<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.msochpdefault, li.msochpdefault, div.msochpdefault
{mso-style-name:msochpdefault;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Calibri",sans-serif;}
span.emailstyle17
{mso-style-name:emailstyle17;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle23
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:623121167;
mso-list-type:hybrid;
mso-list-template-ids:1452990094 1074331663 1074331673 1074331675 1074331663 1074331673 1074331675 1074331663 1074331673 1074331675;}
@list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l1
{mso-list-id:855583054;
mso-list-type:hybrid;
mso-list-template-ids:-1653192388 -1687895562 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l1:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:\F06E;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:.75in;
text-indent:-.25in;
font-family:Wingdings;
mso-fareast-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.25in;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.75in;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:2.25in;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:2.75in;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:3.25in;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:3.75in;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:4.25in;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:4.75in;
text-indent:-.25in;
font-family:Wingdings;}
@list l2
{mso-list-id:2084600896;
mso-list-type:hybrid;
mso-list-template-ids:-1086529294 1074331663 1074331673 1074331675 1074331663 1074331673 1074331675 1074331663 1074331673 1074331675;}
@list l2:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l2:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l2:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">From description of use case, looks like you want ‘service user’ to access any tenant resource regardless of that user has a tenant role or not and without explicit read assignment on that resource. This can
be done via a customized policy where related ‘get’ calls are allowed access for a specific role and assign that role to ‘service user’. This role check can be made restrictive by looking for specific ‘service’ tenant or ‘service’ domain.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">-Arun<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Vijay Venkatachalam [mailto:Vijay.Venkatachalam@citrix.com]
<br>
<b>Sent:</b> Friday, September 18, 2015 1:16 PM<br>
<b>To:</b> OpenStack Development Mailing List (not for usage questions)<br>
<b>Subject:</b> Re: [openstack-dev] [Barbican] Providing service user read access to all tenant's certificates<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span lang="EN-IN" style="color:#1F497D">Typos corrected.<o:p></o:p></span></p>
<p class="MsoNormal"><a name="_MailEndCompose"></a><span lang="EN-IN" style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Vijay Venkatachalam <br>
<b>Sent:</b> 18 September 2015 00:36<br>
<b>To:</b> OpenStack Development Mailing List (not for usage questions) <<a href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a>><br>
<b>Subject:</b> RE: [openstack-dev] [Barbican] Providing service user read access to all tenant's certificates<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-IN"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-IN" style="color:#1F497D">Yes Dave, that is what is happening today.
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-IN" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-IN" style="color:#1F497D">But that approach looks a little untidy, because tenant admin has to do some infrastructure work.
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-IN" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-IN" style="color:#1F497D">It will be good from the user/tenant admin’s perspective to just do 2 things<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo2"><![if !supportLists]><span lang="EN-IN" style="color:#1F497D"><span style="mso-list:Ignore">1.<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN-IN" style="color:#1F497D">Upload certificates info<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo2"><![if !supportLists]><span lang="EN-IN" style="color:#1F497D"><span style="mso-list:Ignore">2.<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN-IN" style="color:#1F497D">Create LBaaS Configuration with certificates already uploaded<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-IN" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-IN" style="color:#1F497D">Now because barbican and LBaaS does *<b>not</b>* work nicely with each other, every tenant admin has to do the following<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-IN" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l2 level1 lfo4"><![if !supportLists]><span lang="EN-IN" style="color:#1F497D"><span style="mso-list:Ignore">1.<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN-IN" style="color:#1F497D">Upload certificates info<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l2 level1 lfo4"><![if !supportLists]><span lang="EN-IN" style="color:#1F497D"><span style="mso-list:Ignore">2.<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN-IN" style="color:#1F497D">Read a document or finds out there is a LBaaS service user and somehow gets hold of LBaaS service user’s userid. Assigns read rights to that certificate to LBaaS service user.<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l2 level1 lfo4"><![if !supportLists]><span lang="EN-IN" style="color:#1F497D"><span style="mso-list:Ignore">3.<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN-IN" style="color:#1F497D">Creates LBaaS Configuration with certificates already uploaded<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-IN" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-IN" style="color:#1F497D">This does not fit the “As a service” model of OpenStack where tenant’s just configure whatever they want and the infrastructure takes care of automating the rest.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-IN" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-IN" style="color:#1F497D">Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-IN" style="color:#1F497D">Vijay V.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-IN" style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Dave McCowan (dmccowan) [<a href="mailto:dmccowan@cisco.com">mailto:dmccowan@cisco.com</a>]
<br>
<b>Sent:</b> 17 September 2015 18:20<br>
<b>To:</b> OpenStack Development Mailing List (not for usage questions) <<a href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a>><br>
<b>Subject:</b> Re: [openstack-dev] [Barbican] Providing service user read access to all tenant's certificates<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-IN"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-IN" style="font-size:10.5pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-IN" style="font-size:10.5pt;color:black">The tenant admin from Step 1, should also do Step 2.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-IN" style="font-size:10.5pt;color:black"><o:p> </o:p></span></p>
</div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span lang="EN-IN" style="color:black">From: </span></b><span lang="EN-IN" style="color:black">Vijay Venkatachalam <<a href="mailto:Vijay.Venkatachalam@citrix.com">Vijay.Venkatachalam@citrix.com</a>><br>
<b>Reply-To: </b>"OpenStack Development Mailing List (not for usage questions)" <<a href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a>><br>
<b>Date: </b>Wednesday, September 16, 2015 at 9:57 PM<br>
<b>To: </b>"OpenStack Development Mailing List (not for usage questions)" <<a href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a>><br>
<b>Subject: </b>Re: [openstack-dev] [Barbican] Providing service user read access to all tenant's certificates<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-IN" style="font-size:10.5pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<div>
<p class="MsoNormal"><span lang="EN-IN" style="color:#1F497D"> </span><span lang="EN-IN" style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-IN" style="color:#1F497D">How does lbaas do step 2?
