<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Aptos;}
@font-face
{font-family:"Amazon Ember Heavy";
panose-1:2 11 8 3 2 2 4 2 2 4;}
@font-face
{font-family:"Amazon Ember Light";
panose-1:2 11 4 3 2 2 4 2 2 4;}
@font-face
{font-family:"Wingdings 2";
panose-1:5 2 1 2 1 5 7 7 7 7;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:12.0pt;
font-family:"Aptos",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
font-size:12.0pt;
font-family:"Aptos",sans-serif;}
span.EmailStyle22
{mso-style-type:personal-compose;
font-family:"Aptos",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:69817709;
mso-list-type:hybrid;
mso-list-template-ids:423385574 -1802048874 202113027 202113029 202113025 202113027 202113029 202113025 202113027 202113029;}
@list l0:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Aptos",sans-serif;
mso-fareast-font-family:Aptos;
mso-bidi-font-family:"Times New Roman";}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:1322659006;
mso-list-type:hybrid;
mso-list-template-ids:2032931188 -1802048874 202113027 202113029 202113025 202113027 202113029 202113025 202113027 202113029;}
@list l1:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:18.0pt;
text-indent:-18.0pt;
font-family:"Aptos",sans-serif;
mso-fareast-font-family:Aptos;
mso-bidi-font-family:"Times New Roman";}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:54.0pt;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:90.0pt;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:126.0pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:162.0pt;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:198.0pt;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:234.0pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:270.0pt;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:306.0pt;
text-indent:-18.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="FR-CA" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">Thanks for the notes. Sorry again, I could not meet due to plane cancellation and rebooking.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">Here are some offline comments for Scenario 1/ issuance:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<ul style="margin-top:0cm" type="disc">
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo1"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">I understand that AuthZEN does not want to define PDP implementation but I think a light data model on the AuthZEN
representation of the relation between a user, a client, a scope, and a claim would be useful to understand the best structure for the request.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo1"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">Issuance of a full token set or a specific sub set of the token set can be dependent of multiple factors including
but not limited to:<o:p></o:p></span></li><ul style="margin-top:0cm" type="circle">
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level2 lfo1"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">OAuth2 Grant flow type<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level2 lfo1"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">Usage of dedicated extension (PKCE, DPoP)<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level2 lfo1"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">Type of client credentials used<o:p></o:p></span></li></ul>
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo1"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">In your example<br>
{<o:p></o:p></span></li></ul>
<p class="MsoNormal" style="margin-left:72.0pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> "subject": {<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:72.0pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> "type": "user",<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:72.0pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> "id":
</span><a href="mailto:alice@example.com"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">alice@example.com</span></a><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">,<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:72.0pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> "properties": {<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:72.0pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> "role": "employee"
<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:72.0pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> }<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:72.0pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> },<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:72.0pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> "resource": {<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:72.0pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> "type": "client",<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:72.0pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> "id": "client-id"<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:72.0pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> },<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:72.0pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> "action": {<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:72.0pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> "name": "access"<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:72.0pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> }<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:72.0pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">}<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<ul style="margin-top:0cm" type="disc">
<ul style="margin-top:0cm" type="circle">
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level2 lfo1"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">This would only allow issuance if the question is explicitely about “issuing an access token” which infers that
the PEP needs to do, potentially depending on the situations, up to 3 requests: one for the id token, one for the access token, and one for the refresh token. And to have up to 3 policies per client to match each request.<o:p></o:p></span></li><ul style="margin-top:0cm" type="square">
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level3 lfo1"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">Is that the expected outcome?<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level3 lfo1"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">Would a request in the following form would provide better capabilities?<br>
{<o:p></o:p></span></li></ul>
