<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>I don't think the infrastructure exists to do this. If there were real working framework, such as open banking has created.<br><br>..Tom's phone</div><div><br>On Sep 29, 2017, at 1:18 PM, Hjelm, Bjorn via Openid-specs-fapi <<a href="mailto:openid-specs-fapi@lists.openid.net">openid-specs-fapi@lists.openid.net</a>> wrote:<br><br></div><blockquote type="cite"><div>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Segoe UI";
panose-1:2 11 5 2 4 2 4 2 2 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.m6229154410005013343hoenzb
{mso-style-name:m_6229154410005013343hoenzb;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1388066112;
mso-list-template-ids:386852256;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Pam,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I believe that the logical audience would work for the use case in MODRNA as well (for example, “As a participant in Mobile Connect,” etc.).<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">BR,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Bjorn<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Openid-specs-fapi [<a href="mailto:openid-specs-fapi-bounces@lists.openid.net">mailto:openid-specs-fapi-bounces@lists.openid.net</a>]
<b>On Behalf Of </b>Pamela Dingle via Openid-specs-fapi<br>
<b>Sent:</b> Friday, September 29, 2017 8:20 AM<br>
<b>To:</b> Financial API Working Group List<br>
<b>Subject:</b> [E] Re: [Openid-specs-fapi] Verification: non-compliant JWT audience<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">We discussed the audience question on the call on Wednesday, and two options were discussed for compliance, removing the audience and adding a logical audience.
<o:p></o:p></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt">Given our short time frame, the first goal is to get to spec compliance. Based on feedback both during the call and on this thread I think we can safely move to request that audience be removed from the software
statement.<o:p></o:p></p>
</div>
<p class="MsoNormal">Long term, I see a lot of advantage to creating a logical audience for the assertion, essentially the ASPSP would know itself by several names and respond to assertions designated for any name:<o:p></o:p></p>
<div>
<div>
<div>
<ul type="disc">
<li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
As itself, with an explicit issuer name<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
As a participant in UK Openbanking<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
As a an ASPSP in UK OpenBanking<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
Possibly as an ASPSP suppporting the AISP software role for UK Open Banking.. etc<o:p></o:p></li></ul>
<div>
<p class="MsoNormal">This may not be critical for the first phase, but I see the concept possibly becoming a big deal as additional competent authorities come online, and it becomes likely that a given ASPSP may start processing software statements issued by
multiple authorities.<o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Any additional arguments for or against this plan or vendor insights or implementer reactions would be welcome.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Thanks!<o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On Thu, Sep 28, 2017 at 6:29 PM, Tom Jones <<a href="mailto:thomasclinganjones@gmail.com" target="_blank">thomasclinganjones@gmail.com</a>> wrote:<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal">I agree.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">AUD should not be in a s/w statement at all.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I also think that you should ban question like this that are not issues.<o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><br clear="all">
<o:p></o:p></p>
<div>
<div>
<div>
<div>
<p class="MsoNormal">Peace ..tom<o:p></o:p></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<div>
