0.1 osw2026 2026-05-27 2026-05-29 3 00:05 https://talks.secworkshop.events https://talks.secworkshop.events/media/osw2026/img/OSW_ZY3mxH5_zT7cTsp_QOQJUJQ.webp Europe/Berlin Arena Talk/Discussion 2026-05-27T09:30:00+02:00 09:30 00:30 A pragmatic look at "IAM for AI," showing how familiar tools like OAuth, and emerging work such as CIMD and ID-JAG, can meet AI’s needs without inciting revolution. osw2026-54-iam-for-ai-from-eh-i-to-i-am Brian Campbell en Comparable only to seismic shifts like the Industrial Revolution or the rise of the Internet, the emergence of artificial intelligence is unquestionably transformative. But does it really demand an equally radical upheaval in IAM standards and technology? With the seemingly endless parade of prophets and profiteers declaring the revolution imminent and assuring us that they alone can lead it, you might think so. The reality might be less dramatic and more practical. Many of the core challenges of 'IAM for AI' look pretty familiar. Regular old OAuth is already well suited to a surprising amount of AI systems' needs, and emerging efforts like CIMD and ID-JAG seem poised to fill in some of the gaps. It may be that our existing IAM foundation can rise to the occasion, or that our expectations can be tempered to meet the moment. Join a curmudgeonly pragmatist and occasional OSW contributor on a journey from 'Eh, I?' to 'I am.' without inciting revolution. false https://talks.secworkshop.events/osw2026/talk/NRXU93/ https://talks.secworkshop.events/osw2026/talk/NRXU93/feedback/ Arena Talk/Discussion 2026-05-27T10:00:00+02:00 10:00 00:30 This session shares real world lessons learnt and gaps identified from using SPIFFE, OAuth 2.0, and mTLS to automate identity lifecycle management, OAuth client registration, sender-constrain tokens and eradicate secrets. osw2026-60-scaling-workload-identity-lifecycle-management-with-standards Pieter KasselmanDag Sneeggen en Enterprises are drowning in machine identities across clouds, clusters, and AI agents. Teams fight secret sprawl, brittle client provisioning causes outages, and manual lifecycle management can’t keep up with the pace of ephemeral workloads. This session bridges the gap between standards and implementation. First, we will provide a primer on the evolving workload identity landscape, reviewing foundational initiatives like SPIFFE, active working groups like WIMSE and new work in OAuth that are foundational to building a modern, secure, scalable and automated NHI lifecycle management. Next, we will present a deep-dive into how Signicat built SWIM (Signicat Workload Identity in‑Mesh), a fully automated non‑human identity (NHI) lifecycle system using open standards. SWIM combines SPIFFE, OAuth 2.0, and mTLS with a service mesh to automate identity lifecycle management, OAuth client registration, and sender-constrained tokens. By combining a standards overview with a real-world implementation, we offer a complete story. You'll leave with hard-won lessons and a practical blueprint to move from client-secret chaos to an automated, standards-based NHI lifecycle that removes developer friction and gives identity teams verifiable, auditable control. false https://talks.secworkshop.events/osw2026/talk/U8BJ3B/ https://talks.secworkshop.events/osw2026/talk/U8BJ3B/feedback/ Arena Talk/Discussion 2026-05-27T11:00:00+02:00 11:00 00:30 We have been implementing and testing VC specifications on with for the last 3 years. We have also started testing against the government-hosted playground for trust infrastructure in Norway. Come to hear about lessons learned and spec feedback osw2026-61-experience-report-from-implementing-openid4vc-issuance-and-presentation-specifications-in-norway Elias Botterli Sørensen en My company has been eagerly following the development of specifications for both verifiable credential issuance and presentation. We have implemented playground software in which we enable testing with user-supplied data to construct somewhat realistic credentials. In this session I will walk through how my team as implementers have experienced the draft process of OpenID specs, ISO specs and the EU reference framework. To get a structured feedback, I present the qualitative results of interviews with engineers who have spent the last three years implementing and testing these standards. The goals of the interviews is to get deeper insight into the following items: lessons learned, implementation challenges and reflections about