Security & Trust

OAuth Security Workshop 2018


The OAuth Security Workshop (OSW) aim is to improve the security of OAuth and related Internet protocols by a direct exchange of views between academic researchers, IETF OAuth Working Group members and industry. The workshop is hosted by the Security and Trust research unit of the Bruno Kessler Foundation (FBK).

While the standardization process of OAuth ensures extensive reviews (both security and non-security related), further analysis by security experts from academia and industry is essential to ensure high quality specifications. Contributions to this workshop can help to improve the security of the Web and the Internet.

Scope and Topics

We seek position papers related to OAuth, OpenID Connect, and other technologies using OAuth under the hood. Contributions regarding technologies that are used in OAuth, such as JOSE, or impact the security of OAuth, such as Web technology, are also welcome.

Areas of interest where OAuth can be used as enabler of innovative scenarios include:

  • IoT, SmartCities and Industry 4.0.
  • Mobile and Strong authentication.
  • Federated Identity.
  • Privacy-enhancing technologies.

Important Dates

  • Position paper and Tutorial submission deadline: January 19, 2018 Extended to January 26, 2018
  • Author notification: February 5, 2018 Extended to February 12, 2018
  • Workshop: Wed, March 14, 2018 (half-day), Thu, March 15, 2018 (full-day), and Fri, March 16, 2018 (half-day)

Call for Papers

The details of the call are available here.

Accepted Papers

The accepted papers are available here.

Event Details

Event Dates & Venue

March 14-16, 2018

Fondazione Bruno Kessler
Trento, Italy
More details on the venue are available here


Detailed information regardin the accomodation can be found in the dedicated page.

Conference Program

The provisional schedule of talks and events is available here

Workshop Chair

Silvio Ranise (Security & Trust, Fondazione Bruno Kessler)

Program Committee


  • Roberto Carbone (Security & Trust, Fondazione Bruno Kessler)
  • Hannes Tschofenig (ARM Limited, IETF OAuth Working Group Co-Chair)


  • Michael Jones (Microsoft)
  • Ralf Kuesters (University of Stuttgart)
  • Torsten Lodderstedt (YES Europe AG)
  • Chris Mitchell (Royal Holloway, University of London)
  • Anthony Nadalin (Microsoft)
  • Nat Sakimura (Nomura Research Institute)
  • Antonio Sanso (Adobe)
  • Ralf Sasse (ETH Zurich)
  • Joerg Schwenk (Ruhr-Universit├Ąt Bochum)
  • Giada Sciarretta (Security & Trust, Fondazione Bruno Kessler and University of Trento)

Web Master & Photographer

  • Federico Sinigaglia (Fondazione Bruno Kessler and University of Genova)


Information about the registration can be found in the dedicated page.