Upgrade to Pro — share decks privately, control downloads, hide ads and more …

熊でもわかるFIDO2

Shohei Kobayashi
June 04, 2023
Technology
0
100

 熊でもわかるFIDO2

FIDO2 / PassKey / Webauthnの概念から設計・実装まで

Shohei Kobayashi

June 04, 2023
Tweet

More Decks by Shohei Kobayashi

See All by Shohei Kobayashi
CI/CD/インフラ勉強会Vol4 Amazon ECS編 Part1
srockstyle
0
120
熊でもわかるCI/CD/モダンインフラ Vol3 AWS CDK
srockstyle
0
350
熊でもわかるCI/CDモダンインフラ Github Action編
srockstyle
0
320
熊でもわかるCI/CD/モダンインフラVol1:用語を覚えよう編
srockstyle
0
490
Chefとnginxで作るPHPアプリケーションのReliable Blue Green Deployment
srockstyle
6
24k

Other Decks in Technology

See All in Technology
信頼性に挑む中で拡張できる・得られる1人のスキルセットとは?
ken5scal
2
530
透過型SMTPプロキシによる送信メールの可観測性向上: Update Edition / Improved observability of outgoing emails with transparent smtp proxy: Update edition
linyows
2
210
いざ、BSC討伐の旅
nikinusu
2
780
Amazon CloudWatch Network Monitor のススメ
yuki_ink
1
200
AWS Media Services 最新サービスアップデート 2024
eijikominami
0
200
Why App Signing Matters for Your Android Apps - Android Bangkok Conference 2024
akexorcist
0
120
New Relicを活用したSREの最初のステップ / NRUG OKINAWA VOL.3
isaoshimizu
2
590
Lexical Analysis
shigashiyama
1
150
適材適所の技術選定 〜GraphQL・REST API・tRPC〜 / Optimal Technology Selection
kakehashi
1
170
Engineer Career Talk
lycorp_recruit_jp
0
150
[CV勉強会@関東 ECCV2024 読み会] オンラインマッピング x トラッキング MapTracker: Tracking with Strided Memory Fusion for Consistent Vector HD Mapping (Chen+, ECCV24)
abemii
0
220
TanStack Routerに移行するのかい しないのかい、どっちなんだい! / Are you going to migrate to TanStack Router or not? Which one is it?
kaminashi
0
580

Featured

See All Featured
KATA
mclloyd
29
14k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
126
18k
Building an army of robots
kneath
302
43k
Side Projects
sachag
452
42k
Fantastic passwords and where to find them - at NoRuKo
philnash
50
2.9k
BBQ
matthewcrist
85
9.3k
jQuery: Nuts, Bolts and Bling
dougneiner
61
7.5k
Code Reviewing Like a Champion
maltzj
520
39k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
26
1.4k
Facilitating Awesome Meetings
lara
50
6.1k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
48k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
44
2.2k

Transcript

  1. ۽Ͱ΋Θ͔Δ FIDO2

  2. ༻ޠղઆ

  3. ύεϫʔυΛ࢖ΘͣʹೝূΛߦ͏ʮύεϫʔυϨεʯೝূͷ࠷৽ͷٕज़ن֨ ެ։伴Λࣄલʹొ࿥͢Δ ϩάΠϯͷཁٻ νϟϨϯδίʔυΛ͚ͭͯ ೝূΛґཔ ࢿ֨৘ใͷೖྗ ʢࢦ໲ೝূͳͲʣ νϟϨϯδίʔυʹର͠ ൿີ伴Ͱॺ໊ ެ։伴ʹΑΔݕূ

    ϩάΠϯڐՄ ൿີ伴ͷอ࣋ ެ։伴ͷอ࣋ '*%0ͱ͸ 8FCαΠτ

  4. '*%0ͷ࢓૊Έͷ՝୊ ެ։伴Λࣄલʹొ࿥ࡁ ϩάΠϯͷཁٻ ެ։伴ʹΑΔݕূ ϩάΠϯڐՄ ൿີ伴#ͷอ࣋ ެ։伴ͷอ࣋ ൿີ伴"ͷอ࣋ ެ։伴ະొ࿥ ϩάΠϯͷཁٻ

    ެ։伴ʹΑΔݕূ ϩάΠϯڐՄͰ͖ͳ͍ ެ։伴ొ࿥ࡁ 1$ͱεϚϗ྆ํ͔ΒΞΫηε͍͕ͨ͠ɺ εϚϗͷൿີ伴͔͠ొ࿥ͯ͠ͳ͍ͷͰ 1$͔ΒϩάΠϯͰ͖ͳ͍ͷͭΒ͍ 8FCαΠτ

