢ JavaScript API • CTAP (Client To Authenticator Protocol) • ηΩϡϦςΟΩʔͱ΍ΓͱΓ͢ΔͨΊͷ࢓༷ • ϒϥ΢β͕࣮૷ !22
  23. WebAuthn(WebAuthentication API) • 2019/3/4 W3Cקࠂ https://www.w3.org/TR/ webauthn/ • ఆٛ͞Ε͍ͯΔ2ͭͷAPI •

    navigator.credentials.create() : ొ࿥ • navigator.credentials.get() : ೝূ !23
  24. WebAuthn - ొ৔ਓ෺ !24 • Relying Party : WebΞϓϦ •

    Authenticator : ηΩϡϦςΟΩʔɺσόΠε • Client : Webϒϥ΢β
  25. WebAuthn - ొ৔ਓ෺ !25 IUUQTHJIZPKQEFWDPMVNOOFXZFBSXFCBVUIO QBHF

  26. WebAuthn - ొ৔ਓ෺ !26 IUUQTHJIZPKQEFWDPMVNOOFXZFBSXFCBVUIO QBHF

  27. WebAuthn - ొ࿥ϑϩʔ !27 1. ొ࿥༻ύϥϝʔλ࡞੒
 (RP৘ใ,Ϣʔβʔ৘ใ, ϩʔΧϧೝূͷ༗ແͳͲ) 3. Authenticator/Platform

    ͷػೳΛݺͼग़͢ 2. JS APIͷݺͼग़͠ 4.ϩʔΧϧೝূ 伴ϖΞੜ੒ ॺ໊࡞੒ 5. ৽͍͠ެ։伴ͱॺ໊ 6. JS API͔Βͷ໭Γ஋ 7.֤छݕূ ެ։伴ͷอଘ Authenticator (SecurityKey etc…) Client (ϒϥ΢β) Relying Party (αʔϏε)
  28. ొ࿥༻ύϥϝʔλͷࢦఆྫ !28 • Attachment : Authenticatorͷछྨ • User Verification :

    ϩʔΧϧೝূͷཁٻ • Require ResidentKey : Ϣʔβʔ৘ใΛอଘ
  29. Attachment : Undefined (macOS + Google Chrome) !29 Ϣʔβʔ͕ར༻͢Δ"VUIFOUJDBUJPSΛબ୒

  30. Platform Authenticator (macOS + Google Chrome) !30

  31. Cross-Platform Authenticator (macOS + Google Chrome) !31

  32. Attachment : Undefined (Windows10 + MS Edge) !32 8JOEPXT)FMMP༏ઌ Ωϟϯηϧˠ$SPTT1MBUGPSN

  33. ొ࿥༻ύϥϝʔλͷࢦఆྫ !33 • Attachment : Authenticatorͷछྨ • User Verification :

    ϩʔΧϧೝূͷཁٻ • Require ResidentKey : Ϣʔβʔ৘ใΛอଘ
  34. AuthenticatorͱϩʔΧϧೝূ !34 '*%0ηΩϡϦςΟΩʔσόΠεʛ#JP1BTT'*%0cඈఱδϟύϯ
 IUUQTGUTBGFDPKQQSPEVDUTGJEP

  35. AuthenticatorͱϩʔΧϧೝূ !35 %JTDPWFS:VCJ,FZTc4USPOH5XP'BDUPS"VUIFOUJDBUJPOGPS4FDVSF-PHJOc:VCJDP
 IUUQTXXXZVCJDPDPNQSPEVDUTZVCJLFZIBSEXBSF

  36. User Verification : Required (macOS + Google Chrome) !36 ϩʔΧϧೝূͷͳ͍σόΠεͰ΋1*/ͷར༻͕Մೳ

  37. User Verification : Required (Windows10 + MS Edge) !37

  38. ొ࿥༻ύϥϝʔλͷࢦఆྫ !38 • Attachment : Authenticatorͷछྨ • User Verification :

    ϩʔΧϧೝূͷཁٻ • Require ResidentKey : Ϣʔβʔ৘ใΛอଘ
  39. Require ResidentKey : True (macOS + Google Chrome) !39 69͕มΘΔ৔߹΋

