<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Another article…<div class=""><a href="https://techcrunch.com/2019/06/07/answers-to-your-burning-questions-about-how-sign-in-with-apple-works/" class="">https://techcrunch.com/2019/06/07/answers-to-your-burning-questions-about-how-sign-in-with-apple-works/</a></div><div class=""><br class=""></div><div class="">Apple is requiring prominent position and NASCAR style login. </div><div class=""><br class=""></div><div class=""><div class="">
<div dir="auto" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div dir="auto" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div dir="auto" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">Phil Hunt | Cloud Security and Identity Architect</div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">Oracle Corporation, Oracle Cloud Infrastructure</div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">@independentid</div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><a href="http://www.independentid.com" class="">www.independentid.com</a></div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><a href="mailto:phil.hunt@oracle.com" class="">phil.hunt@oracle.com</a></div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><br class=""></div><br class="Apple-interchange-newline"></div></div><br class="Apple-interchange-newline"></div><br class="Apple-interchange-newline"><br class="Apple-interchange-newline">
</div>
<div><br class=""><blockquote type="cite" class=""><div class="">On Jun 11, 2019, at 12:22 PM, Chuck Mortimore via Openid-specs-ab <<a href="mailto:openid-specs-ab@lists.openid.net" class="">openid-specs-ab@lists.openid.net</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class="">Also of interest - there appears to be some underlying OpenID Connect support as well: <div class=""><br class=""></div><div class=""><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__developer.apple.com_documentation_authenticationservices_asauthorizationsinglesignonprovider-3Fchanges-3Dlatest-5Fminor&d=DwMGaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=na5FVzBTWmanqWNy4DpctyXPpuYqPkAI1aLcLN4KZNA&m=1sXeeP122voya6GkTCBab7Y8uEBH1J0gd1dAqw4CM9o&s=pByPjp-wChGrxh0T2ypv-eLWa87M9yrg1LdSd3iozsk&e=" class="">https://developer.apple.com/documentation/authenticationservices/asauthorizationsinglesignonprovider?changes=latest_minor</a><br class=""></div></div><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><div class="gmail_quote" style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><div dir="ltr" class="gmail_attr">On Thu, Jun 6, 2019 at 11:04 AM Chuck Mortimore <<a href="mailto:cmortimore@salesforce.com" class="">cmortimore@salesforce.com</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; border-left-width: 1px; border-left-style: solid; border-left-color: rgb(204, 204, 204); padding-left: 1ex;"><div dir="ltr" class="">We've looked into sign in with apple a bit, and it appears to largely be openid connect. A few things of note<div class=""><ul class=""><li class="">client_secret is actually an ES256 JWT rather than a shared secret. They did not use RFC7521 format for that.</li><li class="">there doesn't appear to be a userinfo endpoint</li><li class="">there's a step where you need to download a signed artifact and host it under .well-known for domain verification</li></ul></div></div><br class=""><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Jun 6, 2019 at 10:33 AM Mike Jones via Openid-specs-ab <<a href="mailto:openid-specs-ab@lists.openid.net" target="_blank" class="">openid-specs-ab@lists.openid.net</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; border-left-width: 1px; border-left-style: solid; border-left-color: rgb(204, 204, 204); padding-left: 1ex;"><div lang="EN-US" class=""><div class="gmail-m_5698361551987637444gmail-m_8731466746763401591WordSection1"><p class="MsoNormal">Spec Call Notes 6-Jun-19<u class=""></u><u class=""></u></p><p class="MsoNormal"><u class=""></u> <u class=""></u></p><p class="MsoNormal">Mike Jones<u class=""></u><u class=""></u></p><p class="MsoNormal">Nat Sakimura<u class=""></u><u class=""></u></p><p class="MsoNormal">Bjorn Hjelm<u class=""></u><u class=""></u></p><p class="MsoNormal">Brian Campbell<u class=""></u><u class=""></u></p><p class="MsoNormal">Rich Levinson<u class=""></u><u class=""></u></p><p class="MsoNormal"><u class=""></u> <u class=""></u></p><p class="MsoNormal">Login with Apple<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>Apple announced Login with Apple this week at their developer's conference<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>Nov Matake has created a Ruby gem for it, and so knows the ins and outs of the protocol<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>Apparently it is Connect-like but not exactly Connect<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>Nat