Network Working Group L. Johansson
Internet-Draft Sunet
Intended status: Informational 3 March 2025
Expires: 4 September 2025
A reference architecture for direct presentation credential flows
draft-johansson-direct-presentation-arch-00
Abstract
This document defines a reference architecture for direct
presentation flows of digital credentials. The architecture
introduces the concept of a presentation mediator as the active
component responsible for managing, presenting, and selectively
disclosing credentials while preserving a set of security and privacy
promises that will also be defined.
Discussion Venues
This note is to be removed before publishing as an RFC.
Source for this draft and an issue tracker can be found at
https://github.com/leifj/wallet-refarch.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 4 September 2025.
Copyright Notice
Copyright (c) 2025 IETF Trust and the persons identified as the
document authors. All rights reserved.
Johansson Expires 4 September 2025 [Page 1]
�
Internet-Draft direct-presentation March 2025
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3.1. Naming the elephant in the room . . . . . . . . . . . . . 3
3.2. Terminology used in this specification . . . . . . . . . 4
4. A Note on History . . . . . . . . . . . . . . . . . . . . . . 4
5. Actors and Entities . . . . . . . . . . . . . . . . . . . . . 7
5.1. Subject and Presenter . . . . . . . . . . . . . . . . . . 7
5.2. Presentation Mediator . . . . . . . . . . . . . . . . . . 7
5.3. Credential Store . . . . . . . . . . . . . . . . . . . . 8
5.4. Credentials and Presentation Proofs . . . . . . . . . . . 8
5.5. Issuer and Verifier . . . . . . . . . . . . . . . . . . . 8
6. Presentation Flows . . . . . . . . . . . . . . . . . . . . . 9
6.1. Direct Presentation Flow . . . . . . . . . . . . . . . . 9
6.2. Delegated or Assisted Presentation Flow . . . . . . . . . 10
7. Normative Requirements . . . . . . . . . . . . . . . . . . . 10
7.1. Subject control . . . . . . . . . . . . . . . . . . . . . 10
7.2. Selective Disclosure . . . . . . . . . . . . . . . . . . 11
7.3. Issuer Binding . . . . . . . . . . . . . . . . . . . . . 11
7.4. Mediator Binding . . . . . . . . . . . . . . . . . . . . 11
7.5. Non-linkability and data minimization . . . . . . . . . . 11
7.6. Revocation . . . . . . . . . . . . . . . . . . . . . . . 11
8. Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . 12
8.1. OpenID and SD-JWT . . . . . . . . . . . . . . . . . . . . 12
8.2. Anoncreds . . . . . . . . . . . . . . . . . . . . . . . . 13
8.3. The EU Digital Identity Wallet . . . . . . . . . . . . . 13
9. Security Considerations . . . . . . . . . . . . . . . . . . . 13
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 13
11.1. Normative References . . . . . . . . . . . . . . . . . . 13
11.2. Informative References . . . . . . . . . . . . . . . . . 14
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 14
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 15
Johansson Expires 4 September 2025 [Page 2]
�
Internet-Draft direct-presentation March 2025
1. Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
2. Introduction
Digital credentials, which assert claims about individuals,
organizations, or devices, have become essential tools in modern
identity systems. Whether verifying an individual's qualifications,
attesting to an enterprise's compliance, or authorizing an IoT
device, these credentials rely on secure, efficient, and privacy-
preserving mechanisms for their use.
Traditional federated identity systems often rely on intermediaries
or delegation, which can compromise user privacy or introduce
inefficiencies. This document presents an architecture for direct
presentation flows, where credentials are presented directly to
verifiers without unnecessary intermediaries, empowering the data
subject or their authorized representative to maintain control over
the credential's use.
At the heart of this architecture is the presentation mediator, an
active software component responsible for facilitating secure and
privacy-aware interactions. This mediator works in tandem with
passive credential stores, verifiers, and issuers, creating a
scalable and interoperable system that can adapt to diverse
regulatory and operational environments.
