[keycloak-dev] FYI OAuth Security Workshop 2016 July 14th and 15th 2016 in Trier / Germany

Thomas Darimont thomas.darimont at googlemail.com
Fri Aug 12 04:22:50 EDT 2016


Hello group,

just a quick follow-up from the IETF OAuth Security workshop from last July.
The workshop was well attended: security researches and some big names like
google, microsoft, facebook, deutsche telekom, ping identity, openid.net
were all represented etc.

There were some interesting talks about using OAuth in IoT scenarios and
how the related standards (cbor, cwt, etc.) can be applied.
Another interesting topic was the theory and practice of the recently found
IdP Mix-Up attack.

Links to the talks (slides / papers) are here [0] (unfortunately they were
not recorded).

There were also some tools mentioned for checking Identity Providers for
well known attacks (PrOfESSOS) [0]
as well as OIDC compliance tests (oictest) [2] that can be run locally,
it's an easy to setup python app that also runs behind the official
conformance testing portal of the openid.net [3] - running it locally might
make things easier to test ;-)

Btw. I pitched keycloak quite often - folks were really keen to look at it
;-)

Cheers,
Thomas

[0] https://infsec.uni-trier.de/events/osw2016/schedule
[1] https://github.com/RUB-NDS/PrOfESSOS
[2] https://github.com/rohe/oictest
[3] https://openid.net/certification/testing/

2016-06-22 7:56 GMT+02:00 Stian Thorgersen <sthorger at redhat.com>:

> Hi, thanks for letting us now. A summary to the list afterwards would be
> appreciated, especially any advice on improving security.
>
> On 21 June 2016 at 11:04, Thomas Darimont <thomas.darimont at googlemail.com>
> wrote:
>
>> Hello group,
>>
>> just wanted to let you know that there will be an OAuth Security Workshop
>> at the
>> University of Trier (Germany) in July see: https://infsec.uni-trier.de/
>> events/osw2016
>>
>> I learned from one of the organizers that they will also discuss Keycloak
>> as
>> an OpenID Connect Provider - just wanted to let you guys know.
>>
>> I'm going to attend this workshop as well.
>>
>> Cheers,
>> Thomas
>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160812/aa20c831/attachment.html 


More information about the keycloak-dev mailing list