  5. ύεΩʔʢNVMUJEFWJDF'*%0DSFEFOUJBMʣ Ϋϥ΢υͰൿີ伴Λอଘ͠ڞ༗͢Δ͜ͱͰϚϧνσόΠεରԠ͢Δ๏ํ ൿີ伴ΛΫϥ΢υͰڞ༗ ϩάΠϯͷཁٻ ެ։伴ʹΑΔݕূ ϩάΠϯڐՄ ެ։伴ͷอ࣋ ϩάΠϯͷཁٻ εϚϗͰ࡞ͬͨൿີ伴Λ1$Ͱ΋ ڞ༗Ͱ͖ΔͷͰɺ

    ྆ํͰ'*%0ͰͷϩάΠϯ͕Ͱ͖Δʂ ެ։伴ʹΑΔݕূ ϩάΠϯڐՄ 8FCαΠτ

  6. '*%0ೝূ͢Δ͜ͱʹύεΩʔͱ͍͏จ຺Ͱ ࢖͏ਓ΋͍ΔͷͰؾΛ͚ͭΑ͏ɻ ʢຊ౰ͷҙຯ͸ҧ͏Αʣ

  7. ࣮૷

  8. 8FCBVUIO ύϒϦοΫΩʔೝূͷΠϯλʔϑΣΠεΛ8FCΞϓϦέʔγϣϯͰඪ४Խ͢ΔͨΊͷ8FCඪ४ɻ ެ։伴Λࣄલʹొ࿥͢Δ ϩάΠϯͷཁٻ νϟϨϯδίʔυΛ͚ͭͯ ೝূΛґཔ 1*/ͷೖྗ UPVDI*%  νϟϨϯδίʔυʹର͠

    ൿີ伴Ͱॺ໊ ެ։伴ʹΑΔݕূ ϩάΠϯڐՄ ೝূػ 8FC"VUIO $MJFOU ϒϥ΢β 8FCαΠτ

  9. 8FCBVUIO ඞཁͳཁ݅ 1*/ͷೖྗ UPVDI*%  ೝূػ 8FC"VUIO $MJFOU ϒϥ΢β 8FCαΠτ

    WebAuthn Relying Partyʹ४ڌ͢Δ͜ͱ WebAutn Clientʹ ରԠ͢Δ͜ͱ FIDO2 authenticaterͱ ޓ׵ੑΛอͭ͜ͱ

  10. 8FCBVUIO ϒϥ΢βͷରԠঢ়گ V67ʙ V87ʙ V13ʙ V60ʙ Vʙ &EHF)5.-࣌୅ʹ ରԠࡁΈ 2023/5

    V113 2023/5 V16 2023/5 V113 2023/5 V40

  11. 8FCBVUIO࣮૷લ४උ ࢀߟ63- pedz/rails-7-passkey-demo https://github.com/pedz/rails-7-passkey-demo cedarcode/webauthn-ruby https://github.com/cedarcode/webauthn-ruby 'SPOUFOE #BDLFOE $npm install

    webauthn-json $gem install webauthn-ruby

  12. 8FCBVUIO ೝূػ 8FC"VUIO $MJFOU ϒϥ΢β 8FCαΠτ Θ͚ͯߟ͑ΔͱΘ͔Γ΍͍͢Ͱ͢ Web Backend Database

    Web Frontend

  13. 8FCBVUIO࣮૷ొ࿥࣌ WebAuthn Client (ϒϥ΢β) Web Backend Web Frontend Database webauth

    register API webautn callback API Home API ৽نొ࿥ ϩάΠϯ໊ཁٻ ϩάΠϯ໊1045 ϩάΠϯ໊1045 ϩάΠϯ໊ͷ6TFSΛ࡞੒ 8FCBVUO*%Λ࡞੒͠%#ʹอଘ DBMMCBDL"1*Λฦ͢ ެ։伴࡞੒ґཔ ެ։伴࡞੒ґཔ ೝূঢ়͚ͭͯ1045 ύϥϝʔλ͔Βೝূ৘ใΛอଘ ϩάΠϯ0, ϩάΠϯ0, ೝূ෇͖ϖʔδ΁ΞΫηε ೝূ෇͖"1*΁ ΞΫηε ೝূ෇͖৘ใΛ ฦ͢ ೝূ෇͖৘ใΛ දࣔ

  14. 8FCBVUIO࣮૷όοΫΤϯυͰ࣮૷͢Δ΋ͷ Web Backend Database webauth register API webautn callback API

