From internet-drafts@ietf.org  Tue May  1 00:12:50 2012
Return-Path: <internet-drafts@ietf.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68A7E21F866A; Tue,  1 May 2012 00:12:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.52
X-Spam-Level: 
X-Spam-Status: No, score=-102.52 tagged_above=-999 required=5 tests=[AWL=0.079, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n2AqZZCZlHqA; Tue,  1 May 2012 00:12:50 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 019BB21F864A; Tue,  1 May 2012 00:12:50 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 4.02
Message-ID: <20120501071250.28419.16295.idtracker@ietfa.amsl.com>
Date: Tue, 01 May 2012 00:12:50 -0700
Cc: oauth@ietf.org
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-26.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 May 2012 07:12:50 -0000

A New Internet-Draft is available from the on-line Internet-Drafts director=
ies. This draft is a work item of the Web Authorization Protocol Working Gr=
oup of the IETF.

	Title           : The OAuth 2.0 Authorization Framework
	Author(s)       : Eran Hammer
                          David Recordon
                          Dick Hardt
	Filename        : draft-ietf-oauth-v2-26.txt
	Pages           : 66
	Date            : 2012-05-01

   The OAuth 2.0 authorization framework enables a third-party
   application to obtain limited access to an HTTP service, either on
   behalf of a resource owner by orchestrating an approval interaction
   between the resource owner and the HTTP service, or by allowing the
   third-party application to obtain access on its own behalf.  This
   specification replaces and obsoletes the OAuth 1.0 protocol described
   in RFC 5849.


A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-26.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

This Internet-Draft can be retrieved at:
ftp://ftp.ietf.org/internet-drafts/draft-ietf-oauth-v2-26.txt

The IETF datatracker page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-v2/


From Michael.Jones@microsoft.com  Tue May  1 16:04:41 2012
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6374821E8042 for <oauth@ietfa.amsl.com>; Tue,  1 May 2012 16:04:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.918
X-Spam-Level: 
X-Spam-Status: No, score=-3.918 tagged_above=-999 required=5 tests=[AWL=-0.320, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7siPgYYKC046 for <oauth@ietfa.amsl.com>; Tue,  1 May 2012 16:04:40 -0700 (PDT)
Received: from db3outboundpool.messaging.microsoft.com (db3ehsobe003.messaging.microsoft.com [213.199.154.141]) by ietfa.amsl.com (Postfix) with ESMTP id 793A921E8024 for <oauth@ietf.org>; Tue,  1 May 2012 16:04:39 -0700 (PDT)
Received: from mail111-db3-R.bigfish.com (10.3.81.235) by DB3EHSOBE001.bigfish.com (10.3.84.21) with Microsoft SMTP Server id 14.1.225.23; Tue, 1 May 2012 23:04:31 +0000
Received: from mail111-db3 (localhost [127.0.0.1])	by mail111-db3-R.bigfish.com (Postfix) with ESMTP id 16DFB380144	for <oauth@ietf.org>; Tue,  1 May 2012 23:04:31 +0000 (UTC)
X-SpamScore: -21
X-BigFish: VS-21(zzc85fh4015Izz1202hzz8275ch1033IL8275bh8275dhz2fh2a8h668h839hd25h)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC107.redmond.corp.microsoft.com; RD:none; EFVD:NLI
Received-SPF: pass (mail111-db3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC107.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail111-db3 (localhost.localdomain [127.0.0.1]) by mail111-db3 (MessageSwitch) id 1335913469823986_6839; Tue,  1 May 2012 23:04:29 +0000 (UTC)
Received: from DB3EHSMHS011.bigfish.com (unknown [10.3.81.239])	by mail111-db3.bigfish.com (Postfix) with ESMTP id C4DE516009E	for <oauth@ietf.org>; Tue,  1 May 2012 23:04:29 +0000 (UTC)
Received: from TK5EX14HUBC107.redmond.corp.microsoft.com (131.107.125.8) by DB3EHSMHS011.bigfish.com (10.3.87.111) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 1 May 2012 23:04:29 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.73]) by TK5EX14HUBC107.redmond.corp.microsoft.com ([157.54.80.67]) with mapi id 14.02.0298.005; Tue, 1 May 2012 23:04:33 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: Proposed URN for JWT token type: urn:ietf:params:oauth:token-type:jwt
Thread-Index: Ac0n7r50FdrdHwkzRluns73GP1Xm7g==
Date: Tue, 1 May 2012 23:04:32 +0000
Message-ID: <4E1F6AAD24975D4BA5B1680429673943664A485A@TK5EX14MBXC284.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.32]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B1680429673943664A485ATK5EX14MBXC284r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Subject: [OAUTH-WG] Proposed URN for JWT token type: urn:ietf:params:oauth:token-type:jwt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 May 2012 23:04:41 -0000

--_000_4E1F6AAD24975D4BA5B1680429673943664A485ATK5EX14MBXC284r_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I'm editing the JWT spec to prepare for the OAuth WG version and to track c=
hanges in the JOSE specs.  Currently the "typ" values defined for JWT token=
s are "JWT" and "http://openid.net/specs/jwt/1.0" (see http://tools.ietf.or=
g/html/draft-jones-json-web-token-08#section-5).  I believe that the URN va=
lue should be changed to use a URN taken from the OAuth URN namespace urn:i=
etf:params:oauth (defined in http://tools.ietf.org/html/draft-ietf-oauth-ur=
n-sub-ns-02).

I propose to use the URN:
               urn:ietf:params:oauth:token-type:jwt

I believe this fits well with the other four uses of this namespace to date=
:
               urn:ietf:params:oauth:grant-type:saml2-bearer
               urn:ietf:params:oauth:client-assertion-type:saml2-bearer
               urn:ietf:params:oauth:grant-type:jwt-bearer
               urn:ietf:params:oauth:client-assertion-type:jwt-bearer

(The first two are from http://tools.ietf.org/html/draft-ietf-oauth-saml2-b=
earer-11.  The latter two are from http://tools.ietf.org/html/draft-jones-o=
auth-jwt-bearer-04.)

Do people agree with this URN choice?

                                                            Thanks,
                                                            -- Mike


--_000_4E1F6AAD24975D4BA5B1680429673943664A485ATK5EX14MBXC284r_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal">I&#8217;m editing the JWT spec to prepare for the OA=
uth WG version and to track changes in the JOSE specs.&nbsp; Currently the =
&#8220;typ&#8221; values defined for JWT tokens are &#8220;JWT&#8221; and &=
#8220;http://openid.net/specs/jwt/1.0&#8221; (see
<a href=3D"http://tools.ietf.org/html/draft-jones-json-web-token-08#section=
-5">http://tools.ietf.org/html/draft-jones-json-web-token-08#section-5</a>)=
.&nbsp; I believe that the URN value should be changed to use a URN taken f=
rom the OAuth URN namespace urn:ietf:params:oauth
 (defined in <a href=3D"http://tools.ietf.org/html/draft-ietf-oauth-urn-sub=
-ns-02">
http://tools.ietf.org/html/draft-ietf-oauth-urn-sub-ns-02</a>).<o:p></o:p><=
/p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">I propose to use the URN:<sup><o:p></o:p></sup></p>
<p class=3D"MsoNormal">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; urn:ietf:params:oauth:token-type:jwt<o:p><=
/o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">I believe this fits well with the other four uses of=
 this namespace to date:<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; urn:ietf:params:oauth:grant-type:saml2-bea=
rer<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; urn:ietf:params:oauth:client-assertion-typ=
e:saml2-bearer<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; urn:ietf:params:oauth:grant-type:jwt-beare=
r&nbsp; <o:p>
</o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; urn:ietf:params:oauth:client-assertion-typ=
e:jwt-bearer<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">(The first two are from <a href=3D"http://tools.ietf=
.org/html/draft-ietf-oauth-saml2-bearer-11">
http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-11</a>. &nbsp;The =
latter two are from
<a href=3D"http://tools.ietf.org/html/draft-jones-oauth-jwt-bearer-04">http=
://tools.ietf.org/html/draft-jones-oauth-jwt-bearer-04</a>.)<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Do people agree with this URN choice?<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p; Thanks,<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p; -- Mike<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
</body>
</html>

--_000_4E1F6AAD24975D4BA5B1680429673943664A485ATK5EX14MBXC284r_--

From bcampbell@pingidentity.com  Tue May  1 16:26:54 2012
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D373521E8094 for <oauth@ietfa.amsl.com>; Tue,  1 May 2012 16:26:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.943
X-Spam-Level: 
X-Spam-Status: No, score=-5.943 tagged_above=-999 required=5 tests=[AWL=0.034,  BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dXNdLpwNsyQt for <oauth@ietfa.amsl.com>; Tue,  1 May 2012 16:26:54 -0700 (PDT)
Received: from na3sys009aog124.obsmtp.com (na3sys009aog124.obsmtp.com [74.125.149.151]) by ietfa.amsl.com (Postfix) with ESMTP id 4831E21E8086 for <oauth@ietf.org>; Tue,  1 May 2012 16:26:51 -0700 (PDT)
Received: from mail-vx0-f173.google.com ([209.85.220.173]) (using TLSv1) by na3sys009aob124.postini.com ([74.125.148.12]) with SMTP ID DSNKT6BxOnoxUcDJhVZZ8qv4h3aX2aXTS19Z@postini.com; Tue, 01 May 2012 16:26:51 PDT
Received: by vcbfl11 with SMTP id fl11so40913vcb.18 for <oauth@ietf.org>; Tue, 01 May 2012 16:26:49 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding:x-gm-message-state; bh=qOtK0ml6bw2qlOdpooTDdguWETb7iavgWb5nPNd4uG8=; b=e9MwO+jHLnA+gw+Tcw86O1NQN2IY6MYD2hCQJ8V4DI1mANjVV3rqECNHFDBxphf8lH EA+wloyb8Dy8AwL/RidFxLNuslySzayaoocZhFaIbHZgtUBy+yhrnryIm4K1LKND2xcx J8Pf7M89prbD8NI/uZZRaQLt+WxUgig1Hbv6GLTq/zgHV+4NY+/9ZKBhp1eT/OpR/weY BcYTBdo5c3puWGIyxsuxzDs+sfzRu/RkITXc/cLdrn157xuhLHZjj4fKi2KlTcNoZPMP zDhmXzAeQLH/8CQXd9zLvfJF0ZwyLTC5iW+YwGnTpIFoxYhVEgkMzx0zG5WVb0mE79vo 1jvQ==
Received: by 10.220.240.195 with SMTP id lb3mr3526672vcb.63.1335914809714; Tue, 01 May 2012 16:26:49 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.38.104 with HTTP; Tue, 1 May 2012 16:26:19 -0700 (PDT)
In-Reply-To: <4E1F6AAD24975D4BA5B1680429673943664A485A@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <4E1F6AAD24975D4BA5B1680429673943664A485A@TK5EX14MBXC284.redmond.corp.microsoft.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Tue, 1 May 2012 17:26:19 -0600
Message-ID: <CA+k3eCR7krjyGLmaHrutoq8_xKTMFwug-1q+VhO4Nk6gwtTpjQ@mail.gmail.com>
To: Mike Jones <Michael.Jones@microsoft.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQlKduKlm4kNHS4WiofYpXkxoPttDt1NHhsSivss4mUpmIMhC8AZ8okH6UzSV9xe2n5vKl7k
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Proposed URN for JWT token type: urn:ietf:params:oauth:token-type:jwt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 May 2012 23:26:54 -0000

The only concern I might raise with it is that use of the "token-type"
part might lead to some confusion. The term token type and the
parameter token_type are already pretty loaded and have specific
meaning from the core OAuth framework:
http://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-7.1

That token type is about providing "the client with the information
required to successfully utilize the access token to make a protected
resource request" (i.e. mac and bearer) and is not about the structure
of the token itself which is what this URI seems to want to describe.
JWTs are usually thought of as bearer type tokens but might someday
have HoK (http://lists.openid.net/pipermail/openid-specs-ab/Week-of-Mon-201=
20430/001860.html)
or mac like constructs.

I don't think there's really a problem with name collisions here but I
think that the current use of token type in the frame work spec is
already the cause of some confusion and I'd hate to exacerbate that.

On Tue, May 1, 2012 at 5:04 PM, Mike Jones <Michael.Jones@microsoft.com> wr=
ote:
> I=92m editing the JWT spec to prepare for the OAuth WG version and to tra=
ck
> changes in the JOSE specs.=A0 Currently the =93typ=94 values defined for =
JWT
> tokens are =93JWT=94 and =93http://openid.net/specs/jwt/1.0=94 (see
> http://tools.ietf.org/html/draft-jones-json-web-token-08#section-5).=A0 I
> believe that the URN value should be changed to use a URN taken from the
> OAuth URN namespace urn:ietf:params:oauth (defined in
> http://tools.ietf.org/html/draft-ietf-oauth-urn-sub-ns-02).
>
>
>
> I propose to use the URN:
>
> =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 urn:ietf:params:oauth:token-ty=
pe:jwt
>
>
>
> I believe this fits well with the other four uses of this namespace to da=
te:
>
> =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 urn:ietf:params:oauth:grant-ty=
pe:saml2-bearer
>
> =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 urn:ietf:params:oauth:client-a=
ssertion-type:saml2-bearer
>
> =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 urn:ietf:params:oauth:grant-ty=
pe:jwt-bearer
>
> =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 urn:ietf:params:oauth:client-a=
ssertion-type:jwt-bearer
>
>
>
> (The first two are from
> http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-11. =A0The latte=
r two
> are from http://tools.ietf.org/html/draft-jones-oauth-jwt-bearer-04.)
>
>
>
> Do people agree with this URN choice?
>
>
>
> =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 Thanks,
>
> =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 -- Mike
>
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>

From Michael.Jones@microsoft.com  Tue May  1 17:39:38 2012
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5714421E8093 for <oauth@ietfa.amsl.com>; Tue,  1 May 2012 17:39:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.412
X-Spam-Level: 
X-Spam-Status: No, score=-5.412 tagged_above=-999 required=5 tests=[AWL=1.187,  BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vw4spn97Ymar for <oauth@ietfa.amsl.com>; Tue,  1 May 2012 17:39:37 -0700 (PDT)
Received: from tx2outboundpool.messaging.microsoft.com (tx2ehsobe004.messaging.microsoft.com [65.55.88.14]) by ietfa.amsl.com (Postfix) with ESMTP id 5145421F8A57 for <oauth@ietf.org>; Tue,  1 May 2012 17:39:37 -0700 (PDT)
Received: from mail163-tx2-R.bigfish.com (10.9.14.242) by TX2EHSOBE010.bigfish.com (10.9.40.30) with Microsoft SMTP Server id 14.1.225.23; Wed, 2 May 2012 00:39:29 +0000
Received: from mail163-tx2 (localhost [127.0.0.1])	by mail163-tx2-R.bigfish.com (Postfix) with ESMTP id 3E9764004EE; Wed,  2 May 2012 00:39:29 +0000 (UTC)
X-SpamScore: -37
X-BigFish: VS-37(zz9371I542M1432N1418I98dK4015Izz1202hzz8275ch1033IL8275bh8275dhz2fh2a8h668h839hd25h)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC102.redmond.corp.microsoft.com; RD:none; EFVD:NLI
Received-SPF: pass (mail163-tx2: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC102.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail163-tx2 (localhost.localdomain [127.0.0.1]) by mail163-tx2 (MessageSwitch) id 1335919166596968_6867; Wed,  2 May 2012 00:39:26 +0000 (UTC)
Received: from TX2EHSMHS023.bigfish.com (unknown [10.9.14.249])	by mail163-tx2.bigfish.com (Postfix) with ESMTP id 8CD1420054; Wed,  2 May 2012 00:39:26 +0000 (UTC)
Received: from TK5EX14HUBC102.redmond.corp.microsoft.com (131.107.125.8) by TX2EHSMHS023.bigfish.com (10.9.99.123) with Microsoft SMTP Server (TLS) id 14.1.225.23; Wed, 2 May 2012 00:39:26 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.73]) by TK5EX14HUBC102.redmond.corp.microsoft.com ([157.54.7.154]) with mapi id 14.02.0298.005; Wed, 2 May 2012 00:39:25 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Brian Campbell <bcampbell@pingidentity.com>
Thread-Topic: [OAUTH-WG] Proposed URN for JWT token type: urn:ietf:params:oauth:token-type:jwt
Thread-Index: AQHNJ/HkxYAdLJwMtk6eA3CrB25uIJa1o2Vw
Date: Wed, 2 May 2012 00:39:24 +0000
Message-ID: <4E1F6AAD24975D4BA5B1680429673943664A4AF4@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <4E1F6AAD24975D4BA5B1680429673943664A485A@TK5EX14MBXC284.redmond.corp.microsoft.com> <CA+k3eCR7krjyGLmaHrutoq8_xKTMFwug-1q+VhO4Nk6gwtTpjQ@mail.gmail.com>
In-Reply-To: <CA+k3eCR7krjyGLmaHrutoq8_xKTMFwug-1q+VhO4Nk6gwtTpjQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.32]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Proposed URN for JWT token type: urn:ietf:params:oauth:token-type:jwt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 May 2012 00:39:38 -0000

I understand what you're saying, but I still believe that the URN is the co=
rrect one.

While I agree that the potential for confusion is unfortunate, context will=
 actually successfully differentiate the two uses of similar terms.  Bear i=
n mind that the OAuth usage of the term is actually short for "Access Token=
 Type" (see OAuth Core sections 8.1 and 11.1), whereas the URN above is to =
provide a type identifier for a particular kind of security token.

I also believe that the examples in the Bearer spec (see http://tools.ietf.=
org/html/draft-ietf-oauth-v2-bearer-19#section-4), the MAC spec (see http:/=
/tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01#section-5.1), and the =
JWT spec will make the uses of these terms clear to implementers in context=
.

				-- Mike

-----Original Message-----
From: Brian Campbell [mailto:bcampbell@pingidentity.com]=20
Sent: Tuesday, May 01, 2012 4:26 PM
To: Mike Jones
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Proposed URN for JWT token type: urn:ietf:params:oa=
uth:token-type:jwt

The only concern I might raise with it is that use of the "token-type"
part might lead to some confusion. The term token type and the parameter to=
ken_type are already pretty loaded and have specific meaning from the core =
OAuth framework:
http://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-7.1

That token type is about providing "the client with the information require=
d to successfully utilize the access token to make a protected resource req=
uest" (i.e. mac and bearer) and is not about the structure of the token its=
elf which is what this URI seems to want to describe.
JWTs are usually thought of as bearer type tokens but might someday have Ho=
K (http://lists.openid.net/pipermail/openid-specs-ab/Week-of-Mon-20120430/0=
01860.html)
or mac like constructs.

I don't think there's really a problem with name collisions here but I thin=
k that the current use of token type in the frame work spec is already the =
cause of some confusion and I'd hate to exacerbate that.

On Tue, May 1, 2012 at 5:04 PM, Mike Jones <Michael.Jones@microsoft.com> wr=
ote:
> I'm editing the JWT spec to prepare for the OAuth WG version and to=20
> track changes in the JOSE specs.=A0 Currently the "typ" values defined=20
> for JWT tokens are "JWT" and "http://openid.net/specs/jwt/1.0" (see=20
> http://tools.ietf.org/html/draft-jones-json-web-token-08#section-5).=A0=20
> I believe that the URN value should be changed to use a URN taken from=20
> the OAuth URN namespace urn:ietf:params:oauth (defined in=20
> http://tools.ietf.org/html/draft-ietf-oauth-urn-sub-ns-02).
>
>
>
> I propose to use the URN:
>
> =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 urn:ietf:params:oauth:token-ty=
pe:jwt
>
>
>
> I believe this fits well with the other four uses of this namespace to da=
te:
>
> =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 urn:ietf:params:oauth:grant-ty=
pe:saml2-bearer
>
> =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=20
> urn:ietf:params:oauth:client-assertion-type:saml2-bearer
>
> =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 urn:ietf:params:oauth:grant-ty=
pe:jwt-bearer
>
> =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 urn:ietf:params:oauth:client-a=
ssertion-type:jwt-bearer
>
>
>
> (The first two are from
> http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-11. =A0The=20
> latter two are from=20
> http://tools.ietf.org/html/draft-jones-oauth-jwt-bearer-04.)
>
>
>
> Do people agree with this URN choice?
>
>
>
> =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 Thanks,
>
> =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 -- Mike
>
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>



From bcampbell@pingidentity.com  Wed May  2 05:25:21 2012
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 902B421F888F for <oauth@ietfa.amsl.com>; Wed,  2 May 2012 05:25:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.945
X-Spam-Level: 
X-Spam-Status: No, score=-5.945 tagged_above=-999 required=5 tests=[AWL=0.032,  BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MhRg-5LnIsOQ for <oauth@ietfa.amsl.com>; Wed,  2 May 2012 05:25:19 -0700 (PDT)
Received: from na3sys009aog118.obsmtp.com (na3sys009aog118.obsmtp.com [74.125.149.244]) by ietfa.amsl.com (Postfix) with ESMTP id 72C5321F888E for <oauth@ietf.org>; Wed,  2 May 2012 05:25:19 -0700 (PDT)
Received: from mail-vx0-f182.google.com ([209.85.220.182]) (using TLSv1) by na3sys009aob118.postini.com ([74.125.148.12]) with SMTP ID DSNKT6Enrh7gouQCnCmMnYm6MkVe53/r+M5x@postini.com; Wed, 02 May 2012 05:25:19 PDT
Received: by vcmm1 with SMTP id m1so459143vcm.13 for <oauth@ietf.org>; Wed, 02 May 2012 05:25:18 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding:x-gm-message-state; bh=OGSCfmNpViG3iMWwRnG0zV7VYnSdHpXR9cw6ePVO+us=; b=XoIipKxupfKpJQ2PT2AhwjJc6xCJyqh7ChhRT7xMO7q4JWe9eUUwoMuldPd6ivh9Bo IjbDX9fLnzkEbQbjk/y70EENNCLexOw5kl/Kat46HAQY6eQzuscQg22EDL3JBN9eQrSc yOMDhtyv0S2bRsoZQ6t8UAYAk5jmsHiKQqh27Qxwdym5RFnlbXxFQQB1yz8Ul0lSmvsF KWwn8fXCOoTw9nXtsKhgl0535FxrLzdidGMeYhl4PwTFij2HAoIa/7OvUfIVSMUDC2l6 r3gVqQAwgF3ykGEwGmOBzttDBOt6o/fusBnJugDHsOlJRmFcjoZpIGyHE2Rx1z8zwdu1 tmSw==
Received: by 10.52.96.169 with SMTP id dt9mr24813298vdb.107.1335961518252; Wed, 02 May 2012 05:25:18 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.38.104 with HTTP; Wed, 2 May 2012 05:24:48 -0700 (PDT)
In-Reply-To: <4E1F6AAD24975D4BA5B1680429673943664A4AF4@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <4E1F6AAD24975D4BA5B1680429673943664A485A@TK5EX14MBXC284.redmond.corp.microsoft.com> <CA+k3eCR7krjyGLmaHrutoq8_xKTMFwug-1q+VhO4Nk6gwtTpjQ@mail.gmail.com> <4E1F6AAD24975D4BA5B1680429673943664A4AF4@TK5EX14MBXC284.redmond.corp.microsoft.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Wed, 2 May 2012 06:24:48 -0600
Message-ID: <CA+k3eCTHaF5rku6MnLmb0BNtj1XMHCooOx19eFcDjGYPxrwnKw@mail.gmail.com>
To: Mike Jones <Michael.Jones@microsoft.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQndcdRWaPNm7mzx7gfhGY/tllB9dQkZ4lxoPBLpKrqk0HbPmo0gqHGWi2usJ1e/ZS7Cx39x
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Proposed URN for JWT token type: urn:ietf:params:oauth:token-type:jwt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 May 2012 12:25:21 -0000

I agree that context does sufficiently differentiate. I guess I'm just
lamenting the way that type has been overloaded in the base OAuth
stuff and am already dreading the conversions that might go something
like, "well which type of token type are we talking about here?"

This particular URN probably doesn't change that one way or the other
and I'm okay with what you've proposed. I just felt compelled to
mention the potential confusion point.

On Tue, May 1, 2012 at 6:39 PM, Mike Jones <Michael.Jones@microsoft.com> wr=
ote:
> I understand what you're saying, but I still believe that the URN is the =
correct one.
>
> While I agree that the potential for confusion is unfortunate, context wi=
ll actually successfully differentiate the two uses of similar terms. =A0Be=
ar in mind that the OAuth usage of the term is actually short for "Access T=
oken Type" (see OAuth Core sections 8.1 and 11.1), whereas the URN above is=
 to provide a type identifier for a particular kind of security token.
>
> I also believe that the examples in the Bearer spec (see http://tools.iet=
f.org/html/draft-ietf-oauth-v2-bearer-19#section-4), the MAC spec (see http=
://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01#section-5.1), and th=
e JWT spec will make the uses of these terms clear to implementers in conte=
xt.
>
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0-- Mike
>
> -----Original Message-----
> From: Brian Campbell [mailto:bcampbell@pingidentity.com]
> Sent: Tuesday, May 01, 2012 4:26 PM
> To: Mike Jones
> Cc: oauth@ietf.org
> Subject: Re: [OAUTH-WG] Proposed URN for JWT token type: urn:ietf:params:=
oauth:token-type:jwt
>
> The only concern I might raise with it is that use of the "token-type"
> part might lead to some confusion. The term token type and the parameter =
token_type are already pretty loaded and have specific meaning from the cor=
e OAuth framework:
> http://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-7.1
>
> That token type is about providing "the client with the information requi=
red to successfully utilize the access token to make a protected resource r=
equest" (i.e. mac and bearer) and is not about the structure of the token i=
tself which is what this URI seems to want to describe.
> JWTs are usually thought of as bearer type tokens but might someday have =
HoK (http://lists.openid.net/pipermail/openid-specs-ab/Week-of-Mon-20120430=
/001860.html)
> or mac like constructs.
>
> I don't think there's really a problem with name collisions here but I th=
ink that the current use of token type in the frame work spec is already th=
e cause of some confusion and I'd hate to exacerbate that.
>
> On Tue, May 1, 2012 at 5:04 PM, Mike Jones <Michael.Jones@microsoft.com> =
wrote:
>> I'm editing the JWT spec to prepare for the OAuth WG version and to
>> track changes in the JOSE specs.=A0 Currently the "typ" values defined
>> for JWT tokens are "JWT" and "http://openid.net/specs/jwt/1.0" (see
>> http://tools.ietf.org/html/draft-jones-json-web-token-08#section-5).
>> I believe that the URN value should be changed to use a URN taken from
>> the OAuth URN namespace urn:ietf:params:oauth (defined in
>> http://tools.ietf.org/html/draft-ietf-oauth-urn-sub-ns-02).
>>
>>
>>
>> I propose to use the URN:
>>
>> =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 urn:ietf:params:oauth:token-t=
ype:jwt
>>
>>
>>
>> I believe this fits well with the other four uses of this namespace to d=
ate:
>>
>> =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 urn:ietf:params:oauth:grant-t=
ype:saml2-bearer
>>
>>
>> urn:ietf:params:oauth:client-assertion-type:saml2-bearer
>>
>> =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 urn:ietf:params:oauth:grant-t=
ype:jwt-bearer
>>
>> =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 urn:ietf:params:oauth:client-=
assertion-type:jwt-bearer
>>
>>
>>
>> (The first two are from
>> http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-11. =A0The
>> latter two are from
>> http://tools.ietf.org/html/draft-jones-oauth-jwt-bearer-04.)
>>
>>
>>
>> Do people agree with this URN choice?
>>
>>
>>
>> =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 Thanks,
>>
>> =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 -- Mike
>>
>>
>>
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>
>

From internet-drafts@ietf.org  Wed May  2 07:18:37 2012
Return-Path: <internet-drafts@ietf.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F102821F85FC; Wed,  2 May 2012 07:18:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LUJMcSEe7S-p; Wed,  2 May 2012 07:18:37 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82A4621F85F0; Wed,  2 May 2012 07:18:37 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 4.02
Message-ID: <20120502141837.28495.15681.idtracker@ietfa.amsl.com>
Date: Wed, 02 May 2012 07:18:37 -0700
Cc: oauth@ietf.org
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-assertions-03.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 May 2012 14:18:38 -0000

A New Internet-Draft is available from the on-line Internet-Drafts director=
ies. This draft is a work item of the Web Authorization Protocol Working Gr=
oup of the IETF.

	Title           : OAuth 2.0 Assertion Profile
	Author(s)       : Michael B. Jones
                          Brian Campbell
                          Yaron Y. Goland
	Filename        : draft-ietf-oauth-assertions-03.txt
	Pages           : 17
	Date            : 2012-05-02

   This specification provides a general framework for the use of
   assertions as client credentials and/or authorization grants with
   OAuth 2.0.  It includes a generic mechanism for transporting
   assertions during interactions with a token endpoint, as wells as
   rules for the content and processing of those assertions.  The intent
   is to provide an enhanced security profile by using derived values
   such as signatures or HMACs, as well as facilitate the use of OAuth
   2.0 in client-server integration scenarios where the end-user may not
   be present.

   This specification only defines abstract message flow and assertion
   content.  Actual use requires implementation of a companion protocol
   binding specification.  Additional profile documents provide standard
   representations in formats such as SAML and JWT.


A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-oauth-assertions-03.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

This Internet-Draft can be retrieved at:
ftp://ftp.ietf.org/internet-drafts/draft-ietf-oauth-assertions-03.txt

The IETF datatracker page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-assertions/


From Phil.Harvey@daveramsey.com  Wed May  2 08:23:53 2012
Return-Path: <Phil.Harvey@daveramsey.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5C1121F8638 for <oauth@ietfa.amsl.com>; Wed,  2 May 2012 08:23:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level: 
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qLxsv-+gqKpG for <oauth@ietfa.amsl.com>; Wed,  2 May 2012 08:23:53 -0700 (PDT)
Received: from exprod8og111.obsmtp.com (exprod8og111.obsmtp.com [64.18.3.22]) by ietfa.amsl.com (Postfix) with ESMTP id C5E4921F8617 for <oauth@ietf.org>; Wed,  2 May 2012 08:23:52 -0700 (PDT)
Received: from mail.daveramsey.com ([67.216.167.148]) (using TLSv1) by exprod8ob111.postini.com ([64.18.7.12]) with SMTP ID DSNKT6FRiFuafiBjD5ilLZ82YpReMwvWwOyx@postini.com; Wed, 02 May 2012 08:23:52 PDT
From: Phil Harvey <Phil.Harvey@daveramsey.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-26.txt
Thread-Index: Ac0od4GhlNHZtS1ZRomSD1074YbVfQ==
Date: Wed, 2 May 2012 15:23:51 +0000
Message-ID: <8DAB9C3BD441244FBC2FE5D294624535656CE9D3@FPP1W2K8-EXNG1.peace.daveramsey.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [192.168.1.60]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-26.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 May 2012 15:23:53 -0000

SGVsbG8sDQoNCkkgbm90aWNlZCBkcmFmdCAyNiB3YXMgcHVibGlzaGVkIGFuZCBmb3VuZCBhIGZl
dyB0eXBvcyB3aGlsZSByZWFkaW5nIHRoZSBkaWZmIGFnYWluc3QgZHJhZnQgMjU6DQoNCjEpIFdo
ZXJlIHRoZSB3b3JkIFNIQUxMIHdhcyBpbnNlcnRlZCBpbnRvIHRoZSBwYXJhZ3JhcGggdW5kZXIg
IjIuIENsaWVudCBSZWdpc3RyYXRpb24iLCBJIG5vdGljZWQgdGhhdCB0aGUgZmlyc3Qgd29yZCBv
ZiBlYWNoIGJ1bGxldCBwb2ludCBpbiB0aGUgbGlzdCB0aGF0IGZvbGxvd3MgaXQgbmVlZHMgdG8g
YmUgYWx0ZXJlZCB0byBmbG93IHByb3Blcmx5Og0KDQpXaGVuIHJlZ2lzdGVyaW5nIGEgY2xpZW50
LCB0aGUgY2xpZW50IGRldmVsb3BlciBTSEFMTDoNCg0KICAgbyAgc3BlY2lmaWVzIHRoZSBjbGll
bnQgdHlwZSBhcyBkZXNjcmliZWQgaW4gU2VjdGlvbiAyLjEsDQogICBvICBwcm92aWRlcyBpdHMg
Y2xpZW50IHJlZGlyZWN0aW9uIFVSSXMgYXMgZGVzY3JpYmVkIGluDQogICAgICBTZWN0aW9uIDMu
MS4yLCBhbmQNCiAgIG8gIGluY2x1ZGVzIGFueSBvdGhlciBpbmZvcm1hdGlvbiByZXF1aXJlZCBi
eSB0aGUgYXV0aG9yaXphdGlvbg0KICAgICAgc2VydmVyIChlLmcuIGFwcGxpY2F0aW9uIG5hbWUs
IHdlYnNpdGUsIGRlc2NyaXB0aW9uLCBsb2dvIGltYWdlLA0KICAgICAgdGhlIGFjY2VwdGFuY2Ug
b2YgbGVnYWwgdGVybXMpLg0KDQpUbyByZWFkIGxpa2UgdGhpczoNCg0KV2hlbiByZWdpc3Rlcmlu
ZyBhIGNsaWVudCwgdGhlIGNsaWVudCBkZXZlbG9wZXIgU0hBTEw6DQoNCiAgIG8gIHNwZWNpZnkg
dGhlIGNsaWVudCB0eXBlIGFzIGRlc2NyaWJlZCBpbiBTZWN0aW9uIDIuMSwNCiAgIG8gIHByb3Zp
ZGUgaXRzIGNsaWVudCByZWRpcmVjdGlvbiBVUklzIGFzIGRlc2NyaWJlZCBpbg0KICAgICAgU2Vj
dGlvbiAzLjEuMiwgYW5kDQogICBvICBpbmNsdWRlIGFueSBvdGhlciBpbmZvcm1hdGlvbiByZXF1
aXJlZCBieSB0aGUgYXV0aG9yaXphdGlvbg0KICAgICAgc2VydmVyIChlLmcuIGFwcGxpY2F0aW9u
IG5hbWUsIHdlYnNpdGUsIGRlc2NyaXB0aW9uLCBsb2dvIGltYWdlLA0KICAgICAgdGhlIGFjY2Vw
dGFuY2Ugb2YgbGVnYWwgdGVybXMpLg0KDQoyKSB1bmRlciAiMTAuMyBBY2Nlc3MgVG9rZW5zIiAo
ZGVsaW5lYXRlZCBieSBicmFja2V0cyk6DQoNClRoaXMgc3BlY2lmaWNhdGlvbiBkb2VzIG5vdCBw
cm92aWRlIGFueSBtZXRob2RzIGZvciB0aGUgcmVzb3VyY2UNCnNlcnZlciB0byBlbnN1cmUgdGhh
dCBhbiBhY2Nlc3MgdG9rZW4gcHJlc2VudGVkIHRvIGl0IGJ5IGEgZ2l2ZW4JDQpjbGllbnQsIHdh
cyBpc3N1ZWQgdG8gW3RoZSB0aGF0XSBjbGllbnQgYnkgdGhlIGF1dGhvcml6YXRpb24gc2VydmVy
Lg0KDQpXaGljaCB3YXMgcHJvYmFibHkgaW50ZW5kZWQgdG8gcmVhZCBsaWtlIHRoaXM/Og0KDQpU
aGlzIHNwZWNpZmljYXRpb24gZG9lcyBub3QgcHJvdmlkZSBhbnkgbWV0aG9kcyBmb3IgdGhlIHJl
c291cmNlDQpzZXJ2ZXIgdG8gZW5zdXJlIHRoYXQgYW4gYWNjZXNzIHRva2VuIHByZXNlbnRlZCB0
byBpdCBieSBhIGdpdmVuCQ0KY2xpZW50LCB3YXMgaXNzdWVkIHRvIHRoYXQgY2xpZW50IGJ5IHRo
ZSBhdXRob3JpemF0aW9uIHNlcnZlci4NCg0KMykgdW5kZXIgYm90aCAiMTEuMSBUaGUgT0F1dGgg
QWNjZXNzIFRva2VuIFR5cGUgUmVnaXN0cnkiIGFuZCAiMTEuMiBUaGUgT0F1dGggUGFyYW1ldGVy
cyBSZWdpc3RyeSIsIHRoZXJlIGFyZSB0d28gaW5zdGFuY2VzIHdoZXJlIGl0IHNheXMgInR3byB3
ZWVrcyIgd2hlbiBpdCBzaG91bGQgc2F5ICJ0d28gd2VlayIgaW4gYSBzZW50ZW5jZSBsaWtlIHRo
aXM6DQoNCiIuLi5hZnRlciBhIHR3byB3ZWVrcyByZXZpZXcgcGVyaW9kLi4uIg0KDQpIb3BlIHRo
YXQgaGVscHMsDQoNClBoaWwgSGFydmV5DQplQml6IFdlYiBEZXZlbG9wZXINClRoZSBMYW1wbyBH
cm91cCwgSW5jLg0KaHR0cDovL3d3dy5kYXZlcmFtc2V5LmNvbQ0KDQotLS0tLU9yaWdpbmFsIE1l
c3NhZ2UtLS0tLQ0KRnJvbTogaW50ZXJuZXQtZHJhZnRzQGlldGYub3JnIFttYWlsdG86aW50ZXJu
ZXQtZHJhZnRzQGlldGYub3JnXSANClNlbnQ6IFR1ZXNkYXksIE1heSAwMSwgMjAxMiAyOjEzIEFN
DQpUbzogaS1kLWFubm91bmNlQGlldGYub3JnDQpDYzogb2F1dGhAaWV0Zi5vcmcNClN1YmplY3Q6
IFtPQVVUSC1XR10gSS1EIEFjdGlvbjogZHJhZnQtaWV0Zi1vYXV0aC12Mi0yNi50eHQNCg0KDQpB
IE5ldyBJbnRlcm5ldC1EcmFmdCBpcyBhdmFpbGFibGUgZnJvbSB0aGUgb24tbGluZSBJbnRlcm5l
dC1EcmFmdHMgZGlyZWN0b3JpZXMuIFRoaXMgZHJhZnQgaXMgYSB3b3JrIGl0ZW0gb2YgdGhlIFdl
YiBBdXRob3JpemF0aW9uIFByb3RvY29sIFdvcmtpbmcgR3JvdXAgb2YgdGhlIElFVEYuDQoNCglU
aXRsZSAgICAgICAgICAgOiBUaGUgT0F1dGggMi4wIEF1dGhvcml6YXRpb24gRnJhbWV3b3JrDQoJ
QXV0aG9yKHMpICAgICAgIDogRXJhbiBIYW1tZXINCiAgICAgICAgICAgICAgICAgICAgICAgICAg
RGF2aWQgUmVjb3Jkb24NCiAgICAgICAgICAgICAgICAgICAgICAgICAgRGljayBIYXJkdA0KCUZp
bGVuYW1lICAgICAgICA6IGRyYWZ0LWlldGYtb2F1dGgtdjItMjYudHh0DQoJUGFnZXMgICAgICAg
ICAgIDogNjYNCglEYXRlICAgICAgICAgICAgOiAyMDEyLTA1LTAxDQoNCiAgIFRoZSBPQXV0aCAy
LjAgYXV0aG9yaXphdGlvbiBmcmFtZXdvcmsgZW5hYmxlcyBhIHRoaXJkLXBhcnR5DQogICBhcHBs
aWNhdGlvbiB0byBvYnRhaW4gbGltaXRlZCBhY2Nlc3MgdG8gYW4gSFRUUCBzZXJ2aWNlLCBlaXRo
ZXIgb24NCiAgIGJlaGFsZiBvZiBhIHJlc291cmNlIG93bmVyIGJ5IG9yY2hlc3RyYXRpbmcgYW4g
YXBwcm92YWwgaW50ZXJhY3Rpb24NCiAgIGJldHdlZW4gdGhlIHJlc291cmNlIG93bmVyIGFuZCB0
aGUgSFRUUCBzZXJ2aWNlLCBvciBieSBhbGxvd2luZyB0aGUNCiAgIHRoaXJkLXBhcnR5IGFwcGxp
Y2F0aW9uIHRvIG9idGFpbiBhY2Nlc3Mgb24gaXRzIG93biBiZWhhbGYuICBUaGlzDQogICBzcGVj
aWZpY2F0aW9uIHJlcGxhY2VzIGFuZCBvYnNvbGV0ZXMgdGhlIE9BdXRoIDEuMCBwcm90b2NvbCBk
ZXNjcmliZWQNCiAgIGluIFJGQyA1ODQ5Lg0KDQoNCkEgVVJMIGZvciB0aGlzIEludGVybmV0LURy
YWZ0IGlzOg0KaHR0cDovL3d3dy5pZXRmLm9yZy9pbnRlcm5ldC1kcmFmdHMvZHJhZnQtaWV0Zi1v
YXV0aC12Mi0yNi50eHQNCg0KSW50ZXJuZXQtRHJhZnRzIGFyZSBhbHNvIGF2YWlsYWJsZSBieSBh
bm9ueW1vdXMgRlRQIGF0Og0KZnRwOi8vZnRwLmlldGYub3JnL2ludGVybmV0LWRyYWZ0cy8NCg0K
VGhpcyBJbnRlcm5ldC1EcmFmdCBjYW4gYmUgcmV0cmlldmVkIGF0Og0KZnRwOi8vZnRwLmlldGYu
b3JnL2ludGVybmV0LWRyYWZ0cy9kcmFmdC1pZXRmLW9hdXRoLXYyLTI2LnR4dA0KDQpUaGUgSUVU
RiBkYXRhdHJhY2tlciBwYWdlIGZvciB0aGlzIEludGVybmV0LURyYWZ0IGlzOg0KaHR0cHM6Ly9k
YXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtaWV0Zi1vYXV0aC12Mi8NCg0KDQo=

From hannes.tschofenig@gmx.net  Wed May  2 09:02:43 2012
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3746521F85B9 for <oauth@ietfa.amsl.com>; Wed,  2 May 2012 09:02:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p+8EN9+TjNvS for <oauth@ietfa.amsl.com>; Wed,  2 May 2012 09:02:42 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id AA7F621F85B8 for <oauth@ietf.org>; Wed,  2 May 2012 09:02:41 -0700 (PDT)
Received: (qmail invoked by alias); 02 May 2012 16:02:40 -0000
Received: from unknown (EHLO [10.2.4.113]) [64.9.249.121] by mail.gmx.net (mp037) with SMTP; 02 May 2012 18:02:40 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1/GOgsR/7rGso0fmkPt+yfJxGltv+frysBC0yHObo vDOcFLLAtsILS8
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Date: Wed, 2 May 2012 19:02:37 +0300
Message-Id: <E0A719BA-4FCD-4B57-AB6E-778DE46B79D6@gmx.net>
To: "oauth@ietf.org WG" <oauth@ietf.org>
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Subject: [OAUTH-WG] draft-ietf-oauth-v2-threatmodel
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 May 2012 16:02:43 -0000

Hi all,=20

I looked at the feedback for the draft-ietf-oauth-v2-threatmodel and I =
want to share my thoughts with you (as a WG co-chair).

I believe there are three questions that need to be answered:

1) Is malicious code a problem?=20

I believe most people would agree that malicious code is indeed a =
problem for Internet security.=20

2) Are IETF working groups required to address this extended Internet =
threat model?=20

RFC 3552 provides guidance for protocol developers writing security =
considerations. It also defines terminology and a threat model.=20
The model, however, does not consider malicious code as a threat.=20

Malicious code is a problem for any IETF protocol, not just for OAuth. =
This requires a broader IETF discussion. =20

If there is the believe that IETF groups should (a) describe threats =
that result from malicious code and (b) develop solutions to deal with =
it then the IAB  should facilitate such a discussion. I will discuss =
this topic within the IAB.=20

Despite the lack of available guidance in RFC 3552 =
draft-ietf-oauth-v2-threatmodel talks about this threat.=20

3) What can we do to highlight the threat in our document?=20

Barry proposed additional text (see below) that highlights the =
challenges.=20
=20
This issue as resolved. Let's move forward.=20

Ciao
Hannes

PS: Here is Barry's proposed tet

-----------------------------------------------------------------
5.5.  A Word on User Interaction and User-Installed Apps

OAuth, as a security protocol, is distinctive in that its flow usually
involves significant user interaction, making the end user a part of
the security model.  This creates some important difficulties in
defending against some of the threats discussed above.  Some of these
points have already been made, but it's worth repeating and
highlighting them here.

* End users must understand what they are being asked to approve (see
Section 5.2.4.2).  Users often do not have the expertise to understand
the ramifications of saying "yes" to an authorization request. and are
likely not to be able to see subtle differences in wording of
requests.  Malicious software can confuse the user, tricking the user
into approving almost anything.

* End-user devices are prone to software compromise.  This has been a
long-standing problem, with frequent attacks on web browsers and other
parts of the user's system.  But with increasing popularity of
user-installed "apps", the threat posed by compromised or malicious
end-user software is very strong, and is one that is very difficult to
mitigate.

* Be aware that users will demand to install and run such apps, and
that compromised or malicious ones can steal credentials at many
points in the data flow.  They can intercept the very user login
credentials that OAuth is designed to protect.  They can request
authorization far beyond what they have led the user to understand and
approve.  They can automate a response on behalf of the user, hiding
the whole process.  No solution is offered here, because none is
known; this remains in the space between better security and better
usability.

* Addressing these issues by restricting the use of user-installed
software may be practical in some limited environments, and can be
used as a countermeasure in those cases.  Such restrictions are not
practical in the general case, and mechanisms for after-the-fact
recovery should be in place.
-----------------------------------------------------------------=

From eran@hueniverse.com  Wed May  2 10:19:11 2012
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07D1711E809A for <oauth@ietfa.amsl.com>; Wed,  2 May 2012 10:19:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.528
X-Spam-Level: 
X-Spam-Status: No, score=-2.528 tagged_above=-999 required=5 tests=[AWL=0.071,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dhioVmposOZ7 for <oauth@ietfa.amsl.com>; Wed,  2 May 2012 10:19:09 -0700 (PDT)
Received: from p3plex2out01.prod.phx3.secureserver.net (p3plex2out01.prod.phx3.secureserver.net [184.168.131.12]) by ietfa.amsl.com (Postfix) with ESMTP id 975AB11E8086 for <oauth@ietf.org>; Wed,  2 May 2012 10:19:09 -0700 (PDT)
Received: from P3PWEX2HT001.ex2.secureserver.net ([184.168.131.9]) by p3plex2out01.prod.phx3.secureserver.net with bizsmtp id 55K91j0020CJzpC015K9i9; Wed, 02 May 2012 10:19:09 -0700
Received: from P3PWEX2MB008.ex2.secureserver.net ([169.254.8.88]) by P3PWEX2HT001.ex2.secureserver.net ([184.168.131.9]) with mapi id 14.02.0247.003; Wed, 2 May 2012 10:19:08 -0700
From: Eran Hammer <eran@hueniverse.com>
To: Phil Harvey <Phil.Harvey@daveramsey.com>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-26.txt
Thread-Index: Ac0od4GhlNHZtS1ZRomSD1074YbVfQAEBX9Q
Date: Wed, 2 May 2012 17:19:08 +0000
Message-ID: <0CBAEB56DDB3A140BA8E8C124C04ECA20101848F@P3PWEX2MB008.ex2.secureserver.net>
References: <8DAB9C3BD441244FBC2FE5D294624535656CE9D3@FPP1W2K8-EXNG1.peace.daveramsey.com>
In-Reply-To: <8DAB9C3BD441244FBC2FE5D294624535656CE9D3@FPP1W2K8-EXNG1.peace.daveramsey.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [64.74.213.174]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-26.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 May 2012 17:19:11 -0000

Thanks Phil.

These will be corrected in -27 (if we publish one to close IESG issues) or =
during AUTH48.

EH

> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf
> Of Phil Harvey
> Sent: Wednesday, May 02, 2012 8:24 AM
> To: oauth@ietf.org
> Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-26.txt
>=20
> Hello,
>=20
> I noticed draft 26 was published and found a few typos while reading the =
diff
> against draft 25:
>=20
> 1) Where the word SHALL was inserted into the paragraph under "2. Client
> Registration", I noticed that the first word of each bullet point in the =
list that
> follows it needs to be altered to flow properly:
>=20
> When registering a client, the client developer SHALL:
>=20
>    o  specifies the client type as described in Section 2.1,
>    o  provides its client redirection URIs as described in
>       Section 3.1.2, and
>    o  includes any other information required by the authorization
>       server (e.g. application name, website, description, logo image,
>       the acceptance of legal terms).
>=20
> To read like this:
>=20
> When registering a client, the client developer SHALL:
>=20
>    o  specify the client type as described in Section 2.1,
>    o  provide its client redirection URIs as described in
>       Section 3.1.2, and
>    o  include any other information required by the authorization
>       server (e.g. application name, website, description, logo image,
>       the acceptance of legal terms).
>=20
> 2) under "10.3 Access Tokens" (delineated by brackets):
>=20
> This specification does not provide any methods for the resource
> server to ensure that an access token presented to it by a given
> client, was issued to [the that] client by the authorization server.
>=20
> Which was probably intended to read like this?:
>=20
> This specification does not provide any methods for the resource
> server to ensure that an access token presented to it by a given
> client, was issued to that client by the authorization server.
>=20
> 3) under both "11.1 The OAuth Access Token Type Registry" and "11.2 The
> OAuth Parameters Registry", there are two instances where it says "two
> weeks" when it should say "two week" in a sentence like this:
>=20
> "...after a two weeks review period..."
>=20
> Hope that helps,
>=20
> Phil Harvey
> eBiz Web Developer
> The Lampo Group, Inc.
> http://www.daveramsey.com
>=20
> -----Original Message-----
> From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org]
> Sent: Tuesday, May 01, 2012 2:13 AM
> To: i-d-announce@ietf.org
> Cc: oauth@ietf.org
> Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-26.txt
>=20
>=20
> A New Internet-Draft is available from the on-line Internet-Drafts direct=
ories.
> This draft is a work item of the Web Authorization Protocol Working Group=
 of
> the IETF.
>=20
> 	Title           : The OAuth 2.0 Authorization Framework
> 	Author(s)       : Eran Hammer
>                           David Recordon
>                           Dick Hardt
> 	Filename        : draft-ietf-oauth-v2-26.txt
> 	Pages           : 66
> 	Date            : 2012-05-01
>=20
>    The OAuth 2.0 authorization framework enables a third-party
>    application to obtain limited access to an HTTP service, either on
>    behalf of a resource owner by orchestrating an approval interaction
>    between the resource owner and the HTTP service, or by allowing the
>    third-party application to obtain access on its own behalf.  This
>    specification replaces and obsoletes the OAuth 1.0 protocol described
>    in RFC 5849.
>=20
>=20
> A URL for this Internet-Draft is:
> http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-26.txt
>=20
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>=20
> This Internet-Draft can be retrieved at:
> ftp://ftp.ietf.org/internet-drafts/draft-ietf-oauth-v2-26.txt
>=20
> The IETF datatracker page for this Internet-Draft is:
> https://datatracker.ietf.org/doc/draft-ietf-oauth-v2/
>=20
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

From hannes.tschofenig@gmx.net  Wed May  2 10:01:57 2012
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0ACD921F8512 for <oauth@ietfa.amsl.com>; Wed,  2 May 2012 10:01:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TyHWbHS76LHw for <oauth@ietfa.amsl.com>; Wed,  2 May 2012 10:01:55 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id 1C8E021F84FF for <oauth@ietf.org>; Wed,  2 May 2012 10:01:54 -0700 (PDT)
Received: (qmail invoked by alias); 02 May 2012 17:01:53 -0000
Received: from unknown (EHLO [10.2.4.113]) [64.9.249.121] by mail.gmx.net (mp033) with SMTP; 02 May 2012 19:01:53 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1/eP2YlFMfeAx5rH5elIAKrn9ZUKpNMmpvveMww9K fEU0wlqPjugVtU
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Apple Message framework v1084)
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Date: Wed, 2 May 2012 20:01:33 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <5385BFFC-A6B4-471E-8DD8-FA2CD4506A9C@gmx.net>
To: ext The IESG <iesg-secretary@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
X-Mailman-Approved-At: Wed, 02 May 2012 10:20:42 -0700
Cc: "derek@ihtfp.com Atkins" <derek@ihtfp.com>
Subject: [OAUTH-WG] OAuth WG Rechartering
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 May 2012 17:01:57 -0000

Hi Stephen, Hi IESG secretary,=20

Derek and myself would like to submit the updated OAuth charter to the =
IESG.=20
Please find it below.=20

Ciao
Hannes

------

Web Authorization Protocol (oauth)

Description of Working Group

The Web Authorization (OAuth) protocol allows a user to grant
a third-party Web site or application access to the user's protected
resources, without necessarily revealing their long-term credentials,
or even their identity. For example, a photo-sharing site that supports
OAuth could allow its users to use a third-party printing Web site to
print their private pictures, without allowing the printing site to
gain full control of the user's account and without having the user=20
sharing his or her photo-sharing sites' long-term credential with the=20
printing site.=20

The OAuth protocol suite encompasses
* a procedure for allowing a client to discover a resource server,=20
* a protocol for obtaining authorization tokens from an authorization=20
server with the resource owner's consent,=20
* protocols for presenting these authorization tokens to protected=20
resources for access to a resource, and=20
* consequently for sharing data in a security and privacy respective =
way.

In April 2010 the OAuth 1.0 specification, documenting pre-IETF work,
was published as an informational document (RFC 5849). With the=20
completion of OAuth 1.0 the working group started their work on OAuth =
2.0
to incorporate implementation experience with version 1.0, additional
use cases, and various other security, readability, and interoperability
improvements. An extensive security analysis was conducted and the =
result=20
is available as a stand-alone document offering guidance for audiences=20=

beyond the community of protocol implementers.

The working group also developed security schemes for presenting =
authorization
tokens to access a protected resource. This led to the publication of
the bearer token as well as the message authentication code (MAC) access=20=

authentication specification.=20

OAuth 2.0 added the ability to trade a SAML assertion against an OAUTH =
token with=20
the SAML 2.0 bearer assertion profile.  This offers interworking with =
existing=20
identity management solutions, in particular SAML based deployments.

OAuth has enjoyed widespread adoption by the Internet application =
service provider=20
community. To build on this success we aim for nothing more than to make =
OAuth the=20
authorization framework of choice for any Internet protocol. =
Consequently, the=20
ongoing standardization effort within the OAuth working group is focused =
on=20
enhancing interoperability of OAuth deployments. While the core OAuth =
specification=20
truly is an important building block it relies on other specifications =
in order to=20
claim completeness. Luckily, these components already exist and have =
been deployed=20
on the Internet. Through the IETF standards process they will be =
improved in=20
quality and will undergo a rigorous review process.=20

Goals and Milestones

Done  Submit 'OAuth 2.0 Threat Model and Security Considerations' as a =
working group item
Done  Submit 'HTTP Authentication: MAC Authentication' as a working =
group item
Done  Submit 'The OAuth 2.0 Protocol: Bearer Tokens' to the IESG for =
consideration as a Proposed Standard
Done  Submit 'The OAuth 2.0 Authorization Protocol' to the IESG for =
consideration as a Proposed Standard

May  2012  Submit 'SAML 2.0 Bearer Assertion Profiles for OAuth 2.0' to =
the IESG for consideration as a Proposed Standard
May  2012  Submit 'OAuth 2.0 Assertion Profile' to the IESG for =
consideration as a Proposed Standard=20
May  2012  Submit 'An IETF URN Sub-Namespace for OAuth' to the IESG for =
consideration as a Proposed Standard=20
May  2012  Submit 'OAuth 2.0 Threat Model and Security Considerations' =
to the IESG for consideration as an Informational RFC
Dec. 2012  Submit 'HTTP Authentication: MAC Authentication' to the IESG =
for consideration as a Proposed Standard

Aug. 2012  Submit 'Token Revocation' to the IESG for consideration as a =
Proposed Standard
[Starting point for the work will be =
http://datatracker.ietf.org/doc/draft-lodderstedt-oauth-revocation/]

Nov. 2012  Submit 'JSON Web Token (JWT)' to the IESG for consideration =
as a Proposed Standard
[Starting point for the work will be =
http://tools.ietf.org/html/draft-jones-json-web-token]

Nov. 2012  Submit 'JSON Web Token (JWT) Bearer Token Profiles for OAuth =
2.0' to the IESG for consideration as a Proposed Standard
[Starting point for the work will be =
http://tools.ietf.org/html/draft-jones-oauth-jwt-bearer]

Dec. 2012  Submit 'OAuth Use Cases' to the IESG for consideration as an =
Informational RFC
[Starting point for the work will be =
http://tools.ietf.org/html/draft-zeltsan-oauth-use-cases]=20

Jul. 2013  Submit 'OAuth Dynamic Client Registration Protocol' to the =
IESG for consideration as a Proposed Standard
[Starting point for the work will be =
http://tools.ietf.org/html/draft-hardjono-oauth-dynreg]=20


From phil.hunt@oracle.com  Wed May  2 10:35:05 2012
Return-Path: <phil.hunt@oracle.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB4EE21F8548 for <oauth@ietfa.amsl.com>; Wed,  2 May 2012 10:35:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.602
X-Spam-Level: 
X-Spam-Status: No, score=-9.602 tagged_above=-999 required=5 tests=[AWL=-0.399, BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H0dPlM7XesDP for <oauth@ietfa.amsl.com>; Wed,  2 May 2012 10:35:04 -0700 (PDT)
Received: from rcsinet15.oracle.com (rcsinet15.oracle.com [148.87.113.117]) by ietfa.amsl.com (Postfix) with ESMTP id 739B721F8543 for <oauth@ietf.org>; Wed,  2 May 2012 10:35:04 -0700 (PDT)
Received: from ucsinet21.oracle.com (ucsinet21.oracle.com [156.151.31.93]) by rcsinet15.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id q42HYrss027230 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 2 May 2012 17:34:53 GMT
Received: from acsmt358.oracle.com (acsmt358.oracle.com [141.146.40.158]) by ucsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id q42HYqYD023117 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 2 May 2012 17:34:52 GMT
Received: from abhmt112.oracle.com (abhmt112.oracle.com [141.146.116.64]) by acsmt358.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id q42HYq3v011988; Wed, 2 May 2012 12:34:52 -0500
Received: from [10.2.2.190] (/64.9.249.121) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 02 May 2012 10:34:51 -0700
References: <E0A719BA-4FCD-4B57-AB6E-778DE46B79D6@gmx.net>
In-Reply-To: <E0A719BA-4FCD-4B57-AB6E-778DE46B79D6@gmx.net>
Mime-Version: 1.0 (1.0)
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=us-ascii
Message-Id: <7AAD23CC-0D1F-4F7C-80FA-5E796D6ADE67@oracle.com>
X-Mailer: iPhone Mail (9B179)
From: Phil Hunt <phil.hunt@oracle.com>
Date: Wed, 2 May 2012 10:36:16 -0700
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
X-Source-IP: ucsinet21.oracle.com [156.151.31.93]
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-threatmodel
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 May 2012 17:35:05 -0000

I think you hit the nail on the head.=20

My feeling is that threats not directly related to OAuth obfuscate the key i=
ssues we are trying to alert implementers and deployers to.=20

I think Barry made a good proposal but Michael still feels Barry's text has n=
ot addressed the issue.=20

I think you are right to escalate the issue for guidance.=20

Phil

On 2012-05-02, at 9:02, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote:=


> Hi all,=20
>=20
> I looked at the feedback for the draft-ietf-oauth-v2-threatmodel and I wan=
t to share my thoughts with you (as a WG co-chair).
>=20
> I believe there are three questions that need to be answered:
>=20
> 1) Is malicious code a problem?=20
>=20
> I believe most people would agree that malicious code is indeed a problem f=
or Internet security.=20
>=20
> 2) Are IETF working groups required to address this extended Internet thre=
at model?=20
>=20
> RFC 3552 provides guidance for protocol developers writing security consid=
erations. It also defines terminology and a threat model.=20
> The model, however, does not consider malicious code as a threat.=20
>=20
> Malicious code is a problem for any IETF protocol, not just for OAuth. Thi=
s requires a broader IETF discussion. =20
>=20
> If there is the believe that IETF groups should (a) describe threats that r=
esult from malicious code and (b) develop solutions to deal with it then the=
 IAB  should facilitate such a discussion. I will discuss this topic within t=
he IAB.=20
>=20
> Despite the lack of available guidance in RFC 3552 draft-ietf-oauth-v2-thr=
eatmodel talks about this threat.=20
>=20
> 3) What can we do to highlight the threat in our document?=20
>=20
> Barry proposed additional text (see below) that highlights the challenges.=
=20
>=20
> This issue as resolved. Let's move forward.=20
>=20
> Ciao
> Hannes
>=20
> PS: Here is Barry's proposed tet
>=20
> -----------------------------------------------------------------
> 5.5.  A Word on User Interaction and User-Installed Apps
>=20
> OAuth, as a security protocol, is distinctive in that its flow usually
> involves significant user interaction, making the end user a part of
> the security model.  This creates some important difficulties in
> defending against some of the threats discussed above.  Some of these
> points have already been made, but it's worth repeating and
> highlighting them here.
>=20
> * End users must understand what they are being asked to approve (see
> Section 5.2.4.2).  Users often do not have the expertise to understand
> the ramifications of saying "yes" to an authorization request. and are
> likely not to be able to see subtle differences in wording of
> requests.  Malicious software can confuse the user, tricking the user
> into approving almost anything.
>=20
> * End-user devices are prone to software compromise.  This has been a
> long-standing problem, with frequent attacks on web browsers and other
> parts of the user's system.  But with increasing popularity of
> user-installed "apps", the threat posed by compromised or malicious
> end-user software is very strong, and is one that is very difficult to
> mitigate.
>=20
> * Be aware that users will demand to install and run such apps, and
> that compromised or malicious ones can steal credentials at many
> points in the data flow.  They can intercept the very user login
> credentials that OAuth is designed to protect.  They can request
> authorization far beyond what they have led the user to understand and
> approve.  They can automate a response on behalf of the user, hiding
> the whole process.  No solution is offered here, because none is
> known; this remains in the space between better security and better
> usability.
>=20
> * Addressing these issues by restricting the use of user-installed
> software may be practical in some limited environments, and can be
> used as a countermeasure in those cases.  Such restrictions are not
> practical in the general case, and mechanisms for after-the-fact
> recovery should be in place.
> -----------------------------------------------------------------
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

From internet-drafts@ietf.org  Thu May  3 05:12:02 2012
Return-Path: <internet-drafts@ietf.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E727921F8593; Thu,  3 May 2012 05:12:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.444
X-Spam-Level: 
X-Spam-Status: No, score=-102.444 tagged_above=-999 required=5 tests=[AWL=0.155, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JdB2ox6CWqM7; Thu,  3 May 2012 05:12:02 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87E9E21F848E; Thu,  3 May 2012 05:12:02 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 4.02
Message-ID: <20120503121202.13639.61856.idtracker@ietfa.amsl.com>
Date: Thu, 03 May 2012 05:12:02 -0700
Cc: oauth@ietf.org
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-saml2-bearer-12.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 May 2012 12:12:03 -0000

A New Internet-Draft is available from the on-line Internet-Drafts director=
ies. This draft is a work item of the Web Authorization Protocol Working Gr=
oup of the IETF.

	Title           : SAML 2.0 Bearer Assertion Profiles for OAuth 2.0
	Author(s)       : Chuck Mortimore
	Filename        : draft-ietf-oauth-saml2-bearer-12.txt
	Pages           : 16
	Date            : 2012-05-03

   This specification defines the use of a SAML 2.0 Bearer Assertion as
   a means for requesting an OAuth 2.0 access token as well as for use
   as a means of client authentication.


A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-oauth-saml2-bearer-12.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

This Internet-Draft can be retrieved at:
ftp://ftp.ietf.org/internet-drafts/draft-ietf-oauth-saml2-bearer-12.txt

The IETF datatracker page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-saml2-bearer/


From stpeter@stpeter.im  Thu May  3 11:56:42 2012
Return-Path: <stpeter@stpeter.im>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05BF921F866B for <oauth@ietfa.amsl.com>; Thu,  3 May 2012 11:56:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.603
X-Spam-Level: 
X-Spam-Status: No, score=-102.603 tagged_above=-999 required=5 tests=[AWL=-0.004, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0b65TEZx-aHj for <oauth@ietfa.amsl.com>; Thu,  3 May 2012 11:56:41 -0700 (PDT)
Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id 4CA0E21F8627 for <oauth@ietf.org>; Thu,  3 May 2012 11:56:41 -0700 (PDT)
Received: from [64.101.72.115] (unknown [64.101.72.115]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id E27F540058; Thu,  3 May 2012 13:11:42 -0600 (MDT)
Message-ID: <4FA2D4E7.4030403@stpeter.im>
Date: Thu, 03 May 2012 12:56:39 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: Mike Jones <Michael.Jones@microsoft.com>
References: <4E1F6AAD24975D4BA5B1680429673943664A485A@TK5EX14MBXC284.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B1680429673943664A485A@TK5EX14MBXC284.redmond.corp.microsoft.com>
X-Enigmail-Version: 1.4.1
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Proposed URN for JWT token type: urn:ietf:params:oauth:token-type:jwt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 May 2012 18:56:42 -0000

On 5/1/12 5:04 PM, Mike Jones wrote:
> I’m editing the JWT spec to prepare for the OAuth WG version and to
> track changes in the JOSE specs.  Currently the “typ� values defined for
> JWT tokens are “JWT� and “http://openid.net/specs/jwt/1.0� (see
> http://tools.ietf.org/html/draft-jones-json-web-token-08#section-5).  I
> believe that the URN value should be changed to use a URN taken from the
> OAuth URN namespace urn:ietf:params:oauth (defined in
> http://tools.ietf.org/html/draft-ietf-oauth-urn-sub-ns-02).
> 
>  
> 
> I propose to use the URN:^
> 
>                urn:ietf:params:oauth:token-type:jwt
> 
>  
> 
> I believe this fits well with the other four uses of this namespace to date:
> 
>                urn:ietf:params:oauth:grant-type:saml2-bearer
> 
>                urn:ietf:params:oauth:client-assertion-type:saml2-bearer
> 
>                urn:ietf:params:oauth:grant-type:jwt-bearer 
> 
>                urn:ietf:params:oauth:client-assertion-type:jwt-bearer
> 
>  
> 
> (The first two are from
> http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-11.  The latter
> two are from http://tools.ietf.org/html/draft-jones-oauth-jwt-bearer-04.)
> 
>  
> 
> Do people agree with this URN choice?

Looks fine to me.

Peter

-- 
Peter Saint-Andre
https://stpeter.im/



From stpeter@stpeter.im  Thu May  3 13:01:11 2012
Return-Path: <stpeter@stpeter.im>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FB0B21F84C9 for <oauth@ietfa.amsl.com>; Thu,  3 May 2012 13:01:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.598
X-Spam-Level: 
X-Spam-Status: No, score=-102.598 tagged_above=-999 required=5 tests=[AWL=0.001, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X12Cdzz-DGeV for <oauth@ietfa.amsl.com>; Thu,  3 May 2012 13:01:10 -0700 (PDT)
Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id BBDA721F84B9 for <oauth@ietf.org>; Thu,  3 May 2012 13:01:10 -0700 (PDT)
Received: from [64.101.72.115] (unknown [64.101.72.115]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 84D3C4005B; Thu,  3 May 2012 14:16:12 -0600 (MDT)
Message-ID: <4FA2E405.7040502@stpeter.im>
Date: Thu, 03 May 2012 14:01:09 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: Phil Hunt <phil.hunt@oracle.com>
References: <E0A719BA-4FCD-4B57-AB6E-778DE46B79D6@gmx.net> <7AAD23CC-0D1F-4F7C-80FA-5E796D6ADE67@oracle.com>
In-Reply-To: <7AAD23CC-0D1F-4F7C-80FA-5E796D6ADE67@oracle.com>
X-Enigmail-Version: 1.4.1
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-threatmodel
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 May 2012 20:01:11 -0000

Barry, I think your text is sufficient.

Hannes, I agree with your point about taking this up outside the OAUTH
WG because this is a broader issue.

Phil, I've reviewed things again and I think Michael is simply in the
rough here, but if Michael thinks that Barry's text is insufficient then
he is free to raise this issue during IETF Last Call or to follow the
appeal procedures defined in RFC 2026.

Peter

On 5/2/12 11:36 AM, Phil Hunt wrote:
> I think you hit the nail on the head. 
> 
> My feeling is that threats not directly related to OAuth obfuscate the key issues we are trying to alert implementers and deployers to. 
> 
> I think Barry made a good proposal but Michael still feels Barry's text has not addressed the issue. 
> 
> I think you are right to escalate the issue for guidance. 
> 
> Phil
> 
> On 2012-05-02, at 9:02, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote:
> 
>> Hi all, 
>>
>> I looked at the feedback for the draft-ietf-oauth-v2-threatmodel and I want to share my thoughts with you (as a WG co-chair).
>>
>> I believe there are three questions that need to be answered:
>>
>> 1) Is malicious code a problem? 
>>
>> I believe most people would agree that malicious code is indeed a problem for Internet security. 
>>
>> 2) Are IETF working groups required to address this extended Internet threat model? 
>>
>> RFC 3552 provides guidance for protocol developers writing security considerations. It also defines terminology and a threat model. 
>> The model, however, does not consider malicious code as a threat. 
>>
>> Malicious code is a problem for any IETF protocol, not just for OAuth. This requires a broader IETF discussion.  
>>
>> If there is the believe that IETF groups should (a) describe threats that result from malicious code and (b) develop solutions to deal with it then the IAB  should facilitate such a discussion. I will discuss this topic within the IAB. 
>>
>> Despite the lack of available guidance in RFC 3552 draft-ietf-oauth-v2-threatmodel talks about this threat. 
>>
>> 3) What can we do to highlight the threat in our document? 
>>
>> Barry proposed additional text (see below) that highlights the challenges. 
>>
>> This issue as resolved. Let's move forward. 
>>
>> Ciao
>> Hannes
>>
>> PS: Here is Barry's proposed tet
>>
>> -----------------------------------------------------------------
>> 5.5.  A Word on User Interaction and User-Installed Apps
>>
>> OAuth, as a security protocol, is distinctive in that its flow usually
>> involves significant user interaction, making the end user a part of
>> the security model.  This creates some important difficulties in
>> defending against some of the threats discussed above.  Some of these
>> points have already been made, but it's worth repeating and
>> highlighting them here.
>>
>> * End users must understand what they are being asked to approve (see
>> Section 5.2.4.2).  Users often do not have the expertise to understand
>> the ramifications of saying "yes" to an authorization request. and are
>> likely not to be able to see subtle differences in wording of
>> requests.  Malicious software can confuse the user, tricking the user
>> into approving almost anything.
>>
>> * End-user devices are prone to software compromise.  This has been a
>> long-standing problem, with frequent attacks on web browsers and other
>> parts of the user's system.  But with increasing popularity of
>> user-installed "apps", the threat posed by compromised or malicious
>> end-user software is very strong, and is one that is very difficult to
>> mitigate.
>>
>> * Be aware that users will demand to install and run such apps, and
>> that compromised or malicious ones can steal credentials at many
>> points in the data flow.  They can intercept the very user login
>> credentials that OAuth is designed to protect.  They can request
>> authorization far beyond what they have led the user to understand and
>> approve.  They can automate a response on behalf of the user, hiding
>> the whole process.  No solution is offered here, because none is
>> known; this remains in the space between better security and better
>> usability.
>>
>> * Addressing these issues by restricting the use of user-installed
>> software may be practical in some limited environments, and can be
>> used as a countermeasure in those cases.  Such restrictions are not
>> practical in the general case, and mechanisms for after-the-fact
>> recovery should be in place.
>> -----------------------------------------------------------------
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

From mike@mtcc.com  Thu May  3 13:25:47 2012
Return-Path: <mike@mtcc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8870A21F869F for <oauth@ietfa.amsl.com>; Thu,  3 May 2012 13:25:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.399
X-Spam-Level: 
X-Spam-Status: No, score=-2.399 tagged_above=-999 required=5 tests=[AWL=0.200,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DWnM76DnCR-K for <oauth@ietfa.amsl.com>; Thu,  3 May 2012 13:25:46 -0700 (PDT)
Received: from mtcc.com (mtcc.com [50.0.18.224]) by ietfa.amsl.com (Postfix) with ESMTP id A9F7D21F869E for <oauth@ietf.org>; Thu,  3 May 2012 13:25:46 -0700 (PDT)
Received: from piolinux.mtcc.com (65-172-208-69.dsl.volcano.net [65.172.208.69]) (authenticated bits=0) by mtcc.com (8.14.3/8.14.3) with ESMTP id q43KPiUc004085 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 3 May 2012 13:25:45 -0700
Message-ID: <4FA2E9C1.3090308@mtcc.com>
Date: Thu, 03 May 2012 13:25:37 -0700
From: Michael Thomas <mike@mtcc.com>
User-Agent: Thunderbird 2.0.0.14 (X11/20080501)
MIME-Version: 1.0
To: Peter Saint-Andre <stpeter@stpeter.im>
References: <E0A719BA-4FCD-4B57-AB6E-778DE46B79D6@gmx.net>	<7AAD23CC-0D1F-4F7C-80FA-5E796D6ADE67@oracle.com> <4FA2E405.7040502@stpeter.im>
In-Reply-To: <4FA2E405.7040502@stpeter.im>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=5854; t=1336076746; x=1336940746; c=relaxed/simple; s=thundersaddle.kirkwood; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=mtcc.com; i=mike@mtcc.com; z=From:=20Michael=20Thomas=20<mike@mtcc.com> |Subject:=20Re=3A=20[OAUTH-WG]=20draft-ietf-oauth-v2-threat model |Sender:=20 |To:=20Peter=20Saint-Andre=20<stpeter@stpeter.im> |Content-Type:=20text/plain=3B=20charset=3DISO-8859-1=3B=20 format=3Dflowed |Content-Transfer-Encoding:=207bit |MIME-Version:=201.0; bh=cgYJykU4r71F7AOhoh5K9+iBXwpT11O/kWVl8b8ZEqo=; b=pTUhl0XLN5ZGd6qRcdMpYAsh8CDWZx9p/0gz5IN1THtdWgwp8X2CqGlHBu sVx9VMsREWhAVacCUpkC9y/Lpj5C9t4ReGbb/xd1LI9RKeii3Je/Bi8Yd6KZ kb/X0KvyBhqiIhLdvoAQ8YQD1KqMhyjTOUvGy6bmya9mTBCKKamnc=;
Authentication-Results: ; v=0.1; dkim=pass header.i=mike@mtcc.com ( sig from mtcc.com/thundersaddle.kirkwood verified; );  dkim-asp=pass header.From=mike@mtcc.com
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-threatmodel
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 May 2012 20:25:47 -0000

Peter Saint-Andre wrote:
> Barry, I think your text is sufficient.
> 
> Hannes, I agree with your point about taking this up outside the OAUTH
> WG because this is a broader issue.

The roots of the problem are certainly larger, but the particulars about the way
that it interacts with oauth's security model are what I found troublesome. As I've
said before, oauth was conceived before the widespread deployment of apps where
the system browser is mostly trustable. The way it's getting widespread adoption
now is back in an app environment so all of the browser trustability assumptions
flew out the window.

> Phil, I've reviewed things again and I think Michael is simply in the
> rough here, but if Michael thinks that Barry's text is insufficient then
> he is free to raise this issue during IETF Last Call or to follow the
> appeal procedures defined in RFC 2026.
>

I only asked to add one bullet that said that the auth server can and should
have a part by being less promiscuous about enrollment and more proactive about
revocation. I didn't hear anything one way or other about that.

Mike


> Peter
> 
> On 5/2/12 11:36 AM, Phil Hunt wrote:
>> I think you hit the nail on the head. 
>>
>> My feeling is that threats not directly related to OAuth obfuscate the key issues we are trying to alert implementers and deployers to. 
>>
>> I think Barry made a good proposal but Michael still feels Barry's text has not addressed the issue. 
>>
>> I think you are right to escalate the issue for guidance. 
>>
>> Phil
>>
>> On 2012-05-02, at 9:02, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote:
>>
>>> Hi all, 
>>>
>>> I looked at the feedback for the draft-ietf-oauth-v2-threatmodel and I want to share my thoughts with you (as a WG co-chair).
>>>
>>> I believe there are three questions that need to be answered:
>>>
>>> 1) Is malicious code a problem? 
>>>
>>> I believe most people would agree that malicious code is indeed a problem for Internet security. 
>>>
>>> 2) Are IETF working groups required to address this extended Internet threat model? 
>>>
>>> RFC 3552 provides guidance for protocol developers writing security considerations. It also defines terminology and a threat model. 
>>> The model, however, does not consider malicious code as a threat. 
>>>
>>> Malicious code is a problem for any IETF protocol, not just for OAuth. This requires a broader IETF discussion.  
>>>
>>> If there is the believe that IETF groups should (a) describe threats that result from malicious code and (b) develop solutions to deal with it then the IAB  should facilitate such a discussion. I will discuss this topic within the IAB. 
>>>
>>> Despite the lack of available guidance in RFC 3552 draft-ietf-oauth-v2-threatmodel talks about this threat. 
>>>
>>> 3) What can we do to highlight the threat in our document? 
>>>
>>> Barry proposed additional text (see below) that highlights the challenges. 
>>>
>>> This issue as resolved. Let's move forward. 
>>>
>>> Ciao
>>> Hannes
>>>
>>> PS: Here is Barry's proposed tet
>>>
>>> -----------------------------------------------------------------
>>> 5.5.  A Word on User Interaction and User-Installed Apps
>>>
>>> OAuth, as a security protocol, is distinctive in that its flow usually
>>> involves significant user interaction, making the end user a part of
>>> the security model.  This creates some important difficulties in
>>> defending against some of the threats discussed above.  Some of these
>>> points have already been made, but it's worth repeating and
>>> highlighting them here.
>>>
>>> * End users must understand what they are being asked to approve (see
>>> Section 5.2.4.2).  Users often do not have the expertise to understand
>>> the ramifications of saying "yes" to an authorization request. and are
>>> likely not to be able to see subtle differences in wording of
>>> requests.  Malicious software can confuse the user, tricking the user
>>> into approving almost anything.
>>>
>>> * End-user devices are prone to software compromise.  This has been a
>>> long-standing problem, with frequent attacks on web browsers and other
>>> parts of the user's system.  But with increasing popularity of
>>> user-installed "apps", the threat posed by compromised or malicious
>>> end-user software is very strong, and is one that is very difficult to
>>> mitigate.
>>>
>>> * Be aware that users will demand to install and run such apps, and
>>> that compromised or malicious ones can steal credentials at many
>>> points in the data flow.  They can intercept the very user login
>>> credentials that OAuth is designed to protect.  They can request
>>> authorization far beyond what they have led the user to understand and
>>> approve.  They can automate a response on behalf of the user, hiding
>>> the whole process.  No solution is offered here, because none is
>>> known; this remains in the space between better security and better
>>> usability.
>>>
>>> * Addressing these issues by restricting the use of user-installed
>>> software may be practical in some limited environments, and can be
>>> used as a countermeasure in those cases.  Such restrictions are not
>>> practical in the general case, and mechanisms for after-the-fact
>>> recovery should be in place.
>>> -----------------------------------------------------------------
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


From msk@cloudmark.com  Fri May  4 12:02:49 2012
Return-Path: <msk@cloudmark.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D7F321E8029 for <oauth@ietfa.amsl.com>; Fri,  4 May 2012 12:02:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.559
X-Spam-Level: 
X-Spam-Status: No, score=-102.559 tagged_above=-999 required=5 tests=[AWL=0.039, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kDg9mDC7vWin for <oauth@ietfa.amsl.com>; Fri,  4 May 2012 12:02:48 -0700 (PDT)
Received: from mail.cloudmark.com (cmgw1.cloudmark.com [208.83.136.25]) by ietfa.amsl.com (Postfix) with ESMTP id 5544421E8020 for <oauth@ietf.org>; Fri,  4 May 2012 12:02:48 -0700 (PDT)
Received: from ht1-outbound.cloudmark.com ([72.5.239.26]) by mail.cloudmark.com with bizsmtp id 5v391j0090as01C01v3D7n; Fri, 04 May 2012 12:03:13 -0700
X-CMAE-Match: 0
X-CMAE-Score: 0.00
X-CMAE-Analysis: v=2.0 cv=Xth4yC59 c=1 sm=1 a=QMZKka45TBd+hNGtXG2bIg==:17 a=LvckAehuu68A:10 a=x7RSzEbT3xAA:10 a=zutiEJmiVI4A:10 a=xqWC_Br6kY4A:10 a=48vgC7mUAAAA:8 a=22iR80tViS9illKqAbMA:9 a=CjuIK1q_8ugA:10 a=lZB815dzVvQA:10 a=yMhMjlubAAAA:8 a=SSmOFEACAAAA:8 a=sbfrhPoBMooTZVdHI1MA:9 a=zPYLrieAM3FdFMxYZ3oA:7 a=gKO2Hq4RSVkA:10 a=UiCQ7L4-1S4A:10 a=hTZeC7Yk6K0A:10 a=QMZKka45TBd+hNGtXG2bIg==:117
Received: from EXCH-MBX901.corp.cloudmark.com ([fe80::addf:849a:f71c:4a82]) by exch-htcas902.corp.cloudmark.com ([fe80::54de:dc60:5f3e:334%10]) with mapi id 14.01.0355.002; Fri, 4 May 2012 10:31:47 -0700
From: "Murray S. Kucherawy" <msk@cloudmark.com>
To: "apps-discuss@ietf.org" <apps-discuss@ietf.org>
Thread-Topic: draft-jones-appsawg-webfinger-04
Thread-Index: Ac0qG8eE3EKALRWtQ/iIIohy4m6GpQ==
Date: Fri, 4 May 2012 17:31:46 +0000
Message-ID: <9452079D1A51524AA5749AD23E00392810E4CA@exch-mbx901.corp.cloudmark.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [172.20.2.121]
Content-Type: multipart/alternative; boundary="_000_9452079D1A51524AA5749AD23E00392810E4CAexchmbx901corpclo_"
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudmark.com; s=default; t=1336158193; bh=RQgAEHL1uN7TE9LxdOtLHf7CM+FHkDDhB+3Ac9c+QvA=; h=From:To:CC:Subject:Date:Message-ID:Content-Type:MIME-Version; b=Vqx2gcno/F7yGCHeGxtNNkFOTx3N/2NzUsv/ztID1VzYJn4D3DCWJPMe5zw+MMKlL oXV6mfPII9fVYaB+AHid1egJJz/5QXqIVlgxv4ZEeWmbdqOctwUnHE4PBZZzF+jy6X BbhKZdfa4I6ivK3epmrL0aU8UHInIzPLiwJ0qw6I=
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: [OAUTH-WG] draft-jones-appsawg-webfinger-04
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 May 2012 19:02:49 -0000

--_000_9452079D1A51524AA5749AD23E00392810E4CAexchmbx901corpclo_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

The above-named draft has been offered as the recommended path forward in t=
erms of converging on a single document to advance through appsawg.  The co=
nversation I saw this week in that regard has seemed mostly positive.

Please review it, or at least the diff, and indicate your support or object=
ion on apps-discuss@ietf.org<mailto:apps-discuss@ietf.org> to adopting this=
 one as the common path forward. We would like to make a decision about whi=
ch one to begin advancing in the next week or two.

Have a good weekend!

-MSK, APPSAWG co-chair


--_000_9452079D1A51524AA5749AD23E00392810E4CAexchmbx901corpclo_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 12 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal">The above-named draft has been offered as the recomm=
ended path forward in terms of converging on a single document to advance t=
hrough appsawg.&nbsp; The conversation I saw this week in that regard has s=
eemed mostly positive.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Please review it, or at least the diff, and indicate=
 your support or objection on
<a href=3D"mailto:apps-discuss@ietf.org">apps-discuss@ietf.org</a> to adopt=
ing this one as the common path forward. We would like to make a decision a=
bout which one to begin advancing in the next week or two.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Have a good weekend!<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">-MSK, APPSAWG co-chair<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
</body>
</html>

--_000_9452079D1A51524AA5749AD23E00392810E4CAexchmbx901corpclo_--

From eran@hueniverse.com  Fri May  4 12:41:25 2012
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C554621E8043; Fri,  4 May 2012 12:41:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.529
X-Spam-Level: 
X-Spam-Status: No, score=-2.529 tagged_above=-999 required=5 tests=[AWL=0.069,  BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nDE94eK6lauo; Fri,  4 May 2012 12:41:25 -0700 (PDT)
Received: from p3plex2out02.prod.phx3.secureserver.net (p3plex2out02.prod.phx3.secureserver.net [184.168.131.14]) by ietfa.amsl.com (Postfix) with ESMTP id 05C5621E8042; Fri,  4 May 2012 12:41:24 -0700 (PDT)
Received: from P3PWEX2HT003.ex2.secureserver.net ([184.168.131.11]) by p3plex2out02.prod.phx3.secureserver.net with bizsmtp id 5vhQ1j0030EuLVk01vhQLu; Fri, 04 May 2012 12:41:24 -0700
Received: from P3PWEX2MB008.ex2.secureserver.net ([169.254.8.88]) by P3PWEX2HT003.ex2.secureserver.net ([184.168.131.11]) with mapi id 14.02.0247.003; Fri, 4 May 2012 12:41:23 -0700
From: Eran Hammer <eran@hueniverse.com>
To: "Murray S. Kucherawy" <msk@cloudmark.com>, "apps-discuss@ietf.org" <apps-discuss@ietf.org>
Thread-Topic: draft-jones-appsawg-webfinger-04
Thread-Index: Ac0qG8eE3EKALRWtQ/iIIohy4m6GpQAEgy3Q
Date: Fri, 4 May 2012 19:41:23 +0000
Message-ID: <0CBAEB56DDB3A140BA8E8C124C04ECA20101CA96@P3PWEX2MB008.ex2.secureserver.net>
References: <9452079D1A51524AA5749AD23E00392810E4CA@exch-mbx901.corp.cloudmark.com>
In-Reply-To: <9452079D1A51524AA5749AD23E00392810E4CA@exch-mbx901.corp.cloudmark.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [64.74.213.174]
Content-Type: multipart/alternative; boundary="_000_0CBAEB56DDB3A140BA8E8C124C04ECA20101CA96P3PWEX2MB008ex2_"
MIME-Version: 1.0
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] draft-jones-appsawg-webfinger-04
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 May 2012 19:41:25 -0000

--_000_0CBAEB56DDB3A140BA8E8C124C04ECA20101CA96P3PWEX2MB008ex2_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I support using this document as the starting point for this work.

EH

From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of M=
urray S. Kucherawy
Sent: Friday, May 04, 2012 10:32 AM
To: apps-discuss@ietf.org
Cc: oauth@ietf.org WG
Subject: [OAUTH-WG] draft-jones-appsawg-webfinger-04

The above-named draft has been offered as the recommended path forward in t=
erms of converging on a single document to advance through appsawg.  The co=
nversation I saw this week in that regard has seemed mostly positive.

Please review it, or at least the diff, and indicate your support or object=
ion on apps-discuss@ietf.org<mailto:apps-discuss@ietf.org> to adopting this=
 one as the common path forward. We would like to make a decision about whi=
ch one to begin advancing in the next week or two.

Have a good weekend!

-MSK, APPSAWG co-chair


--_000_0CBAEB56DDB3A140BA8E8C124C04ECA20101CA96P3PWEX2MB008ex2_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
span.EmailStyle18
	{mso-style-type:personal-reply;
	font-family:"Calibri","sans-serif";
	color:#1F497D;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:10.0pt;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal"><span style=3D"color:#1F497D">I support using this d=
ocument as the starting point for this work.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D"><o:p>&nbsp;</o:p></spa=
n></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D">EH<o:p></o:p></span></=
p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D"><o:p>&nbsp;</o:p></spa=
n></p>
<div style=3D"border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in =
4.0pt">
<div>
<div style=3D"border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in =
0in 0in">
<p class=3D"MsoNormal"><b><span style=3D"font-size:10.0pt;font-family:&quot=
;Tahoma&quot;,&quot;sans-serif&quot;">From:</span></b><span style=3D"font-s=
ize:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;"> oauth-bo=
unces@ietf.org [mailto:oauth-bounces@ietf.org]
<b>On Behalf Of </b>Murray S. Kucherawy<br>
<b>Sent:</b> Friday, May 04, 2012 10:32 AM<br>
<b>To:</b> apps-discuss@ietf.org<br>
<b>Cc:</b> oauth@ietf.org WG<br>
<b>Subject:</b> [OAUTH-WG] draft-jones-appsawg-webfinger-04<o:p></o:p></spa=
n></p>
</div>
</div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">The above-named draft has been offered as the recomm=
ended path forward in terms of converging on a single document to advance t=
hrough appsawg.&nbsp; The conversation I saw this week in that regard has s=
eemed mostly positive.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Please review it, or at least the diff, and indicate=
 your support or objection on
<a href=3D"mailto:apps-discuss@ietf.org">apps-discuss@ietf.org</a> to adopt=
ing this one as the common path forward. We would like to make a decision a=
bout which one to begin advancing in the next week or two.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Have a good weekend!<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">-MSK, APPSAWG co-chair<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
</div>
</body>
</html>

--_000_0CBAEB56DDB3A140BA8E8C124C04ECA20101CA96P3PWEX2MB008ex2_--

From gsalguei@cisco.com  Fri May  4 12:49:49 2012
Return-Path: <gsalguei@cisco.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB79421E8045; Fri,  4 May 2012 12:49:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.135
X-Spam-Level: 
X-Spam-Status: No, score=-7.135 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_HI=-8, RCVD_NUMERIC_HELO=2.067]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20GTsKPAcYBA; Fri,  4 May 2012 12:49:48 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) by ietfa.amsl.com (Postfix) with ESMTP id B1D0A21E8042; Fri,  4 May 2012 12:49:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=gsalguei@cisco.com; l=4159; q=dns/txt; s=iport; t=1336160988; x=1337370588; h=references:in-reply-to:mime-version:message-id: content-transfer-encoding:cc:from:subject:date:to; bh=HCAcemyufsnhZ9/vYKf5+uEmzD1JN3TvTa3rMhTO5qA=; b=Y1Ok5HleoCBnDHpADviMPlPKnqm7ddX/Jz4AKrQDblhgsrp6DOqtojId LhrFjctBcXxrvE6U6CwOATEP5kD6WOHxYaDdhUvy/0zOjqukcfpWhXtnP ae2SAoLJxa/4Bt3sBc+1ZO4+FvjRmytJAbEVEiVfmfJDMADmn1Xefp8SU 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AjEIAHcypE+tJXG8/2dsb2JhbABFgkaDKKx7AoEHggkBAQEDAQEBAQ8BEApBCwULAgEIBD4CAicwAQEEEyKHZgULmxCNFpJtBI91NWMEiDCNTo5ZgWmDBA
X-IronPort-AV: E=Sophos;i="4.75,533,1330905600"; d="scan'208,217";a="80516618"
Received: from rcdn-core2-1.cisco.com ([173.37.113.188]) by rcdn-iport-8.cisco.com with ESMTP; 04 May 2012 19:49:48 +0000
Received: from xbh-rcd-302.cisco.com (xbh-rcd-302.cisco.com [72.163.63.9]) by rcdn-core2-1.cisco.com (8.14.5/8.14.5) with ESMTP id q44JnmMw007714;  Fri, 4 May 2012 19:49:48 GMT
Received: from xmb-rcd-204.cisco.com ([72.163.62.211]) by xbh-rcd-302.cisco.com with Microsoft SMTPSVC(6.0.3790.4675);  Fri, 4 May 2012 14:49:48 -0500
Received: from 72.163.62.211 ([72.163.62.211]) by XMB-RCD-204.cisco.com ([72.163.62.211]) with Microsoft Exchange Server HTTP-DAV ;  Fri,  4 May 2012 19:49:47 +0000
References: <9452079D1A51524AA5749AD23E00392810E4CA@exch-mbx901.corp.cloudmark.com>
In-Reply-To: <9452079D1A51524AA5749AD23E00392810E4CA@exch-mbx901.corp.cloudmark.com>
MIME-Version: 1.0 (1.0)
Content-Type: multipart/alternative; boundary="Apple-Mail-36A76E19-206D-4516-BFD6-B3EF0EF685A3"; charset="iso-8859-1"
Message-ID: <5876011F-2C2C-4889-9452-E8BDC1438713@cisco.com>
Content-Transfer-Encoding: 7bit
Thread-Topic: [apps-discuss] draft-jones-appsawg-webfinger-04
Thread-Index: Ac0qLw91jpuP0JfARCag29xw1SJcwA==
From: "Gonzalo Salgueiro (gsalguei)" <gsalguei@cisco.com>
Date: Fri, 4 May 2012 15:49:42 -0400
To: "Murray S. Kucherawy" <msk@cloudmark.com>
X-OriginalArrivalTime: 04 May 2012 19:49:48.0306 (UTC) FILETIME=[0FF38720:01CD2A2F]
Cc: oauth@ietf.org, apps-discuss@ietf.org
Subject: Re: [OAUTH-WG] [apps-discuss] draft-jones-appsawg-webfinger-04
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 May 2012 19:49:49 -0000

--Apple-Mail-36A76E19-206D-4516-BFD6-B3EF0EF685A3
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

I support this doc being adopted as starting point for WG discussion.

Regards,

Gonzalo


On May 4, 2012, at 3:03 PM, "Murray S. Kucherawy" <msk@cloudmark.com> wrote:=


> The above-named draft has been offered as the recommended path forward in t=
erms of converging on a single document to advance through appsawg.  The con=
versation I saw this week in that regard has seemed mostly positive.
> =20
> Please review it, or at least the diff, and indicate your support or objec=
tion on apps-discuss@ietf.org to adopting this one as the common path forwar=
d. We would like to make a decision about which one to begin advancing in th=
e next week or two.
> =20
> Have a good weekend!
> =20
> -MSK, APPSAWG co-chair
> =20
> _______________________________________________
> apps-discuss mailing list
> apps-discuss@ietf.org
> https://www.ietf.org/mailman/listinfo/apps-discuss

--Apple-Mail-36A76E19-206D-4516-BFD6-B3EF0EF685A3
Content-Transfer-Encoding: 7bit
Content-Type: text/html;
	charset=utf-8

<html><head></head><body bgcolor="#FFFFFF"><div>I support this doc being adopted as starting point for WG discussion.<br><br><div>Regards,</div><div><br></div><div>Gonzalo</div><div><br></div></div><div><br>On May 4, 2012, at 3:03 PM, "Murray S. Kucherawy" &lt;<a href="mailto:msk@cloudmark.com">msk@cloudmark.com</a>&gt; wrote:<br><br></div><div></div><blockquote type="cite"><div>

<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 12 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->


<div class="WordSection1">
<p class="MsoNormal">The above-named draft has been offered as the recommended path forward in terms of converging on a single document to advance through appsawg.&nbsp; The conversation I saw this week in that regard has seemed mostly positive.<o:p></o:p></p>
<p class="MsoNormal"><o:p>&nbsp;</o:p></p>
<p class="MsoNormal">Please review it, or at least the diff, and indicate your support or objection on
<a href="mailto:apps-discuss@ietf.org">apps-discuss@ietf.org</a> to adopting this one as the common path forward. We would like to make a decision about which one to begin advancing in the next week or two.<o:p></o:p></p>
<p class="MsoNormal"><o:p>&nbsp;</o:p></p>
<p class="MsoNormal">Have a good weekend!<o:p></o:p></p>
<p class="MsoNormal"><o:p>&nbsp;</o:p></p>
<p class="MsoNormal">-MSK, APPSAWG co-chair<o:p></o:p></p>
<p class="MsoNormal"><o:p>&nbsp;</o:p></p>
</div>


</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>apps-discuss mailing list</span><br><span><a href="mailto:apps-discuss@ietf.org">apps-discuss@ietf.org</a></span><br><span><a href="https://www.ietf.org/mailman/listinfo/apps-discuss">https://www.ietf.org/mailman/listinfo/apps-discuss</a></span><br></div></blockquote></body></html>
--Apple-Mail-36A76E19-206D-4516-BFD6-B3EF0EF685A3--

From ve7jtb@ve7jtb.com  Sun May  6 20:40:55 2012
Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 317B021F8554 for <oauth@ietfa.amsl.com>; Sun,  6 May 2012 20:40:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.519
X-Spam-Level: 
X-Spam-Status: No, score=-3.519 tagged_above=-999 required=5 tests=[AWL=0.079,  BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X4kAYE3UBsox for <oauth@ietfa.amsl.com>; Sun,  6 May 2012 20:40:55 -0700 (PDT)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id D4AB721F854F for <oauth@ietf.org>; Sun,  6 May 2012 20:40:54 -0700 (PDT)
Received: by yhq56 with SMTP id 56so4638207yhq.31 for <oauth@ietf.org>; Sun, 06 May 2012 20:40:54 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=CwDOqmQ9geZubutNFwl89CFYZbt33a8RrLew4qd04UM=; b=alov5ZGrolgv2hxOh75XPzjXwrLYrHj0QPIhzEA1f47oA2ZbP15upHsL86dOrLkXHB 0qnuz2Vjv/q8QzpqxhR2CSJqMgMzf8492BtIrMDscN0vCVcZ/KWdH1RCNfumF8xMbC82 gmxoP0VlWTk50dJJs1wOQU17uNlZCpfdYmjUUniKKKvH3cVOyu3i1jXlJ/NJLJUKDwyg PpMgyS2qb+4rfYXe2jGp85gifGWgodQwFuBy0C64R4BHNfEexe33vspfHkYWCJTrDguo Em24v5K1s7loidV9gKpVDNpDdvptqRtRDN9+YTtetXUlUzSjZsaaGASXX7cbtoMHUb5k cgjg==
Received: by 10.236.75.227 with SMTP id z63mr17277392yhd.87.1336361559127; Sun, 06 May 2012 20:32:39 -0700 (PDT)
Received: from [192.168.1.213] (190-20-11-19.baf.movistar.cl. [190.20.11.19]) by mx.google.com with ESMTPS id p3sm25598522and.4.2012.05.06.20.32.35 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 06 May 2012 20:32:37 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: multipart/signed; boundary="Apple-Mail=_D498A97D-090B-43E8-8C45-D951553F5AFD"; protocol="application/pkcs7-signature"; micalg=sha1
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <9452079D1A51524AA5749AD23E00392810E4CA@exch-mbx901.corp.cloudmark.com>
Date: Sun, 6 May 2012 23:32:26 -0400
Message-Id: <99457128-2C62-40DF-897E-8115CC84B5D9@ve7jtb.com>
References: <9452079D1A51524AA5749AD23E00392810E4CA@exch-mbx901.corp.cloudmark.com>
To: Murray S. Kucherawy <msk@cloudmark.com>
X-Mailer: Apple Mail (2.1257)
X-Gm-Message-State: ALoCoQkyEP5bzmWR1dVA4V6bvR0o5vq3iRd3ow3q29KGQbiTrsiYc2LI6IPh5450eKUvnFQNfFRH
Cc: "oauth@ietf.org WG" <oauth@ietf.org>, "apps-discuss@ietf.org" <apps-discuss@ietf.org>
Subject: Re: [OAUTH-WG] draft-jones-appsawg-webfinger-04
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 May 2012 03:40:55 -0000

--Apple-Mail=_D498A97D-090B-43E8-8C45-D951553F5AFD
Content-Type: multipart/alternative;
	boundary="Apple-Mail=_5A8D0118-211B-40B4-A539-BD72D26C9514"


--Apple-Mail=_5A8D0118-211B-40B4-A539-BD72D26C9514
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

While it has some rough edges that we will need to work on, I think this =
document can form the basis of a single path forward.

