<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Aptos;}
@font-face
{font-family:"Segoe UI";
panose-1:2 11 5 2 4 2 4 2 2 3;}
@font-face
{font-family:"Amazon Ember Heavy";
panose-1:2 11 8 3 2 2 4 2 2 4;}
@font-face
{font-family:"Amazon Ember Light";
panose-1:2 11 4 3 2 2 4 2 2 4;}
@font-face
{font-family:"Wingdings 2";
panose-1:5 2 1 2 1 5 7 7 7 7;}
@font-face
{font-family:"Noto Sans";}
@font-face
{font-family:SpaceGrotesk-Medium;
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:12.0pt;
font-family:"Aptos",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
font-size:12.0pt;
font-family:"Aptos",sans-serif;}
span.gmailsignatureprefix
{mso-style-name:gmail_signature_prefix;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Aptos",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:30768087;
mso-list-type:hybrid;
mso-list-template-ids:-1852780966 1274604646 202113027 202113029 202113025 202113027 202113029 202113025 202113027 202113029;}
@list l0:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Aptos",sans-serif;
mso-fareast-font-family:Aptos;
mso-bidi-font-family:"Times New Roman";}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:770711068;
mso-list-type:hybrid;
mso-list-template-ids:1056372798 540566618 202113027 202113029 202113025 202113027 202113029 202113025 202113027 202113029;}
@list l1:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Aptos",sans-serif;
mso-fareast-font-family:Aptos;
mso-bidi-font-family:"Times New Roman";}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l2
{mso-list-id:1006594480;
mso-list-template-ids:-1301911304;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3
{mso-list-id:1008557499;
mso-list-template-ids:883461792;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4
{mso-list-id:1932353383;
mso-list-template-ids:1420447636;}
@list l4:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5
{mso-list-id:1976444314;
mso-list-template-ids:2064055620;}
@list l5:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="FR-CA" link="blue" vlink="purple" style="word-wrap:break-word;overflow-wrap: break-word;-webkit-nbsp-mode: space;line-break:after-white-space">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">Hi Salim,<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">+1 to the comments made below:<br>
<br>
- this sounds like an identity problem, so an OpenID Connect problem<br>
- the point is you have been sent to the AuthZEN working group of the OpenID Foundation, not the OpenID Connect Working Group of the OpenID Foundation<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">This being said, and my personal opinion leaving the members of the OpenID Connect Working Group to give a formal answer, account linking is something that
<a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation-consolidate-users.html">
we do at AWS in Amazon Cognito</a>. Okta/Auth0 does the <a href="https://help.okta.com/wf/en-us/content/topics/workflows/connector-reference/auth0/actions/linkaccount.htm">
same</a>. But this is outside OpenID Connect.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">What happens is that:<o:p></o:p></span></p>
<ul style="margin-top:0cm" type="disc">
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l1 level1 lfo3"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">The user authenticates with one account for the Client Application<o:p></o:p></span></li></ul>
<ul style="margin-top:0cm" type="disc">
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo6"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">The Client Application offers Account linking capabilities if the user wants to go there<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo6"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">The user can decide to use the capability and the application will use the Access Token it has to call the Account
Linking API<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo6"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">The Account Linking API will authenticate the user through secondary accounts<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo6"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">Any new minted token will bear the linked account information if successful starting from the next issuance<o:p></o:p></span></li></ul>
<p class="MsoNormal"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">From your proposal you want to start the flow of linking at the Authorization request:<o:p></o:p></span></p>
<ul style="margin-top:0cm" type="disc">
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo6"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">The Linking flow as proposed will be initiated by the Client Application… but the client application has no clue:<o:p></o:p></span></li><ul style="margin-top:0cm" type="circle">
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level2 lfo6"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">If there are some account(s) to link as the user is not even authenticated<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level2 lfo6"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">Which account(s) should be linked as there might be some false positive expectations: it is not because there
is a </span><a href="mailto:jdoe@gmail.com"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">jdoe@gmail.com</span></a><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> that this is a account to be linked to
</span><a href="mailto:john.doe@gmail.com"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">john.doe@gmail.com</span></a><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"> while on the contrary
</span><a href="mailto:mustangrider@gmail.com"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">mustangrider@gmail.com</span></a><span style="font-size:11.0pt;mso-fareast-language:EN-US">
<span lang="EN-CA">might be another persona of </span></span><a href="mailto:jdoe@gmail.com"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">jdoe@gmail.com</span></a><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">.
