From nobody Sat Aug  2 19:39:31 2014
Return-Path: <panca70@outlook.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D5C21A00D8 for <oauth@ietfa.amsl.com>; Sat,  2 Aug 2014 19:39:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.751
X-Spam-Level: 
X-Spam-Status: No, score=0.751 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, J_CHICKENPOX_21=0.6, J_CHICKENPOX_32=0.6, J_CHICKENPOX_41=0.6, J_CHICKENPOX_51=0.6, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1n43VAEnyQk9 for <oauth@ietfa.amsl.com>; Sat,  2 Aug 2014 19:39:23 -0700 (PDT)
Received: from BLU004-OMC1S15.hotmail.com (blu004-omc1s15.hotmail.com [65.55.116.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31A291A00D7 for <oauth@ietf.org>; Sat,  2 Aug 2014 19:39:23 -0700 (PDT)
Received: from BLU406-EAS25 ([65.55.116.7]) by BLU004-OMC1S15.hotmail.com with Microsoft SMTPSVC(7.5.7601.22712); Sat, 2 Aug 2014 19:39:22 -0700
X-TMN: [uQRcEc619q6YDjU4eJ2u5LNFASPlbh/g]
X-Originating-Email: [panca70@outlook.com]
Message-ID: <BLU406-EAS25E4F6A9D6D0787FC3DA63A6E50@phx.gbl>
Content-Type: multipart/alternative; boundary="_0d0469e7-2205-43e3-95b7-03ad632fcb0c_"
MIME-Version: 1.0
X-Client-ID: 404
X-Mailer: BlackBerry Email (10.2.1.3175)
Date: Sun, 3 Aug 2014 09:39:20 +0700
From: Panca Agus Ananda <panca70@outlook.com>
To: <oauth@ietf.org>
X-OriginalArrivalTime: 03 Aug 2014 02:39:22.0341 (UTC) FILETIME=[21F2B150:01CFAEC4]
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/Mig_MVHxXum6tcNWZzuEbq1GOzc
Subject: [OAUTH-WG] Bls: OAuth Digest, Vol 69, Issue 134
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Aug 2014 02:39:27 -0000

--_0d0469e7-2205-43e3-95b7-03ad632fcb0c_
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"



Dikirim dari ponsel cerdas BlackBerry 10 saya dengan jaringan Telkomsel.
Dari: oauth-request@ietf.org
Terkirim: Rabu=2C 30 Juli 2014 03.42
Ke: oauth@ietf.org
Balas Ke: oauth@ietf.org
Perihal: OAuth Digest=2C Vol 69=2C Issue 134


Send OAuth mailing list submissions to
        oauth@ietf.org

To subscribe or unsubscribe via the World Wide Web=2C visit
        https://www.ietf.org/mailman/listinfo/oauth
or=2C via email=2C send a message with subject or body 'help' to
        oauth-request@ietf.org

You can reach the person managing the list at
        oauth-owner@ietf.org

When replying=2C please edit your Subject line so it is more specific
than "Re: Contents of OAuth digest..."


Today's Topics:

   1. Re: Confirmation: Call for Adoption of "OAuth Token
      Introspection" as an OAuth Working Group Item (Phil Hunt)


----------------------------------------------------------------------

Message: 1
Date: Tue=2C 29 Jul 2014 13:41:16 -0700
From: Phil Hunt <phil.hunt@oracle.com>
To: Justin Richer <jricher@mitre.org>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Confirmation: Call for Adoption of "OAuth
        Token Introspection" as an OAuth Working Group Item
Message-ID: <620AF4CA-B7F7-487E-A833-3483D2B41B26@oracle.com>
Content-Type: text/plain=3B charset=3D"utf-8"

Making everything optional achieves no benefits=2C you just end up with a c=
omplex set of options and no inter op.

We had the same issue with dyn reg.

I prefer to first get agreement on use case.

What are the questions a caller can ask and what form of responses are avai=
lable.

Should this be limited to authz info or is this a back door for user data a=
nd wbfinger data?

I would prefer to have agreement on use cases before picking a solution rig=
ht now.

Phil

> On Jul 29=2C 2014=2C at 11:13=2C Justin Richer <jricher@mitre.org> wrote:
>
> Agreed on this point -- which is why the only MTI bit in the individual d=
raft is "active"=2C which is whether or not the token was any good to begin=
 with. There are a set of claims with defined semantics but all are optiona=
l=2C and the list is extensible. I think in practice we'll see people settl=
e on a set of common ones.
>
>  -- Justin
>
>> On 07/29/2014 02:11 PM=2C Bill Mills wrote:
>> This is exactly the same problem space as webfinger=2C you want to know =
something about a user and there's a useful set of information you might re=
asonably query=2C but in the end the server may have it's own schema of dat=
a it returns.  There won't be a single schema that fits all use cases=2C An=
y given RS/AS ecosystem may decide they have custom stuff and omit other st=
uff.  I think the more rigid the MTI schema gets the harder the battle in t=
his case.
>>
>>
>> On Tuesday=2C July 29=2C 2014 2:56 AM=2C Paul Madsen <paul.madsen@gmail.=
com> wrote:
>>
>>
>> Standardized Introspection will be valuable in NAPPS=2C where the AS and=
 RS may be in different policy domains.
>>
>> Even for single policy domains=2C there are enterprise scenarios where t=
he RS is from a different vendor than the AS=2C such as when an API gateway=
 validates tokens issued by an 'IdP' . We've necessarily defined our own in=
trospection endpoint and our gateway partners have implemented it=2C (at th=
e instruction of the customer in question). But of course it's proprietary =
to us.
>>
>> Paul
>>
>> On Jul 28=2C 2014=2C at 8:59 PM=2C Phil Hunt <phil.hunt@oracle.com> wrot=
e:
>>
>>> That doesn?t explain the need for inter-operability. What you?ve descri=
bed is what will be common practice.
>>>
>>> It?s a great open source technique=2C but that?s not a standard.
>>>
>>> JWT is much different. JWT is a foundational specification that describ=
es the construction and parsing of JSON based tokens. There is inter-op wit=
h token formats that build on top and there is inter-op between every commu=
nicating party.
>>>
>>> In OAuth=2C a site may never implement token introspection nor may it d=
o it the way you describe.  Why would that be a problem?  Why should the gr=
oup spend time on something where there may be no inter-op need.
>>>
>>> Now that said=2C if you are in the UMA community.  Inter-op is quite fo=
undational.  It is very very important. But then maybe the spec should be d=
efined within UMA?
>>>
>>> Phil
>>>
>>> @independentid
>>> www.independentid.com
>>> phil.hunt@oracle.com
>>>
>>>
>>>
>>>> On Jul 28=2C 2014=2C at 5:39 PM=2C Justin Richer <jricher@MIT.EDU>    =
                             wrote:
>>>>
>>>> It's analogous to JWT in many ways: when you've got the AS and the RS =
separated somehow (different box=2C different domain=2C even different soft=
ware vendor) and you need to communicate a set of information about the app=
roval delegation from the AS (who has the context to know about it) through=
 to the RS (who needs to know about it to make the authorization call). JWT=
 gives us an interoperable way to do this by passing values inside the toke=
n itself=2C introspection gives a way to pass the values by reference via t=
he token as an artifact. The two are complementary=2C and there are even ca=
ses where you'd want to deploy them together.
>>>>
>>>>  -- Justin
>>>>
>>>>> On 7/28/2014 8:11 PM=2C Phil Hunt wrote:
>>>>> Could we have some discussion on the interop cases?
>>>>>
>>>>> Is it driven by scenarios where AS and resource are separate domains?=
 Or may this be only of interest to specific protocols like UMA?
>>>>>
>>>>> From a technique principle=2C the draft is important and sound. I am =
just not there yet on the reasons for an interoperable standard.
>>>>>
>>>>> Phil
>>>>>
>>>>> On Jul 28=2C 2014=2C at 17:00=2C Thomas Broyer <t.broyer@gmail.com> w=
rote:
>>>>>
>>>>>> Yes. This spec is of special interest to the platform we're building=
 for http://www.oasis-eu.org/
>>>>>>
>>>>>>
>>>>>> On Mon=2C Jul 28=2C 2014 at 7:33 PM=2C Hannes Tschofenig <hannes.tsc=
hofenig@gmx.net> wrote:
>>>>>> Hi all=2C
>>>>>>
>>>>>> during the IETF #90 OAuth WG meeting=2C there was strong consensus i=
n
>>>>>> adopting the "OAuth Token Introspection"
>>>>>> (draft-richer-oauth-introspection-06.txt) specification as an OAuth =
WG
>>>>>> work item.
>>>>>>
>>>>>> We would now like to verify the outcome of this call for adoption on=
 the
>>>>>> OAuth WG mailing list. Here is the link to the document:
>>>>>> http://datatracker.ietf.org/doc/draft-richer-oauth-introspection/
>>>>>>
>>>>>> If you did not hum at the IETF 90 OAuth WG meeting=2C               =
                                and have an opinion
>>>>>> as to the suitability of adopting this document as a WG work item=2C
>>>>>> please send mail to the OAuth WG list indicating your opinion (Yes/N=
o).
>>>>>>
>>>>>> The confirmation call for adoption will last until August 10=2C 2014=
.  If
>>>>>> you have issues/edits/comments on the document=2C please send these
>>>>>> comments along to the list in your response to this Call for Adoptio=
n.
>>>>>>
>>>>>> Ciao
>>>>>> Hannes & Derek
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> OAuth mailing list
>>>>>> OAuth@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/oauth
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Thomas Broyer
>>>>>> /t?.ma.b?wa.je/
>>>>>> _______________________________________________
>>>>>> OAuth mailing list
>>>>>> OAuth@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/oauth
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> OAuth mailing list
>>>>> OAuth@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/oauth
>>>>
>>>> _______________________________________________
>>>> OAuth mailing list
>>>> OAuth@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/oauth
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>>
>>
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.ietf.org/mail-archive/web/oauth/attachments/20140729/a437e=
374/attachment.html>

------------------------------

Subject: Digest Footer

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


------------------------------

End of OAuth Digest=2C Vol 69=2C Issue 134
**************************************

--_0d0469e7-2205-43e3-95b7-03ad632fcb0c_
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="utf-8"

<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html=3B charset=3Dutf-8">
</head>
<body data-blackberry-caret-color=3D"#00a8df" style=3D"background-color: rg=
b(255=2C 255=2C 255)=3B line-height: initial=3B">
<div style=3D"width: 100%=3B font-size: initial=3B font-family: Calibri=2C =
'Slate Pro'=2C sans-serif=3B color: rgb(31=2C 73=2C 125)=3B text-align: ini=
tial=3B background-color: rgb(255=2C 255=2C 255)=3B">
<br name=3D"BB10" caretmarkerset=3D"INVALID" class=3D"markedForCaretMarkerR=
emoval">
</div>
<div style=3D"width: 100%=3B font-size: initial=3B font-family: Calibri=2C =
'Slate Pro'=2C sans-serif=3B color: rgb(31=2C 73=2C 125)=3B text-align: ini=
tial=3B background-color: rgb(255=2C 255=2C 255)=3B">
<br style=3D"display:initial">
</div>
<div style=3D"font-size: initial=3B font-family: Calibri=2C 'Slate Pro'=2C =
sans-serif=3B color: rgb(31=2C 73=2C 125)=3B text-align: initial=3B backgro=
und-color: rgb(255=2C 255=2C 255)=3B">
Dikirim dari ponsel cerdas BlackBerry 10 saya dengan jaringan Telkomsel.</d=
iv>
<table width=3D"100%" style=3D"background-color:white=3Bborder-spacing:0px=
=3B">
<tbody>
<tr>
<td colspan=3D"2" style=3D"font-size: initial=3B text-align: initial=3B bac=
kground-color: rgb(255=2C 255=2C 255)=3B">
<div id=3D"_persistentHeader" style=3D"border-style: solid none none=3B bor=
der-top-color: rgb(181=2C 196=2C 223)=3B border-top-width: 1pt=3B padding: =
3pt 0in 0in=3B font-family: Tahoma=2C 'BB Alpha Sans'=2C 'Slate Pro'=3B fon=
t-size: 10pt=3B">
<div><b>Dari: </b>oauth-request@ietf.org</div>
<div><b>Terkirim: </b>Rabu=2C 30 Juli 2014 03.42</div>
<div><b>Ke: </b>oauth@ietf.org</div>
<div><b>Balas Ke: </b>oauth@ietf.org</div>
<div><b>Perihal: </b>OAuth Digest=2C Vol 69=2C Issue 134</div>
</div>
</td>
</tr>
</tbody>
</table>
<div style=3D"border-style: solid none none=3B border-top-color: rgb(186=2C=
 188=2C 209)=3B border-top-width: 1pt=3B font-size: initial=3B text-align: =
initial=3B background-color: rgb(255=2C 255=2C 255)=3B">
</div>
<br>
<div class=3D"BodyFragment">
<div class=3D"PlainText">Send OAuth mailing list submissions to<br>
&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B oauth@ietf.org<br>
<br>
To subscribe or unsubscribe via the World Wide Web=2C visit<br>
&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B <a href=3D"https:/=
/www.ietf.org/mailman/listinfo/oauth">https://www.ietf.org/mailman/listinfo=
/oauth</a><br>
or=2C via email=2C send a message with subject or body 'help' to<br>
&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B oauth-request@ietf=
.org<br>
<br>
You can reach the person managing the list at<br>
&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B oauth-owner@ietf.o=
rg<br>
<br>
When replying=2C please edit your Subject line so it is more specific<br>
than &quot=3BRe: Contents of OAuth digest...&quot=3B<br>
<br>
<br>
Today's Topics:<br>
<br>
&nbsp=3B&nbsp=3B 1. Re: Confirmation: Call for Adoption of &quot=3BOAuth To=
ken<br>
&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B Introspection&quot=3B as an OAuth =
Working Group Item (Phil Hunt)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Tue=2C 29 Jul 2014 13:41:16 -0700<br>
From: Phil Hunt &lt=3Bphil.hunt@oracle.com&gt=3B<br>
To: Justin Richer &lt=3Bjricher@mitre.org&gt=3B<br>
Cc: &quot=3Boauth@ietf.org&quot=3B &lt=3Boauth@ietf.org&gt=3B<br>
Subject: Re: [OAUTH-WG] Confirmation: Call for Adoption of &quot=3BOAuth<br=
>
&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B Token Introspectio=
n&quot=3B as an OAuth Working Group Item<br>
Message-ID: &lt=3B620AF4CA-B7F7-487E-A833-3483D2B41B26@oracle.com&gt=3B<br>
Content-Type: text/plain=3B charset=3D&quot=3Butf-8&quot=3B<br>
<br>
Making everything optional achieves no benefits=2C you just end up with a c=
omplex set of options and no inter op.
<br>
<br>
We had the same issue with dyn reg. <br>
<br>
I prefer to first get agreement on use case. <br>
<br>
What are the questions a caller can ask and what form of responses are avai=
lable.
<br>
<br>
Should this be limited to authz info or is this a back door for user data a=
nd wbfinger data?<br>
<br>
I would prefer to have agreement on use cases before picking a solution rig=
ht now.
<br>
<br>
Phil<br>
<br>
&gt=3B On Jul 29=2C 2014=2C at 11:13=2C Justin Richer &lt=3Bjricher@mitre.o=
rg&gt=3B wrote:<br>
&gt=3B <br>
&gt=3B Agreed on this point -- which is why the only MTI bit in the individ=
ual draft is &quot=3Bactive&quot=3B=2C which is whether or not the token wa=
s any good to begin with. There are a set of claims with defined semantics =
but all are optional=2C and the list is extensible. I think
 in practice we'll see people settle on a set of common ones.<br>
&gt=3B <br>
&gt=3B&nbsp=3B -- Justin<br>
&gt=3B <br>
&gt=3B&gt=3B On 07/29/2014 02:11 PM=2C Bill Mills wrote:<br>
&gt=3B&gt=3B This is exactly the same problem space as webfinger=2C you wan=
t to know something about a user and there's a useful set of information yo=
u might reasonably query=2C but in the end the server may have it's own sch=
ema of data it returns.&nbsp=3B There won't be a single
 schema that fits all use cases=2C Any given RS/AS ecosystem may decide the=
y have custom stuff and omit other stuff.&nbsp=3B I think the more rigid th=
e MTI schema gets the harder the battle in this case.<br>
&gt=3B&gt=3B <br>
&gt=3B&gt=3B <br>
&gt=3B&gt=3B On Tuesday=2C July 29=2C 2014 2:56 AM=2C Paul Madsen &lt=3Bpau=
l.madsen@gmail.com&gt=3B wrote:<br>
&gt=3B&gt=3B <br>
&gt=3B&gt=3B <br>
&gt=3B&gt=3B Standardized Introspection will be valuable in NAPPS=2C where =
the AS and RS may be in different policy domains.<br>
&gt=3B&gt=3B <br>
&gt=3B&gt=3B Even for single policy domains=2C there are enterprise scenari=
os where the RS is from a different vendor than the AS=2C such as when an A=
PI gateway validates tokens issued by an 'IdP' . We've necessarily defined =
our own introspection endpoint and our gateway
 partners have implemented it=2C (at the instruction of the customer in que=
stion). But of course it's proprietary to us.<br>
&gt=3B&gt=3B <br>
&gt=3B&gt=3B Paul<br>
&gt=3B&gt=3B <br>
&gt=3B&gt=3B On Jul 28=2C 2014=2C at 8:59 PM=2C Phil Hunt &lt=3Bphil.hunt@o=
racle.com&gt=3B wrote:<br>
&gt=3B&gt=3B <br>
&gt=3B&gt=3B&gt=3B That doesn?t explain the need for inter-operability. Wha=
t you?ve described is what will be common practice.<br>
&gt=3B&gt=3B&gt=3B <br>
&gt=3B&gt=3B&gt=3B It?s a great open source technique=2C but that?s not a s=
tandard.<br>
&gt=3B&gt=3B&gt=3B <br>
&gt=3B&gt=3B&gt=3B JWT is much different. JWT is a foundational specificati=
on that describes the construction and parsing of JSON based tokens. There =
is inter-op with token formats that build on top and there is inter-op betw=
een every communicating party.<br>
&gt=3B&gt=3B&gt=3B <br>
&gt=3B&gt=3B&gt=3B In OAuth=2C a site may never implement token introspecti=
on nor may it do it the way you describe.&nbsp=3B Why would that be a probl=
em?&nbsp=3B Why should the group spend time on something where there may be=
 no inter-op need.<br>
&gt=3B&gt=3B&gt=3B <br>
&gt=3B&gt=3B&gt=3B Now that said=2C if you are in the UMA community.&nbsp=
=3B Inter-op is quite foundational.&nbsp=3B It is very very important. But =
then maybe the spec should be defined within UMA?<br>
&gt=3B&gt=3B&gt=3B <br>
&gt=3B&gt=3B&gt=3B Phil<br>
&gt=3B&gt=3B&gt=3B <br>
&gt=3B&gt=3B&gt=3B @independentid<br>
&gt=3B&gt=3B&gt=3B <a href=3D"http://www.independentid.com">www.independent=
id.com</a><br>
&gt=3B&gt=3B&gt=3B phil.hunt@oracle.com<br>
&gt=3B&gt=3B&gt=3B <br>
&gt=3B&gt=3B&gt=3B <br>
&gt=3B&gt=3B&gt=3B <br>
&gt=3B&gt=3B&gt=3B&gt=3B On Jul 28=2C 2014=2C at 5:39 PM=2C Justin Richer &=
lt=3Bjricher@MIT.EDU&gt=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&=
nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbs=
p=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=
=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B wrote:<br>
&gt=3B&gt=3B&gt=3B&gt=3B <br>
&gt=3B&gt=3B&gt=3B&gt=3B It's analogous to JWT in many ways: when you've go=
t the AS and the RS separated somehow (different box=2C different domain=2C=
 even different software vendor) and you need to communicate a set of infor=
mation about the approval delegation from the AS (who has
 the context to know about it) through to the RS (who needs to know about i=
t to make the authorization call). JWT gives us an interoperable way to do =
this by passing values inside the token itself=2C introspection gives a way=
 to pass the values by reference via
 the token as an artifact. The two are complementary=2C and there are even =
cases where you'd want to deploy them together.<br>
&gt=3B&gt=3B&gt=3B&gt=3B <br>
&gt=3B&gt=3B&gt=3B&gt=3B&nbsp=3B -- Justin<br>
&gt=3B&gt=3B&gt=3B&gt=3B <br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B On 7/28/2014 8:11 PM=2C Phil Hunt wrote:<br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B Could we have some discussion on the interop=
 cases?<br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B <br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B Is it driven by scenarios where AS and resou=
rce are separate domains? Or may this be only of interest to specific proto=
cols like UMA?<br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B <br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B From a technique principle=2C the draft is i=
mportant and sound. I am just not there yet on the reasons for an interoper=
able standard.
<br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B <br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B Phil<br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B <br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B On Jul 28=2C 2014=2C at 17:00=2C Thomas Broy=
er &lt=3Bt.broyer@gmail.com&gt=3B wrote:<br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B <br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B Yes. This spec is of special interest =
to the platform we're building for <a href=3D"http://www.oasis-eu.org/">
http://www.oasis-eu.org/</a><br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B <br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B <br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B On Mon=2C Jul 28=2C 2014 at 7:33 PM=2C=
 Hannes Tschofenig &lt=3Bhannes.tschofenig@gmx.net&gt=3B wrote:<br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B Hi all=2C<br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B <br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B during the IETF #90 OAuth WG meeting=
=2C there was strong consensus in<br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B adopting the &quot=3BOAuth Token Intro=
spection&quot=3B<br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B (draft-richer-oauth-introspection-06.t=
xt) specification as an OAuth WG<br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B work item.<br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B <br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B We would now like to verify the outcom=
e of this call for adoption on the<br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B OAuth WG mailing list. Here is the lin=
k to the document:<br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B <a href=3D"http://datatracker.ietf.org=
/doc/draft-richer-oauth-introspection/">
http://datatracker.ietf.org/doc/draft-richer-oauth-introspection/</a><br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B <br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B If you did not hum at the IETF 90 OAut=
h WG meeting=2C&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbs=
p=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=
=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B=
&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nb=
sp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=3B&nbsp=
=3B&nbsp=3B and have an opinion<br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B as to the suitability of adopting this=
 document as a WG work item=2C<br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B please send mail to the OAuth WG list =
indicating your opinion (Yes/No).<br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B <br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B The confirmation call for adoption wil=
l last until August 10=2C 2014.&nbsp=3B If<br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B you have issues/edits/comments on the =
document=2C please send these<br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B comments along to the list in your res=
ponse to this Call for Adoption.<br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B <br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B Ciao<br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B Hannes &amp=3B Derek<br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B <br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B <br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B ______________________________________=
_________<br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B OAuth mailing list<br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B OAuth@ietf.org<br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B <a href=3D"https://www.ietf.org/mailma=
n/listinfo/oauth">https://www.ietf.org/mailman/listinfo/oauth</a><br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B <br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B <br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B <br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B <br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B -- <br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B Thomas Broyer<br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B /t?.ma.b?wa.je/<br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B ______________________________________=
_________<br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B OAuth mailing list<br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B OAuth@ietf.org<br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B <a href=3D"https://www.ietf.org/mailma=
n/listinfo/oauth">https://www.ietf.org/mailman/listinfo/oauth</a><br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B <br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B <br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B ____________________________________________=
___<br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B OAuth mailing list<br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B OAuth@ietf.org<br>
&gt=3B&gt=3B&gt=3B&gt=3B&gt=3B <a href=3D"https://www.ietf.org/mailman/list=
info/oauth">https://www.ietf.org/mailman/listinfo/oauth</a><br>
&gt=3B&gt=3B&gt=3B&gt=3B <br>
&gt=3B&gt=3B&gt=3B&gt=3B _______________________________________________<br=
>
&gt=3B&gt=3B&gt=3B&gt=3B OAuth mailing list<br>
&gt=3B&gt=3B&gt=3B&gt=3B OAuth@ietf.org<br>
&gt=3B&gt=3B&gt=3B&gt=3B <a href=3D"https://www.ietf.org/mailman/listinfo/o=
auth">https://www.ietf.org/mailman/listinfo/oauth</a><br>
&gt=3B&gt=3B&gt=3B _______________________________________________<br>
&gt=3B&gt=3B&gt=3B OAuth mailing list<br>
&gt=3B&gt=3B&gt=3B OAuth@ietf.org<br>
&gt=3B&gt=3B&gt=3B <a href=3D"https://www.ietf.org/mailman/listinfo/oauth">=
https://www.ietf.org/mailman/listinfo/oauth</a><br>
&gt=3B&gt=3B <br>
&gt=3B&gt=3B _______________________________________________<br>
&gt=3B&gt=3B OAuth mailing list<br>
&gt=3B&gt=3B OAuth@ietf.org<br>
&gt=3B&gt=3B <a href=3D"https://www.ietf.org/mailman/listinfo/oauth">https:=
//www.ietf.org/mailman/listinfo/oauth</a><br>
&gt=3B&gt=3B <br>
&gt=3B&gt=3B <br>
&gt=3B&gt=3B <br>
&gt=3B&gt=3B <br>
&gt=3B&gt=3B _______________________________________________<br>
&gt=3B&gt=3B OAuth mailing list<br>
&gt=3B&gt=3B OAuth@ietf.org<br>
&gt=3B&gt=3B <a href=3D"https://www.ietf.org/mailman/listinfo/oauth">https:=
//www.ietf.org/mailman/listinfo/oauth</a><br>
&gt=3B <br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: &lt=3B<a href=3D"http://www.ietf.org/mail-archive/web/oauth/attachment=
s/20140729/a437e374/attachment.html">http://www.ietf.org/mail-archive/web/o=
auth/attachments/20140729/a437e374/attachment.html</a>&gt=3B<br>
<br>
------------------------------<br>
<br>
Subject: Digest Footer<br>
<br>
_______________________________________________<br>
OAuth mailing list<br>
OAuth@ietf.org<br>
<a href=3D"https://www.ietf.org/mailman/listinfo/oauth">https://www.ietf.or=
g/mailman/listinfo/oauth</a><br>
<br>
<br>
------------------------------<br>
<br>
End of OAuth Digest=2C Vol 69=2C Issue 134<br>
**************************************<br>
</div>
</div>
</body>
</html>

--_0d0469e7-2205-43e3-95b7-03ad632fcb0c_--


From nobody Sat Aug  2 23:34:01 2014
Return-Path: <panca70@outlook.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA74C1A01A5; Sat,  2 Aug 2014 23:33:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.474
X-Spam-Level: **
X-Spam-Status: No, score=2.474 tagged_above=-999 required=5 tests=[BAYES_60=1.5, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Luc212RceJkZ; Sat,  2 Aug 2014 23:33:58 -0700 (PDT)
Received: from BLU004-OMC3S3.hotmail.com (blu004-omc3s3.hotmail.com [65.55.116.78]) (using TLSv1.2 with cipher AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D8C31A019C; Sat,  2 Aug 2014 23:33:58 -0700 (PDT)
Received: from BLU406-EAS19 ([65.55.116.73]) by BLU004-OMC3S3.hotmail.com with Microsoft SMTPSVC(7.5.7601.22712); Sat, 2 Aug 2014 23:33:57 -0700
X-TMN: [j/zemEZ0ZfmgqjE0zaK6+gKzEglbxqZ9]
X-Originating-Email: [panca70@outlook.com]
Message-ID: <BLU406-EAS19B8940435C09725EB3020A6E50@phx.gbl>
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-Client-ID: 407
X-Mailer: BlackBerry Email (10.2.1.3175)
Date: Sun, 3 Aug 2014 13:33:56 +0700
From: Panca Agus Ananda <panca70@outlook.com>
To: oauth-request@ietf.org, oauth@ietf.org
X-OriginalArrivalTime: 03 Aug 2014 06:33:57.0412 (UTC) FILETIME=[E7581640:01CFAEE4]
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/JdjZw8jbev4c1tUp19HLZw_clXs
Subject: [OAUTH-WG] Check out Search for Ebay for BlackBerry
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Aug 2014 06:34:00 -0000

<html><head></head><body data-blackberry-caret-color=3D"#00a8df" style=3D""=
><div style=3D"white-space:pre-wrap; word-wrap: break-word;">Hi,<br><br>I a=
m using the Search for Ebay on my BlackBerry phone. Please feel free to che=
ck it out on BlackBerry World: http://appworld.blackberry.com/webstore/cont=
ent/26790876</div><br><div style=3D"color: rgb(38, 38, 38); font-family: Ca=
libri, 'Slate Pro', sans-serif;">Dikirim dari ponsel cerdas BlackBerry 10 s=
aya dengan jaringan Telkomsel.</div></body></html>


From nobody Sun Aug  3 02:12:15 2014
Return-Path: <panca70@outlook.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 389841A028E for <oauth@ietfa.amsl.com>; Sun,  3 Aug 2014 02:12:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.573
X-Spam-Level: ***
X-Spam-Status: No, score=3.573 tagged_above=-999 required=5 tests=[BAYES_50=0.8, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, MISSING_SUBJECT=1.799, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q628jguJ4NRT for <oauth@ietfa.amsl.com>; Sun,  3 Aug 2014 02:12:12 -0700 (PDT)
Received: from BLU004-OMC1S26.hotmail.com (blu004-omc1s26.hotmail.com [65.55.116.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F3D7A1A028A for <OAuth@ietf.org>; Sun,  3 Aug 2014 02:12:11 -0700 (PDT)
Received: from BLU406-EAS247 ([65.55.116.7]) by BLU004-OMC1S26.hotmail.com with Microsoft SMTPSVC(7.5.7601.22712);  Sun, 3 Aug 2014 02:12:11 -0700
X-TMN: [efeaKHnL5MjM013xKK7mVk8c2Wxi5xVL]
X-Originating-Email: [panca70@outlook.com]
Message-ID: <BLU406-EAS24761A8E1E8BA3968366F52A6E50@phx.gbl>
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-Client-ID: 418
X-Mailer: BlackBerry Email (10.2.1.3175)
Date: Sun, 3 Aug 2014 16:12:09 +0700
From: Panca Agus Ananda <panca70@outlook.com>
To: OAuth@ietf.org
X-OriginalArrivalTime: 03 Aug 2014 09:12:11.0336 (UTC) FILETIME=[0229EC80:01CFAEFB]
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/0Dp-DYZAzGWmmrBfE8PaPmaFY1c
Subject: [OAUTH-WG] (no subject)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Aug 2014 09:12:13 -0000

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/plain;"><styl=
e> body {  font-family: "Calibri","Slate Pro","sans-serif"; color:#262626 }=
</style> </head> <body data-blackberry-caret-color=3D"#00a8df" style=3D""><=
div><br name=3D"BB10" caretmarkerset=3D"INVALID" class=3D"markedForCaretMar=
kerRemoval"></div><div><br></div><div>Dikirim dari ponsel cerdas BlackBerry=
 10 saya dengan jaringan Telkomsel.</div></body></html>


From nobody Sun Aug  3 02:15:09 2014
Return-Path: <panca70@outlook.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E91D1A028A; Sun,  3 Aug 2014 02:15:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.75
X-Spam-Level: 
X-Spam-Status: No, score=0.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, J_CHICKENPOX_21=0.6, J_CHICKENPOX_32=0.6, J_CHICKENPOX_41=0.6, J_CHICKENPOX_51=0.6, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ys5pX7CR7-R1; Sun,  3 Aug 2014 02:15:03 -0700 (PDT)
Received: from BLU004-OMC3S34.hotmail.com (blu004-omc3s34.hotmail.com [65.55.116.109]) (using TLSv1.2 with cipher AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 741351A0282; Sun,  3 Aug 2014 02:15:02 -0700 (PDT)
Received: from BLU406-EAS204 ([65.55.116.73]) by BLU004-OMC3S34.hotmail.com with Microsoft SMTPSVC(7.5.7601.22712);  Sun, 3 Aug 2014 02:15:01 -0700
X-TMN: [93WVFW7oEoPzEv+5hOLMBDD7am+CMXaV]
X-Originating-Email: [panca70@outlook.com]
Message-ID: <BLU406-EAS2048CCC89535C4AD60E3681A6E50@phx.gbl>
Content-Type: multipart/alternative; boundary="===============0447812160=="
MIME-Version: 1.0
X-Client-ID: 421
X-Mailer: BlackBerry Email (10.2.1.3175)
Date: Sun, 3 Aug 2014 16:14:51 +0700
From: Panca Agus Ananda <panca70@outlook.com>
To: oauth-request@ietf.org, oauth@ietf.org
X-OriginalArrivalTime: 03 Aug 2014 09:15:01.0642 (UTC) FILETIME=[67AC8EA0:01CFAEFB]
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/VP4i5Y7gCKFcmB6_wB7zJg_n6HY
Subject: [OAUTH-WG] OAuth Digest, Vol 70, Issue 1
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Aug 2014 09:15:05 -0000

--===============0447812160==
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Send OAuth mailing list submissions to
=A0=A0=A0=A0=A0=A0=A0 oauth@ietf.org

To subscribe or unsubscribe via the World Wide Web, visit
=A0=A0=A0=A0=A0=A0=A0 https://www.ietf.org/mailman/listinfo/oauth
or, via email, send a message with subject or body 'help' to
=A0=A0=A0=A0=A0=A0=A0 oauth-request@ietf.org

You can reach the person managing the list at
=A0=A0=A0=A0=A0=A0=A0 oauth-owner@ietf.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of OAuth digest..."


Today's Topics:

=A0=A0 1. Bls: OAuth Digest, Vol 69, Issue 134 (Panca Agus Ananda)
=A0=A0 2. Check out Search for Ebay for BlackBerry (Panca Agus Ananda)
=A0=A0 3. (no subject) (Panca Agus Ananda)


----------------------------------------------------------------------

Message: 1
Date: Sun, 3 Aug 2014 09:39:20 +0700
From: Panca Agus Ananda <panca70@outlook.com>
To: <oauth@ietf.org>
Subject: [OAUTH-WG] Bls: OAuth Digest, Vol 69, Issue 134
Message-ID: <BLU406-EAS25E4F6A9D6D0787FC3DA63A6E50@phx.gbl>
Content-Type: text/plain; charset=3D"utf-8"



Dikirim dari ponsel cerdas BlackBerry 10 saya dengan jaringan Telkomsel.
Dari: oauth-request@ietf.org
Terkirim: Rabu, 30 Juli 2014 03.42
Ke: oauth@ietf.org
Balas Ke: oauth@ietf.org
Perihal: OAuth Digest, Vol 69, Issue 134


Send OAuth mailing list submissions to
=A0=A0=A0=A0=A0=A0=A0 oauth@ietf.org

To subscribe or unsubscribe via the World Wide Web, visit
=A0=A0=A0=A0=A0=A0=A0 https://www.ietf.org/mailman/listinfo/oauth
or, via email, send a message with subject or body 'help' to
=A0=A0=A0=A0=A0=A0=A0 oauth-request@ietf.org

You can reach the person managing the list at
=A0=A0=A0=A0=A0=A0=A0 oauth-owner@ietf.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of OAuth digest..."


Today's Topics:

=A0=A0 1. Re: Confirmation: Call for Adoption of "OAuth Token
=A0=A0=A0=A0=A0 Introspection" as an OAuth Working Group Item (Phil Hunt)


----------------------------------------------------------------------

Message: 1
Date: Tue, 29 Jul 2014 13:41:16 -0700
From: Phil Hunt <phil.hunt@oracle.com>
To: Justin Richer <jricher@mitre.org>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Confirmation: Call for Adoption of "OAuth
=A0=A0=A0=A0=A0=A0=A0 Token Introspection" as an OAuth Working Group Item
Message-ID: <620AF4CA-B7F7-487E-A833-3483D2B41B26@oracle.com>
Content-Type: text/plain; charset=3D"utf-8"

Making everything optional achieves no benefits, you just end up with a com=
plex set of options and no inter op.

We had the same issue with dyn reg.

I prefer to first get agreement on use case.

What are the questions a caller can ask and what form of responses are avai=
lable.

Should this be limited to authz info or is this a back door for user data a=
nd wbfinger data?

I would prefer to have agreement on use cases before picking a solution rig=
ht now.

Phil

> On Jul 29, 2014, at 11:13, Justin Richer <jricher@mitre.org> wrote:
>
> Agreed on this point -- which is why the only MTI bit in the individual d=
raft is "active", which is whether or not the token was any good to begin w=
ith. There are a set of claims with defined semantics but all are optional,=
 and the list is extensible. I think in practice we'll see people settle on=
 a set of common ones.
>
>=A0 -- Justin
>
>> On 07/29/2014 02:11 PM, Bill Mills wrote:
>> This is exactly the same problem space as webfinger, you want to know so=
mething about a user and there's a useful set of information you might reas=
onably query, but in the end the server may have it's own schema of data it=
 returns.=A0 There won't be a single schema that fits all use cases, Any gi=
ven RS/AS ecosystem may decide they have custom stuff and omit other stuff.=
=A0 I think the more rigid the MTI schema gets the harder the battle in thi=
s case.
>>
>>
>> On Tuesday, July 29, 2014 2:56 AM, Paul Madsen <paul.madsen@gmail.com> w=
rote:
>>
>>
>> Standardized Introspection will be valuable in NAPPS, where the AS and R=
S may be in different policy domains.
>>
>> Even for single policy domains, there are enterprise scenarios where the=
 RS is from a different vendor than the AS, such as when an API gateway val=
idates tokens issued by an 'IdP' . We've necessarily defined our own intros=
pection endpoint and our gateway partners have implemented it, (at the inst=
ruction of the customer in question). But of course it's proprietary to us.
>>
>> Paul
>>
>> On Jul 28, 2014, at 8:59 PM, Phil Hunt <phil.hunt@oracle.com> wrote:
>>
>>> That doesn?t explain the need for inter-operability. What you?ve descri=
bed is what will be common practice.
>>>
>>> It?s a great open source technique, but that?s not a standard.
>>>
>>> JWT is much different. JWT is a foundational specification that describ=
es the construction and parsing of JSON based tokens. There is inter-op wit=
h token formats that build on top and there is inter-op between every commu=
nicating party.
>>>
>>> In OAuth, a site may never implement token introspection nor may it do =
it the way you describe.=A0 Why would that be a problem?=A0 Why should the =
group spend time on something where there may be no inter-op need.
>>>
>>> Now that said, if you are in the UMA community.=A0 Inter-op is quite fo=
undational.=A0 It is very very important. But then maybe the spec should be=
 defined within UMA?
>>>
>>> Phil
>>>
>>> @independentid
>>> www.independentid.com
>>> phil.hunt@oracle.com
>>>
>>>
>>>
>>>> On Jul 28, 2014, at 5:39 PM, Justin Richer <jricher@MIT.EDU>=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0 wrote:
>>>>
>>>> It's analogous to JWT in many ways: when you've got the AS and the RS =
separated somehow (different box, different domain, even different software=
 vendor) and you need to communicate a set of information about the approva=
l delegation from the AS (who has the context to know about it) through to =
the RS (who needs to know about it to make the authorization call). JWT giv=
es us an interoperable way to do this by passing values inside the token it=
self, introspection gives a way to pass the values by reference via the tok=
en as an artifact. The two are complementary, and there are even cases wher=
e you'd want to deploy them together.
>>>>
>>>>=A0 -- Justin
>>>>
>>>>> On 7/28/2014 8:11 PM, Phil Hunt wrote:
>>>>> Could we have some discussion on the interop cases?
>>>>>
>>>>> Is it driven by scenarios where AS and resource are separate domains?=
 Or may this be only of interest to specific protocols like UMA?
>>>>>
>>>>> From a technique principle, the draft is important and sound. I am ju=
st not there yet on the reasons for an interoperable standard.
>>>>>
>>>>> Phil
>>>>>
>>>>> On Jul 28, 2014, at 17:00, Thomas Broyer <t.broyer@gmail.com> wrote:
>>>>>
>>>>>> Yes. This spec is of special interest to the platform we're building=
 for http://www.oasis-eu.org/
>>>>>>
>>>>>>
>>>>>> On Mon, Jul 28, 2014 at 7:33 PM, Hannes Tschofenig <hannes.tschofeni=
g@gmx.net> wrote:
>>>>>> Hi all,
>>>>>>
>>>>>> during the IETF #90 OAuth WG meeting, there was strong consensus in
>>>>>> adopting the "OAuth Token Introspection"
>>>>>> (draft-richer-oauth-introspection-06.txt) specification as an OAuth =
WG
>>>>>> work item.
>>>>>>
>>>>>> We would now like to verify the outcome of this call for adoption on=
 the
>>>>>> OAuth WG mailing list. Here is the link to the document:
>>>>>> http://datatracker.ietf.org/doc/draft-richer-oauth-introspection/
>>>>>>
>>>>>> If you did not hum at the IETF 90 OAuth WG meeting,=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 and have an opinion
>>>>>> as to the suitability of adopting this document as a WG work item,
>>>>>> please send mail to the OAuth WG list indicating your opinion (Yes/N=
o).
>>>>>>
>>>>>> The confirmation call for adoption will last until August 10, 2014.=
=A0 If
>>>>>> you have issues/edits/comments on the document, please send these
>>>>>> comments along to the list in your response to this Call for Adoptio=
n.
>>>>>>
>>>>>> Ciao
>>>>>> Hannes & Derek
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> OAuth mailing list
>>>>>> OAuth@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/oauth
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Thomas Broyer
>>>>>> /t?.ma.b?wa.je/
>>>>>> _______________________________________________
>>>>>> OAuth mailing list
>>>>>> OAuth@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/oauth
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> OAuth mailing list
>>>>> OAuth@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/oauth
>>>>
>>>> _______________________________________________
>>>> OAuth mailing list
>>>> OAuth@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/oauth
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>>
>>
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.ietf.org/mail-archive/web/oauth/attachments/20140729/a437e=
374/attachment.html>

------------------------------

Subject: Digest Footer

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


------------------------------

End of OAuth Digest, Vol 69, Issue 134
**************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.ietf.org/mail-archive/web/oauth/attachments/20140803/c6ce5=
78f/attachment.html>

------------------------------

Message: 2
Date: Sun, 3 Aug 2014 13:33:56 +0700
From: Panca Agus Ananda <panca70@outlook.com>
To: oauth-request@ietf.org, oauth@ietf.org
Subject: [OAUTH-WG] Check out Search for Ebay for BlackBerry
Message-ID: <BLU406-EAS19B8940435C09725EB3020A6E50@phx.gbl>
Content-Type: text/plain; charset=3D"us-ascii"

An HTML attachment was scrubbed...
URL: <http://www.ietf.org/mail-archive/web/oauth/attachments/20140803/b9829=
b72/attachment.html>

------------------------------

Message: 3
Date: Sun, 3 Aug 2014 16:12:09 +0700
From: Panca Agus Ananda <panca70@outlook.com>
To: OAuth@ietf.org
Subject: [OAUTH-WG] (no subject)
Message-ID: <BLU406-EAS24761A8E1E8BA3968366F52A6E50@phx.gbl>
Content-Type: text/plain; charset=3D"us-ascii"

An HTML attachment was scrubbed...
URL: <http://www.ietf.org/mail-archive/web/oauth/attachments/20140803/d01ce=
031/attachment.html>

------------------------------

Subject: Digest Footer

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


------------------------------

End of OAuth Digest, Vol 70, Issue 1
************************************
--===============0447812160==
Content-Type: text/calendar; charset="utf-8"; name="meeting.ics";
	method=REQUEST
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

BEGIN:VCALENDAR
PRODID:-//Research In Motion//RIM App//EN
VERSION:2.0
CALSCALE:GREGORIAN
METHOD:REQUEST
BEGIN:VTIMEZONE
TZID:Asia/Jakarta
BEGIN:STANDARD
DTSTART:20000101T000000
TZNAME:WIB
TZOFFSETFROM:+0700
TZOFFSETTO:+0700
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
ATTENDEE;ROLE=3DREQ-PARTICIPANT;PARTSTAT=3DNEEDS-ACTION;RSVP=3DTRUE:mailto:=
oauth-requ
 est@ietf.org
ATTENDEE;ROLE=3DREQ-PARTICIPANT;PARTSTAT=3DNEEDS-ACTION;RSVP=3DTRUE:mailto:=
oauth@ietf
 .org
CREATED:20140803T091444Z
DESCRIPTION:Send OAuth mailing list submissions to\n=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0 oauth@ietf.org\n\nT
 o subscribe or unsubscribe via the World Wide Web\, visit\n=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0 https://www.
 ietf.org/mailman/listinfo/oauth\nor\, via email\, send a message with subj=
ect o
 r body 'help' to\n=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 oauth-request=
@ietf.org\n\nYou can reach the person ma
 naging the list at\n=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 oauth-owner=
@ietf.org\n\nWhen replying\, please edit
  your Subject line so it is more specific\nthan "Re: Contents of OAuth dig=
est..
 ."\n\n\nToday's Topics:\n\n=C2=A0=C2=A0 1. Bls: OAuth Digest\, Vol 69\, Is=
sue 134 (Panca=20
 Agus Ananda)\n=C2=A0=C2=A0 2. Check out Search for Ebay for BlackBerry (Pa=
nca Agus Ananda
 )\n=C2=A0=C2=A0 3. (no subject) (Panca Agus Ananda)\n\n\n-----------------=
---------------
 --------------------------------------\n\nMessage: 1\nDate: Sun\, 3 Aug 20=
14 09
 :39:20 +0700\nFrom: Panca Agus Ananda <panca70@outlook.com>\nTo: <oauth@ie=
tf.or
 g>\nSubject: [OAUTH-WG] Bls: OAuth Digest\, Vol 69\, Issue 134\nMessage-ID=
: <BL
 U406-EAS25E4F6A9D6D0787FC3DA63A6E50@phx.gbl>\nContent-Type: text/plain\; c=
harse
 t=3D"utf-8"\n\n\n\nDikirim dari ponsel cerdas BlackBerry 10 saya dengan ja=
ringan=20
 Telkomsel.\nDari: oauth-request@ietf.org\nTerkirim: Rabu\, 30 Juli 2014 03=
.42\n
 Ke: oauth@ietf.org\nBalas Ke: oauth@ietf.org\nPerihal: OAuth Digest\, Vol =
69\,=20
 Issue 134\n\n\nSend OAuth mailing list submissions to\n=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0 oauth@ietf.org\n
 \nTo subscribe or unsubscribe via the World Wide Web\, visit\n=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 https://w
 ww.ietf.org/mailman/listinfo/oauth\nor\, via email\, send a message with s=
ubjec
 t or body 'help' to\n=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 oauth-requ=
est@ietf.org\n\nYou can reach the person
  managing the list at\n=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 oauth-ow=
ner@ietf.org\n\nWhen replying\, please e
 dit your Subject line so it is more specific\nthan "Re: Contents of OAuth =
diges
 t..."\n\n\nToday's Topics:\n\n=C2=A0=C2=A0 1. Re: Confirmation: Call for A=
doption of "OAu
 th Token\n=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Introspection" as an OAuth Workin=
g Group Item (Phil Hunt)\n\n\n
 ----------------------------------------------------------------------\n\n=
Messa
 ge: 1\nDate: Tue\, 29 Jul 2014 13:41:16 -0700\nFrom: Phil Hunt <phil.hunt@=
oracl
 e.com>\nTo: Justin Richer <jricher@mitre.org>\nCc: "oauth@ietf.org" <oauth=
@ietf
 .org>\nSubject: Re: [OAUTH-WG] Confirmation: Call for Adoption of "OAuth\
 n=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Token Introspection" as an OAu=
th Working Group Item\nMessage-ID: <620A
 F4CA-B7F7-487E-A833-3483D2B41B26@oracle.com>\nContent-Type: text/plain\; c=
harse
 t=3D"utf-8"\n\nMaking everything optional achieves no benefits\, you just =
end up=20
 with a complex set of options and no inter op.\n\nWe had the same issue wi=
th dy
 n reg.\n\nI prefer to first get agreement on use case.\n\nWhat are the que=
stion
 s a caller can ask and what form of responses are available.\n\nShould thi=
s be=20
 limited to authz info or is this a back door for user data and wbfinger da=
ta?\n
 \nI would prefer to have agreement on use cases before picking a solution =
right
  now.\n\nPhil\n\n> On Jul 29\, 2014\, at 11:13\, Justin Richer <jricher@mi=
tre.o
 rg> wrote:\n>\n> Agreed on this point -- which is why the only MTI bit in =
the i
 ndividual draft is "active"\, which is whether or not the token was any go=
od to
  begin with. There are a set of claims with defined semantics but all are =
optio
 nal\, and the list is extensible. I think in practice we'll see people set=
tle o
 n a set of common ones.\n>\n>=C2=A0 -- Justin\n>\n>> On 07/29/2014 02:11 P=
M\, Bill M
 ills wrote:\n>> This is exactly the same problem space as webfinger\, you =
want=20
 to know something about a user and there's a useful set of information you=
 migh
 t reasonably query\, but in the end the server may have it's own schema of=
 data
  it returns.=C2=A0 There won't be a single schema that fits all use cases\=
, Any give
 n RS/AS ecosystem may decide they have custom stuff and omit other stuff.=
=C2=A0 I th
 ink the more rigid the MTI schema gets the harder the battle in this case.=
\n>>\
 n>>\n>> On Tuesday\, July 29\, 2014 2:56 AM\, Paul Madsen <paul.madsen@gma=
il.co
 m> wrote:\n>>\n>>\n>> Standardized Introspection will be valuable in NAPPS=
\, wh
 ere the AS and RS may be in different policy domains.\n>>\n>> Even for sin=
gle p
 olicy domains\, there are enterprise scenarios where the RS is from a diff=
erent
  vendor than the AS\, such as when an API gateway validates tokens issued =
by an
  'IdP' . We've necessarily defined our own introspection endpoint and our =
gatew
 ay partners have implemented it\, (at the instruction of the customer in q=
uesti
 on). But of course it's proprietary to us.\n>>\n>> Paul\n>>\n>> On Jul 28\=
, 201
 4\, at 8:59 PM\, Phil Hunt <phil.hunt@oracle.com> wrote:\n>>\n>>> That doe=
sn?t=20
 explain the need for inter-operability. What you?ve described is what will=
 be c
 ommon practice.\n>>>\n>>> It?s a great open source technique\, but that?s =
not a
  standard.\n>>>\n>>> JWT is much different. JWT is a foundational specific=
ation
  that describes the construction and parsing of JSON based tokens. There i=
s int
 er-op with token formats that build on top and there is inter-op between e=
very=20
 communicating party.\n>>>\n>>> In OAuth\, a site may never implement token=
 intr
 ospection nor may it do it the way you describe.=C2=A0 Why would that be a=
 problem?=C2=A0
  Why should the group spend time on something where there may be no inter-=
op ne
 ed.\n>>>\n>>> Now that said\, if you are in the UMA community.=C2=A0 Inter=
-op is qui
 te foundational.=C2=A0 It is very very important. But then maybe the spec =
should be=20
 defined within UMA?\n>>>\n>>> Phil\n>>>\n>>> @independentid\n>>> www.indep=
enden
 tid.com\n>>> phil.hunt@oracle.com\n>>>\n>>>\n>>>\n>>>> On Jul 28\, 2014\, =
at 5:
 39 PM\, Justin Richer <jricher@MIT.EDU>=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0 wrote:\
 n>>>>\n>>>> It's analogous to JWT in many ways: when you've got the AS and=
 the=20
 RS separated somehow (different box\, different domain\, even different so=
ftwar
 e vendor) and you need to communicate a set of information about the appro=
val d
 elegation from the AS (who has the context to know about it) through to th=
e RS=20
 (who needs to know about it to make the authorization call). JWT gives us =
an in
 teroperable way to do this by passing values inside the token itself\, int=
rospe
 ction gives a way to pass the values by reference via the token as an arti=
fact.
  The two are complementary\, and there are even cases where you'd want to =
deplo
 y them together.\n>>>>\n>>>>=C2=A0 -- Justin\n>>>>\n>>>>> On 7/28/2014 8:1=
1 PM\, Phi
 l Hunt wrote:\n>>>>> Could we have some discussion on the interop cases?\n=
>>>>>
 \n>>>>> Is it driven by scenarios where AS and resource are separate domai=
ns? O
 r may this be only of interest to specific protocols like UMA?\n>>>>>\n>>>=
>> Fr
 om a technique principle\, the draft is important and sound. I am just not=
 ther
 e yet on the reasons for an interoperable standard.\n>>>>>\n>>>>> Phil\n>>=
>>>\n
 >>>>> On Jul 28\, 2014\, at 17:00\, Thomas Broyer <t.broyer@gmail.com> wro=
te:\n
 >>>>>\n>>>>>> Yes. This spec is of special interest to the platform we're =
build
 ing for http://www.oasis-eu.org/\n>>>>>>\n>>>>>>\n>>>>>> On Mon\, Jul 28\,=
 2014
  at 7:33 PM\, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote:\n>>>>>>=
 Hi a
 ll\,\n>>>>>>\n>>>>>> during the IETF #90 OAuth WG meeting\, there was stro=
ng co
 nsensus in\n>>>>>> adopting the "OAuth Token Introspection"\n>>>>>> (draft=
-rich
 er-oauth-introspection-06.txt) specification as an OAuth WG\n>>>>>> work i=
tem.\
 n>>>>>>\n>>>>>> We would now like to verify the outcome of this call for a=
dopti
 on on the\n>>>>>> OAuth WG mailing list. Here is the link to the document:=
\n>>>
 >>> http://datatracker.ietf.org/doc/draft-richer-oauth-introspection/\n>>>=
>>>\n
 >>>>>> If you did not hum at the IETF 90 OAuth WG meeting\
 ,=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 and have an opinion\=
n>>>>>> as=20
 to the suitability of adopting this document as a WG work item\,\n>>>>>> p=
lease
  send mail to the OAuth WG list indicating your opinion (Yes/No).\n>>>>>>\=
n>>>>
 >> The confirmation call for adoption will last until August 10\, 2014.=C2=
=A0 If\n>>
 >>>> you have issues/edits/comments on the document\, please send these\n>=
>>>>>
  comments along to the list in your response to this Call for Adoption.\n>=
>>>>>
 \n>>>>>> Ciao\n>>>>>> Hannes & Derek\n>>>>>>\n>>>>>>\n>>>>>> _____________=
_____
 _____________________________\n>>>>>> OAuth mailing list\n>>>>>> OAuth@iet=
f.org
 \n>>>>>> https://www.ietf.org/mailman/listinfo/oauth\n>>>>>>\n>>>>>>\n>>>>=
>>\n>
 >>>>>\n>>>>>> --\n>>>>>> Thomas Broyer\n>>>>>> /t?.ma.b?wa.je/\n>>>>>> ___=
_____
 _______________________________________\n>>>>>> OAuth mailing list\n>>>>>>=
 OAut
 h@ietf.org\n>>>>>> https://www.ietf.org/mailman/listinfo/oauth\n>>>>>\n>>>=
>>\n>
 >>>> _______________________________________________\n>>>>> OAuth mailing =
list\
 n>>>>> OAuth@ietf.org\n>>>>> https://www.ietf.org/mailman/listinfo/oauth\n=
>>>>\
 n>>>> _______________________________________________\n>>>> OAuth mailing =
list\
 n>>>> OAuth@ietf.org\n>>>> https://www.ietf.org/mailman/listinfo/oauth\n>>=
> ___
 ____________________________________________\n>>> OAuth mailing list\n>>> =
OAuth
 @ietf.org\n>>> https://www.ietf.org/mailman/listinfo/oauth\n>>\n>> _______=
_____
 ___________________________________\n>> OAuth mailing list\n>> OAuth@ietf.=
org\n
 >> https://www.ietf.org/mailman/listinfo/oauth\n>>\n>>\n>>\n>>\n>> _______=
_____
 ___________________________________\n>> OAuth mailing list\n>> OAuth@ietf.=
org\n
 >> https://www.ietf.org/mailman/listinfo/oauth\n>\n-------------- next par=
t ---
 -----------\nAn HTML attachment was scrubbed...\nURL: <http://www.ietf.org=
/mail
 -archive/web/oauth/attachments/20140729/a437e374/attachment.html>\n\n-----=
-----
 --------------------\n\nSubject: Digest Footer\n\n________________________=
_____
 __________________\nOAuth mailing list\nOAuth@ietf.org\nhttps://www.ietf.o=
rg/ma
 ilman/listinfo/oauth\n\n\n------------------------------\n\nEnd of OAuth D=
igest
 \, Vol 69\, Issue 134\n**************************************\n-----------=
--- n
 ext part --------------\nAn HTML attachment was scrubbed...\nURL: <http://=
www.i
 etf.org/mail-archive/web/oauth/attachments/20140803/c6ce578f/attachment.ht=
ml>\n
 \n------------------------------\n\nMessage: 2\nDate: Sun\, 3 Aug 2014 13:=
33:56
  +0700\nFrom: Panca Agus Ananda <panca70@outlook.com>\nTo: oauth-request@i=
etf.o
 rg\, oauth@ietf.org\nSubject: [OAUTH-WG] Check out Search for Ebay for Bla=
ckBer
 ry\nMessage-ID: <BLU406-EAS19B8940435C09725EB3020A6E50@phx.gbl>\nContent-T=
ype:=20
 text/plain\; charset=3D"us-ascii"\n\nAn HTML attachment was scrubbed...\nU=
RL: <ht
 tp://www.ietf.org/mail-archive/web/oauth/attachments/20140803/b9829b72/att=
achme
 nt.html>\n\n------------------------------\n\nMessage: 3\nDate: Sun\, 3 Au=
g 201
 4 16:12:09 +0700\nFrom: Panca Agus Ananda <panca70@outlook.com>\nTo: OAuth=
@ietf
 .org\nSubject: [OAUTH-WG] (no subject)\nMessage-ID: <BLU406-EAS24761A8E1E8=
BA396
 8366F52A6E50@phx.gbl>\nContent-Type: text/plain\; charset=3D"us-ascii"\n\n=
An HTML
  attachment was scrubbed...\nURL: <http://www.ietf.org/mail-archive/web/oa=
uth/a
 ttachments/20140803/d01ce031/attachment.html>\n\n-------------------------=
-----
 \n\nSubject: Digest Footer\n\n____________________________________________=
___\n
 OAuth mailing list\nOAuth@ietf.org\nhttps://www.ietf.org/mailman/listinfo/=
oauth
 \n\n\n------------------------------\n\nEnd of OAuth Digest\, Vol 70\, Iss=
ue 1\
 n************************************
DTEND;TZID=3DAsia/Jakarta:20140804T100000
DTSTAMP:20140803T091444Z
DTSTART;TZID=3DAsia/Jakarta:20140804T090000
ORGANIZER:mailto:panca70@outlook.com
SEQUENCE:0
STATUS:CONFIRMED
SUMMARY:OAuth Digest\, Vol 70\, Issue 1
TRANSP:OPAQUE
UID:9b57ff64-1aee-11e4-ac33-bde6800c178d
BEGIN:VALARM
ACTION:DISPLAY
DESCRIPTION:OAuth Digest, Vol 70, Issue 1 in 15 minutes.
TRIGGER;RELATED=3DSTART:-PT15M
END:VALARM
END:VEVENT
END:VCALENDAR

--===============0447812160==--


From nobody Sun Aug  3 02:52:52 2014
Return-Path: <sooolooo.mm@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C5661A02A2 for <oauth@ietfa.amsl.com>; Sun,  3 Aug 2014 02:52:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.123
X-Spam-Level: *
X-Spam-Status: No, score=1.123 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, J_CHICKENPOX_21=0.6, J_CHICKENPOX_32=0.6, J_CHICKENPOX_41=0.6, J_CHICKENPOX_51=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kaW-6jnRDVJt for <oauth@ietfa.amsl.com>; Sun,  3 Aug 2014 02:52:46 -0700 (PDT)
Received: from mail-qa0-x22f.google.com (mail-qa0-x22f.google.com [IPv6:2607:f8b0:400d:c00::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0F1D1A02A0 for <oauth@ietf.org>; Sun,  3 Aug 2014 02:52:45 -0700 (PDT)
Received: by mail-qa0-f47.google.com with SMTP id i13so5739496qae.34 for <oauth@ietf.org>; Sun, 03 Aug 2014 02:52:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=LFIhwbbfrtBGAvfbaaJXWKPb0UPoaHu9zd7yk7ATXQc=; b=Z3CO/7XqTx0DeXbQk27sDesQRCmcRAhOhg1Fxwt/i7O2hblbrXKwXsGIqtcyBJ7yZ/ lsuaECMdgOizJxhjHAOCDrUoC9KtcWSSjlWVfhVs5bCO37NHf2pSxOeE2TouwpBbHMd2 2MM9c3QEH7m0f4iXZaACrdlYpeejriv2daJfX3FZJTce6TF7a01Cri16BRYpdOyMc49p FDOwMq1XAOeHWJHmCpuXK2BiAJgdYsYw+q+FCrYTCe5YUOLwlnmWQKVMzSl60w0STfC6 ws3FAksZ15DWCiry9Ucsau91yh1xMKeh8984uF2jgGY5t22kb91I7tfoiA5g4hMVn2Vk YwCg==
MIME-Version: 1.0
X-Received: by 10.224.112.1 with SMTP id u1mr25448414qap.7.1407059564801; Sun, 03 Aug 2014 02:52:44 -0700 (PDT)
Sender: sooolooo.mm@gmail.com
Received: by 10.140.48.230 with HTTP; Sun, 3 Aug 2014 02:52:44 -0700 (PDT)
Received: by 10.140.48.230 with HTTP; Sun, 3 Aug 2014 02:52:44 -0700 (PDT)
In-Reply-To: <mailman.4720.1407057134.13632.oauth@ietf.org>
References: <mailman.4720.1407057134.13632.oauth@ietf.org>
Date: Sun, 3 Aug 2014 11:52:44 +0200
X-Google-Sender-Auth: 0D-B-rZLCt_81FjEBHhWGwPeLn8
Message-ID: <CAPDT0_+8v8n+JyVzYZ5jFQKBHtghhdXHLKv2gzikUo1kEf-PpQ@mail.gmail.com>
From: Maik Mahn <EasyOnline@gmx.de>
To: oauth@ietf.org
Content-Type: multipart/alternative; boundary=047d7b673a4e89b4de04ffb6956f
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/0m9QU_99uNiJZNuGRfgYVEBouMo
Subject: Re: [OAUTH-WG] OAuth Digest, Vol 70, Issue 1
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Aug 2014 09:52:50 -0000

--047d7b673a4e89b4de04ffb6956f
Content-Type: text/plain; charset=ISO-8859-1

sooolooo.mm@gmail.com
Am 03.08.2014 11:12 schrieb <oauth-request@ietf.org>:

> Send OAuth mailing list submissions to
>         oauth@ietf.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://www.ietf.org/mailman/listinfo/oauth
> or, via email, send a message with subject or body 'help' to
>         oauth-request@ietf.org
>
> You can reach the person managing the list at
>         oauth-owner@ietf.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of OAuth digest..."
>
>
> Today's Topics:
>
>    1. Bls: OAuth Digest, Vol 69, Issue 134 (Panca Agus Ananda)
>    2. Check out Search for Ebay for BlackBerry (Panca Agus Ananda)
>    3. (no subject) (Panca Agus Ananda)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sun, 3 Aug 2014 09:39:20 +0700
> From: Panca Agus Ananda <panca70@outlook.com>
> To: <oauth@ietf.org>
> Subject: [OAUTH-WG] Bls: OAuth Digest, Vol 69, Issue 134
> Message-ID: <BLU406-EAS25E4F6A9D6D0787FC3DA63A6E50@phx.gbl>
> Content-Type: text/plain; charset="utf-8"
>
>
>
> Dikirim dari ponsel cerdas BlackBerry 10 saya dengan jaringan Telkomsel.
> Dari: oauth-request@ietf.org
> Terkirim: Rabu, 30 Juli 2014 03.42
> Ke: oauth@ietf.org
> Balas Ke: oauth@ietf.org
> Perihal: OAuth Digest, Vol 69, Issue 134
>
>
> Send OAuth mailing list submissions to
>         oauth@ietf.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://www.ietf.org/mailman/listinfo/oauth
> or, via email, send a message with subject or body 'help' to
>         oauth-request@ietf.org
>
> You can reach the person managing the list at
>         oauth-owner@ietf.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of OAuth digest..."
>
>
> Today's Topics:
>
>    1. Re: Confirmation: Call for Adoption of "OAuth Token
>       Introspection" as an OAuth Working Group Item (Phil Hunt)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 29 Jul 2014 13:41:16 -0700
> From: Phil Hunt <phil.hunt@oracle.com>
> To: Justin Richer <jricher@mitre.org>
> Cc: "oauth@ietf.org" <oauth@ietf.org>
> Subject: Re: [OAUTH-WG] Confirmation: Call for Adoption of "OAuth
>         Token Introspection" as an OAuth Working Group Item
> Message-ID: <620AF4CA-B7F7-487E-A833-3483D2B41B26@oracle.com>
> Content-Type: text/plain; charset="utf-8"
>
> Making everything optional achieves no benefits, you just end up with a
> complex set of options and no inter op.
>
> We had the same issue with dyn reg.
>
> I prefer to first get agreement on use case.
>
> What are the questions a caller can ask and what form of responses are
> available.
>
> Should this be limited to authz info or is this a back door for user data
> and wbfinger data?
>
> I would prefer to have agreement on use cases before picking a solution
> right now.
>
> Phil
>
> > On Jul 29, 2014, at 11:13, Justin Richer <jricher@mitre.org> wrote:
> >
> > Agreed on this point -- which is why the only MTI bit in the individual
> draft is "active", which is whether or not the token was any good to begin
> with. There are a set of claims with defined semantics but all are
> optional, and the list is extensible. I think in practice we'll see people
> settle on a set of common ones.
> >
> >  -- Justin
> >
> >> On 07/29/2014 02:11 PM, Bill Mills wrote:
> >> This is exactly the same problem space as webfinger, you want to know
> something about a user and there's a useful set of information you might
> reasonably query, but in the end the server may have it's own schema of
> data it returns.  There won't be a single schema that fits all use cases,
> Any given RS/AS ecosystem may decide they have custom stuff and omit other
> stuff.  I think the more rigid the MTI schema gets the harder the battle in
> this case.
> >>
> >>
> >> On Tuesday, July 29, 2014 2:56 AM, Paul Madsen <paul.madsen@gmail.com>
> wrote:
> >>
> >>
> >> Standardized Introspection will be valuable in NAPPS, where the AS and
> RS may be in different policy domains.
> >>
> >> Even for single policy domains, there are enterprise scenarios where
> the RS is from a different vendor than the AS, such as when an API gateway
> validates tokens issued by an 'IdP' . We've necessarily defined our own
> introspection endpoint and our gateway partners have implemented it, (at
> the instruction of the customer in question). But of course it's
> proprietary to us.
> >>
> >> Paul
> >>
> >> On Jul 28, 2014, at 8:59 PM, Phil Hunt <phil.hunt@oracle.com> wrote:
> >>
> >>> That doesn?t explain the need for inter-operability. What you?ve
> described is what will be common practice.
> >>>
> >>> It?s a great open source technique, but that?s not a standard.
> >>>
> >>> JWT is much different. JWT is a foundational specification that
> describes the construction and parsing of JSON based tokens. There is
> inter-op with token formats that build on top and there is inter-op between
> every communicating party.
> >>>
> >>> In OAuth, a site may never implement token introspection nor may it do
> it the way you describe.  Why would that be a problem?  Why should the
> group spend time on something where there may be no inter-op need.
> >>>
> >>> Now that said, if you are in the UMA community.  Inter-op is quite
> foundational.  It is very very important. But then maybe the spec should be
> defined within UMA?
> >>>
> >>> Phil
> >>>
> >>> @independentid
> >>> www.independentid.com
> >>> phil.hunt@oracle.com
> >>>
> >>>
> >>>
> >>>> On Jul 28, 2014, at 5:39 PM, Justin Richer <jricher@MIT.EDU>
>                         wrote:
> >>>>
> >>>> It's analogous to JWT in many ways: when you've got the AS and the RS
> separated somehow (different box, different domain, even different software
> vendor) and you need to communicate a set of information about the approval
> delegation from the AS (who has the context to know about it) through to
> the RS (who needs to know about it to make the authorization call). JWT
> gives us an interoperable way to do this by passing values inside the token
> itself, introspection gives a way to pass the values by reference via the
> token as an artifact. The two are complementary, and there are even cases
> where you'd want to deploy them together.
> >>>>
> >>>>  -- Justin
> >>>>
> >>>>> On 7/28/2014 8:11 PM, Phil Hunt wrote:
> >>>>> Could we have some discussion on the interop cases?
> >>>>>
> >>>>> Is it driven by scenarios where AS and resource are separate
> domains? Or may this be only of interest to specific protocols like UMA?
> >>>>>
> >>>>> From a technique principle, the draft is important and sound. I am
> just not there yet on the reasons for an interoperable standard.
> >>>>>
> >>>>> Phil
> >>>>>
> >>>>> On Jul 28, 2014, at 17:00, Thomas Broyer <t.broyer@gmail.com> wrote:
> >>>>>
> >>>>>> Yes. This spec is of special interest to the platform we're
> building for http://www.oasis-eu.org/
> >>>>>>
> >>>>>>
> >>>>>> On Mon, Jul 28, 2014 at 7:33 PM, Hannes Tschofenig <
> hannes.tschofenig@gmx.net> wrote:
> >>>>>> Hi all,
> >>>>>>
> >>>>>> during the IETF #90 OAuth WG meeting, there was strong consensus in
> >>>>>> adopting the "OAuth Token Introspection"
> >>>>>> (draft-richer-oauth-introspection-06.txt) specification as an OAuth
> WG
> >>>>>> work item.
> >>>>>>
> >>>>>> We would now like to verify the outcome of this call for adoption
> on the
> >>>>>> OAuth WG mailing list. Here is the link to the document:
> >>>>>> http://datatracker.ietf.org/doc/draft-richer-oauth-introspection/
> >>>>>>
> >>>>>> If you did not hum at the IETF 90 OAuth WG meeting,
>                               and have an opinion
> >>>>>> as to the suitability of adopting this document as a WG work item,
> >>>>>> please send mail to the OAuth WG list indicating your opinion
> (Yes/No).
> >>>>>>
> >>>>>> The confirmation call for adoption will last until August 10, 2014.
>  If
> >>>>>> you have issues/edits/comments on the document, please send these
> >>>>>> comments along to the list in your response to this Call for
> Adoption.
> >>>>>>
> >>>>>> Ciao
> >>>>>> Hannes & Derek
> >>>>>>
> >>>>>>
> >>>>>> _______________________________________________
> >>>>>> OAuth mailing list
> >>>>>> OAuth@ietf.org
> >>>>>> https://www.ietf.org/mailman/listinfo/oauth
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> --
> >>>>>> Thomas Broyer
> >>>>>> /t?.ma.b?wa.je/
> >>>>>> _______________________________________________
> >>>>>> OAuth mailing list
> >>>>>> OAuth@ietf.org
> >>>>>> https://www.ietf.org/mailman/listinfo/oauth
> >>>>>
> >>>>>
> >>>>> _______________________________________________
> >>>>> OAuth mailing list
> >>>>> OAuth@ietf.org
> >>>>> https://www.ietf.org/mailman/listinfo/oauth
> >>>>
> >>>> _______________________________________________
> >>>> OAuth mailing list
> >>>> OAuth@ietf.org
> >>>> https://www.ietf.org/mailman/listinfo/oauth
> >>> _______________________________________________
> >>> OAuth mailing list
> >>> OAuth@ietf.org
> >>> https://www.ietf.org/mailman/listinfo/oauth
> >>
> >> _______________________________________________
> >> OAuth mailing list
> >> OAuth@ietf.org
> >> https://www.ietf.org/mailman/listinfo/oauth
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> OAuth mailing list
> >> OAuth@ietf.org
> >> https://www.ietf.org/mailman/listinfo/oauth
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://www.ietf.org/mail-archive/web/oauth/attachments/20140729/a437e374/attachment.html
> >
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>
> ------------------------------
>
> End of OAuth Digest, Vol 69, Issue 134
> **************************************
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://www.ietf.org/mail-archive/web/oauth/attachments/20140803/c6ce578f/attachment.html
> >
>
> ------------------------------
>
> Message: 2
> Date: Sun, 3 Aug 2014 13:33:56 +0700
> From: Panca Agus Ananda <panca70@outlook.com>
> To: oauth-request@ietf.org, oauth@ietf.org
> Subject: [OAUTH-WG] Check out Search for Ebay for BlackBerry
> Message-ID: <BLU406-EAS19B8940435C09725EB3020A6E50@phx.gbl>
> Content-Type: text/plain; charset="us-ascii"
>
> An HTML attachment was scrubbed...
> URL: <
> http://www.ietf.org/mail-archive/web/oauth/attachments/20140803/b9829b72/attachment.html
> >
>
> ------------------------------
>
> Message: 3
> Date: Sun, 3 Aug 2014 16:12:09 +0700
> From: Panca Agus Ananda <panca70@outlook.com>
> To: OAuth@ietf.org
> Subject: [OAUTH-WG] (no subject)
> Message-ID: <BLU406-EAS24761A8E1E8BA3968366F52A6E50@phx.gbl>
> Content-Type: text/plain; charset="us-ascii"
>
> An HTML attachment was scrubbed...
> URL: <
> http://www.ietf.org/mail-archive/web/oauth/attachments/20140803/d01ce031/attachment.html
> >
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>
> ------------------------------
>
> End of OAuth Digest, Vol 70, Issue 1
> ************************************
>

--047d7b673a4e89b4de04ffb6956f
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<p dir=3D"ltr"><a href=3D"mailto:sooolooo.mm@gmail.com">sooolooo.mm@gmail.c=
om</a></p>
<div class=3D"gmail_quote">Am 03.08.2014 11:12 schrieb  &lt;<a href=3D"mail=
to:oauth-request@ietf.org">oauth-request@ietf.org</a>&gt;:<br type=3D"attri=
bution"><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border=
-left:1px #ccc solid;padding-left:1ex">
Send OAuth mailing list submissions to<br>
=A0 =A0 =A0 =A0 <a href=3D"mailto:oauth@ietf.org">oauth@ietf.org</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
=A0 =A0 =A0 =A0 <a href=3D"https://www.ietf.org/mailman/listinfo/oauth" tar=
get=3D"_blank">https://www.ietf.org/mailman/listinfo/oauth</a><br>
or, via email, send a message with subject or body &#39;help&#39; to<br>
=A0 =A0 =A0 =A0 <a href=3D"mailto:oauth-request@ietf.org">oauth-request@iet=
f.org</a><br>
<br>
You can reach the person managing the list at<br>
=A0 =A0 =A0 =A0 <a href=3D"mailto:oauth-owner@ietf.org">oauth-owner@ietf.or=
g</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than &quot;Re: Contents of OAuth digest...&quot;<br>
<br>
<br>
Today&#39;s Topics:<br>
<br>
=A0 =A01. Bls: OAuth Digest, Vol 69, Issue 134 (Panca Agus Ananda)<br>
=A0 =A02. Check out Search for Ebay for BlackBerry (Panca Agus Ananda)<br>
=A0 =A03. (no subject) (Panca Agus Ananda)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Sun, 3 Aug 2014 09:39:20 +0700<br>
From: Panca Agus Ananda &lt;<a href=3D"mailto:panca70@outlook.com">panca70@=
outlook.com</a>&gt;<br>
To: &lt;<a href=3D"mailto:oauth@ietf.org">oauth@ietf.org</a>&gt;<br>
Subject: [OAUTH-WG] Bls: OAuth Digest, Vol 69, Issue 134<br>
Message-ID: &lt;BLU406-EAS25E4F6A9D6D0787FC3DA63A6E50@phx.gbl&gt;<br>
Content-Type: text/plain; charset=3D&quot;utf-8&quot;<br>
<br>
<br>
<br>
Dikirim dari ponsel cerdas BlackBerry 10 saya dengan jaringan Telkomsel.<br=
>
Dari: <a href=3D"mailto:oauth-request@ietf.org">oauth-request@ietf.org</a><=
br>
Terkirim: Rabu, 30 Juli 2014 03.42<br>
Ke: <a href=3D"mailto:oauth@ietf.org">oauth@ietf.org</a><br>
Balas Ke: <a href=3D"mailto:oauth@ietf.org">oauth@ietf.org</a><br>
Perihal: OAuth Digest, Vol 69, Issue 134<br>
<br>
<br>
Send OAuth mailing list submissions to<br>
=A0 =A0 =A0 =A0 <a href=3D"mailto:oauth@ietf.org">oauth@ietf.org</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
=A0 =A0 =A0 =A0 <a href=3D"https://www.ietf.org/mailman/listinfo/oauth" tar=
get=3D"_blank">https://www.ietf.org/mailman/listinfo/oauth</a><br>
or, via email, send a message with subject or body &#39;help&#39; to<br>
=A0 =A0 =A0 =A0 <a href=3D"mailto:oauth-request@ietf.org">oauth-request@iet=
f.org</a><br>
<br>
You can reach the person managing the list at<br>
=A0 =A0 =A0 =A0 <a href=3D"mailto:oauth-owner@ietf.org">oauth-owner@ietf.or=
g</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than &quot;Re: Contents of OAuth digest...&quot;<br>
<br>
<br>
Today&#39;s Topics:<br>
<br>
=A0 =A01. Re: Confirmation: Call for Adoption of &quot;OAuth Token<br>
=A0 =A0 =A0 Introspection&quot; as an OAuth Working Group Item (Phil Hunt)<=
br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Tue, 29 Jul 2014 13:41:16 -0700<br>
From: Phil Hunt &lt;<a href=3D"mailto:phil.hunt@oracle.com">phil.hunt@oracl=
e.com</a>&gt;<br>
To: Justin Richer &lt;<a href=3D"mailto:jricher@mitre.org">jricher@mitre.or=
g</a>&gt;<br>
Cc: &quot;<a href=3D"mailto:oauth@ietf.org">oauth@ietf.org</a>&quot; &lt;<a=
 href=3D"mailto:oauth@ietf.org">oauth@ietf.org</a>&gt;<br>
Subject: Re: [OAUTH-WG] Confirmation: Call for Adoption of &quot;OAuth<br>
=A0 =A0 =A0 =A0 Token Introspection&quot; as an OAuth Working Group Item<br=
>
Message-ID: &lt;<a href=3D"mailto:620AF4CA-B7F7-487E-A833-3483D2B41B26@orac=
le.com">620AF4CA-B7F7-487E-A833-3483D2B41B26@oracle.com</a>&gt;<br>
Content-Type: text/plain; charset=3D&quot;utf-8&quot;<br>
<br>
Making everything optional achieves no benefits, you just end up with a com=
plex set of options and no inter op.<br>
<br>
We had the same issue with dyn reg.<br>
<br>
I prefer to first get agreement on use case.<br>
<br>
What are the questions a caller can ask and what form of responses are avai=
lable.<br>
<br>
Should this be limited to authz info or is this a back door for user data a=
nd wbfinger data?<br>
<br>
I would prefer to have agreement on use cases before picking a solution rig=
ht now.<br>
<br>
Phil<br>
<br>
&gt; On Jul 29, 2014, at 11:13, Justin Richer &lt;<a href=3D"mailto:jricher=
@mitre.org">jricher@mitre.org</a>&gt; wrote:<br>
&gt;<br>
&gt; Agreed on this point -- which is why the only MTI bit in the individua=
l draft is &quot;active&quot;, which is whether or not the token was any go=
od to begin with. There are a set of claims with defined semantics but all =
are optional, and the list is extensible. I think in practice we&#39;ll see=
 people settle on a set of common ones.<br>

&gt;<br>
&gt; =A0-- Justin<br>
&gt;<br>
&gt;&gt; On 07/29/2014 02:11 PM, Bill Mills wrote:<br>
&gt;&gt; This is exactly the same problem space as webfinger, you want to k=
now something about a user and there&#39;s a useful set of information you =
might reasonably query, but in the end the server may have it&#39;s own sch=
ema of data it returns. =A0There won&#39;t be a single schema that fits all=
 use cases, Any given RS/AS ecosystem may decide they have custom stuff and=
 omit other stuff. =A0I think the more rigid the MTI schema gets the harder=
 the battle in this case.<br>

&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt; On Tuesday, July 29, 2014 2:56 AM, Paul Madsen &lt;<a href=3D"mail=
to:paul.madsen@gmail.com">paul.madsen@gmail.com</a>&gt; wrote:<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt; Standardized Introspection will be valuable in NAPPS, where the AS=
 and RS may be in different policy domains.<br>
&gt;&gt;<br>
&gt;&gt; Even for single policy domains, there are enterprise scenarios whe=
re the RS is from a different vendor than the AS, such as when an API gatew=
ay validates tokens issued by an &#39;IdP&#39; . We&#39;ve necessarily defi=
ned our own introspection endpoint and our gateway partners have implemente=
d it, (at the instruction of the customer in question). But of course it&#3=
9;s proprietary to us.<br>

&gt;&gt;<br>
&gt;&gt; Paul<br>
&gt;&gt;<br>
&gt;&gt; On Jul 28, 2014, at 8:59 PM, Phil Hunt &lt;<a href=3D"mailto:phil.=
hunt@oracle.com">phil.hunt@oracle.com</a>&gt; wrote:<br>
&gt;&gt;<br>
&gt;&gt;&gt; That doesn?t explain the need for inter-operability. What you?=
ve described is what will be common practice.<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; It?s a great open source technique, but that?s not a standard.=
<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; JWT is much different. JWT is a foundational specification tha=
t describes the construction and parsing of JSON based tokens. There is int=
er-op with token formats that build on top and there is inter-op between ev=
ery communicating party.<br>

&gt;&gt;&gt;<br>
&gt;&gt;&gt; In OAuth, a site may never implement token introspection nor m=
ay it do it the way you describe. =A0Why would that be a problem? =A0Why sh=
ould the group spend time on something where there may be no inter-op need.=
<br>

&gt;&gt;&gt;<br>
&gt;&gt;&gt; Now that said, if you are in the UMA community. =A0Inter-op is=
 quite foundational. =A0It is very very important. But then maybe the spec =
should be defined within UMA?<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; Phil<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; @independentid<br>
&gt;&gt;&gt; <a href=3D"http://www.independentid.com" target=3D"_blank">www=
.independentid.com</a><br>
&gt;&gt;&gt; <a href=3D"mailto:phil.hunt@oracle.com">phil.hunt@oracle.com</=
a><br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt; On Jul 28, 2014, at 5:39 PM, Justin Richer &lt;<a href=3D"=
mailto:jricher@MIT.EDU">jricher@MIT.EDU</a>&gt; =A0 =A0 =A0 =A0 =A0 =A0 =A0=
 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 wrote:<br>
&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt; It&#39;s analogous to JWT in many ways: when you&#39;ve go=
t the AS and the RS separated somehow (different box, different domain, eve=
n different software vendor) and you need to communicate a set of informati=
on about the approval delegation from the AS (who has the context to know a=
bout it) through to the RS (who needs to know about it to make the authoriz=
ation call). JWT gives us an interoperable way to do this by passing values=
 inside the token itself, introspection gives a way to pass the values by r=
eference via the token as an artifact. The two are complementary, and there=
 are even cases where you&#39;d want to deploy them together.<br>

&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt; =A0-- Justin<br>
&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt; On 7/28/2014 8:11 PM, Phil Hunt wrote:<br>
&gt;&gt;&gt;&gt;&gt; Could we have some discussion on the interop cases?<br=
>
&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt; Is it driven by scenarios where AS and resource are se=
parate domains? Or may this be only of interest to specific protocols like =
UMA?<br>
&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt; From a technique principle, the draft is important and=
 sound. I am just not there yet on the reasons for an interoperable standar=
d.<br>
&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt; Phil<br>
&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt; On Jul 28, 2014, at 17:00, Thomas Broyer &lt;<a href=
=3D"mailto:t.broyer@gmail.com">t.broyer@gmail.com</a>&gt; wrote:<br>
&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt;&gt; Yes. This spec is of special interest to the platf=
orm we&#39;re building for <a href=3D"http://www.oasis-eu.org/" target=3D"_=
blank">http://www.oasis-eu.org/</a><br>
&gt;&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt;&gt; On Mon, Jul 28, 2014 at 7:33 PM, Hannes Tschofenig=
 &lt;<a href=3D"mailto:hannes.tschofenig@gmx.net">hannes.tschofenig@gmx.net=
</a>&gt; wrote:<br>
&gt;&gt;&gt;&gt;&gt;&gt; Hi all,<br>
&gt;&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt;&gt; during the IETF #90 OAuth WG meeting, there was st=
rong consensus in<br>
&gt;&gt;&gt;&gt;&gt;&gt; adopting the &quot;OAuth Token Introspection&quot;=
<br>
&gt;&gt;&gt;&gt;&gt;&gt; (draft-richer-oauth-introspection-06.txt) specific=
ation as an OAuth WG<br>
&gt;&gt;&gt;&gt;&gt;&gt; work item.<br>
&gt;&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt;&gt; We would now like to verify the outcome of this ca=
ll for adoption on the<br>
&gt;&gt;&gt;&gt;&gt;&gt; OAuth WG mailing list. Here is the link to the doc=
ument:<br>
&gt;&gt;&gt;&gt;&gt;&gt; <a href=3D"http://datatracker.ietf.org/doc/draft-r=
icher-oauth-introspection/" target=3D"_blank">http://datatracker.ietf.org/d=
oc/draft-richer-oauth-introspection/</a><br>
&gt;&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt;&gt; If you did not hum at the IETF 90 OAuth WG meeting=
, =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0 =A0 =A0 =A0 =A0 and have an opinion<br>
&gt;&gt;&gt;&gt;&gt;&gt; as to the suitability of adopting this document as=
 a WG work item,<br>
&gt;&gt;&gt;&gt;&gt;&gt; please send mail to the OAuth WG list indicating y=
our opinion (Yes/No).<br>
&gt;&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt;&gt; The confirmation call for adoption will last until=
 August 10, 2014. =A0If<br>
&gt;&gt;&gt;&gt;&gt;&gt; you have issues/edits/comments on the document, pl=
ease send these<br>
&gt;&gt;&gt;&gt;&gt;&gt; comments along to the list in your response to thi=
s Call for Adoption.<br>
&gt;&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt;&gt; Ciao<br>
&gt;&gt;&gt;&gt;&gt;&gt; Hannes &amp; Derek<br>
&gt;&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt;&gt; _______________________________________________<br=
>
&gt;&gt;&gt;&gt;&gt;&gt; OAuth mailing list<br>
&gt;&gt;&gt;&gt;&gt;&gt; <a href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</=
a><br>
&gt;&gt;&gt;&gt;&gt;&gt; <a href=3D"https://www.ietf.org/mailman/listinfo/o=
auth" target=3D"_blank">https://www.ietf.org/mailman/listinfo/oauth</a><br>
&gt;&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt;&gt; --<br>
&gt;&gt;&gt;&gt;&gt;&gt; Thomas Broyer<br>
&gt;&gt;&gt;&gt;&gt;&gt; /t?.ma.b?<a href=3D"http://wa.je/" target=3D"_blan=
k">wa.je/</a><br>
&gt;&gt;&gt;&gt;&gt;&gt; _______________________________________________<br=
>
&gt;&gt;&gt;&gt;&gt;&gt; OAuth mailing list<br>
&gt;&gt;&gt;&gt;&gt;&gt; <a href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</=
a><br>
&gt;&gt;&gt;&gt;&gt;&gt; <a href=3D"https://www.ietf.org/mailman/listinfo/o=
auth" target=3D"_blank">https://www.ietf.org/mailman/listinfo/oauth</a><br>
&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt; _______________________________________________<br>
&gt;&gt;&gt;&gt;&gt; OAuth mailing list<br>
&gt;&gt;&gt;&gt;&gt; <a href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><b=
r>
&gt;&gt;&gt;&gt;&gt; <a href=3D"https://www.ietf.org/mailman/listinfo/oauth=
" target=3D"_blank">https://www.ietf.org/mailman/listinfo/oauth</a><br>
&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt; _______________________________________________<br>
&gt;&gt;&gt;&gt; OAuth mailing list<br>
&gt;&gt;&gt;&gt; <a href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>
&gt;&gt;&gt;&gt; <a href=3D"https://www.ietf.org/mailman/listinfo/oauth" ta=
rget=3D"_blank">https://www.ietf.org/mailman/listinfo/oauth</a><br>
&gt;&gt;&gt; _______________________________________________<br>
&gt;&gt;&gt; OAuth mailing list<br>
&gt;&gt;&gt; <a href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>
&gt;&gt;&gt; <a href=3D"https://www.ietf.org/mailman/listinfo/oauth" target=
=3D"_blank">https://www.ietf.org/mailman/listinfo/oauth</a><br>
&gt;&gt;<br>
&gt;&gt; _______________________________________________<br>
&gt;&gt; OAuth mailing list<br>
&gt;&gt; <a href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>
&gt;&gt; <a href=3D"https://www.ietf.org/mailman/listinfo/oauth" target=3D"=
_blank">https://www.ietf.org/mailman/listinfo/oauth</a><br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt; _______________________________________________<br>
&gt;&gt; OAuth mailing list<br>
&gt;&gt; <a href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>
&gt;&gt; <a href=3D"https://www.ietf.org/mailman/listinfo/oauth" target=3D"=
_blank">https://www.ietf.org/mailman/listinfo/oauth</a><br>
&gt;<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: &lt;<a href=3D"http://www.ietf.org/mail-archive/web/oauth/attachments/=
20140729/a437e374/attachment.html" target=3D"_blank">http://www.ietf.org/ma=
il-archive/web/oauth/attachments/20140729/a437e374/attachment.html</a>&gt;<=
br>

<br>
------------------------------<br>
<br>
Subject: Digest Footer<br>
<br>
_______________________________________________<br>
OAuth mailing list<br>
<a href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/oauth" target=3D"_blank">h=
ttps://www.ietf.org/mailman/listinfo/oauth</a><br>
<br>
<br>
------------------------------<br>
<br>
End of OAuth Digest, Vol 69, Issue 134<br>
**************************************<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: &lt;<a href=3D"http://www.ietf.org/mail-archive/web/oauth/attachments/=
20140803/c6ce578f/attachment.html" target=3D"_blank">http://www.ietf.org/ma=
il-archive/web/oauth/attachments/20140803/c6ce578f/attachment.html</a>&gt;<=
br>

<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Sun, 3 Aug 2014 13:33:56 +0700<br>
From: Panca Agus Ananda &lt;<a href=3D"mailto:panca70@outlook.com">panca70@=
outlook.com</a>&gt;<br>
To: <a href=3D"mailto:oauth-request@ietf.org">oauth-request@ietf.org</a>, <=
a href=3D"mailto:oauth@ietf.org">oauth@ietf.org</a><br>
Subject: [OAUTH-WG] Check out Search for Ebay for BlackBerry<br>
Message-ID: &lt;BLU406-EAS19B8940435C09725EB3020A6E50@phx.gbl&gt;<br>
Content-Type: text/plain; charset=3D&quot;us-ascii&quot;<br>
<br>
An HTML attachment was scrubbed...<br>
URL: &lt;<a href=3D"http://www.ietf.org/mail-archive/web/oauth/attachments/=
20140803/b9829b72/attachment.html" target=3D"_blank">http://www.ietf.org/ma=
il-archive/web/oauth/attachments/20140803/b9829b72/attachment.html</a>&gt;<=
br>

<br>
------------------------------<br>
<br>
Message: 3<br>
Date: Sun, 3 Aug 2014 16:12:09 +0700<br>
From: Panca Agus Ananda &lt;<a href=3D"mailto:panca70@outlook.com">panca70@=
outlook.com</a>&gt;<br>
To: <a href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>
Subject: [OAUTH-WG] (no subject)<br>
Message-ID: &lt;BLU406-EAS24761A8E1E8BA3968366F52A6E50@phx.gbl&gt;<br>
Content-Type: text/plain; charset=3D&quot;us-ascii&quot;<br>
<br>
An HTML attachment was scrubbed...<br>
URL: &lt;<a href=3D"http://www.ietf.org/mail-archive/web/oauth/attachments/=
20140803/d01ce031/attachment.html" target=3D"_blank">http://www.ietf.org/ma=
il-archive/web/oauth/attachments/20140803/d01ce031/attachment.html</a>&gt;<=
br>

<br>
------------------------------<br>
<br>
Subject: Digest Footer<br>
<br>
_______________________________________________<br>
OAuth mailing list<br>
<a href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/oauth" target=3D"_blank">h=
ttps://www.ietf.org/mailman/listinfo/oauth</a><br>
<br>
<br>
------------------------------<br>
<br>
End of OAuth Digest, Vol 70, Issue 1<br>
************************************<br>
</blockquote></div>

--047d7b673a4e89b4de04ffb6956f--


From nobody Tue Aug  5 12:54:35 2014
Return-Path: <internet-drafts@ietf.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECE981A0146; Tue,  5 Aug 2014 12:54:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r3_1Rjv38hQh; Tue,  5 Aug 2014 12:54:23 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 402551A01E2; Tue,  5 Aug 2014 12:54:20 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 5.6.2.p5
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20140805195420.4766.35603.idtracker@ietfa.amsl.com>
Date: Tue, 05 Aug 2014 12:54:20 -0700
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/46Sn0mbIdL3I1k-hdgN5js4AUEo
Cc: oauth@ietf.org
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-dyn-reg-19.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Aug 2014 19:54:28 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
 This draft is a work item of the Web Authorization Protocol Working Group of the IETF.

        Title           : OAuth 2.0 Dynamic Client Registration Protocol
        Authors         : Justin Richer
                          Michael B. Jones
                          John Bradley
                          Maciej Machulak
                          Phil Hunt
	Filename        : draft-ietf-oauth-dyn-reg-19.txt
	Pages           : 36
	Date            : 2014-08-05

Abstract:
   This specification defines mechanisms for dynamically registering
   OAuth 2.0 clients with authorization servers.  Registration requests
   send a set of desired client metadata values to the authorization
   server and the resulting registration responses return a client
   identifier to use at the authorization server and the client metadata
   values registered for the client.  The client can then use this
   registration information to communicate with the authorization server
   using the OAuth 2.0 protocol.  This specification also defines a set
   of common client metadata fields and values for clients to use during
   registration.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-dyn-reg/

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-oauth-dyn-reg-19

A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-dyn-reg-19


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


From nobody Tue Aug  5 12:56:57 2014
Return-Path: <internet-drafts@ietf.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B21B61A0146; Tue,  5 Aug 2014 12:56:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SSl9uOKRTttQ; Tue,  5 Aug 2014 12:56:53 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 21ABF1A01DD; Tue,  5 Aug 2014 12:56:50 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 5.6.2.p5
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20140805195650.17530.26151.idtracker@ietfa.amsl.com>
Date: Tue, 05 Aug 2014 12:56:50 -0700
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/NNgI7ri28jntzIuuyP7W-XhkH7E
Cc: oauth@ietf.org
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-dyn-reg-management-03.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Aug 2014 19:56:55 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
 This draft is a work item of the Web Authorization Protocol Working Group of the IETF.

        Title           : OAuth 2.0 Dynamic Client Registration Management Protocol
        Authors         : Justin Richer
                          Michael B. Jones
                          John Bradley
                          Maciej Machulak
                          Phil Hunt
	Filename        : draft-ietf-oauth-dyn-reg-management-03.txt
	Pages           : 16
	Date            : 2014-08-05

Abstract:
   This specification defines methods for management of dynamic OAuth
   2.0 client registrations for use cases in which the properties of a
   registered client may need to be changed during the lifetime of the
   client.  Only some authorization servers supporting dynamic client
   registration will support these management methods.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-dyn-reg-management/

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-oauth-dyn-reg-management-03

A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-dyn-reg-management-03


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


From nobody Tue Aug  5 12:58:19 2014
Return-Path: <jricher@mitre.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11B7C1A01F2 for <oauth@ietfa.amsl.com>; Tue,  5 Aug 2014 12:58:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level: 
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id USd54vLXu8Kj for <oauth@ietfa.amsl.com>; Tue,  5 Aug 2014 12:58:15 -0700 (PDT)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id C0D3B1A01E1 for <oauth@ietf.org>; Tue,  5 Aug 2014 12:58:15 -0700 (PDT)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 4FC021F0C3D for <oauth@ietf.org>; Tue,  5 Aug 2014 15:58:15 -0400 (EDT)
Received: from IMCCAS03.MITRE.ORG (imccas03.mitre.org [129.83.29.80]) by smtpksrv1.mitre.org (Postfix) with ESMTP id 43B7F1F0C2F for <oauth@ietf.org>; Tue,  5 Aug 2014 15:58:15 -0400 (EDT)
Received: from IMCMBX01.MITRE.ORG ([169.254.1.118]) by IMCCAS03.MITRE.ORG ([129.83.29.80]) with mapi id 14.03.0174.001; Tue, 5 Aug 2014 15:58:15 -0400
From: "Richer, Justin P." <jricher@mitre.org>
To: "oauth@ietf.org list" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] I-D Action: draft-ietf-oauth-dyn-reg-19.txt
Thread-Index: AQHPsOcsTWgJiTlOvkKHnXYg6NmuHZvCsG4A
Date: Tue, 5 Aug 2014 19:58:14 +0000
Message-ID: <31DC7766-86B9-4F45-A8A2-4CE46E494F50@mitre.org>
References: <20140805195420.4766.35603.idtracker@ietfa.amsl.com>
In-Reply-To: <20140805195420.4766.35603.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.146.15.23]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <A135AE1EDD5EA44B8D23E03364F9AB1D@imc.mitre.org>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/LJ7xmuFy7dXv-9eGzovqkCX3KrU
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-dyn-reg-19.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Aug 2014 19:58:18 -0000

This update includes the editorial changes discussed in Toronto and on the =
list, mostly around description of a handful of metadata fields. We added t=
he discussion about redirect URIs to the security considerations section, a=
nd removed the "application_type" metadata parameter. We also added informa=
tional references to OIDC dynamic registration and UMA to the introduction =
of the spec.=20

Thanks to all who contributed feedback.