John B.
On 2012-05-04, at 1:31 PM, Murray S. Kucherawy wrote:

> The above-named draft has been offered as the recommended path forward =
in terms of converging on a single document to advance through appsawg.  =
The conversation I saw this week in that regard has seemed mostly =
positive.
> =20
> Please review it, or at least the diff, and indicate your support or =
objection on apps-discuss@ietf.org to adopting this one as the common =
path forward. We would like to make a decision about which one to begin =
advancing in the next week or two.
> =20
> Have a good weekend!
> =20
> -MSK, APPSAWG co-chair
> =20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


--Apple-Mail=_5A8D0118-211B-40B4-A539-BD72D26C9514
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=us-ascii

<html><head><base href=3D"x-msg://112/"></head><body style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; ">While it has some rough edges that we will need to =
work on, I think this document can form the basis of a single path =
forward.<div><br></div><div>John B.<br><div><div>On 2012-05-04, at 1:31 =
PM, Murray S. Kucherawy wrote:</div><br =
class=3D"Apple-interchange-newline"><blockquote type=3D"cite"><span =
class=3D"Apple-style-span" style=3D"border-collapse: separate; =
font-family: Helvetica; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: =
none; white-space: normal; widows: 2; word-spacing: 0px; =
-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: =
0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; font-size: medium; "><div =
lang=3D"EN-US" link=3D"blue" vlink=3D"purple"><div class=3D"WordSection1" =
style=3D"page: WordSection1; "><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: =
11pt; font-family: Calibri, sans-serif; ">The above-named draft has been =
offered as the recommended path forward in terms of converging on a =
single document to advance through appsawg.&nbsp; The conversation I saw =
this week in that regard has seemed mostly =
positive.<o:p></o:p></div><div style=3D"margin-top: 0in; margin-right: =
0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; =
font-family: Calibri, sans-serif; "><o:p>&nbsp;</o:p></div><div =
style=3D"margin-top: 0in; margin-right: 0in; margin-left: 0in; =
margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, =
sans-serif; ">Please review it, or at least the diff, and indicate your =
support or objection on<span =
class=3D"Apple-converted-space">&nbsp;</span><a =
href=3D"mailto:apps-discuss@ietf.org" style=3D"color: blue; =
text-decoration: underline; ">apps-discuss@ietf.org</a><span =
class=3D"Apple-converted-space">&nbsp;</span>to adopting this one as the =
common path forward. We would like to make a decision about which one to =
begin advancing in the next week or two.<o:p></o:p></div><div =
style=3D"margin-top: 0in; margin-right: 0in; margin-left: 0in; =
margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, =
sans-serif; "><o:p>&nbsp;</o:p></div><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: =
11pt; font-family: Calibri, sans-serif; ">Have a good =
weekend!<o:p></o:p></div><div style=3D"margin-top: 0in; margin-right: =
0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; =
font-family: Calibri, sans-serif; "><o:p>&nbsp;</o:p></div><div =
style=3D"margin-top: 0in; margin-right: 0in; margin-left: 0in; =
margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, =
sans-serif; ">-MSK, APPSAWG co-chair<o:p></o:p></div><div =
style=3D"margin-top: 0in; margin-right: 0in; margin-left: 0in; =
margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, =
sans-serif; =
"><o:p>&nbsp;</o:p></div></div>___________________________________________=
____<br>OAuth mailing list<br><a href=3D"mailto:OAuth@ietf.org" =
style=3D"color: blue; text-decoration: underline; =
">OAuth@ietf.org</a><br><a =
href=3D"https://www.ietf.org/mailman/listinfo/oauth" style=3D"color: =
blue; text-decoration: underline; =
">https://www.ietf.org/mailman/listinfo/oauth</a></div></span></blockquote=
></div><br></div></body></html>=

--Apple-Mail=_5A8D0118-211B-40B4-A539-BD72D26C9514--

--Apple-Mail=_D498A97D-090B-43E8-8C45-D951553F5AFD
Content-Disposition: attachment;
	filename=smime.p7s
Content-Type: application/pkcs7-signature;
	name=smime.p7s
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIPnzCCB7Uw
ggadoAMCAQICAh5cMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3Rh
cnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4
MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0Ew
HhcNMTIwMzE4MDQzMjQ4WhcNMTQwMzE5MTEwNzMyWjCBmzEZMBcGA1UEDRMQR3JUTTZMUzdYMzU3
NzhzOTELMAkGA1UEBhMCQ0wxIjAgBgNVBAgTGU1ldHJvcG9saXRhbmEgZGUgU2FudGlhZ28xFjAU
BgNVBAcTDUlzbGEgZGUgTWFpcG8xFTATBgNVBAMTDEpvaG4gQnJhZGxleTEeMBwGCSqGSIb3DQEJ
ARYPamJyYWRsZXlAbWUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskrlBI93
rBTLOQGSwIT6co6dAw/rwDPrRXl6/F2oc4KDn+QN6CdFeHo08H846VJS9CDjLKvnK9jbxxs4wYqe
nKdPb3jgzt8oc7b9ZXtWkOgsxgMf6dBZ/IPm4lWBpCbSr3seDGDXEpiE2lTZXno7c25OguR4E6Qa
hcpHABZjeEWK65mMH25gmoRf5MY1k3quu5y+FCYCHE2iwU5jzq+mI3HmG59+UMFLx1fjV+zTslRw
26cQDC/uepwjeYSp8S26hfWipVWwQj4js/C7RoPtvt2iyeU+LSH81jG4wlAWntiOG1WtoXUuXWSc
ExhciKeKWCnemy9qqmxRfJqBROeGlQIDAQABo4IEDjCCBAowCQYDVR0TBAIwADALBgNVHQ8EBAMC
BLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBQ/A7/CxKEnzpqmZlLz
9iaQMy24eTAfBgNVHSMEGDAWgBSuVYNv7DHKufcd+q9rMfPIHeOsuzB+BgNVHREEdzB1gQ9qYnJh
ZGxleUBtZS5jb22BD2picmFkbGV5QG1lLmNvbYEQamJyYWRsZXlAbWFjLmNvbYERdmU3anRiQHZl
N2p0Yi5jb22BE2picmFkbGV5QHdpbmdhYS5jb22BF2pvaG4uYnJhZGxleUB3aW5nYWEuY29tMIIC
IQYDVR0gBIICGDCCAhQwggIQBgsrBgEEAYG1NwECAjCCAf8wLgYIKwYBBQUHAgEWImh0dHA6Ly93
d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3RhcnRz
c2wuY29tL2ludGVybWVkaWF0ZS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1ZWQgYWNj
b3JkaW5nIHRvIHRoZSBDbGFzcyAyIFZhbGlkYXRpb24gcmVxdWlyZW1lbnRzIG9mIHRoZSBTdGFy
dENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9yIHRoZSBpbnRlbmRlZCBwdXJwb3NlIGlu
IGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlpbmcgcGFydHkgb2JsaWdhdGlvbnMuMIGcBggrBgEFBQcC
AjCBjzAnFiBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgECGmRMaWFiaWxpdHkg
YW5kIHdhcnJhbnRpZXMgYXJlIGxpbWl0ZWQhIFNlZSBzZWN0aW9uICJMZWdhbCBhbmQgTGltaXRh
dGlvbnMiIG9mIHRoZSBTdGFydENvbSBDQSBwb2xpY3kuMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6
Ly9jcmwuc3RhcnRzc2wuY29tL2NydHUyLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8wOQYIKwYB
BQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MyL2NsaWVudC9jYTBCBggr
BgEFBQcwAoY2aHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNzMi5jbGllbnQu
Y2EuY3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQUF
AAOCAQEAEcfD4PmHrX+W3zaP/KsR4gwLAL0UTaMz14SIng6a9F3kb8ZDbTUneS9ubgpqeJQP2IFc
0U5gQnJ3XeCH6p9I88mvm1NqKQw8WvfglS0aIS19vfpTgXJSPdIO2JJPRqaBtXf3zkdXJwckX9/d
NMrLGeGvaFT9fUNdQdHU4BI1pVUpgKr796T7LTc/ERfH8iFp1+CmdVkJ6Y2iJdWUp4h17XmbxbIT
0CdS4SSk/VW8LFsn/mVz6hB73VthwjGsIku54Wp4pRuq1KX+pATnRk3pHRa1z3mxJMmq7OEXENcC
Vm+bAnyUrYbUilNS9UVTYS8/3dVsKiNupBaOZO+vOgJqVDCCB+IwggXKoAMCAQICAQ4wDQYJKoZI
hvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT
IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDI1NFoXDTEyMTAyMjIxMDI1NFowgYwx
CzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGln
aXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAyIFByaW1h
cnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMsohUWcASz7GfKrpTOMKqANy9BV7V0igWdGxA8IU77L3aTxErQ+fcxtDYZ36Z6GH0YFn7fq5RAD
teP0AYzrCA+EQTfi8q1+kA3m0nwtwXG94M5sIqsvs7lRP1aycBke/s5g9hJHryZ2acScnzczjBCA
o7X1v5G3yw8MDP2m2RCye0KfgZ4nODerZJVzhAlOD9YejvAXZqHksw56HzElVIoYSZ3q4+RJuPXX
fIoyby+Y2m1E+YzX5iCZXBx05gk6MKAW1vaw4/v2OOLy6FZH3XHHtOkzUreG//CsFnB9+uaYSlR6
5cdGzTsmoIK8WH1ygoXhRBm98SD7Hf/r3FELNvUCAwEAAaOCA1swggNXMAwGA1UdEwQFMAMBAf8w
CwYDVR0PBAQDAgGmMB0GA1UdDgQWBBSuVYNv7DHKufcd+q9rMfPIHeOsuzCBqAYDVR0jBIGgMIGd
gBROC+8apEBbpRdphzDKNGhD0EGu8qGBgaR/MH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFy
dENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkw
JwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBATAJBgNVHRIEAjAAMD0G
CCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAoYhaHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2Eu
Y3J0MGAGA1UdHwRZMFcwLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwu
Y3JsMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwggFdBgNVHSAEggFU
MIIBUDCCAUwGCysGAQQBgbU3AQEEMIIBOzAvBggrBgEFBQcCARYjaHR0cDovL2NlcnQuc3RhcnRj
b20ub3JnL3BvbGljeS5wZGYwNQYIKwYBBQUHAgEWKWh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9p
bnRlcm1lZGlhdGUucGRmMIHQBggrBgEFBQcCAjCBwzAnFiBTdGFydCBDb21tZXJjaWFsIChTdGFy
dENvbSkgTHRkLjADAgEBGoGXTGltaXRlZCBMaWFiaWxpdHksIHJlYWQgdGhlIHNlY3Rpb24gKkxl
Z2FsIExpbWl0YXRpb25zKiBvZiB0aGUgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
UG9saWN5IGF2YWlsYWJsZSBhdCBodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvcG9saWN5LnBkZjAR
BglghkgBhvhCAQEEBAMCAAcwUAYJYIZIAYb4QgENBEMWQVN0YXJ0Q29tIENsYXNzIDIgUHJpbWFy
eSBJbnRlcm1lZGlhdGUgRnJlZSBTU0wgRW1haWwgQ2VydGlmaWNhdGVzMA0GCSqGSIb3DQEBBQUA
A4ICAQAe9xAX/vbphHkvkDdNrslXWdO7fD3JaqnTT3jmmDu55r7UpW1H/v/J40UBXsw9DKU8TylE
4RwZT5HDAMW42f1x498AzM4FOnL/pUTTvr6BiRlrify5ZovkDYVWjy1GYTJ+hPiBEv0HmHnDxjhn
JIIkEvJ+niMHLLEdpNMhZnxMiTFRAtIF4WeYcpgXBjAxsEDRKBvw40K+r3N4lykySQNp2ElIJ8H1
z2BmhxtppUdWpOVJ4Q1Gvn9jfV1qnMhFCDY+X1X8DrkKrTcpDExcGlefweQs7+DYUK3spiQkJpN7
qpPYlfy2GYHedv7lGa1ZAghMI/4882QVAK2zq6M60nHpOUMtYD61XtAs3ZD5L3yn9LCdeK2j4ZbQ
3uRdwvxAMFWwXyUK/ALP4lCu9QhxbnETOkBWT3FJul4/FUgzM0RRCEGhuQWiOFSoa35XJTcYf/4E
/ZuvOXhK04nUpe7DYTMWzRqL04yyoJQVHKHKSboytueydKuqFZKdJA9gi77OnPBYL/yxkXGgkLC9
tsi77oT4AgZry0/6lgX56ak+f/umQihNPgtKSQQjEYq9S8MlOHzpUM0vxsghATYsdUPBw6r6ZxDH
jXoUAD03DUMEbKsWvqFB7nJNVesngbu8miw1EYLA+fHfTaCidoV3CL75jKqM/KE87qrh9Fqti9bK
qnkvpTGCA2wwggNoAgEBMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk
LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMv
U3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMAkGBSsO
AwIaBQCgggGtMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEyMDUw
NzAzMzIyN1owIwYJKoZIhvcNAQkEMRYEFCskBhu6cBQcSPu1h6+nhIFO0e/kMIGkBgkrBgEEAYI3
EAQxgZYwgZMwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQL
EyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBD
bGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQICHlwwgaYGCyqGSIb3DQEJEAIL
MYGWoIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xh
c3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMA0GCSqGSIb3DQEBAQUABIIB
ADgLWLXcnQHcgjaGI93Rggy4BtJKCRwQWg9x9EqlTJQ+bdNNnxqoFYexP3yPa3WaGrMGbdL0+NlC
Qj6AqboAx4bB1FlGo+T2Z9wffQ4kvJ8wp1BSNXh+wDiNZQYqcuZXez3nGo8E8OLUQg7bVHArimXg
TMRKm5wCmm+a2j0QDoNNDhrY3MWlBajOboodJ8huPYvmtQJaeyB54ykUnM+D+Vi5UUOTyx7oxnJP
Fsu49m3EiItfWvu9txDZWbAETnS1ZqXRn5NjFViVulT86+tSos+zQeVkoy8brqTpUEO9RmCieB5n
ePTRnY/ADkrBKTtX/NUcVELTD2c4rOrjYsDGuQ4AAAAAAAA=

--Apple-Mail=_D498A97D-090B-43E8-8C45-D951553F5AFD--

From laurentwalter.goix@telecomitalia.it  Mon May  7 02:37:11 2012
Return-Path: <laurentwalter.goix@telecomitalia.it>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A6B321F851B; Mon,  7 May 2012 02:37:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.426
X-Spam-Level: 
X-Spam-Status: No, score=-0.426 tagged_above=-999 required=5 tests=[AWL=-1.122, BAYES_40=-0.185, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eig12FvTyOHf; Mon,  7 May 2012 02:37:10 -0700 (PDT)
Received: from GRFEDG701BA020.telecomitalia.it (grfedg701ba020.telecomitalia.it [156.54.233.200]) by ietfa.amsl.com (Postfix) with ESMTP id CBDB521F84CF; Mon,  7 May 2012 02:37:09 -0700 (PDT)
Content-Type: multipart/mixed; boundary="_7fb53cf8-9d45-469c-bd29-09e83174aca5_"
Received: from grfhub704ba020.griffon.local (10.188.101.117) by GRFEDG701BA020.telecomitalia.it (10.188.45.100) with Microsoft SMTP Server (TLS) id 8.3.245.1; Mon, 7 May 2012 11:37:08 +0200
Received: from GRFMBX704BA020.griffon.local ([10.188.101.16]) by grfhub704ba020.griffon.local ([10.188.101.117]) with mapi; Mon, 7 May 2012 11:37:08 +0200
From: Goix Laurent Walter <laurentwalter.goix@telecomitalia.it>
To: "Gonzalo Salgueiro (gsalguei)" <gsalguei@cisco.com>, "Murray S. Kucherawy" <msk@cloudmark.com>
Date: Mon, 7 May 2012 11:37:06 +0200
Thread-Topic: [apps-discuss] draft-jones-appsawg-webfinger-04
Thread-Index: Ac0qLw91jpuP0JfARCag29xw1SJcwACBMmkA
Message-ID: <A09A9E0A4B9C654E8672D1DC003633AE52EE435611@GRFMBX704BA020.griffon.local>
References: <9452079D1A51524AA5749AD23E00392810E4CA@exch-mbx901.corp.cloudmark.com> <5876011F-2C2C-4889-9452-E8BDC1438713@cisco.com>
In-Reply-To: <5876011F-2C2C-4889-9452-E8BDC1438713@cisco.com>
Accept-Language: en-US
Content-Language: it-IT
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
x-ti-disclaimer: Disclaimer1
MIME-Version: 1.0
Cc: "oauth@ietf.org" <oauth@ietf.org>, "apps-discuss@ietf.org" <apps-discuss@ietf.org>
Subject: [OAUTH-WG] R: [apps-discuss] draft-jones-appsawg-webfinger-04
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 May 2012 09:37:11 -0000

--_7fb53cf8-9d45-469c-bd29-09e83174aca5_
Content-Type: multipart/alternative;
	boundary="_000_A09A9E0A4B9C654E8672D1DC003633AE52EE435611GRFMBX704BA02_"

--_000_A09A9E0A4B9C654E8672D1DC003633AE52EE435611GRFMBX704BA02_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

SSBhbHNvIHN1cHBvcnQgdGhpcyBkcmFmdCBhcyBhIHdheSBmb3J3YXJkIGZvciB0aGUgZGlzY3Vz
c2lvbiB0aGF0IEkgdGhpbmsgY2FwdHVyZXMgdGhlIGVzc2VuY2Ugb2YgYm90aCBwaGlsb3NvcGhp
ZXMuDQoNCklmIHN1Y2ggYmFzaXMgaXMgYWdyZWVkIHdoYXQgYXJlIHRoZSBtYWpvciBwZW5kaW5n
IGlzc3Vlcz8NCg0KUmVnYXJkcw0KTGF1cmVudC13YWx0ZXINCg0KRGE6IGFwcHMtZGlzY3Vzcy1i
b3VuY2VzQGlldGYub3JnIFttYWlsdG86YXBwcy1kaXNjdXNzLWJvdW5jZXNAaWV0Zi5vcmddIFBl
ciBjb250byBkaSBHb256YWxvIFNhbGd1ZWlybyAoZ3NhbGd1ZWkpDQpJbnZpYXRvOiB2ZW5lcmTD
rCA0IG1hZ2dpbyAyMDEyIDIxLjUwDQpBOiBNdXJyYXkgUy4gS3VjaGVyYXd5DQpDYzogb2F1dGhA
aWV0Zi5vcmc7IGFwcHMtZGlzY3Vzc0BpZXRmLm9yZw0KT2dnZXR0bzogUmU6IFthcHBzLWRpc2N1
c3NdIGRyYWZ0LWpvbmVzLWFwcHNhd2ctd2ViZmluZ2VyLTA0DQoNCkkgc3VwcG9ydCB0aGlzIGRv
YyBiZWluZyBhZG9wdGVkIGFzIHN0YXJ0aW5nIHBvaW50IGZvciBXRyBkaXNjdXNzaW9uLg0KUmVn
YXJkcywNCg0KR29uemFsbw0KDQoNCk9uIE1heSA0LCAyMDEyLCBhdCAzOjAzIFBNLCAiTXVycmF5
IFMuIEt1Y2hlcmF3eSIgPG1za0BjbG91ZG1hcmsuY29tPG1haWx0bzptc2tAY2xvdWRtYXJrLmNv
bT4+IHdyb3RlOg0KVGhlIGFib3ZlLW5hbWVkIGRyYWZ0IGhhcyBiZWVuIG9mZmVyZWQgYXMgdGhl
IHJlY29tbWVuZGVkIHBhdGggZm9yd2FyZCBpbiB0ZXJtcyBvZiBjb252ZXJnaW5nIG9uIGEgc2lu
Z2xlIGRvY3VtZW50IHRvIGFkdmFuY2UgdGhyb3VnaCBhcHBzYXdnLiAgVGhlIGNvbnZlcnNhdGlv
biBJIHNhdyB0aGlzIHdlZWsgaW4gdGhhdCByZWdhcmQgaGFzIHNlZW1lZCBtb3N0bHkgcG9zaXRp
dmUuDQoNClBsZWFzZSByZXZpZXcgaXQsIG9yIGF0IGxlYXN0IHRoZSBkaWZmLCBhbmQgaW5kaWNh
dGUgeW91ciBzdXBwb3J0IG9yIG9iamVjdGlvbiBvbiBhcHBzLWRpc2N1c3NAaWV0Zi5vcmc8bWFp
bHRvOmFwcHMtZGlzY3Vzc0BpZXRmLm9yZz4gdG8gYWRvcHRpbmcgdGhpcyBvbmUgYXMgdGhlIGNv
bW1vbiBwYXRoIGZvcndhcmQuIFdlIHdvdWxkIGxpa2UgdG8gbWFrZSBhIGRlY2lzaW9uIGFib3V0
IHdoaWNoIG9uZSB0byBiZWdpbiBhZHZhbmNpbmcgaW4gdGhlIG5leHQgd2VlayBvciB0d28uDQoN
CkhhdmUgYSBnb29kIHdlZWtlbmQhDQoNCi1NU0ssIEFQUFNBV0cgY28tY2hhaXINCg0KX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCmFwcHMtZGlzY3VzcyBt
YWlsaW5nIGxpc3QNCmFwcHMtZGlzY3Vzc0BpZXRmLm9yZzxtYWlsdG86YXBwcy1kaXNjdXNzQGll
dGYub3JnPg0KaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9hcHBzLWRpc2N1
c3MNClF1ZXN0byBtZXNzYWdnaW8gZSBpIHN1b2kgYWxsZWdhdGkgc29ubyBpbmRpcml6emF0aSBl
c2NsdXNpdmFtZW50ZSBhbGxlIHBlcnNvbmUgaW5kaWNhdGUuIExhIGRpZmZ1c2lvbmUsIGNvcGlh
IG8gcXVhbHNpYXNpIGFsdHJhIGF6aW9uZSBkZXJpdmFudGUgZGFsbGEgY29ub3NjZW56YSBkaSBx
dWVzdGUgaW5mb3JtYXppb25pIHNvbm8gcmlnb3Jvc2FtZW50ZSB2aWV0YXRlLiBRdWFsb3JhIGFi
YmlhdGUgcmljZXZ1dG8gcXVlc3RvIGRvY3VtZW50byBwZXIgZXJyb3JlIHNpZXRlIGNvcnRlc2Vt
ZW50ZSBwcmVnYXRpIGRpIGRhcm5lIGltbWVkaWF0YSBjb211bmljYXppb25lIGFsIG1pdHRlbnRl
IGUgZGkgcHJvdnZlZGVyZSBhbGxhIHN1YSBkaXN0cnV6aW9uZSwgR3JhemllLg0KDQpUaGlzIGUt
bWFpbCBhbmQgYW55IGF0dGFjaG1lbnRzIGlzIGNvbmZpZGVudGlhbCBhbmQgbWF5IGNvbnRhaW4g
cHJpdmlsZWdlZCBpbmZvcm1hdGlvbiBpbnRlbmRlZCBmb3IgdGhlIGFkZHJlc3NlZShzKSBvbmx5
LiBEaXNzZW1pbmF0aW9uLCBjb3B5aW5nLCBwcmludGluZyBvciB1c2UgYnkgYW55Ym9keSBlbHNl
IGlzIHVuYXV0aG9yaXNlZC4gSWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVudCwg
cGxlYXNlIGRlbGV0ZSB0aGlzIG1lc3NhZ2UgYW5kIGFueSBhdHRhY2htZW50cyBhbmQgYWR2aXNl
IHRoZSBzZW5kZXIgYnkgcmV0dXJuIGUtbWFpbCwgVGhhbmtzLg0KDQpbY2lkOjAwMDAwMDAwMDAw
MDAwMDAwMDAwMDAwMDAwMDAwMDAzQFRJLkRpc2NsYWltZXJdUmlzcGV0dGEgbCdhbWJpZW50ZS4g
Tm9uIHN0YW1wYXJlIHF1ZXN0YSBtYWlsIHNlIG5vbiDDqCBuZWNlc3NhcmlvLg0KDQo=

--_000_A09A9E0A4B9C654E8672D1DC003633AE52EE435611GRFMBX704BA02_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTIgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl
Pg0KPCEtLQ0KIC8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCiBAZm9udC1mYWNlDQoJe2ZvbnQtZmFt
aWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAyIDQ7fQ0KQGZvbnQtZmFj
ZQ0KCXtmb250LWZhbWlseToiU2Vnb2UgVUkiOw0KCXBhbm9zZS0xOjIgMTEgNSAyIDQgMiA0IDIg
MiAzO30NCiAvKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KIHAuTXNvTm9ybWFsLCBsaS5Nc29Ob3Jt
YWwsIGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBjbTsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7
DQoJZm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsInNhbnMtc2VyaWYi
O30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0K
CWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQphOnZpc2l0ZWQsIHNw
YW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9y
OnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCnNwYW4uU3RpbGVNZXNzYWdn
aW9EaVBvc3RhRWxldHRyb25pY2ExNw0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbDsNCglmb250
LWZhbWlseToiQ2FsaWJyaSIsInNhbnMtc2VyaWYiOw0KCWNvbG9yOndpbmRvd3RleHQ7fQ0Kc3Bh
bi5TdGlsZU1lc3NhZ2dpb0RpUG9zdGFFbGV0dHJvbmljYTE4DQoJe21zby1zdHlsZS10eXBlOnBl
cnNvbmFsLXJlcGx5Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIiwic2Fucy1zZXJpZiI7DQoJY29s
b3I6IzFGNDk3RDt9DQouTXNvQ2hwRGVmYXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25s
eTsNCglmb250LXNpemU6MTAuMHB0O30NCkBwYWdlIFNlY3Rpb24xDQoJe3NpemU6NjEyLjBwdCA3
OTIuMHB0Ow0KCW1hcmdpbjo3Mi4wcHQgNzIuMHB0IDcyLjBwdCA3Mi4wcHQ7fQ0KZGl2LlNlY3Rp
b24xDQoJe3BhZ2U6U2VjdGlvbjE7fQ0KLS0+DQo8L3N0eWxlPjwhLS1baWYgZ3RlIG1zbyA5XT48
eG1sPg0KIDxvOnNoYXBlZGVmYXVsdHMgdjpleHQ9ImVkaXQiIHNwaWRtYXg9IjEwMjYiIC8+DQo8
L3htbD48IVtlbmRpZl0tLT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCiA8bzpzaGFwZWxheW91
dCB2OmV4dD0iZWRpdCI+DQogIDxvOmlkbWFwIHY6ZXh0PSJlZGl0IiBkYXRhPSIxIiAvPg0KIDwv
bzpzaGFwZWxheW91dD48L3htbD48IVtlbmRpZl0tLT4NCjwvaGVhZD4NCjxib2R5IGJnY29sb3I9
IndoaXRlIiBsYW5nPSJGUiIgbGluaz0iYmx1ZSIgdmxpbms9InB1cnBsZSI+DQo8ZGl2IGNsYXNz
PSJTZWN0aW9uMSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5
bGU9ImNvbG9yOiMxRjQ5N0QiPkkgYWxzbyBzdXBwb3J0IHRoaXMgZHJhZnQgYXMgYSB3YXkgZm9y
d2FyZCBmb3IgdGhlIGRpc2N1c3Npb24gdGhhdCBJIHRoaW5rIGNhcHR1cmVzIHRoZSBlc3NlbmNl
IG9mIGJvdGggcGhpbG9zb3BoaWVzLg0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9
Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJjb2xvcjojMUY0OTdEIj48bzpw
PiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5n
PSJFTi1VUyIgc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPklmIHN1Y2ggYmFzaXMgaXMgYWdyZWVkIHdo
YXQgYXJlIHRoZSBtYWpvciBwZW5kaW5nIGlzc3Vlcz88bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8
cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImNvbG9yOiMxRjQ5
N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz
cGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+UmVnYXJkczxvOnA+PC9vOnA+
PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHls
ZT0iY29sb3I6IzFGNDk3RCI+TGF1cmVudC13YWx0ZXI8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8
cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48
L3NwYW4+PC9wPg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgYmx1
ZSAxLjVwdDtwYWRkaW5nOjBjbSAwY20gMGNtIDQuMHB0Ij4NCjxkaXY+DQo8ZGl2IHN0eWxlPSJi
b3JkZXI6bm9uZTtib3JkZXItdG9wOnNvbGlkICNCNUM0REYgMS4wcHQ7cGFkZGluZzozLjBwdCAw
Y20gMGNtIDBjbSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48c3BhbiBsYW5nPSJJVCIgc3R5
bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7U2Vnb2UgVUkmcXVvdDssJnF1
b3Q7c2Fucy1zZXJpZiZxdW90OyI+RGE6PC9zcGFuPjwvYj48c3BhbiBsYW5nPSJJVCIgc3R5bGU9
ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7U2Vnb2UgVUkmcXVvdDssJnF1b3Q7
c2Fucy1zZXJpZiZxdW90OyI+IGFwcHMtZGlzY3Vzcy1ib3VuY2VzQGlldGYub3JnIFttYWlsdG86
YXBwcy1kaXNjdXNzLWJvdW5jZXNAaWV0Zi5vcmddDQo8Yj5QZXIgY29udG8gZGkgPC9iPkdvbnph
bG8gU2FsZ3VlaXJvIChnc2FsZ3VlaSk8YnI+DQo8Yj5JbnZpYXRvOjwvYj4gdmVuZXJkw6wgNCBt
YWdnaW8gMjAxMiAyMS41MDxicj4NCjxiPkE6PC9iPiBNdXJyYXkgUy4gS3VjaGVyYXd5PGJyPg0K
PGI+Q2M6PC9iPiBvYXV0aEBpZXRmLm9yZzsgYXBwcy1kaXNjdXNzQGlldGYub3JnPGJyPg0KPGI+
T2dnZXR0bzo8L2I+IFJlOiBbYXBwcy1kaXNjdXNzXSBkcmFmdC1qb25lcy1hcHBzYXdnLXdlYmZp
bmdlci0wNDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0i
TXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y
bWFsIiBzdHlsZT0ibWFyZ2luLWJvdHRvbToxMi4wcHQiPkkgc3VwcG9ydCB0aGlzIGRvYyBiZWlu
ZyBhZG9wdGVkIGFzIHN0YXJ0aW5nIHBvaW50IGZvciBXRyBkaXNjdXNzaW9uLjxvOnA+PC9vOnA+
PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlJlZ2FyZHMsPG86cD48L286cD48L3A+
DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwv
cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkdvbnphbG88bzpwPjwvbzpw
PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9v
OnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHls
ZT0ibWFyZ2luLWJvdHRvbToxMi4wcHQiPjxicj4NCk9uIE1heSA0LCAyMDEyLCBhdCAzOjAzIFBN
LCAmcXVvdDtNdXJyYXkgUy4gS3VjaGVyYXd5JnF1b3Q7ICZsdDs8YSBocmVmPSJtYWlsdG86bXNr
QGNsb3VkbWFyay5jb20iPm1za0BjbG91ZG1hcmsuY29tPC9hPiZndDsgd3JvdGU6PG86cD48L286
cD48L3A+DQo8L2Rpdj4NCjxibG9ja3F1b3RlIHN0eWxlPSJtYXJnaW4tdG9wOjUuMHB0O21hcmdp
bi1ib3R0b206NS4wcHQiPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlRoZSBhYm92ZS1u
YW1lZCBkcmFmdCBoYXMgYmVlbiBvZmZlcmVkIGFzIHRoZSByZWNvbW1lbmRlZCBwYXRoIGZvcndh
cmQgaW4gdGVybXMgb2YgY29udmVyZ2luZyBvbiBhIHNpbmdsZSBkb2N1bWVudCB0byBhZHZhbmNl
IHRocm91Z2ggYXBwc2F3Zy4mbmJzcDsgVGhlIGNvbnZlcnNhdGlvbiBJIHNhdyB0aGlzIHdlZWsg
aW4gdGhhdCByZWdhcmQgaGFzIHNlZW1lZCBtb3N0bHkgcG9zaXRpdmUuPG86cD48L286cD48L3A+
DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN
c29Ob3JtYWwiPlBsZWFzZSByZXZpZXcgaXQsIG9yIGF0IGxlYXN0IHRoZSBkaWZmLCBhbmQgaW5k
aWNhdGUgeW91ciBzdXBwb3J0IG9yIG9iamVjdGlvbiBvbg0KPGEgaHJlZj0ibWFpbHRvOmFwcHMt
ZGlzY3Vzc0BpZXRmLm9yZyI+YXBwcy1kaXNjdXNzQGlldGYub3JnPC9hPiB0byBhZG9wdGluZyB0
aGlzIG9uZSBhcyB0aGUgY29tbW9uIHBhdGggZm9yd2FyZC4gV2Ugd291bGQgbGlrZSB0byBtYWtl
IGEgZGVjaXNpb24gYWJvdXQgd2hpY2ggb25lIHRvIGJlZ2luIGFkdmFuY2luZyBpbiB0aGUgbmV4
dCB3ZWVrIG9yIHR3by48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNw
OzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+SGF2ZSBhIGdvb2Qgd2Vla2Vu
ZCE8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwOzxvOnA+PC9vOnA+
PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+LU1TSywgQVBQU0FXRyBjby1jaGFpcjxvOnA+PC9v
OnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rp
dj4NCjwvYmxvY2txdW90ZT4NCjxibG9ja3F1b3RlIHN0eWxlPSJtYXJnaW4tdG9wOjUuMHB0O21h
cmdpbi1ib3R0b206NS4wcHQiPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0
eWxlPSJmb250LXNpemU6MTIuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1RpbWVzIE5ldyBSb21hbiZx
dW90OywmcXVvdDtzZXJpZiZxdW90OyI+X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX188YnI+DQphcHBzLWRpc2N1c3MgbWFpbGluZyBsaXN0PGJyPg0KPGEgaHJl
Zj0ibWFpbHRvOmFwcHMtZGlzY3Vzc0BpZXRmLm9yZyI+YXBwcy1kaXNjdXNzQGlldGYub3JnPC9h
Pjxicj4NCjxhIGhyZWY9Imh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vYXBw
cy1kaXNjdXNzIj5odHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2FwcHMtZGlz
Y3VzczwvYT48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjwv
ZGl2Pg0KPC9kaXY+DQo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPg0KPCEtLQ0Kc3Bhbi5HcmFtRSB7
bXNvLXN0eWxlLW5hbWU6IiI7DQoJbXNvLWdyYW0tZTp5ZXM7fQ0KLS0+DQo8L3N0eWxlPg0KPHRh
YmxlIHN0eWxlPSJ3aWR0aDo2MDBweDsiPg0KPHRib2R5Pg0KPHRyPg0KPHRkIHN0eWxlPSJ3aWR0
aDo1ODVweDsgZm9udC1mYW1pbHk6IFZlcmRhbmEsIEFyaWFsOyBmb250LXNpemU6MTJweDsgY29s
b3I6IzAwMDsgdGV4dC1hbGlnbjoganVzdGlmeSIgd2lkdGg9IjM5NSI+DQo8ZGl2IGFsaWduPSJq
dXN0aWZ5Ij48c3BhbiBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0idGV4dC1hbGlnbjpqdXN0aWZ5
OyBsaW5lLWhlaWdodDpub3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6Ny41cHQ7Zm9udC1m
YW1pbHk6VmVyZGFuYSI+UXVlc3RvIG1lc3NhZ2dpbyBlIGkgc3VvaSBhbGxlZ2F0aSBzb25vIGlu
ZGlyaXp6YXRpIGVzY2x1c2l2YW1lbnRlIGFsbGUgcGVyc29uZSBpbmRpY2F0ZS4gTGEgZGlmZnVz
aW9uZSwgY29waWEgbyBxdWFsc2lhc2kNCiBhbHRyYSBhemlvbmUgZGVyaXZhbnRlIGRhbGxhIGNv
bm9zY2VuemEgZGkgcXVlc3RlIGluZm9ybWF6aW9uaSBzb25vIHJpZ29yb3NhbWVudGUgdmlldGF0
ZS4gUXVhbG9yYSBhYmJpYXRlIHJpY2V2dXRvIHF1ZXN0byBkb2N1bWVudG8gcGVyIGVycm9yZSBz
aWV0ZSBjb3J0ZXNlbWVudGUgcHJlZ2F0aSBkaSBkYXJuZSBpbW1lZGlhdGEgY29tdW5pY2F6aW9u
ZSBhbCBtaXR0ZW50ZSBlIGRpIHByb3Z2ZWRlcmUgYWxsYSBzdWEgZGlzdHJ1emlvbmUsIEdyYXpp
ZS4NCjwvc3Bhbj48L3NwYW4+PC9kaXY+DQo8cCBhbGlnbj0ianVzdGlmeSI+PHNwYW4gY2xhc3M9
Ik1zb05vcm1hbCIgc3R5bGU9InRleHQtYWxpZ246anVzdGlmeTsgbGluZS1oZWlnaHQ6bm9ybWFs
Ij48aT48c3BhbiBsYW5nPSJFTi1HQiIgc3R5bGU9ImZvbnQtc2l6ZTo3LjVwdDtmb250LWZhbWls
eTpWZXJkYW5hO21zby1hbnNpLWxhbmd1YWdlOkVOLUdCIj5UaGlzIGUtbWFpbCBhbmQgYW55IGF0
dGFjaG1lbnRzPC9zcGFuPjwvaT48aT48c3BhbiBsYW5nPSJFTi1HQiIgc3R5bGU9ImZvbnQtc2l6
ZToNCiAgNy41cHQ7bXNvLWJpZGktZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTpWZXJkYW5h
O21zby1hbnNpLWxhbmd1YWdlOkVOLUdCIj4mbmJzcDs8c3BhbiBjbGFzcz0iR3JhbUUiPmlzPC9z
cGFuPiZuYnNwOzwvc3Bhbj48L2k+PGk+PHNwYW4gbGFuZz0iRU4tR0IiIHN0eWxlPSJmb250LXNp
emU6DQogIDcuNXB0O2ZvbnQtZmFtaWx5OlZlcmRhbmE7bXNvLWFuc2ktbGFuZ3VhZ2U6RU4tR0Ii
PmNvbmZpZGVudGlhbA0KIGFuZCBtYXkgY29udGFpbiBwcml2aWxlZ2VkIGluZm9ybWF0aW9uIGlu
dGVuZGVkIGZvciB0aGUgYWRkcmVzc2VlKHMpIG9ubHkuIERpc3NlbWluYXRpb24sIGNvcHlpbmcs
IHByaW50aW5nIG9yIHVzZSBieSBhbnlib2R5IGVsc2UgaXMgdW5hdXRob3Jpc2VkLiBJZiB5b3Ug
YXJlIG5vdCB0aGUgaW50ZW5kZWQgcmVjaXBpZW50LCBwbGVhc2UgZGVsZXRlIHRoaXMgbWVzc2Fn
ZSBhbmQgYW55IGF0dGFjaG1lbnRzIGFuZCBhZHZpc2UgdGhlIHNlbmRlcg0KIGJ5IHJldHVybiBl
LW1haWwsIFRoYW5rcy48L3NwYW4+PC9pPjxzcGFuIGxhbmc9IkVOLUdCIiBzdHlsZT0ibXNvLWFu
c2ktbGFuZ3VhZ2U6RU4tR0IiPg0KPC9zcGFuPjwvc3Bhbj48L3A+DQo8Yj48c3BhbiBzdHlsZT0i
Zm9udC1zaXplOjcuNXB0Ow0KICBmb250LWZhbWlseTpWZXJkYW5hIj48aW1nIHNyYz0iY2lkOjAw
MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAzQFRJLkRpc2NsYWltZXIiIGFsdD0icmlzcGV0
dGEgbCdhbWJpZW50ZSIgd2lkdGg9IjI2IiBoZWlnaHQ9IjQwIj5SaXNwZXR0YSBsJ2FtYmllbnRl
LiBOb24gc3RhbXBhcmUgcXVlc3RhIG1haWwgc2Ugbm9uIMOoIG5lY2Vzc2FyaW8uPC9zcGFuPjwv
Yj4NCjxwPjwvcD4NCjwvdGQ+DQo8L3RyPg0KPC90Ym9keT4NCjwvdGFibGU+DQo8L2JvZHk+DQo8
L2h0bWw+DQo=

--_000_A09A9E0A4B9C654E8672D1DC003633AE52EE435611GRFMBX704BA02_--

--_7fb53cf8-9d45-469c-bd29-09e83174aca5_
Content-Description: logo Ambiente_foglia2.jpg
Content-Type: image/jpeg; name="logo Ambiente_foglia2.jpg"
Content-Disposition: inline; filename="logo Ambiente_foglia2.jpg"
Content-Transfer-Encoding: base64
Content-ID: 00000000000000000000000000000003@TI.Disclaimer

R0lGODlhGgAoANU5AEiFNnikNyRvNcvYOafCOEOEW3DO3jB2NqjGs9ny9o+zOIOrN+L1+G+ggbzo
8GCUN1SNNv///zx+NrPJOL/ROYPV44zY5YuzmrfQwCZxQlKNaMXZzOfy8NTi2TV6TuLs5vX8/ez5
+4yzmtTj2cXr8mCXdKni62ycN5/f6aDf6X2qjrPl7rLl7Zu6OJbb53nS4PH188bs8sXZzfH18pq9
p0SDWxhnNWbL3NfgOf///wAAAAAAAAAAAAAAAAAAAAAAACH5BAEAADkALAAAAAAaACgAAAb/wJxw
SBQ6WMWkMmm6kZbQ5OvmjFoT1JuBYYWmsrcXqJvEgm8WctFypnI66pyjfXMhCmqGgR4r2S5dIBV0
FjI2h3BRX20VHAUCEjZ4UHNtFo42BA+HCEskbQYOIwU2CjgBNgAZM0kMbSYcIjYCBDg4LTYLf0V6
YCghNBk2DwO2OASZqkS9VBYMCB6pE8bGucidOYJUoaOptdQTFDg2ATgHGkIs2wyyAqbUtgICCwfl
uh8ge1sNNhDF8LYiHYKAg4INBJUS8FsAEF6AA6lsHWjg4gYKDDZONGwIAIAtCAX2hPAgYSNHj6ds
3KiA8V3DAQGm2epoS4HKFQ0EmMRhc97Mwge2kN1IoIGgyQECD5wQUO6YygTkdtpCdSgqDl0VoDaV
OmDBpm+oTCQoABQgBZfGbIrDAUBDAgcNDnDs98/WA504Buxa0RKgzVkB/h0oi+pDjgQhHtU1RgDi
oY6l8gpAJyTBCBsSFtuC6XjWTBuJhIRAgFkmwAmoAkM4mCQCBmEB1sIDIKAFRGytYfDrt4CAuAkn
qnrYYCXCBxGkqlYtgbtLhOcbMNSw0SBOEmg2VFj/sGHDhRLCNBC3fqFqARWhowQBADs=

--_7fb53cf8-9d45-469c-bd29-09e83174aca5_--

From paulej@packetizer.com  Mon May  7 06:17:01 2012
Return-Path: <paulej@packetizer.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B70E21F85BD; Mon,  7 May 2012 06:17:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.529
X-Spam-Level: 
X-Spam-Status: No, score=-2.529 tagged_above=-999 required=5 tests=[AWL=0.069,  BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zwV7R2QK6nE6; Mon,  7 May 2012 06:17:00 -0700 (PDT)
Received: from dublin.packetizer.com (dublin.packetizer.com [75.101.130.125]) by ietfa.amsl.com (Postfix) with ESMTP id 4256A21F85B7; Mon,  7 May 2012 06:17:00 -0700 (PDT)
Received: from [156.106.244.92] ([156.106.244.92]) (authenticated bits=0) by dublin.packetizer.com (8.14.5/8.14.5) with ESMTP id q47DGXam007831 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Mon, 7 May 2012 09:16:34 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=packetizer.com; s=dublin; t=1336396595; bh=Dpf2khUBG8MtxU9NenIHHSD8szNTUOiKpGpy7ugK+pw=; h=Message-ID:Date:From:MIME-Version:To:CC:Subject:References: In-Reply-To:Content-Type; b=YYcC/pxhW9+W5TcY35jfMpRsqyciejQRCh85ZAHuZ/ZFB39idNwiyM+8lgd8Yl28P Cd5dAZtS9unS/Hqv5wkuc2CNJPgEEPBi0mFPfnO7epbsVEkyLTbVc+fR5VAAxURfP/ lbpl18EGHi6y6ETWoWq85XJGuElsJNpNpoMLRqYA=
Message-ID: <4FA7CB3A.4020000@packetizer.com>
Date: Mon, 07 May 2012 09:16:42 -0400
From: "Paul E. Jones" <paulej@packetizer.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: Goix Laurent Walter <laurentwalter.goix@telecomitalia.it>
References: <9452079D1A51524AA5749AD23E00392810E4CA@exch-mbx901.corp.cloudmark.com> <5876011F-2C2C-4889-9452-E8BDC1438713@cisco.com> <A09A9E0A4B9C654E8672D1DC003633AE52EE435611@GRFMBX704BA020.griffon.local>
In-Reply-To: <A09A9E0A4B9C654E8672D1DC003633AE52EE435611@GRFMBX704BA020.griffon.local>
Content-Type: multipart/alternative; boundary="------------050404080207070600040108"
Cc: "oauth@ietf.org" <oauth@ietf.org>, "Gonzalo Salgueiro \(gsalguei\)" <gsalguei@cisco.com>, "apps-discuss@ietf.org" <apps-discuss@ietf.org>
Subject: Re: [OAUTH-WG] [apps-discuss] R:  draft-jones-appsawg-webfinger-04
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 May 2012 13:17:01 -0000

This is a multi-part message in MIME format.
--------------050404080207070600040108
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit

Walter,

I'm not sure what the full set of issues will be, but I only have a 
couple of small edits queued for -05 at present (one being "template" 
should be "href" in the example at the end of 4.2 that you pointed out 
to me privately).  We've already worked through a number of issues to 
get to this point, so there may not be a lot of changes needed.  I'll 
not dismiss the possibility that there are editorial issues, but I hope 
we've resolved most of the technical details.

We probably still need to have the discussion of keeping CORS and what 
additions are needed to the security section.  We've made a few changes 
there already, but I'm not sure if it still fully addresses some of the 
privacy concerns.

Paul

On 5/7/2012 5:37 AM, Goix Laurent Walter wrote:
>
> I also support this draft as a way forward for the discussion that I 
> think captures the essence of both philosophies.
>
> If such basis is agreed what are the major pending issues?
>
> Regards
>
> Laurent-walter
>
> *Da:*apps-discuss-bounces@ietf.org 
> [mailto:apps-discuss-bounces@ietf.org] *Per conto di *Gonzalo 
> Salgueiro (gsalguei)
> *Inviato:* venerdì 4 maggio 2012 21.50
> *A:* Murray S. Kucherawy
> *Cc:* oauth@ietf.org; apps-discuss@ietf.org
> *Oggetto:* Re: [apps-discuss] draft-jones-appsawg-webfinger-04
>
> I support this doc being adopted as starting point for WG discussion.
>
> Regards,
>
> Gonzalo
>
>
> On May 4, 2012, at 3:03 PM, "Murray S. Kucherawy" <msk@cloudmark.com 
> <mailto:msk@cloudmark.com>> wrote:
>
>     The above-named draft has been offered as the recommended path
>     forward in terms of converging on a single document to advance
>     through appsawg.  The conversation I saw this week in that regard
>     has seemed mostly positive.
>
>     Please review it, or at least the diff, and indicate your support
>     or objection on apps-discuss@ietf.org
>     <mailto:apps-discuss@ietf.org> to adopting this one as the common
>     path forward. We would like to make a decision about which one to
>     begin advancing in the next week or two.
>
>     Have a good weekend!
>
>     -MSK, APPSAWG co-chair
>
>     _______________________________________________
>     apps-discuss mailing list
>     apps-discuss@ietf.org <mailto:apps-discuss@ietf.org>
>     https://www.ietf.org/mailman/listinfo/apps-discuss
>


--------------050404080207070600040108
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Walter,<br>
    <br>
    I'm not sure what the full set of issues will be, but I only have a
    couple of small edits queued for -05 at present (one being
    "template" should be "href" in the example at the end of 4.2 that
    you pointed out to me privately).&nbsp; We've already worked through a
    number of issues to get to this point, so there may not be a lot of
    changes needed.&nbsp; I'll not dismiss the possibility that there are
    editorial issues, but I hope we've resolved most of the technical
    details.<br>
    <br>
    We probably still need to have the discussion of keeping CORS and
    what additions are needed to the security section.&nbsp; We've made a few
    changes there already, but I'm not sure if it still fully addresses
    some of the privacy concerns.<br>
    <br>
    Paul<br>
    <br>
    On 5/7/2012 5:37 AM, Goix Laurent Walter wrote:
    <blockquote
cite="mid:A09A9E0A4B9C654E8672D1DC003633AE52EE435611@GRFMBX704BA020.griffon.local"
      type="cite">
      <meta http-equiv="Content-Type" content="text/html;
        charset=ISO-8859-1">
      <meta name="Generator" content="Microsoft Word 12 (filtered
        medium)">
      <style>
<!--
 /* Font Definitions */
 @font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:"Segoe UI";
	panose-1:2 11 5 2 4 2 4 2 2 3;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
span.StileMessaggioDiPostaElettronica17
	{mso-style-type:personal;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
span.StileMessaggioDiPostaElettronica18
	{mso-style-type:personal-reply;
	font-family:"Calibri","sans-serif";
	color:#1F497D;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:10.0pt;}
@page Section1
	{size:612.0pt 792.0pt;
	margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.Section1
	{page:Section1;}
-->
</style><!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext="edit">
  <o:idmap v:ext="edit" data="1" />
 </o:shapelayout></xml><![endif]-->
      <div class="Section1">
        <p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">I
            also support this draft as a way forward for the discussion
            that I think captures the essence of both philosophies.
            <o:p></o:p></span></p>
        <p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p>&nbsp;</o:p></span></p>
        <p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">If
            such basis is agreed what are the major pending issues?<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p>&nbsp;</o:p></span></p>
        <p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">Regards<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">Laurent-walter<o:p></o:p></span></p>
        <p class="MsoNormal"><span lang="EN-US"><o:p>&nbsp;</o:p></span></p>
        <div style="border:none;border-left:solid blue 1.5pt;padding:0cm
          0cm 0cm 4.0pt">
          <div>
            <div style="border:none;border-top:solid #B5C4DF
              1.0pt;padding:3.0pt 0cm 0cm 0cm">
              <p class="MsoNormal"><b><span
                    style="font-size:10.0pt;font-family:&quot;Segoe
                    UI&quot;,&quot;sans-serif&quot;" lang="IT">Da:</span></b><span
                  style="font-size:10.0pt;font-family:&quot;Segoe
                  UI&quot;,&quot;sans-serif&quot;" lang="IT">
                  <a class="moz-txt-link-abbreviated" href="mailto:apps-discuss-bounces@ietf.org">apps-discuss-bounces@ietf.org</a>
                  [<a class="moz-txt-link-freetext" href="mailto:apps-discuss-bounces@ietf.org">mailto:apps-discuss-bounces@ietf.org</a>]
                  <b>Per conto di </b>Gonzalo Salgueiro (gsalguei)<br>
                  <b>Inviato:</b> venerd&igrave; 4 maggio 2012 21.50<br>
                  <b>A:</b> Murray S. Kucherawy<br>
                  <b>Cc:</b> <a class="moz-txt-link-abbreviated" href="mailto:oauth@ietf.org">oauth@ietf.org</a>; <a class="moz-txt-link-abbreviated" href="mailto:apps-discuss@ietf.org">apps-discuss@ietf.org</a><br>
                  <b>Oggetto:</b> Re: [apps-discuss]
                  draft-jones-appsawg-webfinger-04<o:p></o:p></span></p>
            </div>
          </div>
          <p class="MsoNormal"><o:p>&nbsp;</o:p></p>
          <div>
            <p class="MsoNormal" style="margin-bottom:12.0pt">I support
              this doc being adopted as starting point for WG
              discussion.<o:p></o:p></p>
            <div>
              <p class="MsoNormal">Regards,<o:p></o:p></p>
            </div>
            <div>
              <p class="MsoNormal"><o:p>&nbsp;</o:p></p>
            </div>
            <div>
              <p class="MsoNormal">Gonzalo<o:p></o:p></p>
            </div>
            <div>
              <p class="MsoNormal"><o:p>&nbsp;</o:p></p>
            </div>
          </div>
          <div>
            <p class="MsoNormal" style="margin-bottom:12.0pt"><br>
              On May 4, 2012, at 3:03 PM, "Murray S. Kucherawy" &lt;<a
                moz-do-not-send="true" href="mailto:msk@cloudmark.com">msk@cloudmark.com</a>&gt;
              wrote:<o:p></o:p></p>
          </div>
          <blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
            <div>
              <p class="MsoNormal">The above-named draft has been
                offered as the recommended path forward in terms of
                converging on a single document to advance through
                appsawg.&nbsp; The conversation I saw this week in that
                regard has seemed mostly positive.<o:p></o:p></p>
              <p class="MsoNormal">&nbsp;<o:p></o:p></p>
              <p class="MsoNormal">Please review it, or at least the
                diff, and indicate your support or objection on
                <a moz-do-not-send="true"
                  href="mailto:apps-discuss@ietf.org">apps-discuss@ietf.org</a>
                to adopting this one as the common path forward. We
                would like to make a decision about which one to begin
                advancing in the next week or two.<o:p></o:p></p>
              <p class="MsoNormal">&nbsp;<o:p></o:p></p>
              <p class="MsoNormal">Have a good weekend!<o:p></o:p></p>
              <p class="MsoNormal">&nbsp;<o:p></o:p></p>
              <p class="MsoNormal">-MSK, APPSAWG co-chair<o:p></o:p></p>
              <p class="MsoNormal">&nbsp;<o:p></o:p></p>
            </div>
          </blockquote>
          <blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
            <div>
              <p class="MsoNormal"><span
                  style="font-size:12.0pt;font-family:&quot;Times New
                  Roman&quot;,&quot;serif&quot;">_______________________________________________<br>
                  apps-discuss mailing list<br>
                  <a moz-do-not-send="true"
                    href="mailto:apps-discuss@ietf.org">apps-discuss@ietf.org</a><br>
                  <a moz-do-not-send="true"
                    href="https://www.ietf.org/mailman/listinfo/apps-discuss">https://www.ietf.org/mailman/listinfo/apps-discuss</a></span><br>
              </p>
            </div>
          </blockquote>
        </div>
      </div>
    </blockquote>
    <br>
  </body>
</html>

--------------050404080207070600040108--

From hannes.tschofenig@gmx.net  Mon May  7 15:48:29 2012
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 722BE11E8074 for <oauth@ietfa.amsl.com>; Mon,  7 May 2012 15:48:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lVdlZtOY4960 for <oauth@ietfa.amsl.com>; Mon,  7 May 2012 15:48:28 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id 6AFC221F864E for <oauth@ietf.org>; Mon,  7 May 2012 15:48:28 -0700 (PDT)
Received: (qmail invoked by alias); 07 May 2012 22:48:26 -0000
Received: from unknown (EHLO dhcp50-94-118-50.hil-dcaaedt.dca.wayport.net) [65.89.200.2] by mail.gmx.net (mp033) with SMTP; 08 May 2012 00:48:26 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1/+2W0E4S3+PZ+H2kAn4Alr5i6rfbi6MBZqON3W0N yIv39MDYTbdsJE
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Date: Tue, 8 May 2012 01:48:16 +0300
Message-Id: <53E17703-C3BD-48A1-8CB6-BD0D3795DD77@gmx.net>
To: "oauth@ietf.org WG" <oauth@ietf.org>
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Subject: [OAUTH-WG] Error Registry Consensus Call
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 May 2012 22:48:29 -0000

Hi all,=20

there is an open issue concerning draft-ietf-oauth-v2-bearer-19 that may =
impact draft-ietf-oauth-v2-26 (depending on it's resolution) and we =
would like to get feedback from the working group about it.=20

Here is the issue: When a client makes an access to a protected =
resources then things may go wrong and an error may be returned in =
response. draft-ietf-oauth-v2-bearer talks about this behavior.=20

That's great but these error codes need to be registered somewhere. Note =
that the registry can be created in one document while the values can be =
registered by many documents.=20

So, where should the registry be?

There are two choices.=20

a) A new OAuth errors registry goes into draft-ietf-oauth-v2-bearer.

b) draft-ietf-oauth-v2 expands the scope of the existing OAuth Errors =
registry to encompass errors returned from resource servers.

Currently, draft-ietf-oauth-v2 creates registries for error codes only =
for the exchanges from A-to-D (symbols used from Figure 1 of =
draft-ietf-oauth-v2), but excludes registration of errors from flows =
E-F.

We must create a registry for error codes from flows E-F.  In which =
document do we want to create this registry?

So, give us your feedback whether you have a preference by the end of =
the week.=20

Ciao
Hannes & Derek


From Michael.Jones@microsoft.com  Mon May  7 15:55:40 2012
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3361D21F865E for <oauth@ietfa.amsl.com>; Mon,  7 May 2012 15:55:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.927
X-Spam-Level: 
X-Spam-Status: No, score=-3.927 tagged_above=-999 required=5 tests=[AWL=-0.328, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0tFvcdvt392P for <oauth@ietfa.amsl.com>; Mon,  7 May 2012 15:55:39 -0700 (PDT)
Received: from db3outboundpool.messaging.microsoft.com (db3ehsobe005.messaging.microsoft.com [213.199.154.143]) by ietfa.amsl.com (Postfix) with ESMTP id B848021F857F for <oauth@ietf.org>; Mon,  7 May 2012 15:55:38 -0700 (PDT)
Received: from mail88-db3-R.bigfish.com (10.3.81.253) by DB3EHSOBE004.bigfish.com (10.3.84.24) with Microsoft SMTP Server id 14.1.225.23; Mon, 7 May 2012 22:55:24 +0000
Received: from mail88-db3 (localhost [127.0.0.1])	by mail88-db3-R.bigfish.com (Postfix) with ESMTP id 1F21B46011E; Mon,  7 May 2012 22:55:24 +0000 (UTC)
X-SpamScore: -27
X-BigFish: VS-27(zz9371I14ffI542Mzz1202hzz1033IL8275dhz2fh2a8h668h839h944hd25h)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC105.redmond.corp.microsoft.com; RD:none; EFVD:NLI
Received-SPF: pass (mail88-db3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC105.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail88-db3 (localhost.localdomain [127.0.0.1]) by mail88-db3 (MessageSwitch) id 1336431322243481_14891; Mon,  7 May 2012 22:55:22 +0000 (UTC)
Received: from DB3EHSMHS007.bigfish.com (unknown [10.3.81.248])	by mail88-db3.bigfish.com (Postfix) with ESMTP id 372C7220112; Mon,  7 May 2012 22:55:22 +0000 (UTC)
Received: from TK5EX14HUBC105.redmond.corp.microsoft.com (131.107.125.8) by DB3EHSMHS007.bigfish.com (10.3.87.107) with Microsoft SMTP Server (TLS) id 14.1.225.23; Mon, 7 May 2012 22:55:22 +0000
Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.230]) by TK5EX14HUBC105.redmond.corp.microsoft.com ([157.54.80.48]) with mapi id 14.02.0298.005; Mon, 7 May 2012 22:55:30 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "oauth@ietf.org WG" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Error Registry Consensus Call
Thread-Index: AQHNLKOK4/Ar7WEiKkOvuAeb5S02zZa+74Bw
Date: Mon, 7 May 2012 22:55:30 +0000
Message-ID: <4E1F6AAD24975D4BA5B1680429673943664C9014@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <53E17703-C3BD-48A1-8CB6-BD0D3795DD77@gmx.net>
In-Reply-To: <53E17703-C3BD-48A1-8CB6-BD0D3795DD77@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.37]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Subject: Re: [OAUTH-WG] Error Registry Consensus Call
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 May 2012 22:55:40 -0000

 b) - a single OAuth errors registry for all of exchanges A-F of the protoc=
ol

-----Original Message-----
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of H=
annes Tschofenig
Sent: Monday, May 07, 2012 3:48 PM
To: oauth@ietf.org WG
Subject: [OAUTH-WG] Error Registry Consensus Call

Hi all,=20

there is an open issue concerning draft-ietf-oauth-v2-bearer-19 that may im=
pact draft-ietf-oauth-v2-26 (depending on it's resolution) and we would lik=
e to get feedback from the working group about it.=20

Here is the issue: When a client makes an access to a protected resources t=
hen things may go wrong and an error may be returned in response. draft-iet=
f-oauth-v2-bearer talks about this behavior.=20

That's great but these error codes need to be registered somewhere. Note th=
at the registry can be created in one document while the values can be regi=
stered by many documents.=20

So, where should the registry be?

There are two choices.=20

a) A new OAuth errors registry goes into draft-ietf-oauth-v2-bearer.

b) draft-ietf-oauth-v2 expands the scope of the existing OAuth Errors regis=
try to encompass errors returned from resource servers.

Currently, draft-ietf-oauth-v2 creates registries for error codes only for =
the exchanges from A-to-D (symbols used from Figure 1 of draft-ietf-oauth-v=
2), but excludes registration of errors from flows E-F.

We must create a registry for error codes from flows E-F.  In which documen=
t do we want to create this registry?

So, give us your feedback whether you have a preference by the end of the w=
eek.=20

Ciao
Hannes & Derek

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth



From eran@hueniverse.com  Mon May  7 16:06:53 2012
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9598721F866A for <oauth@ietfa.amsl.com>; Mon,  7 May 2012 16:06:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.532
X-Spam-Level: 
X-Spam-Status: No, score=-2.532 tagged_above=-999 required=5 tests=[AWL=0.067,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kSYnOAtrR53h for <oauth@ietfa.amsl.com>; Mon,  7 May 2012 16:06:52 -0700 (PDT)
Received: from p3plex2out02.prod.phx3.secureserver.net (p3plex2out02.prod.phx3.secureserver.net [184.168.131.14]) by ietfa.amsl.com (Postfix) with ESMTP id A383C21F8665 for <oauth@ietf.org>; Mon,  7 May 2012 16:06:52 -0700 (PDT)
Received: from P3PWEX2HT001.ex2.secureserver.net ([184.168.131.9]) by p3plex2out02.prod.phx3.secureserver.net with bizsmtp id 7B6s1j0020CJzpC01B6s71; Mon, 07 May 2012 16:06:52 -0700
Received: from P3PWEX2MB008.ex2.secureserver.net ([169.254.8.88]) by P3PWEX2HT001.ex2.secureserver.net ([184.168.131.9]) with mapi id 14.02.0247.003; Mon, 7 May 2012 16:06:52 -0700
From: Eran Hammer <eran@hueniverse.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "oauth@ietf.org WG" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Error Registry Consensus Call
Thread-Index: AQHNLKOIX0E3b1HWEkWa/Y91Xa0KqJa+8ENQ
Date: Mon, 7 May 2012 23:06:51 +0000
Message-ID: <0CBAEB56DDB3A140BA8E8C124C04ECA201021DD6@P3PWEX2MB008.ex2.secureserver.net>
References: <53E17703-C3BD-48A1-8CB6-BD0D3795DD77@gmx.net>
In-Reply-To: <53E17703-C3BD-48A1-8CB6-BD0D3795DD77@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [64.74.213.174]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] Error Registry Consensus Call
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 May 2012 23:06:53 -0000

A.

For the following reasons (all extensively discussed on this list before):

1. The OAuth core specification has nothing to do with HTTP authentication =
schemes.
2. The bearer specification is a general purpose HTTP Auth scheme and defin=
ing such a registry needs to be defined within those boundaries - that is, =
either specific to Bearer to generic to all HTTP Auth scheme opting into th=
e error parameter.
3. There wasn't strong consensus that the error parameter was even necessar=
y or useful to begin with. Limiting it to bearer reflects the wider IETF co=
nsensus on the matter (based on feedback received at the time from the HTTP=
bis WG).
4. It would be odd for someone using the bearer scheme outside of OAuth to =
use the OAuth error registry (and take over values that will be helpful for=
 the core specification).
5. There is no overlap in functionality or values between the protected res=
ource endpoint (which is part of the proprietary API namespace) and the OAu=
th endpoint for which the registry was created. To piggyback the OAuth regi=
stry just because it is slightly easier would be wrong. There is no interop=
 value accomplished.

This is not simply a question of where to stick the registry. Adding this t=
o the OAuth registry would be a fundamental change in architecture and phil=
osophy and a significant change at this point. Adding it to the bearer spec=
ification is the only viable option.

I would request that such a change go through another IETF LC if this was t=
he WG consensus but hope we can avoid it.

EH



> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf
> Of Hannes Tschofenig
> Sent: Monday, May 07, 2012 3:48 PM
> To: oauth@ietf.org WG
> Subject: [OAUTH-WG] Error Registry Consensus Call
>=20
> Hi all,
>=20
> there is an open issue concerning draft-ietf-oauth-v2-bearer-19 that may
> impact draft-ietf-oauth-v2-26 (depending on it's resolution) and we would
> like to get feedback from the working group about it.
>=20
> Here is the issue: When a client makes an access to a protected resources
> then things may go wrong and an error may be returned in response. draft-
> ietf-oauth-v2-bearer talks about this behavior.
>=20
> That's great but these error codes need to be registered somewhere. Note
> that the registry can be created in one document while the values can be
> registered by many documents.
>=20
> So, where should the registry be?
>=20
> There are two choices.
>=20
> a) A new OAuth errors registry goes into draft-ietf-oauth-v2-bearer.
>=20
> b) draft-ietf-oauth-v2 expands the scope of the existing OAuth Errors
> registry to encompass errors returned from resource servers.
>=20
> Currently, draft-ietf-oauth-v2 creates registries for error codes only fo=
r the
> exchanges from A-to-D (symbols used from Figure 1 of draft-ietf-oauth-v2)=
,
> but excludes registration of errors from flows E-F.
>=20
> We must create a registry for error codes from flows E-F.  In which docum=
ent
> do we want to create this registry?
>=20
> So, give us your feedback whether you have a preference by the end of the
> week.
>=20
> Ciao
> Hannes & Derek
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

From Michael.Jones@microsoft.com  Mon May  7 16:12:22 2012
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6AF0221F8688 for <oauth@ietfa.amsl.com>; Mon,  7 May 2012 16:12:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.421
X-Spam-Level: 
X-Spam-Status: No, score=-5.421 tagged_above=-999 required=5 tests=[AWL=1.178,  BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IfRQ4oZUGwCn for <oauth@ietfa.amsl.com>; Mon,  7 May 2012 16:12:21 -0700 (PDT)
Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe006.messaging.microsoft.com [216.32.180.16]) by ietfa.amsl.com (Postfix) with ESMTP id 335E921F8686 for <oauth@ietf.org>; Mon,  7 May 2012 16:12:21 -0700 (PDT)
Received: from mail138-va3-R.bigfish.com (10.7.14.238) by VA3EHSOBE009.bigfish.com (10.7.40.29) with Microsoft SMTP Server id 14.1.225.23; Mon, 7 May 2012 23:12:07 +0000
Received: from mail138-va3 (localhost [127.0.0.1])	by mail138-va3-R.bigfish.com (Postfix) with ESMTP id 4DC60400D5; Mon,  7 May 2012 23:12:07 +0000 (UTC)
X-SpamScore: -33
X-BigFish: VS-33(zz9371I14ffI542M1432Nzz1202hzz1033IL8275dhz2fh2a8h668h839h944hd25h)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC104.redmond.corp.microsoft.com; RD:none; EFVD:NLI
Received-SPF: pass (mail138-va3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14MLTC104.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail138-va3 (localhost.localdomain [127.0.0.1]) by mail138-va3 (MessageSwitch) id 1336432325691996_6448; Mon,  7 May 2012 23:12:05 +0000 (UTC)
Received: from VA3EHSMHS033.bigfish.com (unknown [10.7.14.240])	by mail138-va3.bigfish.com (Postfix) with ESMTP id 9F6F720065; Mon,  7 May 2012 23:12:05 +0000 (UTC)
Received: from TK5EX14MLTC104.redmond.corp.microsoft.com (131.107.125.8) by VA3EHSMHS033.bigfish.com (10.7.99.43) with Microsoft SMTP Server (TLS) id 14.1.225.23; Mon, 7 May 2012 23:12:05 +0000
Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.230]) by TK5EX14MLTC104.redmond.corp.microsoft.com ([157.54.79.159]) with mapi id 14.02.0298.005; Mon, 7 May 2012 23:12:17 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Eran Hammer <eran@hueniverse.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, "oauth@ietf.org WG" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Error Registry Consensus Call
Thread-Index: AQHNLKOK4/Ar7WEiKkOvuAeb5S02zZa+8uWAgAAATNA=
Date: Mon, 7 May 2012 23:12:17 +0000
Message-ID: <4E1F6AAD24975D4BA5B1680429673943664C90F7@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <53E17703-C3BD-48A1-8CB6-BD0D3795DD77@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA201021DD6@P3PWEX2MB008.ex2.secureserver.net>
In-Reply-To: <0CBAEB56DDB3A140BA8E8C124C04ECA201021DD6@P3PWEX2MB008.ex2.secureserver.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.37]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Subject: Re: [OAUTH-WG] Error Registry Consensus Call
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 May 2012 23:12:22 -0000

The bearer spec is not intended as a general purpose HTTP Auth scheme.  Not=
e that it includes a "scope" response, which firmly anchors it to use with =
OAuth, where it provides flows E-F which follow flows A-D that are specifie=
d in the framework spec - thus completing the end-to-end OAuth protocol usa=
ge flows.

These are OAuth-specific errors.

-----Original Message-----
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of E=
ran Hammer
Sent: Monday, May 07, 2012 4:07 PM
To: Hannes Tschofenig; oauth@ietf.org WG
Subject: Re: [OAUTH-WG] Error Registry Consensus Call

A.

For the following reasons (all extensively discussed on this list before):

1. The OAuth core specification has nothing to do with HTTP authentication =
schemes.
2. The bearer specification is a general purpose HTTP Auth scheme and defin=
ing such a registry needs to be defined within those boundaries - that is, =
either specific to Bearer to generic to all HTTP Auth scheme opting into th=
e error parameter.
3. There wasn't strong consensus that the error parameter was even necessar=
y or useful to begin with. Limiting it to bearer reflects the wider IETF co=
nsensus on the matter (based on feedback received at the time from the HTTP=
bis WG).
4. It would be odd for someone using the bearer scheme outside of OAuth to =
use the OAuth error registry (and take over values that will be helpful for=
 the core specification).
5. There is no overlap in functionality or values between the protected res=
ource endpoint (which is part of the proprietary API namespace) and the OAu=
th endpoint for which the registry was created. To piggyback the OAuth regi=
stry just because it is slightly easier would be wrong. There is no interop=
 value accomplished.

This is not simply a question of where to stick the registry. Adding this t=
o the OAuth registry would be a fundamental change in architecture and phil=
osophy and a significant change at this point. Adding it to the bearer spec=
ification is the only viable option.

I would request that such a change go through another IETF LC if this was t=
he WG consensus but hope we can avoid it.

EH



> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf=20
> Of Hannes Tschofenig
> Sent: Monday, May 07, 2012 3:48 PM
> To: oauth@ietf.org WG
> Subject: [OAUTH-WG] Error Registry Consensus Call
>=20
> Hi all,
>=20
> there is an open issue concerning draft-ietf-oauth-v2-bearer-19 that=20
> may impact draft-ietf-oauth-v2-26 (depending on it's resolution) and=20
> we would like to get feedback from the working group about it.
>=20
> Here is the issue: When a client makes an access to a protected=20
> resources then things may go wrong and an error may be returned in=20
> response. draft- ietf-oauth-v2-bearer talks about this behavior.
>=20
> That's great but these error codes need to be registered somewhere.=20
> Note that the registry can be created in one document while the values=20
> can be registered by many documents.
>=20
> So, where should the registry be?
>=20
> There are two choices.
>=20
> a) A new OAuth errors registry goes into draft-ietf-oauth-v2-bearer.
>=20
> b) draft-ietf-oauth-v2 expands the scope of the existing OAuth Errors=20
> registry to encompass errors returned from resource servers.
>=20
> Currently, draft-ietf-oauth-v2 creates registries for error codes only=20
> for the exchanges from A-to-D (symbols used from Figure 1 of=20
> draft-ietf-oauth-v2), but excludes registration of errors from flows E-F.
>=20
> We must create a registry for error codes from flows E-F.  In which=20
> document do we want to create this registry?
>=20
> So, give us your feedback whether you have a preference by the end of=20
> the week.
>=20
> Ciao
> Hannes & Derek
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth



From ve7jtb@ve7jtb.com  Mon May  7 16:20:16 2012
Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12B0721F84F3 for <oauth@ietfa.amsl.com>; Mon,  7 May 2012 16:20:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.526
X-Spam-Level: 
X-Spam-Status: No, score=-3.526 tagged_above=-999 required=5 tests=[AWL=0.073,  BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O6mtUhXU2PBT for <oauth@ietfa.amsl.com>; Mon,  7 May 2012 16:20:13 -0700 (PDT)
Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by ietfa.amsl.com (Postfix) with ESMTP id 18E4121F84EA for <oauth@ietf.org>; Mon,  7 May 2012 16:20:09 -0700 (PDT)
Received: by yenq13 with SMTP id q13so1143067yen.31 for <oauth@ietf.org>; Mon, 07 May 2012 16:20:09 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=Qz5BmPQgpqrdqfC8yzrMHtbXMZ6XTXnZ/kWUAdxcYk4=; b=gKfmT918bWgvd5sQwEJq4fUXAdHPqF+z0qIJQUjcnlbWviOVzjGq+0vUYRO7HZLiEx Bbxi5u+CFEaQo1AHc4lkqAVhVU76kw0EmC6byeRBksA9mzO0J2Lw9+BME3yXUn4iXyZq wMVIHwHm5GLpJ+8fTSo2pQP+WtX5/t43isyHoRO99pisfLLynyMtnATKC+qWKzh3l2XU b4nOVNGpVPz7AZThg/4QVUDdV4JtmkBTUMCObwteTnUxfP1Nxg+Vn5wsm15LnllwXAZ9 8fBQ9o28WB9gZ1qYnWbQ7FHu6rhXFWcCJ7Ri6qBoFFnSFVoZk0Rw7CAiLEHc1TLDpMil 8XPQ==
Received: by 10.236.190.70 with SMTP id d46mr21994394yhn.90.1336432809383; Mon, 07 May 2012 16:20:09 -0700 (PDT)
Received: from [192.168.1.213] (190-20-11-19.baf.movistar.cl. [190.20.11.19]) by mx.google.com with ESMTPS id u2sm89627335yhe.8.2012.05.07.16.20.01 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 07 May 2012 16:20:08 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: multipart/signed; boundary="Apple-Mail=_CF5F4C55-0D6D-4A3F-AC63-93A4E37F1CA4"; protocol="application/pkcs7-signature"; micalg=sha1
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <53E17703-C3BD-48A1-8CB6-BD0D3795DD77@gmx.net>
Date: Mon, 7 May 2012 19:19:45 -0400
Message-Id: <054E3D0C-8AFC-4585-8ED3-14348E25C4D0@ve7jtb.com>
References: <53E17703-C3BD-48A1-8CB6-BD0D3795DD77@gmx.net>
To: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
X-Mailer: Apple Mail (2.1257)
X-Gm-Message-State: ALoCoQlC3sprFRprM8RxO5ixHzLLj+DooV4M/JIGwapolR5Xr+Hj5dmw1htPUFOOd+SUo2UVxVYy
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Error Registry Consensus Call
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 May 2012 23:20:16 -0000

--Apple-Mail=_CF5F4C55-0D6D-4A3F-AC63-93A4E37F1CA4
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

b)  Unless we remove the OAuth specific errors from bearer it should be =
in  oath-v2.  =20

One registry is preferable.=20

John B.
On 2012-05-07, at 6:48 PM, Hannes Tschofenig wrote:

> Hi all,=20
>=20
> there is an open issue concerning draft-ietf-oauth-v2-bearer-19 that =
may impact draft-ietf-oauth-v2-26 (depending on it's resolution) and we =
would like to get feedback from the working group about it.=20
>=20
> Here is the issue: When a client makes an access to a protected =
resources then things may go wrong and an error may be returned in =
response. draft-ietf-oauth-v2-bearer talks about this behavior.=20
>=20
> That's great but these error codes need to be registered somewhere. =
Note that the registry can be created in one document while the values =
can be registered by many documents.=20
>=20
> So, where should the registry be?
>=20
> There are two choices.=20
>=20
> a) A new OAuth errors registry goes into draft-ietf-oauth-v2-bearer.
>=20
> b) draft-ietf-oauth-v2 expands the scope of the existing OAuth Errors =
registry to encompass errors returned from resource servers.
>=20
> Currently, draft-ietf-oauth-v2 creates registries for error codes only =
for the exchanges from A-to-D (symbols used from Figure 1 of =
draft-ietf-oauth-v2), but excludes registration of errors from flows =
E-F.
>=20
> We must create a registry for error codes from flows E-F.  In which =
document do we want to create this registry?
>=20
> So, give us your feedback whether you have a preference by the end of =
the week.=20
>=20
> Ciao
> Hannes & Derek
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


--Apple-Mail=_CF5F4C55-0D6D-4A3F-AC63-93A4E37F1CA4
Content-Disposition: attachment;
	filename=smime.p7s
Content-Type: application/pkcs7-signature;
	name=smime.p7s
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIPnzCCB7Uw
ggadoAMCAQICAh5cMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3Rh
cnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4
MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0Ew
HhcNMTIwMzE4MDQzMjQ4WhcNMTQwMzE5MTEwNzMyWjCBmzEZMBcGA1UEDRMQR3JUTTZMUzdYMzU3
NzhzOTELMAkGA1UEBhMCQ0wxIjAgBgNVBAgTGU1ldHJvcG9saXRhbmEgZGUgU2FudGlhZ28xFjAU
BgNVBAcTDUlzbGEgZGUgTWFpcG8xFTATBgNVBAMTDEpvaG4gQnJhZGxleTEeMBwGCSqGSIb3DQEJ
ARYPamJyYWRsZXlAbWUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskrlBI93
rBTLOQGSwIT6co6dAw/rwDPrRXl6/F2oc4KDn+QN6CdFeHo08H846VJS9CDjLKvnK9jbxxs4wYqe
nKdPb3jgzt8oc7b9ZXtWkOgsxgMf6dBZ/IPm4lWBpCbSr3seDGDXEpiE2lTZXno7c25OguR4E6Qa
hcpHABZjeEWK65mMH25gmoRf5MY1k3quu5y+FCYCHE2iwU5jzq+mI3HmG59+UMFLx1fjV+zTslRw
26cQDC/uepwjeYSp8S26hfWipVWwQj4js/C7RoPtvt2iyeU+LSH81jG4wlAWntiOG1WtoXUuXWSc
ExhciKeKWCnemy9qqmxRfJqBROeGlQIDAQABo4IEDjCCBAowCQYDVR0TBAIwADALBgNVHQ8EBAMC
BLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBQ/A7/CxKEnzpqmZlLz
9iaQMy24eTAfBgNVHSMEGDAWgBSuVYNv7DHKufcd+q9rMfPIHeOsuzB+BgNVHREEdzB1gQ9qYnJh
ZGxleUBtZS5jb22BD2picmFkbGV5QG1lLmNvbYEQamJyYWRsZXlAbWFjLmNvbYERdmU3anRiQHZl
N2p0Yi5jb22BE2picmFkbGV5QHdpbmdhYS5jb22BF2pvaG4uYnJhZGxleUB3aW5nYWEuY29tMIIC
IQYDVR0gBIICGDCCAhQwggIQBgsrBgEEAYG1NwECAjCCAf8wLgYIKwYBBQUHAgEWImh0dHA6Ly93
d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3RhcnRz
c2wuY29tL2ludGVybWVkaWF0ZS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1ZWQgYWNj
b3JkaW5nIHRvIHRoZSBDbGFzcyAyIFZhbGlkYXRpb24gcmVxdWlyZW1lbnRzIG9mIHRoZSBTdGFy
dENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9yIHRoZSBpbnRlbmRlZCBwdXJwb3NlIGlu
IGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlpbmcgcGFydHkgb2JsaWdhdGlvbnMuMIGcBggrBgEFBQcC
AjCBjzAnFiBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgECGmRMaWFiaWxpdHkg
YW5kIHdhcnJhbnRpZXMgYXJlIGxpbWl0ZWQhIFNlZSBzZWN0aW9uICJMZWdhbCBhbmQgTGltaXRh
dGlvbnMiIG9mIHRoZSBTdGFydENvbSBDQSBwb2xpY3kuMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6
Ly9jcmwuc3RhcnRzc2wuY29tL2NydHUyLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8wOQYIKwYB
BQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MyL2NsaWVudC9jYTBCBggr
BgEFBQcwAoY2aHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNzMi5jbGllbnQu
Y2EuY3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQUF
AAOCAQEAEcfD4PmHrX+W3zaP/KsR4gwLAL0UTaMz14SIng6a9F3kb8ZDbTUneS9ubgpqeJQP2IFc
0U5gQnJ3XeCH6p9I88mvm1NqKQw8WvfglS0aIS19vfpTgXJSPdIO2JJPRqaBtXf3zkdXJwckX9/d
NMrLGeGvaFT9fUNdQdHU4BI1pVUpgKr796T7LTc/ERfH8iFp1+CmdVkJ6Y2iJdWUp4h17XmbxbIT
0CdS4SSk/VW8LFsn/mVz6hB73VthwjGsIku54Wp4pRuq1KX+pATnRk3pHRa1z3mxJMmq7OEXENcC
Vm+bAnyUrYbUilNS9UVTYS8/3dVsKiNupBaOZO+vOgJqVDCCB+IwggXKoAMCAQICAQ4wDQYJKoZI
hvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT
IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDI1NFoXDTEyMTAyMjIxMDI1NFowgYwx
CzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGln
aXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAyIFByaW1h
cnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMsohUWcASz7GfKrpTOMKqANy9BV7V0igWdGxA8IU77L3aTxErQ+fcxtDYZ36Z6GH0YFn7fq5RAD
teP0AYzrCA+EQTfi8q1+kA3m0nwtwXG94M5sIqsvs7lRP1aycBke/s5g9hJHryZ2acScnzczjBCA
o7X1v5G3yw8MDP2m2RCye0KfgZ4nODerZJVzhAlOD9YejvAXZqHksw56HzElVIoYSZ3q4+RJuPXX
fIoyby+Y2m1E+YzX5iCZXBx05gk6MKAW1vaw4/v2OOLy6FZH3XHHtOkzUreG//CsFnB9+uaYSlR6
5cdGzTsmoIK8WH1ygoXhRBm98SD7Hf/r3FELNvUCAwEAAaOCA1swggNXMAwGA1UdEwQFMAMBAf8w
CwYDVR0PBAQDAgGmMB0GA1UdDgQWBBSuVYNv7DHKufcd+q9rMfPIHeOsuzCBqAYDVR0jBIGgMIGd
gBROC+8apEBbpRdphzDKNGhD0EGu8qGBgaR/MH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFy
dENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkw
JwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBATAJBgNVHRIEAjAAMD0G
CCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAoYhaHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2Eu
Y3J0MGAGA1UdHwRZMFcwLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwu
Y3JsMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwggFdBgNVHSAEggFU
MIIBUDCCAUwGCysGAQQBgbU3AQEEMIIBOzAvBggrBgEFBQcCARYjaHR0cDovL2NlcnQuc3RhcnRj
b20ub3JnL3BvbGljeS5wZGYwNQYIKwYBBQUHAgEWKWh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9p
bnRlcm1lZGlhdGUucGRmMIHQBggrBgEFBQcCAjCBwzAnFiBTdGFydCBDb21tZXJjaWFsIChTdGFy
dENvbSkgTHRkLjADAgEBGoGXTGltaXRlZCBMaWFiaWxpdHksIHJlYWQgdGhlIHNlY3Rpb24gKkxl
Z2FsIExpbWl0YXRpb25zKiBvZiB0aGUgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
UG9saWN5IGF2YWlsYWJsZSBhdCBodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvcG9saWN5LnBkZjAR
BglghkgBhvhCAQEEBAMCAAcwUAYJYIZIAYb4QgENBEMWQVN0YXJ0Q29tIENsYXNzIDIgUHJpbWFy
eSBJbnRlcm1lZGlhdGUgRnJlZSBTU0wgRW1haWwgQ2VydGlmaWNhdGVzMA0GCSqGSIb3DQEBBQUA
A4ICAQAe9xAX/vbphHkvkDdNrslXWdO7fD3JaqnTT3jmmDu55r7UpW1H/v/J40UBXsw9DKU8TylE
4RwZT5HDAMW42f1x498AzM4FOnL/pUTTvr6BiRlrify5ZovkDYVWjy1GYTJ+hPiBEv0HmHnDxjhn
JIIkEvJ+niMHLLEdpNMhZnxMiTFRAtIF4WeYcpgXBjAxsEDRKBvw40K+r3N4lykySQNp2ElIJ8H1
z2BmhxtppUdWpOVJ4Q1Gvn9jfV1qnMhFCDY+X1X8DrkKrTcpDExcGlefweQs7+DYUK3spiQkJpN7
qpPYlfy2GYHedv7lGa1ZAghMI/4882QVAK2zq6M60nHpOUMtYD61XtAs3ZD5L3yn9LCdeK2j4ZbQ
3uRdwvxAMFWwXyUK/ALP4lCu9QhxbnETOkBWT3FJul4/FUgzM0RRCEGhuQWiOFSoa35XJTcYf/4E
/ZuvOXhK04nUpe7DYTMWzRqL04yyoJQVHKHKSboytueydKuqFZKdJA9gi77OnPBYL/yxkXGgkLC9
tsi77oT4AgZry0/6lgX56ak+f/umQihNPgtKSQQjEYq9S8MlOHzpUM0vxsghATYsdUPBw6r6ZxDH
jXoUAD03DUMEbKsWvqFB7nJNVesngbu8miw1EYLA+fHfTaCidoV3CL75jKqM/KE87qrh9Fqti9bK
qnkvpTGCA2wwggNoAgEBMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk
LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMv
U3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMAkGBSsO
AwIaBQCgggGtMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEyMDUw
NzIzMTk0NVowIwYJKoZIhvcNAQkEMRYEFDYPqgbHS3ezMFZeoo+fapdfkkaiMIGkBgkrBgEEAYI3
EAQxgZYwgZMwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQL
EyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBD
bGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQICHlwwgaYGCyqGSIb3DQEJEAIL
MYGWoIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xh
c3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMA0GCSqGSIb3DQEBAQUABIIB
AInH3Y1SYZWXE6jEYg+bgs7w7W/8IRrpt7RYa8vMyaGmvaHgCa2V8DxDRV5vCcgqBigrMMvh2z0T
QngbXreBzQASbGJk7cx/RKbFVdkDJlVqoQyk+wwsoVeYpEOtkSbcLTRaEpxvSuSJCvAlz7IH3Oal
4ANgZ5RLNot689NxCKmdVlB58Z/zZNv2CV61Br6ZnFwgX3GLraLtoTnqsx6O/Mn1emjVVTW0//IK
CwcLok6ej6OW2QzKgnPBU9CAEbeqjyI4bCB5eCTzKSv6+rQSJ5Ad0p5sB0KNJz4FcGUNO4J8K0ex
TTYWYBRca6aFnw+r5c70GWuQiK6nr0DtTZ2s0cUAAAAAAAA=

--Apple-Mail=_CF5F4C55-0D6D-4A3F-AC63-93A4E37F1CA4--

From eran@hueniverse.com  Mon May  7 16:20:46 2012
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2163221F8667 for <oauth@ietfa.amsl.com>; Mon,  7 May 2012 16:20:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.533
X-Spam-Level: 
X-Spam-Status: No, score=-2.533 tagged_above=-999 required=5 tests=[AWL=0.066,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 42b8ApZlIKrj for <oauth@ietfa.amsl.com>; Mon,  7 May 2012 16:20:44 -0700 (PDT)
Received: from p3plex2out02.prod.phx3.secureserver.net (p3plex2out02.prod.phx3.secureserver.net [184.168.131.14]) by ietfa.amsl.com (Postfix) with ESMTP id CBAEA21F8665 for <oauth@ietf.org>; Mon,  7 May 2012 16:20:44 -0700 (PDT)
Received: from P3PWEX2HT002.ex2.secureserver.net ([184.168.131.10]) by p3plex2out02.prod.phx3.secureserver.net with bizsmtp id 7BLi1j0010Dcg9U01BLikM; Mon, 07 May 2012 16:20:42 -0700
Received: from P3PWEX2MB008.ex2.secureserver.net ([169.254.8.88]) by P3PWEX2HT002.ex2.secureserver.net ([184.168.131.10]) with mapi id 14.02.0247.003; Mon, 7 May 2012 16:20:41 -0700
From: Eran Hammer <eran@hueniverse.com>
To: Mike Jones <Michael.Jones@microsoft.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, "oauth@ietf.org WG" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Error Registry Consensus Call
Thread-Index: AQHNLKOIX0E3b1HWEkWa/Y91Xa0KqJa+8ENQgAB5f4D//4zPsA==
Date: Mon, 7 May 2012 23:20:40 +0000
Message-ID: <0CBAEB56DDB3A140BA8E8C124C04ECA201021F34@P3PWEX2MB008.ex2.secureserver.net>
References: <53E17703-C3BD-48A1-8CB6-BD0D3795DD77@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA201021DD6@P3PWEX2MB008.ex2.secureserver.net> <4E1F6AAD24975D4BA5B1680429673943664C90F7@TK5EX14MBXC283.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B1680429673943664C90F7@TK5EX14MBXC283.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [64.74.213.174]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] Error Registry Consensus Call
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 May 2012 23:20:46 -0000

Errors that have nothing to do with the core spec. There is not overlap in =
functionality between the two documents and their use cases.

EH

> -----Original Message-----
> From: Mike Jones [mailto:Michael.Jones@microsoft.com]
> Sent: Monday, May 07, 2012 4:12 PM
> To: Eran Hammer; Hannes Tschofenig; oauth@ietf.org WG
> Subject: RE: [OAUTH-WG] Error Registry Consensus Call
>=20
> The bearer spec is not intended as a general purpose HTTP Auth scheme.
> Note that it includes a "scope" response, which firmly anchors it to use =
with
> OAuth, where it provides flows E-F which follow flows A-D that are specif=
ied
> in the framework spec - thus completing the end-to-end OAuth protocol
> usage flows.
>=20
> These are OAuth-specific errors.
>=20
> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf
> Of Eran Hammer
> Sent: Monday, May 07, 2012 4:07 PM
> To: Hannes Tschofenig; oauth@ietf.org WG
> Subject: Re: [OAUTH-WG] Error Registry Consensus Call
>=20
> A.
>=20
> For the following reasons (all extensively discussed on this list before)=
:
>=20
> 1. The OAuth core specification has nothing to do with HTTP authenticatio=
n
> schemes.
> 2. The bearer specification is a general purpose HTTP Auth scheme and
> defining such a registry needs to be defined within those boundaries - th=
at is,
> either specific to Bearer to generic to all HTTP Auth scheme opting into =
the
> error parameter.
> 3. There wasn't strong consensus that the error parameter was even
> necessary or useful to begin with. Limiting it to bearer reflects the wid=
er IETF
> consensus on the matter (based on feedback received at the time from the
> HTTPbis WG).
> 4. It would be odd for someone using the bearer scheme outside of OAuth t=
o
> use the OAuth error registry (and take over values that will be helpful f=
or the
> core specification).
> 5. There is no overlap in functionality or values between the protected
> resource endpoint (which is part of the proprietary API namespace) and th=
e
> OAuth endpoint for which the registry was created. To piggyback the OAuth
> registry just because it is slightly easier would be wrong. There is no i=
nterop
> value accomplished.
>=20
> This is not simply a question of where to stick the registry. Adding this=
 to the
> OAuth registry would be a fundamental change in architecture and
> philosophy and a significant change at this point. Adding it to the beare=
r
> specification is the only viable option.
>=20
> I would request that such a change go through another IETF LC if this was=
 the
> WG consensus but hope we can avoid it.
>=20
> EH
>=20
>=20
>=20
> > -----Original Message-----
> > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf
> > Of Hannes Tschofenig
> > Sent: Monday, May 07, 2012 3:48 PM
> > To: oauth@ietf.org WG
> > Subject: [OAUTH-WG] Error Registry Consensus Call
> >
> > Hi all,
> >
> > there is an open issue concerning draft-ietf-oauth-v2-bearer-19 that
> > may impact draft-ietf-oauth-v2-26 (depending on it's resolution) and
> > we would like to get feedback from the working group about it.
> >
> > Here is the issue: When a client makes an access to a protected
> > resources then things may go wrong and an error may be returned in
> > response. draft- ietf-oauth-v2-bearer talks about this behavior.
> >
> > That's great but these error codes need to be registered somewhere.
> > Note that the registry can be created in one document while the values
> > can be registered by many documents.
> >
> > So, where should the registry be?
> >
> > There are two choices.
> >
> > a) A new OAuth errors registry goes into draft-ietf-oauth-v2-bearer.
> >
> > b) draft-ietf-oauth-v2 expands the scope of the existing OAuth Errors
> > registry to encompass errors returned from resource servers.
> >
> > Currently, draft-ietf-oauth-v2 creates registries for error codes only
> > for the exchanges from A-to-D (symbols used from Figure 1 of
> > draft-ietf-oauth-v2), but excludes registration of errors from flows E-=
F.
> >
> > We must create a registry for error codes from flows E-F.  In which
> > document do we want to create this registry?
> >
> > So, give us your feedback whether you have a preference by the end of
> > the week.
> >
> > Ciao
> > Hannes & Derek
> >
> > _______________________________________________
> > OAuth mailing list
> > OAuth@ietf.org
> > https://www.ietf.org/mailman/listinfo/oauth
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>=20


From eran@hueniverse.com  Mon May  7 16:22:59 2012
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E95EE9E8002 for <oauth@ietfa.amsl.com>; Mon,  7 May 2012 16:22:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.535
X-Spam-Level: 
X-Spam-Status: No, score=-2.535 tagged_above=-999 required=5 tests=[AWL=0.064,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RkO+iiQ5BHPI for <oauth@ietfa.amsl.com>; Mon,  7 May 2012 16:22:58 -0700 (PDT)
Received: from p3plex2out02.prod.phx3.secureserver.net (p3plex2out02.prod.phx3.secureserver.net [184.168.131.14]) by ietfa.amsl.com (Postfix) with ESMTP id 2E5709E8004 for <oauth@ietf.org>; Mon,  7 May 2012 16:22:57 -0700 (PDT)
Received: from P3PWEX2HT002.ex2.secureserver.net ([184.168.131.10]) by p3plex2out02.prod.phx3.secureserver.net with bizsmtp id 7BNu1j0010Dcg9U01BNup4; Mon, 07 May 2012 16:22:54 -0700
Received: from P3PWEX2MB008.ex2.secureserver.net ([169.254.8.88]) by P3PWEX2HT002.ex2.secureserver.net ([184.168.131.10]) with mapi id 14.02.0247.003; Mon, 7 May 2012 16:22:54 -0700
From: Eran Hammer <eran@hueniverse.com>
To: John Bradley <ve7jtb@ve7jtb.com>, Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
Thread-Topic: [OAUTH-WG] Error Registry Consensus Call
Thread-Index: AQHNLKOIX0E3b1HWEkWa/Y91Xa0KqJa/a9iA//+K+5A=
Date: Mon, 7 May 2012 23:22:53 +0000
Message-ID: <0CBAEB56DDB3A140BA8E8C124C04ECA201021FC4@P3PWEX2MB008.ex2.secureserver.net>
References: <53E17703-C3BD-48A1-8CB6-BD0D3795DD77@gmx.net> <054E3D0C-8AFC-4585-8ED3-14348E25C4D0@ve7jtb.com>
In-Reply-To: <054E3D0C-8AFC-4585-8ED3-14348E25C4D0@ve7jtb.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [64.74.213.174]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Error Registry Consensus Call
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 May 2012 23:22:59 -0000

Why? What's the gain here? The only purpose of the registry is to avoid nam=
espace collision. There can be no collision between the core specification =
and the bearer specification. They are describing completely different thin=
gs. IANA does all the work anyway, and they two registry CAN share one revi=
ew mailing list.

EH

> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf
> Of John Bradley
> Sent: Monday, May 07, 2012 4:20 PM
> To: Hannes Tschofenig
> Cc: oauth@ietf.org WG
> Subject: Re: [OAUTH-WG] Error Registry Consensus Call
>=20
> b)  Unless we remove the OAuth specific errors from bearer it should be i=
n
> oath-v2.
>=20
> One registry is preferable.
>=20
> John B.
> On 2012-05-07, at 6:48 PM, Hannes Tschofenig wrote:
>=20
> > Hi all,
> >
> > there is an open issue concerning draft-ietf-oauth-v2-bearer-19 that ma=
y
> impact draft-ietf-oauth-v2-26 (depending on it's resolution) and we would
> like to get feedback from the working group about it.
> >
> > Here is the issue: When a client makes an access to a protected resourc=
es
> then things may go wrong and an error may be returned in response. draft-
> ietf-oauth-v2-bearer talks about this behavior.
> >
> > That's great but these error codes need to be registered somewhere. Not=
e
> that the registry can be created in one document while the values can be
> registered by many documents.
> >
> > So, where should the registry be?
> >
> > There are two choices.
> >
> > a) A new OAuth errors registry goes into draft-ietf-oauth-v2-bearer.
> >
> > b) draft-ietf-oauth-v2 expands the scope of the existing OAuth Errors
> registry to encompass errors returned from resource servers.
> >
> > Currently, draft-ietf-oauth-v2 creates registries for error codes only =
for the
> exchanges from A-to-D (symbols used from Figure 1 of draft-ietf-oauth-v2)=
,
> but excludes registration of errors from flows E-F.
> >
> > We must create a registry for error codes from flows E-F.  In which
> document do we want to create this registry?
> >
> > So, give us your feedback whether you have a preference by the end of
> the week.
> >
> > Ciao
> > Hannes & Derek
> >
> > _______________________________________________
> > OAuth mailing list
> > OAuth@ietf.org
> > https://www.ietf.org/mailman/listinfo/oauth


From wmills@yahoo-inc.com  Mon May  7 16:39:49 2012
Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E734D21F8543 for <oauth@ietfa.amsl.com>; Mon,  7 May 2012 16:39:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -16.38
X-Spam-Level: 
X-Spam-Status: No, score=-16.38 tagged_above=-999 required=5 tests=[AWL=-0.641, BAYES_20=-0.74, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id caNVALa4Ad-N for <oauth@ietfa.amsl.com>; Mon,  7 May 2012 16:39:48 -0700 (PDT)
Received: from nm39-vm3.bullet.mail.ne1.yahoo.com (nm39-vm3.bullet.mail.ne1.yahoo.com [98.138.229.163]) by ietfa.amsl.com (Postfix) with SMTP id 6D16621F84D5 for <oauth@ietf.org>; Mon,  7 May 2012 16:39:48 -0700 (PDT)
Received: from [98.138.90.55] by nm39.bullet.mail.ne1.yahoo.com with NNFMP; 07 May 2012 23:39:42 -0000
Received: from [98.138.89.251] by tm8.bullet.mail.ne1.yahoo.com with NNFMP; 07 May 2012 23:39:42 -0000
Received: from [127.0.0.1] by omp1043.mail.ne1.yahoo.com with NNFMP; 07 May 2012 23:39:42 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 568365.6227.bm@omp1043.mail.ne1.yahoo.com
Received: (qmail 66830 invoked by uid 60001); 7 May 2012 23:39:42 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1336433982; bh=K+zc8YsX/QFYHyM4FFcd+Wch65cRosjE/IZBxK+CINI=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=UGMl7mu+OBFWoVBjqnzfd0U6M9iXe6T847Ks4pUW0VryIfOqOfdmFgmmszIhyDeEmZrhDsy5OcQ88/Gelc2Y7RPVcjzdHunOLNxT7G90VqW1ge1e80aeP0N9theshJGcaj8fotUpysJbpvrS1r2J6U96rNvy4JGEe2csx1Kq4io=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=RNWmw2R6EhVpIXS4wJG+LBMD6W9vttHypJtDNxBoePR/39uneOObadsQN+P0tj9kPWj7DUsAryzXW795SZBN6qHQKV3TZBWqhu9SIMV6hzfcAxRcmemPnfyf8Cm1Y7xkb+KIeGfs6bx0ky7O/O9wTcgZCWAsADqNuv5KUtmDS70=;
X-YMail-OSG: snEz_iQVM1kKyItUPlqwBU90neOsAprN7tr6XzegCd1PskF DddvJGpvEaHw3nD.SJVJb7Cx6xAh52ol3zOG6TdgBN9Fd_GZJiX_hOmKn_ah bbU8CCedv5IxD8kR2QbyqQwFDK9xk6flkld4nb8iyhDZkS7wcksBH3uKyam6 6V3kc1cSytLk57pmUFz1eVgaWq15zI7JCyL0eUJmwmYfO2CXZUcrXtLrk4SA y8YHZ1TCozDJ7fmaav8zCH1zQy5GsQ3Xpn.NV.UmrIAOBJzHoXIhUbUJbRRK gqOlnmz1uMFfLMl6G8X1rf9zpU61DJ3tnLRgObcUUYvL9Sj46dqmowrGvMP8 e.mwXgVWKUdOt8BvJB1qHhcpiGjIWh1iLCmRX0Knds8ozzbZkBHC8KkjGzXv g8Mx9x7Tj9y1L9qmCtgGKoRfKrGmqEw3_CK2n.YTLfrV6ye0ejA--
Received: from [209.131.62.115] by web31808.mail.mud.yahoo.com via HTTP; Mon, 07 May 2012 16:39:41 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.118.349524
References: <53E17703-C3BD-48A1-8CB6-BD0D3795DD77@gmx.net>
Message-ID: <1336433981.39686.YahooMailNeo@web31808.mail.mud.yahoo.com>
Date: Mon, 7 May 2012 16:39:41 -0700 (PDT)
From: William Mills <wmills@yahoo-inc.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "oauth@ietf.org WG" <oauth@ietf.org>
In-Reply-To: <53E17703-C3BD-48A1-8CB6-BD0D3795DD77@gmx.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="258328648-808894034-1336433981=:39686"
Subject: Re: [OAUTH-WG] Error Registry Consensus Call
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills@yahoo-inc.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 May 2012 23:39:50 -0000

--258328648-808894034-1336433981=:39686
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

=0A=0AI am in favor of making it part of the base Oauth 2 spec, rather than=
 defining this in a single token draft.=A0 It seems something that SHOULD b=
e part of the framework.=0A=0AThere's a 3rd option which would be to have a=
 separate doc, but that seems a kludge.=0A=0A-bill=0A=0A=0A=0A=0A>_________=
_______________________=0A> From: Hannes Tschofenig <hannes.tschofenig@gmx.=
net>=0A>To: "oauth@ietf.org WG" <oauth@ietf.org> =0A>Sent: Monday, May 7, 2=
012 3:48 PM=0A>Subject: [OAUTH-WG] Error Registry Consensus Call=0A> =0A>Hi=
 all, =0A>=0A>there is an open issue concerning draft-ietf-oauth-v2-bearer-=
19 that may impact draft-ietf-oauth-v2-26 (depending on it's resolution) an=
d we would like to get feedback from the working group about it. =0A>=0A>He=
re is the issue: When a client makes an access to a protected resources the=
n things may go wrong and an error may be returned in response. draft-ietf-=
oauth-v2-bearer talks about this behavior. =0A>=0A>That's great but these e=
rror codes need to be registered somewhere. Note that the registry can be c=
reated in one document while the values can be registered by many documents=
. =0A>=0A>So, where should the registry be?=0A>=0A>There are two choices. =
=0A>=0A>a) A new OAuth errors registry goes into draft-ietf-oauth-v2-bearer=
.=0A>=0A>b) draft-ietf-oauth-v2 expands the scope of the existing OAuth Err=
ors registry to encompass errors returned from resource servers.=0A>=0A>Cur=
rently, draft-ietf-oauth-v2 creates registries for error codes only for the=
 exchanges from A-to-D (symbols used from Figure 1 of draft-ietf-oauth-v2),=
 but excludes registration of errors from flows E-F.=0A>=0A>We must create =
a registry for error codes from flows E-F.=A0 In which document do we want =
to create this registry?=0A>=0A>So, give us your feedback whether you have =
a preference by the end of the week. =0A>=0A>Ciao=0A>Hannes & Derek=0A>=0A>=
_______________________________________________=0A>OAuth mailing list=0A>OA=
uth@ietf.org=0A>https://www.ietf.org/mailman/listinfo/oauth=0A>=0A>=0A>
--258328648-808894034-1336433981=:39686
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

<html><body><div style=3D"color:#000; background-color:#fff; font-family:Co=
urier New, courier, monaco, monospace, sans-serif;font-size:14pt"><div><br>=
<span></span></div><div><span>I am in favor of making it part of the base O=
auth 2 spec, rather than defining this in a single token draft.&nbsp; It se=
ems something that SHOULD be part of the framework.</span></div><div><br><s=
pan></span></div><div><span>There's a 3rd option which would be to have a s=
eparate doc, but that seems a kludge.</span></div><div><br><span></span></d=
iv><div><span>-bill<br></span></div><div><br><blockquote style=3D"border-le=
ft: 2px solid rgb(16, 16, 255); margin-left: 5px; margin-top: 5px; padding-=
left: 5px;">  <div style=3D"font-family: Courier New, courier, monaco, mono=
space, sans-serif; font-size: 14pt;"> <div style=3D"font-family: times new =
roman, new york, times, serif; font-size: 12pt;"> <div dir=3D"ltr"> <font f=
ace=3D"Arial" size=3D"2"> <hr size=3D"1">  <b><span
 style=3D"font-weight:bold;">From:</span></b> Hannes Tschofenig &lt;hannes.=
tschofenig@gmx.net&gt;<br> <b><span style=3D"font-weight: bold;">To:</span>=
</b> "oauth@ietf.org WG" &lt;oauth@ietf.org&gt; <br> <b><span style=3D"font=
-weight: bold;">Sent:</span></b> Monday, May 7, 2012 3:48 PM<br> <b><span s=
tyle=3D"font-weight: bold;">Subject:</span></b> [OAUTH-WG] Error Registry C=
onsensus Call<br> </font> </div> <br>=0AHi all, <br><br>there is an open is=
sue concerning draft-ietf-oauth-v2-bearer-19 that may impact draft-ietf-oau=
th-v2-26 (depending on it's resolution) and we would like to get feedback f=
rom the working group about it. <br><br>Here is the issue: When a client ma=
kes an access to a protected resources then things may go wrong and an erro=
r may be returned in response. draft-ietf-oauth-v2-bearer talks about this =
behavior. <br><br>That's great but these error codes need to be registered =
somewhere. Note that the registry can be created in one document while the =
values can be registered by many documents. <br><br>So, where should the re=
gistry be?<br><br>There are two choices. <br><br>a) A new OAuth errors regi=
stry goes into draft-ietf-oauth-v2-bearer.<br><br>b) draft-ietf-oauth-v2 ex=
pands the scope of the existing OAuth Errors registry to encompass errors r=
eturned from resource servers.<br><br>Currently, draft-ietf-oauth-v2 create=
s registries for error codes only
 for the exchanges from A-to-D (symbols used from Figure 1 of draft-ietf-oa=
uth-v2), but excludes registration of errors from flows E-F.<br><br>We must=
 create a registry for error codes from flows E-F.&nbsp; In which document =
do we want to create this registry?<br><br>So, give us your feedback whethe=
r you have a preference by the end of the week. <br><br>Ciao<br>Hannes &amp=
; Derek<br><br>_______________________________________________<br>OAuth mai=
ling list<br><a ymailto=3D"mailto:OAuth@ietf.org" href=3D"mailto:OAuth@ietf=
.org">OAuth@ietf.org</a><br><a href=3D"https://www.ietf.org/mailman/listinf=
o/oauth" target=3D"_blank">https://www.ietf.org/mailman/listinfo/oauth</a><=
br><br><br> </div> </div> </blockquote></div>   </div></body></html>
--258328648-808894034-1336433981=:39686--

From sakimura@gmail.com  Mon May  7 16:55:44 2012
Return-Path: <sakimura@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47E8F21F8543 for <oauth@ietfa.amsl.com>; Mon,  7 May 2012 16:55:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level: 
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[AWL=0.000,  BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gvU4zNbRwZZm for <oauth@ietfa.amsl.com>; Mon,  7 May 2012 16:55:43 -0700 (PDT)
Received: from mail-bk0-f44.google.com (mail-bk0-f44.google.com [209.85.214.44]) by ietfa.amsl.com (Postfix) with ESMTP id 5B7CD21F8533 for <oauth@ietf.org>; Mon,  7 May 2012 16:55:43 -0700 (PDT)
Received: by bkty8 with SMTP id y8so5005530bkt.31 for <oauth@ietf.org>; Mon, 07 May 2012 16:55:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=rBHmx3XLpB7G4qpsPSlsypUuxVA3fOODKnEPNtP0bt0=; b=xShCJrw9MKknopvePAP4iOl3CSXMnB9zWQcA+cm96TgT7PLxUWfuHlFrCu5rLuDw+u CwZiBNXu3Dly4qQooNbCodnaln6QeqFDKqAmBXqdtKR1To+KqZmZEu3Bmfs7E0pUsp8m T28ZSGQVlh3W6QTTpd+E8SPo+be/e0XUadwYyghjRZfUOG5bZ+EaC0NlRDBYXx2BaZQD ShIfEfEqb/IseUG4z1YtRdL8wFHhFIEovVQy48R+86bnfB0ZaIyhHcxKYuQwUmEV14TV Shw/zamiwHIgdHwuo4lWvA9Eq/Er/9JmwsFi2Jw5Hehafxpvv0rF2qzJxhOL62/BdUU3 vUbg==
MIME-Version: 1.0
Received: by 10.204.154.18 with SMTP id m18mr6535034bkw.23.1336434942410; Mon, 07 May 2012 16:55:42 -0700 (PDT)
Received: by 10.204.240.143 with HTTP; Mon, 7 May 2012 16:55:42 -0700 (PDT)
In-Reply-To: <53E17703-C3BD-48A1-8CB6-BD0D3795DD77@gmx.net>
References: <53E17703-C3BD-48A1-8CB6-BD0D3795DD77@gmx.net>
Date: Tue, 8 May 2012 01:55:42 +0200
Message-ID: <CABzCy2Bkriia=rrahHfi9MGxc5snFVfKM0otyQPqkuBEF3KRDw@mail.gmail.com>
From: Nat Sakimura <sakimura@gmail.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Error Registry Consensus Call
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 May 2012 23:55:44 -0000

I prefer single repository.

On Tue, May 8, 2012 at 12:48 AM, Hannes Tschofenig
<hannes.tschofenig@gmx.net> wrote:
> Hi all,
>
> there is an open issue concerning draft-ietf-oauth-v2-bearer-19 that may =
impact draft-ietf-oauth-v2-26 (depending on it's resolution) and we would l=
ike to get feedback from the working group about it.
>
> Here is the issue: When a client makes an access to a protected resources=
 then things may go wrong and an error may be returned in response. draft-i=
etf-oauth-v2-bearer talks about this behavior.
>
> That's great but these error codes need to be registered somewhere. Note =
that the registry can be created in one document while the values can be re=
gistered by many documents.
>
> So, where should the registry be?
>
> There are two choices.
>
> a) A new OAuth errors registry goes into draft-ietf-oauth-v2-bearer.
>
> b) draft-ietf-oauth-v2 expands the scope of the existing OAuth Errors reg=
istry to encompass errors returned from resource servers.
>
> Currently, draft-ietf-oauth-v2 creates registries for error codes only fo=
r the exchanges from A-to-D (symbols used from Figure 1 of draft-ietf-oauth=
-v2), but excludes registration of errors from flows E-F.
>
> We must create a registry for error codes from flows E-F. =A0In which doc=
ument do we want to create this registry?
>
> So, give us your feedback whether you have a preference by the end of the=
 week.
>
> Ciao
> Hannes & Derek
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth



--=20
Nat Sakimura (=3Dnat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en

From gffletch@aol.com  Mon May  7 16:56:31 2012
Return-Path: <gffletch@aol.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4835B21F8533 for <oauth@ietfa.amsl.com>; Mon,  7 May 2012 16:56:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.484
X-Spam-Level: 
X-Spam-Status: No, score=-1.484 tagged_above=-999 required=5 tests=[AWL=1.115,  BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MSv52PyFcCxj for <oauth@ietfa.amsl.com>; Mon,  7 May 2012 16:56:30 -0700 (PDT)
Received: from imr-da06.mx.aol.com (imr-da06.mx.aol.com [205.188.169.203]) by ietfa.amsl.com (Postfix) with ESMTP id 8AC5B21F8543 for <oauth@ietf.org>; Mon,  7 May 2012 16:56:30 -0700 (PDT)
Received: from mtaout-ma06.r1000.mx.aol.com (mtaout-ma06.r1000.mx.aol.com [172.29.41.6]) by imr-da06.mx.aol.com (8.14.1/8.14.1) with ESMTP id q47NuIsT019295; Mon, 7 May 2012 19:56:18 -0400
Received: from palantir.local (unknown [10.172.4.119]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mtaout-ma06.r1000.mx.aol.com (MUA/Third Party Client Interface) with ESMTPSA id 1D33CE0000BB; Mon,  7 May 2012 19:56:18 -0400 (EDT)
Message-ID: <4FA86121.80302@aol.com>
Date: Mon, 07 May 2012 19:56:17 -0400
From: George Fletcher <gffletch@aol.com>
Organization: AOL LLC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
References: <53E17703-C3BD-48A1-8CB6-BD0D3795DD77@gmx.net> <054E3D0C-8AFC-4585-8ED3-14348E25C4D0@ve7jtb.com>
In-Reply-To: <054E3D0C-8AFC-4585-8ED3-14348E25C4D0@ve7jtb.com>
Content-Type: multipart/alternative; boundary="------------060602060507020909070705"
x-aol-global-disposition: G
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mx.aol.com; s=20110426; t=1336434978; bh=ay/eEYPp9lbgxQwr0VO6at2R74IvdKN2WnqpmwsW3BI=; h=From:To:Subject:Message-ID:Date:MIME-Version:Content-Type; b=rcgO82X09JWM00/Pg/T4Qg3+uIsTxu1x6opWN8sheG3mf34XuWsA4L5Ut4ZpoSWTd RI63faZKvuIr+Bm22Jyl9OAQ1PimvAGBJ+VyW60EWW0svw041W27cQNTZ/XwDFxg98 vSgEUmr1wt3v2E8X70k0kbMVfaNMfTzysE7edTOY=
X-AOL-SCOLL-SCORE: 0:2:481294912:93952408  
X-AOL-SCOLL-URL_COUNT: 0  
x-aol-sid: 3039ac1d29064fa861223f16
X-AOL-IP: 10.172.4.119
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Error Registry Consensus Call
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 May 2012 23:56:31 -0000

This is a multi-part message in MIME format.
--------------060602060507020909070705
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

I agree that one registry is desired!

On 5/7/12 7:19 PM, John Bradley wrote:
> b)  Unless we remove the OAuth specific errors from bearer it should be in  oath-v2.
>
> One registry is preferable.
>
> John B.
> On 2012-05-07, at 6:48 PM, Hannes Tschofenig wrote:
>
>> Hi all,
>>
>> there is an open issue concerning draft-ietf-oauth-v2-bearer-19 that may impact draft-ietf-oauth-v2-26 (depending on it's resolution) and we would like to get feedback from the working group about it.
>>
>> Here is the issue: When a client makes an access to a protected resources then things may go wrong and an error may be returned in response. draft-ietf-oauth-v2-bearer talks about this behavior.
>>
>> That's great but these error codes need to be registered somewhere. Note that the registry can be created in one document while the values can be registered by many documents.
>>
>> So, where should the registry be?
>>
>> There are two choices.
>>
>> a) A new OAuth errors registry goes into draft-ietf-oauth-v2-bearer.
>>
>> b) draft-ietf-oauth-v2 expands the scope of the existing OAuth Errors registry to encompass errors returned from resource servers.
>>
>> Currently, draft-ietf-oauth-v2 creates registries for error codes only for the exchanges from A-to-D (symbols used from Figure 1 of draft-ietf-oauth-v2), but excludes registration of errors from flows E-F.
>>
>> We must create a registry for error codes from flows E-F.  In which document do we want to create this registry?
>>
>> So, give us your feedback whether you have a preference by the end of the week.
>>
>> Ciao
>> Hannes&  Derek
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


--------------060602060507020909070705
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <font face="Helvetica, Arial, sans-serif">I agree that one registry
      is desired!</font><br>
    <br>
    On 5/7/12 7:19 PM, John Bradley wrote:
    <blockquote
      cite="mid:054E3D0C-8AFC-4585-8ED3-14348E25C4D0@ve7jtb.com"
      type="cite">
      <pre wrap="">b)  Unless we remove the OAuth specific errors from bearer it should be in  oath-v2.   

One registry is preferable. 

John B.
On 2012-05-07, at 6:48 PM, Hannes Tschofenig wrote:

</pre>
      <blockquote type="cite">
        <pre wrap="">Hi all, 

there is an open issue concerning draft-ietf-oauth-v2-bearer-19 that may impact draft-ietf-oauth-v2-26 (depending on it's resolution) and we would like to get feedback from the working group about it. 