data formats. Feedbacks include real-world experiences from deploying specs at customer's sites in Norway. false https://talks.secworkshop.events/osw2026/talk/MXUFYW/ https://talks.secworkshop.events/osw2026/talk/MXUFYW/feedback/ Arena Talk/Discussion 2026-05-27T11:30:00+02:00 11:30 00:30 University of Stuttgart security researchers discovered an actionable security vulnerability in mid-2024 in the audience values used for JWT Client Authentication. This presentation will delve into the details of what happened next and why. osw2026-68-progress-report-on-handling-an-actionable-security-vulnerability Michael B. Jones en The fourth and final Implementer’s Draft of the OpenID Federation specification was completed on May 31, 2024. Security researchers at the University of Stuttgart conducted a security analysis of it for the OpenID Foundation in mid-2024 and discovered an actionable security vulnerability. The vulnerability was due to recommendations about the audience values of Client Authentication JWTs, and affected many OAuth and OpenID specifications. This vulnerability was reported to the OpenID Foundation on September 20, 2024. This presentation will go into the details of what happened after that and why things unfolded the way they did (and in some cases, still are), and what we can learn as a result. Topics I’ll discuss include: - the OpenID Foundation notifying FAPI ecosystems that we determined were vulnerable and the actions they took as a result, - the invitation-only meeting of spec authors and OAuth chairs at the November 2024 IETF meeting in Dublin to discuss the vulnerability, and the conclusions reached there, - the semi-private disclosure of the vulnerability at an OAuth interim meeting on January 27, 2025, - the public disclosure of the vulnerability by the OpenID Foundation on February 25, 2025, - the effect that the vulnerability had on the OpenID Federation specification, - the effect that the vulnerability had on the FAPI 2 specification, - the resulting errata work on the OpenID Core, OpenID CIBA Core, and FAPI 1 specifications, - the updates being made to RFC 7523 (JWT Client Authentication and Authorization Grants), RFC 7521 (Generic OAuth 2.0 Client Authentication and Authorization Grants), RFC 7522 (SAML Client Authentication and Authorization Grants), and RFC 9126 (Pushed Authorization Requests), - the updates not made to RFC 9101 (JAR), - the updates not made to RFC 9700 (OAuth Security BCP), - the status of rfc7523bis and draft-wuertele-oauth-security-topics-update (which are updating the affected OAuth specifications), - what remains to do, - thoughts on why this has all taken as long as it has, and - what lessons we can learn. false https://talks.secworkshop.events/osw2026/talk/Q3BFZL/ https://talks.secworkshop.events/osw2026/talk/Q3BFZL/feedback/ Arena Special 2026-05-27T13:00:00+02:00 13:00 00:30 We assemble to plan the unconference slots in the afternoon. osw2026-95-unconference-planning-wednesday en We assemble to plan the unconference slots in the afternoon. false https://talks.secworkshop.events/osw2026/talk/RURXJ8/ https://talks.secworkshop.events/osw2026/talk/RURXJ8/feedback/ Arena Talk/Discussion 2026-05-27T13:30:00+02:00 13:30 01:30 Unconference Sessions osw2026-98-unconference-sessions en Unconference Sessions false https://talks.secworkshop.events/osw2026/talk/M33CEE/ https://talks.secworkshop.events/osw2026/talk/M33CEE/feedback/ Arena Talk/Discussion 2026-05-27T15:30:00+02:00 15:30 01:30 Unconference Sessions osw2026-101-unconference-sessions en Unconference Sessions false https://talks.secworkshop.events/osw2026/talk/7WN3BD/ https://talks.secworkshop.events/osw2026/talk/7WN3BD/feedback/ Arena Special 2026-05-27T18:00:00+02:00 18:00 01:00 Reception at Lancaster University Leipzig's Rooftop Terrace osw2026-80-reception en Reception at Lancaster University Leipzig's Rooftop Terrace false https://talks.secworkshop.events/osw2026/talk/PMTGNJ/ https://talks.secworkshop.events/osw2026/talk/PMTGNJ/feedback/ Work Lab II Talk/Diskussion 1h 2026-05-27T11:00:00+02:00 11:00 01:00 Integrating the OIDF conformance suite into GitHub CI sounded easy—until it wasn’t. This talk shares real-world failures, CI-specific pitfalls, and hard-won lessons on turning flaky red tests into meaningful conformance signals. osw2026-58-integrating-the-oidf-conformance-suite-into-ci-what-can-go-wrong Mirko Mollik en The OIDF conformance suite is an essential tool for validating OAuth and OpenID Connect