<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.PrformatHTMLCar
{mso-style-name:"Préformaté HTML Car";
mso-style-priority:99;
mso-style-link:"Préformaté HTML";
font-family:Consolas;}
p.PrformatHTML, li.PrformatHTML, div.PrformatHTML
{mso-style-name:"Préformaté HTML";
mso-style-priority:99;
mso-style-link:"Préformaté HTML Car";
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.TextedebullesCar
{mso-style-name:"Texte de bulles Car";
mso-style-priority:99;
mso-style-link:"Texte de bulles";
font-family:"Tahoma","sans-serif";}
p.Textedebulles, li.Textedebulles, div.Textedebulles
{mso-style-name:"Texte de bulles";
mso-style-priority:99;
mso-style-link:"Texte de bulles Car";
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
p.HTMLVorformatiert, li.HTMLVorformatiert, div.HTMLVorformatiert
{mso-style-name:"HTML Vorformatiert";
mso-style-link:"HTML Vorformatiert Zchn";
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.HTMLVorformatiertZchn
{mso-style-name:"HTML Vorformatiert Zchn";
mso-style-priority:99;
mso-style-link:"HTML Vorformatiert";
font-family:Consolas;}
p.Sprechblasentext, li.Sprechblasentext, div.Sprechblasentext
{mso-style-name:Sprechblasentext;
mso-style-link:"Sprechblasentext Zchn";
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.SprechblasentextZchn
{mso-style-name:"Sprechblasentext Zchn";
mso-style-priority:99;
mso-style-link:Sprechblasentext;
font-family:"Tahoma","sans-serif";}
span.EmailStyle31
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle32
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle33
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle34
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:70.85pt 70.85pt 56.7pt 70.85pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1134104017;
mso-list-type:hybrid;
mso-list-template-ids:-196694814 67567633 67567641 67567643 67567631 67567641 67567643 67567631 67567641 67567643;}
@list l0:level1
{mso-level-text:"%1\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level4
{mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level7
{mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1
{mso-list-id:1642806202;
mso-list-type:hybrid;
mso-list-template-ids:-696376092 75022232 67567619 67567621 67567617 67567619 67567621 67567617 67567619 67567621;}
@list l1:level1
{mso-level-start-at:2;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Calibri","sans-serif";
mso-fareast-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";}
@list l1:level2
{mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level3
{mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level4
{mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level5
{mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level6
{mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level7
{mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level8
{mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level9
{mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Torsten,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Yes, I’ll update the draft based on today’s discussion and agreement.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">BR,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Bjorn<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Openid-specs-mobile-profile [mailto:openid-specs-mobile-profile-bounces@lists.openid.net]
<b>On Behalf Of </b>Lodderstedt, Torsten<br>
<b>Sent:</b> Wednesday, April 22, 2015 8:45 AM<br>
<b>To:</b> openid-specs-mobile-profile@lists.openid.net<br>
<b>Subject:</b> Re: [Openid-specs-mobile-profile] Client credential lifecycle mgmt for Native Apps<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span lang="DE" style="color:#1F497D">Hi all,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="DE" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">we had an intensive discussion in the call and came to the following consensus:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Our working assumption is option 2.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">The software statement is issued during development time whereas the client obtains the actual client_id/client_secret (for a particular MNO) at runtime using dynamic client registration (typically when it is
about to interact with a particular MNO for the first time).<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">In worst case, this approach could result in scalability problems of the OP if it has to manage billions of client credentials. We will therefore add implementation guidelines to the spec, which describe or refer
to ways to implement client credential management in a stateless way (e.g. use software statement as client id or encode client data within the client_id/secret).<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">@Bjorn: Please add this to the draft. Thanks.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">We also discussed the option to use software statements “by reference”. In this case, the client would just refer to its statement via an URL and the registration endpoint would obtain the statement from the
issuers directly. This has two advantages:<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l1 level1 lfo2"><![if !supportLists]><span style="color:#1F497D"><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="color:#1F497D">The statement can be changed to reflect changes regarding the configuration/authorization of the client (w/o the need to rollout a new client version)<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l1 level1 lfo2"><![if !supportLists]><span style="color:#1F497D"><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="color:#1F497D">The payload of registration requests is smaller<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">On the other hand, impact on availability requirements and security need to be investigated.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Best regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Torsten.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span lang="DE" style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">Von:</span></b><span lang="DE" style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
