11:04 a.m.
Hello group,
just wanted to let you know that there will be an OAuth Security Workshop
at the
University of Trier (Germany) in July see:
https://infsec.uni-trier.de/events/osw2016
I learned from one of the organizers that they will also discuss Keycloak as
an OpenID Connect Provider - just wanted to let you guys know.
I'm going to attend this workshop as well.
Cheers,
Thomas
7:56 a.m.
Hi, thanks for letting us now. A summary to the list afterwards would be
appreciated, especially any advice on improving security.
On 21 June 2016 at 11:04, Thomas Darimont <thomas.darimont(a)googlemail.com>
wrote:
Hello group,
just wanted to let you know that there will be an OAuth Security Workshop
at the
University of Trier (Germany) in July see:
https://infsec.uni-trier.de/events/osw2016
I learned from one of the organizers that they will also discuss Keycloak
as
an OpenID Connect Provider - just wanted to let you guys know.
I'm going to attend this workshop as well.
Cheers,
Thomas
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
10:22 a.m.
Hello group,
just a quick follow-up from the IETF OAuth Security workshop from last July.
The workshop was well attended: security researches and some big names like
google, microsoft, facebook, deutsche telekom, ping identity, openid.net
were all represented etc.
There were some interesting talks about using OAuth in IoT scenarios and
how the related standards (cbor, cwt, etc.) can be applied.
Another interesting topic was the theory and practice of the recently found
IdP Mix-Up attack.
Links to the talks (slides / papers) are here [0] (unfortunately they were
not recorded).
There were also some tools mentioned for checking Identity Providers for
well known attacks (PrOfESSOS) [0]
as well as OIDC compliance tests (oictest) [2] that can be run locally,
it's an easy to setup python app that also runs behind the official
conformance testing portal of the openid.net [3] - running it locally might
make things easier to test ;-)
Btw. I pitched keycloak quite often - folks were really keen to look at it
;-)
Cheers,
Thomas
[0] https://infsec.uni-trier.de/events/osw2016/schedule
[1] https://github.com/RUB-NDS/PrOfESSOS
[2] https://github.com/rohe/oictest
[3] https://openid.net/certification/testing/
2016-06-22 7:56 GMT+02:00 Stian Thorgersen <sthorger(a)redhat.com>:
Hi, thanks for letting us now. A summary to the list afterwards would
be
appreciated, especially any advice on improving security.
On 21 June 2016 at 11:04, Thomas Darimont <thomas.darimont(a)googlemail.com>
wrote:
> Hello group,
>
> just wanted to let you know that there will be an OAuth Security Workshop
> at the
> University of Trier (Germany) in July see: https://infsec.uni-trier.de/
> events/osw2016
>
> I learned from one of the organizers that they will also discuss Keycloak
> as
> an OpenID Connect Provider - just wanted to let you guys know.
>
> I'm going to attend this workshop as well.
>
> Cheers,
> Thomas
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
2807
days inactive
2859
days old
2 comments
2 participants
participants (2)
-
Stian Thorgersen -
Thomas Darimont