<div dir="ltr">HI all, Debbie,<div><br></div><div>I think we might need to remove "push" from the name, I agree with Omri. But to Pieter's point, what's in a name?</div><div><br></div><div>As for the scope... XACML purposely defined:</div><div><ul><li>an architecture (borrowed from older standards - PAP, PEP, PDP are not new in XACML. PIP might be but the concept definitely isn't). It's the same architecture defined in NIST ABAC and Wikipedia (FWIW)</li><li>a policy language</li><li>a request/response "format" i.e. how to create a request and get a response. BUT the actual transportation is unspecified in the "core" specification. OASIS has a notion of profiles where you can tack on additional specs to a core spec. In the case of XACML, 3 later profiles define a transport for XACML requests/responses</li><ul><li><a href="http://docs.oasis-open.org/xacml/xacml-saml-profile/v2.0/xacml-saml-profile-v2.0.html" target="_blank">The XACML SAML Profile Version 2.0</a>: this old profile posited that because there was a SAML-SOAP binding already defined, why not piggy-back on that and use SAML to carry XACML requests and responses back and forth rather than define a SOAP binding of XACML. Not a great idea and seldom seen in the wild.<br></li><li>The <a href="http://docs.oasis-open.org/xacml/xacml-json-http/v1.0/xacml-json-http-v1.0.html" target="_blank">JSON Profile of XACML 3.0 Version 1.0</a><br></li><ul><li>this defines a JSON notation for XACML requests and responses rather than XML to make it more developer-friendly. It's the pre-requisite for the following profile</li></ul><li>The <a href="http://docs.oasis-open.org/xacml/xacml-rest/v1.0/xacml-rest-v1.0.html" target="_blank">REST Profile of XACML v3.0 Version 1.0</a></li><ul><li>this defines a basic way to POST a request and get a response back either in XML XACML (core spec) or in JSON (the aforementioned)</li></ul></ul></ul><div>XACML's core didn't really focus on transport. Most vendors in the early days (think Axiomatics, Nexlabs, Oracle, Bitkoo) all used some kind of SOAP that was 99% the same (after all you were just wrapping a standard XACML request in a SOAP message. Other than the method name, what else would be different?)</div></div><div><br></div><div>What might be interesting is understanding the other ways of querying for an authorization decision. All I've written so far is what I'd call a binary request/response e.g.:</div><div><ul><li>Can Alice do X?</li><li>Yes she can.</li></ul><div>But what about open-ended requests? For instance "What can Alice do?" or "What can a manager do?". This is something Axiomatics, as a vendor, calls <a href="https://medium.com/@jonas.iggbom/authorization-for-a-list-of-resources-is-something-that-axiomatics-has-supported-for-several-years-48f8fbd1e8fa" target="_blank">reverse querying</a> (based on partial evaluation). I believe OPA calls it partial evaluation as well. See <a href="https://blog.openpolicyagent.org/partial-evaluation-162750eaf422" target="_blank">Torin's blog post here</a>. </div></div><div><br></div><div>IMHO, from what I have seen, Cedar, OPA, and XACML/ALFA are 99% the same. Sure, there are differences. For instance XACML has obligations & advice. But the bottom line is: maybe we should try to standardize between these 2 models as a starting point.</div><div><br></div><div>And then <a class="gmail_plusreply" id="m_3727334158734111102plusReplyChip-0" href="mailto:alex@3edges.com" target="_blank">@Alex Babeanu</a> mentions that there could be a different way altogether to signal authorizations via events. So that's a different pattern worth considering.</div><div><br></div><div>Lastly, let's look at sibling standards? How do <a href="https://datatracker.ietf.org/doc/html/rfc9396" target="_blank">rich authorization requests</a> fit in?</div><div><br></div><div>Debbie, to your point on building a list of approaches, I think Alex put a doc together that he'll be sharing shortly that attempts to do this. From the top of my mind I roughly see:</div><div><ul><li>policy-driven approaches: OPA, Cedar, XACML, ALFA are all great examples</li><li>graph: 3Edges, NGAC, others?</li><li>ACL-based: Zanzibar, OpenFGA, others?</li></ul><div>Thanks</div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Jun 20, 2023 at 7:37 AM Debbie Bucci via policy-charter <<a href="mailto:policy-charter@lists.openid.net" target="_blank">policy-charter@lists.openid.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>
<div lang="EN-US">
<div>
<p class="MsoNormal">Scope seems to be all over the place … I kind of need to do my own research (or perhaps it’s part of charter) to better understand what the similarities and differences and /or pro cons between current implementations - compared to
what my own organization needs are for exchanging polices generated at multiple levels -organization and individual choice (which kind of implies the need of roles to me) Authorization at the Org most likely not enough …Ultimately the data holder is liable
and will make that final decision. Certainly the “sausage making” for tool of choice is out of scope but what is exchanged is most important. Perhaps I am missing something. <u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">This seems to be the short list from the original thread. <span style="font-size:12pt;color:rgb(33,33,33)">
XACML, Open Policy Agent,<span> </span><span>Amazon</span><span> </span>Verified Permissions and other implementations. Are there others? Graph GL?