There are also privacy concerns on trying to reconciliate or propose association of accounts while the owner wants to ensure those remain disjointed.<o:p></o:p></span></li></ul>
</ul>
<p class="MsoNormal" style="margin-left:35.4pt"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"><br>
Overall, this sounds like setting linking=true would add a lot of friction to the flow to go through while it is not or no longer necessary.<br>
<br>
<o:p></o:p></span></p>
<ul style="margin-top:0cm" type="disc">
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo6"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">I quite not get the linking period too… while would a linking expire after some time?<o:p></o:p></span></li></ul>
<p class="MsoNormal"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-CA">Overall, while thought experiment and gut feeling are great, OpenID Foundation and IETF work from problems from the field. If you want to pursue those proposal, you need to be able to answer to the broader question on
why this has a better sense to deal with at the OpenID / OAuth layer than at the IdP layer.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-CA">Jeff<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Amazon Ember Heavy",sans-serif;mso-ligatures:standardcontextual">Jean-François “<span style="color:#E97132">Jeff</span>” Lombardo</span></b><span style="mso-ligatures:standardcontextual"> </span><span style="font-size:10.0pt;font-family:"Amazon Ember Light",sans-serif;mso-ligatures:standardcontextual">|<span style="color:gray">
</span><span style="color:#E97132">Amazon Web Services</span></span><span style="font-size:10.0pt;font-family:"Amazon Ember Light",sans-serif;color:#E97132"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:4.0pt;font-family:"Amazon Ember Light",sans-serif;color:gray;mso-ligatures:standardcontextual"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Amazon Ember Light",sans-serif;color:gray;mso-ligatures:standardcontextual">Architecte Principal de Solutions, Spécialiste de Sécurité<br>
Principal Solution Architect, Security Specialist<br>
Montréal, Canada<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-CA" style="font-size:13.5pt;font-family:"Wingdings 2";mso-ligatures:standardcontextual">(</span><span lang="EN-CA" style="font-size:10.0pt;font-family:"Amazon Ember Light",sans-serif;color:gray;mso-ligatures:standardcontextual">
</span><span style="font-size:10.0pt;font-family:"Amazon Ember Light",sans-serif;color:gray;mso-ligatures:standardcontextual">+1 514 778 5565<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal"><i><span style="font-size:10.0pt;font-family:"Amazon Ember Light",sans-serif;color:gray;mso-ligatures:standardcontextual">Commentaires à propos de notre échange?
