<div dir="ltr"><div>Thanks everyone for the time yesterday..</div><div><br></div><div>Presentation is attached and I also recorded another take after the call if you want the demo:</div><div> <a href="https://youtu.be/qKm1hDVafMs">https://youtu.be/qKm1hDVafMs</a> </div><div><br></div><div>Some great questions came in on slack and are below to coalesce them here. </div><div><br></div><div>Comments and feedback on or off list are always welcome..</div><div><br></div><div>Thanks!</div><div><br></div><div>Chris.</div><div><br></div><div><div><br></div><div>--from OIDF slack thread: #cg-aiim channel: <a href="https://oidf.slack.com/archives/C091VMU2R3P/p1758819816498409">https://oidf.slack.com/archives/C091VMU2R3P/p1758819816498409</a></div><div><br></div><div><div class="gmail-c-virtual_list__item" tabindex="-1" role="listitem" id="gmail-C091VMU2R3P-1758819816.498409-thread-list-Thread_1758819816.498409" style="box-sizing:inherit;width:708px;outline-width:0px;outline-style:none;color:rgb(29,28,29);font-family:Slack-Lato,Slack-Fractions,appleLogo,sans-serif;font-size:15px;font-variant-ligatures:common-ligatures"><div role="presentation" class="gmail-c-message_kit__background gmail-c-message_kit__message gmail-c-message_kit__thread_message gmail-c-message_kit__thread_message--root" style="box-sizing:inherit;background-image:none;background-position:0% 0%;background-size:auto;background-repeat:repeat;background-origin:padding-box;background-clip:border-box;line-height:1.46668"><div role="document" class="gmail-c-message_kit__hover" style="box-sizing:inherit"><div class="gmail-c-message_kit__actions gmail-c-message_kit__actions--inside" style="box-sizing:inherit"><div class="gmail-c-message_kit__gutter" style="box-sizing:inherit;display:flex;padding:20px 24px 8px 16px"><div role="presentation" class="gmail-c-message_kit__gutter__right" style="box-sizing:inherit;min-width:0px;padding:8px 0px 8px 16px"><span class="gmail-c-message__sender gmail-c-message_kit__sender" style="box-sizing:inherit;font-weight:900;word-break:break-word"><span class="gmail-p-member_profile_hover_card" role="presentation" style="box-sizing:inherit;width:fit-content;height:fit-content;display:inline-flex"><button class="gmail-c-link--button gmail-c-message__sender_button" type="button" tabindex="0" style="box-sizing:inherit;background-image:initial;background-position:0px 0px;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;border-width:0px;border-style:initial;border-color:initial;padding:0px;font-family:inherit;color:rgb(29,28,29);font-size:inherit;font-stretch:inherit;font-style:inherit;font-variant:inherit;font-weight:inherit;line-height:inherit;overflow:initial;text-align:initial;vertical-align:baseline;margin:0px">Sarah Cecchetti</button></span></span>  <a aria-label="Yesterday at 1:03:36 PM" class="gmail-c-link gmail-c-timestamp" href="https://oidf.slack.com/archives/C091VMU2R3P/p1758819816498409" style="box-sizing:inherit;color:rgb(97,96,97);text-decoration-line:none;font-size:12px"><span class="gmail-c-timestamp__label" style="box-sizing:inherit">Yesterday at 1:03 PM</span></a><br style="box-sizing:inherit"><div class="gmail-c-message_kit__blocks gmail-c-message_kit__blocks--rich_text" style="box-sizing:inherit;max-width:none;margin-bottom:4px"><div class="gmail-c-message__message_blocks gmail-c-message__message_blocks--rich_text" style="box-sizing:inherit;max-width:none"><div class="gmail-p-block_kit_renderer" style="box-sizing:inherit;width:632px"><div class="gmail-p-block_kit_renderer__block_wrapper gmail-p-block_kit_renderer__block_wrapper--first" style="box-sizing:inherit;display:flex"><div class="gmail-p-rich_text_block" dir="auto" style="box-sizing:inherit;width:632px;line-height:1.46668"><div class="gmail-p-rich_text_section" style="box-sizing:inherit">Sorry, I had to drop for another meeting before Chris was done taking questions. Is the intent of the OIDC integration to prevent like “MCP phishing” where an attacker stands up a malicious MCP server that looks like a valid one? Are there other attacks that this would protect against? Has anyone put together a comprehensive list of MCP threats we could work backwards from?</div></div></div></div></div></div></div></div></div></div></div></div><div class="gmail-c-virtual_list__item" tabindex="-1" role="listitem" id="gmail-C091VMU2R3P-1758819816.498409-thread-list-Thread_separator" style="box-sizing:inherit;width:708px;color:rgb(29,28,29);font-family:Slack-Lato,Slack-Fractions,appleLogo,sans-serif;font-size:15px;font-variant-ligatures:common-ligatures"><div class="gmail-p-thread_separator_row_generic" style="box-sizing:inherit"><div class="gmail-p-threads_flexpane__separator" style="box-sizing:inherit;margin-top:4px;margin-bottom:4px;padding-left:16px;display:flex"><span class="gmail-p-threads_flexpane__separator_count" style="box-sizing:inherit;color:rgba(29,28,29,0.7);font-size:13px;line-height:1.38463;font-weight:initial;margin-right:12px">4 replies</span><hr class="gmail-p-threads_flexpane__separator_line" style="box-sizing:inherit;margin:1px 0px 0px;padding:0px;border-right:none;border-bottom:none;border-left:none;border-top:0.727273px solid rgba(29,28,29,0.13);clear:both"></div></div></div><div class="gmail-c-virtual_list__item" tabindex="-1" role="listitem" id="gmail-C091VMU2R3P-1758819816.498409-thread-list-Thread_1758824645.902379" style="box-sizing:inherit;width:708px;font-family:Slack-Lato,Slack-Fractions,appleLogo,sans-serif;font-variant-ligatures:common-ligatures"><div role="presentation" class="gmail-c-message_kit__background gmail-c-message_kit__message gmail-c-message_kit__thread_message" style="box-sizing:inherit;background-image:none;background-position:0% 0%;background-size:auto;background-repeat:repeat;background-origin:padding-box;background-clip:border-box;line-height:1.46668"><div role="document" class="gmail-c-message_kit__hover" style="box-sizing:inherit"><div class="gmail-c-message_kit__actions gmail-c-message_kit__actions--default" style="box-sizing:inherit"><div class="gmail-c-message_kit__gutter" style="box-sizing:inherit;display:flex;padding:8px 24px 8px 16px"><div role="presentation" class="gmail-c-message_kit__gutter__left" style="color:rgb(29,28,29);font-size:15px;box-sizing:inherit;margin-right:8px;display:flex"><span class="gmail-p-member_profile_hover_card" role="presentation" style="box-sizing:inherit;width:fit-content;height:fit-content;display:inline-flex"><button class="gmail-c-button-unstyled gmail-c-message_kit__avatar gmail-c-avatar gmail-c-avatar--interactive" aria-hidden="true" aria-label="View chris phillips’s Profile" tabindex="-1" type="button" style="box-sizing:inherit;background-image:initial;background-position:0px 0px;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;border-width:0px;border-style:initial;border-color:initial;padding:0px;font-family:inherit;font-size:inherit;font-stretch:inherit;font-style:inherit;font-variant:inherit;font-weight:inherit;line-height:inherit;overflow:initial;text-align:initial;vertical-align:initial;margin:0px;outline:none;height:36px;width:36px"><span class="gmail-c-base_icon__width_only_container" style="box-sizing:inherit;background-color:rgba(29,28,29,0.13);color:rgb(29,28,29);display:block;overflow:hidden;height:36px;width:36px"><img src="https://ca.slack-edge.com/TBB85A45B-U08S5FND5GU-a7cc261cd8dd-48" class="gmail-c-base_icon gmail-c-base_icon--image" aria-hidden="true" role="img" alt="" style="box-sizing: inherit; flex-shrink: 0; background-repeat: no-repeat; background-size: 100%; display: inline-block; width: 36px;"></span></button></span></div><div role="presentation" class="gmail-c-message_kit__gutter__right" style="box-sizing:inherit;min-width:0px;padding:8px 0px 8px 16px"><span class="gmail-c-message__sender gmail-c-message_kit__sender" style="color:rgb(29,28,29);font-size:15px;box-sizing:inherit;font-weight:900;word-break:break-word"><span class="gmail-p-member_profile_hover_card" role="presentation" style="box-sizing:inherit;width:fit-content;height:fit-content;display:inline-flex"><button class="gmail-c-link--button gmail-c-message__sender_button" type="button" tabindex="0" style="box-sizing:inherit;background-image:initial;background-position:0px 0px;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;border-width:0px;border-style:initial;border-color:initial;padding:0px;font-family:inherit;color:rgb(29,28,29);font-size:inherit;font-stretch:inherit;font-style:inherit;font-variant:inherit;font-weight:inherit;line-height:inherit;overflow:initial;text-align:initial;vertical-align:baseline;margin:0px">chris phillips</button></span></span><font color="#1d1c1d"><span style="font-size:15px">  </span></font><a aria-label="Yesterday at 2:24:05 PM" class="gmail-c-link gmail-c-timestamp" href="https://oidf.slack.com/archives/C091VMU2R3P/p1758824645902379?thread_ts=1758819816.498409&cid=C091VMU2R3P" style="color:rgb(97,96,97);font-size:12px;box-sizing:inherit;text-decoration-line:none"><span class="gmail-c-timestamp__label" style="box-sizing:inherit">Yesterday at 2:24 PM</span></a><br style="box-sizing:inherit"><div class="gmail-c-message_kit__blocks gmail-c-message_kit__blocks--rich_text" style="color:rgb(29,28,29);font-size:15px;box-sizing:inherit;max-width:none;margin-bottom:4px"><div class="gmail-c-message__message_blocks gmail-c-message__message_blocks--rich_text" style="box-sizing:inherit;max-width:none"><div class="gmail-p-block_kit_renderer" style="box-sizing:inherit;width:632px"><div class="gmail-p-block_kit_renderer__block_wrapper gmail-p-block_kit_renderer__block_wrapper--first" style="box-sizing:inherit;display:flex"><div class="gmail-p-rich_text_block" dir="auto" style="box-sizing:inherit;width:632px;line-height:1.46668"><div class="gmail-p-rich_text_section" style="box-sizing:inherit"><span class="gmail-" role="presentation" style="box-sizing:inherit"><a target="_blank" class="gmail-c-link gmail-c-member_slug gmail-c-member_slug--light gmail-c-member_slug--link" tabindex="0" href="https://oidf.slack.com/team/U094FEXPP42" rel="noopener noreferrer" style="box-sizing:inherit;color:rgb(18,100,163);text-decoration-line:none;border-radius:3px;padding:0px 2px 1px;background:none 0% 0%/auto repeat scroll padding-box border-box rgba(29,155,209,0.1)">@Sarah Cecchetti</a></span>, yes, those classes of risks can be diminished or mitigated. Employing a trust model means the client does some validation and the trust mark issuer does their due diligence. Today, MCP clients can connect promiscuously or with low verification of just plumbing them in and using them. To me this is why a lot of patterns have 1 MCP (ex: <a target="_blank" class="gmail-c-link" href="https://github.com/metatool-ai/metamcp" rel="noopener noreferrer" style="box-sizing:inherit;color:rgb(18,100,163);text-decoration-line:none">Metamcp</a>) and just consider it a win to reduce  configuration effort.