{"id":"https://openalex.org/W4403221646","doi":"https://doi.org/10.1145/3699716","title":"Formal Security Analysis of the OpenID FAPI 2.0 Family of Protocols: Accompanying a Standardization Process","display_name":"Formal Security Analysis of the OpenID FAPI 2.0 Family of Protocols: Accompanying a Standardization Process","publication_year":2024,"publication_date":"2024-10-08","ids":{"openalex":"https://openalex.org/W4403221646","doi":"https://doi.org/10.1145/3699716"},"language":"en","primary_location":{"id":"doi:10.1145/3699716","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3699716","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3699716","source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"bronze","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3699716","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5057518736","display_name":"Pedram Hosseyni","orcid":"https://orcid.org/0000-0001-5618-5663"},"institutions":[{"id":"https://openalex.org/I100066346","display_name":"University of Stuttgart","ror":"https://ror.org/04vnq7t77","country_code":"DE","type":"education","lineage":["https://openalex.org/I100066346"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Pedram Hosseyni","raw_affiliation_strings":["Institute of Information Security, University of Stuttgart, Stuttgart, Germany","Institute of Information Security, University of Stuttgart Faculty 5 Computer Science Electrical Engineering and Information Technology, Stuttgart, DE 70569, Germany"],"affiliations":[{"raw_affiliation_string":"Institute of Information Security, University of Stuttgart, Stuttgart, Germany","institution_ids":["https://openalex.org/I100066346"]},{"raw_affiliation_string":"Institute of Information Security, University of Stuttgart Faculty 5 Computer Science Electrical Engineering and Information Technology, Stuttgart, DE 70569, Germany","institution_ids":["https://openalex.org/I100066346"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088011494","display_name":"Ralf K\u00fcsters","orcid":"https://orcid.org/0000-0002-9071-9312"},"institutions":[{"id":"https://openalex.org/I100066346","display_name":"University of Stuttgart","ror":"https://ror.org/04vnq7t77","country_code":"DE","type":"education","lineage":["https://openalex.org/I100066346"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Ralf K\u00fcsters","raw_affiliation_strings":["Institute of Information Security, University of Stuttgart, Stuttgart, Germany","Institute of Information Security, University of Stuttgart Faculty 5 Computer Science Electrical Engineering and Information Technology, Stuttgart, DE 70569 Germany"],"affiliations":[{"raw_affiliation_string":"Institute of Information Security, University of Stuttgart, Stuttgart, Germany","institution_ids":["https://openalex.org/I100066346"]},{"raw_affiliation_string":"Institute of Information Security, University of Stuttgart Faculty 5 Computer Science Electrical Engineering and Information Technology, Stuttgart, DE 70569 Germany","institution_ids":["https://openalex.org/I100066346"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5005751525","display_name":"Tim W\u00fcrtele","orcid":"https://orcid.org/0000-0002-4729-0629"},"institutions":[{"id":"https://openalex.org/I100066346","display_name":"University of Stuttgart","ror":"https://ror.org/04vnq7t77","country_code":"DE","type":"education","lineage":["https://openalex.org/I100066346"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Tim W\u00fcrtele","raw_affiliation_strings":["Institute of Information Security, University of Stuttgart, Stuttgart, Germany","Institute of Information Security, University of Stuttgart Faculty 5 Computer Science Electrical Engineering and Information Technology, Stuttgart, DE 70569 Germany"],"affiliations":[{"raw_affiliation_string":"Institute of Information Security, University of Stuttgart, Stuttgart, Germany","institution_ids":["https://openalex.org/I100066346"]},{"raw_affiliation_string":"Institute of Information Security, University of Stuttgart Faculty 5 Computer Science Electrical Engineering and Information Technology, Stuttgart, DE 70569 Germany","institution_ids":["https://openalex.org/I100066346"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5057518736"],"corresponding_institution_ids":["https://openalex.org/I100066346"],"apc_list":null,"apc_paid":null,"fwci":1.4257,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.83386059,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":97},"biblio":{"volume":"28","issue":"1","first_page":"1","last_page":"36"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11504","display_name":"Advanced Authentication Protocols Security","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11504","display_name":"Advanced Authentication Protocols Security","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9977999925613403,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/standardization","display_name":"Standardization","score":0.8016543388366699},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.6043040752410889},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.4765772819519043},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.2106451392173767}],"concepts":[{"id":"https://openalex.org/C188087704","wikidata":"https://www.wikidata.org/wiki/Q369577","display_name":"Standardization","level":2,"score":0.8016543388366699},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.6043040752410889},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.4765772819519043},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.2106451392173767}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3699716","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3699716","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3699716","source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1145/3699716","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3699716","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3699716","source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","score":0.6100000143051147,"display_name":"Industry, innovation