<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

<meta name="Generator" content="Microsoft Word 15 (filtered medium)">

<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}

o\:* {behavior:url(#default#VML);}

w\:* {behavior:url(#default#VML);}

.shape {behavior:url(#default#VML);}

</style><![endif]--><style><!--

/* Font Definitions */

@font-face

        {font-family:"Cambria Math";

        panose-1:2 4 5 3 5 4 6 3 2 4;}

@font-face

        {font-family:Aptos;

        panose-1:2 11 0 4 2 2 2 2 2 4;}

/* Style Definitions */

p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0cm;

        font-size:10.0pt;

        font-family:"Aptos",sans-serif;}

h2

        {mso-style-priority:9;

        mso-style-link:"Heading 2 Char";

        mso-margin-top-alt:auto;

        margin-right:0cm;

        mso-margin-bottom-alt:auto;

        margin-left:0cm;

        font-size:18.0pt;

        font-family:"Aptos",sans-serif;

        font-weight:bold;}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:blue;

        text-decoration:underline;}

code

        {mso-style-priority:99;

        font-family:"Courier New";}

pre

        {mso-style-priority:99;

        mso-style-link:"HTML Preformatted Char";

        margin:0cm;

        font-size:10.0pt;

        font-family:"Courier New";}

span.Heading2Char

        {mso-style-name:"Heading 2 Char";

        mso-style-priority:9;

        mso-style-link:"Heading 2";

        font-family:"Aptos Display",serif;

        color:#0F4761;}

span.EmailStyle21

        {mso-style-type:personal-reply;

        font-family:"Aptos",sans-serif;

        color:windowtext;}

span.HTMLPreformattedChar

        {mso-style-name:"HTML Preformatted Char";

        mso-style-priority:99;

        mso-style-link:"HTML Preformatted";

        font-family:"Courier New";}

.MsoChpDefault

        {mso-style-type:export-only;

        font-size:10.0pt;

        mso-ligatures:none;}

@page WordSection1

        {size:612.0pt 792.0pt;

        margin:72.0pt 72.0pt 72.0pt 72.0pt;}

div.WordSection1

        {page:WordSection1;}

--></style><!--[if gte mso 9]><xml>

<o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

<o:shapelayout v:ext="edit">

<o:idmap v:ext="edit" data="1" />

</o:shapelayout></xml><![endif]-->

</head>

<body lang="en-DE" link="blue" vlink="purple" style="word-wrap:break-word">

<div class="WordSection1">

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">Hi George,<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">Thanks for the proposal.<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">Sure, RAR could be used and somebody actually proposed that during yesterday's Identitymanagement and Consent meeting.<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><a href="https://github.com/camaraproject/IdentityAndConsentManagement/">https://github.com/camaraproject/IdentityAndConsentManagement/</a><o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">RAR is quite new (May 2023) and telcos and aggregators are not really there when it comes to implementing more than bare OIDC or Oauth2.

<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">Most have not even heard of RAR, I think.<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">RAR  is quite generic and Camara would need to define all the details.

<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">When using moving "purpose" to RAR we are hiding the problem one level lower, right?<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">## Here is a simple Camara API:

<a href="https://github.com/camaraproject/SimSwap/blob/main/code/API_definitions/sim_swap.yaml">

https://github.com/camaraproject/SimSwap/blob/main/code/API_definitions/sim_swap.yaml</a><o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">How about following request object? "action" is always "read" in this API, so no need to specify that. "Permissions" IDK. Scope in the yaml is similar to path, so no need for that.<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">Request an access token for one socpe/path/location:<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">[<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">  {<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">    "type":

<a href="https://schemes.camaraproject.org/simswap">https://schemes.camaraproject.org/simswap</a>,<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">    "purpose": "dpv:FraudPreventionAndDetection#check-sim-swap",<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">    "locations": [<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">     

<a href="https://server.example.net/sim-swap/v0/check">https://server.example.net/sim-swap/v0/check</a><o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">    ]<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">  }<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">]<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">Request an access token for two:<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">[<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">  {<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">    "type":