  40. WebAuthn - ೝূϑϩʔ !40 Authenticator (SecurityKey etc…) Client (ϒϥ΢β) Relying

    Party (αʔϏε) 1. ೝূ༻ύϥϝʔλ࡞੒
 (ެ։伴৘ใ, ϩʔΧϧೝূͷ༗ແͳͲ) 3. Authenticator/Platform ͷػೳΛݺͼग़͢ 2. JS APIͷݺͼग़͠ 4.ϩʔΧϧೝূ ॺ໊࡞੒ 5. ॺ໊ 6. JS API͔Βͷ໭Γ஋ 7.֤छݕূ ೝূॲཧ
  41. ೝূ༻ύϥϝʔλͷࢦఆྫ !41 • AllowCredentials : ެ։伴ͷࢦఆ • ͋Γ : RP͕อ͍࣋ͯ͠Δެ։伴Λࢦఆ

    • ͳ͠(ۭ) : Authenticator ʹอଘ͞Ε͍ͯΔ ৘ใΛར༻
  42. allowCredentialsࢦఆ͋Γ (macOS + Google Chrome) !42 ࢦఆͨ͠ެ։ݤʹඥͮ͘"VUIFOUJDBUPSΛཁٻ

  43. allowCredentialsࢦఆ͋Γ (Windows10 + MS Edge) !43

  44. ೝূ༻ύϥϝʔλͷࢦఆྫ !44 • AllowCredentials : ެ։伴ͷࢦఆ • ͋Γ : RP͕อ͍࣋ͯ͠Δެ։伴Λࢦఆ

    • ͳ͠(ۭ) : Authenticator ʹอଘ͞Ε͍ͯΔ ৘ใΛར༻ -> Resident Key
  45. allowCredentialsࢦఆͳ͠ (macOS + Google Chrome) !45 ϩʔΧϧೝূอଘ͞Ε͍ͯΔϢʔβʔ৘ใ͔Βબ୒

  46. allowCredentialsࢦఆͳ͠ (macOS + Google Chrome) !46 ηΩϡϦςΟΩʔͷ৔߹΋࠷ޙʹϢʔβʔ৘ใબ୒

  47. allowCredentialsࢦఆͳ͠ (Windows10 + MS Edge) !47 8JOEPXT)FMMPͰ͸Ϣʔβʔબ୒ϩʔΧϧೝূ

  48. allowCredentialsࢦఆͳ͠ (Windows10 + MS Edge) !48 ηΩϡϦςΟΩʔͷ৔߹͸ϩʔΧϧೝূޙϢʔβʔબ୒

  49. WebAuthnͷϑΟογϯά଱ੑ (௥Ճೝূ) !49 ϑΟογϯάϝʔϧɺ ϝοηʔδ ϑΟογϯάαΠτ ʢFYBNQMFJOGPʣ ਖ਼نͷαΠτ FYBNQMFDPN *%ύεϫʔυ

     Ξαʔγϣϯ ॺ໊ͳͲ औಘͨ͠ *%ύεϫʔυ  Ξαʔγϣϯ
  50. WebAuthnͷϑΟογϯά଱ੑ (௥Ճೝূ) !50 ϑΟογϯάϝʔϧɺ ϝοηʔδ ϑΟογϯάαΠτ ʢFYBNQMFJOGPʣ ਖ਼نͷαΠτ FYBNQMFDPN *%ύεϫʔυ

     Ξαʔγϣϯ ॺ໊ͳͲ औಘͨ͠ *%ύεϫʔυ  Ξαʔγϣϯ PSJHJO୯ҐͰ伴ϖΞΛ ੜ੒͍ͯ͠ΔͷͰ ϑΟογϯάαΠτʹ ϩάΠϯͰ͖ͳ͍
  51. WebAuthnͷϑΟογϯά଱ੑ (௥Ճೝূ) !51 ϑΟογϯάϝʔϧɺ ϝοηʔδ ϑΟογϯάαΠτ ʢFYBNQMFJOGPʣ ਖ਼نͷαΠτ FYBNQMFDPN *%ύεϫʔυ

     Ξαʔγϣϯ ॺ໊ͳͲ औಘͨ͠ *%ύεϫʔυ  Ξαʔγϣϯ PSJHJO୯ҐͰ伴ϖΞΛ ੜ੒͍ͯ͠ΔͷͰ ϑΟογϯάαΠτʹ ϩάΠϯͰ͖ͳ͍ ϑΟογϯάαΠτ޲͚ͷ ΞαʔγϣϯΛਖ਼نͷαΠτʹ ૹͬͯ΋ݕূࣦഊ͢Δ
  52. ࠷ۙ஫໨ͷFIDO/WebAuthnͷରԠঢ়گ !52 • Android • Authenticator: Android 7.0~, Security Key