<br aria-hidden="true" style="box-sizing:inherit">Trusted subsystem problems proliferate quickly. In a proxy model you get whatever was configured downstream and the API keys for that. e.g. github MCP and using a regular access token(all your repos) vs a personal access token(just repo xyz).  Who should connect to that MCP with your  tokens as 'you? and when?  Lots of aspects to think about..</div></div></div></div></div></div><div class="gmail-c-files_container" role="none" style="box-sizing:inherit"><div class="gmail-c-message_kit__file__meta" style="color:rgba(29,28,29,0.7);font-size:15px;box-sizing:inherit;margin-bottom:4px;display:flex"><span class="gmail-c-message_kit__file__meta__text" style="box-sizing:inherit;font-size:13px">2 files</span> <button class="gmail-c-button-unstyled gmail-c-icon_button gmail-c-icon_button--size_medium gmail-c-message_kit__file__meta__collapse gmail-c-icon_button--default" aria-label="Toggle 2 files" aria-expanded="true" type="button" style="box-sizing:inherit;background-image:initial;background-position:0px 0px;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;border-width:0px;border-style:initial;border-color:initial;padding:0px;font-family:inherit;color:rgba(29,28,29,0.7);font-size:20px;font-stretch:inherit;font-style:inherit;font-variant:inherit;font-weight:inherit;line-height:inherit;overflow:initial;text-align:initial;vertical-align:text-top;margin:0px;border-radius:8px;height:1em;width:1em;display:inline-flex"></button><div class="gmail-c-message_kit__file__meta__download_all" style="box-sizing:inherit;vertical-align:text-top;margin-left:8px;font-size:13px;display:flex"><button class="gmail-c-button-unstyled gmail-c-message_kit__file__meta__download_all__button" type="button" style="box-sizing:inherit;background-image:initial;background-position:0px 0px;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;border-width:0px;border-style:initial;border-color:initial;padding:0px 4px;font-family:inherit;font-size:inherit;font-stretch:inherit;font-style:inherit;font-variant:inherit;font-weight:400;line-height:inherit;overflow:initial;text-align:initial;vertical-align:initial;margin:0px 0px 0px 8px;border-radius:6px;display:flex"><span class="gmail-margin_left_25" style="box-sizing:inherit;margin-left:4px">Download all</span></button></div></div><div style="box-sizing:inherit;overflow:visible;width:0px"><div class="gmail-c-file_gallery gmail-c-file_gallery__narrow gmail-c-file_gallery--mouse_mode" style="box-sizing:inherit;max-width:1000px;margin-bottom:8px;min-width:88px;display:grid;width:632px"><div class="gmail-p-message_gallery_image_file gmail-c-file_gallery_image_file" style="box-sizing:inherit;border-radius:4px"><div class="gmail-c-file__actions gmail-c-message_actions__container gmail-c-message_actions__group gmail-c-file__actions--image" aria-label="More actions" role="presentation" style="background-image:none;background-position:0% 0%;background-size:auto;background-repeat:repeat;background-origin:padding-box;background-clip:border-box;box-sizing:inherit;border:unset;border-radius:12px;margin-left:8px;padding:4px;line-height:1;display:flex;opacity:0"><button class="gmail-c-button-unstyled gmail-c-icon_button gmail-c-icon_button--size_small gmail-c-message_actions__button gmail-c-icon_button--default" aria-label="More actions" aria-haspopup="menu" type="button" style="background-image:initial;background-position:0px 0px;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;box-sizing:inherit;border-width:0px;border-style:initial;border-color:initial;padding:0px;font-family:inherit;font-stretch:inherit;font-style:inherit;font-variant:inherit;font-weight:inherit;line-height:inherit;overflow:initial;text-align:initial;vertical-align:initial;margin:0px;border-radius:8px;height:32px;width:32px;display:inline-flex"><font color="#1d1c1d"><span style="font-size:15px;background-color:rgb(255,255,255)"> </span></font></button></div></div></div></div><div class="gmail-resize-triggers" style="color:rgb(29,28,29);font-size:15px;box-sizing:inherit;opacity:0;height:162px;width:632px;overflow:hidden"><div class="expand-trigger" style="box-sizing:inherit;height:162px;width:632px;overflow:auto;background:rgb(238,238,238)"><div style="box-sizing:inherit;width:633px;height:163px"></div></div><div class="gmail-contract-trigger" style="box-sizing:inherit;height:162px;width:632px;overflow:auto;background:rgb(238,238,238)"></div></div></div></div></div></div></div></div></div><div class="gmail-c-virtual_list__item" tabindex="-1" role="listitem" id="gmail-C091VMU2R3P-1758819816.498409-thread-list-Thread_1758839650.247809" style="box-sizing:inherit;width:708px;color:rgb(29,28,29);font-family:Slack-Lato,Slack-Fractions,appleLogo,sans-serif;font-size:15px;font-variant-ligatures:common-ligatures"><div role="presentation" class="gmail-c-message_kit__background gmail-c-message_kit__message gmail-c-message_kit__thread_message" style="box-sizing:inherit;background-image:none;background-position:0% 0%;background-size:auto;background-repeat:repeat;background-origin:padding-box;background-clip:border-box;line-height:1.46668"><div role="document" class="gmail-c-message_kit__hover" style="box-sizing:inherit"><div class="gmail-c-message_kit__actions gmail-c-message_kit__actions--default" style="box-sizing:inherit"><div class="gmail-c-message_kit__gutter" style="box-sizing:inherit;display:flex;padding:8px 24px 8px 16px"><div role="presentation" class="gmail-c-message_kit__gutter__left" style="box-sizing:inherit;margin-right:8px;display:flex"><span class="gmail-p-member_profile_hover_card" role="presentation" style="box-sizing:inherit;width:fit-content;height:fit-content;display:inline-flex"><button class="gmail-c-button-unstyled gmail-c-message_kit__avatar gmail-c-avatar gmail-c-avatar--interactive" aria-hidden="true" aria-label="View Jeff Lombardo (AWS)’s Profile" tabindex="-1" type="button" style="box-sizing:inherit;background-image:initial;background-position:0px 0px;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;border-width:0px;border-style:initial;border-color:initial;padding:0px;font-family:inherit;font-size:inherit;font-stretch:inherit;font-style:inherit;font-variant:inherit;font-weight:inherit;line-height:inherit;overflow:initial;text-align:initial;vertical-align:initial;margin:0px;outline:none;height:36px;width:36px"><span class="gmail-c-base_icon__width_only_container" style="box-sizing:inherit;background-color:rgba(29,28,29,0.13);color:rgb(29,28,29);display:block;overflow:hidden;height:36px;width:36px"><img src="https://ca.slack-edge.com/TBB85A45B-U08NSUHB1L1-786d939d29a3-48" class="gmail-c-base_icon gmail-c-base_icon--image" aria-hidden="true" role="img" alt="" style="box-sizing: inherit; flex-shrink: 0; background-repeat: no-repeat; background-size: 100%; display: inline-block; width: 36px;"></span></button></span></div><div role="presentation" class="gmail-c-message_kit__gutter__right" style="box-sizing:inherit;min-width:0px;padding:8px 0px 8px 16px"><span class="gmail-c-message__sender gmail-c-message_kit__sender" style="box-sizing:inherit;font-weight:900;word-break:break-word"><span class="gmail-p-member_profile_hover_card" role="presentation" style="box-sizing:inherit;width:fit-content;height:fit-content;display:inline-flex"><button class="gmail-c-link--button gmail-c-message__sender_button" type="button" tabindex="0" style="box-sizing:inherit;background-image:initial;background-position:0px 0px;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;border-width:0px;border-style:initial;border-color:initial;padding:0px;font-family:inherit;color:rgb(29,28,29);font-size:inherit;font-stretch:inherit;font-style:inherit;font-variant:inherit;font-weight:inherit;line-height:inherit;overflow:initial;text-align:initial;vertical-align:baseline;margin:0px">Jeff Lombardo (AWS)</button></span></span>  <a aria-label="Yesterday at 6:34:10 PM" class="gmail-c-link gmail-c-timestamp" href="https://oidf.slack.com/archives/C091VMU2R3P/p1758839650247809?thread_ts=1758819816.498409&cid=C091VMU2R3P" style="box-sizing:inherit;color:rgb(97,96,97);text-decoration-line:none;font-size:12px"><span class="gmail-c-timestamp__label" style="box-sizing:inherit">Yesterday at 6:34 PM</span></a><br style="box-sizing:inherit"><div class="gmail-c-message_kit__blocks gmail-c-message_kit__blocks--rich_text" style="box-sizing:inherit;max-width:none;margin-bottom:4px"><div class="gmail-c-message__message_blocks gmail-c-message__message_blocks--rich_text" style="box-sizing:inherit;max-width:none"><div class="gmail-p-block_kit_renderer" style="box-sizing:inherit;width:632px"><div class="gmail-p-block_kit_renderer__block_wrapper gmail-p-block_kit_renderer__block_wrapper--first" style="box-sizing:inherit;display:flex"><div class="gmail-p-rich_text_block" dir="auto" style="box-sizing:inherit;width:632px;line-height:1.46668"><div class="gmail-p-rich_text_section" style="box-sizing:inherit">nice presentation <span class="gmail-" role="presentation" style="box-sizing:inherit"><a target="_blank" class="gmail-c-link gmail-c-member_slug gmail-c-member_slug--light gmail-c-member_slug--link gmail-c-member_slug--mention" tabindex="0" href="https://oidf.slack.com/team/U08S5FND5GU" rel="noopener noreferrer" style="box-sizing:inherit;color:rgb(18,100,163);text-decoration-line:none;border-radius:3px;padding:0px 2px 1px;background:none 0% 0%/auto repeat scroll padding-box border-box rgba(255,198,0,0.18)">@chris phillips</a></span>, I still have questions:<br aria-hidden="true" style="box-sizing:inherit"></div><ul class="gmail-p-rich_text_list gmail-p-rich_text_list__bullet gmail-p-rich_text_list--nested" style="box-sizing:inherit;margin:0px 0px 0px 20px;padding:0px;list-style-type:none"><li style="box-sizing:inherit;margin-bottom:0px"> on the second diagram.... where is the client? From my poor and recent understanding of <a target="_blank" class="gmail-c-link" href="https://openid.net/specs/openid-federation-1_0.html" rel="noopener noreferrer" style="box-sizing:inherit;color:rgb(18,100,163);text-decoration-line:none">https://openid.net/specs/openid-federation-1_0.html</a>, a FedMgr Client is not defined as an actor. Is there another profiling of OpenID Federation  I need to look at?