and infrastructure"}],"awards":[{"id":"https://openalex.org/G2213713200","display_name":null,"funder_award_id":"443324941","funder_id":"https://openalex.org/F4320320879","funder_display_name":"Deutsche Forschungsgemeinschaft"}],"funders":[{"id":"https://openalex.org/F4320320879","display_name":"Deutsche Forschungsgemeinschaft","ror":"https://ror.org/018mejw64"}],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W4403221646.pdf"},"referenced_works_count":48,"referenced_works":["https://openalex.org/W6139613","https://openalex.org/W1197495329","https://openalex.org/W1502415516","https://openalex.org/W1580416641","https://openalex.org/W1785797725","https://openalex.org/W1801836452","https://openalex.org/W1880223886","https://openalex.org/W1973054120","https://openalex.org/W1976371754","https://openalex.org/W1997143966","https://openalex.org/W2023040061","https://openalex.org/W2029693536","https://openalex.org/W2103475742","https://openalex.org/W2112995928","https://openalex.org/W2133723082","https://openalex.org/W2143504694","https://openalex.org/W2208621975","https://openalex.org/W2229250518","https://openalex.org/W2237651967","https://openalex.org/W2247027790","https://openalex.org/W2254160488","https://openalex.org/W2257242910","https://openalex.org/W2257521072","https://openalex.org/W2264669974","https://openalex.org/W2296718334","https://openalex.org/W2398053170","https://openalex.org/W2400427673","https://openalex.org/W2479771266","https://openalex.org/W2506112596","https://openalex.org/W2540310736","https://openalex.org/W2893478812","https://openalex.org/W2918693378","https://openalex.org/W2941445585","https://openalex.org/W2943233581","https://openalex.org/W2962768977","https://openalex.org/W2963149044","https://openalex.org/W2964194080","https://openalex.org/W2974161339","https://openalex.org/W3095119430","https://openalex.org/W3204001540","https://openalex.org/W4220811499","https://openalex.org/W4384948622","https://openalex.org/W4386509553","https://openalex.org/W4390742494","https://openalex.org/W4391825440","https://openalex.org/W4402674294","https://openalex.org/W4403205487","https://openalex.org/W4403221646"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2378767206","https://openalex.org/W1540871478","https://openalex.org/W328308450","https://openalex.org/W282641168","https://openalex.org/W2376963063","https://openalex.org/W2066396794","https://openalex.org/W2366734808","https://openalex.org/W2002476357"],"abstract_inverted_index":{"FAPI":[0,13,44,67,78,88,153,179,205,246],"2.0":[1,45,89,154,180],"is":[2,69,124],"a":[3,92,127,184,193],"suite":[4],"of":[5,75,86,130,151,168,187],"Web":[6,132,136],"protocols":[7,90,155,189],"developed":[8],"by":[9,244],"the":[10,30,43,65,84,87,110,131,134,152,163,169,178,188,204,209,216,233,239,245],"OpenID":[11],"Foundation\u2019s":[12],"Working":[14],"Group":[15],"(FAPI":[16],"WG)":[17],"for":[18,109],"third-party":[19],"data":[20],"sharing":[21],"and":[22,62,103,120,166,172,190,229],"digital":[23],"identity":[24],"in":[25,70,177,212,221],"high-risk":[26],"environments.":[27],"Even":[28],"though":[29],"specifications":[31],"are":[32],"not":[33],"completely":[34],"finished,":[35],"several":[36,198,213],"important":[37,157],"entities":[38],"have":[39,201,224],"started":[40],"to":[41,82,96,104,143,146,207,215],"adopt":[42],"protocols,":[46,210],"including":[47,156],"Norway\u2019s":[48],"national":[49],"HelseID,":[50],"Australia\u2019s":[51],"Consumer":[52],"Data":[53],"Standards,":[54],"as":[55,57],"well":[56],"private":[58],"companies":[59],"like":[60,159],"Authlete":[61],"Australia-based":[63],"connectID;":[64],"predecessor":[66],"1.0":[68],"widespread":[71,101],"use":[72],"with":[73,91,203],"millions":[74],"users.":[76],"The":[77],"WG":[79,206],"asked":[80],"us":[81],"accompany":[83],"standardization":[85],"formal":[93,106,185,194],"security":[94,107,170,195,234],"analysis":[95,119,123,150],"proactively":[97],"identify":[98],"vulnerabilities":[99],"before":[100],"deployment":[102],"provide":[105,183],"guarantees":[108],"standards.":[111],"In":[112],"this":[113],"paper,":[114],"we":[115,141,182,223],"report":[116],"on":[117,126,162],"our":[118,149,226],"findings.":[121],"Our":[122],"based":[125],"detailed":[128],"model":[129,174,186,228,242],"infrastructure,":[133],"so-called":[135],"Infrastructure":[137],"Model":[138],"(WIM),":[139],"which":[140],"extend":[142],"be":[144],"able":[145],"carry":[147,191],"out":[148,176,192],"extensions":[158],"FAPI-CIBA.":[160],"Based":[161],"(extended)":[164],"WIM":[165],"formalizations":[167],"goals":[171],"attacker":[173,241],"laid":[175],"specifications,":[181],"analysis,":[196],"revealing":[197],"attacks.":[199],"We":[200],"worked":[202],"fix":[208],"resulting":[211],"amendments":[214],"specifications.":[217],"With":[218],"these":[219],"changes":[220],"place,":[222],"adjusted":[225],"protocol":[227],"formally":[230],"proved":[231],"that":[232],"properties":[235],"hold":[236],"true":[237],"under":[238],"strong":[240],"defined":[243],"WG.":[247]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":1}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2025-10-10T00:00:00"}