3. Terminology
3.1. Naming the elephant in the room
The term "digital wallet" or "digital identity wallet" is often used
to denote a container for digital objects representing information
about a subject. Such objects are often called "digital
credentials". The use of the word "wallet" is both historic,
stemming from the origin of some types of wallet in the "crypto" or
digital asset community, aswell as meant to make the user think of a
physical wallet where digital credentials correspond to things like
credit cards, currency, loyalty cards, identity cards etc.
Johansson Expires 4 September 2025 [Page 3]
�
Internet-Draft direct-presentation March 2025
Arguably the use of the term wallet is often confusing since it may
lead to assumptions about the fungibility of identity or that
credentials are exchanged as part of a monetary transaction. In this
specification we will use the term "persentation mediator" when
traditionally the term "identity wallet" or "wallet" has been used.
3.2. Terminology used in this specification
To anchor this architecture, we define key terms:
* A presentation mediator is an active software component that
manages the presentation of credentials to the verifier on behalf
of the data subject.
* A credential store is a passive repository for securely storing
credentials. It supports the presentation mediator by providing
access to stored credentials without performing active operations.
* The data subject is the entity the credential pertains to, such as
an individual or organization.
* A presenter is the actor that delivers a credential to a verifier.
While often the data subject, the presenter could also be an
authorized agent or software acting on their behalf.
* A credential is a signed, structured document containing claims
about a subject, issued by a trusted entity.
* An attestation is a statement about a credential, often used to
validate or certify its properties, such as its integrity or
scope.
* A presentation proof is a derived artifact that proves claims from
a credential in a specific interaction with a verifier.
4. A Note on History
The origins of the notion of digital identity goes back to the mid
1990s. Historically, Internet protocols were designed to deal with
authentication and (sometimes) authorization, i.e. the question of
what entity is accessing the protocol and what they are allowed to
do. Digital identity can be thought of as a generalization of the
concept of a user identifier in a protocol. Today we typically use
the term data subject (abbreviated as 'subject' when there is no risk
of confusion) to denote the actor whoese data is beeing acted upon by
the protocol. Most internet protocols represent the data subject as
a "user" identified by a single unique identifier. Identifier in use
by Internet protocols were typically never designed to be unified -
Johansson Expires 4 September 2025 [Page 4]
�
Internet-Draft direct-presentation March 2025
each security protocol typically designed a separate structure of
identifiers.
Identifier schemes such as kerberos principal names or X.509
distinguished names are often assumed to be unique across multiple
protocol endpoints. This introduces linkability across multiple
protocol endpoints. Historically this was never seen as an issue.
When web applications were build that required some form of user
authentication the notion of externalized or _federated_ user
authentication was established as a way to offload the work involved
in user management from each web application to some form of
centralized service. This is sometimes called "single sign on" - a
term used to describe the (sometimes, but not alwasy desirable)
property of authentication flows that a user can login in (sign on)
once and have the "logged in" state recognized across multiple
applications. State replication across multiple web application
carries with it a separate set of concerns which is not discussed
here.
In the late 1990s multiple protocols for "web single sign-on" were
developed. Soon the need to connect multiple "SSO-systems" across
different administrative and technical realms was recognized.
Bridging administrative realms is often called "federating" those
realms and the term "federated identity" owes its origin to this
practice. The development of standard protocols for federating
identity such as the Security Assertion Markup Language [SAML] and
Open ID Connect [OPENIDC] were initially created in the early to mid
2000s. These protocols are widely deployed today.
The notion of digital identity evolved as a generalization of the
"single sign-on" concept because modern federation protocols (OIDC,
SAML etc) are able to transport not only shared state about the sign-
in status of a user (eg in the form of a login-cookie) but can also
be used to share information about the subject (user) accessing the
service. In some cases identity federation protocols made it
possible to fully externalize identity management from the
application into an "identity provider"; a centralized service
responsible for maintaining information about users and _releasing_
such information in the form of _attributes_ to trusted services (aka
relying parties).
