<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="ProgId" content="Word.Document">
<meta name="Generator" content="Microsoft Word 12">
<meta name="Originator" content="Microsoft Word 12">
<link rel="File-List" href="cid:filelist.xml@01D2462A.2D0356D0"><!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:AllowPNG/>
<o:TargetScreenSize>1024x768</o:TargetScreenSize>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:Zoom>120</w:Zoom>
<w:SpellingState>Clean</w:SpellingState>
<w:TrackMoves/>
<w:TrackFormatting/>
<w:HyphenationZone>21</w:HyphenationZone>
<w:EnvelopeVis/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:DoNotPromoteQF/>
<w:LidThemeOther>DE</w:LidThemeOther>
<w:LidThemeAsian>X-NONE</w:LidThemeAsian>
<w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
<w:Compatibility>
<w:DoNotExpandShiftReturn/>
<w:BreakWrappedTables/>
<w:SplitPgBreakAndParaMark/>
<w:DontVertAlignCellWithSp/>
<w:DontBreakConstrainedForcedTables/>
<w:DontVertAlignInTxbx/>
<w:Word11KerningPairs/>
<w:CachedColBalance/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
<m:mathPr>
<m:mathFont m:val="Cambria Math"/>
<m:brkBin m:val="before"/>
<m:brkBinSub m:val="--"/>
<m:smallFrac m:val="off"/>
<m:dispDef/>
<m:lMargin m:val="0"/>
<m:rMargin m:val="0"/>
<m:defJc m:val="centerGroup"/>
<m:wrapIndent m:val="1440"/>
<m:intLim m:val="subSup"/>
<m:naryLim m:val="undOvr"/>
</m:mathPr></w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true" DefSemiHidden="true" DefQFormat="false" DefPriority="99" LatentStyleCount="267">
<w:LsdException Locked="false" Priority="0" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
<w:LsdException Locked="false" Priority="39" Name="toc 1"/>
<w:LsdException Locked="false" Priority="39" Name="toc 2"/>
<w:LsdException Locked="false" Priority="39" Name="toc 3"/>
<w:LsdException Locked="false" Priority="39" Name="toc 4"/>
<w:LsdException Locked="false" Priority="39" Name="toc 5"/>
<w:LsdException Locked="false" Priority="39" Name="toc 6"/>
<w:LsdException Locked="false" Priority="39" Name="toc 7"/>
<w:LsdException Locked="false" Priority="39" Name="toc 8"/>
<w:LsdException Locked="false" Priority="39" Name="toc 9"/>
<w:LsdException Locked="false" Priority="35" QFormat="true" Name="caption"/>
<w:LsdException Locked="false" Priority="10" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Title"/>
<w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
<w:LsdException Locked="false" Priority="11" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
<w:LsdException Locked="false" Priority="22" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
<w:LsdException Locked="false" Priority="20" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
<w:LsdException Locked="false" Priority="59" SemiHidden="false" UnhideWhenUsed="false" Name="Table Grid"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
<w:LsdException Locked="false" Priority="1" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 1"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
<w:LsdException Locked="false" Priority="34" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
<w:LsdException Locked="false" Priority="29" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
<w:LsdException Locked="false" Priority="30" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 1"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 2"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 2"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 3"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 3"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 4"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 4"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 5"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 5"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 6"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 6"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
<w:LsdException Locked="false" Priority="19" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
<w:LsdException Locked="false" Priority="21" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
<w:LsdException Locked="false" Priority="31" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
<w:LsdException Locked="false" Priority="32" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
<w:LsdException Locked="false" Priority="33" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
<w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
<w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
</w:LatentStyles>
</xml><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;
mso-font-alt:"Calisto MT";
mso-font-charset:0;
mso-generic-font-family:roman;
mso-font-pitch:variable;
mso-font-signature:-536870145 1107305727 0 0 415 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;
mso-font-alt:"Arial Rounded MT Bold";
mso-font-charset:0;
mso-generic-font-family:swiss;
mso-font-pitch:variable;
mso-font-signature:-536870145 1073786111 1 0 415 0;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;