 -- Justin

On Aug 5, 2014, at 3:54 PM, internet-drafts@ietf.org wrote:

>=20
> A New Internet-Draft is available from the on-line Internet-Drafts direct=
ories.
> This draft is a work item of the Web Authorization Protocol Working Group=
 of the IETF.
>=20
>        Title           : OAuth 2.0 Dynamic Client Registration Protocol
>        Authors         : Justin Richer
>                          Michael B. Jones
>                          John Bradley
>                          Maciej Machulak
>                          Phil Hunt
> 	Filename        : draft-ietf-oauth-dyn-reg-19.txt
> 	Pages           : 36
> 	Date            : 2014-08-05
>=20
> Abstract:
>   This specification defines mechanisms for dynamically registering
>   OAuth 2.0 clients with authorization servers.  Registration requests
>   send a set of desired client metadata values to the authorization
>   server and the resulting registration responses return a client
>   identifier to use at the authorization server and the client metadata
>   values registered for the client.  The client can then use this
>   registration information to communicate with the authorization server
>   using the OAuth 2.0 protocol.  This specification also defines a set
>   of common client metadata fields and values for clients to use during
>   registration.
>=20
>=20
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-oauth-dyn-reg/
>=20
> There's also a htmlized version available at:
> http://tools.ietf.org/html/draft-ietf-oauth-dyn-reg-19
>=20
> A diff from the previous version is available at:
> http://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-oauth-dyn-reg-19
>=20
>=20
> Please note that it may take a couple of minutes from the time of submiss=
ion
> until the htmlized version and diff are available at tools.ietf.org.
>=20
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


From nobody Tue Aug  5 12:59:20 2014
Return-Path: <jricher@mitre.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98B001B2B3F for <oauth@ietfa.amsl.com>; Tue,  5 Aug 2014 12:59:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level: 
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GcwXGJzBghSN for <oauth@ietfa.amsl.com>; Tue,  5 Aug 2014 12:59:11 -0700 (PDT)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id 66A981A028B for <oauth@ietf.org>; Tue,  5 Aug 2014 12:59:08 -0700 (PDT)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 143521F0C3F for <oauth@ietf.org>; Tue,  5 Aug 2014 15:59:08 -0400 (EDT)
Received: from IMCCAS01.MITRE.ORG (imccas01.mitre.org [129.83.29.78]) by smtpksrv1.mitre.org (Postfix) with ESMTP id EA3291F0C2F for <oauth@ietf.org>; Tue,  5 Aug 2014 15:59:07 -0400 (EDT)
Received: from IMCMBX01.MITRE.ORG ([169.254.1.118]) by IMCCAS01.MITRE.ORG ([129.83.29.68]) with mapi id 14.03.0174.001; Tue, 5 Aug 2014 15:59:07 -0400
From: "Richer, Justin P." <jricher@mitre.org>
To: "oauth@ietf.org list" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] I-D Action: draft-ietf-oauth-dyn-reg-management-03.txt
Thread-Index: AQHPsOd36/5F7Kqfh0i/j86Cs8zkKpvCsK2A
Date: Tue, 5 Aug 2014 19:59:07 +0000
Message-ID: <D7F07B8E-60FE-4112-8DE9-3663F54B0841@mitre.org>
References: <20140805195650.17530.26151.idtracker@ietfa.amsl.com>
In-Reply-To: <20140805195650.17530.26151.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.146.15.23]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <D0B005203B20B84B8421F9FBD02F5B35@imc.mitre.org>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/E2jBSKlVRxlo9hFa8-4Tt9ohXNg
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-dyn-reg-management-03.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Aug 2014 19:59:17 -0000

As discussed in Toronto, this draft has been marked Experimental. No other =
substantive changes have been made.

 -- Justin


On Aug 5, 2014, at 3:56 PM, internet-drafts@ietf.org wrote:

>=20
> A New Internet-Draft is available from the on-line Internet-Drafts direct=
ories.
> This draft is a work item of the Web Authorization Protocol Working Group=
 of the IETF.
>=20
>        Title           : OAuth 2.0 Dynamic Client Registration Management=
 Protocol
>        Authors         : Justin Richer
>                          Michael B. Jones
>                          John Bradley
>                          Maciej Machulak
>                          Phil Hunt
> 	Filename        : draft-ietf-oauth-dyn-reg-management-03.txt
> 	Pages           : 16
> 	Date            : 2014-08-05
>=20
> Abstract:
>   This specification defines methods for management of dynamic OAuth
>   2.0 client registrations for use cases in which the properties of a
>   registered client may need to be changed during the lifetime of the
>   client.  Only some authorization servers supporting dynamic client
>   registration will support these management methods.
>=20
>=20
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-oauth-dyn-reg-management/
>=20
> There's also a htmlized version available at:
> http://tools.ietf.org/html/draft-ietf-oauth-dyn-reg-management-03
>=20
> A diff from the previous version is available at:
> http://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-oauth-dyn-reg-management-03
>=20
>=20
> Please note that it may take a couple of minutes from the time of submiss=
ion
> until the htmlized version and diff are available at tools.ietf.org.
>=20
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


From nobody Tue Aug  5 14:56:45 2014
Return-Path: <internet-drafts@ietf.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E57E1A009E; Tue,  5 Aug 2014 14:56:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BQ9ixFlJdYZl; Tue,  5 Aug 2014 14:56:41 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id DC3F11A0317; Tue,  5 Aug 2014 14:56:39 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 5.6.2.p5
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20140805215639.4347.85379.idtracker@ietfa.amsl.com>
Date: Tue, 05 Aug 2014 14:56:39 -0700
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/gFPsbB3VHJYZYkt5P9a3S7WmrKA
Cc: oauth@ietf.org
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-dyn-reg-management-04.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Aug 2014 21:56:42 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
 This draft is a work item of the Web Authorization Protocol Working Group of the IETF.

        Title           : OAuth 2.0 Dynamic Client Registration Management Protocol
        Authors         : Justin Richer
                          Michael B. Jones
                          John Bradley
                          Maciej Machulak
                          Phil Hunt
	Filename        : draft-ietf-oauth-dyn-reg-management-04.txt
	Pages           : 16
	Date            : 2014-08-05

Abstract:
   This specification defines methods for management of dynamic OAuth
   2.0 client registrations for use cases in which the properties of a
   registered client may need to be changed during the lifetime of the
   client.  Only some authorization servers supporting dynamic client
   registration will support these management methods.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-dyn-reg-management/

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-oauth-dyn-reg-management-04

A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-dyn-reg-management-04


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


From nobody Tue Aug  5 15:52:15 2014
Return-Path: <jricher@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5A3C1B2C20 for <oauth@ietfa.amsl.com>; Tue,  5 Aug 2014 15:52:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.202
X-Spam-Level: 
X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X1H8Z3e_a4Ei for <oauth@ietfa.amsl.com>; Tue,  5 Aug 2014 15:52:00 -0700 (PDT)
Received: from dmz-mailsec-scanner-4.mit.edu (dmz-mailsec-scanner-4.mit.edu [18.9.25.15]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 133711B2C1B for <oauth@ietf.org>; Tue,  5 Aug 2014 15:51:55 -0700 (PDT)
X-AuditID: 1209190f-f79f86d0000061c8-5d-53e1600a478b
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-4.mit.edu (Symantec Messaging Gateway) with SMTP id CB.31.25032.A0061E35; Tue,  5 Aug 2014 18:51:55 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id s75MpsVP018101 for <oauth@ietf.org>; Tue, 5 Aug 2014 18:51:54 -0400
Received: from [100.252.159.118] ([172.56.22.149]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id s75MpooO025172 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT) for <oauth@ietf.org>; Tue, 5 Aug 2014 18:51:53 -0400
Message-Id: <201408052251.s75MpooO025172@outgoing.mit.edu>
Date: Tue, 05 Aug 2014 18:51:47 -0400
From: Justin Richer <jricher@MIT.EDU>
To: oauth@ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: base64
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrCIsWRmVeSWpSXmKPExsUixCmqrcud8DDYYMpPJouTb1+xOTB6LFny kymAMYrLJiU1J7MstUjfLoErY/b+a8wFTeIVP9fMYmlg3CLWxcjJISFgIrFk1nc2CFtM4sK9 9WC2kMBsJokT59gh7KOMEmsXiXYxcgHZO5gk1n+4DVbEK2AlcWlDC1gRi4CqxO51/awgtrBA gMS6s/dYQGw2oPj8lbeYQGwRASGJ5zv7mCB6BSVOznwCVsMsoC7xZ94lZghbUWJK90P2CYy8 s5CUzUJSNgtJ2QJG5lWMsim5Vbq5iZk5xanJusXJiXl5qUW6Jnq5mSV6qSmlmxjBoSTJv4Px 20GlQ4wCHIxKPLyZpg+DhVgTy4orcw8xSnIwKYnybgkDCvEl5adUZiQWZ8QXleakFh9ilOBg VhLh3RIPlONNSaysSi3Kh0lJc7AoifO+tbYKFhJITyxJzU5NLUgtgsmqc3AI3D/5N1yKJS8/ L1VJgncZyAzBotT01Iq0zJwShEomDk6QPTxAezzB9hQXJOYWZ6ZD5E8x6nJs6D3WxiQENkhK nLc/DqhIAKQoozQPbg4sMbxiFAf6UJg3C6SKB5hU4Ca9AlrCBLTETOc+yJKSRISUVAOj2e20 dUlXd5n7fLNaHOTyI5VFfPdebcd/idIMLfMLDh/+tfbmFAZtn4meDkxyrxifTJzq/33dnlVV 7oYvErWE7n387HjR8CvXjKnuW9UiO2IcikqUXkYdqD90LOpg3oSwhT7bFeK/9pgxVM7wXtqx RnKiP++GrFzWxNUW0ks2Nj9mvPax685EJZbijERDLeai4kQA2SfCdecCAAA=
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/bTGfGtPKr7AP1UcqfpV-tJ0m0CY
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-dyn-reg-management-04.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Aug 2014 22:52:10 -0000

SSBhY2NpZGVudGFsbHkgdXBsb2FkZWQgdGhlIHdyb25nIFhNTCBmaWxlLCB0aHVzIDA0IGlzIGlk
ZW50aWNhbCB0byB3aGF0IDAzIHdhcyBzdXBwb3NlZCB0byBiZS4gQmlnIHRoYW5rcyB0byBNaWtl
IGZvciBjYXRjaGluZyBhbmQgZml4aW5nIHRoaXMuCgotLUp1c3RpbgoKL3NlbnQgZnJvbSBteSBw
aG9uZS8KCk9uIEF1ZyA1LCAyMDE0IDU6NTYgUE0sIGludGVybmV0LWRyYWZ0c0BpZXRmLm9yZyB3
cm90ZToKPgo+Cj4gQSBOZXcgSW50ZXJuZXQtRHJhZnQgaXMgYXZhaWxhYmxlIGZyb20gdGhlIG9u
LWxpbmUgSW50ZXJuZXQtRHJhZnRzIGRpcmVjdG9yaWVzLiAKPiBUaGlzIGRyYWZ0IGlzIGEgd29y
ayBpdGVtIG9mIHRoZSBXZWIgQXV0aG9yaXphdGlvbiBQcm90b2NvbCBXb3JraW5nIEdyb3VwIG9m
IHRoZSBJRVRGLiAKPgo+IMKgwqDCoMKgwqDCoMKgIFRpdGxlwqDCoMKgwqDCoMKgwqDCoMKgwqAg
OiBPQXV0aCAyLjAgRHluYW1pYyBDbGllbnQgUmVnaXN0cmF0aW9uIE1hbmFnZW1lbnQgUHJvdG9j
b2wgCj4gwqDCoMKgwqDCoMKgwqAgQXV0aG9yc8KgwqDCoMKgwqDCoMKgwqAgOiBKdXN0aW4gUmlj
aGVyIAo+IMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKg
IE1pY2hhZWwgQi4gSm9uZXMgCj4gwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKg
wqDCoMKgwqDCoMKgwqAgSm9obiBCcmFkbGV5IAo+IMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKg
wqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgIE1hY2llaiBNYWNodWxhayAKPiDCoMKgwqDCoMKgwqDC
oMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoCBQaGlsIEh1bnQgCj4gRmlsZW5h
bWXCoMKgwqDCoMKgwqDCoCA6IGRyYWZ0LWlldGYtb2F1dGgtZHluLXJlZy1tYW5hZ2VtZW50LTA0
LnR4dCAKPiBQYWdlc8KgwqDCoMKgwqDCoMKgwqDCoMKgIDogMTYgCj4gRGF0ZcKgwqDCoMKgwqDC
oMKgwqDCoMKgwqAgOiAyMDE0LTA4LTA1IAo+Cj4gQWJzdHJhY3Q6IAo+IMKgwqAgVGhpcyBzcGVj
aWZpY2F0aW9uIGRlZmluZXMgbWV0aG9kcyBmb3IgbWFuYWdlbWVudCBvZiBkeW5hbWljIE9BdXRo
IAo+IMKgwqAgMi4wIGNsaWVudCByZWdpc3RyYXRpb25zIGZvciB1c2UgY2FzZXMgaW4gd2hpY2gg
dGhlIHByb3BlcnRpZXMgb2YgYSAKPiDCoMKgIHJlZ2lzdGVyZWQgY2xpZW50IG1heSBuZWVkIHRv
IGJlIGNoYW5nZWQgZHVyaW5nIHRoZSBsaWZldGltZSBvZiB0aGUgCj4gwqDCoCBjbGllbnQuwqAg
T25seSBzb21lIGF1dGhvcml6YXRpb24gc2VydmVycyBzdXBwb3J0aW5nIGR5bmFtaWMgY2xpZW50
IAo+IMKgwqAgcmVnaXN0cmF0aW9uIHdpbGwgc3VwcG9ydCB0aGVzZSBtYW5hZ2VtZW50IG1ldGhv
ZHMuIAo+Cj4KPiBUaGUgSUVURiBkYXRhdHJhY2tlciBzdGF0dXMgcGFnZSBmb3IgdGhpcyBkcmFm
dCBpczogCj4gaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtaWV0Zi1vYXV0
aC1keW4tcmVnLW1hbmFnZW1lbnQvIAo+Cj4gVGhlcmUncyBhbHNvIGEgaHRtbGl6ZWQgdmVyc2lv
biBhdmFpbGFibGUgYXQ6IAo+IGh0dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWlldGYt
b2F1dGgtZHluLXJlZy1tYW5hZ2VtZW50LTA0IAo+Cj4gQSBkaWZmIGZyb20gdGhlIHByZXZpb3Vz
IHZlcnNpb24gaXMgYXZhaWxhYmxlIGF0OiAKPiBodHRwOi8vd3d3LmlldGYub3JnL3JmY2RpZmY/
dXJsMj1kcmFmdC1pZXRmLW9hdXRoLWR5bi1yZWctbWFuYWdlbWVudC0wNCAKPgo+Cj4gUGxlYXNl
IG5vdGUgdGhhdCBpdCBtYXkgdGFrZSBhIGNvdXBsZSBvZiBtaW51dGVzIGZyb20gdGhlIHRpbWUg
b2Ygc3VibWlzc2lvbiAKPiB1bnRpbCB0aGUgaHRtbGl6ZWQgdmVyc2lvbiBhbmQgZGlmZiBhcmUg
YXZhaWxhYmxlIGF0IHRvb2xzLmlldGYub3JnLiAKPgo+IEludGVybmV0LURyYWZ0cyBhcmUgYWxz
byBhdmFpbGFibGUgYnkgYW5vbnltb3VzIEZUUCBhdDogCj4gZnRwOi8vZnRwLmlldGYub3JnL2lu
dGVybmV0LWRyYWZ0cy8gCj4KPiBfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fXyAKPiBPQXV0aCBtYWlsaW5nIGxpc3QgCj4gT0F1dGhAaWV0Zi5vcmcgCj4gaHR0
cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9vYXV0aCAK


From nobody Fri Aug  8 07:28:19 2014
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 288D81B2B23 for <oauth@ietfa.amsl.com>; Fri,  8 Aug 2014 07:28:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.568
X-Spam-Level: 
X-Spam-Status: No, score=-3.568 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id egzaEag1JzE5 for <oauth@ietfa.amsl.com>; Fri,  8 Aug 2014 07:28:15 -0700 (PDT)
Received: from na3sys009aog134.obsmtp.com (na3sys009aog134.obsmtp.com [74.125.149.83]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0E781B2AD7 for <oauth@ietf.org>; Fri,  8 Aug 2014 07:28:14 -0700 (PDT)
Received: from mail-ig0-f174.google.com ([209.85.213.174]) (using TLSv1) by na3sys009aob134.postini.com ([74.125.148.12]) with SMTP ID DSNKU+Teftuk3KIE+t9EmOnhkJqesX2m3C/n@postini.com; Fri, 08 Aug 2014 07:28:14 PDT
Received: by mail-ig0-f174.google.com with SMTP id c1so1098919igq.13 for <oauth@ietf.org>; Fri, 08 Aug 2014 07:28:13 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=ScH16/ldJQ0O819RJQQWGmPP4V1/TA30h43ezbs/g44=; b=Eht4TaZ58gPb7H/FA0pxtCRrzs1MFUVMrk8Ckf4bP+CLoY1h9qWQvSPHekgYmikFy8 AM/ixb1rt4WYhJfmJUIwi4iCJfsIjS+VF3iA8wjA/zJx/kx8ZQlgtGow9axbYVL5L1JK K5jcMJQqbt8rmb2YwWvvnJ+v3PeHEwRnElomoynggJ/l8iPSSB2MF7npbwXF48EXruuS atobjHHLpu8zMLLDRydU+U698U+9DgfU/R5XVj/MW2MhIT0uMAunNuOlsDzobmi/X8l4 qVsRGaA0WVeyUqhV0nd4cwyf6vE2zv9D/oPTysiT6fw2yUkIfeXhuHIzRj7C1cjkVHnY BG0w==
X-Gm-Message-State: ALoCoQkMxYAIs5gJ7RiVA1/txUylXDIYWy41wWojrQKl2e9ZUHmb9O34V+4VLV4KQqpsFErymJl6XMel1d4wmiWN9rGvN28o0zFehiMnFXVAMEPUYWcweMnnjZb/LrvjaU78ss1y9urC
X-Received: by 10.42.214.207 with SMTP id hb15mr12563431icb.30.1407508093885;  Fri, 08 Aug 2014 07:28:13 -0700 (PDT)
X-Received: by 10.42.214.207 with SMTP id hb15mr12563409icb.30.1407508093724;  Fri, 08 Aug 2014 07:28:13 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.150.162 with HTTP; Fri, 8 Aug 2014 07:27:43 -0700 (PDT)
In-Reply-To: <53D6896E.1030701@gmx.net>
References: <53D6896E.1030701@gmx.net>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Fri, 8 Aug 2014 08:27:43 -0600
Message-ID: <CA+k3eCTJMAGGwt1xhOKuVrEJpQqUhTjXzUM6gx8f_XgHdXzH_A@mail.gmail.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Content-Type: multipart/alternative; boundary=20cf301cbea2f1ff6505001f035d
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/vYthOEVfyoC4T9BSlB9HRi3EOrI
Cc: "oauth-chairs@tools.ietf.org" <oauth-chairs@tools.ietf.org>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Confirmation: Call for Adoption of "OAuth 2.0 Token Exchange" as an OAuth Working Group Item
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Aug 2014 14:28:18 -0000

--20cf301cbea2f1ff6505001f035d
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

I am very much in favor of the WG pursuing the general concept of an OAuth
Token Exchange.  However, I don't believe this document, in its current
form anyway, is the necessarily the most appropriate starting point as a WG
work item.

I wrote up an I-D, which I'd ask to be considered as alternative or
additional input into the process:
https://datatracker.ietf.org/doc/draft-campbell-oauth-sts/

I don't intend this to be confrontational or "this is better than that"
kind of thing. Producing a draft just seemed like the most straightforward
way to document some initial thoughts on it. I'm more than open to
collaborating on it going forward.



On Mon, Jul 28, 2014 at 11:33 AM, Hannes Tschofenig <
hannes.tschofenig@gmx.net> wrote:

> Hi all,
>
> during the IETF #90 OAuth WG meeting, there was strong consensus in
> adopting the "OAuth 2.0 Token Exchange"
> (draft-jones-oauth-token-exchange-01.txt) specification as an OAuth WG
> work item.
>
> We would now like to verify the outcome of this call for adoption on the
> OAuth WG mailing list. Here is the link to the document:
> http://datatracker.ietf.org/doc/draft-jones-oauth-token-exchange/
>
> If you did not hum at the IETF 90 OAuth WG meeting, and have an opinion
> as to the suitability of adopting this document as a WG work item,
> please send mail to the OAuth WG list indicating your opinion (Yes/No).
>
> The confirmation call for adoption will last until August 10, 2014.  If
> you have issues/edits/comments on the document, please send these
> comments along to the list in your response to this Call for Adoption.
>
> Ciao
> Hannes & Derek
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>


--=20
   [image: Ping Identity logo] <https://www.pingidentity.com/>
Brian Campbell
Distinquished Engineer
  @ bcampbell@pingidentity.com  [image: phone] +1 720.317.2061  Connect
with us=E2=80=A6  [image: twitter logo] <https://twitter.com/pingidentity> =
[image:
youtube logo] <https://www.youtube.com/user/PingIdentityTV> [image:
LinkedIn logo] <https://www.linkedin.com/company/21870> [image: Facebook
logo] <https://www.facebook.com/pingidentitypage> [image: Google+ logo]
<https://plus.google.com/u/0/114266977739397708540> [image: slideshare logo=
]
<http://www.slideshare.net/PingIdentity> [image: flipboard logo]
<http://flip.it/vjBF7> [image: rss feed icon]
<https://www.pingidentity.com/blogs/>

--20cf301cbea2f1ff6505001f035d
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div><div><div>I am very much in favor of the <span>WG</sp=
an> pursuing the general concept of an <span>OAuth</span> Token Exchange.=
=C2=A0 However, I don&#39;t believe this document, in its current form anyw=
ay, is the necessarily the most appropriate starting point as a WG work ite=
m. <br>


<br></div>I wrote up an I-D, which I&#39;d ask to be considered as alternat=
ive or additional input into the process: <a href=3D"https://datatracker.ie=
tf.org/doc/draft-campbell-oauth-sts/">https://datatracker.ietf.org/doc/draf=
t-campbell-oauth-sts/</a><br>

<br></div>I don&#39;t intend this to be confrontational or &quot;this is be=
tter than that&quot; kind of thing. Producing a draft just seemed like the =
most straightforward way to document some initial thoughts on it. I&#39;m m=
ore than open to collaborating on it going forward.<br>

<br></div></div><div class=3D"gmail_extra"><br><br><div class=3D"gmail_quot=
e">On Mon, Jul 28, 2014 at 11:33 AM, Hannes Tschofenig <span dir=3D"ltr">&l=
t;<a href=3D"mailto:hannes.tschofenig@gmx.net" target=3D"_blank">hannes.tsc=
hofenig@gmx.net</a>&gt;</span> wrote:<br>

<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">Hi all,<br>
<br>
during the IETF #90 OAuth WG meeting, there was strong consensus in<br>
adopting the &quot;OAuth 2.0 Token Exchange&quot;<br>
(draft-jones-oauth-token-exchange-01.txt) specification as an OAuth WG<br>
work item.<br>
<br>
We would now like to verify the outcome of this call for adoption on the<br=
>
OAuth WG mailing list. Here is the link to the document:<br>
<a href=3D"http://datatracker.ietf.org/doc/draft-jones-oauth-token-exchange=
/" target=3D"_blank">http://datatracker.ietf.org/doc/draft-jones-oauth-toke=
n-exchange/</a><br>
<br>
If you did not hum at the IETF 90 OAuth WG meeting, and have an opinion<br>
as to the suitability of adopting this document as a WG work item,<br>
please send mail to the OAuth WG list indicating your opinion (Yes/No).<br>
<br>
The confirmation call for adoption will last until August 10, 2014. =C2=A0I=
f<br>
you have issues/edits/comments on the document, please send these<br>
comments along to the list in your response to this Call for Adoption.<br>
<br>
Ciao<br>
Hannes &amp; Derek<br>
<br>
<br>_______________________________________________<br>
OAuth mailing list<br>
<a href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/oauth" target=3D"_blank">h=
ttps://www.ietf.org/mailman/listinfo/oauth</a><br>
<br></blockquote></div><br><br clear=3D"all"><br>-- <br>

<div style=3D"padding-bottom:5px;margin-bottom:0">
	<table style=3D"height:40px">
		<tbody>
			<tr>
				<td style=3D"width:75px;vertical-align:top;height:79px">
					<a href=3D"https://www.pingidentity.com/" style=3D"text-decoration:non=
e" target=3D"_blank"><img alt=3D"Ping Identity logo" src=3D"http://4.pingid=
entity.com/rs/pingidentity/images/EXP_PIC_square_logo_RGB_with_hard_drop.pn=
g" style=3D"width:75px;height:79px;margin:0;border:none"></a></td>


				<td style=3D"vertical-align:top;padding-left:10px">
				=09
					<div style=3D"margin-bottom:7px">
						<span style=3D"color:#e61d3c;font-family:arial,helvetica,sans-serif;f=
ont-weight:bold;font-size:14px">Brian Campbell</span><br>
						<span style=3D"color:#000000;font-family:arial,helvetica,sans-serif;f=
ont-weight:normal;font-size:14px">Distinquished Engineer</span></div>
					<table>
						<tbody>
							<tr>
								<td style=3D"text-align:center;border-right:1px solid #e61d3c;paddi=
ng:0 5px 0 0">
									<span style=3D"color:#e61d3c;font-family:arial,helvetica,sans-seri=
f;font-weight:bold;font-size:14px">@</span></td>
								<td style=3D"text-align:left;padding:0 0 0 3px">
									<span style=3D"text-decoration:none;color:#000000;font-family:aria=
l,helvetica,sans-serif;font-weight:normal;font-size:14px"><a href=3D"mailto=
:bcampbell@pingidentity.com" target=3D"_blank">bcampbell@pingidentity.com</=
a></span></td>


							</tr>
							<tr>
								<td style=3D"text-align:center;border-right:1px solid #e63c1d;paddi=
ng:0;vertical-align:middle">
									<img alt=3D"phone" src=3D"http://4.pingidentity.com/rs/pingidentit=
y/images/EXP_phone_glyph.gif" style=3D"width:13px;height:16px"></td>
								<td style=3D"text-align:left;padding:0 0 0 3px">
									<span style=3D"color:#000000;font-family:arial,helvetica,sans-seri=
f;font-weight:normal;font-size:14px">+1 720.317.2061</span></td>
							</tr>
						=09
							<tr>
								<td colspan=3D"2" style=3D"font-family:arial,helvetica,sans-serif;f=
ont-size:14px;font-weight:normal;padding-top:15px;color:#999999">
									Connect with us=E2=80=A6</td>
							</tr>
							<tr>
								<td colspan=3D"2">
									<a href=3D"https://twitter.com/pingidentity" style=3D"text-decorat=
ion:none" title=3D"Ping on Twitter" target=3D"_blank"><img alt=3D"twitter l=
ogo" src=3D"http://4.pingidentity.com/rs/pingidentity/images/twitter.gif" s=
tyle=3D"width:20px;height:23px;border:none;margin:0"></a> <a href=3D"https:=
//www.youtube.com/user/PingIdentityTV" style=3D"text-decoration:none" title=
=3D"Ping on YouTube" target=3D"_blank"><img alt=3D"youtube logo" src=3D"htt=
p://4.pingidentity.com/rs/pingidentity/images/youtube.gif" style=3D"width:2=
3px;height:23px;border:none;margin:0"></a> <a href=3D"https://www.linkedin.=
com/company/21870" style=3D"text-decoration:none" title=3D"Ping on LinkedIn=
" target=3D"_blank"><img alt=3D"LinkedIn logo" src=3D"http://4.pingidentity=
.com/rs/pingidentity/images/linkedin.gif" style=3D"width:23px;height:23px;b=
order:none;margin:0"></a> <a href=3D"https://www.facebook.com/pingidentityp=
age" style=3D"text-decoration:none" title=3D"Ping on Facebook" target=3D"_b=
lank"><img alt=3D"Facebook logo" src=3D"http://4.pingidentity.com/rs/pingid=
entity/images/facebook.gif" style=3D"width:23px;height:23px;border:none;mar=
gin:0"></a> <a href=3D"https://plus.google.com/u/0/114266977739397708540" s=
tyle=3D"text-decoration:none" title=3D"Ping on Google+" target=3D"_blank"><=
img alt=3D"Google+ logo" src=3D"http://4.pingidentity.com/rs/pingidentity/i=
mages/google%2B.gif" style=3D"width:23px;height:23px;border:none;margin:0">=
</a> <a href=3D"http://www.slideshare.net/PingIdentity" style=3D"text-decor=
ation:none" title=3D"Ping on SlideShare" target=3D"_blank"><img alt=3D"slid=
eshare logo" src=3D"http://4.pingidentity.com/rs/pingidentity/images/slides=
hare.gif" style=3D"width:23px;height:23px;border:none;margin:0"></a> <a hre=
f=3D"http://flip.it/vjBF7" style=3D"text-decoration:none" title=3D"Ping on =
Flipboard" target=3D"_blank"><img alt=3D"flipboard logo" src=3D"http://4.pi=
ngidentity.com/rs/pingidentity/images/flipboard.gif" style=3D"width:23px;he=
ight:23px;border:none;margin:0"></a> <a href=3D"https://www.pingidentity.co=
m/blogs/" style=3D"text-decoration:none" title=3D"Ping blogs" target=3D"_bl=
ank"><img alt=3D"rss feed icon" src=3D"http://4.pingidentity.com/rs/pingide=
ntity/images/rss.gif" style=3D"width:23px;height:23px;border:none;margin:0"=
></a></td>


							</tr>
						</tbody>
					</table>
				</td>
			</tr>
		</tbody>
	</table>
</div>
</div>

--20cf301cbea2f1ff6505001f035d--


From nobody Fri Aug  8 09:56:46 2014
Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 033831ABB2C for <oauth@ietfa.amsl.com>; Fri,  8 Aug 2014 09:56:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.59
X-Spam-Level: 
X-Spam-Status: No, score=-2.59 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z8PHR4trN36A for <oauth@ietfa.amsl.com>; Fri,  8 Aug 2014 09:56:38 -0700 (PDT)
Received: from mail-qg0-f53.google.com (mail-qg0-f53.google.com [209.85.192.53]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61FAC1B27E8 for <oauth@ietf.org>; Fri,  8 Aug 2014 09:56:38 -0700 (PDT)
Received: by mail-qg0-f53.google.com with SMTP id q107so6253725qgd.40 for <oauth@ietf.org>; Fri, 08 Aug 2014 09:56:37 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:message-id:references:to; bh=98LBknlWX4GtFMIVPPxL1OX07/CI7NCMeU0cGqewkM0=; b=UZyBpxqFBb5lAmsdLhtBntv0JL8y2Di4cLi8J1SZoOy0snl495GxXr26W+OKtItVbU f3WlAWjlelQekTJxgfRP+JnrY3r/8HbkXdJ8LOx+ErMeJ5tstupUiigveK2BS6B0t4lp G2ca0P/coT/5VWxmWiSWhxlxocCeG03mHs0kA1aoknWIPc9tpEBsgPVvHzDj/6K+/7NZ Y4iLHRMIZLIBVzesvkMAPjoxXhQGBw4Y81acJshRZfPPERC3mrcGAd+lmyVpSv96cuww +YtDGAWyOdnkWEMxl+QNO4Lu6oBDLM74oPY1pbsrj0jpAV263HlJQVuUG53VLF3kketw kfGA==
X-Gm-Message-State: ALoCoQm+cpLedVmODbKk3KtX9qSejhJxxFAfEqXN858UWEj8hauJex5VrlnULvtu1g0YGM1TuK1C
X-Received: by 10.229.137.131 with SMTP id w3mr39211349qct.23.1407516997407; Fri, 08 Aug 2014 09:56:37 -0700 (PDT)
Received: from [192.168.1.216] ([190.22.103.177]) by mx.google.com with ESMTPSA id 95sm4101646qgg.25.2014.08.08.09.56.33 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 08 Aug 2014 09:56:35 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_A8A131F5-FF4E-4604-9713-FEDE82B81B76"; protocol="application/pkcs7-signature"; micalg=sha1
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <CA+k3eCTJMAGGwt1xhOKuVrEJpQqUhTjXzUM6gx8f_XgHdXzH_A@mail.gmail.com>
Date: Fri, 8 Aug 2014 12:58:26 -0400
Message-Id: <42B66A8B-0F84-4AFC-A29A-2CD043ADFF76@ve7jtb.com>
References: <53D6896E.1030701@gmx.net> <CA+k3eCTJMAGGwt1xhOKuVrEJpQqUhTjXzUM6gx8f_XgHdXzH_A@mail.gmail.com>
To: Brian Campbell <bcampbell@pingidentity.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/SzEE70R9bycNlQsAmGW93h8h3sY
Cc: "oauth-chairs@tools.ietf.org" <oauth-chairs@tools.ietf.org>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Confirmation: Call for Adoption of "OAuth 2.0 Token Exchange" as an OAuth Working Group Item
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Aug 2014 16:56:43 -0000

--Apple-Mail=_A8A131F5-FF4E-4604-9713-FEDE82B81B76
Content-Type: multipart/alternative;
	boundary="Apple-Mail=_F1C082D9-C746-431F-9CA5-941DB49A5C91"


--Apple-Mail=_F1C082D9-C746-431F-9CA5-941DB49A5C91
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=windows-1252

Thanks for doing that.

I think that this is clearer and extends Mike's draft to be more =
specific about input and output token types.

It is going to be hard for people to get their heads around this without =
at-least having some example use-cases and example token input and =
outputs.

In following this proposed model would code and refresh tokens be =
considered valid on_behalf_of tokens?
I am guessing that a JWT or SAML 2 assertion clearly can be.

So if for example I wanted a JWT/id_token to use in the assertion flow =
at a SaaS I would send.

aud =3D "an identifyer for the SaaS AS (perhaps the token endpoint or =
issuer uri)
requested_security_token_type =3D urn:ietf:params:oauth:token-type:jwt  =
(perhaps something more specific?)
on_behalf_of =3D (refresh token?)
on_behalf_of_token_type =3D urn:ietf:params:oauth:token-type:refresh   =
(yes I just made that up)


So how might sending an act_as token to the token endpoint as part of =
the request impact the result.
Do you see the act_as interacting with PoP to limit who can present the =
resulting token.=20
Is act_as simply duplicating  the authentication portion of the current =
assertion profile?

Not having concrete answers at this point is not a problem, but we do =
need to think all of this through.
I think this document is also useful input.

John B.



On Aug 8, 2014, at 10:27 AM, Brian Campbell <bcampbell@pingidentity.com> =
wrote:

> I am very much in favor of the WG pursuing the general concept of an =
OAuth Token Exchange.  However, I don't believe this document, in its =
current form anyway, is the necessarily the most appropriate starting =
point as a WG work item.=20
>=20
> I wrote up an I-D, which I'd ask to be considered as alternative or =
additional input into the process: =
https://datatracker.ietf.org/doc/draft-campbell-oauth-sts/
>=20
> I don't intend this to be confrontational or "this is better than =
that" kind of thing. Producing a draft just seemed like the most =
straightforward way to document some initial thoughts on it. I'm more =
than open to collaborating on it going forward.
>=20
>=20
>=20
> On Mon, Jul 28, 2014 at 11:33 AM, Hannes Tschofenig =
<hannes.tschofenig@gmx.net> wrote:
> Hi all,
>=20
> during the IETF #90 OAuth WG meeting, there was strong consensus in
> adopting the "OAuth 2.0 Token Exchange"
> (draft-jones-oauth-token-exchange-01.txt) specification as an OAuth WG
> work item.
>=20
> We would now like to verify the outcome of this call for adoption on =
the
> OAuth WG mailing list. Here is the link to the document:
> http://datatracker.ietf.org/doc/draft-jones-oauth-token-exchange/
>=20
> If you did not hum at the IETF 90 OAuth WG meeting, and have an =
opinion
> as to the suitability of adopting this document as a WG work item,
> please send mail to the OAuth WG list indicating your opinion =
(Yes/No).
>=20
> The confirmation call for adoption will last until August 10, 2014.  =
If
> you have issues/edits/comments on the document, please send these
> comments along to the list in your response to this Call for Adoption.
>=20
> Ciao
> Hannes & Derek
>=20
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>=20
>=20
>=20
>=20
> --=20
> =09
> Brian Campbell
> Distinquished Engineer
> @	bcampbell@pingidentity.com
> 	+1 720.317.2061
> Connect with us=85
>        _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


--Apple-Mail=_F1C082D9-C746-431F-9CA5-941DB49A5C91
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=windows-1252

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dwindows-1252"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">Thanks =
for doing that.<div><br></div><div>I think that this is clearer and =
extends Mike's draft to be more specific about input and output token =
types.</div><div><br></div><div>It is going to be hard for people to get =
their heads around this without at-least having some example use-cases =
and example token input and outputs.</div><div><br></div><div>In =
following this proposed model would code and refresh tokens be =
considered valid on_behalf_of tokens?</div><div>I am guessing that a JWT =
or SAML 2 assertion clearly can be.</div><div><br></div><div>So if for =
example I wanted a JWT/id_token to use in the assertion flow at a SaaS I =
would send.</div><div><br></div><pre style=3D"line-height: 1.2em; =
margin-top: 0px; margin-bottom: 0px; font-size: 13px;">aud&nbsp;=3D "an =
identifyer for the SaaS AS (perhaps the token endpoint or issuer =
uri)</pre><div><pre style=3D"line-height: 1.2em; margin-top: 0px; =
margin-bottom: 0px; font-size: 13px;">requested_security_token_type =3D =
<span style=3D"line-height: 1.2em;">urn:ietf:params:oauth:token-type:jwt =
 (perhaps something more specific?)</span></pre><div><pre =
style=3D"line-height: 1.2em; margin-top: 0px; margin-bottom: 0px; =
font-size: 13px;">on_behalf_of =3D (refresh token?)</pre><pre =
style=3D"line-height: 1.2em; margin-top: 0px; margin-bottom: 0px; =
font-size: 13px;"><pre style=3D"line-height: 1.2em; margin-top: 0px; =
margin-bottom: 0px;">on_behalf_of_token_type =3D <span =
style=3D"line-height: 1.2em;">urn:ietf:params:oauth:token-type:refresh   =
(yes I just made that =
up)</span></pre><div><br></div><div><br></div></pre><pre =
style=3D"line-height: 1.2em; margin-top: 0px; margin-bottom: 0px;"><font =
face=3D"Helvetica">So how might sending an act_as token to the token =
endpoint as part of the request impact the result.</font></pre><pre =
style=3D"line-height: 1.2em; margin-top: 0px; margin-bottom: 0px;"><font =
face=3D"Helvetica">Do you see the act_as interacting with PoP to limit =
who can present the resulting token. </font></pre><pre =
style=3D"margin-top: 0px; margin-bottom: 0px;"><font =
face=3D"Helvetica"><span style=3D"line-height: 1.2em;">Is act_as simply =
duplicating  the </span><span style=3D"line-height: =
14px;">authentication</span><span style=3D"line-height: 1.2em;"> portion =
of the current assertion profile?</span></font></pre><pre =
style=3D"margin-top: 0px; margin-bottom: 0px;"><font =
face=3D"Helvetica"><span style=3D"line-height: =
1.2em;"><br></span></font></pre><pre style=3D"margin-top: 0px; =
margin-bottom: 0px;"><font face=3D"Helvetica"><span style=3D"line-height: =
14px;">Not having concrete answers at this point is not a problem, but =
we do need to think all of this through.</span></font></pre><pre =
style=3D"margin-top: 0px; margin-bottom: 0px;"><font =
face=3D"Helvetica"><span style=3D"line-height: 14px;">I think this =
document is also useful input.</span></font></pre><pre =
style=3D"margin-top: 0px; margin-bottom: 0px;"><font =
face=3D"Helvetica"><span style=3D"line-height: =
14px;"><br></span></font></pre><pre style=3D"margin-top: 0px; =
margin-bottom: 0px;"><font face=3D"Helvetica"><span style=3D"line-height: =
14px;">John =
B.</span></font></pre></div><div><br></div></div><div><br></div><div><br><=
div><div>On Aug 8, 2014, at 10:27 AM, Brian Campbell &lt;<a =
href=3D"mailto:bcampbell@pingidentity.com">bcampbell@pingidentity.com</a>&=
gt; wrote:</div><br class=3D"Apple-interchange-newline"><blockquote =
type=3D"cite"><div dir=3D"ltr"><div><div>I am very much in favor of the =
<span>WG</span> pursuing the general concept of an <span>OAuth</span> =
Token Exchange.&nbsp; However, I don't believe this document, in its =
current form anyway, is the necessarily the most appropriate starting =
point as a WG work item. <br>


<br></div>I wrote up an I-D, which I'd ask to be considered as =
alternative or additional input into the process: <a =
href=3D"https://datatracker.ietf.org/doc/draft-campbell-oauth-sts/">https:=
//datatracker.ietf.org/doc/draft-campbell-oauth-sts/</a><br>

<br></div>I don't intend this to be confrontational or "this is better =
than that" kind of thing. Producing a draft just seemed like the most =
straightforward way to document some initial thoughts on it. I'm more =
than open to collaborating on it going forward.<br>

<br></div><div class=3D"gmail_extra"><br><br><div class=3D"gmail_quote">On=
 Mon, Jul 28, 2014 at 11:33 AM, Hannes Tschofenig <span dir=3D"ltr">&lt;<a=
 href=3D"mailto:hannes.tschofenig@gmx.net" =
target=3D"_blank">hannes.tschofenig@gmx.net</a>&gt;</span> wrote:<br>

<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 =
.8ex;border-left:1px #ccc solid;padding-left:1ex">Hi all,<br>
<br>
during the IETF #90 OAuth WG meeting, there was strong consensus in<br>
adopting the "OAuth 2.0 Token Exchange"<br>
(draft-jones-oauth-token-exchange-01.txt) specification as an OAuth =
WG<br>
work item.<br>
<br>
We would now like to verify the outcome of this call for adoption on =
the<br>
OAuth WG mailing list. Here is the link to the document:<br>
<a =
href=3D"http://datatracker.ietf.org/doc/draft-jones-oauth-token-exchange/"=
 =
target=3D"_blank">http://datatracker.ietf.org/doc/draft-jones-oauth-token-=
exchange/</a><br>
<br>
If you did not hum at the IETF 90 OAuth WG meeting, and have an =
opinion<br>
as to the suitability of adopting this document as a WG work item,<br>
please send mail to the OAuth WG list indicating your opinion =
(Yes/No).<br>
<br>
The confirmation call for adoption will last until August 10, 2014. =
&nbsp;If<br>
you have issues/edits/comments on the document, please send these<br>
comments along to the list in your response to this Call for =
Adoption.<br>
<br>
Ciao<br>
Hannes &amp; Derek<br>
<br>
<br>_______________________________________________<br>
OAuth mailing list<br>
<a href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/oauth" =
target=3D"_blank">https://www.ietf.org/mailman/listinfo/oauth</a><br>
<br></blockquote></div><br><br clear=3D"all"><br>-- <br>

<div style=3D"padding-bottom:5px;margin-bottom:0">
	<table style=3D"height:40px">
		<tbody>
			<tr>
				<td =
style=3D"width:75px;vertical-align:top;height:79px">
					<a =
href=3D"https://www.pingidentity.com/" style=3D"text-decoration:none" =
target=3D"_blank"><img alt=3D"Ping Identity logo" =
src=3D"http://4.pingidentity.com/rs/pingidentity/images/EXP_PIC_square_log=
o_RGB_with_hard_drop.png" =
style=3D"width:75px;height:79px;margin:0;border:none"></a></td>


				<td =
style=3D"vertical-align:top;padding-left:10px">
				=09
					<div style=3D"margin-bottom:7px">
						<span =
style=3D"color:#e61d3c;font-family:arial,helvetica,sans-serif;font-weight:=
bold;font-size:14px">Brian Campbell</span><br>
						<span =
style=3D"font-family: arial, helvetica, sans-serif; font-weight: normal; =
font-size: 14px;">Distinquished Engineer</span></div>
					<table>
						<tbody>
							<tr>
								<td =
style=3D"text-align:center;border-right:1px solid #e61d3c;padding:0 5px =
0 0">
									=
<span =
style=3D"color:#e61d3c;font-family:arial,helvetica,sans-serif;font-weight:=
bold;font-size:14px">@</span></td>
								<td =
style=3D"text-align:left;padding:0 0 0 3px">
									=
<span style=3D"text-decoration: none; font-family: arial, helvetica, =
sans-serif; font-weight: normal; font-size: 14px;"><a =
href=3D"mailto:bcampbell@pingidentity.com" =
target=3D"_blank">bcampbell@pingidentity.com</a></span></td>


							</tr>
							<tr>
								<td =
style=3D"text-align:center;border-right:1px solid =
#e63c1d;padding:0;vertical-align:middle">
									=
<img alt=3D"phone" =
src=3D"http://4.pingidentity.com/rs/pingidentity/images/EXP_phone_glyph.gi=
f" style=3D"width:13px;height:16px"></td>
								<td =
style=3D"text-align:left;padding:0 0 0 3px">
									=
<span style=3D"font-family: arial, helvetica, sans-serif; font-weight: =
normal; font-size: 14px;">+1 720.317.2061</span></td>
							</tr>
						=09
							<tr>
								<td =
colspan=3D"2" =
style=3D"font-family:arial,helvetica,sans-serif;font-size:14px;font-weight=
:normal;padding-top:15px;color:#999999">
									=
Connect with us=85</td>
							</tr>
							<tr>
								<td =
colspan=3D"2">
									=
<a href=3D"https://twitter.com/pingidentity" =
style=3D"text-decoration:none" title=3D"Ping on Twitter" =
target=3D"_blank"><img alt=3D"twitter logo" =
src=3D"http://4.pingidentity.com/rs/pingidentity/images/twitter.gif" =
style=3D"width:20px;height:23px;border:none;margin:0"></a> <a =
href=3D"https://www.youtube.com/user/PingIdentityTV" =
style=3D"text-decoration:none" title=3D"Ping on YouTube" =
target=3D"_blank"><img alt=3D"youtube logo" =
src=3D"http://4.pingidentity.com/rs/pingidentity/images/youtube.gif" =
style=3D"width:23px;height:23px;border:none;margin:0"></a> <a =
href=3D"https://www.linkedin.com/company/21870" =
style=3D"text-decoration:none" title=3D"Ping on LinkedIn" =
target=3D"_blank"><img alt=3D"LinkedIn logo" =
src=3D"http://4.pingidentity.com/rs/pingidentity/images/linkedin.gif" =
style=3D"width:23px;height:23px;border:none;margin:0"></a> <a =
href=3D"https://www.facebook.com/pingidentitypage" =
style=3D"text-decoration:none" title=3D"Ping on Facebook" =
target=3D"_blank"><img alt=3D"Facebook logo" =
src=3D"http://4.pingidentity.com/rs/pingidentity/images/facebook.gif" =
style=3D"width:23px;height:23px;border:none;margin:0"></a> <a =
href=3D"https://plus.google.com/u/0/114266977739397708540" =
style=3D"text-decoration:none" title=3D"Ping on Google+" =
target=3D"_blank"><img alt=3D"Google+ logo" =
src=3D"http://4.pingidentity.com/rs/pingidentity/images/google%2B.gif" =
style=3D"width:23px;height:23px;border:none;margin:0"></a> <a =
href=3D"http://www.slideshare.net/PingIdentity" =
style=3D"text-decoration:none" title=3D"Ping on SlideShare" =
target=3D"_blank"><img alt=3D"slideshare logo" =
src=3D"http://4.pingidentity.com/rs/pingidentity/images/slideshare.gif" =
style=3D"width:23px;height:23px;border:none;margin:0"></a> <a =
href=3D"http://flip.it/vjBF7" style=3D"text-decoration:none" title=3D"Ping=
 on Flipboard" target=3D"_blank"><img alt=3D"flipboard logo" =
src=3D"http://4.pingidentity.com/rs/pingidentity/images/flipboard.gif" =
style=3D"width:23px;height:23px;border:none;margin:0"></a> <a =
href=3D"https://www.pingidentity.com/blogs/" =
style=3D"text-decoration:none" title=3D"Ping blogs" target=3D"_blank"><img=
 alt=3D"rss feed icon" =
src=3D"http://4.pingidentity.com/rs/pingidentity/images/rss.gif" =
style=3D"width:23px;height:23px;border:none;margin:0"></a></td>


							</tr>
						</tbody>
					</table>
				</td>
			</tr>
		</tbody>
	</table>
</div>
</div>
_______________________________________________<br>OAuth mailing =
list<br><a =
href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>https://www.ietf.org/=
mailman/listinfo/oauth<br></blockquote></div><br></div></body></html>=

--Apple-Mail=_F1C082D9-C746-431F-9CA5-941DB49A5C91--

--Apple-Mail=_A8A131F5-FF4E-4604-9713-FEDE82B81B76
Content-Disposition: attachment;
	filename=smime.p7s
Content-Type: application/pkcs7-signature;
	name=smime.p7s
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIINPDCCBjQw
ggQcoAMCAQICASAwDQYJKoZIhvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0
Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAn
BgNVBAMTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDI1NVoX
DTE3MTAyNDIxMDI1NVowgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSsw
KQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFy
dENvbSBDbGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMsohUWcASz7GfKrpTOMKqANy9BV7V0igWdGxA8IU77L3aTxErQ+
fcxtDYZ36Z6GH0YFn7fq5RADteP0AYzrCA+EQTfi8q1+kA3m0nwtwXG94M5sIqsvs7lRP1aycBke
/s5g9hJHryZ2acScnzczjBCAo7X1v5G3yw8MDP2m2RCye0KfgZ4nODerZJVzhAlOD9YejvAXZqHk
sw56HzElVIoYSZ3q4+RJuPXXfIoyby+Y2m1E+YzX5iCZXBx05gk6MKAW1vaw4/v2OOLy6FZH3XHH
tOkzUreG//CsFnB9+uaYSlR65cdGzTsmoIK8WH1ygoXhRBm98SD7Hf/r3FELNvUCAwEAAaOCAa0w
ggGpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSuVYNv7DHKufcd
+q9rMfPIHeOsuzAfBgNVHSMEGDAWgBROC+8apEBbpRdphzDKNGhD0EGu8jBmBggrBgEFBQcBAQRa
MFgwJwYIKwYBBQUHMAGGG2h0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9jYTAtBggrBgEFBQcwAoYh
aHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2EuY3J0MFsGA1UdHwRUMFIwJ6AloCOGIWh0dHA6
Ly93d3cuc3RhcnRzc2wuY29tL3Nmc2NhLmNybDAnoCWgI4YhaHR0cDovL2NybC5zdGFydHNzbC5j
b20vc2ZzY2EuY3JsMIGABgNVHSAEeTB3MHUGCysGAQQBgbU3AQIBMGYwLgYIKwYBBQUHAgEWImh0
dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cu
c3RhcnRzc2wuY29tL2ludGVybWVkaWF0ZS5wZGYwDQYJKoZIhvcNAQEFBQADggIBADqpJw3I07QW
ke9plNBpxUxcffc7nUrIQpJHDci91DFG7fVhHRkMZ1J+BKg5UNUxIFJ2Z9B90Micc/NXcs7kPBRd
n6XGO/vPc87Y6R+cWS9Nc9+fp3Enmsm94OxOwI9wn8qnr/6o3mD4noP9JphwUPTXwHovjavRnhUQ
HLfo/i2NG0XXgTHXS2Xm0kVUozXqpYpAdumMiB/vezj1QHQJDmUdPYMcp+reg9901zkyT3fDW/iv
JVv6pWtkh6Pw2ytZT7mvg7YhX3V50Nv860cV11mocUVcqBLv0gcT+HBDYtbuvexNftwNQKD5193A
7zN4vG7CTYkXxytSjKuXrpEatEiFPxWgb84nVj25SU5q/r1Xhwby6mLhkbaXslkVtwEWT3Van49r
KjlK4XrUKYYWtnfzq6aSak5u0Vpxd1rY79tWhD3EdCvOhNz/QplNa+VkIsrcp7+8ZhP1l1b2U6Ma
xIVteuVMD3X0vziIwr7jxYae9FZjbxlpUemqXjcC0QaFfN7qI0JsQMALL7iGRBg7K0CoOBzECdD3
fuZil5kU/LP9cr1BK31U0Uy651bFnAMMMkqhAChIbn0ei72VnbpSsrrSdF0BAGYQ8vyHae5aCg+H
75dVCV33K6FuxZrf09yTz+Vx/PkdRUYkXmZz/OTfyJXsUOUXrym6KvI2rYpccSk5MIIHADCCBeig
AwIBAgICSAcwDQYJKoZIhvcNAQEFBQAwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENv
bSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYD
VQQDEy9TdGFydENvbSBDbGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTAeFw0x
NDAzMjQyMzU2MjNaFw0xNjAzMjUwOTM5MzFaMIGfMRkwFwYDVQQNExBxekYwMVhZQ1pNTDM4N2hE
MQswCQYDVQQGEwJDTDEiMCAGA1UECBMZTWV0cm9wb2xpdGFuYSBkZSBTYW50aWFnbzEWMBQGA1UE
BxMNSXNsYSBkZSBNYWlwbzEVMBMGA1UEAxMMSm9obiBCcmFkbGV5MSIwIAYJKoZIhvcNAQkBFhNq
YnJhZGxleUBpY2xvdWQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTL0o4QG
WC+jnmYa7xEjcBTAeIOt7ILy40qsnJHNedVaTH0EU5yHzoaEOGHuOuwJUz/C7r2TvXpJ/Ud4w6VO
HdOUGnnKUiH5MV/kIysZ7DpN5D1f+yEast00oKsEbf/D6flzfex2JFV9rT7AQ+FQaTdf3S9K7gM2
F5kODFg805BMYTGT+haw9VOMXju5s93VEjUQcnGrLy0RtoN76GM6ItxqNnEt/Ln+2GNq8JvPyUKe
JsAxfIlTyqIbw32VlusKXL4+jmgFi+LY6bsfg3VHLvy58QsQnCwHg15uARvy5X6owyGcG7xHwNml
fNWtBZ3DHNPh37HC9lmAy4iqw4PvNwIDAQABo4IDVTCCA1EwCQYDVR0TBAIwADALBgNVHQ8EBAMC
BLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBSUDb6BlJD7FIYgWj1w
4z+GsOXs7zAfBgNVHSMEGDAWgBSuVYNv7DHKufcd+q9rMfPIHeOsuzCBmQYDVR0RBIGRMIGOgRNq
YnJhZGxleUBpY2xvdWQuY29tgRNqYnJhZGxleUBpY2xvdWQuY29tgRdqb2huLmJyYWRsZXlAd2lu
Z2FhLmNvbYERdmU3anRiQHZlN2p0Yi5jb22BD2picmFkbGV5QG1lLmNvbYEQamJyYWRsZXlAbWFj
LmNvbYETamJyYWRsZXlAd2luZ2FhLmNvbTCCAUwGA1UdIASCAUMwggE/MIIBOwYLKwYBBAGBtTcB
AgMwggEqMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMIH3
BggrBgEFBQcCAjCB6jAnFiBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgEBGoG+
VGhpcyBjZXJ0aWZpY2F0ZSB3YXMgaXNzdWVkIGFjY29yZGluZyB0byB0aGUgQ2xhc3MgMiBWYWxp
ZGF0aW9uIHJlcXVpcmVtZW50cyBvZiB0aGUgU3RhcnRDb20gQ0EgcG9saWN5LCByZWxpYW5jZSBv
bmx5IGZvciB0aGUgaW50ZW5kZWQgcHVycG9zZSBpbiBjb21wbGlhbmNlIG9mIHRoZSByZWx5aW5n
IHBhcnR5IG9ibGlnYXRpb25zLjA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLnN0YXJ0c3Ns
LmNvbS9jcnR1Mi1jcmwuY3JsMIGOBggrBgEFBQcBAQSBgTB/MDkGCCsGAQUFBzABhi1odHRwOi8v
b2NzcC5zdGFydHNzbC5jb20vc3ViL2NsYXNzMi9jbGllbnQvY2EwQgYIKwYBBQUHMAKGNmh0dHA6
Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRzL3N1Yi5jbGFzczIuY2xpZW50LmNhLmNydDAjBgNVHRIE
HDAahhhodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS8wDQYJKoZIhvcNAQEFBQADggEBALscEldbrgeF
B1WC/hMdYxFT4Lc8ALtErgJryRozTdeMlzpsncIKyy8M54HhxQAMOqFe2HR+R9H7WeIzmkV95yJn
JY3bd4bxnnemhLrDyi1VlNjEjkK5kgegI8JavahFXl4FwJHHv8TOh71Wf3fiy0Do7d7TQmVDRrzt
1k/2w4CXKweQ2mdFw7fskiYoPGEK7pFiicGMFBzLiKRm61CqojS4IYShiP0nCZZWPwNJYs5lstxD
SSMaD+KccZVxkL7X2Qj9PJ+PCAQ6dMhvwTXrdcnrE7fI8PhFvHWrERjg7yIu1WI4Fgviy0u7437v
WzufSnfqMwbfz20fucO0chYq+tkxggNsMIIDaAIBATCBkzCBjDELMAkGA1UEBhMCSUwxFjAUBgNV
BAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNp
Z25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xp
ZW50IENBAgJIBzAJBgUrDgMCGgUAoIIBrTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqG
SIb3DQEJBTEPFw0xNDA4MDgxNjU4MjZaMCMGCSqGSIb3DQEJBDEWBBTW5kJbVhM9JVIbIoPT0C9i
mRr7+TCBpAYJKwYBBAGCNxAEMYGWMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRD
b20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYG
A1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAkgH
MIGmBgsqhkiG9w0BCRACCzGBlqCBkzCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29t
IEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNV
BAMTL1N0YXJ0Q29tIENsYXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENBAgJIBzAN
BgkqhkiG9w0BAQEFAASCAQAgnOeJyAkqnGNXBZEpiJYJUxQrmUtzZpcEx4WXGL3xf1QqG48nDMN1
aFZIKp3R0T7HzaZmK0SCcjm7WMck0Nwvje4O1RRr7XDeEIGV+mU6NBfdGVTrn4Bbj7UfYltw6zMP
RYxwqFZ524QTzdwCv5z3/Fg5rCqb5F+PfdbV/LxGavvKt3tR8uSIRkmAX+/k8CJkvVrqbaFgyakl
ibgssjw5Vwn+xNSLffVk90IXRnMRq2PB/j2KOY8+DnABLLTYp17cIcR8GGcmzi3LDuiENXtQGywi
SA4YHUzPAS2feJScfj+go8+/9JHCVgdYgPOH+MtTBCVj7L4urFEAaG3XxDL+AAAAAAAA

--Apple-Mail=_A8A131F5-FF4E-4604-9713-FEDE82B81B76--


From nobody Fri Aug  8 10:55:52 2014
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F4A21A00D5 for <oauth@ietfa.amsl.com>; Fri,  8 Aug 2014 10:55:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.578
X-Spam-Level: 
X-Spam-Status: No, score=-3.578 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bgb_2kVwNkE9 for <oauth@ietfa.amsl.com>; Fri,  8 Aug 2014 10:55:48 -0700 (PDT)
Received: from na3sys009aog123.obsmtp.com (na3sys009aog123.obsmtp.com [74.125.149.149]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E42C71A007D for <oauth@ietf.org>; Fri,  8 Aug 2014 10:55:47 -0700 (PDT)
Received: from mail-ig0-f181.google.com ([209.85.213.181]) (using TLSv1) by na3sys009aob123.postini.com ([74.125.148.12]) with SMTP ID DSNKU+UPI7G6dcFKJyz0sWFUeXULX8gFDg05@postini.com; Fri, 08 Aug 2014 10:55:47 PDT
Received: by mail-ig0-f181.google.com with SMTP id h3so1409113igd.8 for <oauth@ietf.org>; Fri, 08 Aug 2014 10:55:47 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=2UXUGuLwstN9IFhXLk7KYdoRE+yL6evuLOEQTikPoJA=; b=VEgxcKEpEH5CrFiAHP/fYuFCxY+ESRSsPevI9UIElvtffi9Wf49no9MqhiduAWflX0 9dFGEWbIgnUq9n1kK2Kw9gM2mDmnEfvtjJOi3NutH5oLrFsjl8kN664208zIYnK+L6hN nqxkgkqoK/6D81oM8gQsh3T3hkvMWGhG9v2oMdRs08p+299qjHCPFZ1VOp97x8k4VXFw yQNB1BQ465Kb/dnt+vcmtQUK3lqnvrbXm9xm33l0pAEnUF88wQBv68XUw6t4cEyoXx/C 2InpU0OG+X2X6Mf0pY/kmuW6UIOO0MsZnlEiY6At4o0rEyhqoVnpUOq7ag1PEQ4Yxbso QbaQ==
X-Gm-Message-State: ALoCoQkMsVDze5tHmhNfc38asDj5jvMJjk2DsYtSBzxN6Dz18poYqB26U8QBHodAJeBUve7a1wfOEmcaegexXdVxfs3QlsdANTMMc0Qpq88JE6vBCNTqukfkSoKzQQ+vvJRGP+2kE5bK
X-Received: by 10.51.17.66 with SMTP id gc2mr7593206igd.40.1407520547158; Fri, 08 Aug 2014 10:55:47 -0700 (PDT)
X-Received: by 10.51.17.66 with SMTP id gc2mr7593187igd.40.1407520547042; Fri, 08 Aug 2014 10:55:47 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.150.162 with HTTP; Fri, 8 Aug 2014 10:55:16 -0700 (PDT)
In-Reply-To: <42B66A8B-0F84-4AFC-A29A-2CD043ADFF76@ve7jtb.com>
References: <53D6896E.1030701@gmx.net> <CA+k3eCTJMAGGwt1xhOKuVrEJpQqUhTjXzUM6gx8f_XgHdXzH_A@mail.gmail.com> <42B66A8B-0F84-4AFC-A29A-2CD043ADFF76@ve7jtb.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Fri, 8 Aug 2014 11:55:16 -0600
Message-ID: <CA+k3eCRNCvLof9wiNoJ28YAA-z1-xGbwHMOodFt8xqkE5GAU9w@mail.gmail.com>
To: John Bradley <ve7jtb@ve7jtb.com>
Content-Type: multipart/alternative; boundary=001a1135f3a4389a45050021ea50
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/qwwATXElNyI842fF_qexGHy0zpY
Cc: "oauth-chairs@tools.ietf.org" <oauth-chairs@tools.ietf.org>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Confirmation: Call for Adoption of "OAuth 2.0 Token Exchange" as an OAuth Working Group Item
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Aug 2014 17:55:50 -0000

--001a1135f3a4389a45050021ea50
Content-Type: text/plain; charset=UTF-8

Absolutely agree that some examples are needed. There's a [[ TODO ]] in
there for it. I just hadn't gotten to it yet and wanted to get the I-D up
before the Aug 10 date that Hannes put out there. The example you outlined
is a good start, I think.

Yes, code and refresh tokens would/could be valid tokens. A previously
issued access token might also be. JWT & SAML too. The last paragraph of
http://tools.ietf.org/html/draft-campbell-oauth-sts-00#section-1 attempts
to state that the scope of the doc is only the framework for exchange and
that the "syntax, semantics and security characteristics of the tokens
themselves (both those presented to the are explicitly out of scope."  What
constitutes a valid token will depend on the deployment or additional
profiling.

"So how might sending an act_as token to the token endpoint as part of the
request impact the result." -> in general I was thinking it'd result in an
azp claim or something like that in the returned token.

"Do you see the act_as interacting with PoP to limit who can present the
resulting token. " -> Quite possibly. Though, honestly, I don't yet have a
complete concept of how PoP works in conjunction with all this.

"Is act_as simply duplicating the authentication portion of the current
assertion profile?" -> there is potential for duplication in some cases,
yes. But the motivation for act_as was to give additional flexibility by
allowing an additional party to be represented. Also to try and align with
draft-jones-oauth-token-exchange
<http://datatracker.ietf.org/doc/draft-jones-oauth-token-exchange/> to the
extent possible. I had toyed with the idea of only having one inbound token
for the subject and having the client (relying on client authentication) be
the actor. Then maybe a flag to indicate if delegation vs impersonation is
deserted in the returned token. But it seemed like there was a need (things
you'd said among others) for more than two parties to be represented.
There's some refinement to be done for sure though.

"Not having concrete answers at this point is not a problem, but we do need
to think all of this through." -> agree

"I think this document is also useful input." -> thanks

--001a1135f3a4389a45050021ea50
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div><div>Absolutely agree that some examples are needed. =
There&#39;s a [[ <span tabindex=3D"-1" id=3D":32i.1" style class=3D"">TODO<=
/span> ]] in there for it. I just hadn&#39;t gotten to it yet and wanted to=
 get the I-D up before the Aug 10 date that <span tabindex=3D"-1" id=3D":32=
i.2" style class=3D"">Hannes</span> put out there. The example you outlined=
 is a good start, I think.<br>



<br></div>Yes, code and refresh tokens would/could be valid tokens. A previ=
ously issued access token might also be. <span tabindex=3D"-1" id=3D":32i.3=
" style class=3D"">JWT</span> &amp; <span tabindex=3D"-1" id=3D":32i.4" sty=
le class=3D"">SAML</span> too. The last paragraph of <a href=3D"http://tool=
s.ietf.org/html/draft-campbell-oauth-sts-00#section-1" target=3D"_blank">ht=
tp://tools.<span tabindex=3D"-1" id=3D":32i.5" style class=3D"">ietf</span>=
.org/html/draft-<span tabindex=3D"-1" id=3D":32i.6" style class=3D"">campbe=
ll</span>-<span tabindex=3D"-1" id=3D":32i.7" style class=3D"">oauth</span>=
-<span tabindex=3D"-1" id=3D":32i.8" style class=3D"">sts</span>-00#section=
-1</a> attempts to state that the scope of the doc is only the framework fo=
r exchange and that the &quot;syntax, semantics and security characteristic=
s of the tokens themselves (both those presented to the are explicitly out =
of scope.&quot;=C2=A0 What constitutes a valid token will depend on the dep=
loyment or additional profiling.<br>


<br>&quot;So how might sending an act_as token to the token endpoint as par=
t of the request impact the result.&quot; -&gt; in general I was thinking i=
t&#39;d result in an <span tabindex=3D"-1" id=3D":32i.9" style class=3D"">a=
zp</span> claim or something like that in the returned token.<br>


<br>&quot;<font face=3D"Helvetica">Do you see the act_as interacting with <=
span tabindex=3D"-1" id=3D":32i.10" style class=3D"">PoP</span> to limit wh=
o can present the resulting token. &quot;</font> -&gt; Quite possibly. Thou=
gh, honestly, I don&#39;t yet have a complete concept of how <span tabindex=
=3D"-1" id=3D":32i.11" style class=3D"">PoP</span> works in conjunction wit=
h all this. <br>


<br>&quot;<font face=3D"Helvetica"><span style=3D"line-height:1.2em">Is act=
_as simply duplicating  the </span><span style=3D"line-height:14px">authent=
ication</span><span style=3D"line-height:1.2em"> portion of the current ass=
ertion profile?&quot; -&gt; there is potential for duplication in some case=
s, yes. But the motivation for act_as was to give additional flexibility by=
 allowing an additional party to be represented. Also to try and align with=
 </span></font><br>

<a href=3D"http://datatracker.ietf.org/doc/draft-jones-oauth-token-exchange=
/" target=3D"_blank">draft-<span tabindex=3D"-1" id=3D":32i.12" style class=
=3D"">jones</span>-<span tabindex=3D"-1" id=3D":32i.13" style class=3D"">oa=
uth</span>-token-exchange</a> to the extent possible. I had toyed with the =
idea of only having one inbound token for the subject and having the client=
 (relying on client authentication) be the actor. Then maybe a flag to indi=
cate if delegation vs impersonation is deserted in the returned token. But =
it seemed like there was a need (things you&#39;d said among others) for mo=
re than two parties to be represented. There&#39;s some refinement to be do=
ne for sure though.<br>

<br>&quot;<font face=3D"Helvetica"><span style=3D"line-height:14px">Not hav=
ing concrete answers at this point is not a problem, but we do need to thin=
k all of this through.&quot;</span></font> -&gt; agree<br><br>&quot;I think=
 this document is also useful input.&quot; -&gt; thanks<br>

<br></div></div>

--001a1135f3a4389a45050021ea50--


From nobody Fri Aug  8 11:19:43 2014
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4EFE11A002C for <oauth@ietfa.amsl.com>; Fri,  8 Aug 2014 11:19:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level: 
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tjNKvsFre-yD for <oauth@ietfa.amsl.com>; Fri,  8 Aug 2014 11:19:29 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0211.outbound.protection.outlook.com [207.46.163.211]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B4911A001A for <oauth@ietf.org>; Fri,  8 Aug 2014 11:19:27 -0700 (PDT)
Received: from BY2PR03CA076.namprd03.prod.outlook.com (10.141.249.49) by CY1PR0301MB0763.namprd03.prod.outlook.com (25.160.160.11) with Microsoft SMTP Server (TLS) id 15.0.995.14; Fri, 8 Aug 2014 18:19:18 +0000
Received: from BN1AFFO11FD049.protection.gbl (2a01:111:f400:7c10::178) by BY2PR03CA076.outlook.office365.com (2a01:111:e400:2c5d::49) with Microsoft SMTP Server (TLS) id 15.0.1005.10 via Frontend Transport; Fri, 8 Aug 2014 18:19:18 +0000
Received: from mail.microsoft.com (131.107.125.37) by BN1AFFO11FD049.mail.protection.outlook.com (10.58.53.64) with Microsoft SMTP Server (TLS) id 15.0.990.10 via Frontend Transport; Fri, 8 Aug 2014 18:19:17 +0000
Received: from TK5EX14MBXC293.redmond.corp.microsoft.com ([169.254.2.111]) by TK5EX14HUBC106.redmond.corp.microsoft.com ([157.54.80.61]) with mapi id 14.03.0195.002; Fri, 8 Aug 2014 18:19:06 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Brian Campbell <bcampbell@pingidentity.com>
Thread-Topic: [OAUTH-WG] Confirmation: Call for Adoption of "OAuth 2.0 Token Exchange" as an OAuth Working Group Item
Thread-Index: AQHPqoohcMyGC/BFxE+qrZEJRYhY45vG1MCAgAAqHACAAA/hAIAAA0YQ
Date: Fri, 8 Aug 2014 18:19:05 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739439AE0D742@TK5EX14MBXC293.redmond.corp.microsoft.com>
References: <53D6896E.1030701@gmx.net> <CA+k3eCTJMAGGwt1xhOKuVrEJpQqUhTjXzUM6gx8f_XgHdXzH_A@mail.gmail.com> <42B66A8B-0F84-4AFC-A29A-2CD043ADFF76@ve7jtb.com> <CA+k3eCRNCvLof9wiNoJ28YAA-z1-xGbwHMOodFt8xqkE5GAU9w@mail.gmail.com>
In-Reply-To: <CA+k3eCRNCvLof9wiNoJ28YAA-z1-xGbwHMOodFt8xqkE5GAU9w@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.32]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739439AE0D742TK5EX14MBXC293r_"
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(438002)(189002)(199002)(377454003)(77096002)(16236675004)(83072002)(93886004)(80022001)(95666004)(66066001)(19617315012)(107046002)(106116001)(104016003)(74502001)(512874002)(110136001)(33656002)(71186001)(19300405004)(85852003)(85306004)(50986999)(76176999)(54356999)(64706001)(81342001)(99396002)(81542001)(16297215004)(46102001)(86362001)(97736001)(19580405001)(83322001)(21056001)(6806004)(92566001)(44976005)(86612001)(55846006)(68736004)(20776003)(84326002)(84676001)(74662001)(15975445006)(81156004)(106466001)(15202345003)(4396001)(79102001)(31966008)(69596002)(2656002)(77982001)(19580395003)(19625215002)(87936001)(26826002)(92726001)(76482001); DIR:OUT; SFP:; SCL:1; SRVR:CY1PR0301MB0763; H:mail.microsoft.com; FPR:; MLV:ovrnspm; PTR:InfoDomainNonexistent; MX:1; LANG:en; 
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:
X-O365ENT-EOP-Header: Message processed by -  O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 02973C87BC
Received-SPF: Pass (protection.outlook.com: domain of microsoft.com designates 131.107.125.37 as permitted sender) receiver=protection.outlook.com;  client-ip=131.107.125.37; helo=mail.microsoft.com;
Authentication-Results: spf=pass (sender IP is 131.107.125.37) smtp.mailfrom=Michael.Jones@microsoft.com; 
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/dfXHYDcBV-THjsWqsu4g7_QwpoY
Cc: "oauth-chairs@tools.ietf.org" <oauth-chairs@tools.ietf.org>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Confirmation: Call for Adoption of "OAuth 2.0 Token Exchange" as an OAuth Working Group Item
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Aug 2014 18:19:35 -0000

--_000_4E1F6AAD24975D4BA5B16804296739439AE0D742TK5EX14MBXC293r_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

Rmlyc3QsIEnigJlsbCBzYXkgdGhhdCBJIGFwcHJlY2lhdGUgQnJpYW4gYWxzbyB3b3JraW5nIG9u
IHRoaXMgdG9waWMuICBUaGlzIGlzIGltcG9ydGFudCBmb3IgbWFueSBtdWx0aS1hY3RvciB1c2Ug
Y2FzZXMgYW5kIGl0IHdvdWxkIGJlIGdvb2QgZm9yIE9BdXRoIHRvIGRldmVsb3AgYSBzdGFuZGFy
ZCBpbiB0aGlzIGFyZWEuICBJIGFsc28gYWdyZWUgd2l0aCB0aGUgZGlzY3Vzc2lvbiBvbiB0aGUg
bGlzdCB0aGF0IGhhdmluZyBzb21lIHVzZSBjYXNlIGRlc2NyaXB0aW9ucyBhbmQgY29uY3JldGUg
ZXhhbXBsZXMgY291bGQgaGVscCBkZXZlbG9wZXJzIGtub3cgaG93IHRvIGRvIHRva2VuIGV4Y2hh
bmdlIGluIGFuIGludGVyb3BlcmFibGUgd2F5LiAgV2Ugc2hvdWxkIGRvIHRoYXQgZ29pbmcgZm9y
d2FyZC4NCg0KSSBqdXN0IHNraW1tZWQgdGhyb3VnaCBCcmlhbuKAmXMgZG9jdW1lbnQuICBJIGFn
cmVlIHdpdGggdGhlIHRocnVzdCBvZiBhIGxvdCBvZi4gIE11Y2ggb2YgaXQgaXMgZXF1aXZhbGVu
dCB0byBwYXJ0cyBvZiBkcmFmdC1qb25lcy1vYXV0aC10b2tlbi1leGNoYW5nZSDigJMgYWxiZWl0
IHdpdGggZGlmZmVyZW50IHN5bnRheC4gIEhvd2V2ZXIsIGl0IHNlZW1zIHRvIGJlIG1pc3Npbmcg
dGhlIGFiaWxpdHkgdG8gcmVwcmVzZW50IHN0YXRlbWVudHMgYWJvdXQgd2hvIGlzIGVsaWdpYmxl
IHRvIGFjdCBmb3Igd2hvLCBhcyBpcyBlbmFibGVkIGJ5IGh0dHA6Ly90b29scy5pZXRmLm9yZy9o
dG1sL2RyYWZ0LWpvbmVzLW9hdXRoLXRva2VuLWV4Y2hhbmdlLTAxI3NlY3Rpb24tNC4gIEFsc28s
IEnigJltIG5vdCBzdXJlIEnigJltIGNvbWZvcnRhYmxlIG92ZXJsb2FkaW5nIHRoZSBhY2Nlc3Nf
dG9rZW4gVG9rZW4gRW5kcG9pbnQgcmVzcG9uc2UgdG8gY29udmV5IHRoZSByZXR1cm5lZCBzZWN1
cml0eSB0b2tlbiwgc2luY2UgaW4gdGhlIGdlbmVyYWwgY2FzZSwgdGhlIHNlY3VyaXR5IHRva2Vu
IGlzIG5vdCBhbiBhY2Nlc3MgdG9rZW4uICBBbGwgb2YgdGhvc2UgYXJlIHRoZSBraW5kcyBvZiBk
ZXRhaWxzIHRoYXQgdGhlIHdvcmtpbmcgZ3JvdXAgd2lsbCBnZXQgdG8gZGVjaWRlIG9uLCBzbyBJ
4oCZbSBub3QgYWxsIHRoYXQgaHVuZyB1cCBvbiB0aGVtIHJpZ2h0IG5vdy4NCg0KQXMgYSB3YXkg
Zm9yd2FyZCwgSeKAmWQgYWN0dWFsbHkgcHJvcG9zZSB0aGF0IHdlIGFjY2VwdCBkcmFmdC1qb25l
cy1vYXV0aC10b2tlbi1leGNoYW5nZSBhcyBhIHN0YXJ0aW5nIHBvaW50IGZvciB0aGUgd29ya2lu
ZyBncm91cCBkb2N1bWVudCDigJMgYXMgdGhlIGh1bSBpbiBUb3JvbnRvIHNlZW1lZCB0byBzYXkg
dGhhdCB3ZSB3b3VsZCDigJMgYnV0IHRoYXQgd2UgYWRkIEJyaWFuIGFzIGEgY28tYXV0aG9yIG9m
IGl0LiAgSeKAmW0gY29tZm9ydGFibGUgd29ya2luZyB3aXRoIEJyaWFuIGFzIGEgY28tZWRpdG9y
IGFuZCB3ZSBoYXZlIGEgZ29vZCB0cmFjayByZWNvcmQgb2YgZG9pbmcgcHJvZHVjdGl2ZSB3b3Jr
IHRvZ2V0aGVyIOKAkyBpbmNsdWRpbmcgdGhlIG5lYXJseSBmaW5pc2hlZCBPQXV0aCBBc3NlcnRp
b25zIHNwZWNpZmljYXRpb25zLg0KDQpJ4oCZZCBhbHNvIHByaXZhdGVseSBjb21tdW5pY2F0ZWQg
dG8gQnJpYW4gdGhhdCBJIHNlZSBteSBjdXJyZW50IGRvY3VtZW50IGFzIGEgc3RhcnRpbmcgcG9p
bnQgZm9yIHRoZSB3b3JrIGFuZCBub3Qgc29tZXRoaW5nIGluIGZpbmFsIGZvcm0gYW5kIHRoYXQg
SeKAmWQgYmUgaGFwcHkgdG8gd29yayB3aXRoIGhpbSB0byBtYWtlIHN1cmUgdGhhdCBoaXMgdXNl
IGNhc2VzIGFyZSBhY2NvbW1vZGF0ZWQgYW5kIHRoYXQgaXTigJlzIGNsZWFyIHRvIGRldmVsb3Bl
cnMgaG93IGFuZCB3aGVuIHRvIHVzZSB0b2tlbiBleGNoYW5nZS4NCg0KICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQmVzdCB3aXNoZXMs
DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAtLSBNaWtlDQoNCkZyb206IE9BdXRoIFttYWlsdG86b2F1dGgtYm91bmNlc0BpZXRmLm9y
Z10gT24gQmVoYWxmIE9mIEJyaWFuIENhbXBiZWxsDQpTZW50OiBGcmlkYXksIEF1Z3VzdCAwOCwg
MjAxNCAxMDo1NSBBTQ0KVG86IEpvaG4gQnJhZGxleQ0KQ2M6IG9hdXRoLWNoYWlyc0B0b29scy5p
ZXRmLm9yZzsgb2F1dGhAaWV0Zi5vcmcNClN1YmplY3Q6IFJlOiBbT0FVVEgtV0ddIENvbmZpcm1h
dGlvbjogQ2FsbCBmb3IgQWRvcHRpb24gb2YgIk9BdXRoIDIuMCBUb2tlbiBFeGNoYW5nZSIgYXMg
YW4gT0F1dGggV29ya2luZyBHcm91cCBJdGVtDQoNCkFic29sdXRlbHkgYWdyZWUgdGhhdCBzb21l
IGV4YW1wbGVzIGFyZSBuZWVkZWQuIFRoZXJlJ3MgYSBbWyBUT0RPIF1dIGluIHRoZXJlIGZvciBp
dC4gSSBqdXN0IGhhZG4ndCBnb3R0ZW4gdG8gaXQgeWV0IGFuZCB3YW50ZWQgdG8gZ2V0IHRoZSBJ
LUQgdXAgYmVmb3JlIHRoZSBBdWcgMTAgZGF0ZSB0aGF0IEhhbm5lcyBwdXQgb3V0IHRoZXJlLiBU
aGUgZXhhbXBsZSB5b3Ugb3V0bGluZWQgaXMgYSBnb29kIHN0YXJ0LCBJIHRoaW5rLg0KWWVzLCBj
b2RlIGFuZCByZWZyZXNoIHRva2VucyB3b3VsZC9jb3VsZCBiZSB2YWxpZCB0b2tlbnMuIEEgcHJl
dmlvdXNseSBpc3N1ZWQgYWNjZXNzIHRva2VuIG1pZ2h0IGFsc28gYmUuIEpXVCAmIFNBTUwgdG9v
LiBUaGUgbGFzdCBwYXJhZ3JhcGggb2YgaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQt
Y2FtcGJlbGwtb2F1dGgtc3RzLTAwI3NlY3Rpb24tMSBhdHRlbXB0cyB0byBzdGF0ZSB0aGF0IHRo
ZSBzY29wZSBvZiB0aGUgZG9jIGlzIG9ubHkgdGhlIGZyYW1ld29yayBmb3IgZXhjaGFuZ2UgYW5k
IHRoYXQgdGhlICJzeW50YXgsIHNlbWFudGljcyBhbmQgc2VjdXJpdHkgY2hhcmFjdGVyaXN0aWNz
IG9mIHRoZSB0b2tlbnMgdGhlbXNlbHZlcyAoYm90aCB0aG9zZSBwcmVzZW50ZWQgdG8gdGhlIGFy
ZSBleHBsaWNpdGx5IG91dCBvZiBzY29wZS4iICBXaGF0IGNvbnN0aXR1dGVzIGEgdmFsaWQgdG9r
ZW4gd2lsbCBkZXBlbmQgb24gdGhlIGRlcGxveW1lbnQgb3IgYWRkaXRpb25hbCBwcm9maWxpbmcu
DQoNCiJTbyBob3cgbWlnaHQgc2VuZGluZyBhbiBhY3RfYXMgdG9rZW4gdG8gdGhlIHRva2VuIGVu
ZHBvaW50IGFzIHBhcnQgb2YgdGhlIHJlcXVlc3QgaW1wYWN0IHRoZSByZXN1bHQuIiAtPiBpbiBn
ZW5lcmFsIEkgd2FzIHRoaW5raW5nIGl0J2QgcmVzdWx0IGluIGFuIGF6cCBjbGFpbSBvciBzb21l
dGhpbmcgbGlrZSB0aGF0IGluIHRoZSByZXR1cm5lZCB0b2tlbi4NCg0KIkRvIHlvdSBzZWUgdGhl
IGFjdF9hcyBpbnRlcmFjdGluZyB3aXRoIFBvUCB0byBsaW1pdCB3aG8gY2FuIHByZXNlbnQgdGhl
IHJlc3VsdGluZyB0b2tlbi4gIiAtPiBRdWl0ZSBwb3NzaWJseS4gVGhvdWdoLCBob25lc3RseSwg
SSBkb24ndCB5ZXQgaGF2ZSBhIGNvbXBsZXRlIGNvbmNlcHQgb2YgaG93IFBvUCB3b3JrcyBpbiBj
b25qdW5jdGlvbiB3aXRoIGFsbCB0aGlzLg0KDQoiSXMgYWN0X2FzIHNpbXBseSBkdXBsaWNhdGlu
ZyB0aGUgYXV0aGVudGljYXRpb24gcG9ydGlvbiBvZiB0aGUgY3VycmVudCBhc3NlcnRpb24gcHJv
ZmlsZT8iIC0+IHRoZXJlIGlzIHBvdGVudGlhbCBmb3IgZHVwbGljYXRpb24gaW4gc29tZSBjYXNl
cywgeWVzLiBCdXQgdGhlIG1vdGl2YXRpb24gZm9yIGFjdF9hcyB3YXMgdG8gZ2l2ZSBhZGRpdGlv
bmFsIGZsZXhpYmlsaXR5IGJ5IGFsbG93aW5nIGFuIGFkZGl0aW9uYWwgcGFydHkgdG8gYmUgcmVw
cmVzZW50ZWQuIEFsc28gdG8gdHJ5IGFuZCBhbGlnbiB3aXRoDQpkcmFmdC1qb25lcy1vYXV0aC10
b2tlbi1leGNoYW5nZTxodHRwOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWpvbmVz
LW9hdXRoLXRva2VuLWV4Y2hhbmdlLz4gdG8gdGhlIGV4dGVudCBwb3NzaWJsZS4gSSBoYWQgdG95
ZWQgd2l0aCB0aGUgaWRlYSBvZiBvbmx5IGhhdmluZyBvbmUgaW5ib3VuZCB0b2tlbiBmb3IgdGhl
IHN1YmplY3QgYW5kIGhhdmluZyB0aGUgY2xpZW50IChyZWx5aW5nIG9uIGNsaWVudCBhdXRoZW50
aWNhdGlvbikgYmUgdGhlIGFjdG9yLiBUaGVuIG1heWJlIGEgZmxhZyB0byBpbmRpY2F0ZSBpZiBk
ZWxlZ2F0aW9uIHZzIGltcGVyc29uYXRpb24gaXMgZGVzZXJ0ZWQgaW4gdGhlIHJldHVybmVkIHRv
a2VuLiBCdXQgaXQgc2VlbWVkIGxpa2UgdGhlcmUgd2FzIGEgbmVlZCAodGhpbmdzIHlvdSdkIHNh
aWQgYW1vbmcgb3RoZXJzKSBmb3IgbW9yZSB0aGFuIHR3byBwYXJ0aWVzIHRvIGJlIHJlcHJlc2Vu
dGVkLiBUaGVyZSdzIHNvbWUgcmVmaW5lbWVudCB0byBiZSBkb25lIGZvciBzdXJlIHRob3VnaC4N
Cg0KIk5vdCBoYXZpbmcgY29uY3JldGUgYW5zd2VycyBhdCB0aGlzIHBvaW50IGlzIG5vdCBhIHBy
b2JsZW0sIGJ1dCB3ZSBkbyBuZWVkIHRvIHRoaW5rIGFsbCBvZiB0aGlzIHRocm91Z2guIiAtPiBh
Z3JlZQ0KDQoiSSB0aGluayB0aGlzIGRvY3VtZW50IGlzIGFsc28gdXNlZnVsIGlucHV0LiIgLT4g
dGhhbmtzDQo=

--_000_4E1F6AAD24975D4BA5B16804296739439AE0D742TK5EX14MBXC293r_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTQgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl
PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6
SGVsdmV0aWNhOw0KCXBhbm9zZS0xOjIgMTEgNiA0IDIgMiAyIDIgMiA0O30NCkBmb250LWZhY2UN
Cgl7Zm9udC1mYW1pbHk6SGVsdmV0aWNhOw0KCXBhbm9zZS0xOjIgMTEgNiA0IDIgMiAyIDIgMiA0
O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToyIDE1IDUg
MiAyIDIgNCAzIDIgNDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OlRhaG9tYTsNCglwYW5v
c2UtMToyIDExIDYgNCAzIDUgNCA0IDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5N
c29Ob3JtYWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0KCW1h
cmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTIuMHB0Ow0KCWZvbnQtZmFtaWx5OiJU
aW1lcyBOZXcgUm9tYW4iLCJzZXJpZiI7fQ0KYTpsaW5rLCBzcGFuLk1zb0h5cGVybGluaw0KCXtt
c28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6Ymx1ZTsNCgl0ZXh0LWRlY29yYXRpb246dW5k
ZXJsaW5lO30NCmE6dmlzaXRlZCwgc3Bhbi5Nc29IeXBlcmxpbmtGb2xsb3dlZA0KCXttc28tc3R5
bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6cHVycGxlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxp
bmU7fQ0Kc3Bhbi5FbWFpbFN0eWxlMTcNCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7
DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLCJzYW5zLXNlcmlmIjsNCgljb2xvcjojMUY0OTdEO30N
Ci5Nc29DaHBEZWZhdWx0DQoJe21zby1zdHlsZS10eXBlOmV4cG9ydC1vbmx5Ow0KCWZvbnQtZmFt
aWx5OiJDYWxpYnJpIiwic2Fucy1zZXJpZiI7fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJe3NpemU6
OC41aW4gMTEuMGluOw0KCW1hcmdpbjoxLjBpbiAxLjBpbiAxLjBpbiAxLjBpbjt9DQpkaXYuV29y
ZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0tPjwvc3R5bGU+PCEtLVtpZiBndGUg
bXNvIDldPjx4bWw+DQo8bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PSJlZGl0IiBzcGlkbWF4PSIxMDI2
IiAvPg0KPC94bWw+PCFbZW5kaWZdLS0+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFw
ZWxheW91dCB2OmV4dD0iZWRpdCI+DQo8bzppZG1hcCB2OmV4dD0iZWRpdCIgZGF0YT0iMSIgLz4N
CjwvbzpzaGFwZWxheW91dD48L3htbD48IVtlbmRpZl0tLT4NCjwvaGVhZD4NCjxib2R5IGxhbmc9
IkVOLVVTIiBsaW5rPSJibHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0
aW9uMSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBw
dDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7
Y29sb3I6IzFGNDk3RCI+Rmlyc3QsIEnigJlsbCBzYXkgdGhhdCBJIGFwcHJlY2lhdGUgQnJpYW4g
YWxzbyB3b3JraW5nIG9uIHRoaXMgdG9waWMuJm5ic3A7IFRoaXMgaXMgaW1wb3J0YW50IGZvciBt
YW55IG11bHRpLWFjdG9yIHVzZSBjYXNlcyBhbmQgaXQgd291bGQgYmUgZ29vZCBmb3IgT0F1dGgg
dG8gZGV2ZWxvcA0KIGEgc3RhbmRhcmQgaW4gdGhpcyBhcmVhLiZuYnNwOyBJIGFsc28gYWdyZWUg
d2l0aCB0aGUgZGlzY3Vzc2lvbiBvbiB0aGUgbGlzdCB0aGF0IGhhdmluZyBzb21lIHVzZSBjYXNl
IGRlc2NyaXB0aW9ucyBhbmQgY29uY3JldGUgZXhhbXBsZXMgY291bGQgaGVscCBkZXZlbG9wZXJz
IGtub3cgaG93IHRvIGRvIHRva2VuIGV4Y2hhbmdlIGluIGFuIGludGVyb3BlcmFibGUgd2F5LiZu
YnNwOyBXZSBzaG91bGQgZG8gdGhhdCBnb2luZyBmb3J3YXJkLjxvOnA+PC9vOnA+PC9zcGFuPjwv
cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2Zv
bnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xv
cjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y
bWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxp
YnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+SSBqdXN0IHNr
aW1tZWQgdGhyb3VnaCBCcmlhbuKAmXMgZG9jdW1lbnQuJm5ic3A7IEkgYWdyZWUgd2l0aCB0aGUg
dGhydXN0IG9mIGEgbG90IG9mLiZuYnNwOyBNdWNoIG9mIGl0IGlzIGVxdWl2YWxlbnQgdG8gcGFy
dHMgb2YgZHJhZnQtam9uZXMtb2F1dGgtdG9rZW4tZXhjaGFuZ2Ug4oCTIGFsYmVpdA0KIHdpdGgg
ZGlmZmVyZW50IHN5bnRheC4mbmJzcDsgSG93ZXZlciwgaXQgc2VlbXMgdG8gYmUgbWlzc2luZyB0
aGUgYWJpbGl0eSB0byByZXByZXNlbnQgc3RhdGVtZW50cyBhYm91dCB3aG8gaXMgZWxpZ2libGUg
dG8gYWN0IGZvciB3aG8sIGFzIGlzIGVuYWJsZWQgYnkNCjxhIGhyZWY9Imh0dHA6Ly90b29scy5p
ZXRmLm9yZy9odG1sL2RyYWZ0LWpvbmVzLW9hdXRoLXRva2VuLWV4Y2hhbmdlLTAxI3NlY3Rpb24t
NCI+DQpodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1qb25lcy1vYXV0aC10b2tlbi1l
eGNoYW5nZS0wMSNzZWN0aW9uLTQ8L2E+LiZuYnNwOyBBbHNvLCBJ4oCZbSBub3Qgc3VyZSBJ4oCZ
bSBjb21mb3J0YWJsZSBvdmVybG9hZGluZyB0aGUgYWNjZXNzX3Rva2VuIFRva2VuIEVuZHBvaW50
IHJlc3BvbnNlIHRvIGNvbnZleSB0aGUgcmV0dXJuZWQgc2VjdXJpdHkgdG9rZW4sIHNpbmNlIGlu
IHRoZSBnZW5lcmFsIGNhc2UsIHRoZSBzZWN1cml0eSB0b2tlbiBpcyBub3QNCiBhbiBhY2Nlc3Mg
dG9rZW4uJm5ic3A7IEFsbCBvZiB0aG9zZSBhcmUgdGhlIGtpbmRzIG9mIGRldGFpbHMgdGhhdCB0
aGUgd29ya2luZyBncm91cCB3aWxsIGdldCB0byBkZWNpZGUgb24sIHNvIEnigJltIG5vdCBhbGwg
dGhhdCBodW5nIHVwIG9uIHRoZW0gcmlnaHQgbm93LjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxw
IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFt
aWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0
OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48
c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1
b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+QXMgYSB3YXkgZm9yd2Fy
ZCwgSeKAmWQgYWN0dWFsbHkgcHJvcG9zZSB0aGF0IHdlIGFjY2VwdCBkcmFmdC1qb25lcy1vYXV0
aC10b2tlbi1leGNoYW5nZSBhcyBhIHN0YXJ0aW5nIHBvaW50IGZvciB0aGUgd29ya2luZyBncm91
cCBkb2N1bWVudCDigJMgYXMgdGhlIGh1bSBpbiBUb3JvbnRvDQogc2VlbWVkIHRvIHNheSB0aGF0
IHdlIHdvdWxkIOKAkyBidXQgdGhhdCB3ZSBhZGQgQnJpYW4gYXMgYSBjby1hdXRob3Igb2YgaXQu
Jm5ic3A7IEnigJltIGNvbWZvcnRhYmxlIHdvcmtpbmcgd2l0aCBCcmlhbiBhcyBhIGNvLWVkaXRv
ciBhbmQgd2UgaGF2ZSBhIGdvb2QgdHJhY2sgcmVjb3JkIG9mIGRvaW5nIHByb2R1Y3RpdmUgd29y
ayB0b2dldGhlciDigJMgaW5jbHVkaW5nIHRoZSBuZWFybHkgZmluaXNoZWQgT0F1dGggQXNzZXJ0
aW9ucyBzcGVjaWZpY2F0aW9ucy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv
Tm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtD
YWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+PG86cD4m
bmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9
ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtz
YW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPknigJlkIGFsc28gcHJpdmF0ZWx5IGNvbW11
bmljYXRlZCB0byBCcmlhbiB0aGF0IEkgc2VlIG15IGN1cnJlbnQgZG9jdW1lbnQgYXMgYSBzdGFy
dGluZyBwb2ludCBmb3IgdGhlIHdvcmsgYW5kIG5vdCBzb21ldGhpbmcgaW4gZmluYWwgZm9ybSBh
bmQgdGhhdCBJ4oCZZCBiZSBoYXBweQ0KIHRvIHdvcmsgd2l0aCBoaW0gdG8gbWFrZSBzdXJlIHRo
YXQgaGlzIHVzZSBjYXNlcyBhcmUgYWNjb21tb2RhdGVkIGFuZCB0aGF0IGl04oCZcyBjbGVhciB0
byBkZXZlbG9wZXJzIGhvdyBhbmQgd2hlbiB0byB1c2UgdG9rZW4gZXhjaGFuZ2UuPG86cD48L286
cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6
ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlm
JnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNs
YXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5
OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdE
Ij4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm
bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz
cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm
bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz
cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm
bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz
cDsmbmJzcDsmbmJzcDsgQmVzdCB3aXNoZXMsPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xh
c3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6
JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0Qi
PiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu
YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu
YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu
YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOyAtLSBNaWtlPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z
b05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7
Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPjxvOnA+
Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxzcGFuIHN0
eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1RhaG9tYSZxdW90OywmcXVv
dDtzYW5zLXNlcmlmJnF1b3Q7Ij5Gcm9tOjwvc3Bhbj48L2I+PHNwYW4gc3R5bGU9ImZvbnQtc2l6
ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7VGFob21hJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYm
cXVvdDsiPiBPQXV0aCBbbWFpbHRvOm9hdXRoLWJvdW5jZXNAaWV0Zi5vcmddDQo8Yj5PbiBCZWhh
bGYgT2YgPC9iPkJyaWFuIENhbXBiZWxsPGJyPg0KPGI+U2VudDo8L2I+IEZyaWRheSwgQXVndXN0
IDA4LCAyMDE0IDEwOjU1IEFNPGJyPg0KPGI+VG86PC9iPiBKb2huIEJyYWRsZXk8YnI+DQo8Yj5D
Yzo8L2I+IG9hdXRoLWNoYWlyc0B0b29scy5pZXRmLm9yZzsgb2F1dGhAaWV0Zi5vcmc8YnI+DQo8
Yj5TdWJqZWN0OjwvYj4gUmU6IFtPQVVUSC1XR10gQ29uZmlybWF0aW9uOiBDYWxsIGZvciBBZG9w
dGlvbiBvZiAmcXVvdDtPQXV0aCAyLjAgVG9rZW4gRXhjaGFuZ2UmcXVvdDsgYXMgYW4gT0F1dGgg
V29ya2luZyBHcm91cCBJdGVtPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05v
cm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFz
cz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWJvdHRvbToxMi4wcHQiPkFic29sdXRlbHkgYWdy
ZWUgdGhhdCBzb21lIGV4YW1wbGVzIGFyZSBuZWVkZWQuIFRoZXJlJ3MgYSBbWyBUT0RPIF1dIGlu
IHRoZXJlIGZvciBpdC4gSSBqdXN0IGhhZG4ndCBnb3R0ZW4gdG8gaXQgeWV0IGFuZCB3YW50ZWQg
dG8gZ2V0IHRoZSBJLUQgdXAgYmVmb3JlIHRoZSBBdWcgMTAgZGF0ZSB0aGF0IEhhbm5lcyBwdXQg
b3V0IHRoZXJlLiBUaGUgZXhhbXBsZQ0KIHlvdSBvdXRsaW5lZCBpcyBhIGdvb2Qgc3RhcnQsIEkg
dGhpbmsuPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxl
PSJtYXJnaW4tYm90dG9tOjEyLjBwdCI+WWVzLCBjb2RlIGFuZCByZWZyZXNoIHRva2VucyB3b3Vs
ZC9jb3VsZCBiZSB2YWxpZCB0b2tlbnMuIEEgcHJldmlvdXNseSBpc3N1ZWQgYWNjZXNzIHRva2Vu
IG1pZ2h0IGFsc28gYmUuIEpXVCAmYW1wOyBTQU1MIHRvby4gVGhlIGxhc3QgcGFyYWdyYXBoIG9m
DQo8YSBocmVmPSJodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1jYW1wYmVsbC1vYXV0
aC1zdHMtMDAjc2VjdGlvbi0xIiB0YXJnZXQ9Il9ibGFuayI+DQpodHRwOi8vdG9vbHMuaWV0Zi5v
cmcvaHRtbC9kcmFmdC1jYW1wYmVsbC1vYXV0aC1zdHMtMDAjc2VjdGlvbi0xPC9hPiBhdHRlbXB0
cyB0byBzdGF0ZSB0aGF0IHRoZSBzY29wZSBvZiB0aGUgZG9jIGlzIG9ubHkgdGhlIGZyYW1ld29y
ayBmb3IgZXhjaGFuZ2UgYW5kIHRoYXQgdGhlICZxdW90O3N5bnRheCwgc2VtYW50aWNzIGFuZCBz
ZWN1cml0eSBjaGFyYWN0ZXJpc3RpY3Mgb2YgdGhlIHRva2VucyB0aGVtc2VsdmVzIChib3RoIHRo
b3NlIHByZXNlbnRlZCB0bw0KIHRoZSBhcmUgZXhwbGljaXRseSBvdXQgb2Ygc2NvcGUuJnF1b3Q7
Jm5ic3A7IFdoYXQgY29uc3RpdHV0ZXMgYSB2YWxpZCB0b2tlbiB3aWxsIGRlcGVuZCBvbiB0aGUg
ZGVwbG95bWVudCBvciBhZGRpdGlvbmFsIHByb2ZpbGluZy48YnI+DQo8YnI+DQomcXVvdDtTbyBo
b3cgbWlnaHQgc2VuZGluZyBhbiBhY3RfYXMgdG9rZW4gdG8gdGhlIHRva2VuIGVuZHBvaW50IGFz
IHBhcnQgb2YgdGhlIHJlcXVlc3QgaW1wYWN0IHRoZSByZXN1bHQuJnF1b3Q7IC0mZ3Q7IGluIGdl
bmVyYWwgSSB3YXMgdGhpbmtpbmcgaXQnZCByZXN1bHQgaW4gYW4gYXpwIGNsYWltIG9yIHNvbWV0
aGluZyBsaWtlIHRoYXQgaW4gdGhlIHJldHVybmVkIHRva2VuLjxicj4NCjxicj4NCiZxdW90Ozxz
cGFuIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtIZWx2ZXRpY2EmcXVvdDssJnF1b3Q7c2Fucy1z
ZXJpZiZxdW90OyI+RG8geW91IHNlZSB0aGUgYWN0X2FzIGludGVyYWN0aW5nIHdpdGggUG9QIHRv
IGxpbWl0IHdobyBjYW4gcHJlc2VudCB0aGUgcmVzdWx0aW5nIHRva2VuLiAmcXVvdDs8L3NwYW4+
IC0mZ3Q7IFF1aXRlIHBvc3NpYmx5LiBUaG91Z2gsIGhvbmVzdGx5LCBJIGRvbid0IHlldCBoYXZl
IGEgY29tcGxldGUgY29uY2VwdCBvZiBob3cgUG9QIHdvcmtzIGluIGNvbmp1bmN0aW9uIHdpdGgN
CiBhbGwgdGhpcy4gPGJyPg0KPGJyPg0KJnF1b3Q7PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiZx
dW90O0hlbHZldGljYSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij5JcyBhY3RfYXMgc2lt
cGx5IGR1cGxpY2F0aW5nIHRoZSBhdXRoZW50aWNhdGlvbiBwb3J0aW9uIG9mIHRoZSBjdXJyZW50
IGFzc2VydGlvbiBwcm9maWxlPyZxdW90OyAtJmd0OyB0aGVyZSBpcyBwb3RlbnRpYWwgZm9yIGR1
cGxpY2F0aW9uIGluIHNvbWUgY2FzZXMsIHllcy4gQnV0IHRoZSBtb3RpdmF0aW9uIGZvciBhY3Rf
YXMgd2FzIHRvIGdpdmUgYWRkaXRpb25hbCBmbGV4aWJpbGl0eQ0KIGJ5IGFsbG93aW5nIGFuIGFk
ZGl0aW9uYWwgcGFydHkgdG8gYmUgcmVwcmVzZW50ZWQuIEFsc28gdG8gdHJ5IGFuZCBhbGlnbiB3
aXRoIDwvc3Bhbj4NCjxicj4NCjxhIGhyZWY9Imh0dHA6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9k
b2MvZHJhZnQtam9uZXMtb2F1dGgtdG9rZW4tZXhjaGFuZ2UvIiB0YXJnZXQ9Il9ibGFuayI+ZHJh
ZnQtam9uZXMtb2F1dGgtdG9rZW4tZXhjaGFuZ2U8L2E+IHRvIHRoZSBleHRlbnQgcG9zc2libGUu
IEkgaGFkIHRveWVkIHdpdGggdGhlIGlkZWEgb2Ygb25seSBoYXZpbmcgb25lIGluYm91bmQgdG9r
ZW4gZm9yIHRoZSBzdWJqZWN0IGFuZCBoYXZpbmcgdGhlIGNsaWVudCAocmVseWluZw0KIG9uIGNs
aWVudCBhdXRoZW50aWNhdGlvbikgYmUgdGhlIGFjdG9yLiBUaGVuIG1heWJlIGEgZmxhZyB0byBp
bmRpY2F0ZSBpZiBkZWxlZ2F0aW9uIHZzIGltcGVyc29uYXRpb24gaXMgZGVzZXJ0ZWQgaW4gdGhl
IHJldHVybmVkIHRva2VuLiBCdXQgaXQgc2VlbWVkIGxpa2UgdGhlcmUgd2FzIGEgbmVlZCAodGhp
bmdzIHlvdSdkIHNhaWQgYW1vbmcgb3RoZXJzKSBmb3IgbW9yZSB0aGFuIHR3byBwYXJ0aWVzIHRv
IGJlIHJlcHJlc2VudGVkLiBUaGVyZSdzDQogc29tZSByZWZpbmVtZW50IHRvIGJlIGRvbmUgZm9y
IHN1cmUgdGhvdWdoLjxicj4NCjxicj4NCiZxdW90OzxzcGFuIHN0eWxlPSJmb250LWZhbWlseTom
cXVvdDtIZWx2ZXRpY2EmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+Tm90IGhhdmluZyBj
b25jcmV0ZSBhbnN3ZXJzIGF0IHRoaXMgcG9pbnQgaXMgbm90IGEgcHJvYmxlbSwgYnV0IHdlIGRv
IG5lZWQgdG8gdGhpbmsgYWxsIG9mIHRoaXMgdGhyb3VnaC4mcXVvdDs8L3NwYW4+IC0mZ3Q7IGFn
cmVlPGJyPg0KPGJyPg0KJnF1b3Q7SSB0aGluayB0aGlzIGRvY3VtZW50IGlzIGFsc28gdXNlZnVs
IGlucHV0LiZxdW90OyAtJmd0OyB0aGFua3M8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+
DQo8L2Rpdj4NCjwvYm9keT4NCjwvaHRtbD4NCg==

--_000_4E1F6AAD24975D4BA5B16804296739439AE0D742TK5EX14MBXC293r_--


From nobody Fri Aug  8 11:47:36 2014
Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 435F51A00AE for <oauth@ietfa.amsl.com>; Fri,  8 Aug 2014 11:47:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kNkvlbIK_Jy8 for <oauth@ietfa.amsl.com>; Fri,  8 Aug 2014 11:47:32 -0700 (PDT)
Received: from mail-qa0-f44.google.com (mail-qa0-f44.google.com [209.85.216.44]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD0401A0067 for <oauth@ietf.org>; Fri,  8 Aug 2014 11:47:31 -0700 (PDT)
Received: by mail-qa0-f44.google.com with SMTP id f12so5884907qad.17 for <oauth@ietf.org>; Fri, 08 Aug 2014 11:47:31 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:message-id:references:to; bh=nQboFnkptnGL7h5f4nROnjaUA2B3zKVRNGTlVWtk010=; b=S1OQBJZwzP70kCvCzYXBD4HE/KbLw7uIXeHcbgcyq1ys13wm9KW4wn0qszg2NI8ljM dGimCJVAnMEPpSScOuTIpPG5azipZ3O4WSiorKCmXGpzkwy3nAUuqktDL+/o9o8JJJ7J ygIX/W5JtQph0bLGubeExSeN+QQ5IZuzAWHPpGUEyAH+pY+4ExKDyxtIuGJ2YQOwGTrr gwTXSYb4jHe1AEuMlGQuFsjC7JhiBRUviW+RXNZfT0Qjx0tJLs7FCBOHmTqse7DXkptc 8RWdSIu+6Nh9YIxBvMEJJXA9fRHuRrtqfOyUFIL5qWwHoCLwzLFzurc/RLLPck/l7+wj D84g==
X-Gm-Message-State: ALoCoQk0gu5NU22KgQ8/apjAFTtRHipnAfSsxudeYTkKI0SEuXQ6MyDbOS8hZaQtKGhame5ETPEg
X-Received: by 10.229.212.138 with SMTP id gs10mr39821931qcb.7.1407523651109;  Fri, 08 Aug 2014 11:47:31 -0700 (PDT)
Received: from [192.168.1.216] ([190.22.103.177]) by mx.google.com with ESMTPSA id g3sm6816352qar.31.2014.08.08.11.47.28 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 08 Aug 2014 11:47:30 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_5BD9E430-046A-42B5-B6F0-A67A1BC76C96"; protocol="application/pkcs7-signature"; micalg=sha1
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <CA+k3eCRNCvLof9wiNoJ28YAA-z1-xGbwHMOodFt8xqkE5GAU9w@mail.gmail.com>
Date: Fri, 8 Aug 2014 14:49:23 -0400
Message-Id: <4EE506D1-3C8D-41DF-A2B6-3DC543A9033B@ve7jtb.com>
References: <53D6896E.1030701@gmx.net> <CA+k3eCTJMAGGwt1xhOKuVrEJpQqUhTjXzUM6gx8f_XgHdXzH_A@mail.gmail.com> <42B66A8B-0F84-4AFC-A29A-2CD043ADFF76@ve7jtb.com> <CA+k3eCRNCvLof9wiNoJ28YAA-z1-xGbwHMOodFt8xqkE5GAU9w@mail.gmail.com>
To: Brian Campbell <bcampbell@pingidentity.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/-qm_b63tkNl5OAnGvR7Ce1mflvU
Cc: "oauth-chairs@tools.ietf.org" <oauth-chairs@tools.ietf.org>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Confirmation: Call for Adoption of "OAuth 2.0 Token Exchange" as an OAuth Working Group Item
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Aug 2014 18:47:34 -0000

--Apple-Mail=_5BD9E430-046A-42B5-B6F0-A67A1BC76C96
Content-Type: multipart/alternative;
	boundary="Apple-Mail=_2106A9FA-E893-4C63-80CE-49BFCCE2AA74"


--Apple-Mail=_2106A9FA-E893-4C63-80CE-49BFCCE2AA74
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

OK so act_as if not sent is implicitly the requestor perhaps =
authenticated by the endpoint in the normal OAuth way.