implementations. Running it manually is one thing; making it reliable and automated in GitHub CI is another story entirely. Because the main goal of every developer is to deploy to prod on a Friday evening right before the weekend! This talk is a hands-on experience report covering: - How to integrate the OIDF conformance suite into a GitHub CI pipeline for testing OID4VCI and OID4VP tests. - Common pitfalls when running conformance tests in non-interactive, ephemeral environments - CI-specific failure modes (timing, networking, state, configuration drift) - Debugging strategies when the test output feels more like a riddle than a report - What I would do differently if I had to set it up again (spoiler: several things) Along the way, I’ll share concrete examples of errors I encountered, why they happened, and how I eventually got from “red CI, mild panic” to a stable and trustworthy setup. The goal is not just to complain (although there will be some therapy), but to help others avoid the same traps. Kudos already to Joseph who supported to my questions all the time! false https://talks.secworkshop.events/osw2026/talk/GEBRJ9/ https://talks.secworkshop.events/osw2026/talk/GEBRJ9/feedback/ Arena Special 2026-05-28T09:15:00+02:00 09:15 00:15 A welcome from our main sponsor, Authlete osw2026-94-sponsor-welcome en A welcome from our main sponsor, Authlete false https://talks.secworkshop.events/osw2026/talk/DQQMHA/ https://talks.secworkshop.events/osw2026/talk/DQQMHA/feedback/ Arena Talk/Discussion 2026-05-28T09:30:00+02:00 09:30 00:30 Discuss an extension to SD-JWTs(RFC9901) to support further delegation from the Holder to a Delegate Holder. This is done by allowing the KB-JWT to also be an SD-JWT, optionally with its own Key Binding. osw2026-75-delegate-sd-jwts Gareth Oliver en SD-JWT provides a mechanism for ensuring minimal disclosure in a three party model. This allows an intermediary party (the Holder) to choose to remove claims when only a subset is needed by a verifier. Additionally SD-JWT+KB allows for proof of possession by the Holder using the cnf claim. The Verifier need only trust the Issuer and its policy regarding the cnf key to trust the resulting presentation. As part of work on the Agentics Payment Protocol we found the need to be able to delegate verifiable credentials from a User (Holder) to the Agent (Delegate Holder) and then have the Agent perform further presentations to a Verifier. SD-JWT+KBs, which began in this forum, provided the capability with a minimal extension. The resulting [draft](https://github.com/GarethCOliver/gco-delegate-sd-jwt/blob/main/draft-gco-oauth-delegate-sd-jwt.md) is looking to be brought more generally to standardization for both use in other agentic contexts, as well as more generally for delegation usages. false https://talks.secworkshop.events/osw2026/talk/HQYTR7/ https://talks.secworkshop.events/osw2026/talk/HQYTR7/feedback/ Arena Talk/Discussion 2026-05-28T10:00:00+02:00 10:00 00:30 Extending the definition of the hash algorithm defined in SD-JWT allows zero knowledge proofs to be used on properties. Here we show how sigma protocols with Pedersen commitments could be added with almost no (structural) modifications to RFC-9901. osw2026-83-sd-jwt-from-selective-disclosure-to-zero-knowledge Patrick AmreinChristopher Meier en While selective disclosure can enhance a user's privacy by only revealing necessary claims, there are use cases that need certain conditions on the properties to be true (e.g. claim-based binding, age verification, set inclusion). With the default hash algorithm identifiers defined in RFC-9901 e.g. SHA-256, there is no easy way to do zero knowledge proofs and as such, the relevant claims must always be disclosed. In our extension of RFC-9901, we standardise how to provide commitments on attributes using them as an alternative family of "hash"-like functions. Further extensions in the key binding JWT propose a way to define sigma protocols to provide efficient zero knowledge proofs for linear conditions on attributes - especially equality and range proofs. Using our proposal, we can achieve device binding for only claim-based bound credentials using the transitivity property and linking e.g. a diploma with an ID card, without revealing more information than necessary. With this proposal in mind, we are looking for inputs on how to include further ZKP schemes (e.g. lattice-based/hash-based schemes), and how to generalise definitions of proof