<p class="MsoNormal">On Fri, Sep 22, 2017 at 3:53 PM, Pamela Dingle via Openid-specs-fapi <<a href="mailto:openid-specs-fapi@lists.openid.net" target="_blank">openid-specs-fapi@lists.openid.net</a>> wrote:<o:p></o:p></p>
</div>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<div>
<p class="MsoNormal">Hi FAPI'ers, <o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Can anyone here comment on whether they use or make technology that CANNOT override the standard RFC7519 JWT audience validation requirements?<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I know that the jose4j library allows the ability to override the rules set out in <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc7519-23section-2D4.1.3&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=NMZJHCV8pjvGIH2fTx9z6l7g7-V-a2xW7ISf9uHdz0A&m=D5-orHImKQftmdCiwV0fsC85YLX7oxz3dr72eE1Y3jU&s=XB8A9XpFSiCkp7WJoBT1d4fjI3FYSDJOk0ewQJox71g&e=" target="_blank">https://tools.ietf.org/html/rfc7519#section-4.1.3</a> but
I don't know if that is a common feature of other libraries. As I read those rules, any entity that receives a JWT with an aud claim populated but which does not have the entity itself listed as a recipient should reject that JWT.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">In this case we are talking about validating software statements in a dynamic client requests -- if the software statement is generated with an audience set to be the client requesting the software statement, technically every AS the client
tries to post that statement to should reject the statement, since the aud claim does not reference them directly. Any opinions on whether at the end of the day this is a serious compliance issue (or not), and/or a real problem for implementers (or not) would
be welcome.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Cheers,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Pamela<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="color:#888888"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:#888888">-- <o:p></o:p></span></p>
<div>
<div>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr>
<td width="113" style="width:84.75pt;padding:0in 0in 0in 0in">
<p class="MsoNormal"><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.pingidentity.com&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=NMZJHCV8pjvGIH2fTx9z6l7g7-V-a2xW7ISf9uHdz0A&m=D5-orHImKQftmdCiwV0fsC85YLX7oxz3dr72eE1Y3jU&s=QHffpsW6yBrBc5BYfn8Z1JxeXA6SkKUCaQkIPBNSv3c&e=" target="_blank"><span style="text-decoration:none"><img border="0" id="_x0000_i1025" src="https://www.pingidentity.com/content/dam/pic/images/misc/signature/ping-logo.png" alt="Ping Identity"></span></a><o:p></o:p></p>
</td>
<td style="padding:0in 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellpadding="0">
<tbody>
<tr>
<td valign="top" style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal"><b><span style="font-size:10.5pt;font-family:"Arial","sans-serif";color:#E61D3C">Pam Dingle</span></b>
<br>
<span style="font-size:10.5pt;font-family:"Arial","sans-serif";color:black">Principal Technical Architect</span>
<br>
<span style="font-size:10.5pt;font-family:"Arial","sans-serif""><a href="mailto:pdingle@pingidentity.com" target="_blank">pdingle@pingidentity.com</a></span>
<br>
<span style="font-size:10.5pt;font-family:"Arial","sans-serif";color:black">w: <a href="tel:(303)%20999-5890" target="_blank">
+1 303.999.5890</a></span> <br>
<span style="font-size:10.5pt;font-family:"Arial","sans-serif";color:black">c: <a href="tel:(303)%20999-5890" target="_blank">
+1 303.999.5890</a></span> <o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td colspan="2" style="padding:0in 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%;border-collapse:collapse">
<tbody>
<tr style="height:30.0pt">
<td style="padding:.75pt .75pt .75pt .75pt;height:30.0pt">
<p class="MsoNormal" style="margin-top:6.0pt"><b><span style="font-size:10.5pt;font-family:"Arial","sans-serif";color:#40474B">Connect with us:
<o:p></o:p></span></b></p>
</td>
<td style="padding:3.0pt 0in 0in 15.0pt;height:30.0pt">