</span></i><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Amazon Ember Light",sans-serif;color:gray;mso-ligatures:standardcontextual">Exprimez-vous
</span></i><a href="https://urldefense.com/v3/__https:/feedback.aws.amazon.com/?ea=jeffsec&fn=Jean*20Francois&ln=Lombardo__;JQ!!Pe07N362zA!0k9CkAV8Djpw_8EfIAKrbhP3TQrJr0oMnznlUgBJ3V3NoEk6hihx7dNHnQuejn6SSH2CP8Iow3G-tTzppHeg$"><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Amazon Ember Light",sans-serif;color:#467886;mso-ligatures:standardcontextual">ici</span></i></a><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Amazon Ember Light",sans-serif;color:gray;mso-ligatures:standardcontextual">.<o:p></o:p></span></i></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:4.0pt;font-family:"Amazon Ember Light",sans-serif;color:gray;mso-ligatures:standardcontextual"><o:p> </o:p></span></p>
<p class="MsoNormal"><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Amazon Ember Light",sans-serif;color:gray;mso-ligatures:standardcontextual">Thoughts on our interaction? Provide feedback
</span></i><a href="https://urldefense.com/v3/__https:/feedback.aws.amazon.com/?ea=jeffsec&fn=Jean*20Francois&ln=Lombardo__;JQ!!Pe07N362zA!0k9CkAV8Djpw_8EfIAKrbhP3TQrJr0oMnznlUgBJ3V3NoEk6hihx7dNHnQuejn6SSH2CP8Iow3G-tTzppHeg$"><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Amazon Ember Light",sans-serif;color:#467886;mso-ligatures:standardcontextual">here</span></i></a><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Amazon Ember Light",sans-serif;color:gray;mso-ligatures:standardcontextual">.<o:p></o:p></span></i></p>
</div>
<p class="MsoNormal"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Openid-specs-authzen <openid-specs-authzen-bounces@lists.openid.net>
<b>On Behalf Of </b>Eve Maler via Openid-specs-authzen<br>
<b>Sent:</b> September 24, 2025 12:55 PM<br>
<b>To:</b> AuthZEN Working Group List <openid-specs-authzen@lists.openid.net><br>
<b>Cc:</b> Eve Maler <eve@vennfactory.com><br>
<b>Subject:</b> RE: [EXT] [Openid-specs-authzen] OpenID Connect Email Account Linking Extension<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
<div>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr style="height:15.25pt">
<td width="1123" valign="top" style="width:842.35pt;border:solid #ED7D31 1.5pt;padding:0cm 5.4pt 0cm 5.4pt;height:15.25pt">
<p><strong><span lang="EN-CA" style="font-size:10.0pt;font-family:"Aptos",sans-serif;color:black;background:#FFFF99">CAUTION</span></strong><span lang="EN-CA" style="font-size:10.0pt;font-family:"Times New Roman",serif;color:black;background:#FFFF99">: This
email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.</span><span lang="EN-CA" style="font-size:10.0pt;font-family:"Times New Roman",serif"><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
<div>
<div>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr style="height:15.25pt">
<td width="1123" valign="top" style="width:842.35pt;border:solid #ED7D31 1.5pt;padding:0cm 5.4pt 0cm 5.4pt;height:15.25pt">
<p><strong><span style="font-size:10.0pt;font-family:"Aptos",sans-serif;color:black;background:#FFFF99">AVERTISSEMENT</span></strong><span style="font-size:10.0pt;font-family:"Times New Roman",serif;color:black;background:#FFFF99">: Ce courrier électronique
provient d’un expéditeur externe. Ne cliquez sur aucun lien et n’ouvrez aucune pièce jointe si vous ne pouvez pas confirmer l’identité de l’expéditeur et si vous n’êtes pas certain que le contenu ne présente aucun risque.</span><span style="font-size:10.0pt;font-family:"Times New Roman",serif"><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><span lang="EN-CA">I’m probably not helping by responding in this thread, since a proper discussion probably wants to live elsewhere, but here goes…
<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA">Usually either such multi-email associations are made heuristically based on common properties (as noted by Alex — see "identity resolution" systems as used by marketing), or are made deterministically by asking the user
— as a one-time/extraordinary action — to identify and confirm a single related email at a time, through a traditional OAuth/OIDC linkage.<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><img border="0" width="200" height="65" style="width:2.0833in;height:.675in" id="Picture_x0020_1" src="cid:image001.png@01DC2D5B.A93A0CE0"><span lang="EN-CA" style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:black"><br>
<br>
</span><span lang="EN-CA"><o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-CA" style="font-size:9.0pt;font-family:"SpaceGrotesk-Medium",serif;color:#476458">Eve Maler, president and founder</span><span lang="EN-CA" style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA" style="font-size:9.0pt;font-family:"SpaceGrotesk-Medium",serif;color:#476458">Cell and Signal </span><a href="tel:+1-425-345-6756"><span lang="EN-CA" style="font-size:9.0pt;font-family:"SpaceGrotesk-Medium",serif">+1
