---------- Forwarded message ----------
From: Hannes Tschofenig <hannes.tschofenig at gmx.net>
Date: Thu, Dec 14, 2017 at 6:06 AM
Subject: [saag] 3rd OAuth Security Workshop (OSW 2018)
To: saag <saag at ietf.org>
Several of us from the OAuth working group are again organizing a
workshop in the week before the London IETF meeting. Here is the
Why should you care?
We organized the first OAuth security workshop in 2015 when a group of
researchers from Trier / Germany used formal methods to analyse OAuth.
None of us working on the OAuth spec had the time and expertise to use
formal methods and we noticed the opportunity to work with this research
community to help us build better specifications. At all subsequent
OAuth security workshops, including the last one in Zurich -
https://zisc.ethz.ch/oauth-security-workshop-2017/, one part of the
meeting was dedicated to the discussion of formal methods for protocol
This workshop is therefore a way to bridge the gap between research and
standardization with OAuth as an example. The discussed tools are
applicable to other IETF security protocols as well. The same is true
for the gained experience.
It would be great to see some of you also attend the workshop and
contribute! The deadline for papers and tutorials is January 19, 2018.
If you are working on topics that could help make standardization of
OAuth (or other security protocols) better please drop us/me a note.
Call for Position Papers and Tutorials
Third OAuth Security Workshop (OSW 2018)
Fondazione Bruno Kessler
March 14-16, 2018
Workshop website: https://st.fbk.eu/osw2018
== About OSW 2018 ==
The OAuth Security Workshop (OSW) aim is to improve the
security of OAuth and related Internet protocols by a direct
exchange of views between academic researchers, IETF
OAuth Working Group members and industry. The workshop
is hosted by the Security and Trust research unit of the
Bruno Kessler Foundation (FBK).
While the standardization process of OAuth ensures extensive reviews
(both security and non-security related), further analysis by security
experts from academia and industry is essential to ensure high quality
specifications. Contributions to this workshop can help to improve the
security of the Web and the Internet.
== Scope and Topics ==
We seek position papers related to OAuth, OpenID Connect, and other
technologies using OAuth under the hood. Contributions regarding
technologies that are used in OAuth, such as JOSE, or impact the
security of OAuth, such as Web technology, are also welcome.
Areas of interest where OAuth can be used as enabler of innovative
- IoT, SmartCities and Industry 4.0.
- Mobile and Strong authentication.
- Federated Identity.
- Privacy-enhancing technologies.
== Important Dates ==
- Position paper and Tutorial submission deadline: January 19, 2018
- Author notification: February 5, 2018
- Workshop: Wed, March 14, 2018 (half-day), Thu, March 15, 2018
Fri, March 16, 2018 (half day)
== Submissions ==
We solicit position papers that highlight challenges and lesson-learned
from OAuth-based work. As all papers and presentations will be shared
online without formal proceedings, we accept different kinds of submissions:
from original contributions to already published or preliminary works.
Submissions must be in PDF format and should feature reasonable margins
and formatting. There is no page limit, but the submission should be
brief (ideally not more than 3-5 pages). Submissions should not
Authors of accepted papers will have the option to revise their
papers before they are put online. One of the authors of the accepted
position paper is expected to present the paper at the workshop.
The workshop will host a half-day (March 14, 2018) tutorial program.
Each tutorial proposal should concisely describe the content and
objectives of the tutorial, and include:
- outline of the tutorial content
- intended audience, including possible assumed background of attendees
- name, affiliation, email address, and brief biography of the speaker(s)
- duration: 1 hour or 2 hours
Tutorial proposals should be submitted as a PDF file.
Submissions should be distinguished by the prefix “Tutorial:” in the title.
Submission Website: https://easychair.org/conferences/?conf=osw2018
== IPR Policy ==
The workshop will have no expectation of IPR disclosure or licensing
related to its submissions. Authors are responsible for obtaining
appropriate publication clearances.
== Workshop Chair ==
- Silvio Ranise (Security & Trust, Fondazione Bruno Kessler)
== Program Committee ==
- Roberto Carbone (Security & Trust, Fondazione Bruno Kessler)
- Hannes Tschofenig (IETF OAuth Working Group Co-Chair)
- Michael Jones (Microsoft)
- Ralf Kuesters (University of Stuttgart)
- Torsten Lodderstedt (YES Europe AG)
- Chris Mitchell (Royal Holloway, University of London)
- Anthony Nadalin (Microsoft)
- Nat Sakimura (Nomura Research Institute)
- Antonio Sanso (Adobe)
- Ralf Sasse (ETH Zurich)
- Joerg Schwenk (Ruhr-Universität Bochum)
- Giada Sciarretta (Security & Trust, Fondazione Bruno Kessler and Univ.
== Conference site and contacts ==
For more detailed information please refer to the workshop web site:
If you have any questions on OSW18, please contact
carbone [at] fbk [dot] eu, giada.sciarretta [at] fbk [dot] eu
saag mailing list
saag at ietf.orghttps://www.ietf.org/mailman/listinfo/saag
-------------- next part --------------
An HTML attachment was scrubbed...