</span><u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<div id="m_3727334158734111102m_6998190228525126035mail-editor-reference-message-container">
<div>
<div style="border-right:none;border-bottom:none;border-left:none;border-top:1pt solid rgb(181,196,223);padding:3pt 0in 0in">
<p class="MsoNormal" style="margin-bottom:12pt"><b><span style="font-size:12pt;color:black">From:
</span></b><span style="font-size:12pt;color:black">policy-charter <<a href="mailto:policy-charter-bounces@lists.openid.net" target="_blank">policy-charter-bounces@lists.openid.net</a>> on behalf of Omri Gazitt via policy-charter <<a href="mailto:policy-charter@lists.openid.net" target="_blank">policy-charter@lists.openid.net</a>><br>
<b>Date: </b>Monday, June 19, 2023 at 5:51 PM<br>
<b>To: </b>Policy Charter Mail List <<a href="mailto:policy-charter@lists.openid.net" target="_blank">policy-charter@lists.openid.net</a>><br>
<b>Cc: </b>Omri Gazitt <<a href="mailto:omri@aserto.com" target="_blank">omri@aserto.com</a>><br>
<b>Subject: </b>Re: [policy-charter] Admin Policy Push Group<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal">@Alex I think you and I are making an assumption that communicating relationships (data) changes between an administration point and a decision point is just as important as communicating policy changes. But that is not (yet) agreed upon. <u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<p class="MsoNormal">On Mon, Jun 19, 2023 at 8:29 AM Alex Babeanu via policy-charter <<a href="mailto:policy-charter@lists.openid.net" target="_blank">policy-charter@lists.openid.net</a>> wrote:<u></u><u></u></p>
</div>
<blockquote style="border-top:none;border-right:none;border-bottom:none;border-left:1pt solid rgb(204,204,204);padding:0in 0in 0in 6pt;margin-left:4.8pt;margin-right:0in">
<div>
<p class="MsoNormal">On the ReBAC front, and to keep it simple, no matter what language/system we come up with, "relationships" should be prime citizens, and optional. Note also that relationships, like any other entities, can hold properties (for those of
us using labelled property graphs). This should cater to all cases I think, and be simple enough. Don't need it? don't use it... <u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Also Re: Naming, does it have to be an acronym ?<u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Cheers,<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">./\.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<p class="MsoNormal">On Mon, Jun 19, 2023 at 8:12 AM Gerry Gebel via policy-charter <<a href="mailto:policy-charter@lists.openid.net" target="_blank">policy-charter@lists.openid.net</a>> wrote:<u></u><u></u></p>
</div>
<blockquote style="border-top:none;border-right:none;border-bottom:none;border-left:1pt solid rgb(204,204,204);padding:0in 0in 0in 6pt;margin-left:4.8pt;margin-right:0in">
<div>
<p class="MsoNormal">@Omri - I agree with Andrew here that we should keep the scope more narrowly defined. <u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Some of what you describe (push vs. pull) will be specific to the target environment and not easily generalized.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><br>
That said, a separate work stream can be started if that is appropriate<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><br>
Gerry<u></u><u></u></p>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<p class="MsoNormal">On Sun, Jun 18, 2023 at 5:05 PM Andrew Hughes via policy-charter <<a href="mailto:policy-charter@lists.openid.net" target="_blank">policy-charter@lists.openid.net</a>> wrote:<u></u><u></u></p>
</div>
<blockquote style="border-top:none;border-right:none;border-bottom:none;border-left:1pt solid rgb(204,204,204);padding:0in 0in 0in 6pt;margin-left:4.8pt;margin-right:0in">
<div>
<p class="MsoNormal">I prefer the most narrow scope possible. Otherwise we will never finish. <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Other people will work with n the other parts. <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<p class="MsoNormal">On Sun, Jun 18, 2023 at 4:00 PM Omri Gazitt via policy-charter <<a href="mailto:policy-charter@lists.openid.net" target="_blank">policy-charter@lists.openid.net</a>> wrote:<u></u><u></u></p>
</div>
