<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div class="elementToProof" style="font-family: "Aptos Display", "Aptos Display_EmbeddedFont", "Aptos Display_MSFontService", "Calibri Light", "Helvetica Light", sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof" style="font-family: "Aptos Display", "Aptos Display_EmbeddedFont", "Aptos Display_MSFontService", "Calibri Light", "Helvetica Light", sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
The same is true for max message size, but I guess that is something that may vary based on the implementation. SCIM has an endpoint that defines what features are available and limits etc</div>
<div class="elementToProof" style="font-family: "Aptos Display", "Aptos Display_EmbeddedFont", "Aptos Display_MSFontService", "Calibri Light", "Helvetica Light", sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof" style="font-family: "Aptos Display", "Aptos Display_EmbeddedFont", "Aptos Display_MSFontService", "Calibri Light", "Helvetica Light", sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<a href="https://developer.4me.com/v1/scim/service_provider_config/" id="LPlnk">https://developer.4me.com/v1/scim/service_provider_config/</a></div>
<div class="_Entity _EType_OWALinkPreview _EId_OWALinkPreview _EReadonly_1">
<div id="LPBorder_GTaHR0cHM6Ly9kZXZlbG9wZXIuNG1lLmNvbS92MS9zY2ltL3NlcnZpY2VfcHJvdmlkZXJfY29uZmlnLw.." class="LPBorder225449" style="width: 100%; margin-top: 16px; margin-bottom: 16px; position: relative; max-width: 800px; min-width: 424px;">
<table id="LPContainer225449" role="presentation" style="padding: 12px 36px 12px 12px; width: 100%; border-width: 1px; border-style: solid; border-color: rgb(200, 200, 200); border-radius: 2px;">
<tbody>
<tr valign="top" style="border-spacing: 0px;">
<td style="width: 100%;">
<div id="LPTitle225449" style="font-size: 21px; font-weight: 300; margin-right: 8px; font-family: wf_segoe-ui_light, "Segoe UI Light", "Segoe WP Light", "Segoe UI", "Segoe WP", Tahoma, Arial, sans-serif; margin-bottom: 12px;">
<a target="_blank" id="LPUrlAnchor225449" href="https://developer.4me.com/v1/scim/service_provider_config/" style="text-decoration: none; color: var(--themePrimary);">Service Provider Config | SCIM | 4me API</a></div>
<div id="LPDescription225449" style="font-size: 14px; max-height: 100px; color: rgb(102, 102, 102); font-family: wf_segoe-ui_normal, "Segoe UI", "Segoe WP", Tahoma, Arial, sans-serif; margin-bottom: 12px; margin-right: 8px; overflow: hidden;">
4me API for Developers</div>
<div id="LPMetadata225449" style="font-size: 14px; font-weight: 400; color: rgb(166, 166, 166); font-family: wf_segoe-ui_normal, "Segoe UI", "Segoe WP", Tahoma, Arial, sans-serif;">
developer.4me.com</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="elementToProof" style="font-family: "Aptos Display", "Aptos Display_EmbeddedFont", "Aptos Display_MSFontService", "Calibri Light", "Helvetica Light", sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Might be something worth considering once we have the wire protocol defined.</div>
<div class="elementToProof" style="font-family: "Aptos Display", "Aptos Display_EmbeddedFont", "Aptos Display_MSFontService", "Calibri Light", "Helvetica Light", sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof" style="font-family: "Aptos Display", "Aptos Display_EmbeddedFont", "Aptos Display_MSFontService", "Calibri Light", "Helvetica Light", sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
All the best</div>
<div class="elementToProof" style="font-family: "Aptos Display", "Aptos Display_EmbeddedFont", "Aptos Display_MSFontService", "Calibri Light", "Helvetica Light", sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof" style="font-family: "Aptos Display", "Aptos Display_EmbeddedFont", "Aptos Display_MSFontService", "Calibri Light", "Helvetica Light", sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Andy</div>
<div class="elementToProof" style="font-family: "Aptos Display", "Aptos Display_EmbeddedFont", "Aptos Display_MSFontService", "Calibri Light", "Helvetica Light", sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof" style="font-family: "Aptos Display", "Aptos Display_EmbeddedFont", "Aptos Display_MSFontService", "Calibri Light", "Helvetica Light", sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof" style="font-family: "Aptos Display", "Aptos Display_EmbeddedFont", "Aptos Display_MSFontService", "Calibri Light", "Helvetica Light", sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div dir="ltr" style="mso-line-height-rule:exactly;-webkit-text-size-adjust:100%;font-size:1px;direction:ltr;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%;border-collapse:collapse;font-size:1px;"><tr style="font-size:0;"><td align="left"><table cellpadding="0" cellspacing="0" border="0" style="background-color:#FFFFFF;border-collapse:collapse;font-size:0;"><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%;border-collapse:collapse;font-size:0;"><tr style="font-size:0;"><td align="left" style="vertical-align:top;line-height:normal;"><a href="https://registry.blockmarktech.com/certificates/f00f855a-3b35-4591-a6c0-de94ffe4ceb1/" target="_blank" id="LPlnk689713" style="text-decoration:none;"><img src="cid:image743882.png@92064F6D.3CDBA856" width="100" height="100" border="0" alt="" style="width:100px;min-width:100px;max-width:100px;height:100px;min-height:100px;max-height:100px;font-size:0;" /></a></td><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="border-collapse:collapse;font-size:0;line-height:normal;"><tr