[OAUTH-WG] OAuth Security Workshop -- July 14th and 15th 2016 in Trier/Germany

Hannes Tschofenig <hannes.tschofenig@gmx.net> Mon, 11 January 2016 16:16 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id D22B21A7002 for <oauth@ietfa.amsl.com>; Mon, 11 Jan 2016 08:16:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.099
X-Spam-Status: No, score=0.099 tagged_above=-999 required=5 tests=[BAYES_50=0.8, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 4opGPyY_xJrp for <oauth@ietfa.amsl.com>; Mon, 11 Jan 2016 08:16:21 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net []) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 38D501A6F62 for <oauth@ietf.org>; Mon, 11 Jan 2016 08:16:21 -0800 (PST)
Received: from [] ([]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0Lx8ZJ-1a7Cu33AvR-016j6s for <oauth@ietf.org>; Mon, 11 Jan 2016 17:16:18 +0100
To: "oauth@ietf.org" <oauth@ietf.org>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
Message-ID: <5693D556.8090607@gmx.net>
Date: Mon, 11 Jan 2016 17:16:22 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="wTH8FlGUXcBMHoFDvh1SPPskwDSwu9fk9"
X-Provags-ID: V03:K0:wobCltpcvDDTq92jdrdEP6SO5MAdTY6tQzMaF1sCOVG8I99WH/n PWqeaS4Y2H0C5zq7X6FqAA8rfjGWdOIvrPMNjWH5Z0ORMlnyG53izx/4yuUFvBGISqRP914 nHQ3ojKEGFrO6vxulCFoiKPEE+jnDBwtXXDmJyH/x1UPADD3SN4C+VipaE+5VgafsCZTcVe t4YDXjJqyD5r02mRU+YVg==
X-UI-Out-Filterresults: notjunk:1;V01:K0:KmtCK1sX8xg=:MAUt9YlxUhtJAtVthU0oXd 88BAby0XKEE+YqS7j/55WBc9cF7EEJ2AXvSf5hknW4C8xgiAz1ZLU52A30aQs+SyQ5sCM3/Pq ltuscg4ip2mVIuetQEuz9fC0/n8vBqlOeA7h/FP8bvRlwRx/o4iSbarleFg2yR1yC1eNGiwE+ iVRNieahaKEelvgp3tcwIv4qkQTmPueg4Yyk3VvxFD3iU92g95E/h4zm82snqP2LkGfdSGZFr pouzrkUyqSFSaMDbr2RfxHpWNsR3aR67hF0b2A/H+ZNTfUSJaadizdwYPDDl2Bbf5pAlM1PuA UqEjkcysXA2s10zx0KmB59eGo2dnxczN7wa4ikrBfNGwodB9Cd3dr59gAYDAmHnA7I6hpWlMr 5sdiWy28DJUDrrMj9b1vaiFwc6bM3XXb+VnRgHhOC/u25JwG00XNAjBMqdSrMtsEjYR93a/ux CwePO0IMAQWI41heN+HfMA5L3MD4GFAbxPpTa7/AN4nKNn+XWT4+nXxHfEMVR9OXI2sq/pXt5 T6mVPggEWEt78P1mF62JrlDO5kqfISd05gfJaJL7Rxh88QymgCtojMEf1nKzixZrq4wBf3iz3 QqmzigV/0VLJk2JzWPbY5FsxFr5yaP0ZsXtC9a+k8ihbdfeCJL0CtCg7cKcTqdwMgFV07dg4q mcHsT3JuIfD5Zu1EtgutBThB4t9Z88tNaV5Ak56VsJ0HW26psTxyieY4dwd19kjiLZXhItZHZ KO1qcHWMJYk3cp81QaGFC0Jy0zMFCZakc+pnsJsIdEAynsnVrzBG8BcqAOw=
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/Dj7ebyVtjT0WhLkUWud30fPQI4I>
Subject: [OAUTH-WG] OAuth Security Workshop -- July 14th and 15th 2016 in Trier/Germany
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jan 2016 16:16:24 -0000

In context of the recent findings from researchers related to OAuth and
OpenID Connect, see announcement at
http://www.ietf.org/mail-archive/web/oauth/current/msg15336.html, we are
convinced that the wider Internet security community can help to improve
the security of Internet protocols.

In an attempt to reach out to security experts from research, industry,
and standardization we are announcing a workshop on OAuth security to be
held during the week before the summer IETF meeting, namely July 14th
and 15th 2016 in Trier/Germany. Our host will be the Chair for
Information Security and Cryptography at the University of Trier.

More details about the workshop, including registration information and
logistics, will be provided in the next few weeks. As such, this is
merely early planning information for those attending the summer IETF
meeting and for researchers looking into OAuth and related technologies.

In terms of the scope for the workshop we are seeking papers and talks
related to OAuth, OpenID Connect, and other technologies using OAuth
under the hood. Contributions of technologies that are used in OAuth,
such as JOSE, or impact the security of OAuth, such as Web technology,
are also welcome.

The workshop will be structured as a series of sessions punctuated by
invited speakers who will present their security findings, and relevant
background information that help participants reach a deeper
understanding of OAuth security. The organizing committee invites
security experts from research, industry, and standardization to submit
position papers to present their ideas and experiences at the workshop
(details to follow).

Participants will have to register for the workshop and we will have to
charge a small amount for food and drinks (unless we manage to find a
sponsor in time). We also plan to organize a  social event in the
evening of July 14th. This may include a guided sightseeing tour to some
of the eight world heritage sites in Germany’s oldest city Trier.

All presentations and papers will be put online but there will be no
formal proceedings. Therefore, abstracts submitted to the OAuth Security
Workshop may report on (unpublished) work in progress, be submitted to
other places, and they may even already have appeared or been accepted

While the standardization process ensures extensive reviews, both
security and non-security related reviews, further analysis by security
experts from academia and industry is essential to ensure high quality
specifications. Your contribution can help to improve the security of
the Web and the Internet.

For further questions please contact the OAuth working group chairs at