Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Auth0 Product Roadmap Report

suwa yuki
December 10, 2019

Auth0 Product Roadmap Report

Auth0 Day 2019 Recap in Osakaのセッション「Auth0 Product Roadmap Report」のセッションスライドです。

suwa yuki

December 10, 2019
Tweet

More Decks by suwa yuki

Other Decks in Technology

Transcript

  1. Auth0 Product
    Roadmap Report
    2019.12.10
    Classmethod, Inc. SUWA Yuki

    View full-size slide

  2. • Senior Specialist

    • Developers.IO Blogger

    • iOS Node.js Vue AWS etc…
    ਡ๚ ༔لɹYuki Suwa
    Auth0 Ambassador

    View full-size slide

  3. November 2019
    • Martin Gontovnikas ࢯདྷ೔

    • Auth0 Day 19 ొஃ

    • LINE Developer Day 2019 ొஃ

    View full-size slide

  4. ຊ೔ͷ͓࿩
    • Gontoࢯ͕ޠͬͨηογϣϯͷৼΓฦΓ

    • Auth0 Product RoadmapʢAuth0 Dayʣ

    • Identity͸৽͍͠ϑΝΠΞʔ΢Υʔϧ ʢLINE Dev Dayʣ

    View full-size slide

  5. Auth0ͷઓུ
    2013 2016 2019
    ։ൃऀ
    ֦ுੑ
    ϓϥοτϑΥʔϜ

    View full-size slide

  6. Auth0ͷߟ͑ํ
    • ೝূ / ೝՄͷձࣾ

    • ID؅ཧ͚ͩͰ͸ͳ͘ɺ։ൃऀͷ͓ख఻͍͕͍ͨ͠

    • ։ൃऀͷExperience΋େ੾ʹ͍ͯ͠Δ

    View full-size slide

  7. ։ൃऀͷͨΊͷϓϥοτϑΥʔϜ
    • 2, 3ߦͰ࢝ΊΒΕΔ

    • ਺ଟ͘ͷݴޠΛαϙʔτ

    • Web͚ͩͰ͸ͳ͘ɺσεΫτοϓɺϞόΠϧͰ΋࢖͑Δ

    View full-size slide

  8. ֦ுੑͷڧԽ
    • RuleΛ࢖ͬͯAuth0ͷػೳΛχʔζʹ߹ΘͤΒΕΔ

    • ྫ : ೔ຊҎ֎ͷIPΛϒϩοΫ͢Δ

    • 87%ͷސ٬͕֦ு͍ͯ͠Δ

    • ଞͷೝূϕϯμʔͱେ͖͘ҟͳΔ఺

    View full-size slide

  9. Response
    Optional Redirect
    External Page
    Your Code
    MFA
    Modified Access

    & ID Tokens
    Rules
    Own

    API
    Access & ID

    Tokens
    Enrich

    Profile
    Send to
    Intercom

    View full-size slide

  10. Auth0ͷઓུ
    2013 2016 2019
    ։ൃऀ
    ֦ுੑ
    ϓϥοτϑΥʔϜ εέʔϥϏϦςΟ
    ৴པ & ίϯϓϥΠΞϯε

    View full-size slide

  11. εέʔϥϏϦςΟ
    • 30ԯҎ্/݄ͷϩάΠϯΛ؅ཧ

    • 5ϲࠃɺ5ԯ1,200ສਓͷϓϩϑΝΠϧΛ؅ཧ

    • 12ສ΋ͷΞϓϦέʔγϣϯʢΫϥΠΞϯτʣ

    View full-size slide

  12. ৴པͱίϯϓϥΠΞϯε
    27001 SOC HIPAA 27018 PCI

    View full-size slide

  13. Auth0ͷઓུ
    2013 2016 2019
    ։ൃऀ
    ֦ுੑ
    ϓϥοτϑΥʔϜ εέʔϥϏϦςΟ
    ৴པ & ίϯϓϥΠΞϯε
    ࣍͸Կʁ

    View full-size slide

  14. ϫϯΫϦοΫͰ

    ͋ΒΏΔΞϓϦέʔγϣϯʹ

    ҆શʹΞΫηεͰ͖ΔΑ͏ʹ͢Δ

    View full-size slide

  15. ΤϯυϢʔβʔͱͯ͠
    • ϩάΠϯ͸อͨΕͭͭɺηΩϡϦςΟΛҡ࣋ͯ͠ཉ͍͠

    • ղܾ͢Δखஈͱͯ͠ίϯϑΟσϯεϨϕϧͷಋೖ

    • ೝূͱ͍͏1ͭͷΠϕϯτʹରͯ͠Ϩϕϧ͕มΘΔ

    • ྫ ) ৼΓࠐΈͳͲॏཁͳΞΫγϣϯͰMFA͕ൃಈ

    • ܧଓతͳೝূ͕ߦΘΕΔ

    View full-size slide

  16. ηΩϡϦςΟΤϯδχΞͱͯ͠
    • Կ͕ى͖͍ͯͯɺԿΛ๷͙ͷ͔Λ೺Ѳ͍ͨ͠

    • ⚠ Ϣʔβʔ͕10෼Ҏ಺ʹผͳࠃ͔ΒϩάΠϯ

    ɹɹ ϑΟογϯά߈ܸΛݕग़

    • ⚠ ଞͷࠃͷIPΞυϨε͔ΒϩάΠϯ

    ɹɹ Credential Stuffing߈ܸΛݕग़

    View full-size slide

  17. ؅ཧऀͱͯ͠
    • ৽نސ٬͸৭ʑͳཁٻΛ͍࣋ͬͯΔ

    • ྫ ) ৽͍͠πʔϧͷಋೖɺ৽͍͠ϩάΠϯํࣜͷಋೖ