style="font-size:0;"><td align="left" style="padding:0;border-top:none;border-right:solid 4px #000001;border-bottom:none;border-left:none;vertical-align:top;"><img src="cid:image627366.png@5B61FC1A.259AE89E" width="85" height="124.1" border="0" alt="" style="width:85px;min-width:85px;max-width:85px;height:124.1px;min-height:124.1px;max-height:124.1px;font-size:0;" /></td></tr></table></td><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%;border-collapse:collapse;font-size:0;"><tr style="font-size:0;"><td align="left" style="padding:7px 0 0 7px;vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="white-space:normal;color:#000001;font-size:14.67px;font-family:Calibri,Arial,sans-serif;font-weight:400;font-style:normal;text-align:justify;line-height:14px;width:100%;border-collapse:collapse;"><tr style="font-size:10.67px;"><td style="font-family:Calibri,Arial,sans-serif;"><span style="font-size:13px;"><br />We are the first IdentityServer partner to become a Certified B Corporation™.<span style="font-family:remialcxesans;font-size:1px;color:#FFFFFF;line-height:1px;"><span style="font-family:'template-CbyZv7ONEe6-oGBFvdGUFw';"></span><span style="font-family:'zone-1';"></span><span style="font-family:'zones-AQ';"></span></span><br />Head to our <span style="text-decoration:underline;color:#3A13CD;"><a href="https://www.rocksolidknowledge.com/mission-statement" target="_blank" id="LPlnk689713" title="https://www.rocksolidknowledge.com/mission-statement" style="text-decoration:none;color:#3A13CD;">mission </a><a href="https://www.rocksolidknowledge.com/mission-statement" target="_blank" id="LPlnk689713" title="https://www.rocksolidknowledge.com/mission-statement" style="text-decoration:none;color:#3A13CD;">sta</a><a href="https://www.rocksolidknowledge.com/mission-statement" target="_blank" id="LPlnk689713" title="https://www.rocksolidknowledge.com/mission-statement" style="text-decoration:none;color:#3A13CD;">tement</a></span> to read more about the ways we’re using business as a force for good.<br /><br />Rock Solid Knowledge Ltd is a company registered in England and Wales under number 6811209.<br />Registered office: C2, Vantage Office Park, Old Gloucester Road, Bristol, BS16 1GW, United Kingdom<br />Vat registered: GB948 1966 72</span><br /></td></tr></table></td></tr></table></td></tr></table></td></tr></table></td></tr></table></div><div id="appendonsend"></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Openid-specs-authzen <openid-specs-authzen-bounces@lists.openid.net> on behalf of Alex Babeanu via Openid-specs-authzen <openid-specs-authzen@lists.openid.net><br>
<b>Sent:</b> 13 June 2024 22:12<br>
<b>To:</b> AuthZEN Working Group List <openid-specs-authzen@lists.openid.net><br>
<b>Cc:</b> Alex Babeanu <alex@3edges.com><br>
<b>Subject:</b> Re: [Openid-specs-authzen] Boxcarring proposal</font>
<div> </div>
</div>
<div>
<div dir="ltr">Ah, yes sorry forgot to add...
<div><br>
</div>
<div>Another consideration that we see in GraphQL and that applies here also: we must introduce some kind of limit to the number of boxcarred requests... If not as explicitly standardized, then at the very least as a security note/paragraph to mitigate the
risks of DoS attacks... What's the max # of boxcarred requests we should allow?<br>
<div><br>
</div>
<div>(in GraphQL you have to do Query Cost analysis and more for instance).</div>
<div><br>
</div>
<div>Cheers,</div>
<div>./\.</div>
</div>
</div>
<br>
<div class="x_gmail_quote">
<div dir="ltr" class="x_gmail_attr">On Thu, Jun 13, 2024 at 2:08 PM Alex Babeanu <<a href="mailto:alex@3edges.com">alex@3edges.com</a>> wrote:<br>
</div>
<blockquote class="x_gmail_quote" style="margin:0px 0px 0px 0.8ex; border-left:1px solid rgb(204,204,204); padding-left:1ex">
<div dir="ltr">Thanks Omri,<br>
<div><br>
</div>
<div>For the "All vs Any semantics", which sounds complicated, would it be better stated this way (below)?</div>
<div><br>
</div>
<div>- Add a "Stop on Error" flag (default 'false')</div>
<div>- Add a "Stop on Deny" flag (default to 'false')</div>
<div>to the top (default) headers.</div>
<div><br>
</div>
<div>The idea is really to save on processing time if not necessary (to the discretion of the caller).</div>
<div><br>
</div>
<div>E.g., </div>
<div><font face="monospace">"evaluations": {<br>
</font></div>
<div><font face="monospace"> "stopOnError": true,</font></div>
<div><font face="monospace"> "stopOnDeny": false,</font></div>
<div><font face="monospace"> "subject" :{</font></div>
<div><font face="monospace"> ...<br>
},</font></div>
<div><font face="monospace"> "eval-1": {<br>
...</font></div>
<div><font face="monospace"> }</font></div>
<div><font face="monospace"> }</font></div>
<div><br>
</div>
<div>Thoughts?</div>
<div><br>
</div>
<div>./\.</div>
<div><br>
</div>
<div><br>
</div>
</div>
<br>
<div class="x_gmail_quote">
<div dir="ltr" class="x_gmail_attr">On Thu, Jun 13, 2024 at 1:50 PM Omri Gazitt via Openid-specs-authzen <<a href="mailto:openid-specs-authzen@lists.openid.net" target="_blank">openid-specs-authzen@lists.openid.net</a>> wrote:<br>
</div>
<blockquote class="x_gmail_quote" style="margin:0px 0px 0px 0.8ex; border-left:1px solid rgb(204,204,204); padding-left:1ex">
<div dir="ltr">Thanks Alex and Eve!
<div>
<ul>
<li><b>/access/v1/evaluation vs /access/v1/evaluations:</b> I am certainly fine with adding an endpoint (which is what our intent was back in April). In fact, the current draft of the spec has the single and multi-request evaluations API on two different endpoints.