</span><span lang="EN-IN" style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-IN" style="color:#1F497D">It does not have the privilege for that secret/container using the service user.
</span><span lang="EN-IN" style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-IN" style="color:#1F497D">Should it use the keystone token through which user created LB config and assign read access for the secret/container to the LBaaS service user?</span><span lang="EN-IN" style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-IN" style="color:#1F497D"> </span><span lang="EN-IN" style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-IN" style="color:#1F497D">Thanks,</span><span lang="EN-IN" style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-IN" style="color:#1F497D">Vijay V.</span><span lang="EN-IN" style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-IN" style="color:#1F497D"> </span><span lang="EN-IN" style="color:black"><o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="color:black">From:</span></b><span style="color:black"> Fox, Kevin M [<a href="mailto:Kevin.Fox@pnnl.gov">mailto:Kevin.Fox@pnnl.gov</a>]
<br>
<b>Sent:</b> 16 September 2015 19:24<br>
<b>To:</b> OpenStack Development Mailing List (not for usage questions) <<a href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a>><br>
<b>Subject:</b> Re: [openstack-dev] [Barbican] Providing service user read access to all tenant's certificates</span><span lang="EN-IN" style="color:black"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-IN" style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-IN" style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black">Why not have lbaas do step 2? Even better would be to help with the instance user spec and combined with lbaas doing step 2, you could restrict
secret access to just the amphora that need the secret?<br>
<br>
Thanks,<br>
Kevin </span><span lang="EN-IN" style="color:black"><o:p></o:p></span></p>
<div>
<p class="MsoNormal"><b><span lang="EN-IN" style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black"> </span></b><span lang="EN-IN" style="color:black"><o:p></o:p></span></p>
</div>
<div class="MsoNormal" align="center" style="text-align:center"><span lang="EN-IN" style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black">
<hr size="3" width="100%" align="center">
</span></div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span lang="EN-IN" style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black">From:</span></b><span lang="EN-IN" style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black"> Vijay Venkatachalam<br>
<b>Sent:</b> Tuesday, September 15, 2015 7:06:39 PM<br>
<b>To:</b> OpenStack Development Mailing List (<a href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a>)<br>
<b>Subject:</b> [openstack-dev] [Barbican] Providing service user read access to all tenant's certificates</span><span lang="EN-IN" style="color:black"><o:p></o:p></span></p>
<div>
<div>
<p class="MsoNormal"><span lang="EN-IN" style="color:black">Hi,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-IN" style="color:black"> Is there a way to provide read access to a certain user to all secrets/containers of all project/tenant’s certificates?<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-IN" style="color:black"> This user with universal “read” privilege’s will be used as a service user by LBaaS plugin to read tenant’s certificates during LB configuration implementation.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-IN" style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-IN" style="color:black"> Today’s LBaaS users are following the below mentioned process
<o:p></o:p></span></p>
<p class="MsoListParagraph" style="margin-left:1.0in;text-indent:-.25in"><span lang="EN-IN" style="color:black">1.</span><span lang="EN-IN" style="font-size:7.0pt;font-family:"Times New Roman",serif;color:black">
</span><span lang="EN-IN" style="color:black">tenant’s creator/admin user uploads a certificate info as secrets and container<o:p></o:p></span></p>
<p class="MsoListParagraph" style="margin-left:1.0in;text-indent:-.25in"><span lang="EN-IN" style="color:black">2.</span><span lang="EN-IN" style="font-size:7.0pt;font-family:"Times New Roman",serif;color:black">
</span><span lang="EN-IN" style="color:black">User then have to create ACLs for the LBaaS service user to access the containers and secrets<o:p></o:p></span></p>
<p class="MsoListParagraph" style="margin-left:1.0in;text-indent:-.25in"><span lang="EN-IN" style="color:black">3.</span><span lang="EN-IN" style="font-size:7.0pt;font-family:"Times New Roman",serif;color:black">
</span><span lang="EN-IN" style="color:black">User creates LB config with the container reference<o:p></o:p></span></p>
<p class="MsoListParagraph" style="margin-left:1.0in;text-indent:-.25in"><span lang="EN-IN" style="color:black">4.</span><span lang="EN-IN" style="font-size:7.0pt;font-family:"Times New Roman",serif;color:black">
</span><span lang="EN-IN" style="color:black">LBaaS plugin using the service user will then access container reference provided in LB config and proceeds to implement.<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span lang="EN-IN" style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span lang="EN-IN" style="color:black">Ideally we would want to avoid step 2 in the process. Instead add a step 5 where the lbaas plugin’s service user checks if the user configuring the LB has read access to the
container reference provided.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-IN" style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-IN" style="color:black">Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-IN" style="color:black">Vijay V.<o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</body>
</html>