If the if the requestor is acting like a proxy as in the Token Agent =
case the act_as would indicate the identity of the client making the =
request to the Token Agent so that the resulting token can include that =
identity as the AZA.

I think that logic holds together. =20

In that case, if the resulting token is PoP,  then the party identified =
by the act_as's  public key would go in the resulting token. =20

That may actually be reversed from the WS-Trust usage, but that is =
something else to dig into in the WG.

I think working on this along side of the PoP drafts will help prevent =
possible conflicts and confusions.

We should accept Mikes draft or both of these as a starting point.

John B.


On Aug 8, 2014, at 1:55 PM, Brian Campbell <bcampbell@pingidentity.com> =
wrote:

> Absolutely agree that some examples are needed. There's a [[ TODO ]] =
in there for it. I just hadn't gotten to it yet and wanted to get the =
I-D up before the Aug 10 date that Hannes put out there. The example you =
outlined is a good start, I think.
>=20
> Yes, code and refresh tokens would/could be valid tokens. A previously =
issued access token might also be. JWT & SAML too. The last paragraph of =
http://tools.ietf.org/html/draft-campbell-oauth-sts-00#section-1 =
attempts to state that the scope of the doc is only the framework for =
exchange and that the "syntax, semantics and security characteristics of =
the tokens themselves (both those presented to the are explicitly out of =
scope."  What constitutes a valid token will depend on the deployment or =
additional profiling.
>=20
> "So how might sending an act_as token to the token endpoint as part of =
the request impact the result." -> in general I was thinking it'd result =
in an azp claim or something like that in the returned token.
>=20
> "Do you see the act_as interacting with PoP to limit who can present =
the resulting token. " -> Quite possibly. Though, honestly, I don't yet =
have a complete concept of how PoP works in conjunction with all this.=20=

>=20
> "Is act_as simply duplicating the authentication portion of the =
current assertion profile?" -> there is potential for duplication in =
some cases, yes. But the motivation for act_as was to give additional =
flexibility by allowing an additional party to be represented. Also to =
try and align with=20
> draft-jones-oauth-token-exchange to the extent possible. I had toyed =
with the idea of only having one inbound token for the subject and =
having the client (relying on client authentication) be the actor. Then =
maybe a flag to indicate if delegation vs impersonation is deserted in =
the returned token. But it seemed like there was a need (things you'd =
said among others) for more than two parties to be represented. There's =
some refinement to be done for sure though.
>=20
> "Not having concrete answers at this point is not a problem, but we do =
need to think all of this through." -> agree
>=20
> "I think this document is also useful input." -> thanks
>=20


--Apple-Mail=_2106A9FA-E893-4C63-80CE-49BFCCE2AA74
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=us-ascii

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dus-ascii"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">OK so =
act_as if not sent is implicitly the requestor perhaps authenticated by =
the endpoint in the normal OAuth way.<div><br></div><div>If the if the =
requestor is acting like a proxy as in the Token Agent case the act_as =
would indicate the identity of the client making the request to the =
Token Agent so that the resulting token can include that identity as the =
AZA.</div><div><br></div><div>I think that logic holds together. =
&nbsp;</div><div><br></div><div>In that case, if the resulting token is =
PoP, &nbsp;then the party identified by the act_as's &nbsp;public key =
would go in the resulting token. &nbsp;</div><div><br></div><div>That =
may actually be reversed from the WS-Trust usage, but that is something =
else to dig into in the WG.</div><div><br></div><div>I think working on =
this along side of the PoP drafts will help prevent possible conflicts =
and confusions.</div><div><br></div><div>We should accept Mikes draft or =
both of these as a starting point.</div><div><br></div><div>John =
B.</div><div><br></div><div><br><div><div>On Aug 8, 2014, at 1:55 PM, =
Brian Campbell &lt;<a =
href=3D"mailto:bcampbell@pingidentity.com">bcampbell@pingidentity.com</a>&=
gt; wrote:</div><br class=3D"Apple-interchange-newline"><blockquote =
type=3D"cite"><div dir=3D"ltr"><div>Absolutely agree that some examples =
are needed. There's a [[ <span tabindex=3D"-1" id=3D":32i.1" style=3D"" =
class=3D"">TODO</span> ]] in there for it. I just hadn't gotten to it =
yet and wanted to get the I-D up before the Aug 10 date that <span =
tabindex=3D"-1" id=3D":32i.2" style=3D"" class=3D"">Hannes</span> put =
out there. The example you outlined is a good start, I think.<br>



<br></div>Yes, code and refresh tokens would/could be valid tokens. A =
previously issued access token might also be. <span tabindex=3D"-1" =
id=3D":32i.3" style=3D"" class=3D"">JWT</span> &amp; <span tabindex=3D"-1"=
 id=3D":32i.4" style=3D"" class=3D"">SAML</span> too. The last paragraph =
of <a =
href=3D"http://tools.ietf.org/html/draft-campbell-oauth-sts-00#section-1" =
target=3D"_blank">http://tools.<span tabindex=3D"-1" id=3D":32i.5" =
style=3D"" class=3D"">ietf</span>.org/html/draft-<span tabindex=3D"-1" =
id=3D":32i.6" style=3D"" class=3D"">campbell</span>-<span tabindex=3D"-1" =
id=3D":32i.7" style=3D"" class=3D"">oauth</span>-<span tabindex=3D"-1" =
id=3D":32i.8" style=3D"" class=3D"">sts</span>-00#section-1</a> attempts =
to state that the scope of the doc is only the framework for exchange =
and that the "syntax, semantics and security characteristics of the =
tokens themselves (both those presented to the are explicitly out of =
scope."&nbsp; What constitutes a valid token will depend on the =
deployment or additional profiling.<br>


<br>"So how might sending an act_as token to the token endpoint as part =
of the request impact the result." -&gt; in general I was thinking it'd =
result in an <span tabindex=3D"-1" id=3D":32i.9" style=3D"" =
class=3D"">azp</span> claim or something like that in the returned =
token.<br>


<br>"<font face=3D"Helvetica">Do you see the act_as interacting with =
<span tabindex=3D"-1" id=3D":32i.10" style=3D"" class=3D"">PoP</span> to =
limit who can present the resulting token. "</font> -&gt; Quite =
possibly. Though, honestly, I don't yet have a complete concept of how =
<span tabindex=3D"-1" id=3D":32i.11" style=3D"" class=3D"">PoP</span> =
works in conjunction with all this. <br>


<br>"<font face=3D"Helvetica"><span style=3D"line-height:1.2em">Is =
act_as simply duplicating  the </span><span =
style=3D"line-height:14px">authentication</span><span =
style=3D"line-height:1.2em"> portion of the current assertion profile?" =
-&gt; there is potential for duplication in some cases, yes. But the =
motivation for act_as was to give additional flexibility by allowing an =
additional party to be represented. Also to try and align with =
</span></font><br>

<a =
href=3D"http://datatracker.ietf.org/doc/draft-jones-oauth-token-exchange/"=
 target=3D"_blank">draft-<span tabindex=3D"-1" id=3D":32i.12" style=3D"" =
class=3D"">jones</span>-<span tabindex=3D"-1" id=3D":32i.13" style=3D"" =
class=3D"">oauth</span>-token-exchange</a> to the extent possible. I had =
toyed with the idea of only having one inbound token for the subject and =
having the client (relying on client authentication) be the actor. Then =
maybe a flag to indicate if delegation vs impersonation is deserted in =
the returned token. But it seemed like there was a need (things you'd =
said among others) for more than two parties to be represented. There's =
some refinement to be done for sure though.<br>

<br>"<font face=3D"Helvetica"><span style=3D"line-height:14px">Not =
having concrete answers at this point is not a problem, but we do need =
to think all of this through."</span></font> -&gt; agree<br><br>"I think =
this document is also useful input." -&gt; thanks<br>

<br></div>
</blockquote></div><br></div></body></html>=

--Apple-Mail=_2106A9FA-E893-4C63-80CE-49BFCCE2AA74--

--Apple-Mail=_5BD9E430-046A-42B5-B6F0-A67A1BC76C96
Content-Disposition: attachment;
	filename=smime.p7s
Content-Type: application/pkcs7-signature;
	name=smime.p7s
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIINPDCCBjQw
ggQcoAMCAQICASAwDQYJKoZIhvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0
Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAn
BgNVBAMTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDI1NVoX
DTE3MTAyNDIxMDI1NVowgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSsw
KQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFy
dENvbSBDbGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMsohUWcASz7GfKrpTOMKqANy9BV7V0igWdGxA8IU77L3aTxErQ+
fcxtDYZ36Z6GH0YFn7fq5RADteP0AYzrCA+EQTfi8q1+kA3m0nwtwXG94M5sIqsvs7lRP1aycBke
/s5g9hJHryZ2acScnzczjBCAo7X1v5G3yw8MDP2m2RCye0KfgZ4nODerZJVzhAlOD9YejvAXZqHk
sw56HzElVIoYSZ3q4+RJuPXXfIoyby+Y2m1E+YzX5iCZXBx05gk6MKAW1vaw4/v2OOLy6FZH3XHH
tOkzUreG//CsFnB9+uaYSlR65cdGzTsmoIK8WH1ygoXhRBm98SD7Hf/r3FELNvUCAwEAAaOCAa0w
ggGpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSuVYNv7DHKufcd
+q9rMfPIHeOsuzAfBgNVHSMEGDAWgBROC+8apEBbpRdphzDKNGhD0EGu8jBmBggrBgEFBQcBAQRa
MFgwJwYIKwYBBQUHMAGGG2h0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9jYTAtBggrBgEFBQcwAoYh
aHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2EuY3J0MFsGA1UdHwRUMFIwJ6AloCOGIWh0dHA6
Ly93d3cuc3RhcnRzc2wuY29tL3Nmc2NhLmNybDAnoCWgI4YhaHR0cDovL2NybC5zdGFydHNzbC5j
b20vc2ZzY2EuY3JsMIGABgNVHSAEeTB3MHUGCysGAQQBgbU3AQIBMGYwLgYIKwYBBQUHAgEWImh0
dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cu
c3RhcnRzc2wuY29tL2ludGVybWVkaWF0ZS5wZGYwDQYJKoZIhvcNAQEFBQADggIBADqpJw3I07QW
ke9plNBpxUxcffc7nUrIQpJHDci91DFG7fVhHRkMZ1J+BKg5UNUxIFJ2Z9B90Micc/NXcs7kPBRd
n6XGO/vPc87Y6R+cWS9Nc9+fp3Enmsm94OxOwI9wn8qnr/6o3mD4noP9JphwUPTXwHovjavRnhUQ
HLfo/i2NG0XXgTHXS2Xm0kVUozXqpYpAdumMiB/vezj1QHQJDmUdPYMcp+reg9901zkyT3fDW/iv
JVv6pWtkh6Pw2ytZT7mvg7YhX3V50Nv860cV11mocUVcqBLv0gcT+HBDYtbuvexNftwNQKD5193A
7zN4vG7CTYkXxytSjKuXrpEatEiFPxWgb84nVj25SU5q/r1Xhwby6mLhkbaXslkVtwEWT3Van49r
KjlK4XrUKYYWtnfzq6aSak5u0Vpxd1rY79tWhD3EdCvOhNz/QplNa+VkIsrcp7+8ZhP1l1b2U6Ma
xIVteuVMD3X0vziIwr7jxYae9FZjbxlpUemqXjcC0QaFfN7qI0JsQMALL7iGRBg7K0CoOBzECdD3
fuZil5kU/LP9cr1BK31U0Uy651bFnAMMMkqhAChIbn0ei72VnbpSsrrSdF0BAGYQ8vyHae5aCg+H
75dVCV33K6FuxZrf09yTz+Vx/PkdRUYkXmZz/OTfyJXsUOUXrym6KvI2rYpccSk5MIIHADCCBeig
AwIBAgICSAcwDQYJKoZIhvcNAQEFBQAwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENv
bSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYD
VQQDEy9TdGFydENvbSBDbGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTAeFw0x
NDAzMjQyMzU2MjNaFw0xNjAzMjUwOTM5MzFaMIGfMRkwFwYDVQQNExBxekYwMVhZQ1pNTDM4N2hE
MQswCQYDVQQGEwJDTDEiMCAGA1UECBMZTWV0cm9wb2xpdGFuYSBkZSBTYW50aWFnbzEWMBQGA1UE
BxMNSXNsYSBkZSBNYWlwbzEVMBMGA1UEAxMMSm9obiBCcmFkbGV5MSIwIAYJKoZIhvcNAQkBFhNq
YnJhZGxleUBpY2xvdWQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTL0o4QG
WC+jnmYa7xEjcBTAeIOt7ILy40qsnJHNedVaTH0EU5yHzoaEOGHuOuwJUz/C7r2TvXpJ/Ud4w6VO
HdOUGnnKUiH5MV/kIysZ7DpN5D1f+yEast00oKsEbf/D6flzfex2JFV9rT7AQ+FQaTdf3S9K7gM2
F5kODFg805BMYTGT+haw9VOMXju5s93VEjUQcnGrLy0RtoN76GM6ItxqNnEt/Ln+2GNq8JvPyUKe
JsAxfIlTyqIbw32VlusKXL4+jmgFi+LY6bsfg3VHLvy58QsQnCwHg15uARvy5X6owyGcG7xHwNml
fNWtBZ3DHNPh37HC9lmAy4iqw4PvNwIDAQABo4IDVTCCA1EwCQYDVR0TBAIwADALBgNVHQ8EBAMC
BLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBSUDb6BlJD7FIYgWj1w
4z+GsOXs7zAfBgNVHSMEGDAWgBSuVYNv7DHKufcd+q9rMfPIHeOsuzCBmQYDVR0RBIGRMIGOgRNq
YnJhZGxleUBpY2xvdWQuY29tgRNqYnJhZGxleUBpY2xvdWQuY29tgRdqb2huLmJyYWRsZXlAd2lu
Z2FhLmNvbYERdmU3anRiQHZlN2p0Yi5jb22BD2picmFkbGV5QG1lLmNvbYEQamJyYWRsZXlAbWFj
LmNvbYETamJyYWRsZXlAd2luZ2FhLmNvbTCCAUwGA1UdIASCAUMwggE/MIIBOwYLKwYBBAGBtTcB
AgMwggEqMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMIH3
BggrBgEFBQcCAjCB6jAnFiBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgEBGoG+
VGhpcyBjZXJ0aWZpY2F0ZSB3YXMgaXNzdWVkIGFjY29yZGluZyB0byB0aGUgQ2xhc3MgMiBWYWxp
ZGF0aW9uIHJlcXVpcmVtZW50cyBvZiB0aGUgU3RhcnRDb20gQ0EgcG9saWN5LCByZWxpYW5jZSBv
bmx5IGZvciB0aGUgaW50ZW5kZWQgcHVycG9zZSBpbiBjb21wbGlhbmNlIG9mIHRoZSByZWx5aW5n
IHBhcnR5IG9ibGlnYXRpb25zLjA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLnN0YXJ0c3Ns
LmNvbS9jcnR1Mi1jcmwuY3JsMIGOBggrBgEFBQcBAQSBgTB/MDkGCCsGAQUFBzABhi1odHRwOi8v
b2NzcC5zdGFydHNzbC5jb20vc3ViL2NsYXNzMi9jbGllbnQvY2EwQgYIKwYBBQUHMAKGNmh0dHA6
Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRzL3N1Yi5jbGFzczIuY2xpZW50LmNhLmNydDAjBgNVHRIE
HDAahhhodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS8wDQYJKoZIhvcNAQEFBQADggEBALscEldbrgeF
B1WC/hMdYxFT4Lc8ALtErgJryRozTdeMlzpsncIKyy8M54HhxQAMOqFe2HR+R9H7WeIzmkV95yJn
JY3bd4bxnnemhLrDyi1VlNjEjkK5kgegI8JavahFXl4FwJHHv8TOh71Wf3fiy0Do7d7TQmVDRrzt
1k/2w4CXKweQ2mdFw7fskiYoPGEK7pFiicGMFBzLiKRm61CqojS4IYShiP0nCZZWPwNJYs5lstxD
SSMaD+KccZVxkL7X2Qj9PJ+PCAQ6dMhvwTXrdcnrE7fI8PhFvHWrERjg7yIu1WI4Fgviy0u7437v
WzufSnfqMwbfz20fucO0chYq+tkxggNsMIIDaAIBATCBkzCBjDELMAkGA1UEBhMCSUwxFjAUBgNV
BAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNp
Z25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xp
ZW50IENBAgJIBzAJBgUrDgMCGgUAoIIBrTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqG
SIb3DQEJBTEPFw0xNDA4MDgxODQ5MjRaMCMGCSqGSIb3DQEJBDEWBBTB4fWs0i0iNoYlrp7yER16
+zL4XzCBpAYJKwYBBAGCNxAEMYGWMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRD
b20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYG
A1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAkgH
MIGmBgsqhkiG9w0BCRACCzGBlqCBkzCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29t
IEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNV
BAMTL1N0YXJ0Q29tIENsYXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENBAgJIBzAN
BgkqhkiG9w0BAQEFAASCAQCYpIF1uvZxkQ4CZ4G0sHYdkC4b9NSpErIiLENLLBRCaNs3lezVv65G
u4EzYwMUDqNzQM7YtD+QUAl+cXCilQbYJOEfiPRQdXGrMMMVPogd0FA315sis9bf9HTH9ydrEfRW
MMycJV/86fVGvXx67SwuSzUWL55kO4y1THxMLrjXfSG2zvVGqh4q5S6zFSnDr01Ujnffp3788riv
iSWMXDYp3iU4WF2iOvSvZIFKMDF7wBfh2neg78CIh4r6xlsgxT7+RwYWc6Pc4mc87pOTAxqlK/lq
24fJmT6+EwSONMYuhqAIM1Xmc+uqLquW2/FxyNATrKujvWlRBIvUuw0GCtueAAAAAAAA

--Apple-Mail=_5BD9E430-046A-42B5-B6F0-A67A1BC76C96--


From nobody Sat Aug  9 09:37:07 2014
Return-Path: <torsten@lodderstedt.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C7F31A0642 for <oauth@ietfa.amsl.com>; Sat,  9 Aug 2014 09:37:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.148
X-Spam-Level: *
X-Spam-Status: No, score=1.148 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7D5QSerSJi-u for <oauth@ietfa.amsl.com>; Sat,  9 Aug 2014 09:37:03 -0700 (PDT)
Received: from smtprelay02.ispgateway.de (smtprelay02.ispgateway.de [80.67.31.36]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99E4A1A0584 for <oauth@ietf.org>; Sat,  9 Aug 2014 09:37:03 -0700 (PDT)
Received: from [91.2.95.98] (helo=[192.168.71.87]) by smtprelay02.ispgateway.de with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.68) (envelope-from <torsten@lodderstedt.net>) id 1XG9dd-0006gt-Bt; Sat, 09 Aug 2014 18:37:01 +0200
Message-ID: <53E64E2D.3080007@lodderstedt.net>
Date: Sat, 09 Aug 2014 18:37:01 +0200
From: Torsten Lodderstedt <torsten@lodderstedt.net>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: "oauth@ietf.org WG" <oauth@ietf.org>,  John Bradley <ve7jtb@ve7jtb.com>
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
X-Df-Sender: dG9yc3RlbkBsb2RkZXJzdGVkdC5uZXQ=
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/baEumN4Xar77o68Aw1J5xA4AUqU
Subject: [OAUTH-WG] Review comments on draft-ietf-oauth-pop-key-distribution-00
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Aug 2014 16:37:05 -0000

Hi John,

- new audience header
Why do you want to use another header/parameter to identify the target 
RS? Isn't scope sufficient to carry this information?
The text seems to be inconsistent regarding the name (aud or audience) 
and whether this is actually an header or a parameter.
I also miss the header/parameter in the example request.

- alg
I assume the client is supposed to first discovers the RS's 
capabilities. Any idea how the client should do this?

kind regards,
Torsten.


From nobody Mon Aug 11 07:42:54 2014
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 634AE1A03F0 for <oauth@ietfa.amsl.com>; Mon, 11 Aug 2014 07:42:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.578
X-Spam-Level: 
X-Spam-Status: No, score=-3.578 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RrZaWHg8z9cd for <oauth@ietfa.amsl.com>; Mon, 11 Aug 2014 07:42:51 -0700 (PDT)
Received: from na3sys009aog107.obsmtp.com (na3sys009aog107.obsmtp.com [74.125.149.197]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30F0D1A03F6 for <oauth@ietf.org>; Mon, 11 Aug 2014 07:42:51 -0700 (PDT)
Received: from mail-ig0-f178.google.com ([209.85.213.178]) (using TLSv1) by na3sys009aob107.postini.com ([74.125.148.12]) with SMTP ID DSNKU+jWattohwnAhhZLIMsJqA2Vw87PLNXS@postini.com; Mon, 11 Aug 2014 07:42:51 PDT
Received: by mail-ig0-f178.google.com with SMTP id uq10so4355151igb.17 for <oauth@ietf.org>; Mon, 11 Aug 2014 07:42:50 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=w6+D7inmtKQp1HHiib9mrDdsw0s1S0GWiOTtxlbg8OM=; b=ZaagrbYIgjyD0TpZT9H1NwNDoG0YdtWg1LsCfBSuEhTjVKACVrXefV14JW7Ducy7NL c1mUrrOKIQxUXtQ3rW+tT/ukKOlr7HXGe/Xt7mBy2Dg2vmQQJJI+tx1gVJRc75nVbSJX /p1LdL+l6PWahZb0dNRWsBMFJkGMZpJQvpnpQeJTAoMVGdp5z+RrTlby0FgkWikfIsm6 DEZpdkvHSrN7KicAVgcyDPRgmF1aqdahvjwhuxWrCdEhz+QMAnAtHGMNKAlel8cU1Qip jQ1S44UUvUZedFFxiMjmgQLsYmFahSGIztctPU3/xlUWywPZOqQOP0+Aq0L+5eVyyX9/ clCA==
X-Gm-Message-State: ALoCoQkr847S0xZn9NnZU4kjHc7QDB9j1WWzg0TX7EqiGkjH4Q/hiM0SBGAe43y8PR+RZqVSTSPW2sL0baaWoXBA1tiUSzAtauNF0rbRVvhauhCAEMpDu2+NoU+MWlRY3VHjIDpQF/js
X-Received: by 10.42.82.6 with SMTP id b6mr32697096icl.51.1407768170339; Mon, 11 Aug 2014 07:42:50 -0700 (PDT)
X-Received: by 10.42.82.6 with SMTP id b6mr32697086icl.51.1407768170244; Mon, 11 Aug 2014 07:42:50 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.150.162 with HTTP; Mon, 11 Aug 2014 07:42:20 -0700 (PDT)
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739439AE0D742@TK5EX14MBXC293.redmond.corp.microsoft.com>
References: <53D6896E.1030701@gmx.net> <CA+k3eCTJMAGGwt1xhOKuVrEJpQqUhTjXzUM6gx8f_XgHdXzH_A@mail.gmail.com> <42B66A8B-0F84-4AFC-A29A-2CD043ADFF76@ve7jtb.com> <CA+k3eCRNCvLof9wiNoJ28YAA-z1-xGbwHMOodFt8xqkE5GAU9w@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739439AE0D742@TK5EX14MBXC293.redmond.corp.microsoft.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Mon, 11 Aug 2014 08:42:20 -0600
Message-ID: <CA+k3eCSWx1mr-PajhRxvtAYUcuPS+uk5DZkHF8i7RtCWkQW6Zg@mail.gmail.com>
To: Mike Jones <Michael.Jones@microsoft.com>
Content-Type: multipart/alternative; boundary=485b397dd701b6c39305005b91d3
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/j37veqNUiuIq-i2UKzLBn8imIok
Cc: "oauth-chairs@tools.ietf.org" <oauth-chairs@tools.ietf.org>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Confirmation: Call for Adoption of "OAuth 2.0 Token Exchange" as an OAuth Working Group Item
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Aug 2014 14:42:53 -0000

--485b397dd701b6c39305005b91d3
Content-Type: text/plain; charset=UTF-8

I'd be okay with that as a way forward. Frankly, of course, I'd prefer to
see draft-campbell-oauth-sts as the starting point with Mike and the other
draft-jones-oauth-token-exchange authors added as co-authors. Regardless,
there are elements from both that likely need to end up in the final work
so a consolidation of authors and concepts makes sense.

And yes, there are lots of details that the working group will need to
decide on going forward that we shouldn't get hung up on right now. Though
I believe that deciding if the token endpoint is used for general token
exchange is an important philosophical question that should be answered
first. If the token endpoint is to be used, I strongly belie that this
token exchange should leverage and work within the constructs provided and
defined by OAuth. That's the direction I took with draft-campbell-oauth-sts
and yes that involves overloading the access_token response parameter with
something that's not always strictly an access token. The existing token
endpoint request/response are already rather close to what one might expect
in an STS type exchange. I find there's a nice elegant simplicity to it but
I also see where that discomfort might come from. If there's consensus to
not use/overload the existing stuff, I think it'd be much more appropriate
to define a new endpoint. A lot of syntactic stuff likely falls out from
that decision.

--485b397dd701b6c39305005b91d3
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>I&#39;d be okay with that as a way forward. Frankly, =
of course, I&#39;d prefer to see draft-campbell-oauth-sts as the starting p=
oint with Mike and the other draft-jones-oauth-token-exchange authors added=
 as co-authors. Regardless, there are elements from both that likely need t=
o end up in the final work so a consolidation of authors and concepts makes=
 sense. <br>


<br></div>And yes, there are lots of details that the working group will ne=
ed to decide on going forward that we shouldn&#39;t get hung up on right no=
w. Though I believe that deciding if the token endpoint is used for general=
 token exchange is an important philosophical question that should be answe=
red first. If the  token endpoint is to be used, I strongly belie that this=
 token exchange should leverage and work within the constructs provided and=
 defined by OAuth. That&#39;s the direction I took with draft-campbell-oaut=
h-sts and yes that involves overloading the access_token response parameter=
 with something that&#39;s not always strictly an access token. The existin=
g token endpoint request/response are already rather close to what one migh=
t expect in an STS type exchange. I find there&#39;s a nice elegant simplic=
ity to it but I also see where that discomfort might come from. If there&#3=
9;s consensus to not use/overload the existing stuff, I think it&#39;d be m=
uch more appropriate to define a new endpoint. A lot of syntactic stuff lik=
ely falls out from that decision. <br>


</div>

--485b397dd701b6c39305005b91d3--


From nobody Mon Aug 11 08:41:22 2014
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 341681A05C0 for <oauth@ietfa.amsl.com>; Mon, 11 Aug 2014 08:41:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.568
X-Spam-Level: 
X-Spam-Status: No, score=-2.568 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z6U8iVsFugAU for <oauth@ietfa.amsl.com>; Mon, 11 Aug 2014 08:41:18 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 990FB1A04AE for <oauth@ietf.org>; Mon, 11 Aug 2014 08:41:18 -0700 (PDT)
Received: from [172.16.254.105] ([80.92.114.129]) by mail.gmx.com (mrgmx102) with ESMTPSA (Nemesis) id 0M2nfO-1WRVkq0C6Y-00sgWg; Mon, 11 Aug 2014 17:41:14 +0200
Message-ID: <53E8E424.8040106@gmx.net>
Date: Mon, 11 Aug 2014 17:41:24 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: Brian Campbell <bcampbell@pingidentity.com>,  Mike Jones <Michael.Jones@microsoft.com>
References: <53D6896E.1030701@gmx.net> <CA+k3eCTJMAGGwt1xhOKuVrEJpQqUhTjXzUM6gx8f_XgHdXzH_A@mail.gmail.com> <42B66A8B-0F84-4AFC-A29A-2CD043ADFF76@ve7jtb.com> <CA+k3eCRNCvLof9wiNoJ28YAA-z1-xGbwHMOodFt8xqkE5GAU9w@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739439AE0D742@TK5EX14MBXC293.redmond.corp.microsoft.com> <CA+k3eCSWx1mr-PajhRxvtAYUcuPS+uk5DZkHF8i7RtCWkQW6Zg@mail.gmail.com>
In-Reply-To: <CA+k3eCSWx1mr-PajhRxvtAYUcuPS+uk5DZkHF8i7RtCWkQW6Zg@mail.gmail.com>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="jGDfxUeBC6K0to5GqgqUtaWPn8FOCCitJ"
X-Provags-ID: V03:K0:8H+bsC1YnlFyJ2+z9U0BC55q2lc8iTK3sWjUWlr3QTXxcrwXpru pw+jyZE6ZoDWSBg8dBPdGANIfCnFFrsWHPnqxUImZNcxFAwahiOFYrRT+f7SU/6tv1f4YLg 3tdNZGSkCA+AADl6cyu3moSs/schkBVSpg6/cPkmQ3ppAy5sFnyJwtxppUm4HcWRuPPtuF4 1bOmbvC0ERWZM+aNowBWA==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/n5QLbpuQ3eftpsj7E2bHC1rqu1s
Cc: "oauth-chairs@tools.ietf.org" <oauth-chairs@tools.ietf.org>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Confirmation: Call for Adoption of "OAuth 2.0 Token Exchange" as an OAuth Working Group Item
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Aug 2014 15:41:20 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--jGDfxUeBC6K0to5GqgqUtaWPn8FOCCitJ
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hi Brian,

we should definitely take your work into account and I recall some other
drafts on the same subject being published some time ago as well.

Adding more co-authors to this working group item makes a lot of sense
to me.

Ciao
Hannes


On 08/11/2014 04:42 PM, Brian Campbell wrote:
> I'd be okay with that as a way forward. Frankly, of course, I'd prefer
> to see draft-campbell-oauth-sts as the starting point with Mike and the=

> other draft-jones-oauth-token-exchange authors added as co-authors.
> Regardless, there are elements from both that likely need to end up in
> the final work so a consolidation of authors and concepts makes sense.
>=20
> And yes, there are lots of details that the working group will need to
> decide on going forward that we shouldn't get hung up on right now.
> Though I believe that deciding if the token endpoint is used for genera=
l
> token exchange is an important philosophical question that should be
> answered first. If the token endpoint is to be used, I strongly belie
> that this token exchange should leverage and work within the constructs=

> provided and defined by OAuth. That's the direction I took with
> draft-campbell-oauth-sts and yes that involves overloading the
> access_token response parameter with something that's not always
> strictly an access token. The existing token endpoint request/response
> are already rather close to what one might expect in an STS type
> exchange. I find there's a nice elegant simplicity to it but I also see=

> where that discomfort might come from. If there's consensus to not
> use/overload the existing stuff, I think it'd be much more appropriate
> to define a new endpoint. A lot of syntactic stuff likely falls out fro=
m
> that decision.


--jGDfxUeBC6K0to5GqgqUtaWPn8FOCCitJ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQEcBAEBCgAGBQJT6OQkAAoJEGhJURNOOiAtTo0H/jWEr4J543q80Of6IMmMk0Yj
r+9+1csMxznfRabPzbpkkbNrYQFstO3hIOXQoHzkBPlK3KmnPpBDL2n7/s0cZCGk
KKaXJumQ79yeU/6C06DaCMEzTr3GTPiSP1BSVHgsHz/YyVR0MKqN76g3D4N2uIHe
lDDSrs5OxjnXCl1dY4dYAL2aTPowTFVUk+Vb4c9cFyd2gsfx+2IkhIpQXpmLNbvA
sZk1IX45x4UbfrTphU91dFwgY7LtQ+rASTVgW6wCM8RRSEl/3dizuW+SWs0nf086
op3ZPf+/EkJ0MM9PuTSB2Yb6hIfO9aE5mNlfSHdz3wkcUkYlIfXgtO+cVbbxuec=
=XzVy
-----END PGP SIGNATURE-----

--jGDfxUeBC6K0to5GqgqUtaWPn8FOCCitJ--


From nobody Mon Aug 11 09:41:20 2014
Return-Path: <tonynad@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65C351A0640 for <oauth@ietfa.amsl.com>; Mon, 11 Aug 2014 09:41:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level: 
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PHmHx0DSN1LO for <oauth@ietfa.amsl.com>; Mon, 11 Aug 2014 09:41:16 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0208.outbound.protection.outlook.com [207.46.163.208]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A78721A05C0 for <oauth@ietf.org>; Mon, 11 Aug 2014 09:41:15 -0700 (PDT)
Received: from BLUPR03MB309.namprd03.prod.outlook.com (10.141.48.22) by BLUPR03MB309.namprd03.prod.outlook.com (10.141.48.22) with Microsoft SMTP Server (TLS) id 15.0.1010.13; Mon, 11 Aug 2014 16:40:55 +0000
Received: from BLUPR03MB309.namprd03.prod.outlook.com ([10.141.48.22]) by BLUPR03MB309.namprd03.prod.outlook.com ([10.141.48.22]) with mapi id 15.00.1010.013; Mon, 11 Aug 2014 16:40:55 +0000
From: Anthony Nadalin <tonynad@microsoft.com>
To: Brian Campbell <bcampbell@pingidentity.com>, Mike Jones <Michael.Jones@microsoft.com>
Thread-Topic: [OAUTH-WG] Confirmation: Call for Adoption of "OAuth 2.0 Token Exchange" as an OAuth Working Group Item
Thread-Index: AQHPqoof8H11iWqER027eNF8GSlzsZvG1MCAgAAqHACAAA/hAIAABqiAgAR6bwCAACA0MA==
Date: Mon, 11 Aug 2014 16:40:55 +0000
Message-ID: <28538159db0344b7a0c572e31c75ed50@BLUPR03MB309.namprd03.prod.outlook.com>
References: <53D6896E.1030701@gmx.net> <CA+k3eCTJMAGGwt1xhOKuVrEJpQqUhTjXzUM6gx8f_XgHdXzH_A@mail.gmail.com> <42B66A8B-0F84-4AFC-A29A-2CD043ADFF76@ve7jtb.com> <CA+k3eCRNCvLof9wiNoJ28YAA-z1-xGbwHMOodFt8xqkE5GAU9w@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739439AE0D742@TK5EX14MBXC293.redmond.corp.microsoft.com> <CA+k3eCSWx1mr-PajhRxvtAYUcuPS+uk5DZkHF8i7RtCWkQW6Zg@mail.gmail.com>
In-Reply-To: <CA+k3eCSWx1mr-PajhRxvtAYUcuPS+uk5DZkHF8i7RtCWkQW6Zg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [2001:4898:80e0:ee43::2]
x-microsoft-antispam: BCL:0;PCL:0;RULEID:;UriScan:;
x-forefront-prvs: 03008837BD
x-forefront-antispam-report: SFV:NSPM; SFS:(6009001)(189002)(199002)(377454003)(21056001)(79102001)(77982001)(80022001)(81542001)(16236675004)(1511001)(93886004)(20776003)(2421001)(19300405004)(64706001)(85852003)(86362001)(19580395003)(19580405001)(92566001)(83322001)(83072002)(33646002)(2656002)(50986999)(87936001)(86612001)(106356001)(54356999)(76176999)(4396001)(76576001)(99396002)(107046002)(101416001)(46102001)(106116001)(81342001)(15975445006)(76482001)(85306004)(15202345003)(95666004)(74316001)(99286002)(31966008)(74662001)(105586002)(74502001)(19625215002)(3826002)(24736002)(108616003)(42262002); DIR:OUT; SFP:; SCL:1; SRVR:BLUPR03MB309; H:BLUPR03MB309.namprd03.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; MX:1; LANG:en; 
Content-Type: multipart/alternative; boundary="_000_28538159db0344b7a0c572e31c75ed50BLUPR03MB309namprd03pro_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/dsade9JJXNDm7zkiYeD3y3NWEiY
Cc: "oauth-chairs@tools.ietf.org" <oauth-chairs@tools.ietf.org>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Confirmation: Call for Adoption of "OAuth 2.0 Token Exchange" as an OAuth Working Group Item
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Aug 2014 16:41:18 -0000

--_000_28538159db0344b7a0c572e31c75ed50BLUPR03MB309namprd03pro_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

SSByZWFkIHRoZSBkcmFmdCBhbmQganVzdCBkb27igJl0IGdldCBpdCwgaXQgb3ZlcmxvYWRzIHNv
bWUgb2YgdGhlIGJhc2ljIHNlbWFudGljcywgSeKAmW0gbm90IHF1aXRlIHN1cmUgeW91IGdldCB0
aGUgY29uY2VwdCBvZiB0b2tlbiBleGNoYW5nZSwgaGFzIHdoYXQgeW91IGRlc2NyaWJlZCBiZWVu
IGRlcGxveWVkID8gb3IgZXZlbiBidWlsdCA/DQoNCkZyb206IE9BdXRoIFttYWlsdG86b2F1dGgt
Ym91bmNlc0BpZXRmLm9yZ10gT24gQmVoYWxmIE9mIEJyaWFuIENhbXBiZWxsDQpTZW50OiBNb25k
YXksIEF1Z3VzdCAxMSwgMjAxNCA3OjQyIEFNDQpUbzogTWlrZSBKb25lcw0KQ2M6IG9hdXRoLWNo
YWlyc0B0b29scy5pZXRmLm9yZzsgb2F1dGhAaWV0Zi5vcmcNClN1YmplY3Q6IFJlOiBbT0FVVEgt
V0ddIENvbmZpcm1hdGlvbjogQ2FsbCBmb3IgQWRvcHRpb24gb2YgIk9BdXRoIDIuMCBUb2tlbiBF
eGNoYW5nZSIgYXMgYW4gT0F1dGggV29ya2luZyBHcm91cCBJdGVtDQoNCkknZCBiZSBva2F5IHdp
dGggdGhhdCBhcyBhIHdheSBmb3J3YXJkLiBGcmFua2x5LCBvZiBjb3Vyc2UsIEknZCBwcmVmZXIg
dG8gc2VlIGRyYWZ0LWNhbXBiZWxsLW9hdXRoLXN0cyBhcyB0aGUgc3RhcnRpbmcgcG9pbnQgd2l0
aCBNaWtlIGFuZCB0aGUgb3RoZXIgZHJhZnQtam9uZXMtb2F1dGgtdG9rZW4tZXhjaGFuZ2UgYXV0
aG9ycyBhZGRlZCBhcyBjby1hdXRob3JzLiBSZWdhcmRsZXNzLCB0aGVyZSBhcmUgZWxlbWVudHMg
ZnJvbSBib3RoIHRoYXQgbGlrZWx5IG5lZWQgdG8gZW5kIHVwIGluIHRoZSBmaW5hbCB3b3JrIHNv
IGEgY29uc29saWRhdGlvbiBvZiBhdXRob3JzIGFuZCBjb25jZXB0cyBtYWtlcyBzZW5zZS4NCkFu
ZCB5ZXMsIHRoZXJlIGFyZSBsb3RzIG9mIGRldGFpbHMgdGhhdCB0aGUgd29ya2luZyBncm91cCB3
aWxsIG5lZWQgdG8gZGVjaWRlIG9uIGdvaW5nIGZvcndhcmQgdGhhdCB3ZSBzaG91bGRuJ3QgZ2V0
IGh1bmcgdXAgb24gcmlnaHQgbm93LiBUaG91Z2ggSSBiZWxpZXZlIHRoYXQgZGVjaWRpbmcgaWYg
dGhlIHRva2VuIGVuZHBvaW50IGlzIHVzZWQgZm9yIGdlbmVyYWwgdG9rZW4gZXhjaGFuZ2UgaXMg
YW4gaW1wb3J0YW50IHBoaWxvc29waGljYWwgcXVlc3Rpb24gdGhhdCBzaG91bGQgYmUgYW5zd2Vy
ZWQgZmlyc3QuIElmIHRoZSB0b2tlbiBlbmRwb2ludCBpcyB0byBiZSB1c2VkLCBJIHN0cm9uZ2x5
IGJlbGllIHRoYXQgdGhpcyB0b2tlbiBleGNoYW5nZSBzaG91bGQgbGV2ZXJhZ2UgYW5kIHdvcmsg
d2l0aGluIHRoZSBjb25zdHJ1Y3RzIHByb3ZpZGVkIGFuZCBkZWZpbmVkIGJ5IE9BdXRoLiBUaGF0
J3MgdGhlIGRpcmVjdGlvbiBJIHRvb2sgd2l0aCBkcmFmdC1jYW1wYmVsbC1vYXV0aC1zdHMgYW5k
IHllcyB0aGF0IGludm9sdmVzIG92ZXJsb2FkaW5nIHRoZSBhY2Nlc3NfdG9rZW4gcmVzcG9uc2Ug
cGFyYW1ldGVyIHdpdGggc29tZXRoaW5nIHRoYXQncyBub3QgYWx3YXlzIHN0cmljdGx5IGFuIGFj
Y2VzcyB0b2tlbi4gVGhlIGV4aXN0aW5nIHRva2VuIGVuZHBvaW50IHJlcXVlc3QvcmVzcG9uc2Ug
YXJlIGFscmVhZHkgcmF0aGVyIGNsb3NlIHRvIHdoYXQgb25lIG1pZ2h0IGV4cGVjdCBpbiBhbiBT
VFMgdHlwZSBleGNoYW5nZS4gSSBmaW5kIHRoZXJlJ3MgYSBuaWNlIGVsZWdhbnQgc2ltcGxpY2l0
eSB0byBpdCBidXQgSSBhbHNvIHNlZSB3aGVyZSB0aGF0IGRpc2NvbWZvcnQgbWlnaHQgY29tZSBm
cm9tLiBJZiB0aGVyZSdzIGNvbnNlbnN1cyB0byBub3QgdXNlL292ZXJsb2FkIHRoZSBleGlzdGlu
ZyBzdHVmZiwgSSB0aGluayBpdCdkIGJlIG11Y2ggbW9yZSBhcHByb3ByaWF0ZSB0byBkZWZpbmUg
YSBuZXcgZW5kcG9pbnQuIEEgbG90IG9mIHN5bnRhY3RpYyBzdHVmZiBsaWtlbHkgZmFsbHMgb3V0
IGZyb20gdGhhdCBkZWNpc2lvbi4NCg==

--_000_28538159db0344b7a0c572e31c75ed50BLUPR03MB309namprd03pro_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl
PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6
IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m
YWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAy
IDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWws
IGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBpbjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJ
Zm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWlseToiVGltZXMgTmV3IFJvbWFuIiwic2VyaWYi
O30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0K
CWNvbG9yOiMwNTYzQzE7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQphOnZpc2l0ZWQs
IHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCWNv
bG9yOiM5NTRGNzI7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpzcGFuLkVtYWlsU3R5
bGUxNw0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1yZXBseTsNCglmb250LWZhbWlseToiQ2Fs
aWJyaSIsInNhbnMtc2VyaWYiOw0KCWNvbG9yOiMxRjQ5N0Q7fQ0KLk1zb0NocERlZmF1bHQNCgl7
bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLCJzYW5z
LXNlcmlmIjt9DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7c2l6ZTo4LjVpbiAxMS4waW47DQoJbWFy
Z2luOjEuMGluIDEuMGluIDEuMGluIDEuMGluO30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpX
b3JkU2VjdGlvbjE7fQ0KLS0+PC9zdHlsZT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNo
YXBlZGVmYXVsdHMgdjpleHQ9ImVkaXQiIHNwaWRtYXg9IjEwMjYiIC8+DQo8L3htbD48IVtlbmRp
Zl0tLT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlbGF5b3V0IHY6ZXh0PSJlZGl0
Ij4NCjxvOmlkbWFwIHY6ZXh0PSJlZGl0IiBkYXRhPSIxIiAvPg0KPC9vOnNoYXBlbGF5b3V0Pjwv
eG1sPjwhW2VuZGlmXS0tPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4tVVMiIGxpbms9IiMwNTYz
QzEiIHZsaW5rPSIjOTU0RjcyIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0aW9uMSI+DQo8cCBjbGFz
cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTom
cXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+
SSByZWFkIHRoZSBkcmFmdCBhbmQganVzdCBkb27igJl0IGdldCBpdCwgaXQgb3ZlcmxvYWRzIHNv
bWUgb2YgdGhlIGJhc2ljIHNlbWFudGljcywgSeKAmW0gbm90IHF1aXRlIHN1cmUgeW91IGdldCB0
aGUgY29uY2VwdCBvZiB0b2tlbiBleGNoYW5nZSwgaGFzIHdoYXQgeW91IGRlc2NyaWJlZA0KIGJl
ZW4gZGVwbG95ZWQgPyBvciBldmVuIGJ1aWx0ID8gPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAg
Y2xhc3M9Ik1zb05vcm1hbCI+PGEgbmFtZT0iX01haWxFbmRDb21wb3NlIj48c3BhbiBzdHlsZT0i
Zm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3Nh
bnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9h
PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEu
MHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90
OyI+RnJvbTo8L3NwYW4+PC9iPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFt
aWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+IE9BdXRoIFtt
YWlsdG86b2F1dGgtYm91bmNlc0BpZXRmLm9yZ10NCjxiPk9uIEJlaGFsZiBPZiA8L2I+QnJpYW4g
Q2FtcGJlbGw8YnI+DQo8Yj5TZW50OjwvYj4gTW9uZGF5LCBBdWd1c3QgMTEsIDIwMTQgNzo0MiBB
TTxicj4NCjxiPlRvOjwvYj4gTWlrZSBKb25lczxicj4NCjxiPkNjOjwvYj4gb2F1dGgtY2hhaXJz
QHRvb2xzLmlldGYub3JnOyBvYXV0aEBpZXRmLm9yZzxicj4NCjxiPlN1YmplY3Q6PC9iPiBSZTog
W09BVVRILVdHXSBDb25maXJtYXRpb246IENhbGwgZm9yIEFkb3B0aW9uIG9mICZxdW90O09BdXRo
IDIuMCBUb2tlbiBFeGNoYW5nZSZxdW90OyBhcyBhbiBPQXV0aCBXb3JraW5nIEdyb3VwIEl0ZW08
bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwv
bzpwPjwvcD4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdp
bi1ib3R0b206MTIuMHB0Ij5JJ2QgYmUgb2theSB3aXRoIHRoYXQgYXMgYSB3YXkgZm9yd2FyZC4g
RnJhbmtseSwgb2YgY291cnNlLCBJJ2QgcHJlZmVyIHRvIHNlZSBkcmFmdC1jYW1wYmVsbC1vYXV0
aC1zdHMgYXMgdGhlIHN0YXJ0aW5nIHBvaW50IHdpdGggTWlrZSBhbmQgdGhlIG90aGVyIGRyYWZ0
LWpvbmVzLW9hdXRoLXRva2VuLWV4Y2hhbmdlIGF1dGhvcnMgYWRkZWQgYXMgY28tYXV0aG9ycy4N
CiBSZWdhcmRsZXNzLCB0aGVyZSBhcmUgZWxlbWVudHMgZnJvbSBib3RoIHRoYXQgbGlrZWx5IG5l
ZWQgdG8gZW5kIHVwIGluIHRoZSBmaW5hbCB3b3JrIHNvIGEgY29uc29saWRhdGlvbiBvZiBhdXRo
b3JzIGFuZCBjb25jZXB0cyBtYWtlcyBzZW5zZS4NCjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8
cCBjbGFzcz0iTXNvTm9ybWFsIj5BbmQgeWVzLCB0aGVyZSBhcmUgbG90cyBvZiBkZXRhaWxzIHRo
YXQgdGhlIHdvcmtpbmcgZ3JvdXAgd2lsbCBuZWVkIHRvIGRlY2lkZSBvbiBnb2luZyBmb3J3YXJk
IHRoYXQgd2Ugc2hvdWxkbid0IGdldCBodW5nIHVwIG9uIHJpZ2h0IG5vdy4gVGhvdWdoIEkgYmVs
aWV2ZSB0aGF0IGRlY2lkaW5nIGlmIHRoZSB0b2tlbiBlbmRwb2ludCBpcyB1c2VkIGZvciBnZW5l
cmFsIHRva2VuIGV4Y2hhbmdlIGlzIGFuIGltcG9ydGFudA0KIHBoaWxvc29waGljYWwgcXVlc3Rp
b24gdGhhdCBzaG91bGQgYmUgYW5zd2VyZWQgZmlyc3QuIElmIHRoZSB0b2tlbiBlbmRwb2ludCBp
cyB0byBiZSB1c2VkLCBJIHN0cm9uZ2x5IGJlbGllIHRoYXQgdGhpcyB0b2tlbiBleGNoYW5nZSBz
aG91bGQgbGV2ZXJhZ2UgYW5kIHdvcmsgd2l0aGluIHRoZSBjb25zdHJ1Y3RzIHByb3ZpZGVkIGFu
ZCBkZWZpbmVkIGJ5IE9BdXRoLiBUaGF0J3MgdGhlIGRpcmVjdGlvbiBJIHRvb2sgd2l0aCBkcmFm
dC1jYW1wYmVsbC1vYXV0aC1zdHMNCiBhbmQgeWVzIHRoYXQgaW52b2x2ZXMgb3ZlcmxvYWRpbmcg
dGhlIGFjY2Vzc190b2tlbiByZXNwb25zZSBwYXJhbWV0ZXIgd2l0aCBzb21ldGhpbmcgdGhhdCdz
IG5vdCBhbHdheXMgc3RyaWN0bHkgYW4gYWNjZXNzIHRva2VuLiBUaGUgZXhpc3RpbmcgdG9rZW4g
ZW5kcG9pbnQgcmVxdWVzdC9yZXNwb25zZSBhcmUgYWxyZWFkeSByYXRoZXIgY2xvc2UgdG8gd2hh
dCBvbmUgbWlnaHQgZXhwZWN0IGluIGFuIFNUUyB0eXBlIGV4Y2hhbmdlLiBJIGZpbmQNCiB0aGVy
ZSdzIGEgbmljZSBlbGVnYW50IHNpbXBsaWNpdHkgdG8gaXQgYnV0IEkgYWxzbyBzZWUgd2hlcmUg
dGhhdCBkaXNjb21mb3J0IG1pZ2h0IGNvbWUgZnJvbS4gSWYgdGhlcmUncyBjb25zZW5zdXMgdG8g
bm90IHVzZS9vdmVybG9hZCB0aGUgZXhpc3Rpbmcgc3R1ZmYsIEkgdGhpbmsgaXQnZCBiZSBtdWNo
IG1vcmUgYXBwcm9wcmlhdGUgdG8gZGVmaW5lIGEgbmV3IGVuZHBvaW50LiBBIGxvdCBvZiBzeW50
YWN0aWMgc3R1ZmYgbGlrZWx5IGZhbGxzDQogb3V0IGZyb20gdGhhdCBkZWNpc2lvbi4gPG86cD48
L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K

--_000_28538159db0344b7a0c572e31c75ed50BLUPR03MB309namprd03pro_--


From nobody Mon Aug 11 10:00:51 2014
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C65821A0473 for <oauth@ietfa.amsl.com>; Mon, 11 Aug 2014 10:00:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.578
X-Spam-Level: 
X-Spam-Status: No, score=-3.578 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QyJ0z4ZgDiRc for <oauth@ietfa.amsl.com>; Mon, 11 Aug 2014 10:00:46 -0700 (PDT)
Received: from na3sys009aog107.obsmtp.com (na3sys009aog107.obsmtp.com [74.125.149.197]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFCEB1A069E for <oauth@ietf.org>; Mon, 11 Aug 2014 10:00:45 -0700 (PDT)
Received: from mail-ig0-f180.google.com ([209.85.213.180]) (using TLSv1) by na3sys009aob107.postini.com ([74.125.148.12]) with SMTP ID DSNKU+j2vba8xW6uTbtDaA7DDp4hP+emMUB5@postini.com; Mon, 11 Aug 2014 10:00:45 PDT
Received: by mail-ig0-f180.google.com with SMTP id l13so4589728iga.13 for <oauth@ietf.org>; Mon, 11 Aug 2014 10:00:42 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=Up7+q2HfXQnyfnc2WIjME2f63EApmJKUAfvkjU3Kp0E=; b=ZwMMb82Y97EcA0jnd3WSSpmGeOOJUJ0/a+9eBoZDR226YqCKfbujY6pvt8yzYjYKKz Pyi0CwUSPflRqdAKaTljveoYKer/27UT33ZVzRlRTyJABenz8DNPckG3brQOCdvwwRuG KQZghmN6Bs5RyUU6m4cQgPMv11d5ZukJBr+CkRm2oiVlpD6NSTw49jXFUMSb6HexN2eR w6pqKE5fZsiUoEgseMx3I16AvbEw/T/a+ftjsKgjHEz4fZW7S1sEEIDReVifcUSpT9co Kt8x+QkZb4UJv/RzvDNd8agH2A+PECEjdB5iYbsQeXiVj4iHOVr9KaxJ3q/F6tTpXgiQ u0Lw==
X-Gm-Message-State: ALoCoQnkI6oYv/BzbllL3QT/4m0emkKKTcHGkSeKay0iUbbdBzmJm+Smw6KPm6z+3hBPaRGy9eoqo2acasvbjDKUdA3DcURMQLin7yrp3w9HamJ2WQ9dM60/TuLq7PCiRlUyxKskXMUr
X-Received: by 10.51.17.2 with SMTP id ga2mr31839141igd.2.1407776442200; Mon, 11 Aug 2014 10:00:42 -0700 (PDT)
X-Received: by 10.51.17.2 with SMTP id ga2mr31839125igd.2.1407776442089; Mon, 11 Aug 2014 10:00:42 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.150.162 with HTTP; Mon, 11 Aug 2014 10:00:11 -0700 (PDT)
In-Reply-To: <53D68963.6040600@gmx.net>
References: <53D68963.6040600@gmx.net>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Mon, 11 Aug 2014 11:00:11 -0600
Message-ID: <CA+k3eCTmS37-RqjOH0F7DrLLa=D7TKYLFyWfS=uVOc6kb0xRkA@mail.gmail.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Content-Type: multipart/alternative; boundary=001a113491e4c121ef05005d7ee4
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/oWNRjZuxAtEflSLaF5Y6_nF9QjE
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Confirmation: Call for Adoption of "Request by JWS ver.1.0 for OAuth 2.0" as an OAuth Working Group Item
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Aug 2014 17:00:48 -0000

--001a113491e4c121ef05005d7ee4
Content-Type: text/plain; charset=UTF-8

Yes (sorry I'm a little late with this one)


On Mon, Jul 28, 2014 at 11:33 AM, Hannes Tschofenig <
hannes.tschofenig@gmx.net> wrote:

> Hi all,
>
> during the IETF #90 OAuth WG meeting, there was strong consensus in
> adopting the " Request by JWS ver.1.0 for OAuth 2.0"
> (draft-sakimura-oauth-requrl-05.txt) specification as an OAuth WG work
> item.
>
> We would now like to verify the outcome of this call for adoption on the
> OAuth WG mailing list. Here is the link to the document:
> http://datatracker.ietf.org/doc/draft-sakimura-oauth-requrl/
>
> If you did not hum at the IETF 90 OAuth WG meeting, and have an opinion
> as to the suitability of adopting this document as a WG work item,
> please send mail to the OAuth WG list indicating your opinion (Yes/No).
>
> The confirmation call for adoption will last until August 10, 2014.  If
> you have issues/edits/comments on the document, please send these
> comments along to the list in your response to this Call for Adoption.
>
> Ciao
> Hannes & Derek
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>

--001a113491e4c121ef05005d7ee4
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Yes (sorry I&#39;m a little late with this one)<br></div><=
div class=3D"gmail_extra"><br><br><div class=3D"gmail_quote">On Mon, Jul 28=
, 2014 at 11:33 AM, Hannes Tschofenig <span dir=3D"ltr">&lt;<a href=3D"mail=
to:hannes.tschofenig@gmx.net" target=3D"_blank">hannes.tschofenig@gmx.net</=
a>&gt;</span> wrote:<br>

<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">Hi all,<br>
<br>
during the IETF #90 OAuth WG meeting, there was strong consensus in<br>
adopting the &quot; Request by JWS ver.1.0 for OAuth 2.0&quot;<br>
(draft-sakimura-oauth-requrl-05.txt) specification as an OAuth WG work<br>
item.<br>
<br>
We would now like to verify the outcome of this call for adoption on the<br=
>
OAuth WG mailing list. Here is the link to the document:<br>
<a href=3D"http://datatracker.ietf.org/doc/draft-sakimura-oauth-requrl/" ta=
rget=3D"_blank">http://datatracker.ietf.org/doc/draft-sakimura-oauth-requrl=
/</a><br>
<br>
If you did not hum at the IETF 90 OAuth WG meeting, and have an opinion<br>
as to the suitability of adopting this document as a WG work item,<br>
please send mail to the OAuth WG list indicating your opinion (Yes/No).<br>
<br>
The confirmation call for adoption will last until August 10, 2014. =C2=A0I=
f<br>
you have issues/edits/comments on the document, please send these<br>
comments along to the list in your response to this Call for Adoption.<br>
<br>
Ciao<br>
Hannes &amp; Derek<br>
<br>
<br>_______________________________________________<br>
OAuth mailing list<br>
<a href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/oauth" target=3D"_blank">h=
ttps://www.ietf.org/mailman/listinfo/oauth</a><br>
<br></blockquote></div><br></div>

--001a113491e4c121ef05005d7ee4--


From nobody Mon Aug 11 13:59:17 2014
Return-Path: <hidelafoglia@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 397FC1A00D8 for <oauth@ietfa.amsl.com>; Mon, 11 Aug 2014 13:59:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level: 
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 74ePOVfgCiab for <oauth@ietfa.amsl.com>; Mon, 11 Aug 2014 13:59:13 -0700 (PDT)
Received: from mail-oi0-x229.google.com (mail-oi0-x229.google.com [IPv6:2607:f8b0:4003:c06::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 521D81A0002 for <oauth@ietf.org>; Mon, 11 Aug 2014 13:59:13 -0700 (PDT)
Received: by mail-oi0-f41.google.com with SMTP id a141so6045633oig.0 for <oauth@ietf.org>; Mon, 11 Aug 2014 13:59:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=IlEYlPtncXs+2mOTJThLMUHwIrNh17nrf0WHd6do4/Q=; b=hNoO7VoGOPzfxorQuILmPwWm6iOpkvZdJ5qAvlxZ0emMJosRGLinYmfx+HkY9q0cC/ wShVWYqyNG/Aql9Nl22oa4LrYKEQ7tGYyqQ7WTy0TGI3FXlhwpY6MIi2Yxujh7GVphoA G6PdAdFcOyXySjziO7QVa1pTo0cxb1wLZpgcJESDZ2jvE7Zm8Z7hi7gmqegpU/4IuggD 05vX5EZvJvhorUlNRPGOJ0ekcfbwkjrnZum4P3S6680DVueQS81mVTSylwDVViuf1iT/ 7fOT2ittFJPy8HFaiLtCrRT9vhoibnWyWV3zrfN6u3Pvb8wWfWdoEhbQLkAXyowsMnGO JuYA==
MIME-Version: 1.0
X-Received: by 10.182.16.200 with SMTP id i8mr326352obd.68.1407790752692; Mon, 11 Aug 2014 13:59:12 -0700 (PDT)
Received: by 10.202.56.68 with HTTP; Mon, 11 Aug 2014 13:59:12 -0700 (PDT)
In-Reply-To: <53D68963.6040600@gmx.net>
References: <53D68963.6040600@gmx.net>
Date: Tue, 12 Aug 2014 05:59:12 +0900
Message-ID: <CAFOw51j8rc0wz_1zYzfM0fu6vq16Y1dwW8CXwdMfDYMN7jjqTQ@mail.gmail.com>
From: hdknr hidelafoglia <hidelafoglia@gmail.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Content-Type: multipart/alternative; boundary=001a11c336cabb8014050060d352
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/0n8lu36vO-IKsZ86geGw6P6BZhI
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Confirmation: Call for Adoption of "Request by JWS ver.1.0 for OAuth 2.0" as an OAuth Working Group Item
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Aug 2014 20:59:15 -0000

--001a11c336cabb8014050060d352
Content-Type: text/plain; charset=UTF-8

Yes


2014-07-29 2:33 GMT+09:00 Hannes Tschofenig <hannes.tschofenig@gmx.net>:

> Hi all,
>
> during the IETF #90 OAuth WG meeting, there was strong consensus in
> adopting the " Request by JWS ver.1.0 for OAuth 2.0"
> (draft-sakimura-oauth-requrl-05.txt) specification as an OAuth WG work
> item.
>
> We would now like to verify the outcome of this call for adoption on the
> OAuth WG mailing list. Here is the link to the document:
> http://datatracker.ietf.org/doc/draft-sakimura-oauth-requrl/
>
> If you did not hum at the IETF 90 OAuth WG meeting, and have an opinion
> as to the suitability of adopting this document as a WG work item,
> please send mail to the OAuth WG list indicating your opinion (Yes/No).
>
> The confirmation call for adoption will last until August 10, 2014.  If
> you have issues/edits/comments on the document, please send these
> comments along to the list in your response to this Call for Adoption.
>
> Ciao
> Hannes & Derek
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>

--001a11c336cabb8014050060d352
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Yes<br></div><div class=3D"gmail_extra"><br><br><div class=
=3D"gmail_quote">2014-07-29 2:33 GMT+09:00 Hannes Tschofenig <span dir=3D"l=
tr">&lt;<a href=3D"mailto:hannes.tschofenig@gmx.net" target=3D"_blank">hann=
es.tschofenig@gmx.net</a>&gt;</span>:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">Hi all,<br>
<br>
during the IETF #90 OAuth WG meeting, there was strong consensus in<br>
adopting the &quot; Request by JWS ver.1.0 for OAuth 2.0&quot;<br>
(draft-sakimura-oauth-requrl-05.txt) specification as an OAuth WG work<br>
item.<br>
<br>
We would now like to verify the outcome of this call for adoption on the<br=
>
OAuth WG mailing list. Here is the link to the document:<br>
<a href=3D"http://datatracker.ietf.org/doc/draft-sakimura-oauth-requrl/" ta=
rget=3D"_blank">http://datatracker.ietf.org/doc/draft-sakimura-oauth-requrl=
/</a><br>
<br>
If you did not hum at the IETF 90 OAuth WG meeting, and have an opinion<br>
as to the suitability of adopting this document as a WG work item,<br>
please send mail to the OAuth WG list indicating your opinion (Yes/No).<br>
<br>
The confirmation call for adoption will last until August 10, 2014. =C2=A0I=
f<br>
you have issues/edits/comments on the document, please send these<br>
comments along to the list in your response to this Call for Adoption.<br>
<br>
Ciao<br>
Hannes &amp; Derek<br>
<br>
<br>_______________________________________________<br>
OAuth mailing list<br>
<a href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/oauth" target=3D"_blank">h=
ttps://www.ietf.org/mailman/listinfo/oauth</a><br>
<br></blockquote></div><br></div>

--001a11c336cabb8014050060d352--


From nobody Mon Aug 11 14:09:08 2014
Return-Path: <gffletch@aol.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 438121A00D7 for <oauth@ietfa.amsl.com>; Mon, 11 Aug 2014 14:09:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.751
X-Spam-Level: *
X-Spam-Status: No, score=1.751 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FROM=0.001, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9WhFg-NdiLIJ for <oauth@ietfa.amsl.com>; Mon, 11 Aug 2014 14:09:04 -0700 (PDT)
Received: from omr-m02.mx.aol.com (omr-m02.mx.aol.com [64.12.143.76]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5CE701A00BE for <oauth@ietf.org>; Mon, 11 Aug 2014 14:09:03 -0700 (PDT)
Received: from mtaout-mbe01.mx.aol.com (mtaout-mbe01.mx.aol.com [172.26.254.173]) by omr-m02.mx.aol.com (Outbound Mail Relay) with ESMTP id 7B55A702E629D; Mon, 11 Aug 2014 17:09:02 -0400 (EDT)
Received: from [10.181.176.95] (unknown [10.181.176.95]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mtaout-mbe01.mx.aol.com (MUA/Third Party Client Interface) with ESMTPSA id D7F3E380000AF; Mon, 11 Aug 2014 17:09:01 -0400 (EDT)
Message-ID: <53E930ED.4090909@aol.com>
Date: Mon, 11 Aug 2014 17:09:01 -0400
From: George Fletcher <gffletch@aol.com>
Organization: AOL LLC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>,  "oauth@ietf.org" <oauth@ietf.org>
References: <53D68963.6040600@gmx.net>
In-Reply-To: <53D68963.6040600@gmx.net>
Content-Type: multipart/alternative; boundary="------------090309060407020607070307"
x-aol-global-disposition: G
X-AOL-VSS-INFO: 5600.1067/98281
X-AOL-VSS-CODE: clean
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mx.aol.com; s=20140625; t=1407791342; bh=9+L+si4iz+hLB42pyYDY9IpPz3ouef05+pyVojCvYAg=; h=From:To:Subject:Message-ID:Date:MIME-Version:Content-Type; b=mnYDoDqmRqmUtZU4KLH3Tn7WblLq70fEN9zLRQiT8g9D1MiuEQ79wzjZGk8nKLakV xvj67QQ5m2OSwpdXuRRYcc2elYyms863vjkIODlAJpEy1wez02oJC5uofgjB2klaPq eIA/9U/qdjrM9DfFxAzkzaJosn8g1xA0A4HTyJV8=
x-aol-sid: 3039ac1afead53e930ed3e62
X-AOL-IP: 10.181.176.95
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/Xrt9-t9zQh23f4tA5b_NP-Pc46s
Subject: Re: [OAUTH-WG] Confirmation: Call for Adoption of "Request by JWS ver.1.0 for OAuth 2.0" as an OAuth Working Group Item
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Aug 2014 21:09:05 -0000

This is a multi-part message in MIME format.
--------------090309060407020607070307
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

Yes for me as well

On 7/28/14, 1:33 PM, Hannes Tschofenig wrote:
> Hi all,
>
> during the IETF #90 OAuth WG meeting, there was strong consensus in
> adopting the " Request by JWS ver.1.0 for OAuth 2.0"
> (draft-sakimura-oauth-requrl-05.txt) specification as an OAuth WG work
> item.
>
> We would now like to verify the outcome of this call for adoption on the
> OAuth WG mailing list. Here is the link to the document:
> http://datatracker.ietf.org/doc/draft-sakimura-oauth-requrl/
>
> If you did not hum at the IETF 90 OAuth WG meeting, and have an opinion
> as to the suitability of adopting this document as a WG work item,
> please send mail to the OAuth WG list indicating your opinion (Yes/No).
>
> The confirmation call for adoption will last until August 10, 2014.  If
> you have issues/edits/comments on the document, please send these
> comments along to the list in your response to this Call for Adoption.
>
> Ciao
> Hannes & Derek
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

-- 
George Fletcher <http://connect.me/gffletch>

--------------090309060407020607070307
Content-Type: multipart/related;
 boundary="------------040909020905070700090106"


--------------040909020905070700090106
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <font face="Helvetica, Arial, sans-serif">Yes for me as well<br>
      <br>
    </font>
    <div class="moz-cite-prefix">On 7/28/14, 1:33 PM, Hannes Tschofenig
      wrote:<br>
    </div>
    <blockquote cite="mid:53D68963.6040600@gmx.net" type="cite">
      <pre wrap="">Hi all,

during the IETF #90 OAuth WG meeting, there was strong consensus in
adopting the " Request by JWS ver.1.0 for OAuth 2.0"
(draft-sakimura-oauth-requrl-05.txt) specification as an OAuth WG work
item.

We would now like to verify the outcome of this call for adoption on the
OAuth WG mailing list. Here is the link to the document:
<a class="moz-txt-link-freetext" href="http://datatracker.ietf.org/doc/draft-sakimura-oauth-requrl/">http://datatracker.ietf.org/doc/draft-sakimura-oauth-requrl/</a>

If you did not hum at the IETF 90 OAuth WG meeting, and have an opinion
as to the suitability of adopting this document as a WG work item,
please send mail to the OAuth WG list indicating your opinion (Yes/No).

The confirmation call for adoption will last until August 10, 2014.  If
you have issues/edits/comments on the document, please send these
comments along to the list in your response to this Call for Adoption.

Ciao
Hannes &amp; Derek

</pre>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
OAuth mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OAuth@ietf.org">OAuth@ietf.org</a>
<a class="moz-txt-link-freetext" href="https://www.ietf.org/mailman/listinfo/oauth">https://www.ietf.org/mailman/listinfo/oauth</a>
</pre>
    </blockquote>
    <br>
    <div class="moz-signature">-- <br>
      <a href="http://connect.me/gffletch" title="View full card on
        Connect.Me"><img src="cid:part1.02060705.04030409@aol.com"
          alt="George Fletcher" height="113" width="359"></a></div>
  </body>
</html>

--------------040909020905070700090106
Content-Type: image/png;
 name="XeC"
Content-Transfer-Encoding: base64
Content-ID: <part1.02060705.04030409@aol.com>
Content-Disposition: inline;
 filename="XeC"