mso-font-alt:Tahoma;
mso-font-charset:0;
mso-generic-font-family:swiss;
mso-font-pitch:variable;
mso-font-signature:-520081665 -1073717157 41 0 66047 0;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;
mso-font-alt:Consolas;
mso-font-charset:0;
mso-generic-font-family:modern;
mso-font-pitch:fixed;
mso-font-signature:-520092929 1073806591 9 0 415 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-parent:"";
margin:0cm;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman","serif";
mso-fareast-font-family:Calibri;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-noshow:yes;
mso-style-priority:99;
color:purple;
text-decoration:underline;
text-underline:single;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-noshow:yes;
mso-style-priority:99;
mso-style-link:"Nur Text Zchn";
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman","serif";
mso-fareast-font-family:Calibri;}
p
{mso-style-noshow:yes;
mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman","serif";
mso-fareast-font-family:Calibri;}
pre
{mso-style-noshow:yes;
mso-style-priority:99;
mso-style-link:"HTML Vorformatiert Zchn";
margin:0cm;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;
font-size:10.0pt;
font-family:"Courier New";
mso-fareast-font-family:Calibri;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-noshow:yes;
mso-style-priority:99;
mso-style-link:"Sprechblasentext Zchn";
margin:0cm;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
mso-fareast-font-family:Calibri;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
mso-style-unhide:no;
mso-style-qformat:yes;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman","serif";
mso-fareast-font-family:Calibri;}
span.NurTextZchn
{mso-style-name:"Nur Text Zchn";
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-unhide:no;
mso-style-locked:yes;
mso-style-link:"Nur Text";
mso-ansi-font-size:10.5pt;
mso-bidi-font-size:10.5pt;
font-family:Consolas;
mso-ascii-font-family:Consolas;
mso-hansi-font-family:Consolas;
mso-bidi-font-family:Consolas;
mso-fareast-language:DE;}
span.HTMLVorformatiertZchn
{mso-style-name:"HTML Vorformatiert Zchn";
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-unhide:no;
mso-style-locked:yes;
mso-style-link:"HTML Vorformatiert";
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
font-family:Consolas;
mso-ascii-font-family:Consolas;
mso-hansi-font-family:Consolas;
mso-bidi-font-family:Consolas;
mso-fareast-language:DE;}
span.E-MailFormatvorlage23
{mso-style-type:personal-reply;
mso-style-noshow:yes;
mso-style-unhide:no;
mso-ansi-font-size:11.0pt;
mso-bidi-font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-fareast-font-family:Calibri;
mso-hansi-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";
color:#1F497D;}
span.SprechblasentextZchn
{mso-style-name:"Sprechblasentext Zchn";
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-unhide:no;
mso-style-locked:yes;
mso-style-link:Sprechblasentext;
mso-ansi-font-size:8.0pt;
mso-bidi-font-size:8.0pt;
font-family:"Tahoma","sans-serif";
mso-ascii-font-family:Tahoma;
mso-hansi-font-family:Tahoma;
mso-bidi-font-family:Tahoma;
mso-fareast-language:DE;}
span.SpellE
{mso-style-name:"";
mso-spl-e:yes;}
.MsoChpDefault
{mso-style-type:export-only;
mso-default-props:yes;
mso-ascii-font-family:Calibri;
mso-fareast-font-family:Calibri;
mso-hansi-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;
mso-header-margin:36.0pt;
mso-footer-margin:36.0pt;
mso-paper-source:0;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 10]><style>/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Normale Tabelle";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-hansi-font-family:Calibri;
mso-fareast-language:EN-US;}
</style><![endif]--><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="DE" link="blue" vlink="purple" style="tab-interval:35.4pt">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";mso-bidi-font-family:"Times New Roman";color:#1F497D;mso-ansi-language:EN-US">+ if we learn it does not make sense to merge the protocols – that’s fine in my
opinion<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";mso-bidi-font-family:"Times New Roman";color:#1F497D;mso-ansi-language:EN-US"><o:p> </o:p></span></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt">
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-font-family:"Times New Roman"">Von:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-font-family:"Times New Roman""> torsten@lodderstedt.net
[mailto:torsten@lodderstedt.net] <br>
<b>Gesendet:</b> Donnerstag, 24. November 2016 07:25<br>
<b>An:</b> Nennker, Axel; Lodderstedt, Torsten<br>
<b>Cc:</b> openid-specs-mobile-profile@lists.openid.net<br>
<b>Betreff:</b> RE: [Openid-specs-mobile-profile] Request Authorization<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p>Depends - one could piggyback one protocol onto the other similar as OpenId was piggybacked on top of oauth. But that's a question to be answered when both specs are mature enough.