But the proposal was written to be "reasonably" backwards-compatible with what we had before. That is not a big consideration at the moment since we are just about to create our first Implementer's Draft.<br>
</li><li><b>Standardizing error messages</b>: the proposal doesn't go into details on the codes, because it isn't meant to be "dropped" into the spec - it just outlines the shape of what the multi-request API looks like, to get to consensus, before being incorporated.
With that said, the HTTPS binding does detail some of this in the main spec. It's pretty sparse at the moment (400, 401, 403, 500 are detailed), and we may want to get more specific beyond that. But I think that's out of the scope of this proposal.<br>
</li><li><b>All vs Any semantics</b>: each evaluation is independent, so each requires a separate decision value.</li><li><b>Scenarios</b>: Atul, Alex O, Chris H, and David B all mentioned UI state evaluations being a primary scenario. All of their products support multi-request evaluations today. I didn't write a detailed use-case because there seemed to be alot of passion
to get this into the spec :)</li></ul>
</div>
</div>
<br>
<div class="x_gmail_quote">
<div dir="ltr" class="x_gmail_attr">On Thu, Jun 13, 2024 at 8:44 AM eve--- via Openid-specs-authzen <<a href="mailto:openid-specs-authzen@lists.openid.net" target="_blank">openid-specs-authzen@lists.openid.net</a>> wrote:<br>
</div>
<blockquote class="x_gmail_quote" style="margin:0px 0px 0px 0.8ex; border-left:1px solid rgb(204,204,204); padding-left:1ex">
<div>Good point about “all” vs. “any” semantics. That could open up a can of worms around organizing and ordering the individual items / their responses (all of these OR any of those, UNLESS this one over here returns foo...). It would be good to strongly motivate
any options in this direction with real-life use cases.
<div>
<div>
<div dir="auto" style="color:rgb(0,0,0); letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none">
<div dir="auto" style="color:rgb(0,0,0); letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none">
<div dir="auto" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; color:rgb(0,0,0)">
<div dir="auto" style="color:rgb(0,0,0); font-family:Helvetica; font-size:12px; font-style:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none">
<div dir="auto" style="color:rgb(0,0,0); letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none">
<div dir="auto" style="color:rgb(0,0,0); letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none">
<div><br>
Eve Maler | cell and Signal <a href="tel:+1-425-345-6756" target="_blank">+1 (425) 345-6756</a><br>
Visit the <a href="http://vennfactory.com/" target="_blank">Venn Factory</a><br>
Request a <a href="https://fantastical.app/eve/15" target="_blank">15-minute consultation</a></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div><br>
<blockquote type="cite">
<div>On Jun 13, 2024, at 10:32 AM, Alex Babeanu via Openid-specs-authzen <<a href="mailto:openid-specs-authzen@lists.openid.net" target="_blank">openid-specs-authzen@lists.openid.net</a>> wrote:</div>
<br>
<div>
<div dir="ltr">Hello there,<br>
<div><br>
</div>
<div>just a couple of comments.</div>
<div>- As Steve suggest, should this boxcarring API be available at a different endpoint (<span style="font-size:12pt"> </span><span style="font-size:12pt; font-family:"Aptos Mono"">/access/v1/authorization<span style="color:red">s</span></span><span style="font-size:12pt"> )?
The draft doesn't mention the endpoint...</span></div>
<div><span style="font-size:12pt">- Error processing would need a bit more detail I think. E.g.,</span></div>
<div>
<ul>
<li><span style="font-size:12pt"> Are we going to standardize on error messages ? I.e., do HTTP status codes make sense here? Or should these be left to be up to the implementations ?</span></li><li><span style="font-size:12pt">Could "boxcarred" evaluations be treated as a transaction (i.e., fail the whole on any failure or keep processing)? In which case 1 single response may be sufficient (grant/deny the whole thing).</span></li></ul>
<div><span style="font-size:16px">Still struggling with the necessity of this btw, others might too... It would be good to maybe illustrate this with a use case in the intro maybe?</span></div>
</div>
<div><span style="font-size:16px">Looks good otherwise. </span><span style="font-size:16px"><br>
</span></div>
<div><span style="font-size:16px"><br>
</span></div>
<div><span style="font-size:16px">Cheers,</span></div>
<div><span style="font-size:16px"><br>
</span></div>
<div><span style="font-size:16px">./\.</span></div>
</div>
<br>
<div class="x_gmail_quote">
<div dir="ltr" class="x_gmail_attr">On Tue, Jun 11, 2024 at 12:12 PM Omri Gazitt via Openid-specs-authzen <<a href="mailto:openid-specs-authzen@lists.openid.net" target="_blank">openid-specs-authzen@lists.openid.net</a>> wrote:<br>
</div>
<blockquote class="x_gmail_quote" style="margin:0px 0px 0px 0.8ex; border-left:1px solid rgb(204,204,204); padding-left:1ex">
<div dir="ltr">
<div dir="ltr">Hi Roland,<br>
</div>
<div dir="ltr"><br>
</div>
<div>The intent of the drafted proposal is to have the "evaluations" key, if present, supersede the main request. </div>
<div><br>
</div>
<div>Any keys in the main request that are specified are treated as default values for the requests in the "evaluations" key.</div>
<div><br>
</div>
<div>The values in each of the "evaluations" requests supersede any of these default values.</div>
<div><br>
</div>
<div>In the example you mentioned, the context for eval-1 would be </div>
<div><b> "context": {</b><br>
</div>
<div>
<pre><b> "time": "2024-06-01"
},</b></pre>
</div>
<div>If none of the other requests (eval-2, eval-3, etc) provided a context, then they would default to </div>
<div>
<pre><b>"context":{
"time": "2024-05-31"
}</b>,</pre>
<pre><br></pre>
</div>
I hope this clarifies!
