[OAUTH-WG] Second OAuth Security Workshop (Call for Papers)

Torsten Lodderstedt <torsten@lodderstedt.net> Sun, 12 March 2017 19:28 UTC

Return-Path: <torsten@lodderstedt.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 05F311294C7 for <oauth@ietfa.amsl.com>; Sun, 12 Mar 2017 12:28:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.622
X-Spam-Status: No, score=-2.622 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id F39pedcEi6a3 for <oauth@ietfa.amsl.com>; Sun, 12 Mar 2017 12:28:12 -0700 (PDT)
Received: from smtprelay05.ispgateway.de (smtprelay05.ispgateway.de []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 493241294AB for <oauth@ietf.org>; Sun, 12 Mar 2017 12:28:12 -0700 (PDT)
Received: from [] (helo=[]) by smtprelay05.ispgateway.de with esmtpsa (TLSv1.2:DHE-RSA-AES128-SHA:128) (Exim 4.84) (envelope-from <torsten@lodderstedt.net>) id 1cn9A0-0005ig-8Z for oauth@ietf.org; Sun, 12 Mar 2017 20:28:08 +0100
To: "oauth@ietf.org" <oauth@ietf.org>
From: Torsten Lodderstedt <torsten@lodderstedt.net>
Message-ID: <ed9a8430-5c80-6be3-8b5d-1759c4218919@lodderstedt.net>
Date: Sun, 12 Mar 2017 20:28:09 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.7.1
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Df-Sender: dG9yc3RlbkBsb2RkZXJzdGVkdC5uZXQ=
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/VJpAenJCb8wAe3ogSIEUn1WWmdk>
Subject: [OAUTH-WG] Second OAuth Security Workshop (Call for Papers)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Mar 2017 19:28:15 -0000

Hi all,

the OAuth WG and the ETH Zurich will organize another workshop on OAuth 
security (after the one last year in Trier).

Please find the Call for Papers below.

kind regards,

C a l l     F o r     P a p e r s

Second OAuth Security Workshop (OSW 2017)

Zurich, Switzerland -- July 10-11, 2017




The OAuth Security Workshop (OSW) focuses on improving security of the
OAuth standard and related Internet protocols. This workshop brings
together the IETF OAuth Working Group and security experts from
research, industry, and standardization to this end. The workshop is
hosted by the Zurich Information Security and Privacy Center at ETH Zurich.

While the standardization process of OAuth ensures extensive reviews
(both security and non-security related), further analysis by security
experts from academia and industry is essential to ensure high quality
specifications. Contributions to this workshop can help to improve the
security of the Web and the Internet.


We seek position papers related to the security of OAuth, OpenID
Connect, and other technologies using OAuth under the hood.
Contributions regarding technologies that are used in OAuth, such as
JOSE, or impact the security of OAuth, such as Web technology, are also

Important Dates

Position paper submission deadline: May 2, 2017 (AoE, UTC-12).
Author notification: May 15, 2017.
Registration deadline: June 16, 2017.
Workshop: July 10 and July 11, 2017.

Invited Speakers

Cas Cremers, University of Oxford


We welcome position papers that describe existing work, raise new
requirements, highlight challenges, write-ups of implementation and
deployment experience, lessons-learned from successful or failed
attempts, and ideas on how to improve OAuth and OAuth extensions.

Position papers submitted to the OAuth Security Workshop may report on
(unpublished) work in progress, be submitted to other places, and may
even have already appeared or been accepted elsewhere.

Submissions must be in PDF format and should feature reasonable margins
and formatting. There is no page limit, but the submission should be
brief (ideally not more than 3-5 pages). Submissions should not be

Submission Website:https://easychair.org/conferences/?conf=osw17

Publication and Presentation

One of the authors of the accepted position paper is expected to present
the paper at the workshop.

All presentations and papers will be put online but there will be no
formal proceedings. Authors of accepted papers will have the option to
revise their papers before they are put online.

IPR Policy

The workshop will have no expectation of IPR disclosure or licensing
related to its submissions. Authors are responsible for obtaining
appropriate publication clearances.

Program Committee

David Basin (ETH Zurich)
Torsten Lodderstedt (YES Europe)

John Bradley (Ping Identity)
Ralf Küsters (University of Stuttgart)
Chris Mitchell (Royal Holloway University of London)
Anthony Nadalin (Microsoft)
Nat Sakimura (Nomura Research Institute)
Ralf Sasse (ETH Zurich)
Jörg Schwenk (Ruhr University Bochum)
Hannes Tschofenig (IETF OAuth Working Group Co-Chair)