Here is the issue: When a client makes an access to a protected resources then things may go wrong and an error may be returned in response. draft-ietf-oauth-v2-bearer talks about this behavior. 

That's great but these error codes need to be registered somewhere. Note that the registry can be created in one document while the values can be registered by many documents. 

So, where should the registry be?

There are two choices. 

a) A new OAuth errors registry goes into draft-ietf-oauth-v2-bearer.

b) draft-ietf-oauth-v2 expands the scope of the existing OAuth Errors registry to encompass errors returned from resource servers.

Currently, draft-ietf-oauth-v2 creates registries for error codes only for the exchanges from A-to-D (symbols used from Figure 1 of draft-ietf-oauth-v2), but excludes registration of errors from flows E-F.

We must create a registry for error codes from flows E-F.  In which document do we want to create this registry?

So, give us your feedback whether you have a preference by the end of the week. 

Ciao
Hannes &amp; Derek

_______________________________________________
OAuth mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OAuth@ietf.org">OAuth@ietf.org</a>
<a class="moz-txt-link-freetext" href="https://www.ietf.org/mailman/listinfo/oauth">https://www.ietf.org/mailman/listinfo/oauth</a>
</pre>
      </blockquote>
      <pre wrap="">
</pre>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
OAuth mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OAuth@ietf.org">OAuth@ietf.org</a>
<a class="moz-txt-link-freetext" href="https://www.ietf.org/mailman/listinfo/oauth">https://www.ietf.org/mailman/listinfo/oauth</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>

--------------060602060507020909070705--

From tonynad@microsoft.com  Mon May  7 23:07:46 2012
Return-Path: <tonynad@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4EB721F85D8 for <oauth@ietfa.amsl.com>; Mon,  7 May 2012 23:07:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.466
X-Spam-Level: 
X-Spam-Status: No, score=-0.466 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, UNRESOLVED_TEMPLATE=3.132]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fT31Ic5Csx-c for <oauth@ietfa.amsl.com>; Mon,  7 May 2012 23:07:45 -0700 (PDT)
Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe003.messaging.microsoft.com [216.32.180.13]) by ietfa.amsl.com (Postfix) with ESMTP id 7EF4621F85C4 for <oauth@ietf.org>; Mon,  7 May 2012 23:07:45 -0700 (PDT)
Received: from mail98-va3-R.bigfish.com (10.7.14.235) by VA3EHSOBE003.bigfish.com (10.7.40.23) with Microsoft SMTP Server id 14.1.225.23; Tue, 8 May 2012 06:07:31 +0000
Received: from mail98-va3 (localhost [127.0.0.1])	by mail98-va3-R.bigfish.com (Postfix) with ESMTP id 12E06360295	for <oauth@ietf.org>; Tue,  8 May 2012 06:07:31 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC104.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -26
X-BigFish: VS-26(zzbb2dI9371I936eKc85fh14ffI98dKzz1202h1082kzz1033IL8275bh8275dhz2fh2a8h683h839hd25h)
Received-SPF: pass (mail98-va3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=tonynad@microsoft.com; helo=TK5EX14HUBC104.redmond.corp.microsoft.com ; icrosoft.com ; 
X-Forefront-Antispam-Report-Untrusted: CIP:157.56.240.21; KIP:(null); UIP:(null); (null); H:BL2PRD0310HT005.namprd03.prod.outlook.com; R:internal; EFV:INT
Received: from mail98-va3 (localhost.localdomain [127.0.0.1]) by mail98-va3 (MessageSwitch) id 1336457249899613_19628; Tue,  8 May 2012 06:07:29 +0000 (UTC)
Received: from VA3EHSMHS033.bigfish.com (unknown [10.7.14.249])	by mail98-va3.bigfish.com (Postfix) with ESMTP id CEED6C0046	for <oauth@ietf.org>; Tue,  8 May 2012 06:07:29 +0000 (UTC)
Received: from TK5EX14HUBC104.redmond.corp.microsoft.com (131.107.125.8) by VA3EHSMHS033.bigfish.com (10.7.99.43) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 8 May 2012 06:07:29 +0000
Received: from am1outboundpool.messaging.microsoft.com (157.54.51.114) by mail.microsoft.com (157.54.80.25) with Microsoft SMTP Server (TLS) id 14.2.298.5; Tue, 8 May 2012 06:07:41 +0000
Received: from mail27-am1-R.bigfish.com (10.3.201.238) by AM1EHSOBE002.bigfish.com (10.3.204.22) with Microsoft SMTP Server id 14.1.225.23; Tue, 8 May 2012 06:07:25 +0000
Received: from mail27-am1 (localhost [127.0.0.1])	by mail27-am1-R.bigfish.com (Postfix) with ESMTP id A63B62601EB	for <oauth@ietf.org.FOPE.CONNECTOR.OVERRIDE>; Tue,  8 May 2012 06:07:25 +0000 (UTC)
Received: from mail27-am1 (localhost.localdomain [127.0.0.1]) by mail27-am1 (MessageSwitch) id 13364572444333_24328; Tue,  8 May 2012 06:07:24 +0000 (UTC)
Received: from AM1EHSMHS017.bigfish.com (unknown [10.3.201.235])	by mail27-am1.bigfish.com (Postfix) with ESMTP id F06811E00E1; Tue,  8 May 2012 06:07:23 +0000 (UTC)
Received: from BL2PRD0310HT005.namprd03.prod.outlook.com (157.56.240.21) by AM1EHSMHS017.bigfish.com (10.3.207.155) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 8 May 2012 06:07:22 +0000
Received: from BL2PRD0310MB362.namprd03.prod.outlook.com ([169.254.10.132]) by BL2PRD0310HT005.namprd03.prod.outlook.com ([10.255.97.40]) with mapi id 14.16.0152.000; Tue, 8 May 2012 06:07:34 +0000
From: Anthony Nadalin <tonynad@microsoft.com>
To: George Fletcher <gffletch@aol.com>, Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
Thread-Topic: [OAUTH-WG] Error Registry Consensus Call
Thread-Index: AQHNLKORGJTg9cHvyEWO6tIJ4TMRrZa+9n+AgAAKNYCAAGercA==
Date: Tue, 8 May 2012 06:07:33 +0000
Message-ID: <B26C1EF377CB694EAB6BDDC8E624B6E740208DF6@BL2PRD0310MB362.namprd03.prod.outlook.com>
References: <53E17703-C3BD-48A1-8CB6-BD0D3795DD77@gmx.net> <054E3D0C-8AFC-4585-8ED3-14348E25C4D0@ve7jtb.com> <4FA86121.80302@aol.com>
In-Reply-To: <4FA86121.80302@aol.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [195.22.91.6]
Content-Type: multipart/alternative; boundary="_000_B26C1EF377CB694EAB6BDDC8E624B6E740208DF6BL2PRD0310MB362_"
MIME-Version: 1.0
X-OrganizationHeadersPreserved: BL2PRD0310HT005.namprd03.prod.outlook.com
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%AOL.COM$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%GMX.NET$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%IETF.ORG$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn%
X-CrossPremisesHeadersPromoted: TK5EX14HUBC104.redmond.corp.microsoft.com
X-CrossPremisesHeadersFiltered: TK5EX14HUBC104.redmond.corp.microsoft.com
X-OriginatorOrg: microsoft.com
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Error Registry Consensus Call
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 May 2012 06:07:46 -0000

--_000_B26C1EF377CB694EAB6BDDC8E624B6E740208DF6BL2PRD0310MB362_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Agree on a single registry

From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of G=
eorge Fletcher
Sent: Monday, May 07, 2012 4:56 PM
To: Hannes Tschofenig
Cc: oauth@ietf.org WG
Subject: Re: [OAUTH-WG] Error Registry Consensus Call

I agree that one registry is desired!

On 5/7/12 7:19 PM, John Bradley wrote:

b)  Unless we remove the OAuth specific errors from bearer it should be in =
 oath-v2.



One registry is preferable.



John B.

On 2012-05-07, at 6:48 PM, Hannes Tschofenig wrote:



Hi all,



there is an open issue concerning draft-ietf-oauth-v2-bearer-19 that may im=
pact draft-ietf-oauth-v2-26 (depending on it's resolution) and we would lik=
e to get feedback from the working group about it.



Here is the issue: When a client makes an access to a protected resources t=
hen things may go wrong and an error may be returned in response. draft-iet=
f-oauth-v2-bearer talks about this behavior.



That's great but these error codes need to be registered somewhere. Note th=
at the registry can be created in one document while the values can be regi=
stered by many documents.



So, where should the registry be?



There are two choices.



a) A new OAuth errors registry goes into draft-ietf-oauth-v2-bearer.



b) draft-ietf-oauth-v2 expands the scope of the existing OAuth Errors regis=
try to encompass errors returned from resource servers.



Currently, draft-ietf-oauth-v2 creates registries for error codes only for =
the exchanges from A-to-D (symbols used from Figure 1 of draft-ietf-oauth-v=
2), but excludes registration of errors from flows E-F.



We must create a registry for error codes from flows E-F.  In which documen=
t do we want to create this registry?



So, give us your feedback whether you have a preference by the end of the w=
eek.



Ciao

Hannes & Derek



_______________________________________________

OAuth mailing list

OAuth@ietf.org<mailto:OAuth@ietf.org>

https://www.ietf.org/mailman/listinfo/oauth






_______________________________________________

OAuth mailing list

OAuth@ietf.org<mailto:OAuth@ietf.org>

https://www.ietf.org/mailman/listinfo/oauth


--_000_B26C1EF377CB694EAB6BDDC8E624B6E740208DF6BL2PRD0310MB362_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:Helvetica;
	panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
	{font-family:Helvetica;
	panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
	{font-family:Consolas;
	panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman","serif";
	color:black;}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
pre
	{mso-style-priority:99;
	mso-style-link:"HTML Preformatted Char";
	margin:0in;
	margin-bottom:.0001pt;
	font-size:10.0pt;
	font-family:"Courier New";
	color:black;}
span.HTMLPreformattedChar
	{mso-style-name:"HTML Preformatted Char";
	mso-style-priority:99;
	mso-style-link:"HTML Preformatted";
	font-family:Consolas;
	color:black;}
span.EmailStyle19
	{mso-style-type:personal-reply;
	font-family:"Calibri","sans-serif";
	color:#1F497D;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:10.0pt;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor=3D"white" lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1F497D">Agree on a single registr=
y<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1F497D"><o:p>&nbsp;</o:p></span><=
/p>
<div>
<div style=3D"border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in =
0in 0in">
<p class=3D"MsoNormal"><b><span style=3D"font-size:10.0pt;font-family:&quot=
;Tahoma&quot;,&quot;sans-serif&quot;;color:windowtext">From:</span></b><spa=
n style=3D"font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif=
&quot;;color:windowtext"> oauth-bounces@ietf.org [mailto:oauth-bounces@ietf=
.org]
<b>On Behalf Of </b>George Fletcher<br>
<b>Sent:</b> Monday, May 07, 2012 4:56 PM<br>
<b>To:</b> Hannes Tschofenig<br>
<b>Cc:</b> oauth@ietf.org WG<br>
<b>Subject:</b> Re: [OAUTH-WG] Error Registry Consensus Call<o:p></o:p></sp=
an></p>
</div>
</div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal"><span style=3D"font-family:&quot;Helvetica&quot;,&qu=
ot;sans-serif&quot;">I agree that one registry is desired!</span><br>
<br>
On 5/7/12 7:19 PM, John Bradley wrote: <o:p></o:p></p>
<pre>b)&nbsp; Unless we remove the OAuth specific errors from bearer it sho=
uld be in&nbsp; oath-v2.&nbsp;&nbsp; <o:p></o:p></pre>
<pre><o:p>&nbsp;</o:p></pre>
<pre>One registry is preferable. <o:p></o:p></pre>
<pre><o:p>&nbsp;</o:p></pre>
<pre>John B.<o:p></o:p></pre>
<pre>On 2012-05-07, at 6:48 PM, Hannes Tschofenig wrote:<o:p></o:p></pre>
<pre><o:p>&nbsp;</o:p></pre>
<blockquote style=3D"margin-top:5.0pt;margin-bottom:5.0pt">
<pre>Hi all, <o:p></o:p></pre>
<pre><o:p>&nbsp;</o:p></pre>
<pre>there is an open issue concerning draft-ietf-oauth-v2-bearer-19 that m=
ay impact draft-ietf-oauth-v2-26 (depending on it's resolution) and we woul=
d like to get feedback from the working group about it. <o:p></o:p></pre>
<pre><o:p>&nbsp;</o:p></pre>
<pre>Here is the issue: When a client makes an access to a protected resour=
ces then things may go wrong and an error may be returned in response. draf=
t-ietf-oauth-v2-bearer talks about this behavior. <o:p></o:p></pre>
<pre><o:p>&nbsp;</o:p></pre>
<pre>That's great but these error codes need to be registered somewhere. No=
te that the registry can be created in one document while the values can be=
 registered by many documents. <o:p></o:p></pre>
<pre><o:p>&nbsp;</o:p></pre>
<pre>So, where should the registry be?<o:p></o:p></pre>
<pre><o:p>&nbsp;</o:p></pre>
<pre>There are two choices. <o:p></o:p></pre>
<pre><o:p>&nbsp;</o:p></pre>
<pre>a) A new OAuth errors registry goes into draft-ietf-oauth-v2-bearer.<o=
:p></o:p></pre>
<pre><o:p>&nbsp;</o:p></pre>
<pre>b) draft-ietf-oauth-v2 expands the scope of the existing OAuth Errors =
registry to encompass errors returned from resource servers.<o:p></o:p></pr=
e>
<pre><o:p>&nbsp;</o:p></pre>
<pre>Currently, draft-ietf-oauth-v2 creates registries for error codes only=
 for the exchanges from A-to-D (symbols used from Figure 1 of draft-ietf-oa=
uth-v2), but excludes registration of errors from flows E-F.<o:p></o:p></pr=
e>
<pre><o:p>&nbsp;</o:p></pre>
<pre>We must create a registry for error codes from flows E-F.&nbsp; In whi=
ch document do we want to create this registry?<o:p></o:p></pre>
<pre><o:p>&nbsp;</o:p></pre>
<pre>So, give us your feedback whether you have a preference by the end of =
the week. <o:p></o:p></pre>
<pre><o:p>&nbsp;</o:p></pre>
<pre>Ciao<o:p></o:p></pre>
<pre>Hannes &amp; Derek<o:p></o:p></pre>
<pre><o:p>&nbsp;</o:p></pre>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>OAuth mailing list<o:p></o:p></pre>
<pre><a href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><o:p></o:p></pre>
<pre><a href=3D"https://www.ietf.org/mailman/listinfo/oauth">https://www.ie=
tf.org/mailman/listinfo/oauth</a><o:p></o:p></pre>
</blockquote>
<pre><o:p>&nbsp;</o:p></pre>
<p class=3D"MsoNormal"><br>
<br>
<br>
<o:p></o:p></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>OAuth mailing list<o:p></o:p></pre>
<pre><a href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><o:p></o:p></pre>
<pre><a href=3D"https://www.ietf.org/mailman/listinfo/oauth">https://www.ie=
tf.org/mailman/listinfo/oauth</a><o:p></o:p></pre>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
</body>
</html>

--_000_B26C1EF377CB694EAB6BDDC8E624B6E740208DF6BL2PRD0310MB362_--

From romeda@gmail.com  Mon May  7 23:40:51 2012
Return-Path: <romeda@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DBB321F85C4; Mon,  7 May 2012 23:40:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.536
X-Spam-Level: 
X-Spam-Status: No, score=-103.536 tagged_above=-999 required=5 tests=[AWL=0.062, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zE2ZSTuNiJle; Mon,  7 May 2012 23:40:49 -0700 (PDT)
Received: from mail-lpp01m010-f44.google.com (mail-lpp01m010-f44.google.com [209.85.215.44]) by ietfa.amsl.com (Postfix) with ESMTP id C80DD21F85C2; Mon,  7 May 2012 23:40:48 -0700 (PDT)
Received: by lagj5 with SMTP id j5so4550009lag.31 for <multiple recipients>; Mon, 07 May 2012 23:40:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=CHqqTCvn+dFkGCAp2J6+QwyOokSSSR3Bv5TTf/nmAps=; b=EoKIS66ujabwvB/0posTm5KGgcHqe9K5cejyMjzYVZnlIcKp89o9LmtHNbXPZlb3OD aZZL9NP+zqLLm7PBztybQnSKBfeIG4eJYaT0t6zR7LStIBdCg8de6IwB61faaQIbo9Xf h1VydtOBOEc8lV14ejpDTq+pvjFva1FWUkCHxeecm3sh/grysepp0kVWpta0hKH/AGus 554gSB/Hep6jDGq3i6EQvGD2YQfsi2fAPqjJgBDRfJezZwo11HHo8G+5vv0qMpUwSu/4 KV4YQ+vqlJJGa4BSGXF510jRgsCtiKVRQT9sW3IJGuUPSY8OkoLBbE+4fnyCtJOaCMHs uRgg==
MIME-Version: 1.0
Received: by 10.152.146.163 with SMTP id td3mr16605432lab.25.1336459247613; Mon, 07 May 2012 23:40:47 -0700 (PDT)
Received: by 10.152.24.229 with HTTP; Mon, 7 May 2012 23:40:46 -0700 (PDT)
Received: by 10.152.24.229 with HTTP; Mon, 7 May 2012 23:40:46 -0700 (PDT)
In-Reply-To: <4FA7CB3A.4020000@packetizer.com>
References: <9452079D1A51524AA5749AD23E00392810E4CA@exch-mbx901.corp.cloudmark.com> <5876011F-2C2C-4889-9452-E8BDC1438713@cisco.com> <A09A9E0A4B9C654E8672D1DC003633AE52EE435611@GRFMBX704BA020.griffon.local> <4FA7CB3A.4020000@packetizer.com>
Date: Tue, 8 May 2012 08:40:46 +0200
Message-ID: <CAAz=sck0hhyTWMz4LSDcZoO6btBKe4ajac_sKgeL520wrNc7_w@mail.gmail.com>
From: Blaine Cook <romeda@gmail.com>
To: "Paul E. Jones" <paulej@packetizer.com>
Content-Type: multipart/alternative; boundary=e89a8f234567b5f66d04bf80aa04
Cc: Goix Laurent Walter <laurentwalter.goix@telecomitalia.it>, Gonzalo Salgueiro <gsalguei@cisco.com>, apps-discuss@ietf.org, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] [apps-discuss] R: draft-jones-appsawg-webfinger-04
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 May 2012 06:40:51 -0000

--e89a8f234567b5f66d04bf80aa04
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

I disagree that the current spec is a good starting point - the issues I've
raised have been ignored, and the spec is now much more complicated from
both sides of the implementation fence.
On May 7, 2012 3:17 PM, "Paul E. Jones" <paulej@packetizer.com> wrote:

>  Walter,
>
> I'm not sure what the full set of issues will be, but I only have a coupl=
e
> of small edits queued for -05 at present (one being "template" should be
> "href" in the example at the end of 4.2 that you pointed out to me
> privately).  We've already worked through a number of issues to get to th=
is
> point, so there may not be a lot of changes needed.  I'll not dismiss the
> possibility that there are editorial issues, but I hope we've resolved mo=
st
> of the technical details.
>
> We probably still need to have the discussion of keeping CORS and what
> additions are needed to the security section.  We've made a few changes
> there already, but I'm not sure if it still fully addresses some of the
> privacy concerns.
>
> Paul
>
> On 5/7/2012 5:37 AM, Goix Laurent Walter wrote:
>
>  I also support this draft as a way forward for the discussion that I
> think captures the essence of both philosophies. ****
>
> ** **
>
> If such basis is agreed what are the major pending issues?****
>
> ** **
>
> Regards****
>
> Laurent-walter****
>
> ** **
>
> *Da:* apps-discuss-bounces@ietf.org [mailto:apps-discuss-bounces@ietf.org=
<apps-discuss-bounces@ietf.org>]
> *Per conto di *Gonzalo Salgueiro (gsalguei)
> *Inviato:* venerd=C3=AC 4 maggio 2012 21.50
> *A:* Murray S. Kucherawy
> *Cc:* oauth@ietf.org; apps-discuss@ietf.org
> *Oggetto:* Re: [apps-discuss] draft-jones-appsawg-webfinger-04****
>
> ** **
>
> I support this doc being adopted as starting point for WG discussion.****
>
> Regards,****
>
> ** **
>
> Gonzalo****
>
> ** **
>
>
> On May 4, 2012, at 3:03 PM, "Murray S. Kucherawy" <msk@cloudmark.com>
> wrote:****
>
>  The above-named draft has been offered as the recommended path forward
> in terms of converging on a single document to advance through appsawg.
> The conversation I saw this week in that regard has seemed mostly positiv=
e.
> ****
>
>  ****
>
> Please review it, or at least the diff, and indicate your support or
> objection on apps-discuss@ietf.org to adopting this one as the common
> path forward. We would like to make a decision about which one to begin
> advancing in the next week or two.****
>
>  ****
>
> Have a good weekend!****
>
>  ****
>
> -MSK, APPSAWG co-chair****
>
>  ****
>
>  _______________________________________________
> apps-discuss mailing list
> apps-discuss@ietf.org
> https://www.ietf.org/mailman/listinfo/apps-discuss
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>

--e89a8f234567b5f66d04bf80aa04
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p>I disagree that the current spec is a good starting point - the issues I=
&#39;ve raised have been ignored, and the spec is now much more complicated=
 from both sides of the implementation fence.</p>
<div class=3D"gmail_quote">On May 7, 2012 3:17 PM, &quot;Paul E. Jones&quot=
; &lt;<a href=3D"mailto:paulej@packetizer.com">paulej@packetizer.com</a>&gt=
; wrote:<br type=3D"attribution"><blockquote class=3D"gmail_quote" style=3D=
"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

 =20
   =20
 =20
  <div bgcolor=3D"#FFFFFF" text=3D"#000000">
    Walter,<br>
    <br>
    I&#39;m not sure what the full set of issues will be, but I only have a
    couple of small edits queued for -05 at present (one being
    &quot;template&quot; should be &quot;href&quot; in the example at the e=
nd of 4.2 that
    you pointed out to me privately).=C2=A0 We&#39;ve already worked throug=
h a
    number of issues to get to this point, so there may not be a lot of
    changes needed.=C2=A0 I&#39;ll not dismiss the possibility that there a=
re
    editorial issues, but I hope we&#39;ve resolved most of the technical
    details.<br>
    <br>
    We probably still need to have the discussion of keeping CORS and
    what additions are needed to the security section.=C2=A0 We&#39;ve made=
 a few
    changes there already, but I&#39;m not sure if it still fully addresses
    some of the privacy concerns.<br>
    <br>
    Paul<br>
    <br>
    On 5/7/2012 5:37 AM, Goix Laurent Walter wrote:
    <blockquote type=3D"cite">
     =20
     =20
     =20
      <div>
        <p class=3D"MsoNormal"><span style=3D"color:#1f497d" lang=3D"EN-US"=
>I
            also support this draft as a way forward for the discussion
            that I think captures the essence of both philosophies.
            <u></u><u></u></span></p>
        <p class=3D"MsoNormal"><span style=3D"color:#1f497d" lang=3D"EN-US"=
><u></u>=C2=A0<u></u></span></p>
        <p class=3D"MsoNormal"><span style=3D"color:#1f497d" lang=3D"EN-US"=
>If
            such basis is agreed what are the major pending issues?<u></u><=
u></u></span></p>
        <p class=3D"MsoNormal"><span style=3D"color:#1f497d" lang=3D"EN-US"=
><u></u>=C2=A0<u></u></span></p>
        <p class=3D"MsoNormal"><span style=3D"color:#1f497d" lang=3D"EN-US"=
>Regards<u></u><u></u></span></p>
        <p class=3D"MsoNormal"><span style=3D"color:#1f497d" lang=3D"EN-US"=
>Laurent-walter<u></u><u></u></span></p>
        <p class=3D"MsoNormal"><span lang=3D"EN-US"><u></u>=C2=A0<u></u></s=
pan></p>
        <div style=3D"border:none;border-left:solid blue 1.5pt;padding:0cm =
0cm 0cm 4.0pt">
          <div>
            <div style=3D"border:none;border-top:solid #b5c4df 1.0pt;paddin=
g:3.0pt 0cm 0cm 0cm">
              <p class=3D"MsoNormal"><b><span lang=3D"IT">Da:</span></b><sp=
an lang=3D"IT">
                  <a href=3D"mailto:apps-discuss-bounces@ietf.org" target=
=3D"_blank">apps-discuss-bounces@ietf.org</a>
                  [<a href=3D"mailto:apps-discuss-bounces@ietf.org" target=
=3D"_blank">mailto:apps-discuss-bounces@ietf.org</a>]
                  <b>Per conto di </b>Gonzalo Salgueiro (gsalguei)<br>
                  <b>Inviato:</b> venerd=C3=AC 4 maggio 2012 21.50<br>
                  <b>A:</b> Murray S. Kucherawy<br>
                  <b>Cc:</b> <a href=3D"mailto:oauth@ietf.org" target=3D"_b=
lank">oauth@ietf.org</a>; <a href=3D"mailto:apps-discuss@ietf.org" target=
=3D"_blank">apps-discuss@ietf.org</a><br>
                  <b>Oggetto:</b> Re: [apps-discuss]
                  draft-jones-appsawg-webfinger-04<u></u><u></u></span></p>
            </div>
          </div>
          <p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
          <div>
            <p class=3D"MsoNormal" style=3D"margin-bottom:12.0pt">I support
              this doc being adopted as starting point for WG
              discussion.<u></u><u></u></p>
            <div>
              <p class=3D"MsoNormal">Regards,<u></u><u></u></p>
            </div>
            <div>
              <p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
            </div>
            <div>
              <p class=3D"MsoNormal">Gonzalo<u></u><u></u></p>
            </div>
            <div>
              <p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
            </div>
          </div>
          <div>
            <p class=3D"MsoNormal" style=3D"margin-bottom:12.0pt"><br>
              On May 4, 2012, at 3:03 PM, &quot;Murray S. Kucherawy&quot; &=
lt;<a href=3D"mailto:msk@cloudmark.com" target=3D"_blank">msk@cloudmark.com=
</a>&gt;
              wrote:<u></u><u></u></p>
          </div>
          <blockquote style=3D"margin-top:5.0pt;margin-bottom:5.0pt">
            <div>
              <p class=3D"MsoNormal">The above-named draft has been
                offered as the recommended path forward in terms of
                converging on a single document to advance through
                appsawg.=C2=A0 The conversation I saw this week in that
                regard has seemed mostly positive.<u></u><u></u></p>
              <p class=3D"MsoNormal">=C2=A0<u></u><u></u></p>
              <p class=3D"MsoNormal">Please review it, or at least the
                diff, and indicate your support or objection on
                <a href=3D"mailto:apps-discuss@ietf.org" target=3D"_blank">=
apps-discuss@ietf.org</a>
                to adopting this one as the common path forward. We
                would like to make a decision about which one to begin
                advancing in the next week or two.<u></u><u></u></p>
              <p class=3D"MsoNormal">=C2=A0<u></u><u></u></p>
              <p class=3D"MsoNormal">Have a good weekend!<u></u><u></u></p>
              <p class=3D"MsoNormal">=C2=A0<u></u><u></u></p>
              <p class=3D"MsoNormal">-MSK, APPSAWG co-chair<u></u><u></u></=
p>
              <p class=3D"MsoNormal">=C2=A0<u></u><u></u></p>
            </div>
          </blockquote>
          <blockquote style=3D"margin-top:5.0pt;margin-bottom:5.0pt">
            <div>
              <p class=3D"MsoNormal"><span>________________________________=
_______________<br>
                  apps-discuss mailing list<br>
                  <a href=3D"mailto:apps-discuss@ietf.org" target=3D"_blank=
">apps-discuss@ietf.org</a><br>
                  <a href=3D"https://www.ietf.org/mailman/listinfo/apps-dis=
cuss" target=3D"_blank">https://www.ietf.org/mailman/listinfo/apps-discuss<=
/a></span><br>
              </p>
            </div>
          </blockquote>
        </div>
      </div>
    </blockquote>
    <br>
  </div>

<br>_______________________________________________<br>
OAuth mailing list<br>
<a href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/oauth" target=3D"_blank">h=
ttps://www.ietf.org/mailman/listinfo/oauth</a><br>
<br></blockquote></div>

--e89a8f234567b5f66d04bf80aa04--

From paulej@packetizer.com  Tue May  8 01:25:34 2012
Return-Path: <paulej@packetizer.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A0D921F84E2; Tue,  8 May 2012 01:25:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.533
X-Spam-Level: 
X-Spam-Status: No, score=-2.533 tagged_above=-999 required=5 tests=[AWL=0.065,  BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YBjz-i8Aq4OP; Tue,  8 May 2012 01:25:33 -0700 (PDT)
Received: from dublin.packetizer.com (dublin.packetizer.com [75.101.130.125]) by ietfa.amsl.com (Postfix) with ESMTP id 1A5A321F84DD; Tue,  8 May 2012 01:25:33 -0700 (PDT)
Received: from [156.106.244.190] ([156.106.244.190]) (authenticated bits=0) by dublin.packetizer.com (8.14.5/8.14.5) with ESMTP id q488PRRx004538 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Tue, 8 May 2012 04:25:28 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=packetizer.com; s=dublin; t=1336465530; bh=RKm+3EoBhCv52J09nQLCmv9TUdlljICY+1q0GfMtyvo=; h=Message-ID:Date:From:MIME-Version:To:CC:Subject:References: In-Reply-To:Content-Type; b=SMzgwwf9JdsOu6VrHbF+O2dWvDTblZBGrx0SoV1QC5wOuqlVwYzt1uGUg/WrKSmOR MRN+IblJd6hGkj/Xz2igj3x+sZlPcSIKs+PPPGMzqfXQce2JyIDIa7TqMganHFMwNV 5TW+W0m9v9NZFCTpfx3PlzrzD7bzGXcD/fI6vtrw=
Message-ID: <4FA8D877.1040806@packetizer.com>
Date: Tue, 08 May 2012 04:25:27 -0400
From: "Paul E. Jones" <paulej@packetizer.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: Blaine Cook <romeda@gmail.com>
References: <9452079D1A51524AA5749AD23E00392810E4CA@exch-mbx901.corp.cloudmark.com> <5876011F-2C2C-4889-9452-E8BDC1438713@cisco.com> <A09A9E0A4B9C654E8672D1DC003633AE52EE435611@GRFMBX704BA020.griffon.local> <4FA7CB3A.4020000@packetizer.com> <CAAz=sck0hhyTWMz4LSDcZoO6btBKe4ajac_sKgeL520wrNc7_w@mail.gmail.com>
In-Reply-To: <CAAz=sck0hhyTWMz4LSDcZoO6btBKe4ajac_sKgeL520wrNc7_w@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------090607020801010701060004"
Cc: Goix Laurent Walter <laurentwalter.goix@telecomitalia.it>, Gonzalo Salgueiro <gsalguei@cisco.com>, apps-discuss@ietf.org, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] [apps-discuss] R: draft-jones-appsawg-webfinger-04
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 May 2012 08:25:34 -0000

This is a multi-part message in MIME format.
--------------090607020801010701060004
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit

  Blaine,

Your issues were not ignored, but I do not think there was consensus one 
way or the other on them.  Your points were:
1) Recommendation to use JSON only
2) A question about what the JSON format would look like
3) Direct vs. indirect queries (i.e., whether to use resource parameter)

I replied to each of these and others commented on parts, too.  My opinions:

1) Given that RFC 6415 already specifies use of XML and is only months 
old, I hesitate to demand that only XML be used.  Further, it's trivial 
for the server to do both.  The client will be able to use whatever it 
prefers.  I can be convinced to drop XML, but I think we should make 
this decision carefully and with everyone in agreement.
2) I suggested we use JRD since it is defined.  Was there any 
disagreement on that?
3) This issue is a point where there was clear division.  The OpenID 
Connect team wants to be able to issue a single query and get a reply.  
You had an interest to use a static server.  I investigated how we could 
do both.  If one used Apache, for example, one could build a static site 
and still support the resource URI.  Here's a couple of ways to do it: 
http://www.packetizer.com/webfinger/server.html (using either .htaccess 
or the global config file).  What cannot be accomodated is the "rel" 
parameter, but I'd guess static sites will not produce voluminous 
results, anyway.

So, it's not accurate to say your issues were ignored.  We simply did 
not have strong consensus one way or the other.  There were strong 
opinions on (3), so I tried to find a solution that might be 
acceptable.  We may need more discussion on all of these points, of course.

Paul

On 5/8/2012 2:40 AM, Blaine Cook wrote:
>
> I disagree that the current spec is a good starting point - the issues 
> I've raised have been ignored, and the spec is now much more 
> complicated from both sides of the implementation fence.
>
> On May 7, 2012 3:17 PM, "Paul E. Jones" <paulej@packetizer.com 
> <mailto:paulej@packetizer.com>> wrote:
>
>     Walter,
>
>     I'm not sure what the full set of issues will be, but I only have
>     a couple of small edits queued for -05 at present (one being
>     "template" should be "href" in the example at the end of 4.2 that
>     you pointed out to me privately).  We've already worked through a
>     number of issues to get to this point, so there may not be a lot
>     of changes needed.  I'll not dismiss the possibility that there
>     are editorial issues, but I hope we've resolved most of the
>     technical details.
>
>     We probably still need to have the discussion of keeping CORS and
>     what additions are needed to the security section.  We've made a
>     few changes there already, but I'm not sure if it still fully
>     addresses some of the privacy concerns.
>
>     Paul
>
>     On 5/7/2012 5:37 AM, Goix Laurent Walter wrote:
>>
>>     I also support this draft as a way forward for the discussion
>>     that I think captures the essence of both philosophies.
>>
>>     If such basis is agreed what are the major pending issues?
>>
>>     Regards
>>
>>     Laurent-walter
>>
>>     *Da:*apps-discuss-bounces@ietf.org
>>     <mailto:apps-discuss-bounces@ietf.org>
>>     [mailto:apps-discuss-bounces@ietf.org] *Per conto di *Gonzalo
>>     Salgueiro (gsalguei)
>>     *Inviato:* venerdì 4 maggio 2012 21.50
>>     *A:* Murray S. Kucherawy
>>     *Cc:* oauth@ietf.org <mailto:oauth@ietf.org>;
>>     apps-discuss@ietf.org <mailto:apps-discuss@ietf.org>
>>     *Oggetto:* Re: [apps-discuss] draft-jones-appsawg-webfinger-04
>>
>>     I support this doc being adopted as starting point for WG discussion.
>>
>>     Regards,
>>
>>     Gonzalo
>>
>>
>>     On May 4, 2012, at 3:03 PM, "Murray S. Kucherawy"
>>     <msk@cloudmark.com <mailto:msk@cloudmark.com>> wrote:
>>
>>         The above-named draft has been offered as the recommended
>>         path forward in terms of converging on a single document to
>>         advance through appsawg.  The conversation I saw this week in
>>         that regard has seemed mostly positive.
>>
>>         Please review it, or at least the diff, and indicate your
>>         support or objection on apps-discuss@ietf.org
>>         <mailto:apps-discuss@ietf.org> to adopting this one as the
>>         common path forward. We would like to make a decision about
>>         which one to begin advancing in the next week or two.
>>
>>         Have a good weekend!
>>
>>         -MSK, APPSAWG co-chair
>>
>>         _______________________________________________
>>         apps-discuss mailing list
>>         apps-discuss@ietf.org <mailto:apps-discuss@ietf.org>
>>         https://www.ietf.org/mailman/listinfo/apps-discuss
>>
>
>
>     _______________________________________________
>     OAuth mailing list
>     OAuth@ietf.org <mailto:OAuth@ietf.org>
>     https://www.ietf.org/mailman/listinfo/oauth
>


--------------090607020801010701060004
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit

<html>
  <head>
    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
     Blaine,<br>
    <br>
    Your issues were not ignored, but I do not think there was consensus
    one way or the other on them.  Your points were:<br>
    1) Recommendation to use JSON only<br>
    2) A question about what the JSON format would look like<br>
    3) Direct vs. indirect queries (i.e., whether to use resource
    parameter)<br>
    <br>
    I replied to each of these and others commented on parts, too.  My
    opinions:<br>
    <br>
    1) Given that RFC 6415 already specifies use of XML and is only
    months old, I hesitate to demand that only XML be used.  Further,
    it's trivial for the server to do both.  The client will be able to
    use whatever it prefers.  I can be convinced to drop XML, but I
    think we should make this decision carefully and with everyone in
    agreement.<br>
    2) I suggested we use JRD since it is defined.  Was there any
    disagreement on that?<br>
    3) This issue is a point where there was clear division.  The OpenID
    Connect team wants to be able to issue a single query and get a
    reply.  You had an interest to use a static server.  I investigated
    how we could do both.  If one used Apache, for example, one could
    build a static site and still support the resource URI.  Here's a
    couple of ways to do it:
    <a class="moz-txt-link-freetext" href="http://www.packetizer.com/webfinger/server.html">http://www.packetizer.com/webfinger/server.html</a> (using either
    .htaccess or the global config file).  What cannot be accomodated is
    the "rel" parameter, but I'd guess static sites will not produce
    voluminous results, anyway.<br>
    <br>
    So, it's not accurate to say your issues were ignored.  We simply
    did not have strong consensus one way or the other.  There were
    strong opinions on (3), so I tried to find a solution that might be
    acceptable.  We may need more discussion on all of these points, of
    course.<br>
    <br>
    Paul<br>
    <br>
    On 5/8/2012 2:40 AM, Blaine Cook wrote:
    <blockquote
cite="mid:CAAz=sck0hhyTWMz4LSDcZoO6btBKe4ajac_sKgeL520wrNc7_w@mail.gmail.com"
      type="cite">
      <p>I disagree that the current spec is a good starting point - the
        issues I've raised have been ignored, and the spec is now much
        more complicated from both sides of the implementation fence.</p>
      <div class="gmail_quote">On May 7, 2012 3:17 PM, "Paul E. Jones"
        &lt;<a moz-do-not-send="true"
          href="mailto:paulej@packetizer.com">paulej@packetizer.com</a>&gt;
        wrote:<br type="attribution">
        <blockquote class="gmail_quote" style="margin:0 0 0
          .8ex;border-left:1px #ccc solid;padding-left:1ex">
          <div bgcolor="#FFFFFF" text="#000000"> Walter,<br>
            <br>
            I'm not sure what the full set of issues will be, but I only
            have a couple of small edits queued for -05 at present (one
            being "template" should be "href" in the example at the end
            of 4.2 that you pointed out to me privately).  We've already
            worked through a number of issues to get to this point, so
            there may not be a lot of changes needed.  I'll not dismiss
            the possibility that there are editorial issues, but I hope
            we've resolved most of the technical details.<br>
            <br>
            We probably still need to have the discussion of keeping
            CORS and what additions are needed to the security section. 
            We've made a few changes there already, but I'm not sure if
            it still fully addresses some of the privacy concerns.<br>
            <br>
            Paul<br>
            <br>
            On 5/7/2012 5:37 AM, Goix Laurent Walter wrote:
            <blockquote type="cite">
              <div>
                <p class="MsoNormal"><span style="color:#1f497d"
                    lang="EN-US">I also support this draft as a way
                    forward for the discussion that I think captures the
                    essence of both philosophies. </span></p>
                <p class="MsoNormal"><span style="color:#1f497d"
                    lang="EN-US"> </span></p>
                <p class="MsoNormal"><span style="color:#1f497d"
                    lang="EN-US">If such basis is agreed what are the
                    major pending issues?</span></p>
                <p class="MsoNormal"><span style="color:#1f497d"
                    lang="EN-US"> </span></p>
                <p class="MsoNormal"><span style="color:#1f497d"
                    lang="EN-US">Regards</span></p>
                <p class="MsoNormal"><span style="color:#1f497d"
                    lang="EN-US">Laurent-walter</span></p>
                <p class="MsoNormal"><span lang="EN-US"> </span></p>
                <div style="border:none;border-left:solid blue
                  1.5pt;padding:0cm 0cm 0cm 4.0pt">
                  <div>
                    <div style="border:none;border-top:solid #b5c4df
                      1.0pt;padding:3.0pt 0cm 0cm 0cm">
                      <p class="MsoNormal"><b><span lang="IT">Da:</span></b><span
                          lang="IT"> <a moz-do-not-send="true"
                            href="mailto:apps-discuss-bounces@ietf.org"
                            target="_blank">apps-discuss-bounces@ietf.org</a>
                          [<a moz-do-not-send="true"
                            href="mailto:apps-discuss-bounces@ietf.org"
                            target="_blank">mailto:apps-discuss-bounces@ietf.org</a>]
                          <b>Per conto di </b>Gonzalo Salgueiro
                          (gsalguei)<br>
                          <b>Inviato:</b> venerdì 4 maggio 2012 21.50<br>
                          <b>A:</b> Murray S. Kucherawy<br>
                          <b>Cc:</b> <a moz-do-not-send="true"
                            href="mailto:oauth@ietf.org" target="_blank">oauth@ietf.org</a>;
                          <a moz-do-not-send="true"
                            href="mailto:apps-discuss@ietf.org"
                            target="_blank">apps-discuss@ietf.org</a><br>
                          <b>Oggetto:</b> Re: [apps-discuss]
                          draft-jones-appsawg-webfinger-04</span></p>
                    </div>
                  </div>
                  <p class="MsoNormal"> </p>
                  <div>
                    <p class="MsoNormal" style="margin-bottom:12.0pt">I
                      support this doc being adopted as starting point
                      for WG discussion.</p>
                    <div>
                      <p class="MsoNormal">Regards,</p>
                    </div>
                    <div>
                      <p class="MsoNormal"> </p>
                    </div>
                    <div>
                      <p class="MsoNormal">Gonzalo</p>
                    </div>
                    <div>
                      <p class="MsoNormal"> </p>
                    </div>
                  </div>
                  <div>
                    <p class="MsoNormal" style="margin-bottom:12.0pt"><br>
                      On May 4, 2012, at 3:03 PM, "Murray S. Kucherawy"
                      &lt;<a moz-do-not-send="true"
                        href="mailto:msk@cloudmark.com" target="_blank">msk@cloudmark.com</a>&gt;

                      wrote:</p>
                  </div>
                  <blockquote
                    style="margin-top:5.0pt;margin-bottom:5.0pt">
                    <div>
                      <p class="MsoNormal">The above-named draft has
                        been offered as the recommended path forward in
                        terms of converging on a single document to
                        advance through appsawg.  The conversation I saw
                        this week in that regard has seemed mostly
                        positive.</p>
                      <p class="MsoNormal"> </p>
                      <p class="MsoNormal">Please review it, or at least
                        the diff, and indicate your support or objection
                        on <a moz-do-not-send="true"
                          href="mailto:apps-discuss@ietf.org"
                          target="_blank">apps-discuss@ietf.org</a> to
                        adopting this one as the common path forward. We
                        would like to make a decision about which one to
                        begin advancing in the next week or two.</p>
                      <p class="MsoNormal"> </p>
                      <p class="MsoNormal">Have a good weekend!</p>
                      <p class="MsoNormal"> </p>
                      <p class="MsoNormal">-MSK, APPSAWG co-chair</p>
                      <p class="MsoNormal"> </p>
                    </div>
                  </blockquote>
                  <blockquote
                    style="margin-top:5.0pt;margin-bottom:5.0pt">
                    <div>
                      <p class="MsoNormal"><span>_______________________________________________<br>
                          apps-discuss mailing list<br>
                          <a moz-do-not-send="true"
                            href="mailto:apps-discuss@ietf.org"
                            target="_blank">apps-discuss@ietf.org</a><br>
                          <a moz-do-not-send="true"
                            href="https://www.ietf.org/mailman/listinfo/apps-discuss"
                            target="_blank">https://www.ietf.org/mailman/listinfo/apps-discuss</a></span><br>
                      </p>
                    </div>
                  </blockquote>
                </div>
              </div>
            </blockquote>
            <br>
          </div>
          <br>
          _______________________________________________<br>
          OAuth mailing list<br>
          <a moz-do-not-send="true" href="mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>
          <a moz-do-not-send="true"
            href="https://www.ietf.org/mailman/listinfo/oauth"
            target="_blank">https://www.ietf.org/mailman/listinfo/oauth</a><br>
          <br>
        </blockquote>
      </div>
    </blockquote>
    <br>
  </body>
</html>

--------------090607020801010701060004--

From hannes.tschofenig@gmx.net  Tue May  8 07:55:15 2012
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58D4C21F8657 for <oauth@ietfa.amsl.com>; Tue,  8 May 2012 07:55:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id byzuqM2mrfU4 for <oauth@ietfa.amsl.com>; Tue,  8 May 2012 07:55:14 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id 50B1821F8645 for <oauth@ietf.org>; Tue,  8 May 2012 07:55:14 -0700 (PDT)
Received: (qmail invoked by alias); 08 May 2012 14:55:12 -0000
Received: from unknown (EHLO dhcp50-94-118-50.hil-dcaaedt.dca.wayport.net) [65.89.200.2] by mail.gmx.net (mp032) with SMTP; 08 May 2012 16:55:12 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX19CNEw774lCiM02z77/BCAeYv4Yx5gExuXcDTIw0S KwSwameQBg7VTw
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=us-ascii
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
In-Reply-To: <9452079D1A51524AA5749AD23E00392810E4CA@exch-mbx901.corp.cloudmark.com>
Date: Tue, 8 May 2012 17:55:00 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <7C8C2724-8BB3-4B45-9144-D2645E3D0B4D@gmx.net>
References: <9452079D1A51524AA5749AD23E00392810E4CA@exch-mbx901.corp.cloudmark.com>
To: Murray S. Kucherawy <msk@cloudmark.com>
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Cc: "oauth@ietf.org WG" <oauth@ietf.org>, "apps-discuss@ietf.org" <apps-discuss@ietf.org>
Subject: Re: [OAUTH-WG] draft-jones-appsawg-webfinger-04
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 May 2012 14:55:15 -0000

Hi Murray,=20

it is great to see that you are pushing things forward here but I =
believe you are going a bit too fast.=20

=46rom the comments I have seen so far I got the impression that many =
got confused by UR schemes: mailto: and the acct: are different.=20
The discussions around XML vs. JSON are unfortunately also hiding the =
real important discussion, namely privacy.=20

We are actually building, without further thinking about it, a mechanism =
that offers worse privacy properties compared to what we have in other =
protocols today.

See this in terms of the interaction between a relying party and an =
identity provider then other IETF protocols today (e.g., AAA) does not =
require the relying party to see the username part of the identifier. In =
fact AAA offers various mechanisms to hide the username component to the =
relying party since it is really only needed by the identity provider.

So, I would encourage the group to think about how to accomplish =
equivalent functionality without unnecessarily revealing identifiers to =
parties that are not supposed to get them.

I also think it is useful to think about the bigger picture,namely the =
integration with other protocols (such as OAuth). This will in most =
cases be needed when you actually fetch the data that is behind the =
discovered URIs. Assuming that all information is public anyway is not =
realistic and protocol design has to work with the difficult assumptions =
(not with the simplest). Furthermore, the usage of CORS is completely =
confused in the document.=20

Hence, I heavily object to use this document as a starting point.=20

I may also be the case that WebFinger is not the right tool for =
something like OAuth (and for discovery of protected resources =
altogether) since we do not want to design a solution that on one hand =
allows us not to reveal any user identifiers to the relying party (the =
client in OAuth) based on the current design and then completely destroy =
these properties when we add the discovery mechanisms in front of it.=20

Ciao
Hannes

PS: I met some W3C folks last week and they mentioned that we should =
also take a look at Web Intents. I have not done that yet and do not =
know how suitable the W3C developed mechanisms therefore is.=20

On May 4, 2012, at 8:31 PM, Murray S. Kucherawy wrote:

> The above-named draft has been offered as the recommended path forward =
in terms of converging on a single document to advance through appsawg.  =
The conversation I saw this week in that regard has seemed mostly =
positive.
> =20
> Please review it, or at least the diff, and indicate your support or =
objection on apps-discuss@ietf.org to adopting this one as the common =
path forward. We would like to make a decision about which one to begin =
advancing in the next week or two.
> =20
> Have a good weekend!
> =20
> -MSK, APPSAWG co-chair
> =20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


From hannes.tschofenig@gmx.net  Tue May  8 08:02:33 2012
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D33B711E8083 for <oauth@ietfa.amsl.com>; Tue,  8 May 2012 08:02:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qNVbOLrK6QeK for <oauth@ietfa.amsl.com>; Tue,  8 May 2012 08:02:33 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id D618611E807F for <oauth@ietf.org>; Tue,  8 May 2012 08:02:32 -0700 (PDT)
Received: (qmail invoked by alias); 08 May 2012 14:55:52 -0000
Received: from unknown (EHLO dhcp50-94-118-50.hil-dcaaedt.dca.wayport.net) [65.89.200.2] by mail.gmx.net (mp032) with SMTP; 08 May 2012 16:55:52 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1/o1wErNwbom7qxnhY18+9d01vzOiucorUk3EZBiF gdcndorvwRlXyz
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=us-ascii
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
In-Reply-To: <5876011F-2C2C-4889-9452-E8BDC1438713@cisco.com>
Date: Tue, 8 May 2012 17:55:50 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <D43D9A24-8499-4D91-8A64-2BF256A4AB34@gmx.net>
References: <9452079D1A51524AA5749AD23E00392810E4CA@exch-mbx901.corp.cloudmark.com> <5876011F-2C2C-4889-9452-E8BDC1438713@cisco.com>
To: Gonzalo Salgueiro (gsalguei) <gsalguei@cisco.com>
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Cc: oauth@ietf.org, apps-discuss@ietf.org
Subject: Re: [OAUTH-WG] [apps-discuss] draft-jones-appsawg-webfinger-04
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 May 2012 15:02:33 -0000

Gonzalo: it is great that you, as a co-author, support your own document =
but I don't think it is particular helpful.=20

On May 4, 2012, at 10:49 PM, Gonzalo Salgueiro (gsalguei) wrote:

> I support this doc being adopted as starting point for WG discussion.
>=20
> Regards,
>=20
> Gonzalo
>=20
>=20
> On May 4, 2012, at 3:03 PM, "Murray S. Kucherawy" <msk@cloudmark.com> =
wrote:
>=20
>> The above-named draft has been offered as the recommended path =
forward in terms of converging on a single document to advance through =
appsawg.  The conversation I saw this week in that regard has seemed =
mostly positive.
>> =20
>> Please review it, or at least the diff, and indicate your support or =
objection on apps-discuss@ietf.org to adopting this one as the common =
path forward. We would like to make a decision about which one to begin =
advancing in the next week or two.
>> =20
>> Have a good weekend!
>> =20
>> -MSK, APPSAWG co-chair
>> =20
>> _______________________________________________
>> apps-discuss mailing list
>> apps-discuss@ietf.org
>> https://www.ietf.org/mailman/listinfo/apps-discuss
> _______________________________________________
> apps-discuss mailing list
> apps-discuss@ietf.org
> https://www.ietf.org/mailman/listinfo/apps-discuss


From romeda@gmail.com  Tue May  8 08:31:14 2012
Return-Path: <romeda@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A01311E8091; Tue,  8 May 2012 08:31:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.546
X-Spam-Level: 
X-Spam-Status: No, score=-103.546 tagged_above=-999 required=5 tests=[AWL=0.053, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z4M-DfH1QVDz; Tue,  8 May 2012 08:31:13 -0700 (PDT)
Received: from mail-lb0-f172.google.com (mail-lb0-f172.google.com [209.85.217.172]) by ietfa.amsl.com (Postfix) with ESMTP id 4C86811E808A; Tue,  8 May 2012 08:31:13 -0700 (PDT)
Received: by lbbgo11 with SMTP id go11so4919773lbb.31 for <multiple recipients>; Tue, 08 May 2012 08:31:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; bh=RnZKTFAxjVbXrxPaJo9ZD9KrZotICYYqotJX6EXBh2I=; b=dpAaGhD//YjUMNQtty4rGmHsH06gW2npt5qeaccUFtqSM6yMqmhfS9h03A1FBd4pgF WqxdMIFuYE0AACa+kYZPgqT+MqqWQuI6ldHjWzvqyeUhZLnqUhEnTv72eRzHl2tq9Rlt WgdgLenx/OL1PwBHz2shndcywL1TK0TILNKzDFEZgnx1qpS5mFPxdLYtMrpkykqh61aP h8CSp3N0gV5PcGmQ5RP9zDw6JlQBYWERqUofc3envKRQVF/UhMT90PCimeH+RPTu+stk PVe7vMhvGF/sslyBEyUkRyPAt/ri4nam9tTVRN72hn0o7B+rQBX2m0+6Ib2bAj8ELKd4 Ju/g==
Received: by 10.152.109.198 with SMTP id hu6mr2605109lab.21.1336491072259; Tue, 08 May 2012 08:31:12 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.152.24.229 with HTTP; Tue, 8 May 2012 08:30:52 -0700 (PDT)
In-Reply-To: <7C8C2724-8BB3-4B45-9144-D2645E3D0B4D@gmx.net>
References: <9452079D1A51524AA5749AD23E00392810E4CA@exch-mbx901.corp.cloudmark.com> <7C8C2724-8BB3-4B45-9144-D2645E3D0B4D@gmx.net>
From: Blaine Cook <romeda@gmail.com>
Date: Tue, 8 May 2012 17:30:52 +0200
Message-ID: <CAAz=sc=147d254-TKMHyFJOuLGoc3fMHZLtQwO3nvj-Un=cjrg@mail.gmail.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: "oauth@ietf.org WG" <oauth@ietf.org>, "apps-discuss@ietf.org" <apps-discuss@ietf.org>
Subject: Re: [OAUTH-WG] [apps-discuss]  draft-jones-appsawg-webfinger-04
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 May 2012 15:31:14 -0000

On 8 May 2012 16:55, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote:
> The discussions around XML vs. JSON are unfortunately also hiding the rea=
l important discussion, namely privacy.
>
> We are actually building, without further thinking about it, a mechanism =
that offers worse privacy properties compared to what we have in other prot=
ocols today.
>
> See this in terms of the interaction between a relying party and an ident=
ity provider then other IETF protocols today (e.g., AAA) does not require t=
he relying party to see the username part of the identifier. In fact AAA of=
fers various mechanisms to hide the username component to the relying party=
 since it is really only needed by the identity provider.
>
> So, I would encourage the group to think about how to accomplish equivale=
nt functionality without unnecessarily revealing identifiers to parties tha=
t are not supposed to get them.

Webfinger isn't about authentication. It is *explicitly* about
discovering information about an entity (usually a person) when you
(the relying party) *already have* their identifier.

Again: There is NO privacy leak in exposing the identifier to the RP,
because they already know it.

Again: There is NO privacy leak in exposing the identifier to the SP,
because they control it.

Even in the context of authentication, I'm surprised you're saying
this because I've repeatedly claimed that the *major failing* with
OpenID *.* is that the relying party isn't given knowledge of *who* is
trying to authenticate in the first place. It's a cryptographic
property that looks lovely on paper, but is a damaging folly when
translated to something that end users are expected to interact with.

> I also think it is useful to think about the bigger picture,namely the in=
tegration with other protocols (such as OAuth). This will in most cases be =
needed when you actually fetch the data that is behind the discovered URIs.=
 Assuming that all information is public anyway is not realistic and protoc=
ol design has to work with the difficult assumptions (not with the simplest=
).

Agreed, the actual information conveyed by Webfinger will normally be
private. *However*, as discussed on this list, on the OAuth list, and
in many other places, the mechanism(s) for authentication and
authorisation to access the relevant Webfinger profiles is best dealt
with by allowing any valid HTTP mechanisms.

Specific protocols that rely upon webfinger should define their own
authentication requirements, where sensible.

> Hence, I heavily object to use this document as a starting point.

I have many concerns with this document, too, as mentioned earlier.

> I may also be the case that WebFinger is not the right tool for something=
 like OAuth (and for discovery of protected resources altogether) since we =
do not want to design a solution that on one hand allows us not to reveal a=
ny user identifiers to the relying party (the client in OAuth) based on the=
 current design and then completely destroy these properties when we add th=
e discovery mechanisms in front of it.

No-one is forcing all OAuth services to rely upon webfinger discovery.
OpenID Connect needs something like this, because users (and their RPs
in turn) need to know their identifier in order to be able to sign in.
Some RPs that interact with OAuth-enabled services (e.g., cloud
document services) will benefit from webfinger. Others won't,
especially where the RP shouldn't or can't know who the user is, but
should have access to a service.

FWIW, I think you're blowing the privacy concerns way out of
proportion, especially in the context of a world where many actively
hostile actors can identify users by analysing router traffic that
they obtain from back-doors in switches manufactured by Ericsson. ;-)

b.

From gsalguei@cisco.com  Tue May  8 11:53:06 2012
Return-Path: <gsalguei@cisco.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0C0621F8573 for <oauth@ietfa.amsl.com>; Tue,  8 May 2012 11:53:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.569
X-Spam-Level: 
X-Spam-Status: No, score=-6.569 tagged_above=-999 required=5 tests=[AWL=-3.970, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZKzl78lavjGw for <oauth@ietfa.amsl.com>; Tue,  8 May 2012 11:53:06 -0700 (PDT)
Received: from av-tac-rtp.cisco.com (av-tac-rtp.cisco.com [64.102.19.209]) by ietfa.amsl.com (Postfix) with ESMTP id A7AB421F853B for <oauth@ietf.org>; Tue,  8 May 2012 11:53:06 -0700 (PDT)
X-TACSUNS: Virus Scanned
Received: from chook.cisco.com (localhost.cisco.com [127.0.0.1]) by av-tac-rtp.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id q48Ir4vM002078 for <oauth@ietf.org>; Tue, 8 May 2012 14:53:04 -0400 (EDT)
Received: from rtp-vpn4-1896.cisco.com (rtp-vpn4-1896.cisco.com [10.82.215.104]) by chook.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id q48Ir3aa016231; Tue, 8 May 2012 14:53:03 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: text/plain; charset=us-ascii
From: Gonzalo Salgueiro <gsalguei@cisco.com>
In-Reply-To: <D43D9A24-8499-4D91-8A64-2BF256A4AB34@gmx.net>
Date: Tue, 8 May 2012 14:52:31 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <3E199AF5-39B4-46F5-86FC-C0884480EDEB@cisco.com>
References: <9452079D1A51524AA5749AD23E00392810E4CA@exch-mbx901.corp.cloudmark.com> <5876011F-2C2C-4889-9452-E8BDC1438713@cisco.com> <D43D9A24-8499-4D91-8A64-2BF256A4AB34@gmx.net>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
X-Mailer: Apple Mail (2.1257)
Cc: oauth@ietf.org, "apps-discuss@ietf.org Discuss" <apps-discuss@ietf.org>
Subject: Re: [OAUTH-WG] [apps-discuss] draft-jones-appsawg-webfinger-04
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 May 2012 18:53:07 -0000

Hannes: While I'm clearly honored by your interest in me and my =
activities, it is not my intent to artificially pump up a document on =
which I am a co-author.  Everyone on this list knows I am an author on =
it as we have discussed it exhaustively for the past month and a half. I =
was merely indicating my support of the compromised direction being =
proposed (as we were at a bit of an impasse with two documents in call =
for adoption that were proposing a solution for the same problem space). =
It took a good bit of on-list and off-list discussion for the SWD and WF =
camps to draw a line in the sand and come to an agreement on a =
compromise that was a mutually satisfying starting point that the WG =
could get behind. This proposal was put forth (and supported) separately =
by Mike Jones (a co-author on SWD) and Paul Jones (a co-author on WF). =
I, as another co-author of WF, was voicing my support of the compromise =
as a starting point. I don't believe any of the co-authors involved were =
at fault or acted with irregularity.

Cheers,

Gonzalo

On May 8, 2012, at 10:55 AM, Hannes Tschofenig wrote:

> Gonzalo: it is great that you, as a co-author, support your own =
document but I don't think it is particular helpful.=20
>=20
> On May 4, 2012, at 10:49 PM, Gonzalo Salgueiro (gsalguei) wrote:
>=20
>> I support this doc being adopted as starting point for WG discussion.
>>=20
>> Regards,
>>=20
>> Gonzalo
>>=20
>>=20
>> On May 4, 2012, at 3:03 PM, "Murray S. Kucherawy" <msk@cloudmark.com> =
wrote:
>>=20
>>> The above-named draft has been offered as the recommended path =
forward in terms of converging on a single document to advance through =
appsawg.  The conversation I saw this week in that regard has seemed =
mostly positive.
>>>=20
>>> Please review it, or at least the diff, and indicate your support or =
objection on apps-discuss@ietf.org to adopting this one as the common =
path forward. We would like to make a decision about which one to begin =
advancing in the next week or two.
>>>=20
>>> Have a good weekend!
>>>=20
>>> -MSK, APPSAWG co-chair
>>>=20
>>> _______________________________________________
>>> apps-discuss mailing list
>>> apps-discuss@ietf.org
>>> https://www.ietf.org/mailman/listinfo/apps-discuss
>> _______________________________________________
>> apps-discuss mailing list
>> apps-discuss@ietf.org
>> https://www.ietf.org/mailman/listinfo/apps-discuss
>=20
>=20


From stephen.farrell@cs.tcd.ie  Wed May  9 07:27:05 2012
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E49BD11E8072 for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 07:27:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.555
X-Spam-Level: 
X-Spam-Status: No, score=-102.555 tagged_above=-999 required=5 tests=[AWL=0.044, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GDx5jjHbcTRR for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 07:27:04 -0700 (PDT)
Received: from scss.tcd.ie (hermes.scss.tcd.ie [IPv6:2001:770:10:200:889f:cdff:fe8d:ccd2]) by ietfa.amsl.com (Postfix) with ESMTP id 92CEB21F85B8 for <oauth@ietf.org>; Wed,  9 May 2012 07:27:04 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id D35F7171536; Wed,  9 May 2012 15:27:03 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:in-reply-to:references :subject:mime-version:user-agent:from:date:message-id:received :received:x-virus-scanned; s=cs; t=1336573623; bh=Q3YmNGfijcqbit 8TJaDTULMhRUEa/omBfRYnTSfTHlY=; b=bTYrpEOKVxedn4/CS7mZL2KB6OrBf1 CjG2ODnDCU4zVK5DXo1BxOPE3D9w9UN8VxuH3CA7B2+ngzn7hDHaLjNIvzJLJZVu ZSSGLLsjZz+mdrzKJk3D+HhysQ20T7xzH8lu1e1VqjLi9wJezldshKlvRxLVhQts YnA9j4Qa/S2gX2Gi7S1Xa1/nauIw9EpwepLJA9hdPLecxL39SuxVcj2uZLGYejNb UW+HfHFLBYaAkoIppa6ZlsCkCTgFTXvTY8/qZ+m3WvxGmM/i1ciwbSuaMDcWje+2 h3OzgjanFnNXy5Ka4yLkMF1j0glNjGnk16jWSfcK0d1wi3gDj08PRXxQ==
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id mozl64R5yN6u; Wed,  9 May 2012 15:27:03 +0100 (IST)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id 61430171512; Wed,  9 May 2012 15:27:02 +0100 (IST)
Message-ID: <4FAA7EB6.6050604@cs.tcd.ie>
Date: Wed, 09 May 2012 15:27:02 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120430 Thunderbird/12.0.1
MIME-Version: 1.0
To: "oauth-chairs@tools.ietf.org" <oauth-chairs@tools.ietf.org>
References: <20120503181339.17651.84259.idtracker@ietfa.amsl.com> <CALaySJKLytyKdS=AUpa5wgRNBe96sHgZ1n0kGnO8fWyU4p-=vQ@mail.gmail.com>
In-Reply-To: <CALaySJKLytyKdS=AUpa5wgRNBe96sHgZ1n0kGnO8fWyU4p-=vQ@mail.gmail.com>
X-Enigmail-Version: 1.4.1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Internal WG Review: Recharter of Web Authorization Protocol (oauth)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 14:27:06 -0000

Hi,

There's been a bit of IESG comment on the proposed new
charter resulting in a few editorial changes. So just
in case, the text below is what I'd like to propose for
approval on Thursday.

Let me know if there's anything substantively wrong
here, in which case, we'll probably want to re-spin
the text and I'll put it back for consideration on
the following IESG meeting (another two weeks).

Thanks,
Stephen.

> ------------------------------------------
> Web Authorization Protocol (oauth)
> ------------------------------------------
> Current Status: Active
> Last updated: 2012-05-03
>
> Chairs:
>  Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
>  Derek Atkins <derek@ihtfp.com>
>
> Security Area Directors:
>  Stephen Farrell <stephen.farrell@cs.tcd.ie>
>  Sean Turner <turners@ieca.com>
>
> Security Area Advisor:
>  Stephen Farrell <stephen.farrell@cs.tcd.ie>
>
> Technical Advisor:
>  Peter Saint-Andre <stpeter@stpeter.im>
>
> Mailing Lists:
>  Address:      oauth@ietf.org
>  To Subscribe: https://www.ietf.org/mailman/listinfo/oauth
>  Archive:      http://www.ietf.org/mail-archive/web/oauth/
>
> Description of Working Group:
>
> The Web Authorization (OAuth) protocol allows a user to grant
> a third-party Web site or application access to the user's protected
> resources, without necessarily revealing their long-term credentials,
> or even their identity. For example, a photo-sharing site that supports
> OAuth could allow its users to use a third-party printing Web site to
> print their private pictures, without allowing the printing site to
> gain full control of the user's account and without having the user
> sharing his or her photo-sharing sites' long-term credential with the
> printing site.
>
> The OAuth protocol suite encompasses
> * a procedure for allowing a client to discover a authorization server,
> * a protocol for obtaining authorization tokens from an authorization
>   server with the resource owner's consent,
> * protocols for presenting these authorization tokens to protected
>   resources for access to a resource, and
> * consequently for sharing data in a security and privacy respective way.
>
> The working group also developed security schemes for presenting
> authorization tokens to access a protected resource. This led to the
> publication of the bearer token, as well as work that remains to be
> completed on message authentication code (MAC) access
> authentication and SAML assertions to interwork with existing
> identity management solutions.  The working group will complete
> those remaining documents, and will also complete documentation
> of the OAuth threat model that was started under the previous charter.
>
> The ongoing standardization effort within the OAuth working group
> will focus on enhancing interoperability of OAuth deployments.  A
> standard for a token revocation service, which can be separated from
> the existing web tokens to the token repertoire will enable wider
> deployment of OAuth.  Extended documentation of OAuth use cases
> will enhance the understanding of the OAuth framework and provide
> assistance to implementors.  And dynamic client registration will make
> it easier to broadly deploy OAuth clients (performing services to users).
>
> Goals and Milestones
>
> Done  Submit 'OAuth 2.0 Threat Model and Security Considerations' as a
>     working group item
> Done  Submit 'HTTP Authentication: MAC Authentication' as a working
>     group item
> Done  Submit 'The OAuth 2.0 Protocol: Bearer Tokens' to the IESG for
>     consideration as a Proposed Standard
> Done  Submit 'The OAuth 2.0 Authorization Protocol' to the IESG for
>     consideration as a Proposed Standard
>
> May  2012  Submit 'SAML 2.0 Bearer Assertion Profiles for OAuth 2.0' to
>          the IESG for consideration as a Proposed Standard
> May  2012  Submit 'OAuth 2.0 Assertion Profile' to the IESG for
>          consideration as a Proposed Standard
> May  2012  Submit 'An IETF URN Sub-Namespace for OAuth' to the IESG for
>          consideration as a Proposed Standard
> May  2012  Submit 'OAuth 2.0 Threat Model and Security Considerations'
>          to the IESG for consideration as an Informational RFC
> Dec. 2012  Submit 'HTTP Authentication: MAC Authentication' to the IESG
>          for consideration as a Proposed Standard
>
> Aug. 2012  Submit 'Token Revocation' to the IESG for consideration as a
>          Proposed Standard
> [Starting point for the work will be
> http://datatracker.ietf.org/doc/draft-lodderstedt-oauth-revocation/]
>
> Nov. 2012  Submit 'JSON Web Token (JWT)' to the IESG for consideration
>          as a Proposed Standard
> [Starting point for the work will be
> http://tools.ietf.org/html/draft-jones-json-web-token]
>
> Nov. 2012  Submit 'JSON Web Token (JWT) Bearer Token Profiles for OAuth
>          2.0' to the IESG for consideration as a Proposed Standard
> [Starting point for the work will be
> http://tools.ietf.org/html/draft-jones-oauth-jwt-bearer]
>
> Dec. 2012  Submit 'OAuth Use Cases' to the IESG for consideration as an
>          Informational RFC
> [Starting point for the work will be
> http://tools.ietf.org/html/draft-zeltsan-oauth-use-cases]
>
> Jul. 2013  Submit 'OAuth Dynamic Client Registration Protocol' to the
>          IESG for consideration as a Proposed Standard
> [Starting point for the work will be
> http://tools.ietf.org/html/draft-hardjono-oauth-dynreg]
> ------------------------------------------

From Michael.Jones@microsoft.com  Wed May  9 10:42:01 2012
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3328321F8523 for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 10:42:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.93
X-Spam-Level: 
X-Spam-Status: No, score=-3.93 tagged_above=-999 required=5 tests=[AWL=-0.331,  BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hUdW5tt-irLR for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 10:42:00 -0700 (PDT)
Received: from db3outboundpool.messaging.microsoft.com (db3ehsobe003.messaging.microsoft.com [213.199.154.141]) by ietfa.amsl.com (Postfix) with ESMTP id 8159421F84CF for <oauth@ietf.org>; Wed,  9 May 2012 10:41:59 -0700 (PDT)
Received: from mail27-db3-R.bigfish.com (10.3.81.243) by DB3EHSOBE002.bigfish.com (10.3.84.22) with Microsoft SMTP Server id 14.1.225.23; Wed, 9 May 2012 17:41:58 +0000
Received: from mail27-db3 (localhost [127.0.0.1])	by mail27-db3-R.bigfish.com (Postfix) with ESMTP id 5F05722040A; Wed,  9 May 2012 17:41:58 +0000 (UTC)
X-SpamScore: -38
X-BigFish: VS-38(zz9371I936eK119bJ542M1432N4015Izz1202hzz8275ch1033IL8275bh8275dhz2fh2a8h668h839h944hd25h)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC107.redmond.corp.microsoft.com; RD:none; EFVD:NLI
Received-SPF: pass (mail27-db3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC107.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail27-db3 (localhost.localdomain [127.0.0.1]) by mail27-db3 (MessageSwitch) id 1336585316273771_7403; Wed,  9 May 2012 17:41:56 +0000 (UTC)
Received: from DB3EHSMHS011.bigfish.com (unknown [10.3.81.231])	by mail27-db3.bigfish.com (Postfix) with ESMTP id 3AD59460101; Wed,  9 May 2012 17:41:56 +0000 (UTC)
Received: from TK5EX14HUBC107.redmond.corp.microsoft.com (131.107.125.8) by DB3EHSMHS011.bigfish.com (10.3.87.111) with Microsoft SMTP Server (TLS) id 14.1.225.23; Wed, 9 May 2012 17:41:54 +0000
Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.230]) by TK5EX14HUBC107.redmond.corp.microsoft.com ([157.54.80.67]) with mapi id 14.02.0298.005; Wed, 9 May 2012 17:41:51 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "oauth-chairs@tools.ietf.org" <oauth-chairs@tools.ietf.org>
Thread-Topic: [OAUTH-WG] Internal WG Review: Recharter of Web Authorization Protocol (oauth)
Thread-Index: AQHNLe/U7lxxYZiJR0mVsPXZ1ZwHY5bBt/uA
Date: Wed, 9 May 2012 17:41:50 +0000
Message-ID: <4E1F6AAD24975D4BA5B1680429673943664CDA55@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <20120503181339.17651.84259.idtracker@ietfa.amsl.com> <CALaySJKLytyKdS=AUpa5wgRNBe96sHgZ1n0kGnO8fWyU4p-=vQ@mail.gmail.com> <4FAA7EB6.6050604@cs.tcd.ie>
In-Reply-To: <4FAA7EB6.6050604@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.33]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Internal WG Review: Recharter of Web Authorization	Protocol (oauth)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 17:42:01 -0000

Looks pretty good to me.  I might consider adding a sentence in the paragra=
ph that motivates the new work items (that starts with "The ongoing standar=
dization effort") to motivate the JWT work items.  For instance "Having a s=
tandard JSON-based assertion format and a profile for using it with OAuth w=
ill both improve interoperability among selected OAuth deployments and faci=
litate deployments."  (All the other new work items are already motivated i=
n that paragraph.)

Typo:  Change "a authorization" to "an authorization".

				-- Mike

-----Original Message-----
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of S=
tephen Farrell
Sent: Wednesday, May 09, 2012 7:27 AM
To: oauth-chairs@tools.ietf.org
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Internal WG Review: Recharter of Web Authorization =
Protocol (oauth)


Hi,

There's been a bit of IESG comment on the proposed new charter resulting in=
 a few editorial changes. So just in case, the text below is what I'd like =
to propose for approval on Thursday.

Let me know if there's anything substantively wrong here, in which case, we=
'll probably want to re-spin the text and I'll put it back for consideratio=
n on the following IESG meeting (another two weeks).

Thanks,
Stephen.

> ------------------------------------------
> Web Authorization Protocol (oauth)
> ------------------------------------------
> Current Status: Active
> Last updated: 2012-05-03
>
> Chairs:
>  Hannes Tschofenig <Hannes.Tschofenig@gmx.net>  Derek Atkins=20
> <derek@ihtfp.com>
>
> Security Area Directors:
>  Stephen Farrell <stephen.farrell@cs.tcd.ie>  Sean Turner=20
> <turners@ieca.com>
>
> Security Area Advisor:
>  Stephen Farrell <stephen.farrell@cs.tcd.ie>
>
> Technical Advisor:
>  Peter Saint-Andre <stpeter@stpeter.im>
>
> Mailing Lists:
>  Address:      oauth@ietf.org
>  To Subscribe: https://www.ietf.org/mailman/listinfo/oauth
>  Archive:      http://www.ietf.org/mail-archive/web/oauth/
>
> Description of Working Group:
>
> The Web Authorization (OAuth) protocol allows a user to grant a=20
> third-party Web site or application access to the user's protected=20
> resources, without necessarily revealing their long-term credentials,=20
> or even their identity. For example, a photo-sharing site that=20
> supports OAuth could allow its users to use a third-party printing Web=20
> site to print their private pictures, without allowing the printing=20
> site to gain full control of the user's account and without having the=20
> user sharing his or her photo-sharing sites' long-term credential with=20
> the printing site.
>
> The OAuth protocol suite encompasses
> * a procedure for allowing a client to discover a authorization=20
> server,
> * a protocol for obtaining authorization tokens from an authorization
>   server with the resource owner's consent,
> * protocols for presenting these authorization tokens to protected
>   resources for access to a resource, and
> * consequently for sharing data in a security and privacy respective way.
>
> The working group also developed security schemes for presenting=20
> authorization tokens to access a protected resource. This led to the=20
> publication of the bearer token, as well as work that remains to be=20
> completed on message authentication code (MAC) access authentication=20
> and SAML assertions to interwork with existing identity management=20
> solutions.  The working group will complete those remaining documents,=20
> and will also complete documentation of the OAuth threat model that=20
> was started under the previous charter.
>
> The ongoing standardization effort within the OAuth working group will=20
> focus on enhancing interoperability of OAuth deployments.  A standard=20
> for a token revocation service, which can be separated from the=20
> existing web tokens to the token repertoire will enable wider=20
> deployment of OAuth.  Extended documentation of OAuth use cases will=20
> enhance the understanding of the OAuth framework and provide=20
> assistance to implementors.  And dynamic client registration will make=20
> it easier to broadly deploy OAuth clients (performing services to users).
>
> Goals and Milestones
>
> Done  Submit 'OAuth 2.0 Threat Model and Security Considerations' as a
>     working group item
> Done  Submit 'HTTP Authentication: MAC Authentication' as a working
>     group item
> Done  Submit 'The OAuth 2.0 Protocol: Bearer Tokens' to the IESG for
>     consideration as a Proposed Standard Done  Submit 'The OAuth 2.0=20
> Authorization Protocol' to the IESG for
>     consideration as a Proposed Standard
>
> May  2012  Submit 'SAML 2.0 Bearer Assertion Profiles for OAuth 2.0' to
>          the IESG for consideration as a Proposed Standard May  2012 =20
> Submit 'OAuth 2.0 Assertion Profile' to the IESG for
>          consideration as a Proposed Standard May  2012  Submit 'An=20
> IETF URN Sub-Namespace for OAuth' to the IESG for
>          consideration as a Proposed Standard May  2012  Submit 'OAuth=20
> 2.0 Threat Model and Security Considerations'
>          to the IESG for consideration as an Informational RFC Dec.=20
> 2012  Submit 'HTTP Authentication: MAC Authentication' to the IESG
>          for consideration as a Proposed Standard
>
> Aug. 2012  Submit 'Token Revocation' to the IESG for consideration as a
>          Proposed Standard
> [Starting point for the work will be
> http://datatracker.ietf.org/doc/draft-lodderstedt-oauth-revocation/]
>
> Nov. 2012  Submit 'JSON Web Token (JWT)' to the IESG for consideration
>          as a Proposed Standard
> [Starting point for the work will be
> http://tools.ietf.org/html/draft-jones-json-web-token]
>
> Nov. 2012  Submit 'JSON Web Token (JWT) Bearer Token Profiles for OAuth
>          2.0' to the IESG for consideration as a Proposed Standard=20
> [Starting point for the work will be=20
> http://tools.ietf.org/html/draft-jones-oauth-jwt-bearer]
>
> Dec. 2012  Submit 'OAuth Use Cases' to the IESG for consideration as an
>          Informational RFC
> [Starting point for the work will be
> http://tools.ietf.org/html/draft-zeltsan-oauth-use-cases]
>
> Jul. 2013  Submit 'OAuth Dynamic Client Registration Protocol' to the
>          IESG for consideration as a Proposed Standard [Starting point=20
> for the work will be=20
> http://tools.ietf.org/html/draft-hardjono-oauth-dynreg]
> ------------------------------------------
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth



From hannes.tschofenig@gmx.net  Wed May  9 10:43:59 2012
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0DB421F8539 for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 10:43:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OUuJevB5r-6E for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 10:43:59 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id E1B2021F8527 for <oauth@ietf.org>; Wed,  9 May 2012 10:43:58 -0700 (PDT)
Received: (qmail invoked by alias); 09 May 2012 17:43:57 -0000
Received: from unknown (EHLO [107.17.145.89]) [216.141.82.2] by mail.gmx.net (mp029) with SMTP; 09 May 2012 19:43:57 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1+LzVpEIKyLOWlMcs+h6v3DGVE+5fpbeJlLdpyCip +rSkVf3CwX6JX0
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Date: Wed, 9 May 2012 20:43:54 +0300
Message-Id: <0E17EDDE-567A-40BF-9CB9-0D6B757FF0A5@gmx.net>
To: "oauth@ietf.org WG" <oauth@ietf.org>
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Subject: [OAUTH-WG] IPR on OAuth bearer
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 17:43:59 -0000

Hi all,=20

an IPR disclosure had been submitted for the OAuth bearer document =
recently. In case you may have missed it, here is the link to it: =
https://datatracker.ietf.org/ipr/1752/

The ADs will re-run the IETF last call due to this new IPR filing and we =
would also like the working group to check the IPR and to think about =
potential implications.=20

Thanks.=20

Ciao
Hannes & Derek


From Hannes.Tschofenig@gmx.net  Wed May  9 10:50:16 2012
Return-Path: <Hannes.Tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7684E21F8559 for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 10:50:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 61eEz5VKYCNu for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 10:50:16 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id 8284521F8551 for <oauth@ietf.org>; Wed,  9 May 2012 10:50:15 -0700 (PDT)
Received: (qmail invoked by alias); 09 May 2012 17:50:14 -0000
Received: from unknown (EHLO [107.17.145.89]) [216.141.82.2] by mail.gmx.net (mp072) with SMTP; 09 May 2012 19:50:14 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1+2puAUrZK2ciLgH88kpmnmoURgadUYnZ9HuQ8CRb kZ5OBFlFbXiZE9
From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Date: Wed, 9 May 2012 20:50:10 +0300
Message-Id: <40FC97F0-B72C-47F4-8206-590BA365997A@gmx.net>
To: "oauth@ietf.org WG" <oauth@ietf.org>, kitten@ietf.org
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Subject: [OAUTH-WG] OAuth Discovery and what the relying party needs to know
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 17:50:16 -0000

Hi guys,=20

at the last IIW we had a discussion about SASL-OAuth and what the SASL =
server needs to know for discovery.=20
The discovery discussions around WebFinger go in the same directions.=20

So, I have been wondering whether we have made an informed decision =
about how the discovery procedure is actually supposed to look like.=20

In my view, the relying party (the client) only needs to know who the =
identity provider (the AS/RS) is.=20

Any other views?=20

Ciao
Hannes

PS: Please let me know if I should provide more background about the =
issue.=20


From eran@hueniverse.com  Wed May  9 10:51:37 2012
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B04321F8551 for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 10:51:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.543
X-Spam-Level: 
X-Spam-Status: No, score=-2.543 tagged_above=-999 required=5 tests=[AWL=0.056,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KYTJylzsSYUf for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 10:51:36 -0700 (PDT)
Received: from p3plex2out03.prod.phx3.secureserver.net (p3plex2out03.prod.phx3.secureserver.net [184.168.131.16]) by ietfa.amsl.com (Postfix) with ESMTP id BBB3121F8559 for <oauth@ietf.org>; Wed,  9 May 2012 10:51:36 -0700 (PDT)
Received: from P3PWEX2HT002.ex2.secureserver.net ([184.168.131.10]) by p3plex2out03.prod.phx3.secureserver.net with bizsmtp id 7trb1j0050Dcg9U01trbiU; Wed, 09 May 2012 10:51:35 -0700
Received: from P3PWEX2MB008.ex2.secureserver.net ([169.254.8.88]) by P3PWEX2HT002.ex2.secureserver.net ([184.168.131.10]) with mapi id 14.02.0247.003; Wed, 9 May 2012 10:51:35 -0700
From: Eran Hammer <eran@hueniverse.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "oauth@ietf.org WG" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] IPR on OAuth bearer
Thread-Index: AQHNLgtSd1ClKC8By0eIWfRqfLMBr5bBvE/A
Date: Wed, 9 May 2012 17:51:35 +0000
Message-ID: <0CBAEB56DDB3A140BA8E8C124C04ECA2010259C4@P3PWEX2MB008.ex2.secureserver.net>
References: <0E17EDDE-567A-40BF-9CB9-0D6B757FF0A5@gmx.net>
In-Reply-To: <0E17EDDE-567A-40BF-9CB9-0D6B757FF0A5@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [64.74.213.174]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] IPR on OAuth bearer
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 17:51:37 -0000

What exactly is the expected WG discussion on this? I hope people here are =
not expected to read the patent and make legal decisions about the patent's=
 validity or even applicability as these are questions for lawyers, not eng=
ineers.

EH

> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf
> Of Hannes Tschofenig
> Sent: Wednesday, May 09, 2012 10:44 AM
> To: oauth@ietf.org WG
> Subject: [OAUTH-WG] IPR on OAuth bearer
>=20
> Hi all,
>=20
> an IPR disclosure had been submitted for the OAuth bearer document
> recently. In case you may have missed it, here is the link to it:
> https://datatracker.ietf.org/ipr/1752/
>=20
> The ADs will re-run the IETF last call due to this new IPR filing and we =
would
> also like the working group to check the IPR and to think about potential
> implications.
>=20
> Thanks.
>=20
> Ciao
> Hannes & Derek
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

From ve7jtb@ve7jtb.com  Wed May  9 11:21:22 2012
Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79CD011E80C4 for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 11:21:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.531
X-Spam-Level: 
X-Spam-Status: No, score=-3.531 tagged_above=-999 required=5 tests=[AWL=0.068,  BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2IIz+L8sjt-3 for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 11:21:22 -0700 (PDT)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id C599511E80B4 for <oauth@ietf.org>; Wed,  9 May 2012 11:21:21 -0700 (PDT)
Received: by yhq56 with SMTP id 56so711131yhq.31 for <oauth@ietf.org>; Wed, 09 May 2012 11:21:18 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=JoLsDoJJFoJzaHfJ1KxlJ812kfM9JSFQ71jNKkf73TU=; b=NnrT+od4WxVUn/LVjcVmLhfk1bgJu1lkRbgXctPRAYBPUWQYtePHfs2cPLkT0W6ypW InExdTx+zvuVPCS3y7SvoHRwcCc2cup41b5sSw2cw8Fmrq+8W0kc3n1xBf96Hue99+MS J8MUfsFDVlb7499Fb5PpkgPejOEE7UN9t4gU+PGSyxKeseeMicqq/VgaLhhfp0riS85F HbHVKePMdaPmnp0eygkC7K3/yUtAhxkTGqrB7egkHdM/INE0xqqCBhNWPUVJsThJkZJO oCidoirKIKmVaaI5/B90Rwp9LkbPTEcYvj2kKHh9t+OU4BuETgDzKmu313LXT1foJA1G QBSQ==
Received: by 10.236.145.168 with SMTP id p28mr1546482yhj.4.1336587678229; Wed, 09 May 2012 11:21:18 -0700 (PDT)
Received: from [192.168.1.213] (190-20-20-74.baf.movistar.cl. [190.20.20.74]) by mx.google.com with ESMTPS id j34sm5201134ani.14.2012.05.09.11.21.12 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 09 May 2012 11:21:17 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: multipart/signed; boundary="Apple-Mail=_F8802354-95B0-461B-B1AC-507FA7B746DB"; protocol="application/pkcs7-signature"; micalg=sha1
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <40FC97F0-B72C-47F4-8206-590BA365997A@gmx.net>
Date: Wed, 9 May 2012 14:20:56 -0400
Message-Id: <5ECED997-49B8-4550-B79A-CF121FCD1AF9@ve7jtb.com>
References: <40FC97F0-B72C-47F4-8206-590BA365997A@gmx.net>
To: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
X-Mailer: Apple Mail (2.1257)
X-Gm-Message-State: ALoCoQmi+89tX3bNzzMydH3HaQDDl8mhUqjkd6htb3Bm5qur4+KzKEEteyuUKPvVgxM8k6e2bHtG
Cc: kitten@ietf.org, "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth Discovery and what the relying party needs to know
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 18:21:22 -0000

--Apple-Mail=_F8802354-95B0-461B-B1AC-507FA7B746DB
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

For openID Connect we are using the identifier to discover the AS.   We =
refer to that as an issuer,  and perform a second discovery step to get =
the configuration (Auth endpoint, token endpoint, user_info endpoint and =
other config) for that issuer.

SWD/WF may be used for other things by other protocols, but our use is =
quite simple.

I think that is probably the same thing for SASL,  but others may think =
differently.

John B.

=20
On 2012-05-09, at 1:50 PM, Hannes Tschofenig wrote:

> Hi guys,=20
>=20
> at the last IIW we had a discussion about SASL-OAuth and what the SASL =
server needs to know for discovery.=20
> The discovery discussions around WebFinger go in the same directions.=20=

>=20
> So, I have been wondering whether we have made an informed decision =
about how the discovery procedure is actually supposed to look like.=20
>=20
> In my view, the relying party (the client) only needs to know who the =
identity provider (the AS/RS) is.=20
>=20
> Any other views?=20
>=20
> Ciao
> Hannes
>=20
> PS: Please let me know if I should provide more background about the =
issue.=20
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


--Apple-Mail=_F8802354-95B0-461B-B1AC-507FA7B746DB
Content-Disposition: attachment;
	filename=smime.p7s
Content-Type: application/pkcs7-signature;
	name=smime.p7s
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIPnzCCB7Uw
ggadoAMCAQICAh5cMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3Rh
cnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4
MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0Ew
HhcNMTIwMzE4MDQzMjQ4WhcNMTQwMzE5MTEwNzMyWjCBmzEZMBcGA1UEDRMQR3JUTTZMUzdYMzU3
NzhzOTELMAkGA1UEBhMCQ0wxIjAgBgNVBAgTGU1ldHJvcG9saXRhbmEgZGUgU2FudGlhZ28xFjAU
BgNVBAcTDUlzbGEgZGUgTWFpcG8xFTATBgNVBAMTDEpvaG4gQnJhZGxleTEeMBwGCSqGSIb3DQEJ
ARYPamJyYWRsZXlAbWUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskrlBI93
rBTLOQGSwIT6co6dAw/rwDPrRXl6/F2oc4KDn+QN6CdFeHo08H846VJS9CDjLKvnK9jbxxs4wYqe
nKdPb3jgzt8oc7b9ZXtWkOgsxgMf6dBZ/IPm4lWBpCbSr3seDGDXEpiE2lTZXno7c25OguR4E6Qa
hcpHABZjeEWK65mMH25gmoRf5MY1k3quu5y+FCYCHE2iwU5jzq+mI3HmG59+UMFLx1fjV+zTslRw
26cQDC/uepwjeYSp8S26hfWipVWwQj4js/C7RoPtvt2iyeU+LSH81jG4wlAWntiOG1WtoXUuXWSc
ExhciKeKWCnemy9qqmxRfJqBROeGlQIDAQABo4IEDjCCBAowCQYDVR0TBAIwADALBgNVHQ8EBAMC
BLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBQ/A7/CxKEnzpqmZlLz
9iaQMy24eTAfBgNVHSMEGDAWgBSuVYNv7DHKufcd+q9rMfPIHeOsuzB+BgNVHREEdzB1gQ9qYnJh
ZGxleUBtZS5jb22BD2picmFkbGV5QG1lLmNvbYEQamJyYWRsZXlAbWFjLmNvbYERdmU3anRiQHZl
N2p0Yi5jb22BE2picmFkbGV5QHdpbmdhYS5jb22BF2pvaG4uYnJhZGxleUB3aW5nYWEuY29tMIIC
IQYDVR0gBIICGDCCAhQwggIQBgsrBgEEAYG1NwECAjCCAf8wLgYIKwYBBQUHAgEWImh0dHA6Ly93
d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3RhcnRz
c2wuY29tL2ludGVybWVkaWF0ZS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1ZWQgYWNj
b3JkaW5nIHRvIHRoZSBDbGFzcyAyIFZhbGlkYXRpb24gcmVxdWlyZW1lbnRzIG9mIHRoZSBTdGFy
dENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9yIHRoZSBpbnRlbmRlZCBwdXJwb3NlIGlu
IGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlpbmcgcGFydHkgb2JsaWdhdGlvbnMuMIGcBggrBgEFBQcC
AjCBjzAnFiBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgECGmRMaWFiaWxpdHkg
YW5kIHdhcnJhbnRpZXMgYXJlIGxpbWl0ZWQhIFNlZSBzZWN0aW9uICJMZWdhbCBhbmQgTGltaXRh
dGlvbnMiIG9mIHRoZSBTdGFydENvbSBDQSBwb2xpY3kuMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6
Ly9jcmwuc3RhcnRzc2wuY29tL2NydHUyLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8wOQYIKwYB
BQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MyL2NsaWVudC9jYTBCBggr
BgEFBQcwAoY2aHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNzMi5jbGllbnQu
Y2EuY3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQUF
AAOCAQEAEcfD4PmHrX+W3zaP/KsR4gwLAL0UTaMz14SIng6a9F3kb8ZDbTUneS9ubgpqeJQP2IFc
0U5gQnJ3XeCH6p9I88mvm1NqKQw8WvfglS0aIS19vfpTgXJSPdIO2JJPRqaBtXf3zkdXJwckX9/d
NMrLGeGvaFT9fUNdQdHU4BI1pVUpgKr796T7LTc/ERfH8iFp1+CmdVkJ6Y2iJdWUp4h17XmbxbIT
0CdS4SSk/VW8LFsn/mVz6hB73VthwjGsIku54Wp4pRuq1KX+pATnRk3pHRa1z3mxJMmq7OEXENcC
Vm+bAnyUrYbUilNS9UVTYS8/3dVsKiNupBaOZO+vOgJqVDCCB+IwggXKoAMCAQICAQ4wDQYJKoZI
hvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT
IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDI1NFoXDTEyMTAyMjIxMDI1NFowgYwx
CzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGln
aXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAyIFByaW1h
cnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMsohUWcASz7GfKrpTOMKqANy9BV7V0igWdGxA8IU77L3aTxErQ+fcxtDYZ36Z6GH0YFn7fq5RAD
teP0AYzrCA+EQTfi8q1+kA3m0nwtwXG94M5sIqsvs7lRP1aycBke/s5g9hJHryZ2acScnzczjBCA
o7X1v5G3yw8MDP2m2RCye0KfgZ4nODerZJVzhAlOD9YejvAXZqHksw56HzElVIoYSZ3q4+RJuPXX
fIoyby+Y2m1E+YzX5iCZXBx05gk6MKAW1vaw4/v2OOLy6FZH3XHHtOkzUreG//CsFnB9+uaYSlR6
5cdGzTsmoIK8WH1ygoXhRBm98SD7Hf/r3FELNvUCAwEAAaOCA1swggNXMAwGA1UdEwQFMAMBAf8w
CwYDVR0PBAQDAgGmMB0GA1UdDgQWBBSuVYNv7DHKufcd+q9rMfPIHeOsuzCBqAYDVR0jBIGgMIGd
gBROC+8apEBbpRdphzDKNGhD0EGu8qGBgaR/MH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFy
dENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkw
JwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBATAJBgNVHRIEAjAAMD0G
CCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAoYhaHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2Eu
Y3J0MGAGA1UdHwRZMFcwLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwu
Y3JsMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwggFdBgNVHSAEggFU
MIIBUDCCAUwGCysGAQQBgbU3AQEEMIIBOzAvBggrBgEFBQcCARYjaHR0cDovL2NlcnQuc3RhcnRj
b20ub3JnL3BvbGljeS5wZGYwNQYIKwYBBQUHAgEWKWh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9p
bnRlcm1lZGlhdGUucGRmMIHQBggrBgEFBQcCAjCBwzAnFiBTdGFydCBDb21tZXJjaWFsIChTdGFy
dENvbSkgTHRkLjADAgEBGoGXTGltaXRlZCBMaWFiaWxpdHksIHJlYWQgdGhlIHNlY3Rpb24gKkxl
Z2FsIExpbWl0YXRpb25zKiBvZiB0aGUgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
UG9saWN5IGF2YWlsYWJsZSBhdCBodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvcG9saWN5LnBkZjAR
BglghkgBhvhCAQEEBAMCAAcwUAYJYIZIAYb4QgENBEMWQVN0YXJ0Q29tIENsYXNzIDIgUHJpbWFy
eSBJbnRlcm1lZGlhdGUgRnJlZSBTU0wgRW1haWwgQ2VydGlmaWNhdGVzMA0GCSqGSIb3DQEBBQUA
A4ICAQAe9xAX/vbphHkvkDdNrslXWdO7fD3JaqnTT3jmmDu55r7UpW1H/v/J40UBXsw9DKU8TylE
4RwZT5HDAMW42f1x498AzM4FOnL/pUTTvr6BiRlrify5ZovkDYVWjy1GYTJ+hPiBEv0HmHnDxjhn
JIIkEvJ+niMHLLEdpNMhZnxMiTFRAtIF4WeYcpgXBjAxsEDRKBvw40K+r3N4lykySQNp2ElIJ8H1
z2BmhxtppUdWpOVJ4Q1Gvn9jfV1qnMhFCDY+X1X8DrkKrTcpDExcGlefweQs7+DYUK3spiQkJpN7
qpPYlfy2GYHedv7lGa1ZAghMI/4882QVAK2zq6M60nHpOUMtYD61XtAs3ZD5L3yn9LCdeK2j4ZbQ
3uRdwvxAMFWwXyUK/ALP4lCu9QhxbnETOkBWT3FJul4/FUgzM0RRCEGhuQWiOFSoa35XJTcYf/4E
/ZuvOXhK04nUpe7DYTMWzRqL04yyoJQVHKHKSboytueydKuqFZKdJA9gi77OnPBYL/yxkXGgkLC9
tsi77oT4AgZry0/6lgX56ak+f/umQihNPgtKSQQjEYq9S8MlOHzpUM0vxsghATYsdUPBw6r6ZxDH
jXoUAD03DUMEbKsWvqFB7nJNVesngbu8miw1EYLA+fHfTaCidoV3CL75jKqM/KE87qrh9Fqti9bK
qnkvpTGCA2wwggNoAgEBMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk
LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMv
U3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMAkGBSsO
AwIaBQCgggGtMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEyMDUw
OTE4MjA1NlowIwYJKoZIhvcNAQkEMRYEFHQk5PGESxUxN1nBz9udSv2anC+SMIGkBgkrBgEEAYI3
EAQxgZYwgZMwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQL
EyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBD
bGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQICHlwwgaYGCyqGSIb3DQEJEAIL
MYGWoIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xh
c3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMA0GCSqGSIb3DQEBAQUABIIB
AK+yZru3unXEFGLo2H7hvLXZvCzz6aJDMGfBbhPRZRucouqEyqfWXSxMuqfJV7NCdusW4I8vAh+d
yv3I2meoZMy6dBibbk0tyz27lCvX5OHMSmSQ2JFoq0a+qPrkQtiKVsS2n5cOSAWUMdfb0PqZdaCJ
H4+aLbndTNUW3884SsgqG8jI6l4R3s2YOUWepNNoY0hon98ATFyfcb+lvx8ORl+COkIwD2JeWVX/
G6HPZmGeCCiN2KcbI3L9Rc/SAZV2RjQfK0wvvzZrP97OyH2jeh6t1ITao0YrNIkb3jON0lE5Ii+1
3jokGZH9S3x6200O+b0kTbvNwPUcUTUajMj7I/EAAAAAAAA=

--Apple-Mail=_F8802354-95B0-461B-B1AC-507FA7B746DB--

From hannes.tschofenig@gmx.net  Wed May  9 11:37:21 2012
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A128321F8547 for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 11:37:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wIwmWK0NQ35L for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 11:37:21 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id B1F7221F852A for <oauth@ietf.org>; Wed,  9 May 2012 11:37:20 -0700 (PDT)
Received: (qmail invoked by alias); 09 May 2012 18:37:19 -0000
Received: from unknown (EHLO [107.17.145.89]) [216.141.82.2] by mail.gmx.net (mp001) with SMTP; 09 May 2012 20:37:19 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX189DmJqCvw9Xh2E1J1JznuE7anrTDR/67ZLBzSXMo glJqSURoHthNNw
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=us-ascii
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
In-Reply-To: <0CBAEB56DDB3A140BA8E8C124C04ECA2010259C4@P3PWEX2MB008.ex2.secureserver.net>
Date: Wed, 9 May 2012 21:37:16 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <6CE569CC-091C-456D-8426-FB3200ED4667@gmx.net>
References: <0E17EDDE-567A-40BF-9CB9-0D6B757FF0A5@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA2010259C4@P3PWEX2MB008.ex2.secureserver.net>
To: Eran Hammer <eran@hueniverse.com>
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] IPR on OAuth bearer
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 18:37:21 -0000

Hi Eran,=20

if you care about the specification (and want to use it in your =
products) then you may want to reach out to your IPR folks and ask for =
their judgement.=20
They may be able to tell you whether they find the cited IPR applicable =
and whether they had experience with the IPR holder already.=20

Ciao
Hannes

On May 9, 2012, at 8:51 PM, Eran Hammer wrote:

> What exactly is the expected WG discussion on this? I hope people here =
are not expected to read the patent and make legal decisions about the =
patent's validity or even applicability as these are questions for =
lawyers, not engineers.
>=20
> EH
>=20
>> -----Original Message-----
>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On =
Behalf
>> Of Hannes Tschofenig
>> Sent: Wednesday, May 09, 2012 10:44 AM
>> To: oauth@ietf.org WG
>> Subject: [OAUTH-WG] IPR on OAuth bearer
>>=20
>> Hi all,
>>=20
>> an IPR disclosure had been submitted for the OAuth bearer document
>> recently. In case you may have missed it, here is the link to it:
>> https://datatracker.ietf.org/ipr/1752/
>>=20
>> The ADs will re-run the IETF last call due to this new IPR filing and =
we would
>> also like the working group to check the IPR and to think about =
potential
>> implications.
>>=20
>> Thanks.
>>=20
>> Ciao
>> Hannes & Derek
>>=20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth


From wmills@yahoo-inc.com  Wed May  9 11:41:51 2012
Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFACD21F8566 for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 11:41:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.985
X-Spam-Level: 
X-Spam-Status: No, score=-15.985 tagged_above=-999 required=5 tests=[AWL=-0.987, BAYES_50=0.001, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8LB37Fv9cAnW for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 11:41:51 -0700 (PDT)
Received: from nm8.bullet.mail.ac4.yahoo.com (nm8.bullet.mail.ac4.yahoo.com [98.139.52.205]) by ietfa.amsl.com (Postfix) with SMTP id 69F8621F854B for <oauth@ietf.org>; Wed,  9 May 2012 11:41:51 -0700 (PDT)
Received: from [98.139.52.192] by nm8.bullet.mail.ac4.yahoo.com with NNFMP; 09 May 2012 18:41:48 -0000
Received: from [98.139.52.155] by tm5.bullet.mail.ac4.yahoo.com with NNFMP; 09 May 2012 18:41:48 -0000
Received: from [127.0.0.1] by omp1038.mail.ac4.yahoo.com with NNFMP; 09 May 2012 18:41:48 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 359184.65094.bm@omp1038.mail.ac4.yahoo.com
Received: (qmail 87179 invoked by uid 60001); 9 May 2012 18:41:17 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1336588877; bh=SqwZoywUPvYMlFeyn2w0KnrDevT3HRFQXUz4pW0PvCE=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=MI3XoxzvjnSn5C96QVEIJkS1U/IWqJxaPer4UVfNzz/U8Fa3VbuDSgJyb7tlczNCRwv95twznhWO4OgBvCTr2JBPanyR8xGP/mYpAT6//WfQedGBRmfDBgNJEbEwgWIaLYUdNz2wNGm7/t0WTHRKGKK/ak0aqW6x6ESVp/7BIEg=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=UcKM6ul36P8kt8/SilaKiZn8D85FLQX3AoHCx/BYMkJYbLwBuD1MrCRiMsg87WCeRaNYYKtkuQB1KjZoTtFKjWrOMCtelIJIlyKC/jd1Cwpz810nIw4OIso6xuLx5ZPXYBCjMWcEIu1kSuRFh7hIwGX5iBLNRZSvoefxtMzpISQ=;
X-YMail-OSG: .QPJDzoVM1mdHXLeBU9AZX9Hs8ot96CwPPgEhAV_1as2xtd tHqM81qp.92LjKjWomOelETffwfZ.5N5ECZnry4fWGRFcW0pHMDw_zOimnmS 2SWcDl2X9_dWmvobsjJuzCZPhuGxv9_npDWbQWntEFhj0sDjEUMs.iKxUeCz 88WA_rORzTof9iDZe7TLL77i4Awg21j.Q0ctWlI99smeUf4JB6iaWphSMoCQ tYL5FQ5P_WyaHQqacXTrrxBNByl9RRgRlWuwt.27YcSrd8mOkOzu7t8AbJO6 Lu2cfydYZ.RPE47gNZFUH5Df2S.VbF8KCUeqt1h0wV.2udlF1QWcM..0WkDx pQZ9f4LC_Uk5gyUfC7yOo85jT8a7E4ocQi0jo0pvW6MF8tEawaoc1VDIDjne FNxVodiu5xQh.3UaK1fZCXR7JZbFBsCjtMOxhQjdq5xlgLpl3n_U-
Received: from [209.131.62.115] by web31810.mail.mud.yahoo.com via HTTP; Wed, 09 May 2012 11:41:16 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.118.349524
References: <40FC97F0-B72C-47F4-8206-590BA365997A@gmx.net>
Message-ID: <1336588876.87117.YahooMailNeo@web31810.mail.mud.yahoo.com>
Date: Wed, 9 May 2012 11:41:16 -0700 (PDT)
From: William Mills <wmills@yahoo-inc.com>
To: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>, "oauth@ietf.org WG" <oauth@ietf.org>, "kitten@ietf.org" <kitten@ietf.org>
In-Reply-To: <40FC97F0-B72C-47F4-8206-590BA365997A@gmx.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="1935884094-497063341-1336588876=:87117"
Subject: Re: [OAUTH-WG] [kitten] OAuth Discovery and what the relying party needs to know
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills@yahoo-inc.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 18:41:51 -0000

--1935884094-497063341-1336588876=:87117
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

This is going to get fun as we deal with various types of identities.=A0 Th=
ere was a suggestion at IIW that the workable way to do this for e-mail is =
via MX records.=A0 What do we do for other types of IDs?=0A=0A=0A=0A=0A>___=
_____________________________=0A> From: Hannes Tschofenig <Hannes.Tschofeni=
g@gmx.net>=0A>To: "oauth@ietf.org WG" <oauth@ietf.org>; kitten@ietf.org =0A=
>Sent: Wednesday, May 9, 2012 10:50 AM=0A>Subject: [kitten] OAuth Discovery=
 and what the relying party needs to know=0A> =0A>Hi guys, =0A>=0A>at the l=
ast IIW we had a discussion about SASL-OAuth and what the SASL server needs=
 to know for discovery. =0A>The discovery discussions around WebFinger go i=
n the same directions. =0A>=0A>So, I have been wondering whether we have ma=
de an informed decision about how the discovery procedure is actually suppo=
sed to look like. =0A>=0A>In my view, the relying party (the client) only n=
eeds to know who the identity provider (the AS/RS) is. =0A>=0A>Any other vi=
ews? =0A>=0A>Ciao=0A>Hannes=0A>=0A>PS: Please let me know if I should provi=
de more background about the issue. =0A>=0A>_______________________________=
________________=0A>Kitten mailing list=0A>Kitten@ietf.org=0A>https://www.i=
etf.org/mailman/listinfo/kitten=0A>=0A>=0A>
--1935884094-497063341-1336588876=:87117
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

<html><body><div style=3D"color:#000; background-color:#fff; font-family:Co=
urier New, courier, monaco, monospace, sans-serif;font-size:14pt"><div><spa=
n>This is going to get fun as we deal with various types of identities.&nbs=
p; There was a suggestion at IIW that the workable way to do this for e-mai=
l is via MX records.&nbsp; What do we do for other types of IDs?<br></span>=
</div><div><br><blockquote style=3D"border-left: 2px solid rgb(16, 16, 255)=
; margin-left: 5px; margin-top: 5px; padding-left: 5px;">  <div style=3D"fo=
nt-family: Courier New, courier, monaco, monospace, sans-serif; font-size: =
14pt;"> <div style=3D"font-family: times new roman, new york, times, serif;=
 font-size: 12pt;"> <div dir=3D"ltr"> <font face=3D"Arial" size=3D"2"> <hr =
size=3D"1">  <b><span style=3D"font-weight:bold;">From:</span></b> Hannes T=
schofenig &lt;Hannes.Tschofenig@gmx.net&gt;<br> <b><span style=3D"font-weig=
ht: bold;">To:</span></b> "oauth@ietf.org WG" &lt;oauth@ietf.org&gt;; kitte=
n@ietf.org
 <br> <b><span style=3D"font-weight: bold;">Sent:</span></b> Wednesday, May=
 9, 2012 10:50 AM<br> <b><span style=3D"font-weight: bold;">Subject:</span>=
</b> [kitten] OAuth Discovery and what the relying party needs to know<br> =
</font> </div> <br>=0AHi guys, <br><br>at the last IIW we had a discussion =
about SASL-OAuth and what the SASL server needs to know for discovery. <br>=
The discovery discussions around WebFinger go in the same directions. <br><=
br>So, I have been wondering whether we have made an informed decision abou=
t how the discovery procedure is actually supposed to look like. <br><br>In=
 my view, the relying party (the client) only needs to know who the identit=
y provider (the AS/RS) is. <br><br>Any other views? <br><br>Ciao<br>Hannes<=
br><br>PS: Please let me know if I should provide more background about the=
 issue. <br><br>_______________________________________________<br>Kitten m=
ailing list<br><a ymailto=3D"mailto:Kitten@ietf.org" href=3D"mailto:Kitten@=
ietf.org">Kitten@ietf.org</a><br><a href=3D"https://www.ietf.org/mailman/li=
stinfo/kitten" target=3D"_blank">https://www.ietf.org/mailman/listinfo/kitt=
en</a><br><br><br> </div> </div> </blockquote></div>   </div></body></html>
--1935884094-497063341-1336588876=:87117--

From Hannes.Tschofenig@gmx.net  Wed May  9 11:42:35 2012
Return-Path: <Hannes.Tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FA2F21F856A for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 11:42:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N8lv-7GZM1kQ for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 11:42:34 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id D2EBA21F846B for <oauth@ietf.org>; Wed,  9 May 2012 11:42:33 -0700 (PDT)
Received: (qmail invoked by alias); 09 May 2012 18:42:32 -0000
Received: from unknown (EHLO [107.17.145.89]) [216.141.82.2] by mail.gmx.net (mp071) with SMTP; 09 May 2012 20:42:32 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1/5S7UhV7X5d3u76oQ7DqX5wh2WCGv+W91/wPw0PF thWZibus4A8UJ1
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=us-ascii
From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
In-Reply-To: <5ECED997-49B8-4550-B79A-CF121FCD1AF9@ve7jtb.com>
Date: Wed, 9 May 2012 21:42:27 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <9F541ABD-23C0-4592-BC8C-7B7E7CC620CB@gmx.net>
References: <40FC97F0-B72C-47F4-8206-590BA365997A@gmx.net> <5ECED997-49B8-4550-B79A-CF121FCD1AF9@ve7jtb.com>
To: John Bradley <ve7jtb@ve7jtb.com>
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Cc: kitten@ietf.org, "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth Discovery and what the relying party needs to know
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 18:42:35 -0000

Hi John,=20

does the "identifier" contain of a domain part AND a username part or =
only the domain part?=20
That's the crucial question here.=20

Ciao
Hannes

On May 9, 2012, at 9:20 PM, John Bradley wrote:

> For openID Connect we are using the identifier to discover the AS.   =
We refer to that as an issuer,  and perform a second discovery step to =
get the configuration (Auth endpoint, token endpoint, user_info endpoint =
and other config) for that issuer.
>=20
> SWD/WF may be used for other things by other protocols, but our use is =
quite simple.
>=20
> I think that is probably the same thing for SASL,  but others may =
think differently.
>=20
> John B.
>=20
>=20
> On 2012-05-09, at 1:50 PM, Hannes Tschofenig wrote:
>=20
>> Hi guys,=20
>>=20
>> at the last IIW we had a discussion about SASL-OAuth and what the =
SASL server needs to know for discovery.=20
>> The discovery discussions around WebFinger go in the same directions.=20=

>>=20
>> So, I have been wondering whether we have made an informed decision =
about how the discovery procedure is actually supposed to look like.=20
>>=20
>> In my view, the relying party (the client) only needs to know who the =
identity provider (the AS/RS) is.=20
>>=20
>> Any other views?=20
>>=20
>> Ciao
>> Hannes
>>=20
>> PS: Please let me know if I should provide more background about the =
issue.=20
>>=20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>=20


From kwiereng@cisco.com  Wed May  9 11:41:32 2012
Return-Path: <kwiereng@cisco.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94BFE21F856A; Wed,  9 May 2012 11:41:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.136
X-Spam-Level: 
X-Spam-Status: No, score=-7.136 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_HI=-8, RCVD_NUMERIC_HELO=2.067]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hiKokBXLW6WJ; Wed,  9 May 2012 11:41:31 -0700 (PDT)
Received: from ams-iport-1.cisco.com (ams-iport-1.cisco.com [144.254.224.140]) by ietfa.amsl.com (Postfix) with ESMTP id F32C821F8569; Wed,  9 May 2012 11:41:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=kwiereng@cisco.com; l=1705; q=dns/txt; s=iport; t=1336588891; x=1337798491; h=references:in-reply-to:mime-version:message-id: content-transfer-encoding:cc:from:subject:date:to; bh=wTL5wmnepv5Jj1iCIVNXdALfud7ZJVzT9ESEyM1lz2k=; b=DQDJbH3tMbACifReAn4QdNXkqB0PrEJjBUk0e6RuczJc7niBJ3xzkJmO gHUFOKPbKk/hlvtzr2SBeV/1JAmmyPTuxKqQSB1Mf1Uw60tEhlv0wJgNY cGf5zOgq7l9/qmmEDQrFlQs0aRc/AHDmPEg3CIsCRWwHwTBvl6z09aIUo Y=;
X-IronPort-AV: E=Sophos;i="4.75,559,1330905600"; d="scan'208";a="137478483"
Received: from ams-core-2.cisco.com ([144.254.72.75]) by ams-iport-1.cisco.com with ESMTP; 09 May 2012 18:41:29 +0000
Received: from xbh-ams-101.cisco.com (xbh-ams-101.cisco.com [144.254.74.71]) by ams-core-2.cisco.com (8.14.3/8.14.3) with ESMTP id q49IfT4d020057; Wed, 9 May 2012 18:41:29 GMT
Received: from xmb-ams-101.cisco.com ([144.254.74.76]) by xbh-ams-101.cisco.com with Microsoft SMTPSVC(6.0.3790.4675);  Wed, 9 May 2012 20:41:29 +0200
Received: from 144.254.74.76 ([144.254.74.76]) by XMB-AMS-101.cisco.com ([144.254.74.76]) with Microsoft Exchange Server HTTP-DAV ;  Wed,  9 May 2012 18:41:28 +0000
References: <40FC97F0-B72C-47F4-8206-590BA365997A@gmx.net> <5ECED997-49B8-4550-B79A-CF121FCD1AF9@ve7jtb.com>
In-Reply-To: <5ECED997-49B8-4550-B79A-CF121FCD1AF9@ve7jtb.com>
MIME-Version: 1.0 (1.0)
Content-Type: text/plain; charset="us-ascii"
Thread-Topic: [OAUTH-WG] OAuth Discovery and what the relying party needs toknow
Thread-Index: Ac0uE1hl6IDOqd2hSsqaJMGxE6vWAQ==
Message-ID: <96CEC5DF-F64F-4821-ACA6-69A53BF0720A@cisco.com>
Content-Transfer-Encoding: quoted-printable
From: "Klaas Wierenga (kwiereng)" <kwiereng@cisco.com>
Date: Wed, 9 May 2012 20:41:26 +0200
To: "John Bradley" <ve7jtb@ve7jtb.com>
X-OriginalArrivalTime: 09 May 2012 18:41:29.0386 (UTC) FILETIME=[58DEB8A0:01CD2E13]
X-Mailman-Approved-At: Wed, 09 May 2012 11:48:11 -0700
Cc: kitten@ietf.org, oauth@ietf.org
Subject: Re: [OAUTH-WG] OAuth Discovery and what the relying party needs toknow
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 18:41:32 -0000

For SASL-SAML I do something similar, I use the term 'domain', but again thi=
s used to lookup the associated SAML IdP

Klaas

Sent from my iPhone

On 9 mei 2012, at 20:21, "John Bradley" <ve7jtb@ve7jtb.com> wrote:

> For openID Connect we are using the identifier to discover the AS.   We re=
fer to that as an issuer,  and perform a second discovery step to get the co=
nfiguration (Auth endpoint, token endpoint, user_info endpoint and other con=
fig) for that issuer.
>=20
> SWD/WF may be used for other things by other protocols, but our use is qui=
te simple.
>=20
> I think that is probably the same thing for SASL,  but others may think di=
fferently.
>=20
> John B.
>=20
>=20
> On 2012-05-09, at 1:50 PM, Hannes Tschofenig wrote:
>=20
>> Hi guys,=20
>>=20
>> at the last IIW we had a discussion about SASL-OAuth and what the SASL se=
rver needs to know for discovery.=20
>> The discovery discussions around WebFinger go in the same directions.=20
>>=20
>> So, I have been wondering whether we have made an informed decision about=
 how the discovery procedure is actually supposed to look like.=20
>>=20
>> In my view, the relying party (the client) only needs to know who the ide=
ntity provider (the AS/RS) is.=20
>>=20
>> Any other views?=20
>>=20
>> Ciao
>> Hannes
>>=20
>> PS: Please let me know if I should provide more background about the issu=
e.=20
>>=20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

From eran@hueniverse.com  Wed May  9 12:06:20 2012
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B6DF11E809C for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 12:06:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.544
X-Spam-Level: 
X-Spam-Status: No, score=-2.544 tagged_above=-999 required=5 tests=[AWL=0.055,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OzrwhdncgpDi for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 12:06:19 -0700 (PDT)
Received: from p3plex2out02.prod.phx3.secureserver.net (p3plex2out02.prod.phx3.secureserver.net [184.168.131.14]) by ietfa.amsl.com (Postfix) with ESMTP id A960F11E8081 for <oauth@ietf.org>; Wed,  9 May 2012 12:06:19 -0700 (PDT)
Received: from P3PWEX2HT002.ex2.secureserver.net ([184.168.131.10]) by p3plex2out02.prod.phx3.secureserver.net with bizsmtp id 7v6J1j0020Dcg9U01v6JGg; Wed, 09 May 2012 12:06:18 -0700
Received: from P3PWEX2MB008.ex2.secureserver.net ([169.254.8.88]) by P3PWEX2HT002.ex2.secureserver.net ([184.168.131.10]) with mapi id 14.02.0247.003; Wed, 9 May 2012 12:06:18 -0700
From: Eran Hammer <eran@hueniverse.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Thread-Topic: [OAUTH-WG] IPR on OAuth bearer
Thread-Index: AQHNLgtSd1ClKC8By0eIWfRqfLMBr5bBvE/AgACCdgD//5IooA==
Date: Wed, 9 May 2012 19:06:18 +0000
Message-ID: <0CBAEB56DDB3A140BA8E8C124C04ECA201025F4F@P3PWEX2MB008.ex2.secureserver.net>
References: <0E17EDDE-567A-40BF-9CB9-0D6B757FF0A5@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA2010259C4@P3PWEX2MB008.ex2.secureserver.net> <6CE569CC-091C-456D-8426-FB3200ED4667@gmx.net>
In-Reply-To: <6CE569CC-091C-456D-8426-FB3200ED4667@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [64.74.213.174]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] IPR on OAuth bearer
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 19:06:20 -0000

So no discussion of this is expected on the list - correct? That's what I w=
anted to clarify. You asked the WG to "think" about its potential implicati=
ons but I don't want that "thinking" to happen out-loud on this list...