<a href="https://schemes.camaraproject.org/simswap">https://schemes.camaraproject.org/simswap</a>,<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">    "purpose": "dpv:FraudPreventionAndDetection#check-sim-swap",<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">    "locations": [<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">     

<a href="https://server.example.net/sim-swap/v0/check">https://server.example.net/sim-swap/v0/check</a><o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">    ]<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">  },<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">  {<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">    "type":

<a href="https://schemes.camaraproject.org/simswap">https://schemes.camaraproject.org/simswap</a>,<o:p></o:p></span></p>

<pre><span style="font-size:11.0pt;mso-fareast-language:EN-US">    "purpose": "</span>dpv:FraudPreventionAndDetection#retrieve-sim-swap-date<span style="font-size:11.0pt;mso-fareast-language:EN-US">",</span><o:p></o:p></pre>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">    "locations": [<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">     

<a href="https://server.example.net/sim-swap/v0/retrieve-date">https://server.example.net/sim-swap/v0/retrieve-date</a><o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">    ]<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">  }<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">]<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">Request an access token for two but different purpose:<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">[<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">  {<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">    "type":

<a href="https://schemes.camaraproject.org/simswap">https://schemes.camaraproject.org/simswap</a>,<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">    "purpose": "dpv:LegitimateInterest#check-sim-swap",<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">    "locations": [<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">     

<a href="https://server.example.net/sim-swap/v0/check">https://server.example.net/sim-swap/v0/check</a><o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">    ]<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">  },<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">  {<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">    "type":

<a href="https://schemes.camaraproject.org/simswap">https://schemes.camaraproject.org/simswap</a>,<o:p></o:p></span></p>

<pre><span style="font-size:11.0pt;mso-fareast-language:EN-US">    "purpose": "</span>dpv:FraudPreventionAndDetection#retrieve-sim-swap-date<span style="font-size:11.0pt;mso-fareast-language:EN-US">",</span><o:p></o:p></pre>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">    "locations": [<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">     

<a href="https://server.example.net/sim-swap/v0/retrieve-date">https://server.example.net/sim-swap/v0/retrieve-date</a><o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">    ]<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">  }<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";mso-fareast-language:EN-US">]<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">In general, how to specify an request for any Camara API from its openapi.yaml:<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">"type" is "<a href="https://schemes.camaraproject.org/">https://schemes.camaraproject.org/</a><path-prefix> e.g. "sim-swap/v0" or without the "version"<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">"purpose" is something defined something TBD<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">"locations" is the server/api-root + path<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">This might work, right?<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>

<div id="mail-editor-reference-message-container">

<div>

<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">

<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span style="font-size:12.0pt;color:black">From:

</span></b><span style="font-size:12.0pt;color:black">George Fletcher <george.fletcher@capitalone.com><br>

<b>Date: </b>Wednesday, 24. April 2024 at 20:28<br>

<b>To: </b>OpenID eKYC Identity Assurance Working Group <openid-specs-ekyc-ida@lists.openid.net><br>

<b>Cc: </b>blhjelm@gmail.com <blhjelm@gmail.com>, dima@postnikov.net <dima@postnikov.net>, torsten@lodderstedt.net <torsten@lodderstedt.net>, Nennker, Axel <Axel.Nennker@telekom.de>, Padgaonkar, Shilpa <Shilpa.Padgaonkar@telekom.de><br>

<b>Subject: </b>Re: [External Sender] Re: [OpenID-Specs-eKYC-IDA] Move transaction specific purpose out of the main specification<o:p></o:p></span></p>

</div>

<div>

<div>

<p class="MsoNormal"><span style="font-size:12.0pt">I think this could be as simple as defining the RAR request object as...<o:p></o:p></span></p>

<div>

<p class="MsoNormal"><span style="font-size:12.0pt"><o:p> </o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:12.0pt">[<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:12.0pt"> {<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:12.0pt">   "type": "transaction_purpose",<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:12.0pt">   "dpv": "<dpvValue>"<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:12.0pt"> }<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:12.0pt">]<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:12.0pt"><o:p> </o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:12.0pt">Thanks,<br>

