Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Auth0 Product Roadmap Report

Ac7cbf1a95672e989590bb527cdafc8e?s=47 suwa yuki
December 10, 2019

Auth0 Product Roadmap Report

Auth0 Day 2019 Recap in Osakaのセッション「Auth0 Product Roadmap Report」のセッションスライドです。

Ac7cbf1a95672e989590bb527cdafc8e?s=128

suwa yuki

December 10, 2019
Tweet

Transcript

  1. Auth0 Product Roadmap Report 2019.12.10 Classmethod, Inc. SUWA Yuki

  2. • Senior Specialist • Developers.IO Blogger • iOS  Node.js

     Vue  AWS  etc… ਡ๚ ༔لɹYuki Suwa Auth0 Ambassador
  3. ˌAuth0JP

  4. November 2019 • Martin Gontovnikas ࢯདྷ೔ • Auth0 Day 19

    ొஃ • LINE Developer Day 2019 ొஃ
  5. ຊ೔ͷ͓࿩ • Gontoࢯ͕ޠͬͨηογϣϯͷৼΓฦΓ • Auth0 Product RoadmapʢAuth0 Dayʣ • Identity͸৽͍͠ϑΝΠΞʔ΢Υʔϧ

    ʢLINE Dev Dayʣ
  6. Auth0ͷઓུ 2013 2016 2019 ։ൃऀ ֦ுੑ ϓϥοτϑΥʔϜ

  7. Auth0ͷߟ͑ํ • ೝূ / ೝՄͷձࣾ • ID؅ཧ͚ͩͰ͸ͳ͘ɺ։ൃऀͷ͓ख఻͍͕͍ͨ͠ • ։ൃऀͷExperience΋େ੾ʹ͍ͯ͠Δ

  8. ։ൃऀͷͨΊͷϓϥοτϑΥʔϜ • 2, 3ߦͰ࢝ΊΒΕΔ • ਺ଟ͘ͷݴޠΛαϙʔτ • Web͚ͩͰ͸ͳ͘ɺσεΫτοϓɺϞόΠϧͰ΋࢖͑Δ

  9. ֦ுੑͷڧԽ • RuleΛ࢖ͬͯAuth0ͷػೳΛχʔζʹ߹ΘͤΒΕΔ • ྫ : ೔ຊҎ֎ͷIPΛϒϩοΫ͢Δ • 87%ͷސ٬͕֦ு͍ͯ͠Δ •

    ଞͷೝূϕϯμʔͱେ͖͘ҟͳΔ఺
  10. Response Optional Redirect External Page Your Code MFA Modified Access


    & ID Tokens Rules Own
 API Access & ID
 Tokens Enrich
 Profile Send to Intercom
  11. Auth0ͷઓུ 2013 2016 2019 ։ൃऀ ֦ுੑ ϓϥοτϑΥʔϜ εέʔϥϏϦςΟ ৴པ &

    ίϯϓϥΠΞϯε
  12. εέʔϥϏϦςΟ • 30ԯҎ্/݄ͷϩάΠϯΛ؅ཧ • 5ϲࠃɺ5ԯ1,200ສਓͷϓϩϑΝΠϧΛ؅ཧ • 12ສ΋ͷΞϓϦέʔγϣϯʢΫϥΠΞϯτʣ

  13. ৴པͱίϯϓϥΠΞϯε 27001 SOC HIPAA 27018 PCI

  14. Auth0ͷઓུ 2013 2016 2019 ։ൃऀ ֦ுੑ ϓϥοτϑΥʔϜ εέʔϥϏϦςΟ ৴པ &

    ίϯϓϥΠΞϯε ࣍͸Կʁ
  15. ϫϯΫϦοΫͰ
 ͋ΒΏΔΞϓϦέʔγϣϯʹ
 ҆શʹΞΫηεͰ͖ΔΑ͏ʹ͢Δ

  16. ΤϯυϢʔβʔͱͯ͠ • ϩάΠϯ͸อͨΕͭͭɺηΩϡϦςΟΛҡ࣋ͯ͠ཉ͍͠ • ղܾ͢Δखஈͱͯ͠ίϯϑΟσϯεϨϕϧͷಋೖ • ೝূͱ͍͏1ͭͷΠϕϯτʹରͯ͠Ϩϕϧ͕มΘΔ • ྫ )

    ৼΓࠐΈͳͲॏཁͳΞΫγϣϯͰMFA͕ൃಈ • ܧଓతͳೝূ͕ߦΘΕΔ
  17. None
  18. None
  19. ηΩϡϦςΟΤϯδχΞͱͯ͠ • Կ͕ى͖͍ͯͯɺԿΛ๷͙ͷ͔Λ೺Ѳ͍ͨ͠ • ⚠ Ϣʔβʔ͕10෼Ҏ಺ʹผͳࠃ͔ΒϩάΠϯ
 ɹɹ ϑΟογϯά߈ܸΛݕग़ • ⚠

    ଞͷࠃͷIPΞυϨε͔ΒϩάΠϯ
 ɹɹ Credential Stuffing߈ܸΛݕग़
  20. ؅ཧऀͱͯ͠ • ৽نސ٬͸৭ʑͳཁٻΛ͍࣋ͬͯΔ • ྫ ) ৽͍͠πʔϧͷಋೖɺ৽͍͠ϩάΠϯํࣜͷಋೖ • அଓత /

