<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7651.59">
<TITLE>RE: [OpenID] ANN: OpenID Information Cards spec and workingimplementation</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">Johnny: S</FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Consolas">ome</FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Consolas"> comments</FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Consolas"> and initial conclusion following</FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Consolas">,</FONT></SPAN><SPAN LANG="en-us"> <FONT FACE="Consolas">merely</FONT></SPAN><SPAN LANG="en-us"> <FONT FACE="Consolas">trying to comprehend what I</FONT></SPAN><SPAN LANG="en-us"> <FONT FACE="Consolas">am</FONT></SPAN><SPAN LANG="en-us"> <FONT FACE="Consolas">read</FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Consolas">ing.</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">(1) </FONT></SPAN><SPAN LANG="en-us"> <FONT FACE="Consolas">It makes sense that the</FONT></SPAN><SPAN LANG="en-us"> <FONT FACE="Consolas">MSFT</FONT></SPAN><SPAN LANG="en-us"> <FONT FACE="Consolas">CardSpace process on the WinNT host acts as trusted relay</FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Consolas"> between two web sessions</FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Consolas">.</FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Consolas"> This make better sense __in assurance terms__ than making an OP</FONT></SPAN><SPAN LANG="en-us"> <FONT FACE="Consolas">using a general thread pool</FONT></SPAN><SPAN LANG="en-us"> <FONT FACE="Consolas">perform less</FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Consolas">-</FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Consolas">trust</FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Consolas">worthy</FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Consolas"></FONT></SPAN><SPAN LANG="en-us"> <FONT FACE="Consolas">layer 7</FONT></SPAN><SPAN LANG="en-us"> <FONT FACE="Consolas">gatewaying</FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Consolas">.</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-us"></SPAN></P>
</UL></UL>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">a. </FONT></SPAN><SPAN LANG="en-us"> <FONT FACE="Consolas">However, t</FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Consolas">he</FONT></SPAN><SPAN LANG="en-us"> <FONT FACE="Consolas">overall</FONT></SPAN><SPAN LANG="en-us"> <FONT FACE="Consolas">security concept</FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Consolas"> places</FONT></SPAN><SPAN LANG="en-us"> <FONT FACE="Consolas">a</FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Consolas">n even</FONT></SPAN><SPAN LANG="en-us"> <FONT FACE="Consolas">higher trust</FONT></SPAN><SPAN LANG="en-us"> <FONT FACE="Consolas">burden on the OP</FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Consolas">, charged with issuing a</FONT></SPAN><SPAN LANG="en-us"> <FONT FACE="Consolas">dumb-mode</FONT></SPAN><SPAN LANG="en-us"> <FONT FACE="Consolas">verif</FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Consolas">ication token</FONT></SPAN><SPAN LANG="en-us"> <FONT FACE="Consolas">attesting to its belief that</FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Consolas"> the</FONT></SPAN><SPAN LANG="en-us"> <FONT FACE="Consolas">OpenID Auth Response provided by the STS</FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Consolas"> is valid</FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Consolas">.</FONT></SPAN><SPAN LANG="en-us"> </SPAN></P>
<UL DIR=LTR><UL DIR=LTR><UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-us"></SPAN></P>
</UL></UL></UL></UL>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">b. </FONT></SPAN><SPAN LANG="en-us"> <FONT FACE="Consolas">The trust burden</FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Consolas"></FONT></SPAN><SPAN LANG="en-us"> <FONT FACE="Consolas">placed on an OP mitigates against the</FONT></SPAN><SPAN LANG="en-us"> <FONT FACE="Consolas">assurance rationale offered</FONT></SPAN><SPAN LANG="en-us"> <FONT FACE="Consolas">in (1), unless</FONT></SPAN><SPAN LANG="en-us"> <FONT FACE="Consolas">it’s a</FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Consolas"> specific design intent to</FONT></SPAN><SPAN LANG="en-us"> <FONT FACE="Consolas">separate</FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Consolas"> the roles of STS and OP (similar to</FONT></SPAN><SPAN LANG="en-us"> <FONT FACE="Consolas">how</FONT></SPAN><SPAN LANG="en-us"> <FONT FACE="Consolas">Authenticode CA</FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Consolas">s</FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Consolas"></FONT></SPAN><SPAN LANG="en-us"> <FONT FACE="Consolas">perform an entirely different role to the role performed by</FONT></SPAN><SPAN LANG="en-us"> <FONT FACE="Consolas">Authenticode</FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Consolas">’</FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Consolas">s</FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Consolas"></FONT></SPAN><SPAN LANG="en-us"> <FONT FACE="Consolas">so-called</FONT></SPAN><SPAN LANG="en-us"> <FONT FACE="Consolas">timestamp authorities)</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<UL DIR=LTR><UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-us"></SPAN></P>
</UL></UL></UL>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">(2) </FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">All webSSO c</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">ommunications</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">involving an infocard</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">b</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">oth</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">to and f</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">r</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">om</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"> a RP website</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">MUST</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">use</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">infocard</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">-defined protocols</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">and signaling</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">(</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">hidden</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">form fields, object tags</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">,</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">XHTML</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">behaviors</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">,</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">object properties for claimset requirements</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">)</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-us"></SPAN></P>
</UL></UL>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">a. </FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">The</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">specification</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"> would seem to limit itself to HTML</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">-capable, MIME capable, HTTP systems</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">.</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-us"></SPAN></P>
</UL></UL>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">(3) </FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">By refere</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">n</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">cing attached and unattached OpenID tokens</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">, the infocard protocol</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">implementation</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"></FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">uniquely</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"></FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">shall</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">decide</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">which</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">communications security</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">services shall</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">be applied to token passing</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">, if any</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">.</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN></P>
</UL></UL>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">a. </FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">The strength of the reference</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas"> is</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">dependent on the</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">strength</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"> of SHA1, a suspect candidate.</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN></P>
</UL></UL>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">(4) </FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">Communications between</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">the</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">cardspace trusted process and</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">the</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">STS</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">MUST</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">use ws-federation</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"> active</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN></P>
