<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">It’s true that the presence or absence of a sensitivity related scope could inadvertently leak information about the resource being protected — but not if we handle the semantics carefully. To wit: An RS registering a sensitivity scope does not say “I have information marked by this”, it says “I have the capability of filtering out information marked by this”. Thus any RS with such filtering capability SHOULD use that scope and apply it to all resources across all users. Thus a client asking for a sensitivity scope and *not* getting it does not indicate to the client that there is information there being masked — it indicates that the resource server will be applying a filter to data which may or may not be there. <div class=""><br class=""></div><div class="">This remains true for both OAuth and UMA. </div><div class=""><br class=""></div><div class="">And to reiterate what several have already said: it’s firmly out of scope for HEART whether the RS can tag data or not, or how it does so if it does. What we *do* have a position on is what the RS does when it has such a capability — namely, how it tells the AS and client that it can do this thing. </div><div class=""><br class=""></div><div class=""> — Justin<br class=""><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Mar 26, 2017, at 8:47 PM, Nancy Lush <<a href="mailto:nlush@lgisoftware.com" class="">nlush@lgisoftware.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="WordSection1" style="page: WordSection1; font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;"><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span style="font-family: Calibri, sans-serif;" class="">Hello all,<o:p class=""></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span style="font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span style="font-family: Calibri, sans-serif;" class="">Several points:<o:p class=""></o:p></span></div><ul type="disc" style="margin-bottom: 0in;" class=""><li class="MsoNormal" style="margin: 0in 0in 8pt; font-size: 12pt; font-family: 'Times New Roman', serif; line-height: 16.799999237060547px;"><span style="font-size: 11pt; line-height: 15.399999618530273px; font-family: Calibri, sans-serif;" class="">Defining a coding scheme is out of scope for HEART. Others are doing (have done) good work in this area and will continue to vet. <span class="Apple-converted-space"> </span></span><o:p class=""></o:p></li><li class="MsoNormal" style="margin: 0in 0in 8pt; font-size: 12pt; font-family: 'Times New Roman', serif; line-height: 16.799999237060547px;"><span style="font-size: 11pt; line-height: 15.399999618530273px; font-family: Calibri, sans-serif;" class="">Final solutions will be a combination of policy and consents. This too is outside of the scope of HEART.</span><o:p class=""></o:p></li><li class="MsoNormal" style="margin: 0in 0in 8pt; font-size: 12pt; font-family: 'Times New Roman', serif; line-height: 16.799999237060547px;"><span style="font-size: 11pt; line-height: 15.399999618530273px; font-family: Calibri, sans-serif;" class="">Having a service to do labeling is a good idea and would help interoperability, but out of scope for HEART.</span><o:p class=""></o:p></li><li class="MsoNormal" style="margin: 0in 0in 8pt; font-size: 12pt; font-family: 'Times New Roman', serif; line-height: 16.799999237060547px;"><span style="font-size: 11pt; line-height: 15.399999618530273px; font-family: Calibri, sans-serif;" class="">From what I can see, organizations are working on addressing many of these issues. We just need to give them enough in our profile to allow them to do their good work.</span><o:p class=""></o:p></li></ul><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span style="font-family: Calibri, sans-serif;" class="">I don’t know if we have yet thoroughly defined how we will register resources around sensitive data yet. We have said that the RS will define the resources it has available for the patient, Alice. But I hope the RS will not be telling the AS what sensitive data it has about Alice. Instead the RS can tell the AS what sensitive data it supports. The AS can then make those options available to all patients that have data on that RS. Alice might deny sharing mental health data even if that does not apply to her at the time she is creating her consent.<o:p class=""></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span style="font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span style="font-family: Calibri, sans-serif;" class="">The objective is to provide systems that will enable the patient to have control over the sharing of their data at a finer level than they do now. HEART can only provide the profiles to support this. There will be many use cases that will need to be addressed in future solutions.