Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
熊でもわかるFIDO2
Search
Shohei Kobayashi
June 04, 2023
Technology
0
100
熊でもわかるFIDO2
FIDO2 / PassKey / Webauthnの概念から設計・実装まで
Shohei Kobayashi
June 04, 2023
Tweet
Share
More Decks by Shohei Kobayashi
See All by Shohei Kobayashi
CI/CD/インフラ勉強会Vol4 Amazon ECS編 Part1
srockstyle
0
120
熊でもわかるCI/CD/モダンインフラ Vol3 AWS CDK
srockstyle
0
360
熊でもわかるCI/CDモダンインフラ Github Action編
srockstyle
0
330
熊でもわかるCI/CD/モダンインフラVol1:用語を覚えよう編
srockstyle
0
490
Chefとnginxで作るPHPアプリケーションのReliable Blue Green Deployment
srockstyle
6
24k
Other Decks in Technology
See All in Technology
MLOps の現場から
asei
7
650
社外コミュニティで学び社内に活かす共に学ぶプロジェクトの実践/backlogworld2024
nishiuma
0
270
PHP ユーザのための OpenTelemetry 入門 / phpcon2024-opentelemetry
shin1x1
1
490
Storage Browser for Amazon S3
miu_crescent
1
240
alecthomas/kong はいいぞ / kamakura.go#7
fujiwara3
1
300
Oracle Cloudの生成AIサービスって実際どこまで使えるの? エンジニア目線で試してみた
minorun365
PRO
4
290
2024年にチャレンジしたことを振り返るぞ
mitchan
0
140
プロダクト開発を加速させるためのQA文化の築き方 / How to build QA culture to accelerate product development
mii3king
1
270
LINE Developersプロダクト(LIFF/LINE Login)におけるフロントエンド開発
lycorptech_jp
PRO
0
120
DevFest 2024 Incheon / Songdo - Compose UI 조합 심화
wisemuji
0
120
事業貢献を考えるための技術改善の目標設計と改善実績 / Targeted design of technical improvements to consider business contribution and improvement performance
oomatomo
0
100
KubeCon NA 2024 Recap / Running WebAssembly (Wasm) Workloads Side-by-Side with Container Workloads
z63d
1
250
Featured
See All Featured
Become a Pro
speakerdeck
PRO
26
5k
GraphQLとの向き合い方2022年版
quramy
44
13k
How to Think Like a Performance Engineer
csswizardry
22
1.2k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.3k
Building Flexible Design Systems
yeseniaperezcruz
327
