[OAUTH-WG] 3rd OAuth Security Workshop (OSW 2018)

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Thu, 14 December 2017 09:00 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 40AE51275C5 for <oauth@ietfa.amsl.com>; Thu, 14 Dec 2017 01:00:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.91
X-Spam-Status: No, score=-2.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id YG9X2wM9mzYQ for <oauth@ietfa.amsl.com>; Thu, 14 Dec 2017 01:00:10 -0800 (PST)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40068.outbound.protection.outlook.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8CA00120046 for <oauth@ietf.org>; Thu, 14 Dec 2017 01:00:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=oIMuHVPA0xuM1jfUfXUtrqjwLEc1DowjcN/+9T0xGE4=; b=MqfK0FcWq7rYVp9sTUzDCnw74Ej88EL2OEPzkOxJ9u2qD9OnJEeLV16Sbjy09+bkgqVavEHA8xIIdzW8qdR3nW4lFQQZ3tXEpO35kFK+s3H/UlxmyPAO9se6cFruCO6Ueo/cqJiWLNZexdoFUlonvPbIPriZOKt3kCprZUNHn2c=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ( by AM4PR0801MB2706.eurprd08.prod.outlook.com ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.302.9; Thu, 14 Dec 2017 09:00:06 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::b9af:5048:9d97:f7e6]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::b9af:5048:9d97:f7e6%14]) with mapi id 15.20.0302.013; Thu, 14 Dec 2017 09:00:06 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: 3rd OAuth Security Workshop (OSW 2018)
Thread-Index: AdN0uB/T+4wdQKrgRbablUGaZSSlWQ==
Date: Thu, 14 Dec 2017 09:00:06 +0000
Message-ID: <AM4PR0801MB2706C980A7AA6280E664DDFCFA0A0@AM4PR0801MB2706.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: []
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2706; 6:W7cQ/zPt1d8jevzEc7gvaPJtrw/kxco+Uwn+vtyS2OzJ1Z+1mNVjmQcqkDmeIXi0Zt8om2gr5Z3x5A+nTfZnaxmacWB7YYl6KoxWv9kVtD1ZtPUO1SoF6BWhfaVlsALSuNUbSG5mugm3SVgwG3faf54gZE+sPqGpJiCpLDuP54aFiu25E38jq95gmSSbUe+qoF2yAC51odfXLVhrPZDfwFG0wz1k7CdxwyK9k7JVMvyAdtgxaZ/TBUXuGWi443w8nNtlzDxCwR5+QuUJevhCKyi7sr031LmYeUgUC+oHu5z0vEaUzAqVk6M5LavxoUNIWh/espBdnwx+ShcxiCwKgOHuMTWepPQgVbdY8wLZ7pw=; 5:iGjswIIuhCceULOO2AEgfO42KxfutC9oHRMK9sOIZZ+2ezbeBJWKJFZbb/YcXkRXktrXCwjVdiz8JJpxK3bf3EI8ioM7+q7Q0mQ9pPyE9c+MC7Q44Cp85GMfoOKzOK8DCC6Z9XMOrnpKmaO+6xTRAa5Lla8t9K40Nz3VTB30Xs4=; 24:ARwCNJS9hviUr5ndtKi+iTJiofXhBoWlrkmJvaqaFJr8On5HPCuzSIlqg5+7s31g6gbhd/NernJblViIe2Wmc+CXT9aQrt35u5zdEV72b8A=; 7:fGAA/nAWs1cMgRe5dIfnBRRpMF/hgwJhNMD3AsipXJDiFMP2msTWwoOvjb3VUs8eLFZjYXomgM7ziGdr4I0LqeREZoE2yWP0BeY6VRksB3dCrGRH/TPPcil7XWf5vU7hym5fujQWuUkNXolBGiIBx5s5dEXxlqW7B5cQxUTJCk/YmKZkcrEAjZyydxntmJFgOdaa6aIDm4J1D+9GUXStXW5o2POOQG+mNHbWvmdDSqmxMsflYV+W06Hsc0vJ4hcX
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 94c62612-3faf-43dd-316b-08d542d11286
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(48565401081)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307); SRVR:AM4PR0801MB2706;
x-ms-traffictypediagnostic: AM4PR0801MB2706:
x-microsoft-antispam-prvs: <AM4PR0801MB27069A1ED68561BA4C4C4577FA0A0@AM4PR0801MB2706.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(209352067349851)(192374486261705)(21532816269658);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(5005006)(8121501046)(3231023)(93006095)(93001095)(3002001)(10201501046)(6055026)(6041248)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123560025)(20161123564025)(20161123562025)(6072148)(201708071742011); SRVR:AM4PR0801MB2706; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:AM4PR0801MB2706;
x-forefront-prvs: 05214FD68E
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(39860400002)(346002)(396003)(366004)(199004)(189003)(53754006)(28244002)(40434004)(81156014)(15650500001)(7736002)(74316002)(33656002)(2900100001)(561944003)(66066001)(81166006)(2906002)(8676002)(305945005)(99286004)(102836003)(6436002)(3846002)(9686003)(5640700003)(1730700003)(53936002)(55016002)(106356001)(5890100001)(2501003)(5250100002)(2351001)(6116002)(6306002)(105586002)(59450400001)(3660700001)(7696005)(3280700002)(8936002)(86362001)(316002)(14454004)(5660300001)(6916009)(25786009)(478600001)(97736004)(966005)(72206003)(4743002)(68736007)(6506007)(45080400002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2706; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 94c62612-3faf-43dd-316b-08d542d11286
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Dec 2017 09:00:06.8238 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2706
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/_asIJGA659btCn9QeAH3PSDKVyM>
Subject: [OAUTH-WG] 3rd OAuth Security Workshop (OSW 2018)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Dec 2017 09:00:17 -0000