Federated identity can be thought of as an architecture for digital
identity where information about data subjects is maintained by
identity providers and shared with relying parties (sometimes called
service providers) as needed to allow subjects to be authenticated
and associated with appropriate authorization at the relying party.
Johansson Expires 4 September 2025 [Page 5]
�
Internet-Draft direct-presentation March 2025
Here is an illustration of how most federation protocols work. In
this example the Subject is requesting some resource at the RP that
requires authentication. The RP issues an authentication requests
which is sent to the IdP. The IdP prompts the user to present login
credentials (username/password or some other authentication token)
and after successfully verifying that the Subject matches the login
credentials in the IdPs database the IdP returns an authentication
response to the RP.
A brief illustration of the typical federation flow is useful. For
the purpose of this illustration we are not considering the precise
way in which protocol messages are transported between IdP and RP,
nor do we consider how the Subject is represented in the interaction
between the IdP and RP (eg if a user-agent is involved).
Subject -> RP: Initiate authentication flow
RP -> IdP: Authentication request
IdP --> Subject: Prompt for login credentials
Subject --> IdP: Presents login credentials
RP <-- IdP: Authentication response
Subject <-- RP: Success!
Note that
* The Subject only presents login credentials to the RP
* The IdP learns which RP the subject is requesting access to
* The RP trusts the IdP to accurately represent information about
the Subject
The limitation of this type of architecture and the need to evolve
the architecture into direct presentation flow is primarily the
second point: the IdP has information about every RP the Subject has
ever used. Together with the use of linkable attributes at the RP
this becomes a major privacy leak and a signifficant drawback of this
type of architecture.
The notion of "Self Sovreign Identity" (SSI) was first introduced in
the blogpost [PathToSSI] by Christopher Allen. The concept initially
relied heavily on the assumed dependency on blockchain technology.
Recently there has been work to abstract the concepts of SSI away
from a dependency on specificy technical solutions and desribe the
key concepts of SSI independently of the use of blockchain.
The purpose of this document is to create a reference architecture
for some of the concepts involved in SSI in such a way that different
implementations can be contrasted and compared. This document
Johansson Expires 4 September 2025 [Page 6]
�
Internet-Draft direct-presentation March 2025
attempts to define a set of core normative requirement and also
introduce the notion of direct presentation flow to denote the
practice of using a mediator to allow the data subject control over
the digital credential sharing flow.
Direct presentation flow should be seen as a generalization of the
Self-Sovereign Identity concept in the sense that unlike SSI, direct
presentation make no assumptions or value judgements about the
relative merits of third party data ownership and control. The basic
architecture of direct presentation does empower the user with more
control than the federated model does but in the SSI architecture the
user always has full control over every aspect of data sharing with
the RP. This is not necessarily true (eg for legal reasons) in all
cases which is why there is a need to desribe the technical
underpinnings of direct presentation flows in such a way that the
full SSI model can be a special case of a direct presentation
architecture.
5. Actors and Entities
5.1. Subject and Presenter
The data subject is the entity that the credential describes, such as
an individual, an organization, or even an IoT device. However, the
presenter—the actor delivering the credential to the verifier—may not
always be the data subject. For example, an administrator might
present credentials on behalf of an organization, or a software agent
might act as a presenter in automated workflows.
This distinction between the data subject and the presenter allows
the architecture to support complex use cases, such as power-of-
attorney scenarios or enterprise credentialing systems.
5.2. Presentation Mediator
The presentation mediator (mediator for short) is the core active
component of this architecture. It initiates and mediates credential
presentations, ensuring compliance with data subject preferences and
system policies. For example, it might enforce selective disclosure,
revealing only the subject's date of birth to a verifier while
withholding other personal details. The subject controls a
presentation mediator.
Unlike a credential store, the presentation mediator is responsible
for orchestrating interactions with verifiers, performing
cryptographic operations, and generating presentation proofs.
