<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 12 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"MS Gothic";
panose-1:2 11 6 9 7 2 5 8 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"\@MS Gothic";
panose-1:2 11 6 9 7 2 5 8 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Sprechblasentext Zchn";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.E-MailFormatvorlage18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.SprechblasentextZchn
{mso-style-name:"Sprechblasentext Zchn";
mso-style-priority:99;
mso-style-link:Sprechblasentext;
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:931595752;
mso-list-template-ids:-1393099286;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1
{mso-list-id:1335456813;
mso-list-template-ids:1911589108;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="2050" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="DE" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I spent some time searching for EU directives on “Data Breach Notification Rule” and came across this document (<a href="http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp213_en.pdf">http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp213_en.pdf</a>)
and this comment (<a href="https://privacyassociation.org/news/a/eu-data-breach-notification-rule-the-key-elements">https://privacyassociation.org/news/a/eu-data-breach-notification-rule-the-key-elements</a>).<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">As far as I understand the directive the competent national authority is to be notified. The individual, user or, as used in the directive, the
“data subject” is only to be notified <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">“When the personal data breach is likely to adversely affect the personal data or privacy of a data subject1, the data controller shall also notify
the data subject of the breach without undue delay”.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">What if we let the user decide on whether the account is to be linked to an account with another provider.
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">The screenshot is taken from my profile @ scrumalliance.org<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Talk to you in a few hours<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Anton<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><img border="0" width="614" height="314" id="Bild_x0020_1" src="cid:image001.png@01D0896D.3D6EB350"></span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">Von:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Openid-specs-risc [mailto:openid-specs-risc-bounces@lists.openid.net]
<b>Im Auftrag von </b>Nat Sakimura<br>
<b>Gesendet:</b> Samstag, 2. Mai 2015 17:40<br>
<b>An:</b> Adam Dawes<br>
<b>Cc:</b> openid-specs-risc@lists.openid.net; Brad Hill; aatoc@googlegroups.com<br>
<b>Betreff:</b> Re: [Openid-specs-risc] RISC Agenda for today<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">From the privacy regulation point of view, each region has its limits. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">I am not a lawyer and the following is not a legal advice but just a general comment, but it may be a useful view. The privacy regulation situation may be better than you think. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">In case of EU, we could justify the sharing of the data through the conditions of processing of EU Directive and the forthcoming regulation. There are handful of those conditions, but for our case, we could tap specifically into these: <o:p></o:p></p>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo1">
The processing is necessary:<o:p></o:p></li></ul>
<ul type="disc">
<ul type="circle">
<li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level2 lfo1">
in relation to a contract which the individual has entered into; or<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level2 lfo1">
because the individual has asked for something to be done so they can enter into a contract.<o:p></o:p></li></ul>
</ul>
<ul type="disc">
<li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo1">
The processing is in accordance with the “legitimate interests” condition.<o:p></o:p></li></ul>
<p class="MsoNormal"><b><u>The Processing is necessary</u></b> -- It is probably reasonable to assume that the user and the relying party has entered into a relation that the user expects safeguarding of his account at the relying party. To fulfill it, if the
relying party regards it is important to share that information with the email or identity provider, it may do so accordingly. The provider side is a little more tricky but as long as the provider has been notified by the relying party, and relying party was
<b><u>deemed trustworthy</u></b>, then it would probably be reasonable to think that sharing the account status information with the said relying party is reasonably expected as necessary for executing the safeguarding expectation by the user. <br>
<br>
<b><u>Legitimate interest</u></b> -- alternatively, we can flip and use legitimate interest as long as we can determine that the benefit that the services obtain is not unreasonable compared to the privacy impact to the user. In this case, we could say that
it is a legitimate interest of the services and providers to safeguard the accounts and the negative privacy impact caused by it is minimal because we only share the "signal" etc.
<o:p></o:p></p>
</div>
<p class="MsoNormal"><br>
In the United States, since the legal restrictions are sector specific, we may need to treat each sector accordingly. This can be a bit more tricky, but it could be done. This administration's thinking, as I read from the recent Privacy Bill of Rights proposal,
the sharing of the information for the security related purpose is exempt from general restriction. So, we may want to leverage that.
<br>
<br>
In Japan, we are a bit out of luck in this respect, but we may be able to come up with something through the consultation to the data protection authority.