    Home API register API Ϣʔβొ࿥ˍνϟϨϯδίʔυൃߦ"1* register callback API ൿີ伴ͷొ࿥ηογϣϯ։࢝"1* session API طଘͷϢʔβݕࡧˍνϟϨϯδίʔυൃߦ"1* session callback API ൿີ伴ͷ֬ೝɾηογϣϯ։࢝"1* ͭ"1*Λ࣮૷͢Δඞཁ͕͋Γɻ த਎͸طଘͷ΋ͷΛࢀর͢Δ͔৽ن࡞੒͔ͷҧ͍͔͠ͳ͠ɻ ͜Ε͸طଘͷೝূඞਢ"1*ͳͷͰ ৽ͨʹ࣮૷͸͍Βͳ͍Α

  15. 8FCBVUIO࣮૷ϑϩϯτΤϯυͰ࣮૷͢Δ΋ͷ Sign Up Ϣʔβొ࿥ ൿີ伴࡞੒ґཔ SFHJTUFS"1*ͱDBMMCBDL"1*Λೋ࣮ͭߦ͢Δ Sign In طଘͷϢʔβͰϩάΠϯ ൿີ伴ݕࡧґཔ

    TFTTJPO"1*ͱDBMMCBDL"1*Λೋ࣮ͭߦ͢Δ Credentials Management Page ൿີ伴ͷ؅ཧϖʔδ ͭը໘Λ࣮૷͢Δඞཁ͕͋Γɻ ͨͩϩάΠϯ಺෦ͷϩδοΫ͕1045͢Δ͚ͩͰ͸ͳ͍ͷͰ஫ҙɻ 8FC"VUIO+TPOΛ࢖ͬͯൿີ伴ͷ࡞੒Λϒϥ΢βʹଅ࣮͢૷͕ඞཁɻ Web Frontend

  16. 8FCBVUO՝୊

  17. None

  18. 8FCαΠτ 1$ 4BGBSJൿີ伴 $ISPNFൿີ伴 ൿີ伴ೝূ ϩάΠϯ0, ൿີ伴ೝূ ϩάΠϯ/( ൿີ伴ͷڞ༗ ϒϥ΢βؒͰ͸

    ڞ༗ͯ͘͠Εͳ͍ ϒϥ΢βؒͰͷڞ༗͸ߦΘΕͳ͍

  19. 8FCαΠτ macOS 4BGBS࡞੒ൿີ伴 $ISPNF࡞੒ൿີ伴 ൿີ伴ೝূ ϩάΠϯ0, ൿີ伴ೝূ ϩάΠϯ0, ൿີ伴ͷڞ༗ "QQMF͸1BTT,FZͱ͍͏࢓૊ΈͰJ$MPVEܦ༝ͰσόΠεؒڞ༗͕Մೳ

    iOS ൿີ伴ೝূ ϩάΠϯ0,

  20. 8FCαΠτ macOS ࡞੒ͨ͠ൿີ伴 ൿີ伴ೝূ ϩάΠϯ0, ൿີ伴ͷཧ૝ iOS

  21. 8FCαΠτ macOS ࡞੒ͨ͠ൿີ伴 ൿີ伴ೝূ ϩάΠϯ0, ൿີ伴ͷཧ૝ iOS Windows Andoid

  22. ݱঢ়ͷղܾࡦ 8FCαΠτ NBD04J04ͷެ։伴 $ISPNFͷެ։伴 8JOEPXTͷެ։伴 macOS ࡞੒ͨ͠ൿີ伴 iOS Windows Andoid

    "OESPJEͷެ։伴 αΠτଆͰҰਓͷϢʔβʹରͯ͠ެ։伴Λෳ਺࣋ͭ

  23. '*%0ͷ·ͱΊͱײ૝ w ൿີ伴ͷڞ༗ํ๏Λ͏·͘΍ΕΕ͹*1"44ํࣜʹऔͬͯมΘΔͰ͠ΐ͏ w Ϣʔβ໊ͱૹ৴Ϙλϯԡͤ͹ηογϣϯ։࢝͸࢖͍खଆ͔Β͢ΔͱϚδͰָ w ෳ਺伴؅ཧ͸Ϣʔβଆ΋αʔϏεఏڙଆ΋໘౗ͳͷͰϢʔβެ։伴ʹ͍ͨ͠

  24. Blog: https://www.srockstyle.com/ • Twitterɿhttps://twitter.com/srockstyle • Facebookɿhttps://www.facebook.com/srockstyle • Githubɿhttps://github.com/srockstyle • Qiitaɿhttp://qiita.com/srockstyle

    • Wantedlyɿhttps://www.wantedly.com/users/2279 • YOUTRUST: https://youtrust.jp/users/srockstyle • Slideshareɿhttp://www.slideshare.net/srockstyle ۀ຿ҕୗͷ࢓ࣄ΋ɺਖ਼ࣾһͱͯ͠ͷεΧ΢τ΋͓଴ͪͯ͠·͢