Early this year we announced our plans to organize an OAuth security workshop on the IETF OAuth mailing list. We did this after we held a per-invitation only security workshop late December in response to the discovery of the OAuth Authorization Server Mix-Up problem. In the meanwhile we have made progress in the planning activities and we are happy to announce that the workshop will take place July 14th and 15th 2016 in Trier/Germany. The date fits nicely with the IETF meeting in Berlin and our host, the Chair for Information Security and Cryptography at the University of Trier, may be familiar to some of you in context of the formal security analysis of OAuth also published earlier this year.
More information about the event can be found on the workshop page.
With this workshop we particularly encourage researchers and other security experts to analyse OAuth and OAuth extensions and to report their findings at this workshop. Please note the position paper deadline, which is May 21st.
In terms of the scope for the workshop we are seeking security papers related to OAuth, OpenID Connect, and other technologies using OAuth under the hood. Papers on technologies that are used in OAuth, such as JOSE, or impact the security of OAuth, such as Web technology, are also welcome.
We are looking forward to your contributions and to the discussions at the workshop! Feel free to contact us if there are questions.