</ul>
</ul>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> "subject": {<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> "type": "user",<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> "id":
</span><a href="mailto:alice@example.com"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">alice@example.com</span></a><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">,<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> "properties": {<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> "role": "employee"
<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> }<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> },<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> "resource": {<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> "type": "client",<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> "id": "client-id",<br>
"properties": {<br>
"tokenTypes": [ "access", “id”]<br>
}<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> },<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> "action": {<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> "name": "issue"<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> }<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">}<o:p></o:p></span></p>
<ul style="margin-top:0cm" type="disc">
<ul style="margin-top:0cm" type="circle">
<ul style="margin-top:0cm" type="square">
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level3 lfo1"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">Or even matching the claim issuance example?<o:p></o:p></span></li></ul>
</ul>
</ul>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">{<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> "subject": {<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> "type": "user",<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> "id":
<a href="mailto:alice@example.com">alice@example.com</a>,<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> "properties": {<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> "role": "employee"<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> }<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> },<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> "evaluations": [<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> {<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> "resource": {<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> "type": "client",<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> "id": "client-id",<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> "properties": { "tokenType": "access" }<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> },<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> "action": { "name": "issue" }<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> },<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> {<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> "resource": {<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> "type": "client",<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> "id": "client-id",<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> "properties": { "tokenType": "refresh" }<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> },<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> "action": { "name": "issue" }<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> }<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> ]<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:106.2pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">}<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<ul style="margin-top:0cm" type="disc">
<ul style="margin-top:0cm" type="circle">
<ul style="margin-top:0cm" type="square">
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level3 lfo1"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">This would allow to match conditions allowing multiple token types while request might be focused on a specific
one. It also rationalizes <i>action</i> on the specific one required here which is “issue”. This also fits better with the scenario 2/ Token Enrichment (Claim Insertion) where the action is “issue” too.<o:p></o:p></span></li></ul>
</ul>
</ul>
<p class="MsoNormal"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<ul style="margin-top:0cm" type="disc">
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo1"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">For support of:<br>
- OAuth2 Grant flow type<br>
- Usage of dedicated extension (PKCE, DPoP)<br>
- Type of client credentials used<o:p></o:p></span></li><ul style="margin-top:0cm" type="circle">
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level2 lfo1"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">I would suggest either through properties of resource or context, that this profile describe reserved attribute
names to pass the information to the PDP.<o:p></o:p></span></li></ul>
</ul>
<p class="MsoNormal"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">Jeff<br>
<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Amazon Ember Heavy",sans-serif;mso-ligatures:standardcontextual">Jean-François “<span style="color:#E97132">Jeff</span>” Lombardo</span></b><span style="mso-ligatures:standardcontextual"> </span><span style="font-size:10.0pt;font-family:"Amazon Ember Light",sans-serif;mso-ligatures:standardcontextual">|<span style="color:gray">
</span><span style="color:#E97132">Amazon Web Services</span></span><span style="font-size:10.0pt;font-family:"Amazon Ember Light",sans-serif;color:#E97132"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:4.0pt;font-family:"Amazon Ember Light",sans-serif;color:gray;mso-ligatures:standardcontextual"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Amazon Ember Light",sans-serif;color:gray;mso-ligatures:standardcontextual">Architecte Principal de Solutions, Spécialiste de Sécurité<br>
Principal Solution Architect, Security Specialist<br>
Montréal, Canada<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-CA" style="font-size:13.5pt;font-family:"Wingdings 2";mso-ligatures:standardcontextual">(</span><span lang="EN-CA" style="font-size:10.0pt;font-family:"Amazon Ember Light",sans-serif;color:gray;mso-ligatures:standardcontextual">
</span><span style="font-size:10.0pt;font-family:"Amazon Ember Light",sans-serif;color:gray;mso-ligatures:standardcontextual">+1 514 778 5565<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal"><i><span style="font-size:10.0pt;font-family:"Amazon Ember Light",sans-serif;color:gray;mso-ligatures:standardcontextual">Commentaires à propos de notre échange?