<p class="MsoNormal" style="margin-top:6.0pt"><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.glassdoor.com_Overview_Working-2Dat-2DPing-2DIdentity-2DEI-5FIE380907.11-2C24.htm&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=NMZJHCV8pjvGIH2fTx9z6l7g7-V-a2xW7ISf9uHdz0A&m=D5-orHImKQftmdCiwV0fsC85YLX7oxz3dr72eE1Y3jU&s=i1qH57NcJZDY_tQO_C5YHFqjbX3sd5pG5f-dz6shpN8&e=" target="_blank" title="Ping on Glassdoor"><span style="text-decoration:none"><img border="0" id="_x0000_i1026" src="https://www.pingidentity.com/content/dam/pic/images/misc/signature/social-glassdoor.png" alt="Glassdoor logo"></span></a><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.linkedin.com_company_21870&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=NMZJHCV8pjvGIH2fTx9z6l7g7-V-a2xW7ISf9uHdz0A&m=D5-orHImKQftmdCiwV0fsC85YLX7oxz3dr72eE1Y3jU&s=5zHHVsYFugt79K9p7fnNMwDBEcAM_ueswGibuC-UOLs&e=" target="_blank" title="Ping on LinkedIn"><span style="text-decoration:none"><img border="0" id="_x0000_i1027" src="https://www.pingidentity.com/content/dam/pic/images/misc/signature/social-linkedin.png" alt="LinkedIn logo"></span></a><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__twitter.com_pingidentity&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=NMZJHCV8pjvGIH2fTx9z6l7g7-V-a2xW7ISf9uHdz0A&m=D5-orHImKQftmdCiwV0fsC85YLX7oxz3dr72eE1Y3jU&s=m11wMIL_cZ2Dkn3Jwfdy6duGl_ScJajOzRNCFe8maPM&e=" target="_blank" title="Ping on Twitter"><span style="text-decoration:none"><img border="0" id="_x0000_i1028" src="https://www.pingidentity.com/content/dam/pic/images/misc/signature/social-twitter.png" alt="twitter logo"></span></a><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.facebook.com_pingidentitypage&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=NMZJHCV8pjvGIH2fTx9z6l7g7-V-a2xW7ISf9uHdz0A&m=D5-orHImKQftmdCiwV0fsC85YLX7oxz3dr72eE1Y3jU&s=A_KZVvCRbJFnobx6BqeMeL9Tz-LxpYiFLR2I-uV78XI&e=" target="_blank" title="Ping on Facebook"><span style="text-decoration:none"><img border="0" id="_x0000_i1029" src="https://www.pingidentity.com/content/dam/pic/images/misc/signature/social-facebook.png" alt="facebook logo"></span></a><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.youtube.com_user_PingIdentityTV&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=NMZJHCV8pjvGIH2fTx9z6l7g7-V-a2xW7ISf9uHdz0A&m=D5-orHImKQftmdCiwV0fsC85YLX7oxz3dr72eE1Y3jU&s=z5mXYlQ_j_oeRRrGx_uBzpSxCJ8QpAucnuJ8z6dYCGU&e=" target="_blank" title="Ping on Youtube"><span style="text-decoration:none"><img border="0" id="_x0000_i1030" src="https://www.pingidentity.com/content/dam/pic/images/misc/signature/social-youtube.png" alt="youtube logo"></span></a><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__plus.google.com_u_0_114266977739397708540&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=NMZJHCV8pjvGIH2fTx9z6l7g7-V-a2xW7ISf9uHdz0A&m=D5-orHImKQftmdCiwV0fsC85YLX7oxz3dr72eE1Y3jU&s=j3kfXrPatm-aExnditOuoDIYIadyTYJOZdiTl8Cqyrc&e=" target="_blank" title="Ping on Google+"><span style="text-decoration:none"><img border="0" id="_x0000_i1031" src="https://www.pingidentity.com/content/dam/pic/images/misc/signature/social-googleplus.png" alt="Google+ logo"></span></a><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.pingidentity.com_en_blog.html&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=NMZJHCV8pjvGIH2fTx9z6l7g7-V-a2xW7ISf9uHdz0A&m=D5-orHImKQftmdCiwV0fsC85YLX7oxz3dr72eE1Y3jU&s=Ou6NyZ4jdxajiVzvjlu9nPshGZhJth-fNBCw0IihJKU&e=" target="_blank" title="Ping Blog"><span style="text-decoration:none"><img border="0" id="_x0000_i1032" src="https://www.pingidentity.com/content/dam/pic/images/misc/signature/social-blog.png" alt="Blog logo"></span></a><o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span style="color:#888888"><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.pingidentity.com_en_lp_identify-2D2017.html&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=NMZJHCV8pjvGIH2fTx9z6l7g7-V-a2xW7ISf9uHdz0A&m=D5-orHImKQftmdCiwV0fsC85YLX7oxz3dr72eE1Y3jU&s=K9qotde56q7MM99o4HRlBEiJfKrldNXJNsBuNIComNk&e=" target="_blank"><span style="text-decoration:none"><img border="0" id="_x0000_i1033" src="https://www.pingidentity.com/content/dam/ping-6-2-assets/images/misc/emailSignature/identify2017-emailsignature_revised_NB.png"></span></a><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="color:#888888"><br>