<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
<br>
-------- Originalnachricht --------<br>
Betreff: RE: [Openid-specs-mobile-profile] Request <span class="SpellE">Authorization</span><br>
Von: <a href="mailto:Axel.Nennker@telekom.de">Axel.Nennker@telekom.de</a><br>
An: <a href="mailto:torsten@lodderstedt.net,Torsten.Lodderstedt@telekom.de">torsten@lodderstedt.net,Torsten.Lodderstedt@telekom.de</a><br>
Cc: <a href="mailto:openid-specs-mobile-profile@lists.openid.net">openid-specs-mobile-profile@lists.openid.net</a><o:p></o:p></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">This seems to indicate that CIBA and UQ are not likely to be merged.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-outline-level:1">
<b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-ansi-language:EN-US">From:</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-ansi-language:EN-US">
</span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""><a href="mailto:torsten@lodderstedt.net"><span lang="EN-US" style="mso-ansi-language:EN-US">torsten@lodderstedt.net</span></a></span><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-ansi-language:EN-US">
[</span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""><a href="mailto:torsten@lodderstedt.net"><span lang="EN-US" style="mso-ansi-language:EN-US">mailto:torsten@lodderstedt.net</span></a></span><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-ansi-language:EN-US">]
<br>
<b>Sent:</b> Wednesday, November 23, 2016 9:19 PM<br>
<b>To:</b> Nennker, Axel; Lodderstedt, Torsten<br>
<b>Cc:</b> </span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""><a href="mailto:openid-specs-mobile-profile@lists.openid.net"><span lang="EN-US" style="mso-ansi-language:EN-US">openid-specs-mobile-profile@lists.openid.net</span></a></span><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-ansi-language:EN-US"><br>
<b>Subject:</b> Re: [Openid-specs-mobile-profile] Request Authorization</span><span lang="EN-US" style="mso-ansi-language:EN-US"><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="mso-ansi-language:EN-US"> <o:p></o:p></span></p>
<p><span class="SpellE">Yes</span>. The client obtains the result (access token and other tokens) from the token endpoint using a new grant type.<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:12.0pt"><br>
<br>
-------- Originalnachricht --------<br>
Betreff: Re: [Openid-specs-mobile-profile] Request <span class="SpellE">Authorization</span><br>
Von: <a href="mailto:Axel.Nennker@telekom.de">Axel.Nennker@telekom.de</a><br>
An: <a href="mailto:Torsten.Lodderstedt@telekom.de">Torsten.Lodderstedt@telekom.de</a><br>
Cc: <a href="mailto:openid-specs-mobile-profile@lists.openid.net">openid-specs-mobile-profile@lists.openid.net</a><o:p></o:p></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Do you consider CIBA to be an token endpoint too?</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-outline-level:1">
<b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-ansi-language:EN-US">From:</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-ansi-language:EN-US"> Lodderstedt, Torsten
<br>
<b>Sent:</b> Wednesday, November 23, 2016 4:46 PM<br>
<b>To:</b> Nennker, Axel<br>
<b>Cc:</b> </span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""><a href="mailto:openid-specs-mobile-profile@lists.openid.net"><span lang="EN-US" style="mso-ansi-language:EN-US">openid-specs-mobile-profile@lists.openid.net</span></a></span><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-ansi-language:EN-US">;
</span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""><a href="mailto:nicolas.aillery@orange.com"><span lang="EN-US" style="mso-ansi-language:EN-US">nicolas.aillery@orange.com</span></a></span><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-ansi-language:EN-US"><br>
<b>Subject:</b> AW: Request Authorization</span><span lang="EN-US" style="mso-ansi-language:EN-US"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="mso-ansi-language:EN-US"> <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Hi Axel,</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">using the client credentials on any other than the token endpoint requires the authorization server/OP
to share this credentials among endpoints. This limits implementation/deployment options and we should have good reasons for doing so.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">best regards,</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Torsten.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt">
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-outline-level:1">
<b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">Von:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Openid-specs-mobile-profile [<a href="mailto:openid-specs-mobile-profile-bounces@lists.openid.net">mailto:openid-specs-mobile-profile-bounces@lists.openid.net</a>]
<b>Im Auftrag von </b>Nennker, Axel<br>
<b>Gesendet:</b> Mittwoch, 23. November 2016 16:09<br>
<b>An:</b> <a href="mailto:nicolas.aillery@orange.com"><span lang="EN-US" style="mso-ansi-language:EN-US">nicolas.aillery@orange.com</span></a><br>
<b>Cc:</b> <a href="mailto:openid-specs-mobile-profile@lists.openid.net"><span lang="EN-US" style="mso-ansi-language:EN-US">openid-specs-mobile-profile@lists.openid.net</span></a><br>
<b>Betreff:</b> Re: [Openid-specs-mobile-profile] Request Authorization</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">The point I haven’t thought of up until now in your answer below is that the Client can obtain an
access token using its client credentials…</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">This explains too why UQ distinguishes between access tokens which are related to the user and those
which are not.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">What is the advantage of the client-credentials-based access token compared to using the client credentials
in the UQ request?</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">This is a server to server connection so it should be reasonable secure to just use the client credentials.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">If there are no compelling advantages I suggest to just requiring that the UQ request is authorized
without restricting AZ and Client to Access Tokens. But spelling the two variants out in the specification might help implementers.