</li><li style="box-sizing:inherit;margin-bottom:0px">In your second diagram, the traffic goes through the FedMgr gateway, this means that the FedMgr gateway needs to be a MCP server by itself right?</li><li style="box-sizing:inherit;margin-bottom:0px">But in your demo it was unclear if got only the credential from the FedMGR Gateway or all the traffic went through it...</li><li style="box-sizing:inherit;margin-bottom:0px">If the traffic goes within the FedMgr Gateway what happens behind it? is the Token received is pass forward to the real MCP Server?<ul class="gmail-p-rich_text_list gmail-p-rich_text_list__bullet gmail-p-rich_text_list--nested" style="box-sizing:inherit;margin:0px 0px 0px 20px;padding:0px;list-style-type:none"><li style="box-sizing:inherit;margin-bottom:0px">If so what would prevent one from using the token directly with the backend MCP server?</li></ul></li><li style="box-sizing:inherit;margin-bottom:0px">Finally is there a longer demo somewhere. I am very interested into understand how one MCP Server will acquire its trust marking from OpenID Federation</li></ul><div class="gmail-p-rich_text_section" style="box-sizing:inherit"><span class="gmail-c-message__edited_label" dir="ltr" style="box-sizing:inherit;color:rgb(134,134,134);font-size:13px">(edited)</span></div></div></div></div></div></div><div class="gmail-c-message_kit__attachments" style="box-sizing:inherit;max-width:600px"><div class="gmail-c-message_attachment" style="box-sizing:inherit;max-width:600px;margin:0px 0px 8px;display:flex"><div class="gmail-c-message_attachment__border" style="box-sizing:inherit;background-color:rgb(221,221,221);border-radius:8px;width:4px"></div><div class="gmail-c-message_attachment__body" style="box-sizing:inherit;width:596px;padding:0px 12px;line-height:1.46667"><div class="gmail-c-message_attachment__row" style="box-sizing:inherit"><span class="gmail-c-message_attachment__author" style="box-sizing:inherit;color:rgb(221,221,221)"><span class="gmail-c-message_attachment__part" style="box-sizing:inherit;color:rgb(97,96,97)"><img class="gmail-c-message_attachment__author_icon" alt="openid.net" src="https://slack-imgs.com/?c=1&o1=wi32.he32.si&url=https%3A%2F%2Fopenid.net%2Ffavicon.ico" width="16" height="16" style="box-sizing: content-box; font-size: 12px; line-height: 1.25; vertical-align: middle; border-radius: 2px; width: 16px; height: 16px; margin-right: 8px; overflow: hidden; margin-bottom: 3px;"><span class="gmail-c-message_attachment__author_name" style="box-sizing:inherit;color:rgb(29,28,29);font-weight:900"><a href="http://openid.net">openid.net</a></span></span></span></div><div class="gmail-c-message_attachment__row" style="box-sizing:inherit"><span class="gmail-c-message_attachment__title" style="box-sizing:inherit;font-weight:700"><a target="_blank" class="gmail-c-link gmail-c-message_attachment__title_link" href="https://openid.net/specs/openid-federation-1_0.html" rel="noopener noreferrer" style="box-sizing:inherit;color:rgb(18,100,163);text-decoration-line:none"><span dir="auto" style="box-sizing:inherit">OpenID Federation 1.0 - draft 43</span><span aria-label="(opens in new tab)" style="box-sizing:inherit"></span></a></span></div><div class="gmail-c-message_attachment__row" style="box-sizing:inherit"><span class="gmail-c-message_attachment__text" style="box-sizing:inherit"><span dir="auto" style="box-sizing:inherit">A federation can be expressed as an agreement between parties that trust each other.<br style="box-sizing:inherit">In bilateral federations, direct trust can be established between<br style="box-sizing:inherit">two organizations belonging to the same federation.<br style="box-sizing:inherit">In a multilateral federation, bilateral agreements might not be practical,<br style="box-sizing:inherit">in which case, trust can be mediated by a third party.<br style="box-sizing:inherit"></span><span style="box-sizing:inherit"><button aria-expanded="false" class="gmail-c-link--button gmail-c-message_attachment__text_expander" type="button" tabindex="0" style="box-sizing:inherit;background-image:initial;background-position:0px 0px;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;border-width:0px;border-style:initial;border-color:initial;padding:0px;font-family:inherit;color:rgb(18,100,163);font-size:inherit;font-stretch:inherit;font-style:inherit;font-variant:inherit;font-weight:inherit;line-height:inherit;overflow:initial;text-align:initial;vertical-align:baseline;margin:0px">Show more</button></span></span></div></div></div></div></div></div></div></div></div></div><div class="gmail-c-virtual_list__item" tabindex="-1" role="listitem" id="gmail-C091VMU2R3P-1758819816.498409-thread-list-Thread_1758860182.462829" style="box-sizing:inherit;width:708px;color:rgb(29,28,29);font-family:Slack-Lato,Slack-Fractions,appleLogo,sans-serif;font-size:15px;font-variant-ligatures:common-ligatures"><div role="presentation" class="gmail-c-message_kit__background gmail-c-message_kit__message gmail-c-message_kit__thread_message" style="box-sizing:inherit;background-image:none;background-position:0% 0%;background-size:auto;background-repeat:repeat;background-origin:padding-box;background-clip:border-box;line-height:1.46668"><div role="document" class="gmail-c-message_kit__hover" style="box-sizing:inherit"><div class="gmail-c-message_kit__actions gmail-c-message_kit__actions--default" style="box-sizing:inherit"><div class="gmail-c-message_kit__gutter" style="box-sizing:inherit;display:flex;padding:8px 24px 8px 16px"><div role="presentation" class="gmail-c-message_kit__gutter__left" style="box-sizing:inherit;margin-right:8px;display:flex"><span class="gmail-p-member_profile_hover_card" role="presentation" style="box-sizing:inherit;width:fit-content;height:fit-content;display:inline-flex"><button class="gmail-c-button-unstyled gmail-c-message_kit__avatar gmail-c-avatar gmail-c-avatar--interactive" aria-hidden="true" aria-label="View chris phillips’s Profile" tabindex="-1" type="button" style="box-sizing:inherit;background-image:initial;background-position:0px 0px;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;border-width:0px;border-style:initial;border-color:initial;padding:0px;font-family:inherit;font-size:inherit;font-stretch:inherit;font-style:inherit;font-variant:inherit;font-weight:inherit;line-height:inherit;overflow:initial;text-align:initial;vertical-align:initial;margin:0px;outline:none;height:36px;width:36px"><span class="gmail-c-base_icon__width_only_container" style="box-sizing:inherit;background-color:rgba(29,28,29,0.13);color:rgb(29,28,29);display:block;overflow:hidden;height:36px;width:36px"><img src="https://ca.slack-edge.com/TBB85A45B-U08S5FND5GU-a7cc261cd8dd-48" class="gmail-c-base_icon gmail-c-base_icon--image" aria-hidden="true" role="img" alt="" style="box-sizing: inherit; flex-shrink: 0; background-repeat: no-repeat; background-size: 100%; display: inline-block; width: 36px;"></span></button></span></div><div role="presentation" class="gmail-c-message_kit__gutter__right" style="box-sizing:inherit;min-width:0px;padding:8px 0px 8px 16px"><span class="gmail-c-message__sender gmail-c-message_kit__sender" style="box-sizing:inherit;font-weight:900;word-break:break-word"><span class="gmail-p-member_profile_hover_card" role="presentation" style="box-sizing:inherit;width:fit-content;height:fit-content;display:inline-flex"><button class="gmail-c-link--button gmail-c-message__sender_button" type="button" tabindex="0" style="box-sizing:inherit;background-image:initial;background-position:0px 0px;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;border-width:0px;border-style:initial;border-color:initial;padding:0px;font-family:inherit;color:rgb(29,28,29);font-size:inherit;font-stretch:inherit;font-style:inherit;font-variant:inherit;font-weight:inherit;line-height:inherit;overflow:initial;text-align:initial;vertical-align:baseline;margin:0px">chris phillips</button></span></span>  <a aria-label="Today at 12:16:22 AM" class="gmail-c-link gmail-c-timestamp" href="https://oidf.slack.com/archives/C091VMU2R3P/p1758860182462829?thread_ts=1758819816.498409&cid=C091VMU2R3P" style="box-sizing:inherit;color:rgb(97,96,97);text-decoration-line:none;font-size:12px"><span class="gmail-c-timestamp__label" style="box-sizing:inherit">Today at 12:16 AM</span></a><br style="box-sizing:inherit"><div class="gmail-c-message_kit__blocks gmail-c-message_kit__blocks--rich_text" style="box-sizing:inherit;max-width:none;margin-bottom:4px"><div class="gmail-c-message__message_blocks gmail-c-message__message_blocks--rich_text" style="box-sizing:inherit;max-width:none"><div class="gmail-p-block_kit_renderer" style="box-sizing:inherit;width:632px"><div class="gmail-p-block_kit_renderer__block_wrapper gmail-p-block_kit_renderer__block_wrapper--first" style="box-sizing:inherit;display:flex"><div class="gmail-p-rich_text_block" dir="auto" style="box-sizing:inherit;width:632px;line-height:1.46668"><div class="gmail-p-rich_text_section" style="box-sizing:inherit">Thanks <span class="gmail-" role="presentation" style="box-sizing:inherit"><a target="_blank" class="gmail-c-link gmail-c-member_slug gmail-c-member_slug--light gmail-c-member_slug--link" tabindex="0" href="https://oidf.slack.com/team/U08NSUHB1L1" rel="noopener noreferrer" style="box-sizing:inherit;color:rgb(18,100,163);text-decoration-line:none;border-radius:3px;padding:0px 2px 1px;background:none 0% 0%/auto repeat scroll padding-box border-box rgba(29,155,209,0.1)">@Jeff Lombardo (AWS)</a></span>.. great questions .. some thoughts below:<br aria-hidden="true" style="box-sizing:inherit"></div><ul class="gmail-p-rich_text_list gmail-p-rich_text_list__bullet gmail-p-rich_text_list--nested" style="box-sizing:inherit;margin:0px 0px 0px 20px;padding:0px;list-style-type:none"><li style="box-sizing:inherit;margin-bottom:0px"> on the second diagram.... where is the client? From my poor and recent understanding of <a target="_blank" class="gmail-c-link" href="https://openid.net/specs/openid-federation-1_0.html" rel="noopener noreferrer" style="box-sizing:inherit;color:rgb(18,100,163);text-decoration-line:none">https://openid.net/specs/openid-federation-1_0.html</a>, a FedMgr Client is not defined as an actor. Is there another profiling of OpenID Federation  I need to look at?