Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
 by ietfa.amsl.com (Postfix) with ESMTP id E7D861B3CB6
 for <oauth@ietfa.amsl.com>; Thu, 28 Jan 2016 04:24:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.3
X-Spam-Level: 
X-Spam-Status: No, score=-1.3 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 HTML_MESSAGE=0.001, J_CHICKENPOX_64=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44])
 by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id nVcLNTKRI91z for <oauth@ietfa.amsl.com>;
 Thu, 28 Jan 2016 04:24:24 -0800 (PST)
Received: from mail-qg0-x22a.google.com (mail-qg0-x22a.google.com
 [IPv6:2607:f8b0:400d:c04::22a])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ietfa.amsl.com (Postfix) with ESMTPS id 0E2951B3CB2
 for <oauth@ietf.org>; Thu, 28 Jan 2016 04:24:23 -0800 (PST)
Received: by mail-qg0-x22a.google.com with SMTP id 6so35282821qgy.1
 for <oauth@ietf.org>; Thu, 28 Jan 2016 04:24:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=ve7jtb-com.20150623.gappssmtp.com; s=20150623;
 h=content-type:mime-version:subject:from:in-reply-to:date:cc
 :message-id:references:to;
 bh=6rTVJjnG5+JkcZErAWzHO038kywZzW7OKlsrmBHmH3E=;
 b=mPvD/p363ek8nfpD/sjQpnpjeptqQ0V4IRkMzXCBXULnOlBHRfiVMb+9uYc6GbUtvl
 lrF13Zk4u/8VvLe13O5R2CZ5I02nqniX8KF/wX/2s1izO4T3Pj/6kzyU/wq+2rEhiFP4
 2UBLe7EvYymaNZqu7IE2UhYheRqNcqkPihXkRYVnkMyDXGnbzHpN+ClCFBL3QymsGlbc
 mGKmflBnYnlUK3iah/yRGM3N3kZfa47aBijOPOrnMjSjIAJJ9fbKAPtov/XMyiusM8l6
 z5IKzBB2Erl1B4eOxox9OpNTZUFcw2tL/TiJulVDbMT3qdGqZIc4m/iSStLDqgWqNnjC
 IHQw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:content-type:mime-version:subject:from
 :in-reply-to:date:cc:message-id:references:to;
 bh=6rTVJjnG5+JkcZErAWzHO038kywZzW7OKlsrmBHmH3E=;
 b=a8iaNAw6SMzMRtVy5aEHa4BgPzZd+QCxJXlKNtcoZ8ZZ+JwbQRZbCLi4c8gSEBSY5m
 l3uZmZIK3o8xRgyfFYM6FUcOxBDUaAIArfGFS8WlnODJVOEaQIcKTJVgnRtH5T4F2rAi
 UXhzRbcdW098Ol5kSxjq3GkeBFzxHqnlF1DIV9LRDvJngyECCpAFo/8UBl0U+q4QrRnj
 ayexgF0E4puQpNtWSq43NLYy51Fypaf40SyC+CK0p5NpU9JRjyx5CugYpWXvtXVZf49j
 H1q7/75O7hwn4mcWzRPztcsJCwiJfVfmuYDoviV0QKyMpKNYanUdojbWY0rgDbPaDtXZ
 tyHQ==
X-Gm-Message-State: AG10YOTpZYi0OSVx95GCXNNjSHlJPRn8reM8AqRgBK+JoiR8YNnFdqp9pn0q6DPZ/pKafQ==
X-Received: by 10.140.146.136 with SMTP id 130mr2524860qhs.92.1453983862981;
 Thu, 28 Jan 2016 04:24:22 -0800 (PST)
Received: from [192.168.1.35] ([191.115.49.204])
 by smtp.gmail.com with ESMTPSA id l129sm1230003qhc.24.2016.01.28.04.24.20
 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Thu, 28 Jan 2016 04:24:22 -0800 (PST)
Content-Type: multipart/signed;
 boundary="Apple-Mail=_AE1824E0-D94E-48AC-B1D2-B7D1A63EEB9B";
 protocol="application/pkcs7-signature"; micalg=sha1
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <CAEayHEOtpUxMRKduitbe=D3UFHSazMmkf9UQoiPNjZFr0JATOA@mail.gmail.com>
Date: Thu, 28 Jan 2016 09:24:17 -0300
Message-Id: <E4FE9AE7-2EDB-426B-98FE-25ADF85F3A3E@ve7jtb.com>
References: <78kleo9cmvytysxs1qv8kep0.1453117674832@email.android.com>
 <569CDE25.90908@gmail.com>
 <CAAP42hA_3EmJw7fAXSSfg=KynAMF26x6vgm1HyLX1RAS4OpKfQ@mail.gmail.com>
 <569E08F6.4040600@gmail.com> <56A7B52C.2040302@gmail.com>
 <CAEayHEMrTjDQbdoX3C-2-oGUVVQTzCzDqbWU-hFeAtbSp-tCcg@mail.gmail.com>
 <7E08DFCA-ADBC-481A-896A-2725E1F79EFA@mit.edu> <56A8A762.9080004@gmail.com>
 <CAEayHEPi7hsu=zkr_qxadp02D9zzLGVDU-AGVZXzm25vE2bJFw@mail.gmail.com>
 <56A8B542.5060208@gmail.com> <56A8BE1B.2080404@aol.com>
 <CAEayHEOtpUxMRKduitbe=D3UFHSazMmkf9UQoiPNjZFr0JATOA@mail.gmail.com>
To: Thomas Broyer <t.broyer@gmail.com>
X-Mailer: Apple Mail (2.3112)
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/B-Dmpzfsl53iT31MADjbkFb_bD8>
Cc: "<oauth@ietf.org>" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Can the repeated authorization of scopes be avoided ?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>,
 <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>,
 <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jan 2016 12:24:27 -0000