George<o:p></o:p></span></p>

</div>

</div>

<p class="MsoNormal"><span style="font-size:12.0pt"><o:p> </o:p></span></p>

<div>

<div>

<p class="MsoNormal"><span style="font-size:12.0pt">On Wed, Apr 24, 2024 at 2:25</span><span style="font-size:12.0pt;font-family:"Arial",sans-serif"> </span><span style="font-size:12.0pt">PM George Fletcher <<a href="mailto:george.fletcher@capitalone.com">george.fletcher@capitalone.com</a>>

 wrote:<o:p></o:p></span></p>

</div>

<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">

<div>

<div>

<p class="MsoNormal"><span style="font-size:12.0pt">Is there a reason that <a href="https://datatracker.ietf.org/doc/html/rfc9396" target="_blank">

RFC 9396</a> can not be used for this purpose (pun intended)? This is exactly why RAR was created to allow for this additional detail to be provided. There is provision to return additional "RAR" data in the response. I'm sure this was already discussed so

 if you can point me to that thread I would really appreciate it.<o:p></o:p></span></p>

<div>

<p class="MsoNormal"><span style="font-size:12.0pt"><o:p> </o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:12.0pt">Thanks,<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:12.0pt">George<o:p></o:p></span></p>

</div>

</div>

<p class="MsoNormal"><span style="font-size:12.0pt"><o:p> </o:p></span></p>

<div>

<div>

<p class="MsoNormal"><span style="font-size:12.0pt">On Wed, Apr 24, 2024 at 2:20</span><span style="font-size:12.0pt;font-family:"Arial",sans-serif"> </span><span style="font-size:12.0pt">PM Axel.Nennker--- via Openid-specs-ekyc-ida <<a href="mailto:openid-specs-ekyc-ida@lists.openid.net" target="_blank">openid-specs-ekyc-ida@lists.openid.net</a>>

 wrote:<o:p></o:p></span></p>

</div>

<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">

<div>

<div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt">Bjorn,</span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt"> </span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt">In today's ICM meeting the purpose-parameter proposal died.</span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt">We are back to encoding-purpose-in-scope.</span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt"> </span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt">I proposed some new text, that I think is better than the previous 0.1 text on encoding-purpose-in-scope.</span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt"> </span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt">My understanding of the IETF process is that new drafts are send to the mailing list asking the WG to add them as a work item.</span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt">Yes, I also remember that messages-for-transactions or purpose-for-transactions was tried before.</span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt">I remember that the last time this was discussed

<a href="mailto:torsten@lodderstedt.net" target="_blank"><span style="text-decoration:none">@Torsten Lodderstedt</span></a> said that "transactions" are not well enough understood.</span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt">But that was years ago and maybe now we find a the next small step forward that helps.</span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt"> </span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt">Let's see what Dima says</span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt"> </span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt">Kind regards</span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt">Axel</span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt"> </span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt"> </span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<div id="m_-3915160659640403374m_-5319366273820782834mail-editor-reference-message-container">

<div>

<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">

<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:12.0pt"><b><span style="font-size:12.0pt;color:black">From:

</span></b><span style="font-size:12.0pt;color:black">Bjorn Hjelm <<a href="mailto:blhjelm@gmail.com" target="_blank">blhjelm@gmail.com</a>><br>

<b>Date: </b>Wednesday, 24. April 2024 at 18:20<br>

<b>To: </b>Nennker, Axel <<a href="mailto:Axel.Nennker@telekom.de" target="_blank">Axel.Nennker@telekom.de</a>>,

<a href="mailto:dima@postnikov.net" target="_blank">dima@postnikov.net</a> <<a href="mailto:dima@postnikov.net" target="_blank">dima@postnikov.net</a>><br>

<b>Cc: </b>Padgaonkar, Shilpa <<a href="mailto:Shilpa.Padgaonkar@telekom.de" target="_blank">Shilpa.Padgaonkar@telekom.de</a>>, OpenID eKYC Identity Assurance Working Group <<a href="mailto:openid-specs-ekyc-ida@lists.openid.net" target="_blank">openid-specs-ekyc-ida@lists.openid.net</a>>,

 Bjorn Hjelm <<a href="mailto:bjorn.hjelm@oidf.org" target="_blank">bjorn.hjelm@oidf.org</a>><br>

