Re: [OAUTH-WG] Second OAuth Security Workshop (Call for Papers)

Nat Sakimura <sakimura@gmail.com> Thu, 04 May 2017 07:19 UTC

Return-Path: <sakimura@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0763C129BAA for <oauth@ietfa.amsl.com>; Thu, 4 May 2017 00:19:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WU2PzKGfORo1 for <oauth@ietfa.amsl.com>; Thu, 4 May 2017 00:19:08 -0700 (PDT)
Received: from mail-qk0-x230.google.com (mail-qk0-x230.google.com [IPv6:2607:f8b0:400d:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE93712941D for <oauth@ietf.org>; Thu, 4 May 2017 00:19:07 -0700 (PDT)
Received: by mail-qk0-x230.google.com with SMTP id k74so4014937qke.1 for <oauth@ietf.org>; Thu, 04 May 2017 00:19:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=ZQ5R2tAYP7I+vwxvuWSKrwg3umfN9u8SbZNuW9Ux43A=; b=e66cJMyrkjrb2PB8bP4wepWyaLh6iE1Ip61aai0zUdNhuDS6W+aDbSawzw9cHrG+D3 K1lcVrX+G2HHD8+WS1f/jYiJoPnLriqiLqZHTF6xljgK4XO5hZt5abM8kBLGV6mXiGwf KmH8vSvqS80KZWlJNiXL63fYn7ejDU60flcOfrxRhyoRH35HbYMiHZ1FZMAKpzy5Xiq5 p35W8zfNcJYQmk83ny0wNVWRXqWn9bONGltMe5CCTiZcpfY7lUof/vG5fx6uJH4PVaME dnvTc/KVMExVOPjMqAGPwQfWx+jOuGYnuHHTFkD2o+S8vWSRG43U4wLPhkqO1NnKwU+P VJgw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=ZQ5R2tAYP7I+vwxvuWSKrwg3umfN9u8SbZNuW9Ux43A=; b=KIa6nW20lZdXDlgCISRtmZgfS1N/p3Dr2bsOF2ZcdjxhQd8yaHmr8V1oNCqp9ci7GG qXLcD00M+Ot7g1LZg7QgesKsZryEkgjUReKgsiJLjijxdWXzXTpybR7jg6uTHH5P6Pli 6qJEsLVjlYSWrB3dB2g+dMOLy0AekjmdBxwCbaHgaY4CezUZLXVVthNLH3XMPYlor5rz Rs3RmQRmBqYYw/WQHV4Eta6PJjgXJRr0+d2nr95+gpMSuQm1jg1VuZYuMUoR6STMTB+n B75bqYWSKnJ5f91NYwRNEPlxNerQegKtTtvRZO/kv3fXhq4MgfwnkCS/lVtmyKP0wFmg R/og==
X-Gm-Message-State: AN3rC/7BlMbOZ6Kgcbfg3SM6G1H8KPXPpUNuYAH/eSAk+/sC6LjoWnvq VPorP1JgJx1bh7HORmxgEy5eoP0WpQ==
X-Received: by 10.55.88.4 with SMTP id m4mr5975555qkb.84.1493882346873; Thu, 04 May 2017 00:19:06 -0700 (PDT)
MIME-Version: 1.0
References: <ed9a8430-5c80-6be3-8b5d-1759c4218919@lodderstedt.net> <BN6PR21MB05003786286B93ECF604D923F5220@BN6PR21MB0500.namprd21.prod.outlook.com> <269DD0EC-FCBF-4691-9BAA-2B8F144C0353@lodderstedt.net> <3A9170DD-0861-478D-A9DD-9A55DC930B8D@ve7jtb.com> <4ACE4772-E01B-4D9A-8AED-7926B9E87615@lodderstedt.net> <BN6PR21MB05003104D5B83C1B921AC8CAF51B0@BN6PR21MB0500.namprd21.prod.outlook.com> <18ACD3B9-A5BA-4C59-993C-C3A4C5F5EBBD@lodderstedt.net>
In-Reply-To: <18ACD3B9-A5BA-4C59-993C-C3A4C5F5EBBD@lodderstedt.net>
From: Nat Sakimura <sakimura@gmail.com>
Date: Thu, 04 May 2017 07:18:54 +0000
Message-ID: <CABzCy2DVf475Fh6JsAzSUufyDdY5X5uk856Td=d5ULCC9SLr1w@mail.gmail.com>
To: Torsten Lodderstedt <torsten@lodderstedt.net>, "oauth@ietf.org" <oauth@ietf.org>
Content-Type: multipart/alternative; boundary=001a114e2d289f2ac2054ead966d
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/Tp9ve-bauCj_yAWq1ajOtv3_cuk>
Subject: Re: [OAUTH-WG] Second OAuth Security Workshop (Call for Papers)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 May 2017 07:19:13 -0000

Ok, I will try but I am under multiple deadlines also...
On Wed, May 3, 2017 at 5:32 Torsten Lodderstedt <torsten@lodderstedt.net>
wrote:

> Hi all,
>
> FYI - submission deadline has been extended by one week since we didn’t
> receive as much submissions as expected.
>
> I would like to invite you to submit a paper or even to give an ad-hoc
> talk (I plan to). Please contact me via e-mail if you happen to have any
> question regarding this topic.
>
> best regards,
> Torsten.
>
>
>
> Am 20.04.2017 um 19:49 schrieb Mike Jones <Michael.Jones@microsoft.com>om>:
>
> Excellent!
>
>
>
> *From:* Torsten Lodderstedt [mailto:torsten@lodderstedt.net
> <torsten@lodderstedt.net>]
> *Sent:* Thursday, April 20, 2017 10:42 AM
> *To:* oauth@ietf.org
> *Cc:* Mike Jones <Michael.Jones@microsoft.com>om>; John Bradley <
> ve7jtb@ve7jtb.com>
> *Subject:* Re: [OAUTH-WG] Second OAuth Security Workshop (Call for Papers)
>
>
>
> Hi all,
>
>
>
> I'm pleased to announce the hosts managed to change the date of the
> security workshop to the end of the week before IETF-99, July 13-14.
>
>
>
> Please find the updated CfP below.
>
>
>
> kind regards,
>
> Torsten.
>
>
>
>
> ===============================================================================
>
> C a l l     F o r     P a p e r s
>
> Second OAuth Security Workshop (OSW 2017)
>
> Zurich, Switzerland -- July 13-14, 2017 (note the changed event date)
>
> WWW: https://zisc.ethz.ch/oauth-security-workshop-2017-cfp/
>
> Position paper submission deadline: May 2, 2017 (AoE, UTC-12).
>
>
> ===============================================================================
>
> Overview
>
> The OAuth Security Workshop (OSW) focuses on improving security of the
> OAuth standard and related Internet protocols. This workshop brings
> together the IETF OAuth Working Group and security experts from
> research, industry, and standardization to this end. The workshop is
> hosted by the Zurich Information Security and Privacy Center at ETH Zurich.
>
> While the standardization process of OAuth ensures extensive reviews
> (both security and non-security related), further analysis by security
> experts from academia and industry is essential to ensure high quality
> specifications. Contributions to this workshop can help to improve the
> security of the Web and the Internet.
>
>
> Scope
>
> We seek position papers related to the security of OAuth, OpenID
> Connect, and other technologies using OAuth under the hood.
> Contributions regarding technologies that are used in OAuth, such as
> JOSE, or impact the security of OAuth, such as Web technology, are also
> welcome.
>
>
> Important Dates
>
> Position paper submission deadline: May 2, 2017 (AoE, UTC-12).
> Author notification: May 15, 2017.
> Registration deadline: June 16, 2017.
> Workshop: July 13 and July 14, 2017.
>
>
> Invited Speakers
>
> Cas Cremers, University of Oxford
>
>
> Submission
>
> We welcome position papers that describe existing work, raise new
> requirements, highlight challenges, write-ups of implementation and
> deployment experience, lessons-learned from successful or failed
> attempts, and ideas on how to improve OAuth and OAuth extensions.
>
> Position papers submitted to the OAuth Security Workshop may report on
> (unpublished) work in progress, be submitted to other places, and may
> even have already appeared or been accepted elsewhere.
>
> Submissions must be in PDF format and should feature reasonable margins
> and formatting. There is no page limit, but the submission should be
> brief (ideally not more than 3-5 pages). Submissions should not be
> anonymized.
>
> Submission Website: https://easychair.org/conferences/?conf=osw17
>
>
> Publication and Presentation
>
> One of the authors of the accepted position paper is expected to present
> the paper at the workshop.
>
> All presentations and papers will be put online but there will be no
> formal proceedings. Authors of accepted papers will have the option to
> revise their papers before they are put online.
>
>
> IPR Policy
>
> The workshop will have no expectation of IPR disclosure or licensing
> related to its submissions. Authors are responsible for obtaining
> appropriate publication clearances.
>
>
> Program Committee
>
> Chairs
> David Basin (ETH Zurich)
> Torsten Lodderstedt (YES Europe)
>
> Members
> John Bradley (Ping Identity)
> Ralf Küsters (University of Stuttgart)
> Chris Mitchell (Royal Holloway University of London)
> Anthony Nadalin (Microsoft)
> Nat Sakimura (Nomura Research Institute)
> Ralf Sasse (ETH Zurich)
> Jörg Schwenk (Ruhr University Bochum)
> Hannes Tschofenig (IETF OAuth Working Group Co-Chair)
>
>
>
> Am 13.03.2017 um 21:01 schrieb John Bradley <ve7jtb@ve7jtb.com>om>:
>
>
>
> I did point out earlier when I discovered the dates, that I similarly
> asked for it to be later in the week.
> It is probably fine for Europeans but it will stop many people from being
> able to attend including myself unless I can come up with other meetings in
> Europe to fill those days.
>
> If we cant move it then we will have to live with it and attend or not.
>
> John B.
>
>
> On Mar 13, 2017, at 4:46 PM, Torsten Lodderstedt <torsten@lodderstedt.net>