systems. false https://talks.secworkshop.events/osw2026/talk/9Q9AZM/ https://talks.secworkshop.events/osw2026/talk/9Q9AZM/feedback/ Arena Talk/Discussion 2026-05-28T11:00:00+02:00 11:00 00:30 Building the EUDI Wallet ecosystem means deploying production systems on evolving drafts. This talk shares lessons from OID4VC, interoperability gaps, and the security challenges that arise when standards change faster than deployments. osw2026-82-from-draft-to-deployment-building-a-production-ecosystem-on-moving-standards Mirko Mollik en The revised eIDAS regulation requires every EU member state to deploy a certified digital identity wallet by the end of 2026. The challenge: when implementation began, key standards were still evolving, some published only as drafts, others incomplete, and some still missing entirely. This talk shares practical lessons from building a production-grade national identity ecosystem under these conditions. Using OID4VC, OID4VP, and related trust specifications as examples, it explores how draft changes, interoperability gaps, and unresolved security assumptions directly affect real deployments. A particular focus will be the debates around OID4VC drafts and how seemingly small specification changes can cascade into ecosystem-wide implementation and security challenges. The session aims to bridge the gap between protocol design and operational reality, offering insights for standards authors, implementers, and security researchers. false https://talks.secworkshop.events/osw2026/talk/KPMDDA/ https://talks.secworkshop.events/osw2026/talk/KPMDDA/feedback/ Arena Special 2026-05-28T11:30:00+02:00 11:30 00:30 We assemble to plan the unconference slots in the afternoon. osw2026-96-unconference-planning-thursday en We assemble to plan the unconference slots in the afternoon. false https://talks.secworkshop.events/osw2026/talk/UH3HD7/ https://talks.secworkshop.events/osw2026/talk/UH3HD7/feedback/ Arena Talk/Discussion 2026-05-28T13:00:00+02:00 13:00 01:30 Unconference Sessions osw2026-105-unconference-sessions en Unconference Sessions false https://talks.secworkshop.events/osw2026/talk/99JBKX/ https://talks.secworkshop.events/osw2026/talk/99JBKX/feedback/ Arena Talk/Discussion 2026-05-28T15:00:00+02:00 15:00 01:00 Unconference Sessions osw2026-102-unconference-sessions en Unconference Sessions false https://talks.secworkshop.events/osw2026/talk/V9JTVP/ https://talks.secworkshop.events/osw2026/talk/V9JTVP/feedback/ Arena Special 2026-05-28T17:00:00+02:00 17:00 02:00 City Tour osw2026-78-city-tour en City Tour false https://talks.secworkshop.events/osw2026/talk/3NVRX3/ https://talks.secworkshop.events/osw2026/talk/3NVRX3/feedback/ Arena Special 2026-05-28T19:00:00+02:00 19:00 03:00 Dinner at Ratskeller osw2026-79-conference-dinner en Dinner at Ratskeller false https://talks.secworkshop.events/osw2026/talk/ANJQVM/ https://talks.secworkshop.events/osw2026/talk/ANJQVM/feedback/ Work Lab II Talk/Discussion 2026-05-28T10:00:00+02:00 10:00 00:30 In this talk, we will introduce the two emerging OAuth technologies related to workload identity, namely Transaction Tokens and SPIFFE Client Authentication, and demonstrate them working together. osw2026-67-human-and-workload-identities-bridging-the-gap-with-transaction-tokens Dmitry TeleginPieter Kasselman en Human and workload identities are different in many aspects, such as issuance, verification, lifecycle, lifetime, and scope. OAuth offers a mature framework for the former. The latter is covered by technologies like SPIFFE, which help ensure that inter-workload calls be properly authenticated. The zero trust world adds a new requirement - the calls need to be non-spurious, which means they must be associated with a valid human identity as well. How do we enforce both human and workload identity at the same time, in a portable, efficient and extensible manner? A new Internet draft called Transaction Tokes offers a solution. Another draft, named OAuth SPIFFE Client Authentication, bridges the gap between SPIFFE and OAuth. Keycloak is a mature, feature-rich and highly extensible open-source IAM solution. Its ultimate extensibility has allowed us to quickly prototype both Transaction Tokens and SPIFFE Client Authentication and to create an end-to-end demo. In this talk, we will give an introduction to both SPIFFE and Transaction Tokens, recap the progress from inception to implementation, and will demonstrate the two emerging technologies working together, using Keycloak