iVBORw0KGgoAAAANSUhEUgAAAWcAAABxEAYAAABZ0L78AAAABmJLR0TIyMjIyMhnRJJpAAAA
CXBIWXMAAABIAAAASABGyWs+AACAAElEQVR42uzddYAUV77w/W9VtY67wuDu7u5uQYMEhxAk
ENxCggWCk6AJJLgmEDQwuLszOAMzzDBuPa1V5/3jXnb22b25m92wN/d53v78M3R11a/Oqa7T
/OrUqdPSpUuXLl26JARubm5ubm5ubm5ubr9J9+4fNWrUqFGjxp9dHDc3Nzc3Nzc3N7f/XS5f
vnz58mWQ/+yCuLm5ubm5ubm5uf3fwJ04u7m5ubm5ubm5uf0O7sTZzc3Nzc3Nzc3N7XdwJ85u
bm5ubm5ubm5uv4M7cXZzc3Nzc3Nzc3P7HXR/NIDVarfbbP/5QgYc6EgCKZRdUgMQY6QwyQ+0
X5zFHWFAjKWodQOI0pauqeXBVvNt0isv0K8L8Pc7CsbcoKuRM8HV0XzYfAGUzzhvPAbSt6Sz
A9TFcjH9a5AO5f6c8RU4O1rTsoaA8Wzw1agfQIy1xVqSwPHxs4O3Z4FYIzdQfgHuub5RB4P2
OntVxlJQD0qjlI6g5aoPzQXB+lHmfGcs5A7LLp15AHKL5kRmD4XcJFs/NQss3o5020WwPLfm
z94I9oH2KdaeoH/mvcHPBtIE7xC/NLAkZJzMzIScbzJJ6QGuTtI6uQKIqnTSVQVtpuf3AfnB
diA3N/coKP6mwuZ7kDkp3SN9JXicCrkdkQlavPKj10swe3lGee8EYeKpsSLoVxg3ywdA/dJV
X/sVagyq9WG5RlBDqlgs/DlopVyLXPdA2iDaEgnCXwoWF0FqjJkgELm4cAEg/R8fpMJ/TEl4
DwkZCGA840E3R1qiDITXVxMfpm6EgxtPd7i0AYRR/9w1CnpNaTKrYWNwTpKXSJGg7RGz8ATf
554rjflAXir5y3tBd9XU3XwcomecSDrYADLyWW1qO3iSkLT44lLwehs8K6cX2B8meCh34WHM
m9LP14N0VdfOthmymqZMF1cga2DOWJ/x4H1T95XhDgQv808qcA2K7yqUXXoDWLvZJ+gWQWp4
UmBuKEQ1Cv1GDAXrZ2q2ZTIUPOyRG1kd/PoV+DxyBuQ2tT5N/QL8/D06Bu6Hi41jPv9lF1i/
UbumNIYBES0GzpgDjh/kbsrHUHZL8Y9DN8Pjz5+tyC4PB8dcjF42C7J8rJZr3cGrvTzS1w+S
7ydV9PGG+fcmR62a+Wc3czc3Nzc3N7f34f31OMsINCBTMuEH1EYT50FaKt4IFaTh4qbsC9j0
W8UFcD5MXZLYHIwBPvm8zoPmr32sVQWa6Eqavwb9eVn1OgOan4hRl4OwiBnOQFCuSRGiNnDO
67V/ZzB86R0f+BFok10fOS4A0aKuVhWE7NplbwxOnyS/2L2gfpz7UXpHUIc7m9k+BTE/Myl7
EjiGZR5Ouw7SBeWZOgtEgu6a3B2UtYY7hqFgqG/K1C8AT6fnNfMhMB81r/GoCoaPdRP0r0Dx
dKU5PgG9UyjO4WBaZ7qoLwHKB1KYHATyJtcJVwBoFZ2VbEVB6ax+Yq8L+kQmuoLA1EvfRZsE
xlQPm9cGkEY66ti7gfdQzyPmySB+Ucs5m0HQmpCuAafBc5nP4TAT6Lz0Ov0teDw8JuflEbBM
tVS2aSB/qIwTd0EbIH0hhYA0n12EgUiUArEAIP4mZf4PKiCAolIoAqSa1JE2grO1eOV6Bvlm
hXv71YN+lvbdmh6E+gcqJJf5DoJ+CiLACBcHX9ff+RweDnve+l5VyMqfPtDiB1yXF8mdwdCJ
sdIKMDfyfhMxCpQwpZRdByFv/b62WsCmZAm9J1TtU2J7u1bglyMlFDkBmUdS9wemge9Qj2qB
5aFQ+8BuRdaAM9tRtKgEWeeyc3kK9wu/UG7rodDC8DpebaCwI8JStjzcmPzgUMZIeGtP35Ix
A3T7pRGv64LXDrm68xt4UyPp4NPv4Wa5+zV/mgXaN5bW/oUgLNyjYadtoGtu7KMbBF6nzKN0
UZDkTPom4yXc/fSZ77HLkNkss8+jaHC1zk7LyYG0OwmjMgpB7ijbS1f0n9283dzc3Nzc3N6n
P9zj/BdOJARIhYRNCgJxkSdiCWh1pTviS5Ar6ZcqZ0HdaYm3VgKuyN8ZZoM819BeNw+UicpQ
9RKIO3JvURO0gXI/rTRIYWK1bgwIf0049SCNcS60DAGplH6yxyBQvxSfuayglY1v8Kg6aIn2
W85tIN2VF+jWg+GM51D/qeA8aDlrSQbptKugEgcuf2cf5wRwfWpvYP8c1AiluagLhoX6lnoP
MGzzMnvXBTnKNtwxA1Dst21twGuB1Eo6CdI52SoZQZ3nmmQvBfpH8iUCwLFdHqP1B/MYD7M5
BhiXnc/yM6iVtKnaDBBLbebsXiBt0oKU5eBULaas8eBZxDDAcxWgYHd9AtoJ66a0LwGDfEUf
BdYhOfLb6qBf4nEoOAB8kwKK+M+CzDvptvTF8GLsq8/Tg6Di8dItQn3B9dI1SAPoJ3/CfEAT
qdJiQEIWsfxHkvx/JtASBkATsVwB8Ugqy08g3RcrFAtoOWpDbTZYn1BTewXFbAVH5TdDQrfU
Q0lloEaPcruLdoGwngGpoUlg09SDrjOQ8WvWPcfX8GBUaqFnP0DaV7afXpeCW1diI+93hJSV
loQUb1DvZ8/PTgWfUH3RW+mgT/Hb5FwPjZYW6li+OrjKaQXlBDgz+s6ZJyaQt+m+D6kEUmmS
jPHQcGulMo1/hkrzCnpXeQNZdyKPJlyA+l/Wkrr1hPtfxLx9+gYeN3pg2fEangfaNzguQsZL
feDzIeA9D9U0E6oVK3u+YTXw/zQyxT8W/FsH+nt3grQlb4dmfgYp6zKNYgU8W/v448QqIBpo
R8yTwFYnMyP/HHAlqD7ZCZBRihuvPwWg/p/dyN3c3Nzc3Nzej/eXOMv8RzLmRxYm4IDUlOeg
ayFG0ANcwdo1pwGUVeKMuA7KzSLli+WA+rVY4LwFyklnz8wPQXym72/yBfm5liI6g6glt9H1
AamfHM9s0OJypqQroF3M7ZDUEXT79JU8csD2So0VI0Drkzwsvhm4cqwLbBnAVGmFch3kvkoT
jgP5DWO974DugXRMXwa893qNVgqDo61jr9QNnIW04WoncC1Si+INhvVipzEVXH20geImaHaC
pSngVdSriq432LOsq7K+Bfmac5crBTxLKr/Iz0G+Y75ijAS5oJoulQBprb2GsyFY9zpb2IoA
W6TeSguwT87RW26DPlmvZh8CbnucDSoHxm6uXtlDwHnc/opnkOnK/jC1G3hWDuyf+iXoS4dp
JQ+D9zzfTX4/w4Nlj+PjW0HJFYV3BJUA3Zc6L9Ee1MniE9kIch3JU/wK4o7IRQEUJLT/4xMU
OAGBL4WAGaKueAVyU1lhIOTE5ky21YDLU25WutkFEkpnnI67Bzm1c95oHaHy2wofl5gMph4e
DYJC4eWShF7Pe8F31oM/7NwHuqq6g7nbwTVFvzKlDxS5G9g7fxLcn/P8vs9icOxzFbK+Au/r
idXvVYSIYP/WpT6HjOP25qk+UGhcwPIG38DrEW9rHpoGH65v5mreC3xS7FsNY6FMVCnPwmsg
pnh86mMfeJ0Yvz82HSy3bN9ZesIL69vCRy+Da4OYr0SDf1lrSsJFEFusG8O/hFJ1SucvtwqC
AoNG+JwBz191mvUxJG6Mv5aig8RtGSteRcMrOSHi2RwIig27xF3IXP08LG0tcFBvlw5DZqmM
k8bOIN/x6eQ5EajOmD+7kbu5ubm5ubm9H+83cZZBPMUl3oBUlkhSQNiYLoeA/Ak9pfkgKnv1
MO8E6RJH9JNAHihbJQfIjw1tIgJBCkCvywIxG192guQSx8Q+0MblxiUvAp7pgrz9QL7kcSng
K1D9s7q+HgqSRaqm1gFFDSgXPhO0HxIsLzNBa+pqpE4G5Z6nNSQWuGlSPW6ASMv9Vp0Aopz6
ubwYDFbplRYDUoSWrSWClGMv6LKAK5881LkclAZKeTkddIe1XGUqSC/FEzEXhKTM1A8HTlNL
tAJzuuiktQY1ga5ySZB7mR+b7oE8X/lW5wW4rGGiNljbutqqM0FLljYpn4MtwRJsmw+GU7gy
14GyUfcZL8D8zPDU3AXS8qevtRQG3fe81DZCllXqbIwEn8Dgp1ES5Ay1tnFdhtf6ODltLhRr
Xax/cEVQU+y/qqEgnkkL8QdswH/1A+sSoAEqmlQIpL18KdaAOKr1EN+B+bhpsdEEzYPrPKm5
Ho40O//L7RGw+/C5tTsOwFHuLT3dDWpcLzq81BbQNZNUXyvkH+FbKCwayuwpXKvickgumjvn
1WV4I6cG/1oTguv7v3YWBscFqaF1GfjXNo80fwyKd/a9zBSIOfl2qKs3WDytpU/fgjLL8xUI
vwdx+9Iu30+FgafaftwnBNZGb9X/HAIpPW3rHw2A2rElSnYaBU8+e5F6/wHkVBAHPI9C5CCv
vrrLYGuSVcXzNZTyLHqs6q9QaUUBU4m1YP7BqPPMhbfLEmukP4eXJRL33dgDB69fn7T3IIQ8
9NU5y0KDk0WCWkyHiCT/8bUtYPzVVEqqDpmv/btb1sDbCrln42r+G1psZSpTGY7MPTL3yFzY
6b/Tf6c/PGn0pNGTRqCuUlepq6DIV0W+KvIVtD/Q/kD7A9A5pXNK5xRQqivVler/hnK5/beq
Vq1atWrVf367yc0nN5/cHLrM7TK3y9y/j3P8+PHjx4+Dn5+fn5/fHy/ns53Pdj7bmfe6YMGC
BQsWfP/nzb+7Hm5ubm7/Lu8vcRYIZMAohZACIk48lj4FjjFXjAepj3Jerg5MlCb7BIN2Ve2c
swWUHKmOUgsYKdU1jQDxQqRIM4Fm0hnWgrgjbdbOgRRmOOZZDfhE2W4qBtplx5dZPwHztGDx
CcgFfEWgJ8iWcE9zKshr9C75NLDJNNNzPUjn5C3mkuD6KuNLy2IQA+1e9oYg9TfGKgkgqfZj
rhBQfrVb1c1gD3fkd3qD6rRfc4wGFqlbRXnQTZZKKmaQvtRNlHqC1MeU69UbRIpor70AVwM1
1JUJ5jXqcTkXXLf0hZSFoCzUXVQfgHxUaizpQSuX29XeG9Qnjr3sAeNnuhzzRFBjnJXtIyB7
R/bw1KZgVr0G+TUA3/m+Ts8dkDM9q2P6F0DxlNCXo8A+3VjZ6A2Gl775I7fB07WvIlO/g8Kn
Cu8LDgPpB+maqAJcETFyOaAskngFeKDDD7DhwAoINEwgRUh6NBCHxB0EkJ9+8gNQqug+FrPB
uceZz3EXAgf6SmolaORVoWHUBrCMNqx6Fg26WtrxmJEgNc5MrpgOVfqX3VmjIvwQ9mvzn65C
6OjQ/qZqUGNE6U/qDobWX5Y9nW8uPC6cOelNEuz56OjF76uCYZxyM6kYWBurgb4z4VbCY8+A
B+DXw5DquwZiPJ9Ll/fDiu7bNhscENTd0FGeCtZ+GS8Dd4NaUhGpJyHiTcC6ItGQM9ByLuoI
WGRL/fPNwdTeQ5bqwI2Cj5tf2gBP6sQaYoqD3MKc4WGG+BtvbyVshPBUz2eBD6FcSsChptfA
t0hQpbi+4O/M177kEtCa6komvYDcduo6ix/oQ8S+h9sgpWxKfOIFAIq9zwa74OSCkwtOws4m
O5vsbJK3XO/Su/Qu/pJYP/R46PHQAx52e9jtYTe43vR60+tNYf6w+cPmDwNucIMb7/nbxO13
C5keMj1kOijDleHK8N9ez2OMxxiPMf9z5eq+oPuC7gvyXv8locUPvz/rYLm5ubn9L/L+Emf4
j55MvRB4Aek85xbwEotYA5QjTDKDCNXStDGgLXJ5544EaaJ8yGwBaabxIF+DtFgsVReASCNY
BIIwyJV0lUGqau2VlQMumRa5RlBme4z07QtSa79Lvr1Ad13uKvcDsdk1U9sG0p4ilcPKgFRK
V1JXCOihbnRZQKkmE18H7Eeds1M+AGd4Zr/sGHClWA67AsFa1Xrd1gdyV1i/yX0FLj9XmsgG
aYW0U9cClGXyWXkhGOsZKhr7gyhj6C0NAPsEZ7JzA0hH1Xmu2qCW14orISDV0jqK+iA7pEeu
RuAa4hiuSODpY7IZ7eDabt9q3wPaEVdB512Qd+lm6ReCLdb2nXoM7HoRkl0STCd80nVvwFhG
f1c3GRRvp2LfDvbB6RPjn4HXVd/5ATvAespa3VQasuZkX7ClgU+md7zhNqh71FniNdAQB3VA
FBYztO9BypW2SC+BE9IyKQdEBuHiHqBxm2LAOZq6hoN2RsQqJ0E+zzpjEUjt9DY90wK+xeXZ
DgOoH0gNMrIhLSxDpQKo+swR99PhUPbVU4/Pg+m1SU6pA4ZH+rSwgpBePHueeRKcbp10wJoG
iUtTv7q1G5Kzne1SzKB2yPlceIHpoVY9rRZoF2yDEm+CuB3cM6QClE+JHFBzPjhOWve4NkFm
Z9nl7AAFj0QMrD0MHgc+3hf/I4SFBi7zbwJJA7IXpo2F5GqWsJSWYOiae8wxHaq1Ld29sQns
T7ITAr3gbUxmq5juMLVBD9MAX9C10U8yfwKvnckts8pDjOHlsWOn4dcLlyZtuwRN51Tt8sEw
8Flpjw55AsfrXp1xoyZkL9Zee34H7OXr99G0Tp06derUKdj52c7Pdn4GxtrG2sbaMDN+ZvzM
eGjybZNvm3wL0jnpnHQOTmeezjydCdNDp4dOD81LgM5az1rPWqEe9aj3P/Md4/Zf2Npga4Ot
DcDvjd8bvzd/dmnc3Nzc3H6v9zmPs/Sft/otUgHAQyorugFm7ktzQHpFKaU/qKGOGam1gaEW
U9bHIAvSdcdB60tLORyk02IoXwMe0kHlKFDY1ivrIRCns5qfgbLG09u/I0h1dVOMvUE6ShNF
BS2fluO8Auoz+a3jAcibtTNsBjY6ZjsmgKiCv/N7cIbYX+XGgFRdPFCngi6/7o6hKdiu5vS0
ZENm3dSsjIVg1yxjHBqIB2qWuAO6CXK6Uh48fAx3zcng+bFhsEcx0LeUesrxoF0SN1kA9FM2
638FXYghzFQYaCt9JC8A12xXhvMD0H+iPyf/CsZGRpPSFLwmmBM874P+V6WQIQDEGnWB2gD0
+5W1sh9o2112ux7sXhaPFBvITvmmywzaQamRdhRsm7J6ph+GtDtxxR7sBTXLsc26F3K+tDx0
vABpi5QptQRtmTivXgTdT0q8shnMBsMoj+qgzJNNxuXAVhEkeYBUTsyXfgFO0ZZcYKAIlT8F
lkhDpf6QWSX7QHocmM+bq+MD2QX1IskIGUMdprQL8DLtzdH4peCaJ0/O7QPpc5zFEs9BgU1+
Q/LvA9e03Iq+Ejz4MPbu9WA48vxGq02fwqsZyTueFYImZYptbPQxGCIls28nkO4aZmgNwZTh
20JvBO/qjK16FFxnqJKZANlTndOenIGXKxNaJkVCwyoVLWFXoMR5vyLBMuiOKB/cmgaRoQFX
DNFgHGf3DBwJbUvUzmjhAWO9BxUavBQC34R857UGmkypUbDyAZAcXuvEWDjU99Lxg1vg55PR
zb75ER4VfmV6vRYKzw2tFngUnux6/PL0aUi0Ja681Qiq3y4+pVQrKHg8YMurZ++vcW3fvn37
9u15r4cNGzZs2DBovqf5nuZ78m6ly8Pl4fJwaPSk0ZNGT2Dizok7J+6EViGtQlqFQM7pnNM5
p/8+fvz++P3x+2Hc1nFbx22Feg/rPaz3EOp51POo5wHjG49vPL4xJLRLaJfQ7r8o4H/2dL/r
Ce/YsWPHjh2hZs2aNWvWhA5fdPiiwxewY8KOCTsm5K3/TkZGRkZGRt4t/Hd/H9Z7WO9hPeia
3jW9azpserDpwaYHf7/fzZs3b968Oe94NAtoFtAsAE4WO1nsZLG/j/tuf++t/v9L/LP1UK+o
V9Qrvz2UpGnTpk2bNoV7hnuGe4a/P+77ZuybsW8GdC3ctXDXwnmfd7MXzV40ewELTyw8sfAE
2ErbSttK/3a5b8o35Zvy38cZcHnA5QGX4UWzF81eNPvj9f3D55ubm9v/772/Hud3Y2SzgBCQ
6mJnFzCUHqITqJ2llvIikOEpS0C9nfT86WvQXpozQ7qC7GmaI5UFrR4VKQ30Fzek/iBV1Xf0
BCRPwwGpB0iPtS+0l4BdC1B3gWgin9QVADy081JfkNpTRXkIJMqVpQxguBipGwyMVp3aMJC2
efUL2A36QX4ZoXYQH4l+6lbwnxDcJmQnmGemtszID9ph6yprR5ATpSlkAMUd8bZ9oGsjF1XW
g83TFSW8IGecvb2zEXDDWcXlD64t2lhHDDgd6mW1KvBUbFWjQSnHND4A6SvlR0MjMOyntbYa
sJiDiQBXD8d5fWGgNw1MGeCo5PzeMR+0+WKUoxy4bjmWWkNA+8F52eUL0gldcUNpMHY1Z/ic
BduT9BJJfcHyOq1YvAdkrsyKj+gDBQvlaxY4ApRbTNZ/Aa9uZ/jFbYfcTrmt456B3xWPy77z
IWiad/miP4OrG/tdISCVFfFyEUBII+gLUl0tmGVgqG7SGfwhalVYQlEvsHwjjomPIPF6zK+v
BkNwQb811oJgaOTZN1mDrKC0STY/uLj48cDkXWAcYqyR+Qw8iyttPN+A+aw2Vf81BLUynan8
IYhPlLmSHgJ+8egZ8DV47FMy8h8F9YYry7gCKi+uXLrUY1AipM0Fz8PZAedLnZ8MnbyqJjbv
BmVaVD1a8md4YXl9IWsopOS+Ki98we9M6K+Rk8An1OPoYwcYhpmGeKrww6PdzoOn4N7m2FqX
D0NGUuYCv+2woe3BjJ0FwN/Pv5N3LyiWGdXadwRow3JqaA4wN/U4EPYcdAf11+xp8GvUlZbH
K4E50U/2XQrmGroN/g3+eLMSg8VgMRhu/3D7h9s/AOUpT/m8xPAfaRfRLqJdBLQ71O5Qu0N/
/37uktwluUtgaPTQ6KHRkJiYmJiYCHVG1RlVZxQ4yjrKOsrCyayTWSez8oaAbM/ZnrM9B7y8
vLy8vGDX7l27d+2GBd0WdFvQDfRL9Uv1S6GyVlmrrOUlRgv7L+y/sD/Iu+Xd8m7oSle6/jfl
n7Bzws4JOyGhWUKzhGbAj/zIj3nv/5LwS8IvCbB06dKlS5fmXUAUji0cWzgWZu6fuX/mfmAJ
S1jy76v/P+ujjz766KOPfnvscMmSJUuWLAlzOs/pPKfzP473r9ZjS9EtRbcUhQKdC3Qu0Bli
98bujd2bFzdfvnz58uUDQwNDA8Nfnc8//fzTzz/9nFc+w0zDTMNMqKJWUauo8LzG8xrPa8CO
qB1RO6Ig+1j2sexj8AVf8MV/Uf5p06ZNmzYNIogggrwLwDsj7oy4MwK+cHzh+MIBG9jAhvfw
uf2r55ubm5vb++tx1gAJpHy4yAHxLQVoA6I6C6XtIH9IiOsSyBvkfeab4FiYWyh3MojrqskZ
AHIP6alUBcQ2EjgMREpVxDSQjssvlCcgnopK4mfQmmjfab8AC0mRckCycI00oI5cW1cIpCLS
ckMEaPHaQEkDqZworoWCEiBFGseAMst/vWdroLSHv/oRyJV96hjsYNZCTpoiwbzAvMG1CrxH
BfZRksH42OtrrRjYGjhHWYZA+qT08slHwfI8c9LbrqC+FoWcBUBbzTZ1ODiX2Yc4vwLXF+ot
0Q8cA4VJKgvic7mo3BWUm/Ia3XIwf23cYWgLfl94tfMcB75nfFJ9JoCphbGa2RsMw30KBfwE
2npttfQW5N2iJLGgWyffxwPEKld3hw7USvbvs3OA8cpoUz3IuJugfzIQUvem1k2rDi+SXq9L
XArHpt798LsWsPnU0X7LtsCy77cf/f4K/BAdPXVHBXg1IGlMYhLoD4gtum9BzRH9pM9Ba60l
URRM9XRXdOXgbPDtzKt94GaVuJ6P2wDTXenKz+AZoozyWwNmb88ixs/AUEgfrlghdVr6ppRo
UHYr0w1HwHOKvmG+LpA7zTLdcxiEZ5ik/FvBf7vPVH0sGL82d8o5DW2WVZ9QtS+oIdzIvQll
jhTt49ceTtQ/F3L9GBw5duXjc6egzszyP/a4CmcH3C709jNY/+XGQ4fHwUv/2EkxE8AYbGzg
5Q1qGfkb+zaosrTEyFZTISXt5aIcFS7m3GxzrinUT62cU+QwBIwKdBVbAuZ+xj2O2WCpYO2Z
PhCezXgxKn4qxFhTuj4KhvPXH97YcwoujXjp2jsf7JGipHoGnP2thdKvwctFiXrl1z/erCxL
LEssS8BZ3lneWT5veVBQUFBQ0N+vv9iy2LLYkvcw2d/+Xbly5cqVK/PWP5x8OPlwcl7i8cEH
H3zwwQewrO+yvsv6wqorq66supK3/N16B784+MXBv8qANj3c9HDTw7zX74aQfFvh2wrfVoAZ
oTNCZ4Tmvb+14daGWxv+4/rXHV13dN3RsL/N/jb720CXo12Odjma9/6PD3588ONf9Qi+S8C2
eW/z3uYNQ8QQMUT8dvz3Vf9/VlxcXFxcXF6i+rd/3+3n9/pX63Fk/pH5R+bDnil7puyZ8vdx
N27cuHHjRii+qPii4ov+6rjX/bHuj3XzXs9qN6vdrHbwzYBvBnwzIO8OgP6O/o7+Dhydc3TO
0Tlgs9lsf/nBrL/y7iHIXc93Pd/1HJaXWV5meZm89x/UfVD3wV/t79/1uf2j883Nzc3t/Y5x
lgEXingOBJGODVDYRzqIF9oxdRmI6WKGowMYZvvMDBkIyudKG7kciMWij/gMpCQpTa4MDBT3
hA3Ec/FIdAOu0UQ+A3KQYiMQmMdGMQiwiWdaRSASoQwCqYioJ1oAD+WP1LGgdaacvBOkVfQQ
I4D6GcXjNcjVnve4/xAcuembMuuBpd7rtimfgNZKF+7pDdpXpnTP85D7YXYbdQWI89oYQwGQ
DbruxjhwDlOrOl4DGdJ1mxc4TxOi1AHptJ/eqy+kXMiWcnMgOzwrI3UQ2OZkr8o6Dt5fmAZ4
jAWpsrxYLgEmf2WZ7gOQu+lOK41AL6u/uqaDrYfeoS8Erh2sFDfAuMk129ESqKmUIRJEftcr
uRPY7zge5U4A06f6hcYoUGK1NOMeyBmZEZ29DXasPvjiwgm4dzXt2vqa4HHKUL3IXVB6qPOj
WsHNXvfLXR4PuWNtOfZvYOKB7oNmFQFDW3mM0gWU5roe2kZ4UDI+6cls0I0zlkiLB9mleWfs
gntzX266eROSL9k8kxdBaEudt38M2CblTMmNBuO3XneMa8Ev22OvcxZ41FIP6reB/bzukG08
mE6F2KX+YJhtmqTGQaKn5Wh8ZciKcyW/eQXVvYqqrfaB5ybdLx7noVaHcl3vH4Vrne8est6E
KpOqFzDUB0dfppQIAj9v0/4kXyi2sGzxGumw/0X0801NQDeeyJQ4yPzY8LSxEZw9rHfFWyh4
MbRe4aoQ6x1/IrcXnE14XPKGB/gGmc8Yp4P9mrVQ8gzQDqmzDNPBt4fXEUsDcJVNn+kaDakr
nEbTDHBe0k3TjkNGJ/uF9LKQUyC3nLElABl/pEmZH5gfmB+AtE5aJ63L64FO75reNb0rBP8U
/FPwT3nrp0SlRKVEQWyh2EKxhf4+XkrblLYpbfNe3//h/g/3fwDCCSccdu/evXv37ry/v+Xd
dtYEa4I1Ad48fPPwzV8lzg3HNhzbcCzQkpa0hAZbGmxpsCXv/dchr0Neh/x2IvXOiO9HfD/i
+7/v2X233d/ewm86senEphOBTWxiU16P+1KWsvS/qce/Wn8WsIAF/NPe9ywS/1P1eDfk4t3n
904tQy1Drb8ayhHYPLB5YHO46LjouOj4x3Fr3619t/ZdoC1taQtFuxXtVrQbEEAAAXlDSt5X
fVtMaTGlxX9xofBb55ubm5vbO+9zOjqBDOKFFEY8SJ+Lb6XuIApI7cQ20CJoLMeB9KVWLDcB
5BEB9yP9Qe0hWqgHQDeMHSwGcZpMnMAhksVjkHYzUUoB8ZFkFDoQEdSXA4GiYoA2F6S1VOUR
EMNScRCoJK9gMYiStgXZu4Ab+leehUBWlcFyH8gu/CzwSWlI0p3sedEXrJscJrECbGsMP5vH
gutX+UdrQzCoirclP5gOe37q7wtybf0oaR5IfpJOewmKU2qquwyu9er3hm/AVMjnW/NKSM9v
jc/oCbpSOUMy+0PYYuMN8zmwlnd9IvKB9INSSHcZtJcimDjIHWjxzKkCtm6Z9TOnQfbI7K9S
noF1sccW77Zg/8DVzfUSxCCnLqcHeJwzRvi+BBElyqkDQDcXLz4H4yj7k1xAaSUvc/qDrrCt
b84cCCzkUyi4JuhGvXlctimQqnVN/hrCPgw2uiaA84bxs9ej4cW2R3Vs+WHlpk0LfmgGA090
3tu5DCS2THiYtRauhyWE3oqA6O9eeM17Aj7bxYqAQpD+IKWxfQgoDZT78gKIC5YGKK3AlKKr
Ye4IJc+U+Np8BTIaJv/i/BmMF4NnZMdAqdqigOoNbz5IqP1mIRgTpF/0geA91Muc7wU4VOs1
5R40XVYvo+Ee8JvpFehfCN7cStsU/AJKLMzXVrcH3uhfn7eMgCbnaiUX3AqPIh71lS9AhbHV
55b8AnLX2b/+sB5c6xYz8fV08K8UdMVnLjzVYmZfi4CWO5qu77scDte/OuBeKDSoWKSk3gaP
v4wr8bAfeEw3j/M+CMpBXepjGYLb67dZGkJSV10J7+ugDRVTPENBWqveyNkHsktZxnYIbGva
IWoDZ/9Ys3p3K7/U+VLnS52HBzzgAXBg1oFZB2ZBf/rT/6/Wn5s6N3VuKsxlLnOBAwcOHDhw
AD7//PPPP//87+PbLtgu2C4AXehCFwiYHDA5YDJ4P/J+5P3ot8tlWmNaY1rz++sh3ZBuSP/V
LB7vxjpf4AIX/v7t30pgtFXaKm3Vf7F8sDZYG/xXx2+YMkwZBvjgg8+fV/9/t/+peogqooqo
AjzkIX91oaTT6XS6P/C/ybuhGX/xbtaXpjSl6f9cfd0Js5ub2z/yPqejkxCAv0glAPgZmRjg
joiU2oIUwNdaMZBbmCsEfg9in1wo5wSwRJTnF0CvzSQceMxkDoMYhZ+QgBaEyUtB+l6bpx0B
cVoYtSFAB2Ws3AdEgmgjxYO0mNPaYBCfKPmNL0BMzI3PuA5av5xesfVA+sF7qPdLyH16/eHN
YBC7vSv69AVHkrpLfxByz6S2zMwFyS71yWkKjuVCseyGDF1G9eS9oFstfy9NAt0j5abBEyR/
eaHuS/CY7f3Sbysos3Jb+MlgWp0TmTUAAr8zFzcOA1eIrrl+CyhBckflCNDHOdnZAwzD5Chp
NgQeMdz2LQGuCM8zxl6Qe8bxvf+vkLrWVlp/E5K+cc61RoKtWEq/7GOgfeOy2+uBKVG6YroE
hvXSebELPO7IZZVyYGzidNkjQV32oPe1QeBtLzmj+Gnw2RY+zfkRJC3MnGv3BMfpzN45EZDd
NEFf5AqU7p6/brNBEPqdd9l8m+HAmuh10Z0g+Zr0tfU7eBGfMOPiPAi45TPYuAIKfhVQ39sC
L13aGykKHBaXxk4oRvC5yqfg4uqYxRd9IO5F2oPcBRC2SF/X72sIGRGxzvwpGBfJ9et+A4xX
1ifWhrgJmdWfNIYCfh7RkVOg3KwwY80LELfpTc34q3B7csbyV1XhxeiE2skboMDUQuFBXaD4
D/lPB10H/2L+st8W8K8SsCH3ExAt5a66JCjYpdSPBftByieWT+VE6PC6davyc+HIxAMFlCdg
TDTNsg6Huv5VBxZbDx5XlG3On6B0+ZKXgruCXbJfMATCCXG5xcu5YF8ttzb3Av3Xxt7SE9CV
cozLHgShL30aBkjwOspWIf46FFzhc873P4YmtHgfzat7dPfo7tEwk5nMBNZWXVt1bVXw3+m/
038ntJ3RdkbbGXkJyEXnRedFJyzdv3T/0v2/Hbdg54KdC3YGJCQk6JS/U/5O+WF4l+FdhnfJ
W+/xuMfjHo+Dly9fvnz5EgrMKzCvwDww9zL3MveC8ITwhPCEvIewTi0+tfjU4r90OHNq0alF
pxYBrWlNa4hsH9k+sj2YZphmmGaALcOWYcv4/cfDY5PHJo9NEBwXHBccB8lRyVHJUXCi+4nu
J7pDu4R2Ce0S4PCRw0cOHwG60Y1u77/+/1v8u+rx7g4Hu9jFLjDfN98334ewiLCIsIi8IRDv
Zn1p2bJly5Yt8+58dOjYoWOHjnnxTvQ40eNEj/+99XVzc3P7R97vUA0ACRUJcEoh6IG9QqIg
yDa+07UGMUQa4VEPlG2GJcoaEI+Fl/olqH3IVu+D9ERare0AuabYrXwKbBNpUiaIksoOrRbI
o0V112zQFqq9ZBvITeXPJD1o58VE3QZQZmjrnWfBWV80U/0gx/dajcufgagt5jlPgjI1Ykyw
F2QViL2VWhaSryblpF8Gta/ruf1XyJmYEp08FZ6PTt6f9RayDurWGDqCctDY0LMABL2QPzbG
Qr4gcxGP7qAra5ayZoF8Whf/uh34ZvpNlIPANkEMda0HqYF+onctMFQwrvHaC/bHWk+6gtpS
bmDcAoaOxlPGaSBf1Bv0JpBCdSbHSjDE+TwylAVTQ+mzwImQkKUut3QFrYpdSl8InlcMVUUq
mGuISlI1ML+Vl6h9QflEnqffCVKNe0ViLkDAIb/SziHg82HUo7gLEBuX8ODNp5A9z1g37Qso
V6jUoY61wHea1b/oA7jrHT/k4UpIyszocG0CGHyD1cR9IJ+WPnPsA/9a3se9/cDxyLpZegG+
gww7fVMhO8UxXzggKNN8ylAEwod77o1UIfFJrCH/OjBUCVpt3QyZ8+PPPv0ZogYHBwbFQM+e
TV/0bAlHn15btK0IvJycterJeUi8aC+VsQTu98+KvfwjZGdnrTTug4BKPt/mVoPTn5yYEtcH
Mn+stNuVCh19m3UL10PQxsAH3p/D6QEXf3z4Elo8aiyV84EXs593fNsZUhamXcqaCroyhjBt
J/h19y/tkwoeJwKXKJ6Q9iwx3eoP1+3XJt1pBC++y2z7VID/SP2J4E/Acti55ZkCXod1SbbJ
4Ggo5igy5OxxdMmoBN75tA7BH0D2JWWgiAAqvp9m1ebnNj+3+Rku/3L5l8u/wKEOhzoc6gCz
Z8+ePXs2zPeY7zHfA2QP2UP2AMcKxwrHiryHzP7SE/s3PYXtD7Y/2P4gbI7eHL05Gr7Xf6//
Xg9PPJ94PvHM60l8N40d17nOddhQY0ONDTWAXvSiF/Qt3bd039LwVZGvinxVBGZFzoqcFQn7
b++/vf923sOB7/S19bX1tf1zx+D/8J89kl3Wd1nfZT2sXr169erVMLvT7E6zO8HW4luLby0O
LwJeBLz4bx6ifF/1/7O9r3q8m+bQfsF+wX4Bvpz95ewvZ8PYuLFxY+Mg3418N/LdgD4T+kzo
MwEWJi5MXJiYd0djf/j+8P3h8Lz089LPS+fFeTfG/l38P72+b3iDexpANze3f8H7TZz/Yzo6
JybAhKd4CcBeLQHYIQ2jJlBW1NY0EJ5SjJQMorS0XpcDNJPCRU+Q9onFXAD2yrHyVFB/zhr8
ZArY27/Yf8sT5AkB/oU+An2m6alBBddtq872Iei+DytbsgNosv5y4EnQdaCuUgkcEW+X5DaE
tMepQ1+dBFz5n4V+C3H74xKTuoH9O/tV7SCIseK4Kwhs31pXYAKfSp7V/GZAwXaFqhVJgcBY
v8uRKeDZwfi1jwmkWF0WzcF5TTudewas3tYTGQK4aQnNjoTsbWnRiYBR79PTGAPGONNRuQ3o
HumKys1BuiVP0v0I0jEKSy1AaiFOSVVA10fdokYDUdrl3DHg+dJzgDwVPAN8kn08wXU25wTX
wTBBhDmagH6RGmM7Buan9kPqQ9BP82gfcBxQlIXph0G78qxf6g1Iye/MJzcGfaKhjWd3UJZZ
Wri2QFxf0/rz5YDggMu568Bjl6VysW3g1dj3U68IKNrQdLz+KWjsU/Vm1Xnwulxuo0dbYEu5
E8U3bgY/Dy9H8HmwVUzeIX0HdxrbnV5fg2c+7Ub1kVCrZZ2UR8mQlC8xOrMn5AzIHuvKhue7
s/UXokFt5og2RkDdraVeNOoH4cvj7fnqgY/RJy7oQ0g1JVnjB4LXhdITIz0gq3HOsNjiYOpn
umF5Aq5F9tjUPbD9233Vjn8E+Qz584d7Q7G2EX4FF4Frkf1ndSSUVUvPixgDz0u9PPr2LHgu
9f7KUAyMBcwtvMNBv8HVTnSDTCG9ctQDw2O/oqVHQWu5xLh6myC7S0bduIrwanqyav0GXspZ
a3O8QfZkoH4amOw5Je0/gOTr1T87C8weZJnC3mPb+s9EcdbgWYNnDYZKsZViK8XC7sm7J++e
DM+bPW/2vBkYTUaT0QQt9rTY02IPjBkwZsCYATA2ZmzM2Ji/DxsWFhYWFgZrVq9ZvWY1LCuz
rMyyMnDp20vfXvoWpOvSdek6VK5YuWLlijBcGi4Nl6Bkbsnckrl5cboW6lqoayFQP1M/Uz+D
ra+2vtr6Cq4fvH7w+sG8/fR+1vtZ72fQ5UiXI12OkDem5F/Uv3z/8v3LQ07vnN45vfOmR0u8
nng98TpM9ZzqOdUTZrWf1X5W+39f/f9s76seQxjCEGD9pvWb1m+CS5cuXbp0CXLv5N7JvQMs
YhGLoPvx7se7Hwf5hfxCfgHbtm/bvm07XF9zfc31NeBX2a+yX2XoO7PvzL4zYfiw4cOGDwOa
05zmf359/3Y6Qjc3N7ffS/qPL0YhatSoUaNGjX8+gNVqt9ts/GVWDTwAF3AbCxKIpXhIZ0A+
z4/SB0BnZrnCQVupbrangRQrN5VbgFRQ9jR2B25q/ko90L7THRBNQV2RfO/2ScgdfnrIodcg
4nXhvj3BUCr8VUgGiKJZD1PmgzzAd713fTBOr9yqsxco9aSPde0hM/bM9MvNIbn3qyGxy+Gp
X5zuSRJkzkt/peUHx0/qd1oiKDY10PYYDD/KBkN9CGsUsDlgDoSPiFoQ+TmwQ/lMlwvaz/JI
aSS4WpDjCAcq2QOd40HurG+k7wF+R6IuFygC8Ueenn65EqTL8jR5MIhb8jTREmzl7TdtS0FE
uSzqMpA6iK5yTcCombSZoG6y/2L9CbR56tc8A/sTeSYWePsyd3zmALDeylyY+iX4hhqeSiXA
PNHehW1gGqOVNhQBvc33oa8AQULP7BAwWdXl6mA4Pqp0o9fpELNS3vWgIvj0t5fzGg8Z+8SJ
DA3SP1b3qKeh0FSvhBpnoYRnqFI+GuSx+im5v4K1uj1NvwkC2pk+Ej3g2k/Pw66tgqh473HV
FkJq2tuRr2+A/rGnM18hSNqe6X2nABQqGNrY1RcMn8svAr4E7ogTrlhI3ZT+Jm0UjKrSb9TK
AqBfJzfyTIBYrzfrHq6C6Bq3e+xeCPozjs3GNFDLOtabesDzV29rpAkILxLorV0GKd30hZcZ
fD/UfVfkAmjf2ForvaB684oFag6CIC//Tzx7QPilfPf9msEx6+krj76HjL4ppV/dgHr+dU+V
+wrsfo6C8jFQ/HTrpeVQal/ROfk7wd7cI7sutoSdEScK7oqG0O+C/OzDIG1uRrXcBxBeQ3/J
Eg3SGO2ckEBERPqkZkL+S5G9vEvAJKXXd8e/+bOb+f973vWor6mypsqaKnnL3z0cWOpsqbOl
zsKNoTeG3hgKQ64PuT7ket5QlvPnzp87fw70G/Qb9Bv+7Nq4ubm5uf1vd/ny5cuXL7/PHmcF
gQAyJA9kkOqK60ggfcl1NoLWEYfwBvkeW+WOIIZr4a4uoJSRxnlkgrZNNFXKA4NYrD4Bqavm
K6aBVN1xkhvAKq+BBX4AsS8rKWM1WDe//CRhJGjTHe1yVoPUL7ljRiroUvOb31wAaXz+16XO
gmf+KvtKLgHb4dTgxNEQ9KHPvMg64Bxu0Cx7QWtlE85k8FvlWTX/T2C+rySqQWAyilLCBbnL
rC+yJoHOUz/W+BL0W1Sbugq8M5SeoiSYPg6KC34Opv35Lxb6BpRi/pM96oIol7HFcgGyPrQe
zb0L1gr2TTYH6L6VdulOg5pPGi0ygVaSXZoA8gK5lWIB0VYboZsI4qA0SP0KDIuVTKUlBHxp
muCTDjkb7BOy+oAu3PldtgnUdbZ+DgW0auYlPp+CwBGTvQAUk/cMwwZAznktxoM2JrOsZx3w
n+hXyzMOKmWU+SQqBl5Of/p1saaQODi1RKAvKB5qfWkDJO60dc7sCaaXXjYpFNgnTyu8Hp5l
xPeyXocCzeXbtXuBVjd7u+4siJWuqKA9oJ6znchKhLAc/+YVO4I1IDsjswM4akuB5IJ6gN45
2yD3W+domwVOJF6bemYymJ+Yj4TOh6tNHu/8uSaUH19gVYQDjOHWAX5RcL3HncTMLtDgUAXR
6BkkN8qu+DQ/ZByyrr5dCLxueJ8NGgPFq5QKrNUMiuUUXxr2M7y48ux+fGcwDc24bfwacu7F
n469BSWul10XmQ7OebapshnyfRt5K8gOt6veUp6WB/0BV0/hCaZHSsGUA+D1hee++BegP2Iu
r0yC/Fcd0Q4b2HZ67sABxgG6eGd/cA5XLplnQ/xsx0XHM2Dmn93U/99k2GDYYNgAVwZdGXRl
UN4PV2wavmn4puEQGhEaEfpXY3DfPYTYdELTCU0ngD5Vn6pP/bNr4ebm5ub2f5s/3uOca7fb
nICGhgvQMKCAFEEqTqAqsVwDMQ5fKoLkxCrbQbuijbK3A/FKmqE/Bco8KZ5CIBVhhTYRRHER
JBlAjHBsyP4GrK2vPTrxCKzXH3d4+BZctazFcseAoYJv32AZDNOKDy37Lbhm2b/OXAI+U6s9
aF4D5BJyD0Mu2B+/6vn8LeSMvTXjRjO4dDjNmLsD3mopBdIKQ/4kr5X+zUG3z9HNng2mkdJb
pSMYz5mK6SuBMYZ412AIjsr3PKo/BLystrbqeZDlcDXoAUgufW+tJtieXV99fzvknHl5PuEL
SC2YMzhnP1iT7I8cZUFbyAwtBxxvHTcct0FUk9aLGKCc6KVVA75yJWqLQQtzPtU8QQzWBSnX
gInGksYUsJ6znsyaCxk7En3jp0J29q06d2QIfBg0JuQQeDYPPBy2ALRs370hB8F6QqtvXAYP
f/F02duBZYHhgastGJaIe2p30J5bV8tmyDpo/0b1A0vrjJ+1/uDK55qRswXUdGuMcxfYJjnX
2JqALlfvUlaCdtdZ394TXBfUh3IYGKrpY43DgIpKR+EPxsOmMd6HwPOBoZfcA3QfmhaIueAo
JR6avEG16TppIaCE6RbKKRC4xfeU8wx4Of0OeS6CCutLzGoyDpQ3rmQtHzyKedLvyVUITA0I
NTeC+Fbxtx49h3r5GoTU+BVcr62fBu+F4N2hdc0PwTvWs6tPKchNsw+iKLy5+lLJvApatNX1
6iyUzagyu0IGPLoTs+R1B3jp+6ZarBGSP03yeVYI4val7o8bDYrFJztNA0+TaW7WAZDHpPdx
9QX7Zo8AV38IqOY/zv9LSF3g6pM9BawT5d5ydcgJy1iQkQjfRU/cfCHtz27m/+9Km5c2L20e
LDm75OySs3Ch7IWyF8pCVs+snlk98+a7bta0WdNmTWF49eHVh1cH8ybzJvOmP7v0bm5ubm7/
t3jX4/zHE2eHPdf2HKTiUrhUCsQD8VbEAQkkS9UAlTTSQOpMkCgMVGG5cgzEj2KYqzwwRZ4h
PQJpoIgUk8C1lEW6AyA30T/X3wJ1eszb4/vhxc6tk7dEQdqvOZ+YtoD5gednPqPAv5dXlMEK
ZhHwq7QOPB5WPV3fA8xeZTrXKAxyJHHKDVBX2kxZ98C16nrSze/hqfZkws0+kDtNyxC/gvcP
0vyQW6CeY5khBbynee/xLQIeUcb8Hv3AXMXzhUcsmJ2VE4qNA34IdvjmB7HbVtZ2GXTfWuZl
zobcoIfHX+kgZe/LiokxkO1l/cRaCZzdpbaaAsLCcLEAHI8dKxzfgWOwy2j9GuTpBItiwDnt
Ij8BkVqUUgG0fVIfRQNSDa+VzaBWEQNJAttF2weW4ZA5+O3j3O2QcTujq+0ZKNtDlwdMATHD
JDx/gAynY4+1F6S9cWWld4fUnCSRXhIsuowpmevA9tJSO/Mx2I87NrrSQb+F2/J50Mu6FoZN
IJ/X99drYAox6gwvQdos25XaoDj0RfUzQG4s95MrgzxZHidOg5ghSsqRoDVRMygHzs+0r7UC
oNWmueoN4p62QzhAHidP1ncFZYqxmOklGIuZHkm1wTDaxxi8AfRNfT38Y8DvecCNgCjQFTKX
NC4B5/PkuBftIKOW9ePHoVDEI1KnvwXqDsc9j5rQcFaD/P0bgHmcrquzLTjvyzoxGeRWjkLe
RyG3/NsKjxpD7mvpU7kZsFe7Ju0C1SQ6GzvDw1LP21+0gdhi9Xy6C7J65YyVPwB9X9Mm1zCw
FjTfip0PjHF8IS0Fq9lZSxkPpl/9Wuhi4PXDtDrphSG1QVIPLsN+x9JW52r+2c3dzc3Nzc3N
7Y94f0M1cqUAaTqIKmKFOAySp1QUA9BT3OFTIJWxdAFRVsoWCkh1hEXUBsKUNdJA4Jg2UFoH
IkEU1L4B+XvlubQfdJ9nrY1tAA8PbtNtvwZXP3m+XXSHQo/L1alkglKJ9QZXvgDOgNiNjy+A
7rznRvkK6LuEp0duAjlcP8/rc9Ccrhv2JaB8YqjqORdyh9st+ulQ6HpY06iWYD2kjcpJhYTd
b6yOaiAHmw+aN4Bhsz5V6QmGIr5tzXOAgYbOcgK4amT/nHkR9F/57DA+AczpJzOyIWfXo1cv
SkPurIQVORo4e6pnRAIIT8mH6aAdVUeKK6BdoKkWDtJRuZLcGuTmrgDtM1BDRaijJEhh0mH5
CMjd5YlyMsjdRLJaCdBrXzAVHPl0s3yPQO4oz1+97kPukKiNzpKQWt23dO4YyKmVvTBtC6R/
Hzcu5gCk70h4kWiAnKc5LW0hIMfKt7Xt4JXgNcY7HAJv+N30/xJM2d5nvQ6CcY9HqGkp6FaZ
8uu3g06RN8rfgrZexHITxBVhFXtByk9rMRV0JaXPpQMgXVCipTuAUZqlnwlKhLyISJBviWVS
U9DCtF7KPdBaic9crUAday+k2SFnjz3TegdszayyWglyr78NSmwFYmjqxaRWkF3wbVU/J5g+
8arlFwLeHxsrOVLAf5XHLP/mcLvj01N2AbXVKIsUDk9/uLPkwiuwOOReHssh3/LQzZ5RUGtL
jZMNi8B1v8eTYtaD9YTRqm2EIoWK5QZ9C8aN8iQvC+hS1cQyfcCvjO+GqjXB42xAl8A5cLLU
5Wtb1oGanPllQhcIvOHxpTQCPArILyt/DXd+fHvkcmEIbBrymakVqJtFGfu72Sti/+zm7ubm
5ubm5vY+/PHEeaD4jk1AXemeZAFiaEZz4CHdxcfAD5yR14PIzxJlAEh1tFcuHVBKdFHKAfOl
LH4GLZNGlAT9D/r8ujjI+eqex9VYSG12Lzu5EhR4XCmnTiKUGdeifYV54Ls5NL9vA3BW939R
dBWI7dqz3KHgapPdK6sBGC+FbZW8QGoiKstZoDVzzLOfAVHR6U8yZB9zPAraB7atWVecVcHZ
M7Nj3Deg7bONcM0HS0n1K+ljMAQrDeTdYPyotCPKCyRftrsugqv3y/OvreA4nXQifR5oO7LM
rg/AVUu+Jl8B1wTnYa08iHTXUZaDNB6TGAa6hvI+uSs4v9ZStHbAakmVOwMztXusAFFDFNca
g+ilbnWNBx7ox3nOhKwG0jyPjyEp21lWs0CqsDbL+gRSF7/ZFVcWkg697vZqP6SJt58ntAft
gvqDqyN4XvbfHLAIojyLFinoAg+zn+J1E/TfGk4pR8B1wjVes4Kjp+1rqw5yUzO/z+wAYmz6
SHEF5J1immQEbTsdxG5gjBwr+YAun7JQtxMMyYqPUhiUkkq2ooHOrPjKP4JWQt4nLwK5rZLE
LdDl6LZKRjBU0y3UbQQ2m0vpfcAzw2uIVw5oxZR0uSo4M1zLRTWwZ1jruSpD7sWcD3NKgq1K
yoGslpCyUJlriAbzWq8t5lQoPqZMw9rhYHzhF+B9GModK3YwvDYEx4ZFh3QH007TDcNAMHY1
DBUzoWJg01X1vMH0pbmZ7hAQyCrqgNKPcHkHGDp4GAMagu2taKl+CL5VzN8bZ0DZzJKde4+F
p34vsp6HQW4bh/71cfAKC9R514GCTbxjnyyArKKeuZnXISwiXz2vsoA7bXZzc3Nzc/t/xnvo
cWa8mgJ8KA7Lm4FZFJUSALu0mu6g7RFjVB3oVvFW1wgcb6VptASpvTgjgkDuovSWx4KupWuK
vBa4/R9hXTWT01NqQuEedTrU+Ayihg8r/nEoSM+8yhvskFvqRf0HZUANs/XK2A3yc/mlKz+Y
thfcUW4SaF1c62x+wCb9TWkGaC1e78yYCq4G9n2qCzJ+yp6V3QEyD76dkbIXXNutAbauENzb
t5L/dAjaEdDcKwyUH5R8RIB67M3i1FQQ0wq9DFkFynajTecDnKWgLhpEISmfKwqURkyWjKAc
0ebSCySj9EKaAtJR0YkIEJW1WFd9UM5Ls4QBlLXSVPkn0MpIl5SPQWwx7PS4Dfb++i+8FEgZ
r45QasLbFbnbLD6QWDf+1YszkLL68duHxyDlRvKDpBOgtDFONuaC/8qIIuFfgefq4DZBrUBO
0MdgBmcny3VbIGQ9S36aGgmObo7BWjlQ6skV9Zlg+sxsM7wFjwDPHV5DwWOGZ3XPjWAc76GY
GoOhh3GFMQN0O/UL9KdAJyuV9QkgjVYO4g2iulBFLkjDhUHrCtoldbh2F7Tl2nGXAtoi11VH
PxArHJVcQ0Ar4DKoDwC98xdHP9CluD6UrGBA/kz3HLxve5kNs8C1y/uuMRGcLZ02LQ5yRlvC
nE3BsjN3e+44ePrLhQ9PVgR7bsSR8CtQ3BU6rG5DCNflnxr4OWgbRYDTCdo110dmJ3j19KxJ
NOT0y/G1hoB8Tv5EvgQZ69N6WT4F0wDTUJMDIlcEzPHOAfWca5C2ECp+UO7rEmtBd9e0pkAp
uNz3Tvizo2DLVBY5pkDpkOLbim2BGwdjMvd/BzlHHMsfLQf+F/26nJubm5ubm9sf84cTZ11X
/Uemj0At5izkbA4Mk76kHrCA9dJckJMZLW8HR3NXS4cRHC+T57/9CAxhxiSTE+SNAQEBd8G1
2eHtqATyM50q1QTDmpI1ik+E4B5RdjUb1M+87F69gclZdxLegmKVuzq/BvWRdVVWV1DCii+r
eR3kA6bpvqOA2moBdRKIYLWMvRPk9nlRO7Ew2JZnfWbLB65WtiRtCnBNOu2XDa4TUhlVhjev
4g8lxoIrwJ5gMUJY4cjiBYaCnOTq5VwK+rJMFLtBlItMCv4A9JEhC73Pgthqi7NNB/yyb9m3
ghisnySugu6ReoHF4GrsOKgOACFLD6kHYgCLqQa6Q7o5xi5gsxtXee+EzKWG4+YJkKzZLjoS
IfGDN51fToLECvfX3fGGJN/XjldTgFummh6hENi6sHeRqWAuE1jCrxk4SjpLOsdA9rikh6mD
QK1mq6Qmg6mJeYjhCvh+E+jr9x34bQhpEHQF/EYG/OzfB3ynek/z6gPmJZ6FTF1AN0P/QtcE
lINSMWUciB8ZJJaB1lcMYCnIH4ogKRFEf/bTEhgpOolNoF5Rp2ofAnvoKJoBp7TDwgKuH7Xr
2m5wNVF3qo1B89RuqIdBJDiHO6+Cs511UG4wqJ3sxaz3wPWjetwxCVwp6iIxFQyddQ+kymBa
5LvN2Bt8KvoIkwS539vzuYbC2wGpg5ID4cehm1v81Af8LwR8HLQDQhYEtw8qBZVjKwwo8SuU
LV1mX8EFkDk6da90HxwDpfuua/D2VsLJ1KVgmGUI0v8K5T2r+hfJD9Jm3Xi5LShW7bpzHZRY
XMTXcATuPL/b3vEJPHl958CdKPA5U35GmaNQTy2zpc8ROPXo0vi9pQH44M9u5G5ubm5ubm7v
xx9OnM/UuzDy0iioVa7q/aq1Qb4mbRMJIFaLJO0WEC0Nl1NALi/9pJQFj9UBScHXIKlyQtfk
FPAtaFpqvwSGi4ZS0hegrVc92QKGzqGpRUaBeiWrV/Z6ENUcOvtPIC2QXkmHgCy5szEO9MOK
NK72NeiXBYnIG0C0/WbuXRBjdZ7650C/3PFaFig37LOEBnKq8sS4Gzy3eyYZboKXp3eDwEbg
zBLj8/8IFo/EpXFlIO67pxfubAPrjrTUlDoQ9lNUUMG3YLxpbZ8TBcqG1LA0A+gifVr7PgCt
t/OJ6xbILeSKUhMwfCAayVFgX6AJbRfoaigHlAXgaqDV0fqBWgeDbhu44v2O+Q2FVKczUpMg
blbykMRvIGHtY/2dCfD66sOQB2vButY1UysAvhujiudrDcbdgeN9fganl3OzOgdSGsfNfjMN
5CfqNcIhuF5QvcDCEJpW6mQ+F4Q2iFwdOgd8f/T39PUFj1PmCaYMMJTWr1Y8QW+QzktBoEhC
RxcQV9WmoiJYH7tmqt+B9lj7UmsM0nP5kWwA7ZrrlToRXAM1qzYMtHLigGgOSmPRgnwgDZEa
SmVAeSivFr1BqYyQkkG5yDqlOkjI2TKgK6sXhlfgmGxaYT4Mrj5qdVcIiA0ui8MK9tqOabaB
4CpnLWmtAY4h9kXOoaBMUCUtEwwhpkryTfAYb8rx+wCs96ydHSUhrV9m8bT2kFw0yze9HGTP
zLGmL4K0q8mV3mZD/Vv1L9W/AYaffJ/6FYCgLkE7/TLBVUMdoc4CXX69Q3GA2sIVL2LBpbiK
yz9DKsnGnG8hZ0TGpYQzkOlInPbsW7jwNGd3bG8oMa54ZCk71N5cpmfjzX9283Zzc3Nzc3N7
n/5w4pzdOj3KXhN0o5QsqTi4mqkVND+Qe0qjOQBiPA4xC6Sucj3pKiiNPSWPSDAFBE7ynQTO
Lo5bzljwbOo9zi8bXC/Uceo6EOvNN4IGgy7TFO5vAlexrLepLUD/lam0+Soo1cOHlJoP0nPq
KcsAHKNzK4H4XOmvvAJRVqqJL4hW2lNtHIi98lxRAQjmM200yCOl0a4O4DVMLms9Ac7RWoRz
Lxh3+CfoCoMrxhIe8S281Sekv2wPzuPW5JgaEPxF+JHAKeDV1O9OxGjQ8lt72z8GMVtqpzwA
52bXSudlEKu0VcIC0h1phDgMcn9nV8evIDXQzdEXBnspz1FBIRAban9ki4XYb1+OftwPXmXd
fHJjHyQ2f8Or6aDE+ff0bQq+n0WWiYgFpbboKa2H9BJvSiQ5QDdKsysLIXJl5Nzw8lAgrviR
Qp9B8NZ8SeGrwbeAb7bXCTBd0R8y7AZ+ZL3SCNRWqqq+AnmOVk9o4JrESGqAfaa6Uc0H2lgR
ggFoLPnL34HBotPJ+UA3WOpJLmiB0tfaSHCddW1QuoBtlHpfLQnOTGaKo+Dqon6t9gdnJ80o
ToGyVf5KigK9UzosbQO1lPaEQ2CX1GTXDyDKUo0RIEWIHVJlUC7qNpm+BdFH+sRoBuUj/ROP
BNDnui7Yx4N+lbWO9T644u3p9nugq6s+dLYGfQdzSSUTDJ+bjvl4QPbW3GT7EHjTOmFPUiTY
xtmnOrsBL40NTJ3Bf7HXV15lIDszY0dON7DWtYzJ+QnsCY66Dk/IHWzzd6RB7ivr1tyK8Cb5
7f70tmBZa2mffAh8x/rOVmaAtbg9XG0Bdz98WPneSkjem9LoTSGoR33q/oH29e4HPHJycnJy
cqD+lvpb6m/5+/UyCmcUzigMv7T/pf0v7aG3pbeltwXWVVtXbV01GDJkyJAhQ97/F8jatWvX
rl37r8f/o9u7ubm5ubn9T/rDifP1n55rd55CVPzDVpFroHLJ8iOLT4acErbJdh9QGrJJzAI2
EC8Og2uO0+K8AX4dfZZ57wb2iFPSV+DIcjZyfQHSSEnhBEjNlXNKBRCBLNM9Ad0Wn0STEfCl
saQH7bDaV7WA/BGlHc2AIVJv/UegPRDz1DMgHyJGewNie26B1NZg35aekfwS7K+sZ9LTgKYu
V2o7eLT2daln8ZBaK7FHfHvINzvki5Ca4L/Vf06kCple5teexSHdz9VXegCuTm8api8G7yGW
wdlW8K8Y5Bt+Aoy7zDV8zaDVVItpa0EKFqGSFaSnjs7acJAX6my+LcAS7dvC+wE8npPVMC0S
XmTeO3Z/HTwffWPX1VzITrY9s5QBj9jILflzwdDBr7/nNbBuzryS/Qy0Yjk17d9BuC2ifsQ3
UKRXmTJF4yF//gKv8o8B7xO+Q3yOg9xCOSJPBOkLaRK7QUSqp7WnIDpq/VwFQezmC9qAq5rY
I4aDKMMrZoP0RtbLp0B007y14aD9pA3UjOAqxy9cAt1B6RXzQF9bKS21BLFfjHIdBFHacVo0
AWeoOla9AK5McddVCMQz7QbxID1RJ3MAGEy41BXEKyHhDWKMyBLlQbwVTUUBELligrgCYps2
VesD0hyc9APXVfFW8gHRT1lhjAC5rEd5QyLoIwxP7aNAvuf41dYTdHrHJnt1UAIcOxxfg36v
uYPBG3If6kboa0G6Nev7bCccbHxYd6oK6D7XnzFvAP0p5aoyEnLHZZ3JeAvpc9NuphQFtaYU
77wNmo9WzpUMritinW4JGK4Y9kiVwRWieXgGgJ/Ov5SXCaQdNFfrQtKltO8yJwI1Kcuqf719
FV1YdGHRhfDTtJ+m/TQN6lasW7FuRZBvybfkW3nrvfvJ7cLzC88vPB8kk2SSTDDwysArA6/8
+75ABlYcWHFgxT9v+383cU1cE9dgd7PdzXY3g67pXdO7pv+ODdewhjVw586dO3fuQExMTExM
DDgrOCs4K0BwbHBscCw0fNTwUcNHYLhnuGe4B8/9nvs994Mrq6+svrI6L1z1YdWHVR8GhTMK
ZxTOAPWKekW9AhdXXFxxcQW8/vn1z69/zls/f8f8HfN3hNp3a9+tfffvz5e/dazQsULHCkFG
dEZ0RjR0Ldy1cNfC//zx+tsLIfeFkZub2/9r/nDi/GJTSp8n5+B0gVvVAixQ6oMSOyMHgC5H
fiUvAvGdaCsVBzrzkoaAgxhcoJ7RjJoepPrSQoaB9FD+mgnAHrKlAGA5ZTAB5UV7bQ2IxdJi
ZRXgEvPUT0F3j+OiAohDWOQnIO6LDk5v0C/QH/PsCE5Tas8X/SB7wIWip+aAWiipb1JnEDfU
07mV4HmT+8uflYIbnz/88Y0fSNvsDaQY8BWlxnoXAv0L5XTSh6BOxcu7DBicfkr4r6C7qisi
nYfMXa5jaW3AsTEjINkC/p7OjdbBYD5h2GC+A1IpNdAwEnSnvSsHL4Ckel4pAQvhwZSEt290
8OzKNelqH3jsee/I9VRw5FecBh34fF1gboEckNN0wdIAyFr+ZnXqLfBVPKqbG0OJArUiK12A
gmdLTiqcAEHLAs4G7gH9JP2H+p4gHWAtNUAsUiWtIog0LQEnCKsYJMwgq3zHclCmsUDSQP1K
2sqnQCttufYNiG9EkBYB+uq0lvqAOCKVYQbIZbV7YiCIS2IFO0Ecoo/WFdgu8om1oFSTC4s0
ME2VgpVcsH+hHhHVwSVjFDJoS7RFYg6op9Tx2mPQylFQGIBaYp+mgWgtZkh9gVTasQukX0Rb
xoBoLLaLViC+RyYA1PmipsgPtBUpUhJobeT+Bi+QgowHlC9BX14pry8P4pD0Qe4kYKKzrutn
kIZIt6kFyi1lj2kGZJ6zFJA/BfttdYLzGngH+R71jgHDPE/VowLYD0qq8j1klkq7mWQGnsj3
5KogdoupagBYu9j2uwZB0sqUczkjwXjeMFB5DV4dfRqbF4H2RuxTfwL+YNLq4+Pj4+MDfhP8
JvhNgNcNXzd83RAKUIACf7Xeu8S53ol6J+qdAFrTmtbw3a3vbn13C4ZUH1J9SPW8RKbm7Zq3
a96GJ75PfJ/4QospLaa0mALRC6IXRC8Aa2lraWtpKJRWKK1QGtzW3dbd1v19AvRb8SsMqDCg
wgB40exFsxfN8i4AqlatWrVq1b/fvnFA44DGAXDjxo0bN26AGCwGi8GgrlJXqaug9NnSZ0uf
hYqrKq6q+AcuRH6vZzuf7Xy2Ex5tebTl0RZI/yr9q/Svfv/2j8c9Hvd4HMT7x/vH+0PnSZ0n
dZ4ESg2lhlIDztvO287b4HLly5UvV4Z61KMecG75ueXnlkOnfZ32ddoHYo1YI9bAPvs++z47
FKYwhYFbt27dunULHP0d/R39oYeph6mHKW/9k1kns05mwc2dN3fe3AlVqEKV/6a8Lya/mPxi
MgxOG5w2OI28Hbm5ubm5/R/kPxqg0CCzLnQcvBavriRMgZ8vHjh+5hmYjhhs5q9AqyGasQyI
IJ6HIH0lLZYWAyounCAGiKl8D9JycUyqDhJEMADECVFEfADSZGmTEgPyJhGt9QJuU5zVoJWQ
FureAI203S5P0HZLfowCtYSlccI8cBxIGHF/JljrvfSLOQLaZ66I9F1AltbJfgxMP3qVMa2H
OoNqNazoAbViGrvq+4BxdXBOZCVIaWvb4PkLSC6vBf47wPOF2ctjEuhUr/Fem8GzsnfFyBUg
Viv1AgIgc0VmYYsPZHxsOZf9E9gfeoz3qQzJb7zb+1+Fh+fe1H9lgJgNZ8uffgQxO28uvhYG
jh7Gox5HwBweeSz0A3DVcDjsKlg/eNs4/R4U/jrKFLIPGlVvPq9Oa6h4tvqtCt9B1I2IYZGl
weuFYYrRCkoL7ay2DnRHRTGtOZiWyL3ktaCvQhH5G9BVE19IVUGKFS1YCfyizlWDQfeBdlaN
BCWW+dojMH6gdJFHg15mrwgD6XPXXtctcGxy9nd1BesQ5/euNMgd51TU9aCNFaspAMaHersY
D7oD0iHXIJA7aQ21aFCmaWdcF0AJErIoBrqrci9yQLkodxc5IJ2XgqQyIF2RxohaIIfRRHQA
3YdyvNQfDFtlnfwY9I2ll1IVMPaS1kvtwTBQ6k4wGOZJ10QHUEKlHtJwUM7rMo0XwSB5PPVe
DeZ95lYeb8HjS3mrVBrMm6WVal/w9fCqoa8C3h/rcpQtkFUxJSrlAdgr2bOs0RB6O2xK6AOI
PBNRrcg6kO+Iy6beIH/GeuEJun7KLOUy2EY6BmidIL195nTLPVBvqa3VbiA7xHxn5PtrqMWy
imUVy4JnO57teLYjb3nmicwTmSfA2d/Z39kfQl+Hvg59/fvjdu7cuXPnznmJXJH0IulF0qFH
jx49evQA3ye+T3yf/PPljZwVOStyFrRPaJ/QPgFuf3/7+9vf//b690beG3lvJFRZU2VNlTXQ
PbN7ZvdM6Pi249uOb+Hq4KuDrw7+58ths9lsNhs4LzkvOS/9/u28H3k/8n4EZcuWLVu27D+/
3webH2x+sBmqSdWkahLoRuhG6EaAVFWqKlWF6tWrV69eHUqfK32u9Lm87d79lLj1rPWs9SxY
z1nPWc+BfoN+g35D3npPGz9t/LQxVNIqaZU0kNZJ66R1IMuyLMt5y//2fPlb7xLsdw5EHIg4
EJF33I4fP378+HHYErMlZksMbG+0vdH2RhBdJLpIdJG89X7v5/B74+3du3fv3r2QEpUSlRKV
F2f//v379++HM2fOnDlzJm/5uwuVk8VOFjtZDBwOh8PhgCNHjhw5cgS2eW/z3uYNhzoc6nCo
w2+X+92F350Rd0bcGQF7puyZsmcKPJ/4fOLzibDr+a7nu57DDt8dvjt888r/qMGjBo8a/PPn
iZub2/99/nCPs2yQ13kMhIa7Kxrr3obq5srphduD1el4Ym8Lcrx8UjoG0gh2ihwQh8VzURO4
zWUuAnOkadLnIK5rtbXXQAktnizgB/mwlAu0YbQ4AeIxVaV+wGNuisnANnLEddBSpI8kI8jb
XAtTfCB1wsEaG38FzXrpq/tlwfR9rS3Va4Ao5t3cdyBISfd73AL8lxovGJZCZhV9Of9m4Nht
1JsSwZnqmOb5DWgRprqGVmCub9CMI0DXQDfTcySon/KtczcYmsg+wgiGhz59A5ZDboDlqaEV
WJeZahnrQ+75gD7h38Pdw6/vxZWGex+feXDGCc/Mj758agJnGZ+rHgPBs1hAVf9Pwdk5O9JW
AvTbtWjXbSi/qlKLMkDJYRVWl4iD/KaoVflOgsdSXWf9JMg5axluWQ/27mKYWAmGrbryhmgw
fak/aCgFjin2evbvQMnFiBcoM+UAPgXNqhm1XcDP0nRRFBxlXYGuHqBNEee5A7aWor9rLYgA
1Sy8wdVci6EcyM+kadpkkPJp+cQmcL4URaWaoNSQCopCYFijbyPSQE5jpPgSlED6iMeg5MjR
UgtQW4tG0kBwVlETyQCqikHSHZB2oanLQBlOG/aD4bCusbwQpDRpAvPA9a0ao90FaZYK9UB7
Kj4UtUBrwGPJBHKG1IAEUDtwGS8QF8Q5MkD6RrolR4JazxBs2ABaFz6SPgajyfbAZgXsjun2
74HH5htKUxCZtOUAZBe2NrW8AiNmYXRByCf5VocsBGm/0t3wObwdF/fxo4XgukWw/RCoC+Qj
QoVcc+4ptRXY9lhNjgfgkaMMliPeX0Mt8lWRr4p8BVdDr4ZeDQXXN65vXN/Ai5EvRr4YCUX6
F+lfpD8wlKEM/cfxSpcuXbp06bxE7o3+jf6NHhotbrS40eK/2m/3It2LdIczd87cOXPn95c3
4peIXyJ+ATlGjpFjQF2rrlXX/vb6HfJ1yNchHyT8kvBLwi9wv879OvfrQMrRlKMpR0FsFVvF
VqAylan8j/ef3Cm5U3KnvERLd1t3W3cbuuZ2ze2aCx4eHh4eHr+9fcj0kOkh0/9qwVrWsvYf
7vYv0rumd03vCvFr4tfEr4Ejm49sPrIZ7BfsF+wXILxteNvwtlB/TP0x9ccAj3nMY6i7qe6m
upvg50M/H/r5EBBHHHHQJqxNWJuwvPg5JXJK5JQA35W+K31XAk1pStO89/0a+zX2awzZd7Pv
Zt/97XI28mnk08gHnvCEJ0C7iHYR7SLgeNfjXY93Bc8YzxjPGOi1odeGXhtAypQypUy40vBK
wysN4XyZ82XOl4Emz5o8a/Lst/dzrs+5Puf6/P54+X3y++T3gTft3rR70w78r/hf8b8Cubm5
ubm5YO9n72fvB6STTjokHEg4kHAA8r/N/zb/W7h27dq1a9cgIiIiIiICWma3zG6ZDfd/vP/j
/R/hUv9L/S/1h4bbGm5ruO23y/3uwnJjrY21NtaCLkFdgroEgU+mT6ZPZt6zB+8uPEtQghK/
/zRxc3P7v9Af7nF2XDc8jbfAU8/Yz4+1Ae/iXr29KoF8RUzR9oBkF+fFChC9xCVsQA6veA48
4ClPQf5WuiyNAEddx2tnD7DvcpZy1gNZkyvLb0DsEktFGJBFlogDqRJ+ZADlxDPiQf5MwylD
bsaVYqcDQaqfnpVbFaThpVtXdIHPZ03u9toCwZY2hwd+AL6DW0Z1KQHBvav0qpgNoakBa70/
AON4flQGg/qJ6ZSHCsoO3VVTLCh7da/NAuxXNC9rOKi9HOPVs2Bva59kKQK2LpYWGXvAq0Tg
8ODq4PIqeL6UDPcNb75+UxNi1p3dd+Y+POv2qF5ML7Av8t5nfAymxz5V/HqCs3NOSG4keD1R
pshNocaomq+r2KHyr3UWV/oZ8vfM3z1fedhnOFT90AtYm7r57o+r4IeRO7ZtXwFrvDZM37AG
Tt49f+TMx/DmZNKZuO/AcMTkI9cH2aw7oZsMrmvaafE5EC0v0fUG+a1hrH446D80NddvBo/j
hg/0Q8AwhHHSBZAeCG91FpgGyTniMhiayHOkPcBocVUUA7WBWsA1Dqw7XSucg8C60jbPVRHk
waKeVBZ8Ms2vletgmq/XSQVAr5cmq+XBUEyaqi4HjxrK9+QH81L5I+ku6LfIUXQHdbf6RN0F
jm+cmus6OI+oiVoncE0iS+sHrrm00WLBqYohrgxwXdNGqN3BZVEXi53gaiPaaD+Do52oL5LA
lSRGUAzk1zpPfXcwbDV97eEBpifGs6Yt4LGcYFEGTCmmdVJ78A4xxStTIftkepPUR2CZYDme
XQ/8joSM8TkIhQsUuFbQB0yV9We9rWCIMU73yARtpjzUVB5yNuUOE/XBNci11zzj/TVU4w/G
H4w/QHh8eHx4PMQGxwbHBucN0SgaXTS6aPTvj/euB/Qd7ap2VbsK8jp5nbwub7k0RBoi/Qtj
U//RmNq/9a5n8MnTJ0+fPM3r8a08uPLgyv9CT/O7oRXvhnq8S1hzFuUsyln0hz+Of8jlcrlc
LrCctpy2nIYuBbsU7FIQ+pzpc6bPGQh8Gfgy8CWcKHai2Iliedu9S/iaT2o+qfkkaBbQLKBZ
AFwbfG3wtb86Du+GZPwWsVasFWv/8Xq/5d2Y6UqDKg2qNCjvAosb3OAGVLxc8XLFy/Dqp1c/
vfrp/cd7lwC/S5yTDycfTj6cdydDHi4Pl4fn9cgnzEqYlTAL8uXLly9fPng5+eXkl5OhZK+S
vUr2yitHKUspSykLxLWJaxPX5rfL+7cXlhGzImZFzIKTPU/2PNkzb6jMu8S5RfMWzVs0//ef
V25ubn++P9zjXK51/u21JoFByA8y/eBN8USPxBZQrFzRLYVuQ1a1nI7ZI0F/XP9QPxIYz2Yq
A/0Iog5wUVzmGmR6ZERkHYCAGYGeARbQuonSWhRIW6UIaSSQLi6L2iDuMIZtIO2UV8ue4GqS
WSZZAWv92PD46+BMSAu03oTgi/1WDdgF+rPB3SNug3OEPdVuBeOWAkfLLAXxkf1L+zXw71p1
ll8aeEy9sOVJU3hV8+X55NVgG0OUXBNcVRwB9hNg2G/wFhaQ3zqfqVEgHVCj7UtBqiCEtBls
J7wOen4Iz18nPUyaAo/sl8ZfOAFPkx+tfvAFZHXxWGa8Cr5JXvW9loOcYm1kvw0+No/WpukQ
8bDosfwDIfSroifzfQOG2/odxqFw+8G9o/d7wL2mMTnP6sDr+NjTb+ygjFC26F+DLVN94fgK
7uhjPnieBYdWHqt1wg+q7K5oKTcOSjQs+rBwLigf6woa6kPiwMTcxLoQ5BX0S9AS0DURT/Wd
wTxLr6peEFIqdHZIJ/B8YJ7hXw0cn9gvOb4A5x5XmOsgOD935WidgQZyC+VLUCaKOtIAkAN0
n+oskJaUc8hSCjIbZemTT4JvV++P/ZaDYZdxmSkFuKeY+BZcn7kqun4E52zXOTaD2lUMEBtB
Gy2+JhnUfuJzvIH9PNG+Ae0zgbgIWEnnLvApY0QrkGuJj/ga8BRHRVMQhXkgzoFUVqiiLKhD
xGOxB4RLnBUxIE+VX0snQCpoLG4aAobvtAxOgNcge0vrMRDJhqJsAgqJIKU0ZN1JfZm8ETyb
+Q9yCfBfHNDerxSEHhNnpY2QdDzxytvj4EgRwpIEGQFZhe2VQHul/9jzl/ffYIv1LNazWE+4
ue7mupvr8h4SC5gfMD9g/r8eN6JdRLuIdvBk3pN5T+ZBKUpRCni68+nOpzuBM5zhzL8e/x9J
TExMTEyEHsN7DO8xHMwp5hRzCsTFxcXFxQGHOMQh/vLQ3T/qWX93IWE1Wo1WIxhrG2sba0PI
6ZDTIaf/ffV4x3TfdN90H6pGV42uGg2Guoa6hrrAPe5xDyo5KjkqOWDTyE0jN43M2y5lTsqc
lDkQFRUVFRUFIkpEiSiInhM9J3pO3nreDb0bejeErD1Ze7L2gB9++P3V/rN7ZPfI7gE+hXwK
+RQCBjGIQb+//O8Sbrm33Fvu/V+s8J/H/93Dk5SnPOXfX7yQuJC4kDhIfZz6OPUxvAl5E/Im
BMJKhJUIKwHKYeWwcjhvKIpxu3G7cTuYkk3JpmSw3LDcsNyAjdc2Xtt4jbw7BgoKCkjnpHPS
OaA3vfkvyvO3F5YtAlsEtgiE1NGpo1NHw9uDbw++PQg3X918dfMVcIQjHIFWtKLVv//0cnNz
+xP94cQ5vm7y58+OQ3OPOlHtFDh36/KzyyFg83L1sNeAQrH51KhaoATLvZX9QFdRWWwD7TWb
tVGglVWzXHuBRqKv9i1IH4uK8hiQl7BIngbO3a6dzpsgF5CTlBYgRUhRDASckgEz8Nq2xDIK
RDfrVXtx8DhVoVz1XNB7hJcpWgO017a7ud1BClBuG0+B+ASLvBxcvqnBlvZgLB3er3AN8O9Y
a0qpn8H5Y/ZXtkBIj8xe7BoENDZ+rUsDrZnq42gNTHQWzjwKlFDbqa/AfjSiW8GJ8GJ/9mt7
CXha8FLkhRPwLOJet5vZkDZUX0q/GjxamrJ9TeD6xtnbURLkg/IN6TkoW31+0S+HFzPeLH7Z
CeJOJX0anwW2/bbSru4Qvy/x1+QbYCttLeuoAro4uaNSD9QU0cwRCKK1K0PcAFeY0Iv7kLE7
O8r+Pfzy89FDp/rDBcvlzGu1QH4mf6OzQs4vuR/lngO5jjRaKgnm/KZAcy0Qv7BTagM+bXwv
epSC7m86eLetBv4+voMCBoKhq76a0Qf0Pxp2GGpD1ojshTnJ4JjlXOFMg7eNUromhsCVKtfq
3hoBqWvSRqX6Q/Dp0BIBr8GUZSpq/hU8c0xbzb5QUSlfvbwLvLoZfb0vgnpT+0JrCVprerIV
tLFillYctEGazDYQt0QLUQGkT6QR0inQRmqfas1A+KLyADRPESHqgnZUfMQHIL2kpmgG0lDt
R4aANlAEiiRQa1Jd7ACtCetFDsgW4wLDJdBXo4f6I3jUtFa1fQziM8MUOR+Ya2j1lb5glTKT
0uaAnGucqy8CER0LEFoGSh0p+CzyQ/D50nDbvATMH3iU0fuChy50TcQCABr+kVk1/ta7hOp0
z9M9T/eE8vPKzys/j989hOG31K1bt27duhDtFe0V7QV3d97deXcnFC5cuHDhwn/VEz2EIfwb
ZkeodrPazWo3YX+d/XX21wHTDNMM04y8Hvbg8ODw4HC41PZS20ttoSY1qfnfxHvXI1mBClT4
6zdKUpKS77/82T2ze2b3BO9t3tu8t0HBggULFiyYNzSgYq2KtSrWyuvBf6h/qH+oh9DWoa1D
W+fFebd9SsOUhikNQaSIFJECvuN9x/uO5y8JcJGMIhlFMuBOrTu17tSC+mvqr6m/hrzZPP5z
eZEtRbYU2fLP1+fdrBy3a9yucbtG3ljtd25VulXpViWI6hnVM6rn+4/3bqx28NTgqcFT4WGB
hwUeFoAOBzoc6HAAdHN1c3Vz4UK/C/0u9IPi2cWzi2fnxfNp5NPIpxE03tF4R+MdENwyuGVw
S8g+lX0q+xTEecR5xHn843K/s6vZrma7mkGbJW2WtFkCpW2lbaVtkL9n/p75e8Kel3te7nkJ
XOQiF9//+eXm5va/xx9OnEuXK9aq6nTIne14nH0JvMd63DV/Ask74/cnfwr5PEJ8/OMh60Pr
UakT3Jxxb8/lxRBU2/dlWGGIqfq6zvkuEOHvX7Zgc4g8n3O6hA4KxBXdXbA9GNfr003jQDyQ
crVYcErqY9cs0L8Q6WI/MEq24AWGlfnmhGrgZawzr3EHcLWUA7gPssoD8QtQnDtaMNDemKuk
gq6BfxN/QEvXl/IYCuaAEndKjAC/EvFzMjJAa3P28nUnWGO1n6U64HqQ8zY1ACyjs587A8C1
vtCB0m8h+SvPaT6l4NX02/qrx+BFydvzb1gg5bk2mf6gO+b11GseGCxKN7ZC1vTsijkjIL2B
esk2COInZLR9WwBcIx0+2gZwVFDLar+AEmeYZrCAWkjtqVpAG+Ts7LKBvEy+gwW0za7lrg6g
thJnlTdADor6FFx9nXPVdDBXM9X32gaWGtZQrRmoI5223JFgGmjcY/oOXJlaX9UfsnyzW1h1
oGa62kopkFQm1ZTVENaO+TFjZwfwmeBT0vMclNtfIq7ER6Cu0jZoteHB8xivR2dBN0BvkRuC
tbrtA9tZsJLr5TgBmEVJeQhoXZQW8klwnHI8Sd8H4oFroOMTMBQ3puo7QhFHgdeFJ4LfA997
AbNBzFYfaoNBuo0kzoN+udJV1xxcN9WlzqmgdVDfUgBYJFyiDAg7p8UyoLnIIhCkCXiL/qB9
IWbI60G00dLVlSBdpjw1QAtVW6rzQa6nnOMOqPOlMyIL6KdXDH6g76kN1PaCOdY2zFkB+MIQ
It8Eba+or1sL1kfpZVIXgJzkvdejP1SbXm9V5YFQ9U21apVuAuekMlQGLUoU5977b7BKdaW6
Uh0+qv5R9Y+q/+P1/3YWjN+aFiy1YGrB1ILQMrZlbMtYMI02jTaNzrsVHmOKMcWY/vX4v3d5
2cyymWUz3/9x+3fb02JPiz0t4CM+4iOghq6GroYOzhU+V/hcYdjqtdVrqxewla1shZBWIa1C
WkHjHo17NO6RF6fu6Lqj646G6B7RPaJ7AEUpSlFoYGxgbGDMW6/yoMqDKg/Km4Vj9+7du3fv
BrFb7Ba7ISwsLCwsDCpVrFSxUkXgFre49fvrU8+jnkc9DzgbfTb6bDRsS9mWsi0l7/3gV8Gv
gl9BvU31NtXbxN+NsX5f8fIn5U/KnwTJc5LnJM8BrxJeJbxKgC5eF6+LB8sSyxLLkrz1CCOM
MGjYsGHDhg3hzIdnPjzzYd7QmXdj3Wsvqr2o9iJ+s8f5b1UcWHFgxYGwP3x/+P5wkCZIE6QJ
IHWSOkmdoP71+tfrX/9zzj03N7f/WdKlS5cuXbokRI0aNWrUqPGvB9KCXIPUa5CamrYh6SJ4
DDI/9dsHd354+PzkGIh1xTrSekERXdFtpY9DYtfsTs/uwv35zwufDobwFM+N+cPgdeGEKfFH
oWVs3UN9i4N3qFc70y3wM/o89y8I/peDZoa8AHWxaCFmgro25dzdR6Cmqdm6qmCYFL6zzAyQ
b9qfqxKoMcp0dSwIWSorLwadn7pSegRqH2MbuTDojsvblFtg9Xq44eZNyCy8P/BwHLwdkdg0
cyVkV7QvzX0Kjpe5Ew2RoEssUK6kFdT0SrtLB8Czg4/m3Z4Nt8OO5tszEp5cSRqcYYHcBh5m
33Pge9gzwPMrsHe3brRWgZRCGTNS24OlsyPA+gB07fRZ+vug2rUUcRp0bXTXDW1BmynX1lKA
tqpe1AHHTPts5wwQR0V9rRdIEVIt/EEL06JFSRDeIpi9ILJEtCaD/FjuIjUE+ZG8T24P8gV5
gFQNpGnSUqk38KNkpjc4xjneqOXBEK1vo+wHVRJvtNsgjRXNlaYguaQv+BWkUCm/1g9c3iRp
WaBLlu26+mAYpL8ozwB1rnpCNAX5oXRMyQ/aFlekOAv8f+ydd5wVxZq/n+ruEycnhpxzkJxR
opJzkihIFJSggIBKDoqKBCVLRoJKzgKCSM45ZwYGZpgcTuiu+v2xy4f97K6/e73oeu/uPP/M
nO6q6vf9Vr193lNd3d2aycoA2z5nhrEOVGf5nTUc8o/PWz73HojeFJ0tajXk7pP9pxzFIMeT
bD9kTwR/pv8d+S4ke5LrJ66HiAURn0acB2EXSbbOoJXV3pUTwTpvrTRPgrKpprZRYK60qvuD
QXQRT8V00Ldqv2ge8Nf1fSxLgF7WKC4rgKerf4E6Baq3sIttYCyguuwFvOOvY3YH8yNvee85
yFzkM6wR4FlkJVIYUt/2jvd3B5vpHOIaCvnn5y+Q5xDUultRK/sFlOxacn6RWaDHB7SwnwfX
AHsu179AIngg7UDagTRwLncudy6HiqqiqqjgzKIzi84sguTPkz9P/hwaNGjQoEGDlz/e/zY2
bty4ceNGaNWqVatWrf5qa7LIIosssvijOXbs2LFjx0Dv3bt37969x417flPF72XTgQPjv6oE
Hru/SuZGEPW0QwHX4DYPhl2/AidDLt88vg6ipgfLQklQb2Xtka/mhifqcYuHg+Fhk0eN7paA
Z/OS5mRGQvyQ9HJxfcG4LXYkxMDDG4/nx60F+Xrms8w+kG923lv584K/OGMMN+gD5SDPbLDn
daaF3QV5WK8WqIEI1O3m56BJvZB7BnBfvM8KoLLYY1rg/+bayOPlIbnVoV0/X4XkMuve3b4D
Eobd3PY0BHwevgmvDVpjd6s8w8BeKdfHRXdBaMfqxcvehadaYsr9X+DCO3vNHc3gTub9vI8+
gKQBxicB9yFkZoB0ngE12axuboPEval9k2pB6qmM99PqAxP0K2IgGKHaLXELHIPsPxjDQHQS
l8wjoJ1XW+Qy8Lf3v2npYJa0LptNQH2lRqslYP1qXTP7ANvRpQDxpvYmP4HS1CVZFdilfiYW
5AV5WBYGaSqXygfWFCXUG2AmWevMXqCqqQfyJtj2G8VFDVCvip/VZVDnVT3hAbXUamm9DdIu
V8pwkG7K0QXYKdvKY2ApmUuuApmsNqnVoCLVJHaBzC7Hy4Ygq6kD8gHIYzLG3Acql3hXzwlP
34ybkXoMEtonfPhsC/ga+ztn3gLrmBnuj4GoX6PuR+eD2E5PFsa6wL7Isd4xCGw5bc2cIfBg
+YP2dy3QVuq1xBlIL5BZxbcGTh8/t/7sNIgvGH8yvhYYxe0rjaUQEB9Q3NkJnuaOj0+qDsff
P13ubFOIn/Osfuz3kO1mtvZhxcC4pF9yJQCx2g7tMej5KSb7gTVCLjaHAjH6Ne1byKzmGe07
D9YZc6D1C8QvSZmTGg++Ipl1vA8h8EPLKa5BcM9sIeGj/+pw/9tEHY06GnX0xfOaD88+PPvw
bJCb5Ca5CV5NejXp1SRw5Hfkd+T/q63956N48eLFi/8JS0CyyCKLLLL45yAmJiYmJuYPWKpx
/NsTwQcF3F2br8n5MuAYaqWWHQNhbwa2DUuApxM8Dy6dhfBVPi2sPdzbe2/mnf2Q/I33dqoF
J2bc3fvgVciV4LgSZoPCGyKbl70MT/Sn1dMXgCPGOSh5O1wq8bT98WAo8XHhwyWrQ+jAXL6C
v4JnjvFF0ByQgeodbS3oU0UF6whkFLqobe8JtqUR/QtuBqNK8L2wq+A5/Lj2TQ94L98tFxsC
4oARGRgHAUVq++pXhWB/tsxcm8E5IbxLWDdIXHVo2/miIEeHjQ65Bo81mTdhKdzaebz+4Xh4
OPheyL0UiB+GpR8Dd5R7r1MCy8RcYUJ6m7SqqbcgLTojJO0BaO/bv9Rmg3OOc7utJ6iPrBj1
FHxdrCneQGAwu3kGdJa9xRugbsniZn3QhojXmQFWP/Vva3NnGbm1CiBGWbfle+AY4igi5oJM
U7X1BMhISU8zJWgZ+pdYoCbTULsOcqh1Q54E8T6ntBugrRCLmQv+/N5kGQfWVcpTAtjDVfN9
8NeQh1UjMJL4VmsLfMxKVQqkn3WqFoiv5BFxCsR08YQwEAnkkiVAPVRFeBVUKQZwDLRyZlPR
G4xgW6j1JchjqpaaDWkR6ZjHIHblk/JPVoDb6Vpi7wT0uvWr/gM4B7mbuFvD7c/u5r53DnyG
r68sB54LnvmpH0LaD2m1I9+EJ/cSDyVqkPBF6pdJK4A1KUOMBXCnRMzs+w4od/AVUWQrxOx/
MC1jF8QFJRZMrAOiYcIacxhoLfWJ6gjoTbQPHUFg3LftVBcgnzf6aY4NILsyy8oHRowYbnwE
zjrGQVEYUs3kr5KmgPah+6DrTTiVerXd7Sdwb/n9Uo8mQh9KpRT+q6P97yDgtYDXAl6DVrSi
FfyHf/6d3OTmH/hhnUUWWWSRRRb/m3jpxNnTxVHDp8HdT+K7PY2F8M4h/Y4MhFtj7l/LNKHM
8cjb9SLhJ9/JFmsLgq+x9bP8HvKSJ7hgPcgeYvwcATRsVrF/s65QZ209b4Of4N7hexVvB4P3
sPdqxiDwkJTbqgv+XuYe74dgXlBjfSZo92x3gqoAZa0t5gcg8oiPvK+CL/wm16fBs/Q1M7dk
QGT9Trl75gPnrIL5K7rAsbVADXca6BfsNfTJwBGtjHEP/AMTij5KgLQcJzsfGwPGq/YfUhVY
P+W4mrMn3L1xZt7Z7fCgwsUK5/PD03yZM70/gfrSFRz4BBwt7N/pX0NGuYwWaQ/hWb3U75J+
Ad8ps5D1K4gvxc96PfDFeLL7PgCztX+1VRL8C2RRtQTUdpUsVoCKUJIJoHwqU/YDkSk6Egoi
Qe+kxoLowBKxChydHO/pQSBqy/zUB6XJMKsI2Ge5b2mnwWzjXWFVApnLvGvFgBFjFBSVQK1S
PayTQB9xVXwM1usqQV0Bc5FZTS4CNZDBdAQxWA83soOsqcYpAdoutUxMAPWj+FJ9AKqmHCur
AzPZy/sgEkUe8QSwxA/iSzAXyBTZBfQEhuhVQDb0Nfb/BLphK8lg0JONtsZWSByYnC29P5yu
em725YuQf17eq6lOUP3URXsbeNYp4X5CPrBVtY3T90Nw4aBPgvKDb6t/hwJS09JLpCRDuj+t
R9ohsCarT1kFnv3ekNTC8GuDo41SZ4D4Sr2mjwW1n+J6cdAqatO1bHCr950rMZeBumKCygQ5
gUvW1/A0x5OasTmgkMjdJLotBL8f9EH0RhDF9PJGNcA0r8rOkBoclz/hfeAnsV/fC/43fc/8
z58yMOSvDvMsssgiiyyyyOKP4OUT57XyY0IhffSzME8y2KzETOdZcDQJmBNaFR4FiYbn/WB7
JfptswlkOq0fnr0PaSue2EJj4J3kNhEDPoLAlvatAV1ATGK2nAaFehdsWdwL8XdTpjxyw+nL
qYnbv4OQH/0TK3eD6GJ6Gfvr4E30rTdTQSw1nI5PwOrHEssN+szgXkEZELqi5jvVdoHzQJkG
tWNAVJZ2f1VQXeV+8zLI7/0lGQW+159UuTIWkptsGbUpCHydkw6a2SFofpUNtRvDY1f6mJQU
uO8/NfTIOIj9IeFyYjXIKCUeaW0g+DtXyYDsoELMR1YDSD2RFpG6CLznrKNyEKgVPBTXQLjl
Ffk9qEYikQ4gg9Q83gTmqnLkAtVGXVf9QdRgF5dBvEZbPKA+VD8rE1gkRxII8hKz1DTw3jIH
m2lgPBBltSAQPcQrOIEvzGxmDZA267ZaD+qiLMMlECHafa0IqL7qqFoHdKW8lhOsmyqHbA2s
o7J6BHo70VsTIOJFT7UOZGsVQEewKlvJ1hFAUVz9CPpkLYf+LshPVQc5EdT3aoOaAOJr0URk
A9se0ZEzYPS3NeFdoCiSuWB+KitwFbzlvWnWeFB3ZH9VF0Qh8b1WDa7vvlnjYSyYHmuAlR30
kUYz/ThoqVoR7QAk2JIWJr8FuW05Z0W1hMQqyc+S8oDZUUaojuA77P3Jnwhapl5Gbwm+CN9g
70mgtfxYTAPthnZa3wBGoCG0jaCNF9VYBeKCnkeXoJqqWLEenm5+tib9Mri+sC9+lh/sI2xD
3GfAccIRH5ILlN2I1nqBN8W7ObM1ZNZMGZG8Eazt7pz26sAPxP3VQZ5FFllkkUUWWfwxvHTi
nPLJs8YZYyD7KVubUmWgb2jzuGGdwH47bIG/Nvy0+Gyx1TPA39XdyXMBAvY5Q9NbwPetDg+b
MQ66lXSXev8+eHZkrBdH4GjPLYl7beC+FjA/0gCztrbVmgSFB4efKnQeHs5JXhFbEqKKh8x8
eA4CXWHto2NANpMjrEWgfS8GOA6DbULOxQXfBW16UKOwdGCEVkoJUFd8+/x1QVXSfjL2Ax5j
lXoG/ox76VcXgW/m0ylJh0AfnSOlWE3wpYWfDfLCtYG/HNi3Dh4uubP11iB4WtXML4uCMcs1
Jag96B/TRx2C5EvpmSl7IO2Mp4JnCNg6OqS+B8zzZmlrH2h2LUWcBNWR1TIR/D/6N1mfALuZ
Ih6AnmDU198FWcwqbo4Cc6JZ3gwDzaH100KBxWq4mAXyuiwo14F/n/pYbQefUsuxQHNp0eIM
8B3nxC8g18hbcjOI0SpClAF/om+UeRBoI8qLHUAVcVC1BStRrZS5QB+iJ2nbgVNiuKoKspn1
jlURVH3VFQ3kEmullQf0XEYPYzOodWq/FKDVFJPZCkZuo75+HdQwFa26gL5LXGY66O8bM/kE
zDetD9VAYJXKTyBYLay6VhxoPxqGthuoxSy5Gcx+8pQyQIs15mi5wQxTfrkDmGoeVnXAjDKf
yFVwt8O9gKfPgFvaevUIxFLtDRkN9iv2i/rr4L/h93mLgbXPeksuAH2P3txYAipMhUhAfG91
1AaBXCyGUQ/0HmSqLSA/Un2MD0DdlY+VDrFfx49IqgrBUUEVAxZD9g/C33Q4QcvFRft7oHcS
2cUH4E9PX5Y2HYzO9quB4//q8M4iiyyyyCKLLP5IXjpxLj4k+uPqW2CA6tBqRDQEBIcVc30K
8QOeHH5WENLyxhUMugxXu9+7crsoPHnyNODRbdBW2wtH5IOttmMl9/QH92T9u4AhkPSFf8z9
CHjcyNf65hFI/y4tKmMipKSlHX2yGoKSfesDJkOevrley94EwqpGW7kzwLs5s7OvJ/CUnk4P
6MMj9xUwgPqZXz3bCdpxa78VDWZZbbgoB9pudYfTQBVZyuMHY1BIckAS6Hr0rMCeEHG5xhcV
2sOzAE+edBs8OHH6p5OdILZvit+TCzLfE0uNYHBUkuOs+5BxIuNImglJmRljU5aCr6UcbfUA
vbeZpExQy9Ua5oK/lD9WvgX+UZbHSgftK8L0JUA6d2kI1nb/UmsfyKcy0dwMxljtmP4eiJza
MDEV/JXNzmYpED9SS5QB8UA+VE5Q/UWy6AdWdjVSDQMxhkHqOqhKvI0H1BnRgXagjxChCJD5
5Xa1GNQdbQX3+bfnj34PYrPWShwDsUVMpgCo8+Y9FQvUV+2oA4bP+MEIB7FOs4viQE2mqisg
qoqiIgRkH1latgAxm9fVMrDGU5/l4N/vMVRnkKXVOZUX7CuM5VoBkL/IkeJ7ILdqQiVQy8Q4
6oO6r+aocKCfKihPgriofqQ0qOxykNoP8i1O8xX458tdVj3QVxp9jEhQyN6yK8jX1W6rMahv
ZF51A9Rnqq3KD+pXtcqcCVo/MVXOAcbr3YyzYCtnq6QB1Pm3d+aa1c2nvu7gWG7fqOeBzGPe
z8VgiHnlafe4dhBwy/lKgBcCpTshfC34ksR4EQ6yqD/Oexzkr5n7tStAG9r+1UGeRRZZZJFF
Fln8Mbx04pxf5WmYay4c630u7WAz2H/9hGNvXng4KvGzmBBwrY6okTgZgjuH/uhqDYnaoxG+
mRDYzT3MGQqpuT1fPnwNUn+QR1OBPK2D+oVcgOBPQzIqpULgzmwZrlwgXDxRDqg8tuzq5qfh
uu1KvhM3Id+DYpMLlQPetu12tAXqmiU808BIConO/i2oqY4FrAYlrXVmbRCVxTUtFbTbarjV
AlRJJV33wVGp4FulG0DEgmyRhSwIGJZ9R+Ev4fykld8uGgOPY+5+fG83JI6xSvIGWFtEJtPB
uzxzVPpIMMO10dQGb7q/qbUQ5A8ygdGg7sn35VKQjWSUXAXWBNVJbQCrgoyW7UG8oVVRl4DF
jKMEyH6quHwKagPfiM4gk3mqokEUV5VZDUSRl4agAqmocgMFxRR+APE2JVR1UKlygEoC9ojx
PAKth8okDrgseohoUJ9QVPsUZFvsZiaoifJ9agMlGCRWgXXIDFMnQf9aLyPCQH9ke1W7AWqj
6izigEFqmOoPbKcZk0AVlE61DWihRahVIE9b1eVdULmsg6IbiGzGW1oS2CvYo4QD+Mx+RLsH
Wm1zp/oArGl8LvODmiyfGauAI/TiS6AWeWUEWG3lHfUdoKu9RiSITdhEbpC9VAVzEKjR+JgF
lJVJVl4QHwu7kR/M+eZDOoBWUoSIgiAq0Ue+ASKvyi37gBzJLXEdrGmygtUGRBnTVFEgdXlN
dANrujlIVQDfa6IHNtDWGnW17PAsKSEocwg8rRMU+SwR3FOc8e4tYH8kZrkPQsZ7YonMD77d
mT95Q/49SK68fKBeu3bt2rVr/xOnhCyyyCKLLLL430uxYsWKFSv2j9d/6cR5f55La7cug/tn
EhYmDwJ3MXtPYy6Y96x9sjuInEnz7RZki4p4ElIFPJ9kcz6qA9m7+vKVKAePc6ZOjn0TAm7Z
I+2H4Pbap69YSyBoTnLVWANsbxlzTBcYDrfIeBt8u271VWvh6vIL7o0dINvYXKlmU6h6pvbJ
AZ9ARqlMe+Zw0B16KbcLRFP32Bw9gYcqRtUGrTaRDAC5X9hEDlAxJMhgEOuMX6NDwdk9+r59
MKR0ezD2zitwtv2BAgcrwbNPMyN8SZCxijliGrh3OELdIWDmET+IEEgv57mQGQj+BeZCuRzE
myJdOwJanJ7H6A/yTXOKbyJgJl8AAIAASURBVBdop2QbmQRanF5Wyw+ymbytfgXyUIMRIDTh
E9eAmWqq+gFwUJr3QElVWh0B8bmorn0MqpfqrlqBUd823qgD1nw5UL4OcqZsJL8EvYbIJqJA
u6Jd1dqCfCTD1EOQzanABrCl2t52FAezqpXLzAPSsibJNsCbyslIkEq2U08BmCSzg5aiVdd3
gvaxfk4/BFZBq4vVA/QSoqj4EVQumWlVBrVWPeYUIPWa4iTwqbDRH1QGFUkENc9XSgKytPWa
3AEqQXTQlwGX+FktBXVcvaEGABVop5aBumiVJhjEtyKHWRpEb03TTgLV1DVtHcg98oSsC+QW
8XwNYhR1ra3AWypJ/gj+V5glXwGxWy3VswN7KSEPg9ihv2XNAjXEGG0sBquc1U98D3pjzVCB
IJeqSC0V6CYKcxdsy0U1rT74y5pjLQckrE0cnFYBojqHOdNsENjXjf0eCLs5jdxgHjarCi/Q
jYf/DIGeRRZZZJFFFlm8PNrLNuBZ49sZ54UyjnwO2QrKNSjXIbU55Pglb0XxC8TGZV7wDYdr
A26OjM0GAS09140gUMeCez87DgWbFC9WuArExWZUVJ1BluRixmcQvyjt1PXv4cmV1I733oeE
8hkbHx2DM+fP9dpfGgIGRlYo3AyOcva1XdUhdUPsu7cHgWZ3TLQNAOsTlc18BHIPDZ3VgAa8
LfIA1Wis9gEVacj7oFWVy8UYkDW5Ib8CZjLNHw53ko6uOBoPMS3vBj2wQ/xw32L1HhifOG67
60PI9oDXA8eAvlT7VrsKMkQZ3AV7iiOvYyxoDbTT+m2Qi+UG6xvQ1mnfa4vBiDKKGSVBG6h1
1vaByIWN+yCuiZ3iQ9De0N7SPgSRVy+pu8CWy1bafgrUfXVKvQa2srayRn5wHnIedp4Dew9b
c7sPHLUdp5yp4Drm7OsaBdoKbbMxAPTX9PpGVzAuGqZ+D8R2UYCKoO3W3tFXg8vm+MaZE9zf
O685yoBzlv2KPT/YH+kjbEdBG6/Q3gS2WEXkLBD15XS1GGzZ9Q36WFCS2pwEK17N5irIz/iY
taDuyCh5CEQatagNViMzu8oPsp03p4oHuc/6SDsPqpY6RhMQ9YRTqwEsYDfvAKWYL56C+Fp8
pKeCiBGBYgswjwWsADrQTV0EUV28IixQ42UJ1QakXZbS2oGmazZ7T7BlGOvdR0BVkzu1q2A9
NSuwA5jIj/ooYKZcRQ2w1ppVZAxYwkyRNmCfeqCag1XUv9+8C9a3/mi5Fcwb1gizN8T3fTYj
rTwk3k2OSWsOtFNO70AwPtDeYgdYdWV2s9JfHd5ZZJFFFllkkcUfyUvPOLuGO086x0DKBu/U
1GaQM4M33N0hYLx6bL4BOWLCmjpTIOqcMSh4PuRtG2HX7sHNH1JWPVkIed51Vqn4HpSaU25V
nni4V/HBtXN3IO1IigwYDQa2L20FQb9m65oaBtpB74+OGRD2U7AWshxi7ySVyGgIO2rvrj07
Ejqu7Hx+WiFIv6f2GU1BaysS1CBQucUt9Q2QjQStG7BddFTtQFaho+oH2m6tvZEA/sZJ55Mr
wkX9RK+jJSF+aHpU+mJI96vh2nRw93a1CYgCbYd6bB0G/1jvYW9BwCXGiQ2gnRFvaQK0ZK22
jAFzju+SeQm0seKS5gHRyqio1wJ6qk7iaxBrSLY+BOVkn2oO1KOHOAjyfWUjBqRbVlKtQPta
W6Z/C7qmu/WGIJSQ2mGwdMtjDQWth75Fmwtio9ivHQV9qM0yfgG5R1aQR8AcZzUwr4AxUx+n
LwBriUyXZ4BJqii7wDZer6WlgLivpWg1QWusddNqgXXR7KR8QFUmqXTgpljGFBBTxGBxDoyZ
jrZ6IFgPPLd8p0HuNbObOUCrpgVoVYBU+blIAFlO5BXVQcxU5fkJVEW9l34fjOz694YLVLpK
kQWAgiwX0WBc1EYbrwPdBaoQ8JUYoY8GMYuPqQ/CoQ1SXUE85Im4B6K3Pk8UBPspR9mgYFAr
cIqaoM+js9YA8Kt5aafA/5VvZOYtkF9ZjTUJjJCfyIegbVLn2Q44xADVEmSoXGNOAX2t3tlI
BXFYFdFKg2u/a6hzCWhrjeaOq5A6Ob2odQx8C/2trFDQW+rBYieoWOX0LwI6/NUhnkUWWWSR
RRZZ/FG89Izz0x5x0ZnrwR7mmOrsBeEiMq5AG/A4tfjk02DrTik1Bsw19sWZRyA2zvtZYgHI
6J9RKHM7nK/4eO1P1+B67Ycfna8HKQnPGqjKYIt3jXVeB7cr/GjgYuAH84R+HFQXq5d1He4U
vWF/EA6pFRLP6b3g0V7r1J0UuL7i9tCFi8B9xXnR3gjkpzS0PMASzur7gLPitpJANrWUr4Fl
soP8EeyzbXWNDHg64mrNS+fgfpdbb996B57F+341g0GFiWk2Axwhjmd6S/Cs89XwnYeMOqbh
2wSygDov7eBb7qvsPwTWFGu36QTjsO2efT74l5jVrXWglHVMLgZHK1tZ7S5oB43uhgN0Q69j
nATbWFtzWyNwlLC9ZwsDznFOvQaUoZzqBAziXRqC2C62sQZUXZXXugGe7zJHZjwDfw9/qO9t
8Jc2H1n9wLSsgtYm0HPqpfVM0C6Kk9o00N4TVzgLSmOivATijDZOyw98rFapwUA6ZfkYxCIt
k7OgtohoPgBjqbHJOATmBDldbgC9uVoqaoNjuL28YzLorYwb9jqgRxpu/WtQlVRJUReUTU6Q
S0HGMIUCoM9lsK6BcV9rZQsCsZrS2qcgE6WdFmBttx7IEPD393cz14NtmdhhlADbIi3Adhrs
O+zvu++C/Ew2VyVBljG3yJ3gG5R5Je0r8L2TcSu1MmTUTW+YMhysV/yLzeoQUD9ID82EHFdz
xRUtBmFrwpfmOwWOLgH9I9aCOzS0abY+ELkrakq+ryD088gueQqBq3/IuMj+EFQrbGCOlpBt
f/T8nA6wfepaEVoS/N3N9XoFsH0hlloLwOgiahkf/9Xh/fsZXm94veH1oMPeDns77H2xfVqh
aYWmFfqrrfu/Q6VKlSpV+h1XLP5z+b+qv172uC/r91/l3z+L/v+q/LP3+5/F3zuesvjn4qUT
5zzHsnW0X4ScC3JHhMRATGbC9cRf4b7v3ojMffC0VfpjT0dIuOMJTJgGDzo9Pa2dAaOu1dnV
EDK/VrPTmoG3innUygMZef1lHX1B3EgplFwTtIE8S2kIVqwxSx8HGfEySM6AzBOyW8ocMFcZ
2+80ggdtn9msPLC459YpPxyGc01+DVoaD67LzhMBvcFcogp6vweyqzYiHFSEKid6gFghKui5
QI228ntvw83xpyqfWgDx3RIfJJWD1G6+x5hgu+W84JoPepS4pHWBjGmZ9TPeA+85dUUOBZVX
xIn1YJtom2ekgDFFb2abAvoGfbi2AuzV7VHGDpC31XdyN8gf1RzZBowORmf9DdCr67X1eqCN
0z7SJoFIE/dZCRzmPt+A+FasEFVBRsliagOIt0V37QOwVzYaOpzgPOd44BoC2lBtjfE5yGRV
j12gRerdNAM0n0jQ14DVzHpHamC8qzfSG4Aj1a45C4Exz3AbM0Fkane0aiAaC8QS4AgWn4C9
oFHZGAmEcokU0CqLV0VxoJ7aSADodjFFfxOMkfpivTKoDFlT9AQ1nPVyDlAVt/oUjF+NRK0Z
iBbiLotALrWKqemglsvH6gCIWCaIqUCyuKC1AX2ffs9eAXx7/GV9l0COszZbIeCdn3Ek7TH4
f/bv808GuVDOUN+BOCV6CgnqJ9XT+hYoJWrSErRcRh2jGlhFpEM9hqCzQfUC/ZDtaY5+uQtD
nnN5Bhe5D3nq5Pqo0FeQ99XcPfOOhHwrsidn/xXyn8zZNTIQsu8NXeZKh9CFju1Gfgi57H7H
2QyMmtpFrRdoncRwrT3oUdomrdtfHd6/n59Tfk75OQXWXF9zfc31F9vXha0LWxf2V1uXxW9x
+K3Dbx1+68Xnv6q/Xva4/9mPfzZ+y79/Fv3/Vfln7/c/i6xx8q/JSyfO5lVbumc+XGt++8ld
O5yddnXx1S0Q/WruWoFFIfOUynj6COJOJpRzVQXthghzbIK4Zend5ElIHJhcKHgL+FtYHSJ2
g6Nv2HvJtyCjur9X2hJ4tvt+rnQNkg89neAdD3KsdVktAk9A5hS9JjxNS+qS3ApiOydUiBkH
1wrHPE56F5ad2ttycjLEOK723jcJnLmd7YMagMwji5rdQawWu1Rb0G4bH2qLwXMrbmNsMbh7
49LhS88gsX3mbG8CpNW3pjAf7DVdXzj6gu9jf1HrDGTO9S3IjAazBhVIA2uR3G4NA6GJi7QA
eUg2l4DoxhpugLHb6G8sB9sAo4+hQD6V1dVNMN8wm5pbwcpuhVvNQNVRDdQAkPPld3INqMVy
sNwK6l1Vj29BFBQ+0RpYwFusBT7mvEwHFoi1qhqwmC/NISByss0ygNvqMftBdNO+0bKDvkS/
pbcBbZE+Q/8BbPONH42vQH2rtlEd+FEtFuVAs5iknQfhobzYBoxWmRwAVUyOVVdAX6a10wYD
36NpN8CaLBdba0B0FoM0DUQP0VO/APiIEa+CbYltp9EItBxagvYW2C/Yz9t/BfUAt5UE4jJV
VUtQ4fIz6ziYYWaKeQ7UavlANQb/D9ZQf3lIX+SdZs4Bc4k1hmDQn+prjPGAgRBvgL+F/01z
G/hn+udZB0FVV05rHZg9zT3+65DxS0brlO8hts7j0/faQsL8+EExsyGjc2rLuEcgU/2l0zZB
eq70tslHIKVRSt7kTpDuTr+R8QF43vfm9N+F1GLpfTPDINWTVit1NCSfTeuZlgL+41YL31Zw
tNNnyEt/XKD+lPBTwk8JL2aCW+dtnbd1Xmg5oeWElhNg05hNYzaNeVE+KSkpKSkJRo4cOXLk
SGiyqcmmJptelB/1xqg3Rr3xotyYmDExY2Je1O9fpX+V/lX+6/a+p/qe6nsKunbt2rVrV7jy
6pVXr7z6Yn/v3r179+4NkyZNmjRp0ovtWx5tebTlEXzS5JMmnzSBnTt37ty5E9q1a9euXbsX
/jRr1qxZs2aw5PyS80vO/1cdns/ErLi84vKKy9AptVNqp1RIS0tLS0uDIUOGDBkyBJrnbJ6z
eU4YuHjg4oGLX/j5t/ij7YrPG583Pi8M0AfoA3Ro1apVq1atXuy/tPzS8kvLf9ueKc+mPJvy
DFpsa7GtxTaYU3ZO2Tll/2u5GstqLKux7Lf76/fq83vt/q3j/l6e+/HcnudXQBo0aNCgQYMX
43fu8bnH5x5/Ue8f7f/n/TbLO8s7y/ui/Xnz5s2bN+/v9+9v6T9x+8TtE7fD1q1bt27d+mK/
ddw6bh2Hxg8aP2j8AJ7tfrb72e6/X6/fG+f/2e/Zh2cfnn34Rb1uJbuV7FYSHmZ7mO1htj9f
15ft9z9Lp5c9D/yt7X9vvPy98Z/F/ywvnTj7S1oxwRPAH5/gtA2EgAjpC2kL2c67if4aSkRH
bYi8A65sAbak/pB6V+v/pDEYK+wVE6YBd9OGxhvgrWj2Sm0BJIkvMjxgzQqsknwOAjc6fa4n
EBCt17cPBSqYGz1bwbEzqJdnFPg+8pW3PYOYJjFXtJPg+TBztqcmGPVCmkf+BIuqb7gzbAak
zorpd/koGCMc7wXcBxll9vMfAA4ZQ7QQSGh4p/TtyvDg3qPgh/sgMSkz0l8NrKdaVf0I2DLt
J2z9wJPm6+19Ahnj/WW8LUBUFB4xDVQB64J8DJZmNjBLgmxOO7kTVBnrA3kHSJIN5bugDRE3
hQaimfpYrARZSLpkPuAgx9WbIC/JC1Y1EENFTwHocXqmiAXNojZtQD21ClmvgXXcTPQdAvOZ
XCVbgsqt/CovMFQVYDm4GjgMZzzYN9o62sLBnsem7JFgb2crZa8Loph8pioDr6tSzAe9rz5Q
bwPijvaFWAhaglZFGw16Ty1c2w58RzA3QQ6Ut2Uw0Jxc9AJ5Xm1Wi4AfxAX2AUliCrXAwPDY
C4LxtlHZ4QRHI4cjIBNcn7vigmqBy+vqG3wRXA3cW4IagONje3H3FgiuHbgvrDgEtQi+E94c
rPFWhHUP5HmusguCloVMCZ8BRgdHJecuUKW5zY/gDzQ7mdFgHbOKSS/IOFlL1QRPWMbl9B7g
/8QXmmkHs6M3X0Yf8GxKvZnUGZ64Yic/ugR337uz6IYT7nz+YMC9kxDTJm5+0jRI6e7d4C8B
ycu9x0iBmEGJfTOrQdz+zNb+SEhsnZ5iHob48OS3vD9B5iFfW2sXaLexyUZ/XKBOyD0h94Tc
ML3T9E7TO8GG+xvub7gP8/vO7zu/LxzocqDLgS4vyk/dPXX31N0QdT/qftR92Ppo66Otj2Dj
g40PNj6AnONyjss5Dj7r8FmHzzrAhFwTck3I9aL+gooLKi6o+Nvbq9ur26vb4eT8k/NPzgff
bN9s32yIj4+Pj4+Hc4vPLT63+EW90/1P9z/dH2pcqHGhxgVYfX319dXXoU+FPhX6VHjhz9Lz
S88vPQ9zT8w9MffE39Zl1cpVK1etfPGF/PwL6nmiXntV7VW1V8FXv3z1y1e//O32/mi7Piv8
WeHPCsOrV1698uoV2Lhx48aNG+HdJe8ueXcJfFnsy2Jf/n+ellK3Tt06devA4qqLqy6uCitW
rli5YuX/Z5z8Rn/9Xn1+r92/ddx/lOcJQ2hoaGho6ItEZkPUhqgNUZDaKbVTaqcX5V+2/yuL
yqKygEVnFp1ZdAaW1VxWc1nN3+/fb5Vr1KhRo0aNYHeB3QV2F3ix/+jRo0ePHoXiXYp3Kd4F
It6IeCPijb9fp98b5/+ZyIaRDSMbwvaW21tubwn11tRbU28NTPt52s/Tfv7zdX3Zfv+zdPqj
zgO/xd87nn5v/GfxP8NLJ87Oif63/DshfGHw2oAWEOkK3mnrAVoRudqqCskrrHTXPjCayxuq
IYSONnZF5ALHQscK6xR4Tmp5YjeBr7x/c1Iy+FLT8wRFQL5Twf1zpIKzmrplNgHbzbR5ejy4
TloFHRXANtn1vboHEU9yTLSXhcjIiMrmcMjpDZ8dUAIyjsXbNDvEtPVMzTwCq66t6/BhPyAp
XSXVBjHPNszdCoytqiatIPbEg6bXi8OzYomt0jyQ9NTcIg+Dns0mjP4gxosq2kxIL5T5OLUz
eJeZqb5pIEZYLeR3gEldsQL4Tg4RVUAfyvvaG6DOMc08BVZu+ZkZB1ZHy2/9CCxgNJVBNpNd
1GrQHFqqFg7ah+J1VoCtt/GueBXUdPZq5UAvaJyw9QNxSRupR4B1Q+ZlKhBNktoLor1opNUC
hoqJ+kSw6ql59AD1lZyCE6z15sf+H0B7KjaJLaAP0D/WKwJdaMx1ED1EB9EN9OW6V78IdBfB
7ABtrl5d7wfc1ZKEDcRscY0WoK3jOAtBN/VZHAFjrbZDuwjiqqoohoDRxv61cRaip+ZqlH8E
5Lico1URNwRNCLkfmR9C10SmZWsAUd7sv+SrBVG5c5bKGwyh57KViy4A0c1zRBUYDc7z7vFh
6RD9dY6ZhTqCtsRw6R+Dtduc5Z0I5kh/rClBfmIdNj8D+am1zb8H1CprnzwLch1TtfIgCpIs
h4KZbgWbjcFdLvh66F6wj3YMdLUGq7GqbtWG9Fupu5LPge89z4qMiiCnyS+sVWDbadvtGA+u
Vu46YXPAucRRKiQHyDdEO9c9SB9lHnD8AGlrfdmZBipEe08f/McF6vMvoDFbxmwZswWWLl26
dOlSiI2NjY2NhS+/+PKLL794Uf5wj8M9DveAXkd7He11FLR3tHe0d0AsFAvFQugxu8fsHrPh
0FuH3jr0D1wifZ4An1pwasGpBXB58OXBlwdDZa2yVlkD45xxzjgHCVMTpiZMhTPaGe2MBtWq
VatWrRosrra42uJqEP59+Pfh38PaEWtHrB0Bc07MOTHnBMi5cq6c+9vHb9+ufbv27V749XyJ
ScttLbe13PaiXJu4NnFt4uDYnGNzjs3523790XY9T4z+s101l9ZcWnMpzOk5p+ecnr/d3vOE
JTIyMjIyEvw9/T39/5/yv8Xv1edl7X5Znl+6fz7jbRiGYRgvdH2e0Pyj/v0XnftV6lepH0Rt
iNoQteEf1/m3qDi/4vyK8+H2h7c/vP0hpHye8nnK57Bt/Lbx28ZDi8ctHrd4/A/o9JJx3jxH
8xzNc/wHveLbxLeJh9P9Tvc73e9/Xtff2+9/lk4vex74o/ij4j+LP5aXfqqGY5xxVqsIaQe8
wbY2IEOMYLsXPDPMx1Y6GE7HtvQxoHaYR9QMEJXkNc834C6AjbEQO9C66ewDjsHG3syF4Biv
fW1fAKnrk0cQDPKot1X6NrAma+3cOSBoZM7KjkRIvZJWMaA6PPnZ8zi9P4Tcc67Sv4eQRhwL
OAjOCzmHJceBp11Kj6A4ONk1ZvyjZVCq8+52i6vAq8UbNu27EcR7ul+MgJi816fci4ZET2aG
51XwXjQ3mAXBVS7wQ1cpkKfVIDUcPMM8iZ5bwD02iiNgVVaTrSlAbzVOewByszqt5oMYwfcs
B/bgVOtBbZXLVXvgqWii1oDYrfnEUjD6GY2N90HOkTNVGOjKaG28A/JjmS53ghgg3KI06Cv1
dVobkEflUXUQGKN2UxS0kezWPwMtt9A0PxinjWeiPpjPzNHmAxDF9SJ6KmgZopL4CrSp2k/i
KfBYuPWLwPtiAE9AF0ZFIy9oty1hnQB+VI+JBLVXy6Xugaiq+usDQJQUIeIwaAeoRH5Qc4gS
LUDcFX6bBwK/DbkRcgacxwNU8BYwc5vHrOuQ/G7yuidngbVWfHpV8H6dXjl+Cgibnsv5CNQh
ecHsDOZ0s5hvMugD9ZxJ4yFocuBO50Dwts0ckOmE1Kop7yf2B3nKV84/A6zSZpR3OKjXqSrf
BDVeTNGWA2fFaO0KiJ95oqqAGWK9I8LA8YM7MUSCY577i+BRkPFmBnE2MM9aIf7aEHYv2JMt
AUI/DeuZIxLEJ3oB+oAoZeC8DEZ1WyVXeVAZqjQNwUg3yhiXwCgsZ2S+AeY139sZZ8HsaGkM