<div>Omri.</div>
<div><br>
<div class="x_gmail_quote">
<div dir="ltr" class="x_gmail_attr">On Tue, Jun 11, 2024 at 11:59 AM Roland Baum via Openid-specs-authzen <<a href="mailto:openid-specs-authzen@lists.openid.net" target="_blank">openid-specs-authzen@lists.openid.net</a>> wrote:<br>
</div>
<blockquote class="x_gmail_quote" style="margin:0px 0px 0px 0.8ex; border-left:1px solid rgb(204,204,204); padding-left:1ex">
<u></u>
<div>
<p>Hey here,</p>
<p>thanks for creating an initial draft for discussion!</p>
<p>From how I understand the current scheme, the carried requests in "evaluations" can be mixed with the main request.</p>
<p>so the following request could be legal, or ?<br>
</p>
<pre>{
"subject": {
...
},
<b> "context":{
"time": "2024-05-31"
}</b>,
"action": {
...
},
"evaluations": {
"eval-1": {
"resource": {
},
<b> "context": {
"time": "2024-06-01"
},</b>
},
....
}
]
}
</pre>
<p>The different context elements can contradict each other, which should be avoided?</p>
<p>Similar case with other combinations, where parts of the tuple are part of the main request an others are only present in evaluations.</p>
<p>I've the guts feeling that this could make implementations rather complex, since all the combinations need to be considered and canonized into [subject+action+resource] tuples for processing.</p>
<p>how about just reusing the same scheme as in the current request in the "evaluations" element?</p>
<p>So if a request should carry 1+n questions, the 1st goes into the main tuple, the others into "evaluations" and contain a full subject-action-resource(-context) tuple ? 🤷<br>
<br>
</p>
<p><br>
</p>
<p>hope this makes sense<br>
</p>
<p><br>
</p>
<pre cols="72">Roland Baum
umbrella.associates GmbH
Dipl.Kfm.(FH), Dipl.Wirt.-Inf.(FH), CISA, CISSP, CIDPRO</pre>
<div>Am 09.06.24 um 23:36 schrieb Omri Gazitt via Openid-specs-authzen:<br>
</div>
<blockquote type="cite">
<div dir="auto">Steve, thanks for reviewing!</div>
<div dir="auto"><br>
</div>
<div dir="auto">I agree that new PEPs and old PDPs would not interoperate without a capability negotiation mechanism (like context, or a different endpoint as you said). </div>
<div dir="auto"><br>
</div>
<div dir="auto">And also that at this stage, we don’t need to worry about that kind of back-compat, since we haven’t yet a first implementers draft. <br clear="all">
<br clear="all">
<div dir="auto">
<div dir="ltr" class="x_gmail_signature">
<div dir="ltr">
<table style="font-family:tahoma,sans-serif; border:medium; border-collapse:collapse; color:rgb(34,34,34)">
<tbody style="font-family:tahoma,sans-serif">
<tr style="height:0pt; font-family:tahoma,sans-serif">
<td style="vertical-align:top; padding:5pt; overflow:hidden; font-family:tahoma,sans-serif">
<div style="line-height:1.2; margin-top:0pt; margin-bottom:0pt; font-family:tahoma,sans-serif">
<a href="http://www.aserto.com/" target="_blank" style="font-family:tahoma,sans-serif"><img width="96" height="35" style="font-family:tahoma,sans-serif" src="https://raw.githubusercontent.com/aserto-dev/artwork/main/logo/horizontal/color/aserto-horizontal-color.png"></a></div>
</td>
<td style="vertical-align:middle; padding:5pt; overflow:hidden; font-family:tahoma,sans-serif">
<div style="line-height:1.2; margin-top:0pt; margin-bottom:0pt; font-family:tahoma,sans-serif">
<span style="font-family:Roboto,sans-serif; font-weight:700; vertical-align:baseline; white-space:pre-wrap; background-color:transparent"><span style="font-size:10pt; font-family:Roboto,sans-serif">Omri Gazitt</span><span style="font-weight:normal; font-family:Roboto,sans-serif"><span style="font-family:Arial; vertical-align:baseline; background-color:transparent"><span style="white-space:pre-wrap; font-family:Arial">
</span></span></span><span style="font-size:10pt; font-family:Roboto,sans-serif">|
</span></span><span style="font-family:Roboto,sans-serif; font-size:10pt; white-space:pre-wrap; background-color:transparent">CEO</span></div>
<div style="line-height:1.2; margin-top:0pt; margin-bottom:0pt; font-family:tahoma,sans-serif">
<span style="font-size:10pt; font-family:Roboto,sans-serif; vertical-align:baseline; white-space:pre-wrap; background-color:transparent"><a href="http://www.aserto.com/" target="_blank" style="font-family:Roboto,sans-serif">Aserto</a> Inc.</span><span style="font-family:Arial; vertical-align:baseline; background-color:transparent"><span style="white-space:pre-wrap; font-family:Arial">
</span></span><span style="font-family:Roboto,sans-serif; font-weight:700; white-space:pre-wrap; font-size:10pt">|
</span><span style="font-family:Roboto,sans-serif; font-size:10pt; white-space:pre-wrap; background-color:transparent">(425) 765-0079</span></div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
<div><br>
</div>
<div><br>
<div class="x_gmail_quote">
<div dir="ltr" class="x_gmail_attr">On Sun, Jun 9, 2024 at 1:25 PM Steven Venema via Openid-specs-authzen <<a href="mailto:openid-specs-authzen@lists.openid.net" target="_blank">openid-specs-authzen@lists.openid.net</a>> wrote:<br>
</div>
<blockquote class="x_gmail_quote" style="margin:0px 0px 0px 0.8ex; border-left:1px solid rgb(204,204,204); padding-left:1ex">
<div lang="EN-US">
<div>
<p class="x_MsoNormal"><span style="font-size:12pt">Hi all,</span></p>
<div><span style="font-size:12pt"> </span><br>
</div>