</span></i><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Amazon Ember Light",sans-serif;color:gray;mso-ligatures:standardcontextual">Exprimez-vous
</span></i><a href="https://urldefense.com/v3/__https:/feedback.aws.amazon.com/?ea=jeffsec&fn=Jean*20Francois&ln=Lombardo__;JQ!!Pe07N362zA!0k9CkAV8Djpw_8EfIAKrbhP3TQrJr0oMnznlUgBJ3V3NoEk6hihx7dNHnQuejn6SSH2CP8Iow3G-tTzppHeg$"><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Amazon Ember Light",sans-serif;color:#467886;mso-ligatures:standardcontextual">ici</span></i></a><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Amazon Ember Light",sans-serif;color:gray;mso-ligatures:standardcontextual">.<o:p></o:p></span></i></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:4.0pt;font-family:"Amazon Ember Light",sans-serif;color:gray;mso-ligatures:standardcontextual"><o:p> </o:p></span></p>
<p class="MsoNormal"><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Amazon Ember Light",sans-serif;color:gray;mso-ligatures:standardcontextual">Thoughts on our interaction? Provide feedback
</span></i><a href="https://urldefense.com/v3/__https:/feedback.aws.amazon.com/?ea=jeffsec&fn=Jean*20Francois&ln=Lombardo__;JQ!!Pe07N362zA!0k9CkAV8Djpw_8EfIAKrbhP3TQrJr0oMnznlUgBJ3V3NoEk6hihx7dNHnQuejn6SSH2CP8Iow3G-tTzppHeg$"><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Amazon Ember Light",sans-serif;color:#467886;mso-ligatures:standardcontextual">here</span></i></a><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Amazon Ember Light",sans-serif;color:gray;mso-ligatures:standardcontextual">.<o:p></o:p></span></i></p>
</div>
<p class="MsoNormal"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Openid-specs-authzen <openid-specs-authzen-bounces@lists.openid.net>
<b>On Behalf Of </b>gerry gebel via Openid-specs-authzen<br>
<b>Sent:</b> September 5, 2025 9:55 AM<br>
<b>To:</b> AuthZEN Working Group List <openid-specs-authzen@lists.openid.net><br>
<b>Cc:</b> gerry gebel <ggebel@gmail.com><br>
<b>Subject:</b> RE: [EXT] [Openid-specs-authzen] Last-minute change<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
<div>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr style="height:15.25pt">
<td width="1123" valign="top" style="width:842.35pt;border:solid #ED7D31 1.5pt;padding:0cm 5.4pt 0cm 5.4pt;height:15.25pt">
<p><strong><span lang="EN-CA" style="font-size:10.0pt;font-family:"Aptos",sans-serif;color:black;background:#FFFF99">CAUTION</span></strong><span lang="EN-CA" style="font-size:10.0pt;font-family:"Times New Roman",serif;color:black;background:#FFFF99">: This
email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.</span><span lang="EN-CA" style="font-size:10.0pt;font-family:"Times New Roman",serif"><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
<div>
<div>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr style="height:15.25pt">
<td width="1123" valign="top" style="width:842.35pt;border:solid #ED7D31 1.5pt;padding:0cm 5.4pt 0cm 5.4pt;height:15.25pt">
<p><strong><span style="font-size:10.0pt;font-family:"Aptos",sans-serif;color:black;background:#FFFF99">AVERTISSEMENT</span></strong><span style="font-size:10.0pt;font-family:"Times New Roman",serif;color:black;background:#FFFF99">: Ce courrier électronique
provient d’un expéditeur externe. Ne cliquez sur aucun lien et n’ouvrez aucune pièce jointe si vous ne pouvez pas confirmer l’identité de l’expéditeur et si vous n’êtes pas certain que le contenu ne présente aucun risque.</span><span style="font-size:10.0pt;font-family:"Times New Roman",serif"><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal"><span lang="EN-CA">Hi David <o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA">The notes are in this doc (</span><a href="https://hackmd.io/@oidf-wg-authzen/idp-integration"><span lang="EN-CA">https://hackmd.io/@oidf-wg-authzen/idp-integration</span></a><span lang="EN-CA">) - thanks to Alex O!!!<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA">We'd like to have another call to discuss the scenarios before the next weekly meeting and I'll get with you to schedule that. <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA">Meanwhile, everyone - please review and add any pertinent comments.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA">Thanks,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA">Gerry<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
<div>
<div>
<p class="MsoNormal"><span lang="EN-CA">On Fri, Sep 5, 2025 at 5:48</span><span lang="EN-CA" style="font-family:"Arial",sans-serif"> </span><span lang="EN-CA">AM David Brossard via Openid-specs-authzen <</span><a href="mailto:openid-specs-authzen@lists.openid.net"><span lang="EN-CA">openid-specs-authzen@lists.openid.net</span></a><span lang="EN-CA">>
wrote:<o:p></o:p></span></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal"><span lang="EN-CA">Dear all,<br clear="all">
<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA">Unfortunately I have a last-minute change. I will not be able to attend our meeting in 15mns. Gerry, can you take the lead and I will catch up with you after the call?<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA">My apologies for the last minute change.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA">David.<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-CA">-- <br>
Openid-specs-authzen mailing list<br>
</span><a href="mailto:Openid-specs-authzen@lists.openid.net" target="_blank"><span lang="EN-CA">Openid-specs-authzen@lists.openid.net</span></a><span lang="EN-CA"><br>
</span><a href="https://lists.openid.net/mailman/listinfo/openid-specs-authzen" target="_blank"><span lang="EN-CA">https://lists.openid.net/mailman/listinfo/openid-specs-authzen</span></a><span lang="EN-CA"><o:p></o:p></span></p>
</blockquote>
</div>
</div>
</div>
</div>
</body>
</html>