<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7654.12">
<TITLE>BC Government requirements for OpenID v.Next</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">At IIW in May, we think we heard a call for people to submit their requirements towards</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">the development of the next version of OpenID specifications. This email is intended</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">to contribute some requirements from the B</FONT></SPAN><SPAN LANG="en-ca"><FONT FACE="Calibri">ritish</FONT></SPAN><SPAN LANG="en-ca"> <FONT FACE="Calibri">C</FONT></SPAN><SPAN LANG="en-ca"><FONT FACE="Calibri">olumbia</FONT></SPAN><SPAN LANG="en-ca"><FONT FACE="Calibri"> Government. </FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">At this time, BC Gov goes not specifically promote the use of OpenID like the US ICAM</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">profiles, however we are watching what you’re up to, and will consider the v.Next</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">protocol for our future. We are pleased to see the new and continued efforts to tackle</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">the tough issues surrounding this.</FONT></SPAN><SPAN LANG="en-ca"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">In BC, we have an emphasis on and advocate federated identity approaches that will</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">enable governments to put higher valued services online for our citizens and businesses. </FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">At this time, OpenID 2.0 does not meet those objectives. Check out this recent blog post</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">about BC Gov’s lack of support for OpenID and how our CIO Dave Nikolejsin defended our</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">position, and even Dick Hardt chimed in:</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"></SPAN><A HREF="http://eaves.ca/2010/05/31/canadian-governments-how-to-waste-millions-online-30m-and-counting/"><SPAN LANG="en-ca"><U><FONT COLOR="#0000FF" FACE="Calibri">http://eaves.ca/2010/05/31/canadian-governments-how-to-waste-millions-online-30m-and-counting/</FONT></U></SPAN><SPAN LANG="en-ca"></SPAN></A><SPAN LANG="en-ca"><FONT FACE="Calibri"> </FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">To summarize what I propose below, we need federated approaches meet the</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">requirements of </FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">- </FONT></SPAN><SPAN LANG="en-ca"></SPAN><SPAN LANG="en-ca"></SPAN><SPAN LANG="en-ca"></SPAN><SPAN LANG="en-ca"> <FONT FACE="Calibri">using various identity assurance frameworks (Canada and BC have our own</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">“LOA” frameworks)</FONT></SPAN></P>
</UL></UL>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">- </FONT></SPAN><SPAN LANG="en-ca"> <FONT FACE="Calibri">supporting identity attribute exchange</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">- </FONT> <FONT FACE="Calibri">using multiple parties for authentication and attributes</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"></SPAN><SPAN LANG="en-ca"><FONT FACE="Calibri">Furthermore, we think that these requirements are similar to what other governments need. </FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">We may have different frameworks and policies, different rules about identity attributes,</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">and different technical architectures. It would be great to have a federated approach that</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">is flexible enough for us to use in such an environment.</FONT></SPAN><SPAN LANG="en-ca"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">BC Gov also worked on requirements for an overall identity metasystem, through a forum of</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">identity industry experts back in 2007. This work is published at</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"></SPAN><A HREF="http://www.cio.gov.bc.ca/cio/idim/idm_forum.page"><SPAN LANG="en-ca"><U><FONT COLOR="#0000FF" FACE="Calibri">http://www.cio.gov.bc.ca/cio/idim/idm_forum.page</FONT></U></SPAN><SPAN LANG="en-ca"></SPAN></A><SPAN LANG="en-ca"><FONT FACE="Calibri">. Even though this work presumes an</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">identity agent, many of the requirements are still relevant to a non-identity agent model. </FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><B><FONT FACE="Calibri">Requirements from BC Government towards an improved OpenID protocol</FONT></B></SPAN><SPAN LANG="en-ca"><B></B></SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><B></B></SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">The following are general requirements to satisfy both a federated approach to authentication</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">and the corresponding exchange of identity attributes. It is presumed that such a protocol, in</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">its simplest case, would involve a request from the relying party to an identity provider, and a</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">response from an identity provider to a relying party that satisfies the request. </FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">The following emphasizes the requirements of a protocol that supports a scalable, flexible and</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">extensible model. It describes the use of parameters within the protocol to achieve security</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">and privacy related policies. It does not describe requirements for user experience or</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">passive/active support –</FONT></SPAN><SPAN LANG="en-ca"> <FONT FACE="Calibri">but</FONT></SPAN><SPAN LANG="en-ca"> <FONT FACE="Calibri">yes, we need all of that too.