    • Client: Chrome, Firefox • Windows 10 • Authenticator: Windows Hello, Security Key • Client : Microsoft Edge, Chrome, Firefox…
  53. WebAuthnͷ࣮૷ʹ͍ͭͯ !53 • ͜͜Ͱ͸঺հ͠·ͤΜ

  54. ͍Α͍Αຊ୊ FIDO / WebAuthn UX

  55. ঺հ͢ΔϢʔεέʔε • ௥Ճͷೝূํࣜͱͯ͠: ύεϫʔυೝূ + FIDO • ϝΠϯͷೝূํࣜͱͯ͠: ύεϫʔυೝূ or

    FIDO !55
  56. Dropbox

  57. Dropbox - ొ࿥ !57 ઃఆલʹύεϫʔυ֬ೝΛཁٻ

  58. Dropbox - ొ࿥ !58 σόΠε৘ใʹର͢Δ ΞΫηεڐՄ֬ೝΛཁٻ "UUFTUBUJPOOPOF

  59. Dropbox - ొ࿥ !59 ໊લΛ͚ͭͯ׬ྃ

  60. Dropbox - ೝূ !60 ύεϫʔυೝূͷޙʹೝূΛཁٻ

  61. Dropbox - ೝূ !61 ιʔγϟϧϩάΠϯޙʹ΋ೝূΛཁٻ

  62. Dropboxͷಋೖྫ • ̎ஈ֊ೝূͷ2ͭ໨Ҏ߱ͷೝূํࣜͱͯ͠ઃఆ • ར༻ՄೳͳAuthenticatorʹ੍ݶͳ͠ • ొ࿥ॲཧޙʹ໊લΛઃఆ • ύεϫʔυೝূ͚ͩͰ͸ͳ͘ɺιʔγϟϧϩάΠϯ ͷޙʹ΋ཁٻ͞ΕΔ

    !62
  63. GitHub

  64. GitHub - ొ࿥ !64 ొ࿥ॲཧͷલʹ໊લΛઃఆͤ͞Δ

  65. GitHub - ొ࿥ !65 1MBUGPSN"VUIFOUJDBUPS΋ར༻Մೳ

  66. GitHub - ೝূ !66 ύεϫʔυೝূޙʹར༻

  67. GitHub - ೝূ !67 ύεϫʔυ֬ೝ࣌ʹ΋ηΩϡϦςΟΩʔΛར༻Մೳ

  68. GitHubͷಋೖྫ • ̎ཁૉೝূͷ2ͭ໨Ҏ߱ͷೝূํࣜͱͯ͠ઃఆ • ར༻ՄೳͳAuthenticatorʹ੍ݶͳ͠ • ొ࿥ॲཧલʹ໊લΛઃఆ • ύεϫʔυೝূͷޙ͚ͩͰ͸ͳ͘ɺ࠶ೝূ࣌ʹ΋η ΩϡϦςΟΩʔΛ༻͍ͨೝূ͕Մೳ

    !68
  69. Google

  70. Google - ొ࿥ !70 "OESPJEҎ߱ͷσόΠεΛ؆୯ʹઃఆͰ͖Δ

  71. Google - ొ࿥ !71 $SPTT1MBUGPSN"VUIFOUJDBUPS 5JUBOFUDʜ ΋ొ࿥Մೳ

  72. Google - ೝূ !72 ύεϫʔυೝূޙʹ௥ՃೝূΛཁٻ

  73. Google - ೝূ !73 εϚϗͰڐՄ͢Δͱೝূ͕׬ྃ

  74. Google - ೝূ !74 ηΩϡϦςΟΩʔΛબ୒ޙɺλοϓ͢Δͱ׬ྃ

  75. Googleͷಋೖྫ • ̎ஈ֊ೝূͷ2ͭ໨Ҏ߱ͷೝূํࣜͱͯ͠ར༻Մೳ • Cross-platform Authenticator • Android୺຤΋ར༻Մೳ • ϖΞϦϯάͳ͠ͷBluetooth઀ଓ(caBLE)

    • ͍ۙ͏ͪʹ࠶ೝূ࣌ʹ΋ར༻ՄೳʹͳΓͦ͏ !75
  76. ʮ௥Ճೝূͱͯ͠ͷಋೖʯ ͷϙΠϯτ • ෳ਺ͷೝূํࣜΛఏڙ : ʮ٧Έʹ͍͘ʯ࢓૊Έ • Authenticatorͷ੍ݶ • ໊લͷઃఆ