Hi all,

at the Singapore IETF meeting I announced the next OAuth security workshop and provided a link to the website at during the introduction of the OAuth WG meeting.

Below is the call for papers and tutorials. Please keep the deadline (January 19, 2018) in mind. The workshop takes place the week before the London IETF meeting.

We would appreciate your input and contributions since this is our primary way to reach out to the research community.

Hannes & Rifaat

Call for Position Papers and Tutorials

Third OAuth Security Workshop (OSW 2018)
Fondazione Bruno Kessler
Trento, Italy
March 14-16, 2018
Workshop website: https://st.fbk.eu/osw2018

== About OSW 2018 ==

The OAuth Security Workshop (OSW) aim is to improve the
security of OAuth and related Internet protocols by a direct
exchange of views between academic researchers, IETF
OAuth Working Group members and industry. The workshop
is hosted by the Security and Trust research unit of the
Bruno Kessler Foundation (FBK).

While the standardization process of OAuth ensures extensive reviews
(both security and non-security related), further analysis by security
experts from academia and industry is essential to ensure high quality
specifications. Contributions to this workshop can help to improve the
security of the Web and the Internet.

== Scope and Topics ==

We seek position papers related to OAuth, OpenID Connect, and other
technologies using OAuth under the hood. Contributions regarding
technologies that are used in OAuth, such as JOSE, or impact the
security of OAuth, such as Web technology, are also welcome.

Areas of interest where OAuth can be used as enabler of innovative
scenarios include:
- IoT, SmartCities and Industry 4.0.
- Mobile and Strong authentication.
- Federated Identity.
- Privacy-enhancing technologies.

== Important Dates ==

- Position paper and Tutorial submission deadline: January 19, 2018
(AoE, UTC-12).
- Author notification:  February 5, 2018
- Workshop: Wed, March 14, 2018 (half-day), Thu, March 15, 2018 (full-day), and
  Fri, March 16, 2018 (half day)

== Submissions ==

We solicit position papers that highlight challenges and lesson-learned
from OAuth-based work. As all papers and presentations will be shared
online without formal proceedings, we accept different kinds of submissions:
from original contributions to already published or preliminary works.

Submissions must be in PDF format and should feature reasonable margins
and formatting. There is no page limit, but the submission should be
brief (ideally not more than 3-5 pages).  Submissions should not
be anonymized.

Authors of accepted papers will have the option to revise their
papers before they are put online. One of the authors of the accepted
position paper is expected to present the paper at the workshop.

The workshop will host a half-day (March 14, 2018) tutorial program.
Each tutorial proposal should concisely describe the content and
objectives of the tutorial, and include:
- title
- abstract
- outline of the tutorial content
- intended audience, including possible assumed background of attendees
- name, affiliation, email address, and brief biography of the speaker(s)
- duration: 1 hour or 2 hours

Tutorial proposals should be submitted as a PDF file.
Submissions should be distinguished by the prefix "Tutorial:" in the title.

Submission Website: https://easychair.org/conferences/?conf=osw2018

== IPR Policy ==

The workshop will have no expectation of IPR disclosure or licensing
related to its submissions. Authors are responsible for obtaining
appropriate publication clearances.

== Workshop Chair ==

- Silvio Ranise (Security & Trust, Fondazione Bruno Kessler)

== Program Committee ==

- Roberto Carbone (Security & Trust, Fondazione Bruno Kessler)
- Hannes Tschofenig (IETF OAuth Working Group Co-Chair)

- Michael Jones (Microsoft)
- Ralf Kuesters (University of Stuttgart)
- Torsten Lodderstedt (YES Europe AG)
- Chris Mitchell (Royal Holloway, University of London)
- Anthony Nadalin (Microsoft)
- Nat Sakimura (Nomura Research Institute)
- Antonio Sanso (Adobe)
- Ralf Sasse (ETH Zurich)
- Joerg Schwenk (Ruhr-Universit├Ąt Bochum)
- Giada Sciarretta (Security & Trust, Fondazione Bruno Kessler and Univ. of Trento)

== Conference site and contacts ==

For more detailed information please refer to the workshop web site:

If you have any questions on OSW18, please contact
carbone [at] fbk [dot] eu, giada.sciarretta [at] fbk [dot] eu
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.