You are here

OAuth Security Workshop 2018


The OAuth Security Workshop (OSW) aim is to improve the security of OAuth and related Internet protocols by a direct exchange of views between academic researchers, IETF OAuth Working Group members and industry. The workshop is hosted by the Security and Trust research unit of the Bruno Kessler Foundation (FBK).

While the standardization process of OAuth ensures extensive reviews (both security and non-security related), further analysis by security experts from academia and industry is essential to ensure high quality specifications. Contributions to this workshop can help to improve the security of the Web and the Internet.

Scope and Topics

We seek position papers related to OAuth, OpenID Connect, and other technologies using OAuth under the hood. Contributions regarding technologies that are used in OAuth, such as JOSE, or impact the security of OAuth, such as Web technology, are also welcome.

Areas of interest where OAuth can be used as enabler of innovative scenarios include:

  • IoT, SmartCities and Industry 4.0. 
  • Mobile and Strong authentication. 
  • Federated Identity.
  • Privacy-enhancing technologies.

Important Dates

  • Position paper and Tutorial submission deadline: January 19, 2018
  • Author notification: February 5, 2018
  • Workshop: Wed, March 14, 2018 (half-day), Thu, March 15, 2018 (full-day), and Fri, March 16, 2018 (half-day)

Call for Papers

We solicit position papers that highlight challenges and lesson-learned from OAuth-based work. As all papers and presentations will be shared online without a formal proceedings, we accept different kinds of submissions: from original contributions to already published or preliminary works.

Submissions must be in PDF format and should feature reasonable margins and formatting. There is no page limit, but the submission should be brief (ideally not more than 3-5 pages). Submissions should not be anonymized.

Authors of accepted papers will have the option to revise their papers before they are put online. One of the authors of the accepted position paper is expected to present the paper at the workshop.

The workshop will host a half-day (March 14, 2018) tutorial program. Each tutorial proposal should concisely describe the content and objectives of the tutorial, and include:

  • title
  • abstract
  • outline of the tutorial content
  • intended audience, including possible assumed background of attendees
  • name, affiliation, email address, and brief biography of the speaker(s)
  • duration: 1 hour or 2 hours

Tutorial proposals should be submitted as a PDF file.
Submissions should be distinguished by the prefix “Tutorial:” in the title.

Submission Website:

Event Details

Event Dates & Venue

March 14-16, 2018

Fondazione Bruno Kessler
Trento, Italy

Workshop Chair

Silvio Ranise
Security & Trust, Fondazione Bruno Kessler

Program Committee


  • Roberto Carbone (Security & Trust, Fondazione Bruno Kessler)
  • Hannes Tschofenig (ARM Limited, IETF OAuth Working Group Co-Chair)


  • Michael Jones (Microsoft)
  • Ralf Kuesters (University of Stuttgart)
  • Torsten Lodderstedt (YES Europe AG)
  • Chris Mitchell (Royal Holloway, University of London)
  • Anthony Nadalin (Microsoft)
  • Nat Sakimura (Nomura Research Institute)
  • Antonio Sanso (Adobe)
  • Ralf Sasse (ETH Zurich)
  • Joerg Schwenk (Ruhr-Universität Bochum)
  • Giada Sciarretta (Security & Trust, Fondazione Bruno Kessler and University of Trento) 
  • TBC...



The registration link will be provided soon.