</span><span class="m6229154410005013343hoenzb"><b><i><span style="font-size:10.0pt;font-family:"Segoe UI","sans-serif";color:#555555;border:none windowtext 1.0pt;padding:0in">CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material
for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file
attachments from your computer. Thank you.</span></i></b></span><br>
_______________________________________________<br>
Openid-specs-fapi mailing list<br>
<a href="mailto:Openid-specs-fapi@lists.openid.net" target="_blank">Openid-specs-fapi@lists.openid.net</a><br>
<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Dfapi&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=NMZJHCV8pjvGIH2fTx9z6l7g7-V-a2xW7ISf9uHdz0A&m=D5-orHImKQftmdCiwV0fsC85YLX7oxz3dr72eE1Y3jU&s=SHelxmwTpfqRYOfba56dfhqW1Vbsv94eKTBcXtl6PZo&e=" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-fapi</a><o:p></o:p></p>
</blockquote>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
<p class="MsoNormal"><br>
<br clear="all">
<br>
-- <o:p></o:p></p>
<div>
<div>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr>
<td width="113" style="width:84.75pt;padding:0in 0in 0in 0in">
<p class="MsoNormal"><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.pingidentity.com&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=NMZJHCV8pjvGIH2fTx9z6l7g7-V-a2xW7ISf9uHdz0A&m=D5-orHImKQftmdCiwV0fsC85YLX7oxz3dr72eE1Y3jU&s=QHffpsW6yBrBc5BYfn8Z1JxeXA6SkKUCaQkIPBNSv3c&e=" target="_blank"><span style="text-decoration:none"><img border="0" id="_x0000_i1034" src="https://www.pingidentity.com/content/dam/pic/images/misc/signature/ping-logo.png" alt="Ping Identity"></span></a><o:p></o:p></p>
</td>
<td style="padding:0in 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellpadding="0">
<tbody>
<tr>
<td valign="top" style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal"><b><span style="font-size:10.5pt;font-family:"Arial","sans-serif";color:#E61D3C">Pam Dingle</span></b>
<br>
<span style="font-size:10.5pt;font-family:"Arial","sans-serif";color:black">Principal Technical Architect</span>
<br>
<span style="font-size:10.5pt;font-family:"Arial","sans-serif""><a href="mailto:pdingle@pingidentity.com" target="_blank">pdingle@pingidentity.com</a></span>
<br>
<span style="font-size:10.5pt;font-family:"Arial","sans-serif";color:black">w: +1 303.999.5890</span>
<br>
<span style="font-size:10.5pt;font-family:"Arial","sans-serif";color:black">c: +1 303.999.5890</span>
<o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td colspan="2" style="padding:0in 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%;border-collapse:collapse">
<tbody>
<tr style="height:30.0pt">
<td style="padding:.75pt .75pt .75pt .75pt;height:30.0pt">
<p class="MsoNormal" style="margin-top:6.0pt"><b><span style="font-size:10.5pt;font-family:"Arial","sans-serif";color:#40474B">Connect with us:
<o:p></o:p></span></b></p>
</td>
<td style="padding:3.0pt 0in 0in 15.0pt;height:30.0pt">
<p class="MsoNormal" style="margin-top:6.0pt"><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.glassdoor.com_Overview_Working-2Dat-2DPing-2DIdentity-2DEI-5FIE380907.11-2C24.htm&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=NMZJHCV8pjvGIH2fTx9z6l7g7-V-a2xW7ISf9uHdz0A&m=D5-orHImKQftmdCiwV0fsC85YLX7oxz3dr72eE1Y3jU&s=i1qH57NcJZDY_tQO_C5YHFqjbX3sd5pG5f-dz6shpN8&e=" target="_blank" title="Ping on Glassdoor"><span style="text-decoration:none"><img border="0" id="_x0000_i1035" src="https://www.pingidentity.com/content/dam/pic/images/misc/signature/social-glassdoor.png" alt="Glassdoor logo"></span></a><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.linkedin.com_company_21870&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=NMZJHCV8pjvGIH2fTx9z6l7g7-V-a2xW7ISf9uHdz0A&m=D5-orHImKQftmdCiwV0fsC85YLX7oxz3dr72eE1Y3jU&s=5zHHVsYFugt79K9p7fnNMwDBEcAM_ueswGibuC-UOLs&e=" target="_blank" title="Ping