#これはテストです。
Employing FIDO authenticators and the WebAuthn API in your sign-in flows: A guide for relying parties
-
Account Bootstrapping: “Bootstrapping an account on a device”, or “bootstrap sign-in”.
Starting from scratch[1], a relying party authenticates a user. For example, this happens when a user puts their existing account on a newly-purchased phone. Or when a user logs into a website for the first time in a given browser instance. Or when a user logs into a website in a private browsing session (which doesn’t have cookies and other state from the main browsing session). Or when a user signs into a mobile app for the first time on a given device. Note that this is different from creating an account with a service in the first place. -
Reauthentication happens when a relying party already knows who the user is, but would like to reconfirm this. For example, this happens before making sensitive changes to an account (add a recovery email address, change the passwords, etc.): a relying party would typically ask the user to re-enter their password or perform some other action to reconfirm their control of the session. Likewise, when a mobile app asks the user to sign in every time the app starts (or a web site asks the user to sign in again after a period of inactivity), this is technically a reauthentication, since the app or web site can choose to remember the user's authentication state after the account has been bootstrapped on the device, e.g., by setting cookies.
-
Relying Party (RP): The website that is trying to ascertain the identity of the user or perform FIDO authentication.