--Apple-Mail=_AE1824E0-D94E-48AC-B1D2-B7D1A63EEB9B
Content-Type: multipart/alternative;
	boundary="Apple-Mail=_3BCF64EF-9BDA-4DF4-881F-AFBAE0B4CD8D"


--Apple-Mail=_3BCF64EF-9BDA-4DF4-881F-AFBAE0B4CD8D
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8

No web clients often make use of sticky grants.   Sharing client_id =
amongst multiple instances is a native app thing, but stick grants work =
best with confidential clients.

It is to some extent a UI decision by the AS, to tell the user you have =
already granted A & B , they are asking to add C,  or re-prompt the user =
for A, B and C without giving the context.

The other thing to consider is implicit clients without refresh tokens.  =
=20

If the client is JS in the browser then if you remember the grants the =
JS can do a prompt=3Dnone flow to refresh an expired AT in the =
background as long as the browser has a session with the AS.

If you are using an implicit client and don=E2=80=99t support sticky =
grants, you wind up having to have AT that have a lifetime grater than =
what is optimal.

John B.

> On Jan 27, 2016, at 1:07 PM, Thomas Broyer <t.broyer@gmail.com> wrote:
>=20
>=20
>=20
> On Wed, Jan 27, 2016 at 1:54 PM George Fletcher <gffletch@aol.com =
<mailto:gffletch@aol.com>> wrote:
> The difference might be whether you want to store the scope consent by =
client "instance" vs client_id application "class".
>=20
> Correct me if I'm wrong but this only makes sense for "native apps", =
not for web apps, right?
> (of course, now with "installable web apps" =E2=80=93e.g. progressive =
web apps=E2=80=93, lines get blurry; any suggestion how you'd do it =
then? cookies?)
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


--Apple-Mail=_3BCF64EF-9BDA-4DF4-881F-AFBAE0B4CD8D
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=utf-8