Raising the issue with your internal IPR team is the right step.

EH

> -----Original Message-----
> From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net]
> Sent: Wednesday, May 09, 2012 11:37 AM
> To: Eran Hammer
> Cc: Hannes Tschofenig; oauth@ietf.org WG
> Subject: Re: [OAUTH-WG] IPR on OAuth bearer
>=20
> Hi Eran,
>=20
> if you care about the specification (and want to use it in your products)=
 then
> you may want to reach out to your IPR folks and ask for their judgement.
> They may be able to tell you whether they find the cited IPR applicable a=
nd
> whether they had experience with the IPR holder already.
>=20
> Ciao
> Hannes
>=20
> On May 9, 2012, at 8:51 PM, Eran Hammer wrote:
>=20
> > What exactly is the expected WG discussion on this? I hope people here
> are not expected to read the patent and make legal decisions about the
> patent's validity or even applicability as these are questions for lawyer=
s, not
> engineers.
> >
> > EH
> >
> >> -----Original Message-----
> >> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On
> >> Behalf Of Hannes Tschofenig
> >> Sent: Wednesday, May 09, 2012 10:44 AM
> >> To: oauth@ietf.org WG
> >> Subject: [OAUTH-WG] IPR on OAuth bearer
> >>
> >> Hi all,
> >>
> >> an IPR disclosure had been submitted for the OAuth bearer document
> >> recently. In case you may have missed it, here is the link to it:
> >> https://datatracker.ietf.org/ipr/1752/
> >>
> >> The ADs will re-run the IETF last call due to this new IPR filing and
> >> we would also like the working group to check the IPR and to think
> >> about potential implications.
> >>
> >> Thanks.
> >>
> >> Ciao
> >> Hannes & Derek
> >>
> >> _______________________________________________
> >> OAuth mailing list
> >> OAuth@ietf.org
> >> https://www.ietf.org/mailman/listinfo/oauth


From mike@mtcc.com  Wed May  9 12:15:35 2012
Return-Path: <mike@mtcc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8536211E80E0 for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 12:15:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.549
X-Spam-Level: 
X-Spam-Status: No, score=-2.549 tagged_above=-999 required=5 tests=[AWL=0.050,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d6k8-nYOjAeX for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 12:15:34 -0700 (PDT)
Received: from mtcc.com (mtcc.com [50.0.18.224]) by ietfa.amsl.com (Postfix) with ESMTP id 80E6311E80CA for <oauth@ietf.org>; Wed,  9 May 2012 12:15:34 -0700 (PDT)
Received: from takifugu.mtcc.com (takifugu.mtcc.com [50.0.18.224]) (authenticated bits=0) by mtcc.com (8.14.3/8.14.3) with ESMTP id q49JFTLl019410 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Wed, 9 May 2012 12:15:29 -0700
Message-ID: <4FAAC251.3010903@mtcc.com>
Date: Wed, 09 May 2012 12:15:29 -0700
From: Michael Thomas <mike@mtcc.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.22) Gecko/20090605 Thunderbird/2.0.0.22 Mnenhy/0.7.5.0
MIME-Version: 1.0
To: Eran Hammer <eran@hueniverse.com>
References: <0E17EDDE-567A-40BF-9CB9-0D6B757FF0A5@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA2010259C4@P3PWEX2MB008.ex2.secureserver.net> <6CE569CC-091C-456D-8426-FB3200ED4667@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA201025F4F@P3PWEX2MB008.ex2.secureserver.net>
In-Reply-To: <0CBAEB56DDB3A140BA8E8C124C04ECA201025F4F@P3PWEX2MB008.ex2.secureserver.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=2356; t=1336590930; x=1337454930; c=relaxed/simple; s=thundersaddle.kirkwood; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=mtcc.com; i=mike@mtcc.com; z=From:=20Michael=20Thomas=20<mike@mtcc.com> |Subject:=20Re=3A=20[OAUTH-WG]=20IPR=20on=20OAuth=20bearer |Sender:=20 |To:=20Eran=20Hammer=20<eran@hueniverse.com> |Content-Type:=20text/plain=3B=20charset=3DISO-8859-1=3B=20 format=3Dflowed |Content-Transfer-Encoding:=207bit |MIME-Version:=201.0; bh=hVWfR66t3xZg+h4dGAL9/hUD0q9UmykFJUQMPHuYEKM=; b=rOWa6r1avBrRfx4hMYTuCFWFTEhyJ8ExvGhq2MNU6npZuf0Uh8jHUldrOj tZVfr6ZdrR5DASSUr0FkzT0hRfC0vIEkdHPxYM/VOybxwzINzo6KUcbMJa4X ZQusMfSiOvbGUqgMGDSw2lDLubdYwTazzEIhgSGDmPseBU3ORnif4=;
Authentication-Results: ; v=0.1; dkim=pass header.i=mike@mtcc.com ( sig from mtcc.com/thundersaddle.kirkwood verified; );  dkim-asp=pass header.From=mike@mtcc.com
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] IPR on OAuth bearer
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 19:15:35 -0000

On 05/09/2012 12:06 PM, Eran Hammer wrote:
> So no discussion of this is expected on the list - correct? That's what I wanted to clarify. You asked the WG to "think" about its potential implications but I don't want that "thinking" to happen out-loud on this list...
>
> Raising the issue with your internal IPR team is the right step.

What internal IPR team? The IETF is not a corpro-only club.

Mike
>
> EH
>
>> -----Original Message-----
>> From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net]
>> Sent: Wednesday, May 09, 2012 11:37 AM
>> To: Eran Hammer
>> Cc: Hannes Tschofenig; oauth@ietf.org WG
>> Subject: Re: [OAUTH-WG] IPR on OAuth bearer
>>
>> Hi Eran,
>>
>> if you care about the specification (and want to use it in your products) then
>> you may want to reach out to your IPR folks and ask for their judgement.
>> They may be able to tell you whether they find the cited IPR applicable and
>> whether they had experience with the IPR holder already.
>>
>> Ciao
>> Hannes
>>
>> On May 9, 2012, at 8:51 PM, Eran Hammer wrote:
>>
>>> What exactly is the expected WG discussion on this? I hope people here
>> are not expected to read the patent and make legal decisions about the
>> patent's validity or even applicability as these are questions for lawyers, not
>> engineers.
>>> EH
>>>
>>>> -----Original Message-----
>>>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On
>>>> Behalf Of Hannes Tschofenig
>>>> Sent: Wednesday, May 09, 2012 10:44 AM
>>>> To: oauth@ietf.org WG
>>>> Subject: [OAUTH-WG] IPR on OAuth bearer
>>>>
>>>> Hi all,
>>>>
>>>> an IPR disclosure had been submitted for the OAuth bearer document
>>>> recently. In case you may have missed it, here is the link to it:
>>>> https://datatracker.ietf.org/ipr/1752/
>>>>
>>>> The ADs will re-run the IETF last call due to this new IPR filing and
>>>> we would also like the working group to check the IPR and to think
>>>> about potential implications.
>>>>
>>>> Thanks.
>>>>
>>>> Ciao
>>>> Hannes&  Derek
>>>>
>>>> _______________________________________________
>>>> OAuth mailing list
>>>> OAuth@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/oauth
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


From hannes.tschofenig@gmx.net  Wed May  9 12:17:25 2012
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 83F8B11E80CA for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 12:17:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5optSpI7Gj1k for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 12:17:25 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id 8722011E80C8 for <oauth@ietf.org>; Wed,  9 May 2012 12:17:24 -0700 (PDT)
Received: (qmail invoked by alias); 09 May 2012 19:17:23 -0000
Received: from unknown (EHLO [107.17.145.89]) [216.141.82.2] by mail.gmx.net (mp010) with SMTP; 09 May 2012 21:17:23 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1/+1u0Nvg/++omoQ8kZI0uEbeYqfRzSrciGJopjgC 6XEGI7XjYxT0Rz
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=us-ascii
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
In-Reply-To: <0CBAEB56DDB3A140BA8E8C124C04ECA201025F4F@P3PWEX2MB008.ex2.secureserver.net>
Date: Wed, 9 May 2012 22:17:19 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <934776D1-7419-46D7-BA8C-2B4666E64A6E@gmx.net>
References: <0E17EDDE-567A-40BF-9CB9-0D6B757FF0A5@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA2010259C4@P3PWEX2MB008.ex2.secureserver.net> <6CE569CC-091C-456D-8426-FB3200ED4667@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA201025F4F@P3PWEX2MB008.ex2.secureserver.net>
To: Eran Hammer <eran@hueniverse.com>
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] IPR on OAuth bearer
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 19:17:25 -0000

No, don't share your interpretation about the IPR with us on the mailing =
list.=20

However, if you come to the conclusion that the IPR situation is =
unacceptable for you then you could withdraw your previously stated =
support for the document. If everyone or many do that then we have to =
find a plan B.=20

Ciao
Hannes

On May 9, 2012, at 10:06 PM, Eran Hammer wrote:

> So no discussion of this is expected on the list - correct? That's =
what I wanted to clarify. You asked the WG to "think" about its =
potential implications but I don't want that "thinking" to happen =
out-loud on this list...
>=20
> Raising the issue with your internal IPR team is the right step.
>=20
> EH
>=20
>> -----Original Message-----
>> From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net]
>> Sent: Wednesday, May 09, 2012 11:37 AM
>> To: Eran Hammer
>> Cc: Hannes Tschofenig; oauth@ietf.org WG
>> Subject: Re: [OAUTH-WG] IPR on OAuth bearer
>>=20
>> Hi Eran,
>>=20
>> if you care about the specification (and want to use it in your =
products) then
>> you may want to reach out to your IPR folks and ask for their =
judgement.
>> They may be able to tell you whether they find the cited IPR =
applicable and
>> whether they had experience with the IPR holder already.
>>=20
>> Ciao
>> Hannes
>>=20
>> On May 9, 2012, at 8:51 PM, Eran Hammer wrote:
>>=20
>>> What exactly is the expected WG discussion on this? I hope people =
here
>> are not expected to read the patent and make legal decisions about =
the
>> patent's validity or even applicability as these are questions for =
lawyers, not
>> engineers.
>>>=20
>>> EH
>>>=20
>>>> -----Original Message-----
>>>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On
>>>> Behalf Of Hannes Tschofenig
>>>> Sent: Wednesday, May 09, 2012 10:44 AM
>>>> To: oauth@ietf.org WG
>>>> Subject: [OAUTH-WG] IPR on OAuth bearer
>>>>=20
>>>> Hi all,
>>>>=20
>>>> an IPR disclosure had been submitted for the OAuth bearer document
>>>> recently. In case you may have missed it, here is the link to it:
>>>> https://datatracker.ietf.org/ipr/1752/
>>>>=20
>>>> The ADs will re-run the IETF last call due to this new IPR filing =
and
>>>> we would also like the working group to check the IPR and to think
>>>> about potential implications.
>>>>=20
>>>> Thanks.
>>>>=20
>>>> Ciao
>>>> Hannes & Derek
>>>>=20
>>>> _______________________________________________
>>>> OAuth mailing list
>>>> OAuth@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/oauth
>=20


From eran@hueniverse.com  Wed May  9 12:17:47 2012
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55BA811E80E1 for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 12:17:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.545
X-Spam-Level: 
X-Spam-Status: No, score=-2.545 tagged_above=-999 required=5 tests=[AWL=0.054,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ulE9UJ5bmnda for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 12:17:46 -0700 (PDT)
Received: from p3plex2out01.prod.phx3.secureserver.net (p3plex2out01.prod.phx3.secureserver.net [184.168.131.12]) by ietfa.amsl.com (Postfix) with ESMTP id AD9ED11E80C8 for <oauth@ietf.org>; Wed,  9 May 2012 12:17:46 -0700 (PDT)
Received: from P3PWEX2HT002.ex2.secureserver.net ([184.168.131.10]) by p3plex2out01.prod.phx3.secureserver.net with bizsmtp id 7vHm1j0030Dcg9U01vHmJR; Wed, 09 May 2012 12:17:46 -0700
Received: from P3PWEX2MB008.ex2.secureserver.net ([169.254.8.88]) by P3PWEX2HT002.ex2.secureserver.net ([184.168.131.10]) with mapi id 14.02.0247.003; Wed, 9 May 2012 12:17:45 -0700
From: Eran Hammer <eran@hueniverse.com>
To: Michael Thomas <mike@mtcc.com>
Thread-Topic: [OAUTH-WG] IPR on OAuth bearer
Thread-Index: AQHNLgtSd1ClKC8By0eIWfRqfLMBr5bBvE/AgACCdgD//5IooIAAeIaA//+KuqA=
Date: Wed, 9 May 2012 19:17:45 +0000
Message-ID: <0CBAEB56DDB3A140BA8E8C124C04ECA201026058@P3PWEX2MB008.ex2.secureserver.net>
References: <0E17EDDE-567A-40BF-9CB9-0D6B757FF0A5@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA2010259C4@P3PWEX2MB008.ex2.secureserver.net> <6CE569CC-091C-456D-8426-FB3200ED4667@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA201025F4F@P3PWEX2MB008.ex2.secureserver.net> <4FAAC251.3010903@mtcc.com>
In-Reply-To: <4FAAC251.3010903@mtcc.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [64.74.213.174]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] IPR on OAuth bearer
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 19:17:47 -0000

Whoever you talk to for legal advice about IPR issues related to standards =
you might implement. My only point is, this group is not qualified to comme=
nt on IPR matters.

EH

> -----Original Message-----
> From: Michael Thomas [mailto:mike@mtcc.com]
> Sent: Wednesday, May 09, 2012 12:15 PM
> To: Eran Hammer
> Cc: Hannes Tschofenig; oauth@ietf.org WG
> Subject: Re: [OAUTH-WG] IPR on OAuth bearer
>=20
> On 05/09/2012 12:06 PM, Eran Hammer wrote:
> > So no discussion of this is expected on the list - correct? That's what=
 I
> wanted to clarify. You asked the WG to "think" about its potential
> implications but I don't want that "thinking" to happen out-loud on this =
list...
> >
> > Raising the issue with your internal IPR team is the right step.
>=20
> What internal IPR team? The IETF is not a corpro-only club.
>=20
> Mike
> >
> > EH
> >
> >> -----Original Message-----
> >> From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net]
> >> Sent: Wednesday, May 09, 2012 11:37 AM
> >> To: Eran Hammer
> >> Cc: Hannes Tschofenig; oauth@ietf.org WG
> >> Subject: Re: [OAUTH-WG] IPR on OAuth bearer
> >>
> >> Hi Eran,
> >>
> >> if you care about the specification (and want to use it in your
> >> products) then you may want to reach out to your IPR folks and ask for
> their judgement.
> >> They may be able to tell you whether they find the cited IPR
> >> applicable and whether they had experience with the IPR holder already=
.
> >>
> >> Ciao
> >> Hannes
> >>
> >> On May 9, 2012, at 8:51 PM, Eran Hammer wrote:
> >>
> >>> What exactly is the expected WG discussion on this? I hope people
> >>> here
> >> are not expected to read the patent and make legal decisions about
> >> the patent's validity or even applicability as these are questions
> >> for lawyers, not engineers.
> >>> EH
> >>>
> >>>> -----Original Message-----
> >>>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On
> >>>> Behalf Of Hannes Tschofenig
> >>>> Sent: Wednesday, May 09, 2012 10:44 AM
> >>>> To: oauth@ietf.org WG
> >>>> Subject: [OAUTH-WG] IPR on OAuth bearer
> >>>>
> >>>> Hi all,
> >>>>
> >>>> an IPR disclosure had been submitted for the OAuth bearer document
> >>>> recently. In case you may have missed it, here is the link to it:
> >>>> https://datatracker.ietf.org/ipr/1752/
> >>>>
> >>>> The ADs will re-run the IETF last call due to this new IPR filing
> >>>> and we would also like the working group to check the IPR and to
> >>>> think about potential implications.
> >>>>
> >>>> Thanks.
> >>>>
> >>>> Ciao
> >>>> Hannes&  Derek
> >>>>
> >>>> _______________________________________________
> >>>> OAuth mailing list
> >>>> OAuth@ietf.org
> >>>> https://www.ietf.org/mailman/listinfo/oauth
> > _______________________________________________
> > OAuth mailing list
> > OAuth@ietf.org
> > https://www.ietf.org/mailman/listinfo/oauth


From eran@hueniverse.com  Wed May  9 12:18:20 2012
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A63C411E80E1 for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 12:18:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.547
X-Spam-Level: 
X-Spam-Status: No, score=-2.547 tagged_above=-999 required=5 tests=[AWL=0.052,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kiFMe7g+mxph for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 12:18:20 -0700 (PDT)
Received: from p3plex2out04.prod.phx3.secureserver.net (p3plex2out04.prod.phx3.secureserver.net [184.168.131.18]) by ietfa.amsl.com (Postfix) with ESMTP id EF66F11E80C8 for <oauth@ietf.org>; Wed,  9 May 2012 12:18:19 -0700 (PDT)
Received: from P3PWEX2HT003.ex2.secureserver.net ([184.168.131.11]) by p3plex2out04.prod.phx3.secureserver.net with bizsmtp id 7vJK1j00D0EuLVk01vJK91; Wed, 09 May 2012 12:18:19 -0700
Received: from P3PWEX2MB008.ex2.secureserver.net ([169.254.8.88]) by P3PWEX2HT003.ex2.secureserver.net ([184.168.131.11]) with mapi id 14.02.0247.003; Wed, 9 May 2012 12:18:19 -0700
From: Eran Hammer <eran@hueniverse.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Thread-Topic: [OAUTH-WG] IPR on OAuth bearer
Thread-Index: AQHNLgtSd1ClKC8By0eIWfRqfLMBr5bBvE/AgACCdgD//5IooIAAeQmA//+KyGA=
Date: Wed, 9 May 2012 19:18:19 +0000
Message-ID: <0CBAEB56DDB3A140BA8E8C124C04ECA2010260A9@P3PWEX2MB008.ex2.secureserver.net>
References: <0E17EDDE-567A-40BF-9CB9-0D6B757FF0A5@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA2010259C4@P3PWEX2MB008.ex2.secureserver.net> <6CE569CC-091C-456D-8426-FB3200ED4667@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA201025F4F@P3PWEX2MB008.ex2.secureserver.net> <934776D1-7419-46D7-BA8C-2B4666E64A6E@gmx.net>
In-Reply-To: <934776D1-7419-46D7-BA8C-2B4666E64A6E@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [64.74.213.174]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] IPR on OAuth bearer
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 19:18:20 -0000

Thanks. This is the clarification I was seeking.

EH

> -----Original Message-----
> From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net]
> Sent: Wednesday, May 09, 2012 12:17 PM
> To: Eran Hammer
> Cc: Hannes Tschofenig; oauth@ietf.org WG
> Subject: Re: [OAUTH-WG] IPR on OAuth bearer
>=20
> No, don't share your interpretation about the IPR with us on the mailing =
list.
>=20
> However, if you come to the conclusion that the IPR situation is unaccept=
able
> for you then you could withdraw your previously stated support for the
> document. If everyone or many do that then we have to find a plan B.
>=20
> Ciao
> Hannes
>=20
> On May 9, 2012, at 10:06 PM, Eran Hammer wrote:
>=20
> > So no discussion of this is expected on the list - correct? That's what=
 I
> wanted to clarify. You asked the WG to "think" about its potential
> implications but I don't want that "thinking" to happen out-loud on this =
list...
> >
> > Raising the issue with your internal IPR team is the right step.
> >
> > EH
> >
> >> -----Original Message-----
> >> From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net]
> >> Sent: Wednesday, May 09, 2012 11:37 AM
> >> To: Eran Hammer
> >> Cc: Hannes Tschofenig; oauth@ietf.org WG
> >> Subject: Re: [OAUTH-WG] IPR on OAuth bearer
> >>
> >> Hi Eran,
> >>
> >> if you care about the specification (and want to use it in your
> >> products) then you may want to reach out to your IPR folks and ask for
> their judgement.
> >> They may be able to tell you whether they find the cited IPR
> >> applicable and whether they had experience with the IPR holder already=
.
> >>
> >> Ciao
> >> Hannes
> >>
> >> On May 9, 2012, at 8:51 PM, Eran Hammer wrote:
> >>
> >>> What exactly is the expected WG discussion on this? I hope people
> >>> here
> >> are not expected to read the patent and make legal decisions about
> >> the patent's validity or even applicability as these are questions
> >> for lawyers, not engineers.
> >>>
> >>> EH
> >>>
> >>>> -----Original Message-----
> >>>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On
> >>>> Behalf Of Hannes Tschofenig
> >>>> Sent: Wednesday, May 09, 2012 10:44 AM
> >>>> To: oauth@ietf.org WG
> >>>> Subject: [OAUTH-WG] IPR on OAuth bearer
> >>>>
> >>>> Hi all,
> >>>>
> >>>> an IPR disclosure had been submitted for the OAuth bearer document
> >>>> recently. In case you may have missed it, here is the link to it:
> >>>> https://datatracker.ietf.org/ipr/1752/
> >>>>
> >>>> The ADs will re-run the IETF last call due to this new IPR filing
> >>>> and we would also like the working group to check the IPR and to
> >>>> think about potential implications.
> >>>>
> >>>> Thanks.
> >>>>
> >>>> Ciao
> >>>> Hannes & Derek
> >>>>
> >>>> _______________________________________________
> >>>> OAuth mailing list
> >>>> OAuth@ietf.org
> >>>> https://www.ietf.org/mailman/listinfo/oauth
> >


From ve7jtb@ve7jtb.com  Wed May  9 12:31:51 2012
Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66B0111E80CC for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 12:31:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.533
X-Spam-Level: 
X-Spam-Status: No, score=-3.533 tagged_above=-999 required=5 tests=[AWL=0.066,  BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YH+V00nhyNSv for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 12:31:50 -0700 (PDT)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id B4E5B21F8463 for <oauth@ietf.org>; Wed,  9 May 2012 12:31:50 -0700 (PDT)
Received: by yhq56 with SMTP id 56so800344yhq.31 for <oauth@ietf.org>; Wed, 09 May 2012 12:31:50 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=JO3qCiDpKU0AAW9OW6GGq1djWU7Brie/HdVRuCWQ/9I=; b=YB+5P2RvqcdIWnQQkpf/K+I+Af1pWbN2WkKb1qCBjdCDfLBoj1WGy8Xuj65aaBSFA9 8qQdUcmkkXVzdY0+548JHSX9FASHFMw+sUcaLFADcQUFulY1DoqSarvtuVZYSm1ytQS8 SGqI1GUbrh71nUZPrYjdh/D3wDS70+F7nRlsjfAvF5NNhSb640dNSmXu5cBBxWGZ7+8a mmdRZfgwQa5K7CjOWYSVCCFrxcsxdfRFdPU8LZjwpJnGGGR7u5qkd8w79dPLce35WNew TLlanyFWOh4BnaUtvZXgzNxBbICCwOEFCVHE0ly3LGDe1i2luAkIjAFTmYT9X6asLpSo oQqQ==
Received: by 10.236.184.134 with SMTP id s6mr1528721yhm.122.1336591910134; Wed, 09 May 2012 12:31:50 -0700 (PDT)
Received: from [192.168.1.213] (190-20-20-74.baf.movistar.cl. [190.20.20.74]) by mx.google.com with ESMTPS id y28sm15976381yhi.16.2012.05.09.12.31.43 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 09 May 2012 12:31:48 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: multipart/signed; boundary="Apple-Mail=_7D41B96E-1F64-4D9D-A5F2-B101C1755077"; protocol="application/pkcs7-signature"; micalg=sha1
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <9F541ABD-23C0-4592-BC8C-7B7E7CC620CB@gmx.net>
Date: Wed, 9 May 2012 15:31:31 -0400
Message-Id: <81091A66-03C3-4085-A840-BEC1BBF48161@ve7jtb.com>
References: <40FC97F0-B72C-47F4-8206-590BA365997A@gmx.net> <5ECED997-49B8-4550-B79A-CF121FCD1AF9@ve7jtb.com> <9F541ABD-23C0-4592-BC8C-7B7E7CC620CB@gmx.net>
To: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
X-Mailer: Apple Mail (2.1257)
X-Gm-Message-State: ALoCoQk0esN8ENJHmPaCmpaBz3BX64HyDa626Owd4d2Do/WTEqAj3REIeb6HoeBKCISIIW/npcnZ
Cc: kitten@ietf.org, "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth Discovery and what the relying party needs to know
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 19:31:51 -0000

--Apple-Mail=_7D41B96E-1F64-4D9D-A5F2-B101C1755077
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

The lookup is based on the identifier provided by the user.  It can have =
a user portion in the format of a URI https://john@example.com , =
https://example.com/john or anything else where you can extract the =
domain.

The user portion is necessary to allow for per user IdP delegation.   =
Otherwise only one IdP per host could be supported.

John B.


On 2012-05-09, at 2:42 PM, Hannes Tschofenig wrote:

> Hi John,=20
>=20
> does the "identifier" contain of a domain part AND a username part or =
only the domain part?=20
> That's the crucial question here.=20
>=20
> Ciao
> Hannes
>=20
> On May 9, 2012, at 9:20 PM, John Bradley wrote:
>=20
>> For openID Connect we are using the identifier to discover the AS.   =
We refer to that as an issuer,  and perform a second discovery step to =
get the configuration (Auth endpoint, token endpoint, user_info endpoint =
and other config) for that issuer.
>>=20
>> SWD/WF may be used for other things by other protocols, but our use =
is quite simple.
>>=20
>> I think that is probably the same thing for SASL,  but others may =
think differently.
>>=20
>> John B.
>>=20
>>=20
>> On 2012-05-09, at 1:50 PM, Hannes Tschofenig wrote:
>>=20
>>> Hi guys,=20
>>>=20
>>> at the last IIW we had a discussion about SASL-OAuth and what the =
SASL server needs to know for discovery.=20
>>> The discovery discussions around WebFinger go in the same =
directions.=20
>>>=20
>>> So, I have been wondering whether we have made an informed decision =
about how the discovery procedure is actually supposed to look like.=20
>>>=20
>>> In my view, the relying party (the client) only needs to know who =
the identity provider (the AS/RS) is.=20
>>>=20
>>> Any other views?=20
>>>=20
>>> Ciao
>>> Hannes
>>>=20
>>> PS: Please let me know if I should provide more background about the =
issue.=20
>>>=20
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>>=20
>=20


--Apple-Mail=_7D41B96E-1F64-4D9D-A5F2-B101C1755077
Content-Disposition: attachment;
	filename=smime.p7s
Content-Type: application/pkcs7-signature;
	name=smime.p7s
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIPnzCCB7Uw
ggadoAMCAQICAh5cMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3Rh
cnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4
MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0Ew
HhcNMTIwMzE4MDQzMjQ4WhcNMTQwMzE5MTEwNzMyWjCBmzEZMBcGA1UEDRMQR3JUTTZMUzdYMzU3
NzhzOTELMAkGA1UEBhMCQ0wxIjAgBgNVBAgTGU1ldHJvcG9saXRhbmEgZGUgU2FudGlhZ28xFjAU
BgNVBAcTDUlzbGEgZGUgTWFpcG8xFTATBgNVBAMTDEpvaG4gQnJhZGxleTEeMBwGCSqGSIb3DQEJ
ARYPamJyYWRsZXlAbWUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskrlBI93
rBTLOQGSwIT6co6dAw/rwDPrRXl6/F2oc4KDn+QN6CdFeHo08H846VJS9CDjLKvnK9jbxxs4wYqe
nKdPb3jgzt8oc7b9ZXtWkOgsxgMf6dBZ/IPm4lWBpCbSr3seDGDXEpiE2lTZXno7c25OguR4E6Qa
hcpHABZjeEWK65mMH25gmoRf5MY1k3quu5y+FCYCHE2iwU5jzq+mI3HmG59+UMFLx1fjV+zTslRw
26cQDC/uepwjeYSp8S26hfWipVWwQj4js/C7RoPtvt2iyeU+LSH81jG4wlAWntiOG1WtoXUuXWSc
ExhciKeKWCnemy9qqmxRfJqBROeGlQIDAQABo4IEDjCCBAowCQYDVR0TBAIwADALBgNVHQ8EBAMC
BLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBQ/A7/CxKEnzpqmZlLz
9iaQMy24eTAfBgNVHSMEGDAWgBSuVYNv7DHKufcd+q9rMfPIHeOsuzB+BgNVHREEdzB1gQ9qYnJh
ZGxleUBtZS5jb22BD2picmFkbGV5QG1lLmNvbYEQamJyYWRsZXlAbWFjLmNvbYERdmU3anRiQHZl
N2p0Yi5jb22BE2picmFkbGV5QHdpbmdhYS5jb22BF2pvaG4uYnJhZGxleUB3aW5nYWEuY29tMIIC
IQYDVR0gBIICGDCCAhQwggIQBgsrBgEEAYG1NwECAjCCAf8wLgYIKwYBBQUHAgEWImh0dHA6Ly93
d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3RhcnRz
c2wuY29tL2ludGVybWVkaWF0ZS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1ZWQgYWNj
b3JkaW5nIHRvIHRoZSBDbGFzcyAyIFZhbGlkYXRpb24gcmVxdWlyZW1lbnRzIG9mIHRoZSBTdGFy
dENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9yIHRoZSBpbnRlbmRlZCBwdXJwb3NlIGlu
IGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlpbmcgcGFydHkgb2JsaWdhdGlvbnMuMIGcBggrBgEFBQcC
AjCBjzAnFiBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgECGmRMaWFiaWxpdHkg
YW5kIHdhcnJhbnRpZXMgYXJlIGxpbWl0ZWQhIFNlZSBzZWN0aW9uICJMZWdhbCBhbmQgTGltaXRh
dGlvbnMiIG9mIHRoZSBTdGFydENvbSBDQSBwb2xpY3kuMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6
Ly9jcmwuc3RhcnRzc2wuY29tL2NydHUyLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8wOQYIKwYB
BQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MyL2NsaWVudC9jYTBCBggr
BgEFBQcwAoY2aHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNzMi5jbGllbnQu
Y2EuY3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQUF
AAOCAQEAEcfD4PmHrX+W3zaP/KsR4gwLAL0UTaMz14SIng6a9F3kb8ZDbTUneS9ubgpqeJQP2IFc
0U5gQnJ3XeCH6p9I88mvm1NqKQw8WvfglS0aIS19vfpTgXJSPdIO2JJPRqaBtXf3zkdXJwckX9/d
NMrLGeGvaFT9fUNdQdHU4BI1pVUpgKr796T7LTc/ERfH8iFp1+CmdVkJ6Y2iJdWUp4h17XmbxbIT
0CdS4SSk/VW8LFsn/mVz6hB73VthwjGsIku54Wp4pRuq1KX+pATnRk3pHRa1z3mxJMmq7OEXENcC
Vm+bAnyUrYbUilNS9UVTYS8/3dVsKiNupBaOZO+vOgJqVDCCB+IwggXKoAMCAQICAQ4wDQYJKoZI
hvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT
IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDI1NFoXDTEyMTAyMjIxMDI1NFowgYwx
CzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGln
aXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAyIFByaW1h
cnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMsohUWcASz7GfKrpTOMKqANy9BV7V0igWdGxA8IU77L3aTxErQ+fcxtDYZ36Z6GH0YFn7fq5RAD
teP0AYzrCA+EQTfi8q1+kA3m0nwtwXG94M5sIqsvs7lRP1aycBke/s5g9hJHryZ2acScnzczjBCA
o7X1v5G3yw8MDP2m2RCye0KfgZ4nODerZJVzhAlOD9YejvAXZqHksw56HzElVIoYSZ3q4+RJuPXX
fIoyby+Y2m1E+YzX5iCZXBx05gk6MKAW1vaw4/v2OOLy6FZH3XHHtOkzUreG//CsFnB9+uaYSlR6
5cdGzTsmoIK8WH1ygoXhRBm98SD7Hf/r3FELNvUCAwEAAaOCA1swggNXMAwGA1UdEwQFMAMBAf8w
CwYDVR0PBAQDAgGmMB0GA1UdDgQWBBSuVYNv7DHKufcd+q9rMfPIHeOsuzCBqAYDVR0jBIGgMIGd
gBROC+8apEBbpRdphzDKNGhD0EGu8qGBgaR/MH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFy
dENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkw
JwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBATAJBgNVHRIEAjAAMD0G
CCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAoYhaHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2Eu
Y3J0MGAGA1UdHwRZMFcwLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwu
Y3JsMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwggFdBgNVHSAEggFU
MIIBUDCCAUwGCysGAQQBgbU3AQEEMIIBOzAvBggrBgEFBQcCARYjaHR0cDovL2NlcnQuc3RhcnRj
b20ub3JnL3BvbGljeS5wZGYwNQYIKwYBBQUHAgEWKWh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9p
bnRlcm1lZGlhdGUucGRmMIHQBggrBgEFBQcCAjCBwzAnFiBTdGFydCBDb21tZXJjaWFsIChTdGFy
dENvbSkgTHRkLjADAgEBGoGXTGltaXRlZCBMaWFiaWxpdHksIHJlYWQgdGhlIHNlY3Rpb24gKkxl
Z2FsIExpbWl0YXRpb25zKiBvZiB0aGUgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
UG9saWN5IGF2YWlsYWJsZSBhdCBodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvcG9saWN5LnBkZjAR
BglghkgBhvhCAQEEBAMCAAcwUAYJYIZIAYb4QgENBEMWQVN0YXJ0Q29tIENsYXNzIDIgUHJpbWFy
eSBJbnRlcm1lZGlhdGUgRnJlZSBTU0wgRW1haWwgQ2VydGlmaWNhdGVzMA0GCSqGSIb3DQEBBQUA
A4ICAQAe9xAX/vbphHkvkDdNrslXWdO7fD3JaqnTT3jmmDu55r7UpW1H/v/J40UBXsw9DKU8TylE
4RwZT5HDAMW42f1x498AzM4FOnL/pUTTvr6BiRlrify5ZovkDYVWjy1GYTJ+hPiBEv0HmHnDxjhn
JIIkEvJ+niMHLLEdpNMhZnxMiTFRAtIF4WeYcpgXBjAxsEDRKBvw40K+r3N4lykySQNp2ElIJ8H1
z2BmhxtppUdWpOVJ4Q1Gvn9jfV1qnMhFCDY+X1X8DrkKrTcpDExcGlefweQs7+DYUK3spiQkJpN7
qpPYlfy2GYHedv7lGa1ZAghMI/4882QVAK2zq6M60nHpOUMtYD61XtAs3ZD5L3yn9LCdeK2j4ZbQ
3uRdwvxAMFWwXyUK/ALP4lCu9QhxbnETOkBWT3FJul4/FUgzM0RRCEGhuQWiOFSoa35XJTcYf/4E
/ZuvOXhK04nUpe7DYTMWzRqL04yyoJQVHKHKSboytueydKuqFZKdJA9gi77OnPBYL/yxkXGgkLC9
tsi77oT4AgZry0/6lgX56ak+f/umQihNPgtKSQQjEYq9S8MlOHzpUM0vxsghATYsdUPBw6r6ZxDH
jXoUAD03DUMEbKsWvqFB7nJNVesngbu8miw1EYLA+fHfTaCidoV3CL75jKqM/KE87qrh9Fqti9bK
qnkvpTGCA2wwggNoAgEBMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk
LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMv
U3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMAkGBSsO
AwIaBQCgggGtMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEyMDUw
OTE5MzEzMlowIwYJKoZIhvcNAQkEMRYEFEeTUieEr17Yy1aOczarGcHMsB73MIGkBgkrBgEEAYI3
EAQxgZYwgZMwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQL
EyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBD
bGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQICHlwwgaYGCyqGSIb3DQEJEAIL
MYGWoIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xh
c3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMA0GCSqGSIb3DQEBAQUABIIB
AKLr10daaNMgIKnoTzrYi/OgZ+mY0964lBQFqCeGa7JwtOU0HvMkxD8XiXyZuj6Lht2WENm7Mm5T
gC4IN7JuKyK1YpPCWBqo+EcVIMMZNV/WSjowQ/TFi2kefdChlgs+RPBauBIIgXtxyNhWCLOwHS3y
Ez/iYTUnn3Y2/EqWhkpE7sua6qRJWuXM8xgnyC9bwJfrW0MEznYLl3GrYFI8adTW+WjVuCbKr+wJ
4akoMtKnL7gibaobSIcUZ/nV1BlQnoI0v8ZI/33FFM34t+8JwVqMIo83102pVsx5ic2NBmRsuicl
u6PXQTn8E4ZCMo7XLJJOrcoqHzWdfHclq+WIb14AAAAAAAA=

--Apple-Mail=_7D41B96E-1F64-4D9D-A5F2-B101C1755077--

From mike@mtcc.com  Wed May  9 12:34:34 2012
Return-Path: <mike@mtcc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1EA8F21F8494 for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 12:34:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.553
X-Spam-Level: 
X-Spam-Status: No, score=-2.553 tagged_above=-999 required=5 tests=[AWL=0.046,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L7lc9B0YGrbg for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 12:34:33 -0700 (PDT)
Received: from mtcc.com (mtcc.com [50.0.18.224]) by ietfa.amsl.com (Postfix) with ESMTP id 6E31521F8491 for <oauth@ietf.org>; Wed,  9 May 2012 12:34:33 -0700 (PDT)
Received: from takifugu.mtcc.com (takifugu.mtcc.com [50.0.18.224]) (authenticated bits=0) by mtcc.com (8.14.3/8.14.3) with ESMTP id q49JYSnR026358 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Wed, 9 May 2012 12:34:29 -0700
Message-ID: <4FAAC6C4.7080502@mtcc.com>
Date: Wed, 09 May 2012 12:34:28 -0700
From: Michael Thomas <mike@mtcc.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.22) Gecko/20090605 Thunderbird/2.0.0.22 Mnenhy/0.7.5.0
MIME-Version: 1.0
To: Eran Hammer <eran@hueniverse.com>
References: <0E17EDDE-567A-40BF-9CB9-0D6B757FF0A5@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA2010259C4@P3PWEX2MB008.ex2.secureserver.net> <6CE569CC-091C-456D-8426-FB3200ED4667@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA201025F4F@P3PWEX2MB008.ex2.secureserver.net> <4FAAC251.3010903@mtcc.com> <0CBAEB56DDB3A140BA8E8C124C04ECA201026058@P3PWEX2MB008.ex2.secureserver.net>
In-Reply-To: <0CBAEB56DDB3A140BA8E8C124C04ECA201026058@P3PWEX2MB008.ex2.secureserver.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=3274; t=1336592069; x=1337456069; c=relaxed/simple; s=thundersaddle.kirkwood; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=mtcc.com; i=mike@mtcc.com; z=From:=20Michael=20Thomas=20<mike@mtcc.com> |Subject:=20Re=3A=20[OAUTH-WG]=20IPR=20on=20OAuth=20bearer |Sender:=20 |To:=20Eran=20Hammer=20<eran@hueniverse.com> |Content-Type:=20text/plain=3B=20charset=3DISO-8859-1=3B=20 format=3Dflowed |Content-Transfer-Encoding:=207bit |MIME-Version:=201.0; bh=XiL4gi3NOadzDxgTcmhrxJHFwi+FHHN/FCjqAkZwIVI=; b=q+b8JQ6JQYmqthMoKxoNCLydNe/23I5+ysKP+pglaJo2x1lPgf6Wemes/4 ok/i7HJ0XIr/7tPyx1/4R4kfKHS/Am30gwX0l87f9tLXVIGGFVZ8hIMUxd0C mWbhYQSLqIdfEkKW9raQJ43Mr36E5sFYsb1US6fbwhjmDrRdu/R1M=;
Authentication-Results: ; v=0.1; dkim=pass header.i=mike@mtcc.com ( sig from mtcc.com/thundersaddle.kirkwood verified; );  dkim-asp=pass header.From=mike@mtcc.com
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] IPR on OAuth bearer
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 19:34:34 -0000

On 05/09/2012 12:17 PM, Eran Hammer wrote:
> Whoever you talk to for legal advice about IPR issues related to standards you might implement. My only point is, this group is not qualified to comment on IPR matters.

The IETF gets to decide whether it wants to create standards that
use (potentially) encumbered IP. It is the wg's responsibility to
decide whether it is a necessary evil, or whether the damage can be
routed around. How a working group does that without having a
discussion is a mystery to me.

Mike

>
> EH
>
>> -----Original Message-----
>> From: Michael Thomas [mailto:mike@mtcc.com]
>> Sent: Wednesday, May 09, 2012 12:15 PM
>> To: Eran Hammer
>> Cc: Hannes Tschofenig; oauth@ietf.org WG
>> Subject: Re: [OAUTH-WG] IPR on OAuth bearer
>>
>> On 05/09/2012 12:06 PM, Eran Hammer wrote:
>>> So no discussion of this is expected on the list - correct? That's what I
>> wanted to clarify. You asked the WG to "think" about its potential
>> implications but I don't want that "thinking" to happen out-loud on this list...
>>> Raising the issue with your internal IPR team is the right step.
>> What internal IPR team? The IETF is not a corpro-only club.
>>
>> Mike
>>> EH
>>>
>>>> -----Original Message-----
>>>> From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net]
>>>> Sent: Wednesday, May 09, 2012 11:37 AM
>>>> To: Eran Hammer
>>>> Cc: Hannes Tschofenig; oauth@ietf.org WG
>>>> Subject: Re: [OAUTH-WG] IPR on OAuth bearer
>>>>
>>>> Hi Eran,
>>>>
>>>> if you care about the specification (and want to use it in your
>>>> products) then you may want to reach out to your IPR folks and ask for
>> their judgement.
>>>> They may be able to tell you whether they find the cited IPR
>>>> applicable and whether they had experience with the IPR holder already.
>>>>
>>>> Ciao
>>>> Hannes
>>>>
>>>> On May 9, 2012, at 8:51 PM, Eran Hammer wrote:
>>>>
>>>>> What exactly is the expected WG discussion on this? I hope people
>>>>> here
>>>> are not expected to read the patent and make legal decisions about
>>>> the patent's validity or even applicability as these are questions
>>>> for lawyers, not engineers.
>>>>> EH
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On
>>>>>> Behalf Of Hannes Tschofenig
>>>>>> Sent: Wednesday, May 09, 2012 10:44 AM
>>>>>> To: oauth@ietf.org WG
>>>>>> Subject: [OAUTH-WG] IPR on OAuth bearer
>>>>>>
>>>>>> Hi all,
>>>>>>
>>>>>> an IPR disclosure had been submitted for the OAuth bearer document
>>>>>> recently. In case you may have missed it, here is the link to it:
>>>>>> https://datatracker.ietf.org/ipr/1752/
>>>>>>
>>>>>> The ADs will re-run the IETF last call due to this new IPR filing
>>>>>> and we would also like the working group to check the IPR and to
>>>>>> think about potential implications.
>>>>>>
>>>>>> Thanks.
>>>>>>
>>>>>> Ciao
>>>>>> Hannes&   Derek
>>>>>>
>>>>>> _______________________________________________
>>>>>> OAuth mailing list
>>>>>> OAuth@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/oauth
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth


From stephen.farrell@cs.tcd.ie  Wed May  9 13:26:19 2012
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBC8311E80C8 for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 13:26:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iWc9I4CQKjIn for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 13:26:11 -0700 (PDT)
Received: from scss.tcd.ie (hermes.scss.tcd.ie [IPv6:2001:770:10:200:889f:cdff:fe8d:ccd2]) by ietfa.amsl.com (Postfix) with ESMTP id A7BC911E80BB for <oauth@ietf.org>; Wed,  9 May 2012 13:26:10 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id 98F07171537; Wed,  9 May 2012 21:26:09 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:in-reply-to:references :subject:mime-version:user-agent:from:date:message-id:received :received:x-virus-scanned; s=cs; t=1336595169; bh=YFk9Yty7lU2LxE SvHhYLp8SeET9yHPp5U4A6cqcY9Q4=; b=pF4oWxFkXQ5SD1q+/FTkdPvpb/55oX My6D1BpT6doJVpJMpm49gBJn6gXeX9eoZlY7eOQ7/FvY5T1IW9rGl45/y7N+Ypbw aFWEsvKdVZutQPB/PS/F1uRY9ploHYbi+DQqic6PzK60Pe7NwpOQOFeY2mpHgUHF DZsEUYGObGhLfFEM7ukQGY7Iy74Qq+lzKi6TDWRdeazHhIOobglVoqUUtk9gQNG9 Sv2O+8jvTjctUfkFWUN8zPcMm8cvbwCmZjpPNqdU60hv47C4xpfetBZOEdHv/W4K AtRqOKvdF+6/lA6YP4ApeWwGLWcKVL7r0vDcLBOld3diPnEL6C25eMBw==
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id XZVj4F7TKtGz; Wed,  9 May 2012 21:26:09 +0100 (IST)
Received: from [10.87.48.9] (unknown [86.46.20.248]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id 73447171512; Wed,  9 May 2012 21:26:07 +0100 (IST)
Message-ID: <4FAAD2DF.4080500@cs.tcd.ie>
Date: Wed, 09 May 2012 21:26:07 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120430 Thunderbird/12.0.1
MIME-Version: 1.0
To: Michael Thomas <mike@mtcc.com>
References: <0E17EDDE-567A-40BF-9CB9-0D6B757FF0A5@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA2010259C4@P3PWEX2MB008.ex2.secureserver.net> <6CE569CC-091C-456D-8426-FB3200ED4667@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA201025F4F@P3PWEX2MB008.ex2.secureserver.net> <4FAAC251.3010903@mtcc.com> <0CBAEB56DDB3A140BA8E8C124C04ECA201026058@P3PWEX2MB008.ex2.secureserver.net> <4FAAC6C4.7080502@mtcc.com>
In-Reply-To: <4FAAC6C4.7080502@mtcc.com>
X-Enigmail-Version: 1.4.1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] IPR on OAuth bearer
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 20:26:20 -0000

Hi Mike,

On 05/09/2012 08:34 PM, Michael Thomas wrote:
> On 05/09/2012 12:17 PM, Eran Hammer wrote:
>> Whoever you talk to for legal advice about IPR issues related to
>> standards you might implement. My only point is, this group is not
>> qualified to comment on IPR matters.
> 
> The IETF gets to decide whether it wants to create standards that
> use (potentially) encumbered IP. It is the wg's responsibility to
> decide whether it is a necessary evil, or whether the damage can be
> routed around. How a working group does that without having a
> discussion is a mystery to me.

Yeah, its tricky stuff. The key point as I understand it is
not to get into discussion about licensing arrangements or
other commercial matters, nor about the validity of the IPR
itself, which are not our business. While we may or may not
have opinions that 90+% of the output of all patent offices
in the ICT space is pure rubbish, those are not directly
relevant for the WG. If you're not sure, ask the chairs or
me and we can try help.

The question is as Hannes stated: does this new information
change the WG's opinion of this document or not. Silence is
taken to mean "not" in this case.

S

> 
> Mike
> 
>>
>> EH
>>
>>> -----Original Message-----
>>> From: Michael Thomas [mailto:mike@mtcc.com]
>>> Sent: Wednesday, May 09, 2012 12:15 PM
>>> To: Eran Hammer
>>> Cc: Hannes Tschofenig; oauth@ietf.org WG
>>> Subject: Re: [OAUTH-WG] IPR on OAuth bearer
>>>
>>> On 05/09/2012 12:06 PM, Eran Hammer wrote:
>>>> So no discussion of this is expected on the list - correct? That's
>>>> what I
>>> wanted to clarify. You asked the WG to "think" about its potential
>>> implications but I don't want that "thinking" to happen out-loud on
>>> this list...
>>>> Raising the issue with your internal IPR team is the right step.
>>> What internal IPR team? The IETF is not a corpro-only club.
>>>
>>> Mike
>>>> EH
>>>>
>>>>> -----Original Message-----
>>>>> From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net]
>>>>> Sent: Wednesday, May 09, 2012 11:37 AM
>>>>> To: Eran Hammer
>>>>> Cc: Hannes Tschofenig; oauth@ietf.org WG
>>>>> Subject: Re: [OAUTH-WG] IPR on OAuth bearer
>>>>>
>>>>> Hi Eran,
>>>>>
>>>>> if you care about the specification (and want to use it in your
>>>>> products) then you may want to reach out to your IPR folks and ask for
>>> their judgement.
>>>>> They may be able to tell you whether they find the cited IPR
>>>>> applicable and whether they had experience with the IPR holder
>>>>> already.
>>>>>
>>>>> Ciao
>>>>> Hannes
>>>>>
>>>>> On May 9, 2012, at 8:51 PM, Eran Hammer wrote:
>>>>>
>>>>>> What exactly is the expected WG discussion on this? I hope people
>>>>>> here
>>>>> are not expected to read the patent and make legal decisions about
>>>>> the patent's validity or even applicability as these are questions
>>>>> for lawyers, not engineers.
>>>>>> EH
>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On
>>>>>>> Behalf Of Hannes Tschofenig
>>>>>>> Sent: Wednesday, May 09, 2012 10:44 AM
>>>>>>> To: oauth@ietf.org WG
>>>>>>> Subject: [OAUTH-WG] IPR on OAuth bearer
>>>>>>>
>>>>>>> Hi all,
>>>>>>>
>>>>>>> an IPR disclosure had been submitted for the OAuth bearer document
>>>>>>> recently. In case you may have missed it, here is the link to it:
>>>>>>> https://datatracker.ietf.org/ipr/1752/
>>>>>>>
>>>>>>> The ADs will re-run the IETF last call due to this new IPR filing
>>>>>>> and we would also like the working group to check the IPR and to
>>>>>>> think about potential implications.
>>>>>>>
>>>>>>> Thanks.
>>>>>>>
>>>>>>> Ciao
>>>>>>> Hannes&   Derek
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> OAuth mailing list
>>>>>>> OAuth@ietf.org
>>>>>>> https://www.ietf.org/mailman/listinfo/oauth
>>>> _______________________________________________
>>>> OAuth mailing list
>>>> OAuth@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/oauth
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
> 

From eran@hueniverse.com  Wed May  9 13:27:21 2012
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7D7D21F8440 for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 13:27:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.548
X-Spam-Level: 
X-Spam-Status: No, score=-2.548 tagged_above=-999 required=5 tests=[AWL=0.051,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J+qq2mQIFPRe for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 13:27:20 -0700 (PDT)
Received: from p3plex2out04.prod.phx3.secureserver.net (p3plex2out04.prod.phx3.secureserver.net [184.168.131.18]) by ietfa.amsl.com (Postfix) with ESMTP id DE5C921F8425 for <oauth@ietf.org>; Wed,  9 May 2012 13:27:20 -0700 (PDT)
Received: from P3PWEX2HT003.ex2.secureserver.net ([184.168.131.11]) by p3plex2out04.prod.phx3.secureserver.net with bizsmtp id 7wTG1j0010EuLVk01wTGrH; Wed, 09 May 2012 13:27:16 -0700
Received: from P3PWEX2MB008.ex2.secureserver.net ([169.254.8.88]) by P3PWEX2HT003.ex2.secureserver.net ([184.168.131.11]) with mapi id 14.02.0247.003; Wed, 9 May 2012 13:27:15 -0700
From: Eran Hammer <eran@hueniverse.com>
To: Michael Thomas <mike@mtcc.com>
Thread-Topic: [OAUTH-WG] IPR on OAuth bearer
Thread-Index: AQHNLgtSd1ClKC8By0eIWfRqfLMBr5bBvE/AgACCdgD//5IooIAAeIaA//+KuqCAAHqUAP//mQCA
Date: Wed, 9 May 2012 20:27:14 +0000
Message-ID: <0CBAEB56DDB3A140BA8E8C124C04ECA201026437@P3PWEX2MB008.ex2.secureserver.net>
References: <0E17EDDE-567A-40BF-9CB9-0D6B757FF0A5@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA2010259C4@P3PWEX2MB008.ex2.secureserver.net> <6CE569CC-091C-456D-8426-FB3200ED4667@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA201025F4F@P3PWEX2MB008.ex2.secureserver.net> <4FAAC251.3010903@mtcc.com> <0CBAEB56DDB3A140BA8E8C124C04ECA201026058@P3PWEX2MB008.ex2.secureserver.net> <4FAAC6C4.7080502@mtcc.com>
In-Reply-To: <4FAAC6C4.7080502@mtcc.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [64.74.213.174]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] IPR on OAuth bearer
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 20:27:21 -0000

Simple. By having WG members simply state whether they will or will not ado=
pt the proposed standard given the IPR issues. Trying to discuss the merits=
 of the IPR disclosure is impossible.

EH

> -----Original Message-----
> From: Michael Thomas [mailto:mike@mtcc.com]
> Sent: Wednesday, May 09, 2012 12:34 PM
> To: Eran Hammer
> Cc: Hannes Tschofenig; oauth@ietf.org WG
> Subject: Re: [OAUTH-WG] IPR on OAuth bearer
>=20
> On 05/09/2012 12:17 PM, Eran Hammer wrote:
> > Whoever you talk to for legal advice about IPR issues related to standa=
rds
> you might implement. My only point is, this group is not qualified to
> comment on IPR matters.
>=20
> The IETF gets to decide whether it wants to create standards that use
> (potentially) encumbered IP. It is the wg's responsibility to decide whet=
her it
> is a necessary evil, or whether the damage can be routed around. How a
> working group does that without having a discussion is a mystery to me.
>=20
> Mike
>=20
> >
> > EH
> >
> >> -----Original Message-----
> >> From: Michael Thomas [mailto:mike@mtcc.com]
> >> Sent: Wednesday, May 09, 2012 12:15 PM
> >> To: Eran Hammer
> >> Cc: Hannes Tschofenig; oauth@ietf.org WG
> >> Subject: Re: [OAUTH-WG] IPR on OAuth bearer
> >>
> >> On 05/09/2012 12:06 PM, Eran Hammer wrote:
> >>> So no discussion of this is expected on the list - correct? That's
> >>> what I
> >> wanted to clarify. You asked the WG to "think" about its potential
> >> implications but I don't want that "thinking" to happen out-loud on th=
is
> list...
> >>> Raising the issue with your internal IPR team is the right step.
> >> What internal IPR team? The IETF is not a corpro-only club.
> >>
> >> Mike
> >>> EH
> >>>
> >>>> -----Original Message-----
> >>>> From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net]
> >>>> Sent: Wednesday, May 09, 2012 11:37 AM
> >>>> To: Eran Hammer
> >>>> Cc: Hannes Tschofenig; oauth@ietf.org WG
> >>>> Subject: Re: [OAUTH-WG] IPR on OAuth bearer
> >>>>
> >>>> Hi Eran,
> >>>>
> >>>> if you care about the specification (and want to use it in your
> >>>> products) then you may want to reach out to your IPR folks and ask
> >>>> for
> >> their judgement.
> >>>> They may be able to tell you whether they find the cited IPR
> >>>> applicable and whether they had experience with the IPR holder
> already.
> >>>>
> >>>> Ciao
> >>>> Hannes
> >>>>
> >>>> On May 9, 2012, at 8:51 PM, Eran Hammer wrote:
> >>>>
> >>>>> What exactly is the expected WG discussion on this? I hope people
> >>>>> here
> >>>> are not expected to read the patent and make legal decisions about
> >>>> the patent's validity or even applicability as these are questions
> >>>> for lawyers, not engineers.
> >>>>> EH
> >>>>>
> >>>>>> -----Original Message-----
> >>>>>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On
> >>>>>> Behalf Of Hannes Tschofenig
> >>>>>> Sent: Wednesday, May 09, 2012 10:44 AM
> >>>>>> To: oauth@ietf.org WG
> >>>>>> Subject: [OAUTH-WG] IPR on OAuth bearer
> >>>>>>
> >>>>>> Hi all,
> >>>>>>
> >>>>>> an IPR disclosure had been submitted for the OAuth bearer
> >>>>>> document recently. In case you may have missed it, here is the lin=
k
> to it:
> >>>>>> https://datatracker.ietf.org/ipr/1752/
> >>>>>>
> >>>>>> The ADs will re-run the IETF last call due to this new IPR filing
> >>>>>> and we would also like the working group to check the IPR and to
> >>>>>> think about potential implications.
> >>>>>>
> >>>>>> Thanks.
> >>>>>>
> >>>>>> Ciao
> >>>>>> Hannes&   Derek
> >>>>>>
> >>>>>> _______________________________________________
> >>>>>> OAuth mailing list
> >>>>>> OAuth@ietf.org
> >>>>>> https://www.ietf.org/mailman/listinfo/oauth
> >>> _______________________________________________
> >>> OAuth mailing list
> >>> OAuth@ietf.org
> >>> https://www.ietf.org/mailman/listinfo/oauth


From hannes.tschofenig@gmx.net  Wed May  9 13:31:52 2012
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F0A111E80C8 for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 13:31:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ylEM2Sx3WsM3 for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 13:31:51 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id 71DB711E80C7 for <oauth@ietf.org>; Wed,  9 May 2012 13:31:51 -0700 (PDT)
Received: (qmail invoked by alias); 09 May 2012 20:31:49 -0000
Received: from unknown (EHLO [107.17.145.89]) [216.141.82.2] by mail.gmx.net (mp069) with SMTP; 09 May 2012 22:31:49 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1+EfCBmWB2EjMRD7ZVORdAGKoOYHzFxqHO9UDY5aT BjcGXtX30lx5bV
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=us-ascii
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
In-Reply-To: <4FAAC6C4.7080502@mtcc.com>
Date: Wed, 9 May 2012 23:31:44 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <08AD263C-DCFD-4B74-B902-3EC202E9CA72@gmx.net>
References: <0E17EDDE-567A-40BF-9CB9-0D6B757FF0A5@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA2010259C4@P3PWEX2MB008.ex2.secureserver.net> <6CE569CC-091C-456D-8426-FB3200ED4667@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA201025F4F@P3PWEX2MB008.ex2.secureserver.net> <4FAAC251.3010903@mtcc.com> <0CBAEB56DDB3A140BA8E8C124C04ECA201026058@P3PWEX2MB008.ex2.secureserver.net> <4FAAC6C4.7080502@mtcc.com>
To: Michael Thomas <mike@mtcc.com>
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] IPR on OAuth bearer
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 20:31:52 -0000

Hi Mike,=20

you have to by yourself decide whether this IPR (or any other issue) is =
important for you.=20
I cannot do that for you nor can the working group.=20

Ciao
Hannes=20

On May 9, 2012, at 10:34 PM, Michael Thomas wrote:

> On 05/09/2012 12:17 PM, Eran Hammer wrote:
>> Whoever you talk to for legal advice about IPR issues related to =
standards you might implement. My only point is, this group is not =
qualified to comment on IPR matters.
>=20
> The IETF gets to decide whether it wants to create standards that
> use (potentially) encumbered IP. It is the wg's responsibility to
> decide whether it is a necessary evil, or whether the damage can be
> routed around. How a working group does that without having a
> discussion is a mystery to me.
>=20
> Mike
>=20
>>=20
>> EH
>>=20
>>> -----Original Message-----
>>> From: Michael Thomas [mailto:mike@mtcc.com]
>>> Sent: Wednesday, May 09, 2012 12:15 PM
>>> To: Eran Hammer
>>> Cc: Hannes Tschofenig; oauth@ietf.org WG
>>> Subject: Re: [OAUTH-WG] IPR on OAuth bearer
>>>=20
>>> On 05/09/2012 12:06 PM, Eran Hammer wrote:
>>>> So no discussion of this is expected on the list - correct? That's =
what I
>>> wanted to clarify. You asked the WG to "think" about its potential
>>> implications but I don't want that "thinking" to happen out-loud on =
this list...
>>>> Raising the issue with your internal IPR team is the right step.
>>> What internal IPR team? The IETF is not a corpro-only club.
>>>=20
>>> Mike
>>>> EH
>>>>=20
>>>>> -----Original Message-----
>>>>> From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net]
>>>>> Sent: Wednesday, May 09, 2012 11:37 AM
>>>>> To: Eran Hammer
>>>>> Cc: Hannes Tschofenig; oauth@ietf.org WG
>>>>> Subject: Re: [OAUTH-WG] IPR on OAuth bearer
>>>>>=20
>>>>> Hi Eran,
>>>>>=20
>>>>> if you care about the specification (and want to use it in your
>>>>> products) then you may want to reach out to your IPR folks and ask =
for
>>> their judgement.
>>>>> They may be able to tell you whether they find the cited IPR
>>>>> applicable and whether they had experience with the IPR holder =
already.
>>>>>=20
>>>>> Ciao
>>>>> Hannes
>>>>>=20
>>>>> On May 9, 2012, at 8:51 PM, Eran Hammer wrote:
>>>>>=20
>>>>>> What exactly is the expected WG discussion on this? I hope people
>>>>>> here
>>>>> are not expected to read the patent and make legal decisions about
>>>>> the patent's validity or even applicability as these are questions
>>>>> for lawyers, not engineers.
>>>>>> EH
>>>>>>=20
>>>>>>> -----Original Message-----
>>>>>>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On
>>>>>>> Behalf Of Hannes Tschofenig
>>>>>>> Sent: Wednesday, May 09, 2012 10:44 AM
>>>>>>> To: oauth@ietf.org WG
>>>>>>> Subject: [OAUTH-WG] IPR on OAuth bearer
>>>>>>>=20
>>>>>>> Hi all,
>>>>>>>=20
>>>>>>> an IPR disclosure had been submitted for the OAuth bearer =
document
>>>>>>> recently. In case you may have missed it, here is the link to =
it:
>>>>>>> https://datatracker.ietf.org/ipr/1752/
>>>>>>>=20
>>>>>>> The ADs will re-run the IETF last call due to this new IPR =
filing
>>>>>>> and we would also like the working group to check the IPR and to
>>>>>>> think about potential implications.
>>>>>>>=20
>>>>>>> Thanks.
>>>>>>>=20
>>>>>>> Ciao
>>>>>>> Hannes&   Derek
>>>>>>>=20
>>>>>>> _______________________________________________
>>>>>>> OAuth mailing list
>>>>>>> OAuth@ietf.org
>>>>>>> https://www.ietf.org/mailman/listinfo/oauth
>>>> _______________________________________________
>>>> OAuth mailing list
>>>> OAuth@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/oauth
>=20


From mike@mtcc.com  Wed May  9 13:32:01 2012
Return-Path: <mike@mtcc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D96611E80D0 for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 13:32:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.559
X-Spam-Level: 
X-Spam-Status: No, score=-2.559 tagged_above=-999 required=5 tests=[AWL=0.040,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lBVD-V+rfiXC for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 13:32:00 -0700 (PDT)
Received: from mtcc.com (mtcc.com [50.0.18.224]) by ietfa.amsl.com (Postfix) with ESMTP id 8907E11E80CE for <oauth@ietf.org>; Wed,  9 May 2012 13:32:00 -0700 (PDT)
Received: from takifugu.mtcc.com (takifugu.mtcc.com [50.0.18.224]) (authenticated bits=0) by mtcc.com (8.14.3/8.14.3) with ESMTP id q49KVunv018026 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Wed, 9 May 2012 13:31:57 -0700
Message-ID: <4FAAD43C.501@mtcc.com>
Date: Wed, 09 May 2012 13:31:56 -0700
From: Michael Thomas <mike@mtcc.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.22) Gecko/20090605 Thunderbird/2.0.0.22 Mnenhy/0.7.5.0
MIME-Version: 1.0
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <0E17EDDE-567A-40BF-9CB9-0D6B757FF0A5@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA2010259C4@P3PWEX2MB008.ex2.secureserver.net> <6CE569CC-091C-456D-8426-FB3200ED4667@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA201025F4F@P3PWEX2MB008.ex2.secureserver.net> <4FAAC251.3010903@mtcc.com> <0CBAEB56DDB3A140BA8E8C124C04ECA201026058@P3PWEX2MB008.ex2.secureserver.net> <4FAAC6C4.7080502@mtcc.com> <4FAAD2DF.4080500@cs.tcd.ie>
In-Reply-To: <4FAAD2DF.4080500@cs.tcd.ie>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=1488; t=1336595517; x=1337459517; c=relaxed/simple; s=thundersaddle.kirkwood; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=mtcc.com; i=mike@mtcc.com; z=From:=20Michael=20Thomas=20<mike@mtcc.com> |Subject:=20Re=3A=20[OAUTH-WG]=20IPR=20on=20OAuth=20bearer |Sender:=20 |To:=20Stephen=20Farrell=20<stephen.farrell@cs.tcd.ie> |Content-Type:=20text/plain=3B=20charset=3DISO-8859-1=3B=20 format=3Dflowed |Content-Transfer-Encoding:=207bit |MIME-Version:=201.0; bh=iVcrD6YaNw/6bqVmi8aP1jLdYdtUpTNEmdWM3k7iLpc=; b=k3DGi+F3e6rbz/lwR/UzD8AOm3c8NeAjUwfqUUUUJzZQmUKDJl6Z0qqfs9 kkLxRGdb7U9vLNFvJOZJzr9hv/gXgOsyDuYUws4BZNE38tcqKiT7VOVzaqLt iBZqnY+4vdBTTlWOmVlF0nSBhbH58Px8JrerQ8lohweskvifqN19Y=;
Authentication-Results: ; v=0.1; dkim=pass header.i=mike@mtcc.com ( sig from mtcc.com/thundersaddle.kirkwood verified; );  dkim-asp=pass header.From=mike@mtcc.com
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] IPR on OAuth bearer
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 20:32:01 -0000

On 05/09/2012 01:26 PM, Stephen Farrell wrote:
> Hi Mike,
>
> On 05/09/2012 08:34 PM, Michael Thomas wrote:
>> On 05/09/2012 12:17 PM, Eran Hammer wrote:
>>> Whoever you talk to for legal advice about IPR issues related to
>>> standards you might implement. My only point is, this group is not
>>> qualified to comment on IPR matters.
>> The IETF gets to decide whether it wants to create standards that
>> use (potentially) encumbered IP. It is the wg's responsibility to
>> decide whether it is a necessary evil, or whether the damage can be
>> routed around. How a working group does that without having a
>> discussion is a mystery to me.
> Yeah, its tricky stuff. The key point as I understand it is
> not to get into discussion about licensing arrangements or
> other commercial matters, nor about the validity of the IPR
> itself, which are not our business. While we may or may not
> have opinions that 90+% of the output of all patent offices
> in the ICT space is pure rubbish, those are not directly
> relevant for the WG. If you're not sure, ask the chairs or
> me and we can try help.

Yes, I completely agree.
>
> The question is as Hannes stated: does this new information
> change the WG's opinion of this document or not. Silence is
> taken to mean "not" in this case.
>

That's not what I read Eran as asking for:

"So no discussion of this is expected on the list - correct?"

That a lot different from "off topic discussion".

Mike

From stephen.farrell@cs.tcd.ie  Wed May  9 13:37:37 2012
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 440F011E80C8 for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 13:37:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tTtFkN3jwz0k for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 13:37:36 -0700 (PDT)
Received: from scss.tcd.ie (hermes.scss.tcd.ie [IPv6:2001:770:10:200:889f:cdff:fe8d:ccd2]) by ietfa.amsl.com (Postfix) with ESMTP id AD28711E80BB for <oauth@ietf.org>; Wed,  9 May 2012 13:37:36 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id C2818171537; Wed,  9 May 2012 21:37:35 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:in-reply-to:references :subject:mime-version:user-agent:from:date:message-id:received :received:x-virus-scanned; s=cs; t=1336595855; bh=7CQI9I0tywKhb+ uV6U2MaNwk7tUKr/NipF47CR2hLy4=; b=SOwJ+13O3od7ujLn4MSa8fl1Q9J10f EbDc6CTVzHHsK6vzNP8Sw3s7oIfWfW5VycICg/OmrJ/4zzNkOQcsQqlbDmLKfcqi IapgGx6FFdzJUZgbO0fkpfwePjCIun4uSskTOXoI5b/mFc2ACqVK5e6UHBAvl9nc k5IuGfoeiDWwrS1FZU2tTQAd470lCpPUPMl7h67c48r5qAs4aV792kfbUx6w6m+p ZRt0UQ/RVU/ye9a7PFvTY+97qbtEBVzuBSALGs+5Ni/UOYFPP8ZZNOGLq/VMLNn9 Pse35DXvd4775jfNgkGFcSUjBcLIl9Ns5JTa5AXTsxEwHufuppr24vCg==
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id OFnRw1ospAAO; Wed,  9 May 2012 21:37:35 +0100 (IST)
Received: from [10.87.48.9] (unknown [86.46.20.248]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id 6E463171536; Wed,  9 May 2012 21:37:35 +0100 (IST)
Message-ID: <4FAAD58F.9010209@cs.tcd.ie>
Date: Wed, 09 May 2012 21:37:35 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120430 Thunderbird/12.0.1
MIME-Version: 1.0
To: Michael Thomas <mike@mtcc.com>
References: <0E17EDDE-567A-40BF-9CB9-0D6B757FF0A5@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA2010259C4@P3PWEX2MB008.ex2.secureserver.net> <6CE569CC-091C-456D-8426-FB3200ED4667@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA201025F4F@P3PWEX2MB008.ex2.secureserver.net> <4FAAC251.3010903@mtcc.com> <0CBAEB56DDB3A140BA8E8C124C04ECA201026058@P3PWEX2MB008.ex2.secureserver.net> <4FAAC6C4.7080502@mtcc.com> <4FAAD2DF.4080500@cs.tcd.ie> <4FAAD43C.501@mtcc.com>
In-Reply-To: <4FAAD43C.501@mtcc.com>
X-Enigmail-Version: 1.4.1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] IPR on OAuth bearer
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 20:37:37 -0000

On 05/09/2012 09:31 PM, Michael Thomas wrote:
>>
> 
> That's not what I read Eran as asking for:
> 
> "So no discussion of this is expected on the list - correct?"

Eran is right about the kinds of discussion I mentioned
as not being for the WG.

This is all business as usual, the rules are in RFC 3979,
updated by 4979.

S.


From jricher@mitre.org  Wed May  9 14:11:14 2012
Return-Path: <jricher@mitre.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16EFD21F8527 for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 14:11:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.55
X-Spam-Level: 
X-Spam-Status: No, score=-6.55 tagged_above=-999 required=5 tests=[AWL=0.048,  BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1ViXE6MaZAoW for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 14:11:12 -0700 (PDT)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id 4297921F8523 for <oauth@ietf.org>; Wed,  9 May 2012 14:11:12 -0700 (PDT)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id BB08A21B06C5 for <oauth@ietf.org>; Wed,  9 May 2012 17:11:09 -0400 (EDT)
Received: from IMCCAS02.MITRE.ORG (imccas02.mitre.org [129.83.29.79]) by smtpksrv1.mitre.org (Postfix) with ESMTP id A420921B06BB for <oauth@ietf.org>; Wed,  9 May 2012 17:11:09 -0400 (EDT)
Received: from [129.83.50.12] (129.83.31.51) by IMCCAS02.MITRE.ORG (129.83.29.79) with Microsoft SMTP Server (TLS) id 14.2.283.3; Wed, 9 May 2012 17:11:09 -0400
Message-ID: <4FAADD25.3070708@mitre.org>
Date: Wed, 9 May 2012 17:09:57 -0400
From: Justin Richer <jricher@mitre.org>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20120430 Thunderbird/12.0.1
MIME-Version: 1.0
To: <oauth@ietf.org>
References: <B61A05DAABADEA4EA2F19424825286FA181D05DF@IMCMBX04.MITRE.ORG> <MLQM-20120207095108759-104013@mlite.mitre.org>
In-Reply-To: <MLQM-20120207095108759-104013@mlite.mitre.org>
Content-Type: multipart/alternative; boundary="------------000209000405080604030603"
X-Originating-IP: [129.83.31.51]
Subject: Re: [OAUTH-WG] OAuth 2 flow diagrams
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 21:11:14 -0000

--------------000209000405080604030603
Content-Type: text/plain; charset="ISO-8859-1"; format=flowed
Content-Transfer-Encoding: 7bit

We've moved our git repository away from one that was tied to my 
personal account (jricher) and into a more appropriate "GitHub 
Organization" one. This means that the URLs pointing to the diagrams 
mentioned below have changed. The correct URL is now:

https://raw.github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/master/docs/OAuth2.0_Diagrams.pdf

This will point to the latest version. There are also some OpenID 
Connect diagrams (using the same style) in that same directory if 
anyone's interested.

  -- Justin

On 02/07/2012 09:46 AM, Anganes, Amanda L wrote:
>
> Hello again,
>
> Based on some feedback I have received I have updated my diagrams. 
> Changes are listed below, and the link 
> (https://github.com/jricher/OpenID-Connect-Java-Spring-Server/blob/master/docs/OAuth2.0_Diagrams.pdf?raw=true) 
> will always point to the latest version.
>
> * Changed the title of the diagrams to "OAuth 2.0 Authorization" (from 
> "OAuth 2.0 Authentication", which was incorrect).
>
> * Removed refresh_token from the Access Token response on the Client 
> Credentials flow.
>
> Ref: http://tools.ietf.org/html/draft-ietf-oauth-v2-23#section-4.4.3 
> says "A refresh token SHOULD NOT be included."
>
> * Changed "Consumer" to "Client" to better match the 2.0 terminology.
>
> /Amanda Anganes/
>
> Info Sys Engineer, G061
>
> The MITRE Corporation
>
> 782-271-3103
>
> aanganes@mitre.org
>
> *From:*oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] *On 
> Behalf Of *Anganes, Amanda L
> *Sent:* Friday, February 03, 2012 9:24 AM
> *To:* oauth@ietf.org
> *Subject:* [OAUTH-WG] OAuth 2 flow diagrams
>
> Hello,
>
> I've developed a set of flow diagrams for the OAuth 2.0 spec, with 
> separate diagrams for the Access Code, Implicit Grant, Resource Owner 
> Password Credentials, and the Client Credentials flows. These were 
> inspired by the diagrams for 1.0 and 1.0a that Idan Gazit posted in 
> http://www.ietf.org/mail-archive/web/oauth/current/msg00696.html, 
> which Justin Richer pointed me to when I first started trying to read 
> and understand the OAuth2.0 spec. I find these types of diagrams to be 
> incredibly useful, so I updated them again to (hopefully) reflect the 
> 2.0 spec.
>
> I'd appreciate any comments/corrections. If anyone finds the diagrams 
> to be useful, please feel free to rehost or reference them.
>
> https://github.com/jricher/OpenID-Connect-Java-Spring-Server/blob/master/docs/OAuth2.0_Diagrams.pdf?raw=true
>
> Thanks,
>
> /Amanda Anganes/
>
> Info Sys Engineer, G061
>
> The MITRE Corporation
>
> 782-271-3103
>
> aanganes@mitre.org <mailto:aanganes@mitre.org>
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


--------------000209000405080604030603
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    We've moved our git repository away from one that was tied to my
    personal account (jricher) and into a more appropriate "GitHub
    Organization" one. This means that the URLs pointing to the diagrams
    mentioned below have changed. The correct URL is now:<br>
    <br>
<a class="moz-txt-link-freetext" href="https://raw.github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/master/docs/OAuth2.0_Diagrams.pdf">https://raw.github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/master/docs/OAuth2.0_Diagrams.pdf</a><br>
    <br>
    This will point to the latest version. There are also some OpenID
    Connect diagrams (using the same style) in that same directory if
    anyone's interested.<br>
    <br>
    &nbsp;-- Justin<br>
    <br>
    On 02/07/2012 09:46 AM, Anganes, Amanda L wrote:
    <blockquote cite="mid:MLQM-20120207095108759-104013@mlite.mitre.org"
      type="cite">
      <meta http-equiv="Content-Type" content="text/html;
        charset=ISO-8859-1">
      <meta name="Generator" content="Microsoft Word 14 (filtered
        medium)">
      <style><!--
/* Font Definitions */
@font-face
	{font-family:Wingdings;
	panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
	{font-family:Wingdings;
	panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
	{mso-style-priority:34;
	margin-top:0in;
	margin-right:0in;
	margin-bottom:0in;
	margin-left:.5in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
span.EmailStyle17
	{mso-style-type:personal;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
span.EmailStyle18
	{mso-style-type:personal-reply;
	font-family:"Calibri","sans-serif";
	color:#1F497D;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:10.0pt;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
/* List Definitions */
@list l0
	{mso-list-id:298268648;
	mso-list-type:hybrid;
	mso-list-template-ids:-1708076240 151126392 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
	{mso-level-start-at:0;
	mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;
	mso-fareast-font-family:Calibri;
	mso-bidi-font-family:"Times New Roman";}
@list l0:level2
	{mso-level-number-format:bullet;
	mso-level-text:o;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:"Courier New";}
@list l0:level3
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Wingdings;}
@list l0:level4
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l0:level5
	{mso-level-number-format:bullet;
	mso-level-text:o;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:"Courier New";}
@list l0:level6
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Wingdings;}
@list l0:level7
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l0:level8
	{mso-level-number-format:bullet;
	mso-level-text:o;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:"Courier New";}
@list l0:level9
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Wingdings;}
@list l1
	{mso-list-id:920336686;
	mso-list-type:hybrid;
	mso-list-template-ids:81956818 301117430 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l1:level1
	{mso-level-start-at:0;
	mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;
	mso-fareast-font-family:Calibri;
	mso-bidi-font-family:"Times New Roman";}
@list l1:level2
	{mso-level-number-format:bullet;
	mso-level-text:o;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:"Courier New";}
@list l1:level3
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Wingdings;}
@list l1:level4
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l1:level5
	{mso-level-number-format:bullet;
	mso-level-text:o;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:"Courier New";}
@list l1:level6
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Wingdings;}
@list l1:level7
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l1:level8
	{mso-level-number-format:bullet;
	mso-level-text:o;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:"Courier New";}
@list l1:level9
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Wingdings;}
@list l2
	{mso-list-id:1487091583;
	mso-list-type:hybrid;
	mso-list-template-ids:2047351588 -574046594 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l2:level1
	{mso-level-start-at:0;
	mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;
	mso-fareast-font-family:Calibri;
	mso-bidi-font-family:"Times New Roman";}
@list l2:level2
	{mso-level-number-format:bullet;
	mso-level-text:o;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:"Courier New";}
@list l2:level3
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Wingdings;}
@list l2:level4
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l2:level5
	{mso-level-number-format:bullet;
	mso-level-text:o;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:"Courier New";}
@list l2:level6
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Wingdings;}
@list l2:level7
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l2:level8
	{mso-level-number-format:bullet;
	mso-level-text:o;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:"Courier New";}
@list l2:level9
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Wingdings;}
ol
	{margin-bottom:0in;}
ul
	{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
      <div class="WordSection1">
        <p class="MsoNormal"><span style="color:#1F497D">Hello again,<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="color:#1F497D"><o:p>&nbsp;</o:p></span></p>
        <p class="MsoNormal"><span style="color:#1F497D">Based on some
            feedback I have received I have updated my diagrams. Changes
            are listed below, and the link (</span><a
            moz-do-not-send="true"
href="https://github.com/jricher/OpenID-Connect-Java-Spring-Server/blob/master/docs/OAuth2.0_Diagrams.pdf?raw=true">https://github.com/jricher/OpenID-Connect-Java-Spring-Server/blob/master/docs/OAuth2.0_Diagrams.pdf?raw=true</a><span
            style="color:#1F497D">) will always point to the latest
            version.</span><o:p></o:p></p>
        <p class="MsoNormal"><span style="color:#1F497D"><o:p>&nbsp;</o:p></span></p>
        <p class="MsoNormal"><span style="color:#1F497D">* Changed the
            title of the diagrams to &#8220;OAuth 2.0 Authorization&#8221; (from
            &#8220;OAuth 2.0 Authentication&#8221;, which was incorrect).<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="color:#1F497D"><o:p>&nbsp;</o:p></span></p>
        <p class="MsoNormal"><span style="color:#1F497D">* Removed
            refresh_token from the Access Token response on the Client
            Credentials flow.
            <o:p></o:p></span></p>
        <p class="MsoNormal" style="text-indent:.5in"><span
            style="color:#1F497D">Ref: <a moz-do-not-send="true"
              href="http://tools.ietf.org/html/draft-ietf-oauth-v2-23#section-4.4.3">
http://tools.ietf.org/html/draft-ietf-oauth-v2-23#section-4.4.3</a> says
            "A refresh token SHOULD NOT be included."<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="color:#1F497D"><o:p>&nbsp;</o:p></span></p>
        <p class="MsoNormal"><span style="color:#1F497D">* Changed
            "Consumer" to "Client" to better match the 2.0 terminology.
            <o:p></o:p></span></p>
        <p class="MsoNormal"><span style="color:#1F497D"><o:p>&nbsp;</o:p></span></p>
        <div>
          <p class="MsoNormal"><i><span style="color:#D99594">Amanda
                Anganes<o:p></o:p></span></i></p>
          <p class="MsoNormal"><span style="color:#D99594">Info Sys
              Engineer, G061<o:p></o:p></span></p>
          <p class="MsoNormal"><span style="color:#D99594">The MITRE
              Corporation<o:p></o:p></span></p>
          <p class="MsoNormal"><span style="color:#D99594">782-271-3103<o:p></o:p></span></p>
          <p class="MsoNormal"><span style="color:#D99594"><a class="moz-txt-link-abbreviated" href="mailto:aanganes@mitre.org">aanganes@mitre.org</a><o:p></o:p></span></p>
        </div>
        <p class="MsoNormal"><span style="color:#1F497D"><o:p>&nbsp;</o:p></span></p>
        <div>
          <div style="border:none;border-top:solid #B5C4DF
            1.0pt;padding:3.0pt 0in 0in 0in">
            <p class="MsoNormal" style="margin-left:.5in"><b><span
style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;">From:</span></b><span
style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;">
                <a class="moz-txt-link-abbreviated" href="mailto:oauth-bounces@ietf.org">oauth-bounces@ietf.org</a> [<a class="moz-txt-link-freetext" href="mailto:oauth-bounces@ietf.org">mailto:oauth-bounces@ietf.org</a>]
                <b>On Behalf Of </b>Anganes, Amanda L<br>
                <b>Sent:</b> Friday, February 03, 2012 9:24 AM<br>
                <b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:oauth@ietf.org">oauth@ietf.org</a><br>
                <b>Subject:</b> [OAUTH-WG] OAuth 2 flow diagrams<o:p></o:p></span></p>
          </div>
        </div>
        <p class="MsoNormal" style="margin-left:.5in"><o:p>&nbsp;</o:p></p>
        <p class="MsoNormal" style="margin-left:.5in">Hello,<o:p></o:p></p>
        <p class="MsoNormal" style="margin-left:.5in"><o:p>&nbsp;</o:p></p>
        <p class="MsoNormal" style="margin-left:.5in">I&#8217;ve developed a
          set of flow diagrams for the OAuth 2.0 spec, with separate
          diagrams for the Access Code, Implicit Grant, Resource Owner
          Password Credentials, and the Client Credentials flows. These
          were inspired by the diagrams for 1.0 and 1.0a that Idan Gazit
          posted in <a moz-do-not-send="true"
            href="http://www.ietf.org/mail-archive/web/oauth/current/msg00696.html">
http://www.ietf.org/mail-archive/web/oauth/current/msg00696.html</a>,
          which Justin Richer pointed me to when I first started trying
          to read and understand the OAuth2.0 spec. I find these types
          of diagrams to be incredibly useful, so I updated them again
          to (hopefully) reflect the 2.0 spec. &nbsp;<o:p></o:p></p>
        <p class="MsoNormal" style="margin-left:.5in"><o:p>&nbsp;</o:p></p>
        <p class="MsoNormal" style="margin-left:.5in">I&#8217;d appreciate any
          comments/corrections. If anyone finds the diagrams to be
          useful, please feel free to rehost or reference them.<o:p></o:p></p>
        <p class="MsoNormal" style="margin-left:.5in"><o:p>&nbsp;</o:p></p>
        <p class="MsoNormal" style="margin-left:.5in"><a
            moz-do-not-send="true"
href="https://github.com/jricher/OpenID-Connect-Java-Spring-Server/blob/master/docs/OAuth2.0_Diagrams.pdf?raw=true">https://github.com/jricher/OpenID-Connect-Java-Spring-Server/blob/master/docs/OAuth2.0_Diagrams.pdf?raw=true</a><o:p></o:p></p>
        <p class="MsoNormal" style="margin-left:.5in"><o:p>&nbsp;</o:p></p>
        <p class="MsoNormal" style="margin-left:.5in">Thanks,<o:p></o:p></p>
        <p class="MsoNormal" style="margin-left:.5in"><o:p>&nbsp;</o:p></p>
        <p class="MsoNormal" style="margin-left:.5in"><i><span
              style="color:#D99594">Amanda Anganes<o:p></o:p></span></i></p>
        <p class="MsoNormal" style="margin-left:.5in"><span
            style="color:#D99594">Info Sys Engineer, G061<o:p></o:p></span></p>
        <p class="MsoNormal" style="margin-left:.5in"><span
            style="color:#D99594">The MITRE Corporation<o:p></o:p></span></p>
        <p class="MsoNormal" style="margin-left:.5in"><span
            style="color:#D99594">782-271-3103<o:p></o:p></span></p>
        <p class="MsoNormal" style="margin-left:.5in"><span
            style="color:#D99594"><a moz-do-not-send="true"
              href="mailto:aanganes@mitre.org">aanganes@mitre.org</a><o:p></o:p></span></p>
        <p class="MsoNormal" style="margin-left:.5in"><o:p>&nbsp;</o:p></p>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
OAuth mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OAuth@ietf.org">OAuth@ietf.org</a>
<a class="moz-txt-link-freetext" href="https://www.ietf.org/mailman/listinfo/oauth">https://www.ietf.org/mailman/listinfo/oauth</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>

--------------000209000405080604030603--

From hartmans@mit.edu  Wed May  9 14:45:51 2012
Return-Path: <hartmans@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AFBB11E80BF for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 14:45:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.467
X-Spam-Level: 
X-Spam-Status: No, score=-102.467 tagged_above=-999 required=5 tests=[AWL=-0.802, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, J_CHICKENPOX_22=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g-hh+HpoY6Xu for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 14:45:51 -0700 (PDT)
Received: from permutation-city.suchdamage.org (permutation-city.suchdamage.org [69.25.196.28]) by ietfa.amsl.com (Postfix) with ESMTP id 3093911E8076 for <oauth@ietf.org>; Wed,  9 May 2012 14:45:51 -0700 (PDT)
Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id EAB2020348; Wed,  9 May 2012 17:41:37 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 1796E448D; Wed,  9 May 2012 17:45:40 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: Michael Thomas <mike@mtcc.com>
References: <0E17EDDE-567A-40BF-9CB9-0D6B757FF0A5@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA2010259C4@P3PWEX2MB008.ex2.secureserver.net> <6CE569CC-091C-456D-8426-FB3200ED4667@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA201025F4F@P3PWEX2MB008.ex2.secureserver.net> <4FAAC251.3010903@mtcc.com> <0CBAEB56DDB3A140BA8E8C124C04ECA201026058@P3PWEX2MB008.ex2.secureserver.net> <4FAAC6C4.7080502@mtcc.com> <4FAAD2DF.4080500@cs.tcd.ie> <4FAAD43C.501@mtcc.com>
Date: Wed, 09 May 2012 17:45:39 -0400
In-Reply-To: <4FAAD43C.501@mtcc.com> (Michael Thomas's message of "Wed, 09 May 2012 13:31:56 -0700")
Message-ID: <tslbolxgha4.fsf@mit.edu>
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] IPR on OAuth bearer
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 21:45:51 -0000

So, here are statements that  you could make as part of this discussion
that would be entirely in scope:

1) I've read the IPR. Prior to this disclosure I was interested in
developing|deploying|shipping  an implementation of this
specification. Now I am not.

2) I think you could go so far as to say. Based on this IPR I would no
longer feel comfortable making an open-source implementation of this
spec available.

3) Or on the other  side: I've reviewed this new IPR and I believe I
could implement|ship|deploy|whatever this specification.

Or if you don't like giving out as much information as 1-3:

4) I've reviewed the new IPr and I recommend that we not advance this
standard

5) I've reviewed the IPR and I do recommend we advance.

Obviously, people may weigh statements of the form 1-3 with more value
than 4-5. However it's really hard to get many organizations to say
something in the 1-3 range.

Other valid things to say in such a context include:

6) We've successfully obtained any licenses we believe that we need in
order to implement this specification given the IPR.

7) We attempted to obtain the licenses we needed in order to implement
given this IPR but were unsuccessful.

 believe all the above statements are acceptable. In particular, none of
 them comment on the validity of the IPR nor give legal advice about
 stuff.

I believe you could even go so far as to say  something like I believe
that an open-source implementation of this technology is|is not
important to whether we should standardize it. I believe we've come very
close to that in the past. 

From wmills@yahoo-inc.com  Wed May  9 15:04:46 2012
Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA7C011E80E0 for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 15:04:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.741
X-Spam-Level: 
X-Spam-Status: No, score=-15.741 tagged_above=-999 required=5 tests=[AWL=-1.157, BAYES_40=-0.185, HTML_MESSAGE=0.001, J_CHICKENPOX_22=0.6, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pJ+Js+g9LrZz for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 15:04:46 -0700 (PDT)
Received: from nm5-vm0.bullet.mail.sp2.yahoo.com (nm5-vm0.bullet.mail.sp2.yahoo.com [98.139.91.204]) by ietfa.amsl.com (Postfix) with SMTP id 18CD811E80D7 for <oauth@ietf.org>; Wed,  9 May 2012 15:04:46 -0700 (PDT)
Received: from [72.30.22.79] by nm5.bullet.mail.sp2.yahoo.com with NNFMP; 09 May 2012 22:04:46 -0000
Received: from [98.139.91.51] by tm13.bullet.mail.sp2.yahoo.com with NNFMP; 09 May 2012 22:04:46 -0000
Received: from [127.0.0.1] by omp1051.mail.sp2.yahoo.com with NNFMP; 09 May 2012 22:04:45 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 992388.87587.bm@omp1051.mail.sp2.yahoo.com
Received: (qmail 21821 invoked by uid 60001); 9 May 2012 22:04:45 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1336601085; bh=qxwBoMmeVRTG3UitAL9FvSN5vEzx/uw51sRas3x8OAc=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=YQgzsMB56Z57qgzN/9XmLfuWmQUqokAGWjGJQzploLTypIQAYzRdT0Vbd5BYt6qa351xxSEHdQpzX/faoHRPFnUzzQAaJxfbtDuvv360TuNVVtIW/Uel9BoJRGdEH1PMCMACsnh52exbNyFMKyTbC+2HAYvdlbqKsLfAQU0CTIU=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=Zrg0qmDmmGt9EKc0gRA6wcS9KNLek5tsu783qk2MMs8yfWNU1GT7CKM+0gEYZp62yaY69zUAr7YYup1gm3OvXv0uAmi281QZ+Gq9+0+92fi0EMVnFai45hJzFNP9O+TeknkTURSBebG8dHeuBXdlRfMRce38jz/Yd1mH5+OU8LI=;
X-YMail-OSG: qVOPYO0VM1mq8AmqMGyFMmm5S8qHc5kQl58g_HgS.geXpzA .Ug0y0A76c_7RMrbqcS4_ApgXLT.1DFaLDBfQ.Jt6ETkBnvIadpoVljJIhHA 1CEKkQKaYlhLkgaPLeSJpN643h8kVC0IBocmZr7lK1OdwnBm9em1XjTvxUqE Bj1pT1M2O8OBIexzhReld9SWco0cmTb7EB7Uj091HWFs.MtMughEnLqWgfFb PjintMkcXhXYdPS2YOXenWsVubQtkNerpA16WzwnJIuyVa8x3XvaJD1o4Vv5 g3HQC.bAJM.HAc2AlSTTPeksGvzoVV5KcBNiXWmc7Azt_gn6DQD4cPrdwfHq .F211bDtmWlx32nPXjQY_VbXzSGf1Pq_Y5DtYgn0kvoLv8JetQEQsYRN0ksB 8N3jx1IryRO78Anh_uUZX5GsGspeIE_1_6QncPgiV0meHm1U2sA--
Received: from [209.131.62.120] by web31803.mail.mud.yahoo.com via HTTP; Wed, 09 May 2012 15:04:45 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.118.349524
References: <0E17EDDE-567A-40BF-9CB9-0D6B757FF0A5@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA2010259C4@P3PWEX2MB008.ex2.secureserver.net> <6CE569CC-091C-456D-8426-FB3200ED4667@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA201025F4F@P3PWEX2MB008.ex2.secureserver.net> <4FAAC251.3010903@mtcc.com> <0CBAEB56DDB3A140BA8E8C124C04ECA201026058@P3PWEX2MB008.ex2.secureserver.net> <4FAAC6C4.7080502@mtcc.com> <4FAAD2DF.4080500@cs.tcd.ie> <4FAAD43C.501@mtcc.com> <tslbolxgha4.fsf@mit.edu>
Message-ID: <1336601085.34230.YahooMailNeo@web31803.mail.mud.yahoo.com>
Date: Wed, 9 May 2012 15:04:45 -0700 (PDT)
From: William Mills <wmills@yahoo-inc.com>
To: Sam Hartman <hartmans-ietf@mit.edu>, Michael Thomas <mike@mtcc.com>
In-Reply-To: <tslbolxgha4.fsf@mit.edu>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="1502656925-82259641-1336601085=:34230"
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] IPR on OAuth bearer
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills@yahoo-inc.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 22:04:46 -0000

--1502656925-82259641-1336601085=:34230
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

Is it correct to say that the=A0 IPR in question touched the portion of Bea=
rer that deals with allowing the token in the URL, and that tokens in the A=
uth header and tokens in POST body?=0A=0AIf so, then for me this issue is a=
nother reason not to use tokens in the URL, which I would already recommend=
 against for several reasons.=A0 We would not use this in our own implement=
ations.=0A=0A=0A-bill=0A=0A=0A=0A=0A>________________________________=0A> F=
rom: Sam Hartman <hartmans-ietf@mit.edu>=0A>To: Michael Thomas <mike@mtcc.c=
om> =0A>Cc: "oauth@ietf.org WG" <oauth@ietf.org> =0A>Sent: Wednesday, May 9=
, 2012 2:45 PM=0A>Subject: Re: [OAUTH-WG] IPR on OAuth bearer=0A> =0A>So, h=
ere are statements that=A0 you could make as part of this discussion=0A>tha=
t would be entirely in scope:=0A>=0A>1) I've read the IPR. Prior to this di=
sclosure I was interested in=0A>developing|deploying|shipping=A0 an impleme=
ntation of this=0A>specification. Now I am not.=0A>=0A>2) I think you could=
 go so far as to say. Based on this IPR I would no=0A>longer feel comfortab=
le making an open-source implementation of this=0A>spec available.=0A>=0A>3=
) Or on the other=A0 side: I've reviewed this new IPR and I believe I=0A>co=
uld implement|ship|deploy|whatever this specification.=0A>=0A>Or if you don=
't like giving out as much information as 1-3:=0A>=0A>4) I've reviewed the =
new IPr and I recommend that we not advance this=0A>standard=0A>=0A>5) I've=
 reviewed the IPR and I do recommend we advance.=0A>=0A>Obviously, people m=
ay weigh statements of the form 1-3 with more value=0A>than 4-5. However it=
's really hard to get many organizations to say=0A>something in the 1-3 ran=
ge.=0A>=0A>Other valid things to say in such a context include:=0A>=0A>6) W=
e've successfully obtained any licenses we believe that we need in=0A>order=
 to implement this specification given the IPR.=0A>=0A>7) We attempted to o=
btain the licenses we needed in order to implement=0A>given this IPR but we=
re unsuccessful.=0A>=0A>believe all the above statements are acceptable. In=
 particular, none of=0A>them comment on the validity of the IPR nor give le=
gal advice about=0A>stuff.=0A>=0A>I believe you could even go so far as to =
say=A0 something like I believe=0A>that an open-source implementation of th=
is technology is|is not=0A>important to whether we should standardize it. I=
 believe we've come very=0A>close to that in the past. =0A>________________=
_______________________________=0A>OAuth mailing list=0A>OAuth@ietf.org=0A>=
https://www.ietf.org/mailman/listinfo/oauth=0A>=0A>=0A>
--1502656925-82259641-1336601085=:34230
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

<html><body><div style=3D"color:#000; background-color:#fff; font-family:Co=
urier New, courier, monaco, monospace, sans-serif;font-size:14pt"><div><spa=
n>Is it correct to say that the&nbsp; IPR in question touched the portion o=
f Bearer that deals with allowing the token in the URL, and that tokens in =
the Auth header and tokens in POST body?</span></div><div><br><span></span>=
</div><div><span>If so, then for me this issue is another reason not to use=
 tokens in the URL, which I would already recommend against for several rea=
sons.&nbsp; We would not use this in our own implementations.<br></span></d=
iv><div><br><span></span></div><div><span>-bill<br></span></div><div><br><b=
lockquote style=3D"border-left: 2px solid rgb(16, 16, 255); margin-left: 5p=
x; margin-top: 5px; padding-left: 5px;">  <div style=3D"font-family: Courie=
r New, courier, monaco, monospace, sans-serif; font-size: 14pt;"> <div styl=
e=3D"font-family: times new roman, new york, times, serif; font-size:
 12pt;"> <div dir=3D"ltr"> <font face=3D"Arial" size=3D"2"> <hr size=3D"1">=
  <b><span style=3D"font-weight:bold;">From:</span></b> Sam Hartman &lt;har=
tmans-ietf@mit.edu&gt;<br> <b><span style=3D"font-weight: bold;">To:</span>=
</b> Michael Thomas &lt;mike@mtcc.com&gt; <br><b><span style=3D"font-weight=
: bold;">Cc:</span></b> "oauth@ietf.org WG" &lt;oauth@ietf.org&gt; <br> <b>=
<span style=3D"font-weight: bold;">Sent:</span></b> Wednesday, May 9, 2012 =
2:45 PM<br> <b><span style=3D"font-weight: bold;">Subject:</span></b> Re: [=
OAUTH-WG] IPR on OAuth bearer<br> </font> </div> <br>=0ASo, here are statem=
ents that&nbsp; you could make as part of this discussion<br>that would be =
entirely in scope:<br><br>1) I've read the IPR. Prior to this disclosure I =
was interested in<br>developing|deploying|shipping&nbsp; an implementation =
of this<br>specification. Now I am not.<br><br>2) I think you could go so f=
ar as to say. Based on this IPR I would no<br>longer feel comfortable makin=
g an open-source implementation of this<br>spec available.<br><br>3) Or on =
the other&nbsp; side: I've reviewed this new IPR and I believe I<br>could i=
mplement|ship|deploy|whatever this specification.<br><br>Or if you don't li=
ke giving out as much information as 1-3:<br><br>4) I've reviewed the new I=
Pr and I recommend that we not advance this<br>standard<br><br>5) I've revi=
ewed the IPR and I do recommend we advance.<br><br>Obviously, people may we=
igh statements of the form 1-3 with more value<br>than 4-5. However it's re=
ally hard to get many organizations to
 say<br>something in the 1-3 range.<br><br>Other valid things to say in suc=
h a context include:<br><br>6) We've successfully obtained any licenses we =
believe that we need in<br>order to implement this specification given the =
IPR.<br><br>7) We attempted to obtain the licenses we needed in order to im=
plement<br>given this IPR but were unsuccessful.<br><br> believe all the ab=
ove statements are acceptable. In particular, none of<br> them comment on t=
he validity of the IPR nor give legal advice about<br> stuff.<br><br>I beli=
eve you could even go so far as to say&nbsp; something like I believe<br>th=
at an open-source implementation of this technology is|is not<br>important =
to whether we should standardize it. I believe we've come very<br>close to =
that in the past. <br>_______________________________________________<br>OA=
uth mailing list<br><a ymailto=3D"mailto:OAuth@ietf.org" href=3D"mailto:OAu=
th@ietf.org">OAuth@ietf.org</a><br><a
 href=3D"https://www.ietf.org/mailman/listinfo/oauth" target=3D"_blank">htt=
ps://www.ietf.org/mailman/listinfo/oauth</a><br><br><br> </div> </div> </bl=
ockquote></div>   </div></body></html>
--1502656925-82259641-1336601085=:34230--

From hannes.tschofenig@gmx.net  Wed May  9 15:06:55 2012
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1399D11E80D7 for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 15:06:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.422
X-Spam-Level: 
X-Spam-Status: No, score=-102.422 tagged_above=-999 required=5 tests=[AWL=0.177, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HM3FZjn68QZ5 for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 15:06:54 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id 197F011E8086 for <oauth@ietf.org>; Wed,  9 May 2012 15:06:53 -0700 (PDT)
Received: (qmail invoked by alias); 09 May 2012 22:06:52 -0000
Received: from unknown (EHLO [107.17.145.89]) [216.141.82.2] by mail.gmx.net (mp071) with SMTP; 10 May 2012 00:06:52 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1+b8fFxiwGb/dOpqK4nZza7Xg6eZoRUAIpLfXIqAB gcJlDSEGKIBIgH
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Apple Message framework v1084)
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Date: Thu, 10 May 2012 01:06:49 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <7D98C51F-84D8-48AA-B94D-EABE4D0921DB@gmx.net>
To: "oauth@ietf.org WG" <oauth@ietf.org>
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Subject: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 22:06:55 -0000

Hi all,=20

another issue that came up in Sean's IESG review was about the encoding =
of the error / error_description / error_uri in the base and in the =
bearer specification.=20

As mentioned in my earlier mail about the registry for the error codes =
there are three error fields defined in the two specification and the =
error / error_description / error_uri fields are allowed to appear in =
different parts of an HTTP message.=20
Depending on where they show up different encoding restrictions apply.=20=


For the core specification these error fields may appear in the=20
* body of the HTTP message (encoded in JSON)
* parameters to the query component of the redirection URI (using the
  "application/x-www-form-urlencoded" format)

For the bearer specification these error fields appear in the HTTP =
header. Consequently, =
http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-19 says 'values =
for the "error" and "error_description" attributes MUST NOT include =
characters outside the set %x20-21 / %x23-5B / %x5D-7E.'=20

Now, here is the question. While these errors are essentially copied =
over from one spec to the other the different encoding restrictions make =
them different. Do we want different encodings of errors in the two =
documents?