</li></ul><div class="gmail-p-rich_text_section" style="box-sizing:inherit"><span aria-label="" class="gmail-c-mrkdwn__br" style="box-sizing:inherit;height:8px;display:block"></span>Chris: Right now, not that I know of. I think a handful are working on this. AFAIK, i'm the only one active in the AI specific space. Other interop events have happened, and an R&E <a target="_blank" class="gmail-c-link" href="https://wiki.geant.org/spaces/G52W5/pages/1139736659/Cycle+10+final+Demo" rel="noopener noreferrer" style="box-sizing:inherit;color:rgb(18,100,163);text-decoration-line:none">presentation day</a> (<a target="_blank" class="gmail-c-link" href="https://wiki.geant.org/spaces/G52W5/pages/1049624681/Cycle+10+half-time+Demo" rel="noopener noreferrer" style="box-sizing:inherit;color:rgb(18,100,163);text-decoration-line:none">with slides</a>) today had some other updates on their progress. No profiles, but technology and large scale testing<span aria-label="" class="gmail-c-mrkdwn__br" style="box-sizing:inherit;height:8px;display:block"></span><span aria-label="" class="gmail-c-mrkdwn__br" style="box-sizing:inherit;height:8px;display:block"></span></div><ul class="gmail-p-rich_text_list gmail-p-rich_text_list__bullet gmail-p-rich_text_list--nested" style="box-sizing:inherit;margin:0px 0px 0px 20px;padding:0px;list-style-type:none"><li style="box-sizing:inherit;margin-bottom:0px">In your second diagram, the traffic goes through the FedMgr gateway, this means that the FedMgr gateway needs to be a MCP server by itself right?</li></ul><div class="gmail-p-rich_text_section" style="box-sizing:inherit"><span aria-label="" class="gmail-c-mrkdwn__br" style="box-sizing:inherit;height:8px;display:block"></span>Chris: It is not an MCP but a 'client'. In my case, a web app at localhost:3001 that is registered with github as an OAuth App. In turn it mints another token with the trustmark.  I chose this route rather than a CLI client as it was a bit easier than to docker compose an OIDC OP.  In the demo I take the reminted token from the gui and cut and paste that into VSCode so it can be used when I communicate with the MCP server on localhost:4001.<span aria-label="" class="gmail-c-mrkdwn__br" style="box-sizing:inherit;height:8px;display:block"></span></div><ul class="gmail-p-rich_text_list gmail-p-rich_text_list__bullet gmail-p-rich_text_list--nested" style="box-sizing:inherit;margin:0px 0px 0px 20px;padding:0px;list-style-type:none"><li style="box-sizing:inherit;margin-bottom:0px">But in your demo it was unclear if got only the credential from the FedMGR Gateway or all the traffic went through it...</li></ul><div class="gmail-p-rich_text_section" style="box-sizing:inherit"><span aria-label="" class="gmail-c-mrkdwn__br" style="box-sizing:inherit;height:8px;display:block"></span>Chris: great point, The Gitlab JWT is not being passed but the newly re-minted one with the trust mark because github can't issue it at this time. There could be a point in time in the future when platforms could do this but not right now.  As well, the audience is <a target="_blank" class="gmail-c-link" href="http://localhost:3001/" rel="noopener noreferrer" style="box-sizing:inherit;color:rgb(18,100,163);text-decoration-line:none">http://localhost:3001</a> if i recall correctly.<span aria-label="" class="gmail-c-mrkdwn__br" style="box-sizing:inherit;height:8px;display:block"></span></div><ul class="gmail-p-rich_text_list gmail-p-rich_text_list__bullet gmail-p-rich_text_list--nested" style="box-sizing:inherit;margin:0px 0px 0px 20px;padding:0px;list-style-type:none"><li style="box-sizing:inherit;margin-bottom:0px">If the traffic goes within the FedMgr Gateway what happens behind it? is the Token received is pass forward to the real MCP Server?</li></ul><div class="gmail-p-rich_text_section" style="box-sizing:inherit"><span aria-label="" class="gmail-c-mrkdwn__br" style="box-sizing:inherit;height:8px;display:block"></span>Chris: the JWT is re-minted, not passed forward.<span aria-label="" class="gmail-c-mrkdwn__br" style="box-sizing:inherit;height:8px;display:block"></span></div><ul class="gmail-p-rich_text_list gmail-p-rich_text_list__bullet gmail-p-rich_text_list--nested" style="box-sizing:inherit;margin:0px 0px 0px 20px;padding:0px;list-style-type:none"><li style="box-sizing:inherit;margin-bottom:0px">If so what would prevent one from using the token directly with the backend MCP server?</li></ul><div class="gmail-p-rich_text_section" style="box-sizing:inherit"><span aria-label="" class="gmail-c-mrkdwn__br" style="box-sizing:inherit;height:8px;display:block"></span>Chris: At first I believed(wrongly) i could just use a re-minted token with the trustmark everywhere 'as is' (after the trust marking) BUT the OAuth2 audience requirements preclude that for security reasons. Replaying the token to the wrong endpoint should result in an error for that alone BUT it could also be  construed as revealing a private token to another party who in turn could replay it against the proper audience, at least until it expired.<br aria-hidden="true" style="box-sizing:inherit">This is why being able to determine trust before connection is important IMO. Good token hygiene and duty of care handling them matter.<span aria-label="" class="gmail-c-mrkdwn__br" style="box-sizing:inherit;height:8px;display:block"></span></div><ul class="gmail-p-rich_text_list gmail-p-rich_text_list__bullet gmail-p-rich_text_list--nested" style="box-sizing:inherit;margin:0px 0px 0px 20px;padding:0px;list-style-type:none"><li style="box-sizing:inherit;margin-bottom:0px">Finally is there a longer demo somewhere. I am very interested into understand how one MCP Server will acquire its trust marking from OpenID Federation</li></ul><div class="gmail-p-rich_text_section" style="box-sizing:inherit"><span aria-label="" class="gmail-c-mrkdwn__br" style="box-sizing:inherit;height:8px;display:block"></span>Chris: my longer demo was less polished than this one and does not dig into the enrolment and registration processes and is less focused than this one.<br aria-hidden="true" style="box-sizing:inherit">In all cases, I have manually set the CA and entity registration as a POC for a docker-compose.  It was manually done thus explicit registration.<br aria-hidden="true" style="box-sizing:inherit">Dynamically and automatically 'trusting' and issuing a trust mark(s) has it's place to match the appropriate risks in doing that but I shy away from that as 'good practice' for now as trust to me means doing more than just registering something.<br aria-hidden="true" style="box-sizing:inherit">For who's doing what, check: <a target="_blank" class="gmail-c-link" href="https://openid.net/developers/openid-federation-implementations/" rel="noopener noreferrer" style="box-sizing:inherit;color:rgb(18,100,163);text-decoration-line:none">https://openid.net/developers/openid-federation-implementations/</a> and then see what they're doing is what I'm keeping an eye on for inspiration on what's needed.<br aria-hidden="true" style="box-sizing:inherit">I've been working on instantiating a bootstrap 'admin' federation that will have an explicit admin designation and then when you sign into it, you can start doing the interesting things.  This way, the tooling uses its own techniques to operate and realizes a use case of a personal federation.<br aria-hidden="true" style="box-sizing:inherit">There are so many ways things can be done but getting a base global admin bootstrapped is key to unlocking the other elements.<span aria-label="" class="gmail-c-mrkdwn__br" style="box-sizing:inherit;height:8px;display:block"></span>Great questions and help identify areas I need to elaborate more or clarify.