<b>Subject: </b>Re: [OpenID-Specs-eKYC-IDA] Move transaction specific purpose out of the main specification</span><span style="font-size:12.0pt"><o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:12.0pt">Axel,<o:p></o:p></span></p>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:12.0pt">As noted, Dima has created a draft intended for IETF on purpose based on the discussions in the eKYC-IDA working group. Until introduced, we don't

 know the feedback from the IETF community on this proposal but it's my understanding that this isn't the first time this topic has been discussed within IETF. There's also a similar discussion about purpose taking place in the DPC working group worth noting

 that may impact the approach of a technical specification. <o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:12.0pt"> <o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:12.0pt">As Dima is traveling, I believe he'll add some additional details and insight to this e-mail thread.<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:12.0pt"> <o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:12.0pt">Finally, I would highly encourage CAMARA to take issue to the OpenID Foundation when it relates to parameter usage (as mentioned about tweaking purpose

 into scopes) to ensure that the OpenID Connect specifications and profiles are utilized in accordance to its purpose and that the Foundation has offered up the wealth of knowledge that exists within the Foundation to assist CAMARA.<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:12.0pt"> <o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:12.0pt">Kind Regards,<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:12.0pt">Bjorn<o:p></o:p></span></p>

</div>

</div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:12.0pt"> <o:p></o:p></span></p>

<div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:12.0pt">On Mon, Apr 22, 2024 at 3:35</span><span style="font-size:12.0pt;font-family:"Arial",sans-serif"> </span><span style="font-size:12.0pt">AM Axel.Nennker---

 via Openid-specs-ekyc-ida <<a href="mailto:openid-specs-ekyc-ida@lists.openid.net" target="_blank">openid-specs-ekyc-ida@lists.openid.net</a>> wrote:<o:p></o:p></span></p>

</div>

<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">

<div>

<div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt">Hi,</span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt"> </span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt">in

<a href="https://urldefense.com/v3/__https:/github.com/camaraproject/IdentityAndConsentManagement/__;!!FrPt2g6CO4Wadw!IwQ7eGC6nAUfNRqZ3Vs7XTYq-vkHNtj5Q0IHE7chNKN0yPQQZHLFlDM4Bvn1SfM1bXHRj-jDnJBuUbn1b45lnaOidliy6orgXkjAsZDU$" target="_blank">

Camara</a> there is agreement that we need something like the purpose parameter that was removed from ekyc-ida with this issue.</span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="DE" style="font-size:11.0pt"><a href="https://urldefense.com/v3/__https:/bitbucket.org/openid/ekyc-ida/issues/1386/move-transaction-specific-purpose-out-of__;!!FrPt2g6CO4Wadw!IwQ7eGC6nAUfNRqZ3Vs7XTYq-vkHNtj5Q0IHE7chNKN0yPQQZHLFlDM4Bvn1SfM1bXHRj-jDnJBuUbn1b45lnaOidliy6orgXiaLHS0T$" target="_blank"><span lang="EN-US">https://bitbucket.org/openid/ekyc-ida/issues/1386/move-transaction-specific-purpose-out-of</span></a></span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="DE" style="font-size:11.0pt"> </span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt">We referenced the section from the ekyc-ida spec on the purpose parameter and wanted to use it.</span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt"><a href="https://urldefense.com/v3/__https:/github.com/AxelNennker/IdentityAndConsentManagement/blob/camara_oidc_profile/documentation/CAMARA-Security-Interoperability.md*purpose__;Iw!!FrPt2g6CO4Wadw!IwQ7eGC6nAUfNRqZ3Vs7XTYq-vkHNtj5Q0IHE7chNKN0yPQQZHLFlDM4Bvn1SfM1bXHRj-jDnJBuUbn1b45lnaOidliy6orgXoIajKpK$" target="_blank">https://github.com/AxelNennker/IdentityAndConsentManagement/blob/camara_oidc_profile/documentation/CAMARA-Security-Interoperability.md#purpose</a></span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt"> </span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<h2>Purpose<o:p></o:p></h2>