(425) 345-6756</span></a><span lang="EN-CA" style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:black"><o:p></o:p></span></p>
</div>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA"><br>
<br>
<o:p></o:p></span></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"><span lang="EN-CA">On Sep 24, 2025, at 11:19</span><span lang="EN-CA" style="font-family:"Arial",sans-serif"> </span><span lang="EN-CA">AM, Omri Gazitt via Openid-specs-authzen <openid-specs-authzen@lists.openid.net> wrote:<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
<div>
<div>
<p class="MsoNormal"><span lang="EN-CA">Perhaps the OAuth WG redirected you to the OpenID Connect working group? <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA">This has more to do with authentication than authorization. <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
<div>
<div>
<p class="MsoNormal"><span lang="EN-CA">On Wed, Sep 24, 2025 at 12:59</span><span lang="EN-CA" style="font-family:"Arial",sans-serif"> </span><span lang="EN-CA">AM Salim BOU ARAM via Openid-specs-authzen <</span><a href="mailto:openid-specs-authzen@lists.openid.net"><span lang="EN-CA">openid-specs-authzen@lists.openid.net</span></a><span lang="EN-CA">>
wrote:<o:p></o:p></span></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"><span lang="EN-CA">Hi Alex, <o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA">Thanks for clarifying. There isn’t a particular production use case I’ve seen; this draft is more of a thought experiment. <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA">The idea came from observing how people sometimes end up with multiple accounts from the same IdP and wondering if there might be a standardized way to let them unify access under one primary identity.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA">I appreciate your perspective on whether this kind of functionality would be useful in practice, and I agree that concrete use cases will be important to validate or discard the idea.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA">Best regards,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA">Salim<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
<div>
<div>
<p class="MsoNormal"><span lang="EN-CA">On Wed, 24 Sept 2025, 08:18 Alex Babeanu, <</span><a href="mailto:alex.babeanu@indykite.com" target="_blank"><span lang="EN-CA">alex.babeanu@indykite.com</span></a><span lang="EN-CA">> wrote:<o:p></o:p></span></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"><span lang="EN-CA">Hi Salim, <o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA">- the OAuth WG directed you here? Interesting... I guess the angle would be that the `subject` in an AuthZEN request would be multi-valued... I think we already cover that through "boxcarring" in the AuthZEN spec.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA">- As for: " I could use </span><a href="mailto:example@gmail.com" target="_blank"><span lang="EN-CA">example@gmail.com</span></a><span lang="EN-CA"> as my primary identity and link </span><a href="mailto:example1@gmail.com" target="_blank"><span lang="EN-CA">example1@gmail.com</span></a><span lang="EN-CA"> to
access the same app account." - I got that, and was indeed questioning whether this would actually ever happen in the wild. Did you write this draft based on an actual use-case you've seen? Others may have some input here too...<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA">Cheers,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA">./\.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
<div>
<div>
<p class="MsoNormal"><span lang="EN-CA">On Wed, Sep 24, 2025 at 9:07</span><span lang="EN-CA" style="font-family:"Arial",sans-serif"> </span><span lang="EN-CA">AM Salim BOU ARAM <</span><a href="mailto:bouaram.salim@gmail.com" target="_blank"><span lang="EN-CA">bouaram.salim@gmail.com</span></a><span lang="EN-CA">>
wrote:<o:p></o:p></span></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<div>
<div>
<div>
<p><span lang="EN-CA">Hi Alex,<o:p></o:p></span></p>
<p><span lang="EN-CA">Thank you very much for taking the time to read the draft and share your feedback. <o:p></o:p></span></p>
<p><span lang="EN-CA">The OAuth WG suggested I discuss the draft here.<o:p></o:p></span></p>
<p><span lang="EN-CA">Just to clarify the “1-N secondary accounts” point: the idea is not that users must link multiple N accounts, but that they can choose to link additional accounts to their primary authenticated identity (up to an IdP-defined N limit).