<br aria-hidden="true" style="box-sizing:inherit">I recorded the <a target="_blank" class="gmail-c-link" href="https://youtu.be/qKm1hDVafMs" rel="noopener noreferrer" style="box-sizing:inherit;color:rgb(18,100,163);text-decoration-line:none">presentation again</a> (after the call!) which has a bit more on the demo side there (but nothing on registration)<span aria-label="" class="gmail-c-mrkdwn__br" style="box-sizing:inherit;height:8px;display:block"></span></div><div class="gmail-p-rich_text_section" style="box-sizing:inherit"><span class="gmail-c-message__edited_label" dir="ltr" style="box-sizing:inherit;color:rgb(134,134,134);font-size:13px">(edited)</span></div></div></div></div></div></div><div class="gmail-c-message_kit__attachments" style="box-sizing:inherit;max-width:600px"><div class="gmail-c-message_attachment" style="box-sizing:inherit;max-width:600px;margin:0px 0px 8px;display:flex"><div class="gmail-c-message_attachment__delete_container" style="box-sizing:inherit;width:20px;display:flex"><button class="gmail-c-button-unstyled gmail-c-message_attachment__delete" aria-label="Remove attachment" type="button" style="box-sizing:inherit;background-image:initial;background-position:0px 0px;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;border-width:0px;border-style:initial;border-color:initial;padding:0px;font-family:inherit;color:rgb(134,134,134);font-size:inherit;font-stretch:inherit;font-style:inherit;font-variant:inherit;font-weight:inherit;line-height:inherit;overflow:initial;text-align:initial;vertical-align:initial;margin:0px;opacity:0;display:inline"><i class="gmail-c-deprecated-icon gmail-c-icon--times-small gmail-undefined" type="times_small" aria-hidden="true" style="box-sizing:inherit"></i></button></div><div class="gmail-c-message_attachment__border" style="box-sizing:inherit;background-color:rgb(221,221,221);border-radius:8px;width:4px"></div><div class="gmail-c-message_attachment__body" style="box-sizing:inherit;width:596px;padding:0px 12px;line-height:1.46667"><div class="gmail-c-message_attachment__row" style="box-sizing:inherit"><span class="gmail-c-message_attachment__author" style="box-sizing:inherit;color:rgb(221,221,221)"><span class="gmail-c-message_attachment__part" style="box-sizing:inherit;color:rgb(97,96,97)"><img class="gmail-c-message_attachment__author_icon" alt="openid.net" src="https://slack-imgs.com/?c=1&o1=wi32.he32.si&url=https%3A%2F%2Fopenid.net%2Ffavicon.ico" width="16" height="16" style="box-sizing: content-box; font-size: 12px; line-height: 1.25; vertical-align: middle; border-radius: 2px; width: 16px; height: 16px; margin-right: 8px; overflow: hidden; margin-bottom: 3px;"><span class="gmail-c-message_attachment__author_name" style="box-sizing:inherit;color:rgb(29,28,29);font-weight:900"><a href="http://openid.net">openid.net</a></span></span></span></div><div class="gmail-c-message_attachment__row" style="box-sizing:inherit"><span class="gmail-c-message_attachment__title" style="box-sizing:inherit;font-weight:700"><a target="_blank" class="gmail-c-link gmail-c-message_attachment__title_link" href="https://openid.net/specs/openid-federation-1_0.html" rel="noopener noreferrer" style="box-sizing:inherit;color:rgb(18,100,163);text-decoration-line:none"><span dir="auto" style="box-sizing:inherit">OpenID Federation 1.0 - draft 43</span><span aria-label="(opens in new tab)" style="box-sizing:inherit"></span></a></span></div><div class="gmail-c-message_attachment__row" style="box-sizing:inherit"><span class="gmail-c-message_attachment__text" style="box-sizing:inherit"><span dir="auto" style="box-sizing:inherit">A federation can be expressed as an agreement between parties that trust each other.<br style="box-sizing:inherit">In bilateral federations, direct trust can be established between<br style="box-sizing:inherit">two organizations belonging to the same federation.<br style="box-sizing:inherit">In a multilateral federation, bilateral agreements might not be practical,<br style="box-sizing:inherit">in which case, trust can be mediated by a third party.<br style="box-sizing:inherit"></span><span style="box-sizing:inherit"><button aria-expanded="false" class="gmail-c-link--button gmail-c-message_attachment__text_expander" type="button" tabindex="0" style="box-sizing:inherit;background-image:initial;background-position:0px 0px;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;border-width:0px;border-style:initial;border-color:initial;padding:0px;font-family:inherit;color:rgb(18,100,163);font-size:inherit;font-stretch:inherit;font-style:inherit;font-variant:inherit;font-weight:inherit;line-height:inherit;overflow:initial;text-align:initial;vertical-align:baseline;margin:0px">Show more</button></span></span></div></div></div><div class="gmail-c-message_attachment" style="box-sizing:inherit;max-width:600px;margin:0px 0px 8px;display:flex"><div class="gmail-c-message_attachment__delete_container" style="box-sizing:inherit;width:20px;display:flex"><button class="gmail-c-button-unstyled gmail-c-message_attachment__delete" aria-label="Remove attachment" type="button" style="box-sizing:inherit;background-image:initial;background-position:0px 0px;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;border-width:0px;border-style:initial;border-color:initial;padding:0px;font-family:inherit;color:rgb(134,134,134);font-size:inherit;font-stretch:inherit;font-style:inherit;font-variant:inherit;font-weight:inherit;line-height:inherit;overflow:initial;text-align:initial;vertical-align:initial;margin:0px;opacity:0;display:inline"><i class="gmail-c-deprecated-icon gmail-c-icon--times-small gmail-undefined" type="times_small" aria-hidden="true" style="box-sizing:inherit"></i></button></div><div class="gmail-c-message_attachment__border" style="box-sizing:inherit;background-color:rgb(221,221,221);border-radius:8px;width:4px"></div><div class="gmail-c-message_attachment__body" style="box-sizing:inherit;width:596px;padding:0px 12px;line-height:1.46667"><div class="gmail-c-message_attachment__row" style="box-sizing:inherit"><span class="gmail-c-message_attachment__author" style="box-sizing:inherit;color:rgb(221,221,221)"><span class="gmail-c-message_attachment__part" style="box-sizing:inherit;color:rgb(97,96,97)"><img class="gmail-c-message_attachment__author_icon" alt="OpenID Foundation - Helping people assert their identity wherever they choose" src="https://slack-imgs.com/?c=1&o1=wi32.he32.si&url=https%3A%2F%2Fopenid.net%2Fwp-content%2Fuploads%2F2022%2F11%2Ffavicon_23-300x300.jpg" width="16" height="16" style="box-sizing: content-box; font-size: 12px; line-height: 1.25; vertical-align: middle; border-radius: 2px; width: 16px; height: 16px; margin-right: 8px; overflow: hidden; margin-bottom: 3px;"><span class="gmail-c-message_attachment__author_name" style="box-sizing:inherit;color:rgb(29,28,29);font-weight:900">OpenID Foundation - Helping people assert their identity wherever they choose</span></span></span></div><div class="gmail-c-message_attachment__row" style="box-sizing:inherit"><span class="gmail-c-message_attachment__title" style="box-sizing:inherit;font-weight:700"><a target="_blank" class="gmail-c-link gmail-c-message_attachment__title_link" href="https://openid.net/developers/openid-federation-implementations/" rel="noopener noreferrer" style="box-sizing:inherit;color:rgb(18,100,163);text-decoration-line:none"><span dir="auto" style="box-sizing:inherit">OpenID Federation Implementations - OpenID Foundation</span><span aria-label="(opens in new tab)" style="box-sizing:inherit"></span></a></span></div><div class="gmail-c-message_attachment__row" style="box-sizing:inherit"><span class="gmail-c-message_attachment__text" style="box-sizing:inherit"><span dir="auto" style="box-sizing:inherit">OpenID Federation Implementations These OpenID Federation implementations are listed by programming language, followed by a list of products C# spid-cie-oidc-aspnetcoreSPID/CIE OIDC Federation SDK for AspNetCoreLicense: Apache 2.0 Go go-oidfedGo implementation of OpenID Federation – Work in ProgressLicense: MIT Java Nimbus OAuth 2.0 SDK with OpenID Connect extensionsOpenID Federation core functionality, including trust chain validation and metadata</span></span></div><div class="gmail-c-message_attachment__row gmail-c-message_attachment__row--has_trigger" style="box-sizing:inherit"><span class="gmail-c-message_attachment__footer" style="box-sizing:inherit;color:rgb(221,221,221);padding-top:4px;font-size:12px;line-height:1.25"><span class="gmail-c-message_attachment__footer_ts gmail-c-message_attachment__part" style="box-sizing:inherit;color:rgb(97,96,97)">Sep 5th, 2024</span></span><span class="gmail-c-message_attachment__media_trigger gmail-c-message_attachment__media_trigger--caption" style="box-sizing:inherit;font-size:13px;line-height:1.38462"> (17 kB)<button class="gmail-c-button-unstyled gmail-c-expandable_trigger" title="collapse" aria-expanded="true" type="button" style="box-sizing:inherit;background-image:initial;background-position:0px 0px;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;border-width:0px;border-style:initial;border-color:initial;padding:0px;font-family:inherit;color:rgb(18,100,163);font-size:15px;font-stretch:inherit;font-style:inherit;font-variant:inherit;font-weight:inherit;line-height:1;overflow:visible;text-align:initial;vertical-align:initial"><i class="gmail-c-deprecated-icon gmail-c-icon--caret-down gmail-c-deprecated-icon--inherit gmail-undefined" type="caret_down" aria-hidden="true" style="box-sizing:inherit"></i></button></span></div><div class="gmail-c-message_attachment__row" style="box-sizing:inherit"><div aria-label="toggle OpenID Federation Implementations - OpenID Foundation image" style="box-sizing:inherit"><div class="gmail-c-aspect_box__outer gmail-c-message_attachment__image_container gmail-p-message_attachment__image_container--has-actions" style="box-sizing:inherit;max-width:100%;margin-top:5px;width:360px"><div class="gmail-c-aspect_box__inner" style="box-sizing:inherit;padding-top:107px"><div class="gmail-c-aspect_box__content" style="box-sizing:inherit;width:360px;height:107px"><a target="_blank" title="OpenID Federation Implementations - OpenID Foundation" class="gmail-c-link gmail-c-message_attachment__image" aria-label="OpenID Federation Implementations - OpenID Foundation" href="https://openid.net/developers/openid-federation-implementations/" rel="noopener noreferrer" style="box-sizing:inherit;color:rgb(18,100,163);text-decoration-line:none;background-position:50% 50%;background-repeat:no-repeat;background-size:contain;border-radius:8px;text-indent:100%;width:360px;max-width:100%;height:107px;max-height:100%;display:inline-block;overflow:hidden;background-image:url("https://slack-imgs.com/?c=1\000026o1=ro\000026url=https%3A%2F%2Fopenid.net%2Fwp-content%2Fuploads%2F2022%2F11%2Fdf-l-oix-l-openid_rgb-300dpi.png")">https://openid.net/developers/openid-federation-implementations/</a><div class="gmail-c-message_actions__container gmail-c-message_actions__group gmail-p-attachment_image_actions" style="box-sizing:inherit;background-image:none;background-position:0% 0%;background-size:auto;background-repeat:repeat;background-origin:padding-box;background-clip:border-box;border:unset;border-radius:12px;margin-left:8px;padding:4px;line-height:1;display:flex;opacity:0"><a target="_blank" class="gmail-c-link gmail-c-button-unstyled gmail-c-icon_button gmail-c-icon_button--size_medium gmail-c-icon_button--default" aria-label="Open in new