<p>A transaction specific request parameter purpose as specified in <a href="https://urldefense.com/v3/__https:/openid.net/specs/openid-connect-4-identity-assurance-1_0.html*name-transaction-specific-purpos__;Iw!!FrPt2g6CO4Wadw!IwQ7eGC6nAUfNRqZ3Vs7XTYq-vkHNtj5Q0IHE7chNKN0yPQQZHLFlDM4Bvn1SfM1bXHRj-jDnJBuUbn1b45lnaOidliy6orgXtMqmcCP$" target="_blank">

openid-connect-4-identity-assurance-1_0-13</a> MUST be used to allow a SP to state the purpose for the transfer of End-User data it is asking for. The purpose string MUST use below format for interoperability<o:p></o:p></p>

<p><code><span style="font-size:10.0pt">dpv:<dpvValue></span></code><o:p></o:p></p>

<p><code><span style="font-size:10.0pt"><dpvValue></span></code> is coming from <a href="https://urldefense.com/v3/__https:/w3c.github.io/dpv/dpv/*vocab-purpose__;Iw!!FrPt2g6CO4Wadw!IwQ7eGC6nAUfNRqZ3Vs7XTYq-vkHNtj5Q0IHE7chNKN0yPQQZHLFlDM4Bvn1SfM1bXHRj-jDnJBuUbn1b45lnaOidliy6orgXj6-RYjK$" target="_blank">

W3C DPV purpose definition</a><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt">Then, later,  we discovered that ekyc-ida removed that parameter definition from the ekyc-ida protocol, bummer.</span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt"> </span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt">We found that

<a href="mailto:dima@postnikov.net" target="_blank"><span style="text-decoration:none">@dima@postnikov.net</span></a> started writing a new Internet Draft for "purpose" in Oauth2.</span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt"><a href="https://urldefense.com/v3/__https:/cdn.connectid.com.au/specifications/oauth2-purpose-01.html*name-transaction-specific-purpos__;Iw!!FrPt2g6CO4Wadw!IwQ7eGC6nAUfNRqZ3Vs7XTYq-vkHNtj5Q0IHE7chNKN0yPQQZHLFlDM4Bvn1SfM1bXHRj-jDnJBuUbn1b45lnaOidliy6orgXrSelMk-$" target="_blank">https://cdn.connectid.com.au/specifications/oauth2-purpose-01.html#name-transaction-specific-purpos</a></span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt"> </span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt">Deutsche Telekom would support that draft. Other Camara member as well, probably.</span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt">We, DT, are willing to contribute to the new draft.</span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt"> </span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt">In Camara we envisioned that the value of the purpose parameter is ONE from the W3C DPV purpose definition.</span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt">We think that the value should not be a string provided by the client but from a fixed list an that the AZ then shows the end user a text that matches

 the user's and the AZ/RP's legislation/jurisdiction for that purpose.</span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt"> </span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt">An end user might give their consent to a location-service for the purpose of account takeover protection but not for some other purpose.</span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt">A mobile banking app might ask for consent for a location-service, that helps the user find the nearest ATM, but the user does give their consent

 for this convenience function.</span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt">A mobile banking app might ask for consent for a location-service, that validates that the user's mobile phone is in the vincinity of the ATM the

 user is withdrawing money from – and the end user is willing to get that protection.</span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt">Or the client might have a

<a href="https://urldefense.com/v3/__https:/w3c.github.io/dpv/dpv/*LegitimateInterest__;Iw!!FrPt2g6CO4Wadw!IwQ7eGC6nAUfNRqZ3Vs7XTYq-vkHNtj5Q0IHE7chNKN0yPQQZHLFlDM4Bvn1SfM1bXHRj-jDnJBuUbn1b45lnaOidliy6orgXv-OIqBq$" target="_blank">

legitimate-interest</a> in using some API like location-service or sim-swap.</span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt"> </span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt">The removed ekyc-ida purpose parameter sounds like the CIBA binding_message parameter.</span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt"><a href="https://urldefense.com/v3/__https:/openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html*auth_request__;Iw!!FrPt2g6CO4Wadw!IwQ7eGC6nAUfNRqZ3Vs7XTYq-vkHNtj5Q0IHE7chNKN0yPQQZHLFlDM4Bvn1SfM1bXHRj-jDnJBuUbn1b45lnaOidliy6orgXpU9xw3r$" target="_blank">https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html#auth_request</a></span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt"> </span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt">Camara also discussed tweaking purpose into scopes, but that did not turn out well. Mainly, I think, because technical scopes have very little relationship

