
Jen Schreiber is a 2024 Vittorio Bertocci Awardee.
DIAF supported her journey to the OAuth Security Workshop in October 2024. We invite you to read more about his research and perspective below.
Just over a month ago, I spent three days in Reykjavik, Iceland with a group of more than one hundred people who love identity standards just as much as I do. It was an experience unlike what I expected, filled with stimulating discussion and a strong sense of community. By the time I was on the plane back to Denver, my cup was full… and then some. I left with confirmation that I am in the right place, pursuing the right questions, with the right people.

The trip began in a whirlwind. I landed at Keflavík International Airport at 7 am Wednesday morning. By 9:30, I was at the Harpa, the event center in the middle of Reykjavík and the location of the OAuth Security Workshop. I was a little hesitant entering: Would I know anyone here? Could I contribute to discussions? But all of that washed away as I stepped into the auditorium (with a cup of coffee of course – I did just take a red-eye flight). After the first 20 minutes, I thought: this is really interesting. The next talk started: wow, another topic I love. I looked at the schedule again: am I interested in almost every talk? By lunch, I was confident I was supposed to be here and that continued until the conference ended on Friday.
The OAuth Security Workshop is an annual 3 day conference/un-conference centered around OAuth, OpenID, and related technologies. The mornings were the “conference” part with pre-selected talks. The afternoons were the “unconference” where attendees proposed sessions like a deep-dive on a topic or a new idea they’ve had. There was also no shortage of social events sprinkled throughout the week – coffee breaks, lunches, a lively happy hour, a beautiful dinner, a city tour, etc.
There were many topics that I enjoyed but I will list a few of my lingering questions below:
- There are over 101 specifications built upon OAuth and OpenID. How does an implementer begin to decide which to use?
- “Is it hope or is it hype?” What drives a standard to adoption?
- One human identity can be represented in hundreds of different ways. Can each of these different personas act independently of each other and require unique permissions and responsibilities?
- What is the responsibility of Identity Brokers in Single Sign On (SSO) and how should they be held accountable for the security of the ecosystem?
- Is privacy-preserving SSO an achievable reality?

My favorite part of OSW was the community. I’ve since described it as a most welcoming and inclusive club – one that everyone is encouraged to join. I met people I instantly felt comfortable with and who wanted to help advocate for me. I even left with a co-author for a technical blog post (link coming soon!). Many of the people at the conference, including me, were actively contributing to Identity Standards. It made me wonder, what drives people, these people, to contribute to standards, often on their own time and resources? The answer I left with: we are all just humans, from diverse backgrounds, driven by a responsibility to make the world better and more secure.
I am extremely grateful to DIAF for the opportunity to attend OSW, which without this award would not have been possible. It was truly an unforgettable experience and I hope to attend OSW next year in Leipzig, Germany!
Leave a Reply