window" href="https://openid.net/developers/openid-federation-implementations/" rel="noopener noreferrer" style="box-sizing:inherit;color:rgba(29,28,29,0.7);text-decoration-line:none;font-family:inherit;font-size:20px;font-stretch:inherit;font-style:inherit;font-variant:inherit;font-weight:inherit;line-height:inherit;overflow:initial;text-align:initial;vertical-align:initial;background:0px 0px;border:0px;margin:0px;padding:0px;border-radius:8px;height:32px;width:32px;display:inline-flex"></a><button class="gmail-c-button-unstyled gmail-c-icon_button gmail-c-icon_button--size_medium gmail-c-icon_button--default" aria-label="More actions" aria-haspopup="menu" type="button" style="box-sizing:inherit;background-image:initial;background-position:0px 0px;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;border-width:0px;border-style:initial;border-color:initial;padding:0px;font-family:inherit;color:rgba(29,28,29,0.7);font-size:20px;font-stretch:inherit;font-style:inherit;font-variant:inherit;font-weight:inherit;line-height:inherit;overflow:initial;text-align:initial;vertical-align:initial;margin:0px;border-radius:8px;height:32px;width:32px;display:inline-flex"></button></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div><div class="gmail-c-virtual_list__item" tabindex="0" role="listitem" id="gmail-C091VMU2R3P-1758819816.498409-thread-list-Thread_1758891064.839609" style="box-sizing:inherit;width:708px;color:rgb(29,28,29);font-family:Slack-Lato,Slack-Fractions,appleLogo,sans-serif;font-size:15px;font-variant-ligatures:common-ligatures"><div role="presentation" class="gmail-c-message_kit__background gmail-c-message_kit__background--hovered gmail-c-message_kit__message gmail-c-message_kit__thread_message" style="box-sizing:inherit;background:none 0% 0%/auto repeat scroll padding-box border-box rgb(248,248,248);line-height:1.46668"><div role="document" class="gmail-c-message_kit__hover gmail-c-message_kit__hover--hovered" style="box-sizing:inherit"><div class="gmail-c-message_kit__actions gmail-c-message_kit__actions--default" style="box-sizing:inherit"><div class="gmail-c-message_kit__gutter" style="box-sizing:inherit;display:flex;padding:8px 24px 8px 16px"><div role="presentation" class="gmail-c-message_kit__gutter__left" style="box-sizing:inherit;margin-right:8px;display:flex"><span class="gmail-p-member_profile_hover_card" role="presentation" style="box-sizing:inherit;width:fit-content;height:fit-content;display:inline-flex"><button class="gmail-c-button-unstyled gmail-c-message_kit__avatar gmail-c-avatar gmail-c-avatar--interactive" aria-hidden="true" aria-label="View Jeff Lombardo (AWS)’s Profile" tabindex="-1" type="button" style="box-sizing:inherit;background-image:initial;background-position:0px 0px;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;border-width:0px;border-style:initial;border-color:initial;padding:0px;font-family:inherit;font-size:inherit;font-stretch:inherit;font-style:inherit;font-variant:inherit;font-weight:inherit;line-height:inherit;overflow:initial;text-align:initial;vertical-align:initial;margin:0px;outline:none;height:36px;width:36px"><span class="gmail-c-base_icon__width_only_container" style="box-sizing:inherit;background-color:rgba(29,28,29,0.13);color:rgb(29,28,29);display:block;overflow:hidden;height:36px;width:36px"><img src="https://ca.slack-edge.com/TBB85A45B-U08NSUHB1L1-786d939d29a3-48" class="gmail-c-base_icon gmail-c-base_icon--image" aria-hidden="true" role="img" alt="" style="box-sizing: inherit; flex-shrink: 0; background-repeat: no-repeat; background-size: 100%; display: inline-block; width: 36px;"></span></button></span></div><div role="presentation" class="gmail-c-message_kit__gutter__right" style="box-sizing:inherit;min-width:0px;padding:8px 0px 8px 16px"><span class="gmail-c-message__sender gmail-c-message_kit__sender" style="box-sizing:inherit;font-weight:900;word-break:break-word"><span class="gmail-p-member_profile_hover_card" role="presentation" style="box-sizing:inherit;width:fit-content;height:fit-content;display:inline-flex"><button class="gmail-c-link--button gmail-c-message__sender_button" type="button" tabindex="0" style="box-sizing:inherit;background-image:initial;background-position:0px 0px;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;border-width:0px;border-style:initial;border-color:initial;padding:0px;font-family:inherit;color:rgb(29,28,29);font-size:inherit;font-stretch:inherit;font-style:inherit;font-variant:inherit;font-weight:inherit;line-height:inherit;overflow:initial;text-align:initial;vertical-align:baseline;margin:0px">Jeff Lombardo (AWS)</button></span></span>  <a aria-label="Today at 8:51:04 AM" class="gmail-c-link gmail-c-timestamp" href="https://oidf.slack.com/archives/C091VMU2R3P/p1758891064839609?thread_ts=1758819816.498409&cid=C091VMU2R3P" style="box-sizing:inherit;color:rgb(97,96,97);text-decoration-line:none;font-size:12px"><span class="gmail-c-timestamp__label" style="box-sizing:inherit">Today at 8:51 AM</span></a><br style="box-sizing:inherit"><div class="gmail-c-message_kit__blocks gmail-c-message_kit__blocks--rich_text" style="box-sizing:inherit;max-width:none;margin-bottom:4px"><div class="gmail-c-message__message_blocks gmail-c-message__message_blocks--rich_text" style="box-sizing:inherit;max-width:none"><div class="gmail-p-block_kit_renderer" style="box-sizing:inherit;width:632px"><div class="gmail-p-block_kit_renderer__block_wrapper gmail-p-block_kit_renderer__block_wrapper--first" style="box-sizing:inherit;display:flex"><div class="gmail-p-rich_text_block" dir="auto" style="box-sizing:inherit;width:632px;line-height:1.46668"><div class="gmail-p-rich_text_section" style="box-sizing:inherit">thanks for all the details, will look into your recording!</div></div></div></div></div></div></div></div></div></div></div></div></div><div>--end--</div><br class="gmail-Apple-interchange-newline"></div><div><br></div><div><br></div><div>___________________________________________________________________________________________</div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div dir="ltr"><p style="font-size:small"><span><a href="mailto:chris@chrisphillips.ca" target="_blank">chris@chrisphillips.ca</a> | <a href="https://www.linkedin.com/in/chris-phillips-cidpro/" target="_blank">https://www.linkedin.com/in/chris-phillips-cidpro/</a></span><br></p></div></div></div></div><br></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Thu, Sep 25, 2025 at 9:32 PM Atul Tulshibagwale via Openid-aiim <<a href="mailto:openid-aiim@lists.openid.net">openid-aiim@lists.openid.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi all,<div>The notes from today's AIIM CG call are saved here: </div><div><a href="https://github.com/openid/cg-ai-identity-management/wiki/20250925" target="_blank">https://github.com/openid/cg-ai-identity-management/wiki/20250925</a></div><div><br></div><div>Thanks very much to <a href="https://www.linkedin.com/in/chris-phillips-cidpro/" target="_blank">Chris Phillips</a>, <a href="https://www.linkedin.com/in/tobinsouth/" target="_blank">Tobin South</a> and <a href="https://www.linkedin.com/in/nickelsteele/" target="_blank">Nick Steele</a> for their presentations today. Presenters, please share the decks for your presentations to this mailing list.</div><div><br></div><div>I'm copying them below for convenience.</div><div><br></div><div>Atul</div><div><br></div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature"><div dir="ltr"><span><div dir="ltr" style="margin-left:0pt" align="left"><table style="border:none;border-collapse:collapse"><colgroup><col width="165"><col width="160"></colgroup><tbody><tr style="height:74.5pt"><td style="vertical-align:middle;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.44;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><span style="border:none;display:inline-block;overflow:hidden;width:137px;height:68px"><img src="https://lh7-us.googleusercontent.com/OubMXEaSzW6cz-Rt9RyUGsuX2z_G2pbaWOSLNAI_1YuZEk9lVaehxLoZgJt6AbxshlaXTZ4HHvQjpxPRVTWVxlwCl-fPKhGsbSTcgVVvejMX1rS_DaeeX4yOVQyvp2y3cFkC6XMBihqiTrDY3qBYwq8" width="137" height="68" style="margin-left: 0px; margin-top: 0px;"></span></span></p></td><td style="vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Poppins,sans-serif;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"> Atul Tulshibagwale</span></p><p dir="ltr" style="line-height:1.5;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Poppins,sans-serif;color:rgb(102,102,102);background-color:transparent;vertical-align:baseline"> CTO</span></p><p dir="ltr" style="line-height:1.44;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(136,136,136);background-color:transparent;vertical-align:baseline"> </span><a href="https://www.linkedin.com/in/tulshi/" target="_blank"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(17,85,204);background-color:transparent;vertical-align:baseline"><span style="border:none;display:inline-block;overflow:hidden;width:24px;height:24px"><img src="https://lh7-us.googleusercontent.com/nf4RO594hvFNyujzHdKSn1RCJcOIC1-Mk2-_S2GLH4LUi6Prxj4bL0tyguJ-6XH50k_fHPq6nynNBdkJwAzgGdYlImXDDKv07yQuj5PcskVaBqf9vL1Z2esDwZsb5Z9J4tvDcPiiZdQSuyzywRbH3Fs" width="24" height="24" style="margin-left: 0px; margin-top: 0px;"></span></span></a><a href="mailto:atul@sgnl.ai" target="_blank"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(17,85,204);background-color:transparent;vertical-align:baseline"><span style="border:none;display:inline-block;overflow:hidden;width:24px;height:24px"><img src="https://lh7-us.googleusercontent.com/jy9xWqMUZyDKsa5W_-BxVILzsnbgKHSkJVzdCeCWVVSvhJbGal-I_Ja-qTTnA1SpYE65RrEcWMMLNPfbrp9HXjBOKdeXNIVuhOBg-vZe-Ed8e0rCV8BMjih-COWlyljD_Hfqg2SzCuqKASIsPk1O6_w" width="24" height="24" style="margin-left: 0px; margin-top: 0px;"></span></span></a></p></td></tr></tbody></table><br></div><div dir="ltr" style="margin-left:0pt" align="left">---</div><div dir="ltr" style="margin-left:0pt" align="left"><span id="m_5167833711188821833gmail-docs-internal-guid-356210c5-7fff-4f76-80f6-24b16934291f"><h1 dir="ltr" style="line-height:1.38;margin-top:20pt;margin-bottom:6pt"><span style="font-size:20pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Sep 25, 2025</span></h1><h2 dir="ltr" style="line-height:1.38;margin-top:18pt;margin-bottom:6pt"><span style="font-size:16pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Attendees</span></h2><br><div dir="ltr" style="margin-left:0pt" align="left"><table style="border:none;border-collapse:collapse"><colgroup><col width="141"><col width="146"><col width="424"></colgroup><tbody><tr style="height:25pt"><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;text-align:center;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:700;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Name</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;text-align:center;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:700;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Affiliation</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;text-align:center;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:700;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Participation Agreement signed?