Johansson Expires 4 September 2025 [Page 7]
�
Internet-Draft direct-presentation March 2025
The mediator is used by the subject to communicate with issuers and
verifiers. The nature of the control the user has over the mediator
varies but minimally the user must be able to initiate the receipt of
credentials from an issuer and the generation and transmission of
presentation proofs to a verifier.
5.3. Credential Store
The credential store is a passive repository where credentials are
securely stored. Its primary function is to provide the presentation
mediator with access to the credentials it needs to generate
presentation proofs. By separating storage from active mediation,
the architecture enhances modularity and allows credential stores to
be managed independently from presentation logic.
5.4. Credentials and Presentation Proofs
A digital identity credential (abbreviated as 'credential' in this
document) is an object representing a set of data associated with a
subject. The credential MAY contain data that uniquely identify a
single subject. A digital identity credential is typically
cryptographically bound both to the issuer and to the mediator where
it is stored. A presentation proof (abbreviated as 'presentation' in
this document) is a proof that a particular issuer has provided a
particular set of credentials to the mediator. A presentation can be
verified by at least one verifier. A presentation proof can be based
on data present in a single credential or in multiple or even on the
result of computations based on a set of credentials. A common
example is a presentation proof that a subject is legally permitted
to take driving lessons. This is a binary attribute the result of a
computation involving knowledge of both the biological age of the
subject aswell as legal restrictions that apply to the juristiction
where the verifier is operating.
5.5. Issuer and Verifier
An issuer is a set of protcol endpoints that allow a mediator to
receive a credential. Credentials issued by the issuer are
cryptographically bound to that issuer and to the receiving mediator.
A verfier is a set of protocol endpoints that allow a mediator to
send a presentation to a verifier. A verifier is typically a
component used to provide an application with data about the subject
- for instance in the context of an authentication process.
Johansson Expires 4 September 2025 [Page 8]
�
Internet-Draft direct-presentation March 2025
6. Presentation Flows
Credential presentation flows describe how information from
credentials are transmitted from the mediator to the verifier. This
architecture focuses on direct presentation flows, but it also
accommodates variations such as delegated and assisted presentations.
6.1. Direct Presentation Flow
The basic direct presentation flows looks like this:
group issuance
Subject --> Mediator: <<initiate credential request>>
activate Mediator
Issuer <-- Mediator: request credential
activate Issuer
Issuer --> Issuer: <<generate credential>>
return credential
deactivate Issuer
deactivate Mediator
deactivate Subject
end
group verification
Verifier --> Mediator: request presentation
activate Mediator
Mediator --> Presenter: <<prompt to select credential(s)>>
activate Presenter
Mediator <-- Presenter: <<select claims from credential(s)>>
deactivate Presenter
Mediator --> Mediator: <<generate presentation proof selection>>
return presentation proof
deactivate Mediator
end
The mediator (acting on behalf of the subject) requests a credential
from the issuer. The way this flow is initiated is implementation
dependent and in some cases (notably in [OIDC4VCI]) the flow often
starts with the subject visiting a web page at the issuer where the
subject is first authenticated and then presented with means to
launch a credential issuance request using their mediator. These
details are left out from the diagram above.
The credential is generated by the issuer presumably based on
information the issuer has about the data subject but exactly how the
credential is generated is implementation dependent and out of scope
for this specification. The claims in the credential typically comes
from some source with which the issuer has a trust relationship. The
Johansson Expires 4 September 2025 [Page 9]
�
Internet-Draft direct-presentation March 2025
term "authentic source" is sometimes used when there is a need to
distinguish the source of the claims in a credential from the source
of the credential which by definition is the issuer.
The mediator receives a credential from the issuer. The credential
is bound both to the mediator and to the issuer in such a way that
presentation proofs generated from the credential can be used to
verify said bindings.