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" =
class=3D"">No web clients often make use of sticky grants. &nbsp; =
Sharing client_id amongst multiple instances is a native app thing, but =
stick grants work best with confidential clients.<div class=3D""><br =
class=3D""></div><div class=3D"">It is to some extent a UI decision by =
the AS, to tell the user you have already granted A &amp; B , they are =
asking to add C, &nbsp;or re-prompt the user for A, B and C without =
giving the context.</div><div class=3D""><br class=3D""></div><div =
class=3D"">The other thing to consider is implicit clients without =
refresh tokens. &nbsp;&nbsp;</div><div class=3D""><br =
class=3D""></div><div class=3D"">If the client is JS in the browser then =
if you remember the grants the JS can do a prompt=3Dnone flow to refresh =
an expired AT in the background as long as the browser has a session =
with the AS.</div><div class=3D""><br class=3D""></div><div class=3D"">If =
you are using an implicit client and don=E2=80=99t support sticky =
grants, you wind up having to have AT that have a lifetime grater than =
what is optimal.</div><div class=3D""><br class=3D""></div><div =
class=3D"">John B.</div><div class=3D""><br class=3D""></div><div =
class=3D""><div class=3D""><div><blockquote type=3D"cite" class=3D""><div =
class=3D"">On Jan 27, 2016, at 1:07 PM, Thomas Broyer &lt;<a =
href=3D"mailto:t.broyer@gmail.com" class=3D"">t.broyer@gmail.com</a>&gt; =
wrote:</div><br class=3D"Apple-interchange-newline"><div class=3D""><div =
dir=3D"ltr" class=3D""><br class=3D""><br class=3D""><div =
class=3D"gmail_quote"><div dir=3D"ltr" class=3D"">On Wed, Jan 27, 2016 =
at 1:54 PM George Fletcher &lt;<a href=3D"mailto:gffletch@aol.com" =
class=3D"">gffletch@aol.com</a>&gt; wrote:<br class=3D""></div><blockquote=
 class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc =
solid;padding-left:1ex">
 =20
   =20
 =20
  <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D"">
    <font face=3D"Helvetica, Arial, sans-serif" class=3D"">The =
difference might be whether
      you want to store the scope consent by client "instance" vs
      client_id application "class".</font></div></blockquote><div =
class=3D""><br class=3D""></div><div class=3D"">Correct me if I'm wrong =
but this only makes sense for "native apps", not for web apps, =
right?</div><div class=3D"">(of course, now with "installable web apps" =
=E2=80=93e.g. progressive web apps=E2=80=93, lines get blurry; any =
suggestion how you'd do it then? cookies?)</div></div></div>
_______________________________________________<br class=3D"">OAuth =
mailing list<br class=3D""><a href=3D"mailto:OAuth@ietf.org" =
class=3D"">OAuth@ietf.org</a><br =
class=3D"">https://www.ietf.org/mailman/listinfo/oauth<br =
class=3D""></div></blockquote></div><br =
class=3D""></div></div></body></html>=

