{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2017:O6YCHNLD7EXAOQNEQEG6ITDQWU","short_pith_number":"pith:O6YCHNLD","canonical_record":{"source":{"id":"1704.08539","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2017-04-27T12:43:33Z","cross_cats_sorted":[],"title_canon_sha256":"dfd2b7044f911c95dc0fde4657163a1e419a29cc3bcf55a774c66445c7df161a","abstract_canon_sha256":"b5175fb2c3b2435f437bcdd7973f57538b17fd97ef13d0165717827963fca1fb"},"schema_version":"1.0"},"canonical_sha256":"77b023b563f92e0741a4810de44c70b5143658be1e1e4623bb5158f9d0629f4f","source":{"kind":"arxiv","id":"1704.08539","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1704.08539","created_at":"2026-05-17T23:55:09Z"},{"alias_kind":"arxiv_version","alias_value":"1704.08539v1","created_at":"2026-05-17T23:55:09Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1704.08539","created_at":"2026-05-17T23:55:09Z"},{"alias_kind":"pith_short_12","alias_value":"O6YCHNLD7EXA","created_at":"2026-05-18T12:31:34Z"},{"alias_kind":"pith_short_16","alias_value":"O6YCHNLD7EXAOQNE","created_at":"2026-05-18T12:31:34Z"},{"alias_kind":"pith_short_8","alias_value":"O6YCHNLD","created_at":"2026-05-18T12:31:34Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2017:O6YCHNLD7EXAOQNEQEG6ITDQWU","target":"record","payload":{"canonical_record":{"source":{"id":"1704.08539","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2017-04-27T12:43:33Z","cross_cats_sorted":[],"title_canon_sha256":"dfd2b7044f911c95dc0fde4657163a1e419a29cc3bcf55a774c66445c7df161a","abstract_canon_sha256":"b5175fb2c3b2435f437bcdd7973f57538b17fd97ef13d0165717827963fca1fb"},"schema_version":"1.0"},"canonical_sha256":"77b023b563f92e0741a4810de44c70b5143658be1e1e4623bb5158f9d0629f4f","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-17T23:55:09.860543Z","signature_b64":"QXaZdxzxirasvKtR6LhqVuRRYl+WE0Vh8YE6Ct56YPsKVzHzVXYZBD6UJI5g9ADfp1AWQukWjIoXvr5b6I2BBg==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"77b023b563f92e0741a4810de44c70b5143658be1e1e4623bb5158f9d0629f4f","last_reissued_at":"2026-05-17T23:55:09.860073Z","signature_status":"signed_v1","first_computed_at":"2026-05-17T23:55:09.860073Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1704.08539","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-17T23:55:09Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"gAkCwlj08UjrT98dD5aI6UXRymPxOBaHgQdy15L3EK3QJhOgBvyohszpZLzn0n2MCVdekpIIf5zZwUTNWGUaDQ==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-09T18:13:14.476395Z"},"content_sha256":"00e7f4aed96eb933e1a6b898511145eb85d7e1bf256032516c505e06a5ffb120","schema_version":"1.0","event_id":"sha256:00e7f4aed96eb933e1a6b898511145eb85d7e1bf256032516c505e06a5ffb120"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2017:O6YCHNLD7EXAOQNEQEG6ITDQWU","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"The Web SSO Standard OpenID Connect: In-Depth Formal Security Analysis and Security Guidelines","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Daniel Fett, Guido Schmitz, Ralf Kuesters","submitted_at":"2017-04-27T12:43:33Z","abstract_excerpt":"Web-based single sign-on (SSO) services such as Google Sign-In and Log In with Paypal are based on the OpenID Connect protocol. This protocol enables so-called relying parties to delegate user authentication to so-called identity providers. OpenID Connect is one of the newest and most widely deployed single sign-on protocols on the web. Despite its importance, it has not received much attention from security researchers so far, and in particular, has not undergone any rigorous security analysis.\n  In this paper, we carry out the first in-depth security analysis of OpenID Connect. To this end, "},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1704.08539","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-17T23:55:09Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"JlZNktDRCIc/upKpIVHBG+G1APBiThAlIPsFU7KzZxmhkiepG6y1ul+qmbnURjySoEIbf14FICxJy0uM/XwEBA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-09T18:13:14.477074Z"},"content_sha256":"21c4dca5f492d60330a195bec7cc7295186267027f2bfe3c294741549f95b093","schema_version":"1.0","event_id":"sha256:21c4dca5f492d60330a195bec7cc7295186267027f2bfe3c294741549f95b093"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/O6YCHNLD7EXAOQNEQEG6ITDQWU/bundle.json","state_url":"https://pith.science