At some later point, the subject wants to use the credentials in
their mediator to provide identity data to an application. The
application has a verifier (a specific software component responsible
for verifying presentation proofs) associated with it. The mediator
- often after involving the user in some form of interaction to
choose which credential(s) to use and what parts of the credential(s)
to include - generates a presentation proof and sends it to the
verifier. The precise way this flow is initiated is again
implementation dependent and in some cases (notably [OIDC4VP]) the
flow starts with the subject visiting the application and hitting a
"login" button which directs the users device to launch the mediator
to complete the flow. These details are left out of the diagram
above.
Upon receipt of the presentation the verifier verifies the issuer and
mediator binding (aka holder binding) of the proof and - if the
implementation supports revocation - the current validity of the
underlying credential(s). If successful the data in the proof is
made available to the application.
6.2. Delegated or Assisted Presentation Flow
Delegated flows occur when a third party, such as an enterprise or
legal representative, is authorized to present credentials on behalf
of the data subject. The presentation mediator ensures that
delegation is properly scoped and authorized, preventing misuse.
Assisted flows involve granting limited rights to a third party to
act on behalf of the data subject. This may take the form of a
secondary credential that grants access to the mediator for the
purpose of generating and transmitting presentation proofs on behalf
of the data subject.
7. Normative Requirements
7.1. Subject control
The mediator SHOULD provide the subject with the means to control
which data from a credential is used in a presentation proof.
Johansson Expires 4 September 2025 [Page 10]
�
Internet-Draft direct-presentation March 2025
The mediator MUST NOT be able to generate a presentation proof
without the participation and approval of the data subject.
7.2. Selective Disclosure
A conformant implementation SHOULD identify a format for representing
digital credentials that make it possible for the subject to select a
subset of the data present in the credential for inclusion in a
presentation proof.
Note that there are situations where selective disclosure isn't
applicable, for instance when the data subject is legally complelled
to present a credential. Exactly when selective disclosure is
available as an option and what aspects of the credential is
meaningful to select is an implementation issue and out of scope.
7.3. Issuer Binding
A verifier MUST be able to verifiy the identity of the issuer of the
credential from a presentation proof.
7.4. Mediator Binding
The verifier MUST be able to verify that the mediator sending the
presentation proof is the same mediator that received the credential
from which the presentation proof was derived.
Note that this is often termed 'holder' binding because the mediator
is sometimes called the holder.
7.5. Non-linkability and data minimization
The verifier MUST NOT be able to infer information about data or
subjects not present in the presentation. This includes any
association between the mediator or subject and other issuers and
verifiers not associated with the presentation. In particular,
colluding verifiers MUST NOT be able to infer data not present in
presentation proofs.
7.6. Revocation
A conformant implementation SHOULD provide a way for an issuer to
revoke an issued digital credential in such a way that subsequent
attempts by a verifier to verify the authenticity of proofs based on
that credential fail.
Johansson Expires 4 September 2025 [Page 11]
�
Internet-Draft direct-presentation March 2025
8. Profiles
Several profiles of this reference architecture exist. We present
two below.
8.1. OpenID and SD-JWT
A minimal profile of the direct presentation credential architecture
is as follows:
1. Digital credentials are represented as SD-JWT objects [SDJWT]
2. An issuer implements the OP side of [OIDC4VCI]
3. A verifier implements RP side of [OIDC4VP]
4. A mediator implements the RP side of [OIDC4VCI] and the OP side
of [OIDC4VP]
A mediator conforming to this profile is essentially an openid
connect store-and-proove proxy with a user interface allowing the
subject control over selective disclosure.
This minimal profile fulfills several of the requirements in the
previous section:
* Selective disclosure is provided by the use of SD-JWT objects to
represent credential and presentation objects.
* Issuer binding is provided by a combination of digital signatures
on SD-JWTs and OpenID connect authentication between the mediator
and issuer.
