OAuth Security Workshop 2017I gave a presentation at the event. (July 2017, 7)
After all,Professor Basin(ETH Zurich)Professor Cremers (University of Oxford)Where all come together1So, I decided to take this opportunity to read their paper.2Based on this, we have been announcing how to make RFC6749 secure.
Actually, at first, I had planned to only participate in the paper review like last year, but the chair of the review committee, Dr. Lodderstedt, asked me to submit a position paper, so I summarized what I had been thinking about when designing FAPI in the form of a position paper in just a few hours and submitted it.
I wasn't entirely sure how to read the term "BCM Principle" here, so I just interpreted it in a way that I thought was probably correct, but I was relieved to see that my interpretation was correct.
By the way, much of what is discussed here is being used in FAPI Part 2. Or rather, if you read this, you will understand why FAPI is the way it is. Also, I am very excited that the two participating universities will use this opportunity to start working on proving the security of FAPI. If the security can be proven here, that would be great, and if something comes up, we can make corrections before the final, and I think it will be a good example of collaboration between academia and standardization.
As for the other presentations, Mr. Kudo (@tkudo) from NRI Secure has summarized them, which I hope you will find useful.
The OAuth Security Workshop 2017 is scheduled to be held in Italy.
footnote
- In fact, the reason they hosted this event in the first place was because I asked Anthony Nadalin at last year's OAuth Security Workshop, "Have you read this paper?"
- Basin, D., Cremers, C., Meier, S.: Provably Repairing the ISO/IEC 9798.
Standard for Entity Authentication. Journal of Computer Security – Security and Trust Principles archive Volume 21 Issue 6, 817-846 (2013)