In context of the recent findings from researchers related to OAuth and OpenID Connect, see announcement at http://www.ietf.org/mail-archive/web/oauth/current/msg15336.html, we are convinced that the wider Internet security community can help to improve the security of Internet protocols.
In an attempt to reach out to security experts from research, industry, and standardization we are announcing a workshop on OAuth security to be held during the week before the summer IETF meeting, namely July 14th and 15th 2016 in Trier/Germany. Our host will be the Chair for Information Security and Cryptography at the University of Trier. More details about the workshop, including registration information and logistics, will be provided in the next few weeks. As such, this is merely early planning information for those attending the summer IETF meeting and for researchers looking into OAuth and related technologies. In terms of the scope for the workshop we are seeking papers and talks related to OAuth, OpenID Connect, and other technologies using OAuth under the hood. Contributions of technologies that are used in OAuth, such as JOSE, or impact the security of OAuth, such as Web technology, are also welcome. The workshop will be structured as a series of sessions punctuated by invited speakers who will present their security findings, and relevant background information that help participants reach a deeper understanding of OAuth security. The organizing committee invites security experts from research, industry, and standardization to submit position papers to present their ideas and experiences at the workshop (details to follow). Participants will have to register for the workshop and we will have to charge a small amount for food and drinks (unless we manage to find a sponsor in time). We also plan to organize a social event in the evening of July 14th. This may include a guided sightseeing tour to some of the eight world heritage sites in Germany’s oldest city Trier. All presentations and papers will be put online but there will be no formal proceedings. Therefore, abstracts submitted to the OAuth Security Workshop may report on (unpublished) work in progress, be submitted to other places, and they may even already have appeared or been accepted elsewhere. While the standardization process ensures extensive reviews, both security and non-security related reviews, further analysis by security experts from academia and industry is essential to ensure high quality specifications. Your contribution can help to improve the security of the Web and the Internet. For further questions please contact the OAuth working group chairs at oauth-cha...@ietf.org.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