* Non-linkability is provided by not reusing SD-JWTs from the issuer
for multiple presentations. The mediator MAY obtain multiple
copies of the same SD-JWT credentials from the mediator at the
same time. These can then be used to generate separate
presentation objects, never reusing the same SD-JWT credential for
separate verifiers.
This profile does not provide any solution for revocation and it
leaves the question of how OpenID connect entities (issuers,
verifiers and mediator) trust each other. There are also real
scalability issues involved in how the digital signature keys are
managed but as a minimal profile it illustrates the components
necessary to make a direct presentation architecture work.
Johansson Expires 4 September 2025 [Page 12]
�
Internet-Draft direct-presentation March 2025
8.2. Anoncreds
TODO: write about hyperledger & anoncreds
8.3. The EU Digital Identity Wallet
The EU digital identity wallet (EUID wallet) as defined by the
architecture reference framework [ARF] is an evolving profile for a
direct presentation architecture that includes several aspects of the
minimal profile above. Note that the EUID wallet specification is in
flux and subect to signifficant change.
9. Security Considerations
One of the main security considerations of a direct presentation
credential architecture is how to establish the transactional trust
between both the entities (mediators, issuers and verifiers) aswell
as the technical trust necessary for the cryptographic binding
between the digital credentials and their associated presentation.
Digital credentials are sometimes long-lived which also raises the
issue of revocation with its associated security requirements.
10. IANA Considerations
None so far
11. References
11.1. Normative References
[OIDC4VCI] Lodderstedt, T., Yatsuda, K., and T. Looker, "OpenID for
Verifiable Credential Issuance", n.d.,
<https://openid.net/specs/openid-4-verifiable-credential-
issuance-1_0.html>.
[OIDC4VP] Terbu, O., Lodderstedt, T., Yatsuda, K., Lemmon, A., and
T. Looker, "OpenID for Verifiable Presentations", n.d.,
<https://openid.net/specs/openid-connect-4-verifiable-
presentations-1_0-07.html#name-authors-addresses>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/rfc/rfc2119>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.
Johansson Expires 4 September 2025 [Page 13]
�
Internet-Draft direct-presentation March 2025
[SDJWT] Fett, D., Yasuda, K., and B. Campbell, "Selective
Disclosure for JWTs (SD-JWT)", Work in Progress, Internet-
Draft, draft-ietf-oauth-selective-disclosure-jwt-17, 1
March 2025, <https://datatracker.ietf.org/doc/html/draft-
ietf-oauth-selective-disclosure-jwt-17>.
11.2. Informative References
[ARF] COM, "The European Digital identity Wallet architecture
and Reference framework", n.d., <https://digital-
strategy.ec.europa.eu/en/library/european-digital-
identity-wallet-architecture-and-reference-framework>.
[OPENIDC] Sakimura, N., Bradley, J., Jones, M., de Medeiros, B., and
C. Mortimore, "OpenID Connect Core 1.0", 2014.
[PathToSSI]
Allen, C., "The Path to Self-Sovereign Identiy", n.d.,
<http://www.lifewithalacrity.com/2016/04/the-path-to-self-
soverereign-identity.html>.
[SAML] Hallam-Baker, P. and E. Maler, "Assertions and Protocol
for the OASIS Security Assertion Markup Language (SAML)",
OASIS Committee Specification sstc-core, 31 May 2002,
<http://www.oasis-open.org/committees/security/docs/cs-
sstc-core-01.pdf>.
Acknowledgments
Several people have contributed to this text through discussion. The
author especially wishes to acknowledge the following individuals who
have helped shape the thinking around trust and identity in general
and this topic in particular.
* Pamela Dingle
* Heather Flanagan
* Peter Altman
* Giuseppe DeMarco
* Lucy Lynch
* R.L. 'Bob' Morgan
* Jeff Hodges
Johansson Expires 4 September 2025 [Page 14]
�
Internet-Draft direct-presentation March 2025
Author's Address
Leif Johansson
Sunet
Email: leifj@sunet.se
Johansson Expires 4 September 2025 [Page 15]