Bdb/MYE6vdj0YtOLwbVb125duwXnh54fen4oLP518a+LfwWGMIQhMItZzAJUBVVBVQBjp7HT
2Plf2xOnxClxCuQD+UA+ALrQhS5/vz1ljpQ5UuYIXN92fdv1bXCy9MnSJ0tD+S3lt5TfAvYT
9hP2E7Cr7a62u9pC0IqgFUErIOxy2OWwy/BejfdqvFcDonZG7Yza+WJmpVatWrVq1YLNbGbz
/+f4zsvOy87LLz7H5YvLF5cP6m6vu73udqASlagE2LFjBzFVTBVT/7Zfzy9J/1F2WXOtudZc
kG1lW/nfvEPy+Q+f/OQn/3/Tnm2JbYltyUsMnH9Qn5e1+2URp8VpcRpoSlOa/jf7/338Ek44
4S/f/3+Uzr/F80St3ox6M+rNgM1vbn5z85twdvHZxWcXw4RPJnwy4ZPf3+4fHefaQm2htvBF
u//Tuv7efv+zdBoih8gh8h8/Dzzn+ZW4f5Q/e1xm8Y/x0jPOie7U163uIMfqEb4e4H/H7EwK
PN4UNzzzczCnpws9D4TV0A9H3oToiJCbaW7QY6zjYhFk2xPYJGQyZGsa8b6YCbZ6tnrxAyAq
KnyPrSS43wrK5ugHgR85GrMJ4uekH048Cma2YF/yEogakntqpoKIV0IWuUuAtsk5ii8hrXBy
NyaB54k32P8u+Pa7rmW2gzUhx7uv7QE7S28JW7QYvK8+XnUnCB41v+d6mBOSO/tC/EUgY5v1
qRwHenNbN9vX4O9pFvTvBs8oX6ZvOKiSDNVnAavoqlUF6VCz5AhQfUlS/UEFqhPqFlj1ZJxa
B0zQHmptQfysb9beB7WA0nwAWlvmibog5qqn3AaziHncPA5yqApSd0CdVb+og2CtsqbJBYCb
DBTIk3K/3Amqt+ot3wZ9oj5bGwZaW62jaAj6aH289g1o34kF4i3Qn+gx+mbQdmo7tamgTReT
RBGwVbANsn0GRhttk14YjFL6NCMeDLfxmlEPjHQj0VYO7DXslxy7wLbeKGwPBjVVxIqcYM/t
CLIbENAg+H7QObAPcu505gPVRE6VX0JaoWeLY08Bvfwz0yuDdk3kNgoDk9Ql7QHoFzjhGwBa
NTXPGge261pvrTjYe9ie6ToEzAh2hp2E8HqRZ7Mtg3zRBYYWewrRrfP8UBjIU7rQ9VdCIe/p
wnMqVIOcUwu8W/ZDyHWl4KyysyDH13m/KfEz5KlUKKV8RShgFJlfYRXo9e0FQqtB4JXwIdm8
UKTqK0NePQRh2XMGl7gOroXhzyLTISAsuG9YCRCvG21sJcC6z2o+AH2psVzfBiokvV3cHkjL
n/DFwy8gs2v6kMztYFW3FqiAPy5QO3ze4fMOn7+YAWmf2D6xfSJ8eOvDWx/egnPfnvv23Lcv
yj9fM7hs0LJBywaB6qP6qD4v/i5ZumTpkqUvvgj+Xp7Xfz4TVCK9RHqJdPix4Y8Nf2wI5WV5
WV6+mGFbXmt5reW1oPqF6heqX3jRztmzZ8+ePQsDzw08N/DciyUBD7I9yPYg2384YAUq8HfM
MOUan2t8rvGwvObymstrwsmTJ0+ePAmbm25uurkpjBo5auSokX+7nT/aruczRv95DfoJdUKd
UPBJ9k+yf5L9jxsnv9Vfv1efl7X7+XGfE7M5ZnPM35Np/Ds1B9UcVHPQizWtpmmapvlipm+B
WCAWiBfl/6j+/726/t5yz5dszLHmWHMsqHej3o16N8A4b5w3/ps1s39Lt5eN8y2Ptzze8h9m
utdHrY9aHwUVTlY4WeHk/7yuv7ff/yyd/tHzgO287bzt/Isla6f6nep3qt/vHye/l98bX1m8
HC+/VONKdExiZbC/66r/LBrEUmGaH0LaB97hySXBnum7a1sLRduFzMs5HIqlhvkKr4eg2Bw9
7evBk5K+Rh4FcSztl5DOICaIjID68GRZ+iMrDXxvJlWxr4ewruErHX0hqHLOud5RkHjxWfXM
MkDrpAbuaZD+VM/nnw/pqem9naXB+YvwBW+AiKhIka0FBLjVF47zkHTUv+JJfvi16vW4fcVg
16adNw4shZjRKaU8OSC9mreBfytIm8gn74BR23jdaAXeTmYlvwb+slY9/6dgllZb1Eywhptf
yuMgG6sMRoG8KSeSAv4O1nhLgrqs8rEVrNZWb+td8K3wHfYdBzVQzVcfgdgmnokPQU6W86xi
IHOrPnIf+Ar7dvr3gukyV5sNwOxr7vYPAfMt8yf/bKAqEykMlludtyJAXlUj1Gaw7qpxzAU5
TP1IB2A1h1ROYCUTGQUCcVo8BRpSh2dgFTAfmyuAD9Q4uQm0RK2PiAZtovZIOwTaG9wXC0Fr
Iebo50BvajS31QencI4NSAfHN64Swe2Aflqy8zPQwsVYoyp4J6TnTRsAcjo/+mygKuj3tHQQ
SvPa54Hxg35X1AZjs243vgNXSfeekHUQcDx0bTYF4Z9GbcvdD0JyBX0QNhwCogJ+DvocXD0D
SwW3htD3oubnHAQhlSMG5agI4duyvZ3HDpFfZC+SdxOEv5Lt3VxrIVvOnAvzOyC7lrtbnsrg
GO6oZzsD7l8dW7T+EJ0t2we5v4WA8e4p7p0Q2Mbttt8HPRuVWQjWKCnUayDeZ51cCSHTAk/Y
z4F9hXhD3QH5rjHSfgxcAyOb5rSBLXfQrFz1QUwUQwPMPy5Q3zr01qG3DkHv8r3L9y4PreNa
x7WOg8HLBy8fvBw+/vjjjz/+D4+/Gx0xOmJ0BNz76N5H9z6Clq1atmrZ6sXf5yfa5zfF/C1K
HCxxsMRB6NK1S9cuXV9sr3GxxsUaF1/MFOWIyRGTIwYqnKhwosIJiMsblzcu74ulHc95fnPR
85sJe/p7+nv64YQ8IU/IF8eb0X1G9xnd/7Z948aNGzduHEzcMXHHxB0vbuYZVm9YvWH1IF/b
fG3ztf3b7fzRdo1+ffTro1+H/fv379+//8XNVV90+qLTF51e3Kz0R/Of++v36vOP2v1b46TL
9C7Tu0z/++1/3n5C+4T2Ce2hcbbG2RpnezHuc2zJsSXHlj++/3+vrr+3XMmDJQ+WPAhOp9Pp
dP7tJRp/S7eXjfPbr99+/fbrL25O3J1/d/7d+WFEyIiQESH/c7r+o/3+Z+n0j54HupXoVqJb
Ceg1p9ecXnPgiP+I/4j/5cfT3+L3xlcWL4f4t7VsSlWtWrVq1aq/v4Ger4y5UWYHVAgtvLVK
Q/DEmyd9v8Dxo1cfHj4LIWvdgwI+guwVg6vmfgzyibbD9hY8e/jkjdiTcHX+nbLJjSHqq+yH
bJeh7MXoN/Mdh3stn/X2+iG4NbXlAIhrY0xIGQYBjvChZhvQLlpV1Xx4tCK5grcuhPUWe3LP
A3k/bVzGAYiemuOjiCQIvmTfmnkVksqluzxe8G8wdidNgwLnw8tV6wtF74Z7Grhg05lFfRct
gbMV7pe9ex4y31Wd7Ysg59Hc4wokQlpC+vfJP8KDqY8a3dsBVhFR2LgN8qDlUN0BjYLqAoiO
XGIJyCglZQlQO9Ux1QNEftFKdAR5SO6WW0DLpw/RqoO2WpzV54O6an2gHgMu0U89AvkOn4pJ
IA/IS9Yx0D7HQzOgslojWoGooZ0UI0F4tWuYYCtm4GwC4o5YTF/QPtZi1UXQ+mq79fWgxegb
HBPB+NW4pQ8AI9K46ugKajIF5DpQF1Wm8oDzoPOs+y7YDUc2d3vQH2ql9PKgZdOH2I+BLc3+
viMHaInGI70bWLvEW2wCrZK4Y9sHXJFR8hp4Yz2vpc8EtjLBegdcfZ3dnU9ArrCO+dqA+bFn
ZOYXYFQzNtuHgKhs22L/GMR0fYV9Nqh5rNDfAmnJnHIlqMMi0tBAPNCWajtAbpN7zXngWZJ5
P7UTaIFsVymg6hGsdQV/rGyml4PM8an5Ek+Bd4A/M/NdCO8dXj3yPQicHpgW+Ql4Z3sDMkuB
eUw+zhgPtiXaJn0n2Aq5RoTXB2+Ct4NvJYR+4MKYD9puvvaPgaQ6qb60z0FfZ78fdB/0wlpT
EkD7iXNmIchbKVuyIxAWORefWXjgrw7zLLL4a+nRo0ePHj1erM3/v8bzGdMz+hn9jP7iB8jq
oNVBq4N+u96fpdvzKwrPZ5D/1fm/Pr7+r/v/P8WxY8eOHTv2B6xxfvJVUkHdD0e/vpXzylFQ
23z3UkdD5MCAz91BoJlBv2rHIP6p/XrcBjiVeizu2SkIrOo6LA6Bo62qqreHiNmERYwHvUhg
PjkeCp5167Yz8PDY/XsJyWButE9Ozw3JAzK+8dcGo6A8GBAF7qG6sn0DvsLeVLUC3BtDh4h9
kFZILH3cGp4EJV02S4Bjq6NfYGkIGiHzBk6ByiOLbn/tIVhaUhvHZEjMk3IgdSx4PrAqWfVB
+9GoLl4HsVU/po6A1+Z9w98crOrmEmUDFWeUlgLUUjletgAVqXKrc6CqMkRlB3lM7VcJoF8S
3+g2IDd7aQWqsLpDPPC27CV+AmuM+tESQB08CuCqaiy+AnVChOMAbZC2n3agRYn39IPAPXVF
JIIKUoflEqCNqCCqgvWKyitzg6u347Q7HPQpxtu6DvaxzncDbkLw3JDHkTdB/CTeUx7QRoj+
Ng2k3eruWwFSWmflr+C46bQ754NRxDHMuQTUPdHJ1hL0DH2kLsB2VN9gvAFmsizpqwHCazXw
vQGqhrKs10B71QjUfRBwNOijgDSQg/xrrNFAguzi6w5C8IBh4LgS2DbUD0Z2o6URCXov4zvn
PZC/Wt+q4SCOiubqCsg27FcTwWxsvmm9BvKieSKzBMiV3pIZ+8DeUAVYl8B32wojCbyf+Oeb
+SBJS/g2sQSkf5Xxc2IOMAbSXH0Mpubpmf4LyJo5bsgu4CzrKub0g7nHZ6kNICppG9Uc8P+Q
niN5DKip6m19GDzb4a2V7gG5VBYzW4N4237SvgPsOaxJnh/BGmPeVE8gNG/gl4EVwOiPW78C
LP2rQz2LLP56/q9/oW+bsG3CtgkwPX16+vR0mDJ7yuwps4ELXODCb9f7v67b38v/dZ3+r/v/
P81LJ855n0Qv1d6F5B6ew7G9IWS3vsJdHyI6GwGu5ZBoy8id1hi8o40D5vtQWhYNC7Qgo7K1
SA0AI0X/0TkZHE9TL9k+Alkl0+NvAKEy9Fzgp+DM9LSzJkFAkPgy12jwrnW+9/QxeM9ZMzMP
Abv8jV1tQMxncGIseKqY3Y0LYGzQyhgahA2N7BD+K3iuuM97hoD8OHGw6yxEfhJizx8Jv1w+
3G3/XvAdZg47wOxkfiHHge1He2nRAZgv2hMK/inWIDMc7KEuGTADbBfdYUFJYMb6h6mrwBlc
IgScE1xO90lwDHdccJYBWdS6afYF/z5T+XOCdk0fr/cDoeitfQfWN1Yn8x3QzmmvqwywXbXH
BdUCaRe3ZSVglYoV34Mx19bAsQJ4pgqxD6xwf07vAdCHiIpWWTCW2Pz2omDEGdXsBUH/0LDb
DGCxJrQPwVbYNtbdHOQvKGsXGIO1bcY7ILrSS3UGvYo+Rw8D6x150swLfMIdrS+IcWIdZ4GN
qrZ6CKql6mu+CkYHzqvdoLvsb7sqgpWk2mv3QczSW+jHwXzHX9vfE9TXJFId7O/ZhjlKg2uv
8037KfBeNeeqxiCXyFTTBmqw/NyKAu2maIsXRAI3rGCwXiFd6wnWLauX7AQcU6+qAhB4OCDc
/QjUXHOz/BxiT8Q540ZBguvZoCfdwNfW+2rabZC/Wj/JFpB5yp9bPgS5mL1aEMSfjGsbOxIC
ZrsHheQDRydXROBNSD6a+mlCfnC+7vbby4N4oE9wrgN/qne/ty44xuhBti5g+9n8RTsGGYn+
XOlzwF0wsGTIMkiendotLQACT+uhtil/dXhnkUUW/ww0f9z8cfPH0JzmNP+rjQE23t94f+P9
v9qKLLL41+Tln+O8OzXCkwvydQtfkx0ILOoo4b4HaeX1FDMc9PnmTT0eImKMggF1IDxfvrPW
e+Cs6syuNYLI5rly5jwI8botJqkEPCn0pLj9ABS6EVymbCRk06OLhi6BCE/QNa+EiE6O9Ohe
oH1CH3tj4Bar1RbwP8tsr34FxxjbXKMvuAs4muhfgXebs9bT+ZDQMu7qnd3wSokCt8pvADFG
C6IxPCgZe+rWAPB/KC9YLpCX5Wt8C+IDrbGWDLKgLCB6gRZvdNUfQ2iVyENRWyCqQPalBQIh
V7cCN4oGQ869+SoWNiGsS7YHuRtBgCcsKHopBH4T8V6OWxCsR13P0xxCD0RXyu+CYDPqtbzv
QkiriK9zLoPA0NCGUW4I6hq2K/t6CIoMbR99AILPhF2MqgSuakGXwh6C6/2gTuFHIahI2PBs
e8E9OmR6dBGwLwi4HLYe9JyuVsH1QJSzdw7IB/bdznKBu0H/2Z7img32eo5rAStAH2v3uIKA
Jo657l9ArtXq6LNAq6rvs/cGrY3+0GYDx7u2+45V4HzojHPtBqudPCpzgphoVDW+BlFT/0nb
AUasLae+GUSciNXCwDnNecY9DgJaB2QPTAWnO8AW0gfU2yKXbStog6xe8iEY90QcCcA2+YpH
B1+Mt2hyU/Bkz+yb9g2kv5a8IGkweDpndkwPBO2BtlSbBdpyY7t9NFjz5BRfTYjqFHrWtQSy
F4ksGlYHtHe1pQ4DnPecXV2dIfuNfIH57JDtbJ7jeT6C0KahVUO3QnBAcMnAamB76LhjREBo
o9AK4Y8gsnxoz+h6YLe0C/JnMIoYJ7VyIM9qPpEE1gwx0BwOjn72+sYyYDwf0RzMj0Vvvgf/
ULaQ9crULLLI4p+Q3E9zP8399K+2Ioss/jV56Rln23vm56FjQLZL+NnWAp529C7JXANGZJgn
sxykFmS3tR2sfbFfePdCWGX3fCMJHBv177RASBqjDt1JA1dESG/3Hkg/6JmSshqOL7p44iRg
fGCfoPcF1+7gevQBz7jUZLM5mBWpzrcQEB/4WKsDtgaew+5I8HfKuOfLAG/2sA5GE7BNzAgO
fB0ibcY3qhMUK5Y7V7WmoAZnjtAywdghfxa1wNvU7GvlA39J9VC9C66W+mgegSrKSlUBKMgx
YywYx+1Lg98Bq6Zc538K/oUZQzLOg2qvmqkLoH1tDLb3A/2Y/VZgLtAX62Vci0EbqLfxmqAG
mResZiAq0dRqB6KFnp8aYEvTlwW4Qa1W3/nLgawq68jSoDUSNmMhyExKWw2BiaK+th+c6c4+
QTYQDrVWHgVL8QEBwOeilBwDxiv/9tQNfYqYqDoDT3B7LRDtWKGvAHGZeNUajNaylfkdSNOX
kjYDaK59YL8DWmE9yXgXrElmTvwg29OU3sBENUA1AxqoXSICrHNWEysbWNXMW5mDwWpsbmY4
+K74H3smQ8bM5MSEbOC45PzK0QWcPZwDXPshwAjZGNkLRLCYZkwGra/s7B0FcrjaKgqCPK0G
0gccE/Vs2n7IqOqt5e8Hifbk9anpgCeolWsK2C7r3+nzIPBE0IHQCxCyK3J69jOgu9xPogeD
ds+IpinorziG2qqAPtsapQBVX1RQk0GbZQTa4gFLH+AaBv6wzEXpG8BzLKNlqgPCJgW1DNoI
ehG9lL0HZIzxfpGxBqyOxOo7wSxmWnwKeiG9hlOAvsQ+gxJASWOz0R+Al7jlI4ssssgiiyyy
+GfipRPnx6cTvk2dA3fG6HsTOoD+Y1Ap3gNn94yGgV1Auj1vqZ8hbYPPlpkM0uN56uwM0eNd
d/O5If6ztMSr56FQLcdbzkKQEWG8auSGpLHewlZXsNJSe2Tsg6DSeXr5JoCrmfM772VIP3Bu
gmcL+GvaSxkmRK8KehY2ANytaeRcCxGd9DXuA5D2wNc/thXU3ljB2/A6FNgWMbTY93DXeeXh
1ezgfVedlRpY0WKkVQKs5awwr4CqJ4cZu0EVUsNEQ8AjgvVCoL1uW+SqCeptLZ9xCRzlXLOC
roN/jb+gbyoYjezRxqugVRf3jcYgy5g1MhsAocRaTYFPZJr4CLQrejvREYgRM41eYPxqb+zq
B9Y6lchWsBeyT7JpoK6aKdY1UN9a7bkHhs9YIZaD71vzREYsyFnqgWMoGNMYpr4F1d4aklkD
/FXkeX9f8I0zx3vygGikHVTfgHOwY0NgX/B86c2ZMQroqhWgIRif8aYjAShk5PAXBBFgvUUP
0E09hzEcrCGW1/8myD7mK/4boJdlhrwCnp4ZpdOaQ/Ka5FrP9oL3be80T3GwlpqveQqAPZet
kzECvNO8F0V5SI9MHqGNBO8V79jMniB9muWYDDSTA/y9ILNxWkraSgh6FPxr0CJw3AsifA84
ljmuOSqALdxWwCbB3KeqWRXBVcQ1wPkhGI1cbwXeAXO62k9eiLyRo579K/Auytjufw/8tf1x
nh9AxAivvzx4O2bWTasFcjy/isOg/aAdSG0P3lcz66fWgaBKYSNCbOAeGDgl8CikF0lpnnYF
xH4r1VwDxiphJxS8fbwOGoKvT+bx5BsgfXo2MiFokF48IMc/GFRZZJFFFllkkcU/JS+dODu7
u1ulNQFHprO4633ITDL7yl0Q0sjRMKAsFNqVv5G7BFzP8eBSwjPwHM74Wr8DaW08kbHXwb7Z
+b2WE5L2poUbP4LZLHOWdQXSb2mlM3ODq4heKuhXEJcfrM9wQkrnzCd+A/xXzJ2BB8HrtMp5
skHe9NAtvtuQ660q1cJ+AO20q0Xi61Cqr9m88j2o1KTY6I6NwV0hsHRUHDgPKfN6DOjtzvQU
98Fcbg4RT0HfJfOKi2B1FKN9U0HmVmVkf6CDWmXlBbVMbpLXwfaZrajRHHzvyn5WGdAbOcc7
E0HbaDSyvQFijpyjtoLoYubwJ4H5q9VNXgCpqUnmKdAvqmy2AWD71f6dvSj4v/cPsCYA68Qu
bQCYB31tzAWgdSC7tgqsPv5HyYvAVzqzqK8L6F30Z+6JICrbi2h7QFb2x3k/BDXOKuivA9ZV
LsiloOVVmTII7Jdta+3jwGPLDEoPAjOnWTNjDxhvG2ttUeBbY51Vn4Nvs3ebvxDY5xuaYyxo
p7Wy+lGwFppnvXvAWdx2Xt8JnsS0gSnTIK1LaouEcSDnmYus22C+7eubcRN0r5Zo3ARZgoLi
NJhvm3ssJ4gWaqg/N2R8+bTxYwMc0e7VAfdA28UQ4Qcrxp/pT4b4Zs+eZW4Fdwf/aCsMjJm2
V52hoI3SthhLwdHFMd7uBGuAWGwMh5Qq3onWSJBh6iY+8M82x/uzgzHDvsl4AGKn9YlWDXyf
+H8xr4NvoG+Ybyx4G2VWTt0LenZju2Mo6H4tm2oG5vs+5RsCj1c9ufY0FNLDUrSk1mAvqldR
hcCxxnkjsCfYGhofBbjBWzXzauZnYNzXuzkAbas87q0CtABS/uowzyKLLLLIIoss/gheOnG2
jpnLbWUh6qKrtFPCo6TUdv71YGjK6WoNme38feUeyPw0ca5NQPCZ4ILB6XC7b0y2B/fB3zYz
Te8OQQFB35idQenyrj4SxG2rc9JskJv1sfpPkPDZo8ladYh+L+xb5xIIrJNnuawC2q3Uge5e
ENTBHpNmgL/gvbJyAnRq2Kz6pD5Q+Nt8NepMA1+IWZhPQS+gDbAiQBxMmBj0ENj27IC/ENgH
2Crbb4O1XL+jHoN2wepudAOxiyHiEMhbcrR/D2TuTT0RXxPMMF9NVyhofbV4PR7kj8ZDZxOQ
94xxjrmgJlivqmLgWOis7ywP9jB9qv1TyCzsaZdyGFRzhhEE/gvWDusA6MLW28gL4ks53tcb
ZD1fR+8FwKV31EeBJyPteOoVkM2sG+YdsMc5S6ok8PnTbj+tAY45ztecjyBwSnD3sN6g79PK
2laCOdq6ZTnA18C3xlMc9Pu2JO0rEBU5Z+0BbY6x2HEd/K2UK/M8GA1opXWCpGYJu2IzwNZA
T9GOg8wur5vnIXMBK5QN5GtyqlUI9E/1VD0I6MZRrRuI7mIuJpgl5SjrMOjB5gnxAfgbmPOs
wiBbyi3+qSDj5F0xFGQMK8QooByNxUqwX7Btt78H1m0OqljwD1VnUaAPFk20aaAyFKo6qBi1
Tc0GXwtvon82yPZarOUD+0f2Y447YIb66sgU8C42KyV9CSLWXO+vClolvae4C8aXwmvkAGNa
SMvw8eAODfVG7wNuy/fVClAjzWlmLZDFfd9ak8A1y70OCcJHNf9HQCftF3s60FwsExsgqEDQ
7fAvwL/He90qDyndnzmfDAeS/uoQzyKLLLLIIoss/ihe+uZAo7HzovoZUhpZ4+L6grnSd9h7
AhKrJ2TP7AEXfNeGpxWA9CaOzTSGZ3d8jR5NgZw5wtarnJC9ZMRVbTGkP3VPybgG7GS56gpa
Dz3EdhfCu9v2+ieDo5VeVI6Fu6+mhSZdhNQx6eGmC7xd+MpbHsrcjx5e7wEMLNPuqzWXoMCE
vIXqLYOMO57b/kDw5fa/nvwtPLz98LVzSyC+1eVcMcMgW4bjc3dlcBj6V7oDtCHaIW6DuiXa
WcdBrNa2arNAGTKWe6C2Wa3N2WCM0Ffb74N7W9Cp6BgI/CT0k6iK4NIDMgIagv2k22f7CBzX
Ha/o5UCg3GlXwPVdyL7QChB4PbhWeBtwn3G95sgPjjBjjlkJ9KEI9QukjEx+49lBSKuUsiXh
VdC+1R8ZKWA2MWf5XZBZOaXqExfI7WZj/21Q40WMHgxWOxUiV4A5ynzbcxLkNNaqG+Cs7Dzp
qglGXlt9+y4wDth+ch0GdVH7zvYM1IciyabA18vzqm8smA38g3yVIC1X6u34U+B5nBmREg0Z
jT1T02qDui9MuRLkanVdrQPRXKxXAcBBWovtIAOtNtZqkJOscL8JjDO7+4aDNdA/0nSAfCyX
+VuDf4//K29XUGGyg7gK3or+yb6GYB/qPBM4AIxN2of274FHyk8e0DcbDY3u4D9u9jKngy/G
tybzI5ADrUTzGsgqfE51sP3iGOWKBf2Q/dOg8sAu5wnbfXBWdBcNrAfuBaEPIh5AwGvBRaJy
gaOXLcVRDGzjbU8cvcAb6Cti/QLGu1oLvSO4f3DfcbaFgEJBbcLiIaR2uD2yOwTEh7wanAK2
Ds4WjoNg/KRa+0uAvtJRwzb8rw7v/308f/7sn8W0QtMKTSv0V3v5P8+frWsWWWSRxf8WXnrG
2eNwjE7ZAZFBocWDIiD9rr+81Q7S4rxVEu9DynvJn/vWQmlb7hqFjsP1txOKZ4RBdL6wXTni
wcgrvklcDznzhc4PTIDEAypcWwCRfY3+0Q7w9RT70z8B2xnfQntrMG75vSE/QvzxlGuPm0GT
L0tElc8FHa72vDblKHi/FIatPni/9iSmzQLxBcniTUjOeBz+pCnoM9X1kLKgrUrNac2D7FVz
3AlOB625uCFzgb5cv+NYBWqo1cvfBkRpdc98A5yDHffsM0F8FXgkohsE/RIxJ8cKEE30ZvZs
oC5wjyOgdRce1oJrp+EMHgzpU5LmPCoD6XeTX3lyB4JP6HO0buDrbK3Q54EcIhP8PcHaKT+x
5oLDZuvvNiDQDFJho8B/ydcp9RXQrtjL66XB7sbrCgB9obXDXg1sywMTQ+6BY7wj0J4NZC/T
a0WDKmoMsI0HY6FxSy8Ncrz5ti8C0oelf5JSF1iu9smJkHY/eWByAqQWTQ959hAC9IB7AbvB
e8nTJXMaMErutM6B8diI5hfQ0/V0/Wvwve1r4fsR9IqaJruBdksrpxUEbYAWpTUDUVPYpB9k
R6qIaYBbS9IGArpcL18BY4p+2PYUtJHCJtzgt/xnM14BxwfuI4H3wRHkyBdwHvQSeg1jPYjS
QhOxoHUwmhn7gE76Cm0X2O5wXYsC9bZWQHwEqpT5yAwB0Y9bXAVbnCNDl6BlE2WzDQarhdU8
PRi0N+1z9CNge0sL06eA9YPvlK8AeE95NmScAb5X68wiQDyj/TPBe83TLKMdqB1i+r8/ReOk
WROsR+Yk7THQX8urksDxwP2J7RWIeBKUO/pzoBnwyV8d5ln8vawLWxe2LgxGMIIRf7UxWWSR
RRZZ/NPx0jPOAdLbP9skCJWB9nxXIGfl4EM5m0K9a/lWVSoOjTbVvlPlKIQPD7stMqHip4X3
5O4GapfRwPJB4O2AT8NvwP3CaTPSW0FygcwAWyuwKokRmQVA+1GscWZAtqWhxbI3gNyX9KDE
V6HJmeKbyw2Bt4P6nZvVCDxhqrOsBdY53+3MgWDMMhKdByFzfHqZlBBw9XIu0o5BYsKDIo/K
gGOu3WmPhxKDK8RVFOB42/havAJGabHRVgtUKxlLZ7DiRFP9C9Ck8YtzOWgbtdviKqhHVh7f
TbACfM6M7mD94mmY+hTM/Z52aXXBlyujVVpTUJaV3bYU3HMCZPhy8ObI6J9+DTKzZTxLtsD6
3HxFHQWtjdbIXhG8F62PMz8G47ZjhfEA3IVCbZGp4DgRcD9oEgTdCE+OvgWu9LDvoheCbbPj
mcsEM93UzD4gh1knrUUgpLwtPwUmWOWs6uDzedZ6RoJ9gKOOrS4YZ4zNthQIGhu+KbI/5Kyb
21XiIwgaGnAz+gOQX5ujMhuD9Yr1o38eeAf5wrwXwKf7jnpbgbXRXGgeBOlXyqwI/hFmd/9E
MAPlHguwelBXPQAr01zkmwnykXXKtwr0dG27+Aq0c/p2W1swCtiTAldCUHhEjWxPIExGvpM7
G9hbOmcGFQOxwPmV+33Qc9hzOpKBk9bn4l2wd+UV+0hQeUS8/gOoibj1IqDfMQ7YDoAqr/aJ
a6AdsgqbT0GV8Q/1G0B1q6H1C+jrtXJaBJCsv+csCPoU+0WHDs617oMBYyGqT7ZZ2WuAc4Dr
05CcENg75Kfo6hCyKuRMdBRo8UYz91UQ5/QCtm/Afs5xJKA9yNXGKFdBsJV0fu9+7Y8P2N+a
Gfxb27/s/GXnLzu/eHXy5/s+3/f5vhevmH3+nNlZpWaVmlXqRf2dO3fu3LkT2rVr165duxev
3G3WrFmzZs1gyfkl55ecf3l/Zh+efXj2YWiyqcmmJpugW8luJbuVhIfZHmZ7mO2/1pvybMqz
Kc+gxbYW21psgzll55SdU/bF/qSkpKSkpBev8H3ebssJLSe0nPDC7+flxsSMiRkT86J+31N9
T/U99fvbiY2NjY2NffGK3latWrVq1eqFrn+rn1ZcXnF5xWXolNoptVPqP67/n6VrWlpaWloa
DBkyZMiQIS/G0/NXFD/X4e/1L4ssssjiX42XTpxD8of85M4PaXFpv8auAN+Z9KvxHcA8Cf6v
Yczgt9LXVIE+7ZttG7gWorIFBWdmQOG+uRrmGA455hnvBh2B7E3dbezLICJvtq7WIXhs+cLs
l+H+62nX4ieBVthb8Xp/aKxXtr1ZB7p17qfNLgVa65BywQJEOf+nemkQHfUw/SKYl9Ro6xCo
YNnHdw/SB/gXeqZD0tuPn8aOgnxflDv06lMImB+VL+8YcKXaVhvR4CxkBNpCweqmNss5oLkI
sN4AfYIYIA6C905GI88z8Bbx7DIfgJojL+ABU3nDvetAOczX/DPA2ml+5rsIRh6xzuoP7LTX
dCWCcdUZHGgDF+7Xgl3A6/aj2h6wb3bVch2AwKjg1PDy4DoZsC10IjjGOqcHxoItRjUSBcG8
mnnTOxvEaKOqzQ/6TntDVy2wEegIDwf7d4HFwn4F8a6+0fYh+GbJlXprsLVyp4SUA/sv7n0R
w8FtDx6Q8xAE7g0qmq04BHYOqxhVFtwdw8ZGz4FcgwpOLP8hRKXlmlcwBsK3RI/MGwzhG6N/
zfstBL4ZFp+9NthKONIDQ0FLszUMmAVBDUN2R1eFsPkRNXKfB1ffwGXRBgTdDi+c5zuI7Jj7
o5JLIbJg3o5lfoBwkT280OcQmTt6VOG74GwXcCjbJBD1tUp6GbDV1w+IPqDNVm7rF7B2WDUy
ykPmvcwuSe+A/8PMHimzgRlmHU9XsCJ9b2bkBC23CpV1wapjrtXygMxDuG8+yDaqik0DXzVf
bise/Kt9c9N7gdXf58ucCFoxVVw2ADGfq3wDXBFSvQm+Mt6tvmZgbvbHmytB5ZU+OQu0AO1j
9TWYRb0/WN+DbidAnAJ3PptNxf7V4f2C+iPqj6g/4kWitXbE2hFrR0DHaR2ndZwGiwcsHrB4
AKxes3rN6jUv6q2+vvr66uvQp0KfCn0qwIb7G+5vuA9Lzy89v/Q8zD0x98TcEy9vX2TDyIaR
DWF7y+0tt7eEemvqram3Bqb9PO3naT//1/J169StU7cOLK66uOriqrBi5YqVK1a+2D9199Td
U3dD1P2o+1H3YeujrY+2PoKNDzY+2PgAco7LOS7nOPisw2cdPusAE3JNyDUh14v6CyouqLig
4u9vZ1rytORpyfDGnTfuvHEHNm7cuHHjRsizI8+OPDv+fj1WrVy1ctXKl9f/j9Z13rx58+bN
e5EIb3m05dGWR1B7Ve1VtVfBV7989ctXv/z9/mWRRRZZ/Kvx0ks1xOrwn+KXgLOGbXNYB8j4
PmmL7yE4HjHPFQDbJmwdOWM/yPWet1NHQZF72S/UnQb2dO8S3wi4Y1q/XpwEpS45P341J2R8
KnyJNeDnnCdqJxSAYtUjP8o/Arqv7N7xw/yQ41iR1ZUc4Ovv/8z/LZjdfZvNRaDd1p+qQ6Dl
I1pPAHONP6cnFMRwGWf5IXCFc234a1D4aqVvXy0BwTtzucPKQnrHuBneSRDRLHRXUDUwGsZ/
nTEAVCPvGq8X1B25mkqgXTCG60NAzMrc69kHme+k1k+YBz6//W33QbCVMR7zDXhk5peeNWA0
Mc7ZzoEer86q/CDHKK/VEMRWESk2gPnYbOD7BWx22zmHC6wPPGtSV4H5WXqSNRSEqd8z1oB9
sPPtwLkghulXbKVAT3VM15aCec1c7B0AVLcuWNOAeeqmVRBEjBZtLAHrmnqmjwWtsHbYGg3i
Fe6zB6zb5nZxFrRIexeVC9ihHdGngpxlFrSugXHVPsD+BQTksa2L/hLcbWRcVDpob9uC9PaA
3/dN5jnwz/Q9SX8POG5NUu+A7jN6iAGg5ojvtEpgm6yNFStA+dRc6zRY9ZUmKgAIU68GKpgH
WhcwG8uOlAKrjen2vg2O4vZHWmngotXDJsEqbHm8lcF50chpKLDet+91NgFtB0EScL5hayxm
g3VKnlcNwFRmlIwHWUbEW5GgTdTW2EaDXsko5goDXYorxnkwQrR6ZgqYJfxPfENBrOUDPQaM
inpe2wDwvuE9Z3UBT4LvqqWD1l5rYpsFli6LqU3AFOURF0DU1P3OL0Cctb0me0GAX29u/gBO
y95dT/z3IOn4V4c5lP2m7DdlvwGxUCwUC/+b7RvEBrEB/JX8lfyVgJOc5CQsrra42uJqcLrf
6X6n+8HapLVJa5Pg2olrJ66dANlUNpVNgV70otc/bl/zHM1zNP8Pj+9rE98mvk08fDvm2zHf
jgF+5Vd+fbH/eeJmi7RF2iLB38jfyN/ohd2HexzucbgHbMm+JfuW7KB9p32nffeifo9OPTr1
6ARN32r6VtO3ftuu39uOKq/Kq/IwIfeE3BNyA9e5znVo+GPDHxv+CJOZzOT/jw7t27Vv174d
aJe1y9plWHx88fHFx/9x/f9oXX9O+Tnl5xRYc2rNqTWngK50pSu0iWsT1yYOFs9ZPGfxHKAF
LWjxt/3LIosssvhX46UT55v2m219BuROCO5gvQnOKdqH8hs4svZh8dOH4UC7O532b4Yi58KX
5RwDJcYWvlRyEzztSfDjlXCm3rXjT7+B3K4cncx0wJUe6PHDK6WKvlN4AryZq+OywY0hzJYj
rEIKeDekT8r4Caw02zN1FLQO4qzxHqhP5QqrMWjFjfz0BquDJzXjOjDFeGw/BdpubVXAbrBO
e2Y8+Qb8X2R+4BgPkVdzBuXrDnlS83yTezyclHenx+8A7YjP0lqD7CL7yTQwGtgqOT4DsdOf
178Q9AjnBFszsDXXuosE4AO11ALEFkpo98EwbF86fwB9tquj+xmIumYXvwBtlBwmHSC+9ZgZ
r4G/gPe+ZxZIQ77pXwJ+h7ncY4CRonfRVoL5RMbIU2Cr6WobUAK08vpFoxeoUrKH6grmFWGo
oqCqW2X9C8FZxTFDiwTXBGcn5whQcUoXPQC7CpYDwTPAPytzP5hlPE1Fe9Dq26s7h4N2XFzV
14OxhjeZDPYzjjgVA2Izc2QUJLVOfT09N/DYeqqWg3HGiLfvAS2nvZl+A6z3PZMyz4HaKjd5
S0PGbHGbn0C31HEzN9i26buN4iDOqykyF+iPqWa1B+2GqmqVBj1Ef891GdwZxki9Loipxl1r
D6gmJOldIeSV4FKhCeDJY1bhAlhR1kZ5G+zZnOuM2aDmqSLWx+Bv61tAJnjj/cu8X4DL6Rhr
tADxq5DaDTB3+Tda/cA4qNcRG0Av6njb6QRxRxVSz0B00yqJpxCQpoprNyFsQsC+oBHg+d58
ZO0Bs4r0aB+CKmreUxVBv6BPlvPBiHDsc1SA4AO2Y/oosCtHuKgGwDt/ZgD7Zvtm+2b/7XL/
OWH+W9uf8/ySfNTOqJ1RO1/MSNaqVatWrVqwmc1s/hP80hZqC7WFoCqoCqrCf91vW2JbYlvy
2/Wf1zN2GjuNnf+N36fEKXEK5AP5QD4AutCFLi/fjpwr58q5oO/R9+h7/kO50+K0OP23/XZe
dl52/oeE8o/W/2V1jcsXly8uH9TdXnd73e1AJSpRCbBjxw5iqpgqpv79/mWRRRZZ/Kvx0omz
7/vkz21FIPMno0mKCfZPxNTQcuAcZrWwnkHw5wEL84+EZ0W1n60QuFDlzq1LaZCjQOTF0K8g
uHb0O4GN4OkSX9TlNKg1v3ilRu2gc7HX04Ykgj1ncKmCseBfm/kk4wZol3SXKAFGTvWd3hdU
L5XHrA1yO4+sX0G7wgxxGnzL/HsyY8E9Kzg28i7EDX0U8fgK2L6xtbGCwN7VHeecAJrP1tRV
A3Iuz1s911Zw/2x/dPlnSL3g6+gYCNY4tVCkgvupvbCjMqTuTy6R/A2Q6JnmqQq2oSFfuNLB
G+LNZRYERxtnqLspMEa8Tnbwzkyu9PQWOBo5vwvcC2K9yG18AsZXtm+cj0EM0b817oEDR5hz
FHBDbBNVQKy03rVyg/WFWc07HvQiWrgeC748vrpmPnAsNWoZjUD/zG53SFBvqM/1VUAx66nZ
DFIHJxnxj4BXrZ+8/cC716yhLoLzYeDp4BQw7ju+CGwDtgY2w9gARln9mv0SsFiuNUNBLFLr
fV+A8QsRtnbgOmBUkiXA0dx5UpwH9zX3fb086Ckqxl8A1BD7YV2Cr473R6sAZLqtgioInKPd
14OKQOZJf0eSwb+aL7T94D1pbjADwNFGL6J3Av2G/q3tdVDztYlqI7gyXXucLUDMVY3018As
r3L6G0LIPlcuWy4wmuhd7dFgrpQ9GQXilqimWaBm2jJFH/DfMZcSDravbV8ZaSBry+rqO9DG
u07ZDoK/s3+dpxzoLY2PdB3Ea2qpyguypVxuRYLIrj3TFWgF2GKUgIA8JCoLRFU+kq3APp9P
te/AF24uktfAe0F+buUExz3tuvoM3KPseexV/z1IXv/jAtZ23nbedh7i4+Pj4+PhRr8b/W70
A5axjGV//Ani7NmzZ8+ehY3nNp7beA4irkRcibgCR48ePXr06H8oWIEKVABOc5rTELM5ZnPM
ZsjVIleLXC3+9nG2PN7yeMtj6EQnOgHro9ZHrY+CCicrnKxw8vfbXWNZjWU1lsGyQcsGLRsE
A/QB+gD9xf4lS5csXbIUam2utbnWf5N5qj6qj+rz+9tJn58+P30+7AjaEbQjCNrQhjbArra7
2u5qC0xiEpP+fP3/LF1zjc81Ptd4mNx6cuvJraHkzJIzS86ER2MfjX00Fo6OPDry6EhgF7vY
9fvbzyKLLLL4Z+elE2f3teCCkTMhV4/g4vmLQ/lq0W8UaABhp0N+8gfBMXlzw910ODU6rt3l
o2D+GF3X/T2EW77RvhAoudb3jSsFGmxs+tHMn6F0WJG3a4SAZ5EY6+4PYpj41N4fVJyYbzYE
NPUDGaBeEZUYDqKTGqZ1Bz1Sm6aXAzNZtdLSwdXOMTOwMyTfeXIw6SHcPHUuz5EkKD64wqyq
T0GPMB44VoDaBeI65Nqap0nuFRAQ5lzqPAhajswBnhnAVOsnLQVssbYIx2ywpzp/cK0Dq6Rt
pN4HzCrEitMQYA/8JngcmNv9Mb5GYA0xB/qLgiu3OyZkNfiHmXFMB+1V45HeA/Sqtjh6gfau
/FLMAVFU265tAyvZOmfWAN8ub/XMW6Df064YW0GdUiHqRyDJaKcFg9ouJqo+4F/ri81oBlzU
ErRjYM30nvR1AlVJ3RR1Qej2qMCPwP3YPcQWDKzgMysvyEW+cdYi8J2XPusO+JtrAd7zYB02
n1iXQZ0za6qvQOakr7wHtjibNCywv01R0RrSRqZOSL8LVjkrhilge0//SbUCU3JZWhB4P2Ry
yBPwxPiHaAmgUjXLHAXRBUPnh1yBIJ/jba0o2DYYK7VSIKJEaa02+E/5Zph9QB9JNu0NEKv0
E5qC9Kq+1eYgsI3U7srVoA3WK+nTwCqtOskz4L/pm+AdClRmg14U/GN8h00TZA7/u97m4Jjg
mGG0BuGU9/gBtMe0VIvBWmd2MO+Co6j9UyME9HZipG0smK9Zc+RPoD4TX8neIO6qrpYB+ln9
irEA1H59rRYGnq3p2z2vgXVdC1btwPrVeCQugTHInqTvBOb8sQHbrUS3Et1KQK85veb0mgO1
P6j9Qe0P/rwTxPObvnr37t27d28IvRV6K/QWVJAVZAUJJQ6WOFjiIMyYP2P+jPkwhCEMAbpM
7zK9y3TY32J/i/1/R+J8+/Xbr99+HRo/aPyg8QMIzx+ePzw/fHrj0xuf3vj9do+OGB0xOgKm
fDTloykfQcurLa+2vPpif8nNJTeX3Pzi5r7nPPeny/Eux7schzkRcyLm/I520mqk1UirAR+t
/2j9R+vhu3bftfuuHTRo0KBBgwagV9Gr6FX+fP3/LF3HjRs3btw4mPjpxE8nfgqeDZ4Nng3g
WuFa4VoBH+T6INcHuX5/u1lkkUUW/yqIf5u5UKpq1apVq1b9/Q3Uyt/3o7y9odr3+c5W+gk+
/KXLnQFP4XyuG+9emANLS2zruLIfaFcChzsawOOtcQsePoXudSrXqL0d2qY0LzLhV/B+5+/k
nA3a+oDjjh1gWxxwJzAaxEA5UHnB8qjNacNA2yOGuyaDaiaWGVGgneZNczfwi3yk3wKS7PmM
u5DcLq7//UhI2Pnk1LMuYA01Oz/LB7lGFHr9lSBw/+BqELkd9B2OsXpvuFX+yHt702Cid2L5
OZ/C9fdiHz39HOxHHAWDz0Dowpzd8paCtIaJW2PfAu831kzVGGy2gHPBXUEEWbv8m4FJ0u3L
C2IWH2trQWukl7fNAXlcizeSwN0trGn2B2AdzKyZ0RtSxibmfXIUVJRVyL8DbOeNFUZesP3q
CA54CPJnamiXwDK9ccmnQC6wlXafA2OQtkEvAMomG6rFoB83vrG9A8zjQ3ESpEPllAfAWG5f
6ZKg/aiym9fAWyQjT0o58Cf7+nomgzFX3+vsAaK4XkIEgiinjZYPwNiupwYEg9HdvsVeCFSU
LOcfB2KGHCvvg2eU9yPPQpBPVFHLDeYt3xlfHQi86e7l+AUcBFwLAczzVl39GbiWu362OyB0
sDvC1hXEQn8OX22wr7Hd0D8E25v6G6I8OPPabmp1Qe+qpREGvrL+4qoPZMR51mWmgnFWOa1P
wMxrhXp18IX59/irgu2qcdLmAquTfIeGQAexkb2gPrCC+Ag4rQ3lGFBDBZnFIWBIoB6eAfKs
qGe8AnoF44ZDgaeH5+OM7CC3mzv85cC+2F5U94HoqB3QqoHpE2PFfJDbzLpaHyBEuv0zwX7P
UUafB5Fr3TGBMyHktfD3nKNh6IefnPzk0l8d5v/z9OjRo0ePHrB06dKlS5f+drnna2pPnjx5
8uQ/MAP6z8bzNcDly5UvV74chN4OvR16GxKmJkxNmPriaRK7puyasmvKn2fH/zZds8giiyz+
ao4dO3bs2LE/YMaZJyI07CxcrnSr3+nyMKPeqtufN4bMSuaFwMuQOsPmURpo+5NHPKkPb82I
eqPqQWj1Svkfx7SF5ItJT9J7gifkabvrByDXkRoB9buCr5/1g7kItPEqv5kMmhQL7T1BJGu1
xUAQ76sEtQDkq+JTYxEwldnmWnC4RR1bRfBO0m9kxkNyxxM/bz8N6YN2zj33HkR/NrbBuBhQ
MWV+iboJajrVtX0QfStv4fyrIU/psF1hdeBWk2ft0o6C1+bXPBNBFlSmiAbjsf2WywEZZ5Lr
JXQE21pXcZcJ+kP9sr4ErPY0F93A1spYb38M1nT5gV4dmG394H8I/j3psc8WgW+OZ6+vMrjO
Ot9y5QfxhMcOG8hzqqtsDCqMMXIl+L7xV/e8AmICpr4BxCbibJv5f+29Z5xUxdqvfa3QuXt6
ciRHyUGSIkkySE4ioCJZFBAUFVBAyaBiAJQgICCKSBAlZ5Scc47DwOTUuVd4P3jmHQ9unu3e
sI/PeU5fX+pXtWrVfa+1pnr+ffddtVDmBc8GbwHJeq/A8yAPE/P1VRA4FDyvhIM4QBwtHgfx
sPibfhPEAcZoowPC5jvPhCvAU9ozwSRgi3TNPAT8k7y1/f0gkOIf4u4KWqye6D4NnpXe1Jwf
wFLBOsHmAf9apZo6BNSL2mT1c7DOtl02jgapvTXe6ADjZcN4yQryx7KXJWBcK72nfwfc5jP1
HLh6BxqLb4PURghKQ8H9XaAMTjDsE3dzB4R2/qigBYzHDWcNqyFQ3P9d8AcItg58rE4H6V1N
VUaAdFQ6JSaCbab1fFhJkBeIbcT+4O/jO+7rCu5N3sW+z0HpLA6VJAjs9BRVLWDubvjW8CJI
H/gH+JtCsLL6kXcQqH4GeyuD+Kk8zrQcFFktIQwGl93l9HQA01njj+Z+oP4YmB0oAdZBlk7y
HtDChWXmyaD+qu4XV4J8wXpIOAGCT14tz/m7p/nfxz8TzP9T2efd593nhTOWM5YzFhhYcWDF
gRVhZb2V9VbWgxqxNWJrxD66nRAhQoQI8ffwyMLZssJUw/08hGX7n4sGkpff8wS/heht8UO1
iWA6p6VmnoYurphv6hyD9lvaHRnvg1u7fUPTNLBeTv/G8wtEFas8/8mioM3XlnIahBL6BL0/
qGH6/OwuINnFQ+EeYAMXhYugX9Nvi3MBp/pToCtIadaltmfhdpUbRw5UhbvDJn00YTWYev/2
U2ov0Er690m3QfzEl6S2AlkhIFeHO+K+DjuywDYneqrjSygvVvWV7gL7Z996PvUABBL9tfwv
QPAZf1HlAzD0NQ+P2A/C/pxlWS+BXi5gDKSA/ovxN8tWoJ9eUnoXlOXKOv1VUDYoke4LgF/M
FzIhsC57R6oTpL6GGQYLmDZafo6oAd5XfKe9y8ByydrWegjUMmp/7SyYqvOZ1BCkTdJy+Rfg
dfEqe0HbqL6vrgctTXUb9oNQmptqFZBeFN5TciGgBdK1MSB0124GP4LoNmGxtiTwXfR+6/0O
8sVca9ZGoKv6dGAk6Gn8KK0BS1PbeucdEMpKW8U+oOvKMt9S8Lfzr/cMBKmFoZGxDTgq27tb
ToNQWvPIfUHdp72klAKlBRXVOeA/77+adxf0D7X12ncgXzVMtHYA4Ybws+kFYCJnhQBYf7Fu
NgDKdW26OASoqTdjNvgi/fUD34J2Qtgn9AfDHuNNayPwt/B39Q0B7xbPMe9dyGrj6phTHUyT
DDbpMhguyWMMwyB7n6t1YDREbHd8aHWDY6N9v9gU1A5iD8O7kL3Dtdb7A5jcQngwEoKTNIvw
DuiHhQT5CsgbpbHSl2A6bOorz4LAD77+vmsgGoVIjkBgkeIPrgfFo0YpR8DeyPieHA3mK+Zh
TgdIp8Sv5GcBGIf6d0/z/76su73u9rrbf7cXj4/B8wfPHzwfRtceXXt0bWhkbWRtZIVKL1V6
qdJLMGnjpI2TNv7n/fifdl9DhAgR4r8Ljyycn+we3rjIAMi5IU4Ni4XwWbbWji3grGzqElwP
vSp1j3xzMFSuXKp/z89B2xSTH70Twp845zu4HWwZMWkVHGB6NnxB5D3wRwR/Cg4AqY12PtAW
xKn6dHkBiHM5bjoIan99jv4xCFWwBDqCsYvpXfN68MS41LQGcOrzT65+VALKLTjYNSMAthpP
7CyrQfjXhnphsWCtUWFImX2geIOCkg/WzKJNiq4F6zFbO5MLilijb0VnQnhj+4nwHeA64k7I
2wbuVq4fPckQnhvTJKEPGEuaZ1tXQaCJWkkNA/MY8xBrFOh7ha36p6A+F7gWsIHlgKGC4TlQ
XpLfspUH8xPW9GAsUEStF/gK/Jf8x701wNjD8Kz8MQQHBtsqTUHoLS2XW4DhPWmEmg6KxAbl
WxCn6S5hLxiqyfEWP+gJUiftKNBbb+vtBEKk0EmeAoZPTbOMr4FxguGcMQt8/Vz3sjdAqnzv
1ZSqIPY1tDGuA9luqGKKBZPdNMO4FeRR8npjDwiM9R31DAUxVTph/Bkkt/GeKRoMreS+YiTI
s7miXARDD/Ob0k2gs37EpIF/ojIoMB44pcVJPYCO4gX9NQgs9+0PLAbxM71u3mWIaRUeaZZB
vKk6GAyG6bLXtAcMG4xYB4F3QKBH0ArB1mrF4B2Q6yqjRBEM7YQ6+gyQthoTSADFrw4Qvwf9
Y+2HYDIIY8QkY3OIeCl6YExTCAzyT1VfBv14oKd6B1RR3CzVAvNS0xFTObDOM39uSQB9r75U
rA2mLYaF0lYw1BIqS6mgXlauBJIgeFzOpgwIt0y/WV4Cr9W/XykKVpPhJM9D7MaIJ4xDIKJF
eJ+IcqAGgwOU2sDuv3uK//emSFqRtCJpf7cXj4/Y92Lfi30PlrCEJf+oQ13q8m+kxP2r/E+7
ryFChAjx34VHFs5hyElxi8E32tkyPw2K3CxeN9gVOs978s7QXEiYVTqzVjR49gnjxdsglvUu
dZ8B55kyPapNBW6Icw1bISj543xfgWGXuNFUF4IV8sve3AtiGytJrUBP4UNpAAifcyjwDvCG
GC/fB98ij8d9G/YXX/rmN/PB+nLOh9ESJM5/x9BWh+z+F6afKQfol+rejQRtv/K++zOQDloW
mIuAs0rSsZI2MF8yVBS3gRzt6Gl5F8x9LU3tbjDctcx15ILb4+6duQZsVSOKxI8A4wvmqWFD
IafL/WM3agFva22EBmA+ZFtu/xW0suqOwEegiUwQSoBkoYqwHRSzupDrEHxTu6+WAz1WHayE
AXcprZcGzMLX0k2Q1+tbhWzQmuj7g1+A4BNGan6QZsu7LOlgWWo8Jr4Ivuc8oud7EEfQUNkK
4mp5iK0OqM+JQ6X5oGqBiZ7fIDA2aPe/AzGfFe1cui6YNknvGr8CSeZowA9SQ82rfA1K48AS
92qQhhjbqREQTPd/qG4E/zzvWL8R1Obih6ITwqo6sC4C/TzzWQ2eVM9LvlRQa2h1fSXBVt/0
o3QHwtMcr4WVAsWrveG/DfIgvYGhJkjHhQwhCNabpgX6V+B71r9c9EL657lb/b3A0si4VHsH
zJ1FO2fAZwmk+86BHqPvEvqAeZUhxvgWkCWeFUeBfl2tYnwfMg+n90qbCxSRTcYZoNQXOkhP
QniaI9r0PkT4bGWjdoM3GDD6DkLucU+CegvEqsJc7xKQnxS/C/sNvMO8x/wtwNTfMki+Bkp5
YYl4GrIOZARzdkP49rBI230wbxA3a34oebK4EG4C+1rHOkc8uOPc1X13AOjyd0/yECFChAgR
IsTj4ZGF890mrgHG9hCRmdBPbQ3+lPT3bz4P3udyDmWOh/zjQklvVzCtlupY+oJylc/0j0HK
11sxC5ikNghMBXGp2Ms4ElRd2Z9VE/Sh6o/61yB8YnorPB705zEoM4CJ2kXtBJimG8uZ18Kh
zgeXHs6GY6+e7JW5A/pkvDz3xTYQNvvZ7FomSF/Z76MRLcGtuIpkdoac/A0Vl78GDvMz955/
CUwXS26PXwc59bKbuIvAnfK5L1sSIG5F/I2YhZDeNq+Bbyp4uudbb+0Ezytuv7s22Ic4ejvv
gHWq6aZtNugZwc7uPqCGBXfp98EQbTI6ngTdJzjFuaCvJV6fA+rTStHAFTD0Nk6Qj4PBZR0a
OQz0EtpHYgpwTZunXAItEFzt3gHBYf5T3ssg/2yoJY4Gf5bvmmcI6BP9CYINApuoYPoRrK9Z
DzuLgr23rYz4NmhB735XFbCk2s9qG8A9U5HNHcA93dfTcw4MVeXPvRtAdwZjvXEgDZV6aE+C
3WEebm4PzJAyLRsh94Kwz18dHKK82DQJAqOCg3gffD5PD99VcA/N35O+C6J2RMVZfwRzU0Om
+D5kxuatc30FuWWz5+X7Ifxj5xv2KFBF4V2xEahriRFfAoMlb7vSA9QWgab518H0pPW2YTTk
1sh9X70DgS7BMf5awOdiF/aDfEJebngHlHP54/JGgDzLUMkwD/hYW6r3AuPT1u8t+8FfNRDl
SwTTW5QIdgHxxeBxzQlyS722fx6EDTCulDNAumrpbBwMQYNyzPA+aHWFNmo1MARsa8RtEFyi
9tUbgK+1kuCtBOYUY4o4BHw982NzfoMyq0sctUvwRHrlMcV+gLzo7A7iMdDvC6+Fef/u6R0i
RIgQIUKEeJw8snCufLVK82JnIHn82TOe1tD0x6e9vVdCwoe1zPWWASNMZa06aNWVLZwA4Tth
kbgR2CZkGeaAblAzAy+AMFUsK2aC/rbLkJUHhrF6S+sRYLb4tdgOAsddJfMrgjBBmKsWAa1V
cAAb4fblOxPkwdDE8EKLhmkQ3eGp0hVTwF3z/pSUV0AQcnbm7Yfwk0VOlkwAU37J5ysfhcwn
P+2+pBMkSGM7D7wOOZVd1uCLYPzaGh07A8pOLbW7VDjcbH0/Oq8K5M7KTbRPBs/RvGD6IrB8
47AVrwyWOmGjIgQwDOJ2XgsIW+noIsvg+sV72BMARwXb7bCKQE1hv1QE5N0R1SM+gcAdIcb4
BajblEX+KPBVztmdMRz06no/5UUgQbwiCSDtlCYKTUDcKkSLThDHmUXTUDBXtF23rwNnUaPF
kgbWNy1rzEUgkO960zUZ1HmBrd6vIOPJ/GNaPLjqBeZoW0A/IsWL1cFx1vmZuSrIu8X3tBtg
2CEV1bsCO6kTMIG7XP4CpQuorfWV+hXQVMFg3AZaD03VdoGphbxdTIeSxjKlEu+D3Fo/o42G
q91T9PyeIGEYLsdD4KzWVisHgUv62wyEiBecv4WHQ9aGnEae4pDhzT2anw2Ws+aJ2iJQLrk6
Kg1At2HUY0E+Zpwgfwp6FmmYQP1JnaVOBOM+02GTE7TZmqA0BENf02RjAiidVItWH4Jp2o/6
L2B90ZptugvBneoxYQpkHM5qlbEH7GPtbzkugvGoYajxfZCi5f7mi+AVPX3cdwBFdyifgrpJ
vy2sA1RPRXcyBMOlgHgPzFUDV3KXQWVLcVN0EKLuW5Y6kiFndOqgwFVwdoqxO7KBsX/3FA8R
IkSIECFCPC4efVeNMb76t69BjUslJ5UrCpVpFvN8RdAUa5TYEQJtM7tkNwTxG/MGUzSICu8r
yaDOFQYpNjDWNufYXwB1uVhfHw5qu9zvPWUgWEe/Z+8HlucSwvQNkN85b4O/CDi18Ivhs8Hb
NPBToB7UP9H43bJmSOicpEY0A7+SZ0jrAaqa2y2nGRgT3Tq5ILaMLW3+HAwfR4TFtgGu2yaG
V4DAydz7ueUhenLczPjnIXar/WO1DEjJsUMtUWA/GnZcWAfG6uHjYlPBdSm9yM3O4C3mbZew
Ecxmy+qIZSDa3a/6HBBe3rjLPB9s44UflUYgW9X0VBGEc8I5qTpob3qn578H6jfqdskC4mJt
itQa/PeEOWprUI5pNfSZoH8dWOWPAbmFpbXtVxBqaSUUD+gepb57O6hFvBukzSAmCJON24Ej
QmnfV6AX1bLcv4FQz7DDNgHUteqPgcHgVC0N5GJgPWe9busE1vOGpXoDsL4mTw+LBHV0cJi/
DQRPByapv4C9dtghYQlEOkxzDa9CXu/AAHEmBJ71Ng6sghIlYxebJFDilQXSZchd7y7lOwRF
omPfsoaD50XP1GBZyCqu9RW6g3rbn+btDcr3rryM61D0a+tAtRG41tt2h+2BdGPeomBX0JKV
qq5+4KhpEY3LwVDbUM6YCOwnhVGg/aTHCKUhqGhx+gkIvq9kigdAmC0cFM+C7bClvVwaYgY7
h1lkMGvmJHs6KOuCycIw0HWu+AF9iOrRvBDI8u3ylQBhv2GzkgL5o13RecNA8Oke7W3w19V+
URUQaqmNlQXgPR3oo34Gpa4nnDCNhfCxSfVLJkFQ93YVy4LxVVs/yzNgaxX5Y9iFv3t6hwgR
IkSIECEeJ+KjDiDd1BvlifD02ZZaZwW4YptnWAR5ztR+d9rD3kk/9V4ZAe6dd84krwHPyMzs
7LdAqZAfl/8CpNc+uf/ISlCf9nzpSoXcyjmvqID6lOWs8ztQjgR2KVZQ7qtXLXkgLJWvCxI4
t9gl43aIz4hrHfYa+Bu4y7rfA/GUY05sBuglXYe0NSBOyqyS+QuIKwwjrT6Q5oX1cx4B4Vnb
OVtl0HdJew1RIOQGPnZ1gNLm4hnFdkP4vchvtLrg2GZV/fngtDi7xjpBko255uHgmZ41PWUs
qHFSVdMk8B4ShtnehfPzkj/KHgt5w/2RWh0w/ezcm3Qd7CbbV5EdILtL/kgf4P/aPSt/L2S3
zkpPaQuetzy3c5eAejow1H0KzO+ZglJjsBY1tqUTmKqZrJYhoF7Wj4sTQbkYfMFdEbIv5ZZN
vg75LvcC1zDIuJuToA6GlI6Z3fMqQNTCsGjbNLCUM71n2Av6ae1J70UQTugvig5wzLdo5tcg
bKdjePgkMMSYn7QMAzFGqulYDzml8z4XV4Hr5VyrfyoopwIL3AfA39v7lv9d8L8Q+N4VCdYt
UramQNzHYc9Y5oHyo7pWDwfXNP+bningiVDba4fBphtf0SuBlsazkh3EsWqEGgmG8kIHcR5E
v+o0RGSD/KlpvbUjWFOsH1u3gfQMI+WRoC8UniYIpldEVR4GplKGV6V5IHSRkgiHQG7wuroI
Atf9K7QqoJUP4JfANFxOYD2YWovvGT4D41LpdbkUCK2E6cZr4L6W92qgBbizvM1c28CfQ0s9
AJLTuNFYFcT2ltKWFRB+M2yAfSeUOloqrWgp0PrIGc4NkDYpb5NvFsS/lNQzygOmM1p/sejf
Pb1DhAgRIkSIEI+TR444F3NbWzd6FRIbllRrGyHPlPl9aiJcrny81uG5kHE9Zrk4FH6euffc
2qehRK4pudhiaDCnZ3g3AdhtGG+wA03c+7IjILglZ336BjC5nlhWuRpkd0xNOrwHpLZ6fct5
MOw1vV19FgSaBDcpCjBAvaJPBfmkkGP4EoRqwkDpIijHUham3wKln/SzJRXMCVFlY+0gVIg/
lWgA4zfhqWHtQbiqVdPrgCHZVt/UArK/stW7MAUyPs+td2wzPPHrE9cj28H9A/l9A0PAUT/6
m2J5kFXm7vKrDcG3xdUr/1kwP2czh7tB+CqQ73kTcnv6y+k/gjYszeXeCGFfGjtpKkS+Fzsy
Zivo87QwrSKYJ7sa54+HqJXOOeF1QD+BQXwd3F8EbnrvQ/5RT7vAJ+A1eMv4aoGQKg00twXt
DgMFEcTaent1MLgF34p8IwjtqcYCSOgTNdcxAZxO06tCI3AP9y3UtoHwrthH2A2W7caO0nXw
lwq21ftDzonsvKyBECilXGQOeD9RElzfgX5He8M/E+yfGWcpnSF40e8PFgfvrMCnDIb4BuEj
Y07Azf4ZyzNfh+w+7nnakxD8Ri8ufgmWmaaxwSpgTzW+JpcFRqjblA+BUcbuUlXIX+mrxDjI
beSZ47ODcZkUJf0E8d+G1zBPBDFZ3Ck1AGWauavJBMYqgd2BtqAdFDbwBojDlGShFOjZSnV9
IpjcJpHi4G/nm+afAtIyYbKYAjm98oLurRCsqk7S60EwVlulfAeGDaajViv4zvjT3MfA+ZLz
cMQCUC4rAe0LUMbpmxRAXKvPNPwCxWLCT4lHofLVsoYSPcDygaGsbQRIveXN9pYQWSIyM0KB
48t/63upOVTn6e3s/7uneYgQIUKECBHicfDIEecnJzWd2+U1CHjVbspCkE4YTBYZGBX5lbwJ
cjp5VuTVgYxx8lR3WQgLT1qgV4Zgk4yPrqWD8Z2oClGjgVneY5nDIPq5uGKOGyDVNU8xDoeo
yjE1n7gA0aviny3dH5STyo/6cBCi2ajXBvEH/RyrQb8q+FgE2k7QM0D/TC0nhAHrbE0cm0C3
+Zdor4BhkMFi2ASSucT88MXARn2quA4Coueu51Mou71IfPRnkD9DT9Gd4JmcNSvjSyjmjNwu
VgbDJsfU6JZgrumIDL8O/onZzdIqgpCofWicBub5tq9srcB7xd9N+BnyxuodZAfkeIUY8wzw
fqGMF/qBtlXrJI0Hw3bzdpsXtDe0UWoauE+5b7p7gnRWzQzshMTnI2LsTiiWHHsl4j0wBrWF
fg2koHo0mA6O6ub5tm/AvNG41NABLLMNh6VdYL4nHzb0ghut07Izj0LApg9WvwZbN+tUR2nw
THC39oXD3VcykjKXQk5F99m8j8HznK9G9jTwzvZEp9cF5btgP1c+uG96m2rhIMVIJ7UFUKx+
zIroNDgXcePF9EhIbpYd5usP2b3dQ71zQZirK+p6cJqkhuJqiJ1rayh2BGGtsbFUGrIsrlpS
PgRWBH9U34WYqPDWlnVgW2g+YLAAQf1VbQOkn82S8hpC9szcd9w28NXyWr2fgW9bvj//O/Bs
crfK7QrS83zq+xBUgy9DPAV6tt5Jbg/ZZ10L/W0hc5yrmLctpF3LaZiTC9mjXWM9yyD7cG7L
nM5gPGP0MgeM5cTNwi4IW2l72vgJhC+0R9i2gCFoyGEGJO0rnhK9HRJuxfeKjwTnWlOE7R4U
vVzmQtmvIFjHM1wzwTXfcfPFxn/39A4RIkSIECFCPE4eOeLsOBEdnlgLtNf1pSSCqBsjDSch
/bWcH7OfA7d2x3LfBrVGVLhT/SZU/qba0iZjQDlumivfBamhdki3gFrbl+f+ETggdKUl8L26
3F0GtPv5v3jbgFg+sl3iXZCmBlcp10H7VVzFVqCU+BI6BD5VW/hfAdOowIDALVDbK8ekRaDn
mvLtI0DY4BkgTwLug7QdjKuTasdVBH5QkoOfQaBdRqO7RSFvgKNbWhaUb1nT+GQ9OHvk3IH5
fqjXoerXFV4Ee1d9Yexy+G2lb0PRvpBz+O6Qi2XAOyLvtdSVYGkf8UrkYZCGBN/0fwpakjJI
Gw/aOOPlmKqQ96ReX/0BlHf8jdytwHBd/U7bD+4XvIc8ZcHW1brQcRzC5gpNpUNg/cjQ0fAL
SDuYqx2AEocSZkUNAfdRv6AsAe+U/GU5LaDIlLhjMZHgquhzqrVBrCt/JFugSBv7F8VugWjQ
8angne657FoGrvve1Nwt4DvqXeb1gXmr6YTJCcwW9po+BvtF6/owG1gGy07hDbDMkaori8A0
wfiJ1QhXp9295poJ7vlajn8gWHYZ3jJdh5hNYRVNCyFlYurwe+EQM9/R1/o82FvaOjirw7ng
nYn3nwXTB6Zo+whwPGeYaS4PskFJdA8CrbuWJu6BZFPuKKUl6MnqusBN0KrxnLEb5DRRhwVT
QBN9XZVVoLVRLri3gGua/K2eAaJdqKH3hohgTK34dyA4SWlIFsgR4n31PDjSLJ+Ip0DP1Qfr
SWBcL+/SnoKw22YLRUDdE7zl7w3m7fY9ESbQvw9s0btA+M9xpewxEH2hzL7ya8GbremmfhCT
nlAqtgVEGBPXxqTAkYQ1Q36zwY2191+5EwZ0/Xsmdk5OTk5Ozp/f4FfwKuzw8PDw8PC/x7cQ
IUKECBHi/1YeWTjrl4UkfSGoNnfd/LGQpdyfeSUWSk5TbZbKUH5SNfmZ/pBUpNqmp58B7cfY
FknlQLwRuOFPBPGqHiYsANd7t9qeGgrW9Dhf1QqguzyD818HPvQMzK4D3Iv8NrEa6JfEJnom
6PWFe8gg7dPThO9Br02J4EnwfeSPcPeFYK3rK5O3grZA608vyOkv2/NeAMepO99fnAG+Tcd6
H6sGlief2FnyHJirVNfKHAT9vq9O2CR48s0in1m84B/RbOPta1CpQsX32kVBy0/rDfbVhtRT
05/8riucWuQZEe8FzyeZV+6eALmxJd3xJpimmo+F/wr+O/m/ZG8Cz+ScI9kfgcFvshvbglBc
mCf0Bs9hvYT8CVieNbrDK4BvhbqEvZDTSloitgR/VHAbfSBmo+M5mwAmk7mC7X3Ib+/K9dyF
YKR5sqk5OBdYn7aehLj6EZ3lNPA180/Vx4GLvPzcKyC9LNzUPwDpc3spwziwXTe3c34MvrH+
JpaBQGflk2A1EGMMuvEaZHfzbFN+gOCCgCBMAXbKI8XKcPbjm0lp6RC8Isdrn4LDaNpoKgt8
qtTNKA93O6WPFXuB/UnLNyYvkCameQXIMGX9bF4E4b+FT4sZDvHGiBTrKMiVc2rm3YeAO1BB
fwEyxuTecX0G/rXqCfUyRK8M+9XcFEyi6X39dbC9ERwkHoQMjaPyPpDjJTXiEsTsDTtuigNT
OXmxmgWBtoF64g7wPss2tTxIPY2CQQdps3bUUgP0Knrj4E+gbtC66bMhf6mniuoA6RXTbuNC
yOvh2ucbBY4T5k2G7yFxbeKx2O0gVBAPWJeC2k6tLl8E+5G4rfGXIDjOvdj9Nhz0H/AcM8HJ
Gjeb3dD/vonduHHjxo0bFwroAgqE9MmTJ0+ePPn3+RciRIgQ/1Nwudxuvx9mzly48Lff4PLl
mzezs/9z9sqVK1EiIgLeeqt///r1wW632UymP/rj9weDMG3a7t0XLsDly1lZPt9/0p/ISLMZ
3nmnceMKFcBuN5kMhsLjPp+maRrs2ZOZmZcHubmKoij/OX+cTlmWZWjUKCoqLAzMZlEUHzm/
opBH31Vjm3uDew348j2XchaDrXb4qrjhULRZ26J1K4E2lXP6YQiWU95SU0Gf51N9t4D+Yrje
DlRj8E23EcwREa9E1Qa5VtEFFSqBNNPeIKwJ6NtsURHjQNNUu/A26L2FH2gNwlzOC7GgVaQH
P4BpreBwzAS1gc0WsR4iNtepnlgHTh2528QXgON1Yr+4dAl6jJWybkXA/U0V9LsfQeLVkm8X
iwDbW6aXE14Bqaz58/CPQUJvF/gQmr/eLDCmEuif6dn0A+HdxCO8BV1qtYi/2BFuDl7T7vQK
yIl0H8ypAK73s5rcy4RwMa5c0ffBVNYWFbYYvL3zj2fvguBsbwvtEAjtxH3sAOE3w6eiHcRb
wUmWb0BxylWNH4Fnm7m/nADS9/7PvL3Bn6e+yArIX+DukPsRmE+pjrxnIXtYxp37PwHzzN9E
DARmB9sqG0AcJS9Up4H5e8sq03oQRtBZPgF6ftDpOw1hfUx3pHqgGSWHrTUo6WKGOQE80Z5x
SnVwd/YavPWBVdoQXz8Q2whHrFsgPDfylt0A7ifytuc4wHvf83XuRkgwxRii34HM3IzqV3pD
WNfwxSWqg3ORY2zc25B9198jcA4COTlvqmch4y1fVsosMG+1fG36BrJO5P/muw3eTr44fwko
kpUwJ/IMGPYbalk/B15Qu/hiIOKE8xlzE1AnBlrmDYTUWHeEuxtkasIKeRDoH5GmfQRaH0rT
DEzfGtzGJFAPCs/qRyD4i/aRNhf8E4Ofa7+C8qTymrcXSJW1z4RaoA+jrVcExxprCfkklKxU
zFVWg8gB0RejaoPho8BLWjpE/BzjitkJptviEtEJBw6uXX1sGfx6+qLr8seQlqAYtCv/uQ+G
h7F79+7du3fDqVOnTp06BTdu3Lhx40bh8ZIlS5YsWbKwX4HADhEiRIgQ/x7Tpn311Z49kJmZ
lxcMQtmypUtHR4MgCIIgPD47uq7rug5paRkZLleh3UmTRo5s0aKw36RJ27adPQter6YJAjz9
dLFikZG/+/M4r/t3b+DGjcxMl6vQ7rRpzz1Xo0Zhvx07MjJycsBqlSRJgurVnU67HR6vN6D/
r2DV3bter99faLdt29jYyMjHZ+eRhbOnvKt49lNgvGCcb54DUm7YpIh94HX52nuLgVBMuy2k
grpS3soEEJ4QW+ljQYonzLAR9G3q254XwNim+A+VzoHxiG274xqodfiZ60AsQ8SiYDDpfQJP
QfAZwc9G4KDeVMwF3Scc1u8A7airhoN4M7DHUAysFRq/Xvt1yD+bVWJLNuSUTd4V6Ax5zdnl
2Q3qjNJHilaD3zpcPrc3A1rsDTtZ/gXwhacdNR+F+x/ftmQqYKxnWJI1ErK7pyy+fwKyF94f
dCUFTvW/9XxyNFjfdzQJ+xU8z/F1+U7gG37zwLFNkD86e296Owi7FRUZuwmMDS3mQF0IuvzF
c18EaYDYSRgO9j7WyLC2wEyDxTgCjM/KyeJkcOaK87VzYChpvO04BHdv5E3S48Dfxf2d/wXI
OqUPMuSB0sCYE61DkblhpYwfQeaErMWekSDN55aeA3luzy+6Bfyl1YZ+M8gl5SVCOvgqaKW1
Z0FuJYblvgH3tJxz7j0gicaajkpgrG3wGxuDaYqhsuN5sB7nhm8f+O97v8xKBfUkM3QrmIaZ
t2lhoBxX39WqQpFn4yqXmw4RDSLjbGfA+7z7gjwX8lKyL3o7g7u3NiHQFRw17ecsx8HXNJis
lQVfH3UrnSHu9dgF0afBOtfazlIE7jruTcz2QHBIcKD3GHBU/zS4EnIMvrUBNwhfyi9ZG0Nw
sXabemD+3PKVcQUYD8jZ0nFQxmoRYhdQjMH7vmJgm2UYKawGyyLZIZcB+SdpZcQVyN0YOB3s
Cvapxs1iRyg/vGiDuFQoNrDY9GL3wfC9cFd6A+Iio4ZHXIPoiKhF0d3h0hu/lbj8A6xrv6n0
bick3/WXc+eC3EXcZn/zf02SrY/3w+G/onr16tWrVy+sz549e/bs2f+8X4gQIUKE+Pc4d+7K
lawsSEhISgoPh5s3793Ly/vP2bPbLRaDodDug5w5k5KSmwtlysTHh4fDgQO3b2dk/Of8iY+3
2czmQrsPkp4eCCgKlCpltxsMcOGC1+v9D74gLCJCkmQZ0tN/F9CPm0cWzimvXzVefwn81tQ7
WZOg+o1ua7tkQCDSXy74EugnZTPfgXRWO8FREFoKg4T5oCeKp3gb9Iv6OX8TEEuJ0fIXoP0i
3JGTgKtav2AzEF4QFgoeCE4RXhOngXhRuys2AuKEk4oOwgh9v3gEtDAcshX4Wvg6WBbUCp4X
lW+g7KjE16t+ArdUn3fvh5ARIR/I3wlJJu2qoxOkPKd+K38BWbXuv3xvN3zieOv6J0vhpinN
EHwfosaZpubNBv2g8rlrNGTGuhd6XwHvl/b1xWtAQq+iP5dIBOaGtXFuhvS70bnFDoHvQHrX
5DjwnTE+a94DjjDnW2G3QbjFl3oJMGeL84MShAcNunoV9HfVqy4XOLsZXxRLg3mXFB6Mhqtt
k1/MOQn+TlqetQGo+xkguUHvQi1tBMg/C930s5CamhsW2A22po4K5vYgD5GrWQaCr6Y30/se
ODPlvqoEYpCXhOtgLCd3t50Gc7g5whwLxnn2Ld4MEIrQmhsgbhOShSdALap9EPwBbMvkdOka
mF80lo6eCb6n/V1yq4HQgVbGw+DPCT6hzAH/dtcz+TkQbG5aa/WA2+iZlTsZ9PnCW8qHUNwX
8bJQE4xuIUqaCNlm73ztHsR2d+6w5IPzpCldOwE5JfIX5/cGj6p9oXuAeNINn4CWTV+ag/mi
rYo1BywvGZ42HAW1uX5E7QFqrLpN6AZqP/2IeAPktZIerAOm/uaGcgAi1js/dXQG33JfCfky
eD7y1/ZXBtsRg12aDMU3x511noc4Y7Hlxd8AvajwkSUI9oNiD+MpKPF+aUtSa3AHs296ZsDm
537ZsO8G3Omee+tGXbAU52NfPCif6gjRwDP/uQ+Hf0RB7vLixYsXL14Mffv27du3b+HxgvZQ
jnOIECFCPB4URdNUFXJzf0/ZePTxgkGfD3w+t/uPqXZ2e3h4fHyhnQK7DxIIBALBINy+nZPj
chW2p6aeOnXgQGE9Lq5ataeeenR/C+wU2P3z9aiqrkNGhqL8o+M7dmzZcvQo7Nt34MCNG9Cg
wVNPlSwJTZu2bFmr1r/uT4GdAruPm0fO+sgOqE0yJkJGkA557UH+TlCk6yD00HdpMUBJVnEM
hMnCKmELkK7vFQ6D8JGwTKgBgSJXw341gbIzOy9nN4g35GQ5CFqU0FN8A/SteIWyINwWvqA3
MEaopl0DOjNMqAS6SGW9OgjjhZZCMRCXE8MM8CvCO/o6KDqxzJeNL0LzpNozu7QG+zPm8gm1
4PLmDPl8WTCbLSed2bAv+eDTByrAzYsW8523IGC11vLuAHurcl+WOQXVqz/3XpscKN2ketl6
Q2B4mYG1u3eHBo6KeuyHEPceq/LmgnV+bPMiK0EOhP8c1Qm8e3OeTS0Nnj6elr73wNjUXiOs
E2iZuigfA28f72zvFDA+Kd8J5oMP3yeen+B8wo3X7n8HyZb07zJugS/bO8ZdGqR7RovxFzD7
ra/YugOnBJ/UH6RzBq9xLygDtQzDbsgb4K7qs4Jpsfk540IIt4TVsX4D0ZXCaoS1APNxMVI5
BAwJ+l19IeyO+SxPQ8LXkZ+EJ0PsDVvAXg+SPrL1ciwFoyC2sOdAYIsyOxAO+d/mPpOfBCmH
7n+ZPA1Uh/pycBbkhynhvhfh+tHMKScXgtxAuOWbDezSL+WeBs9vgWWB0nDvSOaNTCsYvpCi
AjvB/oS1pPQmpBgzirvmgWuK93ZgB/gr+ar7fgDv5/7NQRco91klzAepNJ/pMhhjjTvl8WCv
YI8xtQRbefP3tvdBrmnMFEUISi3RlQAANK9JREFUdtX3ipmQ+VFelnYHrsy5+XJ6ImRszC6R
eQWUHcoP3p8h5pvo563LIGFP8fqJ10H8Th5mag2+HYEq2gfgaBzfJq4b5E1wpQmvwJZ7m48c
iYbDv175+kJXSN+btyetM7jqZXW93w4Co7wz7v/4+CfsX6VgEeBfbX9UatWqVatWrX9edt/R
fUf3HX/ffXncdJnSZUqXKYXX97D7UtDvvwsrHSsdKx1//bkVlJdHXR51edTf7X0hUzKnZE7J
hK8GfjXwq4H/+vn5PfN75veEp4xPGZ8yFl7nndZ3Wt9p/Xdf3X/fv58Q/zuqqiiqCqqqqpr2
75d+v8/n8cCUKcOGNW0K69fPmzdoUGH55/N+t/sggYDfHwhAIBAMKkphuX//Rx+99VZh+eDx
Ry9/t/sgwaCmAWja7zL2wfLAgVOnMjPBbI6KSkoqrD+s/18tC+w+bh454izXLWONnQHmjIjv
Iz4FfQdPMg70pvTkVRB2anGBRFC/1W/rb4LQQXzTsBrEZ4UyUhKIB4VehuUg7bTHxi4F9R39
RxJA9PKkUgGE5jwrmUE/oI+jMeiNMPIyEIMgtAShu/CU/jrQQa+jnwY9g9VibxB/FjXLAVAO
ysWCn0JRraje6BaIq2Wky5CZKY65fAuuu1LTrv8EF9Ovn/HWgfLfN02p/xyc/finricGQvjg
4p0dKVAhpuzSypvh+WM9b7xcCaxbbcVMbWBXt51lvisGTffE3s4fB2EnjudqG+FspcDrpe9A
1ofaYWUy+BdmFEmZD8a+0syi5UAeZX8yIhr8Hwdm5X0IOf68lXmzwFMuOEvoAtkHfXf1LDAd
M3xiaAaGb4V1wYog9laOegQIhvvccjKYp1l+NrWB4IzAS34r5BzKeyH7HNiKWOZYxoFSX7NY
zoDrkq+I9CEYS8vFjSchYNTnaEdAOR8c7r0MtimGT23bwNsxf3VwGgS+9rfLugbuD5Sbl42Q
eiptf8ZKkH6Rm3IJDMuE6Zax4FvvE6VuoK+SYszhwCKxan4Q3IFAt6yTINZmpv1XyCufPyIv
Bs7ev/GeuwSUOpgwJlqF2DPW/Y4kSHk27an8/eDrQVZgPFhqM0ZeA+aycirZEL7CWcW8EIQV
wjzTMVD2ihelpSDvNayX3gM1PnhX/AVyI/Lfzs4EahEttQfrUOsxayWInRvWSW8Fam6gj2kV
GDqZuxufgCLTItaG74XIm8Wk+Pkgb7LUdVwDtZZvKKMh5usES9R5kFVb33AdDrzw66+XasDe
pKPtTj0P6Y3YEPwZtC+Ns6Nl8D1Nz7ufgNBJai5VAu79J6btwynIWd6zZ8+ePXv+fLwg565R
o0aNGjUqzHV+XES1iGoR1QJee+2111577c/HHZcdlx2X/8/ek7+T8T+N/2n8T2C32+12+9/t
TSH16tWrV68ejF86fun4pYXtE9tPbD+x/cOfY/yK+BXxK/5u7wtZ03JNyzUtoXjn4p2Ld4ZB
DGLQv3D+9u3bt2/fDsGqwarBqoXtW7ps6bKlC/SnP/3/7osM8d8eRSkQsgWS7d9j2rQ33mje
HEqXLlYsOvrPxx8cv8DugwQCXm8wCIGA1fpfLcILBH5PoVAUr9ftLmyXZYvFZgNdV1VFgWDQ
7c7P/73dagVRNBj+uBjxQbsPEgz+vjhQVQvzkP+ILFssDsef6w/r/1cpsPu4eWThnGW9m5j8
MsSPjNha9kMQPlET9CxgKK9hAfx6rnQBxHXis8LnQJBPpFjQvtBaaf1AalV0ZLnFIB6wDo3Z
C0KkOtS/F7T1+g35NDBaHMtiECz6en0E6Ck4MYNQEje1gFr6R4IB9CuU1G3APd2o/wh6S85p
/UHqLNeVEkGpr36h/ArSfcM06054Yndc6Ua9IDJX/yXsJEQHSx42b4fVpxdnbY6H0h0rnY50
Q43c6odMjSE57G7cucqQ2CDtmLYdot6wl7F3hrLVw1da3gChg9Yq8TlIWSCnXPoE7iXaNzif
Bb024eV+ANfSeyvOyZBnz/wl2Q8RM6IWJq0HfbZ1tsMHOVWDPbUaoI72OdJOgqGVPFz8DmLX
RhaPfh4MnUlRx0Pq/qxGdyqCs6azYuQzoBX1n5QOgjM6TA+fDfYdltvSDnD96vnVMxICrX1H
8veAcNnQ1RgHpOt9/PfBneO9450BlrGmF+R9oI5QJvnc4Lnjy3cXAV9esFWmF7RNxh3+3iCv
N7S1TwfPCM/TOc+AmGueI7UH62LzHk6C3Eh4Vz8NIvo421MQHxETU/UI5E9xt8m5CkXuRDWN
uw7S1+Ky9P6QuNkZHTYZsspnLvF+D3e/ziTnFyj9UsKT9k0QjBPyg7VBnGSeZZkEyhy68zHY
E5im+MC0TDylXwSDS+woV4PMXXnNM1ZATKI9wTAN4i9Gvxv7M5jfNn8jH4OU+pm9PBXg5vjU
lveGQ7kXyiwrcg4cm4q8E1MKDAuM3W0nwdsp/1rwZYhuEFsidi+ELYudE90Ybrx9ru1dPxx+
/UTGyepw/6JeTT8C6ij5s+hrwMxATMpBMM61zpRvgqmDpUTC849/wv4zCiLKBQJ64sSJEydO
LDw+fvz48ePHQ4kSJUqUKPH47RcIxHaJ7RLbJf6DDokkkgjaPG2eNg8W1V1Ud1FdWLdu3bp1
6yAjIyMjIwOio6Ojo6OhY8eOHTt2hH6H+h3qdwjEIeIQcUhhJK5AMP045scxP44pjMzdWnNr
za01cPTo0aNHjxaaLzgvPj4+Pj4eLMssyyzLwFXeVd5VHkZeHHlx5EVoHtk8snkkKFWVqkpV
mJE7I3dGLmwsurHoxqJQpkyZMmXKgLeTt5O3E7CGNaz58+UW5JgXTSuaVjQNmixpsqTJksfn
Rw2thlZDg9utbre63Qru/nT3p7s//fm6H6TktpLbSm6DkpSk5B/aJzKRif/Vc3yLt3ir0P9i
k4tNLjYZ6i6qu6juIsjqmtU1qyvsmLFjxo4Zf/35XFt1bdW1VTC99PTS00vD2bNnz549W2i2
/AvlXyj/Agw/N/zc8HPw+f7P93/+hxcLFYw3Im1E2oi0h+f2P8jGtI1pG9Og/CflPyn/CRiX
GJcYl/xBONfsX7N/TeA4xzn+6H9Hn/k/83/mh03pm9I3pYPL5XK5XFDzy5pf1vwSJk6YOGHi
BIi+HX07+nahPf9+/37/fugxo8eMHjMgb1berLxZMOzssLPDzkLr2NaxrWMf37x62HOd3n16
9+ndH//nxv/tKMrvAlNRHk2olSnzvwvmTp1Gjly9+p/bfZBAwO8viAT/MSJdpcrgwZMmFdYj
IytWrF0b4uN9vj/mQN+4kZ2dmQkGg8eTkwO1apUtW7QoXLx4586NG5CXZ7VGR4PR6HBERPzZ
7oMEg78L/od9rZBls9ls/nP79OnTpm3Y8PDrr1u3Vq0iRaBhw6ZN/7gY8UG7j5tHTtUw5Aec
wdsQUc20NGw0BEtQRXgd9IbCB8IzICwTVxo2AE8JPikTWCnsxgT0UT71TABteG6rtHFARe22
eBpox9vCMhCaigN0DyDTQv8cEMkiBjAIZiQglXxugd6GznoyCNWFaroD+I42yregC9qwgAR6
X2Yae4M0T3BKLUHtq5zznoSIEg5rhatQoWqp8W1ngu+2/IOhKZjFsu1s/aG34/lJ7VuAo5l3
dORACNy9Pzx3P7iEc4dSkyFsruF2+E4ovjQqGN8D9MHyAKkIOEcUXWnqD1EjbVXy7BA11r5I
Sgbz4Pid5beBcb9homUleBplOe5KoHbyXvC7IGxm2DPO5uBoHXu6yAWIqx19PTYV4uKjY2Mm
QZTP6YzRoUz/ohFlzkLkz7YzYXshep+jj6ESmHboIz2fgNTU91bWJiiREjVI3gPOnoayynSw
2aQvfBvBsIYKriSwfm0sbW4MvoFee7AEZH+bqaZ9Ad79nh1+DTBriY4VYIrXjlbRIPykqX+p
MLA2Mdy09AfuqnbzAnDsMe0tng/ZLdzB9BEQeF6fQVHIapLa062A4S39lbBm4Pnel5zfFEqn
xh4tPg9s78tpEXvB3cL/ue8oxC2PTLLeAPtu00LTDkgoH9kxIh6SGoUXtX4Bvpb5Z4N2cGyw
qOIYMLbSP1ZKQEaV+6/c7g+BnwKbUwdBbpJ3WUZXuPJ9WoVTveFi4p2I5KWQeyDvrKc4VDxW
8WyRRCjZtYxQ8jswHTC97FTAXcyzU/sBrMcclcObQzix70bnwr3rt77NKg1HnzyWfeo23CiV
v89zGHwNda/YH7zjvRtyXwPXF667aUlgyLLci14Gnmn6RvOXj2+iFmwfN2HChAkTJjy8X4Fw
fli/AiF98+bNmzdvPnycgvP/1W3rCgTMw37q31R0U9FNRWHZhWUXll0o/Im93O5yu8vthpm5
M3Nn5hbWC46vGLli5IqRj+9+pn6Y+mHqh9B1atepXadCzo6cHTk7YOaumbtm7irst/SZpc8s
fQbWxKyJWRMDLW60uNHiRuFP+2kfpn2Y9uHD7eTuzN2ZuxPyy+WXyy/37/uxbPmy5cuWF/rR
ckzLMS3HQLlZ5WaVm1UomP9Pk5ycnJycXCjcnxn+zPBnhv/r40zdOnXr1K1wfNDxQccHwaSN
kzZO2gjTu03vNr0bJMclxyXHFUbEJ0+aPGnyHwRAwoaEDQkb4N0W77Z4t8U/t3c/8X7i/UQ4
UftE7RO1CwVu84jmEc0j4EbzG81vNIerV69evXr14eP81ef3teFrw9cG+NbxreNbBzRxNHE0
ccCU4lOKTykOFy9evHjxInxa+dPKn1Z+uJ2OH3b8sOOH/8XfyWOaV4/ruf6/wr+bqpGXl5V1
715h+SAPHv+rqRrBoN/v9/8unH+PPP9enjnz5ZfjxhWWBe3ffz9mTL9+heXLL9erV7YsbN48
adKrr8Knnw4e3K0bbNkyefJrr0GdOnFxFsufxy+w+yCBwO+5xqr6+z4cD5aSZDKZzX8ubbak
pDJlHl6ePHn1qt//8HEL7D5uHlk4GxeaM4xPQEQ/54HIWNDe0CcpHhDyhTAhFUjDpDcGtutV
hGUgvC9+Ik0C4WP/zNxPQb2UVzcvDMQvhXnmvaAOEDL0VSDU0b9hNlBZHy1Egu6hJAIgIQDo
eWTgA2EOc4RGoK9AEuaCnqXO8EogdvVe8b4MvOzx+9YBJj7XUkCoIVQlC8QG0ptMh/vfZ9VI
vwfi7mtPXU2H8Zaeq4a/AVWPVWzY7ipUb1D3+bYdoW3WC827DgDDhIofJUXAz9/vbLtjNWzv
uDfr9CYwngrO0fKgUlNHREQjSHDoid53oXTAFJP7JFR4OvaysQOElYjvX1YAaa9ln6MX+Ddn
vZJ2BgIjXBfdfcGYLFuc5UBvYzJFnYG0DXmDtKpwt2ruTH8TyNzmKqt2gNTtmQc9IqQvyh7i
XgT3WmVsyfkWzMfN1SUXCLcDadoIkLszVR0O0dnWl4QqEPOd9UtzTXCck21qWbCeMb1uTIBA
rPIaDcE3XL2Rmwq5YnDPiShIezWn1rkzkLUj2OfSSHDV9n/jiQPpDjsMMnjaBcO8XwER0kDD
PfD08RtzKkH+9uD+5AWQPiDn2M1ZkPFBzjfee5Cx1mVMexcMz4Vfd/SHMMGRHb0FHB1N32CH
cEPYYWNFEF5UppsmQP6F/ETvM2A8IZ1RvMBTop2OoPYS7ba1oH1ubu4fAkIn28CcZMi9FCye
3g0uN7znvBYP6VHeM/cuQpHRpbuFz4Jih4u1K9MPBEVIsA4ET7H84sF0sMQ5hoS9Cs7VsXdi
q0D6Z8nOvH1wJu7IN6cEuPl87sHccFDrGUYaTgHdNL/QHVgtNBPqgPRcRGrReFA2yM4EAYQs
caTwF/6B/1UK9mMuEL4FEaMH92n+ZxSkZjyY61wwTsG4BXb+1fELBMzq1atXr17957LBhQYX
GlyA7dO3T98+vfC8cePGjRs3DhquaLii4QoYu2bsmrF/iOA+2P9RKdKhSIciHQojeAWRw6yp
WVOzphb229NrT689vQrrw5cNXzZ8GQw6OujooKMQcT3iesT1/7wfD6bUDDMPMw8zw2uLX1v8
2mIIeyvsrbC3Ht/9+as4n3U+63wWPvd/7v/cD+3utbvX7t9ITyq47gJmzpo5a+Ys2Ja9LXtb
NgwzDTMNM8Ey8zLzMjPEp8SnxKcU9jcuNi42Loa4NnFt4tr8c3ubp2yesvkPOcPNmjVr1qwZ
NH276dtN3y5s39J1S9ct/8VLjP7q89v3675f9/1aWC9IgWlypcmVJldg4YmFJxaegN69e/fu
3fvPdpImJk1Mmgg983vm98wvtJM3M29m3szCfo9rXj2u5/r/Cg+mavzVcseOJUtef72wfJAH
jz94/sNTNX7fx7kg4vxg5Lmw3z9u79jx6adr1ACHw2L5R5HgXr0aNKhW7c/jF9h9kMKI8+/1
B8uCiPO/Wj73XJMmlSo9fNz/VMT5kVM1in8e1bfYl2C4aT5qdYC2Us/WyoOQwA39NuhWvYew
GcREpimNgFHCPOt34H8qZ3bedQgc90rOw2A0GHpLvUHspl4OLgXW6uHyRmC52Ef3gfCJPpd8
0PfrF/gNhAFCd5aBGqW31xJB6qGVEq6Cf1D+W34BhBSvy3cXBF0uZ5oPUlvTOm0NCM/IotwK
9IXaEXUMGDb4vvfGQWPnk/5ONSDiuu1W6UTwRwSyfYPA3jNmRPFR4DAKjUo2hmhfCY/yM0R6
I98IfwL29NszYvuHsCr10oHMShA7w9tAvwClL4RPtnUAY4K42xcNRXqEi2ozWPuEVpk8OGYz
1C09GLTdWf3vrIPgh3nr0/cCb6l99D5gqR7WNOIAaAvldcLnEHg20EvbAp77eaPTcyAY5Q/L
7wj2GubW0lCIetmmmjeB/azhgLUceD/Rm+rhEF0vYrFhKkQOCk8Kz4W0rzN+8C4F21D5C/ca
MG2UM6V9kFYsS0jdAYnvRPWP7wnpO/zDY4ZD+iJ/wyuDwB5lbegYC/pE6V2zCulrPNqtdSAs
zouTT0DYcct3cUVB+tn6k2cD2Co62jnngdhT+THyMzD+Jt4xJoM2nRLun+FWw7uTMsqB/xVf
ums1FG0au9heCm7uTauqvwCeRGVV+kAokhPRWu4HwTnKl+ZD4GnlfTYYAdn3PQO1WRBV1v5t
kXPgfiU4mNJgizHNN46Bkl1it5U/AUVuF/241CEIfy1iZMISCLQNTpUag6d2oKLfCc5jEZ0j
48BxOaZSZBfIfip9i2sp3Dx9Ku78erjjyH4jdRBoM4xRzuHAPPUl4U3QerDefxbEiqam4SYQ
pmtHgpGgPe2vmH0ApPtB3R0LlHo8E/XB1Ir169evX7++MCL8V/djLshtfpCCcQrGfZjdf0aB
gCkxpsSYEmP+i45evPxhOyLhmHBMOAa0oAUtQDguHBf+8NO4NkAboA348zAPtquH1cPq4X/u
pzhYHCwO/kN9gbhAXPDnfvoAfYA+ALBixfoHPws4xjGOAd3oRre/fp/+VT+C1YLVgtUK69Jg
abA0GAS7YBfsII2Rxkhj/rm9x03YyrCVYStBHCOOEf+B/b/6fD5I+iDpgyTo+GXHLzt+CYef
O/zc4efgUL9D/Q71g41JG5M2JsGy6cumL5sOq1jFqn/H4ZrUpCZsnLlx5sY/CM6CL4wPUpCy
MbTm0JpD/0HKxl99fgUpFH/q979SX/4ZUh2pjlTnn9t5kH93Xv2z5xrif6cwVeMfC9nHaeeP
4z8sVSMY9Pn+uDjwYTzs+PLlhw5dvgzLlh05cuMGvP9+69bVqkG3brVqlSkDdeqUL1+ixO/n
Hzv2Z7t/tvO/R5wf5GGpGhMndu1avPjD/b9zJy8vPx88nn887n/biLP5qLuB3AwM1eglFQXQ
53IbuC5UFq6C6JdflW+DijBVXwuMEA7pR0B9zzdLugj+FlKtuE9BHCItQAHKameZD/pw4V1u
AOf1lXoU6Ol4iQT24OI86D30unwFhoHSQfk7MDQ3zjJWBemQIym2HiSv908yFoVLizPH6PMg
Z6a/mDAMpJ/EdrQHZaOyK7ATwookFC/3IzjtMSWKdgHfj4rPcx+Ez8SODAblTTXTtxSC9YNL
fCNBO+l7Q50HiX3jK9Y4DB3X1JGergQNP6tSMTIPwoeVrGuoB8oa4yD/R1DSErMzMhbKR5er
H3YCqutWZ05NeGK0UdJaQbgSE1Z8GUiENy3WGtQm/hs59cCdkHMkZRJwSavJNHCecP4aNQbi
xiX5S+RC0t2ir5UcBk6/rXJkaRCuG2bJFcC5P2Z+ZBAcJss00zeQujetY85VOLP9Yrm0DyF3
sy8ssBxsfe2tIrPB/pVNsnWAan1KbC2+GMr2jowvFg0GO+39i6BYfvShkr9AhSHh2Q3ehqKX
7I2LfgO2qxaLpQGUSSx5vkoriLSFvxx1HCInOU3xk0GeJkmR5cHbQz3mVUAZqdtz94BJNM80
94SItfbnCYfEj+I3hu0DVcRtrQ7Rb0T/4vgWnjxTrmziWXBG2D5yDgBpqhAltwKb05Js6QNW
j+1loxXEFqYO5sMQdzs8ocRXULZH8YxyMlQ4ULF+reZgTw77IelXyO3pnqrnQ84wn0m5D9a6
UTlRtcA0MerzqDzI1e/2z60Kt84ee+HECUg9kNXv+mFQI83VLKmgvyTFGM+Dpuir9LYglBS+
oAhwX93uawCKzb/OdR+Uyuoz7uugWHlW2f34JmqBgC1evHjxP36QFPzDf/DV2n+VgvMeFA4F
dv5TudBNv2/6fdPvC+sfbvpw04ebYF+FfRX2VYBJkyZN+mMuXvNmzZs1b1ZYL8jBTd2YujF1
I6xquqrpqqZwd/zd8XfHPz4/6w+rP6z+sML67Bdnvzj7RZgvzBfmC5DdLbtb9r8hmP9V6pyo
c6LOicL6Zwc+O/DZAZh7ZO6RuUf+z/nxV/lXn88btjdsb9gKc5xrHKlxpMYRGFJnSJ0hdcD6
hvUN6xt/jrAKC4QFwoLCXOGCFIOHccV5xXnFCdffvv729bcLx3/wl5GCiHDK+JTxKePh7Ddn
vzn7zb9/P+ovrb+0/h8WYX687+N9H++DnT129tjZA16Z+8rcV+bCyssrL698hMWzjzqvQvx7
FKZO/GsR52bNBg/+9tvC8kEePP7ncf6xUA8Gf98W7sFdLx7kYe27d1+5kppaeHzx4gMHrlx5
+PkFZYHdP/crWBz4j1MqZPn31IwHy717r19PSYHz591ur/fPZX7+7/s1PzxV47/p4kDbb1Hj
4xeC3lmqa7gE4nLG8x4oKYHdwZfB/4R3lacqmF5yYv8MjMWEsfoZODvnWm5mP3A2LtGrRDsw
jmWWNgJ8HwgdxPkg/MIvuh/0tzmuJYM4S+glHQahKhuF1aCfpTZlwfWqKy/nGqyetebsBgv4
v1DNkduh+ran2jfcBnoRw112gdRbTpPPghijbVNKgjZAPGF4GXiR2sIXEHwqcEM/C2JAasd2
YL3eg0wQVvKmOBWYK5ZQXwSKaENlKwR7kya+CeL3SW9XKwlVDovv29dDyddM809/ClmlI1Jz
RoN4Ie+o1wbix0nvPOGFyuMq7w1egKTVaWmu6XCqRJZfWQdn5oqX7W/DnQrmZiXugHYzb2fa
GPB3zWyeOhC0ovZFzq1gfzdsUZgCpl8szU1JIH5s/9p+BrSg0jXQHNK258QIA8BdzHtezQX3
LP15w04QY+VS6g1guLZIj4Y7r6adzvABm9RXDU4Ib+ksbjkDyvPSGf9+KL0trF/x50BONMyL
LAp5Z9xe72LQZwlb/e+AeYs2OHwn0E5ryiAwTZE7iV+D8RJtI9PA0N/WP+cieH/wSlkXIdOY
240vQR0fmJx8HsqWjo2rEATnRGlfwktgWxc+Cz8old2nXBLcH5WsusdC2suuVLcFzC+aVdNp
EJsLO9Uj4EgzT7X1Bmf5yAZh88A+3mEIXwnmD+yzLZXAn+8vJewG1/uuIQEBpHdMb5siIEqN
Wxy7BMzdzDsNYyB/8u2XUz+B9DU3B1w1QV6zXO1WGfBiNER8BupwxhlfA32aNkf9/e9viHoB
9Dv6Ib0yaKOI06sAkUKWug5EOzHGt4BnaK1X/1+TpNPjm7AFuccF+zPn5ubm5uYW1gvKh0WW
/9muGw/a+U/xovdF74teCOgBPaDDulHrRq0bBaMyRmWMyoCYWzG3Ym7B4GKDiw0uBr2DvYO9
//CBPNI20jbSBrPNs82zzfDd6O9GfzcaYm7H3I65DWmkkfYY/OxbtW/VvlXh/nP3n7v/HGyZ
vGXylslQbHex3cV2Q9TUqKlRUyFza+bWzP/gi24G6gP1gTrcG31v9L3RsCFlQ8qGFKgcWTmy
cmRhikKBUP27+VefT4GAnbly5sqZK2GUbZRtlA3UQ+oh9VDhYsxRxUcVH/WHL46d0zund06H
n3r+1POnnoWLBh+2iK1gUSXnOc95aPt+2/fbvv/nVJGCxXZf8AVfAFumbJmyZQpU/rbyt5W/
5V+mf//+/fv3B9ds12zXbNi8e/Puzbth462NtzbegjqBOoE6gcLFj/8ujzqvQvx7qOrvr5B+
mJD998f9r8crsPsgwWAgEAiAJP2+a8bDKNhV40EuXLh7948vVnmw/rDzC+z+2Z/fI78PS5yw
2ex2iwX8fkX5Y4/t2w8eTE4GTQsGU1P/fN4TT5QoYTZD9epPPvmPAjwFdh83wsGDBw8ePKjr
devWrVu37r8+gAd3o+xawGXDSXsPELL4QKsKWoPAl4FD4I/19PT6wWaMmBu5ENTL+pv+fnB+
2tao472hVFTdsTWug/WViOOGIaCeVzP1EsBR1aVvA7bpK9VXQOhjeNJQHq6XuJt8bjkU3xxb
u0w9UPopHfV42JOx13WkBrh+c1vUKKCt44eivaBUZml/kV+hwr2EdYZksHa3FmU/qBXUVuI9
kDoLEzgJSgV1s28PiAGhl3wUhFelyuKnoL+ldZL2AWvEj7Ug6M8iCIkg7tdF5R0I1HRVzOsM
xhRDe3UBqM+5p2a8DtpXGS9mfgeSO2pmeDfw3cnceN8B+tT06emvg7RL1lkJvlTpjjcNskpc
35mTDquv7Sl5vxUcH5H9s5QOgSW+CVmfQyDT0yp7KgjV5dGWyxD+RljdyE3geMu5wbwRTA7D
q/o9YLDaKyCDr5J7ve9b8GcHtgc/A2WZflEbAYG4wFVfOvgHuy05B8DssqyzDoXI7KjXw98E
3x3POF8P8BbzZLl+gcxqWTmpTUGdKWx03Qatk/CipSi4ugW2Z6dDWJ5jpVgVAmmebcIHkNvQ
k+vuA+XTEiYU/QzkC2K0pQrcjMi4efcoGOrJ2y0vQ/SacDWuE0TtMZ83lQFtjz5G6Q53h9wZ
4dsGms84hHXgmOSUrAKYX5JXWG9CbG7CBpsCkS2jikdngmGI+VrYOdDeV3Yb3gB3qquCkg++
THVDcCRYlPBz4cfAuSxiTvg9ECtpvxh2gCv6fs79buBfkT3oTip4/coXuVMhO+B+K3gA8rbp
Y8J7gF5GnGc+BsFJzJKeBf995T1eheDLwV7BdhA8oHzvPw3KrGBX3zlggXrPOx2kyvoSfx84
lrrvkw2nHv/ELRC2BbsHFAjofxen0+l0OmHEiBEjRoz4zwvnEP8aBb8MpLRLaZfSDtontE9o
n1CY2/zCnhf2vLCnsL6xw8YOGzv83V6HCPH/BlWqtGkzYwZUrVqrVoUK//44K1Z88EG7doX1
Xr3ef/+/2lXi9OmjRy9cgDNnNm4cPbqwPSamW7dp08BkKlYsIaGwPTn5o49eeqmwXqTIqFFL
lz68/UH+WT+///bte/cgPf2HH955p7B96NCjR2/cgMqVExOt1j+Pm5Z2/77BACdO3Lv3r3zx
CATy87OyoF27hg2dzj8fP3s2JcXjgTlzatUqWfKvj/swDh06dOjQoccQcdZU70++gWD41tjc
cgS09tpHeheQyxm/NdQAeYlJMSeBGqaP1H4AlnjXByaB4wvHftsuMH5p+crQF8TNUj3RBOIT
wkXhGdA68Lz6I0gxcobhNUjNy/48JR+uv359/qEtULx9fPf4ZpD5paeOZwi4XKZJpheg2Pdl
F1QqCoEinjfxwK1Z9190D4VET0R/+02wHrGXM2SDXlsbynDguN5SPw/iZGGBGABhidhV/hL0
ovqX2jTQBvKjLwuopK5TR4K0WDxhGQ36EXGI8R7InzvWRUWDFlA7Bp2gdzbMUL8HZYGlmqsl
yB0sd+LeA3N4VEPz50Cf2KQy/YGpjvaxU8FyTzLLMRC5uManviPw+uma7577Dn5btufCiZ9h
3Zz9ZdWv4d6rptPOEqAcyuuavg+yD2RWuf8e+PI8Gy2LIWJb+M3IhhB+2lnObgNLq6hblnzQ
6+tL1EGgb1B8gdUQqOqfYNoO7hGWBobTYDovx0lDIPNi9iLfD+B7RtkdfAfk88aJwWOQs8TX
L3sYWNub91gmgz3Kss52D0yHLR39rUFeY5igbQH3nbwwz2wILxY5O7wE5NcJGP1HIGdlfpec
viAclkaJm8D4pWGS4UW4PO5m42s5YHvVesjQEZxbwpsYAxA9ptjFIushakZYVERziLgd7nd0
BdMsk8upg6G8bbt9AgQNwZXSCHBPzP3Z/yTkr/NfDLYByWzNMYyHiGOxV+MksOywHnKYQHkp
76JvH2Rk37l9azhkrLlb9cJ6CCboTfPmgfax/rbwHuSX8FTTVoCrlyrn1YRgtlZEWwqB6up3
+ihQtumd9SdA3a/0VzdDoEbwjWAU6BO1rep00E+q/YP1QQ0Gm/nfe/SJ+jAKhG2B0C0Q0AUC
69atW7du3Xr4+QWpGAWLBAvGCb1R8L8nBdvO7Vqxa8WuFTCAAQwAmMlMZhZu1/ZG5huZb2T+
3d6GCPH/Fpr2e2Q4Pz8rKz8fTCar9R/tc/yvEgj845xhv9/j8fsL7T5IMPj7m/N0PS/P5QJR
/MeL/P7VFI6H9dM0r9fnA0X5x28G9Pt/9zM72+NRFHA6LRb5D+qzdOnoaK/39/2hw8LgwoXM
TEGA/zpeDk8/XbJkQsLvkWyPp7A9N9frVZRCu4+bRxbOylR3vv4zGBqErxDjQV0a2KjWAv+n
+lfBZWBsbGpGLMjt5MaGJPAeCn7tbwHieWGJNgcMy8zdDG/D/XH3b99cB8p25bfAD2BC+lrv
A46jtuERByH/qZyeeX6wv2K+FjkOTGXM6+2DITrCvtkcCa7VriJnNLiyMqVj7iJIqhg1KzoN
bDssL6gNIeXbtL2BslCsSUQR0ylQmwt+ioAyVikVPAzCFLGD2AQoygIhHITt3Je/B90merIn
gFCHmmI1IEpxqc+ActflznkKDE3tzYu0A7WKcE+9BLLLcT2+JhjO2sPjq4D2jHLElQ1qe9/B
/IpgbGBuEPMLqDsMq23PgPqF9qIugWaVXzQfBluNCscavgttylXo93Q/KD+5bPUN38D8Hj9+
fbgeXN5qlUufBF8ld4uMVeAdnH8tNw4CO9I23h0G7q/yNpsngnORIz86BsKSw1aaDoLtsvUl
83fgfCfsQ4cC0eeja6tpEDjrXeN+BgyKLSmvPAR3K/3FMqAk+TR9E8iflMov1gXy+uW+6dPA
1Mzwurk6SHfVNWGp4DF4agXmg32/ZaBQGhJ+iqwUcxrsGJ5JnAppM41tU16CsF32A7bJEL0v
bFXMbnB1LfqWtx8YPjVeYzc4UiKstgFguWZ2hX8Nxsay2T4UggFtu/QUBIoGTcRCTk76l77n
IPiNmsNW0H4zdjd3AsvXztGWd8BeLWJtZBuQivkP4obcxjePp28Ad8es+8l9QTmrLEj/CGzd
7Yu0r8C/RblimQ++coE9gZ5gFy0ltEMgrQ/O8xQF/wdKRb0M6A3liuSDclvrrzpBf8oUzweg
9NdN+tOgHdM2aSIIlwSDMQCKqKyUH+En179KgdAtENIPbiNXsI9rAQW5zNWrV69evfp/3r8Q
j4dqr1R7pdorsJSlLAUYxjCGPeqoIUKEeBw88UTp0pGRcOdOSkpGBsTHJyZGRz8+AV1AgWC+
f/93OwV2H6RSpeLFIyPh9OlbtzIzQRSdzrAwCA8fMuSrr/7c/2Ht/6yfrnu9Xi9oWm5uXh5U
rVq8eFTUn89zOo1GWf791dyBACQm/p5AER5usUgSZGWJoiRB8eJOZ14e1KuXlGSzgSQJgvhf
rMS7det3u/n5ui7LkJPj9aoqpKTk5gYChXYfN4+cqnGv0cV3bmyBqPVPTCs2CoLp3q5qSVAy
1bjgGDD1NbY2HAddVtx+G+SO3t3jUBjkfap/LVeDIpefrVa/PWR7c7z3GoJ/uTJCGQumbOMK
sTqcff1y4m8pkHtJfTX/RShbOmZ56R6QqEatqZQLp7tecB3Pg3Pv3Q1cuAQXz9w9LdWFqm9U
+rD1c1B3UuXMYmPhiWPRG4TWIJQydBGLgbhR36KvBH2a1kK9DXqq2F5IA7GnUNzQFIRUcY/e
BlJN2dcvDYL07r5Pb5SDyBGRHcNeBu0Tlzt7GkRYTK5K74NzjuPl8g3A31Gr6LkAvC/IogzC
LlLkl0H8UosMjgBllv6L1h5EXaxmeB1I0mO0VBC+1ufpp0FN1xsJiUAl9knRYPvSUlVuAquc
s/p9fBfWdThqvNEP9ETbzOiL4JnqaxpsAOp6T8nc30C/6J2ddw1EWTsVWArWd+U8aRaYd9m7
2/PBYXFYrJ9D2CjrC+bTYJ5pNhlkMIySx6jPgvYbKZoBAmXUjxQf6Ce10kov0OZpp4M9IWhS
nlY18Fb3vRYYC8L3crLQBqS5QrxYC6QZwnzhEmjztVaCACaP6T3jHtA2Ci21X8FUVaxvfAEM
+eafrU+CFsEa4RxoU4KNxVTwVfG10CqAa6+vWCAIwTHBrcEMUBtIC4U3QYo1HrEdB+NES4Qx
H2LKhtWzAEX8cUNsl+BO8P7rGb9AvpJTMf1LyK6TmnixG+Tmp3kDM0E9xqbgbyDHK+21EiCa
xO9NjYDVRrMcCfIH4jqpKOhv87b0NgQmqeV4B/SPydfHAwJNhJOgJwq/iiuB98Ut0legy9op
vTZobwo3xJ2gZ4jn5BnwU89fRv+w7fFP3BAhQoQI8d+DrKycHJcL+vZ9++1vvoHz569cSXsc
iyweQsWKZcvGxsLixdOnv/giREaGh//xzaTp6bm5Lhc899zYsQsWwMmTV678o32iHxfVq5ct
m5AAP/88efKAARAT43T+0Z/s7N9jx++/f+ZMcjKkpf0eef5PERtrtcoyfPBBlSpFikBExOMR
0I8tVUOe4PjOuBaCM3Pq5XtAfyn725xdIEx0p7itoI8tN690a1DLePp5loOr+OZzv70F4ebn
3+qYD8I+S6JwHBInG18qOgiyh3iq5tnhRMZx7cAssJQzGp0vgHefbY1+C6J3WEslNAbD28by
EfVgR9quiDt94d4o4ce73cATKa0L3oCtx3ad/+EC+LsG6PENlE5qur54A7C4TefpA+p+7TXR
C8Ip8a4wB8TRwh6pC2i5fBBIBHk+DcxnwFMnz581EC6vvtLneGlQDuszDV+BvsA0UvNDzKnI
qOSLUGl7kS/8JSAm2do0aRdgEYcavKCvENEaA1OEzWIYCNDa2BaED/QaakXQ19GbDcB2Yakw
GcQI4TbFQJtNVyUIQU0poh0EoVIgN18HcUNGs+uAPEGbq74Hcj9zD/sG0J4LLxl1CZRfw6pF
XgX15YDg+gECA/2b8zuDEhMcp9WC4IasGVkXIceVVV/uBKaGxg/Et8FsMe2wdAJTZcNIUxkQ
I0zzpA0g3ZBk+SBI9QzlrTvBuEduJnYCgzlsL0FA5lktBQQfk8QlIITpkr4BtOb6LcqBMlxP
1fqBWl6JYiHkt1TK8hL41+b088WBr29wmiJCUAyWVC6AepS9nAV5jSnZPA+MS60rbdPB2Nnc
yHoQ4sfYlxuXQs1u5WdHr4Ga39V6scosiP+sxOXS02DzO1s//aYUpL6eN+VmGajRqJa/Q3tY
vWnNvV+Ggb7Z+4qhFDT/rmrthulwJf5s54xycOzbY+XPV4Q7C7Mis8aBv40yVOkOlvGmZeaX
QT5meMUwALRKahH9HVBra4uUE6B/IwwSvwWxpd5LdIJ2Wb+rGUA7ru9TxwA9/3MfDiFChAgR
4u+nQLiuX//VV6+++nd7UyhcDx364os33vi7vSkUrp9//o8X8f3fxiMLZ8tXytRAWwguv5l3
bz0Q5W/lrQpafV+RwPNg3C20L7UGcLo/df8CbAlcDy4B08exUWHVwbCcGfJGyHzTszZDgOPr
j4/c9ykkzjZui38T3Mnmlu4ICE8TRjmSIG5TfMniL8OpU9cWpYkgng4bmjQf9IWZa1KcULRI
hZFVO0BKzev9rsyFC/Ov+q5lwJEtJTpFJsKz3SvNtr8MwVXBZf4pIG8zRVqeAfWwtt6XAsIp
YY6pKNBfLytEgOF9y2TTLogtWVErCyQfPuW9MgJK75Yi478H+yV3lKUDXEvdvHtVPNjnlkmr
3h6EdUIXqQTot1kvdwLDqKLby/YA+e2Y7JJPg75db8w8YKXQh2zQF+jn0UFIZgxHQaylxwil
wdBYT1TfB+EbbbHaA9xfu57MvA/yK8pubxkQu5p3OzaAHGvZHxkDxjzLhahLINa0zLH9BKZf
nJ4IAbRproFZceBDidPmQvA9/Z6WA9ohvbimg6uld633OIgvugP5l0GR1F36RaCl7uEMCKuE
M+IUMC7gCeE86DvFfvQD/RVhoeAGoTGLhUTQv+JncTXoU4QFhIE2UH9G2Qd6uPCuWBb0V4Wi
8l0Q1krb5VYgnTQcMxwE+WRYo/BbYJlhmWH7BcwO4xrzQYjPtHq0nVCzefE6FjtUb1unarX6
EL+7nFxTAmWhcM4cA8GT+mx2QuN3Gnq6TwBXEVewyTsQ+XLiq2W+gBhLrwXl9oB9gaNsWRmc
l8L7Fn8XKmbWmnF3AJTYWqPHueHwg2f5rQ23IfBufs45LyR3Sf0muxKofcQZkguMDrNmPQqG
JGmJ4SuQzdICsT7QE5fYDfRVaoJ2BrTBynH9MwDK0+TvnuYhQoQIESJEiMfBIwtnaYN8RDoN
usfR0PYTCJti0+LGgNCZC0ImUFkOyM3Av/xO/PUbIHePfiViHMjvxUbGfQvesOD9/BqQNzYv
+d4QqLG1Sr16CyBmYMTMBBscSD/fdMNYiIix9YqdAnpH+brhDTg3+HiNHbvAONvaofhiKD7b
tqhCDNTeVu7qUza40CiqTylAaKMu0p6GahnlvFEC+Me6n0l/F4Q3vU2zWoO2SlZtxUFcbh1o
84PexJBn/BGkS+aNYgykDD4hX60MKWdz373QEWzzEz4wZUFkanTTErOhwntV/K2Hgddcqfrd
AOjJWbXvFQH//HvdbvwIegn3uznVQJUiKjjWguGZyISYPOAJYYSzOnCWAco80NtwjrHAKZL5
HrTWwk98AP6PA531FuDPD2zABdog+a6hG/huBxd6lgEG32HPdhDycldl/gqmfFP2fRtYW9vH
hQeg2JZiSdEp0Cmmf8MWVeF++r3b2S/A7ZXXEu7mw+2BGUPdfSDzM0/J4HTIPxlYINQFT45+
TjkJQjs1Sh8NQaeKlgCeE2q61gt4Qpigrwc9RtjDPGAtH5AJYqw4XHwKxGjD+4YfQdggRRlW
gLzO0M7YCKRZcoY8GeRRBq/xPTCUEN+UlwMT6cYzYIhRrcF00GZkNL5fA54t3qZz6Zbw9DPt
6VQKfO+K7aJvgv+r4HhfDOiHxS/9LUCMky6L3UB63hxuWwjRY+SKlnzQx1HNvBiSihXd22wC
BE3KdGUrBDIDlwPHwfiebbe5FQTPq0PDO8DTr9ToWNUPCXPCM4q9AskHPdv0F2D7uS2f7HVD
ypzM1+/uAq/ZcFZeDxZB+dp0HEzfm2oZN4B4SNwnHgU50vCk/Pv2OaGYc4gQIUKECPE/hEfO
cQ4RIkSIECFChAgR4n8yBTnOj/zmwBAhQoQIESJEiBAh/l8gJJxDhAgRIkSIECFChPgLhIRz
iBAhQoQIESJEiBB/gZBwDhEiRIgQIUKECBHiLxASziFChAgRIkSIECFC/AX+/+3oClYLhggR
IkSIECFChAgR4s/8fyc84CB8RBMrAAAAAElFTkSuQmCC
--------------040909020905070700090106--