</span></p></td></tr><tr style="height:25pt"><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Tobin South</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">WorkOS & Stanford</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Yes</span></p></td></tr><tr style="height:25pt"><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Atul Tulshibagwale</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">SGNL</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Yes</span></p></td></tr><tr style="height:25pt"><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Rick Burta</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Okta</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Yes</span></p></td></tr><tr style="height:25pt"><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Subramanya N</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Independent</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">yes</span></p></td></tr><tr style="height:25pt"><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Eleanor Meritt</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Independent</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">yes</span></p></td></tr><tr style="height:25pt"><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Dan Moore</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">FusionAuth</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Yes</span></p></td></tr><tr style="height:25pt"><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Tal Skverer</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Astrix Security</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Yes</span></p></td></tr><tr style="height:25pt"><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Vaibhav Narula</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Independent</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Yes</span></p></td></tr><tr style="height:25pt"><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Asanka Samaraweera</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Independent</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Yes</span></p></td></tr><tr style="height:25pt"><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Ricky Padilla</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">1Password</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Yes</span></p></td></tr><tr style="height:25pt"><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Nick Steele</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">1Password</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Yes</span></p></td></tr><tr style="height:25pt"><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Paul Templeman</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Independent</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Yes</span></p></td></tr><tr style="height:25pt"><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Paul Lanzi</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">IDenovate</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Yes</span></p></td></tr><tr style="height:25pt"><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Sarah Cecchetti</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Beyond Identity</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">yes</span></p></td></tr><tr style="height:25pt"><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Bertrand Carlier</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Wavestone</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Almost there…</span></p></td></tr><tr style="height:25pt"><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Andrew Moran</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Independent</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Yes. First time!</span></p></td></tr><tr style="height:25pt"><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Stan Bounev</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Blue Label Labs</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Yes</span></p></td></tr><tr style="height:25pt"><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Lukasz Jaromin</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Raidiam</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Yes</span></p></td></tr><tr style="height:25pt"><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Adwait Shinganwade</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Independent</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Yes</span></p></td></tr><tr style="height:25pt"><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Victor Lu</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">independent </span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">yes</span></p></td></tr><tr style="height:25pt"><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Tom jones</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">ind</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">yes</span></p></td></tr><tr style="height:25pt"><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><br></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><br></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><br></td></tr><tr style="height:25pt"><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><br></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><br></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><br></td></tr><tr style="height:25pt"><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Aldo Pietropaolo</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Sophos Advisor</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Yes</span></p></td></tr><tr style="height:25pt"><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Max Crone</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">1Password</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Yes</span></p></td></tr><tr style="height:25pt"><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Anuradha Karunarathna</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">WSO2</span></p></td><td style="border-width:1pt;border-style:solid;border-color:rgb(0,0,0);vertical-align:top;padding:5pt;overflow:hidden"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Yes</span></p></td></tr></tbody></table></div><h2 dir="ltr" style="line-height:1.38;margin-top:18pt;margin-bottom:6pt"><span style="font-size:16pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Agenda</span></h2><ul style="margin-top:0px;margin-bottom:0px"><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Tobin’s weekly updates (5 minutes)</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Chris Phillips on OpenID Federation and MCP (20 minutes)</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Tobin: MCP Dev Summit preview: Agent Auth (20 minutes)</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><a href="mailto:nick.steele@1password.com" style="text-decoration-line:none" target="_blank"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;text-decoration-line:underline;vertical-align:baseline">Nick Steele</span></a><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">: Agent Payment Protocol Intro (10 mins) - </span><a href="https://docs.google.com/presentation/d/1PU0pl2TI-MzZfMthlMcRXGPEA7EYQJK15nwuS7bIa-Q/edit?usp=sharing" style="text-decoration-line:none" target="_blank"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;text-decoration-line:underline;vertical-align:baseline">Slides</span></a></p></li></ul><h2 dir="ltr" style="line-height:1.38;margin-top:18pt;margin-bottom:6pt"><span style="font-size:16pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Notes</span></h2><h3 dir="ltr" style="line-height:1.38;margin-top:16pt;margin-bottom:4pt"><span style="font-size:14pt;font-family:Arial,sans-serif;color:rgb(67,67,67);background-color:transparent;font-weight:400;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Chris Phillips’ Presentation</span></h3><ul style="margin-top:0px;margin-bottom:0px"><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Chris Phillips’ presentation: Improving AI Identity, Trust and Provenance using OpenID Federation</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Background in federated identity in the research and education sector</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Challenges:</span></p></li><ul style="margin-top:0px;margin-bottom:0px"><li dir="ltr" style="list-style-type:circle;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Shadow MCP</span></p></li><li dir="ltr" style="list-style-type:circle;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">“Rug pull problem”</span></p></li><li dir="ltr" style="list-style-type:circle;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">(many others in the slides)</span></p></li></ul><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Multi-lateral federation is an opportunity for the AI space.