</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">What do you think?</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Axel</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-outline-level:1">
<b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
<a href="mailto:nicolas.aillery@orange.com">nicolas.aillery@orange.com</a> [<a href="mailto:nicolas.aillery@orange.com">mailto:nicolas.aillery@orange.com</a>]
<br>
<b>Sent:</b> Wednesday, November 23, 2016 3:23 PM<br>
<b>To:</b> Nennker, Axel<br>
<b>Cc:</b> <a href="mailto:gonzalo.fernandezrodriguez@telefonica.com">gonzalo.fernandezrodriguez@telefonica.com</a>;
<a href="mailto:openid-specs-mobile-profile@lists.openid.net">openid-specs-mobile-profile@lists.openid.net</a>; MARAIS Charles IMT/OLPS; VASSELET Mickaël IMT/OLN; CLEMENT Philippe IMT TECHNO<br>
<b>Subject:</b> RE: Request Authorization</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="FR" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-ansi-language:FR">Hello Axel,</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="FR" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-ansi-language:FR"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="FR" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-ansi-language:FR"> Here are my responses,</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="FR" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-ansi-language:FR"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="FR" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-ansi-language:FR">Regards,</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="FR" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-ansi-language:FR"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="FR" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-ansi-language:FR">Nicolas</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="FR" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-ansi-language:FR"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-outline-level:1">
<b><span lang="FR" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-ansi-language:FR">De :</span></b><span lang="FR" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-ansi-language:FR">
<a href="mailto:Axel.Nennker@telekom.de">Axel.Nennker@telekom.de</a> [<a href="mailto:Axel.Nennker@telekom.de">mailto:Axel.Nennker@telekom.de</a>]
<br>
<b>Envoyé :</b> mercredi 23 novembre 2016 12:24<br>
<b>À :</b> AILLERY Nicolas IMT/OLPS; <a href="mailto:gonzalo.fernandezrodriguez@telefonica.com">
gonzalo.fernandezrodriguez@telefonica.com</a><br>
<b>Cc :</b> <a href="mailto:openid-specs-mobile-profile@lists.openid.net">openid-specs-mobile-profile@lists.openid.net</a><br>
<b>Objet :</b> Request Authorization</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="FR" style="mso-ansi-language:FR"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">UQ and CIBA differ on how the request is authorized.
</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">CIBA Section 4.2 refers to OpenID.Core section 9 for authorization:</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:36.0pt">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><a href="https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication">https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication</a></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:36.0pt">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><a href="https://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?Submit=Submit&format=ascii&mode=html&type=ascii&url=https://bitbucket.org/openid/mobile/raw/tip/draft-mobile-client-initiated-backchannel-authentication-01.xml?at=default#rfc.section.4.2">https://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?Submit=Submit&format=ascii&mode=html&type=ascii&url=https://bitbucket.org/openid/mobile/raw/tip/draft-mobile-client-initiated-backchannel-authentication-01.xml?at=default#rfc.section.4.2</a></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">UQ relies on Access Tokens without specifying how they are optained:</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:36.0pt">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><a href="https://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?Submit=Submit&format=ascii&mode=html&type=ascii&url=https://bitbucket.org/openid/mobile/raw/tip/draft-user-questioning-api.xml#rfc.section.4.1.2.1">https://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?Submit=Submit&format=ascii&mode=html&type=ascii&url=https://bitbucket.org/openid/mobile/raw/tip/draft-user-questioning-api.xml#rfc.section.4.1.2.1</a></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">UQ has to send the user at least once per the usual redirect dance to the AZ to obtain an access
token for the AZ’s UQ endpoint, right?</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] UQ is an OAuth protected API (i.e. an Oauth Resource server). To use UQ, the Client must have a
valid access_token obtained either by an OAuth AS or an OIDC AS. On the other hand, CIBA is an API that enables to get an access_token.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">In prose: Dear user, do you allow Client to ask you questions in the future? Yes, No</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] For UQ, the access_token can have been obtained thanks to a Oauth Client Credential flow, with
no user interaction.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">For that we would not need a new protocol, right? So the better question is:</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Dear user, do you allow Client to spontaneously ask you questions in the future on your authentication
device/mobile phone?</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">In this generality user will most likely decline, I guess.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Going through the UQ use cases