 with legislation/jurisdiction.</span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt"> </span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt">Could you please provide some context on why ekyc-ida removed the purpose parameter?</span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt">And, is there initial feedback from IETF Oauth2 WG on the new draft?</span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt"> </span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt">Kind regards</span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt">Axel</span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt"> </span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt"> </span><span style="font-size:12.0pt"><o:p></o:p></span></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt"> </span><span style="font-size:12.0pt"><o:p></o:p></span></p>

</div>

</div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:12.0pt">--

<br>

Openid-specs-ekyc-ida mailing list<br>

<a href="mailto:Openid-specs-ekyc-ida@lists.openid.net" target="_blank">Openid-specs-ekyc-ida@lists.openid.net</a><br>

<a href="https://urldefense.com/v3/__https:/lists.openid.net/mailman/listinfo/openid-specs-ekyc-ida__;!!FrPt2g6CO4Wadw!IwQ7eGC6nAUfNRqZ3Vs7XTYq-vkHNtj5Q0IHE7chNKN0yPQQZHLFlDM4Bvn1SfM1bXHRj-jDnJBuUbn1b45lnaOidliy6orgXuvTgGcl$" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-ekyc-ida</a><o:p></o:p></span></p>

</div>

</blockquote>

</div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:12.0pt"><br clear="all">

<o:p></o:p></span></p>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:12.0pt"> <o:p></o:p></span></p>

</div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:12.0pt">--

<o:p></o:p></span></p>

<div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:12.0pt">Kind Regards,<o:p></o:p></span></p>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:12.0pt">Bjorn<o:p></o:p></span></p>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

<p class="MsoNormal"><span style="font-size:12.0pt">-- <br>

Openid-specs-ekyc-ida mailing list<br>

<a href="mailto:Openid-specs-ekyc-ida@lists.openid.net" target="_blank">Openid-specs-ekyc-ida@lists.openid.net</a><br>

<a href="https://urldefense.com/v3/__https:/lists.openid.net/mailman/listinfo/openid-specs-ekyc-ida__;!!FrPt2g6CO4Wadw!IwQ7eGC6nAUfNRqZ3Vs7XTYq-vkHNtj5Q0IHE7chNKN0yPQQZHLFlDM4Bvn1SfM1bXHRj-jDnJBuUbn1b45lnaOidliy6orgXuvTgGcl$" target="_blank">https://urldefense.com/v3/__https://lists.openid.net/mailman/listinfo/openid-specs-ekyc-ida__;!!FrPt2g6CO4Wadw!IwQ7eGC6nAUfNRqZ3Vs7XTYq-vkHNtj5Q0IHE7chNKN0yPQQZHLFlDM4Bvn1SfM1bXHRj-jDnJBuUbn1b45lnaOidliy6orgXuvTgGcl$</a>

<o:p></o:p></span></p>

</div>

</blockquote>

</div>

</div>

</blockquote>

</div>

</div>

<div class="MsoNormal" align="center" style="text-align:center"><span style="font-size:12.0pt">

<hr size="0" width="100%" align="center">

</span></div>

<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%">

<tbody>

<tr>

<td style="padding:0cm 0cm 0cm 0cm">

<p class="MsoNormal"><span style="font-size:12.0pt"><o:p> </o:p></span></p>

<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:12.0pt"><br>

<span style="color:#404040">The information contained in this e-mail may be confidential and/or proprietary to Capital One and/or its affiliates and may only be used solely in performance of work or services for Capital One. The information transmitted herewith

 is intended only for use by the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying or other use of, or taking

 of any action in reliance upon this information is strictly prohibited. If you have received this communication in error, please contact the sender and delete the material from your computer.</span><o:p></o:p></span></p>

</td>

</tr>

</tbody>

</table>

<p class="MsoNormal"><span style="font-size:12.0pt"><o:p> </o:p></span></p>

</div>

</div>

</div>

</body>

</html>