/pith/O6YCHNLD7EXAOQNEQEG6ITDQWU/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/O6YCHNLD7EXAOQNEQEG6ITDQWU/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-09T18:13:14Z","links":{"resolver":"https://pith.science/pith/O6YCHNLD7EXAOQNEQEG6ITDQWU","bundle":"https://pith.science/pith/O6YCHNLD7EXAOQNEQEG6ITDQWU/bundle.json","state":"https://pith.science/pith/O6YCHNLD7EXAOQNEQEG6ITDQWU/state.json","well_known_bundle":"https://pith.science/.well-known/pith/O6YCHNLD7EXAOQNEQEG6ITDQWU/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2017:O6YCHNLD7EXAOQNEQEG6ITDQWU","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"b5175fb2c3b2435f437bcdd7973f57538b17fd97ef13d0165717827963fca1fb","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2017-04-27T12:43:33Z","title_canon_sha256":"dfd2b7044f911c95dc0fde4657163a1e419a29cc3bcf55a774c66445c7df161a"},"schema_version":"1.0","source":{"id":"1704.08539","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1704.08539","created_at":"2026-05-17T23:55:09Z"},{"alias_kind":"arxiv_version","alias_value":"1704.08539v1","created_at":"2026-05-17T23:55:09Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1704.08539","created_at":"2026-05-17T23:55:09Z"},{"alias_kind":"pith_short_12","alias_value":"O6YCHNLD7EXA","created_at":"2026-05-18T12:31:34Z"},{"alias_kind":"pith_short_16","alias_value":"O6YCHNLD7EXAOQNE","created_at":"2026-05-18T12:31:34Z"},{"alias_kind":"pith_short_8","alias_value":"O6YCHNLD","created_at":"2026-05-18T12:31:34Z"}],"graph_snapshots":[{"event_id":"sha256:21c4dca5f492d60330a195bec7cc7295186267027f2bfe3c294741549f95b093","target":"graph","created_at":"2026-05-17T23:55:09Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"Web-based single sign-on (SSO) services such as Google Sign-In and Log In with Paypal are based on the OpenID Connect protocol. This protocol enables so-called relying parties to delegate user authentication to so-called identity providers. OpenID Connect is one of the newest and most widely deployed single sign-on protocols on the web. Despite its importance, it has not received much attention from security researchers so far, and in particular, has not undergone any rigorous security analysis.\n  In this paper, we carry out the first in-depth security analysis of OpenID Connect. To this end, ","authors_text":"Daniel Fett, Guido Schmitz, Ralf Kuesters","cross_cats":[],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2017-04-27T12:43:33Z","title":"The Web SSO Standard OpenID Connect: In-Depth Formal Security Analysis and Security Guidelines"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1704.08539","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:00e7f4aed96eb933e1a6b898511145eb85d7e1bf256032516c505e06a5ffb120","target":"record","created_at":"2026-05-17T23:55:09Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"b5175fb2c3b2435f437bcdd7973f57538b17fd97ef13d0165717827963fca1fb","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2017-04-27T12:43:33Z","title_canon_sha256":"dfd2b7044f911c95dc0fde4657163a1e419a29cc3bcf55a774c66445c7df161a"},"schema_version":"1.0","source":{"id":"1704.08539","kind":"arxiv","version":1}},"canonical_sha256":"77b023b563f92e0741a4810de44c70b5143658be1e1e4623bb5158f9d0629f4f","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"77b023b563f92e0741a4810de44c70b5143658be1e1e4623bb5158f9d0629f4f","first_computed_at":"2026-05-17T23:55:09.860073Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-17T23:55:09.860073Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"QXaZdxzxirasvKtR6LhqVuRRYl+WE0Vh8YE6Ct56YPsKVzHzVXYZBD6UJI5g9ADfp1AWQukWjIoXvr5b6I2BBg==","signature_status":"signed_v1","signed_at":"2026-05-17T23:55:09.860543Z","signed_message":"canonical_sha256_bytes"},"source_id":"1704.08539","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:00e7f4aed96eb933e1a6b898511145eb85d7e1bf256032516c505e06a5ffb120","sha256:21c4dca5f492d60330a195bec7cc7295186267027f2bfe3c294741549f95b093"],"state_sha256":"f46ecb2d6b9fdb4bf318419d3e1b46085ecd8eebf08d7445f1858009520985e6"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"ZvmHGuFstoNdrJAZFMKyf+V2GgrC/uo9jMAIMabxNo1e5NYzfWaHOprvB/UjdzkYFZVuAVHk+GMvVZnlsyGYBQ==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-09T18:13:14.481046Z","bundle_sha256":"66b590ea7a34dce6d3108245c521d79f937237499ab623294caa1003d7e0ac95"}}