</FONT></SPAN><SPAN LANG="en-ca"><FONT FACE="Calibri"> And yes, I realize that some of these</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">requirements</FONT></SPAN><SPAN LANG="en-ca"><FONT FACE="Calibri"> sound like</FONT></SPAN><SPAN LANG="en-ca"> <FONT FACE="Calibri">“</FONT></SPAN><SPAN LANG="en-ca"><FONT FACE="Calibri">other</FONT></SPAN><SPAN LANG="en-ca"><FONT FACE="Calibri">”</FONT></SPAN><SPAN LANG="en-ca"><FONT FACE="Calibri"> federation protocols.</FONT></SPAN><SPAN LANG="en-ca"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">Requirements for the request:</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">a) </FONT></SPAN><SPAN LANG="en-ca"></SPAN><SPAN LANG="en-ca"></SPAN><SPAN LANG="en-ca"></SPAN><SPAN LANG="en-ca"> <FONT FACE="Calibri">The request must allow the relying party to indicate one or more specific policies related</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">to requirements for authentication methods, levels of identity assurance or other similar</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">security or privacy policies. </FONT></SPAN></P>
</UL></UL>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">b) </FONT></SPAN><SPAN LANG="en-ca"> <FONT FACE="Calibri">The request must allow the relying party to indicate one or more specific attributes, the</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">corresponding attribute values or a range of values that are expected to be sent, and the</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">level of verification and potentially other metadata about the attributes. These may be</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">identity related attributes or other contextual attributes, such as a request for the disclosure</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">of the authentication method that was used by the identity provider.</FONT></SPAN></P>
</UL></UL>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">c) </FONT></SPAN><SPAN LANG="en-ca"> <FONT FACE="Calibri">The request must allow the relying party to indicate the type of token (or allowable types</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">of tokens) that it can accept within the response.</FONT></SPAN></P>
</UL></UL>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">d) </FONT></SPAN><SPAN LANG="en-ca"> <FONT FACE="Calibri">The request must allow the relying party to indicate the security policy to be applied to the</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">response or token in the response, such as whether and how to use encryption or digital</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">signing within the token, or whether and how to send the response over TLS.</FONT></SPAN></P>
</UL></UL>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">e) </FONT></SPAN><SPAN LANG="en-ca"> <FONT FACE="Calibri">The request must allow the relying party to identify itself in a secure manner, to allow the</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">identity provider to optionally verify the relying party before proceeding with the request.</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">Similarly, the request must allow the relying party to not identify itself, to allow the identity</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">provider to act without regard to or disclosure of the relying party.</FONT></SPAN></P>
</UL></UL>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">f) </FONT></SPAN><SPAN LANG="en-ca"> <FONT FACE="Calibri">The request must be able to fully contain all parameters of the request such that the identity</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">provider can act on the request without needing to have an out-of-band configuration about</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">the relying party.</FONT></SPAN></P>
</UL></UL>
<P DIR=LTR><SPAN LANG="en-ca"></SPAN><SPAN LANG="en-ca"><FONT FACE="Calibri">Requirements for the response:</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">g) </FONT></SPAN><SPAN LANG="en-ca"></SPAN><SPAN LANG="en-ca"></SPAN><SPAN LANG="en-ca"></SPAN><SPAN LANG="en-ca"> <FONT FACE="Calibri">The response should conform to the request from the relying party, and contain a restatement</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">of the policies that were applied from the request.</FONT></SPAN></P>