--------------090309060407020607070307--


From nobody Wed Aug 20 08:39:38 2014
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28B821A06DB; Wed, 20 Aug 2014 08:39:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pW0eK59qMkDh; Wed, 20 Aug 2014 08:39:32 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 087FF1A06C8; Wed, 20 Aug 2014 08:39:23 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 5.6.2.p5
Auto-Submitted: auto-generated
Precedence: bulk
Sender: <iesg-secretary@ietf.org>
Message-ID: <20140820153923.24604.90455.idtracker@ietfa.amsl.com>
Date: Wed, 20 Aug 2014 08:39:23 -0700
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/bT_s17iNXuJyG5czhU8E_QxpP3s
Cc: oauth@ietf.org
Subject: [OAUTH-WG] Last Call: <draft-ietf-oauth-json-web-token-25.txt> (JSON Web Token (JWT)) to Proposed Standard
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Reply-To: ietf@ietf.org
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Aug 2014 15:39:34 -0000

The IESG has received a request from the Web Authorization Protocol WG
(oauth) to consider the following document:
- 'JSON Web Token (JWT)'
  <draft-ietf-oauth-json-web-token-25.txt> as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2014-09-03. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


   JSON Web Token (JWT) is a compact URL-safe means of representing
   claims to be transferred between two parties.  The claims in a JWT
   are encoded as a JavaScript Object Notation (JSON) object that is
   used as the payload of a JSON Web Signature (JWS) structure or as the
   plaintext of a JSON Web Encryption (JWE) structure, enabling the
   claims to be digitally signed or MACed and/or encrypted.

   The suggested pronunciation of JWT is the same as the English word
   "jot".




The file can be obtained via
http://datatracker.ietf.org/doc/draft-ietf-oauth-json-web-token/

IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-ietf-oauth-json-web-token/ballot/


The following IPR Declarations may be related to this I-D:

   http://datatracker.ietf.org/ipr/1968/
   http://datatracker.ietf.org/ipr/1964/




From nobody Wed Aug 20 13:01:37 2014
Return-Path: <tsitkova@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A17A81A0702 for <oauth@ietfa.amsl.com>; Wed, 20 Aug 2014 13:01:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.969
X-Spam-Level: 
X-Spam-Status: No, score=-2.969 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qDEhCMOD0c06 for <oauth@ietfa.amsl.com>; Wed, 20 Aug 2014 13:01:30 -0700 (PDT)
Received: from dmz-mailsec-scanner-4.mit.edu (dmz-mailsec-scanner-4.mit.edu [18.9.25.15]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 004901A06EF for <oauth@ietf.org>; Wed, 20 Aug 2014 13:01:29 -0700 (PDT)
X-AuditID: 1209190f-f79aa6d000005b45-9d-53f4fe989f99
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-4.mit.edu (Symantec Messaging Gateway) with SMTP id 47.3B.23365.89EF4F35; Wed, 20 Aug 2014 16:01:28 -0400 (EDT)
Received: from outgoing-exchange-1.mit.edu (outgoing-exchange-1.mit.edu [18.9.28.15]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id s7KK1SoI013195 for <oauth@ietf.org>; Wed, 20 Aug 2014 16:01:28 -0400
Received: from W92EXEDGE6.EXCHANGE.MIT.EDU (w92exedge6.exchange.mit.edu [18.7.73.28]) by outgoing-exchange-1.mit.edu (8.13.8/8.12.4) with ESMTP id s7KK1OXf011234 for <oauth@ietf.org>; Wed, 20 Aug 2014 16:01:27 -0400
Received: from OC11EXHUB9.exchange.mit.edu (18.9.3.23) by W92EXEDGE6.EXCHANGE.MIT.EDU (18.7.73.28) with Microsoft SMTP Server (TLS) id 14.3.158.1; Wed, 20 Aug 2014 16:00:32 -0400
Received: from OC11EXPO25.exchange.mit.edu ([169.254.1.6]) by OC11EXHUB9.exchange.mit.edu ([18.9.3.23]) with mapi id 14.03.0158.001; Wed, 20 Aug 2014 16:01:26 -0400
From: Zhanna Tsitkov <tsitkova@mit.edu>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: Audit in OAuth 2.0
Thread-Index: AQHPvLGFNGZzWnqFhk2kyxhpI4Lssw==
Date: Wed, 20 Aug 2014 20:01:25 +0000
Message-ID: <59C16F23-53C5-4300-999C-8B3DAEE9FD6E@mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [18.111.24.82]
Content-Type: multipart/alternative; boundary="_000_59C16F2353C54300999C8B3DAEE9FD6Emitedu_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrKKsWRmVeSWpSXmKPExsUixCmqrDvj35dggz/vdC1Ovn3F5sDosWTJ T6YAxigum5TUnMyy1CJ9uwSujJNzzzEXLNWqmLm8tIHxrEoXIyeHhICJxP0ta1khbDGJC/fW s3UxcnEICcxmkvj07QmUc5VRovXDfkYI5zajxMqPtxlBWoQEtjFKvDrHDJFYwSjRM386E0iC TUBd4vHWRWBzRQRUJfYdvcIOYjMD2V+6PgE1cHAIC0hLzJwaD1GiILFr/hoWkLCIgJ7EhyvB IGEWoOr9T/tYQGxeASuJ85u+MYPYjECXfj+1hgliorjErSfzmSA+EJRYNHsPM8w3/3Y9ZIOw FSQ2LbwBdUGcxPePJ5ghZgpKnJz5hGUCo9gsJKNmISmbhaQMIm4g8f7cfGYIW1ti2cLXULa+ xMYvZxkhbHuJxkk3mJDVLGDkWMUom5JbpZubmJlTnJqsW5ycmJeXWqRropebWaKXmlK6iREc m5L8Oxi/HVQ6xCjAwajEw3tj0ZdgIdbEsuLK3EOMkhxMSqK8f38BhfiS8lMqMxKLM+KLSnNS iw8xSnAwK4nwuoLkeFMSK6tSi/JhUtIcLErivG+trYKFBNITS1KzU1MLUotgsjIcHEoSvHV/ gRoFi1LTUyvSMnNKENJMHJwgw3mAhv8DqeEtLkjMLc5Mh8ifYlSUEud1BkkIgCQySvPgemGp 8xWjONArwrzXQap4gGkXrvsV0GAmoMFbF38EGVySiJCSamAUm3ezb0sJr3tmi8E0rePmocou WxzevlSb8uPk/XVvDCw5m0VfZ3fOC3aPj01t5/rfv6xm/qG1yVs4b757O5H748UJjlHfmH8H 5iwRVnJXnum4u19BZILM0WxOvWjj93EX5ZqvlTC/qTz8kcmC7cTyG1tLanepfg6qaN53f+OC 4k7T3wdXPNirxFKckWioxVxUnAgAinTRzHgDAAA=
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/-_l6-2BvgLGDJnJtZUZiwGEPB5Y
Cc: Zhanna Tsitkov <tsitkova@mit.edu>
Subject: [OAUTH-WG] Audit in OAuth 2.0
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Aug 2014 20:01:36 -0000

--_000_59C16F2353C54300999C8B3DAEE9FD6Emitedu_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

Hello,
I would like to introduce a new feature to OAuth 2.0 - an  Audit.   The ult=
imate goal would be to have some simple, well defined way to track all exch=
anges under OAuth 2.0 umbrella, connect all end-to-end participants for the=
 audit purposes,  so that audit logs could be  processed dynamically for th=
e fast violation response, or analyzed for the forensic purposes off-line.
My suggestion is to have a new audit identifier (audit id). It should be un=
ique and stay unchanged  for a given exchange.  It should be recorded in al=
l audit logs.  It can be passed to and between different modules and compon=
ents of OAuth 2.0
Audit identifier can be either alpha-numeric string or JSON structure.  It =
can be signed for the integrity protection, or even encrypted if privacy is=
 an issue.
Audit id can be generated at AS as a random string, or composed following s=
ome rules. In addition, Clients and/or RSs can generate their own audit ide=
ntifiers for their own bookkeeping, and include them in their requests. In =
this case all relevant communications  should include both AS generated aud=
it identifier and Client=92s and/or RS=92s (respectively) audit identifiers=
.
Generally, the data of interest include policies, permissions, authorizatio=
n and authentication information, etc and could be used by government agenc=
ies, medical and banking institutions etc.
Please, see the relevant Common Criteria document http://www.commoncriteria=
portal.org/files/ccfiles/CCPART2V3.1R4.pdf  document.
Thanks,
Zhanna


--_000_59C16F2353C54300999C8B3DAEE9FD6Emitedu_
Content-Type: text/html; charset="Windows-1252"
Content-ID: <C0B4FD5997136B44B1BB84A77052DF15@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-1=
252">
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space;">
<font face=3D"Cambria"><span style=3D"font-size: 14px;">Hello,</span></font=
>
<div>
<div><font face=3D"Cambria"><span style=3D"font-size: 14px;">I would like t=
o introduce a new feature to OAuth 2.0 - an &nbsp;Audit. &nbsp; The ultimat=
e goal would be to have some simple, well defined way to track all exchange=
s under OAuth 2.0 umbrella, connect all end-to-end
 participants for the audit purposes, &nbsp;so that audit logs could be &nb=
sp;processed dynamically for the fast violation&nbsp;response, or analyzed =
for the forensic purposes off-line.</span></font></div>
<div><font face=3D"Cambria"><span style=3D"font-size: 14px;">My suggestion =
is to have a new audit identifier (audit id). It should be unique&nbsp;</sp=
an></font><span style=3D"font-family: Cambria; font-size: 14px;">and stay u=
nchanged &nbsp;</span><span style=3D"font-size: 14px; font-family: Cambria;=
">for
 a given exchange. &nbsp;It should be recorded in all audit logs. &nbsp;It =
can be passed to and between different modules and components of OAuth 2.0&=
nbsp;</span></div>
<div><span style=3D"font-family: Cambria; font-size: 14px;">Audit</span><sp=
an style=3D"font-size: 14px; font-family: Cambria;">&nbsp;identifier can be=
 either alpha-numeric string or JSON structure.
</span><span style=3D"font-family: Cambria; font-size: 14px;">&nbsp;It can =
be signed for the integrity protection, or even encrypted if privacy is an =
issue.&nbsp;</span></div>
<div><span style=3D"font-size: 14px; font-family: Cambria;">Audit id can be=
 generated at AS</span><font face=3D"Cambria"><span style=3D"font-size: 14p=
x;">&nbsp;as a random string, or composed following some rules. In addition=
, Clients and/or RSs can generate their own
 audit identifiers for their own bookkeeping, and include them in&nbsp;thei=
r requests. In this case all relevant communications
</span></font><span style=3D"font-family: Cambria; font-size: 14px;">&nbsp;=
should include both AS generated audit identifier and&nbsp;</span><font fac=
e=3D"Cambria"><span style=3D"font-size: 14px;">Client=92s and/or RS=92s (re=
spectively) audit identifiers. &nbsp;</span></font><span style=3D"font-fami=
ly: Cambria; font-size: 14px;">&nbsp;</span></div>
<div><span style=3D"font-family: Cambria; font-size: 14px;">Generally, the =
data of interest include policies, permissions,&nbsp;authorization and&nbsp=
;authentication information, etc and could be used by government agencies,&=
nbsp;medical and banking institutions etc. &nbsp;</span></div>
<div><span style=3D"font-family: Cambria; font-size: 14px;">Please, see the=
 relevant Common Criteria document&nbsp;</span><a href=3D"http://www.common=
criteriaportal.org/files/ccfiles/CCPART2V3.1R4.pdf" style=3D"font-family: C=
ambria; font-size: 14px;"><span style=3D"color: windowtext;">http://www.com=
moncriteriaportal.org/files/ccfiles/CCPART2V3.1R4.pdf</span></a><span style=
=3D"font-family: Cambria; font-size: 14px;">&nbsp;
 document.</span></div>
<div><span style=3D"font-family: Cambria; font-size: 14px;">Thanks,</span><=
/div>
<div><span style=3D"font-family: Cambria; font-size: 14px;">Zhanna</span></=
div>
<div><br>
</div>
</div>
</body>
</html>

--_000_59C16F2353C54300999C8B3DAEE9FD6Emitedu_--


From nobody Thu Aug 21 00:18:20 2014
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 927601A03F4 for <oauth@ietfa.amsl.com>; Thu, 21 Aug 2014 00:18:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.568
X-Spam-Level: 
X-Spam-Status: No, score=-2.568 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SMiHX99VyWBm for <oauth@ietfa.amsl.com>; Thu, 21 Aug 2014 00:18:15 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C1AC1A00D8 for <oauth@ietf.org>; Thu, 21 Aug 2014 00:18:15 -0700 (PDT)
Received: from [172.16.254.105] ([80.92.114.129]) by mail.gmx.com (mrgmx003) with ESMTPSA (Nemesis) id 0M92ZJ-1XCPTb3Kzl-00CPaX; Thu, 21 Aug 2014 09:18:11 +0200
Message-ID: <53F59D3D.4030009@gmx.net>
Date: Thu, 21 Aug 2014 09:18:21 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: Zhanna Tsitkov <tsitkova@mit.edu>, "oauth@ietf.org" <oauth@ietf.org>
References: <59C16F23-53C5-4300-999C-8B3DAEE9FD6E@mit.edu>
In-Reply-To: <59C16F23-53C5-4300-999C-8B3DAEE9FD6E@mit.edu>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="VLqS055QhBPg0VqGrE1aJSDORfqt1iCB2"
X-Provags-ID: V03:K0:JMKZo+0JlP71AcD2iUUUqZsZ3f4Fv7nuUF2+BNhcMfOdQfMIVw2 19pCjugAkCetGd+Zz5c0wvXibdGiZZbRML7t8pg0yhcixf8tGRb8o1Jp1DurC0pfLfRVMAL kLf88D1we2+aKq81ssqkJ9sJ15ziUrBD/DqAtpskPtKb9UKbKE75UShUo5QjkU4Gl+OtU2m 7K4mdZ2i2QtjZxTB3xBXw==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/VxWKHfe52SVaEir02pSw_Yp_DGA
Subject: Re: [OAUTH-WG] Audit in OAuth 2.0
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Aug 2014 07:18:17 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--VLqS055QhBPg0VqGrE1aJSDORfqt1iCB2
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

Hi Zhanna,

thanks for sharing your thoughts with the OAuth group.

I have been wondering where this audit identifier should go. Are you
talking about putting a new identifier into some protocol exchanges (and
which messages) or are we talking about an implementation issue?

Also, when you say you want to have a way to "track all OAuth exchanges"
I am curious who should be able to do this tracking. OAuth, as you know,
involves multiple independent parties. I am asking because of potential
privacy concerns.

Which part of the Common Criteria document do you believe is relevant to
this specific aspect? I noticed that there is an audit section in there
but it refers to a more general notion of audit that has little to do
with the actual protocol interaction.

Ciao
Hannes

On 08/20/2014 10:01 PM, Zhanna Tsitkov wrote:
> Hello,
> I would like to introduce a new feature to OAuth 2.0 - an  Audit.   The=

> ultimate goal would be to have some simple, well defined way to track
> all exchanges under OAuth 2.0 umbrella, connect all end-to-end
> participants for the audit purposes,  so that audit logs could be
>  processed dynamically for the fast violation response, or analyzed for=

> the forensic purposes off-line.
> My suggestion is to have a new audit identifier (audit id). It should b=
e
> unique and stay unchanged  for a given exchange.  It should be recorded=

> in all audit logs.  It can be passed to and between different modules
> and components of OAuth 2.0=20
> Audit identifier can be either alpha-numeric string or JSON structure.
>  It can be signed for the integrity protection, or even encrypted if
> privacy is an issue.=20
> Audit id can be generated at AS as a random string, or composed
> following some rules. In addition, Clients and/or RSs can generate thei=
r
> own audit identifiers for their own bookkeeping, and include them
> in their requests. In this case all relevant communications  should
> include both AS generated audit identifier and Client=92s and/or RS=92s=

> (respectively) audit identifiers.  =20
> Generally, the data of interest include policies,
> permissions, authorization and authentication information, etc and coul=
d
> be used by government agencies, medical and banking institutions etc.  =

> Please, see the relevant Common Criteria
> document http://www.commoncriteriaportal.org/files/ccfiles/CCPART2V3.1R=
4.pdf=20
> document.
> Thanks,
> Zhanna
>=20
>=20
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>=20


--VLqS055QhBPg0VqGrE1aJSDORfqt1iCB2
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQEcBAEBCgAGBQJT9Z09AAoJEGhJURNOOiAtUr4IAJtRFuY0o8nCBG1KBIh1IEcq
hs4jpt910vytXMnRdkHHsdRvs+inJKa9hZB4WYdU7+cFe9/Bzr/F9PKE6oTO7EpR
lbKjAWSydoZVuCbzZO3qSTZRYYu/+OOhOa3nYRDig8z0atxqTZ+/Gd9vrdyKfcuj
mrtaAEYIjY/TnspXllygKXksOYOnBPdTHKV1BRxvVaRwz/BSNGa0+VUUKAlrlpop
FaiN93B6ea5J+AZ/mV14ETyYIujkH1pwl7uQdg9GZNgDVCQx7ImaBYw4T1h9h9Vx
vtA0+W/Ra7vfcFgLGGN4kxAY2tn3bf/iVXeuCDztoKIWmLJePtparqSlKiS4XqA=
=QLu5
-----END PGP SIGNATURE-----

--VLqS055QhBPg0VqGrE1aJSDORfqt1iCB2--


From nobody Thu Aug 21 03:00:14 2014
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D0201A00FC for <oauth@ietfa.amsl.com>; Thu, 21 Aug 2014 03:00:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.568
X-Spam-Level: 
X-Spam-Status: No, score=-2.568 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 695Bz4_MhQ5Z for <oauth@ietfa.amsl.com>; Thu, 21 Aug 2014 03:00:04 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 62FFC1A00DB for <oauth@ietf.org>; Thu, 21 Aug 2014 03:00:03 -0700 (PDT)
Received: from [172.16.254.105] ([80.92.114.129]) by mail.gmx.com (mrgmx003) with ESMTPSA (Nemesis) id 0LgqQQ-1WXNI71bHC-00oFFP for <oauth@ietf.org>; Thu, 21 Aug 2014 12:00:01 +0200
Message-ID: <53F5C3D2.4090809@gmx.net>
Date: Thu, 21 Aug 2014 12:02:58 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: "oauth@ietf.org" <oauth@ietf.org>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="kHJ8xQx0TibkaTqWEFL78dpe1KlmtIrCg"
X-Provags-ID: V03:K0:BTIcbUfpnTkylcndfnOh45AkO4+VpSzG81YxgEO1WQnHM51hmX6 vu8rr3kH7FQ5nPmbZzcBJcAT/uztYcNhnbHLqabkjBDr3/0ZQcNCNvoRHKMhKGDLZZhDSe+ 8oJkfguh/zFFblCbiUYl2GeXmJOq0Yii6Ef1UPeSuViJNBH17T3WvDC9jGNn6i9itExFEaC 5lcc5SHWbYmHNHnE7giwg==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/6nbckmssuabnPJ0d9kkFGHPKmmM
Subject: [OAUTH-WG] IETF#90 Meeting Minutes
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Aug 2014 10:00:11 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--kHJ8xQx0TibkaTqWEFL78dpe1KlmtIrCg
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Sorry for distributing the meeting minutes so late.

Here they are:
http://www.ietf.org/proceedings/90/minutes/minutes-90-oauth

Ciao
Hannes


--kHJ8xQx0TibkaTqWEFL78dpe1KlmtIrCg
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQEcBAEBCgAGBQJT9cPSAAoJEGhJURNOOiAtuSkH/2ZmZO20OtUL4I1nogBK+zNo
WFj/LGHxaqBEbKxTSCS5YpwE5rxjX0vAOM9ICJQvkE2rcdFIY/chbY1jB4idblmQ
Y/hNdkfqf68OqURNgNx/muYtoLjtKm6bxJzEkWH+w/VhdLhUShJhJAOxz2PxTFoG
a8gIb0VUzeopUDWP/1iLzbXSOsV4pCwOdSo/MizZU/8+RSf/b0B+o2Mi2Jcb83Jz
BcYbj329ItkpVV3uHOXMp9Sak7E1ZRO8mB7ZFS64606D3Kkk+SQwgLlKT+G3p1WN
a3rkmla//9WOduTLlaRh0p6CYNTbY79kxLUaamF6FQkKoElSxTktc5t/4ij/zy0=
=Re2i
-----END PGP SIGNATURE-----

--kHJ8xQx0TibkaTqWEFL78dpe1KlmtIrCg--


From nobody Thu Aug 21 04:35:06 2014
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C38D31A01A8 for <oauth@ietfa.amsl.com>; Thu, 21 Aug 2014 04:35:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.568
X-Spam-Level: 
X-Spam-Status: No, score=-2.568 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0wBTLm2nzrXE for <oauth@ietfa.amsl.com>; Thu, 21 Aug 2014 04:35:01 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 10CB71A0196 for <oauth@ietf.org>; Thu, 21 Aug 2014 04:35:01 -0700 (PDT)
Received: from [172.16.254.105] ([80.92.114.129]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0MEFqW-1X9RDV1JnM-00FQXz; Thu, 21 Aug 2014 13:34:57 +0200
Message-ID: <53F5DA73.70702@gmx.net>
Date: Thu, 21 Aug 2014 13:39:31 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: "Richer, Justin P." <jricher@mitre.org>,  "oauth@ietf.org list" <oauth@ietf.org>
References: <20140805195420.4766.35603.idtracker@ietfa.amsl.com> <31DC7766-86B9-4F45-A8A2-4CE46E494F50@mitre.org>
In-Reply-To: <31DC7766-86B9-4F45-A8A2-4CE46E494F50@mitre.org>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="VuXpeHBpvt91RXigmHO5cGQDWDHsexXpB"
X-Provags-ID: V03:K0:O7aGnsdzkWnh1G9UZwieSiosjClDmbwR+jb0Y/ZfKd8wckhowsP qai92Sbb78W2eC4sCwB0+m6MfGj/xBppae6pC0kUNfs/K/Wx4xrs8IC2h3qIXf0pW1eR1Yp 1AE6G0sLBArxMGcRqWOX+RomX6/IxeJDCcx8hXXs2GZ9UXMpHn5MUV0g8Mof16mdjUSyx5w 6CIJrJLpqSgSNVL+T8e7A==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/sqdoAfRfr4TudfSVUezxAfQaJdI
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-dyn-reg-19.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Aug 2014 11:35:05 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--VuXpeHBpvt91RXigmHO5cGQDWDHsexXpB
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

Hi Justin,

thanks for the quick update.

I just double-checked this version of the document with the discussions
we had during the last two months and the necessary clarifications have
been made (as you indicated in your mail below).

I have updated the shepherd write-up, see
https://github.com/hannestschofenig/tschofenig-ids/blob/master/shepherd-w=
riteups/Writeup_OAuth_DynamicClientRegistration.txt

I will have to send a mail to the IETF IPR lawyer about the copyright
issue and I am also waiting for some links about implementations of the
dynamic client registration document.

Ciao
Hannes


On 08/05/2014 09:58 PM, Richer, Justin P. wrote:
> This update includes the editorial changes discussed in Toronto and on =
the list, mostly around description of a handful of metadata fields. We a=
dded the discussion about redirect URIs to the security considerations se=
ction, and removed the "application_type" metadata parameter. We also add=
ed informational references to OIDC dynamic registration and UMA to the i=
ntroduction of the spec.=20
>=20
> Thanks to all who contributed feedback.
>=20
>  -- Justin
>=20
> On Aug 5, 2014, at 3:54 PM, internet-drafts@ietf.org wrote:
>=20
>>
>> A New Internet-Draft is available from the on-line Internet-Drafts dir=
ectories.
>> This draft is a work item of the Web Authorization Protocol Working Gr=
oup of the IETF.
>>
>>        Title           : OAuth 2.0 Dynamic Client Registration Protoco=
l
>>        Authors         : Justin Richer
>>                          Michael B. Jones
>>                          John Bradley
>>                          Maciej Machulak
>>                          Phil Hunt
>> 	Filename        : draft-ietf-oauth-dyn-reg-19.txt
>> 	Pages           : 36
>> 	Date            : 2014-08-05
>>
>> Abstract:
>>   This specification defines mechanisms for dynamically registering
>>   OAuth 2.0 clients with authorization servers.  Registration requests=

>>   send a set of desired client metadata values to the authorization
>>   server and the resulting registration responses return a client
>>   identifier to use at the authorization server and the client metadat=
a
>>   values registered for the client.  The client can then use this
>>   registration information to communicate with the authorization serve=
r
>>   using the OAuth 2.0 protocol.  This specification also defines a set=

>>   of common client metadata fields and values for clients to use durin=
g
>>   registration.
>>
>>
>> The IETF datatracker status page for this draft is:
>> https://datatracker.ietf.org/doc/draft-ietf-oauth-dyn-reg/
>>
>> There's also a htmlized version available at:
>> http://tools.ietf.org/html/draft-ietf-oauth-dyn-reg-19
>>
>> A diff from the previous version is available at:
>> http://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-oauth-dyn-reg-19
>>
>>
>> Please note that it may take a couple of minutes from the time of subm=
ission
>> until the htmlized version and diff are available at tools.ietf.org.
>>
>> Internet-Drafts are also available by anonymous FTP at:
>> ftp://ftp.ietf.org/internet-drafts/
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>=20


--VuXpeHBpvt91RXigmHO5cGQDWDHsexXpB
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQEcBAEBCgAGBQJT9dpzAAoJEGhJURNOOiAtH0kIAIeJ1pfhQQ+0U5OeVvdP8xa8
mNBckkF7JiJi9mYEpuGPQ4pCnxGEVFS4BjlFhmHbP+1jO02YHvzIqbutwL/B0kHF
LcAd3QWcR9TwtVUIwGhm2Dr1bXyPoYEjrtyPIi6xcRPnmQ1Mvq6uoZDXWKB2eaVO
ihuPVVsZJkG6ertAv/vAAVYkgviz00BZtoelab1HtOmaJEPth6TnzB+/AFzNwJXC
gjPwHgVPL2vajW2u0psIw1Sd1+qFb32ZclPKLtfTSGrumUw/31BXiB6BKRKEoa9j
jEZnxEty0Z8Toyy0AwbjUiJWYl/a+NX9z3aTQaj2aTnq3HDFXMIfJACJ9F8Fhh8=
=m2+v
-----END PGP SIGNATURE-----

--VuXpeHBpvt91RXigmHO5cGQDWDHsexXpB--


From nobody Thu Aug 21 05:04:39 2014
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5287A1A6EF9 for <oauth@ietfa.amsl.com>; Thu, 21 Aug 2014 05:04:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.568
X-Spam-Level: 
X-Spam-Status: No, score=-2.568 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fBEWuIA1oXI7 for <oauth@ietfa.amsl.com>; Thu, 21 Aug 2014 05:04:36 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C098B1A6EF4 for <oauth@ietf.org>; Thu, 21 Aug 2014 05:04:35 -0700 (PDT)
Received: from [172.16.254.105] ([80.92.114.129]) by mail.gmx.com (mrgmx102) with ESMTPSA (Nemesis) id 0MLA45-1XKA7L1Su9-000IGc; Thu, 21 Aug 2014 14:04:15 +0200
Message-ID: <53F5E16A.60200@gmx.net>
Date: Thu, 21 Aug 2014 14:09:14 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: cntreras@gmail.com, sob@harvard.edu
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="CnIxhjQ8Uc9dwIff3LjMVklNWAC6q0QIN"
X-Provags-ID: V03:K0:twqWKIXMTbe/NFbs87EOEWvtbv0JXxRnnx31GK2sB0ryuCL/2sH LEhSCUbjDXodGF4dYpp/3EI17a3lRF7YsBhcaHdThxiCAlPB2XiJ6M0ch4uiIJvh1rLcBt0 FlzH6v4Go0xowyCSpDjqEn/4L7LrsAMB/ceYV/T0EVZxqNVe3xuPftBR5Ym3X1xExABkX2n vc5zsmmv01qMi/zrZhfKw==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/vVTpycM50gf2he38Xchdk0YE44k
Cc: Maciej Machulak <m.p.machulak@ncl.ac.uk>, Derek Atkins <derek@ihtfp.com>, "oauth@ietf.org" <oauth@ietf.org>
Subject: [OAUTH-WG] Copyright and IPR Question regarding IETF OAuth Dynamic Client Registration Specification
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Aug 2014 12:04:38 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--CnIxhjQ8Uc9dwIff3LjMVklNWAC6q0QIN
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hi Jorge, Hi Scott,

we need your advice in the OAuth working group.

We are about to finalize a specification called 'Dynamic Client
Registration' (http://tools.ietf.org/html/draft-ietf-oauth-dyn-reg-19)
and this document intentionally harmonizes work done in two other
organizations, namely in Kantara and in the OpenID Foundation. As part
of this harmonization text was copied from specifications developed by
these two organizations. When I did my shepherd write-up the question
about potential copyright and IPR issues surfaced.

Currently, we have put the following text into
draft-ietf-oauth-dyn-reg-19 to reference and acknowledge the work done
in UMA and in the OpenID Foundation concerning the history:

"
Multiple applications using OAuth 2.0 have previously developed
mechanisms for accomplishing such registrations. This specification
generalizes the registration mechanisms defined by the OpenID Connect
Dynamic Client Registration 1.0 [OpenID.Registration] specification and
used by the User Managed Access (UMA) Profile of OAuth 2.0
[I-D.hardjono-oauth-umacore] specification in a way that is compatible
with both, while being applicable to a wider set of OAuth 2.0 use cases.
"

The copyright situation with the UMA work might be easier since the UMA
working group decided to publish their material as an IETF draft -
[I-D.hardjono-oauth-umacore]. The OpenID Connect Registration draft (see
http://openid.net/specs/openid-connect-registration-1_0.html) provides
information about the copyright by saying:

"
The OpenID Foundation (OIDF) grants to any Contributor, developer,
implementer, or other interested party a non-exclusive, royalty free,
worldwide copyright license to reproduce, prepare derivative works from,
distribute, perform and display, this Implementers Draft or Final
Specification solely for the purposes of (i) developing specifications,
and (ii) implementing Implementers Drafts and Final Specifications based
on such documents, provided that attribution be made to the OIDF as the
source of the material, but that such attribution does not indicate an
endorsement by the OIDF.
"

I believe we are OK copying text from your specifications but the IPR
situation is unclear to me since the IPR rules of these two
organizations are different to those in the IETF. The IPR policies of
the two organizations are described here:
http://openid.net/intellectual-property/
http://kantarainitiative.org/confluence/download/attachments/2293776/Kant=
ara%20Initiative%20IPR%20Policies%20_V1.1_.pdf

I put the co-chairs of the Kantara UMA working group (see
http://kantarainitiative.org/confluence/display/uma/Home) and the
chairman of the OpenID Foundation (see
http://openid.net/foundation/leadership/) on CC to help with potential
questions. They are well aware of the IETF work on the dynamic client
registration specification.

Thanks for your help.

Ciao
Hannes & Derek


--CnIxhjQ8Uc9dwIff3LjMVklNWAC6q0QIN
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQEcBAEBCgAGBQJT9eFqAAoJEGhJURNOOiAtplYIAJuwB3CfVO0H2698aX3/GJiZ
kIDVGatlBToFfWGZ5THtX5BVrATjdsmRC8Ndp2CjMbs6gB1uE/FcAsRqiADgxkyJ
73DT1E2PTxLE2lIJIlk6UnAHSCoefBvhadll7LBMUh9EN79j6+QJmpbI10E3x7iF
/Khw+OBRlmDefAriY9gEceecd+YfeoQdEK0f8Bcwf/ki8tqxeJco0DzEcNaDDL/L
lmBy1oXCtzOE0AXWaioToOw/vROpZESj+w3ONtX39Mb9mLFsUfAtSUsM453HO6bq
ybK2vS0WOHKPcsietbE/K/UHut+xXmp+bT0QWMVFwdU6hAhbnsbPBw7GmHcBhA8=
=KKh3
-----END PGP SIGNATURE-----

--CnIxhjQ8Uc9dwIff3LjMVklNWAC6q0QIN--


From nobody Thu Aug 21 07:22:41 2014
Return-Path: <tsitkova@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00AD81A0334 for <oauth@ietfa.amsl.com>; Thu, 21 Aug 2014 07:22:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.869
X-Spam-Level: 
X-Spam-Status: No, score=-4.869 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QG2BUBvqObzc for <oauth@ietfa.amsl.com>; Thu, 21 Aug 2014 07:22:28 -0700 (PDT)
Received: from dmz-mailsec-scanner-6.mit.edu (dmz-mailsec-scanner-6.mit.edu [18.7.68.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 066DB1A02F1 for <oauth@ietf.org>; Thu, 21 Aug 2014 07:22:27 -0700 (PDT)
X-AuditID: 12074423-f799d6d00000337c-9a-53f600a2acfd
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-6.mit.edu (Symantec Messaging Gateway) with SMTP id F0.D9.13180.2A006F35; Thu, 21 Aug 2014 10:22:26 -0400 (EDT)
Received: from outgoing-exchange-1.mit.edu (outgoing-exchange-1.mit.edu [18.9.28.15]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id s7LEMPwV000710; Thu, 21 Aug 2014 10:22:26 -0400
Received: from OC11EXEDGE4.EXCHANGE.MIT.EDU (oc11exedge4.exchange.mit.edu [18.9.3.27]) by outgoing-exchange-1.mit.edu (8.13.8/8.12.4) with ESMTP id s7LEMH27018938; Thu, 21 Aug 2014 10:22:25 -0400
Received: from OC11EXHUB11.exchange.mit.edu (18.9.3.25) by OC11EXEDGE4.EXCHANGE.MIT.EDU (18.9.3.27) with Microsoft SMTP Server (TLS) id 14.3.158.1; Thu, 21 Aug 2014 10:21:31 -0400
Received: from OC11EXPO25.exchange.mit.edu ([169.254.1.6]) by OC11EXHUB11.exchange.mit.edu ([18.9.3.25]) with mapi id 14.03.0158.001; Thu, 21 Aug 2014 10:22:19 -0400
From: Zhanna Tsitkov <tsitkova@mit.edu>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Thread-Topic: [OAUTH-WG] Audit in OAuth 2.0
Thread-Index: AQHPvLGFNGZzWnqFhk2kyxhpI4Lss5va6deAgAB2coA=
Date: Thu, 21 Aug 2014 14:22:18 +0000
Message-ID: <15700083-71DA-4FAE-8EAC-DD29436573F6@mit.edu>
References: <59C16F23-53C5-4300-999C-8B3DAEE9FD6E@mit.edu> <53F59D3D.4030009@gmx.net>
In-Reply-To: <53F59D3D.4030009@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [18.111.24.82]
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <188F7065106C3645A6626AF27156185A@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrNKsWRmVeSWpSXmKPExsUixCmqrLuI4VuwwdslKhZLd95jtTj59hWb A5PH4k372TyWLPnJFMAUxWWTkpqTWZZapG+XwJUx+4FawT35iqYDd1kaGG9KdjFycEgImEhM 2cncxcgJZIpJXLi3nq2LkYtDSGA2k8S1eYdYQBJCAgcYJT7eroRIHGeUWNO0lQ0isZ1R4vJH QYjESkaJqx3bwUaxCahLPN66iBXEFhEwlLg+czqYzSzgIXG19Q4jiC0soCXx/PBiJogabYkX 885B1VtJdMx5DbaZRUBV4mPXCbB6XqD4xfaVTBCLwyW2NE0Cq+EE2rV7/lKwgxiBXvh+ag0T xC5xiVtP5jNBvCYosWj2Hrg3/+16yAZhK0hsWniDHaLeQOL9ufnMELa9xMLp26HmaEssW/ia GeIGQYmTM5+wTGCUmoVkxSwk7bOQtM9C0j4LSfsCRtZVjLIpuVW6uYmZOcWpybrFyYl5ealF umZ6uZkleqkppZsYQXHM7qK8g/HPQaVDjAIcjEo8vBFfvgYLsSaWFVfmHmKU5GBSEuW1/g8U 4kvKT6nMSCzOiC8qzUktPsQowcGsJMJ7H6ScNyWxsiq1KB8mJc3BoiTO+9baKlhIID2xJDU7 NbUgtQgmK8PBoSTByw5MV0KCRanpqRVpmTklCGkmDk6Q4TxAwx+ALOYtLkjMLc5Mh8ifYlSU Eud9/A8oIQCSyCjNg+uFpdlXjOJArwjzHgZp5wGmaLjuV0CDmYAGT58BNrgkESEl1cC4X638 /Or7D698FrkQwGzu8q56+tWchwfOPy0pbVEpeHZx5ftZa99YFF/Yf1dv27anK+QO7/NVM/yk cEeAm493cq3WA5OkmPm3HaaLcJ6vj1G98tFLd1/4jl9rnzTrnblaffHbRP6J5X1iai9M50ZU JT12+2udPNv2OcN89tSJTjq3tmRzb84SVmIpzkg01GIuKk4EABHGHoeOAwAA
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/MSKUFDBklNvYVgSwWMPuiOnqgF4
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Audit in OAuth 2.0
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Aug 2014 14:22:33 -0000

Hello Hannes,
Thank you for the message.  My reply is in-line.

On Aug 21, 2014, at 3:18 AM, Hannes Tschofenig <hannes.tschofenig@gmx.net> =
wrote:

> Hi Zhanna,
>=20
> thanks for sharing your thoughts with the OAuth group.
>=20
> I have been wondering where this audit identifier should go. Are you
> talking about putting a new identifier into some protocol exchanges (and
> which messages) or are we talking about an implementation issue?

Placing it on the protocol level worth consideration.  Initially it could b=
e sent as part of access token response. =20

>=20
> Also, when you say you want to have a way to "track all OAuth exchanges"
> I am curious who should be able to do this tracking. OAuth, as you know,
> involves multiple independent parties. I am asking because of potential
> privacy concerns.

It depends a lot from the deployment scenarios. Each participant may have t=
heir own audit logging and  processing strategy. There may be cases when AS=
/Client/RS are working in close cooperation and may get access to the very-=
specific information on each other=92s audit logs. Ultimately the judge, or=
 some other authority, may order all parties to release their (relevant) au=
dit  information. =20
The privacy concern should be addressed in several directions:
- how audit logs are protected from unauthorized access. For example, admin=
 can have read rights to the log file, but looking at it would be overstepp=
ing his authority, etc
- the private information can (must?) be protected. For example, one can en=
crypt parts of the log message, or similar.
Generally all security sensitive information should be stripped from the au=
dit logs.

Also, it would be useful to define the minimal, but required set of informa=
tion that should be logged by all parties for the audit purposes.

>=20
> Which part of the Common Criteria document do you believe is relevant to
> this specific aspect?

Classes FCO, FIA
=20
> I noticed that there is an audit section in there
> but it refers to a more general notion of audit that has little to do
> with the actual protocol interaction.
>=20
> Ciao
> Hannes
>=20
> On 08/20/2014 10:01 PM, Zhanna Tsitkov wrote:
>> Hello,
>> I would like to introduce a new feature to OAuth 2.0 - an  Audit.   The
>> ultimate goal would be to have some simple, well defined way to track
>> all exchanges under OAuth 2.0 umbrella, connect all end-to-end
>> participants for the audit purposes,  so that audit logs could be
>> processed dynamically for the fast violation response, or analyzed for
>> the forensic purposes off-line.
>> My suggestion is to have a new audit identifier (audit id). It should be
>> unique and stay unchanged  for a given exchange.  It should be recorded
>> in all audit logs.  It can be passed to and between different modules
>> and components of OAuth 2.0=20
>> Audit identifier can be either alpha-numeric string or JSON structure.
>> It can be signed for the integrity protection, or even encrypted if
>> privacy is an issue.=20
>> Audit id can be generated at AS as a random string, or composed
>> following some rules. In addition, Clients and/or RSs can generate their
>> own audit identifiers for their own bookkeeping, and include them
>> in their requests. In this case all relevant communications  should
>> include both AS generated audit identifier and Client=92s and/or RS=92s
>> (respectively) audit identifiers.  =20
>> Generally, the data of interest include policies,
>> permissions, authorization and authentication information, etc and could
>> be used by government agencies, medical and banking institutions etc. =20
>> Please, see the relevant Common Criteria
>> document http://www.commoncriteriaportal.org/files/ccfiles/CCPART2V3.1R4=
.pdf=20
>> document.
>> Thanks,
>> Zhanna
>>=20
>>=20
>>=20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>=20
>=20

Thanks,
Zhanna


From nobody Thu Aug 21 11:08:15 2014
Return-Path: <internet-drafts@ietf.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06BFF1A6F20; Thu, 21 Aug 2014 11:08:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HyMU0bd39n1V; Thu, 21 Aug 2014 11:08:11 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E16B1A08BE; Thu, 21 Aug 2014 11:08:09 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 5.6.2.p5
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20140821180809.5220.21704.idtracker@ietfa.amsl.com>
Date: Thu, 21 Aug 2014 11:08:09 -0700
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/AvV-fpues4qBum9G1VwhbY2dhjA
Cc: oauth@ietf.org
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-token-exchange-00.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Aug 2014 18:08:13 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
 This draft is a work item of the Web Authorization Protocol Working Group of the IETF.

        Title           : OAuth 2.0 Token Exchange
        Authors         : Michael B. Jones
                          Anthony Nadalin
                          Caleb Baker
	Filename        : draft-ietf-oauth-token-exchange-00.txt
	Pages           : 10
	Date            : 2014-08-21

Abstract:
   This specification defines how to request and obtain Security Tokens
   from OAuth Authorization Servers, including enabling one party to act
   on behalf of another or enabling one party to delegate authority to
   another.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-token-exchange/

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-oauth-token-exchange-00


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


From nobody Thu Aug 21 11:39:27 2014
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 507DE1A0316 for <oauth@ietfa.amsl.com>; Thu, 21 Aug 2014 11:39:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.568
X-Spam-Level: 
X-Spam-Status: No, score=-2.568 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PBoZe3PKI99Z for <oauth@ietfa.amsl.com>; Thu, 21 Aug 2014 11:39:24 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB3511A6FA8 for <oauth@ietf.org>; Thu, 21 Aug 2014 11:39:12 -0700 (PDT)
Received: from [172.16.254.100] ([80.92.114.249]) by mail.gmx.com (mrgmx102) with ESMTPSA (Nemesis) id 0Lfppu-1WZrr92aoU-00pJt4; Thu, 21 Aug 2014 20:38:57 +0200
Message-ID: <53F63F82.9070508@gmx.net>
Date: Thu, 21 Aug 2014 20:50:42 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: "oauth@ietf.org" <oauth@ietf.org>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="3okbeOiMqO6P6H51hFGAsbtoFfxemd6UX"
X-Provags-ID: V03:K0:yLLcxcfw+SA2nxEv3m7LIFix/qHKAm+HiOBqnWvF26yfUxQaeqh 3eKk2caez0vswi57j/RHCfbUtJB3a++mNLo5PXzYhg/edQKyf/1+fcA6mtQJT2e67N+FeWS oaY5qdxYCUDMFAb4FdXBMYmVtpbEA+P5aFBFqAd+jArWvMYs5mRZH1IoL/P1x8oQRY6a0GI Ld2ofVFqMuOgSQOOSqbWg==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/6GzptCFocJN93IJMX4d8vM-N6mY
Cc: sperreault@jive.com, draft-ietf-tram-turn-third-party-authz@tools.ietf.org, "Gonzalo.Camarillo@ericsson.com >> Gonzalo Camarillo" <Gonzalo.Camarillo@ericsson.com>
Subject: [OAUTH-WG] Review of draft-ietf-tram-turn-third-party-authz-01
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Aug 2014 18:39:26 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--3okbeOiMqO6P6H51hFGAsbtoFfxemd6UX
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hi all,

Simon asked us (Derek and myself) to do a quick review of this document
developed within another working group that happens to use OAuth.

* Background

TURN is a special tunnelling gateway (very much like an IPsec gateway
would be) but designed specifically to relay voice/video traffic. To
prevent attacks a TURN client (such as a VoIP phone) uses a shared
secret (username & password) with the TURN server (=3Dgateway).

So, if Alice calls Bob and uses a TURN server then her VoIP client uses
SIP or WebRTC (as a signaling protocol) to establish the necessary
communication so that voice packets can be exchanged between the two
VoIP clients with the help of the TURN server.

The main idea of this document is to re-use OAuth to authorize the use
of this TURN server.

* The Design

I would have used OAuth as is (or maybe selected a specific grant type)
to obtain an access token. Then, I would have defined how the access
token is carried in the TURN protocol. This is a bit similar what we
have already done with the OAuth SASL draft where we defined a new way
to convey the access token from the SASL client to the SASL server.

How did the authors solve that problem? They pretty much did what I just
explained. Since TURN does not use DTLS (or TLS) the proof-of-possession
security work we are doing becomes relevant (namely the symmetric
key-based part).

Putting discovery information in-band into the exchange is also find
(which is what we did in the SASL document).

Instead of using the JWT access token format the authors have defined a
new, binary encoding to keep the size smaller. The OAuth framework
allows other token formats to be used - so that's fine as well.
(As a minor remark, I would use AEAD ciphers here since that's what
everyone is doing noways.)

Two things surprised me:

a) The spec leaves the way to obtain the access token pretty much open.
A big benefit from using OAuth is that there is a protocol mechanism
defined for getting the access token. You could, for example, recommend
using authorization code flow. This concerns the text written in Section =
4.

b) You describe a key establishment scheme to be used between the
resource server and the authorization server. What assumption do you
make about the relationship between the authorization server and the
resource server? Are they supposed to have a business relationship or
some other relationship with each other?

Minor aspects:

 * Would the TURN server name really be an email alike address rather
than a URI?

 * Would you use Dynamic Client Registration to provision the client
with the necessary parameter? Is there the expectation that random
clients would work with random authorization servers?

 * Wouldn't you want to define a scope value for use with the TURN
service so that the authorization server is able to restrict the access
token for use with TURN only?

 * Crypto algorithm negotiation: would you expect the authorization
server to tell the client what crypto algorithms to use (since the
authorization server not only needs to share a key with the resource
server but also needs to have knowledge about the supported
cryptographic algorithms)?

 * In your TURN <-> OAuth terminology mapping you say that the resource
owner corresponds to the RTCWeb server. I don't think that's true. The
resource owner is the user but I believe you are trying to say that the
user grants authorization implicitly by making a WebRTC call.

Ciao
Hannes





--3okbeOiMqO6P6H51hFGAsbtoFfxemd6UX
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQEcBAEBCgAGBQJT9j+DAAoJEGhJURNOOiAtwtwH/REOZJ1DsH7E9XR4LTdT7k31
2larCGm5JUEEkgGLO+vfIaWNlVyNU0QvJrRgoBvQzTFyJRp2X4SlQQOHe8uaFf6m
ivrZmKHBB0814Vd2ZdqOwj+1YfcLesFYxMk7MV6fXM++AQzn+Vy37l3hQloN/it/
hbkgyYBgvSc7bEKu+bd+2cuZOXo0CqEITq2vpz17BEm16ViJ55/HIci+n8EDIQqZ
XqB4NVVa5AEv8p/EhfEuhU4bTjuHWBbO1ipkzrYbFMFEkCjCjyjgbmmUm31JpMav
b3ajvFSnQzU9i07+13MW1lZKmYD/d0Az3vE5+UKOwZXLDt3K91Wtd4QBUfuZK2o=
=ro8f
-----END PGP SIGNATURE-----

--3okbeOiMqO6P6H51hFGAsbtoFfxemd6UX--


From nobody Thu Aug 21 21:30:15 2014
Return-Path: <tireddy@cisco.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0BBE1A882B; Thu, 21 Aug 2014 21:30:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.169
X-Spam-Level: 
X-Spam-Status: No, score=-15.169 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cAXmXynCJLZS; Thu, 21 Aug 2014 21:30:05 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 695361A8825; Thu, 21 Aug 2014 21:30:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8022; q=dns/txt; s=iport; t=1408681806; x=1409891406; h=from:to:cc:subject:date:message-id: content-transfer-encoding:mime-version; bh=pqZFtz0lUG1crHecyN9rpSKqvuH9A44jFDO62uZvJXA=; b=T1i8GvAQQAZ8d4w8WqVJa2dHOTzolz0nsHE/Y1CSfmuckZXN8mFm6dgA q2xIfl2b+ZsVoHwWkpmqk3Rm+jiOKdf+53RhsD8kktldshH3rLUvc05AI B5LnoUQkM3kakecButD/9o+gp0LaVOGQs67es4JKUaAXgcYBYjcC8zUwj 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AiEFAJ7G9lOtJV2d/2dsb2JhbABZgw1TVwSCeMlkh04BGXYWd4QDAQEBAwEjBA0zCwcMBgEIEQQBAQMCBg4PAwIEMBQBCAkBBAENBQiIJgMJCA2ua5UTF4Esi3OBSxEBHxYbDRKCYTaBHQWFBAKMH4QpiFCTM4NebIEPOYEHAQEB
X-IronPort-AV: E=Sophos;i="5.04,377,1406592000"; d="scan'208";a="349441871"
Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by rcdn-iport-8.cisco.com with ESMTP; 22 Aug 2014 04:30:05 +0000
Received: from xhc-aln-x02.cisco.com (xhc-aln-x02.cisco.com [173.36.12.76]) by rcdn-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id s7M4U3EC023379 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 22 Aug 2014 04:30:03 GMT
Received: from xmb-rcd-x10.cisco.com ([169.254.15.68]) by xhc-aln-x02.cisco.com ([173.36.12.76]) with mapi id 14.03.0195.001; Thu, 21 Aug 2014 23:30:03 -0500
From: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: Review of draft-ietf-tram-turn-third-party-authz-01
Thread-Index: Ac+9wboQ5l8DJdE+SCio/9XibBSHZA==
Date: Fri, 22 Aug 2014 04:30:02 +0000
Message-ID: <913383AAA69FF945B8F946018B75898A2831989C@xmb-rcd-x10.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.65.36.87]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/aFMDRngtKTYARb97IDBcp0a8tWk
Cc: "sperreault@jive.com" <sperreault@jive.com>, "draft-ietf-tram-turn-third-party-authz@tools.ietf.org" <draft-ietf-tram-turn-third-party-authz@tools.ietf.org>, "Gonzalo.Camarillo@ericsson.com >> Gonzalo Camarillo" <Gonzalo.Camarillo@ericsson.com>, "tram@ietf.org" <tram@ietf.org>
Subject: Re: [OAUTH-WG] Review of draft-ietf-tram-turn-third-party-authz-01
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Aug 2014 04:30:08 -0000

SGkgSGFubmVzLA0KDQpUaGFua3MgZm9yIHRoZSByZXZpZXcuIFBsZWFzZSBzZWUgaW5saW5lDQoN
Cj4gLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCj4gRnJvbTogSGFubmVzIFRzY2hvZmVuaWcg
W21haWx0bzpoYW5uZXMudHNjaG9mZW5pZ0BnbXgubmV0XQ0KPiBTZW50OiBGcmlkYXksIEF1Z3Vz
dCAyMiwgMjAxNCAxMjoyMSBBTQ0KPiBUbzogb2F1dGhAaWV0Zi5vcmcNCj4gQ2M6IGRyYWZ0LWll
dGYtdHJhbS10dXJuLXRoaXJkLXBhcnR5LWF1dGh6QHRvb2xzLmlldGYub3JnOw0KPiBHb256YWxv
LkNhbWFyaWxsb0Blcmljc3Nvbi5jb20gPj4gR29uemFsbyBDYW1hcmlsbG87DQo+IHNwZXJyZWF1
bHRAaml2ZS5jb20NCj4gU3ViamVjdDogUmV2aWV3IG9mIGRyYWZ0LWlldGYtdHJhbS10dXJuLXRo
aXJkLXBhcnR5LWF1dGh6LTAxDQo+IA0KPiBIaSBhbGwsDQo+IA0KPiBTaW1vbiBhc2tlZCB1cyAo
RGVyZWsgYW5kIG15c2VsZikgdG8gZG8gYSBxdWljayByZXZpZXcgb2YgdGhpcyBkb2N1bWVudA0K
PiBkZXZlbG9wZWQgd2l0aGluIGFub3RoZXIgd29ya2luZyBncm91cCB0aGF0IGhhcHBlbnMgdG8g
dXNlIE9BdXRoLg0KPiANCj4gKiBCYWNrZ3JvdW5kDQo+IA0KPiBUVVJOIGlzIGEgc3BlY2lhbCB0
dW5uZWxsaW5nIGdhdGV3YXkgKHZlcnkgbXVjaCBsaWtlIGFuIElQc2VjIGdhdGV3YXkgd291bGQN
Cj4gYmUpIGJ1dCBkZXNpZ25lZCBzcGVjaWZpY2FsbHkgdG8gcmVsYXkgdm9pY2UvdmlkZW8gdHJh
ZmZpYy4gVG8gcHJldmVudCBhdHRhY2tzIGENCj4gVFVSTiBjbGllbnQgKHN1Y2ggYXMgYSBWb0lQ
IHBob25lKSB1c2VzIGEgc2hhcmVkIHNlY3JldCAodXNlcm5hbWUgJg0KPiBwYXNzd29yZCkgd2l0
aCB0aGUgVFVSTiBzZXJ2ZXIgKD1nYXRld2F5KS4NCj4gDQo+IFNvLCBpZiBBbGljZSBjYWxscyBC
b2IgYW5kIHVzZXMgYSBUVVJOIHNlcnZlciB0aGVuIGhlciBWb0lQIGNsaWVudCB1c2VzIFNJUCBv
cg0KPiBXZWJSVEMgKGFzIGEgc2lnbmFsaW5nIHByb3RvY29sKSB0byBlc3RhYmxpc2ggdGhlIG5l
Y2Vzc2FyeSBjb21tdW5pY2F0aW9uDQo+IHNvIHRoYXQgdm9pY2UgcGFja2V0cyBjYW4gYmUgZXhj
aGFuZ2VkIGJldHdlZW4gdGhlIHR3byBWb0lQIGNsaWVudHMgd2l0aA0KPiB0aGUgaGVscCBvZiB0
aGUgVFVSTiBzZXJ2ZXIuDQo+IA0KPiBUaGUgbWFpbiBpZGVhIG9mIHRoaXMgZG9jdW1lbnQgaXMg
dG8gcmUtdXNlIE9BdXRoIHRvIGF1dGhvcml6ZSB0aGUgdXNlIG9mDQo+IHRoaXMgVFVSTiBzZXJ2
ZXIuDQo+IA0KPiAqIFRoZSBEZXNpZ24NCj4gDQo+IEkgd291bGQgaGF2ZSB1c2VkIE9BdXRoIGFz
IGlzIChvciBtYXliZSBzZWxlY3RlZCBhIHNwZWNpZmljIGdyYW50IHR5cGUpIHRvDQo+IG9idGFp
biBhbiBhY2Nlc3MgdG9rZW4uIFRoZW4sIEkgd291bGQgaGF2ZSBkZWZpbmVkIGhvdyB0aGUgYWNj
ZXNzIHRva2VuIGlzDQo+IGNhcnJpZWQgaW4gdGhlIFRVUk4gcHJvdG9jb2wuIFRoaXMgaXMgYSBi
aXQgc2ltaWxhciB3aGF0IHdlIGhhdmUgYWxyZWFkeSBkb25lDQo+IHdpdGggdGhlIE9BdXRoIFNB
U0wgZHJhZnQgd2hlcmUgd2UgZGVmaW5lZCBhIG5ldyB3YXkgdG8gY29udmV5IHRoZSBhY2Nlc3MN
Cj4gdG9rZW4gZnJvbSB0aGUgU0FTTCBjbGllbnQgdG8gdGhlIFNBU0wgc2VydmVyLg0KPiANCj4g
SG93IGRpZCB0aGUgYXV0aG9ycyBzb2x2ZSB0aGF0IHByb2JsZW0/IFRoZXkgcHJldHR5IG11Y2gg
ZGlkIHdoYXQgSSBqdXN0DQo+IGV4cGxhaW5lZC4gU2luY2UgVFVSTiBkb2VzIG5vdCB1c2UgRFRM
UyAob3IgVExTKSB0aGUgcHJvb2Ytb2YtcG9zc2Vzc2lvbg0KPiBzZWN1cml0eSB3b3JrIHdlIGFy
ZSBkb2luZyBiZWNvbWVzIHJlbGV2YW50IChuYW1lbHkgdGhlIHN5bW1ldHJpYyBrZXktDQo+IGJh
c2VkIHBhcnQpLg0KDQpZZXMsIHRoZSBjb21tdW5pY2F0aW9uIGIvdyBUVVJOIGNsaWVudCBhbmQg
c2VydmVyIG1heSBvciBtYXkgbm90IHVzZSAoRClUTFMsIGhlbmNlIA0KcHJvb2Ytb2YtcG9zc2Vz
c2lvbiBzZWN1cml0eSB3b3JrIGlzIHVzZWQuDQoNCj4gDQo+IFB1dHRpbmcgZGlzY292ZXJ5IGlu
Zm9ybWF0aW9uIGluLWJhbmQgaW50byB0aGUgZXhjaGFuZ2UgaXMgYWxzbyBmaW5kICh3aGljaCBp
cw0KPiB3aGF0IHdlIGRpZCBpbiB0aGUgU0FTTCBkb2N1bWVudCkuDQo+IA0KPiBJbnN0ZWFkIG9m
IHVzaW5nIHRoZSBKV1QgYWNjZXNzIHRva2VuIGZvcm1hdCB0aGUgYXV0aG9ycyBoYXZlIGRlZmlu
ZWQgYQ0KPiBuZXcsIGJpbmFyeSBlbmNvZGluZyB0byBrZWVwIHRoZSBzaXplIHNtYWxsZXIuIFRo
ZSBPQXV0aCBmcmFtZXdvcmsgYWxsb3dzDQo+IG90aGVyIHRva2VuIGZvcm1hdHMgdG8gYmUgdXNl
ZCAtIHNvIHRoYXQncyBmaW5lIGFzIHdlbGwuDQo+IChBcyBhIG1pbm9yIHJlbWFyaywgSSB3b3Vs
ZCB1c2UgQUVBRCBjaXBoZXJzIGhlcmUgc2luY2UgdGhhdCdzIHdoYXQNCj4gZXZlcnlvbmUgaXMg
ZG9pbmcgbm93YXlzLikNCg0KR29vZCBwb2ludCwgd2lsbCB1cGRhdGUgdGhlIGRyYWZ0IHRvIHVz
ZSBBRUFELg0KDQo+IA0KPiBUd28gdGhpbmdzIHN1cnByaXNlZCBtZToNCj4gDQo+IGEpIFRoZSBz
cGVjIGxlYXZlcyB0aGUgd2F5IHRvIG9idGFpbiB0aGUgYWNjZXNzIHRva2VuIHByZXR0eSBtdWNo
IG9wZW4uDQo+IEEgYmlnIGJlbmVmaXQgZnJvbSB1c2luZyBPQXV0aCBpcyB0aGF0IHRoZXJlIGlz
IGEgcHJvdG9jb2wgbWVjaGFuaXNtIGRlZmluZWQNCj4gZm9yIGdldHRpbmcgdGhlIGFjY2VzcyB0
b2tlbi4gWW91IGNvdWxkLCBmb3IgZXhhbXBsZSwgcmVjb21tZW5kIHVzaW5nDQo+IGF1dGhvcml6
YXRpb24gY29kZSBmbG93LiBUaGlzIGNvbmNlcm5zIHRoZSB0ZXh0IHdyaXR0ZW4gaW4gU2VjdGlv
biA0Lg0KDQpVc2luZyBhdXRob3JpemF0aW9uIGNvZGUgZmxvdyBpcyBkaXNjdXNzZWQgaW4gU2Vj
dGlvbiA0IG9mIHRoZSBkcmFmdC4NCg0KPHNuaXA+DQogICBPQXV0aCBpbiBbUkZDNjc0OV0gZGVm
aW5lcyBmb3VyIGdyYW50IHR5cGVzLiAgVGhpcyBzcGVjaWZpY2F0aW9uIHVzZXMNCiAgIHRoZSBP
QXV0aCBncmFudCB0eXBlICJJbXBsaWNpdCIgZXhwbGFpbmVkIGluIHNlY3Rpb24gMS4zLjIgb2YN
CiAgIFtSRkM2NzQ5XSB3aGVyZSB0aGUgV2ViUlRDIGNsaWVudCBpcyBpc3N1ZWQgYW4gYWNjZXNz
IHRva2VuIGRpcmVjdGx5Lg0KPC9zbmlwPg0KDQpBcmUgeW91IHN1Z2dlc3RpbmcgdGhhdCB3ZSBh
ZGQgbW9yZSBkZXRhaWxzID8NCg0KPiANCj4gYikgWW91IGRlc2NyaWJlIGEga2V5IGVzdGFibGlz
aG1lbnQgc2NoZW1lIHRvIGJlIHVzZWQgYmV0d2VlbiB0aGUNCj4gcmVzb3VyY2Ugc2VydmVyIGFu
ZCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuIFdoYXQgYXNzdW1wdGlvbiBkbyB5b3UgbWFrZQ0K
PiBhYm91dCB0aGUgcmVsYXRpb25zaGlwIGJldHdlZW4gdGhlIGF1dGhvcml6YXRpb24gc2VydmVy
IGFuZCB0aGUgcmVzb3VyY2UNCj4gc2VydmVyPyBBcmUgdGhleSBzdXBwb3NlZCB0byBoYXZlIGEg
YnVzaW5lc3MgcmVsYXRpb25zaGlwIG9yIHNvbWUgb3RoZXINCj4gcmVsYXRpb25zaGlwIHdpdGgg
ZWFjaCBvdGhlciA/DQoNCkF1dGhvcml6YXRpb24gYW5kIFJlc291cmNlIHNlcnZlcnMgY291bGQg
aGF2ZSBhIGJ1c2luZXNzIHJlbGF0aW9uc2hpcCAobG9vc2VseSBjb3VwbGVkLCBmb3IgZXhhbXBs
ZSBFbnRlcnByaXNlIG5ldHdvcmsgdXNpbmcgVFVSTiBzZXJ2ZXIgcHJvdmlkZWQgYnkgdGhpcmQg
cGFydHkgcHJvdmlkZXIgbGlrZSBBa2FtYWkpIG9yIGNvdWxkIGJlIGRlcGxveWVkIGluIHRoZSBz
YW1lIGFkbWluaXN0cmF0aXZlIGRvbWFpbiAodGlnaHRseSBjb3VwbGVkLCBmb3IgZXhhbXBsZSBH
b29nbGUgcHJvdmlkaW5nIGJvdGggV2ViUlRDIGFuZCBUVVJOIHNlcnZlcnMpDQoNCj4gDQo+IE1p
bm9yIGFzcGVjdHM6DQo+IA0KPiAgKiBXb3VsZCB0aGUgVFVSTiBzZXJ2ZXIgbmFtZSByZWFsbHkg
YmUgYW4gZW1haWwgYWxpa2UgYWRkcmVzcyByYXRoZXIgdGhhbg0KPiBhIFVSSSA/DQoNClllcywg
Zm9yIG1vcmUgaW5mb3JtYXRpb24gcGxlYXNlIHJlZmVyIHRvIGh0dHA6Ly90b29scy5pZXRmLm9y
Zy9odG1sL2RyYWZ0LWlldGYtdHJhbS10dXJuLXNlcnZlci1kaXNjb3ZlcnktMDANCg0KPiANCj4g
ICogV291bGQgeW91IHVzZSBEeW5hbWljIENsaWVudCBSZWdpc3RyYXRpb24gdG8gcHJvdmlzaW9u
IHRoZSBjbGllbnQgd2l0aCB0aGUNCj4gbmVjZXNzYXJ5IHBhcmFtZXRlcj8gSXMgdGhlcmUgdGhl
IGV4cGVjdGF0aW9uIHRoYXQgcmFuZG9tIGNsaWVudHMgd291bGQNCj4gd29yayB3aXRoIHJhbmRv
bSBhdXRob3JpemF0aW9uIHNlcnZlcnMgPw0KDQpObywgY2xpZW50IG11c3QgYXV0aGVudGljYXRl
IHdpdGggdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIChTSVAvV2ViUlRDIHNlcnZlcikgdG8gbWFr
ZSBhIGNhbGwuDQoNCj4gDQo+ICAqIFdvdWxkbid0IHlvdSB3YW50IHRvIGRlZmluZSBhIHNjb3Bl
IHZhbHVlIGZvciB1c2Ugd2l0aCB0aGUgVFVSTiBzZXJ2aWNlDQo+IHNvIHRoYXQgdGhlIGF1dGhv
cml6YXRpb24gc2VydmVyIGlzIGFibGUgdG8gcmVzdHJpY3QgdGhlIGFjY2VzcyB0b2tlbiBmb3Ig
dXNlDQo+IHdpdGggVFVSTiBvbmx5Pw0KDQpUaGUgc2NvcGUgdmFsdWUgZm9yIHVzZSB3aXRoIHRo
ZSBUVVJOIHNlcnZpY2UgaXMgZGVmaW5lZCBpbiBzZWN0aW9uIDQNCg0KPHNuaXA+DQogICBUaGUg
c2NvcGUgb2YgdGhlIGFjY2VzcyB0b2tlbiBleHBsYWluZWQgaW4gc2VjdGlvbiAzLjMgb2YgW1JG
QzY3NDldDQogICBNVVNUIGJlIFRVUk4uDQo8L3NuaXA+DQoNCj4gDQo+ICAqIENyeXB0byBhbGdv
cml0aG0gbmVnb3RpYXRpb246IHdvdWxkIHlvdSBleHBlY3QgdGhlIGF1dGhvcml6YXRpb24gc2Vy
dmVyIHRvDQo+IHRlbGwgdGhlIGNsaWVudCB3aGF0IGNyeXB0byBhbGdvcml0aG1zIHRvIHVzZSAo
c2luY2UgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyDQo+IG5vdCBvbmx5IG5lZWRzIHRvIHNoYXJl
IGEga2V5IHdpdGggdGhlIHJlc291cmNlIHNlcnZlciBidXQgYWxzbyBuZWVkcyB0byBoYXZlDQo+
IGtub3dsZWRnZSBhYm91dCB0aGUgc3VwcG9ydGVkIGNyeXB0b2dyYXBoaWMgYWxnb3JpdGhtcykg
Pw0KDQpDdXJyZW50bHkgU1RVTiBvbmx5IHVzZXMgSE1BQy1TSEExLCBoZW5jZSBkZXRhaWxzIGFi
b3V0IGF1dGhvcml6YXRpb24gc2VydmVyIHRlbGxpbmcgdGhlIGNsaWVudCBhYm91dCB0aGUgY3J5
cHRvIGFsZ29yaXRobSB0byB1c2UgaXMgbm90IGV4cGxpY2l0bHkgbWVudGlvbmVkIGluIHRoZSBk
cmFmdC4NCg0KPiANCj4gICogSW4geW91ciBUVVJOIDwtPiBPQXV0aCB0ZXJtaW5vbG9neSBtYXBw
aW5nIHlvdSBzYXkgdGhhdCB0aGUgcmVzb3VyY2UNCj4gb3duZXIgY29ycmVzcG9uZHMgdG8gdGhl
IFJUQ1dlYiBzZXJ2ZXIuIEkgZG9uJ3QgdGhpbmsgdGhhdCdzIHRydWUuIFRoZQ0KPiByZXNvdXJj
ZSBvd25lciBpcyB0aGUgdXNlciBidXQgSSBiZWxpZXZlIHlvdSBhcmUgdHJ5aW5nIHRvIHNheSB0
aGF0IHRoZSB1c2VyDQo+IGdyYW50cyBhdXRob3JpemF0aW9uIGltcGxpY2l0bHkgYnkgbWFraW5n
IGEgV2ViUlRDIGNhbGwuDQoNClRoZSByZXNvdXJjZSBvd25lciBpcyB0aGUgV2ViUlRDIHNlcnZl
ci4gV2hlbiBjbGllbnQgbWFrZXMgYSBjYWxsIHVzaW5nIHRoZSBXZWJSVEMgc2VydmVyLCBpdCBh
dXRob3JpemVzIHRoZSBjbGllbnQgdG8gdXNlIHRoZSByZXNvdXJjZXMgb24gdGhlIFRVUk4gc2Vy
dmVyIGZvciBhIHNwZWNpZmljIHBlcmlvZCBvZiB0aW1lLiBUaGUgdXNlciBpcyBncmFudGVkIGF1
dGhvcml6YXRpb24gaW1wbGljaXRseSBieSBtYWtpbmcgYSBXZWJSVEMgY2FsbC4NCg0KQ2hlZXJz
LA0KLVRpcnUNCg0KPiANCj4gQ2lhbw0KPiBIYW5uZXMNCj4gDQo+IA0KPiANCg0K


From nobody Fri Aug 22 01:35:11 2014
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DAD51A0188; Fri, 22 Aug 2014 01:35:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.568
X-Spam-Level: 
X-Spam-Status: No, score=-2.568 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kba3-NLFL06V; Fri, 22 Aug 2014 01:35:07 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5553E1A0191; Fri, 22 Aug 2014 01:35:07 -0700 (PDT)
Received: from [172.16.254.100] ([80.92.114.249]) by mail.gmx.com (mrgmx003) with ESMTPSA (Nemesis) id 0M3S2C-1WU9go1ueu-00r1J1; Fri, 22 Aug 2014 10:34:58 +0200
Message-ID: <53F700D2.8000502@gmx.net>
Date: Fri, 22 Aug 2014 10:35:30 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>,  "oauth@ietf.org" <oauth@ietf.org>
References: <913383AAA69FF945B8F946018B75898A2831989C@xmb-rcd-x10.cisco.com>
In-Reply-To: <913383AAA69FF945B8F946018B75898A2831989C@xmb-rcd-x10.cisco.com>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="m5jWC4pc6ErdgInVWJt2Vj206UgfBno45"
X-Provags-ID: V03:K0:iXrENLDsXRIoizRo7EJEp5Bhe/ruMX123xRzhAewCtG1YH49mDk yGZxo26kpzH+LE5O2mjaosbZ+56XCvLbYxVUrBjcAlG1mrGoo0d6wVgQvXCDtxluTlOsUHu 52EEtRD5fL83R5IG8nT18TwV00WRcmye9XrmhAubpaXilsOwXn7M4Lior3rfeOePT9aLVud B3h7umL4GmdyDC3o12WGQ==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/qmYeKEkmopiU4yNRLh-IKjUtuto
Cc: "sperreault@jive.com" <sperreault@jive.com>, "draft-ietf-tram-turn-third-party-authz@tools.ietf.org" <draft-ietf-tram-turn-third-party-authz@tools.ietf.org>, "Gonzalo.Camarillo@ericsson.com >> Gonzalo Camarillo" <Gonzalo.Camarillo@ericsson.com>, "tram@ietf.org" <tram@ietf.org>
Subject: Re: [OAUTH-WG] Review of draft-ietf-tram-turn-third-party-authz-01
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Aug 2014 08:35:10 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--m5jWC4pc6ErdgInVWJt2Vj206UgfBno45
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hi Tiru,

~snip~
>> * The Design
>>
>> I would have used OAuth as is (or maybe selected a specific grant type=
) to
>> obtain an access token. Then, I would have defined how the access toke=
n is
>> carried in the TURN protocol. This is a bit similar what we have alrea=
dy done
>> with the OAuth SASL draft where we defined a new way to convey the acc=
ess
>> token from the SASL client to the SASL server.
>>
>> How did the authors solve that problem? They pretty much did what I ju=
st
>> explained. Since TURN does not use DTLS (or TLS) the proof-of-possessi=
on
>> security work we are doing becomes relevant (namely the symmetric key-=

>> based part).
>=20
> Yes, the communication b/w TURN client and server may or may not use (D=
)TLS, hence=20
> proof-of-possession security work is used.

