Last week I attended OAuth Security
Workshop at Trondheim, Norway. It
was a 3-day single-track conference, where the first half of the days were
pre-selected talks, and the second parts were unconference talks/side meetings.
This was also my first proper conference after COVID emerged in the world.
Back to the starting line
After many years felt the whole excitement of being a total newbie in something
and suddenly being able to meet all the people behind the ideas. I reached the
conference hotel in the afternoon of day 0 and met the organizers as they were
in the lobby area. That chat went on for a long, and as more and more people
kept checking into the hotel, I realized that it was a kind of reunion for many
of the participants. Though a few of them met at a conference in California
just a week ago, they all were excited to meet again.
To understand how welcoming any community is, just notice how the community
behaves towards new folks. I think the Python community stands high in this
regard. And I am very happy to say the whole OAuth/OIDC/Identity-related
community folks are excellent in this regard. Even though I kept introducing
myself as the new person in this identity land, not even for a single time I
felt unwelcome. I attended OpenID-related working group meetings during the
conference, multiple hallway chats, or talked to people while walking around
the beautiful city. Everyone was happy to explain things in detail to me. Even
though most of the people there have already spent 5-15+ years in the identity
The talks & meetings
What happens in Trondheim, stays in Trondheim.
I generally do not attend many talks at conferences, as they get recorded. But
here, the conference was a single track, and also, there were no recordings.
The first talk was related to formal verification, and this was the first time
I saw those (scary in my mind) maths on the big screen. But, full credit to the
speakers as they explained things in such a way so that even an average
programmer like me understood each step. And after this talk, we jumped into
the world of OAuth/OpenID. One funny thing was whenever someone mentioned some
RFC number, we found the authors inside the meeting room.
In the second half, we had the GNAP master class from Justin Richer. And once
again, the speaker straightforwardly explained such deep technical details so
that everyone in the room could understand it.
Now, in the evening before, a few times, people mentioned that in heated
technical details, many RFC numbers will be thrown at each other, though it was
not that many for me to get too scared :)
I also managed to meet Roland for the first time. We had longer chats about the
status of Python in the identity ecosystem and also about Identity
Python. I took some notes about how we can improve the
usage of Python in this, and I will most probably start writing about those in
the coming weeks.
In multiple talks, researchers & people from the industry pointed out the
mistakes made in the space from the security point of view. Even though, for
many things, we have clear instructions in the SPECs, there is no guarantee
that the implementors will follow them properly, thus causing security gaps.
At the end of day 1, we had a special Organ concert at the beautiful Trondheim
Cathedral. On day 2, we had a special talk, “The Viking Kings of Norway”.
If you let me talk about my experience at the conference, I don’t think I will
stop before 2 hours. It was so much excitement, new information, the whole
feeling of going back into my starting days where I knew nothing much. Every
discussion was full of learning opportunities (all discussions are anyway, but
being a newbie is a different level of excitement) or the sadness of leaving
Anwesha & Py back in Stockholm. This was the first time I was staying away from
them after moving to Sweden.
Just before the conference ended, Aaron Parecki
gave me a surprise gift. I spent time with it during the whole flight back to
This conference had the best food experience of my life for a conference.
Starting from breakfast to lunch, big snack tables, dinners, or restaurant
foods. In front of me, at least 4 people during the conference said, “oh, it
feels like we are only eating and sometimes talking”.
Another thing I really loved to see is that the two primary
organizers are university roommates who are
continuing the friendship and journey in a very beautiful way. After midnight,
standing outside of the hotel and talking about random things about life and
just being able to see two longtime friends excited about similar things, it
felt so nice.
I also want to thank the whole organizing team, including local organizers,
Steinar, and the rest of the team did a