<p class="x_MsoNormal"><span style="font-size:12pt">The proposal does claim backwards compatibility, but I wonder if there is a case where that might not be the case.</span></p>
<div><span style="font-size:12pt"> </span><br>
</div>
<p class="x_MsoNormal"><span style="font-size:12pt">Here is an example; please let me know if I’m getting something wrong here:</span></p>
<div><span style="font-size:12pt"> </span><br>
</div>
<ol type="1" start="1" style="margin-top:0in">
<li style="margin-left:0in"><span style="font-size:12pt">Assume we have a PEP which implements boxcarring but a (legacy?) PDP which does not.</span></li><li style="margin-left:0in"><span style="font-size:12pt">When the PDP receives a boxcarred request with an
</span><span style="font-size:12pt; font-family:"Aptos Mono"">evaluations</span><span style="font-size:12pt"> object, I presume it would ignore that object as an unrecognized key, correct?</span></li><li style="margin-left:0in"><span style="font-size:12pt">The PDP would then interpret any remaining elements (</span><span style="font-size:12pt; font-family:"Aptos Mono"">subject</span><span style="font-size:12pt">,
</span><span style="font-size:12pt; font-family:"Aptos Mono"">context</span><span style="font-size:12pt">, etc.), as an actual single-valued evaluation request instead of defaults for boxcarred request, possibly returning a result which doesn’t make sense to
the PEP? This would seem to be a break in backward compatibility.</span></li></ol>
<div><span style="font-size:12pt"> </span><br>
</div>
<p class="x_MsoNormal"><span style="font-size:12pt">The converse, where the PEP is legacy and the PDP supports boxcarring should work just fine though.</span></p>
<div><span style="font-size:12pt"> </span><br>
</div>
<p class="x_MsoNormal"><span style="font-size:12pt">Assuming the above scenario is plausible, it does beg the question of how important backward compatibility is at this point in our spec development cycle. In the past, we’ve assumed that we MUST maintain backward
compatibility. If so, then this would perhaps be an argument for the alternate endpoint approach we’ve discussed
</span><span style="font-size:12pt; font-family:"Aptos Mono"">/access/v1/authorization<span style="font-family:"Aptos Mono"; color:red">s</span></span><span style="font-size:12pt"> vs.
</span><span style="font-size:12pt; font-family:"Aptos Mono"">/access/v1/authorization</span><span style="font-size:12pt">).</span></p>
<div><span style="font-size:12pt"> </span><br>
</div>
<p class="x_MsoNormal"><span style="font-size:12pt">Thoughts?</span></p>
<p class="x_MsoNormal"><span style="font-size:12pt">-Steve</span></p>
<div id="x_m_3332240378273714515m_3148879756352290894m_5117389217296316899m_5247919856321322936m_984085434974484457m_6648428770209818706m_-2774160369938554618mail-editor-reference-message-container">
<div>
<div style="border-width:1pt medium medium; border-style:solid none none; padding:3pt 0in 0in; border-color:rgb(181,196,223) currentcolor currentcolor">
<p class="x_MsoNormal" style="margin-bottom:12pt"><b><span style="font-size:12pt">From:
</span></b><span style="font-size:12pt">Openid-specs-authzen <<a href="mailto:openid-specs-authzen-bounces@lists.openid.net" target="_blank">openid-specs-authzen-bounces@lists.openid.net</a>> on behalf of Omri Gazitt via Openid-specs-authzen <<a href="mailto:openid-specs-authzen@lists.openid.net" target="_blank">openid-specs-authzen@lists.openid.net</a>><br>
<b>Date: </b>Wednesday, June 5, 2024 at 22:27<br>
<b>To: </b>AuthZEN Working Group List <<a href="mailto:openid-specs-authzen@lists.openid.net" target="_blank">openid-specs-authzen@lists.openid.net</a>><br>
<b>Cc: </b>Omri Gazitt <<a href="mailto:omri@aserto.com" target="_blank">omri@aserto.com</a>><br>
<b>Subject: </b>Re: [Openid-specs-authzen] Boxcarring proposal</span></p>
</div>
<div>
<p class="x_MsoNormal"><span style="font-size:12pt">Thanks Andy, Alex & Granville!</span></p>
<div>
<div><span style="font-size:12pt"> </span><br>
</div>
</div>
<div>
<p class="x_MsoNormal"><span style="font-size:12pt">I agree with the feedback to use a keyed object instead of an array. I made those changes in the
<a href="https://hackmd.io/ri7odOQkQ6yztBQGlXnnKg?both" target="_blank">hackmd file</a>. I also added a brief section on errors.</span></p>
</div>
<div>
<div><span style="font-size:12pt"> </span><br>
</div>
</div>
<div>
<p class="x_MsoNormal"><span style="font-size:12pt">Please feel free to add comments to the hackmd file, or send them on the mailing list. </span></p>
</div>
<div>
<div><span style="font-size:12pt"> </span><br>
</div>
</div>
<div>
<p class="x_MsoNormal"><span style="font-size:12pt">We can discuss the proposal at our next meeting on Tuesday.</span></p>
</div>
<div>
<div><span style="font-size:12pt"> </span><br>
</div>
</div>
<div>
<p class="x_MsoNormal"><span style="font-size:12pt">Thanks,</span></p>
</div>
<div>
<p class="x_MsoNormal"><span style="font-size:12pt">Omri.</span></p>
</div>
<div>
<div><span style="font-size:12pt"> </span><br>
</div>
</div>
</div>
<div><span style="font-size:12pt"> </span><br>
</div>
<div>
<div>
<p class="x_MsoNormal"><span style="font-size:12pt">On Mon, Jun 3, 2024 at 5:48</span><span style="font-size:12pt; font-family:Arial,sans-serif"> </span><span style="font-size:12pt">AM Granville Schmidt via Openid-specs-authzen <<a href="mailto:openid-specs-authzen@lists.openid.net" target="_blank">openid-specs-authzen@lists.openid.net</a>>