<a href="https://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?Submit=Submit&format=ascii&mode=html&type=ascii&url=https://bitbucket.org/openid/mobile/raw/tip/draft-user-questioning-api.xml#rfc.section.1.5">
https://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?Submit=Submit&format=ascii&mode=html&type=ascii&url=https://bitbucket.org/openid/mobile/raw/tip/draft-user-questioning-api.xml#rfc.section.1.5</a> the access token consent questions would be:</span><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">1)</span><span style="font-size:7.0pt;color:#1F497D">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Do you want Bank to get your consent when you buy something somewhere?</span><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">2)</span><span style="font-size:7.0pt;color:#1F497D">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Do you want Bank to get your consent to add payees to your account?</span><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">3)</span><span style="font-size:7.0pt;color:#1F497D">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Do you allow Food-Market to get your consent when an order needs to be changed?</span><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">4)</span><span style="font-size:7.0pt;color:#1F497D">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Do you allow Ticketshop to get your confirmation when you seem to buy tickets?</span><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">5)</span><span style="font-size:7.0pt;color:#1F497D">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Do you allow Airline to make sure you are aware of flight changes?</span><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">6)</span><span style="font-size:7.0pt;color:#1F497D">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Do you allow SurveyCompany to ask you questions on brands and products?</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">The Client has an Access Token that allows it to use the UQ endpoint to actually ask the questions.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">My question regarding UQ: Why is the spec silent on where the question is asked? Should there be
something like a questioning device?</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] I don’t get your point. If the user is prompted to consent the usage of the UQ API (i.e. scope=question)
by a Client. The consent is a generic consent with no information on the future AMR that could be used. Once again, the user consent is not mandatory (e.g. Client Cred Flow).</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">My question regarding CIBA: Is OpenID.Core section 9 the right way for CIBA or should CIBA use Access
Tokens as well or should CIBA just say the request needs to be authorized and whether this uses Client Credentials or Access Tokens is between Client and AZ.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] In my understanding, CIBA is an API of the OIDC AS. CIBA delivers the id_token and optionaly the
access_token.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Cheers</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Axel</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-outline-level:1">
<b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
<a href="mailto:nicolas.aillery@orange.com">nicolas.aillery@orange.com</a> [<a href="mailto:nicolas.aillery@orange.com">mailto:nicolas.aillery@orange.com</a>]
<br>
<b>Sent:</b> Tuesday, November 22, 2016 6:58 PM<br>
<b>To:</b> Nennker, Axel<br>
<b>Cc:</b> <a href="mailto:openid-specs-mobile-profile@lists.openid.net">openid-specs-mobile-profile@lists.openid.net</a>; Lodderstedt, Torsten; MARAIS Charles IMT/OLPS; CLEMENT Philippe IMT TECHNO; VASSELET Mickaël IMT/OLN<br>
<b>Subject:</b> RE: User Questioning RE: [Openid-specs-mobile-profile] minutes of MODRNA WG Call Nov 16th 2016</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="FR" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-ansi-language:FR">Hello Axel,</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="FR" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-ansi-language:FR"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> Thank you for your review.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> Please find my comments in your remarks,</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Regards,</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Nicolas</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-outline-level:1">
<b><span lang="FR" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-ansi-language:FR">De :</span></b><span lang="FR" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-ansi-language:FR">
<a href="mailto:Axel.Nennker@telekom.de">Axel.Nennker@telekom.de</a> [<a href="mailto:Axel.Nennker@telekom.de">mailto:Axel.Nennker@telekom.de</a>]
<br>
<b>Envoyé :</b> jeudi 17 novembre 2016 13:25<br>
<b>À :</b> AILLERY Nicolas IMT/OLPS; MARAIS Charles IMT/OLPS<br>
<b>Cc :</b> <a href="mailto:Torsten.Lodderstedt@telekom.de">Torsten.Lodderstedt@telekom.de</a>;
<a href="mailto:openid-specs-mobile-profile@lists.openid.net">openid-specs-mobile-profile@lists.openid.net</a><br>
<b>Objet :</b> User Questioning RE: [Openid-specs-mobile-profile] minutes of MODRNA WG Call Nov 16th 2016</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="FR" style="mso-ansi-language:FR"> </span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Hi Nicolas, hi Charles,</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">I reviewed the UQ draft and here are my first remarks:</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">-</span><span style="font-size:7.0pt;color:#1F497D">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Please consider whether the word “FORBIDDEN” can be replaced by “MUST NOT”<br>
e.g. in 4.1.1 I suggest to reverse the order and rephrase to avoid FORBIDDEN:<br>