<blockquote style="border-top:none;border-right:none;border-bottom:none;border-left:1pt solid rgb(204,204,204);padding:0in 0in 0in 6pt;margin-left:4.8pt;margin-right:0in">
<div>
<p class="MsoNormal">One thing I'd like to put out there...<u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">In a world where both policy and data are important parts of a decision, we should consider expanding the scope of what we believe should be pushed from an administration point to a decision point. Specifically, with a ReBAC model (or
a hybrid policy-as-code / policy-as-data model), changes in relationships between subjects and objects are as critical to communicate as policy changes. <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">If folks agree, then perhaps the name of the workstream should be generalized to "PAP-PDP group". <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Additionally, there are two possible models to consider - Pull and Push. For example, OPA defines a
<a href="https://www.openpolicyagent.org/docs/latest/management-bundles/" target="_blank">
pull model</a> for a PDP to obtain policy updates from a policy bundle service. In practice, a push model seems critical for real-world scenarios.<u></u><u></u></p>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<p class="MsoNormal">On Sun, Jun 18, 2023 at 2:54 PM Roland Baum via policy-charter <<a href="mailto:policy-charter@lists.openid.net" target="_blank">policy-charter@lists.openid.net</a>> wrote:<u></u><u></u></p>
</div>
<blockquote style="border-top:none;border-right:none;border-bottom:none;border-left:1pt solid rgb(204,204,204);padding:0in 0in 0in 6pt;margin-left:4.8pt;margin-right:0in">
<div>
<p>me too! :-D<u></u><u></u></p>
<div>
<p class="MsoNormal">Am 15.06.23 um 20:51 schrieb Omri Gazitt via policy-charter:<u></u><u></u></p>
</div>
<blockquote style="margin-top:5pt;margin-bottom:5pt">
<div>
<p class="MsoNormal">Me too<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<p class="MsoNormal">On Thu, Jun 15, 2023 at 10:35 AM Atul Tulshibagwale via policy-charter <<a href="mailto:policy-charter@lists.openid.net" target="_blank">policy-charter@lists.openid.net</a>> wrote:<u></u><u></u></p>
</div>
<blockquote style="border-top:none;border-right:none;border-bottom:none;border-left:1pt solid rgb(204,204,204);padding:0in 0in 0in 6pt;margin-left:4.8pt;margin-right:0in">
<div>
<p class="MsoNormal">Im in<u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<p class="MsoNormal">On Thu, Jun 15, 2023 at 10:34 AM Vittorio Bertocci via policy-charter <<a href="mailto:policy-charter@lists.openid.net" target="_blank">policy-charter@lists.openid.net</a>> wrote:<u></u><u></u></p>
</div>
<blockquote style="border-top:none;border-right:none;border-bottom:none;border-left:1pt solid rgb(204,204,204);padding:0in 0in 0in 6pt;margin-left:4.8pt;margin-right:0in">
<div>
<p class="MsoNormal">Would love to be on it!<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<p class="MsoNormal">On Thu, Jun 15, 2023 at 10:33 David Brossard via policy-charter <<a href="mailto:policy-charter@lists.openid.net" target="_blank">policy-charter@lists.openid.net</a>> wrote:<u></u><u></u></p>
</div>
<blockquote style="border-top:none;border-right:none;border-bottom:none;border-left:1pt solid rgb(204,204,204);padding:0in 0in 0in 6pt;margin-left:4.8pt;margin-right:0in">
<div>
<p><strong><span style="font-family:Calibri,sans-serif">This message originated outside your organization.</span></strong><u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<div class="MsoNormal" align="center" style="text-align:center">
<hr size="0" width="100%" align="center">
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Count me in too<u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<p class="MsoNormal">On Thu, Jun 15, 2023, 10:30 AM Shayne Miel (smiel) via policy-charter <<a href="mailto:policy-charter@lists.openid.net" target="_blank">policy-charter@lists.openid.net</a>> wrote:<u></u><u></u></p>
</div>
<blockquote style="border-top:none;border-right:none;border-bottom:none;border-left:1pt solid rgb(204,204,204);padding:0in 0in 0in 6pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p class="MsoNormal"><span style="font-size:12pt;color:black">Please count me in for the Admin Policy Push group.<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12pt;color:black"><u></u> <u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12pt;color:black">Thanks!<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12pt;color:black">Shayne Miel<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12pt;color:black"><u></u> <u></u></span></p>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:12pt;color:black"><u></u> <u></u></span></p>
