Call for Position Papers

2nd OAuth Security Workshop
ETH Zürich
Zürich, Switzerland
July 13-14, 2017

Workshop website:

The OAuth Security Workshop (OSW) focuses on improving security of the OAuth standard and related Internet protocols. This workshop brings together the IETF OAuth Working Group and security experts from research, industry, and standardization to this end. The workshop is hosted by the Zurich Information Security and Privacy Center at ETH Zurich.

While the standardization process of OAuth ensures extensive reviews (both security and non-security related), further analysis by security experts from academia and industry is essential to ensure high quality specifications. Contributions to this workshop can help to improve the security of the Web and the Internet.


We seek position papers related to the security of OAuth, OpenID Connect, and other technologies using OAuth under the hood. Contributions regarding technologies that are used in OAuth, such as JOSE, or impact the security of OAuth, such as Web technology, are also welcome.

Invited Speakers

  • Cas Cremers, University of Oxford


We welcome position papers that describe existing work, raise new requirements, highlight challenges, write-ups of implementation and deployment experience, lessons-learned from successful or failed attempts, and ideas on how to improve OAuth and OAuth extensions.

Position papers submitted to the OAuth Security Workshop may report on (unpublished) work in progress, be submitted to other places, and may even have already appeared or been accepted elsewhere.

Submissions must be in PDF format and should feature reasonable margins and formatting. There is no page limit, but the submission should be brief (ideally not more than 3-5 pages). Submissions should not be anonymized.

Submission Website

Publication and Presentation

One of the authors of the accepted position paper is expected to present the paper at the workshop.

All presentations and papers will be put online but there will be no formal proceedings. Authors of accepted papers will have the option to revise their papers before they are put online.

IPR Policy

The workshop will have no expectation of IPR disclosure or licensing related to its submissions. Authors are responsible for obtaining appropriate publication clearances.

Program Committee


  • David Basin (ETH Zurich)
  • Torsten Lodderstedt (YES Europe)


  • John Bradley (Ping Identity)
  • Ralf Küsters (University of Stuttgart)
  • Chris Mitchell (Royal Holloway University of London)
  • Anthony Nadalin (Microsoft)
  • Nat Sakimura (Nomura Research Institute)
  • Ralf Sasse (ETH Zurich)
  • Jörg Schwenk (Ruhr University Bochum)
  • Hannes Tschofenig (IETF OAuth Working Group Co-Chair)


Important Dates

  • Position paper submission deadline: May 2, 2017 extended to May 9, 2017 (AoE, UTC-12).
  • Author notification: May 15 delayed to May 22, 2017.
  • Registration deadline: June 16, 2017.
  • Workshop: July 13 and July 14, 2017.