I know saw in one of the references that there is a proposal for DTLS.
In that case you might already want to consider re-using the channel
binding work as well.


>=20
>>
>> Putting discovery information in-band into the exchange is also find (=
which is
>> what we did in the SASL document).
>>
>> Instead of using the JWT access token format the authors have defined =
a
>> new, binary encoding to keep the size smaller. The OAuth framework all=
ows
>> other token formats to be used - so that's fine as well.
>> (As a minor remark, I would use AEAD ciphers here since that's what
>> everyone is doing noways.)
>=20
> Good point, will update the draft to use AEAD.

Ok

>=20
>>
>> Two things surprised me:
>>
>> a) The spec leaves the way to obtain the access token pretty much open=
=2E
>> A big benefit from using OAuth is that there is a protocol mechanism d=
efined
>> for getting the access token. You could, for example, recommend using
>> authorization code flow. This concerns the text written in Section 4.
>=20
> Using authorization code flow is discussed in Section 4 of the draft.
>=20
> <snip>
>    OAuth in [RFC6749] defines four grant types.  This specification use=
s
>    the OAuth grant type "Implicit" explained in section 1.3.2 of
>    [RFC6749] where the WebRTC client is issued an access token directly=
=2E
> </snip>
>=20
> Are you suggesting that we add more details ?

I missed that. That's fine.

>=20
>>
>> b) You describe a key establishment scheme to be used between the
>> resource server and the authorization server. What assumption do you m=
ake
>> about the relationship between the authorization server and the resour=
ce
>> server? Are they supposed to have a business relationship or some othe=
r
>> relationship with each other ?
>=20
> Authorization and Resource servers could have a business relationship (=
loosely coupled, for example Enterprise network using TURN server provide=
d by third party provider like Akamai) or could be deployed in the same a=
dministrative domain (tightly coupled, for example Google providing both =
WebRTC and TURN servers)

I guess you assume that there is some long-term secret (such as
asymmetric credential) in place and you then derive the symmetric keys
from it (by using DSKPP). Maybe you want to say that (in addition to the
assumed relationship between the two entities). If there is no
relationship between the two parties then they will certainly be a
challenge to get this done securely.


>=20
>>
>> Minor aspects:
>>
>>  * Would the TURN server name really be an email alike address rather =
than
>> a URI ?
>=20
> Yes, for more information please refer to http://tools.ietf.org/html/dr=
aft-ietf-tram-turn-server-discovery-00
>=20

Thanks. Why do you need the username part for the discovery of the TURN
server capabilities? I couldn't find the answer to that question by
quickly looking at the TURN server discovery document. Do you expect
that the configuration is different from user to user?

The procedure seems to be:

Client -> TURN server: Establish Tunnel
Client <- TURN server: error - here is my "email" alike address
(foo@turn.com)
Client -> DNS: DNS Lookup (turn.com)
Client <- DNS: something domain name back
Client -> DNS: NAPTR
Client <- DNS: IP address back

Is this correct?

>>
>>  * Would you use Dynamic Client Registration to provision the client w=
ith the
>> necessary parameter? Is there the expectation that random clients woul=
d
>> work with random authorization servers ?
>=20
> No, client must authenticate with the authorization server (SIP/WebRTC =
server) to make a call.

Ok.

>=20
>>
>>  * Wouldn't you want to define a scope value for use with the TURN ser=
vice
>> so that the authorization server is able to restrict the access token =
for use
>> with TURN only?
>=20
> The scope value for use with the TURN service is defined in section 4
>=20
> <snip>
>    The scope of the access token explained in section 3.3 of [RFC6749]
>    MUST be TURN.
> </snip>

Ok. The scope string is 'turn'.

>=20
>>
>>  * Crypto algorithm negotiation: would you expect the authorization se=
rver to
>> tell the client what crypto algorithms to use (since the authorization=
 server
>> not only needs to share a key with the resource server but also needs =
to have
>> knowledge about the supported cryptographic algorithms) ?
>=20
> Currently STUN only uses HMAC-SHA1, hence details about authorization s=
erver telling the client about the crypto algorithm to use is not explici=
tly mentioned in the draft.

OK. Is there any plan to provide more than just HMAC-SHA1?

>=20
>>
>>  * In your TURN <-> OAuth terminology mapping you say that the resourc=
e
>> owner corresponds to the RTCWeb server. I don't think that's true. The=

>> resource owner is the user but I believe you are trying to say that th=
e user
>> grants authorization implicitly by making a WebRTC call.
>=20
> The resource owner is the WebRTC server. When client makes a call using=
 the WebRTC server, it authorizes the client to use the resources on the =
TURN server for a specific period of time. The user is granted authorizat=
ion implicitly by making a WebRTC call.
That's what I thought.

Ciao
Hannes

>=20
> Cheers,
> -Tiru
>=20
>>
>> Ciao
>> Hannes
>>
>>
>>
>=20


--m5jWC4pc6ErdgInVWJt2Vj206UgfBno45
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQEcBAEBCgAGBQJT9wDTAAoJEGhJURNOOiAtm1YH/ip1lM9gfGo5G23vMfd7Yzi6
Mv6Sn2Gfp3/X3NpO7qIpKAZ6HR/6h35UEksEDA5qzC6XEVuHsWEqFsx10l15jHj1
mjzjKpYVl6NMm7ecoY/gGIQCC2B4ZdCxODQxgvKaOiOoyKn9VilbEXUe/7ZRSzMp
kxhVB5eo82saS15mF5eRhIbAlMgwqCa/FfQ1G3u/dvR/1m6BaPfBpRtnFE4sCpWo
qIEHDqMJlPU+uDFDCNSbuE42Dd+2pPIjEayRuFifc9PE3//LLAceQwJObElKz1Qb
PPeZw4+N+aqeM27GHLf/xV3yPSftS7+TmOLC7joGYX9mphN9iHhf+ATY1Nl+d1c=
=tX8I
-----END PGP SIGNATURE-----

--m5jWC4pc6ErdgInVWJt2Vj206UgfBno45--


From nobody Fri Aug 22 01:41:54 2014
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 115331A017D; Fri, 22 Aug 2014 01:41:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.568
X-Spam-Level: 
X-Spam-Status: No, score=-2.568 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fWyAo6026L9G; Fri, 22 Aug 2014 01:41:48 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9EBAA1A017C; Fri, 22 Aug 2014 01:41:47 -0700 (PDT)
Received: from [172.16.254.100] ([80.92.114.249]) by mail.gmx.com (mrgmx003) with ESMTPSA (Nemesis) id 0LfC00-1WakV409yC-00omrE; Fri, 22 Aug 2014 10:41:42 +0200
Message-ID: <53F7026F.60200@gmx.net>
Date: Fri, 22 Aug 2014 10:42:23 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: Mike Jones <Michael.Jones@microsoft.com>,  "oauth-ext-review@ietf.org" <oauth-ext-review@ietf.org>
References: <4E1F6AAD24975D4BA5B16804296739439AE1F276@TK5EX14MBXC293.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739439AE1F276@TK5EX14MBXC293.redmond.corp.microsoft.com>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="pBeF6OXdHpOaKiVehu4Qun6wgoJCLbHHI"
X-Provags-ID: V03:K0:JS4/shgBTWM5vKNAi51aR9w0ZK6yg16IYQkPPCXqRZfYa6tCxC7 AZaXwWX+zADb4nmVBi30dmFwz3/GHTmc8DVbwhd4K5V6/V2q/M645Va4yE+48V/uO3kVwi9 nlmoOiOpc8JJWsH/dQdAkpEyozH6DeUK+DzY/oL54XGh4yep+Ig5A2DGVqmGfXM7yk02yZ/ BLY/SsGrA5zPsdVJeX8sQ==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/AFqB8uxC7G-QTqpOSESn8UmpL5E
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Please register OAuth parameter "error"
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Aug 2014 08:41:50 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--pBeF6OXdHpOaKiVehu4Qun6wgoJCLbHHI
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

Hi IANA, Hi all,

It is correct that we have forgotten to register the error parameter
(defined in RFC 6749).

Please add it to the OAuth parameters registry as Mike suggests below.

Ciao
Hannes


On 08/16/2014 02:17 AM, Mike Jones wrote:
> RFC 6749 defines the =93error=94 response parameter in section 4.1.2.1
> http://tools.ietf.org/html/rfc6749#section-4.1.2.1 but failed to
> register it.  Please register it in the OAuth Parameters registry at
> http://www.iana.org/assignments/oauth-parameters/oauth-parameters.xml#p=
arameters
> in a manner identical to =93error_description=94 and =93error_uri=94, w=
hich are
> also defined in 4.1.2.1.
>=20
> =20
>=20
>                                                             Thank you,
>=20
>                                                             -- Mike
>=20
> =20
>=20


--pBeF6OXdHpOaKiVehu4Qun6wgoJCLbHHI
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQEcBAEBCgAGBQJT9wJvAAoJEGhJURNOOiAtal0H/A4G563AbvaNBeqvIpO810CZ
a2ITuX62kNH9yq53mTOoAEE3f1Ov7yGLGWxcYEugw0In++kgLImphKT8fJCc7ib6
rSiW7mA6dR8Cpqwg/zETKDpBaRNhEBGOz4kOVtRI90gVkLp0qANqND1PtQyr1XHZ
nTeyoBua+itn47aFWLwbtWLERTUP8fOZrEKjA1E1kwqouHAZeUNr5v4BOypgDrHC
1q7TqYPVjypuiGHjetcvoTAETccyJxMR3UjjwteWmKC+i94JcEsS5HLwjLxWkke+
6jlIOLZ5MLppcgTpB0F50M29mDXotUmjSh//4zrUFrP+k62vOfZRJaqi8t8bXaM=
=OddL
-----END PGP SIGNATURE-----

--pBeF6OXdHpOaKiVehu4Qun6wgoJCLbHHI--


From nobody Sat Aug 23 23:24:54 2014
Return-Path: <tireddy@cisco.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7283A1A0842; Sat, 23 Aug 2014 23:24:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.169
X-Spam-Level: 
X-Spam-Status: No, score=-15.169 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rCbdB5M8lpjn; Sat, 23 Aug 2014 23:24:48 -0700 (PDT)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A29A1A6FCC; Sat, 23 Aug 2014 23:24:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=11746; q=dns/txt; s=iport; t=1408861488; x=1410071088; h=from:to:cc:subject:date:message-id: content-transfer-encoding:mime-version; bh=hsp8kEquICRPB9xQFozxVFhjw8PWxzUxze/QHsXTugQ=; b=MtIis64dY0ocmC4evakCBZcz+IICqEMWUZMjQP/Nr89WcFHpEhnjXEiG dWmK0+jfbRziG4silqb/2HZGZKx9vKeZw36Ml7AWmYZdZdyBPFVQ+NM02 Z6F/pozlKI5hFQVV0fRsoxIiYzHonqQpA/2e2e+FYGYFeiK0wvhxsIsmB 4=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AhYFAN2D+VOtJV2U/2dsb2JhbABPCoMNU1cEgnjJSIdNARlvFneEAwEBAQMBIwQNMwsHBQcGAQgRBAEBAwIGHQMCBDAUAQgJAQQBDQUIiCYDCQgNrzeULBeBLItzgUsGCwEfMQ2CczaBHQWFBAKMIIQpiFKTNIFmHIFcbIEPOYEHAQEB
X-IronPort-AV: E=Sophos;i="5.04,389,1406592000"; d="scan'208";a="71861458"
Received: from rcdn-core-12.cisco.com ([173.37.93.148]) by alln-iport-5.cisco.com with ESMTP; 24 Aug 2014 06:24:46 +0000
Received: from xhc-rcd-x04.cisco.com (xhc-rcd-x04.cisco.com [173.37.183.78]) by rcdn-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id s7O6OkM1013225 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Sun, 24 Aug 2014 06:24:46 GMT
Received: from xmb-rcd-x10.cisco.com ([169.254.15.68]) by xhc-rcd-x04.cisco.com ([fe80::200:5efe:173.37.183.34%12]) with mapi id 14.03.0195.001; Sun, 24 Aug 2014 01:24:45 -0500
From: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: Review of draft-ietf-tram-turn-third-party-authz-01
Thread-Index: Ac+/ZBYS752gcJGOSr6ZhlHlrD++Og==
Date: Sun, 24 Aug 2014 06:24:45 +0000
Message-ID: <913383AAA69FF945B8F946018B75898A2831A4F0@xmb-rcd-x10.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.65.49.208]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/r7ZSDo6PfTViqQtzYwEZAAk50Mg
Cc: "sperreault@jive.com" <sperreault@jive.com>, "draft-ietf-tram-turn-third-party-authz@tools.ietf.org" <draft-ietf-tram-turn-third-party-authz@tools.ietf.org>, "Gonzalo.Camarillo@ericsson.com >> Gonzalo Camarillo" <Gonzalo.Camarillo@ericsson.com>, "tram@ietf.org" <tram@ietf.org>
Subject: Re: [OAUTH-WG] Review of draft-ietf-tram-turn-third-party-authz-01
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Aug 2014 06:24:50 -0000

SGkgSGFubmVzLA0KDQpQbGVhc2Ugc2VlIGlubGluZQ0KDQo+IC0tLS0tT3JpZ2luYWwgTWVzc2Fn
ZS0tLS0tDQo+IEZyb206IEhhbm5lcyBUc2Nob2ZlbmlnIFttYWlsdG86aGFubmVzLnRzY2hvZmVu
aWdAZ214Lm5ldF0NCj4gU2VudDogRnJpZGF5LCBBdWd1c3QgMjIsIDIwMTQgMjowNiBQTQ0KPiBU
bzogVGlydW1hbGVzd2FyIFJlZGR5ICh0aXJlZGR5KTsgb2F1dGhAaWV0Zi5vcmcNCj4gQ2M6IGRy
YWZ0LWlldGYtdHJhbS10dXJuLXRoaXJkLXBhcnR5LWF1dGh6QHRvb2xzLmlldGYub3JnOw0KPiBH
b256YWxvLkNhbWFyaWxsb0Blcmljc3Nvbi5jb20gPj4gR29uemFsbyBDYW1hcmlsbG87DQo+IHNw
ZXJyZWF1bHRAaml2ZS5jb207IHRyYW1AaWV0Zi5vcmcNCj4gU3ViamVjdDogUmU6IFJldmlldyBv
ZiBkcmFmdC1pZXRmLXRyYW0tdHVybi10aGlyZC1wYXJ0eS1hdXRoei0wMQ0KPiANCj4gSGkgVGly
dSwNCj4gDQo+IH5zbmlwfg0KPiA+PiAqIFRoZSBEZXNpZ24NCj4gPj4NCj4gPj4gSSB3b3VsZCBo
YXZlIHVzZWQgT0F1dGggYXMgaXMgKG9yIG1heWJlIHNlbGVjdGVkIGEgc3BlY2lmaWMgZ3JhbnQN
Cj4gPj4gdHlwZSkgdG8gb2J0YWluIGFuIGFjY2VzcyB0b2tlbi4gVGhlbiwgSSB3b3VsZCBoYXZl
IGRlZmluZWQgaG93IHRoZQ0KPiA+PiBhY2Nlc3MgdG9rZW4gaXMgY2FycmllZCBpbiB0aGUgVFVS
TiBwcm90b2NvbC4gVGhpcyBpcyBhIGJpdCBzaW1pbGFyDQo+ID4+IHdoYXQgd2UgaGF2ZSBhbHJl
YWR5IGRvbmUgd2l0aCB0aGUgT0F1dGggU0FTTCBkcmFmdCB3aGVyZSB3ZSBkZWZpbmVkDQo+ID4+
IGEgbmV3IHdheSB0byBjb252ZXkgdGhlIGFjY2VzcyB0b2tlbiBmcm9tIHRoZSBTQVNMIGNsaWVu
dCB0byB0aGUgU0FTTA0KPiBzZXJ2ZXIuDQo+ID4+DQo+ID4+IEhvdyBkaWQgdGhlIGF1dGhvcnMg
c29sdmUgdGhhdCBwcm9ibGVtPyBUaGV5IHByZXR0eSBtdWNoIGRpZCB3aGF0IEkNCj4gPj4ganVz
dCBleHBsYWluZWQuIFNpbmNlIFRVUk4gZG9lcyBub3QgdXNlIERUTFMgKG9yIFRMUykgdGhlDQo+
ID4+IHByb29mLW9mLXBvc3Nlc3Npb24gc2VjdXJpdHkgd29yayB3ZSBhcmUgZG9pbmcgYmVjb21l
cyByZWxldmFudA0KPiA+PiAobmFtZWx5IHRoZSBzeW1tZXRyaWMga2V5LSBiYXNlZCBwYXJ0KS4N
Cj4gPg0KPiA+IFllcywgdGhlIGNvbW11bmljYXRpb24gYi93IFRVUk4gY2xpZW50IGFuZCBzZXJ2
ZXIgbWF5IG9yIG1heSBub3QgdXNlDQo+ID4gKEQpVExTLCBoZW5jZSBwcm9vZi1vZi1wb3NzZXNz
aW9uIHNlY3VyaXR5IHdvcmsgaXMgdXNlZC4NCj4gDQo+IEkga25vdyBzYXcgaW4gb25lIG9mIHRo
ZSByZWZlcmVuY2VzIHRoYXQgdGhlcmUgaXMgYSBwcm9wb3NhbCBmb3IgRFRMUy4NCj4gSW4gdGhh
dCBjYXNlIHlvdSBtaWdodCBhbHJlYWR5IHdhbnQgdG8gY29uc2lkZXIgcmUtdXNpbmcgdGhlIGNo
YW5uZWwgYmluZGluZw0KPiB3b3JrIGFzIHdlbGwuDQoNClRVUk4gcmVxdWVzdC9yZXNwb25zZSB3
aWxsIGFsd2F5cyBiZSBpbnRlZ3JpdHkgcHJvdGVjdGVkIGluZGVwZW5kZW50IG9mIHdoZXRoZXIg
KEQpVExTIGlzIHVzZWQgb3Igbm90IGFuZCB0aGUgbWVkaWEgdHJhZmZpYyByZWxheWVkIHRocm91
Z2ggdGhlIFRVUk4gc2VydmVyIGlzIGVuY3J5cHRlZCAoZS5nLiB1c2luZyBEVExTLVNSVFApIGZv
ciBlbmQtdG8tZW5kIHNlY3VyaXR5LiBJcyB0aGVyZSBuZWVkIHRvIHN1cHBvcnQgY2hhbm5lbCBi
aW5kaW5nID8NCg0KPiANCj4gDQo+ID4NCj4gPj4NCj4gPj4gUHV0dGluZyBkaXNjb3ZlcnkgaW5m
b3JtYXRpb24gaW4tYmFuZCBpbnRvIHRoZSBleGNoYW5nZSBpcyBhbHNvIGZpbmQNCj4gPj4gKHdo
aWNoIGlzIHdoYXQgd2UgZGlkIGluIHRoZSBTQVNMIGRvY3VtZW50KS4NCj4gPj4NCj4gPj4gSW5z
dGVhZCBvZiB1c2luZyB0aGUgSldUIGFjY2VzcyB0b2tlbiBmb3JtYXQgdGhlIGF1dGhvcnMgaGF2
ZSBkZWZpbmVkDQo+ID4+IGEgbmV3LCBiaW5hcnkgZW5jb2RpbmcgdG8ga2VlcCB0aGUgc2l6ZSBz
bWFsbGVyLiBUaGUgT0F1dGggZnJhbWV3b3JrDQo+ID4+IGFsbG93cyBvdGhlciB0b2tlbiBmb3Jt
YXRzIHRvIGJlIHVzZWQgLSBzbyB0aGF0J3MgZmluZSBhcyB3ZWxsLg0KPiA+PiAoQXMgYSBtaW5v
ciByZW1hcmssIEkgd291bGQgdXNlIEFFQUQgY2lwaGVycyBoZXJlIHNpbmNlIHRoYXQncyB3aGF0
DQo+ID4+IGV2ZXJ5b25lIGlzIGRvaW5nIG5vd2F5cy4pDQo+ID4NCj4gPiBHb29kIHBvaW50LCB3
aWxsIHVwZGF0ZSB0aGUgZHJhZnQgdG8gdXNlIEFFQUQuDQo+IA0KPiBPaw0KPiANCj4gPg0KPiA+
Pg0KPiA+PiBUd28gdGhpbmdzIHN1cnByaXNlZCBtZToNCj4gPj4NCj4gPj4gYSkgVGhlIHNwZWMg
bGVhdmVzIHRoZSB3YXkgdG8gb2J0YWluIHRoZSBhY2Nlc3MgdG9rZW4gcHJldHR5IG11Y2ggb3Bl
bi4NCj4gPj4gQSBiaWcgYmVuZWZpdCBmcm9tIHVzaW5nIE9BdXRoIGlzIHRoYXQgdGhlcmUgaXMg
YSBwcm90b2NvbCBtZWNoYW5pc20NCj4gPj4gZGVmaW5lZCBmb3IgZ2V0dGluZyB0aGUgYWNjZXNz
IHRva2VuLiBZb3UgY291bGQsIGZvciBleGFtcGxlLA0KPiA+PiByZWNvbW1lbmQgdXNpbmcgYXV0
aG9yaXphdGlvbiBjb2RlIGZsb3cuIFRoaXMgY29uY2VybnMgdGhlIHRleHQgd3JpdHRlbg0KPiBp
biBTZWN0aW9uIDQuDQo+ID4NCj4gPiBVc2luZyBhdXRob3JpemF0aW9uIGNvZGUgZmxvdyBpcyBk
aXNjdXNzZWQgaW4gU2VjdGlvbiA0IG9mIHRoZSBkcmFmdC4NCj4gPg0KPiA+IDxzbmlwPg0KPiA+
ICAgIE9BdXRoIGluIFtSRkM2NzQ5XSBkZWZpbmVzIGZvdXIgZ3JhbnQgdHlwZXMuICBUaGlzIHNw
ZWNpZmljYXRpb24gdXNlcw0KPiA+ICAgIHRoZSBPQXV0aCBncmFudCB0eXBlICJJbXBsaWNpdCIg
ZXhwbGFpbmVkIGluIHNlY3Rpb24gMS4zLjIgb2YNCj4gPiAgICBbUkZDNjc0OV0gd2hlcmUgdGhl
IFdlYlJUQyBjbGllbnQgaXMgaXNzdWVkIGFuIGFjY2VzcyB0b2tlbiBkaXJlY3RseS4NCj4gPiA8
L3NuaXA+DQo+ID4NCj4gPiBBcmUgeW91IHN1Z2dlc3RpbmcgdGhhdCB3ZSBhZGQgbW9yZSBkZXRh
aWxzID8NCj4gDQo+IEkgbWlzc2VkIHRoYXQuIFRoYXQncyBmaW5lLg0KPiANCj4gPg0KPiA+Pg0K
PiA+PiBiKSBZb3UgZGVzY3JpYmUgYSBrZXkgZXN0YWJsaXNobWVudCBzY2hlbWUgdG8gYmUgdXNl
ZCBiZXR3ZWVuIHRoZQ0KPiA+PiByZXNvdXJjZSBzZXJ2ZXIgYW5kIHRoZSBhdXRob3JpemF0aW9u
IHNlcnZlci4gV2hhdCBhc3N1bXB0aW9uIGRvIHlvdQ0KPiA+PiBtYWtlIGFib3V0IHRoZSByZWxh
dGlvbnNoaXAgYmV0d2VlbiB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYW5kIHRoZQ0KPiA+PiBy
ZXNvdXJjZSBzZXJ2ZXI/IEFyZSB0aGV5IHN1cHBvc2VkIHRvIGhhdmUgYSBidXNpbmVzcyByZWxh
dGlvbnNoaXAgb3INCj4gPj4gc29tZSBvdGhlciByZWxhdGlvbnNoaXAgd2l0aCBlYWNoIG90aGVy
ID8NCj4gPg0KPiA+IEF1dGhvcml6YXRpb24gYW5kIFJlc291cmNlIHNlcnZlcnMgY291bGQgaGF2
ZSBhIGJ1c2luZXNzIHJlbGF0aW9uc2hpcA0KPiA+IChsb29zZWx5IGNvdXBsZWQsIGZvciBleGFt
cGxlIEVudGVycHJpc2UgbmV0d29yayB1c2luZyBUVVJOIHNlcnZlcg0KPiA+IHByb3ZpZGVkIGJ5
IHRoaXJkIHBhcnR5IHByb3ZpZGVyIGxpa2UgQWthbWFpKSBvciBjb3VsZCBiZSBkZXBsb3llZCBp
bg0KPiA+IHRoZSBzYW1lIGFkbWluaXN0cmF0aXZlIGRvbWFpbiAodGlnaHRseSBjb3VwbGVkLCBm
b3IgZXhhbXBsZSBHb29nbGUNCj4gPiBwcm92aWRpbmcgYm90aCBXZWJSVEMgYW5kIFRVUk4gc2Vy
dmVycykNCj4gDQo+IEkgZ3Vlc3MgeW91IGFzc3VtZSB0aGF0IHRoZXJlIGlzIHNvbWUgbG9uZy10
ZXJtIHNlY3JldCAoc3VjaCBhcyBhc3ltbWV0cmljDQo+IGNyZWRlbnRpYWwpIGluIHBsYWNlIGFu
ZCB5b3UgdGhlbiBkZXJpdmUgdGhlIHN5bW1ldHJpYyBrZXlzIGZyb20gaXQgKGJ5IHVzaW5nDQo+
IERTS1BQKS4gDQoNClllcw0KDQo+IE1heWJlIHlvdSB3YW50IHRvIHNheSB0aGF0IChpbiBhZGRp
dGlvbiB0byB0aGUgYXNzdW1lZCByZWxhdGlvbnNoaXANCj4gYmV0d2VlbiB0aGUgdHdvIGVudGl0
aWVzKS4gSWYgdGhlcmUgaXMgbm8gcmVsYXRpb25zaGlwIGJldHdlZW4gdGhlIHR3byBwYXJ0aWVz
DQo+IHRoZW4gdGhleSB3aWxsIGNlcnRhaW5seSBiZSBhIGNoYWxsZW5nZSB0byBnZXQgdGhpcyBk
b25lIHNlY3VyZWx5Lg0KDQpBZ3JlZWQsIHdpbGwgdXBkYXRlIHRoZSBkcmFmdC4NCg0KPiANCj4g
DQo+ID4NCj4gPj4NCj4gPj4gTWlub3IgYXNwZWN0czoNCj4gPj4NCj4gPj4gICogV291bGQgdGhl
IFRVUk4gc2VydmVyIG5hbWUgcmVhbGx5IGJlIGFuIGVtYWlsIGFsaWtlIGFkZHJlc3MgcmF0aGVy
DQo+ID4+IHRoYW4gYSBVUkkgPw0KPiA+DQo+ID4gWWVzLCBmb3IgbW9yZSBpbmZvcm1hdGlvbiBw
bGVhc2UgcmVmZXIgdG8NCj4gPiBodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRm
LXRyYW0tdHVybi1zZXJ2ZXItZGlzY292ZXJ5LTAwDQo+ID4NCj4gDQo+IFRoYW5rcy4gV2h5IGRv
IHlvdSBuZWVkIHRoZSB1c2VybmFtZSBwYXJ0IGZvciB0aGUgZGlzY292ZXJ5IG9mIHRoZSBUVVJO
DQo+IHNlcnZlciBjYXBhYmlsaXRpZXM/IEkgY291bGRuJ3QgZmluZCB0aGUgYW5zd2VyIHRvIHRo
YXQgcXVlc3Rpb24gYnkgcXVpY2tseQ0KPiBsb29raW5nIGF0IHRoZSBUVVJOIHNlcnZlciBkaXNj
b3ZlcnkgZG9jdW1lbnQuIERvIHlvdSBleHBlY3QgdGhhdCB0aGUNCj4gY29uZmlndXJhdGlvbiBp
cyBkaWZmZXJlbnQgZnJvbSB1c2VyIHRvIHVzZXI/DQo+IA0KPiBUaGUgcHJvY2VkdXJlIHNlZW1z
IHRvIGJlOg0KPiANCj4gQ2xpZW50IC0+IFRVUk4gc2VydmVyOiBFc3RhYmxpc2ggVHVubmVsDQo+
IENsaWVudCA8LSBUVVJOIHNlcnZlcjogZXJyb3IgLSBoZXJlIGlzIG15ICJlbWFpbCIgYWxpa2Ug
YWRkcmVzcw0KPiAoZm9vQHR1cm4uY29tKQ0KPiBDbGllbnQgLT4gRE5TOiBETlMgTG9va3VwICh0
dXJuLmNvbSkNCj4gQ2xpZW50IDwtIEROUzogc29tZXRoaW5nIGRvbWFpbiBuYW1lIGJhY2sgQ2xp
ZW50IC0+IEROUzogTkFQVFIgQ2xpZW50IDwtDQo+IEROUzogSVAgYWRkcmVzcyBiYWNrDQo+IA0K
PiBJcyB0aGlzIGNvcnJlY3Q/DQoNClRoZSBwcm9jZWR1cmUgaXMgYXMgZm9sbG93czoNCg0KQ2xp
ZW50IC0+IEROUzogRE5TIExvb2t1cCAodHVybi5jb20pDQpDbGllbnQgPC0gRE5TOiBzb21ldGhp
bmcgZG9tYWluIG5hbWUgYmFjayBDbGllbnQgLT4gRE5TOiBOQVBUUiBDbGllbnQgPC0NCkROUzog
SVAgYWRkcmVzcyBiYWNrDQpDbGllbnQgLT4gVFVSTiBzZXJ2ZXI6IEVzdGFibGlzaCBUdW5uZWwN
CkNsaWVudCA8LSBUVVJOIHNlcnZlcjogZXJyb3IgLSBoZXJlIGlzIG15ICJlbWFpbCIgYWxpa2Ug
YWRkcmVzcw0KKGZvb0B0dXJuLmNvbSkNCg0KVGhlIHVuaXF1ZSBUVVJOIHNlcnZlciBuYW1lIChm
b29AdHVybi5jb20pIGlzIHByb3ZpZGVkIGJ5IHRoZSBUVVJOIHNlcnZlciBpbiB0aGUgZXJyb3Ig
cmVzcG9uc2Ugc28gdGhhdCBjbGllbnQgY2FuIGNvbnZleSB0aGUgdW5pcXVlIFRVUk4gc2VydmVy
IG5hbWUgdG8gdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLiBBdXRob3JpemF0aW9uIHNlcnZlciB1
c2VzIHRoZSBUVVJOIHNlcnZlciBuYW1lIHRvIGlkZW50aWZ5IHRoZSBhcHByb3ByaWF0ZSBrZXlp
bmcgbWF0ZXJpYWwgdG8gZ2VuZXJhdGUgdGhlIHNlbGYtY29udGFpbmVkIHRva2VuLiANCg0KPiAN
Cj4gPj4NCj4gPj4gICogV291bGQgeW91IHVzZSBEeW5hbWljIENsaWVudCBSZWdpc3RyYXRpb24g
dG8gcHJvdmlzaW9uIHRoZSBjbGllbnQNCj4gPj4gd2l0aCB0aGUgbmVjZXNzYXJ5IHBhcmFtZXRl
cj8gSXMgdGhlcmUgdGhlIGV4cGVjdGF0aW9uIHRoYXQgcmFuZG9tDQo+ID4+IGNsaWVudHMgd291
bGQgd29yayB3aXRoIHJhbmRvbSBhdXRob3JpemF0aW9uIHNlcnZlcnMgPw0KPiA+DQo+ID4gTm8s
IGNsaWVudCBtdXN0IGF1dGhlbnRpY2F0ZSB3aXRoIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciAo
U0lQL1dlYlJUQw0KPiBzZXJ2ZXIpIHRvIG1ha2UgYSBjYWxsLg0KPiANCj4gT2suDQo+IA0KPiA+
DQo+ID4+DQo+ID4+ICAqIFdvdWxkbid0IHlvdSB3YW50IHRvIGRlZmluZSBhIHNjb3BlIHZhbHVl
IGZvciB1c2Ugd2l0aCB0aGUgVFVSTg0KPiA+PiBzZXJ2aWNlIHNvIHRoYXQgdGhlIGF1dGhvcml6
YXRpb24gc2VydmVyIGlzIGFibGUgdG8gcmVzdHJpY3QgdGhlDQo+ID4+IGFjY2VzcyB0b2tlbiBm
b3IgdXNlIHdpdGggVFVSTiBvbmx5Pw0KPiA+DQo+ID4gVGhlIHNjb3BlIHZhbHVlIGZvciB1c2Ug
d2l0aCB0aGUgVFVSTiBzZXJ2aWNlIGlzIGRlZmluZWQgaW4gc2VjdGlvbiA0DQo+ID4NCj4gPiA8
c25pcD4NCj4gPiAgICBUaGUgc2NvcGUgb2YgdGhlIGFjY2VzcyB0b2tlbiBleHBsYWluZWQgaW4g
c2VjdGlvbiAzLjMgb2YgW1JGQzY3NDldDQo+ID4gICAgTVVTVCBiZSBUVVJOLg0KPiA+IDwvc25p
cD4NCj4gDQo+IE9rLiBUaGUgc2NvcGUgc3RyaW5nIGlzICd0dXJuJy4NCg0KWWVzLCB1cGRhdGVk
IHRoZSBhYm92ZSBsaW5lIHRvIG1ha2UgaXQgbW9yZSBjbGVhci4NCg0KTkVXOg0KVGhlIHZhbHVl
IG9mIHRoZSBzY29wZSBwYXJhbWV0ZXIgZXhwbGFpbmVkIGluIHNlY3Rpb24gMy4zIG9mIFtSRkM2
NzQ5XSBtdXN0IGJlICd0dXJuJyBzdHJpbmcuDQoNCj4gDQo+ID4NCj4gPj4NCj4gPj4gICogQ3J5
cHRvIGFsZ29yaXRobSBuZWdvdGlhdGlvbjogd291bGQgeW91IGV4cGVjdCB0aGUgYXV0aG9yaXph
dGlvbg0KPiA+PiBzZXJ2ZXIgdG8gdGVsbCB0aGUgY2xpZW50IHdoYXQgY3J5cHRvIGFsZ29yaXRo
bXMgdG8gdXNlIChzaW5jZSB0aGUNCj4gPj4gYXV0aG9yaXphdGlvbiBzZXJ2ZXIgbm90IG9ubHkg
bmVlZHMgdG8gc2hhcmUgYSBrZXkgd2l0aCB0aGUgcmVzb3VyY2UNCj4gPj4gc2VydmVyIGJ1dCBh
bHNvIG5lZWRzIHRvIGhhdmUga25vd2xlZGdlIGFib3V0IHRoZSBzdXBwb3J0ZWQNCj4gY3J5cHRv
Z3JhcGhpYyBhbGdvcml0aG1zKSA/DQo+ID4NCj4gPiBDdXJyZW50bHkgU1RVTiBvbmx5IHVzZXMg
SE1BQy1TSEExLCBoZW5jZSBkZXRhaWxzIGFib3V0IGF1dGhvcml6YXRpb24NCj4gc2VydmVyIHRl
bGxpbmcgdGhlIGNsaWVudCBhYm91dCB0aGUgY3J5cHRvIGFsZ29yaXRobSB0byB1c2UgaXMgbm90
IGV4cGxpY2l0bHkNCj4gbWVudGlvbmVkIGluIHRoZSBkcmFmdC4NCj4gDQo+IE9LLiBJcyB0aGVy
ZSBhbnkgcGxhbiB0byBwcm92aWRlIG1vcmUgdGhhbiBqdXN0IEhNQUMtU0hBMSA/DQoNClllcywg
dGhlcmUgaXMgZnV0dXJlIHBsYW4gdG8gcHJvdmlkZSBTVFVOIGhhc2ggYWdpbGl0eSBpbiBTVFVO
YmlzIGRyYWZ0ICh3b3JrIGlzIHlldCB0byBzdGFydCBvbiB0aGlzIGRyYWZ0KS4gQ3J5cHRvIGFs
Z29yaXRobSBuZWdvdGlhdGlvbiBjb3VsZCB3b3JrIGFzIGZvbGxvd3M6DQpGb3IgdGhlIGhhc2gg
YWdpbGl0eSBzdXBwb3J0LCBUVVJOIGNsaWVudCBhbmQgc2VydmVyIHdpbGwgaGF2ZSB0byBuZWdv
dGlhdGUgdGhlIGFsZ29yaXRobXMgc3VwcG9ydGVkIGFuZCBhZ3JlZSBvbiB0aGUgaGFzaCBmdW5j
dGlvbi4gQWZ0ZXIgdGhpcyBzdGVwIGFzIGV4cGxhaW5lZCBpbiBkcmFmdC1pZXRmLW9hdXRoLXBv
cC1rZXktZGlzdHJpYnV0aW9uLTAwLCBjbGllbnQgc2lnbmFscyB0aGUgcmVzcGVjdGl2ZSBhbGdv
cml0aG0gdG8gYXV0aG9yaXphdGlvbiBzZXJ2ZXIgaW4g4oCYYWxn4oCZIHBhcmFtZXRlciBhbmQg
cmVjZWl2ZXMgdGhlIHN5bW1ldHJpYyBrZXkgd2hvc2UgaXMgbGVuZ3RoIGlzIGRldGVybWluZWQg
YnkgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGJhc2VkIG9uIHRoZSBhbGdvcml0aG0gY29udmV5
ZWQgYnkgdGhlIGNsaWVudC4gDQoNCkNoZWVycywNCi1UaXJ1DQoNCj4gDQo+ID4NCj4gPj4NCj4g
Pj4gICogSW4geW91ciBUVVJOIDwtPiBPQXV0aCB0ZXJtaW5vbG9neSBtYXBwaW5nIHlvdSBzYXkg
dGhhdCB0aGUNCj4gPj4gcmVzb3VyY2Ugb3duZXIgY29ycmVzcG9uZHMgdG8gdGhlIFJUQ1dlYiBz
ZXJ2ZXIuIEkgZG9uJ3QgdGhpbmsgdGhhdCdzDQo+ID4+IHRydWUuIFRoZSByZXNvdXJjZSBvd25l
ciBpcyB0aGUgdXNlciBidXQgSSBiZWxpZXZlIHlvdSBhcmUgdHJ5aW5nIHRvDQo+ID4+IHNheSB0
aGF0IHRoZSB1c2VyIGdyYW50cyBhdXRob3JpemF0aW9uIGltcGxpY2l0bHkgYnkgbWFraW5nIGEg
V2ViUlRDIGNhbGwuDQo+ID4NCj4gPiBUaGUgcmVzb3VyY2Ugb3duZXIgaXMgdGhlIFdlYlJUQyBz
ZXJ2ZXIuIFdoZW4gY2xpZW50IG1ha2VzIGEgY2FsbCB1c2luZw0KPiB0aGUgV2ViUlRDIHNlcnZl
ciwgaXQgYXV0aG9yaXplcyB0aGUgY2xpZW50IHRvIHVzZSB0aGUgcmVzb3VyY2VzIG9uIHRoZSBU
VVJODQo+IHNlcnZlciBmb3IgYSBzcGVjaWZpYyBwZXJpb2Qgb2YgdGltZS4gVGhlIHVzZXIgaXMg
Z3JhbnRlZCBhdXRob3JpemF0aW9uDQo+IGltcGxpY2l0bHkgYnkgbWFraW5nIGEgV2ViUlRDIGNh
bGwuDQo+IFRoYXQncyB3aGF0IEkgdGhvdWdodC4NCj4gDQo+IENpYW8NCj4gSGFubmVzDQo+IA0K
PiA+DQo+ID4gQ2hlZXJzLA0KPiA+IC1UaXJ1DQo+ID4NCj4gPj4NCj4gPj4gQ2lhbw0KPiA+PiBI
YW5uZXMNCj4gPj4NCj4gPj4NCj4gPj4NCj4gPg0KDQo=


From nobody Sun Aug 24 15:16:46 2014
Return-Path: <eve@xmlgrrl.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFFFC1A885A; Sun, 24 Aug 2014 15:16:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.9
X-Spam-Level: 
X-Spam-Status: No, score=-0.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FROM_DOMAIN_NOVOWEL=0.5, URI_NOVOWEL=0.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wZ2VXqVr4UI1; Sun, 24 Aug 2014 15:16:43 -0700 (PDT)
Received: from mail.promanage-inc.com (eliasisrael.com [50.47.36.5]) by ietfa.amsl.com (Postfix) with ESMTP id 45F3E1A8857; Sun, 24 Aug 2014 15:16:43 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.promanage-inc.com (Postfix) with ESMTP id 748065382384; Sun, 24 Aug 2014 15:16:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at promanage-inc.com
Received: from mail.promanage-inc.com ([127.0.0.1]) by localhost (greendome.promanage-inc.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q45Z1jrWhqQK; Sun, 24 Aug 2014 15:16:41 -0700 (PDT)
Received: from [192.168.168.111] (unknown [192.168.168.111]) by mail.promanage-inc.com (Postfix) with ESMTPSA id CB1635382376; Sun, 24 Aug 2014 15:16:41 -0700 (PDT)
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
Content-Type: text/plain; charset=us-ascii
From: Eve Maler <eve@xmlgrrl.com>
In-Reply-To: <53F700D2.8000502@gmx.net>
Date: Sun, 24 Aug 2014 15:16:53 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <75ABCB88-B531-442F-9643-C954ED3AA528@xmlgrrl.com>
References: <913383AAA69FF945B8F946018B75898A2831989C@xmb-rcd-x10.cisco.com> <53F700D2.8000502@gmx.net>
To: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/qHWEyhYY01nN_ZanpdNEVIR0NPg
Cc: "tram@ietf.org" <tram@ietf.org>, "draft-ietf-tram-turn-third-party-authz@tools.ietf.org" <draft-ietf-tram-turn-third-party-authz@tools.ietf.org>, "Gonzalo.Camarillo@ericsson.com >> Gonzalo Camarillo" <Gonzalo.Camarillo@ericsson.com>, "sperreault@jive.com" <sperreault@jive.com>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Review of draft-ietf-tram-turn-third-party-authz-01
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Aug 2014 22:16:45 -0000

In case the UMA model of establishing and conducting loosely coupled =
AS-RS relationships is of interest, you can find more information here:

http://tools.ietf.org/html/draft-hardjono-oauth-umacore-10 (for the AS's =
protection API, the OAuth token securing that API, and the declaration =
of AS config data including endpoints)
http://tools.ietf.org/html/draft-hardjono-oauth-resource-reg-03 (for the =
resource set registration sub-API)

	Eve

On 22 Aug 2014, at 1:35 AM, Hannes Tschofenig =
<hannes.tschofenig@gmx.net> wrote:

> Hi Tiru,
>> ...
>>> ...
>>> b) You describe a key establishment scheme to be used between the
>>> resource server and the authorization server. What assumption do you =
make
>>> about the relationship between the authorization server and the =
resource
>>> server? Are they supposed to have a business relationship or some =
other
>>> relationship with each other ?
>>=20
>> Authorization and Resource servers could have a business relationship =
(loosely coupled, for example Enterprise network using TURN server =
provided by third party provider like Akamai) or could be deployed in =
the same administrative domain (tightly coupled, for example Google =
providing both WebRTC and TURN servers)
>=20
> I guess you assume that there is some long-term secret (such as
> asymmetric credential) in place and you then derive the symmetric keys
> from it (by using DSKPP). Maybe you want to say that (in addition to =
the
> assumed relationship between the two entities). If there is no
> relationship between the two parties then they will certainly be a
> challenge to get this done securely.


Eve Maler                                  http://www.xmlgrrl.com/blog
+1 425 345 6756                         http://www.twitter.com/xmlgrrl


From nobody Mon Aug 25 10:03:29 2014
Return-Path: <tireddy@cisco.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C7F051A00C2; Mon, 25 Aug 2014 10:03:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.169
X-Spam-Level: 
X-Spam-Status: No, score=-15.169 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JXQ5RBq4-H0m; Mon, 25 Aug 2014 10:03:23 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BEA0B1A006C; Mon, 25 Aug 2014 10:03:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4546; q=dns/txt; s=iport; t=1408986194; x=1410195794; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=0Zz8B9ujcDNIrfQXAd3m6mgI7iHSa2zD/vr699odZAE=; b=aPxhh4/s0py2P2yCbJSQ8RusERGlNsCLNw8YHBRIoEM6ooJuK4uPDJGh YJ2z/0pP9voRo4yVuqNVrOsxNFXf/SLi/+gHZnHu4siDGtrXDdVwHVzs8 7SDts/7mau+7+NNJ8el1IlUUycSvzopgZS5+q992yziApoWnQFRtBllXE s=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AhcFACFr+1OtJA2H/2dsb2JhbABagw1TVwSCeMlVh1UBGYEJFneEAwEBAQMBIwQNOAoDDAQCAQgRBAEBAQICBh0DAgICMBQBCAgBAQQBDQUIiDIIqzKUWReBLI0+EQEfFhsHBoJzNoEdAQSRJoQpgjqGGJM0g15sgQ85gQcBAQE
X-IronPort-AV: E=Sophos;i="5.04,398,1406592000"; d="scan'208";a="72112117"
Received: from alln-core-2.cisco.com ([173.36.13.135]) by alln-iport-1.cisco.com with ESMTP; 25 Aug 2014 17:03:14 +0000
Received: from xhc-rcd-x03.cisco.com (xhc-rcd-x03.cisco.com [173.37.183.77]) by alln-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id s7PH3D27032047 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 25 Aug 2014 17:03:13 GMT
Received: from xmb-rcd-x10.cisco.com ([169.254.15.68]) by xhc-rcd-x03.cisco.com ([173.37.183.77]) with mapi id 14.03.0195.001; Mon, 25 Aug 2014 12:03:13 -0500
From: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
To: Brandon Williams <brandon.williams@akamai.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [tram] Review of draft-ietf-tram-turn-third-party-authz-01
Thread-Index: Ac+9wboQ5l8DJdE+SCio/9XibBSHZAATDasAAKRAZgAABjwp0A==
Date: Mon, 25 Aug 2014 17:03:12 +0000
Message-ID: <913383AAA69FF945B8F946018B75898A2831AF14@xmb-rcd-x10.cisco.com>
References: <913383AAA69FF945B8F946018B75898A2831989C@xmb-rcd-x10.cisco.com> <53F700D2.8000502@gmx.net> <53FB4F18.7030709@akamai.com>
In-Reply-To: <53FB4F18.7030709@akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.65.78.209]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/Du74AWPINRul9-nV5ZkIjbxfeYo
Cc: "sperreault@jive.com" <sperreault@jive.com>, "draft-ietf-tram-turn-third-party-authz@tools.ietf.org" <draft-ietf-tram-turn-third-party-authz@tools.ietf.org>, "Gonzalo.Camarillo@ericsson.com >> Gonzalo Camarillo" <Gonzalo.Camarillo@ericsson.com>, "tram@ietf.org" <tram@ietf.org>
Subject: Re: [OAUTH-WG] [tram] Review of draft-ietf-tram-turn-third-party-authz-01
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Aug 2014 17:03:25 -0000

PiAtLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KPiBGcm9tOiBCcmFuZG9uIFdpbGxpYW1zIFtt
YWlsdG86YnJhbmRvbi53aWxsaWFtc0Bha2FtYWkuY29tXQ0KPiBTZW50OiBNb25kYXksIEF1Z3Vz
dCAyNSwgMjAxNCA4OjI5IFBNDQo+IFRvOiBIYW5uZXMgVHNjaG9mZW5pZzsgVGlydW1hbGVzd2Fy
IFJlZGR5ICh0aXJlZGR5KTsgb2F1dGhAaWV0Zi5vcmcNCj4gQ2M6IHNwZXJyZWF1bHRAaml2ZS5j
b207IGRyYWZ0LWlldGYtdHJhbS10dXJuLXRoaXJkLXBhcnR5LQ0KPiBhdXRoekB0b29scy5pZXRm
Lm9yZzsgR29uemFsby5DYW1hcmlsbG9AZXJpY3Nzb24uY29tID4+IEdvbnphbG8NCj4gQ2FtYXJp
bGxvOyB0cmFtQGlldGYub3JnDQo+IFN1YmplY3Q6IFJlOiBbdHJhbV0gUmV2aWV3IG9mIGRyYWZ0
LWlldGYtdHJhbS10dXJuLXRoaXJkLXBhcnR5LWF1dGh6LTAxDQo+IA0KPiBUaGUgVFVSTiBzZXJ2
ZXIgbmFtZSB2YWx1ZSBpbiB0aGUgVEhJUkQtUEFSVFktQVVUSE9SSVpBVElPTiBhdHRyaWJ1dGUN
Cj4gc2VydmVycyAyIHB1cnBvc2VzLCBhbHRob3VnaCBvbmx5IG9uZSBvZiB0aGVtIGlzIGNsZWFy
bHkgY2FsbGVkIG91dCBpbiB0aGUNCj4gZG9jdW1lbnQuIFRoZSBmaXJzdCBwdXJwb3NlIGlzIHRv
IGFsbG93IHRoZSBPQXV0aCBzZXJ2ZXIgdG8gc2VsZWN0IGZyb20NCj4gYW1vbmcgbXVsdGlwbGUg
M3JkIHBhcnR5IFRVUk4gc2VydmljZSBwcm92aWRlcnMgc28gdGhhdCB0aGUgYXBwcm9wcmlhdGUg
a2V5DQo+IG1hdGVyaWFsIGNhbiBiZSBzZWxlY3RlZCB3aGVuIGdlbmVyYXRpbmcgdGhlIHRva2Vu
LiBUaGUgc2Vjb25kIHB1cnBvc2UsDQo+IHdoaWNoIGlzbid0IGNhbGxlZCBvdXQgaW4gdGhlIGRv
Y3VtZW50LCBpcyB0byBwcm92aWRlIGEgdW5pcXVlIGlkZW50aWZpZXIgZm9yDQo+IHRoZSBzcGVj
aWZpYyBzZXJ2ZXIgd2l0aGluIHRoZSBkZXBsb3ltZW50IHNvIHRoYXQgdGhlIGdlbmVyYXRlZCBB
Q0NFU1MtDQo+IFRPS0VOIHZhbHVlIHdpbGwgb25seSBiZSBjb25zaWRlcmVkIHZhbGlkIGJ5IHRo
YXQgc3BlY2lmaWMgc2VydmVyIChpLmUuIHRvDQo+IHByZXZlbnQgcmVwbGF5IG9mIHRoZSB0b2tl
biB0byBtdWx0aXBsZSBUVVJOIHNlcnZlcnMpLiBTbywgeW91IGNhbiBjb25zaWRlcg0KPiAiZm9v
QHR1cm4uY29tIiB0byBtZWFuICJnZW5lcmF0ZSBhIHRva2VuIGZvciB0aGUgc2VydmVyIG5hbWVk
IGZvbyBhdA0KPiBzZXJ2aWNlIHByb3ZpZGVyIHR1cm4uY29tIi4NCg0KVGhlIHNlY29uZCBwdXJw
b3NlIGlzIGFsc28gZGlzY3Vzc2VkIGluIHNlY3Rpb24gNi4yDQo8c25pcD4NCkhNQUMgaXMgY29t
cHV0ZWQgdXNpbmcgdGhlIGVuY3J5cHRlZCBwb3J0aW9uDQpvZiB0aGUgdG9rZW4gYW5kIFRVUk4g
c2VydmVyIG5hbWUgdG8gZW5zdXJlIHRoYXQgdGhlIGNsaWVudCBkb2VzIG5vdA0KdXNlIHRoZSBz
YW1lIHRva2VuIHRvIGdhaW4gaWxsZWdhbCBhY2Nlc3MgdG8gb3RoZXIgVFVSTiBzZXJ2ZXJzDQpw
cm92aWRlZCBieSB0aGUgc2FtZSBhZG1pbmlzdHJhdGl2ZSBkb21haW4uICBUaGlzIGF0dGFjayBp
cyBwb3NzaWJsZQ0Kd2hlbiBtdWx0aXBsZSBUVVJOIHNlcnZlcnMgaW4gYSBzaW5nbGUgYWRtaW5p
c3RyYXRpdmUgZG9tYWluIHNoYXJlDQp0aGUgc2FtZSBzeW1tZXRyaWMga2V5IHdpdGggdGhlIGF1
dGhvcml6YXRpb24gc2VydmVyLg0KPC9zbmlwPg0KDQotVGlydQ0KDQo+IA0KPiBJIHRoaW5rIHRo
ZSBjbGllbnQgd291bGQgcGVyZm9ybSB0aGUgcmVxdWlyZWQgRE5TIGxvb2t1cHMgZmlyc3QgdG8g
Z2V0IHRoZQ0KPiBhZGRyZXNzIG9mIGEgc3BlY2lmaWMgc2VydmVyLCBhZnRlciB3aGljaCBpdCB3
b3VsZCBhdHRlbXB0IHRvIGVzdGFibGlzaCB0aGUNCj4gdHVubmVsIGluIG9yZGVyIHRvIGdldCB0
aGUgZXJyb3Igd2l0aCB0aGUgc2VydmVyIG5hbWUgYmFjay4gQWx0ZXJuYXRpdmVseSwNCj4gYmFz
ZWQgb24gdGhlIHNlcnZpY2UgcHJvdmlkZXIncyBuYW1pbmcgY29udmVudGlvbnMgYW5kIHVzZSBv
ZiBJUCBhZGRyZXNzZXMsDQo+IGl0IG1pZ2h0IGJlIHBvc3NpYmxlIHRvIGF2b2lkIHRoZSBpbml0
aWFsIGV4Y2hhbmdlIHdpdGggdGhlIFRVUk4gc2VydmVyIGJ5DQo+IGFsbG93aW5nIHRoZSBjbGll
bnQgdG8gY29uc3RydWN0IHRoZSBzZXJ2ZXIgbmFtZSB3aXRob3V0IGhhdmluZyB0byBhc2sgKGF0
DQo+IGxlYXN0IHRoYXQncyB3aGF0IEkgaG9wZSB0byBkbykuDQo+IA0KPiAtLUJyYW5kb24NCj4g
DQo+IE9uIDA4LzIyLzIwMTQgMDQ6MzUgQU0sIEhhbm5lcyBUc2Nob2ZlbmlnIHdyb3RlOg0KPiA+
Pj4gTWlub3IgYXNwZWN0czoNCj4gPj4+ID4+DQo+ID4+PiA+PiAgKiBXb3VsZCB0aGUgVFVSTiBz
ZXJ2ZXIgbmFtZSByZWFsbHkgYmUgYW4gZW1haWwgYWxpa2UgYWRkcmVzcw0KPiA+Pj4gPj5yYXRo
ZXIgdGhhbiBhIFVSSSA/DQo+ID4+ID4NCj4gPj4gPlllcywgZm9yIG1vcmUgaW5mb3JtYXRpb24g
cGxlYXNlIHJlZmVyDQo+ID4+ID50b2h0dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWll
dGYtdHJhbS10dXJuLXNlcnZlci1kaXNjb3ZlcnktMA0KPiA+PiA+MA0KPiA+PiA+DQo+ID4gVGhh
bmtzLiBXaHkgZG8geW91IG5lZWQgdGhlIHVzZXJuYW1lIHBhcnQgZm9yIHRoZSBkaXNjb3Zlcnkg
b2YgdGhlDQo+ID4gVFVSTiBzZXJ2ZXIgY2FwYWJpbGl0aWVzPyBJIGNvdWxkbid0IGZpbmQgdGhl
IGFuc3dlciB0byB0aGF0IHF1ZXN0aW9uDQo+ID4gYnkgcXVpY2tseSBsb29raW5nIGF0IHRoZSBU
VVJOIHNlcnZlciBkaXNjb3ZlcnkgZG9jdW1lbnQuIERvIHlvdQ0KPiA+IGV4cGVjdCB0aGF0IHRo
ZSBjb25maWd1cmF0aW9uIGlzIGRpZmZlcmVudCBmcm9tIHVzZXIgdG8gdXNlcj8NCj4gPg0KPiA+
IFRoZSBwcm9jZWR1cmUgc2VlbXMgdG8gYmU6DQo+ID4NCj4gPiBDbGllbnQgLT4gVFVSTiBzZXJ2
ZXI6IEVzdGFibGlzaCBUdW5uZWwgQ2xpZW50IDwtIFRVUk4gc2VydmVyOiBlcnJvciAtDQo+ID4g
aGVyZSBpcyBteSAiZW1haWwiIGFsaWtlIGFkZHJlc3MNCj4gPiAoZm9vQHR1cm4uY29tKQ0KPiA+
IENsaWVudCAtPiBETlM6IEROUyBMb29rdXAgKHR1cm4uY29tKQ0KPiA+IENsaWVudCA8LSBETlM6
IHNvbWV0aGluZyBkb21haW4gbmFtZSBiYWNrIENsaWVudCAtPiBETlM6IE5BUFRSIENsaWVudA0K
PiA+IDwtIEROUzogSVAgYWRkcmVzcyBiYWNrDQo+ID4NCj4gPiBJcyB0aGlzIGNvcnJlY3Q/DQo+
ID4NCj4gDQo+IC0tDQo+IEJyYW5kb24gV2lsbGlhbXM7IFNlbmlvciBQcmluY2lwYWwgU29mdHdh
cmUgRW5naW5lZXIgRW1lcmdpbmcgUHJvZHVjdHMNCj4gRW5naW5lZXJpbmc7IEFrYW1haSBUZWNo
bm9sb2dpZXMgSW5jLg0K


From nobody Tue Aug 26 07:36:13 2014
Return-Path: <internet-drafts@ietf.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD5FB1A70FF; Tue, 26 Aug 2014 07:36:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bF50JOXUovZS; Tue, 26 Aug 2014 07:36:08 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id AA6CE1A8030; Tue, 26 Aug 2014 07:36:07 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 5.6.2.p5
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20140826143607.7914.99191.idtracker@ietfa.amsl.com>
Date: Tue, 26 Aug 2014 07:36:07 -0700
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/A0h_e-6C4tCl2OO3e8ERHT7P8BU
Cc: oauth@ietf.org
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-dyn-reg-20.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Aug 2014 14:36:10 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
 This draft is a work item of the Web Authorization Protocol Working Group of the IETF.

        Title           : OAuth 2.0 Dynamic Client Registration Protocol
        Authors         : Justin Richer
                          Michael B. Jones
                          John Bradley
                          Maciej Machulak
                          Phil Hunt
	Filename        : draft-ietf-oauth-dyn-reg-20.txt
	Pages           : 36
	Date            : 2014-08-26

Abstract:
   This specification defines mechanisms for dynamically registering
   OAuth 2.0 clients with authorization servers.  Registration requests
   send a set of desired client metadata values to the authorization
   server.  The resulting registration responses return a client
   identifier to use at the authorization server and the client metadata
   values registered for the client.  The client can then use this
   registration information to communicate with the authorization server
   using the OAuth 2.0 protocol.  This specification also defines a set
   of common client metadata fields and values for clients to use during
   registration.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-dyn-reg/

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-oauth-dyn-reg-20

A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-dyn-reg-20


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


From nobody Tue Aug 26 07:37:34 2014
Return-Path: <internet-drafts@ietf.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 655BE1A86E2; Tue, 26 Aug 2014 07:37:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bdwWclMJfTM6; Tue, 26 Aug 2014 07:37:31 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C6361A86E3; Tue, 26 Aug 2014 07:37:30 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 5.6.2.p5
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20140826143730.11836.84889.idtracker@ietfa.amsl.com>
Date: Tue, 26 Aug 2014 07:37:30 -0700
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/mOfoxiY_l02tNXx3BMeWPSvWncY
Cc: oauth@ietf.org
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-dyn-reg-management-05.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Aug 2014 14:37:32 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
 This draft is a work item of the Web Authorization Protocol Working Group of the IETF.

        Title           : OAuth 2.0 Dynamic Client Registration Management Protocol
        Authors         : Justin Richer
                          Michael B. Jones
                          John Bradley
                          Maciej Machulak
	Filename        : draft-ietf-oauth-dyn-reg-management-05.txt
	Pages           : 16
	Date            : 2014-08-26

Abstract:
   This specification defines methods for management of dynamic OAuth
   2.0 client registrations for use cases in which the properties of a
   registered client may need to be changed during the lifetime of the
   client.  Not all authorization servers supporting dynamic client
   registration will support these management methods.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-dyn-reg-management/

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-oauth-dyn-reg-management-05

A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-dyn-reg-management-05


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


From nobody Tue Aug 26 07:52:53 2014
Return-Path: <jricher@mitre.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE4E31A86FD for <oauth@ietfa.amsl.com>; Tue, 26 Aug 2014 07:52:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.868
X-Spam-Level: 
X-Spam-Status: No, score=-4.868 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.668] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m1tSHo2cdtee for <oauth@ietfa.amsl.com>; Tue, 26 Aug 2014 07:52:40 -0700 (PDT)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id D81661A86ED for <oauth@ietf.org>; Tue, 26 Aug 2014 07:52:39 -0700 (PDT)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 5CA8B1F04E2 for <oauth@ietf.org>; Tue, 26 Aug 2014 10:52:39 -0400 (EDT)
Received: from IMCCAS01.MITRE.ORG (imccas01.mitre.org [129.83.29.78]) by smtpksrv1.mitre.org (Postfix) with ESMTP id 4E77C1F0393 for <oauth@ietf.org>; Tue, 26 Aug 2014 10:52:39 -0400 (EDT)
Received: from IMCMBX01.MITRE.ORG ([169.254.1.118]) by IMCCAS01.MITRE.ORG ([129.83.29.68]) with mapi id 14.03.0174.001; Tue, 26 Aug 2014 10:52:39 -0400
From: "Richer, Justin P." <jricher@mitre.org>
To: "oauth@ietf.org list" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] I-D Action: draft-ietf-oauth-dyn-reg-20.txt
Thread-Index: AQHPwTsnYNltzk033kCRPmO9FVYChJvjO1iA
Date: Tue, 26 Aug 2014 14:52:37 +0000
Message-ID: <C80D20CB-59FE-401F-9414-00656D2D382F@mitre.org>
References: <20140826143607.7914.99191.idtracker@ietfa.amsl.com>
In-Reply-To: <20140826143607.7914.99191.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.146.15.23]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <939D50196426544D8AA9C5B7B7980AFE@imc.mitre.org>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/VfX_GEOMSDBVf4XbA4k99vPkeEo
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-dyn-reg-20.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Aug 2014 14:52:42 -0000

New revision with minor editorial changes, thanks to some good feedback fro=
m my colleague, Amanda Anganes. Nothing substantive should have changed.

 -- Justin

On Aug 26, 2014, at 10:36 AM, internet-drafts@ietf.org wrote:

>=20
> A New Internet-Draft is available from the on-line Internet-Drafts direct=
ories.
> This draft is a work item of the Web Authorization Protocol Working Group=
 of the IETF.
>=20
>        Title           : OAuth 2.0 Dynamic Client Registration Protocol
>        Authors         : Justin Richer
>                          Michael B. Jones
>                          John Bradley
>                          Maciej Machulak
>                          Phil Hunt
> 	Filename        : draft-ietf-oauth-dyn-reg-20.txt
> 	Pages           : 36
> 	Date            : 2014-08-26
>=20
> Abstract:
>   This specification defines mechanisms for dynamically registering
>   OAuth 2.0 clients with authorization servers.  Registration requests
>   send a set of desired client metadata values to the authorization
>   server.  The resulting registration responses return a client
>   identifier to use at the authorization server and the client metadata
>   values registered for the client.  The client can then use this
>   registration information to communicate with the authorization server
>   using the OAuth 2.0 protocol.  This specification also defines a set
>   of common client metadata fields and values for clients to use during
>   registration.
>=20
>=20
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-oauth-dyn-reg/
>=20
> There's also a htmlized version available at:
> http://tools.ietf.org/html/draft-ietf-oauth-dyn-reg-20
>=20
> A diff from the previous version is available at:
> http://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-oauth-dyn-reg-20
>=20
>=20
> Please note that it may take a couple of minutes from the time of submiss=
ion
> until the htmlized version and diff are available at tools.ietf.org.
>=20
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


From nobody Tue Aug 26 07:53:32 2014
Return-Path: <jricher@mitre.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B662E1A86FD for <oauth@ietfa.amsl.com>; Tue, 26 Aug 2014 07:53:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.868
X-Spam-Level: 
X-Spam-Status: No, score=-4.868 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.668] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YiJQVUgvOwUC for <oauth@ietfa.amsl.com>; Tue, 26 Aug 2014 07:53:28 -0700 (PDT)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id 514ED1A870D for <oauth@ietf.org>; Tue, 26 Aug 2014 07:53:27 -0700 (PDT)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id F184E1F052D for <oauth@ietf.org>; Tue, 26 Aug 2014 10:53:26 -0400 (EDT)
Received: from IMCCAS02.MITRE.ORG (imccas02.mitre.org [129.83.29.79]) by smtpksrv1.mitre.org (Postfix) with ESMTP id E28621F052B for <oauth@ietf.org>; Tue, 26 Aug 2014 10:53:26 -0400 (EDT)
Received: from IMCMBX01.MITRE.ORG ([169.254.1.118]) by IMCCAS02.MITRE.ORG ([129.83.29.69]) with mapi id 14.03.0174.001; Tue, 26 Aug 2014 10:53:26 -0400
From: "Richer, Justin P." <jricher@mitre.org>
To: "oauth@ietf.org list" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] I-D Action: draft-ietf-oauth-dyn-reg-management-05.txt
Thread-Index: AQHPwTtJloKB5uqnZES51gpFZM6ucZvjO5GA
Date: Tue, 26 Aug 2014 14:53:25 +0000
Message-ID: <20F44336-0113-4539-8CD1-0227B34F20C9@mitre.org>
References: <20140826143730.11836.84889.idtracker@ietfa.amsl.com>
In-Reply-To: <20140826143730.11836.84889.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.146.15.23]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <3F9ADD9E89DC6B4A836C096242655031@imc.mitre.org>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/aRigyEHkqiH4XiA3HsTSrUxNEfs
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-dyn-reg-management-05.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Aug 2014 14:53:30 -0000

New revision with minor editorial changes thanks to some good feedback from=
 my colleague, Amanda Anganes. Phil Hunt has been removed as an author, as =
per his request. No substantive changes otherwise.

 -- Justin

On Aug 26, 2014, at 10:37 AM, internet-drafts@ietf.org wrote:

>=20
> A New Internet-Draft is available from the on-line Internet-Drafts direct=
ories.
> This draft is a work item of the Web Authorization Protocol Working Group=
 of the IETF.
>=20
>        Title           : OAuth 2.0 Dynamic Client Registration Management=
 Protocol
>        Authors         : Justin Richer
>                          Michael B. Jones
>                          John Bradley
>                          Maciej Machulak
> 	Filename        : draft-ietf-oauth-dyn-reg-management-05.txt
> 	Pages           : 16
> 	Date            : 2014-08-26
>=20
> Abstract:
>   This specification defines methods for management of dynamic OAuth
>   2.0 client registrations for use cases in which the properties of a
>   registered client may need to be changed during the lifetime of the
>   client.  Not all authorization servers supporting dynamic client
>   registration will support these management methods.
>=20
>=20
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-oauth-dyn-reg-management/
>=20
> There's also a htmlized version available at:
> http://tools.ietf.org/html/draft-ietf-oauth-dyn-reg-management-05
>=20
> A diff from the previous version is available at:
> http://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-oauth-dyn-reg-management-05
>=20
>=20
> Please note that it may take a couple of minutes from the time of submiss=
ion
> until the htmlized version and diff are available at tools.ietf.org.
>=20
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


From nobody Tue Aug 26 08:03:05 2014
Return-Path: <trac+oauth@trac.tools.ietf.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 500631A8986 for <oauth@ietfa.amsl.com>; Mon, 25 Aug 2014 07:44:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.568
X-Spam-Level: 
X-Spam-Status: No, score=-2.568 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.668] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WGfJ4WtbP-6U for <oauth@ietfa.amsl.com>; Mon, 25 Aug 2014 07:44:43 -0700 (PDT)
Received: from zinfandel.tools.ietf.org (zinfandel.tools.ietf.org [IPv6:2001:1890:123a::1:2a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B2971A8996 for <oauth@ietf.org>; Mon, 25 Aug 2014 07:44:22 -0700 (PDT)
Received: from localhost ([::1]:39325 helo=zinfandel.tools.ietf.org) by zinfandel.tools.ietf.org with esmtp (Exim 4.82_1-5b7a7c0-XX) (envelope-from <trac+oauth@trac.tools.ietf.org>) id 1XLvVM-0003lX-3g; Mon, 25 Aug 2014 07:44:20 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: "oauth issue tracker" <trac+oauth@zinfandel.tools.ietf.org>
X-Trac-Version: 0.12.3
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.3, by Edgewall Software
To: barryleiba@computer.org, hannes.tschofenig@gmx.net
X-Trac-Project: oauth
Date: Mon, 25 Aug 2014 14:44:20 -0000
X-URL: http://tools.ietf.org/oauth/
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/oauth/trac/ticket/22#comment:4
Message-ID: <078.4017a89090e292e25386e73a2cba7a59@trac.tools.ietf.org>
References: <063.707240208e9ab0af6aaf9ec7f599e841@trac.tools.ietf.org>
X-Trac-Ticket-ID: 22
In-Reply-To: <063.707240208e9ab0af6aaf9ec7f599e841@trac.tools.ietf.org>
X-SA-Exim-Connect-IP: ::1
X-SA-Exim-Rcpt-To: barryleiba@computer.org, hannes.tschofenig@gmx.net, oauth@ietf.org
X-SA-Exim-Mail-From: trac+oauth@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on zinfandel.tools.ietf.org); SAEximRunCond expanded to false
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/-dvcIbkmvEw5OsUJkUHCsPy7yNA
X-Mailman-Approved-At: Tue, 26 Aug 2014 08:03:03 -0700
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] [oauth] #22 (v2): WG last call complete; waiting for new revision
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Aug 2014 14:44:45 -0000

#22: WG last call complete; waiting for new revision

Changes (by hannes.tschofenig@gmx.net):

 * status:  assigned => closed
 * resolution:   => dead


-- 
------------------------------------+--------------------------------------
 Reporter:                          |       Owner:  barryleiba@computer.org
  barryleiba@computer.org           |      Status:  closed
     Type:  state                   |   Milestone:  Deliver OAuth 2.0 spec
 Priority:  information             |     Version:
Component:  v2                      |  Resolution:  dead
 Severity:  In WG Last Call         |
 Keywords:                          |
------------------------------------+--------------------------------------

Ticket URL: <http://trac.tools.ietf.org/wg/oauth/trac/ticket/22#comment:4>
oauth <http://tools.ietf.org/oauth/>


From nobody Tue Aug 26 08:03:08 2014
Return-Path: <trac+oauth@trac.tools.ietf.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8C4D1A8993 for <oauth@ietfa.amsl.com>; Mon, 25 Aug 2014 07:45:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.568
X-Spam-Level: 
X-Spam-Status: No, score=-2.568 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.668] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rXOCaB3Rksb0 for <oauth@ietfa.amsl.com>; Mon, 25 Aug 2014 07:45:01 -0700 (PDT)
Received: from zinfandel.tools.ietf.org (zinfandel.tools.ietf.org [IPv6:2001:1890:123a::1:2a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8522D1A8986 for <oauth@ietf.org>; Mon, 25 Aug 2014 07:44:50 -0700 (PDT)
Received: from localhost ([::1]:39334 helo=zinfandel.tools.ietf.org) by zinfandel.tools.ietf.org with esmtp (Exim 4.82_1-5b7a7c0-XX) (envelope-from <trac+oauth@trac.tools.ietf.org>) id 1XLvVq-0003ni-E3; Mon, 25 Aug 2014 07:44:50 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: "oauth issue tracker" <trac+oauth@zinfandel.tools.ietf.org>
X-Trac-Version: 0.12.3
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.3, by Edgewall Software
To: hannes.tschofenig@gmx.net
X-Trac-Project: oauth
Date: Mon, 25 Aug 2014 14:44:50 -0000
X-URL: http://tools.ietf.org/oauth/
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/oauth/trac/ticket/27#comment:1
Message-ID: <078.c4f51abceca3807ea8f3624887a00f18@trac.tools.ietf.org>
References: <063.83fd11fe6a8ec29f6192110a9c9ada21@trac.tools.ietf.org>
X-Trac-Ticket-ID: 27
In-Reply-To: <063.83fd11fe6a8ec29f6192110a9c9ada21@trac.tools.ietf.org>
X-SA-Exim-Connect-IP: ::1
X-SA-Exim-Rcpt-To: hannes.tschofenig@gmx.net, oauth@ietf.org
X-SA-Exim-Mail-From: trac+oauth@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on zinfandel.tools.ietf.org); SAEximRunCond expanded to false
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/D_utL9_4Z8BuSUfeP3qDMVbI1Dk
X-Mailman-Approved-At: Tue, 26 Aug 2014 08:03:03 -0700
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] [oauth] #27 (v2): Incorporate bearer "scope" character restrictions into the base spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Aug 2014 14:45:03 -0000

#27: Incorporate bearer "scope" character restrictions into the base spec

Changes (by hannes.tschofenig@gmx.net):

 * status:  new => closed
 * resolution:   => dead


Comment:

 old issue -> declared as dead.

-- 
-------------------------------------+-------------------------------------
 Reporter:  barryleiba@computer.org  |       Owner:
     Type:  task                     |      Status:  closed
 Priority:  minor                    |   Milestone:  Deliver OAuth 2.0 spec
Component:  v2                       |     Version:
 Severity:  Active WG Document       |  Resolution:  dead
 Keywords:                           |
-------------------------------------+-------------------------------------

Ticket URL: <http://trac.tools.ietf.org/wg/oauth/trac/ticket/27#comment:1>
oauth <http://tools.ietf.org/oauth/>


From nobody Tue Aug 26 08:03:09 2014
Return-Path: <brandon.williams@akamai.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AAC671A9096; Mon, 25 Aug 2014 07:58:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.568
X-Spam-Level: 
X-Spam-Status: No, score=-2.568 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.668] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nXX9lLgMAloh; Mon, 25 Aug 2014 07:58:33 -0700 (PDT)
Received: from prod-mail-xrelay07.akamai.com (prod-mail-xrelay07.akamai.com [72.246.2.115]) by ietfa.amsl.com (Postfix) with ESMTP id 3A3761A909B; Mon, 25 Aug 2014 07:58:32 -0700 (PDT)
Received: from prod-mail-xrelay07.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 596F7475C0; Mon, 25 Aug 2014 14:58:32 +0000 (GMT)
Received: from prod-mail-relay06.akamai.com (prod-mail-relay06.akamai.com [172.17.120.126]) by prod-mail-xrelay07.akamai.com (Postfix) with ESMTP id 4D06C475BF; Mon, 25 Aug 2014 14:58:32 +0000 (GMT)
Received: from [172.28.115.172] (bowill.kendall.corp.akamai.com [172.28.115.172]) by prod-mail-relay06.akamai.com (Postfix) with ESMTP id 4579E202F; Mon, 25 Aug 2014 14:58:32 +0000 (GMT)
Message-ID: <53FB4F18.7030709@akamai.com>
Date: Mon, 25 Aug 2014 10:58:32 -0400
From: Brandon Williams <brandon.williams@akamai.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>,  "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>, "oauth@ietf.org" <oauth@ietf.org>
References: <913383AAA69FF945B8F946018B75898A2831989C@xmb-rcd-x10.cisco.com> <53F700D2.8000502@gmx.net>
In-Reply-To: <53F700D2.8000502@gmx.net>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/4sK15Tyi3Ms7902oTr6zX7Ijcg8
X-Mailman-Approved-At: Tue, 26 Aug 2014 08:03:03 -0700
Cc: "sperreault@jive.com" <sperreault@jive.com>, "draft-ietf-tram-turn-third-party-authz@tools.ietf.org" <draft-ietf-tram-turn-third-party-authz@tools.ietf.org>, "Gonzalo.Camarillo@ericsson.com >> Gonzalo Camarillo" <Gonzalo.Camarillo@ericsson.com>, "tram@ietf.org" <tram@ietf.org>
Subject: Re: [OAUTH-WG] [tram] Review of draft-ietf-tram-turn-third-party-authz-01
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Aug 2014 14:58:35 -0000

The TURN server name value in the THIRD-PARTY-AUTHORIZATION attribute 
servers 2 purposes, although only one of them is clearly called out in 
the document. The first purpose is to allow the OAuth server to select 
from among multiple 3rd party TURN service providers so that the 
appropriate key material can be selected when generating the token. The 
second purpose, which isn't called out in the document, is to provide a 
unique identifier for the specific server within the deployment so that 
the generated ACCESS-TOKEN value will only be considered valid by that 
specific server (i.e. to prevent replay of the token to multiple TURN 
servers). So, you can consider "foo@turn.com" to mean "generate a token 
for the server named foo at service provider turn.com".

I think the client would perform the required DNS lookups first to get 
the address of a specific server, after which it would attempt to 
establish the tunnel in order to get the error with the server name 
back. Alternatively, based on the service provider's naming conventions 
and use of IP addresses, it might be possible to avoid the initial 
exchange with the TURN server by allowing the client to construct the 
server name without having to ask (at least that's what I hope to do).

--Brandon

On 08/22/2014 04:35 AM, Hannes Tschofenig wrote:
>>> Minor aspects:
>>> >>
>>> >>  * Would the TURN server name really be an email alike address rather than
>>> >>a URI ?
>> >
>> >Yes, for more information please refer tohttp://tools.ietf.org/html/draft-ietf-tram-turn-server-discovery-00
>> >
> Thanks. Why do you need the username part for the discovery of the TURN
> server capabilities? I couldn't find the answer to that question by
> quickly looking at the TURN server discovery document. Do you expect
> that the configuration is different from user to user?
>
> The procedure seems to be:
>
> Client -> TURN server: Establish Tunnel
> Client <- TURN server: error - here is my "email" alike address
> (foo@turn.com)
> Client -> DNS: DNS Lookup (turn.com)
> Client <- DNS: something domain name back
> Client -> DNS: NAPTR
> Client <- DNS: IP address back
>
> Is this correct?
>

-- 
Brandon Williams; Senior Principal Software Engineer
Emerging Products Engineering; Akamai Technologies Inc.


From nobody Tue Aug 26 12:03:39 2014
Return-Path: <internet-drafts@ietf.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 276F71A0188; Tue, 26 Aug 2014 12:03:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z_wkAG7THcKd; Tue, 26 Aug 2014 12:03:31 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id CB19C1A02F8; Tue, 26 Aug 2014 12:03:14 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 5.6.2.p5
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20140826190314.25080.21244.idtracker@ietfa.amsl.com>
Date: Tue, 26 Aug 2014 12:03:14 -0700
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/m1xZTp-vn3I-2vvUjs-1FIfi8k0
Cc: oauth@ietf.org
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-jwsreq-00.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Aug 2014 19:03:33 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
 This draft is a work item of the Web Authorization Protocol Working Group of the IETF.

        Title           : Request by JWS ver.1.0 for OAuth 2.0
        Authors         : Nat Sakimura
                          John Bradley
	Filename        : draft-ietf-oauth-jwsreq-00.txt
	Pages           : 9
	Date            : 2014-08-25

Abstract:
   The authorization request in OAuth 2.0 utilizes query parameter
   serialization.  This specification defines the authorization request
   using JWT serialization.  The request is sent thorugh "request"
   parameter or by reference through "request_uri" parameter that points
   to the JWT, allowing the request to be optionally signed and
   encrypted.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-jwsreq/

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-oauth-jwsreq-00


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


From nobody Tue Aug 26 12:06:18 2014
Return-Path: <internet-drafts@ietf.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE3761A02E6; Tue, 26 Aug 2014 12:06:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wk-maCnA-Eob; Tue, 26 Aug 2014 12:06:13 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A32541A0258; Tue, 26 Aug 2014 12:06:13 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 5.6.2.p5
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20140826190613.5231.3724.idtracker@ietfa.amsl.com>
Date: Tue, 26 Aug 2014 12:06:13 -0700
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/Z7FWiGxNpEz8cmhahEWS7-zLeog
Cc: oauth@ietf.org
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-spop-00.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Aug 2014 19:06:15 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
 This draft is a work item of the Web Authorization Protocol Working Group of the IETF.

        Title           : Symmetric Proof of Possession for the OAuth Authorization Code Grant
        Authors         : Nat Sakimura
                          John Bradley
                          Naveen Agarwal
	Filename        : draft-ietf-oauth-spop-00.txt
	Pages           : 8
	Date            : 2014-08-25

Abstract:
   The OAuth 2.0 public client utilizing authorization code grant is
   susceptible to the code interception attack.  This specification
   describe a mechanism that acts as a control against this threat.



The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-spop/

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-oauth-spop-00


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


From nobody Tue Aug 26 12:08:51 2014
Return-Path: <internet-drafts@ietf.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02B871A0217; Tue, 26 Aug 2014 12:08:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SAWQ4ygMa6aL; Tue, 26 Aug 2014 12:08:43 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id F3A411A0166; Tue, 26 Aug 2014 12:08:42 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 5.6.2.p5
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20140826190842.5367.43879.idtracker@ietfa.amsl.com>
Date: Tue, 26 Aug 2014 12:08:42 -0700
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/0KyFgfWFAzWxJH23H5kbAuX2Bbg
Cc: oauth@ietf.org
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-introspection-00.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Aug 2014 19:08:46 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
 This draft is a work item of the Web Authorization Protocol Working Group of the IETF.

        Title           : OAuth Token Introspection
        Author          : Justin Richer
	Filename        : draft-ietf-oauth-introspection-00.txt
	Pages           : 7
	Date            : 2014-08-22

Abstract:
   This specification defines a method for a client or protected
   resource to query an OAuth authorization server to validate the
   active state of an OAuth token and to determine meta-information
   about an OAuth token.



The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-introspection/

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-oauth-introspection-00


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


From nobody Tue Aug 26 12:32:43 2014
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A004A1A0267 for <oauth@ietfa.amsl.com>; Tue, 26 Aug 2014 12:32:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.568
X-Spam-Level: 
X-Spam-Status: No, score=-2.568 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MSEwkidmGOZZ for <oauth@ietfa.amsl.com>; Tue, 26 Aug 2014 12:32:41 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E28D1A01AF for <oauth@ietf.org>; Tue, 26 Aug 2014 12:32:41 -0700 (PDT)
Received: from [172.16.254.100] ([80.92.118.232]) by mail.gmx.com (mrgmx001) with ESMTPSA (Nemesis) id 0MQ2Wx-1XIo6e0vwZ-005HIL for <oauth@ietf.org>; Tue, 26 Aug 2014 21:32:39 +0200
Message-ID: <53FCE0D7.5010109@gmx.net>
Date: Tue, 26 Aug 2014 21:32:39 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: "oauth@ietf.org" <oauth@ietf.org>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="mUhH0TR1a3wNwkbAknk7l1rihSB6E8pNq"
X-Provags-ID: V03:K0:BGBqC7aEydlg/Nx++egwCD0wn7HNstrTnKobjjSicKSdTSNKwUZ 1otCbXAk5/iVwpmZ9X5jJthNc8YmOAdXKiM5Vo+DPekK+7A7gnW5j0gVaOFZVgEU6DbWjtM C/L0hCa0Z38qcwO7yCGIpEi8R81nb6/oRAdOQhU8COSMVCRSrEgStLQc3Fijs7Gmw6H11Sm U1Xz1pJi0diAOIRWPHnVA==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/to8jlN8T3GVEQFDhB9mqXSuKM_Q
Subject: [OAUTH-WG] Working Group Last Call on "Symmetric Proof of Possession for the OAuth Authorization Code Grant"
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Aug 2014 19:32:42 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--mUhH0TR1a3wNwkbAknk7l1rihSB6E8pNq
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hi all,

This is a Last Call for comments on the "Symmetric Proof of Possession
for the OAuth Authorization Code Grant" specification.

The document can be found here:
http://datatracker.ietf.org/doc/draft-ietf-oauth-spop/

Please have your comments in no later than September 9th.

Ciao
Hannes & Derek


--mUhH0TR1a3wNwkbAknk7l1rihSB6E8pNq
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQEcBAEBCgAGBQJT/ODXAAoJEGhJURNOOiAtEt0H/1Nzha/afmlI4AUXCD87axM4
9vEyuy08MLPd2VZgEZQban+j4M7PHqCr4MZnwizEV1PtLbaSLDjFP+askhU40HDe
vKux5Gm92bd5W6iKyjwvmV70LUxT1/j+x2qAD6n0zi5eexm2cytrpZUSrLW2iK5e
kKD90NznBnyeZJuhVPEjIlgjfN9b+C98MTjvfc/Rd6dEWKXUi/1olrn588FTk6hp
xCVbUcSAmbCxactjm07gX/8g85KS/xW1m3eFjhE5KCx4qIX4IrtQk/CqcfuKdvBO
Epcm5tqJgr++nN17HICcQxBuGkwh7HboRhIB6oreIanIt3nQi3KYAH5ef6sWhhU=
=aApp
-----END PGP SIGNATURE-----

--mUhH0TR1a3wNwkbAknk7l1rihSB6E8pNq--


From nobody Tue Aug 26 12:39:31 2014
Return-Path: <phil.hunt@oracle.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F1851A0277 for <oauth@ietfa.amsl.com>; Tue, 26 Aug 2014 12:39:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.869
X-Spam-Level: 
X-Spam-Status: No, score=-4.869 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Iwggo0m29OVd for <oauth@ietfa.amsl.com>; Tue, 26 Aug 2014 12:39:28 -0700 (PDT)
Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C019E1A01DC for <oauth@ietf.org>; Tue, 26 Aug 2014 12:39:28 -0700 (PDT)
Received: from ucsinet21.oracle.com (ucsinet21.oracle.com [156.151.31.93]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id s7QJdNNA001677 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 26 Aug 2014 19:39:24 GMT
Received: from userz7021.oracle.com (userz7021.oracle.com [156.151.31.85]) by ucsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s7QJdMcK003595 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Tue, 26 Aug 2014 19:39:23 GMT
Received: from abhmp0019.oracle.com (abhmp0019.oracle.com [141.146.116.25]) by userz7021.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s7QJdMTN003579; Tue, 26 Aug 2014 19:39:22 GMT
Received: from [192.168.0.65] (/192.187.31.28) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 26 Aug 2014 12:39:21 -0700
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Phil Hunt <phil.hunt@oracle.com>
In-Reply-To: <53FCE0D7.5010109@gmx.net>
Date: Tue, 26 Aug 2014 12:39:18 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <00F63620-AC71-4B48-94DD-6587387EEF61@oracle.com>
References: <53FCE0D7.5010109@gmx.net>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
X-Mailer: Apple Mail (2.1878.6)
X-Source-IP: ucsinet21.oracle.com [156.151.31.93]
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/Ek1NqOunILM0h4Cf_Ojuzyekybc
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Working Group Last Call on "Symmetric Proof of Possession for the OAuth Authorization Code Grant"
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Aug 2014 19:39:30 -0000

I am confused. We hummed to adopt the document not to go to last call.

Phil

@independentid
www.independentid.com
phil.hunt@oracle.com



On Aug 26, 2014, at 12:32 PM, Hannes Tschofenig =
<hannes.tschofenig@gmx.net> wrote:

> Hi all,
>=20
> This is a Last Call for comments on the "Symmetric Proof of Possession
> for the OAuth Authorization Code Grant" specification.
>=20
> The document can be found here:
> http://datatracker.ietf.org/doc/draft-ietf-oauth-spop/
>=20
> Please have your comments in no later than September 9th.
>=20
> Ciao
> Hannes & Derek
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


From nobody Tue Aug 26 12:47:15 2014
Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5B421A0263 for <oauth@ietfa.amsl.com>; Tue, 26 Aug 2014 12:47:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level: 
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kT6DfyZAvo-4 for <oauth@ietfa.amsl.com>; Tue, 26 Aug 2014 12:47:10 -0700 (PDT)
Received: from mail-qg0-f53.google.com (mail-qg0-f53.google.com [209.85.192.53]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 226B21A0181 for <oauth@ietf.org>; Tue, 26 Aug 2014 12:47:09 -0700 (PDT)
Received: by mail-qg0-f53.google.com with SMTP id z60so11572503qgd.26 for <oauth@ietf.org>; Tue, 26 Aug 2014 12:47:09 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:message-id:references:to; bh=pelMcwTdVqMcbM4uq1sjTKBwP8JTbfqvN4Pzno5xVzo=; b=kDbrCPt/3XshghT3cdVQfFTAOKmiNd6YX0eu37cW3Z2w2SNWCI1dQztos0rECSlroo Ch9wvw76mrr3LAg3dA0j0Vs2LBjPTYLuqpJ4Avx1w39iaGvKVcZQ+e8fKfO19mMXKAvZ pWWh8fHYOIpKznSaJlQ6U5AwMcN41EcaQSSOy1pn4BSj3c31Jf1RzII7X5Jg43NRnrkq 72NplyyzWG/UP8/DVY0hHlNzLwF4O0EJVrOfQralU0eKrH7UZ01tUNHNtDenBZSAvLIu 3e8E+9HeyuzjS11K5h2fKsiF+xLPcwron0y2x6C2iRYQwgYypaNAiTQpEf5YplyfPUlB WHtw==
X-Gm-Message-State: ALoCoQkcmGMQb8l2cMyIsxmM207eIRBOk4RZVRhZYjMX4Jz9fkdeK2Sk/GBzi9zdOlbLdBI7ISuj
X-Received: by 10.140.50.16 with SMTP id r16mr18319031qga.96.1409082428982; Tue, 26 Aug 2014 12:47:08 -0700 (PDT)
Received: from [192.168.1.213] ([190.22.109.106]) by mx.google.com with ESMTPSA id 95sm6510172qgm.18.2014.08.26.12.47.05 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 26 Aug 2014 12:47:07 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_1850ABD2-CBC8-4695-A991-E094CDC2F17E"; protocol="application/pkcs7-signature"; micalg=sha1
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <00F63620-AC71-4B48-94DD-6587387EEF61@oracle.com>
Date: Tue, 26 Aug 2014 15:46:53 -0400
Message-Id: <2A5DF569-0B0B-48F1-BFBF-D0C050867C88@ve7jtb.com>
References: <53FCE0D7.5010109@gmx.net> <00F63620-AC71-4B48-94DD-6587387EEF61@oracle.com>
To: Phil Hunt <phil.hunt@oracle.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/njGpfjjZJ74z7PNpAubvS0KCqmA
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Working Group Last Call on "Symmetric Proof of Possession for the OAuth Authorization Code Grant"
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Aug 2014 19:47:13 -0000

--Apple-Mail=_1850ABD2-CBC8-4695-A991-E094CDC2F17E
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=windows-1252

Yes,  I haden=92t anticipated going to last call right after being =
adopted as a WG document.

Is this some procedural thing that I am unaware of?

John B.