<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Cheers, <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Nat @ Kuching, Malaysia<o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">2015-05-02 15:55 GMT+09:00 Adam Dawes <<a href="mailto:adawes@google.com" target="_blank">adawes@google.com</a>>:<o:p></o:p></p>
<div>
<p class="MsoNormal">I think Brad and Nat's points are both spot on. I agree that this is harder to justify on a go-forward OAuth basis. But with a mass opt-in based on agreement (bi-lateral or trust framework), I'm far less certain I can persuade my organization
to go there. <o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I was interested in Anton's comments here. He said he thought that this kind of arrangement would not fly in Germany. Anton, would like to hear if you have more specific thoughts about this. Do you think there is a way to make mass opt-in
palatable?<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I suspect the best I could hope for would be to have a big announcement that Google was joining a trust framework with N other companies to share account security data and the privacy protections require x, y, and z. I'll need to start
doing some asking around but my gut tells me that still would be a pretty big ask. <o:p></o:p></p>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On Fri, May 1, 2015 at 5:13 PM, Nat Sakimura <<a href="mailto:sakimura@gmail.com" target="_blank">sakimura@gmail.com</a>> wrote:<o:p></o:p></p>
<div>
<p class="MsoNormal">+1 <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Just a few points. <o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">For the first tier, which I label as "mass enrollment", A trust framework where a trust framework operator and other participants get into contracts may work better from the scalability point of view. Mutual legal agreement quickly get
us into N^2 agreement explosion whereas a trust framework only has N+1. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Also, we should not use the term "opt-in" in this case since we are enrolling the users by default. we are enrolling the users with opt-out. <o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Nat <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><br>
—<br>
<a href="https://www.dropbox.com/mailbox" target="_blank">Mailbox</a> <span style="font-family:"MS Gothic"">
から送信</span><o:p></o:p></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><o:p> </o:p></p>
<div>
<div>
<div>
<p>On Sat, May 2, 2015 at 8:36 AM, Brad Hill <<a href="mailto:hillbrad@gmail.com" target="_blank">hillbrad@gmail.com</a>> wrote:<o:p></o:p></p>
</div>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">
<div>
<div>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">Regarding today's discussion on establishing trust relationships and bootstrapping for already established accounts. I would argue for a two-tiered approach.<o:p></o:p></p>
<div>
<p class="MsoNormal">One tier would be companies that execute mutual legal agreements and are able to opt-in users via their global ToS. This would likely require with an opt-out mechanism as deemed appropriate by each organization's legal counsel and appropriate
to the markets they operate in, but this could be transparent to the other side of the relationship. So long as company X and Y have a mutual agreement executed, all requests for account data would be whitelisted. If X said "I have an account for user@Y",
you'd believe them, and have contractual recourse if they were lying.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">The second tier would require more explicit opt-in, like an OAuth flow, to connect the accounts, and because it would have direct user approval would not need any prearrangements between the entities holding the accounts on the user's behalf.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I think trying to force all existing accounts to go through an explicit consent flow is just too big of an obstacle to ever getting operational at a meaningful scale. Maybe some large organizations in some jurisdictions would prefer or
need to use the explicit opt-in flows exclusively, but having a streamlined flow where some large fraction of the top 10 or 100 global account providers can establish mutual trust to bootstrap the first 10e8 connections without an enormous amount of explicit
point-to-point bookkeeping and user friction seems absolutely necessary for this to be meaningful in protecting users on any reasonable time scale.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">If there are tradeoffs to be made in terms of the scope or fidelity of the sharing vs. the ability to automatically provision, I would urge we go as far as we can towards low-fidelity low-friction (while still providing a useful signal)
for the same reason. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">-Brad<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On Fri, May 1, 2015 at 7:14 AM 'Adam Dawes' via Abuse and ATO Coordination <<a href="mailto:aatoc@googlegroups.com" target="_blank">aatoc@googlegroups.com</a>> wrote:<o:p></o:p></p>
<div>
<p style="margin:0cm;margin-bottom:.0001pt"><b><span style="font-size:11.5pt;font-family:"Arial","sans-serif";color:black">Agenda</span></b><o:p></o:p></p>
<p style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:0cm;margin-left:36.0pt;margin-bottom:.0001pt;text-indent:-18.0pt;mso-list:l0 level1 lfo2;vertical-align:baseline">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:11.5pt;font-family:"Arial","sans-serif";color:black">IPR update<o:p></o:p></span></p>
<p style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:0cm;margin-left:36.0pt;margin-bottom:.0001pt;text-indent:-18.0pt;mso-list:l0 level1 lfo2;vertical-align:baseline">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:11.5pt;font-family:"Arial","sans-serif";color:black">OASIS group STIX/TAXII next steps<o:p></o:p></span></p>
<p style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:0cm;margin-left:36.0pt;margin-bottom:.0001pt;text-indent:-18.0pt;mso-list:l0 level1 lfo2;vertical-align:baseline">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><u><span style="font-size:11.5pt;font-family:"Arial","sans-serif";color:black"><a href="https://docs.google.com/document/d/16QrQo5O1Afj4sZBZhJDHr9HxTtWERGHdle-0a4B6UT8/edit" target="_blank"><span style="text-decoration:none">PR