38k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
5
450
The Invisible Side of Design
smashingmag
298
50k
Fantastic passwords and where to find them - at NoRuKo
philnash
50
2.9k
Into the Great Unknown - MozCon
thekraken
33
1.5k
Gamification - CAS2011
davidbonilla
80
5.1k
We Have a Design System, Now What?
morganepeng
51
7.3k
Making Projects Easy
brettharned
116
5.9k
Transcript
۽ͰΘ͔Δ FIDO2
༻ޠղઆ
ύεϫʔυΛΘͣʹೝূΛߦ͏ʮύεϫʔυϨεʯೝূͷ࠷৽ͷٕज़ن֨ ެ։伴Λࣄલʹొ͢Δ ϩάΠϯͷཁٻ νϟϨϯδίʔυΛ͚ͭͯ ೝূΛґཔ ࢿ֨ใͷೖྗ ʢࢦೝূͳͲʣ νϟϨϯδίʔυʹର͠ ൿີ伴Ͱॺ໊ ެ։伴ʹΑΔݕূ
ϩάΠϯڐՄ ൿີ伴ͷอ࣋ ެ։伴ͷอ࣋ '*%0ͱ 8FCαΠτ
'*%0ͷΈͷ՝ ެ։伴Λࣄલʹొࡁ ϩάΠϯͷཁٻ ެ։伴ʹΑΔݕূ ϩάΠϯڐՄ ൿີ伴#ͷอ࣋ ެ։伴ͷอ࣋ ൿີ伴"ͷอ࣋ ެ։伴ະొ ϩάΠϯͷཁٻ
ެ։伴ʹΑΔݕূ ϩάΠϯڐՄͰ͖ͳ͍ ެ։伴ొࡁ 1$ͱεϚϗ྆ํ͔ΒΞΫηε͍͕ͨ͠ɺ εϚϗͷൿີ伴͔͠ొͯ͠ͳ͍ͷͰ 1$͔ΒϩάΠϯͰ͖ͳ͍ͷͭΒ͍ 8FCαΠτ
ύεΩʔʢNVMUJEFWJDF'*%0DSFEFOUJBMʣ ΫϥυͰൿີ伴Λอଘ͠ڞ༗͢Δ͜ͱͰϚϧνσόΠεରԠ͢Δ๏ํ ൿີ伴ΛΫϥυͰڞ༗ ϩάΠϯͷཁٻ ެ։伴ʹΑΔݕূ ϩάΠϯڐՄ ެ։伴ͷอ࣋ ϩάΠϯͷཁٻ εϚϗͰ࡞ͬͨൿີ伴Λ1$Ͱ ڞ༗Ͱ͖ΔͷͰɺ
྆ํͰ'*%0ͰͷϩάΠϯ͕Ͱ͖Δʂ ެ։伴ʹΑΔݕূ ϩάΠϯڐՄ 8FCαΠτ
'*%0ೝূ͢Δ͜ͱʹύεΩʔͱ͍͏จ຺Ͱ ͏ਓ͍ΔͷͰؾΛ͚ͭΑ͏ɻ ʢຊͷҙຯҧ͏Αʣ
࣮
8FCBVUIO ύϒϦοΫΩʔೝূͷΠϯλʔϑΣΠεΛ8FCΞϓϦέʔγϣϯͰඪ४Խ͢ΔͨΊͷ8FCඪ४ɻ ެ։伴Λࣄલʹొ͢Δ ϩάΠϯͷཁٻ νϟϨϯδίʔυΛ͚ͭͯ ೝূΛґཔ 1*/ͷೖྗ UPVDI*% νϟϨϯδίʔυʹର͠
ൿີ伴Ͱॺ໊ ެ։伴ʹΑΔݕূ ϩάΠϯڐՄ ೝূػ 8FC"VUIO $MJFOU ϒϥβ 8FCαΠτ
8FCBVUIO ඞཁͳཁ݅ 1*/ͷೖྗ UPVDI*% ೝূػ 8FC"VUIO $MJFOU ϒϥβ 8FCαΠτ
WebAuthn Relying Partyʹ४ڌ͢Δ͜ͱ WebAutn Clientʹ ରԠ͢Δ͜ͱ FIDO2 authenticaterͱ ޓੑΛอͭ͜ͱ
8FCBVUIO ϒϥβͷରԠঢ়گ V67ʙ V87ʙ V13ʙ V60ʙ Vʙ &EHF)5.-࣌ʹ ରԠࡁΈ 2023/5
V113 2023/5 V16 2023/5 V113 2023/5 V40
8FCBVUIO࣮લ४උ ࢀߟ63- pedz/rails-7-passkey-demo https://github.com/pedz/rails-7-passkey-demo cedarcode/webauthn-ruby https://github.com/cedarcode/webauthn-ruby 'SPOUFOE #BDLFOE $npm install
webauthn-json $gem install webauthn-ruby
8FCBVUIO ೝূػ 8FC"VUIO $MJFOU ϒϥβ 8FCαΠτ Θ͚ͯߟ͑ΔͱΘ͔Γ͍͢Ͱ͢ Web Backend Database
Web Frontend
8FCBVUIO࣮ొ࣌ WebAuthn Client (ϒϥβ) Web Backend Web Frontend Database webauth