on LinkedIn"><span style="text-decoration:none"><img border="0" id="_x0000_i1036" src="https://www.pingidentity.com/content/dam/pic/images/misc/signature/social-linkedin.png" alt="LinkedIn logo"></span></a><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__twitter.com_pingidentity&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=NMZJHCV8pjvGIH2fTx9z6l7g7-V-a2xW7ISf9uHdz0A&m=D5-orHImKQftmdCiwV0fsC85YLX7oxz3dr72eE1Y3jU&s=m11wMIL_cZ2Dkn3Jwfdy6duGl_ScJajOzRNCFe8maPM&e=" target="_blank" title="Ping on Twitter"><span style="text-decoration:none"><img border="0" id="_x0000_i1037" src="https://www.pingidentity.com/content/dam/pic/images/misc/signature/social-twitter.png" alt="twitter logo"></span></a><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.facebook.com_pingidentitypage&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=NMZJHCV8pjvGIH2fTx9z6l7g7-V-a2xW7ISf9uHdz0A&m=D5-orHImKQftmdCiwV0fsC85YLX7oxz3dr72eE1Y3jU&s=A_KZVvCRbJFnobx6BqeMeL9Tz-LxpYiFLR2I-uV78XI&e=" target="_blank" title="Ping on Facebook"><span style="text-decoration:none"><img border="0" id="_x0000_i1038" src="https://www.pingidentity.com/content/dam/pic/images/misc/signature/social-facebook.png" alt="facebook logo"></span></a><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.youtube.com_user_PingIdentityTV&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=NMZJHCV8pjvGIH2fTx9z6l7g7-V-a2xW7ISf9uHdz0A&m=D5-orHImKQftmdCiwV0fsC85YLX7oxz3dr72eE1Y3jU&s=z5mXYlQ_j_oeRRrGx_uBzpSxCJ8QpAucnuJ8z6dYCGU&e=" target="_blank" title="Ping on Youtube"><span style="text-decoration:none"><img border="0" id="_x0000_i1039" src="https://www.pingidentity.com/content/dam/pic/images/misc/signature/social-youtube.png" alt="youtube logo"></span></a><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__plus.google.com_u_0_114266977739397708540&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=NMZJHCV8pjvGIH2fTx9z6l7g7-V-a2xW7ISf9uHdz0A&m=D5-orHImKQftmdCiwV0fsC85YLX7oxz3dr72eE1Y3jU&s=j3kfXrPatm-aExnditOuoDIYIadyTYJOZdiTl8Cqyrc&e=" target="_blank" title="Ping on Google+"><span style="text-decoration:none"><img border="0" id="_x0000_i1040" src="https://www.pingidentity.com/content/dam/pic/images/misc/signature/social-googleplus.png" alt="Google+ logo"></span></a><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.pingidentity.com_en_blog.html&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=NMZJHCV8pjvGIH2fTx9z6l7g7-V-a2xW7ISf9uHdz0A&m=D5-orHImKQftmdCiwV0fsC85YLX7oxz3dr72eE1Y3jU&s=Ou6NyZ4jdxajiVzvjlu9nPshGZhJth-fNBCw0IihJKU&e=" target="_blank" title="Ping Blog"><span style="text-decoration:none"><img border="0" id="_x0000_i1041" src="https://www.pingidentity.com/content/dam/pic/images/misc/signature/social-blog.png" alt="Blog logo"></span></a><o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.pingidentity.com_en_lp_identify-2D2017.html&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=NMZJHCV8pjvGIH2fTx9z6l7g7-V-a2xW7ISf9uHdz0A&m=D5-orHImKQftmdCiwV0fsC85YLX7oxz3dr72eE1Y3jU&s=K9qotde56q7MM99o4HRlBEiJfKrldNXJNsBuNIComNk&e=" target="_blank"><span style="text-decoration:none"><img border="0" id="_x0000_i1042" src="https://www.pingidentity.com/content/dam/ping-6-2-assets/images/misc/emailSignature/identify2017-emailsignature_revised_NB.png"></span></a><o:p></o:p></p>
</div>
</div>
</div>
<p class="MsoNormal"><br>
<b><i><span style="font-size:10.0pt;font-family:"Segoe UI","sans-serif";color:#555555;border:none windowtext 1.0pt;padding:0in">CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s).
Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.</span></i></b><o:p></o:p></p>
</div>
</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>Openid-specs-fapi mailing list</span><br><span><a href="mailto:Openid-specs-fapi@lists.openid.net">Openid-specs-fapi@lists.openid.net</a></span><br><span><a href="http://lists.openid.net/mailman/listinfo/openid-specs-fapi">http://lists.openid.net/mailman/listinfo/openid-specs-fapi</a></span><br></div></blockquote></body></html>