<a href="mailto:philippe.clement@orange.com">philippe.clement@orange.com</a> [<a href="mailto:philippe.clement@orange.com">mailto:philippe.clement@orange.com</a>]
<br>
<b>Gesendet:</b> Dienstag, 14. April 2015 18:37<br>
<b>An:</b> Torsten Lodderstedt; GONZALO FERNANDEZ RODRIGUEZ; Lodderstedt, Torsten;
<a href="mailto:openid-specs-mobile-profile@lists.openid.net">openid-specs-mobile-profile@lists.openid.net</a><br>
<b>Betreff:</b> RE: [Openid-specs-mobile-profile] Client credential lifecycle mgmt for Native Apps<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="DE"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="FR" style="color:#1F497D">Dear all,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">I’m pretty in line with option 2.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">However, I must admit that having to manage hundreds of thousands of application credentials (multiplied by the number of partners) could be a disadvantage for some OP, and not for other OP.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Do we have really to choose between the 2 options? or said in another way, can we imagine that some OP could provide option 1, and others option 2 ? More than this, we can imagine that some OP would provide the
2 options, according the business and partner context. In any case, option 2 reinforces security and I like it.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">My 2 cts<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Kind regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Philippe<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span lang="FR" style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">De :</span></b><span lang="FR" style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Openid-specs-mobile-profile [<a href="mailto:openid-specs-mobile-profile-bounces@lists.openid.net">mailto:openid-specs-mobile-profile-bounces@lists.openid.net</a>]
<b>De la part de</b> Torsten Lodderstedt<br>
<b>Envoyé :</b> lundi 13 avril 2015 11:30<br>
<b>À :</b> GONZALO FERNANDEZ RODRIGUEZ; Lodderstedt, Torsten; <a href="mailto:openid-specs-mobile-profile@lists.openid.net">
openid-specs-mobile-profile@lists.openid.net</a><br>
<b>Objet :</b> Re: [Openid-specs-mobile-profile] Client credential lifecycle mgmt for Native Apps<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="FR"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="FR" style="font-size:10.5pt;color:black">Hi Gonzalo,
<br>
<br>
interesting comment. So far I assumed the service provider would need to sign Terms of Service for every MNO and the MNOs the SP had signed up for would be carried in the software statement.
<br>
<br>
Mapping this to your use case would mean to issue and roll out a new software statement - so no benefit with respect to this use case.<br>
<br>
Best regards, <br>
Torsten. <o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="FR" style="font-size:10.5pt;color:black">Am 13. April 2015 11:03:03 MESZ, schrieb GONZALO FERNANDEZ RODRIGUEZ <<a href="mailto:gonzalo.fernandezrodriguez@telefonica.com">gonzalo.fernandezrodriguez@telefonica.com</a>>:<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="FR" style="font-size:10.5pt;color:black">Hi guys,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="FR" style="font-size:10.5pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="FR" style="font-size:10.5pt;color:black">I don't have a clear preference on which is the best option, however I see another "pro" in the second one, I think it offers a smooth integration in case of a new operator is on boarded
in Mobile Connect because is transparent for the Service Providers. If a user that belongs to the new operator is going to be authenticated, once the operator is discovered, the Service Provider would only have to send a registration request without needing
to be aware if the operator is new or not in Mobile Connect. I don't know how could manage this scenario using the first approach.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="FR" style="font-size:10.5pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="FR" style="font-size:10.5pt;color:black">Best,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="FR" style="font-size:10.5pt;color:black">Gonza.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="FR" style="font-size:10.5pt;color:black"><o:p> </o:p></span></p>
</div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span lang="FR" style="color:black">De: </span></b><span lang="FR" style="color:black"><Lodderstedt>, Torsten <<a href="mailto:t.lodderstedt@telekom.de">t.lodderstedt@telekom.de</a>><br>
<b>Fecha: </b>viernes 10 de abril de 2015 18:39<br>
<b>Para: </b>"<a href="mailto:openid-specs-mobile-profile@lists.openid.net">openid-specs-mobile-profile@lists.openid.net</a>" <<a href="mailto:openid-specs-mobile-profile@lists.openid.net">openid-specs-mobile-profile@lists.openid.net</a>><br>
<b>Asunto: </b>[Openid-specs-mobile-profile] Client credential lifecycle mgmt for Native Apps<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="FR" style="font-size:10.5pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<div>
<p class="MsoNormal"><span lang="DE" style="color:black">Hi all,<o:p></o:p></span></p>
<p><span lang="DE" style="font-size:10.5pt;font-family:"Calibri","sans-serif";color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">during the working session at IIW it became apparent that we don’t have a consent on the way client credentials are managed for native apps in the context of the mobile profile. As this an important design consideration,
which will drive not only the registration spec but also considerations with respect to signature algorithms and so on, I would like to come to a consensus on that topic soon.<o:p></o:p></span></p>
<p><span style="font-size:10.5pt;font-family:"Calibri","sans-serif";color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">There are basically two options:<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo4"><![if !supportLists]><span style="color:black"><span style="mso-list:Ignore">1)<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="color:black">All instances of a native app (== the software package) share the same identity. This typically means, the app is registered as a so-called public client with the AS/OP and only gets issued a client_id.