</span></p></li><ul style="margin-top:0px;margin-bottom:0px"><li dir="ltr" style="list-style-type:circle;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Take things that are happening in past protocols and bring them to AI</span></p></li></ul><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">“Federation guides who you can trust. OAuth / OIDC still decides what you can do.”</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">OpenID Federation is great at trust, but you still need a registry of “what you can trust”</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">OpenID Federation is a trust fabric:</span></p></li><ul style="margin-top:0px;margin-bottom:0px"><li dir="ltr" style="list-style-type:circle;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">A Trust Anchor (e.g. CA) signs an “Entity Statement”</span></p></li><li dir="ltr" style="list-style-type:circle;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Each participant OP/ RP/ RS exposes an Entity Configuration</span></p></li></ul><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Just like a browser flags untrusted certifications, a missing or untrusted attestation can flag untrustworthy participants in MCP</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">It’s ready for primetime:</span></p></li><ul style="margin-top:0px;margin-bottom:0px"><li dir="ltr" style="list-style-type:circle;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Italy’s Public Digital Identity System (SPID)</span></p></li><li dir="ltr" style="list-style-type:circle;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">OpenID Federation pilot takes it to 10k entities to enable SAML2 federation</span></p></li></ul><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Candidate use cases:</span></p></li><ul style="margin-top:0px;margin-bottom:0px"><li dir="ltr" style="list-style-type:circle;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Defense against rogue MCP</span></p></li><li dir="ltr" style="list-style-type:circle;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">SBOM for MCP servers</span></p></li><li dir="ltr" style="list-style-type:circle;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Shard usage based on user’s role (authorization)</span></p></li><li dir="ltr" style="list-style-type:circle;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Safe personal use of MCP</span></p></li><li dir="ltr" style="list-style-type:circle;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Readiness for PQC</span></p></li></ul><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Demo of gateway MCP</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Critical to secure AI</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">“Meta MCP” </span></p></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Questions / comments:</span></p></li><ul style="margin-top:0px;margin-bottom:0px"><li dir="ltr" style="list-style-type:circle;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">(Lukasz Jaromin) Connections in MCP do not require prior registration, so having trust marks would be good</span></p></li><li dir="ltr" style="list-style-type:circle;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">(Chris) Just like you can connect anonymously to a website, and then be challenged for authentication, you should be able to do something similar in MCP</span></p></li><li dir="ltr" style="list-style-type:circle;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">(Atul) How does this tie into threat modeling?</span></p></li><ul style="margin-top:0px;margin-bottom:0px"><li dir="ltr" style="list-style-type:square;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">(Chris) This is going to be important.</span></p></li><li dir="ltr" style="list-style-type:square;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">The process of issuing a trust mark will be tied to threat modeling</span></p></li><li dir="ltr" style="list-style-type:square;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">I’ve done a Safe MCP analysis</span></p></li></ul><li dir="ltr" style="list-style-type:circle;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">(Paul Templeman) How do you see dynamic / unstructured ecosystems play into this</span></p></li><ul style="margin-top:0px;margin-bottom:0px"><li dir="ltr" style="list-style-type:square;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">(Chris) Think of an MCP Server that has “get customer information” as a tool. Who is the user that is asking the question?</span></p></li><li dir="ltr" style="list-style-type:square;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">MCPs can be in multiple “venn diagrams” (trust domains?) Which one takes priority?</span></p></li></ul><li dir="ltr" style="list-style-type:circle;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">(Tom Jones) i have posted an AI threat model - OIDC does not fit that - does anyone have a threat model for using this trust structure with AI? </span><a href="https://github.com/w3c-cg/threat-modeling/blob/main/models/ai-in-browser.md" style="text-decoration-line:none" target="_blank"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;text-decoration-line:underline;vertical-align:baseline">https://github.com/w3c-cg/threat-modeling/blob/main/models/ai-in-browser.md</span></a></p></li></ul></ul><h3 dir="ltr" style="line-height:1.38;margin-top:16pt;margin-bottom:4pt"><span style="font-size:14pt;font-family:Arial,sans-serif;color:rgb(67,67,67);background-color:transparent;font-weight:400;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Tobin’s Presentation</span></h3><ul style="margin-top:0px;margin-bottom:0px"><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">We are publishing the “future of agent identity” white paper in the OIDF soon.</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">There’s an MCP Dev Summit next week. </span></p></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Tools can be highly dynamic - based on user roles and permissions</span></p></li><ul style="margin-top:0px;margin-bottom:0px"><li dir="ltr" style="list-style-type:circle;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Creates a bunch of security risks</span></p></li></ul><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Cross-app authorization is an interesting proposal from Aaron</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Background agents are cool - you just get a PR from the agent.</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Hard to define the full scope of permissions in order for the agent to be effective</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Attenuation of permissions is also interesting (especially in transitive use cases)</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">What does MCP look like in a world of fully autonomous agents?</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">What are we missing as far as authorization in AI? Love to get opinions on this:</span></p></li></ul><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Questions:</span></p><ul style="margin-top:0px;margin-bottom:0px"><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">(Tom Jones) If you are talking about an AI, you need rich policy. We don’t have anyone working on that as far as I know.</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">(Nick) ID-JAG (cross-app access) was meant to deal with the multiple trust boundary issue. If I have a central auth server, it solves some issues. </span></p></li><ul style="margin-top:0px;margin-bottom:0px"><li dir="ltr" style="list-style-type:circle;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">(Tobin) Going to talk about agentic payments stuff</span></p></li><li dir="ltr" style="list-style-type:circle;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">ID-JAGs work as long as you are using the same IdP. If you are delegating to another organizations’ agent, then it might not work</span></p></li><li dir="ltr" style="list-style-type:circle;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">(Nick) We had multiple IdPs / gateways in Cisco, but being able to have a central authority across trust boundaries is better</span></p></li></ul><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">(Chris) It takes multiple ingredients to make a good cake. You’re going to have different contexts for different regions.</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">It’s such a high step function today to do everything, that it needs to be brain dead easy to do some of the basic stuff first.</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">(Atul) What’s the distinction between background agents and async agents</span></p></li><ul style="margin-top:0px;margin-bottom:0px"><li dir="ltr" style="list-style-type:circle;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">(Tobin) You expect background agents to be able to prompt</span></p></li></ul><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">(Lukasz) Everything on your last slide makes sense. Couple of options on that list make the multi-domain thing work. But there is a question of adoption and how to make it tangible.</span></p></li></ul><h3 dir="ltr" style="line-height:1.38;margin-top:16pt;margin-bottom:4pt"><span style="font-size:14pt;font-family:Arial,sans-serif;color:rgb(67,67,67);background-color:transparent;font-weight:400;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Nick’s Presentation on AP2</span></h3><ul style="margin-top:0px;margin-bottom:0px"><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">AP2 works on top of MCP and A2A, and facilitates payment transactions</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">“Intent mandates” with an attestable chain of events</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" role="presentation"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">“Cart mandate” that reflects the intent.</span></p></li></ul></span></div></span></div></div></div>
-- <br>
Openid-aiim mailing list<br>
<a href="mailto:Openid-aiim@lists.openid.net" target="_blank">Openid-aiim@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-aiim" rel="noreferrer" target="_blank">https://lists.openid.net/mailman/listinfo/openid-aiim</a><br>
</blockquote></div>