as a platform. We will also explore the potential of using Google Common Expression Language (CEL) in the OAuth ecosystem. false https://talks.secworkshop.events/osw2026/talk/9VDCK9/ https://talks.secworkshop.events/osw2026/talk/9VDCK9/feedback/ Arena Talk/Discussion 2026-05-29T09:30:00+02:00 09:30 00:30 DPoP adoption is accelerating, but some use-cases are challenging the specification's initial design assumptions and choices. In this session, we will discuss some of the friction points we have experienced, and propose potential solutions. osw2026-66-dpop-lessons-learned-and-improvement-proposals Christian BormannPaul Bastian en DPoP has made design choices to allow easy integrations in the scope it was envisioned to be used, but the scenarios that people want to incorporate DPoP for are expanding and some of the initial design choices are creating problems. The two main problems we’ve faced are nonce fetching (requiring a somewhat correct request containing DPoP to create an error with a new nonce to use) and not using DPoP to also protect the HTTP request and only the token itself. Furthermore, people are exploring to use DPoP also to bind refresh_token, which was ruled out by the RFC. false https://talks.secworkshop.events/osw2026/talk/JUEELE/ https://talks.secworkshop.events/osw2026/talk/JUEELE/feedback/ Arena Talk/Discussion 2026-05-29T10:00:00+02:00 10:00 00:30 This session explores the possibility of applying the concept of "Elicitation in URL mode", introduced in MCP, to the OAuth world to make cross-domain multi-hop API calls secure and compares it with the existing token-exchange based method. osw2026-62-introducing-elicitation-concept-of-mcp-for-secure-cross-domain-multi-hop-api-calls-in-oauth-world Takashi Norimatsu en When a resource server hosting APIs receives an access request from a client with an access token, the resource server sometimes needs to access an API hosted by other resource server in a different trust domain to complete the initial request. It is called "cross-domain multi-hop API calls". In the cross-domain multi-hop API calls, the resource server may need to convey user context in subsequent API calls. An example of this is when a resource server needs to access a user's documents stored in Google Docs. Token exchange-based methods exist to do this securely. Specifically, IETF Internet Draft Identity and Authorization Chaining Across Domains based on RFC 8693 OAuth 2.0 Token Exchange and RFC 7523 JWT Authorization Grant. In this specification, the first resource server receives a JWT authorization grant from the authorization server in the same trust domain of the first resource server by token exchange, and the first resource server sends the grant to the authorization server in the same trust domain of the next resource server and receive an access token for accessing the next resource server. This session explores the possibility of an alternative method. The idea is to apply the concept of "Elicitation in URL mode", introduced in the Model Context Protocol (MCP), to the OAuth world. In this concept, the first resource server plays the role of a client and receives an access token from the authorization server in the same trust domain of the next resource server by authorization code grand and so on. The speaker describes the issues that arise when applying the concept to cross-domain multi-hop API calls in OAuth and the solutions for them. In addition, the speaker compares the existing token exchange-based method and the elicitation-based method, and discusses which method is preferable in what cases. Finally, the speaker considers whether the elicitation-based method can be standardized as an OAuth extension. The session would contribute to providing the alternative method for cross-domain multi-hop API calls in OAuth and making it more secure. false https://talks.secworkshop.events/osw2026/talk/JELBTZ/ https://talks.secworkshop.events/osw2026/talk/JELBTZ/feedback/ Arena Talk/Discussion 2026-05-29T11:00:00+02:00 11:00 00:30 This talk explains why AI agents should be treated as workloads, not magical new identity subjects. It shows how existing standards such as SPIFFE, WIMSE, OAuth 2.0, and SSF applies to agent systems, while also identifying gaps. osw2026-77-ai-agent-authentication-and-authorization Pieter KasselmanYaroslav RosomakhoBrian Campbell en The AI Agent Authentication and Authorization draft was introduced at IETF 125 (https://datatracker.ietf.org/doc/draft-klrc-aiagent-auth/). The