    • ೝূཁٻͷλΠϛϯά • ύεϫʔυೝূ / ιʔγϟϧϩάΠϯͷޙ • ύεϫʔυ֬ೝͷ୅ସͱͯ͠ !76
  77. ঺հ͢ΔϢʔεέʔε • ௥Ճͷೝূํࣜͱͯ͠: ύεϫʔυೝূ + FIDO • ϝΠϯͷೝূํࣜͱͯ͠: ύεϫʔυೝূ or

    FIDO !77
  78. Yahoo! JAPAN

  79. Yahoo! JAPAN - ొ࿥ !79 "OESPJE $ISPNF؀ڥʹݶఆ

  80. Yahoo! JAPAN - ొ࿥ !80 4.4ϝʔϧ ֬ೝίʔυ౳ͱͷซ༻΋Մೳ

  81. Yahoo! JAPAN - ೝূ !81 Ϣʔβʔࣝผޙɺ"OESPJE$ISPNFͳΒೝূཁٻ

  82. Yahoo! JAPANͷಋೖྫ • Android + Chrome ͱݴ͏૊Έ߹Θͤʹݶఆ • ͦΕҎ֎ͷ؀ڥͰ͸ϝʔϧ /

    SMSͰͷ֬ೝίʔ υૹ৴౳Λར༻ • ϢʔβʔࣝผޙʹೝূํࣜΛग़͠Θ͚ • ొ࿥ޙͷ࠶ೝূͰ΋ಉ͡ೝূํࣜ !82
  83. Microsoft

  84. Microsoft - ొ࿥ !84 8JOEPXT)FMMP͕ಈ࡞͢Δ؀ڥͰ͋Ε͹ $SPTT1MBUGPSN"VUIFOUJDBUPS΋ར༻Մೳ

  85. Microsoft - ొ࿥ !85 6TFS7FSJGJDBUJPOSFRVJSFE

  86. Cross-Platform Authenticator !86 ΋ͪΖΜ8JOEPXT)FMMP୯ମͰ΋ొ࿥Մೳ

  87. Microsoft - ೝূ !87 Ϣʔβʔࣝผલʹೝূཁٻ 3FTJEFOU,FZ

  88. Microsoftͷಋೖྫ • Windows Hello͕࢖͑Δ؀ڥ + MS Edgeݶఆ • Windows Hello୯ମ

    • USB/NFCͳηΩϡϦςΟΩʔ΋ར༻Մೳ • αΠϯΠϯΦϓγϣϯͱͯ͠Ϣʔβʔࣝผલʹཁٻ • Resident KeyʹΑΔϢʔβʔબ୒ !88
  89. Nulab(ψʔϥϘΞΧ΢ϯτ)

  90. ψʔϥϘΞΧ΢ϯτ - ొ࿥ !90 ྆ํͷ"VUIFOUJDBUPSʹରԠ

  91. ψʔϥϘΞΧ΢ϯτ - ొ࿥ !91 ొ࿥ॲཧ׬ྃ࣌ʹ໊લΛઃఆ

  92. ψʔϥϘΞΧ΢ϯτ - ೝূ !92 ϝΞυͰࣝผޙʹ8FC"VUIOͷೝূཁٻ

  93. ψʔϥϘΞΧ΢ϯτͷಋೖྫ • ϝΠϯͷೝূํࣜͱͯ͠ύεϫʔυೝূͱซ༻Մೳ • ར༻ՄೳͳAuthenticatorʹ੍ݶͳ͠ • ෳ਺ొ࿥ՄೳɺϢʔβʔ໊͕લΛ͚ͭΔ • Ϣʔβʔࣝผޙʹೝূཁٻ !93

  94. ʮϝΠϯͷೝূํࣜͱͯ͠ͷಋೖʯ ͷϙΠϯτ • UserVerification͸ඞਢ • αϙʔτ؀ڥ(Authenticator/Client)ͷ੍ݶ • ੍ݶ͋Γ = ϝϯςφϯε͕ඞཁ