    • அଓత / ܧଓతʹൃੜ͢Δӡ༻

    • ྫ ) σόΠεฆࣦɺAPIͷೝূ৘ใͷऔಘ

    • Auth0͕IFͱͳΓɺ֤ID؅ཧऀ͸ࣗ෼ͨͪͰ࣮ࢪ͢Δ

    View full-size slide

  18. ࣮૷ऀͱͯ͠
    • ඞཁͳݶΓγϯϓϧʹɺͦͯ͠ύϫϑϧʹ

    • ͱͯ΋؆୯ʹελʔτͰ͖Δɺγϯϓϧ͞Λอͭ

    • ඞཁͰ͋Ε͹Connection, Hook, RuleͳͲͰ֦ுͰ͖Δ

    View full-size slide

  19. ௚ۙͰ௥Ճ͞Εͨػೳ
    Authentication & Authorization

    • Sign in with Apple

    • LINE

    • Enterprise OIDC Connections

    Service Management

    • Log Search Filtering

    View full-size slide

  20. ௚ۙͰ௥Ճ͞Εͨػೳ
    • Explorer

    • શͯͷઃఆΛ

    ϏδϡΞϥΠζ

    View full-size slide

  21. ௚ۙͰ௥Ճ͞Εͨػೳ
    • AWS Session Tag with Auth0 as SAML Provider

    • SAML Provider͔ΒSSO͢ΔࡍʹΞαʔγϣϯΛ෇͚Δ
    ͜ͱͰResourceͷTagͰABAC (Attributed-Based
    Access Control) Ͱ͖Δػೳ
    https://dev.classmethod.jp/cloud/aws/session-tag-auth0/

    View full-size slide

  22. Coming next (Q4 to 2020)
    • Universal LoginͷΧελϜςΩετ

    • ϋογϡࡁΈύεϫʔυͷΠϯϙʔτʢ֦ுʣ

    • ύεϫʔυϨεͷωΠςΟϒ/όοΫΤϯυΞϓϦͷαϙʔτ

    • ϦϑϨογϡτʔΫϯͷϩʔςʔγϣϯ (for ITP2 session interruptions)

    • On-Behalf-Of-Flowͷαϙʔτ
    IN PROGRESS

    View full-size slide

  23. Coming next (Q4 to 2020)
    • νʔϜΞΧ΢ϯτͷμογϡϘʔυ΁ͷΞΫηείϯτ
    ϩʔϧ

    • 3rd party΁ͷΑΓϦΞϧλΠϜͳϩάग़ྗ

    • ෆਖ਼ϩάΠϯΛܰݮ͢ΔͨΊͷ৴པ౓είΞϦϯά
    IN PROGRESS

    View full-size slide

  24. Coming next (Q4 to 2020)
    • MFAͷཁૉΛબ୒͢Δػೳ

    • Native FacebookϩάΠϯ

    • RBACͷͨΊͷϓϩόΠμιʔε/ϗετάϧʔϓػೳ

    • 3rd Party APIͷΞΫηείϯτϩʔϧ
    PLANNED

    View full-size slide

  25. Coming next (Q4 to 2020)
    • ॺ໊Ωʔϩʔςʔγϣϯ

    • ඇΞΫςΟϒޙͷϦϑϨογϡτʔΫϯͷߋ৽

    • ϩάͷҰ؏ੑͷվળ

    • Management APIͰͷHooksͷ؅ཧ
    PLANNED

    View full-size slide

  26. Coming next (Q4 to 2020)
    • Universal Loginͷ͞ΒͳΔΧελϚΠζ

    • Web AuthNͱॺ໊ΩʔͷͨΊͷMFAαϙʔτ

    • ConsentͷΧελϚΠζͱϩʔΧϥΠζ

    • ؆୯ͳΞϓϦϚΠάϨʔγϣϯ
    CONCIDERING

    View full-size slide

  27. Coming next (Q4 to 2020)
    • Ϣʔβʔ͕ϒϩοΫ͞Εͨཧ༝ͷอ؅

    • ύεϫʔυϦηοτϑϩʔͷΧελϚΠζ

    • ߹ཧԽ͞ΕͨB2B SaaSͷOrganization؅ཧ

    • Credential Stuffing߈ܸ (bot attack) ͷอޢ
    CONCIDERING

    View full-size slide

  28. Coming next (Q4 to 2020)
    • σόΠε͝ͱʹΞΫςΟϒηογϣϯΛ੍ޚ͢Δػೳ

    • ηογϣϯͷνΣοΫˍRevoke͕Ͱ͖ΔAPI

    • HooksͷContextualͳΤϥʔϋϯυϦϯά

    • ςφϯτͷ࡞੒ɺ؅ཧ͕Ͱ͖ΔAPI
    CONCIDERING

    View full-size slide

  29. Summary
    • Auth0ͷϏδϣϯ͸UXͱDXΛͱ΋ʹߴΊΔͱ͜Ζʹ͋Δ

    • UXͱͯ͠ɺ
    ϫϯΫϦοΫͰ҆શʹΞΫηεͰ͖ΔΑ͏ʹ͢Δ

    • DXͱͯ͠ɺγϯϓϧΛอͪɺࣗ༝ʹ֦ுͰ͖ΔΑ͏ʹ͢Δ

    View full-size slide

  30. "VUIύʔτφʔͱͯ͠
    Resell Consulting Development
    "84ͱͷ

    ૊Έ߹ΘͤͰ

    ͓҆͘ܖ໿
    ೝূγεςϜͷઃܭ΍

    ߏஙࢧԉΛ௨ͯ͠

    εϐʔσΟʹಋೖ
    "VUIΛ࢖ͬͨ

    ΞϓϦέʔγϣϯΛ

    νʔϜͰ։ൃ

    View full-size slide