draft start from the premise that agents are workloads, then build on proven identity and authorization standards rather than inventing bespoke schemes for every new agent framework. This talk walks through that model and explores what it means in practice. We will examine how agent identifiers, credentials, attestation, provisioning, authentication, authroization and observabily, monitoring and remediation can be mapped onto familiar building blocks such as SPIFFE, WIMSE, OAuth 2.0 and SSF. We will also discuss where today’s standards are already sufficient, where implementation guidance is still missing, and where future IETF work may be needed. Attendees will leave with a practical framework for thinking about AI agent aythetnication and authorization, starting with a mental model that agents are workloads that leverage existing, widely deployed, standards. false https://talks.secworkshop.events/osw2026/talk/7YA8UP/ https://talks.secworkshop.events/osw2026/talk/7YA8UP/feedback/ Arena Talk/Discussion 2026-05-29T11:30:00+02:00 11:30 00:30 Inmor is an open-source Trust Anchor implementation for OpenID Federation 1.0, it is being developed with keeping performance and easy maintenance in mind, with Rust and Python, splitting the performance and ease of use for operators. osw2026-93-inmor-a-new-openid-federation-trust-anchor Kushal Das en Inmor trust anchor is build for performance in the public facing service via Rust and ease of development and maintenance in management API/service in Python. The goal is to build software which can be used to by a small federation without too much trouble for the operators but still being able to provide the performance required. At the same time the service can be scaled to many instances for any larger system. The documentation is available at https://inmor.readthedocs.io/en/latest/ and it is currently being used in Swedish national federation as a PoC. false https://talks.secworkshop.events/osw2026/talk/KP38XX/ https://talks.secworkshop.events/osw2026/talk/KP38XX/feedback/ Arena Special 2026-05-29T13:00:00+02:00 13:00 00:30 We assemble to plan the unconference slots in the afternoon. osw2026-97-unconference-planning-friday en We assemble to plan the unconference slots in the afternoon. false https://talks.secworkshop.events/osw2026/talk/BYSQL8/ https://talks.secworkshop.events/osw2026/talk/BYSQL8/feedback/ Arena Talk/Discussion 2026-05-29T13:30:00+02:00 13:30 01:30 Unconference Sessions osw2026-103-unconference-sessions en Unconference Sessions false https://talks.secworkshop.events/osw2026/talk/WTPSHA/ https://talks.secworkshop.events/osw2026/talk/WTPSHA/feedback/ Arena Talk/Discussion 2026-05-29T15:30:00+02:00 15:30 01:30 Unconference Sessions osw2026-99-unconference-sessions en Unconference Sessions false https://talks.secworkshop.events/osw2026/talk/AKJPTJ/ https://talks.secworkshop.events/osw2026/talk/AKJPTJ/feedback/ Work Lab II Talk/Discussion 2026-05-29T09:30:00+02:00 09:30 00:30 We give an overview of formal methods, including mechanized approaches, and present our prior and ongoing work on finding attacks and carrying out proofs for authentication and authorization protocols. osw2026-86-attacks-and-security-proofs-for-authentication-and-authorization-protocols Pedram Hosseyni en In recent years, formal security analysis of protocols has proven highly effective in finding security vulnerabilities and establishing strong security guarantees. Ideally, such formal analysis should be conducted during the development of protocols to ensure that emerging standards and their implementations are secure from the outset. In a nutshell, this approach consists of three steps: creating a mathematical model of the protocol, precisely formalizing the desired security goals, and creating a mathematical proof of these security goals. In this session, we provide a general overview of formal methods for protocol security, and briefly present a selection of our previous and ongoing work conducted with the Web Infrastructure Model, including analyses of the OpenID FAPI, OpenID Federation, and OpenID VP/VCI protocols. We discuss how the formal approach was useful for identifying new kinds of attacks, clarifying the exact conditions under which these protocols are secure, and overall improvements of specifications. We also discuss the limitations of existing mechanized approaches that provide tool-based support for formal analysis. We conclude with an overview of