and Mike have asked Nov if he could summarize how it's the same and different<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>Mike found this after the call<span class="Apple-converted-space"> </span><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__developer.okta.com_blog_2019_06_04_what-2Dthe-2Dheck-2Dis-2Dsign-2Din-2Dwith-2Dapple&d=DwMGaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=na5FVzBTWmanqWNy4DpctyXPpuYqPkAI1aLcLN4KZNA&m=1sXeeP122voya6GkTCBab7Y8uEBH1J0gd1dAqw4CM9o&s=FbbPSLBbhJKjNMfE_dlm6Frh0RhAEIqEsLIv_iSd4SM&e=" target="_blank" class="">https://developer.okta.com/blog/2019/06/04/what-the-heck-is-sign-in-with-apple</a><u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>Dick Hart pointed out new app store requirements to use Login with Apple on Twitter<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__twitter.com_DickHardt_status_1135769039043563520&d=DwMGaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=na5FVzBTWmanqWNy4DpctyXPpuYqPkAI1aLcLN4KZNA&m=1sXeeP122voya6GkTCBab7Y8uEBH1J0gd1dAqw4CM9o&s=x-HPL6tC3QGF5s6Dyf_Gq8XAcVYXTMVipuCTFlT3DaE&e=" target="_blank" class="">https://twitter.com/DickHardt/status/1135769039043563520</a><u class=""></u><u class=""></u></p><p class="MsoNormal"><u class=""></u> <u class=""></u></p><p class="MsoNormal">Authentication Failed Error Code Draft<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>Mike sent in a review<u class=""></u><u class=""></u></p><p class="MsoNormal"><u class=""></u> <u class=""></u></p><p class="MsoNormal">OpenID Connect for Identity Proofing<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>Mike sent in a review<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>The most important comment was to make it about verified data - not just verified person data<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>Verified person data can still be covered by the draft<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>Nat: It's always good to have a general thing - then you can profile it to meet your specific requirements<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>Tony wrote that we should align with ISO 2903<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>We should also look at the EU minimal viable KYC document<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>PRIORITY GROUP 2 PROPOSAL FOR AN ATTRIBUTE-BASED & LoA-RATED KYC FRAMEWORK FOR THE FINANCIAL SECTOR IN THE DIGITAL AGE<u class=""></u><u class=""></u></p><p class="MsoNormal"><u class=""></u> <u class=""></u></p><p class="MsoNormal">EIC<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>The OpenID workshop was very well attended<u class=""></u><u class=""></u></p><p class="MsoNormal"><u class=""></u> <u class=""></u></p><p class="MsoNormal">Transient Subject Identifier Type<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>Davide Vaghetti wrote a document on this<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>See<span class="Apple-converted-space"> </span><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__gist.github.com_daserzw_813023b4e1c04d09beb732ef00d7c9e9&d=DwMGaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=na5FVzBTWmanqWNy4DpctyXPpuYqPkAI1aLcLN4KZNA&m=1sXeeP122voya6GkTCBab7Y8uEBH1J0gd1dAqw4CM9o&s=6nzs22RpynztnIp-rfXT2aqpBDXLxtss2rW9hubfBhw&e=" target="_blank" class="">https://gist.github.com/daserzw/813023b4e1c04d09beb732ef00d7c9e9</a><u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>People should review his proposal<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>There's a mailing list discussion on whether RPs need to be dynamically told that the subject is transient<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>Some banks are using the transaction ID as the subject, which is problematic<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>Apparently the banks are reluctant to provide user identity<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>It's especially problematic when people have multiple accounts<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>Brian stated that the Open Banking use case was intended to be pure authorization - not identity<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>This has been discussed in the FAPI working group<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>We should explicitly describe the "sub" lifetime expectations in Connect Core<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>Nat filed the issue #1096 - Core - Section 8. Need more subject_type<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>Nat gave the example that passports use time-bound identifiers<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>Nat said that age verification is a possible use case for ephemeral identifiers<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>Nat said that