> wrote:
>
> Hi Mike,
>
> yes, those are the right dates. There are restrictions from the host's
> side, that’s why the workshop needs to take place on Monday and Tuesday. As
> far as I remember the host was clear about that from the beginning.
>
> best regards,
> Torsten.
>
>
> Am 12.03.2017 um 22:15 schrieb Mike Jones <Michael.Jones@microsoft.com>om>:
>
> Are Monday-Tuesday, July 10-11 really the right dates?  I'm asking because
> IETF in Prague doesn't start until Sunday, July 16th.  That leaves 4 days
> dead time in between for those of us who are attending both.
>
> When I was first told about this workshop, I was told that it would be
> sometime Wednesday-Friday that week.  Can it be moved back to those dates?
> That would be a big help for those of us travelling distances to attend.
>
> Or is there also another event in the Wednesday-Friday timeframe that
> people should also be considering attending?
>
>                                                 Thanks,
>                                                         -- Mike
>
> -----Original Message-----
> From: OAuth [mailto:oauth-bounces@ietf.org <oauth-bounces@ietf.org>] On
> Behalf Of Torsten Lodderstedt
> Sent: Sunday, March 12, 2017 12:28 PM
> To: oauth@ietf.org
> Subject: [OAUTH-WG] Second OAuth Security Workshop (Call for Papers)
>
> Hi all,
>
> the OAuth WG and the ETH Zurich will organize another workshop on OAuth
> security (after the one last year in Trier).
>
> Please find the Call for Papers below.
>
> kind regards,
> Torsten.
>
> C a l l     F o r     P a p e r s
>
> Second OAuth Security Workshop (OSW 2017)
>
> Zurich, Switzerland -- July 10-11, 2017
>
> WWW:https://zisc.ethz.ch/oauth-security-workshop-2017-cfp/
>
>
> ===============================================================================
>
> Overview
>
> The OAuth Security Workshop (OSW) focuses on improving security of the
> OAuth standard and related Internet protocols. This workshop brings
> together the IETF OAuth Working Group and security experts from research,
> industry, and standardization to this end. The workshop is hosted by the
> Zurich Information Security and Privacy Center at ETH Zurich.
>
> While the standardization process of OAuth ensures extensive reviews (both
> security and non-security related), further analysis by security experts
> from academia and industry is essential to ensure high quality
> specifications. Contributions to this workshop can help to improve the
> security of the Web and the Internet.
>
>
> Scope
>
> We seek position papers related to the security of OAuth, OpenID Connect,
> and other technologies using OAuth under the hood.
> Contributions regarding technologies that are used in OAuth, such as JOSE,
> or impact the security of OAuth, such as Web technology, are also welcome.
>
>
> Important Dates
>
> Position paper submission deadline: May 2, 2017 (AoE, UTC-12).
> Author notification: May 15, 2017.
> Registration deadline: June 16, 2017.
> Workshop: July 10 and July 11, 2017.
>
>
> Invited Speakers
>
> Cas Cremers, University of Oxford
>
>
> Submission
>
> We welcome position papers that describe existing work, raise new
> requirements, highlight challenges, write-ups of implementation and
> deployment experience, lessons-learned from successful or failed attempts,
> and ideas on how to improve OAuth and OAuth extensions.
>
> Position papers submitted to the OAuth Security Workshop may report on
> (unpublished) work in progress, be submitted to other places, and may even
> have already appeared or been accepted elsewhere.
>
> Submissions must be in PDF format and should feature reasonable margins
> and formatting. There is no page limit, but the submission should be brief
> (ideally not more than 3-5 pages). Submissions should not be anonymized.
>
> Submission Website:https://easychair.org/conferences/?conf=osw17
>
>
> Publication and Presentation
>
> One of the authors of the accepted position paper is expected to present
> the paper at the workshop.
>
> All presentations and papers will be put online but there will be no
> formal proceedings. Authors of accepted papers will have the option to
> revise their papers before they are put online.
>
>
> IPR Policy
>
> The workshop will have no expectation of IPR disclosure or licensing
> related to its submissions. Authors are responsible for obtaining
> appropriate publication clearances.
>
>
> Program Committee
>
> Chairs
> David Basin (ETH Zurich)
> Torsten Lodderstedt (YES Europe)
>
> Members
> John Bradley (Ping Identity)
> Ralf Küsters (University of Stuttgart)
> Chris Mitchell (Royal Holloway University of London) Anthony Nadalin
> (Microsoft) Nat Sakimura (Nomura Research Institute) Ralf Sasse (ETH
> Zurich) Jörg Schwenk (Ruhr University Bochum) Hannes Tschofenig (IETF OAuth
> Working Group Co-Chair)
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>
>
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
-- 

Nat Sakimura

Chairman of the Board, OpenID Foundation