</UL></UL>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">(5) </FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">The OP</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">SHALL</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">support two endpoints:</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">(i)</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">OpenID</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"> Auth and (ii) ws-federation active</FONT></SPAN></P>
<UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN></P>
</UL></UL>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">(6) </FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">A</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">“</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">stub</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">”</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"> OpenID Auth</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">2.0</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">protocol hand</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">l</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">er</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">MUST</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">be co-resident with</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">the</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"></FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">STS handler</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">supporting</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"> the</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">ws-federation active endpoint</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">.</FONT></SPAN></P>
<UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN></P>
</UL></UL>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">a. </FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">The protocol engine of the</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">OpenID Auth 2.0</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">handler MUST be</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">limited to</FONT></SPAN><SPAN LANG="en-us"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">i. </FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">manufactur</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">ing</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"></FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">OpenID tokens</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">ii. </FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">manufacturing</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">OpenID Auth Response messages</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"></FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">to be wrapped in OpenID Tokens</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">, and</FONT></SPAN><SPAN LANG="en-us"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">iii. </FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">possibly</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"></FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas"></FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">“</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">supporting</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">”</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"></FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">dumb mode</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">verification procedures</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">for</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">OpenID Auth Response messages it knows it has</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">previously</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">wrapped</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<UL DIR=LTR><UL DIR=LTR><UL DIR=LTR><UL DIR=LTR><UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-us"></SPAN></P>
</UL></UL></UL></UL></UL></UL>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">b. </FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">OpenID Tokens MUST</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">wrap</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"></FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">only</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">OpenID Auth Response messages</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"></FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">by th</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">e thread operating the ws-federation active endpoint</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">.</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN></P>
</UL></UL>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">(7) </FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">A complete OpenID Auth protoc</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">o</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">l handler shall be listening on the OpenID Auth endpoint</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">.</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"></FONT></SPAN><SPAN LANG="en-us"> </SPAN></P>
<UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN></P>
</UL></UL>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">a. </FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">It</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">MUST NOT be able to manufacture OpenID Tokens</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">b. </FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">It MUST NOT be able to perform dumb mode verification procedure on any Auth Response message that has ever been wrapped in an OpenID Token</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">c. </FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">The</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">Message queues shall be compartmentalized from que</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">u</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">es</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">support</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">ing</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"></FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">the stub OpenID Auth protocol handler.</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"></FONT></SPAN><SPAN LANG="en-us"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">d. </FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">The protocol engine may support</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"> any version of OpenID Auth</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN></P>
</UL></UL>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">(8) </FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">An RP MUST rely on SSL to authenticate an OP Provider performing dumb-mode</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">verification</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"> of Auth Response messages.</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">a. </FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">An RP may rely on PKI</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">/certs</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"></FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">signals</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">to</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"> determine that a given OP Provider is entitled to speak for the verification of tokens issued by a given STS</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">.</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<UL DIR=LTR><UL DIR=LTR><UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-us"></SPAN></P>
</UL></UL></UL></UL>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">b. </FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">A</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">PKI</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">control system</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">may obviate the need for 6a(iii)</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"> when the RP can be trusted to handle PKI signals in a conforming manner</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">Initial conclusions:-</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">A. </FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">It</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">’</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">s complicated</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"> set of trusted channel and trusted process relationships.</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<UL DIR=LTR><UL DIR=LTR><UL DIR=LTR><UL DIR=LTR><UL DIR=LTR><UL DIR=LTR><UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"></FONT></SPAN><SPAN LANG="en-us"> </SPAN></P>