identifier unlinkability is described in ISO 27551<u class=""></u><u class=""></u></p><p class="MsoNormal"><u class=""></u> <u class=""></u></p><p class="MsoNormal">EAP<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>We're in the public review period for the two EAP specs<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__openid.net_2019_04_22_public-2Dreview-2Dperiod-2Dfor-2Dtwo-2Dproposed-2Deap-2Dimplementers-2Ddrafts_&d=DwMGaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=na5FVzBTWmanqWNy4DpctyXPpuYqPkAI1aLcLN4KZNA&m=1sXeeP122voya6GkTCBab7Y8uEBH1J0gd1dAqw4CM9o&s=68mObeXwTmpUQERyR0jxmKKUdzFn2o92t4nT7DB2sds&e=" target="_blank" class="">https://openid.net/2019/04/22/public-review-period-for-two-proposed-eap-implementers-drafts/</a><u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>People are encouraged to review them<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>Voting was started<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>However it was blocked by a Ruby application error<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>Mike will have Nov Matake investigate<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>It turns out to have been caused by a Rails version upgrade, which Nov fixed<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>The voting period will need to be rescheduled<u class=""></u><u class=""></u></p><p class="MsoNormal"><u class=""></u> <u class=""></u></p><p class="MsoNormal">Open Issues<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__bitbucket.org_openid_connect_issues-3Fstatus-3Dnew-26status-3Dopen&d=DwMGaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=na5FVzBTWmanqWNy4DpctyXPpuYqPkAI1aLcLN4KZNA&m=1sXeeP122voya6GkTCBab7Y8uEBH1J0gd1dAqw4CM9o&s=qAs3iJdZXpAZyhJaGofKVo6ggzX6qFRoW2yJRLUn54E&e=" target="_blank" class="">https://bitbucket.org/openid/connect/issues?status=new&status=open</a><u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>#1093 - Extensibility: how do we support extensibility for trust frameworks, evidences, verification methods and id documents?<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>Mike will comment on registries, OpenID, and IANA<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>#1094 - How to treat unknown identifiers in claims parameter<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>In general, we ignore not-understood values<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>If a value is required and not understood, and appropriate error can be returned<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>#1095 - Registration - 3 - rotate/renew secret<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>RFC 7592 can be used to do this<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>#1096 - Core - Section 8. Need more subject_type<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>Mike commented about the existing subject types being persistent<u class=""></u><u class=""></u></p><p class="MsoNormal"><u class=""></u> <u class=""></u></p><p class="MsoNormal">Next Call<u class=""></u><u class=""></u></p><p class="MsoNormal"> <span class="Apple-converted-space"> </span>The next call is Tuesday, June 11 at 4pm Pacific Time<u class=""></u><u class=""></u></p></div></div>_______________________________________________<br class="">Openid-specs-ab mailing list<br class=""><a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank" class="">Openid-specs-ab@lists.openid.net</a><br class=""><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Dab&d=DwMGaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=na5FVzBTWmanqWNy4DpctyXPpuYqPkAI1aLcLN4KZNA&m=1sXeeP122voya6GkTCBab7Y8uEBH1J0gd1dAqw4CM9o&s=zSdCmqsr-MTuEcFxOexi7MkfXfnpgTJM_-SnFuaITKA&e=" rel="noreferrer" target="_blank" class="">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br class=""></blockquote></div></blockquote></div><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">_______________________________________________</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">Openid-specs-ab mailing list</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class=""><a href="mailto:Openid-specs-ab@lists.openid.net" class="">Openid-specs-ab@lists.openid.net</a></span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Dab&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=na5FVzBTWmanqWNy4DpctyXPpuYqPkAI1aLcLN4KZNA&m=1sXeeP122voya6GkTCBab7Y8uEBH1J0gd1dAqw4CM9o&s=zSdCmqsr-MTuEcFxOexi7MkfXfnpgTJM_-SnFuaITKA&e=" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px;" class="">https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Dab&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=na5FVzBTWmanqWNy4DpctyXPpuYqPkAI1aLcLN4KZNA&m=1sXeeP122voya6GkTCBab7Y8uEBH1J0gd1dAqw4CM9o&s=zSdCmqsr-MTuEcFxOexi7MkfXfnpgTJM_-SnFuaITKA&e=</a></div></blockquote></div><br class=""></div></body></html>