</div>
<div id="m_3727334158734111102m_6998190228525126035m_-2862424204660414063m_7448919115814998501m_-3543864731527066764m_1756520033801889390m_8517954836162838756m_2111344322386200626m_-367478924868444624m_-430140849733106913m_6069147643270360125Signature">
<div>
<div>
<table border="0" cellpadding="0">
<tbody>
<tr>
<td width="50" style="width:37.5pt;padding:0.75pt">
<p class="MsoNormal"><b>Error! Filename not specified.</b><u></u><u></u></p>
</td>
<td width="10" style="width:7.5pt;padding:0.75pt">
<p class="MsoNormal"><span style="border:1pt solid windowtext;padding:0in"><img border="0" width="10" height="50" style="width: 0.1041in; height: 0.5208in;" id="m_3727334158734111102m_6998190228525126035_x0000_i1029" alt="Image removed by sender."></span><u></u><u></u></p>
</td>
<td style="padding:0.75pt">
<div>
<p class="MsoNormal"><strong><span style="font-family:Helvetica">Shayne Miel</span></strong><span style="font-family:Helvetica">
<u></u><u></u></span></p>
<div>
<p class="MsoNormal"><span style="font-family:Helvetica;color:rgb(153,153,153)">/</span><span style="font-family:Helvetica"> Principal Engineer (he, him, his)<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:Helvetica"><br>
<a href="mailto:smiel@cisco.com" target="_blank"><span style="color:rgb(23,78,134)">smiel@cisco.com</span></a><u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:Helvetica"><br>
(919) 923-6230<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:Helvetica"><br>
<a href="https://urldefense.com/v3/__https:/www.cisco.com/site/us/en/products/security/index.html__;!!PwKahg!4zuqlwDjQsKy8apRVi9ImPprXSTXVrhXnrfmIhSUtDp3STR8J62s7zvfMsE7Z_yaCzNWpdSxS1yQ-Vb0CLNdfhklKja8Kb_WYdE$" title="https://www.cisco.com/site/us/en/products/security/index.html" target="_blank"><span style="color:rgb(23,78,134)">cisco.com</span></a><u></u><u></u></span></p>
</div>
</div>
</td>
<td style="padding:0.75pt">
<p class="MsoNormal"><span style="border:1pt solid windowtext;padding:0in"><img border="0" width="1" height="50" style="width: 0.0104in; height: 0.5208in;" id="m_3727334158734111102m_6998190228525126035_x0000_i1028" alt="Image removed by sender."></span><u></u><u></u></p>
</td>
</tr>
<tr>
<td colspan="4" style="padding:0.75pt"></td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span style="font-size:12pt;color:black"><u></u> <u></u></span></p>
</div>
</div>
</div>
</div>
<div class="MsoNormal" align="center" style="text-align:center">
<hr size="0" width="100%" align="center">
</div>
<div id="m_3727334158734111102m_6998190228525126035m_-2862424204660414063m_7448919115814998501m_-3543864731527066764m_1756520033801889390m_8517954836162838756m_2111344322386200626m_-367478924868444624m_-430140849733106913m_6069147643270360125divRplyFwdMsg">
<p class="MsoNormal"><b><span style="color:black">From:</span></b><span style="color:black"> policy-charter <<a href="mailto:policy-charter-bounces@lists.openid.net" target="_blank">policy-charter-bounces@lists.openid.net</a>> on behalf of Gerry Gebel via policy-charter
<<a href="mailto:policy-charter@lists.openid.net" target="_blank">policy-charter@lists.openid.net</a>><br>
<b>Sent:</b> Thursday, June 15, 2023 10:53 AM<br>
<b>To:</b> Policy Charter Mail List <<a href="mailto:policy-charter@lists.openid.net" target="_blank">policy-charter@lists.openid.net</a>><br>
<b>Cc:</b> Gerry Gebel <<a href="mailto:gerry@strata.io" target="_blank">gerry@strata.io</a>><br>
<b>Subject:</b> [policy-charter] Admin Policy Push Group</span> <u></u><u></u></p>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal">Hi all - <u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Thanks to Andrew Hughes for leading the PEP-PDP Group and those that have expressed interest in pursuing that effort.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">How about the Admin Policy Push work stream? Who is interested in participating?<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Thanks,<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Gerry <u></u><u></u></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal">-- <br>