“MANDATORY if the Access Token is not tied with an End-User. MUST NOT be present if the Access Token is tied with an End-User,”</span><o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">-</span><span style="font-size:7.0pt;color:#1F497D">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] OK, draft modified</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Regarding 4.1.1 User Questioning Request</span><o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">-</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">“AUTHORIZATION” the paragraph seems to exclude the possibility to use client_id/client_secret and BASIC auth, right? Or does use of client_id/client_secret constitute the case “not tied
to the user” while an access token constitutes the case “tied to the user”?</span><o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">-</span><span style="font-size:7.0pt;color:red">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] UQ API is defined as an OAuth 2.0 API, requiring an access_token. Client_id/client_secret or HTTP Basic Auth are excluded.</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">-</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">user_id “tied to the user” should be explained. I suggest adding text to the paragraph about “AUTHORIZATION” and the access token.</span><o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">-</span><span style="font-size:7.0pt;color:red">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] OK, draft modified (4.1.2.1)</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">-</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">user_id versus sub<br>
Why not use sub always instead of user_id? “sub” has the advantage that it is not widely known because it was assigned by the OP to the user for this Client. “sub” is never reassigned while a user_id might not be eternally assigned to the user. Yes, User_id_type
can be sub but sub is harder to misuse by a rogue Client.</span><o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">-</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">4.1.2.2 says “user_id as a reachability means”: Should the OP be free to decide how to contact the user on which device? Or does the Client decide on that by requesting a certain channel/device
to be used?</span><o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">-</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">I suggest to add “sub” as MANDATORY to the UQ request.</span><o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">-</span><span style="font-size:7.0pt;color:red">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] ‘sub’ is an option, but other types (e.g MSISDN) must be allowed for RP that don’t use (or don’t known) the sub. The OP must find a mean to reach the user. If the user_id
is a reachability identifier, it should be used.</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">-</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">“wished_acr” Why not use “acr_values” from OpenID.Core?</span><o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">-</span><span style="font-size:7.0pt;color:red">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] there is more semantic in ‘wished’</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">-</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">“wished_amr” like acr_values?: amr_values?</span><o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">-</span><span style="font-size:7.0pt;color:red">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] there is more semantic in ‘wished’</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">-</span><span style="font-size:7.0pt;color:red">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">“wished_*” is the order of the values important? There is no text regarding the order.<span style="color:red">
</span></span><o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">-</span><span style="font-size:7.0pt;color:red">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] OK, draft modified (order SHOULD be considered by OP)</span><o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:114.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Regarding 4.1.2.2 Processing user_id</span><o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">-</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">I would not conflate user_id as sub and user_id as reachability means!</span><o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">-</span><span style="font-size:7.0pt;color:red">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] a user_id is just a user identifier. It can be of different types. Some types can be directly used to reach the user (e.g. MSISDN), other cannot (e.g. sub). The way the
user is reach is up to the OP. The user_id is a mean for the RP to designate the User. If the access_token is associated with a user, the user_id is useless.</span><o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:114.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red"> </span><o:p></o:p></p>
<pre style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:12.0pt;margin-left:114.0pt;text-indent:-42.0pt"><span style="font-family:"Calibri","sans-serif"">-</span><span style="font-size:7.0pt;font-family:"Times New Roman","serif""> </span>Wondering about the wording here:<br>“If the user_id is present in both the User Questioning Request and the Access Token, an error is raised.”<br>If the access token is “SlAV32hkKG” does this cover the “present in” wording?<br>How about: “If the user_id is present but the Access Token is bound to a user then the user_id and the sub associated with the Access Token MUST be identical”. (Not replacing user_id by sub in this for now. I think the parameter “user_id” should be replaced by “sub” and a reachability parameter)<o:p></o:p></pre>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">-</span><span style="font-size:7.0pt;color:red">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] If the identifiers are identical, one is useless. The spec states that the Client has to choose to identify the user thanks to either the AT or the user_id, but not both.