<o:p class=""></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span style="font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span style="font-family: Calibri, sans-serif;" class="">-Nancy<o:p class=""></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span style="font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></span></div><div class=""><div style="border-style: solid none none; border-top-color: rgb(225, 225, 225); border-top-width: 1pt; padding: 3pt 0in 0in;" class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><b class=""><span style="font-size: 11pt; font-family: Calibri, sans-serif;" class="">From:</span></b><span style="font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span class="Apple-converted-space"> </span>Openid-specs-heart [<a href="mailto:openid-specs-heart-bounces@lists.openid.net" class="">mailto:openid-specs-heart-bounces@lists.openid.net</a>]<span class="Apple-converted-space"> </span><b class="">On Behalf Of<span class="Apple-converted-space"> </span></b>Aaron Seib, NATE<br class=""><b class="">Sent:</b><span class="Apple-converted-space"> </span>Sunday, March 26, 2017 8:59 PM<br class=""><b class="">To:</b><span class="Apple-converted-space"> </span>'Eve Maler' <<a href="mailto:eve.maler@forgerock.com" class="">eve.maler@forgerock.com</a>>; 'Debbie Bucci' <<a href="mailto:debbucci@gmail.com" class="">debbucci@gmail.com</a>><br class=""><b class="">Cc:</b><span class="Apple-converted-space"> </span>'HEART List' <<a href="mailto:openid-specs-heart@lists.openid.net" class="">openid-specs-heart@lists.openid.net</a>><br class=""><b class="">Subject:</b><span class="Apple-converted-space"> </span>Re: [Openid-specs-heart] HEART profiling for sensitive data<o:p class=""></o:p></span></div></div></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class="">Eve, you say<span class="Apple-converted-space"> </span><o:p class=""></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class=""><o:p class=""> </o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">“the RS can mark the resources during registration, but Alice still gets to control access based on the markings if she feels like it.”<o:p class=""></o:p></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class=""><o:p class=""> </o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class="">I am not sure I follow. Can Alice accept the markings and indicate she disagrees in certain cases and over-ride the recommendation at a granular level.<o:p class=""></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class=""><o:p class=""> </o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class="">More importantly – to me – if there is something that Alice feels is sensitive but the RS didn’t tag it as sensitive does Alice have a way of saying I am sensitive about this diagnosis – or in the case of historically stigmatized diagnosis and treatments – I am no longer sensitive about this and for me I want you to share this even if the reulatory paradigm says you shouldn’t?<o:p class=""></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class=""><o:p class=""> </o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class="">Aaron Seib, CEO<o:p class=""></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class="">@CaptBlueButton<span class="Apple-converted-space"> </span><o:p class=""></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class=""> (o) 301-540-2311<o:p class=""></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class="">(m) 301-326-6843<o:p class=""></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><a href="x-msg://42/nate-trust.org" style="color: purple; text-decoration: underline;" class=""><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); text-decoration: none;" class=""><span id="cid:image001.jpg@01D2A678.25750CC0"><image001.jpg></span></span></a><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class=""><o:p class=""></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class=""><o:p class=""> </o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><b class=""><span style="font-size: 10pt; font-family: Tahoma, sans-serif;" class="">From:</span></b><span style="font-size: 10pt; font-family: Tahoma, sans-serif;" class=""><span class="Apple-converted-space"> </span>Openid-specs-heart [<a href="mailto:openid-specs-heart-bounces@lists.openid.net" style="color: purple; text-decoration: underline;" class="">mailto:openid-specs-heart-bounces@lists.openid.net</a>]<span class="Apple-converted-space"> </span><b