--Apple-Mail=_3BCF64EF-9BDA-4DF4-881F-AFBAE0B4CD8D--

--Apple-Mail=_AE1824E0-D94E-48AC-B1D2-B7D1A63EEB9B
Content-Disposition: attachment;
	filename=smime.p7s
Content-Type: application/pkcs7-signature;
	name=smime.p7s
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIINPDCCBjQw
ggQcoAMCAQICASAwDQYJKoZIhvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0
Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAn
BgNVBAMTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDI1NVoX
DTE3MTAyNDIxMDI1NVowgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSsw
KQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFy
dENvbSBDbGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMsohUWcASz7GfKrpTOMKqANy9BV7V0igWdGxA8IU77L3aTxErQ+
fcxtDYZ36Z6GH0YFn7fq5RADteP0AYzrCA+EQTfi8q1+kA3m0nwtwXG94M5sIqsvs7lRP1aycBke
/s5g9hJHryZ2acScnzczjBCAo7X1v5G3yw8MDP2m2RCye0KfgZ4nODerZJVzhAlOD9YejvAXZqHk
sw56HzElVIoYSZ3q4+RJuPXXfIoyby+Y2m1E+YzX5iCZXBx05gk6MKAW1vaw4/v2OOLy6FZH3XHH
tOkzUreG//CsFnB9+uaYSlR65cdGzTsmoIK8WH1ygoXhRBm98SD7Hf/r3FELNvUCAwEAAaOCAa0w
ggGpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSuVYNv7DHKufcd
+q9rMfPIHeOsuzAfBgNVHSMEGDAWgBROC+8apEBbpRdphzDKNGhD0EGu8jBmBggrBgEFBQcBAQRa
MFgwJwYIKwYBBQUHMAGGG2h0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9jYTAtBggrBgEFBQcwAoYh
aHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2EuY3J0MFsGA1UdHwRUMFIwJ6AloCOGIWh0dHA6
Ly93d3cuc3RhcnRzc2wuY29tL3Nmc2NhLmNybDAnoCWgI4YhaHR0cDovL2NybC5zdGFydHNzbC5j
b20vc2ZzY2EuY3JsMIGABgNVHSAEeTB3MHUGCysGAQQBgbU3AQIBMGYwLgYIKwYBBQUHAgEWImh0
dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cu
c3RhcnRzc2wuY29tL2ludGVybWVkaWF0ZS5wZGYwDQYJKoZIhvcNAQEFBQADggIBADqpJw3I07QW
ke9plNBpxUxcffc7nUrIQpJHDci91DFG7fVhHRkMZ1J+BKg5UNUxIFJ2Z9B90Micc/NXcs7kPBRd
n6XGO/vPc87Y6R+cWS9Nc9+fp3Enmsm94OxOwI9wn8qnr/6o3mD4noP9JphwUPTXwHovjavRnhUQ
HLfo/i2NG0XXgTHXS2Xm0kVUozXqpYpAdumMiB/vezj1QHQJDmUdPYMcp+reg9901zkyT3fDW/iv
JVv6pWtkh6Pw2ytZT7mvg7YhX3V50Nv860cV11mocUVcqBLv0gcT+HBDYtbuvexNftwNQKD5193A
7zN4vG7CTYkXxytSjKuXrpEatEiFPxWgb84nVj25SU5q/r1Xhwby6mLhkbaXslkVtwEWT3Van49r
KjlK4XrUKYYWtnfzq6aSak5u0Vpxd1rY79tWhD3EdCvOhNz/QplNa+VkIsrcp7+8ZhP1l1b2U6Ma
xIVteuVMD3X0vziIwr7jxYae9FZjbxlpUemqXjcC0QaFfN7qI0JsQMALL7iGRBg7K0CoOBzECdD3
fuZil5kU/LP9cr1BK31U0Uy651bFnAMMMkqhAChIbn0ei72VnbpSsrrSdF0BAGYQ8vyHae5aCg+H
75dVCV33K6FuxZrf09yTz+Vx/PkdRUYkXmZz/OTfyJXsUOUXrym6KvI2rYpccSk5MIIHADCCBeig
AwIBAgICSAcwDQYJKoZIhvcNAQEFBQAwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENv
bSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYD
VQQDEy9TdGFydENvbSBDbGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTAeFw0x
NDAzMjQyMzU2MjNaFw0xNjAzMjUwOTM5MzFaMIGfMRkwFwYDVQQNExBxekYwMVhZQ1pNTDM4N2hE
MQswCQYDVQQGEwJDTDEiMCAGA1UECBMZTWV0cm9wb2xpdGFuYSBkZSBTYW50aWFnbzEWMBQGA1UE
BxMNSXNsYSBkZSBNYWlwbzEVMBMGA1UEAxMMSm9obiBCcmFkbGV5MSIwIAYJKoZIhvcNAQkBFhNq
YnJhZGxleUBpY2xvdWQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTL0o4QG
WC+jnmYa7xEjcBTAeIOt7ILy40qsnJHNedVaTH0EU5yHzoaEOGHuOuwJUz/C7r2TvXpJ/Ud4w6VO