So, I see two options:=20

1) Leave the encoding as it is. This means the encoding of the error / =
error_description / error_uri in the two specifications is different.=20

2) Harmonize the encoding between the two specifications by =
incorporating the restrictions from the bearer specification into the =
base specification.=20

Please indicate your preference by the end of next week (18th May 2012).=20=


Ciao
Hannes


From Michael.Jones@microsoft.com  Wed May  9 15:15:41 2012
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9655F21F84C8 for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 15:15:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.925
X-Spam-Level: 
X-Spam-Status: No, score=-3.925 tagged_above=-999 required=5 tests=[AWL=-0.326, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6+J1E6xjtq-y for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 15:15:41 -0700 (PDT)
Received: from db3outboundpool.messaging.microsoft.com (db3ehsobe001.messaging.microsoft.com [213.199.154.139]) by ietfa.amsl.com (Postfix) with ESMTP id 91BAE21F84C3 for <oauth@ietf.org>; Wed,  9 May 2012 15:15:40 -0700 (PDT)
Received: from mail51-db3-R.bigfish.com (10.3.81.227) by DB3EHSOBE001.bigfish.com (10.3.84.21) with Microsoft SMTP Server id 14.1.225.23; Wed, 9 May 2012 22:15:39 +0000
Received: from mail51-db3 (localhost [127.0.0.1])	by mail51-db3-R.bigfish.com (Postfix) with ESMTP id 7153F3804A7; Wed,  9 May 2012 22:15:39 +0000 (UTC)
X-SpamScore: -27
X-BigFish: VS-27(zz9371I14ffI542Mzz1202hzz1033IL8275dhz2fh2a8h668h839h944hd25h)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC107.redmond.corp.microsoft.com; RD:none; EFVD:NLI
Received-SPF: pass (mail51-db3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC107.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail51-db3 (localhost.localdomain [127.0.0.1]) by mail51-db3 (MessageSwitch) id 1336601738153344_6563; Wed,  9 May 2012 22:15:38 +0000 (UTC)
Received: from DB3EHSMHS006.bigfish.com (unknown [10.3.81.230])	by mail51-db3.bigfish.com (Postfix) with ESMTP id 170393003CD; Wed,  9 May 2012 22:15:38 +0000 (UTC)
Received: from TK5EX14HUBC107.redmond.corp.microsoft.com (131.107.125.8) by DB3EHSMHS006.bigfish.com (10.3.87.106) with Microsoft SMTP Server (TLS) id 14.1.225.23; Wed, 9 May 2012 22:15:37 +0000
Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.230]) by TK5EX14HUBC107.redmond.corp.microsoft.com ([157.54.80.67]) with mapi id 14.02.0298.005; Wed, 9 May 2012 22:15:36 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "oauth@ietf.org WG" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec
Thread-Index: AQHNLjAPfUna+mufcUmIKpLKwMV+D5bCBemQ
Date: Wed, 9 May 2012 22:15:35 +0000
Message-ID: <4E1F6AAD24975D4BA5B1680429673943664CE2AE@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <7D98C51F-84D8-48AA-B94D-EABE4D0921DB@gmx.net>
In-Reply-To: <7D98C51F-84D8-48AA-B94D-EABE4D0921DB@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.32]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Subject: Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 22:15:41 -0000

2) Consistent syntax across both OAuth specs.

				-- Mike

-----Original Message-----
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of H=
annes Tschofenig
Sent: Wednesday, May 09, 2012 3:07 PM
To: oauth@ietf.org WG
Subject: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec

Hi all,=20

another issue that came up in Sean's IESG review was about the encoding of =
the error / error_description / error_uri in the base and in the bearer spe=
cification.=20

As mentioned in my earlier mail about the registry for the error codes ther=
e are three error fields defined in the two specification and the error / e=
rror_description / error_uri fields are allowed to appear in different part=
s of an HTTP message.=20
Depending on where they show up different encoding restrictions apply.=20

For the core specification these error fields may appear in the=20
* body of the HTTP message (encoded in JSON)
* parameters to the query component of the redirection URI (using the
  "application/x-www-form-urlencoded" format)

For the bearer specification these error fields appear in the HTTP header. =
Consequently, http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-19 says=
 'values for the "error" and "error_description" attributes MUST NOT includ=
e characters outside the set %x20-21 / %x23-5B / %x5D-7E.'=20

Now, here is the question. While these errors are essentially copied over f=
rom one spec to the other the different encoding restrictions make them dif=
ferent. Do we want different encodings of errors in the two documents?

So, I see two options:=20

1) Leave the encoding as it is. This means the encoding of the error / erro=
r_description / error_uri in the two specifications is different.=20

2) Harmonize the encoding between the two specifications by incorporating t=
he restrictions from the bearer specification into the base specification.=
=20

Please indicate your preference by the end of next week (18th May 2012).=20

Ciao
Hannes

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth



From wmills@yahoo-inc.com  Wed May  9 15:18:24 2012
Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6AA221F84D6 for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 15:18:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.207
X-Spam-Level: 
X-Spam-Status: No, score=-17.207 tagged_above=-999 required=5 tests=[AWL=0.391, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EIVsFYVw9WLj for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 15:18:24 -0700 (PDT)
Received: from nm7-vm0.bullet.mail.bf1.yahoo.com (nm7-vm0.bullet.mail.bf1.yahoo.com [98.139.213.151]) by ietfa.amsl.com (Postfix) with SMTP id BC09B21F84CE for <oauth@ietf.org>; Wed,  9 May 2012 15:18:17 -0700 (PDT)
Received: from [98.139.214.32] by nm7.bullet.mail.bf1.yahoo.com with NNFMP; 09 May 2012 22:18:17 -0000
Received: from [98.139.212.220] by tm15.bullet.mail.bf1.yahoo.com with NNFMP; 09 May 2012 22:18:17 -0000
Received: from [127.0.0.1] by omp1029.mail.bf1.yahoo.com with NNFMP; 09 May 2012 22:18:17 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 168511.36664.bm@omp1029.mail.bf1.yahoo.com
Received: (qmail 27766 invoked by uid 60001); 9 May 2012 22:18:16 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1336601896; bh=rGujQfXIFi4drCSzV46So7PcgQprfjDxHqWe3MO7QnQ=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=mjrAWIxdKYJXCD68Rl1shqGVMIa7EfFRYcnFkD7Z9+INWzBYNFZjLizh37m3+tDj+V3xaeXYSPzjXqHFVZMCb0NKBdAU/D1/+YwjNR32RyQeWUmk8cAVbYvNKVjBmgVegmT/kv7TjAHrI7uU07hCQItnbyXp6fiLy2qbsNS6nIA=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=n5PEhB+WX7Z4Zbi8eyikLQFKp7FLlwh19VanZnSE5k/Z726EFLSdwc1gOiBZglnqDmKkXrCXLU2BOIIZ05Dw1D6a3aE/37Z78nHAZg4lKg65q1Wll+ShribpzSkA0jOpD81degztuwbnXPfMzkjVbpgnTtlCoxTj/M1oJgJT34s=;
X-YMail-OSG: okRrCdMVM1lkLNl2WfH1v_xOE3.4k7T4_d7Y0kOpCgptlOI POFSXeeJAVYwKtju7r6lQOMiCtBL598a0h8WDRA_MCp.poZJpWJhW2yZTYFm G.Wx4hEflCYrLsqjfaDTKE4ky.8VVgTJleCQ8o5n88ZG24pG.4cYhbaYlfM3 pGZJAd5nXOWKkHu1O_p2a7OTRRbS4P1rwqWv2wshfhnWEhgQcTHLsPq9k_eQ iE_l3iLSsVn.70oZo4JvmEtLWA7Lf.8YxCMTFFBvo7dQ9C_kNZN5Tcs_bg2t 4U0UBd4Xr3RXpBWvqkCb7uF.VJ8CJdbrCoVaqtjtjzNwTt5kIsoLxu3jtHu4 TSYiXMUG0H_c2rEx9.1dNliLMqZ5yN_JLijcejPEcEbkn8_g0GUCfco9Gt3L zQ5ZJbzAwk9Pi1D8N7IEgf54oztcVucS2uBImrZhsnkJpl7xJ1w--
Received: from [209.131.62.120] by web31807.mail.mud.yahoo.com via HTTP; Wed, 09 May 2012 15:18:16 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.118.349524
References: <7D98C51F-84D8-48AA-B94D-EABE4D0921DB@gmx.net> <4E1F6AAD24975D4BA5B1680429673943664CE2AE@TK5EX14MBXC283.redmond.corp.microsoft.com>
Message-ID: <1336601896.10694.YahooMailNeo@web31807.mail.mud.yahoo.com>
Date: Wed, 9 May 2012 15:18:16 -0700 (PDT)
From: William Mills <wmills@yahoo-inc.com>
To: Mike Jones <Michael.Jones@microsoft.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, "oauth@ietf.org WG" <oauth@ietf.org>
In-Reply-To: <4E1F6AAD24975D4BA5B1680429673943664CE2AE@TK5EX14MBXC283.redmond.corp.microsoft.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-125733401-1044875231-1336601896=:10694"
Subject: Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills@yahoo-inc.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 22:18:25 -0000

---125733401-1044875231-1336601896=:10694
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

+1=0A=0A=0A=0A=0A>________________________________=0A> From: Mike Jones <Mi=
chael.Jones@microsoft.com>=0A>To: Hannes Tschofenig <hannes.tschofenig@gmx.=
net>; "oauth@ietf.org WG" <oauth@ietf.org> =0A>Sent: Wednesday, May 9, 2012=
 3:15 PM=0A>Subject: Re: [OAUTH-WG] Encoding of Errors in the Base and in t=
he Bearer Spec=0A> =0A>2) Consistent syntax across both OAuth specs.=0A>=0A=
>=A0=A0=A0 =A0=A0=A0 =A0=A0=A0 =A0=A0=A0 -- Mike=0A>=0A>-----Original Messa=
ge-----=0A>From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On =
Behalf Of Hannes Tschofenig=0A>Sent: Wednesday, May 09, 2012 3:07 PM=0A>To:=
 oauth@ietf.org WG=0A>Subject: [OAUTH-WG] Encoding of Errors in the Base an=
d in the Bearer Spec=0A>=0A>Hi all, =0A>=0A>another issue that came up in S=
ean's IESG review was about the encoding of the error / error_description /=
 error_uri in the base and in the bearer specification. =0A>=0A>As mentione=
d in my earlier mail about the registry for the error codes there are three=
 error fields defined in the two specification and the error / error_descri=
ption / error_uri fields are allowed to appear in different parts of an HTT=
P message. =0A>Depending on where they show up different encoding restricti=
ons apply. =0A>=0A>For the core specification these error fields may appear=
 in the =0A>* body of the HTTP message (encoded in JSON)=0A>* parameters to=
 the query component of the redirection URI (using the=0A>=A0 "application/=
x-www-form-urlencoded" format)=0A>=0A>For the bearer specification these er=
ror fields appear in the HTTP header. Consequently, http://tools.ietf.org/h=
tml/draft-ietf-oauth-v2-bearer-19 says 'values for the "error" and "error_d=
escription" attributes MUST NOT include characters outside the set %x20-21 =
/ %x23-5B / %x5D-7E.' =0A>=0A>Now, here is the question. While these errors=
 are essentially copied over from one spec to the other the different encod=
ing restrictions make them different. Do we want different encodings of err=
ors in the two documents?=0A>=0A>So, I see two options: =0A>=0A>1) Leave th=
e encoding as it is. This means the encoding of the error / error_descripti=
on / error_uri in the two specifications is different. =0A>=0A>2) Harmonize=
 the encoding between the two specifications by incorporating the restricti=
ons from the bearer specification into the base specification. =0A>=0A>Plea=
se indicate your preference by the end of next week (18th May 2012). =0A>=
=0A>Ciao=0A>Hannes=0A>=0A>_______________________________________________=
=0A>OAuth mailing list=0A>OAuth@ietf.org=0A>https://www.ietf.org/mailman/li=
stinfo/oauth=0A>=0A>=0A>_______________________________________________=0A>=
OAuth mailing list=0A>OAuth@ietf.org=0A>https://www.ietf.org/mailman/listin=
fo/oauth=0A>=0A>=0A>
---125733401-1044875231-1336601896=:10694
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

<html><body><div style=3D"color:#000; background-color:#fff; font-family:Co=
urier New, courier, monaco, monospace, sans-serif;font-size:14pt"><div><spa=
n>+1</span></div><div><br><blockquote style=3D"border-left: 2px solid rgb(1=
6, 16, 255); margin-left: 5px; margin-top: 5px; padding-left: 5px;">  <div =
style=3D"font-family: Courier New, courier, monaco, monospace, sans-serif; =
font-size: 14pt;"> <div style=3D"font-family: times new roman, new york, ti=
mes, serif; font-size: 12pt;"> <div dir=3D"ltr"> <font face=3D"Arial" size=
=3D"2"> <hr size=3D"1">  <b><span style=3D"font-weight:bold;">From:</span><=
/b> Mike Jones &lt;Michael.Jones@microsoft.com&gt;<br> <b><span style=3D"fo=
nt-weight: bold;">To:</span></b> Hannes Tschofenig &lt;hannes.tschofenig@gm=
x.net&gt;; "oauth@ietf.org WG" &lt;oauth@ietf.org&gt; <br> <b><span style=
=3D"font-weight: bold;">Sent:</span></b> Wednesday, May 9, 2012 3:15 PM<br>=
 <b><span style=3D"font-weight: bold;">Subject:</span></b> Re: [OAUTH-WG] E=
ncoding of Errors in
 the Base and in the Bearer Spec<br> </font> </div> <br>=0A2) Consistent sy=
ntax across both OAuth specs.<br><br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; =
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; -- Mike<br><br>-----Original Message-=
----<br>From: <a ymailto=3D"mailto:oauth-bounces@ietf.org" href=3D"mailto:o=
auth-bounces@ietf.org">oauth-bounces@ietf.org</a> [mailto:<a ymailto=3D"mai=
lto:oauth-bounces@ietf.org" href=3D"mailto:oauth-bounces@ietf.org">oauth-bo=
unces@ietf.org</a>] On Behalf Of Hannes Tschofenig<br>Sent: Wednesday, May =
09, 2012 3:07 PM<br>To: <a ymailto=3D"mailto:oauth@ietf.org" href=3D"mailto=
:oauth@ietf.org">oauth@ietf.org</a> WG<br>Subject: [OAUTH-WG] Encoding of E=
rrors in the Base and in the Bearer Spec<br><br>Hi all, <br><br>another iss=
ue that came up in Sean's IESG review was about the encoding of the error /=
 error_description / error_uri in the base and in the bearer specification.=
 <br><br>As mentioned in my earlier mail about the registry for the error c=
odes there are three error fields defined in the two
 specification and the error / error_description / error_uri fields are all=
owed to appear in different parts of an HTTP message. <br>Depending on wher=
e they show up different encoding restrictions apply. <br><br>For the core =
specification these error fields may appear in the <br>* body of the HTTP m=
essage (encoded in JSON)<br>* parameters to the query component of the redi=
rection URI (using the<br>&nbsp; "application/x-www-form-urlencoded" format=
)<br><br>For the bearer specification these error fields appear in the HTTP=
 header. Consequently, http://tools.ietf.org/html/draft-ietf-oauth-v2-beare=
r-19 says 'values for the "error" and "error_description" attributes MUST N=
OT include characters outside the set %x20-21 / %x23-5B / %x5D-7E.' <br><br=
>Now, here is the question. While these errors are essentially copied over =
from one spec to the other the different encoding restrictions make them di=
fferent. Do we want different encodings of errors in the two
 documents?<br><br>So, I see two options: <br><br>1) Leave the encoding as =
it is. This means the encoding of the error / error_description / error_uri=
 in the two specifications is different. <br><br>2) Harmonize the encoding =
between the two specifications by incorporating the restrictions from the b=
earer specification into the base specification. <br><br>Please indicate yo=
ur preference by the end of next week (18th May 2012). <br><br>Ciao<br>Hann=
es<br><br>_______________________________________________<br>OAuth mailing =
list<br><a ymailto=3D"mailto:OAuth@ietf.org" href=3D"mailto:OAuth@ietf.org"=
>OAuth@ietf.org</a><br><a href=3D"https://www.ietf.org/mailman/listinfo/oau=
th" target=3D"_blank">https://www.ietf.org/mailman/listinfo/oauth</a><br><b=
r><br>_______________________________________________<br>OAuth mailing list=
<br><a ymailto=3D"mailto:OAuth@ietf.org" href=3D"mailto:OAuth@ietf.org">OAu=
th@ietf.org</a><br><a href=3D"https://www.ietf.org/mailman/listinfo/oauth"
 target=3D"_blank">https://www.ietf.org/mailman/listinfo/oauth</a><br><br><=
br> </div> </div> </blockquote></div>   </div></body></html>
---125733401-1044875231-1336601896=:10694--

From ve7jtb@ve7jtb.com  Wed May  9 15:27:52 2012
Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B5C811E80BB for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 15:27:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.536
X-Spam-Level: 
X-Spam-Status: No, score=-3.536 tagged_above=-999 required=5 tests=[AWL=0.063,  BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DvR4yc30WCFq for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 15:27:51 -0700 (PDT)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id B572811E8086 for <oauth@ietf.org>; Wed,  9 May 2012 15:27:51 -0700 (PDT)
Received: by yhq56 with SMTP id 56so1011208yhq.31 for <oauth@ietf.org>; Wed, 09 May 2012 15:27:51 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=a/2TLv8Mr54uR9xRoUjG3Pm5sEjRjWSCfxeaTyPGww4=; b=RDdWRMViaCVvUr8y2v2vbfkj+WXoWal8M1FvNTvL3ifbKOT3p6jeXk/FahlEiszsWd JvsolXNC63sud4Mj6UkynldqRr9LFV8NtK7hjYRN8WCiwbIM9J32rI3nk3g7A6l3ExSu kDq4zBbUvVLObgLCt9J009+c3e5spnZJE/aEFxt5XIWayQcghBlOdVOyirdMk49YhJED nQmZKjW41RbmLnK2Ewt82nUJ6md/8h7bVrnRonGz5Lmgkc3d/vNrCUWdovM1/vymM4Xs l019wkpqKKcPw9LTYzL1nMyMo9H9OcpuWcakEzNIV6z8rIgAfXKt8m6drzdmCSXYiLVt V/RQ==
Received: by 10.236.193.1 with SMTP id j1mr2371168yhn.40.1336602471303; Wed, 09 May 2012 15:27:51 -0700 (PDT)
Received: from [192.168.1.213] (190-20-20-74.baf.movistar.cl. [190.20.20.74]) by mx.google.com with ESMTPS id i19sm6529038ani.7.2012.05.09.15.27.49 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 09 May 2012 15:27:50 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: multipart/signed; boundary="Apple-Mail=_43C9B1AD-A6DC-4CF9-9C6B-B0905CCB351D"; protocol="application/pkcs7-signature"; micalg=sha1
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <7D98C51F-84D8-48AA-B94D-EABE4D0921DB@gmx.net>
Date: Wed, 9 May 2012 18:27:43 -0400
Message-Id: <7D0AF372-75ED-48A2-A665-EB2B8B030C83@ve7jtb.com>
References: <7D98C51F-84D8-48AA-B94D-EABE4D0921DB@gmx.net>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
X-Mailer: Apple Mail (2.1257)
X-Gm-Message-State: ALoCoQmypOCYjoe6UHWmRFr4ykR34DGKJdE//wNE1pZXQUAoGwDDAUWNKgWCfNM0XtTjNAk55UZs
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 22:27:52 -0000

--Apple-Mail=_43C9B1AD-A6DC-4CF9-9C6B-B0905CCB351D
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

Consistent syntax across bearer, core and MAC.

That wasn't one of the options:)

John B.
On 2012-05-09, at 6:06 PM, Hannes Tschofenig wrote:

> Hi all,=20
>=20
> another issue that came up in Sean's IESG review was about the =
encoding of the error / error_description / error_uri in the base and in =
the bearer specification.=20
>=20
> As mentioned in my earlier mail about the registry for the error codes =
there are three error fields defined in the two specification and the =
error / error_description / error_uri fields are allowed to appear in =
different parts of an HTTP message.=20
> Depending on where they show up different encoding restrictions apply.=20=

>=20
> For the core specification these error fields may appear in the=20
> * body of the HTTP message (encoded in JSON)
> * parameters to the query component of the redirection URI (using the
>  "application/x-www-form-urlencoded" format)
>=20
> For the bearer specification these error fields appear in the HTTP =
header. Consequently, =
http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-19 says 'values =
for the "error" and "error_description" attributes MUST NOT include =
characters outside the set %x20-21 / %x23-5B / %x5D-7E.'=20
>=20
> Now, here is the question. While these errors are essentially copied =
over from one spec to the other the different encoding restrictions make =
them different. Do we want different encodings of errors in the two =
documents?
>=20
> So, I see two options:=20
>=20
> 1) Leave the encoding as it is. This means the encoding of the error / =
error_description / error_uri in the two specifications is different.=20
>=20
> 2) Harmonize the encoding between the two specifications by =
incorporating the restrictions from the bearer specification into the =
base specification.=20
>=20
> Please indicate your preference by the end of next week (18th May =
2012).=20
>=20
> Ciao
> Hannes
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


--Apple-Mail=_43C9B1AD-A6DC-4CF9-9C6B-B0905CCB351D
Content-Disposition: attachment;
	filename=smime.p7s
Content-Type: application/pkcs7-signature;
	name=smime.p7s
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIPnzCCB7Uw
ggadoAMCAQICAh5cMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3Rh
cnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4
MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0Ew
HhcNMTIwMzE4MDQzMjQ4WhcNMTQwMzE5MTEwNzMyWjCBmzEZMBcGA1UEDRMQR3JUTTZMUzdYMzU3
NzhzOTELMAkGA1UEBhMCQ0wxIjAgBgNVBAgTGU1ldHJvcG9saXRhbmEgZGUgU2FudGlhZ28xFjAU
BgNVBAcTDUlzbGEgZGUgTWFpcG8xFTATBgNVBAMTDEpvaG4gQnJhZGxleTEeMBwGCSqGSIb3DQEJ
ARYPamJyYWRsZXlAbWUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskrlBI93
rBTLOQGSwIT6co6dAw/rwDPrRXl6/F2oc4KDn+QN6CdFeHo08H846VJS9CDjLKvnK9jbxxs4wYqe
nKdPb3jgzt8oc7b9ZXtWkOgsxgMf6dBZ/IPm4lWBpCbSr3seDGDXEpiE2lTZXno7c25OguR4E6Qa
hcpHABZjeEWK65mMH25gmoRf5MY1k3quu5y+FCYCHE2iwU5jzq+mI3HmG59+UMFLx1fjV+zTslRw
26cQDC/uepwjeYSp8S26hfWipVWwQj4js/C7RoPtvt2iyeU+LSH81jG4wlAWntiOG1WtoXUuXWSc
ExhciKeKWCnemy9qqmxRfJqBROeGlQIDAQABo4IEDjCCBAowCQYDVR0TBAIwADALBgNVHQ8EBAMC
BLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBQ/A7/CxKEnzpqmZlLz
9iaQMy24eTAfBgNVHSMEGDAWgBSuVYNv7DHKufcd+q9rMfPIHeOsuzB+BgNVHREEdzB1gQ9qYnJh
ZGxleUBtZS5jb22BD2picmFkbGV5QG1lLmNvbYEQamJyYWRsZXlAbWFjLmNvbYERdmU3anRiQHZl
N2p0Yi5jb22BE2picmFkbGV5QHdpbmdhYS5jb22BF2pvaG4uYnJhZGxleUB3aW5nYWEuY29tMIIC
IQYDVR0gBIICGDCCAhQwggIQBgsrBgEEAYG1NwECAjCCAf8wLgYIKwYBBQUHAgEWImh0dHA6Ly93
d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3RhcnRz
c2wuY29tL2ludGVybWVkaWF0ZS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1ZWQgYWNj
b3JkaW5nIHRvIHRoZSBDbGFzcyAyIFZhbGlkYXRpb24gcmVxdWlyZW1lbnRzIG9mIHRoZSBTdGFy
dENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9yIHRoZSBpbnRlbmRlZCBwdXJwb3NlIGlu
IGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlpbmcgcGFydHkgb2JsaWdhdGlvbnMuMIGcBggrBgEFBQcC
AjCBjzAnFiBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgECGmRMaWFiaWxpdHkg
YW5kIHdhcnJhbnRpZXMgYXJlIGxpbWl0ZWQhIFNlZSBzZWN0aW9uICJMZWdhbCBhbmQgTGltaXRh
dGlvbnMiIG9mIHRoZSBTdGFydENvbSBDQSBwb2xpY3kuMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6
Ly9jcmwuc3RhcnRzc2wuY29tL2NydHUyLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8wOQYIKwYB
BQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MyL2NsaWVudC9jYTBCBggr
BgEFBQcwAoY2aHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNzMi5jbGllbnQu
Y2EuY3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQUF
AAOCAQEAEcfD4PmHrX+W3zaP/KsR4gwLAL0UTaMz14SIng6a9F3kb8ZDbTUneS9ubgpqeJQP2IFc
0U5gQnJ3XeCH6p9I88mvm1NqKQw8WvfglS0aIS19vfpTgXJSPdIO2JJPRqaBtXf3zkdXJwckX9/d
NMrLGeGvaFT9fUNdQdHU4BI1pVUpgKr796T7LTc/ERfH8iFp1+CmdVkJ6Y2iJdWUp4h17XmbxbIT
0CdS4SSk/VW8LFsn/mVz6hB73VthwjGsIku54Wp4pRuq1KX+pATnRk3pHRa1z3mxJMmq7OEXENcC
Vm+bAnyUrYbUilNS9UVTYS8/3dVsKiNupBaOZO+vOgJqVDCCB+IwggXKoAMCAQICAQ4wDQYJKoZI
hvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT
IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDI1NFoXDTEyMTAyMjIxMDI1NFowgYwx
CzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGln
aXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAyIFByaW1h
cnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMsohUWcASz7GfKrpTOMKqANy9BV7V0igWdGxA8IU77L3aTxErQ+fcxtDYZ36Z6GH0YFn7fq5RAD
teP0AYzrCA+EQTfi8q1+kA3m0nwtwXG94M5sIqsvs7lRP1aycBke/s5g9hJHryZ2acScnzczjBCA
o7X1v5G3yw8MDP2m2RCye0KfgZ4nODerZJVzhAlOD9YejvAXZqHksw56HzElVIoYSZ3q4+RJuPXX
fIoyby+Y2m1E+YzX5iCZXBx05gk6MKAW1vaw4/v2OOLy6FZH3XHHtOkzUreG//CsFnB9+uaYSlR6
5cdGzTsmoIK8WH1ygoXhRBm98SD7Hf/r3FELNvUCAwEAAaOCA1swggNXMAwGA1UdEwQFMAMBAf8w
CwYDVR0PBAQDAgGmMB0GA1UdDgQWBBSuVYNv7DHKufcd+q9rMfPIHeOsuzCBqAYDVR0jBIGgMIGd
gBROC+8apEBbpRdphzDKNGhD0EGu8qGBgaR/MH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFy
dENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkw
JwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBATAJBgNVHRIEAjAAMD0G
CCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAoYhaHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2Eu
Y3J0MGAGA1UdHwRZMFcwLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwu
Y3JsMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwggFdBgNVHSAEggFU
MIIBUDCCAUwGCysGAQQBgbU3AQEEMIIBOzAvBggrBgEFBQcCARYjaHR0cDovL2NlcnQuc3RhcnRj
b20ub3JnL3BvbGljeS5wZGYwNQYIKwYBBQUHAgEWKWh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9p
bnRlcm1lZGlhdGUucGRmMIHQBggrBgEFBQcCAjCBwzAnFiBTdGFydCBDb21tZXJjaWFsIChTdGFy
dENvbSkgTHRkLjADAgEBGoGXTGltaXRlZCBMaWFiaWxpdHksIHJlYWQgdGhlIHNlY3Rpb24gKkxl
Z2FsIExpbWl0YXRpb25zKiBvZiB0aGUgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
UG9saWN5IGF2YWlsYWJsZSBhdCBodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvcG9saWN5LnBkZjAR
BglghkgBhvhCAQEEBAMCAAcwUAYJYIZIAYb4QgENBEMWQVN0YXJ0Q29tIENsYXNzIDIgUHJpbWFy
eSBJbnRlcm1lZGlhdGUgRnJlZSBTU0wgRW1haWwgQ2VydGlmaWNhdGVzMA0GCSqGSIb3DQEBBQUA
A4ICAQAe9xAX/vbphHkvkDdNrslXWdO7fD3JaqnTT3jmmDu55r7UpW1H/v/J40UBXsw9DKU8TylE
4RwZT5HDAMW42f1x498AzM4FOnL/pUTTvr6BiRlrify5ZovkDYVWjy1GYTJ+hPiBEv0HmHnDxjhn
JIIkEvJ+niMHLLEdpNMhZnxMiTFRAtIF4WeYcpgXBjAxsEDRKBvw40K+r3N4lykySQNp2ElIJ8H1
z2BmhxtppUdWpOVJ4Q1Gvn9jfV1qnMhFCDY+X1X8DrkKrTcpDExcGlefweQs7+DYUK3spiQkJpN7
qpPYlfy2GYHedv7lGa1ZAghMI/4882QVAK2zq6M60nHpOUMtYD61XtAs3ZD5L3yn9LCdeK2j4ZbQ
3uRdwvxAMFWwXyUK/ALP4lCu9QhxbnETOkBWT3FJul4/FUgzM0RRCEGhuQWiOFSoa35XJTcYf/4E
/ZuvOXhK04nUpe7DYTMWzRqL04yyoJQVHKHKSboytueydKuqFZKdJA9gi77OnPBYL/yxkXGgkLC9
tsi77oT4AgZry0/6lgX56ak+f/umQihNPgtKSQQjEYq9S8MlOHzpUM0vxsghATYsdUPBw6r6ZxDH
jXoUAD03DUMEbKsWvqFB7nJNVesngbu8miw1EYLA+fHfTaCidoV3CL75jKqM/KE87qrh9Fqti9bK
qnkvpTGCA2wwggNoAgEBMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk
LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMv
U3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMAkGBSsO
AwIaBQCgggGtMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEyMDUw
OTIyMjc0NFowIwYJKoZIhvcNAQkEMRYEFOFd8UzkYUDlRABVpXmugxNhOLXuMIGkBgkrBgEEAYI3
EAQxgZYwgZMwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQL
EyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBD
bGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQICHlwwgaYGCyqGSIb3DQEJEAIL
MYGWoIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xh
c3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMA0GCSqGSIb3DQEBAQUABIIB
AG/Fa7WHHZ07n4MwxTFLX9h1Uakq0j7CHz7knHgG56n7LAbI+mkcGQWmIb3cLvH+RZFyA5CdTsj9
V5L1VPYBU/kfC6up6dq14yuo2ohjkBQDL7nNtb/ZCLnBCkC5G5gLQNSRGFz6AGaXZeDQxtSgmumv
yBLFPT7dBa5yGup3dU8rIP1lQrHMn2xz2ZwbagDI9eLuOsyPfbK0eU9XUij68buL7TPftmCPWIwl
50kZKPF1DMxrO7ATZP3d0Poh9yYt5mAgqVPs7dC7Errh6egS0mqyF78sZsXV5vUisJS73HM9VpYq
fs6Nv0gn1GgzOif1lFV1OOnKzIw9OsA/GvHmu2AAAAAAAAA=

--Apple-Mail=_43C9B1AD-A6DC-4CF9-9C6B-B0905CCB351D--

From eran@hueniverse.com  Wed May  9 15:34:32 2012
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C83AB11E80CF for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 15:34:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.55
X-Spam-Level: 
X-Spam-Status: No, score=-2.55 tagged_above=-999 required=5 tests=[AWL=0.049,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vo3oyDuRydsV for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 15:34:32 -0700 (PDT)
Received: from p3plex2out03.prod.phx3.secureserver.net (p3plex2out03.prod.phx3.secureserver.net [184.168.131.16]) by ietfa.amsl.com (Postfix) with ESMTP id 0498211E8086 for <oauth@ietf.org>; Wed,  9 May 2012 15:34:31 -0700 (PDT)
Received: from P3PWEX2HT002.ex2.secureserver.net ([184.168.131.10]) by p3plex2out03.prod.phx3.secureserver.net with bizsmtp id 7yaX1j0090Dcg9U01yaXQm; Wed, 09 May 2012 15:34:31 -0700
Received: from P3PWEX2MB008.ex2.secureserver.net ([169.254.8.88]) by P3PWEX2HT002.ex2.secureserver.net ([184.168.131.10]) with mapi id 14.02.0247.003; Wed, 9 May 2012 15:34:31 -0700
From: Eran Hammer <eran@hueniverse.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "oauth@ietf.org WG" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec
Thread-Index: AQHNLjANNsFaP6agWkmJphYfo3JtRpbCBDOQ
Date: Wed, 9 May 2012 22:34:30 +0000
Message-ID: <0CBAEB56DDB3A140BA8E8C124C04ECA201026B48@P3PWEX2MB008.ex2.secureserver.net>
References: <7D98C51F-84D8-48AA-B94D-EABE4D0921DB@gmx.net>
In-Reply-To: <7D98C51F-84D8-48AA-B94D-EABE4D0921DB@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [64.74.213.174]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 22:34:32 -0000

I am confused by the process here.

The IESG review raised a LONG list of discuss items for the core specificat=
ion. I was able to successfully address all but three remaining issues:

1. Lack of ABNF - I will do it myself this week since no one else bothered =
to offer their help.
2. Registry rules - waiting for this to be cleared; have addressed the issu=
e but didn't hear back yet.
3. Comment on not allowing a fragment in redirection and endpoint URIs - wa=
iting for text or item closed.

Every other issue for this document has been closed.

This WG cannot just go back after WG LC, IETF LC, and IESG review and make =
changes. This work is done, and any change made at this point must be for t=
he sole purpose of addressing a discuss item. There are no discuss items fo=
r *this* document related to errors. They have all been raised in detail, a=
ddressed, and closed!

As for this survey -=20

While I am still very much opposed to adding the protected resource registr=
y function to the core specification, this new issue clearly demonstrate th=
at this is not simply a matter of adding another error location.

The core spec currently provides full guidance and definition for error ext=
ensibility. Extending the registry's scope means the need for non-trivial n=
ew text that:

* explains the process of adding new errors for endpoints not defined by th=
is specification,
* finds a common ground for value restrictions beyond what is already liste=
d,
* guide authors of future HTTP authentication schemes meant for use with OA=
uth (e.g. MAC) for their requirements for using the error registry, and
* address the very likely scenario of the same error code carrying differen=
t meanings in different endpoints, or an extension that adds a location to =
a code already defined elsewhere - something very likely to happen if you c=
ross the two very different domains (OAuth endpoints, Protected resource en=
dpoints). This requires changing the entire structure of the registry to cr=
eate separate records for each code/location pair.

Any change to the core specification MUST address all these items. This is =
absolutely NOT a matter of simply adding another location or throwing some =
extra ABNF. Adding such new text will require another IETF LC and another I=
ESG review - which are completely unjustified based on where the document i=
s in its IESG review process.

The point of IESG review is to close issues with minimal changes, not take =
it as an opportunity to sneak new functionality into the document. And it's=
 not like this WG has not debated these items before, and made consensus ca=
lls on them.

Not adding the protected resource location to the registry was the result o=
f intense negotiation both on the list and by the design committee. What wa=
s the point of asking a few of us to spend hours on the phone debating thes=
e issues and reaching a conclusion if it's another popularity contest now. =
We had FULL consensus by the design committee NOT to add the bearer errors =
to the core specification, and this recommendation was fully supported by t=
he WG and documented in the issues tracker.

These WG surveys are an insult to proper process.

EH




> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf
> Of Hannes Tschofenig
> Sent: Wednesday, May 09, 2012 3:07 PM
> To: oauth@ietf.org WG
> Subject: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec
>=20
> Hi all,
>=20
> another issue that came up in Sean's IESG review was about the encoding o=
f
> the error / error_description / error_uri in the base and in the bearer
> specification.
>=20
> As mentioned in my earlier mail about the registry for the error codes th=
ere
> are three error fields defined in the two specification and the error /
> error_description / error_uri fields are allowed to appear in different p=
arts of
> an HTTP message.
> Depending on where they show up different encoding restrictions apply.
>=20
> For the core specification these error fields may appear in the
> * body of the HTTP message (encoded in JSON)
> * parameters to the query component of the redirection URI (using the
>   "application/x-www-form-urlencoded" format)
>=20
> For the bearer specification these error fields appear in the HTTP header=
.
> Consequently, http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-19 sa=
ys
> 'values for the "error" and "error_description" attributes MUST NOT inclu=
de
> characters outside the set %x20-21 / %x23-5B / %x5D-7E.'
>=20
> Now, here is the question. While these errors are essentially copied over
> from one spec to the other the different encoding restrictions make them
> different. Do we want different encodings of errors in the two documents?
>=20
> So, I see two options:
>=20
> 1) Leave the encoding as it is. This means the encoding of the error /
> error_description / error_uri in the two specifications is different.
>=20
> 2) Harmonize the encoding between the two specifications by incorporating
> the restrictions from the bearer specification into the base specificatio=
n.
>=20
> Please indicate your preference by the end of next week (18th May 2012).
>=20
> Ciao
> Hannes
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

From Michael.Jones@microsoft.com  Wed May  9 15:41:42 2012
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3A8211E80F3 for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 15:41:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.919
X-Spam-Level: 
X-Spam-Status: No, score=-3.919 tagged_above=-999 required=5 tests=[AWL=-0.320, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IpJ-z2iPQRFZ for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 15:41:42 -0700 (PDT)
Received: from am1outboundpool.messaging.microsoft.com (am1ehsobe002.messaging.microsoft.com [213.199.154.205]) by ietfa.amsl.com (Postfix) with ESMTP id 7CB0B11E8086 for <oauth@ietf.org>; Wed,  9 May 2012 15:41:41 -0700 (PDT)
Received: from mail42-am1-R.bigfish.com (10.3.201.235) by AM1EHSOBE004.bigfish.com (10.3.204.24) with Microsoft SMTP Server id 14.1.225.23; Wed, 9 May 2012 22:41:40 +0000
Received: from mail42-am1 (localhost [127.0.0.1])	by mail42-am1-R.bigfish.com (Postfix) with ESMTP id 8C9CC2E064C; Wed,  9 May 2012 22:41:40 +0000 (UTC)
X-SpamScore: -38
X-BigFish: VS-38(zz9371I14ffI542M1432Nc1dMzz1202hzz1033IL8275dhz2fh2a8h668h839h944hd25h)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC105.redmond.corp.microsoft.com; RD:none; EFVD:NLI
Received-SPF: pass (mail42-am1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC105.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail42-am1 (localhost.localdomain [127.0.0.1]) by mail42-am1 (MessageSwitch) id 1336603298530323_11635; Wed,  9 May 2012 22:41:38 +0000 (UTC)
Received: from AM1EHSMHS020.bigfish.com (unknown [10.3.201.233])	by mail42-am1.bigfish.com (Postfix) with ESMTP id 7CF452C004C; Wed,  9 May 2012 22:41:38 +0000 (UTC)
Received: from TK5EX14HUBC105.redmond.corp.microsoft.com (131.107.125.8) by AM1EHSMHS020.bigfish.com (10.3.206.23) with Microsoft SMTP Server (TLS) id 14.1.225.23; Wed, 9 May 2012 22:41:38 +0000
Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.230]) by TK5EX14HUBC105.redmond.corp.microsoft.com ([157.54.80.48]) with mapi id 14.02.0298.005; Wed, 9 May 2012 22:41:21 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Eran Hammer <eran@hueniverse.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, "oauth@ietf.org WG" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec
Thread-Index: AQHNLjAPfUna+mufcUmIKpLKwMV+D5bCC2sAgAAA8VA=
Date: Wed, 9 May 2012 22:41:21 +0000
Message-ID: <4E1F6AAD24975D4BA5B1680429673943664CE3AE@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <7D98C51F-84D8-48AA-B94D-EABE4D0921DB@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA201026B48@P3PWEX2MB008.ex2.secureserver.net>
In-Reply-To: <0CBAEB56DDB3A140BA8E8C124C04ECA201026B48@P3PWEX2MB008.ex2.secureserver.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.32]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Subject: Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 22:41:43 -0000

There was a DISCUSS on the core spec asking us to cite the character set re=
strictions for scope and error values in the core spec, rather than definin=
g them in the bearer spec.  It turns out that I could not do that as the co=
re spec is currently written, because the character set restrictions are no=
t present in the core spec.  If they are added to the core spec, I can sati=
sfy the bearer DISCUSS by doing so.  If the restrictions are not added, I c=
annot.

This consensus call is part of resolving this DISCUSS, which affects both s=
pecs.

				-- Mike

-----Original Message-----
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of E=
ran Hammer
Sent: Wednesday, May 09, 2012 3:35 PM
To: Hannes Tschofenig; oauth@ietf.org WG
Subject: Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Sp=
ec

I am confused by the process here.

The IESG review raised a LONG list of discuss items for the core specificat=
ion. I was able to successfully address all but three remaining issues:

1. Lack of ABNF - I will do it myself this week since no one else bothered =
to offer their help.
2. Registry rules - waiting for this to be cleared; have addressed the issu=
e but didn't hear back yet.
3. Comment on not allowing a fragment in redirection and endpoint URIs - wa=
iting for text or item closed.

Every other issue for this document has been closed.

This WG cannot just go back after WG LC, IETF LC, and IESG review and make =
changes. This work is done, and any change made at this point must be for t=
he sole purpose of addressing a discuss item. There are no discuss items fo=
r *this* document related to errors. They have all been raised in detail, a=
ddressed, and closed!

As for this survey -=20

While I am still very much opposed to adding the protected resource registr=
y function to the core specification, this new issue clearly demonstrate th=
at this is not simply a matter of adding another error location.

The core spec currently provides full guidance and definition for error ext=
ensibility. Extending the registry's scope means the need for non-trivial n=
ew text that:

* explains the process of adding new errors for endpoints not defined by th=
is specification,
* finds a common ground for value restrictions beyond what is already liste=
d,
* guide authors of future HTTP authentication schemes meant for use with OA=
uth (e.g. MAC) for their requirements for using the error registry, and
* address the very likely scenario of the same error code carrying differen=
t meanings in different endpoints, or an extension that adds a location to =
a code already defined elsewhere - something very likely to happen if you c=
ross the two very different domains (OAuth endpoints, Protected resource en=
dpoints). This requires changing the entire structure of the registry to cr=
eate separate records for each code/location pair.

Any change to the core specification MUST address all these items. This is =
absolutely NOT a matter of simply adding another location or throwing some =
extra ABNF. Adding such new text will require another IETF LC and another I=
ESG review - which are completely unjustified based on where the document i=
s in its IESG review process.

The point of IESG review is to close issues with minimal changes, not take =
it as an opportunity to sneak new functionality into the document. And it's=
 not like this WG has not debated these items before, and made consensus ca=
lls on them.

Not adding the protected resource location to the registry was the result o=
f intense negotiation both on the list and by the design committee. What wa=
s the point of asking a few of us to spend hours on the phone debating thes=
e issues and reaching a conclusion if it's another popularity contest now. =
We had FULL consensus by the design committee NOT to add the bearer errors =
to the core specification, and this recommendation was fully supported by t=
he WG and documented in the issues tracker.

These WG surveys are an insult to proper process.

EH




> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf=20
> Of Hannes Tschofenig
> Sent: Wednesday, May 09, 2012 3:07 PM
> To: oauth@ietf.org WG
> Subject: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer=20
> Spec
>=20
> Hi all,
>=20
> another issue that came up in Sean's IESG review was about the=20
> encoding of the error / error_description / error_uri in the base and=20
> in the bearer specification.
>=20
> As mentioned in my earlier mail about the registry for the error codes=20
> there are three error fields defined in the two specification and the=20
> error / error_description / error_uri fields are allowed to appear in=20
> different parts of an HTTP message.
> Depending on where they show up different encoding restrictions apply.
>=20
> For the core specification these error fields may appear in the
> * body of the HTTP message (encoded in JSON)
> * parameters to the query component of the redirection URI (using the
>   "application/x-www-form-urlencoded" format)
>=20
> For the bearer specification these error fields appear in the HTTP header=
.
> Consequently, http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-19=20
> says 'values for the "error" and "error_description" attributes MUST=20
> NOT include characters outside the set %x20-21 / %x23-5B / %x5D-7E.'
>=20
> Now, here is the question. While these errors are essentially copied=20
> over from one spec to the other the different encoding restrictions=20
> make them different. Do we want different encodings of errors in the two =
documents?
>=20
> So, I see two options:
>=20
> 1) Leave the encoding as it is. This means the encoding of the error /=20
> error_description / error_uri in the two specifications is different.
>=20
> 2) Harmonize the encoding between the two specifications by=20
> incorporating the restrictions from the bearer specification into the bas=
e specification.
>=20
> Please indicate your preference by the end of next week (18th May 2012).
>=20
> Ciao
> Hannes
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth



From Michael.Jones@microsoft.com  Wed May  9 15:42:45 2012
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11AB911E80EF for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 15:42:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.914
X-Spam-Level: 
X-Spam-Status: No, score=-3.914 tagged_above=-999 required=5 tests=[AWL=-0.315, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G6jC1p-glr3n for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 15:42:44 -0700 (PDT)
Received: from am1outboundpool.messaging.microsoft.com (am1ehsobe006.messaging.microsoft.com [213.199.154.209]) by ietfa.amsl.com (Postfix) with ESMTP id 9A0A711E8086 for <oauth@ietf.org>; Wed,  9 May 2012 15:42:43 -0700 (PDT)
Received: from mail89-am1-R.bigfish.com (10.3.201.226) by AM1EHSOBE005.bigfish.com (10.3.204.25) with Microsoft SMTP Server id 14.1.225.23; Wed, 9 May 2012 22:42:42 +0000
Received: from mail89-am1 (localhost [127.0.0.1])	by mail89-am1-R.bigfish.com (Postfix) with ESMTP id CA952C02A8; Wed,  9 May 2012 22:42:42 +0000 (UTC)
X-SpamScore: -38
X-BigFish: VS-38(zz9371I14ffI542M1432Nc1dMzz1202hzz1033IL8275dhz2fh2a8h668h839h944hd25h)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC102.redmond.corp.microsoft.com; RD:none; EFVD:NLI
Received-SPF: pass (mail89-am1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC102.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail89-am1 (localhost.localdomain [127.0.0.1]) by mail89-am1 (MessageSwitch) id 1336603361527608_31411; Wed,  9 May 2012 22:42:41 +0000 (UTC)
Received: from AM1EHSMHS016.bigfish.com (unknown [10.3.201.233])	by mail89-am1.bigfish.com (Postfix) with ESMTP id 7C894340043; Wed,  9 May 2012 22:42:41 +0000 (UTC)
Received: from TK5EX14HUBC102.redmond.corp.microsoft.com (131.107.125.8) by AM1EHSMHS016.bigfish.com (10.3.207.154) with Microsoft SMTP Server (TLS) id 14.1.225.23; Wed, 9 May 2012 22:42:40 +0000
Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.230]) by TK5EX14HUBC102.redmond.corp.microsoft.com ([157.54.7.154]) with mapi id 14.02.0298.005; Wed, 9 May 2012 22:42:25 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Eran Hammer <eran@hueniverse.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, "oauth@ietf.org WG" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec
Thread-Index: AQHNLjAPfUna+mufcUmIKpLKwMV+D5bCC2sAgAAA8VCAAAEbMA==
Date: Wed, 9 May 2012 22:42:24 +0000
Message-ID: <4E1F6AAD24975D4BA5B1680429673943664CE3CC@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <7D98C51F-84D8-48AA-B94D-EABE4D0921DB@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA201026B48@P3PWEX2MB008.ex2.secureserver.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.32]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Subject: Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 22:42:45 -0000

Typo.  The first sentence below should have started "There was a DISCUSS on=
 the *bearer* spec"...

-----Original Message-----
From: Mike Jones=20
Sent: Wednesday, May 09, 2012 3:41 PM
To: 'Eran Hammer'; Hannes Tschofenig; oauth@ietf.org WG
Subject: RE: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Sp=
ec

There was a DISCUSS on the core spec asking us to cite the character set re=
strictions for scope and error values in the core spec, rather than definin=
g them in the bearer spec.  It turns out that I could not do that as the co=
re spec is currently written, because the character set restrictions are no=
t present in the core spec.  If they are added to the core spec, I can sati=
sfy the bearer DISCUSS by doing so.  If the restrictions are not added, I c=
annot.

This consensus call is part of resolving this DISCUSS, which affects both s=
pecs.

				-- Mike

-----Original Message-----
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of E=
ran Hammer
Sent: Wednesday, May 09, 2012 3:35 PM
To: Hannes Tschofenig; oauth@ietf.org WG
Subject: Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Sp=
ec

I am confused by the process here.

The IESG review raised a LONG list of discuss items for the core specificat=
ion. I was able to successfully address all but three remaining issues:

1. Lack of ABNF - I will do it myself this week since no one else bothered =
to offer their help.
2. Registry rules - waiting for this to be cleared; have addressed the issu=
e but didn't hear back yet.
3. Comment on not allowing a fragment in redirection and endpoint URIs - wa=
iting for text or item closed.

Every other issue for this document has been closed.

This WG cannot just go back after WG LC, IETF LC, and IESG review and make =
changes. This work is done, and any change made at this point must be for t=
he sole purpose of addressing a discuss item. There are no discuss items fo=
r *this* document related to errors. They have all been raised in detail, a=
ddressed, and closed!

As for this survey -=20

While I am still very much opposed to adding the protected resource registr=
y function to the core specification, this new issue clearly demonstrate th=
at this is not simply a matter of adding another error location.

The core spec currently provides full guidance and definition for error ext=
ensibility. Extending the registry's scope means the need for non-trivial n=
ew text that:

* explains the process of adding new errors for endpoints not defined by th=
is specification,
* finds a common ground for value restrictions beyond what is already liste=
d,
* guide authors of future HTTP authentication schemes meant for use with OA=
uth (e.g. MAC) for their requirements for using the error registry, and
* address the very likely scenario of the same error code carrying differen=
t meanings in different endpoints, or an extension that adds a location to =
a code already defined elsewhere - something very likely to happen if you c=
ross the two very different domains (OAuth endpoints, Protected resource en=
dpoints). This requires changing the entire structure of the registry to cr=
eate separate records for each code/location pair.

Any change to the core specification MUST address all these items. This is =
absolutely NOT a matter of simply adding another location or throwing some =
extra ABNF. Adding such new text will require another IETF LC and another I=
ESG review - which are completely unjustified based on where the document i=
s in its IESG review process.

The point of IESG review is to close issues with minimal changes, not take =
it as an opportunity to sneak new functionality into the document. And it's=
 not like this WG has not debated these items before, and made consensus ca=
lls on them.

Not adding the protected resource location to the registry was the result o=
f intense negotiation both on the list and by the design committee. What wa=
s the point of asking a few of us to spend hours on the phone debating thes=
e issues and reaching a conclusion if it's another popularity contest now. =
We had FULL consensus by the design committee NOT to add the bearer errors =
to the core specification, and this recommendation was fully supported by t=
he WG and documented in the issues tracker.

These WG surveys are an insult to proper process.

EH




> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf=20
> Of Hannes Tschofenig
> Sent: Wednesday, May 09, 2012 3:07 PM
> To: oauth@ietf.org WG
> Subject: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer=20
> Spec
>=20
> Hi all,
>=20
> another issue that came up in Sean's IESG review was about the=20
> encoding of the error / error_description / error_uri in the base and=20
> in the bearer specification.
>=20
> As mentioned in my earlier mail about the registry for the error codes=20
> there are three error fields defined in the two specification and the=20
> error / error_description / error_uri fields are allowed to appear in=20
> different parts of an HTTP message.
> Depending on where they show up different encoding restrictions apply.
>=20
> For the core specification these error fields may appear in the
> * body of the HTTP message (encoded in JSON)
> * parameters to the query component of the redirection URI (using the
>   "application/x-www-form-urlencoded" format)
>=20
> For the bearer specification these error fields appear in the HTTP header=
.
> Consequently, http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-19
> says 'values for the "error" and "error_description" attributes MUST=20
> NOT include characters outside the set %x20-21 / %x23-5B / %x5D-7E.'
>=20
> Now, here is the question. While these errors are essentially copied=20
> over from one spec to the other the different encoding restrictions=20
> make them different. Do we want different encodings of errors in the two =
documents?
>=20
> So, I see two options:
>=20
> 1) Leave the encoding as it is. This means the encoding of the error /=20
> error_description / error_uri in the two specifications is different.
>=20
> 2) Harmonize the encoding between the two specifications by=20
> incorporating the restrictions from the bearer specification into the bas=
e specification.
>=20
> Please indicate your preference by the end of next week (18th May 2012).
>=20
> Ciao
> Hannes
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth



From sakimura@gmail.com  Wed May  9 15:59:34 2012
Return-Path: <sakimura@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F12A11E80D1 for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 15:59:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level: 
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KKxgmYvEqnoj for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 15:59:33 -0700 (PDT)
Received: from mail-bk0-f44.google.com (mail-bk0-f44.google.com [209.85.214.44]) by ietfa.amsl.com (Postfix) with ESMTP id 5BC3611E8086 for <oauth@ietf.org>; Wed,  9 May 2012 15:59:33 -0700 (PDT)
Received: by bkty8 with SMTP id y8so859691bkt.31 for <oauth@ietf.org>; Wed, 09 May 2012 15:59:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=references:from:in-reply-to:mime-version:date:message-id:subject:to :cc:content-type; bh=YbgzlAu8RONvaq+s9ReorW/It2IYsmiqa7b7bHL0STY=; b=Ikf9HzwWl+tDcrbH+UxttC3kcoH6dcLcQYrYAQDNQrX8L3MgT0vI3GrTiSxV2Y6Eso vtkuENRgv2fkiPUHVTew/JJ+G+UzcrxadKT1hr69iO4OgSmzXFvElQPWdQpw0Bh5Ish6 0klymTI7wXJJ7gYL8t9qaT2Bg5IdA3iTFhAkvKqmH8nvRUDJgxwsP+jl4LM2yZG25QUE TvGK2Y+593NtQX9oAHZne5HvF7W2MmAyN135vcnpi4vUdOa3SnRoQazjL8Mr7RqxDCW8 HSwK03hG7Wo0t1Bs7Aln4r77hRYHOzPpe69PlKXWDoc957S05u7m+mKviaT/mwMo4je8 OHiw==
Received: by 10.204.151.200 with SMTP id d8mr769281bkw.82.1336604372288; Wed, 09 May 2012 15:59:32 -0700 (PDT)
References: <7D98C51F-84D8-48AA-B94D-EABE4D0921DB@gmx.net> <4E1F6AAD24975D4BA5B1680429673943664CE2AE@TK5EX14MBXC283.redmond.corp.microsoft.com> <1336601896.10694.YahooMailNeo@web31807.mail.mud.yahoo.com>
From: Nat Sakimura <sakimura@gmail.com>
In-Reply-To: <1336601896.10694.YahooMailNeo@web31807.mail.mud.yahoo.com>
Mime-Version: 1.0 (1.0)
Date: Thu, 10 May 2012 00:59:35 +0200
Message-ID: <513620288134878108@unknownmsgid>
To: William Mills <wmills@yahoo-inc.com>
Content-Type: multipart/alternative; boundary=0015175cba84d0c67604bfa2741c
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 22:59:34 -0000

--0015175cba84d0c67604bfa2741c
Content-Type: text/plain; charset=ISO-8859-1

+1 for the consistency.

Nat Sakimura

On 2012/05/10, at 0:18, William Mills <wmills@yahoo-inc.com> wrote:

+1

  ------------------------------
*From:* Mike Jones <Michael.Jones@microsoft.com>
*To:* Hannes Tschofenig <hannes.tschofenig@gmx.net>; "oauth@ietf.org WG" <
oauth@ietf.org>
*Sent:* Wednesday, May 9, 2012 3:15 PM
*Subject:* Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer
Spec

2) Consistent syntax across both OAuth specs.

                -- Mike

-----Original Message-----
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of
Hannes Tschofenig
Sent: Wednesday, May 09, 2012 3:07 PM
To: oauth@ietf.org WG
Subject: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec

Hi all,

another issue that came up in Sean's IESG review was about the encoding of
the error / error_description / error_uri in the base and in the bearer
specification.

As mentioned in my earlier mail about the registry for the error codes
there are three error fields defined in the two specification and the error
/ error_description / error_uri fields are allowed to appear in different
parts of an HTTP message.
Depending on where they show up different encoding restrictions apply.

For the core specification these error fields may appear in the
* body of the HTTP message (encoded in JSON)
* parameters to the query component of the redirection URI (using the
  "application/x-www-form-urlencoded" format)

For the bearer specification these error fields appear in the HTTP header.
Consequently, http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-19 says
'values for the "error" and "error_description" attributes MUST NOT include
characters outside the set %x20-21 / %x23-5B / %x5D-7E.'

Now, here is the question. While these errors are essentially copied over
from one spec to the other the different encoding restrictions make them
different. Do we want different encodings of errors in the two documents?

So, I see two options:

1) Leave the encoding as it is. This means the encoding of the error /
error_description / error_uri in the two specifications is different.

2) Harmonize the encoding between the two specifications by incorporating
the restrictions from the bearer specification into the base specification.

Please indicate your preference by the end of next week (18th May 2012).

Ciao
Hannes

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


  _______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

--0015175cba84d0c67604bfa2741c
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<html><head></head><body bgcolor=3D"#FFFFFF"><div>+1 for the consistency.=
=A0<br><br>Nat Sakimura</div><div><br>On 2012/05/10, at 0:18, William Mills=
 &lt;<a href=3D"mailto:wmills@yahoo-inc.com">wmills@yahoo-inc.com</a>&gt; w=
rote:<br>
<br></div><div></div><blockquote type=3D"cite"><div><div style=3D"color:#00=
0;background-color:#fff;font-family:Courier New,courier,monaco,monospace,sa=
ns-serif;font-size:14pt"><div><span>+1</span></div><div><br><blockquote sty=
le=3D"border-left:2px solid rgb(16,16,255);margin-left:5px;margin-top:5px;p=
adding-left:5px">
  <div style=3D"font-family:Courier New,courier,monaco,monospace,sans-serif=
;font-size:14pt"> <div style=3D"font-family:times new roman,new york,times,=
serif;font-size:12pt"> <div dir=3D"ltr"> <font face=3D"Arial"> <hr size=3D"=
1">  <b><span style=3D"font-weight:bold">From:</span></b> Mike Jones &lt;<a=
 href=3D"mailto:Michael.Jones@microsoft.com">Michael.Jones@microsoft.com</a=
>&gt;<br>
 <b><span style=3D"font-weight:bold">To:</span></b> Hannes Tschofenig &lt;<=
a href=3D"mailto:hannes.tschofenig@gmx.net">hannes.tschofenig@gmx.net</a>&g=
t;; &quot;<a href=3D"mailto:oauth@ietf.org">oauth@ietf.org</a> WG&quot; &lt=
;<a href=3D"mailto:oauth@ietf.org">oauth@ietf.org</a>&gt; <br>
 <b><span style=3D"font-weight:bold">Sent:</span></b> Wednesday, May 9, 201=
2 3:15 PM<br> <b><span style=3D"font-weight:bold">Subject:</span></b> Re: [=
OAUTH-WG] Encoding of Errors in
 the Base and in the Bearer Spec<br> </font> </div> <br>
2) Consistent syntax across both OAuth specs.<br><br>=A0=A0=A0 =A0=A0=A0 =
=A0=A0=A0 =A0=A0=A0 -- Mike<br><br>-----Original Message-----<br>From: <a h=
ref=3D"mailto:oauth-bounces@ietf.org">oauth-bounces@ietf.org</a> [mailto:<a=
 href=3D"mailto:oauth-bounces@ietf.org">oauth-bounces@ietf.org</a>] On Beha=
lf Of Hannes Tschofenig<br>
Sent: Wednesday, May 09, 2012 3:07 PM<br>To: <a href=3D"mailto:oauth@ietf.o=
rg">oauth@ietf.org</a> WG<br>Subject: [OAUTH-WG] Encoding of Errors in the =
Base and in the Bearer Spec<br><br>Hi all, <br><br>another issue that came =
up in Sean&#39;s IESG review was about the encoding of the error / error_de=
scription / error_uri in the base and in the bearer specification. <br>
<br>As mentioned in my earlier mail about the registry for the error codes =
there are three error fields defined in the two
 specification and the error / error_description / error_uri fields are all=
owed to appear in different parts of an HTTP message. <br>Depending on wher=
e they show up different encoding restrictions apply. <br><br>For the core =
specification these error fields may appear in the <br>
* body of the HTTP message (encoded in JSON)<br>* parameters to the query c=
omponent of the redirection URI (using the<br>=A0 &quot;application/x-www-f=
orm-urlencoded&quot; format)<br><br>For the bearer specification these erro=
r fields appear in the HTTP header. Consequently, <a href=3D"http://tools.i=
etf.org/html/draft-ietf-oauth-v2-bearer-19">http://tools.ietf.org/html/draf=
t-ietf-oauth-v2-bearer-19</a> says &#39;values for the &quot;error&quot; an=
d &quot;error_description&quot; attributes MUST NOT include characters outs=
ide the set %x20-21 / %x23-5B / %x5D-7E.&#39; <br>
<br>Now, here is the question. While these errors are essentially copied ov=
er from one spec to the other the different encoding restrictions make them=
 different. Do we want different encodings of errors in the two
 documents?<br><br>So, I see two options: <br><br>1) Leave the encoding as =
it is. This means the encoding of the error / error_description / error_uri=
 in the two specifications is different. <br><br>2) Harmonize the encoding =
between the two specifications by incorporating the restrictions from the b=
earer specification into the base specification. <br>
<br>Please indicate your preference by the end of next week (18th May 2012)=
. <br><br>Ciao<br>Hannes<br><br>___________________________________________=
____<br>OAuth mailing list<br><a href=3D"mailto:OAuth@ietf.org">OAuth@ietf.=
org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/oauth" target=3D"_blank">h=
ttps://www.ietf.org/mailman/listinfo/oauth</a><br><br><br>_________________=
______________________________<br>OAuth mailing list<br><a href=3D"mailto:O=
Auth@ietf.org">OAuth@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/oauth" target=3D"_blank">h=
ttps://www.ietf.org/mailman/listinfo/oauth</a><br><br><br> </div> </div> </=
blockquote></div>   </div></div></blockquote><blockquote type=3D"cite"><div=
><span>_______________________________________________</span><br>
<span>OAuth mailing list</span><br><span><a href=3D"mailto:OAuth@ietf.org">=
OAuth@ietf.org</a></span><br><span><a href=3D"https://www.ietf.org/mailman/=
listinfo/oauth">https://www.ietf.org/mailman/listinfo/oauth</a></span><br><=
/div>
</blockquote></body></html>

--0015175cba84d0c67604bfa2741c--

From eran@hueniverse.com  Wed May  9 16:04:47 2012
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B48F11E80D1 for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 16:04:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.551
X-Spam-Level: 
X-Spam-Status: No, score=-2.551 tagged_above=-999 required=5 tests=[AWL=0.048,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GuEDJlFXGTwV for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 16:04:46 -0700 (PDT)
Received: from p3plex2out04.prod.phx3.secureserver.net (p3plex2out04.prod.phx3.secureserver.net [184.168.131.18]) by ietfa.amsl.com (Postfix) with ESMTP id 2F5DE11E8086 for <oauth@ietf.org>; Wed,  9 May 2012 16:04:46 -0700 (PDT)
Received: from P3PWEX2HT003.ex2.secureserver.net ([184.168.131.11]) by p3plex2out04.prod.phx3.secureserver.net with bizsmtp id 7z4l1j0030EuLVk01z4lQr; Wed, 09 May 2012 16:04:45 -0700
Received: from P3PWEX2MB008.ex2.secureserver.net ([169.254.8.88]) by P3PWEX2HT003.ex2.secureserver.net ([184.168.131.11]) with mapi id 14.02.0247.003; Wed, 9 May 2012 16:04:45 -0700
From: Eran Hammer <eran@hueniverse.com>
To: Mike Jones <Michael.Jones@microsoft.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, "oauth@ietf.org WG" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec
Thread-Index: AQHNLjANNsFaP6agWkmJphYfo3JtRpbCBDOQgAB+e4D//4880A==
Date: Wed, 9 May 2012 23:04:44 +0000
Message-ID: <0CBAEB56DDB3A140BA8E8C124C04ECA201026CA8@P3PWEX2MB008.ex2.secureserver.net>
References: <7D98C51F-84D8-48AA-B94D-EABE4D0921DB@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA201026B48@P3PWEX2MB008.ex2.secureserver.net> <4E1F6AAD24975D4BA5B1680429673943664CE3AE@TK5EX14MBXC283.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B1680429673943664CE3AE@TK5EX14MBXC283.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [64.74.213.174]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 23:04:47 -0000

There was no such discuss on the core specification.

The only open discuss on the core specification related to character sets i=
s to translate the EXISTING prose into ABNF which will not have any impleme=
ntation impact.

The proper response to the bearer specification discuss was to simply add a=
 registry there, and to clearly state that this matter was discussed extens=
ively by the WG and the design committee. Instead of representing this info=
rmation to the IESG, you failed to do your job as editor and offered your p=
ersonal view which was rejected by the WG and recorded in the issue tracker=
 at the time.

You don't get a second chance to insert your personal position during the I=
ESG review process. As editor, you only get to represent the WG consensus w=
hen addressing issues. If you go and read my responses to the long list of =
discuss items on the core specification you will see that I represented vie=
ws I personally did not agree with (the lack of interop, undefined security=
, etc.) because as editor, I don't get to go to the IESG and disrespect the=
 WG's decision.

The IESG members rely on the editor to represent the WG decisions to them w=
hen addressing issues. You failed to do that, promoted your personal view, =
and now we are having this discussion all over again - a discussion that la=
st time was only resolved by creating the design committee.

EH


> -----Original Message-----
> From: Mike Jones [mailto:Michael.Jones@microsoft.com]
> Sent: Wednesday, May 09, 2012 3:41 PM
> To: Eran Hammer; Hannes Tschofenig; oauth@ietf.org WG
> Subject: RE: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer
> Spec
>=20
> There was a DISCUSS on the core spec asking us to cite the character set
> restrictions for scope and error values in the core spec, rather than def=
ining
> them in the bearer spec.  It turns out that I could not do that as the co=
re spec
> is currently written, because the character set restrictions are not pres=
ent in
> the core spec.  If they are added to the core spec, I can satisfy the bea=
rer
> DISCUSS by doing so.  If the restrictions are not added, I cannot.
>=20
> This consensus call is part of resolving this DISCUSS, which affects both=
 specs.
>=20
> 				-- Mike
>=20
> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf
> Of Eran Hammer
> Sent: Wednesday, May 09, 2012 3:35 PM
> To: Hannes Tschofenig; oauth@ietf.org WG
> Subject: Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer
> Spec
>=20
> I am confused by the process here.
>=20
> The IESG review raised a LONG list of discuss items for the core specific=
ation.
> I was able to successfully address all but three remaining issues:
>=20
> 1. Lack of ABNF - I will do it myself this week since no one else bothere=
d to
> offer their help.
> 2. Registry rules - waiting for this to be cleared; have addressed the is=
sue but
> didn't hear back yet.
> 3. Comment on not allowing a fragment in redirection and endpoint URIs -
> waiting for text or item closed.
>=20
> Every other issue for this document has been closed.
>=20
> This WG cannot just go back after WG LC, IETF LC, and IESG review and mak=
e
> changes. This work is done, and any change made at this point must be for
> the sole purpose of addressing a discuss item. There are no discuss items=
 for
> *this* document related to errors. They have all been raised in detail,
> addressed, and closed!
>=20
> As for this survey -
>=20
> While I am still very much opposed to adding the protected resource regis=
try
> function to the core specification, this new issue clearly demonstrate th=
at
> this is not simply a matter of adding another error location.
>=20
> The core spec currently provides full guidance and definition for error
> extensibility. Extending the registry's scope means the need for non-triv=
ial
> new text that:
>=20
> * explains the process of adding new errors for endpoints not defined by =
this
> specification,
> * finds a common ground for value restrictions beyond what is already lis=
ted,
> * guide authors of future HTTP authentication schemes meant for use with
> OAuth (e.g. MAC) for their requirements for using the error registry, and
> * address the very likely scenario of the same error code carrying differ=
ent
> meanings in different endpoints, or an extension that adds a location to =
a
> code already defined elsewhere - something very likely to happen if you
> cross the two very different domains (OAuth endpoints, Protected resource
> endpoints). This requires changing the entire structure of the registry t=
o
> create separate records for each code/location pair.
>=20
> Any change to the core specification MUST address all these items. This i=
s
> absolutely NOT a matter of simply adding another location or throwing som=
e
> extra ABNF. Adding such new text will require another IETF LC and another
> IESG review - which are completely unjustified based on where the
> document is in its IESG review process.
>=20
> The point of IESG review is to close issues with minimal changes, not tak=
e it
> as an opportunity to sneak new functionality into the document. And it's =
not
> like this WG has not debated these items before, and made consensus calls
> on them.
>=20
> Not adding the protected resource location to the registry was the result=
 of
> intense negotiation both on the list and by the design committee. What wa=
s
> the point of asking a few of us to spend hours on the phone debating thes=
e
> issues and reaching a conclusion if it's another popularity contest now. =
We
> had FULL consensus by the design committee NOT to add the bearer errors
> to the core specification, and this recommendation was fully supported by
> the WG and documented in the issues tracker.
>=20
> These WG surveys are an insult to proper process.
>=20
> EH
>=20
>=20
>=20
>=20
> > -----Original Message-----
> > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf
> > Of Hannes Tschofenig
> > Sent: Wednesday, May 09, 2012 3:07 PM
> > To: oauth@ietf.org WG
> > Subject: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer
> > Spec
> >
> > Hi all,
> >
> > another issue that came up in Sean's IESG review was about the
> > encoding of the error / error_description / error_uri in the base and
> > in the bearer specification.
> >
> > As mentioned in my earlier mail about the registry for the error codes
> > there are three error fields defined in the two specification and the
> > error / error_description / error_uri fields are allowed to appear in
> > different parts of an HTTP message.
> > Depending on where they show up different encoding restrictions apply.
> >
> > For the core specification these error fields may appear in the
> > * body of the HTTP message (encoded in JSON)
> > * parameters to the query component of the redirection URI (using the
> >   "application/x-www-form-urlencoded" format)
> >
> > For the bearer specification these error fields appear in the HTTP head=
er.
> > Consequently, http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-19
> > says 'values for the "error" and "error_description" attributes MUST
> > NOT include characters outside the set %x20-21 / %x23-5B / %x5D-7E.'
> >
> > Now, here is the question. While these errors are essentially copied
> > over from one spec to the other the different encoding restrictions
> > make them different. Do we want different encodings of errors in the tw=
o
> documents?
> >
> > So, I see two options:
> >
> > 1) Leave the encoding as it is. This means the encoding of the error /
> > error_description / error_uri in the two specifications is different.
> >
> > 2) Harmonize the encoding between the two specifications by
> > incorporating the restrictions from the bearer specification into the b=
ase
> specification.
> >
> > Please indicate your preference by the end of next week (18th May 2012)=
.
> >
> > Ciao
> > Hannes
> >
> > _______________________________________________
> > OAuth mailing list
> > OAuth@ietf.org
> > https://www.ietf.org/mailman/listinfo/oauth
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>=20


From Michael.Jones@microsoft.com  Wed May  9 16:32:43 2012
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15CE811E80AA for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 16:32:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.909
X-Spam-Level: 
X-Spam-Status: No, score=-3.909 tagged_above=-999 required=5 tests=[AWL=-0.310, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jjQLy6h8VIPI for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 16:32:42 -0700 (PDT)
Received: from db3outboundpool.messaging.microsoft.com (db3ehsobe005.messaging.microsoft.com [213.199.154.143]) by ietfa.amsl.com (Postfix) with ESMTP id 5D51B11E80AD for <oauth@ietf.org>; Wed,  9 May 2012 16:32:41 -0700 (PDT)
Received: from mail101-db3-R.bigfish.com (10.3.81.227) by DB3EHSOBE001.bigfish.com (10.3.84.21) with Microsoft SMTP Server id 14.1.225.23; Wed, 9 May 2012 23:32:40 +0000
Received: from mail101-db3 (localhost [127.0.0.1])	by mail101-db3-R.bigfish.com (Postfix) with ESMTP id 754714A0590; Wed,  9 May 2012 23:32:40 +0000 (UTC)
X-SpamScore: -38
X-BigFish: VS-38(zz9371I14ffI542M1432Nc1dMzz1202hzz1033IL8275dhz2fh2a8h668h839h944hd25h)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC102.redmond.corp.microsoft.com; RD:none; EFVD:NLI
Received-SPF: pass (mail101-db3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14MLTC102.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail101-db3 (localhost.localdomain [127.0.0.1]) by mail101-db3 (MessageSwitch) id 1336606358576646_3739; Wed,  9 May 2012 23:32:38 +0000 (UTC)
Received: from DB3EHSMHS012.bigfish.com (unknown [10.3.81.235])	by mail101-db3.bigfish.com (Postfix) with ESMTP id 85C251000A1; Wed,  9 May 2012 23:32:38 +0000 (UTC)
Received: from TK5EX14MLTC102.redmond.corp.microsoft.com (131.107.125.8) by DB3EHSMHS012.bigfish.com (10.3.87.112) with Microsoft SMTP Server (TLS) id 14.1.225.23; Wed, 9 May 2012 23:32:38 +0000
Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.230]) by TK5EX14MLTC102.redmond.corp.microsoft.com ([157.54.79.180]) with mapi id 14.02.0298.005; Wed, 9 May 2012 23:32:35 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Eran Hammer <eran@hueniverse.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, "oauth@ietf.org WG" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec
Thread-Index: AQHNLjAPfUna+mufcUmIKpLKwMV+D5bCC2sAgAAA8VCAAAeCAIAAAHdA
Date: Wed, 9 May 2012 23:32:34 +0000
Message-ID: <4E1F6AAD24975D4BA5B1680429673943664CE4A2@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <7D98C51F-84D8-48AA-B94D-EABE4D0921DB@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA201026B48@P3PWEX2MB008.ex2.secureserver.net> <4E1F6AAD24975D4BA5B1680429673943664CE3AE@TK5EX14MBXC283.redmond.corp.microsoft.com> <0CBAEB56DDB3A140BA8E8C124C04ECA201026CA8@P3PWEX2MB008.ex2.secureserver.net>
In-Reply-To: <0CBAEB56DDB3A140BA8E8C124C04ECA201026CA8@P3PWEX2MB008.ex2.secureserver.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.32]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Subject: Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 23:32:43 -0000

Per the earlier correction to my typo, the DISCUSS was on the bearer spec. =
 It asked me to reference syntax restrictions for scope and error values th=
e core spec, that it turns out were not uniformly present there.  The chair=
s decided to ask the working group whether to add them there (allowing me t=
o satisfy the bearer DISCUSS) or whether not to (in which case, we'll have =
to come up with a different resolution).

I believe it was reasonable of the person filing the DISCUSS to expect the =
syntax for these elements to be the same between the two specs, and so reas=
onable of the chairs to ask the question.

To my knowledge, there was no working group consensus that the syntax of th=
ese elements should be different across the OAuth specs (despite your appar=
ent representation to the contrary below).  In fact, at least in the case o=
f the scope parameter, there was clear WG consensus tracked as http://trac.=
tools.ietf.org/wg/oauth/trac/ticket/27 to make them be the same.=20

Yes, I have expressed my personal opinions as a member of the working group=
 in appropriate contexts (as have you).  But I have never represented my pe=
rsonal opinions as working group consensus unless that was actually the cas=
e, your statements below notwithstanding.

				-- Mike

P.S.  As you know, the other outstanding consensus call about registering O=
Auth Errors was a result of a DISCUSS on the bearer spec that explicitly as=
ked us to register the bearer errors in the existing OAuth Errors Registry =
- not a result of me suggesting that that should occur or me failing to acc=
urately represent the working group discussions on that issue to date.  Aga=
in, it's a fair question raised by an IESG member, and one that Stephen Far=
rell asked the chairs to make a working group consensus call on, so that DI=
SCUSS can be addressed as well.

-----Original Message-----
From: Eran Hammer [mailto:eran@hueniverse.com]=20
Sent: Wednesday, May 09, 2012 4:05 PM
To: Mike Jones; Hannes Tschofenig; oauth@ietf.org WG
Subject: RE: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Sp=
ec

There was no such discuss on the core specification.

The only open discuss on the core specification related to character sets i=
s to translate the EXISTING prose into ABNF which will not have any impleme=
ntation impact.

The proper response to the bearer specification discuss was to simply add a=
 registry there, and to clearly state that this matter was discussed extens=
ively by the WG and the design committee. Instead of representing this info=
rmation to the IESG, you failed to do your job as editor and offered your p=
ersonal view which was rejected by the WG and recorded in the issue tracker=
 at the time.

You don't get a second chance to insert your personal position during the I=
ESG review process. As editor, you only get to represent the WG consensus w=
hen addressing issues. If you go and read my responses to the long list of =
discuss items on the core specification you will see that I represented vie=
ws I personally did not agree with (the lack of interop, undefined security=
, etc.) because as editor, I don't get to go to the IESG and disrespect the=
 WG's decision.

The IESG members rely on the editor to represent the WG decisions to them w=
hen addressing issues. You failed to do that, promoted your personal view, =
and now we are having this discussion all over again - a discussion that la=
st time was only resolved by creating the design committee.

EH


> -----Original Message-----
> From: Mike Jones [mailto:Michael.Jones@microsoft.com]
> Sent: Wednesday, May 09, 2012 3:41 PM
> To: Eran Hammer; Hannes Tschofenig; oauth@ietf.org WG
> Subject: RE: [OAUTH-WG] Encoding of Errors in the Base and in the=20
> Bearer Spec
>=20
> There was a DISCUSS on the core spec asking us to cite the character=20
> set restrictions for scope and error values in the core spec, rather=20
> than defining them in the bearer spec.  It turns out that I could not=20
> do that as the core spec is currently written, because the character=20
> set restrictions are not present in the core spec.  If they are added=20
> to the core spec, I can satisfy the bearer DISCUSS by doing so.  If the r=
estrictions are not added, I cannot.
>=20
> This consensus call is part of resolving this DISCUSS, which affects both=
 specs.
>=20
> 				-- Mike
>=20
> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf=20
> Of Eran Hammer
> Sent: Wednesday, May 09, 2012 3:35 PM
> To: Hannes Tschofenig; oauth@ietf.org WG
> Subject: Re: [OAUTH-WG] Encoding of Errors in the Base and in the=20
> Bearer Spec
>=20
> I am confused by the process here.
>=20
> The IESG review raised a LONG list of discuss items for the core specific=
ation.
> I was able to successfully address all but three remaining issues:
>=20
> 1. Lack of ABNF - I will do it myself this week since no one else=20
> bothered to offer their help.
> 2. Registry rules - waiting for this to be cleared; have addressed the=20
> issue but didn't hear back yet.
> 3. Comment on not allowing a fragment in redirection and endpoint URIs=20
> - waiting for text or item closed.
>=20
> Every other issue for this document has been closed.
>=20
> This WG cannot just go back after WG LC, IETF LC, and IESG review and=20
> make changes. This work is done, and any change made at this point=20
> must be for the sole purpose of addressing a discuss item. There are=20
> no discuss items for
> *this* document related to errors. They have all been raised in=20
> detail, addressed, and closed!
>=20
> As for this survey -
>=20
> While I am still very much opposed to adding the protected resource=20
> registry function to the core specification, this new issue clearly=20
> demonstrate that this is not simply a matter of adding another error loca=
tion.
>=20
> The core spec currently provides full guidance and definition for=20
> error extensibility. Extending the registry's scope means the need for=20
> non-trivial new text that:
>=20
> * explains the process of adding new errors for endpoints not defined=20
> by this specification,
> * finds a common ground for value restrictions beyond what is already=20
> listed,
> * guide authors of future HTTP authentication schemes meant for use=20
> with OAuth (e.g. MAC) for their requirements for using the error=20
> registry, and
> * address the very likely scenario of the same error code carrying=20
> different meanings in different endpoints, or an extension that adds a=20
> location to a code already defined elsewhere - something very likely=20
> to happen if you cross the two very different domains (OAuth=20
> endpoints, Protected resource endpoints). This requires changing the=20
> entire structure of the registry to create separate records for each code=
/location pair.
>=20
> Any change to the core specification MUST address all these items.=20
> This is absolutely NOT a matter of simply adding another location or=20
> throwing some extra ABNF. Adding such new text will require another=20
> IETF LC and another IESG review - which are completely unjustified=20
> based on where the document is in its IESG review process.
>=20
> The point of IESG review is to close issues with minimal changes, not=20
> take it as an opportunity to sneak new functionality into the=20
> document. And it's not like this WG has not debated these items=20
> before, and made consensus calls on them.
>=20
> Not adding the protected resource location to the registry was the=20
> result of intense negotiation both on the list and by the design=20
> committee. What was the point of asking a few of us to spend hours on=20
> the phone debating these issues and reaching a conclusion if it's=20
> another popularity contest now. We had FULL consensus by the design=20
> committee NOT to add the bearer errors to the core specification, and=20
> this recommendation was fully supported by the WG and documented in the i=
ssues tracker.
>=20
> These WG surveys are an insult to proper process.
>=20
> EH
>=20
>=20
>=20
>=20
> > -----Original Message-----
> > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On=20
> > Behalf Of Hannes Tschofenig
> > Sent: Wednesday, May 09, 2012 3:07 PM
> > To: oauth@ietf.org WG
> > Subject: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer=20
> > Spec
> >
> > Hi all,
> >
> > another issue that came up in Sean's IESG review was about the=20
> > encoding of the error / error_description / error_uri in the base=20
> > and in the bearer specification.
> >
> > As mentioned in my earlier mail about the registry for the error=20
> > codes there are three error fields defined in the two specification=20
> > and the error / error_description / error_uri fields are allowed to=20
> > appear in different parts of an HTTP message.
> > Depending on where they show up different encoding restrictions apply.
> >
> > For the core specification these error fields may appear in the
> > * body of the HTTP message (encoded in JSON)
> > * parameters to the query component of the redirection URI (using the
> >   "application/x-www-form-urlencoded" format)
> >
> > For the bearer specification these error fields appear in the HTTP head=
er.
> > Consequently,=20
> > http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-19
> > says 'values for the "error" and "error_description" attributes MUST=20
> > NOT include characters outside the set %x20-21 / %x23-5B / %x5D-7E.'
> >
> > Now, here is the question. While these errors are essentially copied=20
> > over from one spec to the other the different encoding restrictions=20
> > make them different. Do we want different encodings of errors in the=20
> > two
> documents?
> >
> > So, I see two options:
> >
> > 1) Leave the encoding as it is. This means the encoding of the error=20
> > / error_description / error_uri in the two specifications is different.
> >
> > 2) Harmonize the encoding between the two specifications by=20
> > incorporating the restrictions from the bearer specification into=20
> > the base
> specification.
> >
> > Please indicate your preference by the end of next week (18th May 2012)=
.
> >
> > Ciao
> > Hannes
> >
> > _______________________________________________
> > OAuth mailing list
> > OAuth@ietf.org
> > https://www.ietf.org/mailman/listinfo/oauth
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>=20




From eran@hueniverse.com  Wed May  9 16:43:18 2012
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3947711E80E4 for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 16:43:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.552
X-Spam-Level: 
X-Spam-Status: No, score=-2.552 tagged_above=-999 required=5 tests=[AWL=0.047,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VSgQMsZYRnzL for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 16:43:17 -0700 (PDT)
Received: from p3plex2out02.prod.phx3.secureserver.net (p3plex2out02.prod.phx3.secureserver.net [184.168.131.14]) by ietfa.amsl.com (Postfix) with ESMTP id 1A73C11E80E3 for <oauth@ietf.org>; Wed,  9 May 2012 16:43:17 -0700 (PDT)
Received: from P3PWEX2HT002.ex2.secureserver.net ([184.168.131.10]) by p3plex2out02.prod.phx3.secureserver.net with bizsmtp id 7zjG1j0010Dcg9U01zjGYM; Wed, 09 May 2012 16:43:16 -0700
Received: from P3PWEX2MB008.ex2.secureserver.net ([169.254.8.88]) by P3PWEX2HT002.ex2.secureserver.net ([184.168.131.10]) with mapi id 14.02.0247.003; Wed, 9 May 2012 16:43:16 -0700
From: Eran Hammer <eran@hueniverse.com>
To: Mike Jones <Michael.Jones@microsoft.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, "oauth@ietf.org WG" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec
Thread-Index: AQHNLjANNsFaP6agWkmJphYfo3JtRpbCBDOQgAB+e4D//4880IAAfxMA//+MN0A=
Date: Wed, 9 May 2012 23:43:15 +0000
Message-ID: <0CBAEB56DDB3A140BA8E8C124C04ECA201026DA4@P3PWEX2MB008.ex2.secureserver.net>
References: <7D98C51F-84D8-48AA-B94D-EABE4D0921DB@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA201026B48@P3PWEX2MB008.ex2.secureserver.net> <4E1F6AAD24975D4BA5B1680429673943664CE3AE@TK5EX14MBXC283.redmond.corp.microsoft.com> <0CBAEB56DDB3A140BA8E8C124C04ECA201026CA8@P3PWEX2MB008.ex2.secureserver.net> <4E1F6AAD24975D4BA5B1680429673943664CE4A2@TK5EX14MBXC283.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B1680429673943664CE4A2@TK5EX14MBXC283.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [64.74.213.174]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 23:43:18 -0000

I am only talking about the error code registry (location and value restric=
tions).

Go back to your responses to the IESG questions about adding the errors to =
the core spec's registry and you'll clearly see how you failed to represent=
 the WG consensus. Instead, you should have pointed to the WG consensus reg=
arding the scope of the error registry in the core spec, and only suggestin=
g adding a registry in the bearer for that purpose alone.

EH



> -----Original Message-----
> From: Mike Jones [mailto:Michael.Jones@microsoft.com]
> Sent: Wednesday, May 09, 2012 4:33 PM
> To: Eran Hammer; Hannes Tschofenig; oauth@ietf.org WG
> Subject: RE: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer
> Spec
>=20
> Per the earlier correction to my typo, the DISCUSS was on the bearer spec=
.  It
> asked me to reference syntax restrictions for scope and error values the =
core
> spec, that it turns out were not uniformly present there.  The chairs dec=
ided
> to ask the working group whether to add them there (allowing me to satisf=
y
> the bearer DISCUSS) or whether not to (in which case, we'll have to come =
up
> with a different resolution).
>=20
> I believe it was reasonable of the person filing the DISCUSS to expect th=
e
> syntax for these elements to be the same between the two specs, and so
> reasonable of the chairs to ask the question.
>=20
> To my knowledge, there was no working group consensus that the syntax of
> these elements should be different across the OAuth specs (despite your
> apparent representation to the contrary below).  In fact, at least in the=
 case
> of the scope parameter, there was clear WG consensus tracked as
> http://trac.tools.ietf.org/wg/oauth/trac/ticket/27 to make them be the
> same.
>=20
> Yes, I have expressed my personal opinions as a member of the working
> group in appropriate contexts (as have you).  But I have never represente=
d
> my personal opinions as working group consensus unless that was actually
> the case, your statements below notwithstanding.
>=20
> 				-- Mike
>=20
> P.S.  As you know, the other outstanding consensus call about registering
> OAuth Errors was a result of a DISCUSS on the bearer spec that explicitly
> asked us to register the bearer errors in the existing OAuth Errors Regis=
try -
> not a result of me suggesting that that should occur or me failing to
> accurately represent the working group discussions on that issue to date.
> Again, it's a fair question raised by an IESG member, and one that Stephe=
n
> Farrell asked the chairs to make a working group consensus call on, so th=
at
> DISCUSS can be addressed as well.
>=20
> -----Original Message-----
> From: Eran Hammer [mailto:eran@hueniverse.com]
> Sent: Wednesday, May 09, 2012 4:05 PM
> To: Mike Jones; Hannes Tschofenig; oauth@ietf.org WG
> Subject: RE: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer
> Spec
>=20
> There was no such discuss on the core specification.
>=20
> The only open discuss on the core specification related to character sets=
 is to
> translate the EXISTING prose into ABNF which will not have any
> implementation impact.
>=20
> The proper response to the bearer specification discuss was to simply add=
 a
> registry there, and to clearly state that this matter was discussed exten=
sively
> by the WG and the design committee. Instead of representing this
> information to the IESG, you failed to do your job as editor and offered =
your
> personal view which was rejected by the WG and recorded in the issue
> tracker at the time.
>=20
> You don't get a second chance to insert your personal position during the
> IESG review process. As editor, you only get to represent the WG consensu=
s
> when addressing issues. If you go and read my responses to the long list =
of
> discuss items on the core specification you will see that I represented v=
iews I
> personally did not agree with (the lack of interop, undefined security, e=
tc.)
> because as editor, I don't get to go to the IESG and disrespect the WG's
> decision.
>=20
> The IESG members rely on the editor to represent the WG decisions to them
> when addressing issues. You failed to do that, promoted your personal vie=
w,
> and now we are having this discussion all over again - a discussion that =
last
> time was only resolved by creating the design committee.
>=20
> EH
>=20
>=20
> > -----Original Message-----
> > From: Mike Jones [mailto:Michael.Jones@microsoft.com]
> > Sent: Wednesday, May 09, 2012 3:41 PM
> > To: Eran Hammer; Hannes Tschofenig; oauth@ietf.org WG
> > Subject: RE: [OAUTH-WG] Encoding of Errors in the Base and in the
> > Bearer Spec
> >
> > There was a DISCUSS on the core spec asking us to cite the character
> > set restrictions for scope and error values in the core spec, rather
> > than defining them in the bearer spec.  It turns out that I could not
> > do that as the core spec is currently written, because the character
> > set restrictions are not present in the core spec.  If they are added
> > to the core spec, I can satisfy the bearer DISCUSS by doing so.  If the
> restrictions are not added, I cannot.
> >
> > This consensus call is part of resolving this DISCUSS, which affects bo=
th
> specs.
> >
> > 				-- Mike
> >
> > -----Original Message-----
> > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf
> > Of Eran Hammer
> > Sent: Wednesday, May 09, 2012 3:35 PM
> > To: Hannes Tschofenig; oauth@ietf.org WG
> > Subject: Re: [OAUTH-WG] Encoding of Errors in the Base and in the
> > Bearer Spec
> >
> > I am confused by the process here.
> >
> > The IESG review raised a LONG list of discuss items for the core
> specification.
> > I was able to successfully address all but three remaining issues:
> >
> > 1. Lack of ABNF - I will do it myself this week since no one else
> > bothered to offer their help.
> > 2. Registry rules - waiting for this to be cleared; have addressed the
> > issue but didn't hear back yet.
> > 3. Comment on not allowing a fragment in redirection and endpoint URIs
> > - waiting for text or item closed.
> >
> > Every other issue for this document has been closed.
> >
> > This WG cannot just go back after WG LC, IETF LC, and IESG review and
> > make changes. This work is done, and any change made at this point
> > must be for the sole purpose of addressing a discuss item. There are
> > no discuss items for
> > *this* document related to errors. They have all been raised in
> > detail, addressed, and closed!
> >
> > As for this survey -
> >
> > While I am still very much opposed to adding the protected resource
> > registry function to the core specification, this new issue clearly
> > demonstrate that this is not simply a matter of adding another error
> location.
> >
> > The core spec currently provides full guidance and definition for
> > error extensibility. Extending the registry's scope means the need for
> > non-trivial new text that:
> >
> > * explains the process of adding new errors for endpoints not defined
> > by this specification,
> > * finds a common ground for value restrictions beyond what is already
> > listed,
> > * guide authors of future HTTP authentication schemes meant for use
> > with OAuth (e.g. MAC) for their requirements for using the error
> > registry, and
> > * address the very likely scenario of the same error code carrying
> > different meanings in different endpoints, or an extension that adds a
> > location to a code already defined elsewhere - something very likely
> > to happen if you cross the two very different domains (OAuth
> > endpoints, Protected resource endpoints). This requires changing the
> > entire structure of the registry to create separate records for each
> code/location pair.
> >
> > Any change to the core specification MUST address all these items.
> > This is absolutely NOT a matter of simply adding another location or
> > throwing some extra ABNF. Adding such new text will require another
> > IETF LC and another IESG review - which are completely unjustified
> > based on where the document is in its IESG review process.
> >
> > The point of IESG review is to close issues with minimal changes, not
> > take it as an opportunity to sneak new functionality into the
> > document. And it's not like this WG has not debated these items
> > before, and made consensus calls on them.
> >
> > Not adding the protected resource location to the registry was the
> > result of intense negotiation both on the list and by the design
> > committee. What was the point of asking a few of us to spend hours on
> > the phone debating these issues and reaching a conclusion if it's
> > another popularity contest now. We had FULL consensus by the design
> > committee NOT to add the bearer errors to the core specification, and
> > this recommendation was fully supported by the WG and documented in
> the issues tracker.
> >
> > These WG surveys are an insult to proper process.
> >
> > EH
> >
> >
> >
> >
> > > -----Original Message-----
> > > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On
> > > Behalf Of Hannes Tschofenig
> > > Sent: Wednesday, May 09, 2012 3:07 PM
> > > To: oauth@ietf.org WG
> > > Subject: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer
> > > Spec
> > >
> > > Hi all,
> > >
> > > another issue that came up in Sean's IESG review was about the
> > > encoding of the error / error_description / error_uri in the base
> > > and in the bearer specification.
> > >
> > > As mentioned in my earlier mail about the registry for the error
> > > codes there are three error fields defined in the two specification
> > > and the error / error_description / error_uri fields are allowed to
> > > appear in different parts of an HTTP message.
> > > Depending on where they show up different encoding restrictions apply=
.
> > >
> > > For the core specification these error fields may appear in the
> > > * body of the HTTP message (encoded in JSON)
> > > * parameters to the query component of the redirection URI (using the
> > >   "application/x-www-form-urlencoded" format)
> > >
> > > For the bearer specification these error fields appear in the HTTP he=
ader.
> > > Consequently,
> > > http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-19
> > > says 'values for the "error" and "error_description" attributes MUST
> > > NOT include characters outside the set %x20-21 / %x23-5B / %x5D-7E.'
> > >
> > > Now, here is the question. While these errors are essentially copied
> > > over from one spec to the other the different encoding restrictions
> > > make them different. Do we want different encodings of errors in the
> > > two
> > documents?
> > >
> > > So, I see two options:
> > >
> > > 1) Leave the encoding as it is. This means the encoding of the error
> > > / error_description / error_uri in the two specifications is differen=
t.
> > >
> > > 2) Harmonize the encoding between the two specifications by
> > > incorporating the restrictions from the bearer specification into
> > > the base
> > specification.
> > >
> > > Please indicate your preference by the end of next week (18th May
> 2012).
> > >
> > > Ciao
> > > Hannes
> > >
> > > _______________________________________________
> > > OAuth mailing list
> > > OAuth@ietf.org
> > > https://www.ietf.org/mailman/listinfo/oauth
> > _______________________________________________
> > OAuth mailing list
> > OAuth@ietf.org
> > https://www.ietf.org/mailman/listinfo/oauth
> >
>=20
>=20


From eran@hueniverse.com  Wed May  9 17:17:16 2012
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30E3511E80E4 for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 17:17:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.552
X-Spam-Level: 
X-Spam-Status: No, score=-2.552 tagged_above=-999 required=5 tests=[AWL=0.046,  BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W+n8wVkRmuL5 for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 17:17:14 -0700 (PDT)
Received: from p3plex2out02.prod.phx3.secureserver.net (p3plex2out02.prod.phx3.secureserver.net [184.168.131.14]) by ietfa.amsl.com (Postfix) with ESMTP id 1EE0C11E80E1 for <oauth@ietf.org>; Wed,  9 May 2012 17:17:11 -0700 (PDT)
Received: from P3PWEX2HT003.ex2.secureserver.net ([184.168.131.11]) by p3plex2out02.prod.phx3.secureserver.net with bizsmtp id 80HA1j0040EuLVk010HAWZ; Wed, 09 May 2012 17:17:10 -0700
Received: from P3PWEX2MB008.ex2.secureserver.net ([169.254.8.88]) by P3PWEX2HT003.ex2.secureserver.net ([184.168.131.11]) with mapi id 14.02.0247.003; Wed, 9 May 2012 17:17:10 -0700
From: Eran Hammer <eran@hueniverse.com>
To: "oauth@ietf.org WG (oauth@ietf.org)" <oauth@ietf.org>
Thread-Topic: Bearer token DISCUSS items related to errors
Thread-Index: Ac0uPyyFp+WxhSBGSfKzyUQ+QV5C9w==
Date: Thu, 10 May 2012 00:17:10 +0000
Message-ID: <0CBAEB56DDB3A140BA8E8C124C04ECA201026E40@P3PWEX2MB008.ex2.secureserver.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [64.74.213.174]
Content-Type: multipart/alternative; boundary="_000_0CBAEB56DDB3A140BA8E8C124C04ECA201026E40P3PWEX2MB008ex2_"
MIME-Version: 1.0
Subject: [OAUTH-WG] Bearer token DISCUSS items related to errors
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 May 2012 00:17:16 -0000

--_000_0CBAEB56DDB3A140BA8E8C124C04ECA201026E40P3PWEX2MB008ex2_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Most people on this WG are not aware of all the details around the on-going=
 IESG review and my objections to making additional changes to the core spe=
cification. Currently, these are the open issues preventing the bearer spec=
ification from being approved:

>From Russ Housley:

  Section 3.1 specifies Error Codes.  Alexey suggested the use
  of an IANA registry for this field.  Apparently there is already a
  registry created by draft-ietf-oauth-v2. However this document does
  not register values defined in this section in that registry.  Please
  explain why the IANA registry is not leveraged by this document.

>From Sean Turner:

  s3.1: Shouldn't the character set restrictions on error, error_descriptio=
n,
  and error_uri be in draft-ietf-oauth-v2?

>From Pete Resnick:

[ the use of a reserved query parameter 'access_token' ]

---

Sean Turner closed this issue today so it is no longer relevant. Basically,=
 as currently drafted, there is no overlap between the parameters and the e=
ncoding reflects the transport restrictions of each specification. While I =
don't have a technical objection to limiting the character set of the error=
 parameter in the core specification, I do object to making a breaking chan=
ge at this point without any actual technical justification.

Peter Resnick's issue has nothing to do with this so I will not discuss it.

The only remaining issue is Russ' which SHOULD have been replied to with:

---
The use of the error registry in draft-ietf-oauth-v2 for the error codes de=
fined in the bearer specification was extensively discussed by the working =
group and the special design committee appointed by the chairs. The working=
 group consensus was that these errors, while similar is name and meaning t=
o those used in the core specification, belong elsewhere. They relate to th=
e protected resource namespace which is not covered by the core specificati=
on.

In addition, there was no working group consensus whether the error paramet=
er used by the bearer specification was the preferred mechanism for relayin=
g errors in protected resource access or HTTP authentication schemes (e.g. =
the MAC token scheme draft does not use such mechanism and opted to rely on=
 simple HTTP status codes instead). At the time, the working group reached =
out to HTTPbis for guidance and did not receive a conclusive answer.

This issue was documented in the issues tracker [1] and was closed after ex=
tensive discussions. The working group's consensus was that if a registry i=
s required, it should be defined within the bearer specification.
---

All Russ was asking for is an explanation. Instead, he was told there was n=
o good reason and that it should be changed. That was clearly not an honest=
 representation of clear working group consensus from over 10 months ago wh=
ich was achieved at great effort.

EH

[1] http://trac.tools.ietf.org/wg/oauth/trac/ticket/11







--_000_0CBAEB56DDB3A140BA8E8C124C04ECA201026E40P3PWEX2MB008ex2_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal">Most people on this WG are not aware of all the deta=
ils around the on-going IESG review and my objections to making additional =
changes to the core specification. Currently, these are the open issues pre=
venting the bearer specification from
 being approved:<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">From Russ Housley:<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">&nbsp; Section 3.1 specifies Error Codes.&nbsp; Alex=
ey suggested the use<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp; of an IANA registry for this field.&nbsp; App=
arently there is already a<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp; registry created by draft-ietf-oauth-v2. Howe=
ver this document does<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp; not register values defined in this section i=
n that registry.&nbsp; Please<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp; explain why the IANA registry is not leverage=
d by this document.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">From Sean Turner:<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">&nbsp; s3.1: Shouldn't the character set restriction=
s on error, error_description,<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp; and error_uri be in draft-ietf-oauth-v2?<o:p>=
</o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">From Pete Resnick:<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">[ the use of a reserved query parameter &#8216;acces=
s_token&#8217; ]<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">---<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Sean Turner closed this issue today so it is no long=
er relevant. Basically, as currently drafted, there is no overlap between t=
he parameters and the encoding reflects the transport restrictions of each =
specification. While I don&#8217;t have
 a technical objection to limiting the character set of the error parameter=
 in the core specification, I do object to making a breaking change at this=
 point without any actual technical justification.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Peter Resnick&#8217;s issue has nothing to do with t=
his so I will not discuss it.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">The only remaining issue is Russ&#8217; which SHOULD=
 have been replied to with:<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">---<o:p></o:p></p>
<p class=3D"MsoNormal">The use of the error registry in draft-ietf-oauth-v2=
 for the error codes defined in the bearer specification was extensively di=
scussed by the working group and the special design committee appointed by =
the chairs. The working group consensus
 was that these errors, while similar is name and meaning to those used in =
the core specification, belong elsewhere. They relate to the protected reso=
urce namespace which is not covered by the core specification.<o:p></o:p></=
p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">In addition, there was no working group consensus wh=
ether the error parameter used by the bearer specification was the preferre=
d mechanism for relaying errors in protected resource access or HTTP authen=
tication schemes (e.g. the MAC token
 scheme draft does not use such mechanism and opted to rely on simple HTTP =
status codes instead). At the time, the working group reached out to HTTPbi=
s for guidance and did not receive a conclusive answer.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">This issue was documented in the issues tracker [1] =
and was closed after extensive discussions. The working group&#8217;s conse=
nsus was that if a registry is required, it should be defined within the be=
arer specification.<o:p></o:p></p>
<p class=3D"MsoNormal">---<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">All Russ was asking for is an explanation. Instead, =
he was told there was no good reason and that it should be changed. That wa=
s clearly not an honest representation of clear working group consensus fro=
m over 10 months ago which was achieved
 at great effort.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">EH<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">[1] <a href=3D"http://trac.tools.ietf.org/wg/oauth/t=
rac/ticket/11">
http://trac.tools.ietf.org/wg/oauth/trac/ticket/11</a><o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
</body>
</html>

--_000_0CBAEB56DDB3A140BA8E8C124C04ECA201026E40P3PWEX2MB008ex2_--

From Michael.Jones@microsoft.com  Wed May  9 17:42:37 2012
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19F4221F846A for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 17:42:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.903
X-Spam-Level: 
X-Spam-Status: No, score=-3.903 tagged_above=-999 required=5 tests=[AWL=-0.305, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nA1dtKLJTbL6 for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 17:42:31 -0700 (PDT)
Received: from am1outboundpool.messaging.microsoft.com (am1ehsobe004.messaging.microsoft.com [213.199.154.207]) by ietfa.amsl.com (Postfix) with ESMTP id BBAAB21F844B for <oauth@ietf.org>; Wed,  9 May 2012 17:42:30 -0700 (PDT)
Received: from mail64-am1-R.bigfish.com (10.3.201.252) by AM1EHSOBE006.bigfish.com (10.3.204.26) with Microsoft SMTP Server id 14.1.225.23; Thu, 10 May 2012 00:42:29 +0000
Received: from mail64-am1 (localhost [127.0.0.1])	by mail64-am1-R.bigfish.com (Postfix) with ESMTP id B98B54C03E4; Thu, 10 May 2012 00:42:29 +0000 (UTC)
X-SpamScore: -21
X-BigFish: VS-21(zz9371Ic85fhzz1202hzz1033IL8275bh8275dhz2fh2a8h668h839hd25h)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC105.redmond.corp.microsoft.com; RD:none; EFVD:NLI
Received-SPF: pass (mail64-am1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC105.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail64-am1 (localhost.localdomain [127.0.0.1]) by mail64-am1 (MessageSwitch) id 133661054745772_6494; Thu, 10 May 2012 00:42:27 +0000 (UTC)
Received: from AM1EHSMHS018.bigfish.com (unknown [10.3.201.229])	by mail64-am1.bigfish.com (Postfix) with ESMTP id 06BED2A0085; Thu, 10 May 2012 00:42:27 +0000 (UTC)
Received: from TK5EX14HUBC105.redmond.corp.microsoft.com (131.107.125.8) by AM1EHSMHS018.bigfish.com (10.3.206.21) with Microsoft SMTP Server (TLS) id 14.1.225.23; Thu, 10 May 2012 00:42:26 +0000
Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.230]) by TK5EX14HUBC105.redmond.corp.microsoft.com ([157.54.80.48]) with mapi id 14.02.0298.005; Thu, 10 May 2012 00:42:25 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Eran Hammer <eran@hueniverse.com>, "oauth@ietf.org WG (oauth@ietf.org)" <oauth@ietf.org>
Thread-Topic: Bearer token DISCUSS items related to errors
Thread-Index: Ac0uPyyFp+WxhSBGSfKzyUQ+QV5C9wAA4epA
Date: Thu, 10 May 2012 00:42:24 +0000
Message-ID: <4E1F6AAD24975D4BA5B1680429673943664CE5DF@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <0CBAEB56DDB3A140BA8E8C124C04ECA201026E40@P3PWEX2MB008.ex2.secureserver.net>
In-Reply-To: <0CBAEB56DDB3A140BA8E8C124C04ECA201026E40@P3PWEX2MB008.ex2.secureserver.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.32]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B1680429673943664CE5DFTK5EX14MBXC283r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Subject: Re: [OAUTH-WG] Bearer token DISCUSS items related to errors
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 May 2012 00:42:37 -0000

--_000_4E1F6AAD24975D4BA5B1680429673943664CE5DFTK5EX14MBXC283r_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I believe that you're intentionally oversimplifying things.  My memory was =
that originally you objected to having the OAuth Errors Registry at all.  I=
ssue 11 was about getting it created in the first place, despite your objec=
tions.  The compromise with you to get you to agree to it was that you inte=
ntionally excluded registration of errors resulting from OAuth flows E and =
F.  I fully remember what a painful process it was to get you to agree to t=
hat much, if that's the "extensive discussion by the working group" that yo=
u're referring to.  I wouldn't characterize the result as "working group co=
nsensus" so much as exhaustion.