our ongoing work to provide a mechanized framework that accounts for a rich model of the Web. false https://talks.secworkshop.events/osw2026/talk/N9DFJH/ https://talks.secworkshop.events/osw2026/talk/N9DFJH/feedback/ Work Lab II Talk/Discussion 2026-05-29T10:00:00+02:00 10:00 00:30 The rediscovered Browser Swapping attack threatens modern OAuth 2 and OpenID Connect deployments. This talk demonstrates how attackers exploit the vulnerability and how you can protect your systems in the short and long term. osw2026-63-browser-swapping-how-to-hack-how-to-fix Jonas Primbs en When Pedram Hosseini et al. discovered Browser Swapping in 2022, no browser technologies were available to mitigate the attack. As there was no known practical attack vector, applying fixes to the standard was deferred. After Jonas Primbs demonstrated a practical attack at IETF 124 in November 2025, Luke Jennings discovered real-world attacks using Browser Swapping to hijack Azure CLI sessions. While standardization of browser technologies that can fully mitigate web app attacks has just begun, we can at least reduce the likelihood of successful attacks. This talk will include a live demonstration of a Browser Swapping attack and provide an overview of the many possible attack variations against web and native applications. It will also suggest short-term mitigation strategies and long-term standardisation requirements. Participants will understand why Browser Swapping is both feasible and difficult to mitigate, and why new browser and operating system standards are required to mitigate it fully. false https://talks.secworkshop.events/osw2026/talk/RC939U/ https://talks.secworkshop.events/osw2026/talk/RC939U/feedback/ Work Lab II Talk/Discussion 2026-05-29T11:00:00+02:00 11:00 00:30 Session fixation attacks affect certain OAuth-related standards but remain unexamined in *mainstream* OAuth 2.0 deployments. We identify 40+ vulnerable vendors in "connector ecosystems" for app integration and agentic AI, and propose mitigations. osw2026-84-understanding-oauth-session-fixation-in-connector-ecosystems Kaixuan Luo en Session fixation is a well-known problem in web security [1], and was historically observed in OAuth 1.0 [2] and mitigated in several OAuth 2.0-related standards [3] such as cross-device flows [4] and OpenID4VP [5]. However, while session fixation has been discussed in such specialized settings, the threat is not modeled in the OAuth Security BCP (RFC9700) [6], and its real-world susceptibility has not been systematically analyzed in *mainstream* OAuth 2.0 authorization code grant deployments for same-device usage. Modern applications—such as *productivity apps*, *automation platforms*, and *AI agents*—orchestrate across external tools and SaaS integrations through cloud-based "connectors". To obtain authorized access to connector accounts, these applications rely extensively on OAuth 2.0 for account linking, through which they link *connector accounts* to *application accounts* and maintain persistent OAuth connections. In such "connector ecosystems", applications may either *self-manage* their OAuth clients, or rely on *managed* infrastructures where OAuth responsibilities (token retrieval and lifecycle management) are outsourced to a "Token Vault". In both cases, the OAuth client would commonly introduce dedicated auth sessions that are separate from the application's existing user sessions. Such auth sessions keep track of the application's authorization context (e.g., the expected application account to utilize the tokens) across disparate web origins, user agents, and trust domains during OAuth flows. By systematizing real-world OAuth architectural patterns, we show that over-reliance on such auth sessions can inadvertently break session integrity in OAuth. This issue enables session fixation attacks across more than 40 vendors in connector ecosystems. In such attacks: * An attacker tricks a victim into authorizing an OAuth flow initiated by the attacker, which fixates an attacker-controlled auth session in the victim’s user agent. * After the victim completes authorization, the attacker gains access to the victim’s protected resources, leading to connector account takeovers. * In many cases, a single click on an unassuming hyperlink is all it takes for a user to be compromised. In this talk, we further explain *why* session fixation attacks emerge in connector ecosystems, and *how* they can be mitigated (e.g., [7] [8] [9] [10] [11]). Notably, these