The venue for in-depth technical discussions on
OAuth, OpenID & Co.

The OAuth Security Workshop (OSW) is the premier forum for in-depth technical discussions on OAuth, OpenID, and related related technologies.

By fostering a direct and open collaboration between industry professionals, academic researchers, and members of standardization groups, OSW has in a unique way helped to shape and improve internet protocols. It has even played a pivotal role in developing new ones, such as the JWT Access Token Profile, DPoP, and SD-JWT. Leading researchers showcase their cutting-edge results on identity protocol security at OSW.

OSW also serves as an independent venue for the exchange between various working groups (IETF OAuth and GNAP working groups, OpenID Foundation, etc.).

“The OSW remains the best venue for getting things done in the identity protocols space. The best minds in the industry are there, all eager to solve hard problems: expect two days of relentless focus and remarkable results.”
— Vittorio Bertocci †

“OSW has given me the opportunity to listen, learn and discuss with the best and most experienced people in this domain. If you’re lucky you might even get to witness or participate in the birth of a new international standard or two.”
— Steinar Noem, Udelt AS

“The OAuth Security Workshop is the leading venue where experts from academia and industry join forces to discuss and harden current and future identity standards.”
— Prof. Ralf Küsters, University of Stuttgart

OSW 2025: Reykjavik, Iceland

Feb 26-28, 2025, Harpa Conference Center, Reykjavik/Iceland

Hosted by Signicat

In-person only.

Details

About the OAuth Security Workshop

What is the OAuth Security Workshop?

In 2015, two different groups of researchers (from Ruhr University Bochum and University of Trier) independently discovered new attacks on OAuth and OpenID Connect. At a meeting in Darmstadt, convened at short notice, researchers and members of the OAuth Working Group discussed the impact and potential mitigations of the attacks. The participants also identified the need for a better exchange between the groups to ensure that in the future, security research and standardization go hand in hand. This was the birth of the OAuth Security Workshop.

And while security is still the focus, the meeting has evolved to also be a working meeting to advance existing standards and sometimes also to start new ones.

Why should I attend?

OSW is the place to talk to world-leading identity experts, practicioners and researchers in an open, collaborative environment. This is the place to see what is brewing in the standardization groups, talk about the challenges you might be facing, and run your research by those people who live and breathe identity standards.

What happens at OSW? What kind of content can I expect and how is it selected?

There is a conference part, where submitted and reviewed talks are presented and there is an unconference part, where everybody can propose sessions to tackle problems, deep-dive on particular topics, present the latest ideas, or work on something together. Social events ensure that there is time to talk outside the sessions.

Talks have to be focused on technical content and must not promote products or vendors. A program committee decides on whether submitted talks are accepted for presentation. (Occasional) company presentations by our sponsors are very brief and clearly marked.

Who runs OSW?

We (Daniel Fett, Guido Schmitz, Steinar Noem) run OSW, but there is no organization or company behind it. Each OSW is hosted by a different partner from around Europe — a University, a research group or organization, or a company. The host handles all the on-site organization and the budget. We handle all aspects of the program and work closely with the host to deliver a unique experience for each event.

How is it funded?

OSW is run as a non-profit event. Our hosts and sponsors help to pay for a large part of the expenses (e.g., venue, catering, social events), the tickets cover the rest.