On Aug 26, 2014, at 3:39 PM, Phil Hunt <phil.hunt@oracle.com> wrote:

> I am confused. We hummed to adopt the document not to go to last call.
>=20
> Phil
>=20
> @independentid
> www.independentid.com
> phil.hunt@oracle.com
>=20
>=20
>=20
> On Aug 26, 2014, at 12:32 PM, Hannes Tschofenig =
<hannes.tschofenig@gmx.net> wrote:
>=20
>> Hi all,
>>=20
>> This is a Last Call for comments on the "Symmetric Proof of =
Possession
>> for the OAuth Authorization Code Grant" specification.
>>=20
>> The document can be found here:
>> http://datatracker.ietf.org/doc/draft-ietf-oauth-spop/
>>=20
>> Please have your comments in no later than September 9th.
>>=20
>> Ciao
>> Hannes & Derek
>>=20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


--Apple-Mail=_1850ABD2-CBC8-4695-A991-E094CDC2F17E
Content-Disposition: attachment;
	filename=smime.p7s
Content-Type: application/pkcs7-signature;
	name=smime.p7s
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIINPDCCBjQw
ggQcoAMCAQICASAwDQYJKoZIhvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0
Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAn
BgNVBAMTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDI1NVoX
DTE3MTAyNDIxMDI1NVowgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSsw
KQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFy
dENvbSBDbGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMsohUWcASz7GfKrpTOMKqANy9BV7V0igWdGxA8IU77L3aTxErQ+
fcxtDYZ36Z6GH0YFn7fq5RADteP0AYzrCA+EQTfi8q1+kA3m0nwtwXG94M5sIqsvs7lRP1aycBke
/s5g9hJHryZ2acScnzczjBCAo7X1v5G3yw8MDP2m2RCye0KfgZ4nODerZJVzhAlOD9YejvAXZqHk
sw56HzElVIoYSZ3q4+RJuPXXfIoyby+Y2m1E+YzX5iCZXBx05gk6MKAW1vaw4/v2OOLy6FZH3XHH
tOkzUreG//CsFnB9+uaYSlR65cdGzTsmoIK8WH1ygoXhRBm98SD7Hf/r3FELNvUCAwEAAaOCAa0w
ggGpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSuVYNv7DHKufcd
+q9rMfPIHeOsuzAfBgNVHSMEGDAWgBROC+8apEBbpRdphzDKNGhD0EGu8jBmBggrBgEFBQcBAQRa
MFgwJwYIKwYBBQUHMAGGG2h0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9jYTAtBggrBgEFBQcwAoYh
aHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2EuY3J0MFsGA1UdHwRUMFIwJ6AloCOGIWh0dHA6
Ly93d3cuc3RhcnRzc2wuY29tL3Nmc2NhLmNybDAnoCWgI4YhaHR0cDovL2NybC5zdGFydHNzbC5j
b20vc2ZzY2EuY3JsMIGABgNVHSAEeTB3MHUGCysGAQQBgbU3AQIBMGYwLgYIKwYBBQUHAgEWImh0
dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cu
c3RhcnRzc2wuY29tL2ludGVybWVkaWF0ZS5wZGYwDQYJKoZIhvcNAQEFBQADggIBADqpJw3I07QW
ke9plNBpxUxcffc7nUrIQpJHDci91DFG7fVhHRkMZ1J+BKg5UNUxIFJ2Z9B90Micc/NXcs7kPBRd
n6XGO/vPc87Y6R+cWS9Nc9+fp3Enmsm94OxOwI9wn8qnr/6o3mD4noP9JphwUPTXwHovjavRnhUQ
HLfo/i2NG0XXgTHXS2Xm0kVUozXqpYpAdumMiB/vezj1QHQJDmUdPYMcp+reg9901zkyT3fDW/iv
JVv6pWtkh6Pw2ytZT7mvg7YhX3V50Nv860cV11mocUVcqBLv0gcT+HBDYtbuvexNftwNQKD5193A
7zN4vG7CTYkXxytSjKuXrpEatEiFPxWgb84nVj25SU5q/r1Xhwby6mLhkbaXslkVtwEWT3Van49r
KjlK4XrUKYYWtnfzq6aSak5u0Vpxd1rY79tWhD3EdCvOhNz/QplNa+VkIsrcp7+8ZhP1l1b2U6Ma
xIVteuVMD3X0vziIwr7jxYae9FZjbxlpUemqXjcC0QaFfN7qI0JsQMALL7iGRBg7K0CoOBzECdD3
fuZil5kU/LP9cr1BK31U0Uy651bFnAMMMkqhAChIbn0ei72VnbpSsrrSdF0BAGYQ8vyHae5aCg+H
75dVCV33K6FuxZrf09yTz+Vx/PkdRUYkXmZz/OTfyJXsUOUXrym6KvI2rYpccSk5MIIHADCCBeig
AwIBAgICSAcwDQYJKoZIhvcNAQEFBQAwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENv
bSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYD
VQQDEy9TdGFydENvbSBDbGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTAeFw0x
NDAzMjQyMzU2MjNaFw0xNjAzMjUwOTM5MzFaMIGfMRkwFwYDVQQNExBxekYwMVhZQ1pNTDM4N2hE
MQswCQYDVQQGEwJDTDEiMCAGA1UECBMZTWV0cm9wb2xpdGFuYSBkZSBTYW50aWFnbzEWMBQGA1UE
BxMNSXNsYSBkZSBNYWlwbzEVMBMGA1UEAxMMSm9obiBCcmFkbGV5MSIwIAYJKoZIhvcNAQkBFhNq
YnJhZGxleUBpY2xvdWQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTL0o4QG
WC+jnmYa7xEjcBTAeIOt7ILy40qsnJHNedVaTH0EU5yHzoaEOGHuOuwJUz/C7r2TvXpJ/Ud4w6VO
HdOUGnnKUiH5MV/kIysZ7DpN5D1f+yEast00oKsEbf/D6flzfex2JFV9rT7AQ+FQaTdf3S9K7gM2
F5kODFg805BMYTGT+haw9VOMXju5s93VEjUQcnGrLy0RtoN76GM6ItxqNnEt/Ln+2GNq8JvPyUKe
JsAxfIlTyqIbw32VlusKXL4+jmgFi+LY6bsfg3VHLvy58QsQnCwHg15uARvy5X6owyGcG7xHwNml
fNWtBZ3DHNPh37HC9lmAy4iqw4PvNwIDAQABo4IDVTCCA1EwCQYDVR0TBAIwADALBgNVHQ8EBAMC
BLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBSUDb6BlJD7FIYgWj1w
4z+GsOXs7zAfBgNVHSMEGDAWgBSuVYNv7DHKufcd+q9rMfPIHeOsuzCBmQYDVR0RBIGRMIGOgRNq
YnJhZGxleUBpY2xvdWQuY29tgRNqYnJhZGxleUBpY2xvdWQuY29tgRdqb2huLmJyYWRsZXlAd2lu
Z2FhLmNvbYERdmU3anRiQHZlN2p0Yi5jb22BD2picmFkbGV5QG1lLmNvbYEQamJyYWRsZXlAbWFj
LmNvbYETamJyYWRsZXlAd2luZ2FhLmNvbTCCAUwGA1UdIASCAUMwggE/MIIBOwYLKwYBBAGBtTcB
AgMwggEqMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMIH3
BggrBgEFBQcCAjCB6jAnFiBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgEBGoG+
VGhpcyBjZXJ0aWZpY2F0ZSB3YXMgaXNzdWVkIGFjY29yZGluZyB0byB0aGUgQ2xhc3MgMiBWYWxp
ZGF0aW9uIHJlcXVpcmVtZW50cyBvZiB0aGUgU3RhcnRDb20gQ0EgcG9saWN5LCByZWxpYW5jZSBv
bmx5IGZvciB0aGUgaW50ZW5kZWQgcHVycG9zZSBpbiBjb21wbGlhbmNlIG9mIHRoZSByZWx5aW5n
IHBhcnR5IG9ibGlnYXRpb25zLjA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLnN0YXJ0c3Ns
LmNvbS9jcnR1Mi1jcmwuY3JsMIGOBggrBgEFBQcBAQSBgTB/MDkGCCsGAQUFBzABhi1odHRwOi8v
b2NzcC5zdGFydHNzbC5jb20vc3ViL2NsYXNzMi9jbGllbnQvY2EwQgYIKwYBBQUHMAKGNmh0dHA6
Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRzL3N1Yi5jbGFzczIuY2xpZW50LmNhLmNydDAjBgNVHRIE
HDAahhhodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS8wDQYJKoZIhvcNAQEFBQADggEBALscEldbrgeF
B1WC/hMdYxFT4Lc8ALtErgJryRozTdeMlzpsncIKyy8M54HhxQAMOqFe2HR+R9H7WeIzmkV95yJn
JY3bd4bxnnemhLrDyi1VlNjEjkK5kgegI8JavahFXl4FwJHHv8TOh71Wf3fiy0Do7d7TQmVDRrzt
1k/2w4CXKweQ2mdFw7fskiYoPGEK7pFiicGMFBzLiKRm61CqojS4IYShiP0nCZZWPwNJYs5lstxD
SSMaD+KccZVxkL7X2Qj9PJ+PCAQ6dMhvwTXrdcnrE7fI8PhFvHWrERjg7yIu1WI4Fgviy0u7437v
WzufSnfqMwbfz20fucO0chYq+tkxggNsMIIDaAIBATCBkzCBjDELMAkGA1UEBhMCSUwxFjAUBgNV
BAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNp
Z25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xp
ZW50IENBAgJIBzAJBgUrDgMCGgUAoIIBrTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqG
SIb3DQEJBTEPFw0xNDA4MjYxOTQ2NTZaMCMGCSqGSIb3DQEJBDEWBBTUFaRbwyb1dNgA2EYUkGnG
Nmn9LDCBpAYJKwYBBAGCNxAEMYGWMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRD
b20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYG
A1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAkgH
MIGmBgsqhkiG9w0BCRACCzGBlqCBkzCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29t
IEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNV
BAMTL1N0YXJ0Q29tIENsYXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENBAgJIBzAN
BgkqhkiG9w0BAQEFAASCAQAep4A+qF89qNVQv55Jorr/WAZuncOSDwNpzDGeKvQylNmFgT8sDLzp
jKcHVRfQ6xiCvBilPCHhlChrho0UpbKZOwhlA/z9eJFASxwPp1ILj6F6XpjoD2q2Z9kYQI2ZOfNc
e6m2b2lBlruDkAEcDLdDy9j5BLd9lx9FfK9891taVbNqoclxd3U8gQl00rQ+d8eSvaUMLZLz7PDQ
Ot18NJsb7H9HlB6ZE2hii28TPtONwXMnDL6lwDnNsqY1kLCggzXeJ16zvRSzaSNN9xvUOt3ja2gg
fZOavBkELmh/dGBGsve+UYK6R02P8sbPjVDohQWzUBp0awr5GZuue0UgGZLFAAAAAAAA

--Apple-Mail=_1850ABD2-CBC8-4695-A991-E094CDC2F17E--


From nobody Tue Aug 26 13:02:24 2014
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 252501A0401 for <oauth@ietfa.amsl.com>; Tue, 26 Aug 2014 13:02:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level: 
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z4uMV0EwS9ej for <oauth@ietfa.amsl.com>; Tue, 26 Aug 2014 13:02:13 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1lp0140.outbound.protection.outlook.com [207.46.163.140]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C56BE1A02F0 for <oauth@ietf.org>; Tue, 26 Aug 2014 13:02:12 -0700 (PDT)
Received: from BN3PR0301CA0050.namprd03.prod.outlook.com (25.160.152.146) by BY2PR03MB256.namprd03.prod.outlook.com (10.242.37.23) with Microsoft SMTP Server (TLS) id 15.0.1015.19; Tue, 26 Aug 2014 20:02:10 +0000
Received: from BY2FFO11FD034.protection.gbl (2a01:111:f400:7c0c::184) by BN3PR0301CA0050.outlook.office365.com (2a01:111:e400:401e::18) with Microsoft SMTP Server (TLS) id 15.0.1015.19 via Frontend Transport; Tue, 26 Aug 2014 20:02:09 +0000
Received: from mail.microsoft.com (131.107.125.37) by BY2FFO11FD034.mail.protection.outlook.com (10.1.14.219) with Microsoft SMTP Server (TLS) id 15.0.1010.11 via Frontend Transport; Tue, 26 Aug 2014 20:02:08 +0000
Received: from TK5EX14MBXC293.redmond.corp.microsoft.com ([169.254.2.111]) by TK5EX14HUBC103.redmond.corp.microsoft.com ([157.54.86.9]) with mapi id 14.03.0195.002; Tue, 26 Aug 2014 20:01:26 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: John Bradley <ve7jtb@ve7jtb.com>, Phil Hunt <phil.hunt@oracle.com>
Thread-Topic: [OAUTH-WG] Working Group Last Call on "Symmetric Proof of Possession for the OAuth Authorization Code Grant"
Thread-Index: AQHPwWSGDmsluGrlrkyM8/2RXxNk0pvjSBAAgAACH4CAAAO0oA==
Date: Tue, 26 Aug 2014 20:01:25 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739439AE43842@TK5EX14MBXC293.redmond.corp.microsoft.com>
References: <53FCE0D7.5010109@gmx.net> <00F63620-AC71-4B48-94DD-6587387EEF61@oracle.com> <2A5DF569-0B0B-48F1-BFBF-D0C050867C88@ve7jtb.com>
In-Reply-To: <2A5DF569-0B0B-48F1-BFBF-D0C050867C88@ve7jtb.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.36]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(6009001)(438002)(24454002)(51704005)(53754006)(199003)(189002)(377454003)(13464003)(87936001)(81156004)(33656002)(106116001)(106466001)(81542001)(26826002)(92726001)(92566001)(15202345003)(81342001)(95666004)(77096002)(86612001)(15975445006)(21056001)(76482001)(50986999)(79102001)(85852003)(83072002)(77982001)(46406003)(55846006)(76176999)(46102001)(6806004)(68736004)(83322001)(99396002)(74662001)(31966008)(97736001)(97756001)(44976005)(19580395003)(74502001)(50466002)(90102001)(23726002)(19580405001)(54356999)(85306004)(69596002)(104016003)(15974865002)(20776003)(2656002)(84676001)(80022001)(4396001)(107046002)(47776003)(66066001)(64706001)(86362001); DIR:OUT; SFP:; SCL:1; SRVR:BY2PR03MB256; H:mail.microsoft.com; FPR:; MLV:ovrnspm; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en; 
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;UriScan:;
X-O365ENT-EOP-Header: Message processed by -  O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 03152A99FF
Received-SPF: Pass (protection.outlook.com: domain of microsoft.com designates 131.107.125.37 as permitted sender) receiver=protection.outlook.com;  client-ip=131.107.125.37; helo=mail.microsoft.com;
Authentication-Results: spf=pass (sender IP is 131.107.125.37) smtp.mailfrom=Michael.Jones@microsoft.com; 
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/-IIgbztrb5KbZBT6iEE46C4IYGo
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Working Group Last Call on "Symmetric Proof of Possession for the OAuth Authorization Code Grant"
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Aug 2014 20:02:16 -0000

I'm confused too.  There hadn't been any discussion of any of the new docum=
ents going to last call that I can remember, either in Toronto, or on the l=
ist.

-----Original Message-----
From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of John Bradley
Sent: Tuesday, August 26, 2014 12:47 PM
To: Phil Hunt
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Working Group Last Call on "Symmetric Proof of Poss=
ession for the OAuth Authorization Code Grant"

Yes,  I haden't anticipated going to last call right after being adopted as=
 a WG document.

Is this some procedural thing that I am unaware of?

John B.

On Aug 26, 2014, at 3:39 PM, Phil Hunt <phil.hunt@oracle.com> wrote:

> I am confused. We hummed to adopt the document not to go to last call.
>=20
> Phil
>=20
> @independentid
> www.independentid.com
> phil.hunt@oracle.com
>=20
>=20
>=20
> On Aug 26, 2014, at 12:32 PM, Hannes Tschofenig <hannes.tschofenig@gmx.ne=
t> wrote:
>=20
>> Hi all,
>>=20
>> This is a Last Call for comments on the "Symmetric Proof of=20
>> Possession for the OAuth Authorization Code Grant" specification.
>>=20
>> The document can be found here:
>> http://datatracker.ietf.org/doc/draft-ietf-oauth-spop/
>>=20
>> Please have your comments in no later than September 9th.
>>=20
>> Ciao
>> Hannes & Derek
>>=20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


From nobody Tue Aug 26 13:35:39 2014
Return-Path: <jricher@mitre.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4850D1A887C for <oauth@ietfa.amsl.com>; Tue, 26 Aug 2014 13:35:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.868
X-Spam-Level: 
X-Spam-Status: No, score=-4.868 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.668] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3XtvqHoingOK for <oauth@ietfa.amsl.com>; Tue, 26 Aug 2014 13:35:31 -0700 (PDT)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id C4DD01A8871 for <oauth@ietf.org>; Tue, 26 Aug 2014 13:35:26 -0700 (PDT)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 423B81F055F; Tue, 26 Aug 2014 16:35:26 -0400 (EDT)
Received: from IMCCAS03.MITRE.ORG (imccas03.mitre.org [129.83.29.80]) by smtpksrv1.mitre.org (Postfix) with ESMTP id 2891D1F041A; Tue, 26 Aug 2014 16:35:26 -0400 (EDT)
Received: from IMCMBX01.MITRE.ORG ([169.254.1.118]) by IMCCAS03.MITRE.ORG ([129.83.29.80]) with mapi id 14.03.0174.001; Tue, 26 Aug 2014 16:35:25 -0400
From: "Richer, Justin P." <jricher@mitre.org>
To: Mike Jones <Michael.Jones@microsoft.com>
Thread-Topic: [OAUTH-WG] Working Group Last Call on "Symmetric Proof of Possession for the OAuth Authorization Code Grant"
Thread-Index: AQHPwWSEuGZ+1uwOz0eF4VpkOdNzaZvjix4AgAACH4CAAAQPgIAACYCA
Date: Tue, 26 Aug 2014 20:35:25 +0000
Message-ID: <CAD46824-CC0A-4504-983C-2790452D567B@mitre.org>
References: <53FCE0D7.5010109@gmx.net> <00F63620-AC71-4B48-94DD-6587387EEF61@oracle.com> <2A5DF569-0B0B-48F1-BFBF-D0C050867C88@ve7jtb.com> <4E1F6AAD24975D4BA5B16804296739439AE43842@TK5EX14MBXC293.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739439AE43842@TK5EX14MBXC293.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.146.15.23]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <6DDE4ABB0F84284CA78E1AE2980E06ED@imc.mitre.org>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/yQ-bvAnFUj_n6iZJo0_OrbGrwfA
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Working Group Last Call on "Symmetric Proof of Possession for the OAuth Authorization Code Grant"
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Aug 2014 20:35:34 -0000

Agreed, I'm guessing it was a clerical error with the IETF tools.

 -- Justin

On Aug 26, 2014, at 4:01 PM, Mike Jones <Michael.Jones@microsoft.com> wrote=
:

> I'm confused too.  There hadn't been any discussion of any of the new doc=
uments going to last call that I can remember, either in Toronto, or on the=
 list.
>=20
> -----Original Message-----
> From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of John Bradley
> Sent: Tuesday, August 26, 2014 12:47 PM
> To: Phil Hunt
> Cc: oauth@ietf.org
> Subject: Re: [OAUTH-WG] Working Group Last Call on "Symmetric Proof of Po=
ssession for the OAuth Authorization Code Grant"
>=20
> Yes,  I haden't anticipated going to last call right after being adopted =
as a WG document.
>=20
> Is this some procedural thing that I am unaware of?
>=20
> John B.
>=20
> On Aug 26, 2014, at 3:39 PM, Phil Hunt <phil.hunt@oracle.com> wrote:
>=20
>> I am confused. We hummed to adopt the document not to go to last call.
>>=20
>> Phil
>>=20
>> @independentid
>> www.independentid.com
>> phil.hunt@oracle.com
>>=20
>>=20
>>=20
>> On Aug 26, 2014, at 12:32 PM, Hannes Tschofenig <hannes.tschofenig@gmx.n=
et> wrote:
>>=20
>>> Hi all,
>>>=20
>>> This is a Last Call for comments on the "Symmetric Proof of=20
>>> Possession for the OAuth Authorization Code Grant" specification.
>>>=20
>>> The document can be found here:
>>> http://datatracker.ietf.org/doc/draft-ietf-oauth-spop/
>>>=20
>>> Please have your comments in no later than September 9th.
>>>=20
>>> Ciao
>>> Hannes & Derek
>>>=20
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>>=20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


From nobody Wed Aug 27 08:45:09 2014
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 597071A0AF9 for <oauth@ietfa.amsl.com>; Wed, 27 Aug 2014 08:45:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.568
X-Spam-Level: 
X-Spam-Status: No, score=-2.568 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1EgGrqxJ5PA9 for <oauth@ietfa.amsl.com>; Wed, 27 Aug 2014 08:45:07 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9A391A0AF8 for <oauth@ietf.org>; Wed, 27 Aug 2014 08:45:06 -0700 (PDT)
Received: from [172.16.254.100] ([80.92.121.165]) by mail.gmx.com (mrgmx002) with ESMTPSA (Nemesis) id 0MhAAr-1X0J4T1rZB-00MIa4 for <oauth@ietf.org>; Wed, 27 Aug 2014 17:45:04 +0200
Message-ID: <53FDFCFF.8010606@gmx.net>
Date: Wed, 27 Aug 2014 17:45:03 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: "oauth@ietf.org" <oauth@ietf.org>
References: <53FCE0D7.5010109@gmx.net>
In-Reply-To: <53FCE0D7.5010109@gmx.net>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="Lel8lviWU8eD4pKf9f7nnvEv5IDudRsiv"
X-Provags-ID: V03:K0:JtN8kJutsOxkH2im7cptsucO7VEscVdPbz1rWIR+IYeIqT+tPBb zHZNxMK/ogGbe9qOEcO50AK/jaYKCrXIKy8bo6hpPoS1kG+tnwddqAa/rJ5DQqHszyYBs4q umjVYObDQmu0DOBuQo8T41jUHg7ZOE7GUcJhBPAWi+13cACz6tjL6weghnRGtt7+Ugx3RGn /1k0g1YY7bs5FDhtQ+s2w==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/VtoUjz8I2cdgUvtctfyI7c1rrsw
Subject: Re: [OAUTH-WG] Working Group Last Call on "Symmetric Proof of Possession for the OAuth Authorization Code Grant"
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Aug 2014 15:45:08 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--Lel8lviWU8eD4pKf9f7nnvEv5IDudRsiv
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

Based on the reaction from a few I thought I should add a few words
about this working group last call.

There is no requirement to wait a specific timeframe after a document
became a WG item to issue a working group last call.

In this specific case, the document was around for a while and I didn't
see a reason for not-finishing it as soon as possible.

Additionally, since the document deals with a security vulnerability
that is being exploited today I thought it might make sense to get the
attention from the group to review it.

Finally, it is also a fairly "simple" document (if there is something as
simple in this working group).

Ciao
Hannes

On 08/26/2014 09:32 PM, Hannes Tschofenig wrote:
> Hi all,
>=20
> This is a Last Call for comments on the "Symmetric Proof of Possession
> for the OAuth Authorization Code Grant" specification.
>=20
> The document can be found here:
> http://datatracker.ietf.org/doc/draft-ietf-oauth-spop/
>=20
> Please have your comments in no later than September 9th.
>=20
> Ciao
> Hannes & Derek
>=20
>=20
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>=20


--Lel8lviWU8eD4pKf9f7nnvEv5IDudRsiv
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQEcBAEBCgAGBQJT/fz/AAoJEGhJURNOOiAtgykH/13S8znIP4KHKA2VVwqxYgLH
qU5BF3CX3j4NrXsuLsCjfx3Ua4p2e/+hlQhPMd7LF/1o2pofNrrb5UYAx7yGvflk
C3ZPu0moDvLg9XyZWvV2iUNiwkcx4M1ERIkorhfzaQzd93NTietwaBWsPimFRAx6
mHZrjSgDQHmNDGLAktWwr9e0IDg+duNLr3IoSC+FjVV+UoDkA6TGsY6dAeG0hYRs
YtBd92zxvex9xe6rkh3eXQdWfSrehVRIvcEdNDZbGlSFHaggUpaYyHQXK8TjbZjO
UoQvVB/8xCL0BMyXpZgpz3J8vJij2uLXHV8tkVARU4+ZcB/R0W2v8etcrX/+osM=
=Tdcl
-----END PGP SIGNATURE-----

--Lel8lviWU8eD4pKf9f7nnvEv5IDudRsiv--


From nobody Wed Aug 27 09:40:25 2014
Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52A501A0B82 for <oauth@ietfa.amsl.com>; Wed, 27 Aug 2014 09:40:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level: 
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xl5OBkNgnR5L for <oauth@ietfa.amsl.com>; Wed, 27 Aug 2014 09:40:21 -0700 (PDT)
Received: from mail-qg0-f41.google.com (mail-qg0-f41.google.com [209.85.192.41]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56EAE1A0B7C for <oauth@ietf.org>; Wed, 27 Aug 2014 09:40:20 -0700 (PDT)
Received: by mail-qg0-f41.google.com with SMTP id z107so520201qgd.14 for <oauth@ietf.org>; Wed, 27 Aug 2014 09:40:20 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:message-id:references:to; bh=sVzi36gHwAJD8di8BUVI5S7iM7M+FhwrqQuuS+yFBaM=; b=XlYLwI1UTbiPV6oocxhV7YTRj4IUtWCQqJC9MTgi0xXHvEaj5N/rr1N0szz5libALw hM0C/ySZjRE9YTlh6N5Op6jPaty3aSjQBUzNXhDwnDVq8ManA1TtaRzSX9mretalZ2hA cJEQwnI1k5gphUQbBRH/vuMZWZnQSmH5QulkLPu8W8FIswYSqS5UajPUbVKA7Y3oLTdo l8IHFjFr6rnGCUnpV1LofI1Pl7b7Fj9DM2PuicdPotcvon1ckM30bhDNyjQbX3XURG6z gxOgcLtu9NNa/08BT8DvdqXhR7y4ru7XtTX/oPFpBB6OA73MyFcIrD9OFuVMwo4dla/V ceGw==
X-Gm-Message-State: ALoCoQna32p9Gw2xe8uGmhzeNuYA7PcBM7I1UCSPyTXyl7svXnkO3ynLOTRc0oqBZdks3Hcc3WXS
X-Received: by 10.224.28.133 with SMTP id m5mr59663310qac.16.1409157619505; Wed, 27 Aug 2014 09:40:19 -0700 (PDT)
Received: from [192.168.1.213] (186-79-220-223.baf.movistar.cl. [186.79.220.223]) by mx.google.com with ESMTPSA id l30sm1371578qgf.9.2014.08.27.09.40.16 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 27 Aug 2014 09:40:18 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_C6504100-9D31-46CD-B52F-18561B27FEF9"; protocol="application/pkcs7-signature"; micalg=sha1
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <53FDFCFF.8010606@gmx.net>
Date: Wed, 27 Aug 2014 12:40:09 -0400
Message-Id: <29CFEF98-9B5F-418D-A799-DD0B536B8090@ve7jtb.com>
References: <53FCE0D7.5010109@gmx.net> <53FDFCFF.8010606@gmx.net>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/P-NQfk1UdRM-XSa6EIUT46jYIBs
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Working Group Last Call on "Symmetric Proof of Possession for the OAuth Authorization Code Grant"
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Aug 2014 16:40:23 -0000

--Apple-Mail=_C6504100-9D31-46CD-B52F-18561B27FEF9
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=windows-1252

OK that explains it.=20

You are basically giving the authors and reviewers a hurry up as it is =
security related.

Nat and I will give it a higher priority then.

Nat and I would like feedback on it quickly then.

As you point out it is not a complex extension and has been deployed in =
a number of cases.

As long as we are clear that the authors aren=92t trying to slip =
something through. (In this case:)

John B.

On Aug 27, 2014, at 11:45 AM, Hannes Tschofenig =
<hannes.tschofenig@gmx.net> wrote:

> Based on the reaction from a few I thought I should add a few words
> about this working group last call.
>=20
> There is no requirement to wait a specific timeframe after a document
> became a WG item to issue a working group last call.
>=20
> In this specific case, the document was around for a while and I =
didn't
> see a reason for not-finishing it as soon as possible.
>=20
> Additionally, since the document deals with a security vulnerability
> that is being exploited today I thought it might make sense to get the
> attention from the group to review it.
>=20
> Finally, it is also a fairly "simple" document (if there is something =
as
> simple in this working group).
>=20
> Ciao
> Hannes
>=20
> On 08/26/2014 09:32 PM, Hannes Tschofenig wrote:
>> Hi all,
>>=20
>> This is a Last Call for comments on the "Symmetric Proof of =
Possession
>> for the OAuth Authorization Code Grant" specification.
>>=20
>> The document can be found here:
>> http://datatracker.ietf.org/doc/draft-ietf-oauth-spop/
>>=20
>> Please have your comments in no later than September 9th.
>>=20
>> Ciao
>> Hannes & Derek
>>=20
>>=20
>>=20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>=20
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


--Apple-Mail=_C6504100-9D31-46CD-B52F-18561B27FEF9
Content-Disposition: attachment;
	filename=smime.p7s
Content-Type: application/pkcs7-signature;
	name=smime.p7s
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIINPDCCBjQw
ggQcoAMCAQICASAwDQYJKoZIhvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0
Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAn
BgNVBAMTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDI1NVoX
DTE3MTAyNDIxMDI1NVowgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSsw
KQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFy
dENvbSBDbGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMsohUWcASz7GfKrpTOMKqANy9BV7V0igWdGxA8IU77L3aTxErQ+
fcxtDYZ36Z6GH0YFn7fq5RADteP0AYzrCA+EQTfi8q1+kA3m0nwtwXG94M5sIqsvs7lRP1aycBke
/s5g9hJHryZ2acScnzczjBCAo7X1v5G3yw8MDP2m2RCye0KfgZ4nODerZJVzhAlOD9YejvAXZqHk
sw56HzElVIoYSZ3q4+RJuPXXfIoyby+Y2m1E+YzX5iCZXBx05gk6MKAW1vaw4/v2OOLy6FZH3XHH
tOkzUreG//CsFnB9+uaYSlR65cdGzTsmoIK8WH1ygoXhRBm98SD7Hf/r3FELNvUCAwEAAaOCAa0w
ggGpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSuVYNv7DHKufcd
+q9rMfPIHeOsuzAfBgNVHSMEGDAWgBROC+8apEBbpRdphzDKNGhD0EGu8jBmBggrBgEFBQcBAQRa
MFgwJwYIKwYBBQUHMAGGG2h0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9jYTAtBggrBgEFBQcwAoYh
aHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2EuY3J0MFsGA1UdHwRUMFIwJ6AloCOGIWh0dHA6
Ly93d3cuc3RhcnRzc2wuY29tL3Nmc2NhLmNybDAnoCWgI4YhaHR0cDovL2NybC5zdGFydHNzbC5j
b20vc2ZzY2EuY3JsMIGABgNVHSAEeTB3MHUGCysGAQQBgbU3AQIBMGYwLgYIKwYBBQUHAgEWImh0
dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cu
c3RhcnRzc2wuY29tL2ludGVybWVkaWF0ZS5wZGYwDQYJKoZIhvcNAQEFBQADggIBADqpJw3I07QW
ke9plNBpxUxcffc7nUrIQpJHDci91DFG7fVhHRkMZ1J+BKg5UNUxIFJ2Z9B90Micc/NXcs7kPBRd
n6XGO/vPc87Y6R+cWS9Nc9+fp3Enmsm94OxOwI9wn8qnr/6o3mD4noP9JphwUPTXwHovjavRnhUQ
HLfo/i2NG0XXgTHXS2Xm0kVUozXqpYpAdumMiB/vezj1QHQJDmUdPYMcp+reg9901zkyT3fDW/iv
JVv6pWtkh6Pw2ytZT7mvg7YhX3V50Nv860cV11mocUVcqBLv0gcT+HBDYtbuvexNftwNQKD5193A
7zN4vG7CTYkXxytSjKuXrpEatEiFPxWgb84nVj25SU5q/r1Xhwby6mLhkbaXslkVtwEWT3Van49r
KjlK4XrUKYYWtnfzq6aSak5u0Vpxd1rY79tWhD3EdCvOhNz/QplNa+VkIsrcp7+8ZhP1l1b2U6Ma
xIVteuVMD3X0vziIwr7jxYae9FZjbxlpUemqXjcC0QaFfN7qI0JsQMALL7iGRBg7K0CoOBzECdD3
fuZil5kU/LP9cr1BK31U0Uy651bFnAMMMkqhAChIbn0ei72VnbpSsrrSdF0BAGYQ8vyHae5aCg+H
75dVCV33K6FuxZrf09yTz+Vx/PkdRUYkXmZz/OTfyJXsUOUXrym6KvI2rYpccSk5MIIHADCCBeig
AwIBAgICSAcwDQYJKoZIhvcNAQEFBQAwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENv
bSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYD
VQQDEy9TdGFydENvbSBDbGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTAeFw0x
NDAzMjQyMzU2MjNaFw0xNjAzMjUwOTM5MzFaMIGfMRkwFwYDVQQNExBxekYwMVhZQ1pNTDM4N2hE
MQswCQYDVQQGEwJDTDEiMCAGA1UECBMZTWV0cm9wb2xpdGFuYSBkZSBTYW50aWFnbzEWMBQGA1UE
BxMNSXNsYSBkZSBNYWlwbzEVMBMGA1UEAxMMSm9obiBCcmFkbGV5MSIwIAYJKoZIhvcNAQkBFhNq
YnJhZGxleUBpY2xvdWQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTL0o4QG
WC+jnmYa7xEjcBTAeIOt7ILy40qsnJHNedVaTH0EU5yHzoaEOGHuOuwJUz/C7r2TvXpJ/Ud4w6VO
HdOUGnnKUiH5MV/kIysZ7DpN5D1f+yEast00oKsEbf/D6flzfex2JFV9rT7AQ+FQaTdf3S9K7gM2
F5kODFg805BMYTGT+haw9VOMXju5s93VEjUQcnGrLy0RtoN76GM6ItxqNnEt/Ln+2GNq8JvPyUKe
JsAxfIlTyqIbw32VlusKXL4+jmgFi+LY6bsfg3VHLvy58QsQnCwHg15uARvy5X6owyGcG7xHwNml
fNWtBZ3DHNPh37HC9lmAy4iqw4PvNwIDAQABo4IDVTCCA1EwCQYDVR0TBAIwADALBgNVHQ8EBAMC
BLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBSUDb6BlJD7FIYgWj1w
4z+GsOXs7zAfBgNVHSMEGDAWgBSuVYNv7DHKufcd+q9rMfPIHeOsuzCBmQYDVR0RBIGRMIGOgRNq
YnJhZGxleUBpY2xvdWQuY29tgRNqYnJhZGxleUBpY2xvdWQuY29tgRdqb2huLmJyYWRsZXlAd2lu
Z2FhLmNvbYERdmU3anRiQHZlN2p0Yi5jb22BD2picmFkbGV5QG1lLmNvbYEQamJyYWRsZXlAbWFj
LmNvbYETamJyYWRsZXlAd2luZ2FhLmNvbTCCAUwGA1UdIASCAUMwggE/MIIBOwYLKwYBBAGBtTcB
AgMwggEqMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMIH3
BggrBgEFBQcCAjCB6jAnFiBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgEBGoG+
VGhpcyBjZXJ0aWZpY2F0ZSB3YXMgaXNzdWVkIGFjY29yZGluZyB0byB0aGUgQ2xhc3MgMiBWYWxp
ZGF0aW9uIHJlcXVpcmVtZW50cyBvZiB0aGUgU3RhcnRDb20gQ0EgcG9saWN5LCByZWxpYW5jZSBv
bmx5IGZvciB0aGUgaW50ZW5kZWQgcHVycG9zZSBpbiBjb21wbGlhbmNlIG9mIHRoZSByZWx5aW5n
IHBhcnR5IG9ibGlnYXRpb25zLjA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLnN0YXJ0c3Ns
LmNvbS9jcnR1Mi1jcmwuY3JsMIGOBggrBgEFBQcBAQSBgTB/MDkGCCsGAQUFBzABhi1odHRwOi8v
b2NzcC5zdGFydHNzbC5jb20vc3ViL2NsYXNzMi9jbGllbnQvY2EwQgYIKwYBBQUHMAKGNmh0dHA6
Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRzL3N1Yi5jbGFzczIuY2xpZW50LmNhLmNydDAjBgNVHRIE
HDAahhhodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS8wDQYJKoZIhvcNAQEFBQADggEBALscEldbrgeF
B1WC/hMdYxFT4Lc8ALtErgJryRozTdeMlzpsncIKyy8M54HhxQAMOqFe2HR+R9H7WeIzmkV95yJn
JY3bd4bxnnemhLrDyi1VlNjEjkK5kgegI8JavahFXl4FwJHHv8TOh71Wf3fiy0Do7d7TQmVDRrzt
1k/2w4CXKweQ2mdFw7fskiYoPGEK7pFiicGMFBzLiKRm61CqojS4IYShiP0nCZZWPwNJYs5lstxD
SSMaD+KccZVxkL7X2Qj9PJ+PCAQ6dMhvwTXrdcnrE7fI8PhFvHWrERjg7yIu1WI4Fgviy0u7437v
WzufSnfqMwbfz20fucO0chYq+tkxggNsMIIDaAIBATCBkzCBjDELMAkGA1UEBhMCSUwxFjAUBgNV
BAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNp
Z25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xp
ZW50IENBAgJIBzAJBgUrDgMCGgUAoIIBrTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqG
SIb3DQEJBTEPFw0xNDA4MjcxNjQwMDlaMCMGCSqGSIb3DQEJBDEWBBQGb9EC6LRnvG+GFgMxDI11
3M6+EDCBpAYJKwYBBAGCNxAEMYGWMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRD
b20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYG
A1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAkgH
MIGmBgsqhkiG9w0BCRACCzGBlqCBkzCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29t
IEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNV
BAMTL1N0YXJ0Q29tIENsYXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENBAgJIBzAN
BgkqhkiG9w0BAQEFAASCAQAFSz68uqgKnw0y43YIvgQuXCyPw/hCb9I9Qh2KJ2BrjtnxtMUnuW8G
mOCyXs91fuMpv2vyz05IZ8eSxxfgJkV64bDS+9z3N8H2XRiLQ+1aC3z7mNYIrLFrMnnEf8oWOBF/
0V/cL3QNR4bVGTv0zNcN2JsHW6UXCDDDhsVLiFs/c8EQVBJem9JLfMLQwFjVcEzvOrr73Nrkqr3U
JoBQjXRdvbZXaOdgC4j18RPg/Y0kbfAtKyuUlW9j4JNlwFEBOf5tlR9Yygm2bAqKE7WLRiIWhwnC
sgOZgyXYhUNtyboDx0BRwlBnVGjE2QHJdoEKBFaMvOthvS1YnsUFrjev1glQAAAAAAAA

--Apple-Mail=_C6504100-9D31-46CD-B52F-18561B27FEF9--


From nobody Wed Aug 27 13:44:49 2014
Return-Path: <tonynad@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 809E71A02A5 for <oauth@ietfa.amsl.com>; Wed, 27 Aug 2014 13:44:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Level: 
X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KNzNh3-wRrDN for <oauth@ietfa.amsl.com>; Wed, 27 Aug 2014 13:44:45 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0206.outbound.protection.outlook.com [207.46.163.206]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B9EA1A0282 for <oauth@ietf.org>; Wed, 27 Aug 2014 13:44:45 -0700 (PDT)
Received: from BLUPR03MB309.namprd03.prod.outlook.com (10.141.48.22) by BLUPR03MB310.namprd03.prod.outlook.com (10.141.48.25) with Microsoft SMTP Server (TLS) id 15.0.1019.14; Wed, 27 Aug 2014 20:44:38 +0000
Received: from BLUPR03MB309.namprd03.prod.outlook.com ([10.141.48.22]) by BLUPR03MB309.namprd03.prod.outlook.com ([10.141.48.22]) with mapi id 15.00.1019.014; Wed, 27 Aug 2014 20:44:38 +0000
From: Anthony Nadalin <tonynad@microsoft.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Working Group Last Call on "Symmetric Proof of Possession for the OAuth Authorization Code Grant"
Thread-Index: AQHPwWSGzxaIAvLEfUqQWFErSsPoEJvkmPKAgABSLxA=
Date: Wed, 27 Aug 2014 20:44:38 +0000
Message-ID: <e40b192a7b7a4e3290ce8c554f93e39f@BLUPR03MB309.namprd03.prod.outlook.com>
References: <53FCE0D7.5010109@gmx.net> <53FDFCFF.8010606@gmx.net>
In-Reply-To: <53FDFCFF.8010606@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [2001:4898:80e0:ee43::2]
x-microsoft-antispam: BCL:0;PCL:0;RULEID:;UriScan:;
x-forefront-prvs: 0316567485
x-forefront-antispam-report: SFV:NSPM; SFS:(6009001)(13464003)(199003)(189002)(377454003)(53754006)(24454002)(479174003)(87936001)(19580395003)(19580405001)(81342001)(83322001)(101416001)(76176999)(99396002)(21056001)(74316001)(15975445006)(83072002)(86362001)(81542001)(85852003)(76576001)(106356001)(33646002)(92566001)(80022001)(105586002)(106116001)(20776003)(64706001)(74662001)(108616004)(99286002)(95666004)(31966008)(74502001)(90102001)(107886001)(2656002)(77982001)(15202345003)(54356999)(79102001)(85306004)(4396001)(107046002)(76482001)(50986999)(46102001)(86612001)(2501001)(24736002)(3826002)(42262002); DIR:OUT; SFP:; SCL:1; SRVR:BLUPR03MB310; H:BLUPR03MB309.namprd03.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:en; 
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/sXnJW9WmEufU_KobRJ9A-sjF61U
Subject: Re: [OAUTH-WG] Working Group Last Call on "Symmetric Proof of Possession for the OAuth Authorization Code Grant"
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Aug 2014 20:44:47 -0000

Not all of us look at individual drafts, and thus I have not previously rea=
d this, but I did this morning and find that there are issues with the way =
the "code challenge" is specified as this requires pre negation of what/how=
 that value was achieved and a large scale deployment that is almost imposs=
ible, if a JWK were used as the default this could eliminate some of the gu=
ess work and pre-negotiation work.=20

I don't think it's ready for WGLC as there has been no discussion yet.

-----Original Message-----
From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Hannes Tschofenig
Sent: Wednesday, August 27, 2014 8:45 AM
To: oauth@ietf.org
Subject: Re: [OAUTH-WG] Working Group Last Call on "Symmetric Proof of Poss=
ession for the OAuth Authorization Code Grant"

Based on the reaction from a few I thought I should add a few words about t=
his working group last call.

There is no requirement to wait a specific timeframe after a document becam=
e a WG item to issue a working group last call.

In this specific case, the document was around for a while and I didn't see=
 a reason for not-finishing it as soon as possible.

Additionally, since the document deals with a security vulnerability that i=
s being exploited today I thought it might make sense to get the attention =
from the group to review it.

Finally, it is also a fairly "simple" document (if there is something as si=
mple in this working group).

Ciao
Hannes

On 08/26/2014 09:32 PM, Hannes Tschofenig wrote:
> Hi all,
>=20
> This is a Last Call for comments on the "Symmetric Proof of Possession=20
> for the OAuth Authorization Code Grant" specification.
>=20
> The document can be found here:
> http://datatracker.ietf.org/doc/draft-ietf-oauth-spop/
>=20
> Please have your comments in no later than September 9th.
>=20
> Ciao
> Hannes & Derek
>=20
>=20
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>=20


From nobody Wed Aug 27 14:27:42 2014
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B3451A02A3 for <oauth@ietfa.amsl.com>; Wed, 27 Aug 2014 14:27:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.578
X-Spam-Level: 
X-Spam-Status: No, score=-3.578 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R6R1hLk5nu3F for <oauth@ietfa.amsl.com>; Wed, 27 Aug 2014 14:27:39 -0700 (PDT)
Received: from na6sys009bog004.obsmtp.com (na6sys009bog004.obsmtp.com [74.125.150.48]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02BC11A015B for <oauth@ietf.org>; Wed, 27 Aug 2014 14:27:38 -0700 (PDT)
Received: from mail-ig0-f171.google.com ([209.85.213.171]) (using TLSv1) by na6sys009bob004.postini.com ([74.125.148.12]) with SMTP ID DSNKU/5NSl2m6gsK+Qfbjdx/FETP5mqt39b6@postini.com; Wed, 27 Aug 2014 14:27:39 PDT
Received: by mail-ig0-f171.google.com with SMTP id l13so6977932iga.4 for <oauth@ietf.org>; Wed, 27 Aug 2014 14:27:37 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=XhPH+p1yjdiwHYWQtrFZH1wUGE7CIGVwHDA5uai75/s=; b=Lz+VuJKFiAi03NSIhWfYGur2te3N5aJRoLxvHk/AdVKrLdnEDi484frpKEsZzTbYhI aFkvRVzGSS7Lk+Nx/6TmlJW6qwKFSAga3gefN9RPin7vwE6IRN1edqqKAcgEvwcM1H0q ugLoCobFqLEuU4uXGivlxCBFQoWQ1zPYH5xmWypYw38HQQ4ZEW8oBqliWpbD4B5wueNQ obAJLcC/mcNseqLNaxZE6ONXLfcPdir6l5bJc+Yx8Ouhyv2OvgrpLWKOnxe0oD5/ZHAr WahLyk4zRvMvzi+PIfJyfxqaAz+x3lgCxU5ym/2xissA8pkXFabHBfMRegAQjx/5NX0K eF5Q==
X-Gm-Message-State: ALoCoQk4aqHr0d/1CrvFYnpjKgNM/vuN9iCBl76nFRPoKQVSKb5WjezeuXcQJn8uW8JtqBTp5fgrED2avdDvB2Zv6Z3EGMskyH9EyxwjyhopmYDfu0mybLblvKB1Wy/xVSQMCZ1zYJqC
X-Received: by 10.42.68.1 with SMTP id v1mr501216ici.49.1409174857826; Wed, 27 Aug 2014 14:27:37 -0700 (PDT)
X-Received: by 10.42.68.1 with SMTP id v1mr501203ici.49.1409174857719; Wed, 27 Aug 2014 14:27:37 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.108.135 with HTTP; Wed, 27 Aug 2014 14:27:06 -0700 (PDT)
In-Reply-To: <29CFEF98-9B5F-418D-A799-DD0B536B8090@ve7jtb.com>
References: <53FCE0D7.5010109@gmx.net> <53FDFCFF.8010606@gmx.net> <29CFEF98-9B5F-418D-A799-DD0B536B8090@ve7jtb.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Wed, 27 Aug 2014 15:27:06 -0600
Message-ID: <CA+k3eCTBPkoQGsCo9uw=XNaa9WrE7YJ+UBRAE5NUaFZF9Rar_Q@mail.gmail.com>
To: John Bradley <ve7jtb@ve7jtb.com>
Content-Type: multipart/alternative; boundary=20cf30334b15d23cac0501a3164a
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/qriSgsSFUh6T6LCoChzkJF_M09M
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Working Group Last Call on "Symmetric Proof of Possession for the OAuth Authorization Code Grant"
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Aug 2014 21:27:41 -0000

--20cf30334b15d23cac0501a3164a
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

There was a previous discussion (
http://www.ietf.org/mail-archive/web/oauth/current/msg12860.html and other
messages in the thread) about lengths where the general consensus seemed to
be that the length restriction should be on both the code_verifier and the
code_challenge parameter values.  And also discussed in terms of octets
rather than bytes. Those minor changes should be made as part of the WGLC
process.




On Wed, Aug 27, 2014 at 10:40 AM, John Bradley <ve7jtb@ve7jtb.com> wrote:

> OK that explains it.
>
> You are basically giving the authors and reviewers a hurry up as it is
> security related.
>
> Nat and I will give it a higher priority then.
>
> Nat and I would like feedback on it quickly then.
>
> As you point out it is not a complex extension and has been deployed in a
> number of cases.
>
> As long as we are clear that the authors aren=E2=80=99t trying to slip so=
mething
> through. (In this case:)
>
> John B.
>
> On Aug 27, 2014, at 11:45 AM, Hannes Tschofenig <hannes.tschofenig@gmx.ne=
t>
> wrote:
>
> > Based on the reaction from a few I thought I should add a few words
> > about this working group last call.
> >
> > There is no requirement to wait a specific timeframe after a document
> > became a WG item to issue a working group last call.
> >
> > In this specific case, the document was around for a while and I didn't
> > see a reason for not-finishing it as soon as possible.
> >
> > Additionally, since the document deals with a security vulnerability
> > that is being exploited today I thought it might make sense to get the
> > attention from the group to review it.
> >
> > Finally, it is also a fairly "simple" document (if there is something a=
s
> > simple in this working group).
> >
> > Ciao
> > Hannes
> >
> > On 08/26/2014 09:32 PM, Hannes Tschofenig wrote:
> >> Hi all,
> >>
> >> This is a Last Call for comments on the "Symmetric Proof of Possession
> >> for the OAuth Authorization Code Grant" specification.
> >>
> >> The document can be found here:
> >> http://datatracker.ietf.org/doc/draft-ietf-oauth-spop/
> >>
> >> Please have your comments in no later than September 9th.
> >>
> >> Ciao
> >> Hannes & Derek
> >>
> >>
> >>
> >> _______________________________________________
> >> OAuth mailing list
> >> OAuth@ietf.org
> >> https://www.ietf.org/mailman/listinfo/oauth
> >>
> >
> > _______________________________________________
> > OAuth mailing list
> > OAuth@ietf.org
> > https://www.ietf.org/mailman/listinfo/oauth
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>

--20cf30334b15d23cac0501a3164a
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">There was a previous discussion (<a href=3D"http://www.iet=
f.org/mail-archive/web/oauth/current/msg12860.html">http://www.ietf.org/mai=
l-archive/web/oauth/current/msg12860.html</a> and other messages in the thr=
ead) about lengths where the general consensus seemed to be that the length=
 restriction should be on both the code_verifier and the code_challenge par=
ameter values.=C2=A0 And also discussed in terms of octets rather than byte=
s. Those minor changes should be made as part of the WGLC process.<br>

<div><br><br></div></div><div class=3D"gmail_extra"><br><br><div class=3D"g=
mail_quote">On Wed, Aug 27, 2014 at 10:40 AM, John Bradley <span dir=3D"ltr=
">&lt;<a href=3D"mailto:ve7jtb@ve7jtb.com" target=3D"_blank">ve7jtb@ve7jtb.=
com</a>&gt;</span> wrote:<br>

<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">OK that explains it.<br>
<br>
You are basically giving the authors and reviewers a hurry up as it is secu=
rity related.<br>
<br>
Nat and I will give it a higher priority then.<br>
<br>
Nat and I would like feedback on it quickly then.<br>
<br>
As you point out it is not a complex extension and has been deployed in a n=
umber of cases.<br>
<br>
As long as we are clear that the authors aren=E2=80=99t trying to slip some=
thing through. (In this case:)<br>
<br>
John B.<br>
<div class=3D"HOEnZb"><div class=3D"h5"><br>
On Aug 27, 2014, at 11:45 AM, Hannes Tschofenig &lt;<a href=3D"mailto:hanne=
s.tschofenig@gmx.net">hannes.tschofenig@gmx.net</a>&gt; wrote:<br>
<br>
&gt; Based on the reaction from a few I thought I should add a few words<br=
>
&gt; about this working group last call.<br>
&gt;<br>
&gt; There is no requirement to wait a specific timeframe after a document<=
br>
&gt; became a WG item to issue a working group last call.<br>
&gt;<br>
&gt; In this specific case, the document was around for a while and I didn&=
#39;t<br>
&gt; see a reason for not-finishing it as soon as possible.<br>
&gt;<br>
&gt; Additionally, since the document deals with a security vulnerability<b=
r>
&gt; that is being exploited today I thought it might make sense to get the=
<br>
&gt; attention from the group to review it.<br>
&gt;<br>
&gt; Finally, it is also a fairly &quot;simple&quot; document (if there is =
something as<br>
&gt; simple in this working group).<br>
&gt;<br>
&gt; Ciao<br>
&gt; Hannes<br>
&gt;<br>
&gt; On 08/26/2014 09:32 PM, Hannes Tschofenig wrote:<br>
&gt;&gt; Hi all,<br>
&gt;&gt;<br>
&gt;&gt; This is a Last Call for comments on the &quot;Symmetric Proof of P=
ossession<br>
&gt;&gt; for the OAuth Authorization Code Grant&quot; specification.<br>
&gt;&gt;<br>
&gt;&gt; The document can be found here:<br>
&gt;&gt; <a href=3D"http://datatracker.ietf.org/doc/draft-ietf-oauth-spop/"=
 target=3D"_blank">http://datatracker.ietf.org/doc/draft-ietf-oauth-spop/</=
a><br>
&gt;&gt;<br>
&gt;&gt; Please have your comments in no later than September 9th.<br>
&gt;&gt;<br>
&gt;&gt; Ciao<br>
&gt;&gt; Hannes &amp; Derek<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt; _______________________________________________<br>
&gt;&gt; OAuth mailing list<br>
&gt;&gt; <a href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>
&gt;&gt; <a href=3D"https://www.ietf.org/mailman/listinfo/oauth" target=3D"=
_blank">https://www.ietf.org/mailman/listinfo/oauth</a><br>
&gt;&gt;<br>
&gt;<br>
&gt; _______________________________________________<br>
&gt; OAuth mailing list<br>
&gt; <a href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>
&gt; <a href=3D"https://www.ietf.org/mailman/listinfo/oauth" target=3D"_bla=
nk">https://www.ietf.org/mailman/listinfo/oauth</a><br>
<br>
</div></div><br>_______________________________________________<br>
OAuth mailing list<br>
<a href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/oauth" target=3D"_blank">h=
ttps://www.ietf.org/mailman/listinfo/oauth</a><br>
<br></blockquote></div><br></div>

--20cf30334b15d23cac0501a3164a--


From nobody Wed Aug 27 19:32:22 2014
Return-Path: <sakimura@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 592711A01F7 for <oauth@ietfa.amsl.com>; Wed, 27 Aug 2014 19:32:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.852
X-Spam-Level: *
X-Spam-Status: No, score=1.852 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_CHARSET_FARAWAY=2.45, MIME_QP_LONG_LINE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MN8M_RIzlv23 for <oauth@ietfa.amsl.com>; Wed, 27 Aug 2014 19:32:19 -0700 (PDT)
Received: from mail-pa0-x22e.google.com (mail-pa0-x22e.google.com [IPv6:2607:f8b0:400e:c03::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA0631A015F for <oauth@ietf.org>; Wed, 27 Aug 2014 19:32:19 -0700 (PDT)
Received: by mail-pa0-f46.google.com with SMTP id eu11so537919pac.33 for <oauth@ietf.org>; Wed, 27 Aug 2014 19:32:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=ovsCmOXJVKJgUPCFCxGnc7aujicglOlS4whlt+MzpHM=; b=Qrmj07GdLUqvEHdFjH3zza2Qrjn29ppUr01RYyJjn4wp6Ymk5oEagm0ngPsaRLKMMG Kqj+zfOQi0gcVO6+dlB8PHc3wQ8UFAFoe89vDPDhGkJRDNOdLsmqYZJ1qftKV4Avqnob 3N8yd6yQGsLhODZgPnX8b+UyuV12mpk3Uue0z6X8umyt+/KrOCHQstrHhjooP6SAK6is eV25/0zLWVl550h8r2E76RSLSOay40g9gjX2JSp4mxQjDRhMt/OTfrO2iI88VqVPfza2 hfXK6DYRleivNbMOCFdUCyRVah/1yDycQixBc+zZIg5pT0VotEnZOAWVjZqJZbtTsD1j HT+g==
X-Received: by 10.66.221.163 with SMTP id qf3mr1265471pac.37.1409193139353; Wed, 27 Aug 2014 19:32:19 -0700 (PDT)
Received: from [10.65.125.4] (pw126205133244.3.panda-world.ne.jp. [126.205.133.244]) by mx.google.com with ESMTPSA id hb1sm1881750pbd.28.2014.08.27.19.32.17 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 27 Aug 2014 19:32:17 -0700 (PDT)
Content-Type: multipart/alternative; boundary=Apple-Mail-C0994E19-0545-4D50-9B72-BCEA7BA1338B
Mime-Version: 1.0 (1.0)
From: Nat Sakimura <sakimura@gmail.com>
X-Mailer: iPhone Mail (11D257)
In-Reply-To: <CA+k3eCTBPkoQGsCo9uw=XNaa9WrE7YJ+UBRAE5NUaFZF9Rar_Q@mail.gmail.com>
Date: Thu, 28 Aug 2014 11:32:16 +0900
Content-Transfer-Encoding: 7bit
Message-Id: <D762235C-8AF0-440B-9865-56965332DDAE@gmail.com>
References: <53FCE0D7.5010109@gmx.net> <53FDFCFF.8010606@gmx.net> <29CFEF98-9B5F-418D-A799-DD0B536B8090@ve7jtb.com> <CA+k3eCTBPkoQGsCo9uw=XNaa9WrE7YJ+UBRAE5NUaFZF9Rar_Q@mail.gmail.com>
To: Brian Campbell <bcampbell@pingidentity.com>
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/HGFluEyzZGAsLhu0nkLejIiOFlk
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Working Group Last Call on "Symmetric Proof of Possession for the OAuth Authorization Code Grant"
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Aug 2014 02:32:21 -0000

--Apple-Mail-C0994E19-0545-4D50-9B72-BCEA7BA1338B
Content-Type: text/plain;
	charset=iso-2022-jp
Content-Transfer-Encoding: quoted-printable

+1=20

=3Dnat via iPhone

Aug 28, 2014 6:27=1B$B!"=1B(BBrian Campbell <bcampbell@pingidentity.com> =1B=
$B$N%a%C%;!<%8=1B(B:

> There was a previous discussion (http://www.ietf.org/mail-archive/web/oaut=
h/current/msg12860.html and other messages in the thread) about lengths wher=
e the general consensus seemed to be that the length restriction should be o=
n both the code_verifier and the code_challenge parameter values.  And also d=
iscussed in terms of octets rather than bytes. Those minor changes should be=
 made as part of the WGLC process.
>=20
>=20
>=20
>=20
>> On Wed, Aug 27, 2014 at 10:40 AM, John Bradley <ve7jtb@ve7jtb.com> wrote:=

>> OK that explains it.
>>=20
>> You are basically giving the authors and reviewers a hurry up as it is se=
curity related.
>>=20
>> Nat and I will give it a higher priority then.
>>=20
>> Nat and I would like feedback on it quickly then.
>>=20
>> As you point out it is not a complex extension and has been deployed in a=
 number of cases.
>>=20
>> As long as we are clear that the authors aren=1B$B!G=1B(Bt trying to slip=
 something through. (In this case:)
>>=20
>> John B.
>>=20
>> On Aug 27, 2014, at 11:45 AM, Hannes Tschofenig <hannes.tschofenig@gmx.ne=
t> wrote:
>>=20
>> > Based on the reaction from a few I thought I should add a few words
>> > about this working group last call.
>> >
>> > There is no requirement to wait a specific timeframe after a document
>> > became a WG item to issue a working group last call.
>> >
>> > In this specific case, the document was around for a while and I didn't=

>> > see a reason for not-finishing it as soon as possible.
>> >
>> > Additionally, since the document deals with a security vulnerability
>> > that is being exploited today I thought it might make sense to get the
>> > attention from the group to review it.
>> >
>> > Finally, it is also a fairly "simple" document (if there is something a=
s
>> > simple in this working group).
>> >
>> > Ciao
>> > Hannes
>> >
>> > On 08/26/2014 09:32 PM, Hannes Tschofenig wrote:
>> >> Hi all,
>> >>
>> >> This is a Last Call for comments on the "Symmetric Proof of Possession=

>> >> for the OAuth Authorization Code Grant" specification.
>> >>
>> >> The document can be found here:
>> >> http://datatracker.ietf.org/doc/draft-ietf-oauth-spop/
>> >>
>> >> Please have your comments in no later than September 9th.
>> >>
>> >> Ciao
>> >> Hannes & Derek
>> >>
>> >>
>> >>
>> >> _______________________________________________
>> >> OAuth mailing list
>> >> OAuth@ietf.org
>> >> https://www.ietf.org/mailman/listinfo/oauth
>> >>
>> >
>> > _______________________________________________
>> > OAuth mailing list
>> > OAuth@ietf.org
>> > https://www.ietf.org/mailman/listinfo/oauth
>>=20
>>=20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

--Apple-Mail-C0994E19-0545-4D50-9B72-BCEA7BA1338B
Content-Type: text/html;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html><head><meta http-equiv=3D"content-type" content=3D"text/html; charset=3D=
utf-8"></head><body dir=3D"auto"><div>+1&nbsp;<br><br>=3Dnat via iPhone</div=
><div><br>Aug 28, 2014 6:27=E3=80=81Brian Campbell &lt;<a href=3D"mailto:bca=
mpbell@pingidentity.com">bcampbell@pingidentity.com</a>&gt; =E3=81=AE=E3=83=A1=
=E3=83=83=E3=82=BB=E3=83=BC=E3=82=B8:<br><br></div><blockquote type=3D"cite"=
><div><div dir=3D"ltr">There was a previous discussion (<a href=3D"http://ww=
w.ietf.org/mail-archive/web/oauth/current/msg12860.html">http://www.ietf.org=
/mail-archive/web/oauth/current/msg12860.html</a> and other messages in the t=
hread) about lengths where the general consensus seemed to be that the lengt=
h restriction should be on both the code_verifier and the code_challenge par=
ameter values.&nbsp; And also discussed in terms of octets rather than bytes=
. Those minor changes should be made as part of the WGLC process.<br>

<div><br><br></div></div><div class=3D"gmail_extra"><br><br><div class=3D"gm=
ail_quote">On Wed, Aug 27, 2014 at 10:40 AM, John Bradley <span dir=3D"ltr">=
&lt;<a href=3D"mailto:ve7jtb@ve7jtb.com" target=3D"_blank">ve7jtb@ve7jtb.com=
</a>&gt;</span> wrote:<br>

<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px=
 #ccc solid;padding-left:1ex">OK that explains it.<br>
<br>
You are basically giving the authors and reviewers a hurry up as it is secur=
ity related.<br>
<br>
Nat and I will give it a higher priority then.<br>
<br>
Nat and I would like feedback on it quickly then.<br>
<br>
As you point out it is not a complex extension and has been deployed in a nu=
mber of cases.<br>
<br>
As long as we are clear that the authors aren=E2=80=99t trying to slip somet=
hing through. (In this case:)<br>
<br>
John B.<br>
<div class=3D"HOEnZb"><div class=3D"h5"><br>
On Aug 27, 2014, at 11:45 AM, Hannes Tschofenig &lt;<a href=3D"mailto:hannes=
.tschofenig@gmx.net">hannes.tschofenig@gmx.net</a>&gt; wrote:<br>
<br>
&gt; Based on the reaction from a few I thought I should add a few words<br>=

&gt; about this working group last call.<br>
&gt;<br>
&gt; There is no requirement to wait a specific timeframe after a document<b=
r>
&gt; became a WG item to issue a working group last call.<br>
&gt;<br>
&gt; In this specific case, the document was around for a while and I didn't=
<br>
&gt; see a reason for not-finishing it as soon as possible.<br>
&gt;<br>
&gt; Additionally, since the document deals with a security vulnerability<br=
>
&gt; that is being exploited today I thought it might make sense to get the<=
br>
&gt; attention from the group to review it.<br>
&gt;<br>
&gt; Finally, it is also a fairly "simple" document (if there is something a=
s<br>
&gt; simple in this working group).<br>
&gt;<br>
&gt; Ciao<br>
&gt; Hannes<br>
&gt;<br>
&gt; On 08/26/2014 09:32 PM, Hannes Tschofenig wrote:<br>
&gt;&gt; Hi all,<br>
&gt;&gt;<br>
&gt;&gt; This is a Last Call for comments on the "Symmetric Proof of Possess=
ion<br>
&gt;&gt; for the OAuth Authorization Code Grant" specification.<br>
&gt;&gt;<br>
&gt;&gt; The document can be found here:<br>
&gt;&gt; <a href=3D"http://datatracker.ietf.org/doc/draft-ietf-oauth-spop/" t=
arget=3D"_blank">http://datatracker.ietf.org/doc/draft-ietf-oauth-spop/</a><=
br>
&gt;&gt;<br>
&gt;&gt; Please have your comments in no later than September 9th.<br>
&gt;&gt;<br>
&gt;&gt; Ciao<br>
&gt;&gt; Hannes &amp; Derek<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt; _______________________________________________<br>
&gt;&gt; OAuth mailing list<br>
&gt;&gt; <a href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>
&gt;&gt; <a href=3D"https://www.ietf.org/mailman/listinfo/oauth" target=3D"_=
blank">https://www.ietf.org/mailman/listinfo/oauth</a><br>
&gt;&gt;<br>
&gt;<br>
&gt; _______________________________________________<br>
&gt; OAuth mailing list<br>
&gt; <a href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>
&gt; <a href=3D"https://www.ietf.org/mailman/listinfo/oauth" target=3D"_blan=
k">https://www.ietf.org/mailman/listinfo/oauth</a><br>
<br>
</div></div><br>_______________________________________________<br>
OAuth mailing list<br>
<a href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/oauth" target=3D"_blank">ht=
tps://www.ietf.org/mailman/listinfo/oauth</a><br>
<br></blockquote></div><br></div>
</div></blockquote><blockquote type=3D"cite"><div><span>____________________=
___________________________</span><br><span>OAuth mailing list</span><br><sp=
an><a href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a></span><br><span><a h=
ref=3D"https://www.ietf.org/mailman/listinfo/oauth">https://www.ietf.org/mai=
lman/listinfo/oauth</a></span><br></div></blockquote></body></html>=

--Apple-Mail-C0994E19-0545-4D50-9B72-BCEA7BA1338B--


From nobody Thu Aug 28 00:05:20 2014
Return-Path: <tireddy@cisco.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 529D71A06A1 for <oauth@ietfa.amsl.com>; Thu, 28 Aug 2014 00:05:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.168
X-Spam-Level: 
X-Spam-Status: No, score=-15.168 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z2AoVgGalqnP for <oauth@ietfa.amsl.com>; Thu, 28 Aug 2014 00:05:16 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B02261A0694 for <oauth@ietf.org>; Thu, 28 Aug 2014 00:05:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7170; q=dns/txt; s=iport; t=1409209515; x=1410419115; h=from:to:subject:date:message-id:mime-version; bh=GHRuzR9yaD0ENhlUUqPkyNnhQ4Ysp7sWkPJfyQtlkuA=; b=WyegJY9fwGHERfrN0lSsTSegKiAfChI5Jy2ooP07pw9jTNht25rXGE1D QIgF/i6QblA9COCF44A+Y4QpRyg4mObPIkADufnvbp7neS2PeLLAqxcXT y7vRlVUo9IBKifyOfrn1JNdFDL+67H1n4Ub3DXYwBHIBa95hsnM7yHGS0 A=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ag0FAALU/lOtJV2Y/2dsb2JhbABbgkdGU1vTdQGBGBZ3hAUBBC1FGQEaEFYXDwEEG4g6myajaRePG4NngR0FkS+gQ4NegjSBBwEBAQ
X-IronPort-AV: E=Sophos;i="5.04,416,1406592000";  d="scan'208,217";a="350674419"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by rcdn-iport-1.cisco.com with ESMTP; 28 Aug 2014 07:05:14 +0000
Received: from xhc-aln-x06.cisco.com (xhc-aln-x06.cisco.com [173.36.12.80]) by rcdn-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id s7S75DNG006335 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <oauth@ietf.org>; Thu, 28 Aug 2014 07:05:13 GMT
Received: from xmb-rcd-x10.cisco.com ([169.254.15.68]) by xhc-aln-x06.cisco.com ([173.36.12.80]) with mapi id 14.03.0195.001; Thu, 28 Aug 2014 02:05:13 -0500
From: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: Review of draft-ietf-oauth-pop-architecture-00
Thread-Index: Ac/CjmcIsOP9pHNQQxmOz32kneaCNg==
Date: Thu, 28 Aug 2014 07:05:13 +0000
Message-ID: <913383AAA69FF945B8F946018B75898A2831D1E6@xmb-rcd-x10.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.65.49.215]
Content-Type: multipart/alternative; boundary="_000_913383AAA69FF945B8F946018B75898A2831D1E6xmbrcdx10ciscoc_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/BfKwcayifODZ3a04r0iHnw_M8VI
Subject: [OAUTH-WG] Review of draft-ietf-oauth-pop-architecture-00
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Aug 2014 07:05:18 -0000

--_000_913383AAA69FF945B8F946018B75898A2831D1E6xmbrcdx10ciscoc_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

My comments:

1) Figure 3: Resource server in the response could also generate Signature/=
MAC to prove the client that it is in possession of cryptographic keying ma=
terial.

2) Section 3.2:
Will new HTTP headers be defined in one of the PoP drafts for the applicati=
on layer to carry the TLS channel binding information ?

3)Section 3.3: It is covering various attack scenarios except active, man-i=
n-middle attack.

4)Why only discuss TLS and not DTLS ?

5)Section 3.4: Enterprise networks, ISP etc. may also deploy HTTP(S) proxy.

6)Please explain scenarios in which using asymmetric cryptography is better=
 suited for PoP than using symmetric cryptography.

7)I don't see any discussion on HMAC algorithm negotiation b/w the client a=
nd resource server.
   It may help to define mandatory to implement and default algorithms.

8)Protocols like Dynamic Symmetric Key Provisioning Protocol (DSKPP) (RFC60=
63) could be considered for long-term secret b/w the AS and RS.

9)Nit> Figure 4: Add arrows for (V) and (IV)


10)   AS-to-RS Relationship Anonymity:

      This MAC Token security does not provide AS-to-RS relationship
      anonymity since the client has to inform the resource server about
      the resource server it wants to talk to.

Nit> I think you meant "inform the authorization server about the resource =
server it wants to talk to"

Cheers,
-Tiru

--_000_913383AAA69FF945B8F946018B75898A2831D1E6xmbrcdx10ciscoc_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
pre
	{mso-style-priority:99;
	mso-style-link:"HTML Preformatted Char";
	margin:0in;
	margin-bottom:.0001pt;
	font-size:10.0pt;
	font-family:"Courier New";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
	{mso-style-priority:34;
	margin-top:0in;
	margin-right:0in;
	margin-bottom:0in;
	margin-left:.5in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
span.HTMLPreformattedChar
	{mso-style-name:"HTML Preformatted Char";
	mso-style-priority:99;
	mso-style-link:"HTML Preformatted";
	font-family:"Courier New";}
.MsoChpDefault
	{mso-style-type:export-only;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal">My comments:<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">1) Figure 3: Resource server in the response could a=
lso generate Signature/MAC to prove the client that it is in possession of =
cryptographic keying material.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">2) Section 3.2: <o:p></o:p></p>
<p class=3D"MsoNormal">Will new HTTP headers be defined in one of the PoP d=
rafts for the application layer to carry the TLS channel binding informatio=
n ?<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">3)Section 3.3: It is covering various attack scenari=
os except active, man-in-middle attack.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">4)Why only discuss TLS and not DTLS ?<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">5)Section 3.4: Enterprise networks, ISP etc. may als=
o deploy HTTP(S) proxy.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">6)Please explain scenarios in which using asymmetric=
 cryptography is better suited for PoP than using symmetric cryptography.<o=
:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">7)I don&#8217;t see any discussion on HMAC algorithm=
 negotiation b/w the client and resource server.<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp; It may help to define mandatory to impl=
ement and default algorithms.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">8)Protocols like Dynamic Symmetric Key Provisioning =
Protocol (DSKPP) (RFC6063) could be considered for long-term secret b/w the=
 AS and RS.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">9)Nit&gt; Figure 4: Add arrows for (V) and (IV)<o:p>=
</o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<pre>10)&nbsp;&nbsp; AS-to-RS Relationship Anonymity:<o:p></o:p></pre>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:&quot;Co=
urier New&quot;"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:&quot;Co=
urier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; This MAC Token security doe=
s not provide AS-to-RS relationship<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:&quot;Co=
urier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; anonymity since the client =
has to inform the resource server about<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:&quot;Co=
urier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; the resource server it want=
s to talk to.
<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:&quot;Co=
urier New&quot;"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal">Nit&gt; I think you meant &#8220;inform the authoriz=
ation server about the resource server it wants to talk to&#8221;<o:p></o:p=
></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Cheers,<o:p></o:p></p>
<p class=3D"MsoNormal">-Tiru<o:p></o:p></p>
</div>
</body>
</html>

--_000_913383AAA69FF945B8F946018B75898A2831D1E6xmbrcdx10ciscoc_--


From nobody Thu Aug 28 01:09:55 2014
Return-Path: <tireddy@cisco.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AC591A0717 for <oauth@ietfa.amsl.com>; Thu, 28 Aug 2014 01:09:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.168
X-Spam-Level: 
X-Spam-Status: No, score=-15.168 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A-owcMlmMJPb for <oauth@ietfa.amsl.com>; Thu, 28 Aug 2014 01:09:51 -0700 (PDT)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F68C1A0712 for <oauth@ietf.org>; Thu, 28 Aug 2014 01:09:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5033; q=dns/txt; s=iport; t=1409213391; x=1410422991; h=from:to:subject:date:message-id:mime-version; bh=6Vk7L4IJ1HCpuTWAMOKnd7jP58d9lwNq14swzlYJsQU=; b=Qq438NIsyQl3edYctJhKCfKdP3RMHvI8MyDDsvccP6QwkB33mVM6ZDMp IF6Q8zz0uIX98AVjSaGKYBuvinQVqn7WYgerjellsyMvzU4rcuO2+JTGt C7GcmWfva1iJHt1GINe4Ryi7T1isJU/8pwnLSv9x4tjIkGcZUAxtq5WGf U=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AoQHAIDj/lOtJA2M/2dsb2JhbABbgkdGU1gDykGBZYdPAYEaFneEBQEELV4BKlYmAQQbiDoNmw+jaRePG4NngR0FkS+ELYhXkz+DXoI0gQcBAQE
X-IronPort-AV: E=Sophos;i="5.04,416,1406592000";  d="scan'208,217";a="350906753"
Received: from alln-core-7.cisco.com ([173.36.13.140]) by rcdn-iport-3.cisco.com with ESMTP; 28 Aug 2014 08:09:26 +0000
Received: from xhc-rcd-x04.cisco.com (xhc-rcd-x04.cisco.com [173.37.183.78]) by alln-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id s7S89Q3N003042 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <oauth@ietf.org>; Thu, 28 Aug 2014 08:09:26 GMT
Received: from xmb-rcd-x10.cisco.com ([169.254.15.68]) by xhc-rcd-x04.cisco.com ([fe80::200:5efe:173.37.183.34%12]) with mapi id 14.03.0195.001; Thu, 28 Aug 2014 03:09:26 -0500
From: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: Review of draft-ietf-oauth-pop-key-distribution-00
Thread-Index: Ac/Cl1+ieRScCmnqQtOURP7L95jVJg==
Date: Thu, 28 Aug 2014 08:09:25 +0000
Message-ID: <913383AAA69FF945B8F946018B75898A2831D261@xmb-rcd-x10.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.65.49.215]
Content-Type: multipart/alternative; boundary="_000_913383AAA69FF945B8F946018B75898A2831D261xmbrcdx10ciscoc_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/WIQQEMkBqPTsiRHWtB6byigvUis
Subject: [OAUTH-WG] Review of draft-ietf-oauth-pop-key-distribution-00
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Aug 2014 08:09:53 -0000

--_000_913383AAA69FF945B8F946018B75898A2831D261xmbrcdx10ciscoc_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

My comments

1)Is audience parameter mandatory when handle token used ?

2)The value included in the aud parameter may not always be an absolute URI=
. For example refer to Figure 2 in http://tools.ietf.org/html/draft-ietf-tr=
am-turn-third-party-authz-02

3)What are the mitigations RS would use to handle a scenario where there is=
 a DDOS attack from clients sending invalid self-contained or handle tokens=
 ?
4)

      Step (2): When the client interacts with the token endpoint to
      obtain an access token it MUST populate the newly defined
      'audience' parameter with the information obtained in step (0).

Nit> Replace 'audience' with 'aud'

5)Figure 3
Comment> Please explain what kty, kid, and k mean ?

Cheers,
-Tiru

--_000_913383AAA69FF945B8F946018B75898A2831D261xmbrcdx10ciscoc_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
pre
	{mso-style-priority:99;
	mso-style-link:"HTML Preformatted Char";
	margin:0in;
	margin-bottom:.0001pt;
	font-size:10.0pt;
	font-family:"Courier New";}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
span.HTMLPreformattedChar
	{mso-style-name:"HTML Preformatted Char";
	mso-style-priority:99;
	mso-style-link:"HTML Preformatted";
	font-family:"Courier New";}
.MsoChpDefault
	{mso-style-type:export-only;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal">My comments<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">1)Is audience parameter mandatory when handle token =
used ?<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">2)The value included in the aud parameter may not al=
ways be an absolute URI. For example refer to Figure 2 in
<a href=3D"http://tools.ietf.org/html/draft-ietf-tram-turn-third-party-auth=
z-02">http://tools.ietf.org/html/draft-ietf-tram-turn-third-party-authz-02<=
/a><o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">3)What are the mitigations RS would use to handle a =
scenario where there is a DDOS attack from clients sending invalid self-con=
tained or handle tokens ?<o:p></o:p></p>
<p class=3D"MsoNormal">4) <o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:&quot;Co=
urier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Step (2): When the client i=
nteracts with the token endpoint to<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:&quot;Co=
urier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; obtain an access token it M=
UST populate the newly defined<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:&quot;Co=
urier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 'audience' parameter with t=
he information obtained in step (0).<o:p></o:p></span></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Nit&gt; Replace &#8216;audience&#8217; with &#8216;a=
ud&#8217;<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">5)Figure 3<o:p></o:p></p>
<p class=3D"MsoNormal">Comment&gt; Please explain what kty, kid, and k mean=
 ?<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Cheers,<o:p></o:p></p>
<p class=3D"MsoNormal">-Tiru<o:p></o:p></p>
</div>
</body>
</html>

--_000_913383AAA69FF945B8F946018B75898A2831D261xmbrcdx10ciscoc_--


From nobody Thu Aug 28 04:16:46 2014
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B35BD1A6F75 for <oauth@ietfa.amsl.com>; Thu, 28 Aug 2014 04:16:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.568
X-Spam-Level: 
X-Spam-Status: No, score=-2.568 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KMZrHf3B6nlo for <oauth@ietfa.amsl.com>; Thu, 28 Aug 2014 04:16:42 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2EC001A0537 for <oauth@ietf.org>; Thu, 28 Aug 2014 04:16:40 -0700 (PDT)
Received: from [172.16.254.100] ([80.92.121.165]) by mail.gmx.com (mrgmx001) with ESMTPSA (Nemesis) id 0MBmvH-1XCGSP1Drb-00Amjv for <oauth@ietf.org>; Thu, 28 Aug 2014 13:16:38 +0200
Message-ID: <53FF0F95.9010704@gmx.net>
Date: Thu, 28 Aug 2014 13:16:37 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: "oauth@ietf.org" <oauth@ietf.org>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="nL365P2G0hUFde6NcqBRFV2unAdHK0ERs"
X-Provags-ID: V03:K0:A8xypbLQuxaj7u68nIygHCp7V/IhtN72FtkG73z1Q2Tv3TD9Ob6 cgVZVAFtF98ONzmubUggmAjKpJopGKDt2d0C9L9mWEgv01NwvodO+LTYPpfdyLePYb+kS7W hxU62Iy7Z5u7QgU6QwxnQnlHPwxSG0PkAUz2lsMOQxrIxDg/Bwz4sMOXtthi3I6PF0Nhsx+ EsuVXmV6R0dpP6M1UKjNQ==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/oJQ2Ea_VO7NEb1JYWBVKeQGw6GI
Subject: [OAUTH-WG] Question regarding OAuth SPOP
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Aug 2014 11:16:44 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--nL365P2G0hUFde6NcqBRFV2unAdHK0ERs
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hi Nat, Hi John,

I have been trying to do a detailed review of the OAuth SPOP document
http://datatracker.ietf.org/doc/draft-ietf-oauth-spop/
and I ran into a few questions regarding the capabilities of the attacker=
=2E

Is it correct that you assume that the attacker is only able to
intercept the Authorization Response message but not the Authorization
Request message?

The security consideration section of the document is a bit fuzzy about
this issue and says:
"
the client MUST make sure that the request channel is adequately protecte=
d
"

It is, however, not clear what request channel you are talking about and
what you mean by adequately protected.

Ciao
Hannes


--nL365P2G0hUFde6NcqBRFV2unAdHK0ERs
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQEcBAEBCgAGBQJT/w+VAAoJEGhJURNOOiAtxDAH/0ivOODeTKdeey/amvFoFjfJ
eafW10pn1MkSCvjNVe6F+9da4fHUGH4a0s9Tun43/y8BfpcN8/frAwsFMY/ISrPH
QMMbzQE1ZrO4ePevTwxrOOA+5cXDAQ/CcS2fzVu1hYb4ZOsUFJmSG7MVbtZb2Z0h
B5FYLJT5UhSMFgLG2bnq59dBn5yd6kuGbS5LH5Jr33YBrOU/g4DO1AgOXm8bgqkW
hL5N3pwJ7pVB+TkBEJrjRTfq4wqUYkA0tLeo2hrc8YhvtslrI4ViwNsFPoeAaQ+m
1PBQ6I5n1eZi7pYqXmFAFvgnghXQQTXlmllMN8ny/co5f4FjlGvav+Ku8gG5n6M=
=PTcA
-----END PGP SIGNATURE-----

--nL365P2G0hUFde6NcqBRFV2unAdHK0ERs--


From nobody Thu Aug 28 18:01:01 2014
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF9441A01FF for <oauth@ietfa.amsl.com>; Thu, 28 Aug 2014 18:00:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level: 
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qRBto3V5GeDo for <oauth@ietfa.amsl.com>; Thu, 28 Aug 2014 18:00:45 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2lp0237.outbound.protection.outlook.com [207.46.163.237]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 425FE1A01DC for <oauth@ietf.org>; Thu, 28 Aug 2014 18:00:43 -0700 (PDT)
Received: from BN3PR0301CA0080.namprd03.prod.outlook.com (25.160.152.176) by BY2PR03MB619.namprd03.prod.outlook.com (10.255.93.41) with Microsoft SMTP Server (TLS) id 15.0.1015.19; Fri, 29 Aug 2014 01:00:40 +0000
Received: from BY2FFO11FD032.protection.gbl (2a01:111:f400:7c0c::115) by BN3PR0301CA0080.outlook.office365.com (2a01:111:e400:401e::48) with Microsoft SMTP Server (TLS) id 15.0.1015.19 via Frontend Transport; Fri, 29 Aug 2014 01:00:39 +0000
Received: from mail.microsoft.com (131.107.125.37) by BY2FFO11FD032.mail.protection.outlook.com (10.1.14.210) with Microsoft SMTP Server (TLS) id 15.0.1010.11 via Frontend Transport; Fri, 29 Aug 2014 01:00:39 +0000
Received: from TK5EX14MBXC293.redmond.corp.microsoft.com ([169.254.2.111]) by TK5EX14MLTC104.redmond.corp.microsoft.com ([157.54.79.159]) with mapi id 14.03.0195.002; Fri, 29 Aug 2014 01:00:05 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Working Group Last Call on "Symmetric Proof of Possession for the OAuth Authorization Code Grant"
Thread-Index: AQHPwWSGDmsluGrlrkyM8/2RXxNk0pvkmPKAgAInKgA=
Date: Fri, 29 Aug 2014 01:00:04 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739439AE5002A@TK5EX14MBXC293.redmond.corp.microsoft.com>
References: <53FCE0D7.5010109@gmx.net> <53FDFCFF.8010606@gmx.net>
In-Reply-To: <53FDFCFF.8010606@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.76]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739439AE5002ATK5EX14MBXC293r_"
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(438002)(13464003)(51704005)(189002)(24454002)(377454003)(479174003)(53754006)(199003)(99396002)(97736001)(79102001)(107886001)(19580395003)(83322001)(19580405001)(69596002)(106116001)(107046002)(19625215002)(77982001)(74662001)(86612001)(81156004)(26826002)(106466001)(68736004)(33656002)(16236675004)(50986999)(85852003)(15975445006)(92566001)(92726001)(83072002)(19300405004)(21056001)(86362001)(55846006)(2656002)(84326002)(76482001)(74502001)(77096002)(31966008)(84676001)(6806004)(87936001)(76176999)(19617315012)(15202345003)(85306004)(80022001)(66066001)(512954002)(64706001)(20776003)(46102001)(90102001)(44976005)(95666004)(54356999)(71186001)(81342001)(104016003)(81542001)(4396001)(2501001); DIR:OUT; SFP:; SCL:1; SRVR:BY2PR03MB619; H:mail.microsoft.com; FPR:; MLV:ovrnspm; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en; 
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;UriScan:;
X-O365ENT-EOP-Header: Message processed by -  O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 0318501FAE
Received-SPF: Pass (protection.outlook.com: domain of microsoft.com designates 131.107.125.37 as permitted sender) receiver=protection.outlook.com;  client-ip=131.107.125.37; helo=mail.microsoft.com;
Authentication-Results: spf=pass (sender IP is 131.107.125.37) smtp.mailfrom=Michael.Jones@microsoft.com; 
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/A2ZkEbbxTE8gJUOsbLl8YOeTLa8
Subject: Re: [OAUTH-WG] Working Group Last Call on "Symmetric Proof of Possession for the OAuth Authorization Code Grant"
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Aug 2014 01:00:58 -0000

--_000_4E1F6AAD24975D4BA5B16804296739439AE5002ATK5EX14MBXC293r_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Here's some feedback on the document.



First, while I believe that the document is a good first working group draf=
t and this specification is important, it is not ready for last call, since=
 there are open issues called out in the document that have not been discus=
sed by the working group and aspects of the specification are incomplete.  =
I'll discuss those below.  There are also significant ambiguities in the do=
cument at present that could lead to non-interoperable implementations.  I =
believe that it would be more appropriate to bring the document to WGLC onc=
e these significant issues (and those that may be raised by other reviewers=
) have been addressed.



2.  Terminology - I would list "code challenge" before "code verifier" both=
 because it is used first and because it's alphabetically first.



2.1 code verifier - Is this an octet sequence to be sent as-is (with the re=
quirement for %-escaping octets representing non-url-safe characters) or as=
 the base64url encoding of the octet sequence?



2.2 code challenge - Same question as above.  Then I would just say that th=
e code challenge value is a function of the code verifier value and discuss=
 the possible functions in its own section or subsection.



NOTE 1:  This should be discussed in the section about the transformation f=
unction.  Also, say here what criteria people might use to choose function.



NOTE 2:  Also fold this into the transformation function section.



3.2 Client registers its desired code challenge algorithm - A means of regi=
stering this algorithm using OAuth Dynamic Client Registration should be de=
fined.  Use of this method should be optional.  Any metadata values defines=
 should be registered in the appropriate registry.



3.4 Client sends the code challenge - Is the code challenge octet sequence =
value sent or the base64url encoding of it?



3.6  Client sends the code and the secret  - Is the code verifier octet seq=
uence value sent or the base64url encoding of it?



4.1  OAuth Parameters Registry - The change controller should be "IESG".



5.  Security Considerations - The implications of choosing different kinds =
of transformation functions should be discussed.



I would recommend running the HTML output of xml2rfc through a grammar and =
spelling checker, as numerous grammar nits would be caught by doing so.



                                                                -- Mike



-----Original Message-----
From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Hannes Tschofenig
Sent: Wednesday, August 27, 2014 8:45 AM
To: oauth@ietf.org
Subject: Re: [OAUTH-WG] Working Group Last Call on "Symmetric Proof of Poss=
ession for the OAuth Authorization Code Grant"



Based on the reaction from a few I thought I should add a few words about t=
his working group last call.



There is no requirement to wait a specific timeframe after a document becam=
e a WG item to issue a working group last call.



In this specific case, the document was around for a while and I didn't see=
 a reason for not-finishing it as soon as possible.



Additionally, since the document deals with a security vulnerability that i=
s being exploited today I thought it might make sense to get the attention =
from the group to review it.



Finally, it is also a fairly "simple" document (if there is something as si=
mple in this working group).



Ciao

Hannes



On 08/26/2014 09:32 PM, Hannes Tschofenig wrote:

> Hi all,

>

> This is a Last Call for comments on the "Symmetric Proof of Possession

> for the OAuth Authorization Code Grant" specification.

>

> The document can be found here:

> http://datatracker.ietf.org/doc/draft-ietf-oauth-spop/

>

> Please have your comments in no later than September 9th.

>

> Ciao

> Hannes & Derek

>

>

>

> _______________________________________________

> OAuth mailing list

> OAuth@ietf.org<mailto:OAuth@ietf.org>

> https://www.ietf.org/mailman/listinfo/oauth

>



--_000_4E1F6AAD24975D4BA5B16804296739439AE5002ATK5EX14MBXC293r_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Consolas;
	panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
	{mso-style-priority:99;
	mso-style-link:"Plain Text Char";
	margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
span.PlainTextChar
	{mso-style-name:"Plain Text Char";
	mso-style-priority:99;
	mso-style-link:"Plain Text";
	font-family:"Calibri","sans-serif";}
.MsoChpDefault
	{mso-style-type:export-only;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoPlainText">Here's some feedback on the document.<o:p></o:p><=
/p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">First, while I believe that the document is a goo=
d first working group draft and this specification is important, it is not =
ready for last call, since there are open issues called out in the document=
 that have not been discussed by the
 working group and aspects of the specification are incomplete.&nbsp; I&#82=
17;ll discuss those below.&nbsp; There are also significant ambiguities in =
the document at present that could lead to non-interoperable implementation=
s.&nbsp; I believe that it would be more appropriate
 to bring the document to WGLC once these significant issues (and those tha=
t may be raised by other reviewers) have been addressed.<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">2.&nbsp; Terminology &#8211; I would list &#8220;=
code challenge&#8221; before &#8220;code verifier&#8221; both because it is=
 used first and because it&#8217;s alphabetically first.<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">2.1 code verifier &#8211; Is this an octet sequen=
ce to be sent as-is (with the requirement for %-escaping octets representin=
g non-url-safe characters) or as the base64url encoding of the octet sequen=
ce?<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">2.2 code challenge &#8211; Same question as above=
.&nbsp; Then I would just say that the code challenge value is a function o=
f the code verifier value and discuss the possible functions in its own sec=
tion or subsection.<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">NOTE 1:&nbsp; This should be discussed in the sec=
tion about the transformation function.&nbsp; Also, say here what criteria =
people might use to choose function.<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">NOTE 2:&nbsp; Also fold this into the transformat=
ion function section.<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">3.2 Client registers its desired code challenge a=
lgorithm &#8211; A means of registering this algorithm using OAuth Dynamic =
Client Registration should be defined.&nbsp; Use of this method should be o=
ptional.&nbsp; Any metadata values defines should
 be registered in the appropriate registry.<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">3.4 Client sends the code challenge &#8211; Is th=
e code challenge octet sequence value sent or the base64url encoding of it?=
<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">3.6&nbsp; Client sends the code and the secret &n=
bsp;&#8211; Is the code verifier octet sequence value sent or the base64url=
 encoding of it?<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">4.1&nbsp; OAuth Parameters Registry &#8211; The c=
hange controller should be &#8220;IESG&#8221;.<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">5.&nbsp; Security Considerations &#8211; The impl=
ications of choosing different kinds of transformation functions should be =
discussed.<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">I would recommend running the HTML output of xml2=
rfc through a grammar and spelling checker, as numerous grammar nits would =
be caught by doing so.<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- Mike<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">-----Original Message-----<br>
From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Hannes Tschofenig<=
br>
Sent: Wednesday, August 27, 2014 8:45 AM<br>
To: oauth@ietf.org<br>
Subject: Re: [OAUTH-WG] Working Group Last Call on &quot;Symmetric Proof of=
 Possession for the OAuth Authorization Code Grant&quot;</p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">Based on the reaction from a few I thought I shou=
ld add a few words about this working group last call.<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">There is no requirement to wait a specific timefr=
ame after a document became a WG item to issue a working group last call.<o=
:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">In this specific case, the document was around fo=
r a while and I didn't see a reason for not-finishing it as soon as possibl=
e.<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">Additionally, since the document deals with a sec=
urity vulnerability that is being exploited today I thought it might make s=
ense to get the attention from the group to review it.<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">Finally, it is also a fairly &quot;simple&quot; d=
ocument (if there is something as simple in this working group).<o:p></o:p>=
</p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">Ciao<o:p></o:p></p>
<p class=3D"MsoPlainText">Hannes<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">On 08/26/2014 09:32 PM, Hannes Tschofenig wrote:<=
o:p></o:p></p>
<p class=3D"MsoPlainText">&gt; Hi all,<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt; <o:p></o:p></p>
<p class=3D"MsoPlainText">&gt; This is a Last Call for comments on the &quo=
t;Symmetric Proof of Possession
<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt; for the OAuth Authorization Code Grant&quot;=
 specification.<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt; <o:p></o:p></p>
<p class=3D"MsoPlainText">&gt; The document can be found here:<o:p></o:p></=
p>
<p class=3D"MsoPlainText">&gt; <a href=3D"http://datatracker.ietf.org/doc/d=
raft-ietf-oauth-spop/">
<span style=3D"color:windowtext;text-decoration:none">http://datatracker.ie=
tf.org/doc/draft-ietf-oauth-spop/</span></a><o:p></o:p></p>
<p class=3D"MsoPlainText">&gt; <o:p></o:p></p>
<p class=3D"MsoPlainText">&gt; Please have your comments in no later than S=
eptember 9th.<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt; <o:p></o:p></p>
<p class=3D"MsoPlainText">&gt; Ciao<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt; Hannes &amp; Derek<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt; <o:p></o:p></p>
<p class=3D"MsoPlainText">&gt; <o:p></o:p></p>
<p class=3D"MsoPlainText">&gt; <o:p></o:p></p>
<p class=3D"MsoPlainText">&gt; ____________________________________________=
___<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt; OAuth mailing list<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt; <a href=3D"mailto:OAuth@ietf.org"><span styl=
e=3D"color:windowtext;text-decoration:none">OAuth@ietf.org</span></a><o:p><=
/o:p></p>
<p class=3D"MsoPlainText">&gt; <a href=3D"https://www.ietf.org/mailman/list=
info/oauth"><span style=3D"color:windowtext;text-decoration:none">https://w=
ww.ietf.org/mailman/listinfo/oauth</span></a><o:p></o:p></p>
<p class=3D"MsoPlainText">&gt; <o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
</div>
</body>
</html>

--_000_4E1F6AAD24975D4BA5B16804296739439AE5002ATK5EX14MBXC293r_--


From nobody Thu Aug 28 22:04:10 2014
Return-Path: <James.H.Manger@team.telstra.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B9D51A01EE for <oauth@ietfa.amsl.com>; Thu, 28 Aug 2014 22:04:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.198
X-Spam-Level: *
X-Spam-Status: No, score=1.198 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, RCVD_IN_DNSWL_NONE=-0.0001, RELAY_IS_203=0.994] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uT-2FYkPsuRl for <oauth@ietfa.amsl.com>; Thu, 28 Aug 2014 22:04:08 -0700 (PDT)
Received: from ipxcvo.tcif.telstra.com.au (ipxcvo.tcif.telstra.com.au [203.35.135.208]) by ietfa.amsl.com (Postfix) with ESMTP id D03C91A0154 for <oauth@ietf.org>; Thu, 28 Aug 2014 22:04:06 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.04,422,1406556000"; d="scan'208";a="34078883"
Received: from unknown (HELO ipcavi.tcif.telstra.com.au) ([10.97.217.200]) by ipocvi.tcif.telstra.com.au with ESMTP; 29 Aug 2014 14:50:54 +1000
X-IronPort-AV: E=McAfee;i="5600,1067,7544"; a="299800605"
Received: from wsmsg3704.srv.dir.telstra.com ([172.49.40.197]) by ipcavi.tcif.telstra.com.au with ESMTP; 29 Aug 2014 15:04:04 +1000
Received: from WSMSG3153V.srv.dir.telstra.com ([172.49.40.159]) by WSMSG3704.srv.dir.telstra.com ([172.49.40.197]) with mapi; Fri, 29 Aug 2014 15:03:55 +1000
From: "Manger, James" <James.H.Manger@team.telstra.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Date: Fri, 29 Aug 2014 15:03:54 +1000
Thread-Topic: Symmetric Proof of Possession for the OAuth Authorization Code Grant: comments
Thread-Index: Ac/CFa4VvBS5+W/dRaKN5VrO0YgFhwAXG8Ug
Message-ID: <255B9BB34FB7D647A506DC292726F6E127C7041D56@WSMSG3153V.srv.dir.telstra.com>
References: <53FCE0D7.5010109@gmx.net> <53FDFCFF.8010606@gmx.net> <29CFEF98-9B5F-418D-A799-DD0B536B8090@ve7jtb.com>
In-Reply-To: <29CFEF98-9B5F-418D-A799-DD0B536B8090@ve7jtb.com>
Accept-Language: en-US, en-AU
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US, en-AU
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/Tpl5Gp2fZPsJsgNAQVj_UVMH6Qk
Subject: [OAUTH-WG] Symmetric Proof of Possession for the OAuth Authorization Code Grant: comments
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Aug 2014 05:04:09 -0000

Couple of comments on draft-ietf-oauth-spop-00:

The draft defines a nice little mechanism to link two requests: one from ap=
p-to-browser-to-server, the other from app-to-server.

1.
The spec defines the "bearer token" version of linking the requests: pick a=
 random value and send it in both requests. The spec repeatedly hints that =
other "transformations" are possible (and even mentions one in a note), but=
 it doesn't define enough to make these other ones interoperable.
I suggest just specifying the bearer version and dropping all the other tex=
t.
If we want another transform standardized later then we write another spec =
(which can use its own field names).

2.
Linking requests is orthogonal to whether or not the requests include a fie=
ld called "code". I suggest changing the labels "code_challenge" and "code_=
verifier" to drop the "code" reference. Perhaps replace both with "session_=
id" ("sid" for short?).

3.
The spec is titled "Symmetric Proof of Possession ..." but defines a bearer=
 mechanism, which you cannot really classify as proof-of-possession. Sugges=
tion: change the title.

4.
The text is totally OAuth-centric, though the mechanism is not really limit=
ed to this case. It would be much nicer to describe the mechanism more gene=
rically (eg app running on a user's computer wanting to link two requests m=
ade to a server over different channels). The abstract (and the start of th=
e introduction) should be comprehensible without having to know what the ph=
rase "OAuth 2.0 public client" means. There would still be some OAuth-speci=
fic sections describing how the mechanism applies to the code flow (and to =
register a field in the IANA OAuth registry).


--
James Manger


From nobody Fri Aug 29 00:13:19 2014
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D09BE1A0670 for <oauth@ietfa.amsl.com>; Fri, 29 Aug 2014 00:13:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.568
X-Spam-Level: 
X-Spam-Status: No, score=-2.568 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XPRO2QowVv22 for <oauth@ietfa.amsl.com>; Fri, 29 Aug 2014 00:13:16 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A11C61A066D for <oauth@ietf.org>; Fri, 29 Aug 2014 00:13:15 -0700 (PDT)
Received: from [172.16.254.100] ([80.92.119.104]) by mail.gmx.com (mrgmx001) with ESMTPSA (Nemesis) id 0LfkUs-1YCWZP2Z9G-00pK3a for <oauth@ietf.org>; Fri, 29 Aug 2014 09:13:13 +0200
Message-ID: <54002809.2020101@gmx.net>
Date: Fri, 29 Aug 2014 09:13:13 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: "oauth@ietf.org" <oauth@ietf.org>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="XA6tAJJkHp5KFpp3WsqafjIppxj4LNWIR"
X-Provags-ID: V03:K0:ABzo90GlDJbaUsvZ0+E2UL+tCQbDvkWkRjBZs5a9MZ64Iv5bAXf CVSGUvVjrGJvgNPvLPfk4kN1EXRK2ixxOAxR9Dbc1Ixt9jA6wnj+S6H4rsAM6A5LjInXC49 Wec7nx9JsrSj8L7QnysoHgj4EEaDFgUfpsUZ94BQaf3aP5tJ1CbJ9BNdd70MBCXcT9StCAZ syKRCSJT1VwiBQIIzTXBA==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/T3NIfmqvXp0aAQsmXYQFChIPaUg
Subject: [OAUTH-WG] OAuth SPOP Detailed Review
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Aug 2014 07:13:18 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--XA6tAJJkHp5KFpp3WsqafjIppxj4LNWIR
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hi John, Hi Nat,

I went through the document in detail and suggest some changes (most of
them editorial):
http://www.tschofenig.priv.at/oauth/draft-ietf-oauth-spop-00-hannes.doc
http://www.tschofenig.priv.at/oauth/draft-ietf-oauth-spop-00-hannes.pdf

My main concern at the moment are some optional features in the spec
that make it less interoperable, such as the feature discovery, and the
transformation function. The latter might go away depending on your
answer to my question raised at
http://www.ietf.org/mail-archive/web/oauth/current/msg13354.html but the
former requires some specification work.

Ciao
Hannes

PS: I agree with James that the title of the document is a bit
misleading when compared with the other work we are doing in the group.


--XA6tAJJkHp5KFpp3WsqafjIppxj4LNWIR
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQEcBAEBCgAGBQJUACgJAAoJEGhJURNOOiAtEQ4H/0/KGVerSi7ubIewdLB0oQAw
yJGMhVG42xkD9DkXSO08R6GLbQhhgYUL5wp34/Ya7txjN/WViIPpUHUfLl/wBzqm
aiWY+o9q8EhnQItHD2zX000rLb7RSfQrcL1ZG+L/EVDR92MtsC/kM1yggXokd57h
nUS/SLaSlMg3aKpoy0Iwi7Z6dG/EBlrp6xBfgsfejGkSLa2azTdsoyoiwVvXlLQs
S96HjfhyR5BGblhogoYsHUFL/6wh+BQqXtHl+MCUutGGiFrVh/fGNWUGUqc/Q6wj
tGoZHh9/QFgjMw1/skHwVaIJKYzhv7PErRNcCaiRvd1fRU2M2GJVIpZozSCkVzA=
=5kRb
-----END PGP SIGNATURE-----

--XA6tAJJkHp5KFpp3WsqafjIppxj4LNWIR--