issues are not merely the result of careless implementation, but arise from the architectural decoupling of OAuth responsibilities (*the OAuth client*) and session management (*the application*) across different components or entities that were traditionally treated as a single "client application". We also discuss our initial efforts to model these deployment scenarios and security considerations, proposing potential updates to the OAuth Security BCP [12] [13] as a call to action for the community. --- Co-authors: Kaixuan Luo, Xianbo Wang, Adonis Fung, Wing Cheong Lau Our research paper appears in IEEE S&P 2026 [14], with preliminary results presented at Black Hat USA 2024 [15] and 2025 [16]. References: [1] https://cwe.mitre.org/data/definitions/384.html [2] https://oauth.net/advisories/2009-1/ [3] https://danielfett.de/2025/03/10/cross-device-session-fixation/ [4] https://datatracker.ietf.org/doc/html/draft-ietf-oauth-cross-device-security-16#section-4 [5] https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#section-14.2 [6] https://datatracker.ietf.org/doc/html/rfc9700 [7] https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/oauth2-authorization-url-session-binding.html [8] https://aws.amazon.com/blogs/machine-learning/secure-ai-agents-with-amazon-bedrock-agentcore-identity-on-amazon-ecs/ [9] https://docs.arcade.dev/en/home/auth/secure-auth-production [10] https://www.arcade.dev/blog/arcade-proactively-addressed-coat-vulnerability-in-agentic-ai/ [11] https://modelcontextprotocol.io/specification/2025-11-25/client/elicitation#phishing [12] IETF 125 Presentation (Page 6-8): https://datatracker.ietf.org/meeting/125/materials/slides-125-oauth-updates-to-oauth-20-security-best-current-practice-00 [13] Internet-Draft (Section 2.3): https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-update-01#section-2.3 [14] Kaixuan Luo, Xianbo Wang, Pui Ho Adonis Fung, and Wing Cheong Lau, "Demystifying the (In)Security of OAuth-based Account Linking in Connector Ecosystems," in 2026 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 2026, pp. 2327-2346. https://doi.ieeecomputersociety.org/10.1109/SP63933.2026.00128 [15] https://blackhat.com/us-24/briefings/schedule/index.html#one-hack-to-rule-them-all-pervasive-account-takeovers-in-integration-platforms-for-workflow-automation-virtual-voice-assistant-iot-38-llm-services-38994 [16] https://blackhat.com/us-25/briefings/schedule/index.html#back-to-the-future-hacking-and-securing-connection-based-oauth-architectures-in-agentic-ai-and-integration-platforms-44686 false https://talks.secworkshop.events/osw2026/talk/K7TUPH/ https://talks.secworkshop.events/osw2026/talk/K7TUPH/feedback/ Work Lab II Talk/Discussion 2026-05-29T11:30:00+02:00 11:30 00:30 Quant-ID is a project funded by the BMFTR for researching quantum entropy and post-quantum cryptography in OAuth and OIDC, including analyses and implementations by four partner organizations. We would like to share some results with the community. osw2026-73-outcomes-from-the-quant-id-project-pqc-and-qrng-in-the-scope-of-oauth-and-oidc Xenia Bogomolec en The development of quantum technologies is progressing faster than expected. While quantum computing poses a threat to currently used cryptography, there are also new solutions for resistance towards such attacks including quantum and post-quantum security. The current focus by information security agencies is the transition to post-quantum cryptography. NIST and the European Commission have published their related roadmaps. Our digital infrastructures heavily rely on cryptographic security and the transition timelines are tight. Cryptography is the very security backbone of authorization protocols. At the same time, authorization is a critical digital process for infrastructure security. Such assets are expected to be transitioned by the end of 2030 according to the EU roadmap. The project Quant-ID researched quantum entropy and post-quantum cryptography in OAuth and OIDC on the network and application layer in order to enable a smoother transition. We implemented a multi-component demonstrator, including an authorization server on an IBM VPC instance, relying rarties and a quantum random number generator. In this talk, we will present our main results and challenges in enabling a smooth transition to quantum-safe OAuth and OIDC. false https://talks.secworkshop.events/osw2026/talk/NAZJX8/ https://talks.secworkshop.events/osw2026/talk/NAZJX8/feedback/