For example, if an app offers “Sign in with Google,” I could use </span><a href="mailto:example@gmail.com" target="_blank"><span lang="EN-CA">example@gmail.com</span></a><span lang="EN-CA"> as my primary identity and link
</span><a href="mailto:example1@gmail.com" target="_blank"><span lang="EN-CA">example1@gmail.com</span></a><span lang="EN-CA"> to access the same app account.<o:p></o:p></span></p>
<p><span lang="EN-CA">This may not have been clear in the draft.<o:p></o:p></span></p>
<p><span lang="EN-CA"> Thanks again for the feedback, and I look forward to more input.<o:p></o:p></span></p>
<p><span lang="EN-CA">Best regards,<o:p></o:p></span></p>
<p><span lang="EN-CA">Salim<o:p></o:p></span></p>
<p><span lang="EN-CA"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-CA"> <o:p></o:p></span></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
<div>
<div>
<p class="MsoNormal"><span lang="EN-CA">On Wed, 24 Sept 2025, 07:54 Alex Babeanu, <</span><a href="mailto:alex.babeanu@indykite.com" target="_blank"><span lang="EN-CA">alex.babeanu@indykite.com</span></a><span lang="EN-CA">> wrote:<o:p></o:p></span></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"><span lang="EN-CA">Hi Salim-Amine, <o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA">Well, I'm not sure the AuthZEN group is the right group for this one, it looks more like an idea for the OAuth WG within IETF... I will let others weigh-in on that point.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA">About the proposal, I think I'm not clear specifically on this: "</span><span lang="EN-CA" style="font-size:10.5pt;font-family:"Noto Sans",sans-serif"> User authenticates 1-N secondary accounts (IdP-defined limit)</span><span lang="EN-CA">"<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA">--> based on experience in the field, users never actually do that. As a user, I know I wouldn't do it myself. I think there's more value for an organization in matching its various accounts based on common properties,
than enabling a sort of "email/Account-SSO": after all, these users register different accounts for a reason: maybe for different types of access or even anonymity...<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA">My humble $0.02...<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA">Regards,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA">./\.<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
<div>
<div>
<p class="MsoNormal"><span lang="EN-CA">On Tue, Sep 23, 2025 at 11:28</span><span lang="EN-CA" style="font-family:"Arial",sans-serif"> </span><span lang="EN-CA">PM Salim BOU ARAM via Openid-specs-authzen <</span><a href="mailto:openid-specs-authzen@lists.openid.net" target="_blank"><span lang="EN-CA">openid-specs-authzen@lists.openid.net</span></a><span lang="EN-CA">>
wrote:<o:p></o:p></span></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"><span lang="EN-CA">Hello, <o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA">I’ve submitted a draft that proposes a way for an RP to let a user link multiple email accounts from the same IdP under a single primary identity. Secondary logins resolve to the primary account, and linkages can expire
or be removed.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA">(</span><a href="https://www.ietf.org/archive/id/draft-bouaram-oidc-email-linking-extension-00.html" target="_blank"><span lang="EN-CA">https://www.ietf.org/archive/id/draft-bouaram-oidc-email-linking-extension-00.html</span></a><span lang="EN-CA">)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA">I’m interested to know if anyone finds this idea useful.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA">This version is an initial draft and could be further enhanced based on community feedback.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA">Best regards,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA">Salim-Amine Bou Aram<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-CA">-- <br>
Openid-specs-authzen mailing list<br>
</span><a href="mailto:Openid-specs-authzen@lists.openid.net" target="_blank"><span lang="EN-CA">Openid-specs-authzen@lists.openid.net</span></a><span lang="EN-CA"><br>
</span><a href="https://lists.openid.net/mailman/listinfo/openid-specs-authzen" target="_blank"><span lang="EN-CA">https://lists.openid.net/mailman/listinfo/openid-specs-authzen</span></a><span lang="EN-CA"><o:p></o:p></span></p>
</blockquote>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA"><br clear="all">