</UL></UL>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">h) </FONT></SPAN><SPAN LANG="en-ca"> <FONT FACE="Calibri">The response must contain one or more tokens that contain the specific attributes requested.</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">i) </FONT> <FONT FACE="Calibri">The response must allow the identity provider to identify itself in a secure manner, to allow the</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">relying party to optionally verify the identity provider before accepting the response.</FONT></SPAN></P>
</UL></UL>
<P DIR=LTR><SPAN LANG="en-ca"></SPAN><SPAN LANG="en-ca"><FONT FACE="Calibri">General requirements:</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">j) </FONT></SPAN><SPAN LANG="en-ca"></SPAN><SPAN LANG="en-ca"></SPAN><SPAN LANG="en-ca"></SPAN><SPAN LANG="en-ca"> <FONT FACE="Calibri">For any of the above request parameters, the parameter should be allowed to be left unspecified,</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">in which case the identity provider can determine what to do; be specified using</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">industry-standardized values, or be specified using custom values so that a relying party and</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">identity provider can create their own extensions.</FONT></SPAN></P>
</UL></UL>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">k) </FONT></SPAN><SPAN LANG="en-ca"> <FONT FACE="Calibri">The request parameters should be specified with a richer language, instead of specifying the</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">specific parameters as a strict set of values, to allow for extensibility and more complexity.</FONT></SPAN></P>
</UL></UL>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">l) </FONT></SPAN><SPAN LANG="en-ca"> <FONT FACE="Calibri">The protocol should facilitate multiple identity providers to be used to satisfy a relying party’s</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">requirements. Two common examples are i) when one identity provider handles the</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">authentication event and another identity provider supplies identity attributes; and</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">ii) when one identity provider handles the authentication event and some identity attributes,</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">and another identity provider supplies additional identity attributes. In these cases, context</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">and attributes need to be passed from one identity provider to another.</FONT></SPAN></P>
</UL></UL>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">m) </FONT></SPAN><SPAN LANG="en-ca"> <FONT FACE="Calibri">The protocol should include an extension for how an identity provider should publish its</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">capabilities (authentication methods and other security policies that it can perform, and which</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">attributes it can supply), so that a relying party can determine whether the identity provider is</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">capable of meeting its requirements.</FONT></SPAN></P>
</UL></UL>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">n) </FONT></SPAN><SPAN LANG="en-ca"> <FONT FACE="Calibri">The protocol should be written such that different industries or communities can write profiles</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<UL DIR=LTR><UL DIR=LTR>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">of it to satisfy their need to write standards that meet their specific requirements for policies</FONT></SPAN><SPAN LANG="en-ca"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><FONT FACE="Calibri">and attribute exchanges.</FONT></SPAN></P>
</UL></UL>
<P DIR=LTR><SPAN LANG="en-ca"></SPAN><SPAN LANG="en-ca"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"><B><I></I></B></SPAN><SPAN LANG="en-ca"><B><I></I></B></SPAN><B><I><SPAN LANG="en-us"></SPAN></I></B><B><I><SPAN LANG="en-us"><FONT COLOR="#365F91" SIZE=2 FACE="Calibri">Patricia Wiebe</FONT></SPAN></I></B><SPAN LANG="en-ca"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT COLOR="#1F497D" FACE="Calibri"><BR>
</FONT></SPAN><SPAN LANG="en-ca"></SPAN><SPAN LANG="en-ca"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT COLOR="#365F91" SIZE=2 FACE="Calibri">Senior Identity Architect, Architecture & Standards Branch</FONT></SPAN><SPAN LANG="en-ca"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT COLOR="#1F497D" FACE="Calibri"><BR>
</FONT></SPAN><SPAN LANG="en-ca"></SPAN><SPAN LANG="en-ca"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT COLOR="#365F91" SIZE=2 FACE="Calibri">Office of the Chief Information Officer, Province of BC</FONT></SPAN><SPAN LANG="en-ca"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT COLOR="#1F497D" FACE="Calibri"><BR>
</FONT></SPAN><SPAN LANG="en-ca"></SPAN><SPAN LANG="en-ca"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT COLOR="#365F91" SIZE=2 FACE="Calibri">Phone: 250.387.6818 Mobile: 250.514.7685</FONT></SPAN><SPAN LANG="en-ca"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT COLOR="#1F497D" FACE="Calibri"><BR>
</FONT></SPAN><SPAN LANG="en-ca"></SPAN><SPAN LANG="en-ca"></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT COLOR="#365F91" SIZE=2 FACE="Calibri">Email: Patricia.Wiebe@gov.bc.ca</FONT></SPAN><SPAN LANG="en-ca"></SPAN><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-ca"></SPAN></P>
</BODY>
</HTML>