</UL></UL></UL></UL></UL></UL></UL></UL>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">B. </FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">The purpose of doing all</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">what follows</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"> is</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">to</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">eliminate</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"></FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">“</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en"><FONT COLOR="#000000" FACE="Verdana">the "Rogue Relying Party Proxying" attack described in the Security Consideration section of</FONT></SPAN><SPAN LANG="en-us"> </SPAN><A HREF=""><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en"><FONT COLOR="#0000FF" FACE="Verdana">[OpenID.authentication2.0]</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en"><FONT COLOR="#0000FF" FACE="Verdana"> (Recordon, D., Hoyt, J., Fitzpatrick, B., and D. Hardt, “OpenID Authentication 2.0 - Draft 11,” January 2007.)</FONT></SPAN><SPAN LANG="en-us"></SPAN></A><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en"><FONT COLOR="#000000" FACE="Verdana">.</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en"><FONT COLOR="#000000" FACE="Verdana">”</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"></FONT></SPAN><SPAN LANG="en-us"> </SPAN></P>
<UL DIR=LTR><UL DIR=LTR><UL DIR=LTR><UL DIR=LTR><UL DIR=LTR><UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-us"></SPAN></P>
</UL></UL></UL></UL></UL></UL></UL>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">C. </FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">Several protocols</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">must be integrated</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">–</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"> protocols</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">that were not designed as a</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">family</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">:</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"> ws-fed, Openid Auth,</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">https/</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">SSL</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">/PKI</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">, infocard.</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN></P>
</UL></UL>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">D. </FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">It</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">is</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">critically</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">dependent</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"> on</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">trustworthy http</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">channels</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">:</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"></FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">e.g.</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">https, SSLVPNs, IPSEC VPN</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">, o</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">r equivalent</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">. https is also a critical security enforcing</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">function</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"> in authenticating the validity of claims.</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN></P>
</UL></UL>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">E. </FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">There is not a lot left of OpenID</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"> Auth</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">, apart from the definition of KV Form</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"> of</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">Auth Response, and dumb mode verification</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"> flow</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">.</FONT></SPAN><SPAN LANG="en-us"> </SPAN></P>
<UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN></P>
</UL></UL>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">F. </FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">The role of OpenID AX seems mostly unchanged</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN></P>
</UL></UL>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">G. </FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">The control relationship between info</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">card authority (service discovery), token</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">author</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">iti</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">es</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas"> (claim provider), token verification</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">authorities (current validity of</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">claims</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">), and</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">critical</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"></FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">https endpoint</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">s</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"> will require advanced,</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">highly</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"> coordinated PKI.</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN></P>
</UL></UL>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">H. </FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">The RP-centric discovery</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"> and locating process</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"> (</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">via</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">HTML</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"></FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">and XRI</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"> metadata</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">) is</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">eliminated</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"> in favor of</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">card-</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">discovery</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">and</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">server-</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">location</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">process</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">es</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"> mediated by the Cardspace process on the browser host</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">,</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">as</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">directed by the infocard protocol.</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN></P>
</UL></UL>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">I. </FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">The</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">implementer</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"> of an OP must</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">implement</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"> several SOAP and WS* vocabularies in order</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">to</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas"> process</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">an</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Consolas">RST</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Consolas">R</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en"> <FONT COLOR="#000000" FACE="Courier New"> </FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en"> <FONT COLOR="#000000" FACE="Courier New">xmlns:ic="<A HREF="http://schemas.xmlsoap.org/ws/2005/05/identity">http://schemas.xmlsoap.org/ws/2005/05/identity</A>"</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en"><FONT COLOR="#000000" FACE="Courier New"> xmlns:soap="<A HREF="http://www.w3.org/2003/05/soap-envelope">http://www.w3.org/2003/05/soap-envelope</A>"</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en"><FONT COLOR="#000000" FACE="Courier New"> xmlns:wsa="<A HREF="http://www.w3.org/2005/08/addressing">http://www.w3.org/2005/08/addressing</A>"</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en"><FONT COLOR="#000000" FACE="Courier New"> xmlns:wsse="<A HREF="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd</A>"</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en"><FONT COLOR="#000000" FACE="Courier New"> xmlns:wst="<A HREF="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust</A>"</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en"><FONT COLOR="#000000" FACE="Courier New"> xmlns:wsu="<A HREF="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd</A>"></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"></SPAN></P>
</BODY>
</HTML>