policy-charter mailing list<br>
<a href="mailto:policy-charter@lists.openid.net" target="_blank">policy-charter@lists.openid.net</a><br>
<a href="https://urldefense.com/v3/__https:/lists.openid.net/mailman/listinfo/policy-charter__;!!PwKahg!4zuqlwDjQsKy8apRVi9ImPprXSTXVrhXnrfmIhSUtDp3STR8J62s7zvfMsE7Z_yaCzNWpdSxS1yQ-Vb0CLNdfhklKja8RgFFZy8$" target="_blank">https://lists.openid.net/mailman/listinfo/policy-charter</a><u></u><u></u></p>
</blockquote>
</div>
<p class="MsoNormal">-- <br>
policy-charter mailing list<br>
<a href="mailto:policy-charter@lists.openid.net" target="_blank">policy-charter@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/policy-charter" target="_blank">https://lists.openid.net/mailman/listinfo/policy-charter</a><u></u><u></u></p>
</blockquote>
</div>
</div>
<p class="MsoNormal">-- <br>
policy-charter mailing list<br>
<a href="mailto:policy-charter@lists.openid.net" target="_blank">policy-charter@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/policy-charter" target="_blank">https://lists.openid.net/mailman/listinfo/policy-charter</a><u></u><u></u></p>
</blockquote>
</div>
<p class="MsoNormal">-- <br>
policy-charter mailing list<br>
<a href="mailto:policy-charter@lists.openid.net" target="_blank">policy-charter@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/policy-charter" target="_blank">https://lists.openid.net/mailman/listinfo/policy-charter</a><u></u><u></u></p>
</blockquote>
</div>
</div>
<p class="MsoNormal"><span>-- </span><u></u><u></u></p>
<div>
<div>
<table border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr>
<td valign="top" style="padding:5pt;overflow:hidden">
<p style="margin:0in"><span style="font-family:tahoma,sans-serif;color:rgb(34,34,34)"><a href="http://www.aserto.com/" target="_blank"><span style="color:rgb(34,34,34);text-decoration:none"><span style="color:blue;border:1pt solid windowtext;padding:0in"><img border="0" width="96" height="35" style="width: 1in; height: 0.3645in;" id="m_3727334158734111102m_6998190228525126035_x0000_i1026" alt="Image removed by sender."></span></span></a><u></u><u></u></span></p>
</td>
<td style="padding:5pt;overflow:hidden">
<p style="margin:0in"><b><span style="font-size:10pt;font-family:Roboto;color:black">Omri Gazitt</span></b><span style="font-family:Arial,sans-serif;color:black">
</span><b><span style="font-size:10pt;font-family:Roboto;color:black">| </span>
</b><span style="font-size:10pt;font-family:Roboto;color:black">CEO</span><span style="font-family:tahoma,sans-serif;color:rgb(34,34,34)"><u></u><u></u></span></p>
<p style="margin:0in"><span style="font-size:10pt;font-family:Roboto;color:black"><a href="http://www.aserto.com/" target="_blank">Aserto</a> Inc.</span><span style="font-family:Arial,sans-serif;color:rgb(34,34,34)">
</span><b><span style="font-size:10pt;font-family:Roboto;color:black">| </span>
</b><span style="font-size:10pt;font-family:Roboto;color:black">(425) 765-0079</span><span style="font-family:tahoma,sans-serif;color:rgb(34,34,34)"><u></u><u></u></span></p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p class="MsoNormal"><br>
<br>
<u></u><u></u></p>
</blockquote>
</div>
<p class="MsoNormal">-- <br>
policy-charter mailing list<br>
<a href="mailto:policy-charter@lists.openid.net" target="_blank">policy-charter@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/policy-charter" target="_blank">https://lists.openid.net/mailman/listinfo/policy-charter</a><u></u><u></u></p>
</blockquote>
</div>
<p class="MsoNormal">-- <br>
policy-charter mailing list<br>
<a href="mailto:policy-charter@lists.openid.net" target="_blank">policy-charter@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/policy-charter" target="_blank">https://lists.openid.net/mailman/listinfo/policy-charter</a><u></u><u></u></p>
</blockquote>
</div>
</div>
<p class="MsoNormal"><span>-- </span><u></u><u></u></p>
<div>
<p class="MsoNormal">Andrew Hughes<br>
Director, Identity Standards<br>
Ping Identity<br>
Signal/Mobile: +12508889474<u></u><u></u></p>
</div>
<p class="MsoNormal"><br>
<b><i><span style="font-size:10pt;font-family:"Segoe UI",sans-serif;color:rgb(85,85,85);border:1pt none windowtext;padding:0in;background:white">CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended
recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer.