wrote:</span></p>
</div>
<blockquote style="border-width:medium medium medium 1pt; border-style:none none none solid; padding:0in 0in 0in 6pt; margin-left:4.8pt; margin-right:0in; border-color:currentcolor currentcolor currentcolor rgb(204,204,204)">
<div>
<div>
<p class="x_MsoNormal"><span style="font-size:12pt">Thank you for writing this first proposal, Omri!</span></p>
</div>
<div>
<div><span style="font-size:12pt"> </span><br>
</div>
</div>
<div>
<p class="x_MsoNormal"><span style="font-size:12pt">I agree with Alex on having the batched response keyed off an identifier. I also have some additional thoughts to share and get feedback on.</span></p>
</div>
<div>
<div><span style="font-size:12pt"> </span><br>
</div>
</div>
<div>
<p class="x_MsoNormal"><span style="font-size:12pt">Is it the team's preference to have comments added directly to the HackMD document or continue via email?</span></p>
</div>
<div>
<div><span style="font-size:12pt"> </span><br>
</div>
</div>
<div>
<p class="x_MsoNormal"><span style="font-size:12pt">Cheers,</span></p>
</div>
<p class="x_MsoNormal"><span style="font-size:12pt"><br clear="all">
</span></p>
<div>
<div>
<div>
<div>
<div>
<p class="x_MsoNormal"><b><span style="font-size:12pt; font-family:Arial,sans-serif">Granville Schmidt</span></b><span style="font-size:12pt"></span></p>
</div>
<div>
<p class="x_MsoNormal"><span style="font-size:12pt; font-family:Arial,sans-serif">CISSP, CCSP, CSSLP, HCISPP, CIPT, GCPCA</span><span style="font-size:12pt"></span></p>
</div>
<div>
<p class="x_MsoNormal"><span style="font-size:12pt; font-family:Arial,sans-serif"><a href="https://www.linkedin.com/in/granvilleschmidt/" target="_blank" style="font-family:Arial,sans-serif"><span style="font-family:Arial,sans-serif; color:rgb(17,85,204)">https://www.linkedin.com/in/granvilleschmidt/</span></a> <br>
+1-740-701-3514</span><span style="font-size:12pt"></span></p>
</div>
<div>
<div><span style="font-size:12pt"> </span><br>
</div>
</div>
<div>
<p class="x_MsoNormal"><span style="font-size:12pt; font-family:Arial,sans-serif; border:1pt solid windowtext; padding:0in"><img id="x_m_3332240378273714515m_3148879756352290894m_5117389217296316899m_5247919856321322936m_984085434974484457m_6648428770209818706m_-2774160369938554618_x0000_i1030" alt="Image removed by sender." width="32" height="32" border="0" style="width:0.3333in; height:0.3333in; font-family:Arial,sans-serif"></span><span style="font-size:12pt; font-family:Arial,sans-serif"> <span style="border:1pt solid windowtext; padding:0in; font-family:Arial,sans-serif"><img id="x_m_3332240378273714515m_3148879756352290894m_5117389217296316899m_5247919856321322936m_984085434974484457m_6648428770209818706m_-2774160369938554618_x0000_i1029" alt="Image removed by sender." width="32" height="32" border="0" style="width:0.3333in; height:0.3333in; font-family:Arial,sans-serif"></span> <span style="border:1pt solid windowtext; padding:0in; font-family:Arial,sans-serif"><img id="x_m_3332240378273714515m_3148879756352290894m_5117389217296316899m_5247919856321322936m_984085434974484457m_6648428770209818706m_-2774160369938554618_x0000_i1028" alt="Image removed by sender." width="32" height="32" border="0" style="width:0.3333in; height:0.3333in; font-family:Arial,sans-serif"></span> <span style="border:1pt solid windowtext; padding:0in; font-family:Arial,sans-serif"><img id="x_m_3332240378273714515m_3148879756352290894m_5117389217296316899m_5247919856321322936m_984085434974484457m_6648428770209818706m_-2774160369938554618_x0000_i1027" alt="Image removed by sender." width="32" height="32" border="0" style="width:0.3333in; height:0.3333in; font-family:Arial,sans-serif"></span></span><span style="font-size:12pt"></span></p>
</div>
<div>
<p class="x_MsoNormal"><span style="font-size:12pt; border:1pt solid windowtext; padding:0in"><img id="x_m_3332240378273714515m_3148879756352290894m_5117389217296316899m_5247919856321322936m_984085434974484457m_6648428770209818706m_-2774160369938554618_x0000_i1026" alt="Image removed by sender. Certified Information Privacy Technologist (CIPT) | Intellectual Point" width="96" height="96" border="0" style="width:1in; height:1in"></span><span style="font-size:12pt"></span></p>
</div>
</div>
</div>
</div>
</div>
<div><span style="font-size:12pt"> </span><br>
</div>
</div>
<div><span style="font-size:12pt"> </span><br>
</div>
<div>
<div>
<p class="x_MsoNormal"><span style="font-size:12pt">On Mon, Jun 3, 2024 at 3:38</span><span style="font-size:12pt; font-family:Arial,sans-serif"> </span><span style="font-size:12pt">AM Alex Olivier via Openid-specs-authzen <<a href="mailto:openid-specs-authzen@lists.openid.net" target="_blank">openid-specs-authzen@lists.openid.net</a>>
wrote:</span></p>
</div>
<blockquote style="border-width:medium medium medium 1pt; border-style:none none none solid; padding:0in 0in 0in 6pt; margin-left:4.8pt; margin-right:0in; border-color:currentcolor currentcolor currentcolor rgb(204,204,204)">
<div>
<p class="x_MsoNormal"><span style="font-size:12pt">This is looking good to me.</span></p>
<div>
<div><span style="font-size:12pt"> </span><br>
</div>
</div>
<div>
<p class="x_MsoNormal"><span style="font-size:12pt">The one area I have run into with the type-array response approach is around ordering. I am assuming that the response array is required to be the same length and order as the input values. This is implicitly