class="">On Behalf Of<span class="Apple-converted-space"> </span></b>Eve Maler<br class=""><b class="">Sent:</b><span class="Apple-converted-space"> </span>Sunday, March 26, 2017 8:26 PM<br class=""><b class="">To:</b><span class="Apple-converted-space"> </span>Debbie Bucci<br class=""><b class="">Cc:</b><span class="Apple-converted-space"> </span>HEART List<br class=""><b class="">Subject:</b><span class="Apple-converted-space"> </span>Re: [Openid-specs-heart] HEART profiling for sensitive data<o:p class=""></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><o:p class=""> </o:p></div><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">I actually think we're coming close to a happy medium (or something) with what Nancy is proposing, with the sentiment that others are expressing in the thread, and with candidate text that's appearing in our spec drafts now.<o:p class=""></o:p></div><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><o:p class=""> </o:p></div></div><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">Let us assume for a moment that tags (applied by an RS) that obscure what information is "behind" them (such as "this is highly sensitive" without revealing the categories considered sensitive, or "PSY" without spelling out "Psychiatry Related") could receive UX assistance. The cool thing about the ability for a resource owner to control sharing is that such scopes are just<span class="Apple-converted-space"> </span><i class="">made available</i><span class="Apple-converted-space"> </span>for Alice's use over at the AS. There's a separation of concerns; the RS can mark the resources during registration, but Alice still gets to control access based on the markings if she feels like it.<o:p class=""></o:p></div><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><o:p class=""> </o:p></div></div><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">And note that we've made a bit of progress since Nancy and I first discussed the topic and put together the initial proposal wording, which flagged potential technical issues. Justin was able to translate our WG discussions into some text, which I recommend we look at specifically to see if we want to change it. I, for one, think it's technically viable.<o:p class=""></o:p></div></div><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><o:p class=""> </o:p></div></div><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><b class="">First:</b><span class="Apple-converted-space"> </span>OAuth+FHIR Sec 3 and Sec 4:<span class="Apple-converted-space"> </span><a href="http://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?modeAsFormat=html/ascii&url=https://bitbucket.org/openid/heart/raw/master/openid-heart-fhir-oauth2.xml#rfc.section.3" style="color: purple; text-decoration: underline;" class="">http://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?modeAsFormat=html/ascii&url=https://bitbucket.org/openid/heart/raw/master/openid-heart-fhir-oauth2.xml#rfc.section.3</a><o:p class=""></o:p></div></div><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><o:p class=""> </o:p></div></div><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">Specifically, see the listings of<span class="Apple-converted-space"> </span><span style="font-family: 'Courier New';" class="">conf/N</span><span class="Apple-converted-space"> </span>and so on, and also "Additional confidentiality and sensitivity scopes can be defined by [[ IANA or other registry process ]]."<o:p class=""></o:p></div></div></div><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><o:p class=""> </o:p></div></div><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">This section defines five<span class="Apple-converted-space"> </span><b class="">specific</b> OAuth scopes (with a sixth in the next section), and an<span class="Apple-converted-space"> </span><b class="">extension</b><span class="Apple-converted-space"> </span>mechanism by which any additional set of scopes can be used from an external specification. (The mechanism is to be determined...) Does it look like this would work for OAuth?<o:p class=""></o:p></div></div><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><o:p class=""> </o:p></div></div><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><b class="">Second:</b><span class="Apple-converted-space"> </span>UMA+FHIR Sec 2.2: <a href="http://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?modeAsFormat=html/ascii&url=https://bitbucket.org/openid/heart/raw/master/openid-heart-fhir-uma.xml#rfc.section.2.2" style="color: purple; text-decoration: underline;" class="">http://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?modeAsFormat=html/ascii&url=https://bitbucket.org/openid/heart/raw/master/openid-heart-fhir-uma.xml#rfc.section.2.2</a><o:p class=""></o:p></div></div><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><o:p class=""> </o:p></div></div><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">Specifically, this language: "Additionally, the resource MAY use any of the scopes defined in [HEART.OAuth2.FHIR] regarding confidentiality, sensitivity, or emergency (break the glass)."