Thank you.</span></i></b>-- <br>
policy-charter mailing list<br>
<a href="mailto:policy-charter@lists.openid.net" target="_blank">policy-charter@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/policy-charter" target="_blank">https://lists.openid.net/mailman/listinfo/policy-charter</a><u></u><u></u></p>
</blockquote>
</div>
<p class="MsoNormal">-- <br>
policy-charter mailing list<br>
<a href="mailto:policy-charter@lists.openid.net" target="_blank">policy-charter@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/policy-charter" target="_blank">https://lists.openid.net/mailman/listinfo/policy-charter</a><u></u><u></u></p>
</blockquote>
</div>
<p class="MsoNormal"><br clear="all">
<u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<p class="MsoNormal"><span>-- </span><u></u><u></u></p>
<div>
<div>
<p class="MsoNormal"><a href="https://hihello.me/p/cda689b1-0378-4b9c-88cf-33a9bc8ef0c5" target="_blank"><span style="color:windowtext;text-decoration:none"><span style="color:blue;border:1pt solid windowtext;padding:0in"><img border="0" width="360" height="360" style="width: 3.75in; height: 3.75in;" id="m_3727334158734111102m_6998190228525126035_x0000_i1025" alt="Image removed by sender. This is Alexandre Babeanu's card. Their email is alex@3edges.com. Their phone number is +1 604 728 8130."></span></span></a><u></u><u></u></p>
</div>
</div>
<p class="MsoNormal"><br>
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments hereto, is for the sole use of the intended recipient(s) and may contain confidential and/or proprietary information.<br>
-- <br>
policy-charter mailing list<br>
<a href="mailto:policy-charter@lists.openid.net" target="_blank">policy-charter@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/policy-charter" target="_blank">https://lists.openid.net/mailman/listinfo/policy-charter</a><u></u><u></u></p>
</blockquote>
</div>
</div>
</div>
</div>
</div>
-- <br>
policy-charter mailing list<br>
<a href="mailto:policy-charter@lists.openid.net" target="_blank">policy-charter@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/policy-charter" rel="noreferrer" target="_blank">https://lists.openid.net/mailman/listinfo/policy-charter</a><br>
</div></blockquote></div><br clear="all"><div><br></div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature">---<br>David Brossard<br><a href="http://www.linkedin.com/in/davidbrossard" target="_blank">http://www.linkedin.com/in/davidbrossard</a><br><a href="http://twitter.com/davidjbrossard" target="_blank">http://twitter.com/davidjbrossard</a><br><a href="http://about.me/brossard" target="_blank">http://about.me/brossard</a><br>---<br>Stay safe on the Internet: <a href="http://www.ic3.gov/preventiontips.aspx" target="_blank">http://www.ic3.gov/preventiontips.aspx</a><br>Prenez vos précautions sur Internet: <a href="http://www.securite-informatique.gouv.fr/gp_rubrique34.html" target="_blank">http://www.securite-informatique.gouv.fr/gp_rubrique34.html</a></div>