putting the responsibility of the PDP to fit that contract and so would be called out in the spec explicitly.</span></p>
</div>
<div>
<div><span style="font-size:12pt"> </span><br>
</div>
</div>
<div>
<p class="x_MsoNormal"><span style="font-size:12pt">From my own experience, having this batch response being keyed off some identifier (resource ID/action?) passed in the input makes it easier to handle on the client side as you can just 'pluck' the value from
the response rather than have to iterate through the array to find the matching entity (though the SDK layer can do this).</span></p>
</div>
<div>
<div><span style="font-size:12pt"> </span><br>
</div>
</div>
<div>
<div><span style="font-size:12pt"> </span><br>
</div>
</div>
</div>
<div><span style="font-size:12pt"> </span><br>
</div>
<div>
<div>
<p class="x_MsoNormal"><span style="font-size:12pt">On Sat, 1 Jun 2024 at 02:21, Omri Gazitt via Openid-specs-authzen <<a href="mailto:openid-specs-authzen@lists.openid.net" target="_blank">openid-specs-authzen@lists.openid.net</a>> wrote:</span></p>
</div>
<blockquote style="border-width:medium medium medium 1pt; border-style:none none none solid; padding:0in 0in 0in 6pt; margin-left:4.8pt; margin-right:0in; border-color:currentcolor currentcolor currentcolor rgb(204,204,204)">
<div>
<p class="x_MsoNormal"><span style="font-size:12pt">Hi folks!</span></p>
<div>
<div><span style="font-size:12pt"> </span><br>
</div>
</div>
<div>
<p class="x_MsoNormal"><span style="font-size:12pt">I had a chance to write up the boxcarring proposal that we batted around during Identiverse. It's in
<a href="https://hackmd.io/ri7odOQkQ6yztBQGlXnnKg" target="_blank">HackMD</a>. Comments welcome!</span></p>
</div>
<div>
<div><span style="font-size:12pt"> </span><br>
</div>
</div>
<div>
<p class="x_MsoNormal"><span style="font-size:12pt">The proposal is meant to be backwards-compatible with the current single-decision evaluation API, but could also be bound to the /access/v1/evaluations (note plural) endpoint.</span></p>
</div>
<div>
<div><span style="font-size:12pt"> </span><br>
</div>
</div>
<div>
<p class="x_MsoNormal"><span style="font-size:12pt">Thanks,</span></p>
</div>
<div>
<p class="x_MsoNormal"><span style="font-size:12pt">Omri.<br clear="all">
</span></p>
<div>
<div><span style="font-size:12pt"> </span><br>
</div>
</div>
<p class="x_MsoNormal"><span><span style="font-size:12pt">-- </span></span><span style="font-size:12pt"></span></p>
<div>
<div>
<table cellspacing="0" cellpadding="0" border="0" style="border-collapse:collapse">
<tbody>
<tr>
<td valign="top" style="padding:5pt; overflow:hidden">
<div style="margin:0in"><span style="font-family:Tahoma,sans-serif; color:rgb(34,34,34)"><a href="http://www.aserto.com/" target="_blank" style="font-family:Tahoma,sans-serif"><span style="text-decoration:none; font-family:Tahoma,sans-serif; color:rgb(34,34,34)"><span style="border:1pt solid windowtext; padding:0in; font-family:Tahoma,sans-serif; color:blue"><img id="x_m_3332240378273714515m_3148879756352290894m_5117389217296316899m_5247919856321322936m_984085434974484457m_6648428770209818706m_-2774160369938554618_x0000_i1025" alt="Image removed by sender." width="96" height="35" border="0" style="width:1in; height:0.3645in; font-family:Tahoma,sans-serif"></span></span></a></span></div>
</td>
<td style="padding:5pt; overflow:hidden">
<div style="margin:0in"><b><span style="font-size:10pt; font-family:Roboto">Omri Gazitt</span></b><span style="font-family:Arial,sans-serif">
</span><b><span style="font-size:10pt; font-family:Roboto">| </span></b><span style="font-size:10pt; font-family:Roboto">CEO</span><span style="font-family:Tahoma,sans-serif; color:rgb(34,34,34)"></span></div>
<div style="margin:0in"><span style="font-size:10pt; font-family:Roboto"><a href="http://www.aserto.com/" target="_blank" style="font-family:Roboto">Aserto</a> Inc.</span><span style="font-family:Arial,sans-serif; color:rgb(34,34,34)">
</span><b><span style="font-size:10pt; font-family:Roboto">| </span></b><span style="font-size:10pt; font-family:Roboto">(425) 765-0079</span><span style="font-family:Tahoma,sans-serif; color:rgb(34,34,34)"></span></div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</blockquote>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</div>
<div lang="EN-US">
<div>
<div id="x_m_3332240378273714515m_3148879756352290894m_5117389217296316899m_5247919856321322936m_984085434974484457m_6648428770209818706m_-2774160369938554618mail-editor-reference-message-container">
<div>
<div>
<blockquote style="border-width:medium medium medium 1pt; border-style:none none none solid; padding:0in 0in 0in 6pt; margin-left:4.8pt; margin-right:0in; border-color:currentcolor currentcolor currentcolor rgb(204,204,204)">
<div>
<blockquote style="border-width:medium medium medium 1pt; border-style:none none none solid; padding:0in 0in 0in 6pt; margin-left:4.8pt; margin-right:0in; border-color:currentcolor currentcolor currentcolor rgb(204,204,204)">
<div>
<blockquote style="border-width:medium medium medium 1pt; border-style:none none none solid; padding:0in 0in 0in 6pt; margin-left:4.8pt; margin-right:0in; border-color:currentcolor currentcolor currentcolor rgb(204,204,204)">
<div>
<div>
<div>
<div>