</span><o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:114.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red"> </span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Regarding 4.1.3 Successful Response</span><o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">-</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">I am not sure whether transporting the polling URL in the Location header.</span><o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">-</span><span style="font-size:7.0pt;color:red">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] OK, draft modified (JSON is used)</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">-</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">I am not sure whether the polling location should be dynamic.<br>
Being dynamic has advantages because it can be dynamic based on client and/or question and/or server load etc…</span><o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">-</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Being dynamic has the disadvantage that the Client has to decide at polling time whether some policy might forbid it to talk to the polling endpoint.</span><o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">-</span><span style="font-size:7.0pt;color:red">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] It a pending discussion</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<pre>The example does not contain a JSON structure! Should this read like this:<br>HTTP/1.1 200 OK<o:p></o:p></pre>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><a name="draft-user-questioning-api.xml-750"></a><span style="font-size:10.0pt;font-family:"Courier New"">{ “Location”: “<a href="https://server.example.com/questions_polling/984dcc7d3d4d4b0f9f8022e344f9">https://server.example.com/questions_polling/984dcc7d3d4d4b0f9f8022e344f9</a>”,</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><a name="draft-user-questioning-api.xml-751"></a><span style="font-size:10.0pt;font-family:"Courier New""> “Question_id”: “984dcc7d3d4d4b0f9f8022e344f9”<br>
}</span><o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">-</span><span style="font-size:7.0pt;color:red">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] OK, draft modified (JSON is used)</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Courier New""> </span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Regarding 4.1.4 Error Response:</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Why is this different to OAuth2 Section 5.2 Error Response?</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><a href="https://tools.ietf.org/html/rfc6749#page-45">https://tools.ietf.org/html/rfc6749#page-45</a></span><o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">-</span><span style="font-size:7.0pt;color:red">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] It detailed in §5 that uses the same structure as OAuth. The way the structure (error_info) is transmitted depends on the endpoint (400 or POST)</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Regarding 4.3.2 Error Response</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Like 4.1.4 make this look more like OAuth2 Section 5.2 Error Response?</span><o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">-</span><span style="font-size:7.0pt;color:red">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] It detailed in §5 that uses the same structure as OAuth. The way the structure (error_info) is transmitted depends on the endpoint (400 or POST)</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Regarding 6.1 Implementation of questioning methods</span><o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">-</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Change headline to headline style (Capitalized Words)</span><o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">-</span><span style="font-size:7.0pt;color:red">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] I did not understand the comment</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">-</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Add supported AMR and ACR etc to discovery.<br>
“To prevent these errors, it can inform the Clients of its limitation and limit the possible questions or statements.”</span><o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">-</span><span style="font-size:7.0pt;color:red">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] OK, draft modified (amr_list, acr_list)</span><o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">-</span><span style="font-size:7.0pt;color:red">
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] Would you add ‘displayed_question_length’, ‘displayed_statement_length’, ‘displayed_statement_number’ in discovery ?</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Have to go now – So stopped reviewing for now before section 7 Security Considerations.</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Cheers</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Axel</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
<p class="MsoPlainText" style="mso-outline-level:1"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">From: Openid-specs-mobile-profile [<a href="mailto:openid-specs-mobile-profile-bounces@lists.openid.net">mailto:openid-specs-mobile-profile-bounces@lists.openid.net</a>]
On Behalf Of <a href="mailto:philippe.clement@orange.com">philippe.clement@orange.com</a></span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Sent: Wednesday, November 16, 2016 6:07 PM</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">To: Lodderstedt, Torsten;
<a href="mailto:openid-specs-mobile-profile@lists.openid.net">openid-specs-mobile-profile@lists.openid.net</a></span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Subject: [Openid-specs-mobile-profile] minutes of MODRNA WG Call Nov 16th 2016</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Please find below the preliminary notes of the call.
</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Should you detect any error or misunderstanding, please let me know.</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Participants : John, Axel, Bjorn, Charles, Torsten, Joerg</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Agenda :</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">• Review UQ specs</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">• Review SIBA specs</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">• Next workshop</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Discussion :</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">User Questionning</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">A new draft has been released by Orange, following questions/remarks from Torsten</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Axel and Bjorn volunteer to review the UQ draft specs.
