Re: [OAUTH-WG] Second OAuth Security Workshop (Call for Papers)

Mike Jones <> Sun, 12 March 2017 21:15 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B520F1293FB for <>; Sun, 12 Mar 2017 14:15:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.012
X-Spam-Status: No, score=-3.012 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id g4Wi21mj6xxF for <>; Sun, 12 Mar 2017 14:15:40 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D2422126CD8 for <>; Sun, 12 Mar 2017 14:15:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=kKBKTh8ub6K1yszcRiWoPgSWf7EB+fh1FBP1ddesjpU=; b=duJT2rNWlvI99gb4EzQmAP/Di1R4/CxtLG5CGsACwrdL5dZKpTW3Q5O6wEfMqdXTCbTqzL3tP8gjF7NqhK2344GRMruNLzK3JeW+Z51747CcTRhWTH9zBA/nkiedtk/WCXH+BvfNje5foEC2eU0nsC+F7M3HT+avjgilljXHKjw=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.991.0; Sun, 12 Mar 2017 21:15:37 +0000
Received: from ([]) by ([]) with mapi id 15.01.0991.000; Sun, 12 Mar 2017 21:15:37 +0000
From: Mike Jones <>
To: Torsten Lodderstedt <>, "" <>
Thread-Topic: [OAUTH-WG] Second OAuth Security Workshop (Call for Papers)
Thread-Index: AQHSm2bQLtnJM11UhkObPM0YZgvrwaGRs9Mg
Date: Sun, 12 Mar 2017 21:15:37 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
authentication-results:; dkim=none (message not signed) header.d=none;; dmarc=none action=none;
x-originating-ip: []
x-microsoft-exchange-diagnostics: 1; BN6PR21MB0499; 7:4R93aAGGeKAk0aAp86BJAgk1hQqqk9qcm6bSceuG2agNiIZ0ASM3v0dOFqq1Z9toeCS/kLepnEnNDF+bLVudeRjJ2ovAFynEs0ap0KW/UZEabrn0HhdYVhZB+PBh143tWK/0bbixrh4bk8Q7uL2jkSN8K9b+sUMrpo8sxIo8dhZ26/7P8UKGN+0f6Mz58dU+998aZOX6KrFMtKKrKt2AyEhzWuYFVQYA3lNWvn7hG+H2IA4NCdxqZS6w2sLtulWGrNYcDwBrCqPmVt065TLWkhxnuhi79fwwy37+4pd8ZE5xE/rt96e5MlZcG4/m05oA2yVS6kHIseIWgczo0s/XIaBwxETCOnIEpHba2eFg10o=
x-ms-office365-filtering-correlation-id: 84267349-d139-49e5-c981-08d4698cee15
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081); SRVR:BN6PR21MB0499;
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-test: UriScan:(209352067349851)(192374486261705)(21532816269658);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040375)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026)(61426038)(61427038)(6041248)(20161123558025)(20161123562025)(20161123555025)(20161123560025)(20161123564025)(6072148); SRVR:BN6PR21MB0499; BCL:0; PCL:0; RULEID:; SRVR:BN6PR21MB0499;
x-forefront-prvs: 0244637DEA
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39450400003)(39850400002)(39840400002)(39860400002)(39410400002)(53754006)(377454003)(13464003)(10290500002)(5005710100001)(38730400002)(6246003)(3846002)(8990500004)(102836003)(66066001)(189998001)(53936002)(6116002)(10090500001)(229853002)(99286003)(77096006)(6306002)(9686003)(55016002)(6506006)(6436002)(25786008)(53546006)(33656002)(86362001)(86612001)(3280700002)(3660700001)(8676002)(81166006)(2906002)(8936002)(305945005)(7736002)(15650500001)(2900100001)(74316002)(2950100002)(2501003)(122556002)(54356999)(76176999)(5660300001)(106116001)(50986999)(225293001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR21MB0499;; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Mar 2017 21:15:37.4273 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR21MB0499
Archived-At: <>
Subject: Re: [OAUTH-WG] Second OAuth Security Workshop (Call for Papers)
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 12 Mar 2017 21:15:42 -0000

Are Monday-Tuesday, July 10-11 really the right dates?  I'm asking because IETF in Prague doesn't start until Sunday, July 16th.  That leaves 4 days dead time in between for those of us who are attending both.

When I was first told about this workshop, I was told that it would be sometime Wednesday-Friday that week.  Can it be moved back to those dates?  That would be a big help for those of us travelling distances to attend.

Or is there also another event in the Wednesday-Friday timeframe that people should also be considering attending?

				-- Mike

-----Original Message-----
From: OAuth [] On Behalf Of Torsten Lodderstedt
Sent: Sunday, March 12, 2017 12:28 PM
Subject: [OAUTH-WG] Second OAuth Security Workshop (Call for Papers)

Hi all,

the OAuth WG and the ETH Zurich will organize another workshop on OAuth security (after the one last year in Trier).

Please find the Call for Papers below.

kind regards,

C a l l     F o r     P a p e r s

Second OAuth Security Workshop (OSW 2017)

Zurich, Switzerland -- July 10-11, 2017




The OAuth Security Workshop (OSW) focuses on improving security of the OAuth standard and related Internet protocols. This workshop brings together the IETF OAuth Working Group and security experts from research, industry, and standardization to this end. The workshop is hosted by the Zurich Information Security and Privacy Center at ETH Zurich.

While the standardization process of OAuth ensures extensive reviews (both security and non-security related), further analysis by security experts from academia and industry is essential to ensure high quality specifications. Contributions to this workshop can help to improve the security of the Web and the Internet.


We seek position papers related to the security of OAuth, OpenID Connect, and other technologies using OAuth under the hood.
Contributions regarding technologies that are used in OAuth, such as JOSE, or impact the security of OAuth, such as Web technology, are also welcome.

Important Dates

Position paper submission deadline: May 2, 2017 (AoE, UTC-12).
Author notification: May 15, 2017.
Registration deadline: June 16, 2017.
Workshop: July 10 and July 11, 2017.

Invited Speakers

Cas Cremers, University of Oxford


We welcome position papers that describe existing work, raise new requirements, highlight challenges, write-ups of implementation and deployment experience, lessons-learned from successful or failed attempts, and ideas on how to improve OAuth and OAuth extensions.

Position papers submitted to the OAuth Security Workshop may report on
(unpublished) work in progress, be submitted to other places, and may even have already appeared or been accepted elsewhere.

Submissions must be in PDF format and should feature reasonable margins and formatting. There is no page limit, but the submission should be brief (ideally not more than 3-5 pages). Submissions should not be anonymized.

Submission Website:

Publication and Presentation

One of the authors of the accepted position paper is expected to present the paper at the workshop.

All presentations and papers will be put online but there will be no formal proceedings. Authors of accepted papers will have the option to revise their papers before they are put online.

IPR Policy

The workshop will have no expectation of IPR disclosure or licensing related to its submissions. Authors are responsible for obtaining appropriate publication clearances.

Program Committee

David Basin (ETH Zurich)
Torsten Lodderstedt (YES Europe)

John Bradley (Ping Identity)
Ralf Küsters (University of Stuttgart)
Chris Mitchell (Royal Holloway University of London) Anthony Nadalin (Microsoft) Nat Sakimura (Nomura Research Institute) Ralf Sasse (ETH Zurich) Jörg Schwenk (Ruhr University Bochum) Hannes Tschofenig (IETF OAuth Working Group Co-Chair)

OAuth mailing list