<o:p class=""></o:p></div></div><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><o:p class=""> </o:p></div></div><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">This section enables usage of scopes in UMA of any of the cross-cutting OAuth scopes defined in (or through) Sections 3 and 4 in the OAuth+FHIR spec. Does it look like this would work for UMA?<o:p class=""></o:p></div></div></div><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><br clear="all" class=""><o:p class=""></o:p></div><div class=""><div class=""><div class=""><div class=""><div class=""><div class=""><div class=""><div class=""><div class=""><div class=""><div class=""><div class=""><div class=""><div class=""><div class=""><div class=""><div class=""><div class=""><div class=""><div class=""><div class=""><div class=""><b class="">Eve Maler<br class=""></b>ForgeRock Office of the CTO | VP Innovation & Emerging Technology<br class="">Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl<o:p class=""></o:p></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><o:p class=""> </o:p></div><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">On Sun, Mar 26, 2017 at 5:02 PM, Debbie Bucci <<a href="mailto:debbucci@gmail.com" target="_blank" style="color: purple; text-decoration: underline;" class="">debbucci@gmail.com</a>> wrote:<o:p class=""></o:p></div><div class=""><div class=""><div class=""><div class=""><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">We are trying to finish up the final semantic profile.<o:p class=""></o:p></div></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">HEART profiles does not deal with UI issues<o:p class=""></o:p></div></div><p class="MsoNormal" style="margin: 0in 0in 12pt; font-size: 12pt; font-family: 'Times New Roman', serif;">Nor would it define how to technical information is tagged. <span class="Apple-converted-space"> </span><o:p class=""></o:p></p></div><p class="MsoNormal" style="margin: 0in 0in 12pt; font-size: 12pt; font-family: 'Times New Roman', serif;">That said, if a resource server is able to tag information - perhaps the AS should be aware.<span class="Apple-converted-space"> </span><o:p class=""></o:p></p></div><div class=""><p class="MsoNormal" style="margin: 0in 0in 12pt; font-size: 12pt; font-family: 'Times New Roman', serif;">I thought John originally suggested we should start focus on the confidentiality code as a start - and I think that is what Nancy is suggesting - with a bit more context.<o:p class=""></o:p></p></div><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">Terminology may not be perfect and cover all use cases but certainly there is a use case or two that we could give examples for. The two that Nancy suggest - seem general enough for a good start. Odds are that patient would understand and could express the level of data (confidentiality code) to release.<br class=""><br class="">ETH – Substance Abuse<br class=""><br class="">PSY – Psychiatry Related<span class="Apple-converted-space"> </span><br class=""><br class="">I have to keep reminding myself that This dance would ONLY occur if the RS relayed to the AS it will support it. <span class="Apple-converted-space"> </span><o:p class=""></o:p></div></div><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><o:p class=""> </o:p></div></div><div class=""><div class=""><blockquote style="border-style: none none none solid; border-left-color: rgb(204, 204, 204); border-left-width: 1pt; padding: 0in 0in 0in 6pt; margin: 5pt 0in 5pt 4.8pt;" class="" type="cite"><div class=""><div class=""><div class=""><div class=""><blockquote style="border-style: none none none solid; border-left-color: rgb(204, 204, 204); border-left-width: 1pt; padding: 0in 0in 0in 6pt; margin: 5pt 0in 5pt 4.8pt;" class="" type="cite"><div class=""><div class=""><div class=""><div class=""><div class=""><div class=""><div class=""><div class=""><table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse: collapse;"><tbody class=""><tr style="height: 1pt;" class=""><td width="342" colspan="2" valign="top" style="width: 256.7pt; padding: 0in 5.75pt; height: 1pt;" class=""></td></tr><tr style="height: 1pt;" class=""><td width="139" valign="top" style="width: 