HdOUGnnKUiH5MV/kIysZ7DpN5D1f+yEast00oKsEbf/D6flzfex2JFV9rT7AQ+FQaTdf3S9K7gM2
F5kODFg805BMYTGT+haw9VOMXju5s93VEjUQcnGrLy0RtoN76GM6ItxqNnEt/Ln+2GNq8JvPyUKe
JsAxfIlTyqIbw32VlusKXL4+jmgFi+LY6bsfg3VHLvy58QsQnCwHg15uARvy5X6owyGcG7xHwNml
fNWtBZ3DHNPh37HC9lmAy4iqw4PvNwIDAQABo4IDVTCCA1EwCQYDVR0TBAIwADALBgNVHQ8EBAMC
BLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBSUDb6BlJD7FIYgWj1w
4z+GsOXs7zAfBgNVHSMEGDAWgBSuVYNv7DHKufcd+q9rMfPIHeOsuzCBmQYDVR0RBIGRMIGOgRNq
YnJhZGxleUBpY2xvdWQuY29tgRNqYnJhZGxleUBpY2xvdWQuY29tgRdqb2huLmJyYWRsZXlAd2lu
Z2FhLmNvbYERdmU3anRiQHZlN2p0Yi5jb22BD2picmFkbGV5QG1lLmNvbYEQamJyYWRsZXlAbWFj
LmNvbYETamJyYWRsZXlAd2luZ2FhLmNvbTCCAUwGA1UdIASCAUMwggE/MIIBOwYLKwYBBAGBtTcB
AgMwggEqMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMIH3
BggrBgEFBQcCAjCB6jAnFiBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgEBGoG+
VGhpcyBjZXJ0aWZpY2F0ZSB3YXMgaXNzdWVkIGFjY29yZGluZyB0byB0aGUgQ2xhc3MgMiBWYWxp
ZGF0aW9uIHJlcXVpcmVtZW50cyBvZiB0aGUgU3RhcnRDb20gQ0EgcG9saWN5LCByZWxpYW5jZSBv
bmx5IGZvciB0aGUgaW50ZW5kZWQgcHVycG9zZSBpbiBjb21wbGlhbmNlIG9mIHRoZSByZWx5aW5n
IHBhcnR5IG9ibGlnYXRpb25zLjA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLnN0YXJ0c3Ns
LmNvbS9jcnR1Mi1jcmwuY3JsMIGOBggrBgEFBQcBAQSBgTB/MDkGCCsGAQUFBzABhi1odHRwOi8v
b2NzcC5zdGFydHNzbC5jb20vc3ViL2NsYXNzMi9jbGllbnQvY2EwQgYIKwYBBQUHMAKGNmh0dHA6
Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRzL3N1Yi5jbGFzczIuY2xpZW50LmNhLmNydDAjBgNVHRIE
HDAahhhodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS8wDQYJKoZIhvcNAQEFBQADggEBALscEldbrgeF
B1WC/hMdYxFT4Lc8ALtErgJryRozTdeMlzpsncIKyy8M54HhxQAMOqFe2HR+R9H7WeIzmkV95yJn
JY3bd4bxnnemhLrDyi1VlNjEjkK5kgegI8JavahFXl4FwJHHv8TOh71Wf3fiy0Do7d7TQmVDRrzt
1k/2w4CXKweQ2mdFw7fskiYoPGEK7pFiicGMFBzLiKRm61CqojS4IYShiP0nCZZWPwNJYs5lstxD
SSMaD+KccZVxkL7X2Qj9PJ+PCAQ6dMhvwTXrdcnrE7fI8PhFvHWrERjg7yIu1WI4Fgviy0u7437v
WzufSnfqMwbfz20fucO0chYq+tkxggNsMIIDaAIBATCBkzCBjDELMAkGA1UEBhMCSUwxFjAUBgNV
BAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNp
Z25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xp
ZW50IENBAgJIBzAJBgUrDgMCGgUAoIIBrTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqG
SIb3DQEJBTEPFw0xNjAxMjgxMjI0MTdaMCMGCSqGSIb3DQEJBDEWBBQM2++WQzUx192s/e4Pauwl
45w0+DCBpAYJKwYBBAGCNxAEMYGWMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRD
b20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYG
A1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAkgH
MIGmBgsqhkiG9w0BCRACCzGBlqCBkzCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29t
IEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNV
BAMTL1N0YXJ0Q29tIENsYXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENBAgJIBzAN
BgkqhkiG9w0BAQEFAASCAQBvr5zXaBnuKkUdutKOEM7Jh9JyzjW6nBe01PHvyGtiDYV7GAIZmkNa
MHIjMaiLtEioK2LTiVm8B913KfE4zJTcW5peHGqS9Y+n8cSvGckTqxCNnCdiYu8CvtasbGQ5Q/n7
yp7PeucvzzlgKifE2AelKVc2nklyZgZ2Mz3Q1Cn9qMDlFO08ciR1hqCn0HgUSvS8x+jbyGjEvXeG
gM3M6ofn45bM/7Ju3GXOMASU8aUP8z0+RUvCfrCnrd1pny0T0pMj9fIZzQ842bygurtnBYiEC7nL
6zakmcsURP5iH4K9Sfz0jOq5wyX48VbEUWgywmzihn/o8rFbfl61HkjKXyShAAAAAAAA
--Apple-Mail=_AE1824E0-D94E-48AC-B1D2-B7D1A63EEB9B--