[OAUTH-WG] OAuth Security Workshop -- July 14th and 15th 2016 in Trier/Germany
Hannes Tschofenig <hannes.tschofenig@gmx.net> Mon, 11 January 2016 16:16 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D22B21A7002 for <oauth@ietfa.amsl.com>; Mon, 11 Jan 2016 08:16:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.099
X-Spam-Level:
X-Spam-Status: No, score=0.099 tagged_above=-999 required=5 tests=[BAYES_50=0.8, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4opGPyY_xJrp for <oauth@ietfa.amsl.com>; Mon, 11 Jan 2016 08:16:21 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 38D501A6F62 for <oauth@ietf.org>; Mon, 11 Jan 2016 08:16:21 -0800 (PST)
Received: from [192.168.10.141] ([146.108.200.221]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0Lx8ZJ-1a7Cu33AvR-016j6s for <oauth@ietf.org>; Mon, 11 Jan 2016 17:16:18 +0100
To: "oauth@ietf.org" <oauth@ietf.org>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
Message-ID: <5693D556.8090607@gmx.net>
Date: Mon, 11 Jan 2016 17:16:22 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="wTH8FlGUXcBMHoFDvh1SPPskwDSwu9fk9"
X-Provags-ID: V03:K0:wobCltpcvDDTq92jdrdEP6SO5MAdTY6tQzMaF1sCOVG8I99WH/n PWqeaS4Y2H0C5zq7X6FqAA8rfjGWdOIvrPMNjWH5Z0ORMlnyG53izx/4yuUFvBGISqRP914 nHQ3ojKEGFrO6vxulCFoiKPEE+jnDBwtXXDmJyH/x1UPADD3SN4C+VipaE+5VgafsCZTcVe t4YDXjJqyD5r02mRU+YVg==
X-UI-Out-Filterresults: notjunk:1;V01:K0:KmtCK1sX8xg=:MAUt9YlxUhtJAtVthU0oXd 88BAby0XKEE+YqS7j/55WBc9cF7EEJ2AXvSf5hknW4C8xgiAz1ZLU52A30aQs+SyQ5sCM3/Pq ltuscg4ip2mVIuetQEuz9fC0/n8vBqlOeA7h/FP8bvRlwRx/o4iSbarleFg2yR1yC1eNGiwE+ iVRNieahaKEelvgp3tcwIv4qkQTmPueg4Yyk3VvxFD3iU92g95E/h4zm82snqP2LkGfdSGZFr pouzrkUyqSFSaMDbr2RfxHpWNsR3aR67hF0b2A/H+ZNTfUSJaadizdwYPDDl2Bbf5pAlM1PuA UqEjkcysXA2s10zx0KmB59eGo2dnxczN7wa4ikrBfNGwodB9Cd3dr59gAYDAmHnA7I6hpWlMr 5sdiWy28DJUDrrMj9b1vaiFwc6bM3XXb+VnRgHhOC/u25JwG00XNAjBMqdSrMtsEjYR93a/ux CwePO0IMAQWI41heN+HfMA5L3MD4GFAbxPpTa7/AN4nKNn+XWT4+nXxHfEMVR9OXI2sq/pXt5 T6mVPggEWEt78P1mF62JrlDO5kqfISd05gfJaJL7Rxh88QymgCtojMEf1nKzixZrq4wBf3iz3 QqmzigV/0VLJk2JzWPbY5FsxFr5yaP0ZsXtC9a+k8ihbdfeCJL0CtCg7cKcTqdwMgFV07dg4q mcHsT3JuIfD5Zu1EtgutBThB4t9Z88tNaV5Ak56VsJ0HW26psTxyieY4dwd19kjiLZXhItZHZ KO1qcHWMJYk3cp81QaGFC0Jy0zMFCZakc+pnsJsIdEAynsnVrzBG8BcqAOw=
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/Dj7ebyVtjT0WhLkUWud30fPQI4I>
Subject: [OAUTH-WG] OAuth Security Workshop -- July 14th and 15th 2016 in Trier/Germany
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jan 2016 16:16:24 -0000
In context of the recent findings from researchers related to OAuth and OpenID Connect, see announcement at http://www.ietf.org/mail-archive/web/oauth/current/msg15336.html, we are convinced that the wider Internet security community can help to improve the security of Internet protocols. In an attempt to reach out to security experts from research, industry, and standardization we are announcing a workshop on OAuth security to be held during the week before the summer IETF meeting, namely July 14th and 15th 2016 in Trier/Germany. Our host will be the Chair for Information Security and Cryptography at the University of Trier. More details about the workshop, including registration information and logistics, will be provided in the next few weeks. As such, this is merely early planning information for those attending the summer IETF meeting and for researchers looking into OAuth and related technologies. In terms of the scope for the workshop we are seeking papers and talks related to OAuth, OpenID Connect, and other technologies using OAuth under the hood. Contributions of technologies that are used in OAuth, such as JOSE, or impact the security of OAuth, such as Web technology, are also welcome. The workshop will be structured as a series of sessions punctuated by invited speakers who will present their security findings, and relevant background information that help participants reach a deeper understanding of OAuth security. The organizing committee invites security experts from research, industry, and standardization to submit position papers to present their ideas and experiences at the workshop (details to follow). Participants will have to register for the workshop and we will have to charge a small amount for food and drinks (unless we manage to find a sponsor in time). We also plan to organize a social event in the evening of July 14th. This may include a guided sightseeing tour to some of the eight world heritage sites in Germany’s oldest city Trier. All presentations and papers will be put online but there will be no formal proceedings. Therefore, abstracts submitted to the OAuth Security Workshop may report on (unpublished) work in progress, be submitted to other places, and they may even already have appeared or been accepted elsewhere. While the standardization process ensures extensive reviews, both security and non-security related reviews, further analysis by security experts from academia and industry is essential to ensure high quality specifications. Your contribution can help to improve the security of the Web and the Internet. For further questions please contact the OAuth working group chairs at oauth-chairs@ietf.org.
- [OAUTH-WG] OAuth Security Workshop -- July 14th a… Hannes Tschofenig
- [OAUTH-WG] OAuth Security Workshop -- July 14th a… Hannes Tschofenig
- Re: [OAUTH-WG] OAuth Security Workshop -- July 14… Phil Hunt