    ܧଓతʹൃੜ͢Δӡ༻ • ྫ ) σόΠεฆࣦɺAPIͷೝূ৘ใͷऔಘ • Auth0͕IFͱͳΓɺ֤ID؅ཧऀ͸ࣗ෼ͨͪͰ࣮ࢪ͢Δ
  21. ࣮૷ऀͱͯ͠ • ඞཁͳݶΓγϯϓϧʹɺͦͯ͠ύϫϑϧʹ • ͱͯ΋؆୯ʹελʔτͰ͖Δɺγϯϓϧ͞Λอͭ • ඞཁͰ͋Ε͹Connection, Hook, RuleͳͲͰ֦ுͰ͖Δ

  22. Features

  23. ௚ۙͰ௥Ճ͞Εͨػೳ Authentication & Authorization • Sign in with Apple •

    LINE • Enterprise OIDC Connections Service Management • Log Search Filtering
  24. ௚ۙͰ௥Ճ͞Εͨػೳ • Explorer • શͯͷઃఆΛ
 ϏδϡΞϥΠζ

  25. ௚ۙͰ௥Ճ͞Εͨػೳ • AWS Session Tag with Auth0 as SAML Provider

    • SAML Provider͔ΒSSO͢ΔࡍʹΞαʔγϣϯΛ෇͚Δ ͜ͱͰResourceͷTagͰABAC (Attributed-Based Access Control) Ͱ͖Δػೳ https://dev.classmethod.jp/cloud/aws/session-tag-auth0/
  26. Coming next (Q4 to 2020) • Universal LoginͷΧελϜςΩετ • ϋογϡࡁΈύεϫʔυͷΠϯϙʔτʢ֦ுʣ

    • ύεϫʔυϨεͷωΠςΟϒ/όοΫΤϯυΞϓϦͷαϙʔτ • ϦϑϨογϡτʔΫϯͷϩʔςʔγϣϯ (for ITP2 session interruptions) • On-Behalf-Of-Flowͷαϙʔτ IN PROGRESS
  27. Coming next (Q4 to 2020) • νʔϜΞΧ΢ϯτͷμογϡϘʔυ΁ͷΞΫηείϯτ ϩʔϧ • 3rd

    party΁ͷΑΓϦΞϧλΠϜͳϩάग़ྗ • ෆਖ਼ϩάΠϯΛܰݮ͢ΔͨΊͷ৴པ౓είΞϦϯά IN PROGRESS
  28. Coming next (Q4 to 2020) • MFAͷཁૉΛબ୒͢Δػೳ • Native FacebookϩάΠϯ

    • RBACͷͨΊͷϓϩόΠμιʔε/ϗετάϧʔϓػೳ • 3rd Party APIͷΞΫηείϯτϩʔϧ PLANNED
  29. Coming next (Q4 to 2020) • ॺ໊Ωʔϩʔςʔγϣϯ • ඇΞΫςΟϒޙͷϦϑϨογϡτʔΫϯͷߋ৽ •

    ϩάͷҰ؏ੑͷվળ • Management APIͰͷHooksͷ؅ཧ PLANNED
  30. Coming next (Q4 to 2020) • Universal Loginͷ͞ΒͳΔΧελϚΠζ • Web

    AuthNͱॺ໊ΩʔͷͨΊͷMFAαϙʔτ • ConsentͷΧελϚΠζͱϩʔΧϥΠζ • ؆୯ͳΞϓϦϚΠάϨʔγϣϯ CONCIDERING
  31. Coming next (Q4 to 2020) • Ϣʔβʔ͕ϒϩοΫ͞Εͨཧ༝ͷอ؅ • ύεϫʔυϦηοτϑϩʔͷΧελϚΠζ •

    ߹ཧԽ͞ΕͨB2B SaaSͷOrganization؅ཧ • Credential Stuffing߈ܸ (bot attack) ͷอޢ CONCIDERING
  32. Coming next (Q4 to 2020) • σόΠε͝ͱʹΞΫςΟϒηογϣϯΛ੍ޚ͢Δػೳ • ηογϣϯͷνΣοΫˍRevoke͕Ͱ͖ΔAPI •

    HooksͷContextualͳΤϥʔϋϯυϦϯά • ςφϯτͷ࡞੒ɺ؅ཧ͕Ͱ͖ΔAPI CONCIDERING
  33. Summary • Auth0ͷϏδϣϯ͸UXͱDXΛͱ΋ʹߴΊΔͱ͜Ζʹ͋Δ • UXͱͯ͠ɺ ϫϯΫϦοΫͰ҆શʹΞΫηεͰ͖ΔΑ͏ʹ͢Δ • DXͱͯ͠ɺγϯϓϧΛอͪɺࣗ༝ʹ֦ுͰ͖ΔΑ͏ʹ͢Δ

  34. "VUIύʔτφʔͱͯ͠ Resell Consulting Development "84ͱͷ
 ૊Έ߹ΘͤͰ
 ͓҆͘ܖ໿ ೝূγεςϜͷઃܭ΍
 ߏஙࢧԉΛ௨ͯ͠
 εϐʔσΟʹಋೖ

    "VUIΛ࢖ͬͨ
 ΞϓϦέʔγϣϯΛ
 νʔϜͰ։ൃ