{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2019:TO46DSL3VN3KJDHAKJDS4CB6C5","short_pith_number":"pith:TO46DSL3","schema_version":"1.0","canonical_sha256":"9bb9e1c97bab76a48ce052472e083e174149aaf06628b8b5d093631cc6feba08","source":{"kind":"arxiv","id":"1901.11520","version":1},"attestation_state":"computed","paper":{"title":"An Extensive Formal Security Analysis of the OpenID Financial-grade API","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Daniel Fett, Pedram Hosseyni, Ralf Kuesters","submitted_at":"2019-01-31T18:42:38Z","abstract_excerpt":"Forced by regulations and industry demand, banks worldwide are working to open their customers' online banking accounts to third-party services via web-based APIs. By using these so-called Open Banking APIs, third-party companies, such as FinTechs, are able to read information about and initiate payments from their users' bank accounts.\n  One of the most promising standards in this segment is the OpenID Financial-grade API (FAPI), currently under development in an open process by the OpenID Foundation and backed by large industry partners. The FAPI is a profile of OAuth 2.0 designed for high-r"},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"1901.11520","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2019-01-31T18:42:38Z","cross_cats_sorted":[],"title_canon_sha256":"62d426df21f6774c1eb2bbf33bb35843c829c950a3c1a0eb810699f0be18cb0f","abstract_canon_sha256":"ba8065578d6f6ca808c63372718f404e1e5fdd072071fc95e2f6f081e758b98b"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-17T23:55:01.672259Z","signature_b64":"n+GQWCWySdT6Ii7F8hctk7A0s1jAPr5Ckf56cSzy+RP7osBuNBC1c8B5U5XPDhSp39JVYsDpYAjf1TxhwrdKDg==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"9bb9e1c97bab76a48ce052472e083e174149aaf06628b8b5d093631cc6feba08","last_reissued_at":"2026-05-17T23:55:01.671771Z","signature_status":"signed_v1","first_computed_at":"2026-05-17T23:55:01.671771Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"An Extensive Formal Security Analysis of the OpenID Financial-grade API","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Daniel Fett, Pedram Hosseyni, Ralf Kuesters","submitted_at":"2019-01-31T18:42:38Z","abstract_excerpt":"Forced by regulations and industry demand, banks worldwide are working to open their customers' online banking accounts to third-party services via web-based APIs. By using these so-called Open Banking APIs, third-party companies, such as FinTechs, are able to read information about and initiate payments from their users' bank accounts.\n  One of the most promising standards in this segment is the OpenID Financial-grade API (FAPI), currently under development in an open process by the OpenID Foundation and backed by large industry partners. The FAPI is a profile of OAuth 2.0 designed for high-r"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1901.11520","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"1901.11520","created_at":"2026-05-17T23:55:01.671850+00:00"},{"alias_kind":"arxiv_version","alias_value":"1901.11520v1","created_at":"2026-05-17T23:55:01.671850+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1901.11520","created_at":"2026-05-17T23:55:01.671850+00:00"},{"alias_kind":"pith_short_12","alias_value":"TO46DSL3VN3K","created_at":"2026-05-18T12:33:30.264802+00:00"},{"alias_kind":"pith_short_16","alias_value":"TO46DSL3VN3KJDHA","created_at":"2026-05-18T12:33:30.264802+00:00"},{"alias_kind":"pith_short_8","alias_value":"TO46DSL3","created_at":"2026-05-18T12:33:30.264802+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":1,"internal_anchor_count":1,"sample":[{"citing_arxiv_id":"2605.22333","citing_title":"A First Measurement Study on Authentication Security in Real-World Remote MCP Servers","ref_index":39,"is_internal_anchor":true}]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/TO46DSL3VN3KJDHAKJDS4CB6C5","json":"https://pith.science/pith/TO46DSL3VN3KJDHAKJDS4CB6C5.json","graph_json":"https://pith.science/api/pith-number/TO46DSL3VN3KJDHAKJDS4CB6C5/graph.json","events_json":"https://pith.science/api/pith-number/TO46DSL3VN3KJDHAKJDS4CB6C5/events.json","paper":"https://pith.science/paper/TO46DSL3"},"agent_actions":{"view_html":"https://pith.science/pith/TO46DSL3VN3KJDHAKJDS4CB6C5","download_json":"https://pith.science/pith/TO46DSL3VN3KJDHAKJDS4CB6C5.json","view_paper":"https://pith.science/paper/TO46DSL3","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=1901.11520&json=true","fetch_graph":"https://pith.science/api/pith-number/TO46DSL3VN3KJDHAKJDS4CB6C5/graph.json","fetch_events":"https://pith.science/api/pith-number/TO46DSL3VN3KJDHAKJDS4CB6C5/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/TO46DSL3VN3KJDHAKJDS4CB6C5/action/timestamp_anchor","attest_storage":"https://pith.science/pith/TO46DSL3VN3KJDHAKJDS4CB6C5/action/storage_attestation","attest_author":"https://pith.science/pith/TO46DSL3VN3KJDHAKJDS4CB6C5/action/author_attestation","sign_citation":"https://pith.science/pith/TO46DSL3VN3KJDHAKJDS4CB6C5/action/citation_signature","submit_replication":"https://pith.science/pith/TO46DSL3VN3KJDHAKJDS4CB6C5/action/replication_record"}},"created_at":"2026-05-17T23:55:01.671850+00:00","updated_at":"2026-05-17T23:55:01.671850+00:00"}