As I see it as an individual, Russ's DISCUSS results from the simple observ=
ation that OAuth errors are not consistently registered across the OAuth sp=
ecs.  This may or not be changed, depending upon the result of the consensu=
s call and a decision by the chairs.  I'm fine with either outcome, but bel=
ieve that the working group should earnestly consider his request.

We're almost done.  I hope that after the consensus calls, this and the oth=
er open issues can be quickly addressed and we can finally achieve OAuth 2.=
0 RFCs.

                                                            -- Mike

From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of E=
ran Hammer
Sent: Wednesday, May 09, 2012 5:17 PM
To: oauth@ietf.org WG (oauth@ietf.org)
Subject: [OAUTH-WG] Bearer token DISCUSS items related to errors

Most people on this WG are not aware of all the details around the on-going=
 IESG review and my objections to making additional changes to the core spe=
cification. Currently, these are the open issues preventing the bearer spec=
ification from being approved:

>From Russ Housley:

  Section 3.1 specifies Error Codes.  Alexey suggested the use
  of an IANA registry for this field.  Apparently there is already a
  registry created by draft-ietf-oauth-v2. However this document does
  not register values defined in this section in that registry.  Please
  explain why the IANA registry is not leveraged by this document.

>From Sean Turner:

  s3.1: Shouldn't the character set restrictions on error, error_descriptio=
n,
  and error_uri be in draft-ietf-oauth-v2?

>From Pete Resnick:

[ the use of a reserved query parameter 'access_token' ]

---

Sean Turner closed this issue today so it is no longer relevant. Basically,=
 as currently drafted, there is no overlap between the parameters and the e=
ncoding reflects the transport restrictions of each specification. While I =
don't have a technical objection to limiting the character set of the error=
 parameter in the core specification, I do object to making a breaking chan=
ge at this point without any actual technical justification.

Peter Resnick's issue has nothing to do with this so I will not discuss it.

The only remaining issue is Russ' which SHOULD have been replied to with:

---
The use of the error registry in draft-ietf-oauth-v2 for the error codes de=
fined in the bearer specification was extensively discussed by the working =
group and the special design committee appointed by the chairs. The working=
 group consensus was that these errors, while similar is name and meaning t=
o those used in the core specification, belong elsewhere. They relate to th=
e protected resource namespace which is not covered by the core specificati=
on.

In addition, there was no working group consensus whether the error paramet=
er used by the bearer specification was the preferred mechanism for relayin=
g errors in protected resource access or HTTP authentication schemes (e.g. =
the MAC token scheme draft does not use such mechanism and opted to rely on=
 simple HTTP status codes instead). At the time, the working group reached =
out to HTTPbis for guidance and did not receive a conclusive answer.

This issue was documented in the issues tracker [1] and was closed after ex=
tensive discussions. The working group's consensus was that if a registry i=
s required, it should be defined within the bearer specification.
---

All Russ was asking for is an explanation. Instead, he was told there was n=
o good reason and that it should be changed. That was clearly not an honest=
 representation of clear working group consensus from over 10 months ago wh=
ich was achieved at great effort.

EH

[1] http://trac.tools.ietf.org/wg/oauth/trac/ticket/11







--_000_4E1F6AAD24975D4BA5B1680429673943664CE5DFTK5EX14MBXC283r_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
span.EmailStyle18
	{mso-style-type:personal-reply;
	font-family:"Calibri","sans-serif";
	color:#1F497D;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:10.0pt;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal"><span style=3D"color:#1F497D">I believe that you&#82=
17;re intentionally oversimplifying things.&nbsp; My memory was that origin=
ally you objected to having the OAuth Errors Registry at all.&nbsp; Issue 1=
1 was about getting it created in the first place, despite
 your objections.&nbsp; The compromise with you to get you to agree to it w=
as that you intentionally excluded registration of errors resulting from OA=
uth flows E and F.&nbsp; I fully remember what a painful process it was to =
get you to agree to that much, if that&#8217;s the
 &#8220;extensive discussion by the working group&#8221; that you&#8217;re =
referring to.&nbsp; I wouldn&#8217;t characterize the result as &#8220;work=
ing group consensus&#8221; so much as exhaustion.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D"><o:p>&nbsp;</o:p></spa=
n></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D">As I see it as an indi=
vidual, Russ&#8217;s DISCUSS results from the simple observation that OAuth=
 errors are not consistently registered across the OAuth specs.&nbsp; This =
may or not be changed, depending upon the result
 of the consensus call and a decision by the chairs.&nbsp; I&#8217;m fine w=
ith either outcome, but believe that the working group should earnestly con=
sider his request.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D"><o:p>&nbsp;</o:p></spa=
n></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D">We&#8217;re almost don=
e.&nbsp; I hope that after the consensus calls, this and the other open iss=
ues can be quickly addressed and we can finally achieve OAuth 2.0 RFCs.<o:p=
></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D"><o:p>&nbsp;</o:p></spa=
n></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D">&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- Mike<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D"><o:p>&nbsp;</o:p></spa=
n></p>
<div>
<div style=3D"border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in =
0in 0in">
<p class=3D"MsoNormal"><b><span style=3D"font-size:10.0pt;font-family:&quot=
;Tahoma&quot;,&quot;sans-serif&quot;">From:</span></b><span style=3D"font-s=
ize:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;"> oauth-bo=
unces@ietf.org [mailto:oauth-bounces@ietf.org]
<b>On Behalf Of </b>Eran Hammer<br>
<b>Sent:</b> Wednesday, May 09, 2012 5:17 PM<br>
<b>To:</b> oauth@ietf.org WG (oauth@ietf.org)<br>
<b>Subject:</b> [OAUTH-WG] Bearer token DISCUSS items related to errors<o:p=
></o:p></span></p>
</div>
</div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Most people on this WG are not aware of all the deta=
ils around the on-going IESG review and my objections to making additional =
changes to the core specification. Currently, these are the open issues pre=
venting the bearer specification from
 being approved:<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">From Russ Housley:<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">&nbsp; Section 3.1 specifies Error Codes.&nbsp; Alex=
ey suggested the use<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp; of an IANA registry for this field.&nbsp; App=
arently there is already a<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp; registry created by draft-ietf-oauth-v2. Howe=
ver this document does<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp; not register values defined in this section i=
n that registry.&nbsp; Please<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp; explain why the IANA registry is not leverage=
d by this document.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">From Sean Turner:<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">&nbsp; s3.1: Shouldn't the character set restriction=
s on error, error_description,<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp; and error_uri be in draft-ietf-oauth-v2?<o:p>=
</o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">From Pete Resnick:<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">[ the use of a reserved query parameter &#8216;acces=
s_token&#8217; ]<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">---<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Sean Turner closed this issue today so it is no long=
er relevant. Basically, as currently drafted, there is no overlap between t=
he parameters and the encoding reflects the transport restrictions of each =
specification. While I don&#8217;t have
 a technical objection to limiting the character set of the error parameter=
 in the core specification, I do object to making a breaking change at this=
 point without any actual technical justification.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Peter Resnick&#8217;s issue has nothing to do with t=
his so I will not discuss it.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">The only remaining issue is Russ&#8217; which SHOULD=
 have been replied to with:<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">---<o:p></o:p></p>
<p class=3D"MsoNormal">The use of the error registry in draft-ietf-oauth-v2=
 for the error codes defined in the bearer specification was extensively di=
scussed by the working group and the special design committee appointed by =
the chairs. The working group consensus
 was that these errors, while similar is name and meaning to those used in =
the core specification, belong elsewhere. They relate to the protected reso=
urce namespace which is not covered by the core specification.<o:p></o:p></=
p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">In addition, there was no working group consensus wh=
ether the error parameter used by the bearer specification was the preferre=
d mechanism for relaying errors in protected resource access or HTTP authen=
tication schemes (e.g. the MAC token
 scheme draft does not use such mechanism and opted to rely on simple HTTP =
status codes instead). At the time, the working group reached out to HTTPbi=
s for guidance and did not receive a conclusive answer.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">This issue was documented in the issues tracker [1] =
and was closed after extensive discussions. The working group&#8217;s conse=
nsus was that if a registry is required, it should be defined within the be=
arer specification.<o:p></o:p></p>
<p class=3D"MsoNormal">---<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">All Russ was asking for is an explanation. Instead, =
he was told there was no good reason and that it should be changed. That wa=
s clearly not an honest representation of clear working group consensus fro=
m over 10 months ago which was achieved
 at great effort.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">EH<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">[1] <a href=3D"http://trac.tools.ietf.org/wg/oauth/t=
rac/ticket/11">
http://trac.tools.ietf.org/wg/oauth/trac/ticket/11</a><o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
</body>
</html>

--_000_4E1F6AAD24975D4BA5B1680429673943664CE5DFTK5EX14MBXC283r_--

From stephen.farrell@cs.tcd.ie  Wed May  9 17:45:12 2012
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9274221F847D for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 17:45:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UbnScwJtn2+F for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 17:45:11 -0700 (PDT)
Received: from scss.tcd.ie (hermes.scss.tcd.ie [IPv6:2001:770:10:200:889f:cdff:fe8d:ccd2]) by ietfa.amsl.com (Postfix) with ESMTP id 29B8521F847C for <oauth@ietf.org>; Wed,  9 May 2012 17:45:11 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id EC89D171536; Thu, 10 May 2012 01:45:09 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:in-reply-to:references :subject:mime-version:user-agent:from:date:message-id:received :received:x-virus-scanned; s=cs; t=1336610709; bh=sdo3B1FO37X6nT pLB0CFMX80uiyGiAWgygJnqWPRsvw=; b=kHYj1IAxGlw68qvN2Na7HaXXtpde5z KyL9iYhEP8n3eh0vSvYRYB3XzC5vAyIfNALQ1j7vmSNw44yzKgADItgmEq1ja5hf FgL2hkP8qS5EQ9kS+9oh8BGRNhtDMgKH5JSmcEjstmd3LLnU/ZBAv33RjU7KKgwU V9W9a+QVtbAQeegA5dxrxdXzcVJfbwu8GiWtxhxbHuhLEtn/P0lsGhDzAlXoR5aX uC00IFC0K/Xslwuf0u/Pr5dwn2g9xH/eJYgNUQtaySrQfC9RK9PdgZnFLhZV9rWi PLoJt1BdR0J1ewlVc8MTEhxpxwrqA6yDrRQda8GnipbGcsEPNAZK6BRg==
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id j2deZqNPUfGk; Thu, 10 May 2012 01:45:09 +0100 (IST)
Received: from [10.87.48.9] (unknown [86.46.20.248]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id 5C761171512; Thu, 10 May 2012 01:45:07 +0100 (IST)
Message-ID: <4FAB0F93.4070003@cs.tcd.ie>
Date: Thu, 10 May 2012 01:45:07 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120430 Thunderbird/12.0.1
MIME-Version: 1.0
To: Mike Jones <Michael.Jones@microsoft.com>
References: <20120503181339.17651.84259.idtracker@ietfa.amsl.com> <CALaySJKLytyKdS=AUpa5wgRNBe96sHgZ1n0kGnO8fWyU4p-=vQ@mail.gmail.com> <4FAA7EB6.6050604@cs.tcd.ie> <4E1F6AAD24975D4BA5B1680429673943664CDA55@TK5EX14MBXC283.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B1680429673943664CDA55@TK5EX14MBXC283.redmond.corp.microsoft.com>
X-Enigmail-Version: 1.4.1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: "oauth-chairs@tools.ietf.org" <oauth-chairs@tools.ietf.org>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Internal WG Review: Recharter of Web Authorization Protocol (oauth)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 May 2012 00:45:12 -0000

Hi Mike,

On 05/09/2012 06:41 PM, Mike Jones wrote:
> Looks pretty good to me.  I might consider adding a sentence in the paragraph that motivates the new work items (that starts with "The ongoing standardization effort") to motivate the JWT work items.  For instance "Having a standard JSON-based assertion format and a profile for using it with OAuth will both improve interoperability among selected OAuth deployments and facilitate deployments."  (All the other new work items are already motivated in that paragraph.)
> 

I'm not sufficiently familiar with the current state of
play to include "JSON-based" so I've left that out.

> Typo:  Change "a authorization" to "an authorization".

Ta,
S.

> 
> 				-- Mike
> 
> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Stephen Farrell
> Sent: Wednesday, May 09, 2012 7:27 AM
> To: oauth-chairs@tools.ietf.org
> Cc: oauth@ietf.org
> Subject: Re: [OAUTH-WG] Internal WG Review: Recharter of Web Authorization Protocol (oauth)
> 
> 
> Hi,
> 
> There's been a bit of IESG comment on the proposed new charter resulting in a few editorial changes. So just in case, the text below is what I'd like to propose for approval on Thursday.
> 
> Let me know if there's anything substantively wrong here, in which case, we'll probably want to re-spin the text and I'll put it back for consideration on the following IESG meeting (another two weeks).
> 
> Thanks,
> Stephen.
> 
>> ------------------------------------------
>> Web Authorization Protocol (oauth)
>> ------------------------------------------
>> Current Status: Active
>> Last updated: 2012-05-03
>>
>> Chairs:
>>  Hannes Tschofenig <Hannes.Tschofenig@gmx.net>  Derek Atkins 
>> <derek@ihtfp.com>
>>
>> Security Area Directors:
>>  Stephen Farrell <stephen.farrell@cs.tcd.ie>  Sean Turner 
>> <turners@ieca.com>
>>
>> Security Area Advisor:
>>  Stephen Farrell <stephen.farrell@cs.tcd.ie>
>>
>> Technical Advisor:
>>  Peter Saint-Andre <stpeter@stpeter.im>
>>
>> Mailing Lists:
>>  Address:      oauth@ietf.org
>>  To Subscribe: https://www.ietf.org/mailman/listinfo/oauth
>>  Archive:      http://www.ietf.org/mail-archive/web/oauth/
>>
>> Description of Working Group:
>>
>> The Web Authorization (OAuth) protocol allows a user to grant a 
>> third-party Web site or application access to the user's protected 
>> resources, without necessarily revealing their long-term credentials, 
>> or even their identity. For example, a photo-sharing site that 
>> supports OAuth could allow its users to use a third-party printing Web 
>> site to print their private pictures, without allowing the printing 
>> site to gain full control of the user's account and without having the 
>> user sharing his or her photo-sharing sites' long-term credential with 
>> the printing site.
>>
>> The OAuth protocol suite encompasses
>> * a procedure for allowing a client to discover a authorization 
>> server,
>> * a protocol for obtaining authorization tokens from an authorization
>>   server with the resource owner's consent,
>> * protocols for presenting these authorization tokens to protected
>>   resources for access to a resource, and
>> * consequently for sharing data in a security and privacy respective way.
>>
>> The working group also developed security schemes for presenting 
>> authorization tokens to access a protected resource. This led to the 
>> publication of the bearer token, as well as work that remains to be 
>> completed on message authentication code (MAC) access authentication 
>> and SAML assertions to interwork with existing identity management 
>> solutions.  The working group will complete those remaining documents, 
>> and will also complete documentation of the OAuth threat model that 
>> was started under the previous charter.
>>
>> The ongoing standardization effort within the OAuth working group will 
>> focus on enhancing interoperability of OAuth deployments.  A standard 
>> for a token revocation service, which can be separated from the 
>> existing web tokens to the token repertoire will enable wider 
>> deployment of OAuth.  Extended documentation of OAuth use cases will 
>> enhance the understanding of the OAuth framework and provide 
>> assistance to implementors.  And dynamic client registration will make 
>> it easier to broadly deploy OAuth clients (performing services to users).
>>
>> Goals and Milestones
>>
>> Done  Submit 'OAuth 2.0 Threat Model and Security Considerations' as a
>>     working group item
>> Done  Submit 'HTTP Authentication: MAC Authentication' as a working
>>     group item
>> Done  Submit 'The OAuth 2.0 Protocol: Bearer Tokens' to the IESG for
>>     consideration as a Proposed Standard Done  Submit 'The OAuth 2.0 
>> Authorization Protocol' to the IESG for
>>     consideration as a Proposed Standard
>>
>> May  2012  Submit 'SAML 2.0 Bearer Assertion Profiles for OAuth 2.0' to
>>          the IESG for consideration as a Proposed Standard May  2012  
>> Submit 'OAuth 2.0 Assertion Profile' to the IESG for
>>          consideration as a Proposed Standard May  2012  Submit 'An 
>> IETF URN Sub-Namespace for OAuth' to the IESG for
>>          consideration as a Proposed Standard May  2012  Submit 'OAuth 
>> 2.0 Threat Model and Security Considerations'
>>          to the IESG for consideration as an Informational RFC Dec. 
>> 2012  Submit 'HTTP Authentication: MAC Authentication' to the IESG
>>          for consideration as a Proposed Standard
>>
>> Aug. 2012  Submit 'Token Revocation' to the IESG for consideration as a
>>          Proposed Standard
>> [Starting point for the work will be
>> http://datatracker.ietf.org/doc/draft-lodderstedt-oauth-revocation/]
>>
>> Nov. 2012  Submit 'JSON Web Token (JWT)' to the IESG for consideration
>>          as a Proposed Standard
>> [Starting point for the work will be
>> http://tools.ietf.org/html/draft-jones-json-web-token]
>>
>> Nov. 2012  Submit 'JSON Web Token (JWT) Bearer Token Profiles for OAuth
>>          2.0' to the IESG for consideration as a Proposed Standard 
>> [Starting point for the work will be 
>> http://tools.ietf.org/html/draft-jones-oauth-jwt-bearer]
>>
>> Dec. 2012  Submit 'OAuth Use Cases' to the IESG for consideration as an
>>          Informational RFC
>> [Starting point for the work will be
>> http://tools.ietf.org/html/draft-zeltsan-oauth-use-cases]
>>
>> Jul. 2013  Submit 'OAuth Dynamic Client Registration Protocol' to the
>>          IESG for consideration as a Proposed Standard [Starting point 
>> for the work will be 
>> http://tools.ietf.org/html/draft-hardjono-oauth-dynreg]
>> ------------------------------------------
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
> 
> 
> 

From eran@hueniverse.com  Wed May  9 17:47:44 2012
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 805FD11E80AA for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 17:47:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.554
X-Spam-Level: 
X-Spam-Status: No, score=-2.554 tagged_above=-999 required=5 tests=[AWL=0.044,  BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8XNfizm91Rnv for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 17:47:41 -0700 (PDT)
Received: from p3plex2out03.prod.phx3.secureserver.net (p3plex2out03.prod.phx3.secureserver.net [184.168.131.16]) by ietfa.amsl.com (Postfix) with ESMTP id 0389A21F84AA for <oauth@ietf.org>; Wed,  9 May 2012 17:47:40 -0700 (PDT)
Received: from P3PWEX2HT002.ex2.secureserver.net ([184.168.131.10]) by p3plex2out03.prod.phx3.secureserver.net with bizsmtp id 80ng1j0030Dcg9U010ngop; Wed, 09 May 2012 17:47:40 -0700
Received: from P3PWEX2MB008.ex2.secureserver.net ([169.254.8.88]) by P3PWEX2HT002.ex2.secureserver.net ([184.168.131.10]) with mapi id 14.02.0247.003; Wed, 9 May 2012 17:47:39 -0700
From: Eran Hammer <eran@hueniverse.com>
To: Mike Jones <Michael.Jones@microsoft.com>, "oauth@ietf.org WG (oauth@ietf.org)" <oauth@ietf.org>
Thread-Topic: Bearer token DISCUSS items related to errors
Thread-Index: Ac0uPyyFp+WxhSBGSfKzyUQ+QV5C9wAA4epAAADTa1A=
Date: Thu, 10 May 2012 00:47:39 +0000
Message-ID: <0CBAEB56DDB3A140BA8E8C124C04ECA201026FC8@P3PWEX2MB008.ex2.secureserver.net>
References: <0CBAEB56DDB3A140BA8E8C124C04ECA201026E40@P3PWEX2MB008.ex2.secureserver.net> <4E1F6AAD24975D4BA5B1680429673943664CE5DF@TK5EX14MBXC283.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B1680429673943664CE5DF@TK5EX14MBXC283.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [64.74.213.174]
Content-Type: multipart/alternative; boundary="_000_0CBAEB56DDB3A140BA8E8C124C04ECA201026FC8P3PWEX2MB008ex2_"
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] Bearer token DISCUSS items related to errors
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 May 2012 00:47:44 -0000

--_000_0CBAEB56DDB3A140BA8E8C124C04ECA201026FC8P3PWEX2MB008ex2_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I don't need to repeat three months of extensive arguments. AIRI, you were =
as strongly opinionated about this as I was, and it was largely an argument=
 between my, you, and Tony Nadalin. After we failed to reach WG consensus -=
 we did resolve some items as you indicated below - the chairs formed a des=
ign committee on which both Tony and I served. The committee unanimously de=
cided to not include the protected resource location in the registry. The c=
hairs presented this to the group, then closed the items.

My point is, it was a long and extensive debated that required much effort =
to resolve. Now all of a sudden, getting a quick round of +1 is enough to u=
ndo 3 months of negotiations. That's clearly a broken process.

EH

From: Mike Jones [mailto:Michael.Jones@microsoft.com]
Sent: Wednesday, May 09, 2012 5:42 PM
To: Eran Hammer; oauth@ietf.org WG (oauth@ietf.org)
Subject: RE: Bearer token DISCUSS items related to errors

I believe that you're intentionally oversimplifying things.  My memory was =
that originally you objected to having the OAuth Errors Registry at all.  I=
ssue 11 was about getting it created in the first place, despite your objec=
tions.  The compromise with you to get you to agree to it was that you inte=
ntionally excluded registration of errors resulting from OAuth flows E and =
F.  I fully remember what a painful process it was to get you to agree to t=
hat much, if that's the "extensive discussion by the working group" that yo=
u're referring to.  I wouldn't characterize the result as "working group co=
nsensus" so much as exhaustion.

As I see it as an individual, Russ's DISCUSS results from the simple observ=
ation that OAuth errors are not consistently registered across the OAuth sp=
ecs.  This may or not be changed, depending upon the result of the consensu=
s call and a decision by the chairs.  I'm fine with either outcome, but bel=
ieve that the working group should earnestly consider his request.

We're almost done.  I hope that after the consensus calls, this and the oth=
er open issues can be quickly addressed and we can finally achieve OAuth 2.=
0 RFCs.

                                                            -- Mike

From: oauth-bounces@ietf.org<mailto:oauth-bounces@ietf.org> [mailto:oauth-b=
ounces@ietf.org]<mailto:[mailto:oauth-bounces@ietf.org]> On Behalf Of Eran =
Hammer
Sent: Wednesday, May 09, 2012 5:17 PM
To: oauth@ietf.org<mailto:oauth@ietf.org> WG (oauth@ietf.org<mailto:oauth@i=
etf.org>)
Subject: [OAUTH-WG] Bearer token DISCUSS items related to errors

Most people on this WG are not aware of all the details around the on-going=
 IESG review and my objections to making additional changes to the core spe=
cification. Currently, these are the open issues preventing the bearer spec=
ification from being approved:

>From Russ Housley:

  Section 3.1 specifies Error Codes.  Alexey suggested the use
  of an IANA registry for this field.  Apparently there is already a
  registry created by draft-ietf-oauth-v2. However this document does
  not register values defined in this section in that registry.  Please
  explain why the IANA registry is not leveraged by this document.

>From Sean Turner:

  s3.1: Shouldn't the character set restrictions on error, error_descriptio=
n,
  and error_uri be in draft-ietf-oauth-v2?

>From Pete Resnick:

[ the use of a reserved query parameter 'access_token' ]

---

Sean Turner closed this issue today so it is no longer relevant. Basically,=
 as currently drafted, there is no overlap between the parameters and the e=
ncoding reflects the transport restrictions of each specification. While I =
don't have a technical objection to limiting the character set of the error=
 parameter in the core specification, I do object to making a breaking chan=
ge at this point without any actual technical justification.

Peter Resnick's issue has nothing to do with this so I will not discuss it.

The only remaining issue is Russ' which SHOULD have been replied to with:

---
The use of the error registry in draft-ietf-oauth-v2 for the error codes de=
fined in the bearer specification was extensively discussed by the working =
group and the special design committee appointed by the chairs. The working=
 group consensus was that these errors, while similar is name and meaning t=
o those used in the core specification, belong elsewhere. They relate to th=
e protected resource namespace which is not covered by the core specificati=
on.

In addition, there was no working group consensus whether the error paramet=
er used by the bearer specification was the preferred mechanism for relayin=
g errors in protected resource access or HTTP authentication schemes (e.g. =
the MAC token scheme draft does not use such mechanism and opted to rely on=
 simple HTTP status codes instead). At the time, the working group reached =
out to HTTPbis for guidance and did not receive a conclusive answer.

This issue was documented in the issues tracker [1] and was closed after ex=
tensive discussions. The working group's consensus was that if a registry i=
s required, it should be defined within the bearer specification.
---

All Russ was asking for is an explanation. Instead, he was told there was n=
o good reason and that it should be changed. That was clearly not an honest=
 representation of clear working group consensus from over 10 months ago wh=
ich was achieved at great effort.

EH

[1] http://trac.tools.ietf.org/wg/oauth/trac/ticket/11







--_000_0CBAEB56DDB3A140BA8E8C124C04ECA201026FC8P3PWEX2MB008ex2_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
	{mso-style-priority:99;
	mso-style-link:"Balloon Text Char";
	margin:0in;
	margin-bottom:.0001pt;
	font-size:8.0pt;
	font-family:"Tahoma","sans-serif";}
span.EmailStyle17
	{mso-style-type:personal;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
span.EmailStyle18
	{mso-style-type:personal;
	font-family:"Calibri","sans-serif";
	color:#1F497D;}
span.EmailStyle19
	{mso-style-type:personal-reply;
	font-family:"Calibri","sans-serif";
	color:#1F497D;}
span.BalloonTextChar
	{mso-style-name:"Balloon Text Char";
	mso-style-priority:99;
	mso-style-link:"Balloon Text";
	font-family:"Tahoma","sans-serif";}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:10.0pt;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal"><span style=3D"color:#1F497D">I don&#8217;t need to =
repeat three months of extensive arguments. AIRI, you were as strongly opin=
ionated about this as I was, and it was largely an argument between my, you=
, and Tony Nadalin. After we failed to reach
 WG consensus &#8211; we did resolve some items as you indicated below &#82=
11; the chairs formed a design committee on which both Tony and I served. T=
he committee unanimously decided to not include the protected resource loca=
tion in the registry. The chairs presented this
 to the group, then closed the items.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D"><o:p>&nbsp;</o:p></spa=
n></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D">My point is, it was a =
long and extensive debated that required much effort to resolve. Now all of=
 a sudden, getting a quick round of &#43;1 is enough to undo 3 months of ne=
gotiations. That&#8217;s clearly a broken process.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D"><o:p>&nbsp;</o:p></spa=
n></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D">EH<o:p></o:p></span></=
p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D"><o:p>&nbsp;</o:p></spa=
n></p>
<div style=3D"border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in =
4.0pt">
<div>
<div style=3D"border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in =
0in 0in">
<p class=3D"MsoNormal"><b><span style=3D"font-size:10.0pt;font-family:&quot=
;Tahoma&quot;,&quot;sans-serif&quot;">From:</span></b><span style=3D"font-s=
ize:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;"> Mike Jon=
es [mailto:Michael.Jones@microsoft.com]
<br>
<b>Sent:</b> Wednesday, May 09, 2012 5:42 PM<br>
<b>To:</b> Eran Hammer; oauth@ietf.org WG (oauth@ietf.org)<br>
<b>Subject:</b> RE: Bearer token DISCUSS items related to errors<o:p></o:p>=
</span></p>
</div>
</div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D">I believe that you&#82=
17;re intentionally oversimplifying things.&nbsp; My memory was that origin=
ally you objected to having the OAuth Errors Registry at all.&nbsp; Issue 1=
1 was about getting it created in the first place, despite
 your objections.&nbsp; The compromise with you to get you to agree to it w=
as that you intentionally excluded registration of errors resulting from OA=
uth flows E and F.&nbsp; I fully remember what a painful process it was to =
get you to agree to that much, if that&#8217;s the
 &#8220;extensive discussion by the working group&#8221; that you&#8217;re =
referring to.&nbsp; I wouldn&#8217;t characterize the result as &#8220;work=
ing group consensus&#8221; so much as exhaustion.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D"><o:p>&nbsp;</o:p></spa=
n></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D">As I see it as an indi=
vidual, Russ&#8217;s DISCUSS results from the simple observation that OAuth=
 errors are not consistently registered across the OAuth specs.&nbsp; This =
may or not be changed, depending upon the result
 of the consensus call and a decision by the chairs.&nbsp; I&#8217;m fine w=
ith either outcome, but believe that the working group should earnestly con=
sider his request.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D"><o:p>&nbsp;</o:p></spa=
n></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D">We&#8217;re almost don=
e.&nbsp; I hope that after the consensus calls, this and the other open iss=
ues can be quickly addressed and we can finally achieve OAuth 2.0 RFCs.<o:p=
></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D"><o:p>&nbsp;</o:p></spa=
n></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D">&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- Mike<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D"><o:p>&nbsp;</o:p></spa=
n></p>
<div>
<div style=3D"border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in =
0in 0in">
<p class=3D"MsoNormal"><b><span style=3D"font-size:10.0pt;font-family:&quot=
;Tahoma&quot;,&quot;sans-serif&quot;">From:</span></b><span style=3D"font-s=
ize:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;">
<a href=3D"mailto:oauth-bounces@ietf.org">oauth-bounces@ietf.org</a> <a hre=
f=3D"mailto:[mailto:oauth-bounces@ietf.org]">
[mailto:oauth-bounces@ietf.org]</a> <b>On Behalf Of </b>Eran Hammer<br>
<b>Sent:</b> Wednesday, May 09, 2012 5:17 PM<br>
<b>To:</b> <a href=3D"mailto:oauth@ietf.org">oauth@ietf.org</a> WG (<a href=
=3D"mailto:oauth@ietf.org">oauth@ietf.org</a>)<br>
<b>Subject:</b> [OAUTH-WG] Bearer token DISCUSS items related to errors<o:p=
></o:p></span></p>
</div>
</div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Most people on this WG are not aware of all the deta=
ils around the on-going IESG review and my objections to making additional =
changes to the core specification. Currently, these are the open issues pre=
venting the bearer specification from
 being approved:<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">From Russ Housley:<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">&nbsp; Section 3.1 specifies Error Codes.&nbsp; Alex=
ey suggested the use<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp; of an IANA registry for this field.&nbsp; App=
arently there is already a<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp; registry created by draft-ietf-oauth-v2. Howe=
ver this document does<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp; not register values defined in this section i=
n that registry.&nbsp; Please<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp; explain why the IANA registry is not leverage=
d by this document.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">From Sean Turner:<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">&nbsp; s3.1: Shouldn't the character set restriction=
s on error, error_description,<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp; and error_uri be in draft-ietf-oauth-v2?<o:p>=
</o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">From Pete Resnick:<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">[ the use of a reserved query parameter &#8216;acces=
s_token&#8217; ]<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">---<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Sean Turner closed this issue today so it is no long=
er relevant. Basically, as currently drafted, there is no overlap between t=
he parameters and the encoding reflects the transport restrictions of each =
specification. While I don&#8217;t have
 a technical objection to limiting the character set of the error parameter=
 in the core specification, I do object to making a breaking change at this=
 point without any actual technical justification.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Peter Resnick&#8217;s issue has nothing to do with t=
his so I will not discuss it.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">The only remaining issue is Russ&#8217; which SHOULD=
 have been replied to with:<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">---<o:p></o:p></p>
<p class=3D"MsoNormal">The use of the error registry in draft-ietf-oauth-v2=
 for the error codes defined in the bearer specification was extensively di=
scussed by the working group and the special design committee appointed by =
the chairs. The working group consensus
 was that these errors, while similar is name and meaning to those used in =
the core specification, belong elsewhere. They relate to the protected reso=
urce namespace which is not covered by the core specification.<o:p></o:p></=
p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">In addition, there was no working group consensus wh=
ether the error parameter used by the bearer specification was the preferre=
d mechanism for relaying errors in protected resource access or HTTP authen=
tication schemes (e.g. the MAC token
 scheme draft does not use such mechanism and opted to rely on simple HTTP =
status codes instead). At the time, the working group reached out to HTTPbi=
s for guidance and did not receive a conclusive answer.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">This issue was documented in the issues tracker [1] =
and was closed after extensive discussions. The working group&#8217;s conse=
nsus was that if a registry is required, it should be defined within the be=
arer specification.<o:p></o:p></p>
<p class=3D"MsoNormal">---<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">All Russ was asking for is an explanation. Instead, =
he was told there was no good reason and that it should be changed. That wa=
s clearly not an honest representation of clear working group consensus fro=
m over 10 months ago which was achieved
 at great effort.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">EH<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">[1] <a href=3D"http://trac.tools.ietf.org/wg/oauth/t=
rac/ticket/11">
http://trac.tools.ietf.org/wg/oauth/trac/ticket/11</a><o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
</div>
</body>
</html>

--_000_0CBAEB56DDB3A140BA8E8C124C04ECA201026FC8P3PWEX2MB008ex2_--

From gffletch@aol.com  Wed May  9 18:37:28 2012
Return-Path: <gffletch@aol.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D559911E80E4 for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 18:37:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level: 
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mYyPQA5kkRtJ for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 18:37:28 -0700 (PDT)
Received: from imr-ma02.mx.aol.com (imr-ma02.mx.aol.com [64.12.206.40]) by ietfa.amsl.com (Postfix) with ESMTP id E95F811E80AA for <oauth@ietf.org>; Wed,  9 May 2012 18:37:27 -0700 (PDT)
Received: from mtaout-mb01.r1000.mx.aol.com (mtaout-mb01.r1000.mx.aol.com [172.29.41.65]) by imr-ma02.mx.aol.com (8.14.1/8.14.1) with ESMTP id q4A1bK6P015735; Wed, 9 May 2012 21:37:20 -0400
Received: from palantir.local (unknown [10.172.3.55]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mtaout-mb01.r1000.mx.aol.com (MUA/Third Party Client Interface) with ESMTPSA id 21A2BE0000B4; Wed,  9 May 2012 21:37:20 -0400 (EDT)
Message-ID: <4FAB1BCD.1050804@aol.com>
Date: Wed, 09 May 2012 21:37:17 -0400
From: George Fletcher <gffletch@aol.com>
Organization: AOL LLC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
References: <7D98C51F-84D8-48AA-B94D-EABE4D0921DB@gmx.net> <7D0AF372-75ED-48A2-A665-EB2B8B030C83@ve7jtb.com>
In-Reply-To: <7D0AF372-75ED-48A2-A665-EB2B8B030C83@ve7jtb.com>
Content-Type: multipart/alternative; boundary="------------080209030702090308060303"
x-aol-global-disposition: G
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mx.aol.com; s=20110426; t=1336613840; bh=dEib74jCDWaItkknRAfQjX21TBM8/4k7K6BpGbpNWf4=; h=From:To:Subject:Message-ID:Date:MIME-Version:Content-Type; b=yF0sRmhh4bssAp0EJks48Eh07TxRfYKbahiw32IvSV99lsGk0TCLpIDx7BIPmusNF 62CLTnMkUkmrGXAJXosva09fL0J++60IIXm5vnMFHKsTyZxciVlEwt4ZyaMZeSM5pP cAAiplQxJ9DIL1zhPah4hpDKJ6w1NRf+ABIZcknE=
X-AOL-SCOLL-SCORE: 0:2:469829760:93952408  
X-AOL-SCOLL-URL_COUNT: 0  
x-aol-sid: 3039ac1d29414fab1bd03a16
X-AOL-IP: 10.172.3.55
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 May 2012 01:37:28 -0000

This is a multi-part message in MIME format.
--------------080209030702090308060303
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

+1

On 5/9/12 6:27 PM, John Bradley wrote:
> Consistent syntax across bearer, core and MAC.
>
> That wasn't one of the options:)
>
> John B.
> On 2012-05-09, at 6:06 PM, Hannes Tschofenig wrote:
>
>> Hi all,
>>
>> another issue that came up in Sean's IESG review was about the encoding of the error / error_description / error_uri in the base and in the bearer specification.
>>
>> As mentioned in my earlier mail about the registry for the error codes there are three error fields defined in the two specification and the error / error_description / error_uri fields are allowed to appear in different parts of an HTTP message.
>> Depending on where they show up different encoding restrictions apply.
>>
>> For the core specification these error fields may appear in the
>> * body of the HTTP message (encoded in JSON)
>> * parameters to the query component of the redirection URI (using the
>>   "application/x-www-form-urlencoded" format)
>>
>> For the bearer specification these error fields appear in the HTTP header. Consequently, http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-19 says 'values for the "error" and "error_description" attributes MUST NOT include characters outside the set %x20-21 / %x23-5B / %x5D-7E.'
>>
>> Now, here is the question. While these errors are essentially copied over from one spec to the other the different encoding restrictions make them different. Do we want different encodings of errors in the two documents?
>>
>> So, I see two options:
>>
>> 1) Leave the encoding as it is. This means the encoding of the error / error_description / error_uri in the two specifications is different.
>>
>> 2) Harmonize the encoding between the two specifications by incorporating the restrictions from the bearer specification into the base specification.
>>
>> Please indicate your preference by the end of next week (18th May 2012).
>>
>> Ciao
>> Hannes
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

-- 
Chief Architect                   AIM:  gffletch
Identity Services Engineering     Work: george.fletcher@teamaol.com
AOL Inc.                          Home: gffletch@aol.com
Mobile: +1-703-462-3494           Blog: http://practicalid.blogspot.com
Office: +1-703-265-2544           Twitter: http://twitter.com/gffletch


--------------080209030702090308060303
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <font face="Helvetica, Arial, sans-serif">+1</font><br>
    <br>
    On 5/9/12 6:27 PM, John Bradley wrote:
    <blockquote
      cite="mid:7D0AF372-75ED-48A2-A665-EB2B8B030C83@ve7jtb.com"
      type="cite">
      <pre wrap="">Consistent syntax across bearer, core and MAC.

That wasn't one of the options:)

John B.
On 2012-05-09, at 6:06 PM, Hannes Tschofenig wrote:

</pre>
      <blockquote type="cite">
        <pre wrap="">Hi all, 

another issue that came up in Sean's IESG review was about the encoding of the error / error_description / error_uri in the base and in the bearer specification. 

As mentioned in my earlier mail about the registry for the error codes there are three error fields defined in the two specification and the error / error_description / error_uri fields are allowed to appear in different parts of an HTTP message. 
Depending on where they show up different encoding restrictions apply. 

For the core specification these error fields may appear in the 
* body of the HTTP message (encoded in JSON)
* parameters to the query component of the redirection URI (using the
 "application/x-www-form-urlencoded" format)

For the bearer specification these error fields appear in the HTTP header. Consequently, <a class="moz-txt-link-freetext" href="http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-19">http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-19</a> says 'values for the "error" and "error_description" attributes MUST NOT include characters outside the set %x20-21 / %x23-5B / %x5D-7E.' 

Now, here is the question. While these errors are essentially copied over from one spec to the other the different encoding restrictions make them different. Do we want different encodings of errors in the two documents?

So, I see two options: 

1) Leave the encoding as it is. This means the encoding of the error / error_description / error_uri in the two specifications is different. 

2) Harmonize the encoding between the two specifications by incorporating the restrictions from the bearer specification into the base specification. 

Please indicate your preference by the end of next week (18th May 2012). 

Ciao
Hannes

_______________________________________________
OAuth mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OAuth@ietf.org">OAuth@ietf.org</a>
<a class="moz-txt-link-freetext" href="https://www.ietf.org/mailman/listinfo/oauth">https://www.ietf.org/mailman/listinfo/oauth</a>
</pre>
      </blockquote>
      <pre wrap="">
</pre>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
OAuth mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OAuth@ietf.org">OAuth@ietf.org</a>
<a class="moz-txt-link-freetext" href="https://www.ietf.org/mailman/listinfo/oauth">https://www.ietf.org/mailman/listinfo/oauth</a>
</pre>
    </blockquote>
    <br>
    <pre class="moz-signature" cols="72">-- 
Chief Architect                   AIM:  gffletch
Identity Services Engineering     Work: <a class="moz-txt-link-abbreviated" href="mailto:george.fletcher@teamaol.com">george.fletcher@teamaol.com</a>
AOL Inc.                          Home: <a class="moz-txt-link-abbreviated" href="mailto:gffletch@aol.com">gffletch@aol.com</a>
Mobile: +1-703-462-3494           Blog: <a class="moz-txt-link-freetext" href="http://practicalid.blogspot.com">http://practicalid.blogspot.com</a>
Office: +1-703-265-2544           Twitter: <a class="moz-txt-link-freetext" href="http://twitter.com/gffletch">http://twitter.com/gffletch</a>
</pre>
  </body>
</html>

--------------080209030702090308060303--

From stpeter@stpeter.im  Wed May  9 18:38:15 2012
Return-Path: <stpeter@stpeter.im>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0C8D11E80ED for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 18:38:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.56
X-Spam-Level: 
X-Spam-Status: No, score=-102.56 tagged_above=-999 required=5 tests=[AWL=0.039, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PltgZ3WWVhd6 for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 18:38:15 -0700 (PDT)
Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id 41D0F11E80E4 for <oauth@ietf.org>; Wed,  9 May 2012 18:38:15 -0700 (PDT)
Received: from [192.168.0.9] (unknown [216.17.175.160]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 3458940058; Wed,  9 May 2012 19:53:36 -0600 (MDT)
Message-ID: <4FAB1C04.80101@stpeter.im>
Date: Wed, 09 May 2012 19:38:12 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: Eran Hammer <eran@hueniverse.com>
References: <0CBAEB56DDB3A140BA8E8C124C04ECA201026E40@P3PWEX2MB008.ex2.secureserver.net>
In-Reply-To: <0CBAEB56DDB3A140BA8E8C124C04ECA201026E40@P3PWEX2MB008.ex2.secureserver.net>
X-Enigmail-Version: 1.4.1
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: "oauth@ietf.org WG \(oauth@ietf.org\)" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Bearer token DISCUSS items related to errors
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 May 2012 01:38:15 -0000

On 5/9/12 6:17 PM, Eran Hammer wrote:

> All Russ was asking for is an explanation. Instead, he was told there
> was no good reason and that it should be changed. That was clearly not
> an honest representation of clear working group consensus from over 10
> months ago which was achieved at great effort.

Was it presented this way in the proto write-up or verbally on an IESG
telechat or in some other way? Just curious to figure out where things
went awry here...

Peter

-- 
Peter Saint-Andre
https://stpeter.im/



From eran@hueniverse.com  Wed May  9 18:42:15 2012
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01A4711E80EA for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 18:42:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.555
X-Spam-Level: 
X-Spam-Status: No, score=-2.555 tagged_above=-999 required=5 tests=[AWL=0.044,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6bIcfB2Sja9Z for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 18:42:14 -0700 (PDT)
Received: from p3plex2out04.prod.phx3.secureserver.net (p3plex2out04.prod.phx3.secureserver.net [184.168.131.18]) by ietfa.amsl.com (Postfix) with ESMTP id 84FBD11E80E3 for <oauth@ietf.org>; Wed,  9 May 2012 18:42:14 -0700 (PDT)
Received: from P3PWEX2HT001.ex2.secureserver.net ([184.168.131.9]) by p3plex2out04.prod.phx3.secureserver.net with bizsmtp id 81iE1j0010CJzpC011iEc2; Wed, 09 May 2012 18:42:14 -0700
Received: from P3PWEX2MB008.ex2.secureserver.net ([169.254.8.88]) by P3PWEX2HT001.ex2.secureserver.net ([184.168.131.9]) with mapi id 14.02.0247.003; Wed, 9 May 2012 18:42:13 -0700
From: Eran Hammer <eran@hueniverse.com>
To: Peter Saint-Andre <stpeter@stpeter.im>
Thread-Topic: [OAUTH-WG] Bearer token DISCUSS items related to errors
Thread-Index: Ac0uPyyFp+WxhSBGSfKzyUQ+QV5C9wASQ9wAAA6RlzA=
Date: Thu, 10 May 2012 01:42:12 +0000
Message-ID: <0CBAEB56DDB3A140BA8E8C124C04ECA201027144@P3PWEX2MB008.ex2.secureserver.net>
References: <0CBAEB56DDB3A140BA8E8C124C04ECA201026E40@P3PWEX2MB008.ex2.secureserver.net> <4FAB1C04.80101@stpeter.im>
In-Reply-To: <4FAB1C04.80101@stpeter.im>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [64.74.213.174]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Cc: "oauth@ietf.org WG \(oauth@ietf.org\)" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Bearer token DISCUSS items related to errors
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 May 2012 01:42:15 -0000

SSdtIGp1c3QgbG9va2luZyBhdCB0aGUgcGFydHMgY29waWVkIHRvIHRoZSBsaXN0IGFuZCBpbiB0
aGUgdHJhY2tlci4gSSBoYXZlbid0IGFjdHVhbGx5IHNlZW4gbXVjaCByZXNwb25zZSBjb21pbmcg
ZnJvbSBSdXNzLiBJIGRpZCByZWFjaCBvdXQgdG8gaGltIGRpcmVjdGx5IHRvIHNlZSBpZiB0aGUg
ZGlzY3VzcyBjYW4gYmUgcmVzb2x2ZSB3aXRob3V0IGZ1cnRoZXIgYWN0aW9uLg0KDQpFSA0KDQo+
IC0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQo+IEZyb206IFBldGVyIFNhaW50LUFuZHJlIFtt
YWlsdG86c3RwZXRlckBzdHBldGVyLmltXQ0KPiBTZW50OiBXZWRuZXNkYXksIE1heSAwOSwgMjAx
MiA2OjM4IFBNDQo+IFRvOiBFcmFuIEhhbW1lcg0KPiBDYzogb2F1dGhAaWV0Zi5vcmcgV0cgKG9h
dXRoQGlldGYub3JnKQ0KPiBTdWJqZWN0OiBSZTogW09BVVRILVdHXSBCZWFyZXIgdG9rZW4gRElT
Q1VTUyBpdGVtcyByZWxhdGVkIHRvIGVycm9ycw0KPiANCj4gT24gNS85LzEyIDY6MTcgUE0sIEVy
YW4gSGFtbWVyIHdyb3RlOg0KPiANCj4gPiBBbGwgUnVzcyB3YXMgYXNraW5nIGZvciBpcyBhbiBl
eHBsYW5hdGlvbi4gSW5zdGVhZCwgaGUgd2FzIHRvbGQgdGhlcmUNCj4gPiB3YXMgbm8gZ29vZCBy
ZWFzb24gYW5kIHRoYXQgaXQgc2hvdWxkIGJlIGNoYW5nZWQuIFRoYXQgd2FzIGNsZWFybHkgbm90
DQo+ID4gYW4gaG9uZXN0IHJlcHJlc2VudGF0aW9uIG9mIGNsZWFyIHdvcmtpbmcgZ3JvdXAgY29u
c2Vuc3VzIGZyb20gb3ZlciAxMA0KPiA+IG1vbnRocyBhZ28gd2hpY2ggd2FzIGFjaGlldmVkIGF0
IGdyZWF0IGVmZm9ydC4NCj4gDQo+IFdhcyBpdCBwcmVzZW50ZWQgdGhpcyB3YXkgaW4gdGhlIHBy
b3RvIHdyaXRlLXVwIG9yIHZlcmJhbGx5IG9uIGFuIElFU0cNCj4gdGVsZWNoYXQgb3IgaW4gc29t
ZSBvdGhlciB3YXk/IEp1c3QgY3VyaW91cyB0byBmaWd1cmUgb3V0IHdoZXJlIHRoaW5ncyB3ZW50
DQo+IGF3cnkgaGVyZS4uLg0KPiANCj4gUGV0ZXINCj4gDQo+IC0tDQo+IFBldGVyIFNhaW50LUFu
ZHJlDQo+IGh0dHBzOi8vc3RwZXRlci5pbS8NCj4gDQoNCg==

From eran@hueniverse.com  Wed May  9 19:20:17 2012
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6273E11E80B0 for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 19:20:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.556
X-Spam-Level: 
X-Spam-Status: No, score=-2.556 tagged_above=-999 required=5 tests=[AWL=0.043,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fvcen6k3wWQg for <oauth@ietfa.amsl.com>; Wed,  9 May 2012 19:20:16 -0700 (PDT)
Received: from p3plex2out01.prod.phx3.secureserver.net (p3plex2out01.prod.phx3.secureserver.net [184.168.131.12]) by ietfa.amsl.com (Postfix) with ESMTP id 7AAB111E80AF for <oauth@ietf.org>; Wed,  9 May 2012 19:20:16 -0700 (PDT)
Received: from P3PWEX2HT001.ex2.secureserver.net ([184.168.131.9]) by p3plex2out01.prod.phx3.secureserver.net with bizsmtp id 82LG1j0020CJzpC012LGPQ; Wed, 09 May 2012 19:20:16 -0700
Received: from P3PWEX2MB008.ex2.secureserver.net ([169.254.8.88]) by P3PWEX2HT001.ex2.secureserver.net ([184.168.131.9]) with mapi id 14.02.0247.003; Wed, 9 May 2012 19:20:15 -0700
From: Eran Hammer <eran@hueniverse.com>
To: Eran Hammer <eran@hueniverse.com>, Peter Saint-Andre <stpeter@stpeter.im>
Thread-Topic: [OAUTH-WG] Bearer token DISCUSS items related to errors
Thread-Index: Ac0uPyyFp+WxhSBGSfKzyUQ+QV5C9wASQ9wAAA6RlzAAHKl98A==
Date: Thu, 10 May 2012 02:20:15 +0000
Message-ID: <0CBAEB56DDB3A140BA8E8C124C04ECA2010271DF@P3PWEX2MB008.ex2.secureserver.net>
References: <0CBAEB56DDB3A140BA8E8C124C04ECA201026E40@P3PWEX2MB008.ex2.secureserver.net> <4FAB1C04.80101@stpeter.im> <0CBAEB56DDB3A140BA8E8C124C04ECA201027144@P3PWEX2MB008.ex2.secureserver.net>
In-Reply-To: <0CBAEB56DDB3A140BA8E8C124C04ECA201027144@P3PWEX2MB008.ex2.secureserver.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [64.74.213.174]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "Barry Leiba \(barryleiba@computer.org\)" <barryleiba@computer.org>, "oauth@ietf.org WG \(oauth@ietf.org\)" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Bearer token DISCUSS items related to errors
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 May 2012 02:20:17 -0000

On 4/10/12 8:25 PM, Mike Jones wrote:

---
About your issue 2:  Investigating the OAuth Errors Registry a bit further =
(see http://tools.ietf.org/html/draft-ietf-oauth-v2-25#section-11.4.1) whil=
e I'd like to be able to register the OAuth Bearer errors in this registry,=
 what I believe to be a defect in the errors registry text currently preven=
ts this.  Specifically, the registry enumerates only three "Error usage loc=
ation" values:  authorization code grant error response, implicit grant err=
or response, and token error response.  To be able to use this registry, it=
 would also have to have a fourth usage location:  "resource access error r=
esponse".  If you'd like to file an issue against the OAuth Core spec to ge=
t this additional usage location added to the registry, then I'd be glad to=
 use it.  I believe that this would be significantly preferable to adding a=
 separate OAuth Bearer errors registry that's exactly like the general-purp=
ose one, only separate from it.
---

This doesn't sound like an editor reflecting working group consensus...

The design committee concluded its work mid-May 2011. Draft -16 reflected t=
he changed proposed by the committee.

Barry's notes at the conclusion of the design committee 5/17/11:

> #10, error registry:
> Marc, Julian, PSA commented on Eran's post to httpbis list.
> No objection, no strong opinion, not sure it's needed.  Separate=20
> header better than using error codes.
> PROPOSAL: Bearer doc specifies how it handles error conditions, and=20
> there is no registry now.  A future doc that uses Bearer as a base can=20
> create a registry if needed.  Agreement on the call with this.

So the actual feedback was that the error parameter wasn't necessarily the =
best choice for returning error in the first place, that it was not necessa=
rily the right general purpose mechanism, but that no harm was done by allo=
wing bearer to keep it and try it out. The intention was clearly to leave t=
hings be and see how people are using it. Then if someone actually wants to=
 extend it (at the time we had no use cases for extending bearer error code=
s), they can create the registry.

Bottom line: this exact issue was intensely debated and reached a conclusio=
n after 3 months of debates. The chair made a clear consensus call. Issue w=
as closed until Mike Jones declare it as a "defect in the errors registry t=
ext" without providing much context. When I provided this context to Sean T=
urner, he closed the same issue raised against the core specification in hi=
s discuss.

EH

> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf
> Of Eran Hammer
> Sent: Wednesday, May 09, 2012 6:42 PM
> To: Peter Saint-Andre
> Cc: oauth@ietf.org WG (oauth@ietf.org)
> Subject: Re: [OAUTH-WG] Bearer token DISCUSS items related to errors
>=20
> I'm just looking at the parts copied to the list and in the tracker. I ha=
ven't
> actually seen much response coming from Russ. I did reach out to him
> directly to see if the discuss can be resolve without further action.
>=20
> EH
>=20
> > -----Original Message-----
> > From: Peter Saint-Andre [mailto:stpeter@stpeter.im]
> > Sent: Wednesday, May 09, 2012 6:38 PM
> > To: Eran Hammer
> > Cc: oauth@ietf.org WG (oauth@ietf.org)
> > Subject: Re: [OAUTH-WG] Bearer token DISCUSS items related to errors
> >
> > On 5/9/12 6:17 PM, Eran Hammer wrote:
> >
> > > All Russ was asking for is an explanation. Instead, he was told
> > > there was no good reason and that it should be changed. That was
> > > clearly not an honest representation of clear working group
> > > consensus from over 10 months ago which was achieved at great effort.
> >
> > Was it presented this way in the proto write-up or verbally on an IESG
> > telechat or in some other way? Just curious to figure out where things
> > went awry here...
> >
> > Peter
> >
> > --
> > Peter Saint-Andre
> > https://stpeter.im/
> >
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

From kwiereng@cisco.com  Wed May  9 22:43:44 2012
Return-Path: <kwiereng@cisco.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A1C321F8516; Wed,  9 May 2012 22:43:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.136
X-Spam-Level: 
X-Spam-Status: No, score=-7.136 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_HI=-8, RCVD_NUMERIC_HELO=2.067]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LLkXAqzinH9H; Wed,  9 May 2012 22:43:43 -0700 (PDT)
Received: from ams-iport-1.cisco.com (ams-iport-1.cisco.com [144.254.224.140]) by ietfa.amsl.com (Postfix) with ESMTP id 5734721F850B; Wed,  9 May 2012 22:43:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=kwiereng@cisco.com; l=3000; q=dns/txt; s=iport; t=1336628623; x=1337838223; h=subject:references:content-transfer-encoding:from: in-reply-to:message-id:date:to:cc:mime-version; bh=C0qNzd4rOIfUWlcCImjIJM4Hx5K/KuEKMYPxiz7LTNw=; b=Ex35xoLPTGLW69PwtJ2vKJfUYRSSNuGh9vkXcTgIcKOabtHIW4ZUiTJV WkTMYs7/ACPdH7p9zLv1hXvSKVeX7p7M0i694+t1OKk2a1qu3FOVy4G6R iT5LBf+XaJtGRIcRFvDbcxIScn3v02ZDnbQkfdG6xVzPJrEmSPxtGS1sE k=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AmMHADlVq0+Q/khL/2dsb2JhbAA7CbEcAQEGghUCgQeCDAEBAQMBAQEBDwEnNAsFCwIBCA4KLicwAQEEEyKHZwULmwSgG4sNEIU2YwSVfYERjUYngUKCaw
X-IronPort-AV: E=Sophos;i="4.75,561,1330905600"; d="scan'208";a="137507378"
Received: from ams-core-2.cisco.com ([144.254.72.75]) by ams-iport-1.cisco.com with ESMTP; 10 May 2012 05:43:20 +0000
Received: from xbh-ams-201.cisco.com (xbh-ams-201.cisco.com [144.254.75.7]) by ams-core-2.cisco.com (8.14.3/8.14.3) with ESMTP id q4A5hKxF021503; Thu, 10 May 2012 05:43:20 GMT
Received: from xmb-ams-101.cisco.com ([144.254.74.76]) by xbh-ams-201.cisco.com with Microsoft SMTPSVC(6.0.3790.4675);  Thu, 10 May 2012 07:43:20 +0200
Received: from 144.254.74.76 ([144.254.74.76]) by XMB-AMS-101.cisco.com ([144.254.74.76]) with Microsoft Exchange Server HTTP-DAV ;  Thu, 10 May 2012 05:43:19 +0000
References: <40FC97F0-B72C-47F4-8206-590BA365997A@gmx.net> <5ECED997-49B8-4550-B79A-CF121FCD1AF9@ve7jtb.com> <9F541ABD-23C0-4592-BC8C-7B7E7CC620CB@gmx.net> <81091A66-03C3-4085-A840-BEC1BBF48161@ve7jtb.com>
Content-Transfer-Encoding: quoted-printable
From: "Klaas Wierenga (kwiereng)" <kwiereng@cisco.com>
Content-Type: text/plain; charset="us-ascii"
Thread-Topic: [kitten] [OAUTH-WG] OAuth Discovery and what the relying partyneeds to know
Thread-Index: Ac0ub84LsNJtIDyjT8mLTat+qsjtww==
In-Reply-To: <81091A66-03C3-4085-A840-BEC1BBF48161@ve7jtb.com>
Message-ID: <A5BFAE4A-5FF2-4E0C-BE49-A04AA9AC9A98@cisco.com>
Date: Thu, 10 May 2012 07:43:20 +0200
To: "John Bradley" <ve7jtb@ve7jtb.com>
MIME-Version: 1.0 (1.0)
X-OriginalArrivalTime: 10 May 2012 05:43:20.0736 (UTC) FILETIME=[CEADDA00:01CD2E6F]
Cc: kitten@ietf.org, oauth@ietf.org
Subject: Re: [OAUTH-WG] [kitten] OAuth Discovery and what the relying partyneeds to know
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 May 2012 05:43:44 -0000

Hmmm, I see your point but I think that from a privacy PoV revealing the use=
rname to the RP is not good practice, especially not prior to trust being es=
tablished between RP and IdP. If the IdP wants to send the assertion in the a=
uthentication statement that is another matter. But you don't want rogue RPs=
 harvesting user names. So instead i have assumed that the domain could be m=
ore specific if needed, i.e. for 99% of the cases example.com would suffice b=
ut for the corner cases I imagine using idp1.example.com and idp2.example.co=
m. But I understand that in an oauth scenario that may be less pretty.

Klaas

Sent from my iPad

On 9 mei 2012, at 21:31, "John Bradley" <ve7jtb@ve7jtb.com> wrote:

> The lookup is based on the identifier provided by the user.  It can have a=
 user portion in the format of a URI https://john@example.com , https://exam=
ple.com/john or anything else where you can extract the domain.
>=20
> The user portion is necessary to allow for per user IdP delegation.   Othe=
rwise only one IdP per host could be supported.
>=20
> John B.
>=20
>=20
> On 2012-05-09, at 2:42 PM, Hannes Tschofenig wrote:
>=20
>> Hi John,=20
>>=20
>> does the "identifier" contain of a domain part AND a username part or onl=
y the domain part?=20
>> That's the crucial question here.=20
>>=20
>> Ciao
>> Hannes
>>=20
>> On May 9, 2012, at 9:20 PM, John Bradley wrote:
>>=20
>>> For openID Connect we are using the identifier to discover the AS.   We r=
efer to that as an issuer,  and perform a second discovery step to get the c=
onfiguration (Auth endpoint, token endpoint, user_info endpoint and other co=
nfig) for that issuer.
>>>=20
>>> SWD/WF may be used for other things by other protocols, but our use is q=
uite simple.
>>>=20
>>> I think that is probably the same thing for SASL,  but others may think d=
ifferently.
>>>=20
>>> John B.
>>>=20
>>>=20
>>> On 2012-05-09, at 1:50 PM, Hannes Tschofenig wrote:
>>>=20
>>>> Hi guys,=20
>>>>=20
>>>> at the last IIW we had a discussion about SASL-OAuth and what the SASL s=
erver needs to know for discovery.=20
>>>> The discovery discussions around WebFinger go in the same directions.=20=

>>>>=20
>>>> So, I have been wondering whether we have made an informed decision abo=
ut how the discovery procedure is actually supposed to look like.=20
>>>>=20
>>>> In my view, the relying party (the client) only needs to know who the i=
dentity provider (the AS/RS) is.=20
>>>>=20
>>>> Any other views?=20
>>>>=20
>>>> Ciao
>>>> Hannes
>>>>=20
>>>> PS: Please let me know if I should provide more background about the is=
sue.=20
>>>>=20
>>>> _______________________________________________
>>>> OAuth mailing list
>>>> OAuth@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/oauth
>>>=20
>>=20
>=20
> _______________________________________________
> Kitten mailing list
> Kitten@ietf.org
> https://www.ietf.org/mailman/listinfo/kitten

From ve7jtb@ve7jtb.com  Thu May 10 07:58:48 2012
Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 971E821F86CA for <oauth@ietfa.amsl.com>; Thu, 10 May 2012 07:58:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.538
X-Spam-Level: 
X-Spam-Status: No, score=-3.538 tagged_above=-999 required=5 tests=[AWL=0.061,  BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 56-Xbre6jx1z for <oauth@ietfa.amsl.com>; Thu, 10 May 2012 07:58:48 -0700 (PDT)
Received: from mail-gg0-f172.google.com (mail-gg0-f172.google.com [209.85.161.172]) by ietfa.amsl.com (Postfix) with ESMTP id C49D121F86C6 for <oauth@ietf.org>; Thu, 10 May 2012 07:58:45 -0700 (PDT)
Received: by ggmi1 with SMTP id i1so1228623ggm.31 for <oauth@ietf.org>; Thu, 10 May 2012 07:58:45 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=0NppPTQsCGyoj7OkhlfDUzDgDhZp9vF0XOem4dQMtM4=; b=GEhMrzML3Kqqn9dOAAEE50brDB1EGxBwMGf8jY/twy46ibIUlQeYCs5IAsMFd3kTnT rdC7MGuImCvKdEv2EDnVnf5piw2ab6gs7yfzfVwvXH8jlJ4BJQz/tZi3nUCLCN50xLGw 8ILuiJTY3OEB3EKwV4DEHs9EmyYJBHKVXHRIdEE4Adz9du8PuPPkDe6oNo/0sz5p6awl NeVcLQj5m9vXYYf5TlRy1eWOdTlKR4CkCY+Ql9g1ypYgli2GIvtJ6C0WE/dtsFlaEbLz NCa7ohN6FS/DBQZRsd+pt7imkMWXJ/qNgYm9IXTKRcv/rlC3PpzQ7EtoS3mZnSgS4HZR Obow==
Received: by 10.236.116.169 with SMTP id g29mr5490430yhh.54.1336661925182; Thu, 10 May 2012 07:58:45 -0700 (PDT)
Received: from [192.168.1.213] (190-20-35-188.baf.movistar.cl. [190.20.35.188]) by mx.google.com with ESMTPS id j34sm9634812ani.14.2012.05.10.07.58.42 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 10 May 2012 07:58:44 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: multipart/signed; boundary="Apple-Mail=_CC1131A4-E711-4E86-B315-FDB14AA02927"; protocol="application/pkcs7-signature"; micalg=sha1
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <A5BFAE4A-5FF2-4E0C-BE49-A04AA9AC9A98@cisco.com>
Date: Thu, 10 May 2012 10:58:35 -0400
Message-Id: <6E2A5AF6-F4D8-4FCA-A45F-7AE5032A82BE@ve7jtb.com>
References: <40FC97F0-B72C-47F4-8206-590BA365997A@gmx.net> <5ECED997-49B8-4550-B79A-CF121FCD1AF9@ve7jtb.com> <9F541ABD-23C0-4592-BC8C-7B7E7CC620CB@gmx.net> <81091A66-03C3-4085-A840-BEC1BBF48161@ve7jtb.com> <A5BFAE4A-5FF2-4E0C-BE49-A04AA9AC9A98@cisco.com>
To: "Klaas Wierenga (kwiereng)" <kwiereng@cisco.com>
X-Mailer: Apple Mail (2.1257)
X-Gm-Message-State: ALoCoQmBnFV4zjyMc5eaAmsCOUMjOmr5rx1/WZOBsfpruuPBHfUk2oB8BIEHb0g5F4w6CN/XRCKS
Cc: kitten@ietf.org, oauth@ietf.org
Subject: Re: [OAUTH-WG] [kitten] OAuth Discovery and what the relying partyneeds to know
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 May 2012 14:58:48 -0000

--Apple-Mail=_CC1131A4-E711-4E86-B315-FDB14AA02927
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

openID Connect dosen't require a user portion of the identifier to be =
discovered and supports a opaque or pseudonymous user_id.   =20
email is an optional attribute that can be returned by user consent.

OpenID 2.0 actively discouraged using email addresses for privacy =
reasons.  Teaching people to enter there email addresses into unknown =
sites was seen as a bad thing by many.

WF was started partially as an alternative discovery mechanism for =
openID to allow people to enter email addresses to discover there IdP, =
given a belief that users could only be asked to enter email and=20
NASCAR UI was not scalable.

openID is attempting to separately address the NASCAR problem with it's =
Account Chooser project to allow the user to configure and control their =
selection of IdP without entering info directly into the RP.

For WF/SWD the decision is to enforce discovery by host only or support =
a user component so that a email or other service provider could allow =
per user choice.

I do happen to personally agree that teaching users to give up there =
email to random websites is not a good idea, however not allowing a user =
component in discovery won't stop RP from asking and removes otherwise =
useful functionality and choice fro the user.

John B.

On 2012-05-10, at 1:43 AM, Klaas Wierenga (kwiereng) wrote:

>=20
> Hmmm, I see your point but I think that from a privacy PoV revealing =
the username to the RP is not good practice, especially not prior to =
trust being established between RP and IdP. If the IdP wants to send the =
assertion in the authentication statement that is another matter. But =
you don't want rogue RPs harvesting user names. So instead i have =
assumed that the domain could be more specific if needed, i.e. for 99% =
of the cases example.com would suffice but for the corner cases I =
imagine using idp1.example.com and idp2.example.com. But I understand =
that in an oauth scenario that may be less pretty.
>=20
> Klaas
>=20
> Sent from my iPad
>=20
> On 9 mei 2012, at 21:31, "John Bradley" <ve7jtb@ve7jtb.com> wrote:
>=20
>> The lookup is based on the identifier provided by the user.  It can =
have a user portion in the format of a URI https://john@example.com , =
https://example.com/john or anything else where you can extract the =
domain.
>>=20
>> The user portion is necessary to allow for per user IdP delegation.   =
Otherwise only one IdP per host could be supported.
>>=20
>> John B.
>>=20
>>=20
>> On 2012-05-09, at 2:42 PM, Hannes Tschofenig wrote:
>>=20
>>> Hi John,=20
>>>=20
>>> does the "identifier" contain of a domain part AND a username part =
or only the domain part?=20
>>> That's the crucial question here.=20
>>>=20
>>> Ciao
>>> Hannes
>>>=20
>>> On May 9, 2012, at 9:20 PM, John Bradley wrote:
>>>=20
>>>> For openID Connect we are using the identifier to discover the AS.  =
 We refer to that as an issuer,  and perform a second discovery step to =
get the configuration (Auth endpoint, token endpoint, user_info endpoint =
and other config) for that issuer.
>>>>=20
>>>> SWD/WF may be used for other things by other protocols, but our use =
is quite simple.
>>>>=20
>>>> I think that is probably the same thing for SASL,  but others may =
think differently.
>>>>=20
>>>> John B.
>>>>=20
>>>>=20
>>>> On 2012-05-09, at 1:50 PM, Hannes Tschofenig wrote:
>>>>=20
>>>>> Hi guys,=20
>>>>>=20
>>>>> at the last IIW we had a discussion about SASL-OAuth and what the =
SASL server needs to know for discovery.=20
>>>>> The discovery discussions around WebFinger go in the same =
directions.=20
>>>>>=20
>>>>> So, I have been wondering whether we have made an informed =
decision about how the discovery procedure is actually supposed to look =
like.=20
>>>>>=20
>>>>> In my view, the relying party (the client) only needs to know who =
the identity provider (the AS/RS) is.=20
>>>>>=20
>>>>> Any other views?=20
>>>>>=20
>>>>> Ciao
>>>>> Hannes
>>>>>=20
>>>>> PS: Please let me know if I should provide more background about =
the issue.=20
>>>>>=20
>>>>> _______________________________________________
>>>>> OAuth mailing list
>>>>> OAuth@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/oauth
>>>>=20
>>>=20
>>=20
>> _______________________________________________
>> Kitten mailing list
>> Kitten@ietf.org
>> https://www.ietf.org/mailman/listinfo/kitten


--Apple-Mail=_CC1131A4-E711-4E86-B315-FDB14AA02927
Content-Disposition: attachment;
	filename=smime.p7s
Content-Type: application/pkcs7-signature;
	name=smime.p7s
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIPnzCCB7Uw
ggadoAMCAQICAh5cMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3Rh
cnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4
MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0Ew
HhcNMTIwMzE4MDQzMjQ4WhcNMTQwMzE5MTEwNzMyWjCBmzEZMBcGA1UEDRMQR3JUTTZMUzdYMzU3
NzhzOTELMAkGA1UEBhMCQ0wxIjAgBgNVBAgTGU1ldHJvcG9saXRhbmEgZGUgU2FudGlhZ28xFjAU
BgNVBAcTDUlzbGEgZGUgTWFpcG8xFTATBgNVBAMTDEpvaG4gQnJhZGxleTEeMBwGCSqGSIb3DQEJ
ARYPamJyYWRsZXlAbWUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskrlBI93
rBTLOQGSwIT6co6dAw/rwDPrRXl6/F2oc4KDn+QN6CdFeHo08H846VJS9CDjLKvnK9jbxxs4wYqe
nKdPb3jgzt8oc7b9ZXtWkOgsxgMf6dBZ/IPm4lWBpCbSr3seDGDXEpiE2lTZXno7c25OguR4E6Qa
hcpHABZjeEWK65mMH25gmoRf5MY1k3quu5y+FCYCHE2iwU5jzq+mI3HmG59+UMFLx1fjV+zTslRw
26cQDC/uepwjeYSp8S26hfWipVWwQj4js/C7RoPtvt2iyeU+LSH81jG4wlAWntiOG1WtoXUuXWSc
ExhciKeKWCnemy9qqmxRfJqBROeGlQIDAQABo4IEDjCCBAowCQYDVR0TBAIwADALBgNVHQ8EBAMC
BLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBQ/A7/CxKEnzpqmZlLz
9iaQMy24eTAfBgNVHSMEGDAWgBSuVYNv7DHKufcd+q9rMfPIHeOsuzB+BgNVHREEdzB1gQ9qYnJh
ZGxleUBtZS5jb22BD2picmFkbGV5QG1lLmNvbYEQamJyYWRsZXlAbWFjLmNvbYERdmU3anRiQHZl
N2p0Yi5jb22BE2picmFkbGV5QHdpbmdhYS5jb22BF2pvaG4uYnJhZGxleUB3aW5nYWEuY29tMIIC
IQYDVR0gBIICGDCCAhQwggIQBgsrBgEEAYG1NwECAjCCAf8wLgYIKwYBBQUHAgEWImh0dHA6Ly93
d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3RhcnRz
c2wuY29tL2ludGVybWVkaWF0ZS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1ZWQgYWNj
b3JkaW5nIHRvIHRoZSBDbGFzcyAyIFZhbGlkYXRpb24gcmVxdWlyZW1lbnRzIG9mIHRoZSBTdGFy
dENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9yIHRoZSBpbnRlbmRlZCBwdXJwb3NlIGlu
IGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlpbmcgcGFydHkgb2JsaWdhdGlvbnMuMIGcBggrBgEFBQcC
AjCBjzAnFiBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgECGmRMaWFiaWxpdHkg
YW5kIHdhcnJhbnRpZXMgYXJlIGxpbWl0ZWQhIFNlZSBzZWN0aW9uICJMZWdhbCBhbmQgTGltaXRh
dGlvbnMiIG9mIHRoZSBTdGFydENvbSBDQSBwb2xpY3kuMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6
Ly9jcmwuc3RhcnRzc2wuY29tL2NydHUyLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8wOQYIKwYB
BQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MyL2NsaWVudC9jYTBCBggr
BgEFBQcwAoY2aHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNzMi5jbGllbnQu
Y2EuY3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQUF
AAOCAQEAEcfD4PmHrX+W3zaP/KsR4gwLAL0UTaMz14SIng6a9F3kb8ZDbTUneS9ubgpqeJQP2IFc
0U5gQnJ3XeCH6p9I88mvm1NqKQw8WvfglS0aIS19vfpTgXJSPdIO2JJPRqaBtXf3zkdXJwckX9/d
NMrLGeGvaFT9fUNdQdHU4BI1pVUpgKr796T7LTc/ERfH8iFp1+CmdVkJ6Y2iJdWUp4h17XmbxbIT
0CdS4SSk/VW8LFsn/mVz6hB73VthwjGsIku54Wp4pRuq1KX+pATnRk3pHRa1z3mxJMmq7OEXENcC
Vm+bAnyUrYbUilNS9UVTYS8/3dVsKiNupBaOZO+vOgJqVDCCB+IwggXKoAMCAQICAQ4wDQYJKoZI
hvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT
IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDI1NFoXDTEyMTAyMjIxMDI1NFowgYwx
CzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGln
aXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAyIFByaW1h
cnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMsohUWcASz7GfKrpTOMKqANy9BV7V0igWdGxA8IU77L3aTxErQ+fcxtDYZ36Z6GH0YFn7fq5RAD
teP0AYzrCA+EQTfi8q1+kA3m0nwtwXG94M5sIqsvs7lRP1aycBke/s5g9hJHryZ2acScnzczjBCA
o7X1v5G3yw8MDP2m2RCye0KfgZ4nODerZJVzhAlOD9YejvAXZqHksw56HzElVIoYSZ3q4+RJuPXX
fIoyby+Y2m1E+YzX5iCZXBx05gk6MKAW1vaw4/v2OOLy6FZH3XHHtOkzUreG//CsFnB9+uaYSlR6
5cdGzTsmoIK8WH1ygoXhRBm98SD7Hf/r3FELNvUCAwEAAaOCA1swggNXMAwGA1UdEwQFMAMBAf8w
CwYDVR0PBAQDAgGmMB0GA1UdDgQWBBSuVYNv7DHKufcd+q9rMfPIHeOsuzCBqAYDVR0jBIGgMIGd
gBROC+8apEBbpRdphzDKNGhD0EGu8qGBgaR/MH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFy
dENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkw
JwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBATAJBgNVHRIEAjAAMD0G
CCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAoYhaHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2Eu
Y3J0MGAGA1UdHwRZMFcwLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwu
Y3JsMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwggFdBgNVHSAEggFU
MIIBUDCCAUwGCysGAQQBgbU3AQEEMIIBOzAvBggrBgEFBQcCARYjaHR0cDovL2NlcnQuc3RhcnRj
b20ub3JnL3BvbGljeS5wZGYwNQYIKwYBBQUHAgEWKWh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9p
bnRlcm1lZGlhdGUucGRmMIHQBggrBgEFBQcCAjCBwzAnFiBTdGFydCBDb21tZXJjaWFsIChTdGFy
dENvbSkgTHRkLjADAgEBGoGXTGltaXRlZCBMaWFiaWxpdHksIHJlYWQgdGhlIHNlY3Rpb24gKkxl
Z2FsIExpbWl0YXRpb25zKiBvZiB0aGUgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
UG9saWN5IGF2YWlsYWJsZSBhdCBodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvcG9saWN5LnBkZjAR
BglghkgBhvhCAQEEBAMCAAcwUAYJYIZIAYb4QgENBEMWQVN0YXJ0Q29tIENsYXNzIDIgUHJpbWFy
eSBJbnRlcm1lZGlhdGUgRnJlZSBTU0wgRW1haWwgQ2VydGlmaWNhdGVzMA0GCSqGSIb3DQEBBQUA
A4ICAQAe9xAX/vbphHkvkDdNrslXWdO7fD3JaqnTT3jmmDu55r7UpW1H/v/J40UBXsw9DKU8TylE
4RwZT5HDAMW42f1x498AzM4FOnL/pUTTvr6BiRlrify5ZovkDYVWjy1GYTJ+hPiBEv0HmHnDxjhn
JIIkEvJ+niMHLLEdpNMhZnxMiTFRAtIF4WeYcpgXBjAxsEDRKBvw40K+r3N4lykySQNp2ElIJ8H1
z2BmhxtppUdWpOVJ4Q1Gvn9jfV1qnMhFCDY+X1X8DrkKrTcpDExcGlefweQs7+DYUK3spiQkJpN7
qpPYlfy2GYHedv7lGa1ZAghMI/4882QVAK2zq6M60nHpOUMtYD61XtAs3ZD5L3yn9LCdeK2j4ZbQ
3uRdwvxAMFWwXyUK/ALP4lCu9QhxbnETOkBWT3FJul4/FUgzM0RRCEGhuQWiOFSoa35XJTcYf/4E
/ZuvOXhK04nUpe7DYTMWzRqL04yyoJQVHKHKSboytueydKuqFZKdJA9gi77OnPBYL/yxkXGgkLC9
tsi77oT4AgZry0/6lgX56ak+f/umQihNPgtKSQQjEYq9S8MlOHzpUM0vxsghATYsdUPBw6r6ZxDH
jXoUAD03DUMEbKsWvqFB7nJNVesngbu8miw1EYLA+fHfTaCidoV3CL75jKqM/KE87qrh9Fqti9bK
qnkvpTGCA2wwggNoAgEBMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk
LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMv
U3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMAkGBSsO
AwIaBQCgggGtMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEyMDUx
MDE0NTgzNlowIwYJKoZIhvcNAQkEMRYEFKIx0xDQ3tSWW20+QoYlbSRniU5LMIGkBgkrBgEEAYI3
EAQxgZYwgZMwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQL
EyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBD
bGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQICHlwwgaYGCyqGSIb3DQEJEAIL
MYGWoIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xh
c3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMA0GCSqGSIb3DQEBAQUABIIB
AEuZCPD4iKDCmS2acSy0NQtREwhIcSiXUAJ/z7pMQvnBrZu9Yk316Fa9GFwK4iyyzmV3NFEl4y4n
0lODz4cRje2EQPz3w0DM/ogXqWODhvCYm3hDZ9YcxuolSNvTA8jFGlxOfAzoENAGhgAbrJFLiDqL
JWGOaPCPYeXNRN2sDOGNSXYlJWg+rKqWoDhaWXsyVRzd/1ZT4t94I/gO7XVzr+XxUE+NHAcrfysm
VEkyGwV0Mwv/WG/wA0qd/NuZ96zQGTaMG0iZeDW7rkVzMWtqdG23c/ZKwN6V1j9FSEHEUgEfbybT
S3kh4Xekw7eWrFOCTIYFapF0hNuBsq/4GAXaX+wAAAAAAAA=

--Apple-Mail=_CC1131A4-E711-4E86-B315-FDB14AA02927--

From jricher@mitre.org  Thu May 10 08:17:06 2012
Return-Path: <jricher@mitre.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2317F21F86E1; Thu, 10 May 2012 08:17:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.553
X-Spam-Level: 
X-Spam-Status: No, score=-6.553 tagged_above=-999 required=5 tests=[AWL=0.045,  BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nxnpiYVwcchG; Thu, 10 May 2012 08:17:04 -0700 (PDT)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id 90E4D21F8592; Thu, 10 May 2012 08:17:04 -0700 (PDT)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id DC4C521B1536; Thu, 10 May 2012 11:16:59 -0400 (EDT)
Received: from IMCCAS04.MITRE.ORG (imccas04.mitre.org [129.83.29.81]) by smtpksrv1.mitre.org (Postfix) with ESMTP id BDFB621B151F; Thu, 10 May 2012 11:16:59 -0400 (EDT)
Received: from [129.83.50.12] (129.83.31.51) by IMCCAS04.MITRE.ORG (129.83.29.81) with Microsoft SMTP Server (TLS) id 14.2.283.3; Thu, 10 May 2012 11:16:59 -0400
Message-ID: <4FABDBA2.20908@mitre.org>
Date: Thu, 10 May 2012 11:15:46 -0400
From: Justin Richer <jricher@mitre.org>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20120430 Thunderbird/12.0.1
MIME-Version: 1.0
To: John Bradley <ve7jtb@ve7jtb.com>
References: <40FC97F0-B72C-47F4-8206-590BA365997A@gmx.net> <5ECED997-49B8-4550-B79A-CF121FCD1AF9@ve7jtb.com> <9F541ABD-23C0-4592-BC8C-7B7E7CC620CB@gmx.net> <81091A66-03C3-4085-A840-BEC1BBF48161@ve7jtb.com> <A5BFAE4A-5FF2-4E0C-BE49-A04AA9AC9A98@cisco.com> <6E2A5AF6-F4D8-4FCA-A45F-7AE5032A82BE@ve7jtb.com>
In-Reply-To: <6E2A5AF6-F4D8-4FCA-A45F-7AE5032A82BE@ve7jtb.com>
Content-Type: multipart/alternative; boundary="------------040308030308090104020009"
X-Originating-IP: [129.83.31.51]
Cc: kitten@ietf.org, "Klaas Wierenga \(kwiereng\)" <kwiereng@cisco.com>, oauth@ietf.org
Subject: Re: [OAUTH-WG] [kitten] OAuth Discovery and what the relying partyneeds to know
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 May 2012 15:17:06 -0000

--------------040308030308090104020009
Content-Type: text/plain; charset="ISO-8859-1"; format=flowed
Content-Transfer-Encoding: 7bit

It's important to remember that these identifiers need to be handled, 
seen, and remembered by people. Especially in the long-tail case (which 
is to say, IdPs who aren't big enough to get a log in button), users 
will need to enter a piece of text into a website to tell the website 
who they are. There's the longstanding usability issue of how users 
self-identify. We have taught people over the last 30 years or so that a 
format of "user@domain" represents a person. SMTP, XMPP, SIP, and other 
protocols have used this format successfully. OpenID made the mistake of 
trying to teach people that "http://domain/user"  could also stand for 
them, but people just don't think of themselves in terms of HTTP URLs. 
Webfinger came about to address this, and SWD adopted the same pattern. 
Account Chooser is a great UI for public, internet-facing websites, but 
it's far from universally applicable.

Whether it's good privacy practice or not, the natural pattern for 
people to log into a website is to type something that looks like an 
email address. Also note that while in many peoples' cases, the 
acct:user@domain will match their mailto:user@domain address, but that's 
not necessarily true universally. This adds flexibility for allowing a 
domain-style identifier to use the same discovery process as a 
user@domain-style identifier and privacy-conscious users can use the former.

  -- Justin

On 05/10/2012 10:58 AM, John Bradley wrote:
> openID Connect dosen't require a user portion of the identifier to be discovered and supports a opaque or pseudonymous user_id.
> email is an optional attribute that can be returned by user consent.
>
> OpenID 2.0 actively discouraged using email addresses for privacy reasons.  Teaching people to enter there email addresses into unknown sites was seen as a bad thing by many.
>
> WF was started partially as an alternative discovery mechanism for openID to allow people to enter email addresses to discover there IdP, given a belief that users could only be asked to enter email and
> NASCAR UI was not scalable.
>
> openID is attempting to separately address the NASCAR problem with it's Account Chooser project to allow the user to configure and control their selection of IdP without entering info directly into the RP.
>
> For WF/SWD the decision is to enforce discovery by host only or support a user component so that a email or other service provider could allow per user choice.
>
> I do happen to personally agree that teaching users to give up there email to random websites is not a good idea, however not allowing a user component in discovery won't stop RP from asking and removes otherwise useful functionality and choice fro the user.
>
> John B.
>
> On 2012-05-10, at 1:43 AM, Klaas Wierenga (kwiereng) wrote:
>
>> Hmmm, I see your point but I think that from a privacy PoV revealing the username to the RP is not good practice, especially not prior to trust being established between RP and IdP. If the IdP wants to send the assertion in the authentication statement that is another matter. But you don't want rogue RPs harvesting user names. So instead i have assumed that the domain could be more specific if needed, i.e. for 99% of the cases example.com would suffice but for the corner cases I imagine using idp1.example.com and idp2.example.com. But I understand that in an oauth scenario that may be less pretty.
>>
>> Klaas
>>
>> Sent from my iPad
>>
>> On 9 mei 2012, at 21:31, "John Bradley"<ve7jtb@ve7jtb.com>  wrote:
>>
>>> The lookup is based on the identifier provided by the user.  It can have a user portion in the format of a URI https://john@example.com , https://example.com/john or anything else where you can extract the domain.
>>>
>>> The user portion is necessary to allow for per user IdP delegation.   Otherwise only one IdP per host could be supported.
>>>
>>> John B.
>>>
>>>
>>> On 2012-05-09, at 2:42 PM, Hannes Tschofenig wrote:
>>>
>>>> Hi John,
>>>>
>>>> does the "identifier" contain of a domain part AND a username part or only the domain part?
>>>> That's the crucial question here.
>>>>
>>>> Ciao
>>>> Hannes
>>>>
>>>> On May 9, 2012, at 9:20 PM, John Bradley wrote:
>>>>
>>>>> For openID Connect we are using the identifier to discover the AS.   We refer to that as an issuer,  and perform a second discovery step to get the configuration (Auth endpoint, token endpoint, user_info endpoint and other config) for that issuer.
>>>>>
>>>>> SWD/WF may be used for other things by other protocols, but our use is quite simple.
>>>>>
>>>>> I think that is probably the same thing for SASL,  but others may think differently.
>>>>>
>>>>> John B.
>>>>>
>>>>>
>>>>> On 2012-05-09, at 1:50 PM, Hannes Tschofenig wrote:
>>>>>
>>>>>> Hi guys,
>>>>>>
>>>>>> at the last IIW we had a discussion about SASL-OAuth and what the SASL server needs to know for discovery.
>>>>>> The discovery discussions around WebFinger go in the same directions.
>>>>>>
>>>>>> So, I have been wondering whether we have made an informed decision about how the discovery procedure is actually supposed to look like.
>>>>>>
>>>>>> In my view, the relying party (the client) only needs to know who the identity provider (the AS/RS) is.
>>>>>>
>>>>>> Any other views?
>>>>>>
>>>>>> Ciao
>>>>>> Hannes
>>>>>>
>>>>>> PS: Please let me know if I should provide more background about the issue.
>>>>>>
>>>>>> _______________________________________________
>>>>>> OAuth mailing list
>>>>>> OAuth@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/oauth
>>> _______________________________________________
>>> Kitten mailing list
>>> Kitten@ietf.org
>>> https://www.ietf.org/mailman/listinfo/kitten
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


--------------040308030308090104020009
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    It's important to remember that these identifiers need to be
    handled, seen, and remembered by people. Especially in the long-tail
    case (which is to say, IdPs who aren't big enough to get a log in
    button), users will need to enter a piece of text into a website to
    tell the website who they are. There's the longstanding usability
    issue of how users self-identify. We have taught people over the
    last 30 years or so that a format of "user@domain" represents a
    person. SMTP, XMPP, SIP, and other protocols have used this format
    successfully. OpenID made the mistake of trying to teach people that
    <a class="moz-txt-link-rfc2396E" href="http://domain/user">"http://domain/user"</a>&nbsp; could also stand for them, but people just
    don't think of themselves in terms of HTTP URLs. Webfinger came
    about to address this, and SWD adopted the same pattern. Account
    Chooser is a great UI for public, internet-facing websites, but it's
    far from universally applicable.<br>
    <br>
    Whether it's good privacy practice or not, the natural pattern for
    people to log into a website is to type something that looks like an
    email address. Also note that while in many peoples' cases, the
    acct:user@domain will match their <a class="moz-txt-link-freetext" href="mailto:user@domain">mailto:user@domain</a> address, but
    that's not necessarily true universally. This adds flexibility for
    allowing a domain-style identifier to use the same discovery process
    as a user@domain-style identifier and privacy-conscious users can
    use the former.<br>
    <br>
    &nbsp;-- Justin<br>
    <br>
    On 05/10/2012 10:58 AM, John Bradley wrote:
    <blockquote
      cite="mid:6E2A5AF6-F4D8-4FCA-A45F-7AE5032A82BE@ve7jtb.com"
      type="cite">
      <pre wrap="">openID Connect dosen't require a user portion of the identifier to be discovered and supports a opaque or pseudonymous user_id.    
email is an optional attribute that can be returned by user consent.

OpenID 2.0 actively discouraged using email addresses for privacy reasons.  Teaching people to enter there email addresses into unknown sites was seen as a bad thing by many.

WF was started partially as an alternative discovery mechanism for openID to allow people to enter email addresses to discover there IdP, given a belief that users could only be asked to enter email and 
NASCAR UI was not scalable.

openID is attempting to separately address the NASCAR problem with it's Account Chooser project to allow the user to configure and control their selection of IdP without entering info directly into the RP.

For WF/SWD the decision is to enforce discovery by host only or support a user component so that a email or other service provider could allow per user choice.

I do happen to personally agree that teaching users to give up there email to random websites is not a good idea, however not allowing a user component in discovery won't stop RP from asking and removes otherwise useful functionality and choice fro the user.

John B.

On 2012-05-10, at 1:43 AM, Klaas Wierenga (kwiereng) wrote:

</pre>
      <blockquote type="cite">
        <pre wrap="">
Hmmm, I see your point but I think that from a privacy PoV revealing the username to the RP is not good practice, especially not prior to trust being established between RP and IdP. If the IdP wants to send the assertion in the authentication statement that is another matter. But you don't want rogue RPs harvesting user names. So instead i have assumed that the domain could be more specific if needed, i.e. for 99% of the cases example.com would suffice but for the corner cases I imagine using idp1.example.com and idp2.example.com. But I understand that in an oauth scenario that may be less pretty.

Klaas

Sent from my iPad

On 9 mei 2012, at 21:31, "John Bradley" <a class="moz-txt-link-rfc2396E" href="mailto:ve7jtb@ve7jtb.com">&lt;ve7jtb@ve7jtb.com&gt;</a> wrote:

</pre>
        <blockquote type="cite">
          <pre wrap="">The lookup is based on the identifier provided by the user.  It can have a user portion in the format of a URI <a class="moz-txt-link-freetext" href="https://john@example.com">https://john@example.com</a> , <a class="moz-txt-link-freetext" href="https://example.com/john">https://example.com/john</a> or anything else where you can extract the domain.

The user portion is necessary to allow for per user IdP delegation.   Otherwise only one IdP per host could be supported.

John B.


On 2012-05-09, at 2:42 PM, Hannes Tschofenig wrote:

</pre>
          <blockquote type="cite">
            <pre wrap="">Hi John, 

does the "identifier" contain of a domain part AND a username part or only the domain part? 
That's the crucial question here. 

Ciao
Hannes

On May 9, 2012, at 9:20 PM, John Bradley wrote:

</pre>
            <blockquote type="cite">
              <pre wrap="">For openID Connect we are using the identifier to discover the AS.   We refer to that as an issuer,  and perform a second discovery step to get the configuration (Auth endpoint, token endpoint, user_info endpoint and other config) for that issuer.

SWD/WF may be used for other things by other protocols, but our use is quite simple.

I think that is probably the same thing for SASL,  but others may think differently.

John B.


On 2012-05-09, at 1:50 PM, Hannes Tschofenig wrote:

</pre>
              <blockquote type="cite">
                <pre wrap="">Hi guys, 

at the last IIW we had a discussion about SASL-OAuth and what the SASL server needs to know for discovery. 
The discovery discussions around WebFinger go in the same directions. 

So, I have been wondering whether we have made an informed decision about how the discovery procedure is actually supposed to look like. 

In my view, the relying party (the client) only needs to know who the identity provider (the AS/RS) is. 

Any other views? 

Ciao
Hannes

PS: Please let me know if I should provide more background about the issue. 

_______________________________________________
OAuth mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OAuth@ietf.org">OAuth@ietf.org</a>
<a class="moz-txt-link-freetext" href="https://www.ietf.org/mailman/listinfo/oauth">https://www.ietf.org/mailman/listinfo/oauth</a>
</pre>
              </blockquote>
              <pre wrap="">
</pre>
            </blockquote>
            <pre wrap="">
</pre>
          </blockquote>
          <pre wrap="">
_______________________________________________
Kitten mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Kitten@ietf.org">Kitten@ietf.org</a>
<a class="moz-txt-link-freetext" href="https://www.ietf.org/mailman/listinfo/kitten">https://www.ietf.org/mailman/listinfo/kitten</a>
</pre>
        </blockquote>
      </blockquote>
      <pre wrap="">
</pre>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
OAuth mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OAuth@ietf.org">OAuth@ietf.org</a>
<a class="moz-txt-link-freetext" href="https://www.ietf.org/mailman/listinfo/oauth">https://www.ietf.org/mailman/listinfo/oauth</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>

--------------040308030308090104020009--

From ve7jtb@ve7jtb.com  Thu May 10 09:25:54 2012
Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C2A721F86F7 for <oauth@ietfa.amsl.com>; Thu, 10 May 2012 09:25:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.539
X-Spam-Level: 
X-Spam-Status: No, score=-3.539 tagged_above=-999 required=5 tests=[AWL=0.059,  BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mmDIn3gez3fK for <oauth@ietfa.amsl.com>; Thu, 10 May 2012 09:25:53 -0700 (PDT)
Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by ietfa.amsl.com (Postfix) with ESMTP id B345321F859B for <oauth@ietf.org>; Thu, 10 May 2012 09:25:52 -0700 (PDT)
Received: by yenq13 with SMTP id q13so2017784yen.31 for <oauth@ietf.org>; Thu, 10 May 2012 09:25:52 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=TCEXhcsOJAyizsbEI3Jqzfp4DIQAtuet+cc0cJBwj5c=; b=Ysirit4nKmhzyMGgwZLAKgHBH2Wt08QB/ULxSobeC5+ZmJDZ6sOeyQy5FLcgXZwKmn cRl59OLQuP3lBioX7Fyj5vZT2B7RIYAlI8mJP1v8i4Hg/3ocjmEmkeqWKnHspxYaA5L8 aYYuWpf4LED4OJL9tlvSZYo+6pcy6ClZm3i1YOolbUC/DFTJ+gJLTUH8s+nazW8NQq/m p/9+o9jQo7rAHU9xAw9W5pbJHRUarBUC6sXt63yjhSYNf4j/5fJZhuO+P6YgKqrYsV3z OE93vCLc6AdqtaoOt4evcdWSe/Lfbv3I+eKbwT0kw3duYHjyiHqB11aI5dD+W375L/J9 WiEg==
Received: by 10.236.79.234 with SMTP id i70mr5882999yhe.88.1336667151993; Thu, 10 May 2012 09:25:51 -0700 (PDT)
Received: from [192.168.1.213] (190-20-35-188.baf.movistar.cl. [190.20.35.188]) by mx.google.com with ESMTPS id p29sm22743290yhl.19.2012.05.10.09.25.48 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 10 May 2012 09:25:50 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: multipart/signed; boundary="Apple-Mail=_941D81E7-8CC1-49DF-BEC8-6BDD4CE267BF"; protocol="application/pkcs7-signature"; micalg=sha1
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <4FABDBA2.20908@mitre.org>
Date: Thu, 10 May 2012 12:25:42 -0400
Message-Id: <BC1CD864-E160-4E48-8059-08CBA5DB27B7@ve7jtb.com>
References: <40FC97F0-B72C-47F4-8206-590BA365997A@gmx.net> <5ECED997-49B8-4550-B79A-CF121FCD1AF9@ve7jtb.com> <9F541ABD-23C0-4592-BC8C-7B7E7CC620CB@gmx.net> <81091A66-03C3-4085-A840-BEC1BBF48161@ve7jtb.com> <A5BFAE4A-5FF2-4E0C-BE49-A04AA9AC9A98@cisco.com> <6E2A5AF6-F4D8-4FCA-A45F-7AE5032A82BE@ve7jtb.com> <4FABDBA2.20908@mitre.org>
To: Justin Richer <jricher@mitre.org>
X-Mailer: Apple Mail (2.1257)
X-Gm-Message-State: ALoCoQkueBEtDX2aJk/x6Xl5zxThc0iug1aWyeEZfqUFmuGaoiVKERA/8fbUX6UActE9xogQ4hnU
Cc: kitten@ietf.org, "Klaas Wierenga \(kwiereng\)" <kwiereng@cisco.com>, oauth@ietf.org
Subject: Re: [OAUTH-WG] [kitten] OAuth Discovery and what the relying partyneeds to know
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 May 2012 16:25:54 -0000

--Apple-Mail=_941D81E7-8CC1-49DF-BEC8-6BDD4CE267BF
Content-Type: multipart/alternative;
	boundary="Apple-Mail=_0A0E5208-4463-4AE8-BACF-4564DADB7231"


--Apple-Mail=_0A0E5208-4463-4AE8-BACF-4564DADB7231
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=iso-8859-1

Allowing user based discovery is not mutually exclusive with things that =
provide browser based help for selecting a IdP.
Forcing a user to type a email address for twitter may also prove =
unnatural. =20

More help for the user by their trusted user agent is probably the =
better way to go in the long term. =20
In the short therm almost anything is better than users current practice =
of entering there email and password directly into random sites. =20

It is reasonable in the IMAP case where the client already has the email =
to use that to start discovery for the Authorization server for that =
identifier.

John B.
On 2012-05-10, at 11:15 AM, Justin Richer wrote:

> It's important to remember that these identifiers need to be handled, =
seen, and remembered by people. Especially in the long-tail case (which =
is to say, IdPs who aren't big enough to get a log in button), users =
will need to enter a piece of text into a website to tell the website =
who they are. There's the longstanding usability issue of how users =
self-identify. We have taught people over the last 30 years or so that a =
format of "user@domain" represents a person. SMTP, XMPP, SIP, and other =
protocols have used this format successfully. OpenID made the mistake of =
trying to teach people that "http://domain/user"  could also stand for =
them, but people just don't think of themselves in terms of HTTP URLs. =
Webfinger came about to address this, and SWD adopted the same pattern. =
Account Chooser is a great UI for public, internet-facing websites, but =
it's far from universally applicable.
>=20
> Whether it's good privacy practice or not, the natural pattern for =
people to log into a website is to type something that looks like an =
email address. Also note that while in many peoples' cases, the =
acct:user@domain will match their mailto:user@domain address, but that's =
not necessarily true universally. This adds flexibility for allowing a =
domain-style identifier to use the same discovery process as a =
user@domain-style identifier and privacy-conscious users can use the =
former.
>=20
>  -- Justin
>=20
> On 05/10/2012 10:58 AM, John Bradley wrote:
>>=20
>> openID Connect dosen't require a user portion of the identifier to be =
discovered and supports a opaque or pseudonymous user_id.   =20
>> email is an optional attribute that can be returned by user consent.
>>=20
>> OpenID 2.0 actively discouraged using email addresses for privacy =
reasons.  Teaching people to enter there email addresses into unknown =
sites was seen as a bad thing by many.
>>=20
>> WF was started partially as an alternative discovery mechanism for =
openID to allow people to enter email addresses to discover there IdP, =
given a belief that users could only be asked to enter email and=20
>> NASCAR UI was not scalable.
>>=20
>> openID is attempting to separately address the NASCAR problem with =
it's Account Chooser project to allow the user to configure and control =
their selection of IdP without entering info directly into the RP.
>>=20
>> For WF/SWD the decision is to enforce discovery by host only or =
support a user component so that a email or other service provider could =
allow per user choice.
>>=20
>> I do happen to personally agree that teaching users to give up there =
email to random websites is not a good idea, however not allowing a user =
component in discovery won't stop RP from asking and removes otherwise =
useful functionality and choice fro the user.
>>=20
>> John B.
>>=20
>> On 2012-05-10, at 1:43 AM, Klaas Wierenga (kwiereng) wrote:
>>=20
>>> Hmmm, I see your point but I think that from a privacy PoV revealing =
the username to the RP is not good practice, especially not prior to =
trust being established between RP and IdP. If the IdP wants to send the =
assertion in the authentication statement that is another matter. But =
you don't want rogue RPs harvesting user names. So instead i have =
assumed that the domain could be more specific if needed, i.e. for 99% =
of the cases example.com would suffice but for the corner cases I =
imagine using idp1.example.com and idp2.example.com. But I understand =
that in an oauth scenario that may be less pretty.
>>>=20
>>> Klaas
>>>=20
>>> Sent from my iPad
>>>=20
>>> On 9 mei 2012, at 21:31, "John Bradley" <ve7jtb@ve7jtb.com> wrote:
>>>=20
>>>> The lookup is based on the identifier provided by the user.  It can =
have a user portion in the format of a URI https://john@example.com , =
https://example.com/john or anything else where you can extract the =
domain.
>>>>=20
>>>> The user portion is necessary to allow for per user IdP delegation. =
  Otherwise only one IdP per host could be supported.
>>>>=20
>>>> John B.
>>>>=20
>>>>=20
>>>> On 2012-05-09, at 2:42 PM, Hannes Tschofenig wrote:
>>>>=20
>>>>> Hi John,=20
>>>>>=20
>>>>> does the "identifier" contain of a domain part AND a username part =
or only the domain part?=20
>>>>> That's the crucial question here.=20
>>>>>=20
>>>>> Ciao
>>>>> Hannes
>>>>>=20
>>>>> On May 9, 2012, at 9:20 PM, John Bradley wrote:
>>>>>=20
>>>>>> For openID Connect we are using the identifier to discover the =
AS.   We refer to that as an issuer,  and perform a second discovery =
step to get the configuration (Auth endpoint, token endpoint, user_info =
endpoint and other config) for that issuer.
>>>>>>=20
>>>>>> SWD/WF may be used for other things by other protocols, but our =
use is quite simple.
>>>>>>=20
>>>>>> I think that is probably the same thing for SASL,  but others may =
think differently.
>>>>>>=20
>>>>>> John B.
>>>>>>=20
>>>>>>=20
>>>>>> On 2012-05-09, at 1:50 PM, Hannes Tschofenig wrote:
>>>>>>=20
>>>>>>> Hi guys,=20
>>>>>>>=20
>>>>>>> at the last IIW we had a discussion about SASL-OAuth and what =
the SASL server needs to know for discovery.=20
>>>>>>> The discovery discussions around WebFinger go in the same =
directions.=20
>>>>>>>=20
>>>>>>> So, I have been wondering whether we have made an informed =
decision about how the discovery procedure is actually supposed to look =
like.=20
>>>>>>>=20
>>>>>>> In my view, the relying party (the client) only needs to know =
who the identity provider (the AS/RS) is.=20
>>>>>>>=20
>>>>>>> Any other views?=20
>>>>>>>=20
>>>>>>> Ciao
>>>>>>> Hannes
>>>>>>>=20
>>>>>>> PS: Please let me know if I should provide more background about =
the issue.=20
>>>>>>>=20
>>>>>>> _______________________________________________
>>>>>>> OAuth mailing list
>>>>>>> OAuth@ietf.org
>>>>>>> https://www.ietf.org/mailman/listinfo/oauth
>>>> _______________________________________________
>>>> Kitten mailing list
>>>> Kitten@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/kitten
>>=20
>>=20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>=20


--Apple-Mail=_0A0E5208-4463-4AE8-BACF-4564DADB7231
Content-Transfer-Encoding: 7bit
Content-Type: text/html;
	charset=iso-8859-1

<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Allowing user based discovery is not mutually exclusive with things that provide browser based help for selecting a IdP.<div>Forcing a user to type a email address for twitter may also prove unnatural. &nbsp;</div><div><br></div><div>More help for the user by their trusted user agent is probably the better way to go in the long term. &nbsp;</div><div>In the short therm almost anything is better than users current practice of entering there email and password directly into random sites. &nbsp;</div><div><div><br></div><div>It is reasonable in the IMAP case where the client already has the email to use that to start discovery for the Authorization server for that identifier.</div><div><br></div><div>John B.<br><div><div>On 2012-05-10, at 11:15 AM, Justin Richer wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">
  
    <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
  
  <div bgcolor="#FFFFFF" text="#000000">
    It's important to remember that these identifiers need to be
    handled, seen, and remembered by people. Especially in the long-tail
    case (which is to say, IdPs who aren't big enough to get a log in
    button), users will need to enter a piece of text into a website to
    tell the website who they are. There's the longstanding usability
    issue of how users self-identify. We have taught people over the
    last 30 years or so that a format of "user@domain" represents a
    person. SMTP, XMPP, SIP, and other protocols have used this format
    successfully. OpenID made the mistake of trying to teach people that
    <a class="moz-txt-link-rfc2396E" href="http://domain/user">"http://domain/user"</a>&nbsp; could also stand for them, but people just
    don't think of themselves in terms of HTTP URLs. Webfinger came
    about to address this, and SWD adopted the same pattern. Account
    Chooser is a great UI for public, internet-facing websites, but it's
    far from universally applicable.<br>
    <br>
    Whether it's good privacy practice or not, the natural pattern for
    people to log into a website is to type something that looks like an
    email address. Also note that while in many peoples' cases, the
    acct:user@domain will match their <a class="moz-txt-link-freetext" href="mailto:user@domain">mailto:user@domain</a> address, but
    that's not necessarily true universally. This adds flexibility for
    allowing a domain-style identifier to use the same discovery process
    as a user@domain-style identifier and privacy-conscious users can
    use the former.<br>
    <br>
    &nbsp;-- Justin<br>
    <br>
    On 05/10/2012 10:58 AM, John Bradley wrote:
    <blockquote cite="mid:6E2A5AF6-F4D8-4FCA-A45F-7AE5032A82BE@ve7jtb.com" type="cite">
      <pre wrap="">openID Connect dosen't require a user portion of the identifier to be discovered and supports a opaque or pseudonymous user_id.    
email is an optional attribute that can be returned by user consent.

OpenID 2.0 actively discouraged using email addresses for privacy reasons.  Teaching people to enter there email addresses into unknown sites was seen as a bad thing by many.

WF was started partially as an alternative discovery mechanism for openID to allow people to enter email addresses to discover there IdP, given a belief that users could only be asked to enter email and 
NASCAR UI was not scalable.

openID is attempting to separately address the NASCAR problem with it's Account Chooser project to allow the user to configure and control their selection of IdP without entering info directly into the RP.

For WF/SWD the decision is to enforce discovery by host only or support a user component so that a email or other service provider could allow per user choice.

I do happen to personally agree that teaching users to give up there email to random websites is not a good idea, however not allowing a user component in discovery won't stop RP from asking and removes otherwise useful functionality and choice fro the user.

John B.

On 2012-05-10, at 1:43 AM, Klaas Wierenga (kwiereng) wrote:

</pre>
      <blockquote type="cite">
        <pre wrap="">Hmmm, I see your point but I think that from a privacy PoV revealing the username to the RP is not good practice, especially not prior to trust being established between RP and IdP. If the IdP wants to send the assertion in the authentication statement that is another matter. But you don't want rogue RPs harvesting user names. So instead i have assumed that the domain could be more specific if needed, i.e. for 99% of the cases <a href="http://example.com">example.com</a> would suffice but for the corner cases I imagine using <a href="http://idp1.example.com">idp1.example.com</a> and <a href="http://idp2.example.com">idp2.example.com</a>. But I understand that in an oauth scenario that may be less pretty.