<table cellspacing="0" cellpadding="0" border="0" style="border-collapse:collapse">
<tbody>
<tr>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
<p class="x_MsoNormal"><span style="font-size:12pt">-- <br>
Openid-specs-authzen mailing list<br>
<a href="mailto:Openid-specs-authzen@lists.openid.net" target="_blank">Openid-specs-authzen@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-specs-authzen" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-authzen</a></span></p>
</blockquote>
</div>
<p class="x_MsoNormal"><span style="font-size:12pt">-- <br>
Openid-specs-authzen mailing list<br>
<a href="mailto:Openid-specs-authzen@lists.openid.net" target="_blank">Openid-specs-authzen@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-specs-authzen" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-authzen</a></span></p>
</blockquote>
</div>
<p class="x_MsoNormal"><span style="font-size:12pt">-- <br>
Openid-specs-authzen mailing list<br>
<a href="mailto:Openid-specs-authzen@lists.openid.net" target="_blank">Openid-specs-authzen@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-specs-authzen" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-authzen</a></span></p>
</blockquote>
</div>
</div>
</div>
</div>
</div>
-- <br>
Openid-specs-authzen mailing list<br>
<a href="mailto:Openid-specs-authzen@lists.openid.net" target="_blank">Openid-specs-authzen@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-specs-authzen" rel="noreferrer" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-authzen</a><br>
</blockquote>
</div>
</div>
<br>
<fieldset></fieldset> </blockquote>
</div>
-- <br>
Openid-specs-authzen mailing list<br>
<a href="mailto:Openid-specs-authzen@lists.openid.net" target="_blank">Openid-specs-authzen@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-specs-authzen" rel="noreferrer" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-authzen</a><br>
</blockquote>
</div>
</div>
</div>
-- <br>
Openid-specs-authzen mailing list<br>
<a href="mailto:Openid-specs-authzen@lists.openid.net" target="_blank">Openid-specs-authzen@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-specs-authzen" rel="noreferrer" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-authzen</a><br>
</blockquote>
</div>
<br clear="all">
<div><br>
</div>
<span class="x_gmail_signature_prefix">-- </span><br>
<div dir="ltr" class="x_gmail_signature">
<div dir="ltr"><a href="https://hihello.me/p/cda689b1-0378-4b9c-88cf-33a9bc8ef0c5" rel="noopener" target="_blank" style="display:inline-block"><img alt="This is Alexandre Babeanu's card. Their email is alex@3edges.com. Their phone number is +1 604 728 8130." width="360" style="display:inline-block; min-height:100px" src="https://cdn.hihello.me/cards/cda689b1-0378-4b9c-88cf-33a9bc8ef0c5/signature_logo.png?generated=1653502150176"></a><br>
</div>
</div>
<br>
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments hereto, is for the sole use of the intended recipient(s) and may contain confidential and/or proprietary information.<br>
-- <br>
Openid-specs-authzen mailing list<br>
<a href="mailto:Openid-specs-authzen@lists.openid.net" target="_blank">Openid-specs-authzen@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-specs-authzen" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-authzen</a><br>
</div>
</blockquote>
</div>
<br>
</div>
</div>
-- <br>
Openid-specs-authzen mailing list<br>
<a href="mailto:Openid-specs-authzen@lists.openid.net" target="_blank">Openid-specs-authzen@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-specs-authzen" rel="noreferrer" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-authzen</a><br>
</blockquote>
</div>
-- <br>
Openid-specs-authzen mailing list<br>
<a href="mailto:Openid-specs-authzen@lists.openid.net" target="_blank">Openid-specs-authzen@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-specs-authzen" rel="noreferrer" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-authzen</a><br>
</blockquote>
</div>
<br clear="all">
<div><br>
</div>
<span class="x_gmail_signature_prefix">-- </span><br>
<div dir="ltr" class="x_gmail_signature">
<div dir="ltr"><a href="https://hihello.me/p/cda689b1-0378-4b9c-88cf-33a9bc8ef0c5" rel="noopener" target="_blank" style="display:inline-block"><img alt="This is Alexandre Babeanu's card. Their email is alex@3edges.com. Their phone number is +1 604 728 8130." width="360" style="display:inline-block; min-height:100px" src="https://cdn.hihello.me/cards/cda689b1-0378-4b9c-88cf-33a9bc8ef0c5/signature_logo.png?generated=1653502150176"></a><br>
</div>
</div>
</blockquote>
</div>
<br clear="all">
<div><br>
</div>
<span class="x_gmail_signature_prefix">-- </span><br>
<div dir="ltr" class="x_gmail_signature">
<div dir="ltr"><a href="https://hihello.me/p/cda689b1-0378-4b9c-88cf-33a9bc8ef0c5" rel="noopener" target="_blank" style="display:inline-block"><img alt="This is Alexandre Babeanu's card. Their email is alex@3edges.com. Their phone number is +1 604 728 8130." width="360" style="display:inline-block; min-height:100px" src="https://cdn.hihello.me/cards/cda689b1-0378-4b9c-88cf-33a9bc8ef0c5/signature_logo.png?generated=1653502150176"></a><br>
</div>
</div>
<br>
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments hereto, is for the sole use of the intended recipient(s) and may contain confidential and/or proprietary information.<br>
</div>
</body>
</html>