Call for Position Papers

1st OAuth Security Workshop
University of Trier
Trier, Germany
July 14-15, 2016

Workshop website:

The OAuth Security Workshop (OSW) brings together the IETF OAuth Working Group and security experts from research, industry, and standardization to improve the security of OAuth and related Internet protocols. The workshop is hosted by the Chair for Information Security and Cryptography at the University of Trier.

While the standardization process of OAuth ensures extensive reviews (both security and non-security related), further analysis by security experts from academia and industry is essential to ensure high quality specifications. Contributions to this workshop can help to improve the security of the Web and the Internet.


We seek position papers related to OAuth, OpenID Connect, and other technologies using OAuth under the hood. Contributions regarding technologies that are used in OAuth, such as JOSE, or impact the security of OAuth, such as Web technology, are also welcome.

Invited Speakers

  • Karthikeyan Bhargavan (INRIA Paris-Rocquencourt)
  • Andrey Labunets (Facebook)


We welcome position papers that describe existing work, raise new requirements, highlight challenges, write-ups of implementation and deployment experience, lessons-learned from successful or failed attempts, and ideas on how to improve OAuth and OAuth extensions.

Position papers submitted to the OAuth Security Workshop may report on (unpublished) work in progress, be submitted to other places, and may even have already appeared or been accepted elsewhere.

Submissions must be in PDF format and should feature reasonable margins and formatting. There is no page limit, but the submission should be brief (ideally not more than 3-5 pages). Submissions should not be anonymized.

Submission Website

Publication and Presentation

One of the authors of the accepted position paper is expected to present the paper at the workshop.

All presentations and papers will be put online but there will be no formal proceedings. Authors of accepted papers will have the option to revise their papers before they are put online.

IPR Policy

The workshop will have no expectation of IPR disclosure or licensing related to its submissions. Authors are responsible for obtaining appropriate publication clearances.

Program Committee


  • Hannes Tschofenig (IETF OAuth Working Group Co-Chair)
  • Ralf Küsters (University of Trier)


  • John Bradley (Ping Identity)
  • Torsten Lodderstedt (Deutsche Telekom)
  • Chris Mitchell (Royal Holloway University of London)
  • Nat Sakimura (Nomura Research Institute)
  • Jörg Schwenk (Ruhr University Bochum)
  • Daniel Fett (University of Trier)

Important Dates

  • Position paper submission deadline: May 21, 2016 (AoE, UTC-12).
  • Author notification: May 28, 2016.
  • Workshop: July 14 and July 15, 2016.