    • ੍ݶͳ͠ = FIDO2ରԠ؀ڥͳΒ͹উखʹରԠՄೳ • ೝূཁٻͷλΠϛϯά • ϝΞυͰࣝผޙʹઃఆͱ؀ڥͷ൑ఆ • ResidentKeyΛར༻ͯ͠Ϣʔβʔબ୒ !94
  95. ύεϫʔυϨεʹ޲͚ͯ

  96. ύεϫʔυϨε΁ͷಓ • ৽نαʔϏεͰ͸ύεϫʔυೝূΛಋೖ͠ͳ͍ • WebAuthn/FIDO͕࢖͑ͳ͍؀ڥͷέΞ • طଘͷαʔϏε͔ΒύεϫʔυೝূΛऔΓআ͘ 1. ґଘΛͳ͘͢ 2.

    (ڧ੍΋͘͠͸೚ҙͰ)ແޮԽ !96
  97. ύεϫʔυೝূ΁ͷґଘͱ͸ • ৽نొ࿥ϑϩʔ • ύεϫʔυΛઃఆ͔ͯ͠Βϝʔϧ/SMS֬ೝ • ϩάΠϯͰ͖ͳ͍ϦϯΫ • ύεϫʔυϦηοτϑϩʔ΁ •

    ઃఆมߋͳͲॏཁͳॲཧ • ύεϫʔυ֬ೝ !97
  98. ύεϫʔυೝূ΁ͷґଘΛऔΓআ͘ • ৽نొ࿥ϑϩʔ • ΫϨσϯγϟϧઃఆͱϝʔϧ/SMS֬ೝͷ෼཭ • ΫϨσϯγϟϧઃఆ෦෼Λ֦ுՄೳʹ͢Δ • ϩάΠϯͰ͖ͳ͍ϦϯΫ •

    ผͷೝূํࣜ΍ઃఆมߋ΁ͷ༠ಋ • ઃఆมߋͳͲॏཁͳॲཧ • ෳ਺ͷೝূํࣜΛڐ༰ !98
  99. ψʔϥϘΞΧ΢ϯτͷ৽نొ࿥ • ࠷ॳʹύεϫʔυઃఆ • ґଘΛऔΓআͨ͘Ίʹ • ϝΞυ֬ೝΛઌʹʁ !99

  100. Dropboxͷύεϫʔυ֬ೝ • ηΩϡϦςΟػೳͷલ ʹύεϫʔυཁٻ • ґଘΛऔΓআͨ͘Ίʹ • ઃఆࡁΈͷೝূํࣜ ʹ߹Θͤͨ࠶ೝূ •

    υϝΠϯ/origin੔ཧ !100
  101. Yahoo! JAPANͷ࠶ೝূ • ύεϫʔυΛ֬ೝ͍ͯ͠ ͨͱ͜ΖͰϝΠϯͷೝ ূํࣜΛཁٻ • SMS / Email

    • WebAutnn • υϝΠϯ͕౷Ұ !101
  102. ύεϫʔυೝূͷແޮԽ • ύεϫʔυΛ࢖Θͳ͍ʹϦετ߈ܸΛड͚ͳ͍ • Yahoo! JAPAN / ψʔϥϘΞΧ΢ϯτ !102

  103. Yahoo! JAPANͷ ύεϫʔυೝূແޮԽ !103 ϝʔϧιϑτͳͲͷύεϫʔυ͸ผ్ઃఆՄೳ

  104. ψʔϥϘΞΧ΢ϯτͷ ύεϫʔυ࡟আ !104 8FC"VUIOରԠ؀ڥͰ͔͠࢖Θͳ͍ͳΒ࡟আՄೳ

  105. ·ͱΊ

  106. ࠓճͷ಺༰ • WebAuthnΛಋೖͨ͠αʔϏεͷUXΛ঺հͨ͠ • ࣮αʔϏε΁ͷಋೖ࣌ͷϙΠϯτΛ੔ཧͨ͠ • ύεϫʔυೝূ͕͋ΔαʔϏε΁ͷಋೖ • ύεϫʔυϨε΁ͷҠߦ !106

  107. • ࣭͝໰ɺײ૝ͳͲ͓଴͓ͪͯ͠Γ·͢ • ϒϩάͰͷݴٴͳͲ • Twitter ͷϋογϡλά or ϝϯγϣϯ •

    ஏ͔͚ͣ͠Ε͹DMͰ΋ !107 ͝੩ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