In the context of the mobile profile, I would assume the developer registers with a developer portal and gets issued distinct client_ids per MNO (a pair of issuer and client_id). At runtime, the app can decide based on the outcome of the discovery process
which client_id to use for the respective MNO.<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo4"><![if !supportLists]><span style="color:black"><span style="mso-list:Ignore">2)<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="color:black">Every instance of a native app on a device is registered with the MNO. This would typically happen when the user uses the login with a certain MNO on this device for the first time. So the app first would
discover the MNO and determine whether it already is in possession of client credentials for this particular MNO (based on its Issuer). If not, it would send a registration request to the MNO.<o:p></o:p></span></p>
<p><span style="font-size:10.5pt;font-family:"Calibri","sans-serif";color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">I see the following pros and cons:<o:p></o:p></span></p>
<p><span style="font-size:10.5pt;font-family:"Calibri","sans-serif";color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">Option (1) is established practice (except the fact an app managing several client ids for different OPs). So developers know how to work that way. Software statements could be used to automate the way client ids
are obtain in the deployment process. But there are other ways as well.<o:p></o:p></span></p>
<p><span style="font-size:10.5pt;font-family:"Calibri","sans-serif";color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">Option (2) is a new approach. It has the advantage to provide every instance with a distinct credential, which allows to recognize and authenticate this instance later on. It could be used to prevent authz code
theft on the device, something we already have SPOP for (<a href="http://tools.ietf.org/html/draft-ietf-oauth-spop-10">http://tools.ietf.org/html/draft-ietf-oauth-spop-10</a> - sorry John, forgot the new acronym). Do you see other advantages? On the other
hand, this option would require the OP to implement credential management for potentially a lot of client instances. This will be a challenge with respect to state management on the OP’s side.<o:p></o:p></span></p>
<p><span style="font-size:10.5pt;font-family:"Calibri","sans-serif";color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">Please comment on this topic.<o:p></o:p></span></p>
<p><span style="font-size:10.5pt;font-family:"Calibri","sans-serif";color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">Thanks in Advance,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">Torsten.<o:p></o:p></span></p>
<p><span style="font-size:10.5pt;font-family:"Calibri","sans-serif";color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="DE" style="color:black">DEUTSCHE TELEKOM AG<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="DE" style="color:black">Products & Innovation<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="DE" style="color:black">Dr.-Ing. </span><span style="color:black">Torsten Lodderstedt<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">Head of Development<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">Customer Platforms<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="DE" style="color:black">T-Online Allee 1, 64295 Darmstadt<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="DE" style="color:black">+49 6151 680 7038 (Tel.)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="IT" style="color:black">E-Mail: </span><span lang="DE" style="color:black"><a href="mailto:t.lodderstedt@telekom.de"><span lang="IT">t.lodderstedt@telekom.de</span></a></span><span lang="IT" style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="DE" style="color:black"><a href="http://www.telekom.com">www.telekom.com</a> <o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="DE" style="color:black">ERLEBEN, WAS VERBINDET. <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="DE" style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black">Die gesetzlichen Pflichtangaben finden Sie unter:
<br>
<a href="http://www.telekom.com/pflichtangaben">www.telekom.com/pflichtangaben</a></span><span lang="DE" style="color:black"><o:p></o:p></span></p>
<p><span lang="DE" style="font-size:10.5pt;font-family:"Calibri","sans-serif";color:black"> <o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="FR" style="font-size:10.5pt;color:black"><o:p> </o:p></span></p>
<div class="MsoNormal" align="center" style="text-align:center"><span lang="FR" style="font-size:10.5pt;color:black">
<hr size="2" width="100%" align="center">
</span></div>
<p class="MsoNormal"><span lang="FR" style="font-size:7.5pt;font-family:"Arial","sans-serif";color:gray"><br>
Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la
lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.<br>
<br>
The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.<br>
<br>
Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a
leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição</span><span lang="FR" style="font-size:10.5pt;color:black"><o:p></o:p></span></p>
<pre style="text-align:center"><span lang="FR" style="color:black"><hr size="2" width="100%" align="center"></span></pre>
<pre><span lang="FR" style="color:black"><br>Openid-specs-mobile-profile mailing list<br><a href="mailto:Openid-specs-mobile-profile@lists.openid.net">Openid-specs-mobile-profile@lists.openid.net</a><br><a href="http://lists.openid.net/mailman/listinfo/openid-specs-mobile-profile">http://lists.openid.net/mailman/listinfo/openid-specs-mobile-profile</a><o:p></o:p></span></pre>
</div>
<pre><span lang="FR">_________________________________________________________________________________________________________________________<o:p></o:p></span></pre>
<pre><span lang="FR"><o:p> </o:p></span></pre>
<pre><span lang="FR">Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc<o:p></o:p></span></pre>
<pre><span lang="FR">pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler<o:p></o:p></span></pre>
<pre><span lang="FR">a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,<o:p></o:p></span></pre>
<pre><span lang="FR">Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.<o:p></o:p></span></pre>
<pre><span lang="FR"><o:p> </o:p></span></pre>
<pre><span lang="FR">This message and its attachments may contain confidential or privileged information that may be protected by law;<o:p></o:p></span></pre>
<pre><span lang="FR">they should not be distributed, used or copied without authorisation.<o:p></o:p></span></pre>
<pre><span lang="FR">If you have received this email in error, please notify the sender and delete this message and its attachments.<o:p></o:p></span></pre>
<pre><span lang="FR">As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.<o:p></o:p></span></pre>
<pre><span lang="FR">Thank you.<o:p></o:p></span></pre>
</div>
</body>
</html>