Klaas

Sent from my iPad

On 9 mei 2012, at 21:31, "John Bradley" <a class="moz-txt-link-rfc2396E" href="mailto:ve7jtb@ve7jtb.com">&lt;ve7jtb@ve7jtb.com&gt;</a> wrote:

</pre>
        <blockquote type="cite">
          <pre wrap="">The lookup is based on the identifier provided by the user.  It can have a user portion in the format of a URI <a class="moz-txt-link-freetext" href="https://john@example.com/">https://john@example.com</a> , <a class="moz-txt-link-freetext" href="https://example.com/john">https://example.com/john</a> or anything else where you can extract the domain.

The user portion is necessary to allow for per user IdP delegation.   Otherwise only one IdP per host could be supported.

John B.


On 2012-05-09, at 2:42 PM, Hannes Tschofenig wrote:

</pre>
          <blockquote type="cite">
            <pre wrap="">Hi John, 

does the "identifier" contain of a domain part AND a username part or only the domain part? 
That's the crucial question here. 

Ciao
Hannes

On May 9, 2012, at 9:20 PM, John Bradley wrote:

</pre>
            <blockquote type="cite">
              <pre wrap="">For openID Connect we are using the identifier to discover the AS.   We refer to that as an issuer,  and perform a second discovery step to get the configuration (Auth endpoint, token endpoint, user_info endpoint and other config) for that issuer.

SWD/WF may be used for other things by other protocols, but our use is quite simple.

I think that is probably the same thing for SASL,  but others may think differently.

John B.


On 2012-05-09, at 1:50 PM, Hannes Tschofenig wrote:

</pre>
              <blockquote type="cite">
                <pre wrap="">Hi guys, 

at the last IIW we had a discussion about SASL-OAuth and what the SASL server needs to know for discovery. 
The discovery discussions around WebFinger go in the same directions. 

So, I have been wondering whether we have made an informed decision about how the discovery procedure is actually supposed to look like. 

In my view, the relying party (the client) only needs to know who the identity provider (the AS/RS) is. 

Any other views? 

Ciao
Hannes

PS: Please let me know if I should provide more background about the issue. 

_______________________________________________
OAuth mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OAuth@ietf.org">OAuth@ietf.org</a>
<a class="moz-txt-link-freetext" href="https://www.ietf.org/mailman/listinfo/oauth">https://www.ietf.org/mailman/listinfo/oauth</a>
</pre>
              </blockquote>
              <pre wrap=""></pre>
            </blockquote>
            <pre wrap=""></pre>
          </blockquote>
          <pre wrap="">_______________________________________________
Kitten mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Kitten@ietf.org">Kitten@ietf.org</a>
<a class="moz-txt-link-freetext" href="https://www.ietf.org/mailman/listinfo/kitten">https://www.ietf.org/mailman/listinfo/kitten</a>
</pre>
        </blockquote>
      </blockquote>
      <pre wrap=""></pre>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
OAuth mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OAuth@ietf.org">OAuth@ietf.org</a>
<a class="moz-txt-link-freetext" href="https://www.ietf.org/mailman/listinfo/oauth">https://www.ietf.org/mailman/listinfo/oauth</a>
</pre>
    </blockquote>
    <br>
  </div>

</blockquote></div><br></div></div></body></html>
--Apple-Mail=_0A0E5208-4463-4AE8-BACF-4564DADB7231--

--Apple-Mail=_941D81E7-8CC1-49DF-BEC8-6BDD4CE267BF
Content-Disposition: attachment;
	filename=smime.p7s
Content-Type: application/pkcs7-signature;
	name=smime.p7s
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIPnzCCB7Uw
ggadoAMCAQICAh5cMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3Rh
cnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4
MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0Ew
HhcNMTIwMzE4MDQzMjQ4WhcNMTQwMzE5MTEwNzMyWjCBmzEZMBcGA1UEDRMQR3JUTTZMUzdYMzU3
NzhzOTELMAkGA1UEBhMCQ0wxIjAgBgNVBAgTGU1ldHJvcG9saXRhbmEgZGUgU2FudGlhZ28xFjAU
BgNVBAcTDUlzbGEgZGUgTWFpcG8xFTATBgNVBAMTDEpvaG4gQnJhZGxleTEeMBwGCSqGSIb3DQEJ
ARYPamJyYWRsZXlAbWUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskrlBI93
rBTLOQGSwIT6co6dAw/rwDPrRXl6/F2oc4KDn+QN6CdFeHo08H846VJS9CDjLKvnK9jbxxs4wYqe
nKdPb3jgzt8oc7b9ZXtWkOgsxgMf6dBZ/IPm4lWBpCbSr3seDGDXEpiE2lTZXno7c25OguR4E6Qa
hcpHABZjeEWK65mMH25gmoRf5MY1k3quu5y+FCYCHE2iwU5jzq+mI3HmG59+UMFLx1fjV+zTslRw
26cQDC/uepwjeYSp8S26hfWipVWwQj4js/C7RoPtvt2iyeU+LSH81jG4wlAWntiOG1WtoXUuXWSc
ExhciKeKWCnemy9qqmxRfJqBROeGlQIDAQABo4IEDjCCBAowCQYDVR0TBAIwADALBgNVHQ8EBAMC
BLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBQ/A7/CxKEnzpqmZlLz
9iaQMy24eTAfBgNVHSMEGDAWgBSuVYNv7DHKufcd+q9rMfPIHeOsuzB+BgNVHREEdzB1gQ9qYnJh
ZGxleUBtZS5jb22BD2picmFkbGV5QG1lLmNvbYEQamJyYWRsZXlAbWFjLmNvbYERdmU3anRiQHZl
N2p0Yi5jb22BE2picmFkbGV5QHdpbmdhYS5jb22BF2pvaG4uYnJhZGxleUB3aW5nYWEuY29tMIIC
IQYDVR0gBIICGDCCAhQwggIQBgsrBgEEAYG1NwECAjCCAf8wLgYIKwYBBQUHAgEWImh0dHA6Ly93
d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3RhcnRz
c2wuY29tL2ludGVybWVkaWF0ZS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1ZWQgYWNj
b3JkaW5nIHRvIHRoZSBDbGFzcyAyIFZhbGlkYXRpb24gcmVxdWlyZW1lbnRzIG9mIHRoZSBTdGFy
dENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9yIHRoZSBpbnRlbmRlZCBwdXJwb3NlIGlu
IGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlpbmcgcGFydHkgb2JsaWdhdGlvbnMuMIGcBggrBgEFBQcC
AjCBjzAnFiBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgECGmRMaWFiaWxpdHkg
YW5kIHdhcnJhbnRpZXMgYXJlIGxpbWl0ZWQhIFNlZSBzZWN0aW9uICJMZWdhbCBhbmQgTGltaXRh
dGlvbnMiIG9mIHRoZSBTdGFydENvbSBDQSBwb2xpY3kuMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6
Ly9jcmwuc3RhcnRzc2wuY29tL2NydHUyLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8wOQYIKwYB
BQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MyL2NsaWVudC9jYTBCBggr
BgEFBQcwAoY2aHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNzMi5jbGllbnQu
Y2EuY3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQUF
AAOCAQEAEcfD4PmHrX+W3zaP/KsR4gwLAL0UTaMz14SIng6a9F3kb8ZDbTUneS9ubgpqeJQP2IFc
0U5gQnJ3XeCH6p9I88mvm1NqKQw8WvfglS0aIS19vfpTgXJSPdIO2JJPRqaBtXf3zkdXJwckX9/d
NMrLGeGvaFT9fUNdQdHU4BI1pVUpgKr796T7LTc/ERfH8iFp1+CmdVkJ6Y2iJdWUp4h17XmbxbIT
0CdS4SSk/VW8LFsn/mVz6hB73VthwjGsIku54Wp4pRuq1KX+pATnRk3pHRa1z3mxJMmq7OEXENcC
Vm+bAnyUrYbUilNS9UVTYS8/3dVsKiNupBaOZO+vOgJqVDCCB+IwggXKoAMCAQICAQ4wDQYJKoZI
hvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT
IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDI1NFoXDTEyMTAyMjIxMDI1NFowgYwx
CzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGln
aXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAyIFByaW1h
cnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMsohUWcASz7GfKrpTOMKqANy9BV7V0igWdGxA8IU77L3aTxErQ+fcxtDYZ36Z6GH0YFn7fq5RAD
teP0AYzrCA+EQTfi8q1+kA3m0nwtwXG94M5sIqsvs7lRP1aycBke/s5g9hJHryZ2acScnzczjBCA
o7X1v5G3yw8MDP2m2RCye0KfgZ4nODerZJVzhAlOD9YejvAXZqHksw56HzElVIoYSZ3q4+RJuPXX
fIoyby+Y2m1E+YzX5iCZXBx05gk6MKAW1vaw4/v2OOLy6FZH3XHHtOkzUreG//CsFnB9+uaYSlR6
5cdGzTsmoIK8WH1ygoXhRBm98SD7Hf/r3FELNvUCAwEAAaOCA1swggNXMAwGA1UdEwQFMAMBAf8w
CwYDVR0PBAQDAgGmMB0GA1UdDgQWBBSuVYNv7DHKufcd+q9rMfPIHeOsuzCBqAYDVR0jBIGgMIGd
gBROC+8apEBbpRdphzDKNGhD0EGu8qGBgaR/MH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFy
dENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkw
JwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBATAJBgNVHRIEAjAAMD0G
CCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAoYhaHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2Eu
Y3J0MGAGA1UdHwRZMFcwLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwu
Y3JsMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwggFdBgNVHSAEggFU
MIIBUDCCAUwGCysGAQQBgbU3AQEEMIIBOzAvBggrBgEFBQcCARYjaHR0cDovL2NlcnQuc3RhcnRj
b20ub3JnL3BvbGljeS5wZGYwNQYIKwYBBQUHAgEWKWh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9p
bnRlcm1lZGlhdGUucGRmMIHQBggrBgEFBQcCAjCBwzAnFiBTdGFydCBDb21tZXJjaWFsIChTdGFy
dENvbSkgTHRkLjADAgEBGoGXTGltaXRlZCBMaWFiaWxpdHksIHJlYWQgdGhlIHNlY3Rpb24gKkxl
Z2FsIExpbWl0YXRpb25zKiBvZiB0aGUgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
UG9saWN5IGF2YWlsYWJsZSBhdCBodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvcG9saWN5LnBkZjAR
BglghkgBhvhCAQEEBAMCAAcwUAYJYIZIAYb4QgENBEMWQVN0YXJ0Q29tIENsYXNzIDIgUHJpbWFy
eSBJbnRlcm1lZGlhdGUgRnJlZSBTU0wgRW1haWwgQ2VydGlmaWNhdGVzMA0GCSqGSIb3DQEBBQUA
A4ICAQAe9xAX/vbphHkvkDdNrslXWdO7fD3JaqnTT3jmmDu55r7UpW1H/v/J40UBXsw9DKU8TylE
4RwZT5HDAMW42f1x498AzM4FOnL/pUTTvr6BiRlrify5ZovkDYVWjy1GYTJ+hPiBEv0HmHnDxjhn
JIIkEvJ+niMHLLEdpNMhZnxMiTFRAtIF4WeYcpgXBjAxsEDRKBvw40K+r3N4lykySQNp2ElIJ8H1
z2BmhxtppUdWpOVJ4Q1Gvn9jfV1qnMhFCDY+X1X8DrkKrTcpDExcGlefweQs7+DYUK3spiQkJpN7
qpPYlfy2GYHedv7lGa1ZAghMI/4882QVAK2zq6M60nHpOUMtYD61XtAs3ZD5L3yn9LCdeK2j4ZbQ
3uRdwvxAMFWwXyUK/ALP4lCu9QhxbnETOkBWT3FJul4/FUgzM0RRCEGhuQWiOFSoa35XJTcYf/4E
/ZuvOXhK04nUpe7DYTMWzRqL04yyoJQVHKHKSboytueydKuqFZKdJA9gi77OnPBYL/yxkXGgkLC9
tsi77oT4AgZry0/6lgX56ak+f/umQihNPgtKSQQjEYq9S8MlOHzpUM0vxsghATYsdUPBw6r6ZxDH
jXoUAD03DUMEbKsWvqFB7nJNVesngbu8miw1EYLA+fHfTaCidoV3CL75jKqM/KE87qrh9Fqti9bK
qnkvpTGCA2wwggNoAgEBMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk
LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMv
U3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMAkGBSsO
AwIaBQCgggGtMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEyMDUx
MDE2MjU0M1owIwYJKoZIhvcNAQkEMRYEFAjpE8kvyoFCZuh8uGUmDZtMxVJOMIGkBgkrBgEEAYI3
EAQxgZYwgZMwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQL
EyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBD
bGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQICHlwwgaYGCyqGSIb3DQEJEAIL
MYGWoIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xh
c3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMA0GCSqGSIb3DQEBAQUABIIB
AH1RyVcJvyQj+ClyiSws3giWJNRema8/uBG5WELtsLGQDrLZxqeoFQ6TZXbrWDO1xGqAxUWRNLU1
tLBfSjfv6rFsvRQgYu0gZ7Kp30WgBBYqbLZBEoHwtKOoxMKdv73dOPHeXtMndqy4Ltl0C0z2vkfT
gsmxl9DhlffmD54isl1KQcLjAxGvDG1fX++7Yyks5d6PHPK7ORQT2/oj3xXT6s8ZRRnmeg24xhFX
RkGAvmwSOY6T3EAQXRpjjKvXx9ib8a5DhBrsU90hnKs2PrNLt5lMBTfx8Dp47VRcWsGDzkeSl+BC
zPWGAVZarzm/N6CzfNEbkPdgfHIlUF8VVbDMkmQAAAAAAAA=

--Apple-Mail=_941D81E7-8CC1-49DF-BEC8-6BDD4CE267BF--

From sm@resistor.net  Fri May 11 00:00:27 2012
Return-Path: <sm@resistor.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1171F21F860E for <oauth@ietfa.amsl.com>; Fri, 11 May 2012 00:00:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.465
X-Spam-Level: 
X-Spam-Status: No, score=-102.465 tagged_above=-999 required=5 tests=[AWL=0.134, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IMLa-bhGa-MN for <oauth@ietfa.amsl.com>; Fri, 11 May 2012 00:00:26 -0700 (PDT)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id ABF2F21F8608 for <oauth@ietf.org>; Fri, 11 May 2012 00:00:26 -0700 (PDT)
Received: from SUBMAN.resistor.net (IDENT:sm@localhost [127.0.0.1]) (authenticated bits=0) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id q4B70JSZ023116; Fri, 11 May 2012 00:00:22 -0700 (PDT)
Message-Id: <6.2.5.6.2.20120510235528.0a735658@resistor.net>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Thu, 10 May 2012 23:59:49 -0700
To: Eran Hammer <eran@hueniverse.com>
From: SM <sm@resistor.net>
In-Reply-To: <0CBAEB56DDB3A140BA8E8C124C04ECA201026CA8@P3PWEX2MB008.ex2. secureserver.net>
References: <7D98C51F-84D8-48AA-B94D-EABE4D0921DB@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA201026B48@P3PWEX2MB008.ex2.secureserver.net> <4E1F6AAD24975D4BA5B1680429673943664CE3AE@TK5EX14MBXC283.redmond.corp.microsoft.com> <0CBAEB56DDB3A140BA8E8C124C04ECA201026CA8@P3PWEX2MB008.ex2.secureserver.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2012 07:00:27 -0000

Hi Eran,
At 16:04 09-05-2012, Eran Hammer wrote:
>The IESG members rely on the editor to represent the WG decisions to 
>them when addressing issues. You failed to do that, promoted your 
>personal view, and now we are having this discussion all over again 
>- a discussion that last time was only resolved by creating the 
>design committee.

Isn't it up the Document Shepherd to coordinate the resolution of 
DISCUSS or COMMENT items?

Regards,
-sm 


From eran@hueniverse.com  Fri May 11 00:18:57 2012
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E051F21F8554 for <oauth@ietfa.amsl.com>; Fri, 11 May 2012 00:18:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.557
X-Spam-Level: 
X-Spam-Status: No, score=-2.557 tagged_above=-999 required=5 tests=[AWL=0.042,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vG7DqjwpXso3 for <oauth@ietfa.amsl.com>; Fri, 11 May 2012 00:18:57 -0700 (PDT)
Received: from p3plex2out02.prod.phx3.secureserver.net (p3plex2out02.prod.phx3.secureserver.net [184.168.131.14]) by ietfa.amsl.com (Postfix) with ESMTP id 652C621F847C for <oauth@ietf.org>; Fri, 11 May 2012 00:18:57 -0700 (PDT)
Received: from P3PWEX2HT003.ex2.secureserver.net ([184.168.131.11]) by p3plex2out02.prod.phx3.secureserver.net with bizsmtp id 8XJw1j0050EuLVk01XJwjr; Fri, 11 May 2012 00:18:56 -0700
Received: from P3PWEX2MB008.ex2.secureserver.net ([169.254.8.88]) by P3PWEX2HT003.ex2.secureserver.net ([184.168.131.11]) with mapi id 14.02.0247.003; Fri, 11 May 2012 00:18:56 -0700
From: Eran Hammer <eran@hueniverse.com>
To: SM <sm@resistor.net>
Thread-Topic: [OAUTH-WG] Encoding of Errors in the Base and in the  Bearer Spec
Thread-Index: AQHNL0PAhuowGSXnN0+Nexv4rL5LgpbELbCQ
Date: Fri, 11 May 2012 07:18:56 +0000
Message-ID: <0CBAEB56DDB3A140BA8E8C124C04ECA201029A8A@P3PWEX2MB008.ex2.secureserver.net>
References: <7D98C51F-84D8-48AA-B94D-EABE4D0921DB@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA201026B48@P3PWEX2MB008.ex2.secureserver.net> <4E1F6AAD24975D4BA5B1680429673943664CE3AE@TK5EX14MBXC283.redmond.corp.microsoft.com> <0CBAEB56DDB3A140BA8E8C124C04ECA201026CA8@P3PWEX2MB008.ex2.secureserver.net> <6.2.5.6.2.20120510235528.0a735658@resistor.net>
In-Reply-To: <6.2.5.6.2.20120510235528.0a735658@resistor.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [64.74.213.174]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2012 07:18:58 -0000

Don't know. In the 5 RFCs I've worked on, I - as editor - was the only pers=
onal who interacted with the IESG. Either way, it is usually the editor who=
 is addressing questions about the text and proposing changes.

EH

> -----Original Message-----
> From: SM [mailto:sm@resistor.net]
> Sent: Friday, May 11, 2012 12:00 AM
> To: Eran Hammer
> Cc: oauth@ietf.org
> Subject: Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer
> Spec
>=20
> Hi Eran,
> At 16:04 09-05-2012, Eran Hammer wrote:
> >The IESG members rely on the editor to represent the WG decisions to
> >them when addressing issues. You failed to do that, promoted your
> >personal view, and now we are having this discussion all over again
> >- a discussion that last time was only resolved by creating the design
> >committee.
>=20
> Isn't it up the Document Shepherd to coordinate the resolution of DISCUSS
> or COMMENT items?
>=20
> Regards,
> -sm


From sm@resistor.net  Fri May 11 00:22:17 2012
Return-Path: <sm@resistor.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2514021F8628; Fri, 11 May 2012 00:22:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.467
X-Spam-Level: 
X-Spam-Status: No, score=-102.467 tagged_above=-999 required=5 tests=[AWL=0.132, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NHvOoZEt+E3K; Fri, 11 May 2012 00:22:16 -0700 (PDT)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id BBED421F8615; Fri, 11 May 2012 00:22:16 -0700 (PDT)
Received: from SUBMAN.resistor.net (IDENT:sm@localhost [127.0.0.1]) (authenticated bits=0) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id q4B7MB4o027164; Fri, 11 May 2012 00:22:13 -0700 (PDT)
Message-Id: <6.2.5.6.2.20120511000851.0a735510@resistor.net>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Fri, 11 May 2012 00:19:02 -0700
To: Justin Richer <jricher@mitre.org>
From: SM <sm@resistor.net>
In-Reply-To: <4FABDBA2.20908@mitre.org>
References: <40FC97F0-B72C-47F4-8206-590BA365997A@gmx.net> <5ECED997-49B8-4550-B79A-CF121FCD1AF9@ve7jtb.com> <9F541ABD-23C0-4592-BC8C-7B7E7CC620CB@gmx.net> <81091A66-03C3-4085-A840-BEC1BBF48161@ve7jtb.com> <A5BFAE4A-5FF2-4E0C-BE49-A04AA9AC9A98@cisco.com> <6E2A5AF6-F4D8-4FCA-A45F-7AE5032A82BE@ve7jtb.com> <4FABDBA2.20908@mitre.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Cc: kitten@ietf.org, oauth@ietf.org
Subject: Re: [OAUTH-WG] [kitten] OAuth Discovery and what the relying partyneeds to know
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2012 07:22:17 -0000

Hi Justin,

[not sure why kitten@ is in the Cc.  Feel free to drop]

At 08:15 10-05-2012, Justin Richer wrote:
>"user@domain" represents a person. SMTP, XMPP, SIP, and other 
>protocols have used this format successfully. OpenID made the 
>mistake of trying to teach people that "http://domain/user"  could 
>also stand for them, but people just don't think of themselves in 
>terms of HTTP URLs. Webfinger came about to address this, and SWD adopted

The strings industry probably have some reason to believe that people 
think of themselves in terms of domain names.  Some people think of 
the other person in terms of "what's your [insert social 
network]?".  There are several specifications which reference rfc822 
identifiers.  The interesting point in the above is what will be 
people's expected behavior while taking into account the usual 
technical limitations.

Regards,
-sm 


From msk@cloudmark.com  Fri May 11 06:51:44 2012
Return-Path: <msk@cloudmark.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D92BE21F860B for <oauth@ietfa.amsl.com>; Fri, 11 May 2012 06:51:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.621
X-Spam-Level: 
X-Spam-Status: No, score=-102.621 tagged_above=-999 required=5 tests=[AWL=-0.022, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7nL+4phNr573 for <oauth@ietfa.amsl.com>; Fri, 11 May 2012 06:51:44 -0700 (PDT)
Received: from mail.cloudmark.com (cmgw1.cloudmark.com [208.83.136.25]) by ietfa.amsl.com (Postfix) with ESMTP id 15B4D21F8718 for <oauth@ietf.org>; Fri, 11 May 2012 06:51:43 -0700 (PDT)
Received: from ht1-outbound.cloudmark.com ([72.5.239.25]) by mail.cloudmark.com with bizsmtp id 8dri1j0010ZaKgw01driYV; Fri, 11 May 2012 06:51:42 -0700
X-CMAE-Match: 0
X-CMAE-Score: 0.00
X-CMAE-Analysis: v=2.0 cv=R/iB6KtX c=1 sm=1 a=LdFkGDrDWH2mcjCZERnC4w==:17 a=ldJM1g7oyCcA:10 a=vfa_Bs7FPFsA:10 a=zutiEJmiVI4A:10 a=kj9zAlcOel0A:10 a=xqWC_Br6kY4A:10 a=48vgC7mUAAAA:8 a=WPfEoFxUsdxxA8gXFKIA:9 a=CjuIK1q_8ugA:10 a=lZB815dzVvQA:10 a=LdFkGDrDWH2mcjCZERnC4w==:117
Received: from EXCH-MBX901.corp.cloudmark.com ([fe80::addf:849a:f71c:4a82]) by exch-htcas901.corp.cloudmark.com ([fe80::2524:76b6:a865:539c%10]) with mapi id 14.01.0355.002; Fri, 11 May 2012 06:51:42 -0700
From: "Murray S. Kucherawy" <msk@cloudmark.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec
Thread-Index: AQHNL0OnFfkxumpYNEqBfw8xLEjaT5bEo3gA///3bYA=
Date: Fri, 11 May 2012 13:51:42 +0000
Message-ID: <9452079D1A51524AA5749AD23E00392811E21F@exch-mbx901.corp.cloudmark.com>
References: <7D98C51F-84D8-48AA-B94D-EABE4D0921DB@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA201026B48@P3PWEX2MB008.ex2.secureserver.net> <4E1F6AAD24975D4BA5B1680429673943664CE3AE@TK5EX14MBXC283.redmond.corp.microsoft.com> <0CBAEB56DDB3A140BA8E8C124C04ECA201026CA8@P3PWEX2MB008.ex2.secureserver.net> <6.2.5.6.2.20120510235528.0a735658@resistor.net> <0CBAEB56DDB3A140BA8E8C124C04ECA201029A8A@P3PWEX2MB008.ex2.secureserver.net>
In-Reply-To: <0CBAEB56DDB3A140BA8E8C124C04ECA201029A8A@P3PWEX2MB008.ex2.secureserver.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [67.160.203.60]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudmark.com; s=default; t=1336744302; bh=ZHCBC/EyVzMLt92Ei634pyd6ozGm0l6pM5W4C5XXUhg=; h=From:To:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=mwNqtyNIH0oPs8tOQyPoOzacn0dzIeRSI81P0YbGshGJUXdvnVMQtApciGnmx8xbC ej+wi/pinIzmvO9B1amIR2qmwc91Kct1ZjFzUwWzA8EgzgbX1n7TVD5N9MJR2b9hgl k2qYgvBTGyf+Z3dc+n4YXsmPY4vMoRHKJ/VVVRqo=
Subject: Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2012 13:51:45 -0000

> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of=
 Eran Hammer
> Sent: Friday, May 11, 2012 12:19 AM
> To: SM
> Cc: oauth@ietf.org
> Subject: Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer =
Spec
>=20
> Don't know. In the 5 RFCs I've worked on, I - as editor - was the only
> personal who interacted with the IESG. Either way, it is usually the
> editor who is addressing questions about the text and proposing
> changes.

It sounds like you've had some pretty hands-off shepherds in your experienc=
e (as have I), or you dealt with the issues yourself which obviated the nee=
d for that person to act.  But formally, SM is correct about the Document S=
hepherd's function.  See RFC4858.

-MSK


From eran@hueniverse.com  Fri May 11 06:57:38 2012
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E24CF21F8484 for <oauth@ietfa.amsl.com>; Fri, 11 May 2012 06:57:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.558
X-Spam-Level: 
X-Spam-Status: No, score=-2.558 tagged_above=-999 required=5 tests=[AWL=0.041,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AxnC2UL5c7EZ for <oauth@ietfa.amsl.com>; Fri, 11 May 2012 06:57:38 -0700 (PDT)
Received: from p3plex2out01.prod.phx3.secureserver.net (p3plex2out01.prod.phx3.secureserver.net [184.168.131.12]) by ietfa.amsl.com (Postfix) with ESMTP id 6D41C21F845B for <oauth@ietf.org>; Fri, 11 May 2012 06:57:38 -0700 (PDT)
Received: from P3PWEX2HT002.ex2.secureserver.net ([184.168.131.10]) by p3plex2out01.prod.phx3.secureserver.net with bizsmtp id 8dxd1j0030Dcg9U01dxdVu; Fri, 11 May 2012 06:57:37 -0700
Received: from P3PWEX2MB008.ex2.secureserver.net ([169.254.8.88]) by P3PWEX2HT002.ex2.secureserver.net ([184.168.131.10]) with mapi id 14.02.0247.003; Fri, 11 May 2012 06:57:37 -0700
From: Eran Hammer <eran@hueniverse.com>
To: "Murray S. Kucherawy" <msk@cloudmark.com>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec
Thread-Index: AQHNL304m3igpnkMGkWgvho/M7VBEJbEnMng
Date: Fri, 11 May 2012 13:57:37 +0000
Message-ID: <0CBAEB56DDB3A140BA8E8C124C04ECA20102A14C@P3PWEX2MB008.ex2.secureserver.net>
References: <7D98C51F-84D8-48AA-B94D-EABE4D0921DB@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA201026B48@P3PWEX2MB008.ex2.secureserver.net> <4E1F6AAD24975D4BA5B1680429673943664CE3AE@TK5EX14MBXC283.redmond.corp.microsoft.com> <0CBAEB56DDB3A140BA8E8C124C04ECA201026CA8@P3PWEX2MB008.ex2.secureserver.net> <6.2.5.6.2.20120510235528.0a735658@resistor.net> <0CBAEB56DDB3A140BA8E8C124C04ECA201029A8A@P3PWEX2MB008.ex2.secureserver.net> <9452079D1A51524AA5749AD23E00392811E21F@exch-mbx901.corp.cloudmark.com>
In-Reply-To: <9452079D1A51524AA5749AD23E00392811E21F@exch-mbx901.corp.cloudmark.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [64.74.213.174]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2012 13:57:39 -0000

Ok. Would the document shepherd for the bearer specification please raise y=
our hand?

EH

> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf
> Of Murray S. Kucherawy
> Sent: Friday, May 11, 2012 6:52 AM
> To: oauth@ietf.org
> Subject: Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer
> Spec
>=20
> > -----Original Message-----
> > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf
> > Of Eran Hammer
> > Sent: Friday, May 11, 2012 12:19 AM
> > To: SM
> > Cc: oauth@ietf.org
> > Subject: Re: [OAUTH-WG] Encoding of Errors in the Base and in the
> > Bearer Spec
> >
> > Don't know. In the 5 RFCs I've worked on, I - as editor - was the only
> > personal who interacted with the IESG. Either way, it is usually the
> > editor who is addressing questions about the text and proposing
> > changes.
>=20
> It sounds like you've had some pretty hands-off shepherds in your
> experience (as have I), or you dealt with the issues yourself which obvia=
ted
> the need for that person to act.  But formally, SM is correct about the
> Document Shepherd's function.  See RFC4858.
>=20
> -MSK
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

From sberyozkin@gmail.com  Fri May 11 07:04:06 2012
Return-Path: <sberyozkin@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 109B321F866B for <oauth@ietfa.amsl.com>; Fri, 11 May 2012 07:04:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level: 
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m9fpUN0iS1Bg for <oauth@ietfa.amsl.com>; Fri, 11 May 2012 07:04:05 -0700 (PDT)
Received: from mail-bk0-f44.google.com (mail-bk0-f44.google.com [209.85.214.44]) by ietfa.amsl.com (Postfix) with ESMTP id A5EDD21F8639 for <oauth@ietf.org>; Fri, 11 May 2012 07:04:04 -0700 (PDT)
Received: by bkty8 with SMTP id y8so2632065bkt.31 for <oauth@ietf.org>; Fri, 11 May 2012 07:04:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=dxMyygqcSWrXAmc2vaFIIM4gCFWWMAECGiSM2hJTfYM=; b=dCesruwAQHJmYw3kLQyeonIUGO/SQ0bgKCbVzBaioZInAeeNH4ywg5rIAs1uH7K+YG 0DtVVWwCU9j2/K9Qd61v1wMD2KxaqOsVCA/YcVaiIDgyypvTEOmz8srXN7N9KNFBQN23 NVog/i5a257wSJEyT5hbyAuzy6SRtI+nOEFokVF1JQd7+vUPWsmbuSgW3jKZWG4md3Gt QZ/B36uIicJgQlbrwG2TK9i1KJM0FX7a/o+HZ2QzZ3hq/ZwIq5oN7cJN/5kKLmV1njsE yrTfaTVswzTU2xwup7Qgadr7Y8708dURjiDCWjq1McHg7qhlmdDJM/GHqusbrcjIj1cg OdTg==
Received: by 10.205.124.9 with SMTP id gm9mr4883742bkc.29.1336745043767; Fri, 11 May 2012 07:04:03 -0700 (PDT)
Received: from [10.36.226.5] ([217.173.99.61]) by mx.google.com with ESMTPS id u8sm18832504bks.0.2012.05.11.07.04.02 (version=SSLv3 cipher=OTHER); Fri, 11 May 2012 07:04:03 -0700 (PDT)
Message-ID: <4FAD1C52.6060708@gmail.com>
Date: Fri, 11 May 2012 15:04:02 +0100
From: Sergey Beryozkin <sberyozkin@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120430 Thunderbird/12.0.1
MIME-Version: 1.0
To: Paul Madsen <paul.madsen@gmail.com>
References: <E33E01DFD5BEA24B9F3F18671078951F156D8F4B@szxeml534-mbx.china.huawei.com> <4F3BB6B8.1030501@mitre.org> <4F4FA62F.7010404@gmail.com> <5E5D54C4-092B-4D7F-810D-39FFAF08FF6B@mitre.org> <5710F82C0E73B04FA559560098BF95B1250DBA5E89@USNAVSXCHMBSA3.ndc.alcatel-lucent.com> <4F4FF563.3070806@gmail.com> <5710F82C0E73B04FA559560098BF95B1250DBA5F93@USNAVSXCHMBSA3.ndc.alcatel-lucent.com> <4F4FF9E3.3010007@gmail.com>
In-Reply-To: <4F4FF9E3.3010007@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "'<oauth@ietf.org>'" <oauth@ietf.org>
Subject: [OAUTH-WG] Difference between RO and End User (Was: Few questions about client_credentials)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2012 14:04:06 -0000

Hi
On 01/03/12 22:36, Paul Madsen wrote:
> RO =/= end-user
>

Can you please elaborate on the difference a bit more ? I do not see the 
main OAuth specification saying anything about it, and OpenId-Connect 
seems to use both terms interchangeably, example:
http://openid.net/specs/openid-connect-standard-1_0.html#art_res_ok

When would you recommend to pay the specific attention to this 
distinction, when someones reads or implements OAuth2 ?

Thanks, Sergey


> On 3/1/12 5:33 PM, Zeltsan, Zachary (Zachary) wrote:
>>> Are you saying that this can include the resources of possibly different end users ?
>> Yes. The specification does not limit a number of the users whose resources a client may access using the client credentials flow.
>>
>> Zachary
>>
>>
>> -----Original Message-----
>> From: Sergey Beryozkin [mailto:sberyozkin@gmail.com]
>> Sent: Thursday, March 01, 2012 5:17 PM
>> To: Zeltsan, Zachary (Zachary)
>> Cc: 'Richer, Justin P.'; '<oauth@ietf.org>'
>> Subject: Re: [OAUTH-WG] Few questions about client_credentials
>>
>> Hi,
>> On 01/03/12 19:23, Zeltsan, Zachary (Zachary) wrote:
>>> In the case of the Client Credentials Grant, an authorization servers knows what resources the client is authorized to access (this includes the resources that are not owned by the client). The specification explains that authorization of access to the resources "has been previously arranged with the authorization server (the method of which is beyond
>>>    the scope of this specification)".
>>>
>> Are you saying that this can include the resources of possibly different
>> end users ? Or only of a specific single end-user ?
>>
>>
>>> I have nothing to add to Justin's answer to the second question.
>> OK
>>
>> Thanks
>>
>> Sergey
>>
>>> Zachary
>>>
>>>
>>> Zachary
>>>
>>>
>>> -----Original Message-----
>>> From:oauth-bounces@ietf.org  [mailto:oauth-bounces@ietf.org] On Behalf Of Richer, Justin P.
>>> Sent: Thursday, March 01, 2012 12:01 PM
>>> To: Sergey Beryozkin
>>> Cc:<oauth@ietf.org>
>>> Subject: Re: [OAUTH-WG] Few questions about client_credentials
>>>
>>> If there's a fully trusted relationship between the client and the server, then the client may in fact be accessing data on behalf of another resource owner. It's a useful pattern when a three-legged flow like the Auth Code is not available. But it's kind of splitting hairs because the client has been granted a blanket access to the resource ahead of time, by virtue of its registration. Showing up to get a token is a method of limiting exposure and power of the client credentials, and making it easier to support both direct-client access and delegated-client access simultaneously with most of the same tooling.
>>>
>>> To your second question, no -- scopes do not have to be ignored in this case. In fact, a well-designed client and server can make use of scopes to let the client request an access token that's only good for whatever the current transaction is, as opposed to something that's representative of all of the client's capabilities. This is a method known as "downscoping" and it's a very powerful pattern that OAuth enables. Of course, if you want, you are fully allowed to leave the scope out entirely, then it's up to the Authorization Server alone to figure out what the token is really good for.
>>>
>>> Hope this clears things up,
>>>
>>>    -- Justin
>>>
>>>
>>>
>>> On Mar 1, 2012, at 11:39 AM, Sergey Beryozkin wrote:
>>>
>>>> Hi,
>>>>
>>>> I have few questions about the client_credentials grant type.
>>>> Section 4.4 [1] says: "...client is requesting access to the protected resources under its control, or those of another resource owner..."
>>>>
>>>> What I do not understand is the latter part of the above statement, how to establish a link between the client authentication (which is an actual grant in this case) and different resource owners given that the only thing we have is the client authentication. As far as I can see it is only possible to get a one to one link with the end user in this case.
>>>>
>>>> Can someone please clarify what is meant by "those of another resource owner" phrase ?
>>>>
>>>> The other question is about an optional scope parameter. It has to be ignored in case of the client requesting a token for accessing its own resources, right ?
>>>>
>>>> Thanks, Sergey
>>>>
>>>>
>>>>
>>>> [1]http://tools.ietf.org/html/draft-ietf-oauth-v2-23#section-4.4
>>>> _______________________________________________
>>>> OAuth mailing list
>>>> OAuth@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/oauth
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth



From paul.madsen@gmail.com  Fri May 11 07:11:06 2012
Return-Path: <paul.madsen@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D9F221F871A for <oauth@ietfa.amsl.com>; Fri, 11 May 2012 07:11:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level: 
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WN71Y0KLM+YT for <oauth@ietfa.amsl.com>; Fri, 11 May 2012 07:10:54 -0700 (PDT)
Received: from mail-ob0-f172.google.com (mail-ob0-f172.google.com [209.85.214.172]) by ietfa.amsl.com (Postfix) with ESMTP id 70F5C21F8705 for <oauth@ietf.org>; Fri, 11 May 2012 07:10:54 -0700 (PDT)
Received: by obbeh20 with SMTP id eh20so4021782obb.31 for <oauth@ietf.org>; Fri, 11 May 2012 07:10:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type; bh=P/j0e1gSow09qpspYWYvbIaCUfJo4tXoDbL97tyLIig=; b=ZCI/F6TKiM/m7rY9X5Qav0w1UIvxEksFUS8mMarAvK1+FPqLWlT2RrggXcsRafP74s 9fGuoERBQ2st2vRl0l+vfHZIefKe2crPB//yLULBzB5RNB8lbgs3DqdpEa3TuUr+47+i Hf9d3WaHY0bhFasECjMiJVS9+kJ1EokhAdGn0q98plXoCU2U3SQbyQ8PHVtBrXLU9y80 hNzs93x4l3VkbBp5G8Op9fQ0OnFBIQRt0ciPq8OunUg7FG/iIJ0jVeNBn83kFddSgCie R3lY7g73W9r+ixvKbkTwd7NH1faZHVBAUSkU7Pep4eQC77+j8+SjBLmHdxsnjfns1p2W Y0mw==
Received: by 10.182.141.9 with SMTP id rk9mr11764811obb.50.1336745453997; Fri, 11 May 2012 07:10:53 -0700 (PDT)
Received: from pmadsen-mbp.local (CPE0022b0cb82b4-CM0012256eb4b4.cpe.net.cable.rogers.com. [99.224.20.155]) by mx.google.com with ESMTPS id r8sm7698160oer.6.2012.05.11.07.10.52 (version=SSLv3 cipher=OTHER); Fri, 11 May 2012 07:10:53 -0700 (PDT)
Message-ID: <4FAD1DEC.5040304@gmail.com>
Date: Fri, 11 May 2012 10:10:52 -0400
From: Paul Madsen <paul.madsen@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.28) Gecko/20120306 Thunderbird/3.1.20
MIME-Version: 1.0
To: Sergey Beryozkin <sberyozkin@gmail.com>
References: <E33E01DFD5BEA24B9F3F18671078951F156D8F4B@szxeml534-mbx.china.huawei.com> <4F3BB6B8.1030501@mitre.org> <4F4FA62F.7010404@gmail.com> <5E5D54C4-092B-4D7F-810D-39FFAF08FF6B@mitre.org> <5710F82C0E73B04FA559560098BF95B1250DBA5E89@USNAVSXCHMBSA3.ndc.alcatel-lucent.com> <4F4FF563.3070806@gmail.com> <5710F82C0E73B04FA559560098BF95B1250DBA5F93@USNAVSXCHMBSA3.ndc.alcatel-lucent.com> <4F4FF9E3.3010007@gmail.com> <4FAD1C52.6060708@gmail.com>
In-Reply-To: <4FAD1C52.6060708@gmail.com>
Content-Type: multipart/alternative; boundary="------------050809050202000005080502"
Cc: "'<oauth@ietf.org>'" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Difference between RO and End User (Was: Few questions about client_credentials)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2012 14:11:06 -0000

This is a multi-part message in MIME format.
--------------050809050202000005080502
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Hi Sergey, the point I was trying to make is that the end-user is not 
always the 'owner' of the resource being accessed by the client.

In the archetypical consumer-centric application of OAuth, the user is 
indeed the resource owner.

But, in other OAuth applications (enterprise to cloud, TV Everywhere, 
etc) the owner of the resource may be some other entity (the employee's 
enterprise, the video content owner, etc)

paul

On 5/11/12 10:04 AM, Sergey Beryozkin wrote:
> Hi
> On 01/03/12 22:36, Paul Madsen wrote:
>> RO =/= end-user
>>
>
> Can you please elaborate on the difference a bit more ? I do not see 
> the main OAuth specification saying anything about it, and 
> OpenId-Connect seems to use both terms interchangeably, example:
> http://openid.net/specs/openid-connect-standard-1_0.html#art_res_ok
>
> When would you recommend to pay the specific attention to this 
> distinction, when someones reads or implements OAuth2 ?
>
> Thanks, Sergey
>
>
>> On 3/1/12 5:33 PM, Zeltsan, Zachary (Zachary) wrote:
>>>> Are you saying that this can include the resources of possibly 
>>>> different end users ?
>>> Yes. The specification does not limit a number of the users whose 
>>> resources a client may access using the client credentials flow.
>>>
>>> Zachary
>>>
>>>
>>> -----Original Message-----
>>> From: Sergey Beryozkin [mailto:sberyozkin@gmail.com]
>>> Sent: Thursday, March 01, 2012 5:17 PM
>>> To: Zeltsan, Zachary (Zachary)
>>> Cc: 'Richer, Justin P.'; '<oauth@ietf.org>'
>>> Subject: Re: [OAUTH-WG] Few questions about client_credentials
>>>
>>> Hi,
>>> On 01/03/12 19:23, Zeltsan, Zachary (Zachary) wrote:
>>>> In the case of the Client Credentials Grant, an authorization 
>>>> servers knows what resources the client is authorized to access 
>>>> (this includes the resources that are not owned by the client). The 
>>>> specification explains that authorization of access to the 
>>>> resources "has been previously arranged with the authorization 
>>>> server (the method of which is beyond
>>>>    the scope of this specification)".
>>>>
>>> Are you saying that this can include the resources of possibly 
>>> different
>>> end users ? Or only of a specific single end-user ?
>>>
>>>
>>>> I have nothing to add to Justin's answer to the second question.
>>> OK
>>>
>>> Thanks
>>>
>>> Sergey
>>>
>>>> Zachary
>>>>
>>>>
>>>> Zachary
>>>>
>>>>
>>>> -----Original Message-----
>>>> From:oauth-bounces@ietf.org  [mailto:oauth-bounces@ietf.org] On 
>>>> Behalf Of Richer, Justin P.
>>>> Sent: Thursday, March 01, 2012 12:01 PM
>>>> To: Sergey Beryozkin
>>>> Cc:<oauth@ietf.org>
>>>> Subject: Re: [OAUTH-WG] Few questions about client_credentials
>>>>
>>>> If there's a fully trusted relationship between the client and the 
>>>> server, then the client may in fact be accessing data on behalf of 
>>>> another resource owner. It's a useful pattern when a three-legged 
>>>> flow like the Auth Code is not available. But it's kind of 
>>>> splitting hairs because the client has been granted a blanket 
>>>> access to the resource ahead of time, by virtue of its 
>>>> registration. Showing up to get a token is a method of limiting 
>>>> exposure and power of the client credentials, and making it easier 
>>>> to support both direct-client access and delegated-client access 
>>>> simultaneously with most of the same tooling.
>>>>
>>>> To your second question, no -- scopes do not have to be ignored in 
>>>> this case. In fact, a well-designed client and server can make use 
>>>> of scopes to let the client request an access token that's only 
>>>> good for whatever the current transaction is, as opposed to 
>>>> something that's representative of all of the client's 
>>>> capabilities. This is a method known as "downscoping" and it's a 
>>>> very powerful pattern that OAuth enables. Of course, if you want, 
>>>> you are fully allowed to leave the scope out entirely, then it's up 
>>>> to the Authorization Server alone to figure out what the token is 
>>>> really good for.
>>>>
>>>> Hope this clears things up,
>>>>
>>>>    -- Justin
>>>>
>>>>
>>>>
>>>> On Mar 1, 2012, at 11:39 AM, Sergey Beryozkin wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> I have few questions about the client_credentials grant type.
>>>>> Section 4.4 [1] says: "...client is requesting access to the 
>>>>> protected resources under its control, or those of another 
>>>>> resource owner..."
>>>>>
>>>>> What I do not understand is the latter part of the above 
>>>>> statement, how to establish a link between the client 
>>>>> authentication (which is an actual grant in this case) and 
>>>>> different resource owners given that the only thing we have is the 
>>>>> client authentication. As far as I can see it is only possible to 
>>>>> get a one to one link with the end user in this case.
>>>>>
>>>>> Can someone please clarify what is meant by "those of another 
>>>>> resource owner" phrase ?
>>>>>
>>>>> The other question is about an optional scope parameter. It has to 
>>>>> be ignored in case of the client requesting a token for accessing 
>>>>> its own resources, right ?
>>>>>
>>>>> Thanks, Sergey
>>>>>
>>>>>
>>>>>
>>>>> [1]http://tools.ietf.org/html/draft-ietf-oauth-v2-23#section-4.4
>>>>> _______________________________________________
>>>>> OAuth mailing list
>>>>> OAuth@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/oauth
>>>> _______________________________________________
>>>> OAuth mailing list
>>>> OAuth@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/oauth
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>
>

--------------050809050202000005080502
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#ffffff" text="#000000">
    <font face="Arial">Hi Sergey, the point I was trying to make is that
      the end-user is not always the 'owner' of the resource being
      accessed by the client.<br>
      <br>
      In the archetypical consumer-centric application of OAuth, the
      user is indeed the resource owner. <br>
      <br>
      But, in other OAuth applications (enterprise to cloud, TV
      Everywhere, etc) the owner of the resource may be some other
      entity (the employee's enterprise, the video content owner, etc)<br>
      <br>
      paul<br>
    </font><br>
    On 5/11/12 10:04 AM, Sergey Beryozkin wrote:
    <blockquote cite="mid:4FAD1C52.6060708@gmail.com" type="cite">Hi
      <br>
      On 01/03/12 22:36, Paul Madsen wrote:
      <br>
      <blockquote type="cite">RO =/= end-user
        <br>
        <br>
      </blockquote>
      <br>
      Can you please elaborate on the difference a bit more ? I do not
      see the main OAuth specification saying anything about it, and
      OpenId-Connect seems to use both terms interchangeably, example:
      <br>
<a class="moz-txt-link-freetext" href="http://openid.net/specs/openid-connect-standard-1_0.html#art_res_ok">http://openid.net/specs/openid-connect-standard-1_0.html#art_res_ok</a>
      <br>
      <br>
      When would you recommend to pay the specific attention to this
      distinction, when someones reads or implements OAuth2 ?
      <br>
      <br>
      Thanks, Sergey
      <br>
      <br>
      <br>
      <blockquote type="cite">On 3/1/12 5:33 PM, Zeltsan, Zachary
        (Zachary) wrote:
        <br>
        <blockquote type="cite">
          <blockquote type="cite">Are you saying that this can include
            the resources of possibly different end users ?
            <br>
          </blockquote>
          Yes. The specification does not limit a number of the users
          whose resources a client may access using the client
          credentials flow.
          <br>
          <br>
          Zachary
          <br>
          <br>
          <br>
          -----Original Message-----
          <br>
          From: Sergey Beryozkin [<a class="moz-txt-link-freetext" href="mailto:sberyozkin@gmail.com">mailto:sberyozkin@gmail.com</a>]
          <br>
          Sent: Thursday, March 01, 2012 5:17 PM
          <br>
          To: Zeltsan, Zachary (Zachary)
          <br>
          Cc: 'Richer, Justin P.'; '<a class="moz-txt-link-rfc2396E" href="mailto:oauth@ietf.org">&lt;oauth@ietf.org&gt;</a>'
          <br>
          Subject: Re: [OAUTH-WG] Few questions about client_credentials
          <br>
          <br>
          Hi,
          <br>
          On 01/03/12 19:23, Zeltsan, Zachary (Zachary) wrote:
          <br>
          <blockquote type="cite">In the case of the Client Credentials
            Grant, an authorization servers knows what resources the
            client is authorized to access (this includes the resources
            that are not owned by the client). The specification
            explains that authorization of access to the resources "has
            been previously arranged with the authorization server (the
            method of which is beyond
            <br>
            &nbsp;&nbsp; the scope of this specification)".
            <br>
            <br>
          </blockquote>
          Are you saying that this can include the resources of possibly
          different
          <br>
          end users ? Or only of a specific single end-user ?
          <br>
          <br>
          <br>
          <blockquote type="cite">I have nothing to add to Justin's
            answer to the second question.
            <br>
          </blockquote>
          OK
          <br>
          <br>
          Thanks
          <br>
          <br>
          Sergey
          <br>
          <br>
          <blockquote type="cite">Zachary
            <br>
            <br>
            <br>
            Zachary
            <br>
            <br>
            <br>
            -----Original Message-----
            <br>
            <a class="moz-txt-link-abbreviated" href="mailto:From:oauth-bounces@ietf.org">From:oauth-bounces@ietf.org</a>&nbsp; [<a class="moz-txt-link-freetext" href="mailto:oauth-bounces@ietf.org">mailto:oauth-bounces@ietf.org</a>]
            On Behalf Of Richer, Justin P.
            <br>
            Sent: Thursday, March 01, 2012 12:01 PM
            <br>
            To: Sergey Beryozkin
            <br>
            Cc:<a class="moz-txt-link-rfc2396E" href="mailto:oauth@ietf.org">&lt;oauth@ietf.org&gt;</a>
            <br>
            Subject: Re: [OAUTH-WG] Few questions about
            client_credentials
            <br>
            <br>
            If there's a fully trusted relationship between the client
            and the server, then the client may in fact be accessing
            data on behalf of another resource owner. It's a useful
            pattern when a three-legged flow like the Auth Code is not
            available. But it's kind of splitting hairs because the
            client has been granted a blanket access to the resource
            ahead of time, by virtue of its registration. Showing up to
            get a token is a method of limiting exposure and power of
            the client credentials, and making it easier to support both
            direct-client access and delegated-client access
            simultaneously with most of the same tooling.
            <br>
            <br>
            To your second question, no -- scopes do not have to be
            ignored in this case. In fact, a well-designed client and
            server can make use of scopes to let the client request an
            access token that's only good for whatever the current
            transaction is, as opposed to something that's
            representative of all of the client's capabilities. This is
            a method known as "downscoping" and it's a very powerful
            pattern that OAuth enables. Of course, if you want, you are
            fully allowed to leave the scope out entirely, then it's up
            to the Authorization Server alone to figure out what the
            token is really good for.
            <br>
            <br>
            Hope this clears things up,
            <br>
            <br>
            &nbsp;&nbsp; -- Justin
            <br>
            <br>
            <br>
            <br>
            On Mar 1, 2012, at 11:39 AM, Sergey Beryozkin wrote:
            <br>
            <br>
            <blockquote type="cite">Hi,
              <br>
              <br>
              I have few questions about the client_credentials grant
              type.
              <br>
              Section 4.4 [1] says: "...client is requesting access to
              the protected resources under its control, or those of
              another resource owner..."
              <br>
              <br>
              What I do not understand is the latter part of the above
              statement, how to establish a link between the client
              authentication (which is an actual grant in this case) and
              different resource owners given that the only thing we
              have is the client authentication. As far as I can see it
              is only possible to get a one to one link with the end
              user in this case.
              <br>
              <br>
              Can someone please clarify what is meant by "those of
              another resource owner" phrase ?
              <br>
              <br>
              The other question is about an optional scope parameter.
              It has to be ignored in case of the client requesting a
              token for accessing its own resources, right ?
              <br>
              <br>
              Thanks, Sergey
              <br>
              <br>
              <br>
              <br>
[1]<a class="moz-txt-link-freetext" href="http://tools.ietf.org/html/draft-ietf-oauth-v2-23#section-4.4">http://tools.ietf.org/html/draft-ietf-oauth-v2-23#section-4.4</a>
              <br>
              _______________________________________________
              <br>
              OAuth mailing list
              <br>
              <a class="moz-txt-link-abbreviated" href="mailto:OAuth@ietf.org">OAuth@ietf.org</a>
              <br>
              <a class="moz-txt-link-freetext" href="https://www.ietf.org/mailman/listinfo/oauth">https://www.ietf.org/mailman/listinfo/oauth</a>
              <br>
            </blockquote>
            _______________________________________________
            <br>
            OAuth mailing list
            <br>
            <a class="moz-txt-link-abbreviated" href="mailto:OAuth@ietf.org">OAuth@ietf.org</a>
            <br>
            <a class="moz-txt-link-freetext" href="https://www.ietf.org/mailman/listinfo/oauth">https://www.ietf.org/mailman/listinfo/oauth</a>
            <br>
          </blockquote>
          _______________________________________________
          <br>
          OAuth mailing list
          <br>
          <a class="moz-txt-link-abbreviated" href="mailto:OAuth@ietf.org">OAuth@ietf.org</a>
          <br>
          <a class="moz-txt-link-freetext" href="https://www.ietf.org/mailman/listinfo/oauth">https://www.ietf.org/mailman/listinfo/oauth</a>
          <br>
        </blockquote>
      </blockquote>
      <br>
      <br>
    </blockquote>
  </body>
</html>

--------------050809050202000005080502--

From sberyozkin@gmail.com  Fri May 11 07:16:26 2012
Return-Path: <sberyozkin@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B7C821F8739 for <oauth@ietfa.amsl.com>; Fri, 11 May 2012 07:16:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.299
X-Spam-Level: 
X-Spam-Status: No, score=-3.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_36=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SGfp8eEu953j for <oauth@ietfa.amsl.com>; Fri, 11 May 2012 07:16:25 -0700 (PDT)
Received: from mail-bk0-f44.google.com (mail-bk0-f44.google.com [209.85.214.44]) by ietfa.amsl.com (Postfix) with ESMTP id 97ED421F8737 for <oauth@ietf.org>; Fri, 11 May 2012 07:16:22 -0700 (PDT)
Received: by bkty8 with SMTP id y8so2645415bkt.31 for <oauth@ietf.org>; Fri, 11 May 2012 07:16:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=knzvJq4WLxoQ9xB0TYW8UeXC39tkP5QiMkK/P/ZVGxM=; b=l/IyVIP/sOMFf3TzMRLw+9zGQmfp2qWUuvYHLaI6C7qRga2kzAltnMN333rbMHUFJk V7ke7iZnYk2nSeIz4xVUlRszkCbbxARtgreU/9YuacDpvxxSM6MKXCUWWZg1lXOlixAC Q2uGtFpvDviEQNSeJ51pmjQqMdro7kXSkTQkVM8ovOp1GrSGT+mxUoqRLBGHgvjMO5Ee gXyHGA0raLFHy4EyK4NRhz4ZdKubaJ8/h8oPtO/wib3GuBQh4/kGYAWrwOOw0gyoatBW O9qv/jNxjL3V9pAhwZPXuCBTeTdb4YBHfc1C4Xww+hQ1emTnLQTBOPSnWZ0lAjv16ZyM 1elA==
Received: by 10.204.152.132 with SMTP id g4mr5172931bkw.88.1336745779895; Fri, 11 May 2012 07:16:19 -0700 (PDT)
Received: from [10.36.226.5] ([217.173.99.61]) by mx.google.com with ESMTPS id z14sm18858855bky.15.2012.05.11.07.16.19 (version=SSLv3 cipher=OTHER); Fri, 11 May 2012 07:16:19 -0700 (PDT)
Message-ID: <4FAD1F32.4010707@gmail.com>
Date: Fri, 11 May 2012 15:16:18 +0100
From: Sergey Beryozkin <sberyozkin@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120430 Thunderbird/12.0.1
MIME-Version: 1.0
To: "<oauth@ietf.org>" <oauth@ietf.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [OAUTH-WG] Flat Token JSON representations and generic JSON providers
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2012 14:16:26 -0000

Hi

AccessToken representations are flat. For example, the token 
representation may have a token id, type, plus few additional 
parameters, all being the siblings.

This requires using the specialized JSON providers in case when generic 
structured token or error representations are used. For example, given 
the following in Java:
public class AccessToken {
   String key;
   String type;
   Map<String, String> additionalProperties;
}

it is difficult to use the generic JSON providers to correctly read a 
sequence of name/value pairs into an instance of AccessToken.

It is not the major issue but I wonder would it be feasible to consider 
introducing a simple container element for all the optional properties 
which may be available in a given access token representation ? Probably 
too late to consider but I'm sending the message just in case anyway


Cheers, Sergey



From sberyozkin@gmail.com  Fri May 11 07:37:38 2012
Return-Path: <sberyozkin@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E43D21F8570 for <oauth@ietfa.amsl.com>; Fri, 11 May 2012 07:37:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.449
X-Spam-Level: 
X-Spam-Status: No, score=-3.449 tagged_above=-999 required=5 tests=[AWL=0.150,  BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id In7352EmaxWY for <oauth@ietfa.amsl.com>; Fri, 11 May 2012 07:37:37 -0700 (PDT)
Received: from mail-bk0-f44.google.com (mail-bk0-f44.google.com [209.85.214.44]) by ietfa.amsl.com (Postfix) with ESMTP id 7AF8721F8564 for <oauth@ietf.org>; Fri, 11 May 2012 07:37:36 -0700 (PDT)
Received: by bkty8 with SMTP id y8so2667798bkt.31 for <oauth@ietf.org>; Fri, 11 May 2012 07:37:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=kGkbMCHaymsHuoFnuzJyj5/m5xShdN1jbTwirLEwVUw=; b=G7jkqA/JV0ScLkVPHyiyFLXdtr95aWx9KzrEKzPOPSSckHyjwfBbMNJIogSAEAWEkb phnepF2NCe3KjKgAWvaw1J59kTM3R49zUftzShQugWl4OPcSWXGmlw8zNPen3JfyqdBZ o+SxADY5Wq152k9ZgXWCtzfNzYlnPsLusPByhPe6rambBgNy3I+wB4hPJlXAiwstODb/ 68qrCte9A41RFl8wG2M14YBPD78l0qXaGF5JPfQVcnvARBh9g/UNtpnBxiM8gYVZ2DZ3 5N4HnScdNaqfFelqQu0lC3XVJrxJF0fJgZOYr8egKvaAS7OqDSNOpYqLI7XCoYseEhIW /CxQ==
Received: by 10.205.128.8 with SMTP id hc8mr4946585bkc.17.1336747055575; Fri, 11 May 2012 07:37:35 -0700 (PDT)
Received: from [10.36.226.5] ([217.173.99.61]) by mx.google.com with ESMTPS id u8sm19026843bks.0.2012.05.11.07.37.34 (version=SSLv3 cipher=OTHER); Fri, 11 May 2012 07:37:35 -0700 (PDT)
Message-ID: <4FAD242E.9070905@gmail.com>
Date: Fri, 11 May 2012 15:37:34 +0100
From: Sergey Beryozkin <sberyozkin@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120430 Thunderbird/12.0.1
MIME-Version: 1.0
To: Paul Madsen <paul.madsen@gmail.com>
References: <E33E01DFD5BEA24B9F3F18671078951F156D8F4B@szxeml534-mbx.china.huawei.com> <4F3BB6B8.1030501@mitre.org> <4F4FA62F.7010404@gmail.com> <5E5D54C4-092B-4D7F-810D-39FFAF08FF6B@mitre.org> <5710F82C0E73B04FA559560098BF95B1250DBA5E89@USNAVSXCHMBSA3.ndc.alcatel-lucent.com> <4F4FF563.3070806@gmail.com> <5710F82C0E73B04FA559560098BF95B1250DBA5F93@USNAVSXCHMBSA3.ndc.alcatel-lucent.com> <4F4FF9E3.3010007@gmail.com> <4FAD1C52.6060708@gmail.com> <4FAD1DEC.5040304@gmail.com>
In-Reply-To: <4FAD1DEC.5040304@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "'<oauth@ietf.org>'" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Difference between RO and End User (Was: Few questions about client_credentials)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2012 14:37:38 -0000

Hi Paul
On 11/05/12 15:10, Paul Madsen wrote:
> Hi Sergey, the point I was trying to make is that the end-user is not
> always the 'owner' of the resource being accessed by the client.
>
> In the archetypical consumer-centric application of OAuth, the user is
> indeed the resource owner.
>
> But, in other OAuth applications (enterprise to cloud, TV Everywhere,
> etc) the owner of the resource may be some other entity (the employee's
> enterprise, the video content owner, etc)
>

Clearer now :-), thanks

Sergey

> paul
>
> On 5/11/12 10:04 AM, Sergey Beryozkin wrote:
>> Hi
>> On 01/03/12 22:36, Paul Madsen wrote:
>>> RO =/= end-user
>>>
>>
>> Can you please elaborate on the difference a bit more ? I do not see
>> the main OAuth specification saying anything about it, and
>> OpenId-Connect seems to use both terms interchangeably, example:
>> http://openid.net/specs/openid-connect-standard-1_0.html#art_res_ok
>>
>> When would you recommend to pay the specific attention to this
>> distinction, when someones reads or implements OAuth2 ?
>>
>> Thanks, Sergey
>>
>>
>>> On 3/1/12 5:33 PM, Zeltsan, Zachary (Zachary) wrote:
>>>>> Are you saying that this can include the resources of possibly
>>>>> different end users ?
>>>> Yes. The specification does not limit a number of the users whose
>>>> resources a client may access using the client credentials flow.
>>>>
>>>> Zachary
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: Sergey Beryozkin [mailto:sberyozkin@gmail.com]
>>>> Sent: Thursday, March 01, 2012 5:17 PM
>>>> To: Zeltsan, Zachary (Zachary)
>>>> Cc: 'Richer, Justin P.'; '<oauth@ietf.org>'
>>>> Subject: Re: [OAUTH-WG] Few questions about client_credentials
>>>>
>>>> Hi,
>>>> On 01/03/12 19:23, Zeltsan, Zachary (Zachary) wrote:
>>>>> In the case of the Client Credentials Grant, an authorization
>>>>> servers knows what resources the client is authorized to access
>>>>> (this includes the resources that are not owned by the client). The
>>>>> specification explains that authorization of access to the
>>>>> resources "has been previously arranged with the authorization
>>>>> server (the method of which is beyond
>>>>> the scope of this specification)".
>>>>>
>>>> Are you saying that this can include the resources of possibly
>>>> different
>>>> end users ? Or only of a specific single end-user ?
>>>>
>>>>
>>>>> I have nothing to add to Justin's answer to the second question.
>>>> OK
>>>>
>>>> Thanks
>>>>
>>>> Sergey
>>>>
>>>>> Zachary
>>>>>
>>>>>
>>>>> Zachary
>>>>>
>>>>>
>>>>> -----Original Message-----
>>>>> From:oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On
>>>>> Behalf Of Richer, Justin P.
>>>>> Sent: Thursday, March 01, 2012 12:01 PM
>>>>> To: Sergey Beryozkin
>>>>> Cc:<oauth@ietf.org>
>>>>> Subject: Re: [OAUTH-WG] Few questions about client_credentials
>>>>>
>>>>> If there's a fully trusted relationship between the client and the
>>>>> server, then the client may in fact be accessing data on behalf of
>>>>> another resource owner. It's a useful pattern when a three-legged
>>>>> flow like the Auth Code is not available. But it's kind of
>>>>> splitting hairs because the client has been granted a blanket
>>>>> access to the resource ahead of time, by virtue of its
>>>>> registration. Showing up to get a token is a method of limiting
>>>>> exposure and power of the client credentials, and making it easier
>>>>> to support both direct-client access and delegated-client access
>>>>> simultaneously with most of the same tooling.
>>>>>
>>>>> To your second question, no -- scopes do not have to be ignored in
>>>>> this case. In fact, a well-designed client and server can make use
>>>>> of scopes to let the client request an access token that's only
>>>>> good for whatever the current transaction is, as opposed to
>>>>> something that's representative of all of the client's
>>>>> capabilities. This is a method known as "downscoping" and it's a
>>>>> very powerful pattern that OAuth enables. Of course, if you want,
>>>>> you are fully allowed to leave the scope out entirely, then it's up
>>>>> to the Authorization Server alone to figure out what the token is
>>>>> really good for.
>>>>>
>>>>> Hope this clears things up,
>>>>>
>>>>> -- Justin
>>>>>
>>>>>
>>>>>
>>>>> On Mar 1, 2012, at 11:39 AM, Sergey Beryozkin wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I have few questions about the client_credentials grant type.
>>>>>> Section 4.4 [1] says: "...client is requesting access to the
>>>>>> protected resources under its control, or those of another
>>>>>> resource owner..."
>>>>>>
>>>>>> What I do not understand is the latter part of the above
>>>>>> statement, how to establish a link between the client
>>>>>> authentication (which is an actual grant in this case) and
>>>>>> different resource owners given that the only thing we have is the
>>>>>> client authentication. As far as I can see it is only possible to
>>>>>> get a one to one link with the end user in this case.
>>>>>>
>>>>>> Can someone please clarify what is meant by "those of another
>>>>>> resource owner" phrase ?
>>>>>>
>>>>>> The other question is about an optional scope parameter. It has to
>>>>>> be ignored in case of the client requesting a token for accessing
>>>>>> its own resources, right ?
>>>>>>
>>>>>> Thanks, Sergey
>>>>>>
>>>>>>
>>>>>>
>>>>>> [1]http://tools.ietf.org/html/draft-ietf-oauth-v2-23#section-4.4
>>>>>> _______________________________________________
>>>>>> OAuth mailing list
>>>>>> OAuth@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/oauth
>>>>> _______________________________________________
>>>>> OAuth mailing list
>>>>> OAuth@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/oauth
>>>> _______________________________________________
>>>> OAuth mailing list
>>>> OAuth@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/oauth
>>
>>



From wmills@yahoo-inc.com  Fri May 11 08:08:37 2012
Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5BBBB21F858A for <oauth@ietfa.amsl.com>; Fri, 11 May 2012 08:08:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.221
X-Spam-Level: 
X-Spam-Status: No, score=-17.221 tagged_above=-999 required=5 tests=[AWL=0.377, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6HMGHr2Fxi9k for <oauth@ietfa.amsl.com>; Fri, 11 May 2012 08:08:36 -0700 (PDT)
Received: from nm15.bullet.mail.sp2.yahoo.com (nm15.bullet.mail.sp2.yahoo.com [98.139.91.85]) by ietfa.amsl.com (Postfix) with SMTP id 3D1E821F859A for <oauth@ietf.org>; Fri, 11 May 2012 08:08:36 -0700 (PDT)
Received: from [98.139.91.67] by nm15.bullet.mail.sp2.yahoo.com with NNFMP; 11 May 2012 15:08:35 -0000
Received: from [72.30.22.186] by tm7.bullet.mail.sp2.yahoo.com with NNFMP; 11 May 2012 15:08:35 -0000
Received: from [127.0.0.1] by omp1062.mail.sp2.yahoo.com with NNFMP; 11 May 2012 15:08:35 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 327084.11476.bm@omp1062.mail.sp2.yahoo.com
Received: (qmail 48393 invoked by uid 60001); 11 May 2012 15:08:32 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1336748911; bh=fiLsi7HRkAy2K7dEgBshkudcRk8zdMN0KlrhFc041e4=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=fy+WtI/kSbCzIKMLuFQOUResZm/EFzGYl+xgfiSNX/4s6M9ICXuWwfWQtdl5WdkpBQcLXiBcHUrAxXdKoBd8fTZXEaNrIrQfx2RQw9tkpLhkg5TtTbwz3xAg0a3cAXVklNrkILpFMpqCyJFPD54gMKfMErj3mPc1FZUt+uBQwD0=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=PhinUWweE634Ee6o/YEJiIaf3om4wCZEKm9Tanjz2XMlNauEn9+6lorMe9LrVUD4/jIOw22ZmrTlQFoADLNcMoUXjmBNZ6xTrVRap2NL7pEwnCWXPKvZSbfUS4sku2jLiiH9bU50Q0++PQdJdtjT63MFAqpxecchqtwjCVAXCt0=;
X-YMail-OSG: .F03WacVM1lJcb_lzo55L_yPgblxfHSkaxmZdW2BAiCmYWi AS2DVj7Fi5CH2Kt8DDElOGrXHH07PQKxg8vAv0UUo.VsYvVcewfUb3.XmUor TbVd3FuQsvZrpWAKqtmE6Irqn8imgPr7hjKvVxR22bkuatsm_Sesm100zoy. UTU5LfADn5VPHDoXnMhJEx3fPj.6aALHBa95a4yqV8n86ze3AznRsR_BIwK1 qyLdXLrtlvg_ol8bmA0GZNqUDE.AcVLpxOxtDSBrtjI9ycWutwwrSP1o9Ckm j42G_hhC7JEvYWCtM1Ftek1RUrt18IV4u1Io7_9L8GflP5SeVrrPjGaisXkA AAx15fAOzrACpgOHfjvcCbXLHS7hhK5qeOUZxNmNwtsXgfj9qUMDJnrM2_wX k53jRWKsFcBZitUvVGqnuaOdgrjiYd18dD88Gq2xLRx2FYerTT9V_aw--
Received: from [209.131.62.115] by web31807.mail.mud.yahoo.com via HTTP; Fri, 11 May 2012 08:08:31 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.118.349524
References: <40FC97F0-B72C-47F4-8206-590BA365997A@gmx.net> <5ECED997-49B8-4550-B79A-CF121FCD1AF9@ve7jtb.com> <9F541ABD-23C0-4592-BC8C-7B7E7CC620CB@gmx.net> <81091A66-03C3-4085-A840-BEC1BBF48161@ve7jtb.com> <A5BFAE4A-5FF2-4E0C-BE49-A04AA9AC9A98@cisco.com> <6E2A5AF6-F4D8-4FCA-A45F-7AE5032A82BE@ve7jtb.com> <4FABDBA2.20908@mitre.org> <6.2.5.6.2.20120511000851.0a735510@resistor.net>
Message-ID: <1336748911.21434.YahooMailNeo@web31807.mail.mud.yahoo.com>
Date: Fri, 11 May 2012 08:08:31 -0700 (PDT)
From: William Mills <wmills@yahoo-inc.com>
To: SM <sm@resistor.net>, Justin Richer <jricher@mitre.org>
In-Reply-To: <6.2.5.6.2.20120511000851.0a735510@resistor.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-125733401-1884177604-1336748911=:21434"
Cc: "kitten@ietf.org" <kitten@ietf.org>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] [kitten] OAuth Discovery and what the relying partyneeds to know
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills@yahoo-inc.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2012 15:08:37 -0000

---125733401-1884177604-1336748911=:21434
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

Kitten is in the CC list because this applies to the discovery needs of the=
 OAUTH SASL draft.=0A=0A=0A=0A=0A>________________________________=0A> From=
: SM <sm@resistor.net>=0A>To: Justin Richer <jricher@mitre.org> =0A>Cc: kit=
ten@ietf.org; oauth@ietf.org =0A>Sent: Friday, May 11, 2012 12:19 AM=0A>Sub=
ject: Re: [OAUTH-WG] [kitten] OAuth Discovery and what the relying partynee=
ds to know=0A> =0A>Hi Justin,=0A>=0A>[not sure why kitten@ is in the Cc.=A0=
 Feel free to drop]=0A>=0A>At 08:15 10-05-2012, Justin Richer wrote:=0A>> "=
user@domain" represents a person. SMTP, XMPP, SIP, and other protocols have=
 used this format successfully. OpenID made the mistake of trying to teach =
people that "http://domain/user"=A0 could also stand for them, but people j=
ust don't think of themselves in terms of HTTP URLs. Webfinger came about t=
o address this, and SWD adopted=0A>=0A>The strings industry probably have s=
ome reason to believe that people think of themselves in terms of domain na=
mes.=A0 Some people think of the other person in terms of "what's your [ins=
ert social network]?".=A0 There are several specifications which reference =
rfc822 identifiers.=A0 The interesting point in the above is what will be p=
eople's expected behavior while taking into account the usual technical lim=
itations.=0A>=0A>Regards,=0A>-sm =0A>______________________________________=
_________=0A>OAuth mailing list=0A>OAuth@ietf.org=0A>https://www.ietf.org/m=
ailman/listinfo/oauth=0A>=0A>=0A>
---125733401-1884177604-1336748911=:21434
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

<html><body><div style=3D"color:#000; background-color:#fff; font-family:Co=
urier New, courier, monaco, monospace, sans-serif;font-size:14pt"><div><spa=
n>Kitten is in the CC list because this applies to the discovery needs of t=
he OAUTH SASL draft.<br></span></div><div><br><blockquote style=3D"border-l=
eft: 2px solid rgb(16, 16, 255); margin-left: 5px; margin-top: 5px; padding=
-left: 5px;">  <div style=3D"font-family: Courier New, courier, monaco, mon=
ospace, sans-serif; font-size: 14pt;"> <div style=3D"font-family: times new=
 roman, new york, times, serif; font-size: 12pt;"> <div dir=3D"ltr"> <font =
face=3D"Arial" size=3D"2"> <hr size=3D"1">  <b><span style=3D"font-weight:b=
old;">From:</span></b> SM &lt;sm@resistor.net&gt;<br> <b><span style=3D"fon=
t-weight: bold;">To:</span></b> Justin Richer &lt;jricher@mitre.org&gt; <br=
><b><span style=3D"font-weight: bold;">Cc:</span></b> kitten@ietf.org; oaut=
h@ietf.org <br> <b><span style=3D"font-weight: bold;">Sent:</span></b> Frid=
ay, May 11, 2012
 12:19 AM<br> <b><span style=3D"font-weight: bold;">Subject:</span></b> Re:=
 [OAUTH-WG] [kitten] OAuth Discovery and what the relying partyneeds to kno=
w<br> </font> </div> <br>=0AHi Justin,<br><br>[not sure why kitten@ is in t=
he Cc.&nbsp; Feel free to drop]<br><br>At 08:15 10-05-2012, Justin Richer w=
rote:<br>&gt; "user@domain" represents a person. SMTP, XMPP, SIP, and other=
 protocols have used this format successfully. OpenID made the mistake of t=
rying to teach people that "http://domain/user"&nbsp; could also stand for =
them, but people just don't think of themselves in terms of HTTP URLs. Webf=
inger came about to address this, and SWD adopted<br><br>The strings indust=
ry probably have some reason to believe that people think of themselves in =
terms of domain names.&nbsp; Some people think of the other person in terms=
 of "what's your [insert social network]?".&nbsp; There are several specifi=
cations which reference rfc822 identifiers.&nbsp; The interesting point in =
the above is what will be people's expected behavior while taking into acco=
unt the usual technical limitations.<br><br>Regards,<br>-sm
 <br>_______________________________________________<br>OAuth mailing list<=
br><a ymailto=3D"mailto:OAuth@ietf.org" href=3D"mailto:OAuth@ietf.org">OAut=
h@ietf.org</a><br><a href=3D"https://www.ietf.org/mailman/listinfo/oauth" t=
arget=3D"_blank">https://www.ietf.org/mailman/listinfo/oauth</a><br><br><br=
> </div> </div> </blockquote></div>   </div></body></html>
---125733401-1884177604-1336748911=:21434--

From sberyozkin@gmail.com  Fri May 11 08:13:54 2012
Return-Path: <sberyozkin@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 660BD21F85DB for <oauth@ietfa.amsl.com>; Fri, 11 May 2012 08:13:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.199
X-Spam-Level: 
X-Spam-Status: No, score=-3.199 tagged_above=-999 required=5 tests=[AWL=-0.200, BAYES_00=-2.599, J_CHICKENPOX_36=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3UmaL1Xj75sR for <oauth@ietfa.amsl.com>; Fri, 11 May 2012 08:13:53 -0700 (PDT)
Received: from mail-ey0-f172.google.com (mail-ey0-f172.google.com [209.85.215.172]) by ietfa.amsl.com (Postfix) with ESMTP id 40CFA21F8564 for <oauth@ietf.org>; Fri, 11 May 2012 08:13:53 -0700 (PDT)
Received: by eabd1 with SMTP id d1so1119941eab.31 for <oauth@ietf.org>; Fri, 11 May 2012 08:13:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=iG4Y6yVjeEVkUFS9Ngn4nZ7c0+RaBTcZOrgo6zOYi8I=; b=vj/Sug5Mp9wAVrMVuFZ6ZslF8GEpgpots7pemf3mudtjJaUJeCZGDqINyVmvA9x4Qa wkL9jvv/Rfk6YramtO5T67R1UNlqKgWolzlFGxig1z+aoLTkUleMG1M5vyvpibLSM5tA Py96LztAkO3xW27pfpHgXuyyCsOsXGtdPpjSRIcaeX6OwaS0+f22KpyPe7Wa8PrZDbHC xExUCqcnaL92VtnE39fwhHj77tRtbfTZXb84NUnNaIWEWAFV2QVn8MvzBhnCeLl5y4yv 1NrCUecTfVBpJvimoYbufjq3e+sm7/MrIl8fNjScfreTGIhBRRN6qBGTymocod36OHJD H9Vg==
Received: by 10.14.39.84 with SMTP id c60mr2042389eeb.31.1336749232401; Fri, 11 May 2012 08:13:52 -0700 (PDT)
Received: from [10.36.226.5] ([217.173.99.61]) by mx.google.com with ESMTPS id y53sm46403747eea.3.2012.05.11.08.13.51 (version=SSLv3 cipher=OTHER); Fri, 11 May 2012 08:13:51 -0700 (PDT)
Message-ID: <4FAD2CAD.5050304@gmail.com>
Date: Fri, 11 May 2012 16:13:49 +0100
From: Sergey Beryozkin <sberyozkin@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120430 Thunderbird/12.0.1
MIME-Version: 1.0
To: "<oauth@ietf.org>" <oauth@ietf.org>
References: <4FAD1F32.4010707@gmail.com> <CE8995AB5D178F44A2154F5C9A97CAF4024FFE655F82@HE111541.emea1.cds.t-internal.com>
In-Reply-To: <CE8995AB5D178F44A2154F5C9A97CAF4024FFE655F82@HE111541.emea1.cds.t-internal.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [OAUTH-WG] Flat Token JSON representations and generic JSON providers
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2012 15:13:54 -0000

On 11/05/12 15:44, Axel.Nennker@telekom.de wrote:
> Oauth core does not care about the access token format.
> OpenID connect has an additional (access)token called id_token and that has a specific format.
> Oauth core does not specify access token formats and expects clients to not to introspect them. AS and RS must have common understanding of the token format.
>
Sure, however I'm not seeing what is wrong with a client attempting to 
keep an access token in some sort of structured storage which can 
accommodate the representations for the different token types.
I think it can be useful for a client to know which access token 
property is a 'key' property and which is an optional one, etc, which is 
easy enough to do with the current representations, but as I said, this 
requires the use of the specialized readers..

Not a bit issue anyway
Cheers, Sergey



> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Sergey Beryozkin
> Sent: Friday, May 11, 2012 4:16 PM
> To:<oauth@ietf.org>
> Subject: [OAUTH-WG] Flat Token JSON representations and generic JSON providers
>
> Hi
>
> AccessToken representations are flat. For example, the token representation may have a token id, type, plus few additional parameters, all being the siblings.
>
> This requires using the specialized JSON providers in case when generic structured token or error representations are used. For example, given the following in Java:
> public class AccessToken {
>     String key;
>     String type;
>     Map<String, String>  additionalProperties; }
>
> it is difficult to use the generic JSON providers to correctly read a sequence of name/value pairs into an instance of AccessToken.
>
> It is not the major issue but I wonder would it be feasible to consider introducing a simple container element for all the optional properties which may be available in a given access token representation ? Probably too late to consider but I'm sending the message just in case anyway
>
>
> Cheers, Sergey
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth



From Michael.Jones@microsoft.com  Sat May 12 17:18:37 2012
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B52921F86CA for <oauth@ietfa.amsl.com>; Sat, 12 May 2012 17:18:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.907
X-Spam-Level: 
X-Spam-Status: No, score=-3.907 tagged_above=-999 required=5 tests=[AWL=-0.309, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jj1Fqaw12EoH for <oauth@ietfa.amsl.com>; Sat, 12 May 2012 17:18:36 -0700 (PDT)
Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe005.messaging.microsoft.com [216.32.180.31]) by ietfa.amsl.com (Postfix) with ESMTP id 448C921F86C8 for <oauth@ietf.org>; Sat, 12 May 2012 17:18:36 -0700 (PDT)
Received: from mail124-va3-R.bigfish.com (10.7.14.247) by VA3EHSOBE007.bigfish.com (10.7.40.11) with Microsoft SMTP Server id 14.1.225.23; Sun, 13 May 2012 00:18:33 +0000
Received: from mail124-va3 (localhost [127.0.0.1])	by mail124-va3-R.bigfish.com (Postfix) with ESMTP id EEBBD120323	for <oauth@ietf.org>; Sun, 13 May 2012 00:18:32 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC106.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -12
X-BigFish: VS-12(zzc85fhzz1202hzz1033IL8275eh8275bh8275dh3284oa1495iz2fh2a8h668h839hd25h)
Received-SPF: pass (mail124-va3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC106.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail124-va3 (localhost.localdomain [127.0.0.1]) by mail124-va3 (MessageSwitch) id 1336868311580583_20222; Sun, 13 May 2012 00:18:31 +0000 (UTC)
Received: from VA3EHSMHS025.bigfish.com (unknown [10.7.14.248])	by mail124-va3.bigfish.com (Postfix) with ESMTP id 8143D220042	for <oauth@ietf.org>; Sun, 13 May 2012 00:18:31 +0000 (UTC)
Received: from TK5EX14HUBC106.redmond.corp.microsoft.com (131.107.125.8) by VA3EHSMHS025.bigfish.com (10.7.99.35) with Microsoft SMTP Server (TLS) id 14.1.225.23; Sun, 13 May 2012 00:18:31 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.189]) by TK5EX14HUBC106.redmond.corp.microsoft.com ([157.54.80.61]) with mapi id 14.02.0298.005; Sun, 13 May 2012 00:18:32 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: JSON Web Token (JWT) Specification Draft -10
Thread-Index: Ac0wney5E9KEETp7T86BmhWRCpKKug==
Date: Sun, 13 May 2012 00:18:31 +0000
Message-ID: <4E1F6AAD24975D4BA5B1680429673943664F190F@TK5EX14MBXC284.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.35]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B1680429673943664F190FTK5EX14MBXC284r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Subject: [OAUTH-WG] JSON Web Token (JWT) Specification Draft -10
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 May 2012 00:18:37 -0000

--_000_4E1F6AAD24975D4BA5B1680429673943664F190FTK5EX14MBXC284r_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Draft -10<http://self-issued.info/docs/draft-jones-json-web-token-10.html> =
of the JSON Web Token (JWT)<http://self-issued.info/docs/draft-jones-json-w=
eb-token.html> specification has been published.  It uses the -02 versions =
of the JOSE specifications and contains parallel editorial changes to those=
 applied to the JOSE specs.  Changes were:

  *   Clarified the relationship between typ header parameter values, typ c=
laim values, and MIME types.
  *   Clarified that JWTs with duplicate Header Parameter Names or Duplicat=
e Claim names MUST be rejected.
  *   Required implementation of AES-128-KW and AES-256-KW when the impleme=
ntation provides encryption capabilities.
  *   Registered "JWT" typ header parameter value.
  *   Generalized language to refer to Message Authentication Codes (MACs) =
rather than Hash-based Message Authentication Codes (HMACs) unless in a con=
text specific to HMAC algorithms.
  *   Reformatted to give each claim definition and header parameter its ow=
n section heading.

The specification is available at:

*        http://tools.ietf.org/html/draft-jones-json-web-token-10

An HTML formatted version is available at:

*        http://self-issued.info/docs/draft-jones-json-web-token-10.html

                                                            -- Mike


--_000_4E1F6AAD24975D4BA5B1680429673943664F190FTK5EX14MBXC284r_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:Wingdings;
	panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
	{font-family:Wingdings;
	panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Verdana;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
tt
	{mso-style-priority:99;
	font-family:"Courier New";
	color:#003366;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
	{mso-style-priority:34;
	margin-top:0in;
	margin-right:0in;
	margin-bottom:0in;
	margin-left:.5in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-family:"Calibri","sans-serif";}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
/* List Definitions */
@list l0
	{mso-list-id:227351724;
	mso-list-type:hybrid;
	mso-list-template-ids:-1883076584 67698689 67698691 67698693 67698689 6769=
8691 67698693 67698689 67698691 67698693;}
@list l0:level1
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l0:level2
	{mso-level-number-format:bullet;
	mso-level-text:o;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:"Courier New";}
@list l0:level3
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Wingdings;}
@list l0:level4
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l0:level5
	{mso-level-number-format:bullet;
	mso-level-text:o;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:"Courier New";}
@list l0:level6
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Wingdings;}
@list l0:level7
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l0:level8
	{mso-level-number-format:bullet;
	mso-level-text:o;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:"Courier New";}
@list l0:level9
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Wingdings;}
@list l1
	{mso-list-id:1979139194;
	mso-list-template-ids:2117105282;}
@list l1:level1
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Symbol;}
@list l1:level2
	{mso-level-number-format:bullet;
	mso-level-text:o;
	mso-level-tab-stop:1.0in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:"Courier New";
	mso-bidi-font-family:"Times New Roman";}
@list l1:level3
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:1.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Wingdings;}
@list l1:level4
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:2.0in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Wingdings;}
@list l1:level5
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:2.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Wingdings;}
@list l1:level6
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:3.0in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Wingdings;}
@list l1:level7
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:3.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Wingdings;}
@list l1:level8
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:4.0in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Wingdings;}
@list l1:level9
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:4.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Wingdings;}
ol
	{margin-bottom:0in;}
ul
	{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal"><a href=3D"http://self-issued.info/docs/draft-jones-=
json-web-token-10.html">Draft -10</a> of the
<a href=3D"http://self-issued.info/docs/draft-jones-json-web-token.html">JS=
ON Web Token (JWT)</a> specification has been published.&nbsp; It uses the =
-02 versions of the JOSE specifications and contains parallel editorial cha=
nges to those applied to the JOSE specs.&nbsp;
 Changes were:<o:p></o:p></p>
<ul style=3D"margin-top:0in" type=3D"disc">
<li class=3D"MsoNormal" style=3D"color:black;mso-list:l1 level1 lfo1"><span=
 lang=3D"EN" style=3D"font-family:&quot;Verdana&quot;,&quot;sans-serif&quot=
;">Clarified the relationship between
</span><span lang=3D"EN" style=3D"font-family:&quot;Courier New&quot;;color=
:#003366">typ</span><span lang=3D"EN" style=3D"font-family:&quot;Verdana&qu=
ot;,&quot;sans-serif&quot;"> header parameter values,
</span><span lang=3D"EN" style=3D"font-family:&quot;Courier New&quot;;color=
:#003366">typ</span><span lang=3D"EN" style=3D"font-family:&quot;Verdana&qu=
ot;,&quot;sans-serif&quot;"> claim values, and MIME types.
<o:p></o:p></span></li><li class=3D"MsoNormal" style=3D"color:black;mso-lis=
t:l1 level1 lfo1"><span lang=3D"EN" style=3D"font-family:&quot;Verdana&quot=
;,&quot;sans-serif&quot;">Clarified that JWTs with duplicate Header Paramet=
er Names or Duplicate Claim names MUST be rejected.
<o:p></o:p></span></li><li class=3D"MsoNormal" style=3D"color:black;mso-lis=
t:l1 level1 lfo1"><span lang=3D"EN" style=3D"font-family:&quot;Verdana&quot=
;,&quot;sans-serif&quot;">Required implementation of AES-128-KW and AES-256=
-KW when the implementation provides encryption capabilities.
<o:p></o:p></span></li><li class=3D"MsoNormal" style=3D"color:black;mso-lis=
t:l1 level1 lfo1"><span lang=3D"EN" style=3D"font-family:&quot;Verdana&quot=
;,&quot;sans-serif&quot;">Registered &quot;JWT&quot; typ header parameter v=
alue.
<o:p></o:p></span></li><li class=3D"MsoNormal" style=3D"color:black;mso-lis=
t:l1 level1 lfo1"><span lang=3D"EN" style=3D"font-family:&quot;Verdana&quot=
;,&quot;sans-serif&quot;">Generalized language to refer to Message Authenti=
cation Codes (MACs) rather than Hash-based Message Authentication Codes (HM=
ACs) unless
 in a context specific to HMAC algorithms. <o:p></o:p></span></li><li class=
=3D"MsoNormal" style=3D"color:black;mso-list:l1 level1 lfo1"><span lang=3D"=
EN" style=3D"font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">Reform=
atted to give each claim definition and header parameter its own section he=
ading.
<o:p></o:p></span></li></ul>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">The specification is available at:<o:p></o:p></p>
<p class=3D"MsoListParagraph" style=3D"text-indent:-.25in;mso-list:l0 level=
1 lfo2"><![if !supportLists]><span style=3D"font-family:Symbol"><span style=
=3D"mso-list:Ignore">&middot;<span style=3D"font:7.0pt &quot;Times New Roma=
n&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span></span><![endif]><a href=3D"http://tools.ietf.org/html/draft-=
jones-json-web-token-10">http://tools.ietf.org/html/draft-jones-json-web-to=
ken-10</a><o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">An HTML formatted version is available at:<o:p></o:p=
></p>
<p class=3D"MsoListParagraph" style=3D"text-indent:-.25in;mso-list:l0 level=
1 lfo2"><![if !supportLists]><span style=3D"font-family:Symbol"><span style=
=3D"mso-list:Ignore">&middot;<span style=3D"font:7.0pt &quot;Times New Roma=
n&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span></span><![endif]><a href=3D"http://self-issued.info/docs/draf=
t-jones-json-web-token-10.html">http://self-issued.info/docs/draft-jones-js=
on-web-token-10.html</a><o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p; -- Mike<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
</body>
</html>

--_000_4E1F6AAD24975D4BA5B1680429673943664F190FTK5EX14MBXC284r_--

From andrewarnott@gmail.com  Sun May 13 07:11:19 2012
Return-Path: <andrewarnott@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93B2C21F84D5 for <oauth@ietfa.amsl.com>; Sun, 13 May 2012 07:11:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level: 
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tgnkeFFaR3Z9 for <oauth@ietfa.amsl.com>; Sun, 13 May 2012 07:11:18 -0700 (PDT)
Received: from mail-qa0-f44.google.com (mail-qa0-f44.google.com [209.85.216.44]) by ietfa.amsl.com (Postfix) with ESMTP id 4A45B21F84CE for <oauth@ietf.org>; Sun, 13 May 2012 07:11:18 -0700 (PDT)
Received: by qadz3 with SMTP id z3so2389963qad.10 for <oauth@ietf.org>; Sun, 13 May 2012 07:11:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=Ix47WTUTUbqbYl3aOX1+wenMknjpXA0AbY9jF898LFM=; b=w7UF7FWwFNTpUOnszxxTZJ5qvBHWDGRLmMSQ0Y9HsyI+21FLHnGJilffKHrF3OGTmv TWVDRcxguODufskdKgOl2EDk6iN5ToocHDK1sxsCOCnD5qqptBC32bHH3llmbIv51vKa eQrK3TQhZutnZKOUrvH/vGlza4kpmE0L9lJHpEC7I/wgGgLB9MODykym8ihRIGtNS23Y Vop2oCy3XU3Ey5BeQXPUDUIkWH0sqMTMWpP6ciBeRjxLf+9avubbQVkrlGXjItibgip0 JvJBKkdlWuXmNS+qqG9Wt5cDEsZc02YG7m6cwO71zBrtja68qADduYokgkFFelhbo32f bsVg==
Received: by 10.224.44.130 with SMTP id a2mr7529445qaf.66.1336918277807; Sun, 13 May 2012 07:11:17 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.229.223.202 with HTTP; Sun, 13 May 2012 07:10:57 -0700 (PDT)
From: Andrew Arnott <andrewarnott@gmail.com>
Date: Sun, 13 May 2012 07:10:57 -0700
Message-ID: <CAE358b6v9SMJB0ifqUqcQO=Py+PJtpVKgYKdZRdOnkyW-hU7jA@mail.gmail.com>
To: "OAuth WG (oauth@ietf.org)" <oauth@ietf.org>
Content-Type: multipart/alternative; boundary=20cf306f77100adcd404bfeb8bcc
Subject: [OAUTH-WG] Google and Facebook not preserving querystrings?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 May 2012 14:11:19 -0000

--20cf306f77100adcd404bfeb8bcc
Content-Type: text/plain; charset=ISO-8859-1

Is there any validity to this
claim<http://stackoverflow.com/questions/10436924/are-querystring-parameters-supported-in-oauth-2-0-redirect-urls>
?
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre

--20cf306f77100adcd404bfeb8bcc
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Is there any validity to <a href=3D"http://stackoverflow.com/questions/1043=
6924/are-querystring-parameters-supported-in-oauth-2-0-redirect-urls">this =
claim</a>?<br clear=3D"all">--<br>Andrew Arnott<br>&quot;I [may] not agree =
with what you have to say, but I&#39;ll defend to the death your right to s=
ay it.&quot; - S. G. Tallentyre<br>



--20cf306f77100adcd404bfeb8bcc--

From sergei.shishkin@gmail.com  Tue May 15 05:12:44 2012
Return-Path: <sergei.shishkin@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2420221F84FC for <oauth@ietfa.amsl.com>; Tue, 15 May 2012 05:12:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level: 
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kPhRgUG05Q5u for <oauth@ietfa.amsl.com>; Tue, 15 May 2012 05:12:43 -0700 (PDT)
Received: from mail-vb0-f44.google.com (mail-vb0-f44.google.com [209.85.212.44]) by ietfa.amsl.com (Postfix) with ESMTP id 65F5F21F84E4 for <oauth@ietf.org>; Tue, 15 May 2012 05:12:43 -0700 (PDT)
Received: by vbbez10 with SMTP id ez10so7279820vbb.31 for <oauth@ietf.org>; Tue, 15 May 2012 05:12:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=J32EiRG1pBoSjSX6McuDk8QTyR/6EamfZSluM3VU4Fg=; b=I4QxzE76DPHZAVTPT6QkRqjOvbtqnRuqyQtTvaYqyxcQw+Ixb7bGkGLOdMBd4vfEjP 6+T1iQTgFIXpUWU3H13Nv+xysbX96wmI1mfKIeI4GaIN/XrWiyG+7nRUjJAjMLMuvIvQ dVCYhukVPlCRLgaTL52kIfCGdznB9LDqGN7wruf1frzy8TkliLEDUuo/pBs5RYESmx++ H7r2rk2o6pDpOLD9yH8Uq6W2o4mYxwT5tjJK7zWXlTOatVpdxiKy5Br6APQctVR+QNuv 8nFC0HGVK8cW57xCYSZmXLyeu94oRCefTr07jskTb0Wm7HSsqsBMLr6i27xO79+hgHhz D8Ag==
MIME-Version: 1.0
Received: by 10.52.99.106 with SMTP id ep10mr5543268vdb.130.1337083962944; Tue, 15 May 2012 05:12:42 -0700 (PDT)
Received: by 10.52.110.100 with HTTP; Tue, 15 May 2012 05:12:42 -0700 (PDT)
Date: Tue, 15 May 2012 14:12:42 +0200
Message-ID: <CA+tG_hWL4H4jkc0ASw-JQSY-akbQ2myv_m3tRm_pXHd8ghU9HA@mail.gmail.com>
From: Sergey Shishkin <sergei.shishkin@gmail.com>
To: oauth@ietf.org
Content-Type: multipart/alternative; boundary=20cf307f30f8a56e2a04c0121ecd
Subject: [OAUTH-WG] OAuth Bearer: Response to an unauthenticated request
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 May 2012 12:13:49 -0000

--20cf307f30f8a56e2a04c0121ecd
Content-Type: text/plain; charset=UTF-8

While designing a hypermedia-driven API I'm evaluating possibilities to use
OAuth Bearer tokens for claims-based authorization. Currently I struggle
with how to communicate to the API client the way to obtain the token. In a
hypermedia-driven manner I don't want the API client to get this
information out of band, but rather let the client "just follow the links".

The Bearer draft [
http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-19#section-3] advises
to send a 401 response with a WWW-Authenticate challenge specifying
optional realm and scope. The problem here: neither realm nor scope
identify the token issuer.

The OAuth 2.0 draft [
http://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.1.1] suggests
to redirect the resource owner to the token issuer, IIRC. I like this way
from the hypermedia perspective, but still have mixed feelings about missed
401 and WWW-Authenticate challenge.

Did I missed some part of draft covering my scenario? Are there any known
grassroots implementations doing just that on the internet? Any opinion on
the subject is very much appreciated.

Thanks in advance,
Sergey

--20cf307f30f8a56e2a04c0121ecd
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div>While designing a hypermedia-driven API I&#39;m evaluating possibiliti=
es to use OAuth Bearer tokens for claims-based authorization. Currently I s=
truggle with how to communicate to the API client the way to obtain the tok=
en. In a hypermedia-driven manner I don&#39;t want the API client to get th=
is information out of band, but rather let the client &quot;just follow the=
 links&quot;.</div>
<div><br></div>The Bearer draft [<a href=3D"http://tools.ietf.org/html/draf=
t-ietf-oauth-v2-bearer-19#section-3">http://tools.ietf.org/html/draft-ietf-=
oauth-v2-bearer-19#section-3</a>] advises to send a 401 response with a WWW=
-Authenticate challenge specifying optional realm and scope. The problem he=
re: neither realm nor scope identify the token issuer.=C2=A0<div>
<br></div><div>The OAuth 2.0 draft [<a href=3D"http://tools.ietf.org/html/d=
raft-ietf-oauth-v2-26#section-4.1.1">http://tools.ietf.org/html/draft-ietf-=
oauth-v2-26#section-4.1.1</a>] suggests to redirect the resource owner to t=
he token issuer, IIRC. I like this way from the hypermedia perspective, but=
 still have mixed feelings about missed 401 and WWW-Authenticate challenge.=
</div>
<div><br></div><div>Did I missed some part of draft covering my scenario? A=
re there any known grassroots implementations doing just that on the intern=
et? Any opinion on the subject is very much appreciated.</div><div><br>
</div><div>Thanks in advance,</div><div>Sergey</div>

--20cf307f30f8a56e2a04c0121ecd--

From jricher@mitre.org  Tue May 15 06:46:38 2012
Return-Path: <jricher@mitre.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0704D21F89D4 for <oauth@ietfa.amsl.com>; Tue, 15 May 2012 06:46:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.556
X-Spam-Level: 
X-Spam-Status: No, score=-6.556 tagged_above=-999 required=5 tests=[AWL=0.042,  BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pBG2gPWgh+Q0 for <oauth@ietfa.amsl.com>; Tue, 15 May 2012 06:46:37 -0700 (PDT)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id 1D74321F89CD for <oauth@ietf.org>; Tue, 15 May 2012 06:46:37 -0700 (PDT)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 60B4E21B0E8C for <oauth@ietf.org>; Tue, 15 May 2012 09:46:36 -0400 (EDT)
Received: from IMCCAS02.MITRE.ORG (imccas02.mitre.org [129.83.29.79]) by smtpksrv1.mitre.org (Postfix) with ESMTP id 4A66F21B099D for <oauth@ietf.org>; Tue, 15 May 2012 09:46:36 -0400 (EDT)
Received: from [129.83.50.12] (129.83.31.51) by IMCCAS02.MITRE.ORG (129.83.29.79) with Microsoft SMTP Server (TLS) id 14.2.283.3; Tue, 15 May 2012 09:46:36 -0400
Message-ID: <4FB25DF6.3020309@mitre.org>
Date: Tue, 15 May 2012 09:45:26 -0400
From: Justin Richer <jricher@mitre.org>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20120430 Thunderbird/12.0.1
MIME-Version: 1.0
To: <oauth@ietf.org>
References: <CA+tG_hWL4H4jkc0ASw-JQSY-akbQ2myv_m3tRm_pXHd8ghU9HA@mail.gmail.com>
In-Reply-To: <CA+tG_hWL4H4jkc0ASw-JQSY-akbQ2myv_m3tRm_pXHd8ghU9HA@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------000304030008010109040201"
X-Originating-IP: [129.83.31.51]
Subject: Re: [OAUTH-WG] OAuth Bearer: Response to an unauthenticated request
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 May 2012 13:46:38 -0000

--------------000304030008010109040201
Content-Type: text/plain; charset="ISO-8859-1"; format=flowed
Content-Transfer-Encoding: 7bit

This kind of fully automated approach isn't solved yet. OAuth isn't 
quite as simple as HTTP Basic and its kin, where the user agent can 
collect everything it needs directly and just push it back to the 
protected URL. In order for this to truly work, you need to have not 
just a pointer to the issuer, but a full dynamic registration and 
service discovery stack that the client knows about. For starters, the 
Client needs to know the Authorization Endpoint and Token Endpoint for 
the service, as well as which flows it supports. You'd probably want to 
know what kinds of token are supported, too. The authorization server 
needs to issue a Client ID and (probably) Client Secret to the Client to 
allow it to request tokens at all. Defining those is out of scope for 
the core specs, but there's some new work that's getting started around 
Host Meta (for discovery) and a dynamic client registration spec that 
will address some of the biggest parts of this.

  -- Justin

On 05/15/2012 08:12 AM, Sergey Shishkin wrote:
> While designing a hypermedia-driven API I'm evaluating possibilities 
> to use OAuth Bearer tokens for claims-based authorization. Currently I 
> struggle with how to communicate to the API client the way to obtain 
> the token. In a hypermedia-driven manner I don't want the API client 
> to get this information out of band, but rather let the client "just 
> follow the links".
>
> The Bearer draft 
> [http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-19#section-3] 
> advises to send a 401 response with a WWW-Authenticate challenge 
> specifying optional realm and scope. The problem here: neither realm 
> nor scope identify the token issuer.
>
> The OAuth 2.0 draft 
> [http://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.1.1] 
> suggests to redirect the resource owner to the token issuer, IIRC. I 
> like this way from the hypermedia perspective, but still have mixed 
> feelings about missed 401 and WWW-Authenticate challenge.
>
> Did I missed some part of draft covering my scenario? Are there any 
> known grassroots implementations doing just that on the internet? Any 
> opinion on the subject is very much appreciated.
>
> Thanks in advance,
> Sergey
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


--------------000304030008010109040201
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    This kind of fully automated approach isn't solved yet. OAuth isn't
    quite as simple as HTTP Basic and its kin, where the user agent can
    collect everything it needs directly and just push it back to the
    protected URL. In order for this to truly work, you need to have not
    just a pointer to the issuer, but a full dynamic registration and
    service discovery stack that the client knows about. For starters,
    the Client needs to know the Authorization Endpoint and Token
    Endpoint for the service, as well as which flows it supports. You'd
    probably want to know what kinds of token are supported, too. The
    authorization server needs to issue a Client ID and (probably)
    Client Secret to the Client to allow it to request tokens at all.
    Defining those is out of scope for the core specs, but there's some
    new work that's getting started around Host Meta (for discovery) and
    a dynamic client registration spec that will address some of the
    biggest parts of this. <br>
    <br>
    &nbsp;-- Justin<br>
    <br>
    On 05/15/2012 08:12 AM, Sergey Shishkin wrote:
    <blockquote
cite="mid:CA+tG_hWL4H4jkc0ASw-JQSY-akbQ2myv_m3tRm_pXHd8ghU9HA@mail.gmail.com"
      type="cite">
      <meta http-equiv="Content-Type" content="text/html;
        charset=ISO-8859-1">
      <div>While designing a hypermedia-driven API I'm evaluating
        possibilities to use OAuth Bearer tokens for claims-based
        authorization. Currently I struggle with how to communicate to
        the API client the way to obtain the token. In a
        hypermedia-driven manner I don't want the API client to get this
        information out of band, but rather let the client "just follow
        the links".</div>
      <div><br>
      </div>
      The Bearer draft [<a moz-do-not-send="true"
href="http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-19#section-3">http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-19#section-3</a>]
      advises to send a 401 response with a WWW-Authenticate challenge
      specifying optional realm and scope. The problem here: neither
      realm nor scope identify the token issuer.&nbsp;
      <div>
        <br>
      </div>
      <div>The OAuth 2.0 draft [<a moz-do-not-send="true"
          href="http://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.1.1">http://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.1.1</a>]
        suggests to redirect the resource owner to the token issuer,
        IIRC. I like this way from the hypermedia perspective, but still
        have mixed feelings about missed 401 and WWW-Authenticate
        challenge.</div>
      <div><br>
      </div>
      <div>Did I missed some part of draft covering my scenario? Are
        there any known grassroots implementations doing just that on
        the internet? Any opinion on the subject is very much
        appreciated.</div>
      <div><br>
      </div>
      <div>Thanks in advance,</div>
      <div>Sergey</div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
OAuth mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OAuth@ietf.org">OAuth@ietf.org</a>
<a class="moz-txt-link-freetext" href="https://www.ietf.org/mailman/listinfo/oauth">https://www.ietf.org/mailman/listinfo/oauth</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>

--------------000304030008010109040201--

From Adam.Lewis@motorolasolutions.com  Tue May 15 08:03:09 2012
Return-Path: <Adam.Lewis@motorolasolutions.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0478E21F8844 for <oauth@ietfa.amsl.com>; Tue, 15 May 2012 08:03:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.466
X-Spam-Level: 
X-Spam-Status: No, score=-0.466 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, UNRESOLVED_TEMPLATE=3.132]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y9dofBcYDM01 for <oauth@ietfa.amsl.com>; Tue, 15 May 2012 08:03:06 -0700 (PDT)
Received: from am1outboundpool.messaging.microsoft.com (am1ehsobe001.messaging.microsoft.com [213.199.154.204]) by ietfa.amsl.com (Postfix) with ESMTP id 1DC1121F883B for <oauth@ietf.org>; Tue, 15 May 2012 08:03:02 -0700 (PDT)
Received: from mail113-am1-R.bigfish.com (10.3.201.238) by AM1EHSOBE004.bigfish.com (10.3.204.24) with Microsoft SMTP Server id 14.1.225.23; Tue, 15 May 2012 15:02:55 +0000
Received: from mail113-am1 (localhost [127.0.0.1])	by mail113-am1-R.bigfish.com (Postfix) with ESMTP id D4CD93203E3	for <oauth@ietf.org>; Tue, 15 May 2012 15:02:55 +0000 (UTC)
X-SpamScore: -20
X-BigFish: VPS-20(zz9371Ic85fhzz1202hzz1033IL8275eh8275bh8275dha1495iz2fh2a8h683h839hd25h)
X-Forefront-Antispam-Report: CIP:129.188.136.18; KIP:(null); UIP:(null); IPV:NLI; H:il06msg02.am.mot-solutions.com; RD:none; EFVD:NLI
Received-SPF: pass (mail113-am1: domain of motorolasolutions.com designates 129.188.136.18 as permitted sender) client-ip=129.188.136.18; envelope-from=Adam.Lewis@motorolasolutions.com; helo=il06msg02.am.mot-solutions.com ; olutions.com ; 
Received: from mail113-am1 (localhost.localdomain [127.0.0.1]) by mail113-am1 (MessageSwitch) id 1337094173891535_32283; Tue, 15 May 2012 15:02:53 +0000 (UTC)
Received: from AM1EHSMHS008.bigfish.com (unknown [10.3.201.236])	by mail113-am1.bigfish.com (Postfix) with ESMTP id CB275200AD	for <oauth@ietf.org>; Tue, 15 May 2012 15:02:53 +0000 (UTC)
Received: from il06msg02.am.mot-solutions.com (129.188.136.18) by AM1EHSMHS008.bigfish.com (10.3.207.108) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 15 May 2012 15:02:53 +0000
Received: from il06msg02.am.mot-solutions.com (il06vts03.mot.com [129.188.137.143])	by il06msg02.am.mot-solutions.com (8.14.3/8.14.3) with ESMTP id q4FF2q5i005080	for <oauth@ietf.org>; Tue, 15 May 2012 11:02:52 -0400 (EDT)
Received: from CH1EHSOBE014.bigfish.com (ch1ehsobe004.messaging.microsoft.com [216.32.181.184])	by il06msg02.am.mot-solutions.com (8.14.3/8.14.3) with ESMTP id q4FEsukr002939	(version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL)	for <oauth@ietf.org>; Tue, 15 May 2012 10:54:56 -0400 (EDT)
Received: from mail179-ch1-R.bigfish.com (10.43.68.238) by CH1EHSOBE014.bigfish.com (10.43.70.64) with Microsoft SMTP Server id 14.1.225.23; Tue, 15 May 2012 14:54:50 +0000
Received: from mail179-ch1 (localhost [127.0.0.1])	by mail179-ch1-R.bigfish.com (Postfix) with ESMTP id 5E1482E05C7	for <oauth@ietf.org.FOPE.CONNECTOR.OVERRIDE>; Tue, 15 May 2012 14:54:50 +0000 (UTC)
Received: from mail179-ch1 (localhost.localdomain [127.0.0.1]) by mail179-ch1 (MessageSwitch) id 1337093688182155_3810; Tue, 15 May 2012 14:54:48 +0000 (UTC)
Received: from CH1EHSMHS007.bigfish.com (snatpool1.int.messaging.microsoft.com [10.43.68.249])	by mail179-ch1.bigfish.com (Postfix) with ESMTP id 270633E004E;	Tue, 15 May 2012 14:54:48 +0000 (UTC)
Received: from CH1PRD0410HT003.namprd04.prod.outlook.com (157.56.244.181) by CH1EHSMHS007.bigfish.com (10.43.70.7) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 15 May 2012 14:54:47 +0000
Received: from CH1PRD0410MB369.namprd04.prod.outlook.com ([169.254.5.153]) by CH1PRD0410HT003.namprd04.prod.outlook.com ([10.255.147.38]) with mapi id 14.16.0152.000; Tue, 15 May 2012 14:54:52 +0000
From: Lewis Adam-CAL022 <Adam.Lewis@motorolasolutions.com>
To: Mike Jones <Michael.Jones@microsoft.com>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: JSON Web Token (JWT) Specification Draft -10
Thread-Index: Ac0wney5E9KEETp7T86BmhWRCpKKugCC/fMA
Date: Tue, 15 May 2012 14:54:52 +0000
Message-ID: <59E470B10C4630419ED717AC79FCF9A90DF629@CH1PRD0410MB369.namprd04.prod.outlook.com>
References: <4E1F6AAD24975D4BA5B1680429673943664F190F@TK5EX14MBXC284.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B1680429673943664F190F@TK5EX14MBXC284.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [150.130.168.127]
Content-Type: multipart/alternative; boundary="_000_59E470B10C4630419ED717AC79FCF9A90DF629CH1PRD0410MB369na_"
MIME-Version: 1.0
X-MS-Exchange-CrossPremises-AuthAs: Internal
X-MS-Exchange-CrossPremises-AuthMechanism: 04
X-MS-Exchange-CrossPremises-AuthSource: CH1PRD0410HT003.namprd04.prod.outlook.com
X-MS-Exchange-CrossPremises-SCL: -1
X-MS-Exchange-CrossPremises-messagesource: StoreDriver
X-MS-Exchange-CrossPremises-BCC: 
X-MS-Exchange-CrossPremises-rules-execution-history: Sample Spam Submissions
X-MS-Exchange-CrossPremises-processed-by-journaling: Journal Agent
X-MS-Exchange-CrossPremises-ContentConversionOptions: False; 00160000; True; ; iso-8859-1
X-OrganizationHeadersPreserved: CH1PRD0410HT003.namprd04.prod.outlook.com
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
X-FOPE-CONNECTOR: Id%1294$Dn%MICROSOFT.COM$RO%2$TLS%3$FQDN%msgate.mot-solutions.com$TlsDn%
X-FOPE-CONNECTOR: Id%1294$Dn%IETF.ORG$RO%2$TLS%3$FQDN%msgate.mot-solutions.com$TlsDn%
X-CFilter-Loop: Reflected
X-OriginatorOrg: motorolasolutions.com
Subject: Re: [OAUTH-WG] JSON Web Token (JWT) Specification Draft -10
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 May 2012 15:03:09 -0000

--_000_59E470B10C4630419ED717AC79FCF9A90DF629CH1PRD0410MB369na_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi,

Apologies if the OAuth list is not the right place to ask this question, bu=
t I'm trying to understand why JWT doesn't have an "Authentication Context"=
 like reserved claim name (such as present in SAML).  Knowing the primary a=
uthentication method used to obtain the JWT seems just as fundamental as kn=
owing the issuer, principal, etc.