<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span class="gmailsignatureprefix">-- </span><o:p></o:p></p>
<div>
<div>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="600" style="width:450.0pt">
<tbody>
<tr>
<td width="44" valign="top" style="width:33.0pt;padding:0cm 12.0pt 0cm 12.0pt">
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;border:solid windowtext 1.0pt;padding:0cm"><img border="0" width="50" height="96" style="width:.525in;height:1.0in" id="Picture_x0020_2" src="cid:~WRD0000.jpg" alt="Image removed by sender."></span><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif"><o:p></o:p></span></p>
</td>
<td width="16" style="width:12.0pt;border:none;border-left:solid #D4D4D4 1.0pt;padding:24.0pt 0cm 24.0pt 0cm">
</td>
<td valign="top" style="padding:24.0pt 0cm 24.0pt 0cm">
<p class="MsoNormal"><b><span style="font-size:11.5pt;font-family:"Segoe UI",sans-serif"><br>
Alex Babeanu</span></b><span style="font-size:11.5pt;font-family:"Segoe UI",sans-serif"><br>
</span><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif">Lead Product Manager, AI Control Suite</span><span style="font-size:11.5pt;font-family:"Segoe UI",sans-serif"><br>
</span><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:#4C4C4C">t. +1 604 728 8130<br>
e. </span><a href="mailto:alex.babeanu@indykite.com" target="_blank"><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:#1155CC">alex.babeanu@indykite.com</span></a><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:#4C4C4C"> <br>
w. </span><a href="http://www.indykite.com/" target="_blank"><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:#1155CC">www.indykite.com</span></a><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif"><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</blockquote>
</div>
</blockquote>
</div>
<div>
<p class="MsoNormal"><br clear="all">
<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal"><span class="gmailsignatureprefix">-- </span><o:p></o:p></p>
<div>
<div>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="600" style="width:450.0pt">
<tbody>
<tr>
<td width="44" valign="top" style="width:33.0pt;padding:0cm 12.0pt 0cm 12.0pt">
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;border:solid windowtext 1.0pt;padding:0cm"><img border="0" width="50" height="96" style="width:.525in;height:1.0in" id="Picture_x0020_3" src="cid:~WRD0000.jpg" alt="Image removed by sender."></span><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif"><o:p></o:p></span></p>
</td>
<td width="16" style="width:12.0pt;border:none;border-left:solid #D4D4D4 1.0pt;padding:24.0pt 0cm 24.0pt 0cm">
</td>
<td valign="top" style="padding:24.0pt 0cm 24.0pt 0cm">
<p class="MsoNormal"><b><span style="font-size:11.5pt;font-family:"Segoe UI",sans-serif"><br>
Alex Babeanu</span></b><span style="font-size:11.5pt;font-family:"Segoe UI",sans-serif"><br>
</span><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif">Lead Product Manager, AI Control Suite</span><span style="font-size:11.5pt;font-family:"Segoe UI",sans-serif"><br>
</span><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:#4C4C4C">t. +1 604 728 8130<br>
e. </span><a href="mailto:alex.babeanu@indykite.com" target="_blank"><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:#1155CC">alex.babeanu@indykite.com</span></a><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:#4C4C4C"> <br>
w. </span><a href="http://www.indykite.com/" target="_blank"><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:#1155CC">www.indykite.com</span></a><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif"><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal"><span lang="EN-CA">-- <br>
Openid-specs-authzen mailing list<br>
</span><a href="mailto:Openid-specs-authzen@lists.openid.net" target="_blank"><span lang="EN-CA">Openid-specs-authzen@lists.openid.net</span></a><span lang="EN-CA"><br>
</span><a href="https://lists.openid.net/mailman/listinfo/openid-specs-authzen" target="_blank"><span lang="EN-CA">https://lists.openid.net/mailman/listinfo/openid-specs-authzen</span></a><span lang="EN-CA"><o:p></o:p></span></p>
</blockquote>
</div>
</div>
<p class="MsoNormal"><span lang="EN-CA">-- <br>
Openid-specs-authzen mailing list<br>
Openid-specs-authzen@lists.openid.net<br>
https://lists.openid.net/mailman/listinfo/openid-specs-authzen<o:p></o:p></span></p>
</div>
</blockquote>
</div>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</body>
</html>