release</span></a></span></u><span style="font-size:11.5pt;font-family:"Arial","sans-serif";color:black"><o:p></o:p></span></p>
<p style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:0cm;margin-left:36.0pt;margin-bottom:.0001pt;text-indent:-18.0pt;mso-list:l0 level1 lfo2;vertical-align:baseline">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:11.5pt;font-family:"Arial","sans-serif";color:black">Weekly call times<o:p></o:p></span></p>
<p style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:0cm;margin-left:36.0pt;margin-bottom:.0001pt;text-indent:-18.0pt;mso-list:l0 level1 lfo2;vertical-align:baseline">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:11.5pt;font-family:"Arial","sans-serif";color:black">Technical Discussion<o:p></o:p></span></p>
<ul type="disc">
<ul type="circle">
<li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level2 lfo2;vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">How do we operationalize trust relationships. Going forward, looking backward<o:p></o:p></span></li></ul>
</ul>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif";color:black">Where:
</span><a href="https://global.gotomeeting.com/join/764054389" target="_blank"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">https://global.gotomeeting.com/join/764054389</span></a><o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif";color:black">Use your microphone and speakers (VoIP) – a headset is recommended. Or, call in using your telephone.</span><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif";color:black">US phone number:
<a href="tel:%2B1%20%28312%29%20878-3080" target="_blank">+1 (312) 878-3080</a>. </span>
<o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif";color:black">International Numbers:</span><o:p></o:p></p>
<p style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:0cm;margin-left:36.0pt;margin-bottom:.0001pt">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif";color:black">Australia:
<a href="tel:%2B61%202%208355%201034" target="_blank">+61 2 8355 1034</a></span><o:p></o:p></p>
<p style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:0cm;margin-left:36.0pt;margin-bottom:.0001pt">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif";color:black">Canada:
<a href="tel:%2B1%20%28647%29%20497-9376" target="_blank">+1 (647) 497-9376</a></span><o:p></o:p></p>
<p style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:0cm;margin-left:36.0pt;margin-bottom:.0001pt">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif";color:black">France: +33 (0) 170 950 586</span><o:p></o:p></p>
<p style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:0cm;margin-left:36.0pt;margin-bottom:.0001pt">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif";color:black">Germany:
<a href="tel:%2B49%20%280%29%20811%208899%206931" target="_blank">+49 (0) 811 8899 6931</a></span><o:p></o:p></p>
<p style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:0cm;margin-left:36.0pt;margin-bottom:.0001pt">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif";color:black">Spain:
<a href="tel:%2B34%20932%2020%200506" target="_blank">+34 932 20 0506</a></span><o:p></o:p></p>
<p style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:0cm;margin-left:36.0pt;margin-bottom:.0001pt">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif";color:black">United Kingdom:
<a href="tel:%2B44%20%280%29%20330%20221%200098" target="_blank">+44 (0) 330 221 0098</a></span><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif";color:black">Access Code: 736-042-757</span><o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif";color:black">Audio PIN: Shown after joining the meeting</span><o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif";color:black">Meeting ID: 764-054-389</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal">-- <br>
You received this message because you are subscribed to the Google Groups "Abuse and ATO Coordination" group.<br>
To unsubscribe from this group and stop receiving emails from it, send an email to
<a href="mailto:aatoc+unsubscribe@googlegroups.com" target="_blank">aatoc+unsubscribe@googlegroups.com</a>.<br>
To post to this group, send email to <a href="mailto:aatoc@googlegroups.com" target="_blank">
aatoc@googlegroups.com</a>.<br>
To view this discussion on the web visit <a href="https://groups.google.com/d/msgid/aatoc/CAOJhRMa9_G4gET-V0hNm7O%3Ddyq-4cwka_0fKwZKZqijwy91vMg%40mail.gmail.com?utm_medium=email&utm_source=footer" target="_blank">
https://groups.google.com/d/msgid/aatoc/CAOJhRMa9_G4gET-V0hNm7O%3Ddyq-4cwka_0fKwZKZqijwy91vMg%40mail.gmail.com</a>.<br>
For more options, visit <a href="https://groups.google.com/d/optout" target="_blank">
https://groups.google.com/d/optout</a>.<o:p></o:p></p>
</div>
<p class="MsoNormal">-- <br>
You received this message because you are subscribed to the Google Groups "Abuse and ATO Coordination" group.<br>
To unsubscribe from this group and stop receiving emails from it, send an email to
<a href="mailto:aatoc+unsubscribe@googlegroups.com" target="_blank">aatoc+unsubscribe@googlegroups.com</a>.<br>
To post to this group, send email to <a href="mailto:aatoc@googlegroups.com" target="_blank">
aatoc@googlegroups.com</a>.<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal">To view this discussion on the web visit <a href="https://groups.google.com/d/msgid/aatoc/CAEeYn8geYEo5h%2By0Me19vZZ52vTKkp%2BJXOetq7%3DENv1vv-nawA%40mail.gmail.com?utm_medium=email&utm_source=footer" target="_blank">
https://groups.google.com/d/msgid/aatoc/CAEeYn8geYEo5h%2By0Me19vZZ52vTKkp%2BJXOetq7%3DENv1vv-nawA%40mail.gmail.com</a>.<br>
For more options, visit <a href="https://groups.google.com/d/optout" target="_blank">
https://groups.google.com/d/optout</a>.<o:p></o:p></p>
</div>
</blockquote>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><br>
<br clear="all">
<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal">-- <o:p></o:p></p>
<div>
<p class="MsoNormal">Nat Sakimura (=nat)<o:p></o:p></p>
<div>
<p class="MsoNormal">Chairman, OpenID Foundation<br>
<a href="http://nat.sakimura.org/" target="_blank">http://nat.sakimura.org/</a><br>
@_nat_en<o:p></o:p></p>
</div>
</div>
</div>
</div>
</body>
</html>