</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Torsten to send a reminder to the list for reviewing, before entering the implementers draft process.</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">A proposal is made for OIF to present a status update of UQ work at the next PET GSMA meeting (end of November). Orange will help to draft this presentation. PET chairman
to be contacted for insertion into the agenda. </span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">SIBA</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Questions about the context parameter that shows up in the specs. Discussions in Paris had only stated a use for the binding message to interlock devices. Recommendation
from the call is to remove this parameter. </span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Charles volunteers to post comments on SIBA specs, other comments are awaited from the list.</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Mentionning the Use Cases in SIBA specs is requested to understand some choices in the specs, and will avoid any duplication with User Questionning.</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Idea of merging some parts of SIBA and UQ are set on the table, but draft specs should be more mature.</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Next workshop</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">For information, John should be in London January 18 and 19th, to take into consideration.</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">AOB: push style</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Discussion occurs on OAuth list regarding push style for the device flow.</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Some arguments are presented to balance push vs pull approach, for UQ.</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">• Complexity for the RP to implement 2 solutions</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">• Resource optimization from an OP side</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">• Number of requests per second</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">• Delay for the user to answer the question (seconds, minutes ?)</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Discussion to be continued on the list through the specs</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Best regards,</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Philippe</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">_________________________________________________________________________________________________________________________</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">This message and its attachments may contain confidential or privileged information that may be protected by law;</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">they should not be distributed, used or copied without authorisation.</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">If you have received this email in error, please notify the sender and delete this message and its attachments.</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Thank you.</span><o:p></o:p></p>
<pre><span lang="FR" style="mso-ansi-language:FR">_________________________________________________________________________________________________________________________</span><o:p></o:p></pre>
<pre><span lang="FR" style="mso-ansi-language:FR"> </span><o:p></o:p></pre>
<pre><span lang="FR" style="mso-ansi-language:FR">Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc</span><o:p></o:p></pre>
<pre><span lang="FR" style="mso-ansi-language:FR">pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler</span><o:p></o:p></pre>
<pre><span lang="FR" style="mso-ansi-language:FR">a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,</span><o:p></o:p></pre>
<pre><span lang="FR" style="mso-ansi-language:FR">Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.</span><o:p></o:p></pre>
<pre><span lang="FR" style="mso-ansi-language:FR"> </span><o:p></o:p></pre>
<pre><span lang="FR" style="mso-ansi-language:FR">This message and its attachments may contain confidential or privileged information that may be protected by law;</span><o:p></o:p></pre>
<pre><span lang="FR" style="mso-ansi-language:FR">they should not be distributed, used or copied without authorisation.</span><o:p></o:p></pre>
<pre><span lang="FR" style="mso-ansi-language:FR">If you have received this email in error, please notify the sender and delete this message and its attachments.</span><o:p></o:p></pre>
<pre><span lang="FR" style="mso-ansi-language:FR">As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.</span><o:p></o:p></pre>
<pre><span lang="FR" style="mso-ansi-language:FR">Thank you.</span><o:p></o:p></pre>
<pre><span lang="FR" style="mso-ansi-language:FR">_________________________________________________________________________________________________________________________</span><o:p></o:p></pre>
<pre><span lang="FR" style="mso-ansi-language:FR"> </span><o:p></o:p></pre>
<pre><span lang="FR" style="mso-ansi-language:FR">Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc</span><o:p></o:p></pre>
<pre><span lang="FR" style="mso-ansi-language:FR">pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler</span><o:p></o:p></pre>
<pre><span lang="FR" style="mso-ansi-language:FR">a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,</span><o:p></o:p></pre>
<pre><span lang="FR" style="mso-ansi-language:FR">Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.</span><o:p></o:p></pre>
<pre><span lang="FR" style="mso-ansi-language:FR"> </span><o:p></o:p></pre>
<pre><span lang="FR" style="mso-ansi-language:FR">This message and its attachments may contain confidential or privileged information that may be protected by law;</span><o:p></o:p></pre>
<pre><span lang="FR" style="mso-ansi-language:FR">they should not be distributed, used or copied without authorisation.</span><o:p></o:p></pre>
<pre><span lang="FR" style="mso-ansi-language:FR">If you have received this email in error, please notify the sender and delete this message and its attachments.</span><o:p></o:p></pre>
<pre><span lang="FR" style="mso-ansi-language:FR">As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.</span><o:p></o:p></pre>
<pre><span lang="FR" style="mso-ansi-language:FR">Thank you.</span><o:p></o:p></pre>
</div>
</div>
</div>
</div>
</div>
</body>
</html>