register API webautn callback API Home API ৽نొ ϩάΠϯ໊ཁٻ ϩάΠϯ໊1045 ϩάΠϯ໊1045 ϩάΠϯ໊ͷ6TFSΛ࡞ 8FCBVUO*%Λ࡞͠%#ʹอଘ DBMMCBDL"1*Λฦ͢ ެ։伴࡞ґཔ ެ։伴࡞ґཔ ೝূঢ়͚ͭͯ1045 ύϥϝʔλ͔ΒೝূใΛอଘ ϩάΠϯ0, ϩάΠϯ0, ೝূ͖ϖʔδΞΫηε ೝূ͖"1* ΞΫηε ೝূ͖ใΛ ฦ͢ ೝূ͖ใΛ දࣔ
8FCBVUIO࣮όοΫΤϯυͰ࣮͢Δͷ Web Backend Database webauth register API webautn callback API
Home API register API ϢʔβొˍνϟϨϯδίʔυൃߦ"1* register callback API ൿີ伴ͷొηογϣϯ։࢝"1* session API طଘͷϢʔβݕࡧˍνϟϨϯδίʔυൃߦ"1* session callback API ൿີ伴ͷ֬ೝɾηογϣϯ։࢝"1* ͭ"1*Λ࣮͢Δඞཁ͕͋Γɻ தطଘͷͷΛࢀর͢Δ͔৽ن࡞͔ͷҧ͍͔͠ͳ͠ɻ ͜Εطଘͷೝূඞਢ"1*ͳͷͰ ৽ͨʹ࣮͍Βͳ͍Α
8FCBVUIO࣮ϑϩϯτΤϯυͰ࣮͢Δͷ Sign Up Ϣʔβొ ൿີ伴࡞ґཔ SFHJTUFS"1*ͱDBMMCBDL"1*Λೋ࣮ͭߦ͢Δ Sign In طଘͷϢʔβͰϩάΠϯ ൿີ伴ݕࡧґཔ
TFTTJPO"1*ͱDBMMCBDL"1*Λೋ࣮ͭߦ͢Δ Credentials Management Page ൿີ伴ͷཧϖʔδ ͭը໘Λ࣮͢Δඞཁ͕͋Γɻ ͨͩϩάΠϯ෦ͷϩδοΫ͕1045͢Δ͚ͩͰͳ͍ͷͰҙɻ 8FC"VUIO+TPOΛͬͯൿີ伴ͷ࡞Λϒϥβʹଅ࣮͕͢ඞཁɻ Web Frontend
8FCBVUO՝
None
8FCαΠτ 1$ 4BGBSJൿີ伴 $ISPNFൿີ伴 ൿີ伴ೝূ ϩάΠϯ0, ൿີ伴ೝূ ϩάΠϯ/( ൿີ伴ͷڞ༗ ϒϥβؒͰ
ڞ༗ͯ͘͠Εͳ͍ ϒϥβؒͰͷڞ༗ߦΘΕͳ͍
8FCαΠτ macOS 4BGBS࡞ൿີ伴 $ISPNF࡞ൿີ伴 ൿີ伴ೝূ ϩάΠϯ0, ൿີ伴ೝূ ϩάΠϯ0, ൿີ伴ͷڞ༗ "QQMF1BTT,FZͱ͍͏ΈͰJ$MPVEܦ༝ͰσόΠεؒڞ༗͕Մೳ
iOS ൿີ伴ೝূ ϩάΠϯ0,
8FCαΠτ macOS ࡞ͨ͠ൿີ伴 ൿີ伴ೝূ ϩάΠϯ0, ൿີ伴ͷཧ iOS
8FCαΠτ macOS ࡞ͨ͠ൿີ伴 ൿີ伴ೝূ ϩάΠϯ0, ൿີ伴ͷཧ iOS Windows Andoid
ݱঢ়ͷղܾࡦ 8FCαΠτ NBD04J04ͷެ։伴 $ISPNFͷެ։伴 8JOEPXTͷެ։伴 macOS ࡞ͨ͠ൿີ伴 iOS Windows Andoid
"OESPJEͷެ։伴 αΠτଆͰҰਓͷϢʔβʹରͯ͠ެ։伴Λෳ࣋ͭ
'*%0ͷ·ͱΊͱײ w ൿີ伴ͷڞ༗ํ๏Λ͏·͘ΕΕ*1"44ํࣜʹऔͬͯมΘΔͰ͠ΐ͏ w Ϣʔβ໊ͱૹ৴Ϙλϯԡͤηογϣϯ։͍࢝खଆ͔Β͢ΔͱϚδͰָ w ෳ伴ཧϢʔβଆαʔϏεఏڙଆ໘ͳͷͰϢʔβެ։伴ʹ͍ͨ͠
Blog: https://www.srockstyle.com/ • Twitterɿhttps://twitter.com/srockstyle • Facebookɿhttps://www.facebook.com/srockstyle • Githubɿhttps://github.com/srockstyle • Qiitaɿhttp://qiita.com/srockstyle
• Wantedlyɿhttps://www.wantedly.com/users/2279 • YOUTRUST: https://youtrust.jp/users/srockstyle • Slideshareɿhttp://www.slideshare.net/srockstyle ۀҕୗͷࣄɺਖ਼ࣾһͱͯ͠ͷεΧτ͓ͪͯ͠·͢