1.45in; padding: 0in 5.75pt; height: 1pt;" class=""></td><td width="203" valign="top" style="width: 152.3pt; padding: 0in 5.75pt; height: 1pt;" class=""></td></tr><tr style="height: 1pt;" class=""><td width="139" valign="top" style="width: 1.45in; padding: 0in 5.75pt; height: 1pt;" class=""></td><td width="203" valign="top" style="width: 152.3pt; padding: 0in 5.75pt; height: 1pt;" class=""></td></tr><tr style="height: 1pt;" class=""><td width="139" valign="top" style="width: 1.45in; padding: 0in 5.75pt; height: 1pt;" class=""></td><td width="203" valign="top" style="width: 152.3pt; padding: 0in 5.75pt; height: 1pt;" class=""></td></tr><tr style="height: 1pt;" class=""><td width="139" valign="top" style="width: 1.45in; padding: 0in 5.75pt; height: 1pt;" class=""></td><td width="203" valign="top" style="width: 152.3pt; padding: 0in 5.75pt; height: 1pt;" class=""></td></tr><tr class=""><td width="139" valign="top" style="width: 1.45in; padding: 0in 5.75pt;" class=""></td><td width="203" valign="top" style="width: 152.3pt; padding: 0in 5.75pt;" class=""></td></tr><tr class=""><td width="342" colspan="2" valign="top" style="width: 256.7pt; padding: 0in 5.75pt;" class=""></td></tr><tr class=""><td width="139" valign="top" style="width: 1.45in; padding: 0in 5.75pt;" class=""></td><td width="203" valign="top" style="width: 152.3pt; padding: 0in 5.75pt;" class=""></td></tr><tr class=""><td width="139" valign="top" style="width: 1.45in; padding: 0in 5.75pt;" class=""></td><td width="203" valign="top" style="width: 152.3pt; padding: 0in 5.75pt;" class=""></td></tr><tr class=""><td width="139" valign="top" style="width: 1.45in; padding: 0in 5.75pt;" class=""></td><td width="203" valign="top" style="width: 152.3pt; padding: 0in 5.75pt;" class=""></td></tr><tr class=""><td width="139" valign="top" style="width: 1.45in; padding: 0in 5.75pt;" class=""></td><td width="203" valign="top" style="width: 152.3pt; padding: 0in 5.75pt;" class=""></td></tr><tr class=""><td width="139" valign="top" style="width: 1.45in; padding: 0in 5.75pt;" class=""></td><td width="203" valign="top" style="width: 152.3pt; padding: 0in 5.75pt;" class=""></td></tr><tr class=""><td width="139" valign="top" style="width: 1.45in; padding: 0in 5.75pt;" class=""></td><td width="203" valign="top" style="width: 152.3pt; padding: 0in 5.75pt;" class=""></td></tr><tr class=""><td width="139" valign="top" style="width: 1.45in; padding: 0in 5.75pt;" class=""></td><td width="203" valign="top" style="width: 152.3pt; padding: 0in 5.75pt;" class=""></td></tr><tr class=""><td width="139" valign="top" style="width: 1.45in; padding: 0in 5.75pt;" class=""></td><td width="203" valign="top" style="width: 152.3pt; padding: 0in 5.75pt;" class=""></td></tr><tr class=""><td width="139" valign="top" style="width: 1.45in; padding: 0in 5.75pt;" class=""></td><td width="203" valign="top" style="width: 152.3pt; padding: 0in 5.75pt;" class=""></td></tr><tr class=""><td width="139" valign="top" style="width: 1.45in; padding: 0in 5.75pt;" class=""></td><td width="203" valign="top" style="width: 152.3pt; padding: 0in 5.75pt;" class=""></td></tr><tr class=""><td width="342" colspan="2" valign="bottom" style="width: 256.7pt; padding: 0in 5.75pt;" class=""></td></tr></tbody></table></div></div></div></div></div></div></div></div></blockquote></div></div></div></div></blockquote></div></div></div><p class="MsoNormal" style="margin: 0in 0in 12pt; font-size: 12pt; font-family: 'Times New Roman', serif;"><br class="">_______________________________________________<br class="">Openid-specs-heart mailing list<br class=""><a href="mailto:Openid-specs-heart@lists.openid.net" style="color: purple; text-decoration: underline;" class="">Openid-specs-heart@lists.openid.net</a><br class=""><a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" target="_blank" style="color: purple; text-decoration: underline;" class="">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><o:p class=""></o:p></p></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><o:p class=""> </o:p></div></div></div><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">_______________________________________________</span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">Openid-specs-heart mailing list</span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class=""><a href="mailto:Openid-specs-heart@lists.openid.net" class="">Openid-specs-heart@lists.openid.net</a></span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class=""><a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" class="">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a></span></div></blockquote></div><br class=""></div></div></body></html>