I realize it's easy enough to add your own, but from an inter-op perspectiv=
e, it just seems really valuable to be able to assert the primary authentic=
ation method.

Tx!
adam

From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of M=
ike Jones
Sent: Saturday, May 12, 2012 7:19 PM
To: oauth@ietf.org
Subject: [OAUTH-WG] JSON Web Token (JWT) Specification Draft -10

Draft -10<http://self-issued.info/docs/draft-jones-json-web-token-10.html> =
of the JSON Web Token (JWT)<http://self-issued.info/docs/draft-jones-json-w=
eb-token.html> specification has been published.  It uses the -02 versions =
of the JOSE specifications and contains parallel editorial changes to those=
 applied to the JOSE specs.  Changes were:

  *   Clarified the relationship between typ header parameter values, typ c=
laim values, and MIME types.
  *   Clarified that JWTs with duplicate Header Parameter Names or Duplicat=
e Claim names MUST be rejected.
  *   Required implementation of AES-128-KW and AES-256-KW when the impleme=
ntation provides encryption capabilities.
  *   Registered "JWT" typ header parameter value.
  *   Generalized language to refer to Message Authentication Codes (MACs) =
rather than Hash-based Message Authentication Codes (HMACs) unless in a con=
text specific to HMAC algorithms.
  *   Reformatted to give each claim definition and header parameter its ow=
n section heading.

The specification is available at:

*         http://tools.ietf.org/html/draft-jones-json-web-token-10

An HTML formatted version is available at:

*         http://self-issued.info/docs/draft-jones-json-web-token-10.html

                                                            -- Mike


--_000_59E470B10C4630419ED717AC79FCF9A90DF629CH1PRD0410MB369na_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:x=3D"urn:schemas-microsoft-com:office:excel" xmlns:p=3D"urn:schemas-m=
icrosoft-com:office:powerpoint" xmlns:a=3D"urn:schemas-microsoft-com:office=
:access" xmlns:dt=3D"uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s=3D"=
uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs=3D"urn:schemas-microsof=
t-com:rowset" xmlns:z=3D"#RowsetSchema" xmlns:b=3D"urn:schemas-microsoft-co=
m:office:publisher" xmlns:ss=3D"urn:schemas-microsoft-com:office:spreadshee=
t" xmlns:c=3D"urn:schemas-microsoft-com:office:component:spreadsheet" xmlns=
:odc=3D"urn:schemas-microsoft-com:office:odc" xmlns:oa=3D"urn:schemas-micro=
soft-com:office:activation" xmlns:html=3D"http://www.w3.org/TR/REC-html40" =
xmlns:q=3D"http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc=3D"http://m=
icrosoft.com/officenet/conferencing" xmlns:D=3D"DAV:" xmlns:Repl=3D"http://=
schemas.microsoft.com/repl/" xmlns:mt=3D"http://schemas.microsoft.com/share=
point/soap/meetings/" xmlns:x2=3D"http://schemas.microsoft.com/office/excel=
/2003/xml" xmlns:ppda=3D"http://www.passport.com/NameSpace.xsd" xmlns:ois=
=3D"http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir=3D"http://=
schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds=3D"http://www.w3=
.org/2000/09/xmldsig#" xmlns:dsp=3D"http://schemas.microsoft.com/sharepoint=
/dsp" xmlns:udc=3D"http://schemas.microsoft.com/data/udc" xmlns:xsd=3D"http=
://www.w3.org/2001/XMLSchema" xmlns:sub=3D"http://schemas.microsoft.com/sha=
repoint/soap/2002/1/alerts/" xmlns:ec=3D"http://www.w3.org/2001/04/xmlenc#"=
 xmlns:sp=3D"http://schemas.microsoft.com/sharepoint/" xmlns:sps=3D"http://=
schemas.microsoft.com/sharepoint/soap/" xmlns:xsi=3D"http://www.w3.org/2001=
/XMLSchema-instance" xmlns:udcs=3D"http://schemas.microsoft.com/data/udc/so=
ap" xmlns:udcxf=3D"http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udc=
p2p=3D"http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf=3D"http:/=
/schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss=3D"http://sche=
mas.microsoft.com/office/2006/digsig-setup" xmlns:dssi=3D"http://schemas.mi=
crosoft.com/office/2006/digsig" xmlns:mdssi=3D"http://schemas.openxmlformat=
s.org/package/2006/digital-signature" xmlns:mver=3D"http://schemas.openxmlf=
ormats.org/markup-compatibility/2006" xmlns:m=3D"http://schemas.microsoft.c=
om/office/2004/12/omml" xmlns:mrels=3D"http://schemas.openxmlformats.org/pa=
ckage/2006/relationships" xmlns:spwp=3D"http://microsoft.com/sharepoint/web=
partpages" xmlns:ex12t=3D"http://schemas.microsoft.com/exchange/services/20=
06/types" xmlns:ex12m=3D"http://schemas.microsoft.com/exchange/services/200=
6/messages" xmlns:pptsl=3D"http://schemas.microsoft.com/sharepoint/soap/Sli=
deLibrary/" xmlns:spsl=3D"http://microsoft.com/webservices/SharePointPortal=
Server/PublishedLinksService" xmlns:Z=3D"urn:schemas-microsoft-com:" xmlns:=
st=3D"&#1;" xmlns=3D"http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 12 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:Wingdings;
	panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
	{font-family:Wingdings;
	panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
	{font-family:Verdana;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
tt
	{mso-style-priority:99;
	font-family:"Courier New";
	color:#003366;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
	{mso-style-priority:34;
	margin-top:0in;
	margin-right:0in;
	margin-bottom:0in;
	margin-left:.5in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
span.EmailStyle19
	{mso-style-type:personal;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
span.EmailStyle20
	{mso-style-type:personal-reply;
	font-family:"Calibri","sans-serif";
	color:olive;
	font-weight:normal;
	font-style:normal;
	text-decoration:none none;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:10.0pt;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
/* List Definitions */
@list l0
	{mso-list-id:227351724;
	mso-list-type:hybrid;
	mso-list-template-ids:-1883076584 67698689 67698691 67698693 67698689 6769=
8691 67698693 67698689 67698691 67698693;}
@list l0:level1
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l0:level2
	{mso-level-number-format:bullet;
	mso-level-text:o;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:"Courier New";}
@list l0:level3
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Wingdings;}
@list l0:level4
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l0:level5
	{mso-level-number-format:bullet;
	mso-level-text:o;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:"Courier New";}
@list l0:level6
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Wingdings;}
@list l0:level7
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l0:level8
	{mso-level-number-format:bullet;
	mso-level-text:o;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:"Courier New";}
@list l0:level9
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Wingdings;}
@list l1
	{mso-list-id:1086994591;
	mso-list-template-ids:-809697320;}
@list l1:level1
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Symbol;}
@list l2
	{mso-list-id:1979139194;
	mso-list-template-ids:2117105282;}
@list l2:level1
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Symbol;}
@list l2:level2
	{mso-level-number-format:bullet;
	mso-level-text:o;
	mso-level-tab-stop:1.0in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:"Courier New";
	mso-bidi-font-family:"Times New Roman";}
@list l2:level3
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:1.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Wingdings;}
@list l2:level4
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:2.0in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Wingdings;}
@list l2:level5
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:2.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Wingdings;}
@list l2:level6
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:3.0in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Wingdings;}
@list l2:level7
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:3.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Wingdings;}
@list l2:level8
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:4.0in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Wingdings;}
@list l2:level9
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:4.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Wingdings;}
ol
	{margin-bottom:0in;}
ul
	{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal">Hi,<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Apologies if the OAuth list is not the right place t=
o ask this question, but I&#8217;m trying to understand why JWT doesn&#8217=
;t have an &#8220;<i>Authentication Context</i>&#8221; like reserved claim =
name (such as present in SAML).&nbsp; Knowing the primary authentication
 method used to obtain the JWT seems just as fundamental as knowing the iss=
uer, principal, etc.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">I realize it&#8217;s easy enough to add your own, bu=
t from an inter-op perspective, it just seems really valuable to be able to=
 assert the primary authentication method.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Tx!<o:p></o:p></p>
<p class=3D"MsoNormal">adam<o:p></o:p></p>
<p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;color:olive"><o:p>&n=
bsp;</o:p></span></p>
<div>
<div style=3D"border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in =
0in 0in">
<p class=3D"MsoNormal"><b><span style=3D"font-size:10.0pt;font-family:&quot=
;Tahoma&quot;,&quot;sans-serif&quot;">From:</span></b><span style=3D"font-s=
ize:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;"> oauth-bo=
unces@ietf.org [mailto:oauth-bounces@ietf.org]
<b>On Behalf Of </b>Mike Jones<br>
<b>Sent:</b> Saturday, May 12, 2012 7:19 PM<br>
<b>To:</b> oauth@ietf.org<br>
<b>Subject:</b> [OAUTH-WG] JSON Web Token (JWT) Specification Draft -10<o:p=
></o:p></span></p>
</div>
</div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal"><a href=3D"http://self-issued.info/docs/draft-jones-=
json-web-token-10.html">Draft -10</a> of the
<a href=3D"http://self-issued.info/docs/draft-jones-json-web-token.html">JS=
ON Web Token (JWT)</a> specification has been published.&nbsp; It uses the =
-02 versions of the JOSE specifications and contains parallel editorial cha=
nges to those applied to the JOSE specs.&nbsp;
 Changes were:<o:p></o:p></p>
<ul style=3D"margin-top:0in" type=3D"disc">
<li class=3D"MsoNormal" style=3D"color:black;mso-list:l2 level1 lfo3"><span=
 lang=3D"EN" style=3D"font-family:&quot;Verdana&quot;,&quot;sans-serif&quot=
;">Clarified the relationship between
</span><span lang=3D"EN" style=3D"font-family:&quot;Courier New&quot;;color=
:#003366">typ</span><span lang=3D"EN" style=3D"font-family:&quot;Verdana&qu=
ot;,&quot;sans-serif&quot;"> header parameter values,
</span><span lang=3D"EN" style=3D"font-family:&quot;Courier New&quot;;color=
:#003366">typ</span><span lang=3D"EN" style=3D"font-family:&quot;Verdana&qu=
ot;,&quot;sans-serif&quot;"> claim values, and MIME types.
<o:p></o:p></span></li><li class=3D"MsoNormal" style=3D"color:black;mso-lis=
t:l2 level1 lfo3"><span lang=3D"EN" style=3D"font-family:&quot;Verdana&quot=
;,&quot;sans-serif&quot;">Clarified that JWTs with duplicate Header Paramet=
er Names or Duplicate Claim names MUST be rejected.
<o:p></o:p></span></li><li class=3D"MsoNormal" style=3D"color:black;mso-lis=
t:l2 level1 lfo3"><span lang=3D"EN" style=3D"font-family:&quot;Verdana&quot=
;,&quot;sans-serif&quot;">Required implementation of AES-128-KW and AES-256=
-KW when the implementation provides encryption capabilities.
<o:p></o:p></span></li><li class=3D"MsoNormal" style=3D"color:black;mso-lis=
t:l2 level1 lfo3"><span lang=3D"EN" style=3D"font-family:&quot;Verdana&quot=
;,&quot;sans-serif&quot;">Registered &quot;JWT&quot; typ header parameter v=
alue.
<o:p></o:p></span></li><li class=3D"MsoNormal" style=3D"color:black;mso-lis=
t:l2 level1 lfo3"><span lang=3D"EN" style=3D"font-family:&quot;Verdana&quot=
;,&quot;sans-serif&quot;">Generalized language to refer to Message Authenti=
cation Codes (MACs) rather than Hash-based Message Authentication Codes (HM=
ACs) unless
 in a context specific to HMAC algorithms. <o:p></o:p></span></li><li class=
=3D"MsoNormal" style=3D"color:black;mso-list:l2 level1 lfo3"><span lang=3D"=
EN" style=3D"font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">Reform=
atted to give each claim definition and header parameter its own section he=
ading.
<o:p></o:p></span></li></ul>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">The specification is available at:<o:p></o:p></p>
<p class=3D"MsoListParagraph" style=3D"text-indent:-.25in;mso-list:l0 level=
1 lfo5"><![if !supportLists]><span style=3D"font-family:Symbol"><span style=
=3D"mso-list:Ignore">&middot;<span style=3D"font:7.0pt &quot;Times New Roma=
n&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span></span><![endif]><a href=3D"http://tools.ietf.org/html/draft-=
jones-json-web-token-10">http://tools.ietf.org/html/draft-jones-json-web-to=
ken-10</a><o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">An HTML formatted version is available at:<o:p></o:p=
></p>
<p class=3D"MsoListParagraph" style=3D"text-indent:-.25in;mso-list:l0 level=
1 lfo5"><![if !supportLists]><span style=3D"font-family:Symbol"><span style=
=3D"mso-list:Ignore">&middot;<span style=3D"font:7.0pt &quot;Times New Roma=
n&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span></span><![endif]><a href=3D"http://self-issued.info/docs/draf=
t-jones-json-web-token-10.html">http://self-issued.info/docs/draft-jones-js=
on-web-token-10.html</a><o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p; -- Mike<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
</body>
</html>

--_000_59E470B10C4630419ED717AC79FCF9A90DF629CH1PRD0410MB369na_--

From sergei.shishkin@gmail.com  Tue May 15 08:40:33 2012
Return-Path: <sergei.shishkin@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BBA6121F8961 for <oauth@ietfa.amsl.com>; Tue, 15 May 2012 08:40:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.541
X-Spam-Level: 
X-Spam-Status: No, score=-3.541 tagged_above=-999 required=5 tests=[AWL=0.057,  BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7zpRPKz8M0KB for <oauth@ietfa.amsl.com>; Tue, 15 May 2012 08:40:32 -0700 (PDT)
Received: from mail-vb0-f44.google.com (mail-vb0-f44.google.com [209.85.212.44]) by ietfa.amsl.com (Postfix) with ESMTP id 789B321F8953 for <oauth@ietf.org>; Tue, 15 May 2012 08:40:32 -0700 (PDT)
Received: by vbbez10 with SMTP id ez10so7532784vbb.31 for <oauth@ietf.org>; Tue, 15 May 2012 08:40:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=X1w3dp/dv+WYY+gIWB3tnmB3HWbZmAroGxGeIfqdvxs=; b=guqHrVWjwP/CK1wweCWpw4J+b4qVgARaIrqT2q+hCLxMJgEH28rDVRHqUi9AR1z1go i+LsZqiNEHIy/xrLihgDW6rGx6mVt4V/hKsIUUwV0KbmLRg33pE3vxd2SUh2LP0GfrEo WY+1idgXE5TuQpYM9grq+ZKVUhPWuceB8QY4ZPjBlIC+1/TbLJ6ufeDCXJ0YPJ3+mKtB e6q+YNOKZCJCC3qCA/HFhHtbkKX/hWNdJjKNdMMjY3PKXJXY6MT1j8urCC2I16VS0P4+ aAE1MRsT85o35soF/ju1lYlnW06260iRRm+8z4lGUJSKvyo1Z7PidSrifFcnElY0DbWy TC0w==
MIME-Version: 1.0
Received: by 10.52.95.147 with SMTP id dk19mr2597426vdb.106.1337096431764; Tue, 15 May 2012 08:40:31 -0700 (PDT)
Received: by 10.52.110.100 with HTTP; Tue, 15 May 2012 08:40:31 -0700 (PDT)
In-Reply-To: <4FB25DF6.3020309@mitre.org>
References: <CA+tG_hWL4H4jkc0ASw-JQSY-akbQ2myv_m3tRm_pXHd8ghU9HA@mail.gmail.com> <4FB25DF6.3020309@mitre.org>
Date: Tue, 15 May 2012 17:40:31 +0200
Message-ID: <CA+tG_hVZWcqxTrbBbt5UHKxy7Phw4bZN=BgzDG5jMY+9ZsQZ5Q@mail.gmail.com>
From: Sergey Shishkin <sergei.shishkin@gmail.com>
To: Justin Richer <jricher@mitre.org>
Content-Type: multipart/alternative; boundary=20cf3071d0b6d8867804c01505a8
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] OAuth Bearer: Response to an unauthenticated request
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 May 2012 15:40:33 -0000

--20cf3071d0b6d8867804c01505a8
Content-Type: text/plain; charset=UTF-8

Justin,

I want to let client (API client, not OAuth Client) know less to get the
job done. The service should ideally be able to encode everything required
in a URL and give it to the client. This is what is described in the
Implicit Grant Flow [
http://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.2], right? So,
why does Bearer spec insist on 401?

Sergey

On Tue, May 15, 2012 at 3:45 PM, Justin Richer <jricher@mitre.org> wrote:

>  This kind of fully automated approach isn't solved yet. OAuth isn't quite
> as simple as HTTP Basic and its kin, where the user agent can collect
> everything it needs directly and just push it back to the protected URL. In
> order for this to truly work, you need to have not just a pointer to the
> issuer, but a full dynamic registration and service discovery stack that
> the client knows about. For starters, the Client needs to know the
> Authorization Endpoint and Token Endpoint for the service, as well as which
> flows it supports. You'd probably want to know what kinds of token are
> supported, too. The authorization server needs to issue a Client ID and
> (probably) Client Secret to the Client to allow it to request tokens at
> all. Defining those is out of scope for the core specs, but there's some
> new work that's getting started around Host Meta (for discovery) and a
> dynamic client registration spec that will address some of the biggest
> parts of this.
>
>  -- Justin
>
>
> On 05/15/2012 08:12 AM, Sergey Shishkin wrote:
>
> While designing a hypermedia-driven API I'm evaluating possibilities to
> use OAuth Bearer tokens for claims-based authorization. Currently I
> struggle with how to communicate to the API client the way to obtain the
> token. In a hypermedia-driven manner I don't want the API client to get
> this information out of band, but rather let the client "just follow the
> links".
>
>  The Bearer draft [
> http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-19#section-3]
> advises to send a 401 response with a WWW-Authenticate challenge specifying
> optional realm and scope. The problem here: neither realm nor scope
> identify the token issuer.
>
>  The OAuth 2.0 draft [
> http://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.1.1] suggests
> to redirect the resource owner to the token issuer, IIRC. I like this way
> from the hypermedia perspective, but still have mixed feelings about missed
> 401 and WWW-Authenticate challenge.
>
>  Did I missed some part of draft covering my scenario? Are there any
> known grassroots implementations doing just that on the internet? Any
> opinion on the subject is very much appreciated.
>
>  Thanks in advance,
> Sergey
>
>
> _______________________________________________
> OAuth mailing listOAuth@ietf.orghttps://www.ietf.org/mailman/listinfo/oauth
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>

--20cf3071d0b6d8867804c01505a8
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Justin,<div><br></div><div>I want to let client (API client, not OAuth Clie=
nt) know less to get the job done. The service should ideally be able to en=
code everything required in a URL and give it to the client. This is what i=
s described in the Implicit Grant Flow [<a href=3D"http://tools.ietf.org/ht=
ml/draft-ietf-oauth-v2-26#section-4.2">http://tools.ietf.org/html/draft-iet=
f-oauth-v2-26#section-4.2</a>], right? So, why does Bearer spec insist on 4=
01?</div>
<div><br></div><div>Sergey</div><div><br><div class=3D"gmail_quote">On Tue,=
 May 15, 2012 at 3:45 PM, Justin Richer <span dir=3D"ltr">&lt;<a href=3D"ma=
ilto:jricher@mitre.org" target=3D"_blank">jricher@mitre.org</a>&gt;</span> =
wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
 =20
   =20
 =20
  <div bgcolor=3D"#FFFFFF" text=3D"#000000">
    This kind of fully automated approach isn&#39;t solved yet. OAuth isn&#=
39;t
    quite as simple as HTTP Basic and its kin, where the user agent can
    collect everything it needs directly and just push it back to the
    protected URL. In order for this to truly work, you need to have not
    just a pointer to the issuer, but a full dynamic registration and
    service discovery stack that the client knows about. For starters,
    the Client needs to know the Authorization Endpoint and Token
    Endpoint for the service, as well as which flows it supports. You&#39;d
    probably want to know what kinds of token are supported, too. The
    authorization server needs to issue a Client ID and (probably)
    Client Secret to the Client to allow it to request tokens at all.
    Defining those is out of scope for the core specs, but there&#39;s some
    new work that&#39;s getting started around Host Meta (for discovery) an=
d
    a dynamic client registration spec that will address some of the
    biggest parts of this. <br>
    <br>
    =C2=A0-- Justin<div><div class=3D"h5"><br>
    <br>
    On 05/15/2012 08:12 AM, Sergey Shishkin wrote:
    </div></div><blockquote type=3D"cite"><div><div class=3D"h5">
     =20
      <div>While designing a hypermedia-driven API I&#39;m evaluating
        possibilities to use OAuth Bearer tokens for claims-based
        authorization. Currently I struggle with how to communicate to
        the API client the way to obtain the token. In a
        hypermedia-driven manner I don&#39;t want the API client to get thi=
s
        information out of band, but rather let the client &quot;just follo=
w
        the links&quot;.</div>
      <div><br>
      </div>
      The Bearer draft [<a href=3D"http://tools.ietf.org/html/draft-ietf-oa=
uth-v2-bearer-19#section-3" target=3D"_blank">http://tools.ietf.org/html/dr=
aft-ietf-oauth-v2-bearer-19#section-3</a>]
      advises to send a 401 response with a WWW-Authenticate challenge
      specifying optional realm and scope. The problem here: neither
      realm nor scope identify the token issuer.=C2=A0
      <div>
        <br>
      </div>
      <div>The OAuth 2.0 draft [<a href=3D"http://tools.ietf.org/html/draft=
-ietf-oauth-v2-26#section-4.1.1" target=3D"_blank">http://tools.ietf.org/ht=
ml/draft-ietf-oauth-v2-26#section-4.1.1</a>]
        suggests to redirect the resource owner to the token issuer,
        IIRC. I like this way from the hypermedia perspective, but still
        have mixed feelings about missed 401 and WWW-Authenticate
        challenge.</div>
      <div><br>
      </div>
      <div>Did I missed some part of draft covering my scenario? Are
        there any known grassroots implementations doing just that on
        the internet? Any opinion on the subject is very much
        appreciated.</div>
      <div><br>
      </div>
      <div>Thanks in advance,</div>
      <div>Sergey</div>
      <br>
      <fieldset></fieldset>
      <br>
      </div></div><pre>_______________________________________________
OAuth mailing list
<a href=3D"mailto:OAuth@ietf.org" target=3D"_blank">OAuth@ietf.org</a>
<a href=3D"https://www.ietf.org/mailman/listinfo/oauth" target=3D"_blank">h=
ttps://www.ietf.org/mailman/listinfo/oauth</a>
</pre>
    </blockquote>
    <br>
  </div>

<br>_______________________________________________<br>
OAuth mailing list<br>
<a href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/oauth" target=3D"_blank">h=
ttps://www.ietf.org/mailman/listinfo/oauth</a><br>
<br></blockquote></div><br></div>

--20cf3071d0b6d8867804c01505a8--

From wmills@yahoo-inc.com  Tue May 15 09:04:26 2012
Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D766C21F8930 for <oauth@ietfa.amsl.com>; Tue, 15 May 2012 09:04:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.18
X-Spam-Level: 
X-Spam-Status: No, score=-17.18 tagged_above=-999 required=5 tests=[AWL=0.418,  BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gKnNw-DNe2Ie for <oauth@ietfa.amsl.com>; Tue, 15 May 2012 09:04:26 -0700 (PDT)
Received: from nm17.bullet.mail.bf1.yahoo.com (nm17.bullet.mail.bf1.yahoo.com [98.139.212.176]) by ietfa.amsl.com (Postfix) with SMTP id AC3F621F8925 for <oauth@ietf.org>; Tue, 15 May 2012 09:04:25 -0700 (PDT)
Received: from [98.139.212.150] by nm17.bullet.mail.bf1.yahoo.com with NNFMP; 15 May 2012 16:04:25 -0000
Received: from [98.139.215.250] by tm7.bullet.mail.bf1.yahoo.com with NNFMP; 15 May 2012 16:04:25 -0000
Received: from [127.0.0.1] by omp1063.mail.bf1.yahoo.com with NNFMP; 15 May 2012 16:04:25 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 41531.18353.bm@omp1063.mail.bf1.yahoo.com
Received: (qmail 54728 invoked by uid 60001); 15 May 2012 16:04:24 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1337097864; bh=YT/ynToUE78zJ6PSMo+eJKkk/jdIO92YZkRS7DjaazI=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=eWKGnUwn64T37njkTzC4RljzuU3I9RSwNcLinzQwjLIuihYCTLZY4uJQlrItIF89EuWimZs/XEZbxEt6Z2/77MIXfNTvIWV4eSLFFImtY3unYWcUsBgR9RGvccOcqCMlsYBUl8ib4vLmYmLRsDLKWsxi01OUElCb+2EGDJsPNXk=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=j6uUOE2J0lxFCwlS7fbu2Dpq3wPmpAS7Ucl1ScuML6UqSRNucRMSpKfpMHhMTSM+DTNGFjyFg7AgoLtYW0eH0XMCqCHOlwFGh2B80D783/ZNJmyIIM997FeAZ2rRmK05KnfQNbnE0LYmujVs9YAzKnUl8t4hKCsIt7dg7YjjiT8=;
X-YMail-OSG: Kv4pj2gVM1lxXQ8SDZlIm7ITr0BE595JAQT0sofoY7MTQcT bFsXcPbTmzNYXYBWSe4345w7eq0qKfxswV9s656.81BL4MBx8Om6TOBo67fR sZ4_ZnsAjitB9H2SW42sD7dZ6SuiWLc40yQdXlCR4tfoHDb.D2.QcHUcAeCT Ac64btM117.racKDZpsODlHZBiMCIcoxCoLbI0saVcuN66ZKlW9LZCVHYnqh VxwwJQhRYZ0E_65O_9NI.QcxL3F_k8O7RuMiQ7RewPbRWdQmop3mIo1u3JuA tAz1iEIXOCyOAVg2hJdxNOVLFE0.RcDpehh6DkTuKlfcVlJOAuocE5su_46b aQ22s4TP4SuC_fvBJcdArU93X_3pYfKvdG7cQFkF2fg2MBaCP80chhohUw5P Hq6f3Q.arH1hpSbF_QhZU_wvVnm4ZI264Rji8HdrkvJn2YV5L0Ag-
Received: from [209.131.62.115] by web31805.mail.mud.yahoo.com via HTTP; Tue, 15 May 2012 09:04:24 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.118.349524
References: <CA+tG_hWL4H4jkc0ASw-JQSY-akbQ2myv_m3tRm_pXHd8ghU9HA@mail.gmail.com>
Message-ID: <1337097864.46559.YahooMailNeo@web31805.mail.mud.yahoo.com>
Date: Tue, 15 May 2012 09:04:24 -0700 (PDT)
From: William Mills <wmills@yahoo-inc.com>
To: Sergey Shishkin <sergei.shishkin@gmail.com>, "oauth@ietf.org" <oauth@ietf.org>
In-Reply-To: <CA+tG_hWL4H4jkc0ASw-JQSY-akbQ2myv_m3tRm_pXHd8ghU9HA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-551393103-1701371315-1337097864=:46559"
Subject: Re: [OAUTH-WG] OAuth Bearer: Response to an unauthenticated request
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills@yahoo-inc.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 May 2012 16:04:26 -0000

---551393103-1701371315-1337097864=:46559
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

Yes, what you're running across here is the "discovery" problem.=A0 How do =
you discover the authentication endpoints for a service.=A0 Unfortunately i=
t turns out returning that as part of the 401 has big security concerns.=A0=
 It's still being figured out.=0A=0A=0A=0A=0A>_____________________________=
___=0A> From: Sergey Shishkin <sergei.shishkin@gmail.com>=0A>To: oauth@ietf=
.org =0A>Sent: Tuesday, May 15, 2012 5:12 AM=0A>Subject: [OAUTH-WG] OAuth B=
earer: Response to an unauthenticated request=0A> =0A>=0A>While designing a=
 hypermedia-driven API I'm evaluating possibilities to use OAuth Bearer tok=
ens for claims-based authorization. Currently I struggle with how to commun=
icate to the API client the way to obtain the token. In a hypermedia-driven=
 manner I don't want the API client to get this information out of band, bu=
t rather let the client "just follow the links".=0A>=0A>The Bearer draft [h=
ttp://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-19#section-3] advises =
to send a 401 response with a WWW-Authenticate challenge specifying optiona=
l realm and scope. The problem here: neither realm nor scope identify the t=
oken issuer.=A0=0A>=0A>=0A>The OAuth 2.0 draft [http://tools.ietf.org/html/=
draft-ietf-oauth-v2-26#section-4.1.1] suggests to redirect the resource own=
er to the token issuer, IIRC. I like this way from the hypermedia perspecti=
ve, but still have mixed feelings about missed 401 and WWW-Authenticate cha=
llenge.=0A>=0A>=0A>Did I missed some part of draft covering my scenario? Ar=
e there any known grassroots implementations doing just that on the interne=
t? Any opinion on the subject is very much appreciated.=0A>=0A>=0A>Thanks i=
n advance,=0A>Sergey=0A>_______________________________________________=0A>=
OAuth mailing list=0A>OAuth@ietf.org=0A>https://www.ietf.org/mailman/listin=
fo/oauth=0A>=0A>=0A>
---551393103-1701371315-1337097864=:46559
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

<html><body><div style=3D"color:#000; background-color:#fff; font-family:Co=
urier New, courier, monaco, monospace, sans-serif;font-size:14pt"><div><spa=
n>Yes, what you're running across here is the "discovery" problem.&nbsp; Ho=
w do you discover the authentication endpoints for a service.&nbsp; Unfortu=
nately it turns out returning that as part of the 401 has big security conc=
erns.&nbsp; It's still being figured out.<br></span></div><div><br><blockqu=
ote style=3D"border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; mar=
gin-top: 5px; padding-left: 5px;">  <div style=3D"font-family: Courier New,=
 courier, monaco, monospace, sans-serif; font-size: 14pt;"> <div style=3D"f=
ont-family: times new roman, new york, times, serif; font-size: 12pt;"> <di=
v dir=3D"ltr"> <font face=3D"Arial" size=3D"2"> <hr size=3D"1">  <b><span s=
tyle=3D"font-weight:bold;">From:</span></b> Sergey Shishkin &lt;sergei.shis=
hkin@gmail.com&gt;<br> <b><span style=3D"font-weight: bold;">To:</span></b>
 oauth@ietf.org <br> <b><span style=3D"font-weight: bold;">Sent:</span></b>=
 Tuesday, May 15, 2012 5:12 AM<br> <b><span style=3D"font-weight: bold;">Su=
bject:</span></b> [OAUTH-WG] OAuth Bearer: Response to an unauthenticated r=
equest<br> </font> </div> <br>=0A<div id=3D"yiv1020657337"><div>While desig=
ning a hypermedia-driven API I'm evaluating possibilities to use OAuth Bear=
er tokens for claims-based authorization. Currently I struggle with how to =
communicate to the API client the way to obtain the token. In a hypermedia-=
driven manner I don't want the API client to get this information out of ba=
nd, but rather let the client "just follow the links".</div>=0A<div><br></d=
iv>The Bearer draft [http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-=
19#section-3] advises to send a 401 response with a WWW-Authenticate challe=
nge specifying optional realm and scope. The problem here: neither realm no=
r scope identify the token issuer.&nbsp;<div>=0A<br></div><div>The OAuth 2.=
0 draft [http://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.1.1] s=
uggests to redirect the resource owner to the token issuer, IIRC. I like th=
is way from the hypermedia perspective, but still have mixed feelings about=
 missed 401 and WWW-Authenticate challenge.</div>=0A<div><br></div><div>Did=
 I missed some part of draft covering my scenario? Are there any known gras=
sroots implementations doing just that on the internet? Any opinion on the =
subject is very much appreciated.</div><div><br>=0A</div><div>Thanks in adv=
ance,</div><div>Sergey</div>=0A</div><br>__________________________________=
_____________<br>OAuth mailing list<br><a ymailto=3D"mailto:OAuth@ietf.org"=
 href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br><a href=3D"https://ww=
w.ietf.org/mailman/listinfo/oauth" target=3D"_blank">https://www.ietf.org/m=
ailman/listinfo/oauth</a><br><br><br> </div> </div> </blockquote></div>   <=
/div></body></html>
---551393103-1701371315-1337097864=:46559--

From sergei.shishkin@gmail.com  Tue May 15 09:09:55 2012
Return-Path: <sergei.shishkin@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6EFAA21F88AD for <oauth@ietfa.amsl.com>; Tue, 15 May 2012 09:09:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.56
X-Spam-Level: 
X-Spam-Status: No, score=-3.56 tagged_above=-999 required=5 tests=[AWL=0.038,  BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A0QiNdpiF8Tg for <oauth@ietfa.amsl.com>; Tue, 15 May 2012 09:09:54 -0700 (PDT)
Received: from mail-qc0-f172.google.com (mail-qc0-f172.google.com [209.85.216.172]) by ietfa.amsl.com (Postfix) with ESMTP id 0B0C721F87DD for <oauth@ietf.org>; Tue, 15 May 2012 09:09:48 -0700 (PDT)
Received: by qcsq13 with SMTP id q13so5208658qcs.31 for <oauth@ietf.org>; Tue, 15 May 2012 09:09:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=ScECL5oL0v94MFVLMDrShX7NKx1JH62lLw/bSuiH3kI=; b=Q9/kvAknG6idTSqRrQMfeIpI+cQBET/xMEU5YaBTwfXsbeVFSPyV/bOI4z87QBe2OP T6+47o5GnWAWAp1YTiT9W8lLXaboEJ7/U1iN8oxMMuUqyDBdefwTwB+blSQibmAPwJov io4CmAn1JejdZWdMWWnvE7kv2Me4htSRLKfQVDa8qW6q5T+VI4vJiffsD6P2uPRVKwqZ BmprkSmhKdyKfrN7jFb4GvoOWQ3SjxjdcKCd7G6vpL5/GXA2U5MSSwyEK+C5pSoJOmoA RC2y1uBuNzyPxF8bCbUWkBdQE9f/m8+o1mv80T2GYh1AnHfXmbSjfZ029MAn5trqBi1A kFqw==
MIME-Version: 1.0
Received: by 10.220.115.130 with SMTP id i2mr7620761vcq.72.1337098188244; Tue, 15 May 2012 09:09:48 -0700 (PDT)
Received: by 10.52.110.100 with HTTP; Tue, 15 May 2012 09:09:48 -0700 (PDT)
In-Reply-To: <1337097864.46559.YahooMailNeo@web31805.mail.mud.yahoo.com>
References: <CA+tG_hWL4H4jkc0ASw-JQSY-akbQ2myv_m3tRm_pXHd8ghU9HA@mail.gmail.com> <1337097864.46559.YahooMailNeo@web31805.mail.mud.yahoo.com>
Date: Tue, 15 May 2012 18:09:48 +0200
Message-ID: <CA+tG_hUv9vnVxEq02pGtMGT_UnjLSJZyAxN8rvFjsHgDM-ZgxQ@mail.gmail.com>
From: Sergey Shishkin <sergei.shishkin@gmail.com>
To: William Mills <wmills@yahoo-inc.com>
Content-Type: multipart/alternative; boundary=f46d042fdaec8a45ce04c0156e71
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth Bearer: Response to an unauthenticated request
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 May 2012 16:09:55 -0000

--f46d042fdaec8a45ce04c0156e71
Content-Type: text/plain; charset=UTF-8

In my scenario I control both the resource provider and the token issuer
and I'm fine with the resource provider knowing the issuer. So, discovery
is not needed. Or do I miss something?

On Tue, May 15, 2012 at 6:04 PM, William Mills <wmills@yahoo-inc.com> wrote:

> Yes, what you're running across here is the "discovery" problem.  How do
> you discover the authentication endpoints for a service.  Unfortunately it
> turns out returning that as part of the 401 has big security concerns.
> It's still being figured out.
>
>   ------------------------------
> *From:* Sergey Shishkin <sergei.shishkin@gmail.com>
> *To:* oauth@ietf.org
> *Sent:* Tuesday, May 15, 2012 5:12 AM
> *Subject:* [OAUTH-WG] OAuth Bearer: Response to an unauthenticated request
>
> While designing a hypermedia-driven API I'm evaluating possibilities to
> use OAuth Bearer tokens for claims-based authorization. Currently I
> struggle with how to communicate to the API client the way to obtain the
> token. In a hypermedia-driven manner I don't want the API client to get
> this information out of band, but rather let the client "just follow the
> links".
>
> The Bearer draft [
> http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-19#section-3]
> advises to send a 401 response with a WWW-Authenticate challenge specifying
> optional realm and scope. The problem here: neither realm nor scope
> identify the token issuer.
>
> The OAuth 2.0 draft [
> http://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.1.1] suggests
> to redirect the resource owner to the token issuer, IIRC. I like this way
> from the hypermedia perspective, but still have mixed feelings about missed
> 401 and WWW-Authenticate challenge.
>
> Did I missed some part of draft covering my scenario? Are there any known
> grassroots implementations doing just that on the internet? Any opinion on
> the subject is very much appreciated.
>
> Thanks in advance,
> Sergey
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>
>

--f46d042fdaec8a45ce04c0156e71
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

In my scenario I control both the resource provider and the token issuer an=
d I&#39;m fine with the resource provider knowing the issuer. So, discovery=
 is not needed. Or do I miss something?<br><br><div class=3D"gmail_quote">
On Tue, May 15, 2012 at 6:04 PM, William Mills <span dir=3D"ltr">&lt;<a hre=
f=3D"mailto:wmills@yahoo-inc.com" target=3D"_blank">wmills@yahoo-inc.com</a=
>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 =
0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div><div style=3D"font-size:14pt;font-family:Courier New,courier,monaco,mo=
nospace,sans-serif"><div><span>Yes, what you&#39;re running across here is =
the &quot;discovery&quot; problem.=C2=A0 How do you discover the authentica=
tion endpoints for a service.=C2=A0 Unfortunately it turns out returning th=
at as part of the 401 has big security concerns.=C2=A0 It&#39;s still being=
 figured out.<br>
</span></div><div><br><blockquote style=3D"border-left:2px solid rgb(16,16,=
255);margin-left:5px;margin-top:5px;padding-left:5px">  <div style=3D"font-=
family:Courier New,courier,monaco,monospace,sans-serif;font-size:14pt"> <di=
v style=3D"font-family:times new roman,new york,times,serif;font-size:12pt"=
>
 <div dir=3D"ltr"> <font face=3D"Arial"> <hr size=3D"1">  <b><span style=3D=
"font-weight:bold">From:</span></b> Sergey Shishkin &lt;<a href=3D"mailto:s=
ergei.shishkin@gmail.com" target=3D"_blank">sergei.shishkin@gmail.com</a>&g=
t;<br> <b><span style=3D"font-weight:bold">To:</span></b>
 <a href=3D"mailto:oauth@ietf.org" target=3D"_blank">oauth@ietf.org</a> <br=
> <b><span style=3D"font-weight:bold">Sent:</span></b> Tuesday, May 15, 201=
2 5:12 AM<br> <b><span style=3D"font-weight:bold">Subject:</span></b> [OAUT=
H-WG] OAuth Bearer: Response to an unauthenticated request<br>
 </font> </div><div><div class=3D"h5"> <br>
<div><div>While designing a hypermedia-driven API I&#39;m evaluating possib=
ilities to use OAuth Bearer tokens for claims-based authorization. Currentl=
y I struggle with how to communicate to the API client the way to obtain th=
e token. In a hypermedia-driven manner I don&#39;t want the API client to g=
et this information out of band, but rather let the client &quot;just follo=
w the links&quot;.</div>

<div><br></div>The Bearer draft [<a href=3D"http://tools.ietf.org/html/draf=
t-ietf-oauth-v2-bearer-19#section-3" target=3D"_blank">http://tools.ietf.or=
g/html/draft-ietf-oauth-v2-bearer-19#section-3</a>] advises to send a 401 r=
esponse with a WWW-Authenticate challenge specifying optional realm and sco=
pe. The problem here: neither realm nor scope identify the token issuer.=C2=
=A0<div>

<br></div><div>The OAuth 2.0 draft [<a href=3D"http://tools.ietf.org/html/d=
raft-ietf-oauth-v2-26#section-4.1.1" target=3D"_blank">http://tools.ietf.or=
g/html/draft-ietf-oauth-v2-26#section-4.1.1</a>] suggests to redirect the r=
esource owner to the token issuer, IIRC. I like this way from the hypermedi=
a perspective, but still have mixed feelings about missed 401 and WWW-Authe=
nticate challenge.</div>

<div><br></div><div>Did I missed some part of draft covering my scenario? A=
re there any known grassroots implementations doing just that on the intern=
et? Any opinion on the subject is very much appreciated.</div><div><br>

</div><div>Thanks in advance,</div><div>Sergey</div>
</div><br></div></div><div class=3D"im">___________________________________=
____________<br>OAuth mailing list<br><a href=3D"mailto:OAuth@ietf.org" tar=
get=3D"_blank">OAuth@ietf.org</a><br><a href=3D"https://www.ietf.org/mailma=
n/listinfo/oauth" target=3D"_blank">https://www.ietf.org/mailman/listinfo/o=
auth</a><br>
<br><br> </div></div> </div> </blockquote></div>   </div></div></blockquote=
></div><br>

--f46d042fdaec8a45ce04c0156e71--

From wmills@yahoo-inc.com  Tue May 15 09:24:20 2012
Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A97421F86E1 for <oauth@ietfa.amsl.com>; Tue, 15 May 2012 09:24:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.191
X-Spam-Level: 
X-Spam-Status: No, score=-17.191 tagged_above=-999 required=5 tests=[AWL=0.407, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3DahZlO2Fid1 for <oauth@ietfa.amsl.com>; Tue, 15 May 2012 09:24:19 -0700 (PDT)
Received: from nm7.bullet.mail.bf1.yahoo.com (nm7.bullet.mail.bf1.yahoo.com [98.139.212.166]) by ietfa.amsl.com (Postfix) with SMTP id 3A83D21F86DD for <oauth@ietf.org>; Tue, 15 May 2012 09:24:19 -0700 (PDT)
Received: from [98.139.212.146] by nm7.bullet.mail.bf1.yahoo.com with NNFMP; 15 May 2012 16:24:18 -0000
Received: from [98.139.212.211] by tm3.bullet.mail.bf1.yahoo.com with NNFMP; 15 May 2012 16:24:18 -0000
Received: from [127.0.0.1] by omp1020.mail.bf1.yahoo.com with NNFMP; 15 May 2012 16:24:18 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 644092.6378.bm@omp1020.mail.bf1.yahoo.com
Received: (qmail 60540 invoked by uid 60001); 15 May 2012 16:24:18 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1337099058; bh=QEx3X3nhbH5+omEO40xNfmkElPpxHP2j1GF9A62I+1k=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=VLarM5Vuq6QlFX8EZKp2h28N8Oze+bsUMHpRc8Jvry2vL6uee3Lxe50wQrGjgjhn4c+hsVkjjqnH52fdOJCHHsstzf8Z6ETHMtF8OX+NIivc60gcGO6qFFIJQRW8ThA0CSFJr6tWwOI7yjtNVj6UUbhJBfyEfxRzv74hCYhrgkk=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=D0K5AomB0SAE4V8dTKeiUoU9W6ef6nn7vvKA/apwnt939OL7ZcmNkV7iBqLMjNmZfh+udSLs6SCY/BuX/1HSbQcGE6boaeuOrESAOBf12beoWD8cOE6kUS9V5Hwv/liuNHJZCZvR6LSE/M12WxF4/k0GylLn2a3RslmKol0g+JE=;
X-YMail-OSG: G_16Lw8VM1l1WCJyEM_bEuUMyslvEd23ZvptOmqnUPvuFSe IGuAPjJbA0Y8znPRmXY9Xu__6kcuyVE4S5E1pizpUBZvync9StdYVY9XCSP3 I2gGjjc2CnbWg1tdTbyyUOKYxP1yENeGsLiN4QoeeD2Jtc96BQZecFQeUFHW 0IPRQdlf4DU_hh1bsn7mk69QVgGUMQZ4IbyKJmP7HxKPeOK7U5XFojzirm25 AtZq0lCBfawlEkJ.go7cs3kfdwYuhcEp10dP4fohIu7KqwilR8uLhLqv.aHh M0KX3G3pa47pCiZsX1pwqNsqnHR4oOuSeYAI66nwrQMzDOpJWalxuIhz55dr 4d.vzU4OG1qNdtY49bq.tUhP.5cVhZI_KUFLgJmcSYj_N6iYnsR0HEKNTidT aN5wVUNS_1v9.hPGKCPft2aHaG51KSWKPsTAR5NUK20Zh2O5L40w-
Received: from [209.131.62.115] by web31812.mail.mud.yahoo.com via HTTP; Tue, 15 May 2012 09:24:17 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.118.349524
References: <CA+tG_hWL4H4jkc0ASw-JQSY-akbQ2myv_m3tRm_pXHd8ghU9HA@mail.gmail.com> <1337097864.46559.YahooMailNeo@web31805.mail.mud.yahoo.com> <CA+tG_hUv9vnVxEq02pGtMGT_UnjLSJZyAxN8rvFjsHgDM-ZgxQ@mail.gmail.com>
Message-ID: <1337099057.36064.YahooMailNeo@web31812.mail.mud.yahoo.com>
Date: Tue, 15 May 2012 09:24:17 -0700 (PDT)
From: William Mills <wmills@yahoo-inc.com>
To: Sergey Shishkin <sergei.shishkin@gmail.com>
In-Reply-To: <CA+tG_hUv9vnVxEq02pGtMGT_UnjLSJZyAxN8rvFjsHgDM-ZgxQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="1458549034-1104400633-1337099057=:36064"
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth Bearer: Response to an unauthenticated request
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills@yahoo-inc.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 May 2012 16:24:20 -0000

--1458549034-1104400633-1337099057=:36064
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

You can hard configure it into your client, that's safe.=A0 The problem com=
es when the client can be sent to an arbitrary, possibly phishing, site to =
do authentication.=A0 If the client supports the password grant then it pro=
bably just hands in the username and password without user interaction.=0A=
=0A=0A-bill=0A=0A=0A=0A>________________________________=0A> From: Sergey S=
hishkin <sergei.shishkin@gmail.com>=0A>To: William Mills <wmills@yahoo-inc.=
com> =0A>Cc: "oauth@ietf.org" <oauth@ietf.org> =0A>Sent: Tuesday, May 15, 2=
012 9:09 AM=0A>Subject: Re: [OAUTH-WG] OAuth Bearer: Response to an unauthe=
nticated request=0A> =0A>=0A>In my scenario I control both the resource pro=
vider and the token issuer and I'm fine with the resource provider knowing =
the issuer. So, discovery is not needed. Or do I miss something?=0A>=0A>=0A=
>On Tue, May 15, 2012 at 6:04 PM, William Mills <wmills@yahoo-inc.com> wrot=
e:=0A>=0A>Yes, what you're running across here is the "discovery" problem.=
=A0 How do you discover the authentication endpoints for a service.=A0 Unfo=
rtunately it turns out returning that as part of the 401 has big security c=
oncerns.=A0 It's still being figured out.=0A>>=0A>>=0A>>=0A>>=0A>>>________=
________________________=0A>>> From: Sergey Shishkin <sergei.shishkin@gmail=
.com>=0A>>>To: oauth@ietf.org =0A>>>Sent: Tuesday, May 15, 2012 5:12 AM=0A>=
>>Subject: [OAUTH-WG] OAuth Bearer: Response to an unauthenticated request=
=0A>>> =0A>>>=0A>>>=0A>>>While designing a hypermedia-driven API I'm evalua=
ting possibilities to use OAuth Bearer tokens for claims-based authorizatio=
n. Currently I struggle with how to communicate to the API client the way t=
o obtain the token. In a hypermedia-driven manner I don't want the API clie=
nt to get this information out of band, but rather let the client "just fol=
low the links".=0A>>>=0A>>>The Bearer draft [http://tools.ietf.org/html/dra=
ft-ietf-oauth-v2-bearer-19#section-3] advises to send a 401 response with a=
 WWW-Authenticate challenge specifying optional realm and scope. The proble=
m here: neither realm nor scope identify the token issuer.=A0=0A>>>=0A>>>=
=0A>>>The OAuth 2.0 draft [http://tools.ietf.org/html/draft-ietf-oauth-v2-2=
6#section-4.1.1] suggests to redirect the resource owner to the token issue=
r, IIRC. I like this way from the hypermedia perspective, but still have mi=
xed feelings about missed 401 and WWW-Authenticate challenge.=0A>>>=0A>>>=
=0A>>>Did I missed some part of draft covering my scenario? Are there any k=
nown grassroots implementations doing just that on the internet? Any opinio=
n on the subject is very much appreciated.=0A>>>=0A>>>=0A>>>Thanks in advan=
ce,=0A>>>Sergey=0A>>>=0A>>>_______________________________________________=
=0A>>>OAuth mailing list=0A>>>OAuth@ietf.org=0A>>>https://www.ietf.org/mail=
man/listinfo/oauth=0A>>>=0A>>>=0A>>>=0A>=0A>=0A>
--1458549034-1104400633-1337099057=:36064
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

<html><body><div style=3D"color:#000; background-color:#fff; font-family:Co=
urier New, courier, monaco, monospace, sans-serif;font-size:14pt"><div><spa=
n>You can hard configure it into your client, that's safe.&nbsp; The proble=
m comes when the client can be sent to an arbitrary, possibly phishing, sit=
e to do authentication.&nbsp; If the client supports the password grant the=
n it probably just hands in the username and password without user interact=
ion.<br></span></div><div><br></div><div>-bill</div><div><br><blockquote st=
yle=3D"border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; margin-to=
p: 5px; padding-left: 5px;">  <div style=3D"font-family: Courier New, couri=
er, monaco, monospace, sans-serif; font-size: 14pt;"> <div style=3D"font-fa=
mily: times new roman, new york, times, serif; font-size: 12pt;"> <div dir=
=3D"ltr"> <font face=3D"Arial" size=3D"2"> <hr size=3D"1">  <b><span style=
=3D"font-weight:bold;">From:</span></b> Sergey Shishkin
 &lt;sergei.shishkin@gmail.com&gt;<br> <b><span style=3D"font-weight: bold;=
">To:</span></b> William Mills &lt;wmills@yahoo-inc.com&gt; <br><b><span st=
yle=3D"font-weight: bold;">Cc:</span></b> "oauth@ietf.org" &lt;oauth@ietf.o=
rg&gt; <br> <b><span style=3D"font-weight: bold;">Sent:</span></b> Tuesday,=
 May 15, 2012 9:09 AM<br> <b><span style=3D"font-weight: bold;">Subject:</s=
pan></b> Re: [OAUTH-WG] OAuth Bearer: Response to an unauthenticated reques=
t<br> </font> </div> <br>=0A<div id=3D"yiv137003389">In my scenario I contr=
ol both the resource provider and the token issuer and I'm fine with the re=
source provider knowing the issuer. So, discovery is not needed. Or do I mi=
ss something?<br><br><div class=3D"yiv137003389gmail_quote">=0AOn Tue, May =
15, 2012 at 6:04 PM, William Mills <span dir=3D"ltr">&lt;<a rel=3D"nofollow=
" ymailto=3D"mailto:wmills@yahoo-inc.com" target=3D"_blank" href=3D"mailto:=
wmills@yahoo-inc.com">wmills@yahoo-inc.com</a>&gt;</span> wrote:<br><blockq=
uote class=3D"yiv137003389gmail_quote" style=3D"margin:0 0 0 .8ex;border-le=
ft:1px #ccc solid;padding-left:1ex;">=0A<div><div style=3D"font-size:14pt;f=
ont-family:Courier New, courier, monaco, monospace, sans-serif;"><div><span=
>Yes, what you're running across here is the "discovery" problem.&nbsp; How=
 do you discover the authentication endpoints for a service.&nbsp; Unfortun=
ately it turns out returning that as part of the 401 has big security conce=
rns.&nbsp; It's still being figured out.<br>=0A</span></div><div><br><block=
quote style=3D"border-left:2px solid rgb(16,16,255);margin-left:5px;margin-=
top:5px;padding-left:5px;">  <div style=3D"font-family:Courier New, courier=
, monaco, monospace, sans-serif;font-size:14pt;"> <div style=3D"font-family=
:times new roman, new york, times, serif;font-size:12pt;">=0A <div dir=3D"l=
tr"> <font face=3D"Arial"> <hr size=3D"1">  <b><span style=3D"font-weight:b=
old;">From:</span></b> Sergey Shishkin &lt;<a rel=3D"nofollow" ymailto=3D"m=
ailto:sergei.shishkin@gmail.com" target=3D"_blank" href=3D"mailto:sergei.sh=
ishkin@gmail.com">sergei.shishkin@gmail.com</a>&gt;<br> <b><span style=3D"f=
ont-weight:bold;">To:</span></b>=0A <a rel=3D"nofollow" ymailto=3D"mailto:o=
auth@ietf.org" target=3D"_blank" href=3D"mailto:oauth@ietf.org">oauth@ietf.=
org</a> <br> <b><span style=3D"font-weight:bold;">Sent:</span></b> Tuesday,=
 May 15, 2012 5:12 AM<br> <b><span style=3D"font-weight:bold;">Subject:</sp=
an></b> [OAUTH-WG] OAuth Bearer: Response to an unauthenticated request<br>=
=0A </font> </div><div><div class=3D"yiv137003389h5"> <br>=0A<div><div>Whil=
e designing a hypermedia-driven API I'm evaluating possibilities to use OAu=
th Bearer tokens for claims-based authorization. Currently I struggle with =
how to communicate to the API client the way to obtain the token. In a hype=
rmedia-driven manner I don't want the API client to get this information ou=
t of band, but rather let the client "just follow the links".</div>=0A=0A<d=
iv><br></div>The Bearer draft [http://tools.ietf.org/html/draft-ietf-oauth-=
v2-bearer-19#section-3] advises to send a 401 response with a WWW-Authentic=
ate challenge specifying optional realm and scope. The problem here: neithe=
r realm nor scope identify the token issuer.&nbsp;<div>=0A=0A<br></div><div=
>The OAuth 2.0 draft [http://tools.ietf.org/html/draft-ietf-oauth-v2-26#sec=
tion-4.1.1] suggests to redirect the resource owner to the token issuer, II=
RC. I like this way from the hypermedia perspective, but still have mixed f=
eelings about missed 401 and WWW-Authenticate challenge.</div>=0A=0A<div><b=
r></div><div>Did I missed some part of draft covering my scenario? Are ther=
e any known grassroots implementations doing just that on the internet? Any=
 opinion on the subject is very much appreciated.</div><div><br>=0A=0A</div=
><div>Thanks in advance,</div><div>Sergey</div>=0A</div><br></div></div><di=
v class=3D"yiv137003389im">_______________________________________________<=
br>OAuth mailing list<br><a rel=3D"nofollow" ymailto=3D"mailto:OAuth@ietf.o=
rg" target=3D"_blank" href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>=
<a rel=3D"nofollow" target=3D"_blank" href=3D"https://www.ietf.org/mailman/=
listinfo/oauth">https://www.ietf.org/mailman/listinfo/oauth</a><br>=0A<br><=
br> </div></div> </div> </blockquote></div>   </div></div></blockquote></di=
v><br>=0A</div><br><br> </div> </div> </blockquote></div>   </div></body></=
html>
--1458549034-1104400633-1337099057=:36064--

From ve7jtb@ve7jtb.com  Tue May 15 09:54:03 2012
Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCC4021F880F for <oauth@ietfa.amsl.com>; Tue, 15 May 2012 09:54:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.393
X-Spam-Level: 
X-Spam-Status: No, score=-2.393 tagged_above=-999 required=5 tests=[AWL=-1.095, BAYES_00=-2.599, HTML_MESSAGE=0.001, MANGLED_LOAN=2.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lKhHMpRizJIY for <oauth@ietfa.amsl.com>; Tue, 15 May 2012 09:54:02 -0700 (PDT)
Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by ietfa.amsl.com (Postfix) with ESMTP id AD38D21F880E for <oauth@ietf.org>; Tue, 15 May 2012 09:54:02 -0700 (PDT)
Received: by yenq13 with SMTP id q13so6671613yen.31 for <oauth@ietf.org>; Tue, 15 May 2012 09:54:02 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=uHhuMQ2rlS32VqJDvDgL1hIB+qTrGtuHOMtdPRaWMY4=; b=cNz1914VFLunkd2Q/5yPLVlDpbxOGaqzARysKulzGPIekCoqEM/ei+5kdSxTKlGuJb f7UrozI4Lef0zowAJ951LICX/yAe4vAcfukRqc5DJypvcrmDummxEHZWdLwyLr+GOq2w KOpmGQjgBZ7zybOQmiskTAe6eA/Z2FdWmWMvGcUSeOwRu4ARQWtgjQh60svIEVS099/N i+FXN9GdZMS6giiNhSq4LDxF+rwAAfURBY4r70wAu103DLiwUxGpq65epVn9y9j00JVs GQIJPEMSo5zRNZn9WperO3+PcED3x/VPt0RL4hMCrtor8z2ivKfvFlhABYGG3816+IJd gyOw==
Received: by 10.236.184.202 with SMTP id s50mr12725000yhm.84.1337100842206; Tue, 15 May 2012 09:54:02 -0700 (PDT)
Received: from [192.168.1.213] (190-20-39-254.baf.movistar.cl. [190.20.39.254]) by mx.google.com with ESMTPS id h49sm99890388yhk.15.2012.05.15.09.53.57 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 15 May 2012 09:54:00 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: multipart/signed; boundary="Apple-Mail=_637D0106-60C3-4257-AF71-851B25D2283E"; protocol="application/pkcs7-signature"; micalg=sha1
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <59E470B10C4630419ED717AC79FCF9A90DF629@CH1PRD0410MB369.namprd04.prod.outlook.com>
Date: Tue, 15 May 2012 12:53:42 -0400
Message-Id: <B644305F-B21B-4371-BCC1-9B3A7C2FA57E@ve7jtb.com>
References: <4E1F6AAD24975D4BA5B1680429673943664F190F@TK5EX14MBXC284.redmond.corp.microsoft.com> <59E470B10C4630419ED717AC79FCF9A90DF629@CH1PRD0410MB369.namprd04.prod.outlook.com>
To: Lewis Adam-CAL022 <Adam.Lewis@motorolasolutions.com>
X-Mailer: Apple Mail (2.1278)
X-Gm-Message-State: ALoCoQmSR5g2avAypvVKg3oIxB1M5AdNHy4xZHHMgt89ANQ3SL2kpQnDDYwso6eFpz5SiXaAnWgf
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] JSON Web Token (JWT) Specification Draft -10
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 May 2012 16:54:03 -0000

--Apple-Mail=_637D0106-60C3-4257-AF71-851B25D2283E
Content-Type: multipart/alternative;
	boundary="Apple-Mail=_C46B3356-B741-4E23-8CE4-39D6A7694B4E"


--Apple-Mail=_C46B3356-B741-4E23-8CE4-39D6A7694B4E
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=windows-1252

We added on in openID Connect.

acr : Though that is intended as a class reference for things like FICAM =
LoA 2 etc.   You could make class references that only defined the =
primary authenticator.

The question  is if there is enough consensus to put it in the JWT spec =
rather than in things profiling JWT.  I am OK with putting it in JWT if =
there is a demand.

John B.
On 2012-05-15, at 10:54 AM, Lewis Adam-CAL022 wrote:

> Hi,
> =20
> Apologies if the OAuth list is not the right place to ask this =
question, but I=92m trying to understand why JWT doesn=92t have an =
=93Authentication Context=94 like reserved claim name (such as present =
in SAML).  Knowing the primary authentication method used to obtain the =
JWT seems just as fundamental as knowing the issuer, principal, etc.
> =20
> I realize it=92s easy enough to add your own, but from an inter-op =
perspective, it just seems really valuable to be able to assert the =
primary authentication method.
> =20
> Tx!
> adam
> =20
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf =
Of Mike Jones
> Sent: Saturday, May 12, 2012 7:19 PM
> To: oauth@ietf.org
> Subject: [OAUTH-WG] JSON Web Token (JWT) Specification Draft -10
> =20
> Draft -10 of the JSON Web Token (JWT) specification has been =
published.  It uses the -02 versions of the JOSE specifications and =
contains parallel editorial changes to those applied to the JOSE specs.  =
Changes were:
> Clarified the relationship between typ header parameter values, typ =
claim values, and MIME types.
> Clarified that JWTs with duplicate Header Parameter Names or Duplicate =
Claim names MUST be rejected.
> Required implementation of AES-128-KW and AES-256-KW when the =
implementation provides encryption capabilities.
> Registered "JWT" typ header parameter value.
> Generalized language to refer to Message Authentication Codes (MACs) =
rather than Hash-based Message Authentication Codes (HMACs) unless in a =
context specific to HMAC algorithms.
> Reformatted to give each claim definition and header parameter its own =
section heading.
> =20
> The specification is available at:
> =B7         http://tools.ietf.org/html/draft-jones-json-web-token-10
> =20
> An HTML formatted version is available at:
> =B7         =
http://self-issued.info/docs/draft-jones-json-web-token-10.html
> =20
>                                                             -- Mike
> =20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


--Apple-Mail=_C46B3356-B741-4E23-8CE4-39D6A7694B4E
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=windows-1252

<html><head><base href=3D"x-msg://1382/"></head><body style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; ">We added on in openID =
Connect.<div><br></div><div>acr : Though that is intended as a class =
reference for things like FICAM LoA 2 etc. &nbsp; You could make class =
references that only defined the primary =
authenticator.</div><div><br></div><div>The question &nbsp;is if there =
is enough consensus to put it in the JWT spec rather than in things =
profiling JWT. &nbsp;I am OK with putting it in JWT if there is a =
demand.</div><div><br></div><div>John B.<br><div><div>On 2012-05-15, at =
10:54 AM, Lewis Adam-CAL022 wrote:</div><br =
class=3D"Apple-interchange-newline"><blockquote type=3D"cite"><span =
class=3D"Apple-style-span" style=3D"border-collapse: separate; =
font-family: Helvetica; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: =
none; white-space: normal; widows: 2; word-spacing: 0px; =
-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: =
0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; font-size: medium; "><div =
lang=3D"EN-US" link=3D"blue" vlink=3D"purple"><div class=3D"WordSection1" =
style=3D"page: WordSection1; "><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: =
11pt; font-family: Calibri, sans-serif; ">Hi,<o:p></o:p></div><div =
style=3D"margin-top: 0in; margin-right: 0in; margin-left: 0in; =
margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, =
sans-serif; "><o:p>&nbsp;</o:p></div><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: =
11pt; font-family: Calibri, sans-serif; ">Apologies if the OAuth list is =
not the right place to ask this question, but I=92m trying to understand =
why JWT doesn=92t have an =93<i>Authentication Context</i>=94 like =
reserved claim name (such as present in SAML).&nbsp; Knowing the primary =
authentication method used to obtain the JWT seems just as fundamental =
as knowing the issuer, principal, etc.<o:p></o:p></div><div =
style=3D"margin-top: 0in; margin-right: 0in; margin-left: 0in; =
margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, =
sans-serif; "><o:p>&nbsp;</o:p></div><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: =
11pt; font-family: Calibri, sans-serif; ">I realize it=92s easy enough =
to add your own, but from an inter-op perspective, it just seems really =
valuable to be able to assert the primary authentication =
method.<o:p></o:p></div><div style=3D"margin-top: 0in; margin-right: =
0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; =
font-family: Calibri, sans-serif; "><o:p>&nbsp;</o:p></div><div =
style=3D"margin-top: 0in; margin-right: 0in; margin-left: 0in; =
margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, =
sans-serif; ">Tx!<o:p></o:p></div><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: =
11pt; font-family: Calibri, sans-serif; ">adam<o:p></o:p></div><div =
style=3D"margin-top: 0in; margin-right: 0in; margin-left: 0in; =
margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, =
sans-serif; "><span style=3D"font-size: 12pt; color: olive; =
"><o:p>&nbsp;</o:p></span></div><div><div style=3D"border-right-style: =
none; border-bottom-style: none; border-left-style: none; border-width: =
initial; border-color: initial; border-top-style: solid; =
border-top-color: rgb(181, 196, 223); border-top-width: 1pt; =
padding-top: 3pt; padding-right: 0in; padding-bottom: 0in; padding-left: =
0in; "><div style=3D"margin-top: 0in; margin-right: 0in; margin-left: =
0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, =
sans-serif; "><b><span style=3D"font-size: 10pt; font-family: Tahoma, =
sans-serif; ">From:</span></b><span style=3D"font-size: 10pt; =
font-family: Tahoma, sans-serif; "><span =
class=3D"Apple-converted-space">&nbsp;</span><a =
href=3D"mailto:oauth-bounces@ietf.org">oauth-bounces@ietf.org</a> =
[mailto:oauth-bounces@ietf.org]<span =
class=3D"Apple-converted-space">&nbsp;</span><b>On Behalf Of<span =
class=3D"Apple-converted-space">&nbsp;</span></b>Mike =
Jones<br><b>Sent:</b><span =
class=3D"Apple-converted-space">&nbsp;</span>Saturday, May 12, 2012 7:19 =
PM<br><b>To:</b><span class=3D"Apple-converted-space">&nbsp;</span><a =
href=3D"mailto:oauth@ietf.org">oauth@ietf.org</a><br><b>Subject:</b><span =
class=3D"Apple-converted-space">&nbsp;</span>[OAUTH-WG] JSON Web Token =
(JWT) Specification Draft -10<o:p></o:p></span></div></div></div><div =
style=3D"margin-top: 0in; margin-right: 0in; margin-left: 0in; =
margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, =
sans-serif; "><o:p>&nbsp;</o:p></div><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: =
11pt; font-family: Calibri, sans-serif; "><a =
href=3D"http://self-issued.info/docs/draft-jones-json-web-token-10.html" =
style=3D"color: blue; text-decoration: underline; ">Draft -10</a><span =
class=3D"Apple-converted-space">&nbsp;</span>of the<span =
class=3D"Apple-converted-space">&nbsp;</span><a =
href=3D"http://self-issued.info/docs/draft-jones-json-web-token.html" =
style=3D"color: blue; text-decoration: underline; ">JSON Web Token =
(JWT)</a><span class=3D"Apple-converted-space">&nbsp;</span>specification =
has been published.&nbsp; It uses the -02 versions of the JOSE =
specifications and contains parallel editorial changes to those applied =
to the JOSE specs.&nbsp; Changes were:<o:p></o:p></div><ul type=3D"disc" =
style=3D"margin-bottom: 0in; margin-top: 0in; "><li class=3D"MsoNormal" =
style=3D"margin-top: 0in; margin-right: 0in; margin-left: 0in; =
margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, =
sans-serif; color: black; "><span lang=3D"EN" style=3D"font-family: =
Verdana, sans-serif; ">Clarified the relationship between<span =
class=3D"Apple-converted-space">&nbsp;</span></span><span lang=3D"EN" =
style=3D"font-family: 'Courier New'; color: rgb(0, 51, 102); =
">typ</span><span lang=3D"EN" style=3D"font-family: Verdana, sans-serif; =
"><span class=3D"Apple-converted-space">&nbsp;</span>header parameter =
values,<span class=3D"Apple-converted-space">&nbsp;</span></span><span =
lang=3D"EN" style=3D"font-family: 'Courier New'; color: rgb(0, 51, 102); =
">typ</span><span lang=3D"EN" style=3D"font-family: Verdana, sans-serif; =
"><span class=3D"Apple-converted-space">&nbsp;</span>claim values, and =
MIME types.<o:p></o:p></span></li><li class=3D"MsoNormal" =
style=3D"margin-top: 0in; margin-right: 0in; margin-left: 0in; =
margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, =
sans-serif; color: black; "><span lang=3D"EN" style=3D"font-family: =
Verdana, sans-serif; ">Clarified that JWTs with duplicate Header =
Parameter Names or Duplicate Claim names MUST be =
rejected.<o:p></o:p></span></li><li class=3D"MsoNormal" =
style=3D"margin-top: 0in; margin-right: 0in; margin-left: 0in; =
margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, =
sans-serif; color: black; "><span lang=3D"EN" style=3D"font-family: =
Verdana, sans-serif; ">Required implementation of AES-128-KW and =
AES-256-KW when the implementation provides encryption =
capabilities.<o:p></o:p></span></li><li class=3D"MsoNormal" =
style=3D"margin-top: 0in; margin-right: 0in; margin-left: 0in; =
margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, =
sans-serif; color: black; "><span lang=3D"EN" style=3D"font-family: =
Verdana, sans-serif; ">Registered "JWT" typ header parameter =
value.<o:p></o:p></span></li><li class=3D"MsoNormal" style=3D"margin-top: =
0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; =
font-size: 11pt; font-family: Calibri, sans-serif; color: black; "><span =
lang=3D"EN" style=3D"font-family: Verdana, sans-serif; ">Generalized =
language to refer to Message Authentication Codes (MACs) rather than =
Hash-based Message Authentication Codes (HMACs) unless in a context =
specific to HMAC algorithms.<o:p></o:p></span></li><li class=3D"MsoNormal"=
 style=3D"margin-top: 0in; margin-right: 0in; margin-left: 0in; =
margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, =
sans-serif; color: black; "><span lang=3D"EN" style=3D"font-family: =
Verdana, sans-serif; ">Reformatted to give each claim definition and =
header parameter its own section =
heading.<o:p></o:p></span></li></ul><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: =
11pt; font-family: Calibri, sans-serif; "><o:p>&nbsp;</o:p></div><div =
style=3D"margin-top: 0in; margin-right: 0in; margin-left: 0in; =
margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, =
sans-serif; ">The specification is available at:<o:p></o:p></div><div =
style=3D"margin-top: 0in; margin-right: 0in; margin-left: 0.5in; =
margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, =
sans-serif; text-indent: -0.25in; "><span style=3D"font-family: Symbol; =
"><span>=B7<span style=3D"font: normal normal normal 7pt/normal 'Times =
New Roman'; ">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span =
class=3D"Apple-converted-space">&nbsp;</span></span></span></span><a =
href=3D"http://tools.ietf.org/html/draft-jones-json-web-token-10" =
style=3D"color: blue; text-decoration: underline; =
">http://tools.ietf.org/html/draft-jones-json-web-token-10</a><o:p></o:p><=
/div><div style=3D"margin-top: 0in; margin-right: 0in; margin-left: 0in; =
margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, =
sans-serif; "><o:p>&nbsp;</o:p></div><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: =
11pt; font-family: Calibri, sans-serif; ">An HTML formatted version is =
available at:<o:p></o:p></div><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0.5in; margin-bottom: 0.0001pt; =
font-size: 11pt; font-family: Calibri, sans-serif; text-indent: -0.25in; =
"><span style=3D"font-family: Symbol; "><span>=B7<span style=3D"font: =
normal normal normal 7pt/normal 'Times New Roman'; =
">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span =
class=3D"Apple-converted-space">&nbsp;</span></span></span></span><a =
href=3D"http://self-issued.info/docs/draft-jones-json-web-token-10.html" =
style=3D"color: blue; text-decoration: underline; =
">http://self-issued.info/docs/draft-jones-json-web-token-10.html</a><o:p>=
</o:p></div><div style=3D"margin-top: 0in; margin-right: 0in; =
margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: =
Calibri, sans-serif; "><o:p>&nbsp;</o:p></div><div style=3D"margin-top: =
0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; =
font-size: 11pt; font-family: Calibri, sans-serif; =
">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- =
Mike<o:p></o:p></div><div style=3D"margin-top: 0in; margin-right: 0in; =
margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: =
Calibri, sans-serif; =
"><o:p>&nbsp;</o:p></div></div>___________________________________________=
____<br>OAuth mailing list<br><a =
href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>https://www.ietf.org/=
mailman/listinfo/oauth</div></span></blockquote></div><br></div></body></h=
tml>=

--Apple-Mail=_C46B3356-B741-4E23-8CE4-39D6A7694B4E--

--Apple-Mail=_637D0106-60C3-4257-AF71-851B25D2283E
Content-Disposition: attachment;
	filename=smime.p7s
Content-Type: application/pkcs7-signature;
	name=smime.p7s
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIPnzCCB7Uw
ggadoAMCAQICAh5cMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3Rh
cnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4
MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0Ew
HhcNMTIwMzE4MDQzMjQ4WhcNMTQwMzE5MTEwNzMyWjCBmzEZMBcGA1UEDRMQR3JUTTZMUzdYMzU3
NzhzOTELMAkGA1UEBhMCQ0wxIjAgBgNVBAgTGU1ldHJvcG9saXRhbmEgZGUgU2FudGlhZ28xFjAU
BgNVBAcTDUlzbGEgZGUgTWFpcG8xFTATBgNVBAMTDEpvaG4gQnJhZGxleTEeMBwGCSqGSIb3DQEJ
ARYPamJyYWRsZXlAbWUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskrlBI93
rBTLOQGSwIT6co6dAw/rwDPrRXl6/F2oc4KDn+QN6CdFeHo08H846VJS9CDjLKvnK9jbxxs4wYqe
nKdPb3jgzt8oc7b9ZXtWkOgsxgMf6dBZ/IPm4lWBpCbSr3seDGDXEpiE2lTZXno7c25OguR4E6Qa
hcpHABZjeEWK65mMH25gmoRf5MY1k3quu5y+FCYCHE2iwU5jzq+mI3HmG59+UMFLx1fjV+zTslRw
26cQDC/uepwjeYSp8S26hfWipVWwQj4js/C7RoPtvt2iyeU+LSH81jG4wlAWntiOG1WtoXUuXWSc
ExhciKeKWCnemy9qqmxRfJqBROeGlQIDAQABo4IEDjCCBAowCQYDVR0TBAIwADALBgNVHQ8EBAMC
BLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBQ/A7/CxKEnzpqmZlLz
9iaQMy24eTAfBgNVHSMEGDAWgBSuVYNv7DHKufcd+q9rMfPIHeOsuzB+BgNVHREEdzB1gQ9qYnJh
ZGxleUBtZS5jb22BD2picmFkbGV5QG1lLmNvbYEQamJyYWRsZXlAbWFjLmNvbYERdmU3anRiQHZl
N2p0Yi5jb22BE2picmFkbGV5QHdpbmdhYS5jb22BF2pvaG4uYnJhZGxleUB3aW5nYWEuY29tMIIC
IQYDVR0gBIICGDCCAhQwggIQBgsrBgEEAYG1NwECAjCCAf8wLgYIKwYBBQUHAgEWImh0dHA6Ly93
d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3RhcnRz
c2wuY29tL2ludGVybWVkaWF0ZS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1ZWQgYWNj
b3JkaW5nIHRvIHRoZSBDbGFzcyAyIFZhbGlkYXRpb24gcmVxdWlyZW1lbnRzIG9mIHRoZSBTdGFy
dENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9yIHRoZSBpbnRlbmRlZCBwdXJwb3NlIGlu
IGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlpbmcgcGFydHkgb2JsaWdhdGlvbnMuMIGcBggrBgEFBQcC
AjCBjzAnFiBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgECGmRMaWFiaWxpdHkg
YW5kIHdhcnJhbnRpZXMgYXJlIGxpbWl0ZWQhIFNlZSBzZWN0aW9uICJMZWdhbCBhbmQgTGltaXRh
dGlvbnMiIG9mIHRoZSBTdGFydENvbSBDQSBwb2xpY3kuMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6
Ly9jcmwuc3RhcnRzc2wuY29tL2NydHUyLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8wOQYIKwYB
BQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MyL2NsaWVudC9jYTBCBggr
BgEFBQcwAoY2aHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNzMi5jbGllbnQu
Y2EuY3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQUF
AAOCAQEAEcfD4PmHrX+W3zaP/KsR4gwLAL0UTaMz14SIng6a9F3kb8ZDbTUneS9ubgpqeJQP2IFc
0U5gQnJ3XeCH6p9I88mvm1NqKQw8WvfglS0aIS19vfpTgXJSPdIO2JJPRqaBtXf3zkdXJwckX9/d
NMrLGeGvaFT9fUNdQdHU4BI1pVUpgKr796T7LTc/ERfH8iFp1+CmdVkJ6Y2iJdWUp4h17XmbxbIT
0CdS4SSk/VW8LFsn/mVz6hB73VthwjGsIku54Wp4pRuq1KX+pATnRk3pHRa1z3mxJMmq7OEXENcC
Vm+bAnyUrYbUilNS9UVTYS8/3dVsKiNupBaOZO+vOgJqVDCCB+IwggXKoAMCAQICAQ4wDQYJKoZI
hvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT
IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDI1NFoXDTEyMTAyMjIxMDI1NFowgYwx
CzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGln
aXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAyIFByaW1h
cnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMsohUWcASz7GfKrpTOMKqANy9BV7V0igWdGxA8IU77L3aTxErQ+fcxtDYZ36Z6GH0YFn7fq5RAD
teP0AYzrCA+EQTfi8q1+kA3m0nwtwXG94M5sIqsvs7lRP1aycBke/s5g9hJHryZ2acScnzczjBCA
o7X1v5G3yw8MDP2m2RCye0KfgZ4nODerZJVzhAlOD9YejvAXZqHksw56HzElVIoYSZ3q4+RJuPXX
fIoyby+Y2m1E+YzX5iCZXBx05gk6MKAW1vaw4/v2OOLy6FZH3XHHtOkzUreG//CsFnB9+uaYSlR6
5cdGzTsmoIK8WH1ygoXhRBm98SD7Hf/r3FELNvUCAwEAAaOCA1swggNXMAwGA1UdEwQFMAMBAf8w
CwYDVR0PBAQDAgGmMB0GA1UdDgQWBBSuVYNv7DHKufcd+q9rMfPIHeOsuzCBqAYDVR0jBIGgMIGd
gBROC+8apEBbpRdphzDKNGhD0EGu8qGBgaR/MH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFy
dENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkw
JwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBATAJBgNVHRIEAjAAMD0G
CCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAoYhaHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2Eu
Y3J0MGAGA1UdHwRZMFcwLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwu
Y3JsMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwggFdBgNVHSAEggFU
MIIBUDCCAUwGCysGAQQBgbU3AQEEMIIBOzAvBggrBgEFBQcCARYjaHR0cDovL2NlcnQuc3RhcnRj
b20ub3JnL3BvbGljeS5wZGYwNQYIKwYBBQUHAgEWKWh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9p
bnRlcm1lZGlhdGUucGRmMIHQBggrBgEFBQcCAjCBwzAnFiBTdGFydCBDb21tZXJjaWFsIChTdGFy
dENvbSkgTHRkLjADAgEBGoGXTGltaXRlZCBMaWFiaWxpdHksIHJlYWQgdGhlIHNlY3Rpb24gKkxl
Z2FsIExpbWl0YXRpb25zKiBvZiB0aGUgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
UG9saWN5IGF2YWlsYWJsZSBhdCBodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvcG9saWN5LnBkZjAR
BglghkgBhvhCAQEEBAMCAAcwUAYJYIZIAYb4QgENBEMWQVN0YXJ0Q29tIENsYXNzIDIgUHJpbWFy
eSBJbnRlcm1lZGlhdGUgRnJlZSBTU0wgRW1haWwgQ2VydGlmaWNhdGVzMA0GCSqGSIb3DQEBBQUA
A4ICAQAe9xAX/vbphHkvkDdNrslXWdO7fD3JaqnTT3jmmDu55r7UpW1H/v/J40UBXsw9DKU8TylE
4RwZT5HDAMW42f1x498AzM4FOnL/pUTTvr6BiRlrify5ZovkDYVWjy1GYTJ+hPiBEv0HmHnDxjhn
JIIkEvJ+niMHLLEdpNMhZnxMiTFRAtIF4WeYcpgXBjAxsEDRKBvw40K+r3N4lykySQNp2ElIJ8H1
z2BmhxtppUdWpOVJ4Q1Gvn9jfV1qnMhFCDY+X1X8DrkKrTcpDExcGlefweQs7+DYUK3spiQkJpN7
qpPYlfy2GYHedv7lGa1ZAghMI/4882QVAK2zq6M60nHpOUMtYD61XtAs3ZD5L3yn9LCdeK2j4ZbQ
3uRdwvxAMFWwXyUK/ALP4lCu9QhxbnETOkBWT3FJul4/FUgzM0RRCEGhuQWiOFSoa35XJTcYf/4E
/ZuvOXhK04nUpe7DYTMWzRqL04yyoJQVHKHKSboytueydKuqFZKdJA9gi77OnPBYL/yxkXGgkLC9
tsi77oT4AgZry0/6lgX56ak+f/umQihNPgtKSQQjEYq9S8MlOHzpUM0vxsghATYsdUPBw6r6ZxDH
jXoUAD03DUMEbKsWvqFB7nJNVesngbu8miw1EYLA+fHfTaCidoV3CL75jKqM/KE87qrh9Fqti9bK
qnkvpTGCA2wwggNoAgEBMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk
LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMv
U3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMAkGBSsO
AwIaBQCgggGtMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEyMDUx
NTE2NTM0M1owIwYJKoZIhvcNAQkEMRYEFLH2K4krdENoCtYtbK0ILxWXVlDcMIGkBgkrBgEEAYI3
EAQxgZYwgZMwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQL
EyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBD
bGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQICHlwwgaYGCyqGSIb3DQEJEAIL
MYGWoIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xh
c3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMA0GCSqGSIb3DQEBAQUABIIB
ACLC250rbYjwLGpPKBIe3IUMPO9PxlnEtJbRA6cqjcoxxtZimYltMHNwX1KTzGbXE9vddJIjhblG
8kIWx0a27TGnxf4F3GYbyle0bplUGpn8cvqWDyIWYDGTh/UjFhkerSQbgpFJ4rEws2G0NGmOgb/y
lL9Yn/6U5VHwitJA9lYK5P4hSU1ipLtrkTtgyigURHXYEDI+6aDIoWVcN857oW1BegiAgnflvIBi
PyFJzNoE/8ZilbOgcorkCc7dLZ9ga5W1cbLB5PMzISFczGH/dOam8dQAcjotXSkNO89Pgo3A7xtD
KQtnqdpFMNzOwT73RL5HUJcs1dkaSDZZuyuPsUwAAAAAAAA=

--Apple-Mail=_637D0106-60C3-4257-AF71-851B25D2283E--

From Michael.Jones@microsoft.com  Tue May 15 10:14:23 2012
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B646E21F8711 for <oauth@ietfa.amsl.com>; Tue, 15 May 2012 10:14:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.935
X-Spam-Level: 
X-Spam-Status: No, score=-3.935 tagged_above=-999 required=5 tests=[AWL=-0.337, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pQN+wr6HTzHP for <oauth@ietfa.amsl.com>; Tue, 15 May 2012 10:14:21 -0700 (PDT)
Received: from am1outboundpool.messaging.microsoft.com (am1ehsobe006.messaging.microsoft.com [213.199.154.209]) by ietfa.amsl.com (Postfix) with ESMTP id 57A9221F864C for <oauth@ietf.org>; Tue, 15 May 2012 10:14:20 -0700 (PDT)
Received: from mail8-am1-R.bigfish.com (10.3.201.245) by AM1EHSOBE002.bigfish.com (10.3.204.22) with Microsoft SMTP Server id 14.1.225.23; Tue, 15 May 2012 17:14:13 +0000
Received: from mail8-am1 (localhost [127.0.0.1])	by mail8-am1-R.bigfish.com (Postfix) with ESMTP id EC6123601E9; Tue, 15 May 2012 17:14:13 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC104.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -26
X-BigFish: VS-26(zz9371I936eKc85fh98dKzz1202hzz8275ch1033IL8275eh8275bh8275dha1495iz2fh2a8h668h839hd25h)
Received-SPF: pass (mail8-am1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14MLTC104.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail8-am1 (localhost.localdomain [127.0.0.1]) by mail8-am1 (MessageSwitch) id 1337102051276270_32310; Tue, 15 May 2012 17:14:11 +0000 (UTC)
Received: from AM1EHSMHS003.bigfish.com (unknown [10.3.201.245])	by mail8-am1.bigfish.com (Postfix) with ESMTP id 413CA380048; Tue, 15 May 2012 17:14:11 +0000 (UTC)
Received: from TK5EX14MLTC104.redmond.corp.microsoft.com (131.107.125.8) by AM1EHSMHS003.bigfish.com (10.3.207.103) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 15 May 2012 17:14:10 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.189]) by TK5EX14MLTC104.redmond.corp.microsoft.com ([157.54.79.159]) with mapi id 14.02.0298.005; Tue, 15 May 2012 17:14:03 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: John Bradley <ve7jtb@ve7jtb.com>, Lewis Adam-CAL022 <Adam.Lewis@motorolasolutions.com>
Thread-Topic: [OAUTH-WG] JSON Web Token (JWT) Specification Draft -10
Thread-Index: Ac0wney5E9KEETp7T86BmhWRCpKKugCC/fMAAARY/QAAAIRu8A==
Date: Tue, 15 May 2012 17:14:02 +0000
Message-ID: <4E1F6AAD24975D4BA5B1680429673943664FA9FF@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <4E1F6AAD24975D4BA5B1680429673943664F190F@TK5EX14MBXC284.redmond.corp.microsoft.com> <59E470B10C4630419ED717AC79FCF9A90DF629@CH1PRD0410MB369.namprd04.prod.outlook.com> <B644305F-B21B-4371-BCC1-9B3A7C2FA57E@ve7jtb.com>
In-Reply-To: <B644305F-B21B-4371-BCC1-9B3A7C2FA57E@ve7jtb.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.75]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B1680429673943664FA9FFTK5EX14MBXC284r_"
MIME-Version: 1.0
X-FOPE-CRA-Verdict: 131.107.125.8$motorolasolutions.com%0%1%microsoft.com%False%False%0$
X-OriginatorOrg: microsoft.com
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] JSON Web Token (JWT) Specification Draft -10
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 May 2012 17:14:23 -0000

--_000_4E1F6AAD24975D4BA5B1680429673943664FA9FFTK5EX14MBXC284r_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I was about to write about the same thing.  See http://openid.net/specs/ope=
nid-connect-messages-1_0.html#id_token for the definition of "acr" (Authent=
ication Context Class Reference) as used by OpenID Connect.

It's not clear to me that this should move into the JWT spec itself, as I'd=
 rather we get more industry experience with it first.  Most of the JWT def=
initions are intentionally very general, whereas the "acr" definition is in=
tentionally much more specific, especially as it defines the values "1", "2=
", "3", and "4" as mappings to ISO29115 levels, plus the value "0" with the=
 OpenID-specific meaning.

                                                                Cheers,
                                                                -- Mike

From: John Bradley [mailto:ve7jtb@ve7jtb.com]
Sent: Tuesday, May 15, 2012 9:54 AM
To: Lewis Adam-CAL022
Cc: Mike Jones; oauth@ietf.org
Subject: Re: [OAUTH-WG] JSON Web Token (JWT) Specification Draft -10

We added on in openID Connect.

acr : Though that is intended as a class reference for things like FICAM Lo=
A 2 etc.   You could make class references that only defined the primary au=
thenticator.

The question  is if there is enough consensus to put it in the JWT spec rat=
her than in things profiling JWT.  I am OK with putting it in JWT if there =
is a demand.

John B.
On 2012-05-15, at 10:54 AM, Lewis Adam-CAL022 wrote:


Hi,

Apologies if the OAuth list is not the right place to ask this question, bu=
t I'm trying to understand why JWT doesn't have an "Authentication Context"=
 like reserved claim name (such as present in SAML).  Knowing the primary a=
uthentication method used to obtain the JWT seems just as fundamental as kn=
owing the issuer, principal, etc.

I realize it's easy enough to add your own, but from an inter-op perspectiv=
e, it just seems really valuable to be able to assert the primary authentic=
ation method.

Tx!
adam

From: oauth-bounces@ietf.org<mailto:oauth-bounces@ietf.org> [mailto:oauth-b=
ounces@ietf.org]<mailto:[mailto:oauth-bounces@ietf.org]> On Behalf Of Mike =
Jones
Sent: Saturday, May 12, 2012 7:19 PM
To: oauth@ietf.org<mailto:oauth@ietf.org>
Subject: [OAUTH-WG] JSON Web Token (JWT) Specification Draft -10

Draft -10<http://self-issued.info/docs/draft-jones-json-web-token-10.html> =
of the JSON Web Token (JWT)<http://self-issued.info/docs/draft-jones-json-w=
eb-token.html> specification has been published.  It uses the -02 versions =
of the JOSE specifications and contains parallel editorial changes to those=
 applied to the JOSE specs.  Changes were:

  *   Clarified the relationship between typ header parameter values, typ c=
laim values, and MIME types.
  *   Clarified that JWTs with duplicate Header Parameter Names or Duplicat=
e Claim names MUST be rejected.
  *   Required implementation of AES-128-KW and AES-256-KW when the impleme=
ntation provides encryption capabilities.
  *   Registered "JWT" typ header parameter value.
  *   Generalized language to refer to Message Authentication Codes (MACs) =
rather than Hash-based Message Authentication Codes (HMACs) unless in a con=
text specific to HMAC algorithms.
  *   Reformatted to give each claim definition and header parameter its ow=
n section heading.

The specification is available at:
*         http://tools.ietf.org/html/draft-jones-json-web-token-10

An HTML formatted version is available at:
*         http://self-issued.info/docs/draft-jones-json-web-token-10.html

                                                            -- Mike

_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth


--_000_4E1F6AAD24975D4BA5B1680429673943664FA9FFTK5EX14MBXC284r_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)">
<base href=3D"x-msg://1382/"><style><!--
/* Font Definitions */
@font-face
	{font-family:Helvetica;
	panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
	{font-family:Helvetica;
	panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
	{font-family:Verdana;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
	{mso-style-priority:99;
	mso-style-link:"Balloon Text Char";
	margin:0in;
	margin-bottom:.0001pt;
	font-size:8.0pt;
	font-family:"Tahoma","sans-serif";}
span.apple-style-span
	{mso-style-name:apple-style-span;}
span.apple-converted-space
	{mso-style-name:apple-converted-space;}
span.EmailStyle19
	{mso-style-type:personal-reply;
	font-family:"Calibri","sans-serif";
	color:#002060;}
span.BalloonTextChar
	{mso-style-name:"Balloon Text Char";
	mso-style-priority:99;
	mso-style-link:"Balloon Text";
	font-family:"Tahoma","sans-serif";}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:10.0pt;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
/* List Definitions */
@list l0
	{mso-list-id:949551188;
	mso-list-template-ids:1704365622;}
@list l0:level1
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Symbol;}
@list l0:level2
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:1.0in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Symbol;}
@list l0:level3
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:1.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Symbol;}
@list l0:level4
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:2.0in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Symbol;}
@list l0:level5
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:2.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Symbol;}
@list l0:level6
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:3.0in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Symbol;}
@list l0:level7
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:3.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Symbol;}
@list l0:level8
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:4.0in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Symbol;}
@list l0:level9
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:4.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Symbol;}
ol
	{margin-bottom:0in;}
ul
	{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#002060">I was about to write abou=
t the same thing.&nbsp; See
<a href=3D"http://openid.net/specs/openid-connect-messages-1_0.html#id_toke=
n">http://openid.net/specs/openid-connect-messages-1_0.html#id_token</a> fo=
r the definition of &#8220;acr&#8221; (Authentication Context Class Referen=
ce) as used by OpenID Connect.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#002060"><o:p>&nbsp;</o:p></span><=
/p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#002060">It&#8217;s not clear to m=
e that this should move into the JWT spec itself, as I&#8217;d rather we ge=
t more industry experience with it first.&nbsp; Most of the JWT definitions
 are intentionally very general, whereas the &#8220;acr&#8221; definition i=
s intentionally much more specific, especially as it defines the values &#8=
220;1&#8221;, &#8220;2&#8221;, &#8220;3&#8221;, and &#8220;4&#8221; as mapp=
ings to ISO29115 levels, plus the value &#8220;0&#8221; with the OpenID-spe=
cific meaning.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#002060"><o:p>&nbsp;</o:p></span><=
/p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#002060">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Cheers,<o:p></o:p></s=
pan></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#002060">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- Mike<o:p></o:p></s=
pan></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#002060"><o:p>&nbsp;</o:p></span><=
/p>
<div>
<div style=3D"border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in =
0in 0in">
<p class=3D"MsoNormal"><b><span style=3D"font-size:10.0pt;font-family:&quot=
;Tahoma&quot;,&quot;sans-serif&quot;">From:</span></b><span style=3D"font-s=
ize:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;"> John Bra=
dley [mailto:ve7jtb@ve7jtb.com]
<br>
<b>Sent:</b> Tuesday, May 15, 2012 9:54 AM<br>
<b>To:</b> Lewis Adam-CAL022<br>
<b>Cc:</b> Mike Jones; oauth@ietf.org<br>
<b>Subject:</b> Re: [OAUTH-WG] JSON Web Token (JWT) Specification Draft -10=
<o:p></o:p></span></p>
</div>
</div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">We added on in openID Connect.<o:p></o:p></p>
<div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
<div>
<p class=3D"MsoNormal">acr : Though that is intended as a class reference f=
or things like FICAM LoA 2 etc. &nbsp; You could make class references that=
 only defined the primary authenticator.<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
<div>
<p class=3D"MsoNormal">The question &nbsp;is if there is enough consensus t=
o put it in the JWT spec rather than in things profiling JWT. &nbsp;I am OK=
 with putting it in JWT if there is a demand.<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
<div>
<p class=3D"MsoNormal">John B.<o:p></o:p></p>
<div>
<div>
<p class=3D"MsoNormal">On 2012-05-15, at 10:54 AM, Lewis Adam-CAL022 wrote:=
<o:p></o:p></p>
</div>
<p class=3D"MsoNormal"><br>
<br>
<o:p></o:p></p>
<div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;">Hi,<o:p></o:p></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;">&nbsp;<o:p></o:p></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;">Apologies if the OAuth list is not the =
right place to ask this question, but I&#8217;m trying to understand why JW=
T doesn&#8217;t have an &#8220;<i>Authentication Context</i>&#8221; like re=
served
 claim name (such as present in SAML).&nbsp; Knowing the primary authentica=
tion method used to obtain the JWT seems just as fundamental as knowing the=
 issuer, principal, etc.<o:p></o:p></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;">&nbsp;<o:p></o:p></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;">I realize it&#8217;s easy enough to add=
 your own, but from an inter-op perspective, it just seems really valuable =
to be able to assert the primary authentication method.<o:p></o:p></span></=
p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;">&nbsp;<o:p></o:p></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;">Tx!<o:p></o:p></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;">adam<o:p></o:p></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-family:&quot;Calibri&quot;,&quot=
;sans-serif&quot;;color:olive">&nbsp;</span><span style=3D"font-size:11.0pt=
;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;"><o:p></o:p></span>=
</p>
</div>
<div>
<div style=3D"border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in =
0in 0in;border-width:initial;border-color:initial">
<div>
<p class=3D"MsoNormal"><b><span style=3D"font-size:10.0pt;font-family:&quot=
;Tahoma&quot;,&quot;sans-serif&quot;">From:</span></b><span class=3D"apple-=
converted-space"><span style=3D"font-size:10.0pt;font-family:&quot;Tahoma&q=
uot;,&quot;sans-serif&quot;">&nbsp;</span></span><span style=3D"font-size:1=
0.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;"><a href=3D"mai=
lto:oauth-bounces@ietf.org">oauth-bounces@ietf.org</a>
<a href=3D"mailto:[mailto:oauth-bounces@ietf.org]">[mailto:oauth-bounces@ie=
tf.org]</a><span class=3D"apple-converted-space">&nbsp;</span><b>On Behalf =
Of<span class=3D"apple-converted-space">&nbsp;</span></b>Mike Jones<br>
<b>Sent:</b><span class=3D"apple-converted-space">&nbsp;</span>Saturday, Ma=
y 12, 2012 7:19 PM<br>
<b>To:</b><span class=3D"apple-converted-space">&nbsp;</span><a href=3D"mai=
lto:oauth@ietf.org">oauth@ietf.org</a><br>
<b>Subject:</b><span class=3D"apple-converted-space">&nbsp;</span>[OAUTH-WG=
] JSON Web Token (JWT) Specification Draft -10</span><span style=3D"font-si=
ze:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;"><o:p></o:=
p></span></p>
</div>
</div>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;">&nbsp;<o:p></o:p></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;"><a href=3D"http://self-issued.info/docs=
/draft-jones-json-web-token-10.html">Draft -10</a><span class=3D"apple-conv=
erted-space">&nbsp;</span>of the<span class=3D"apple-converted-space">&nbsp=
;</span><a href=3D"http://self-issued.info/docs/draft-jones-json-web-token.=
html">JSON
 Web Token (JWT)</a><span class=3D"apple-converted-space">&nbsp;</span>spec=
ification has been published.&nbsp; It uses the -02 versions of the JOSE sp=
ecifications and contains parallel editorial changes to those applied to th=
e JOSE specs.&nbsp; Changes were:<o:p></o:p></span></p>
</div>
<ul style=3D"margin-top:0in" type=3D"disc">
<li class=3D"MsoNormal" style=3D"color:black;mso-list:l0 level1 lfo1"><span=
 lang=3D"EN" style=3D"font-size:11.0pt;font-family:&quot;Verdana&quot;,&quo=
t;sans-serif&quot;">Clarified the relationship between<span class=3D"apple-=
converted-space">&nbsp;</span></span><span lang=3D"EN" style=3D"font-size:1=
1.0pt;font-family:&quot;Courier New&quot;;color:#003366">typ</span><span cl=
ass=3D"apple-converted-space"><span lang=3D"EN" style=3D"font-size:11.0pt;f=
ont-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">&nbsp;</span></span>=
<span lang=3D"EN" style=3D"font-size:11.0pt;font-family:&quot;Verdana&quot;=
,&quot;sans-serif&quot;">header
 parameter values,<span class=3D"apple-converted-space">&nbsp;</span></span=
><span lang=3D"EN" style=3D"font-size:11.0pt;font-family:&quot;Courier New&=
quot;;color:#003366">typ</span><span class=3D"apple-converted-space"><span =
lang=3D"EN" style=3D"font-size:11.0pt;font-family:&quot;Verdana&quot;,&quot=
;sans-serif&quot;">&nbsp;</span></span><span lang=3D"EN" style=3D"font-size=
:11.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">claim
 values, and MIME types.</span><span style=3D"font-size:11.0pt;font-family:=
&quot;Calibri&quot;,&quot;sans-serif&quot;"><o:p></o:p></span></li><li clas=
s=3D"MsoNormal" style=3D"color:black;mso-list:l0 level1 lfo1"><span lang=3D=
"EN" style=3D"font-size:11.0pt;font-family:&quot;Verdana&quot;,&quot;sans-s=
erif&quot;">Clarified that JWTs with duplicate Header Parameter Names or Du=
plicate Claim names MUST be rejected.</span><span style=3D"font-size:11.0pt=
;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;"><o:p></o:p></span>=
</li><li class=3D"MsoNormal" style=3D"color:black;mso-list:l0 level1 lfo1">=
<span lang=3D"EN" style=3D"font-size:11.0pt;font-family:&quot;Verdana&quot;=
,&quot;sans-serif&quot;">Required implementation of AES-128-KW and AES-256-=
KW when the implementation provides encryption capabilities.</span><span st=
yle=3D"font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&qu=
ot;"><o:p></o:p></span></li><li class=3D"MsoNormal" style=3D"color:black;ms=
o-list:l0 level1 lfo1"><span lang=3D"EN" style=3D"font-size:11.0pt;font-fam=
ily:&quot;Verdana&quot;,&quot;sans-serif&quot;">Registered &quot;JWT&quot; =
typ header parameter value.</span><span style=3D"font-size:11.0pt;font-fami=
ly:&quot;Calibri&quot;,&quot;sans-serif&quot;"><o:p></o:p></span></li><li c=
lass=3D"MsoNormal" style=3D"color:black;mso-list:l0 level1 lfo1"><span lang=
=3D"EN" style=3D"font-size:11.0pt;font-family:&quot;Verdana&quot;,&quot;san=
s-serif&quot;">Generalized language to refer to Message Authentication Code=
s (MACs) rather than Hash-based Message Authentication
 Codes (HMACs) unless in a context specific to HMAC algorithms.</span><span=
 style=3D"font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif=
&quot;"><o:p></o:p></span></li><li class=3D"MsoNormal" style=3D"color:black=
;mso-list:l0 level1 lfo1"><span lang=3D"EN" style=3D"font-size:11.0pt;font-=
family:&quot;Verdana&quot;,&quot;sans-serif&quot;">Reformatted to give each=
 claim definition and header parameter its own section heading.</span><span=
 style=3D"font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif=
&quot;"><o:p></o:p></span></li></ul>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;">&nbsp;<o:p></o:p></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;">The specification is available at:<o:p>=
</o:p></span></p>
</div>
<div style=3D"margin-left:.5in">
<p class=3D"MsoNormal" style=3D"text-indent:-.25in"><span style=3D"font-siz=
e:11.0pt;font-family:Symbol">&middot;</span><span style=3D"font-size:7.0pt"=
>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class=3D"apple-conve=
rted-space">&nbsp;</span></span><span style=3D"font-size:11.0pt;font-family=
:&quot;Calibri&quot;,&quot;sans-serif&quot;"><a href=3D"http://tools.ietf.o=
rg/html/draft-jones-json-web-token-10">http://tools.ietf.org/html/draft-jon=
es-json-web-token-10</a><o:p></o:p></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;">&nbsp;<o:p></o:p></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;">An HTML formatted version is available =
at:<o:p></o:p></span></p>
</div>
<div style=3D"margin-left:.5in">
<p class=3D"MsoNormal" style=3D"text-indent:-.25in"><span style=3D"font-siz=
e:11.0pt;font-family:Symbol">&middot;</span><span style=3D"font-size:7.0pt"=
>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class=3D"apple-conve=
rted-space">&nbsp;</span></span><span style=3D"font-size:11.0pt;font-family=
:&quot;Calibri&quot;,&quot;sans-serif&quot;"><a href=3D"http://self-issued.=
info/docs/draft-jones-json-web-token-10.html">http://self-issued.info/docs/=
draft-jones-json-web-token-10.html</a><o:p></o:p></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;">&nbsp;<o:p></o:p></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; -- Mike<o:p></o:p></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;">&nbsp;<o:p></o:p></span></p>
</div>
<p class=3D"MsoNormal"><span style=3D"font-size:13.5pt;font-family:&quot;He=
lvetica&quot;,&quot;sans-serif&quot;">_____________________________________=
__________<br>
OAuth mailing list<br>
<a href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/oauth">https://www.ietf.or=
g/mailman/listinfo/oauth</a><o:p></o:p></span></p>
</div>
</div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
</div>
</body>
</html>

--_000_4E1F6AAD24975D4BA5B1680429673943664FA9FFTK5EX14MBXC284r_--

From sergei.shishkin@gmail.com  Tue May 15 10:18:18 2012
Return-Path: <sergei.shishkin@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5AB921F8814 for <oauth@ietfa.amsl.com>; Tue, 15 May 2012 10:18:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.57
X-Spam-Level: 
X-Spam-Status: No, score=-3.57 tagged_above=-999 required=5 tests=[AWL=0.028,  BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zdjKYXJJr+Rx for <oauth@ietfa.amsl.com>; Tue, 15 May 2012 10:18:17 -0700 (PDT)
Received: from mail-qc0-f172.google.com (mail-qc0-f172.google.com [209.85.216.172]) by ietfa.amsl.com (Postfix) with ESMTP id 4A36321F8812 for <oauth@ietf.org>; Tue, 15 May 2012 10:18:17 -0700 (PDT)
Received: by qcsq13 with SMTP id q13so5290692qcs.31 for <oauth@ietf.org>; Tue, 15 May 2012 10:18:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=zbD3qiM9Uvn5JNm7gLxBtQaY4d9iGKfDxGpwfDuXOIA=; b=sDjEpD19hEHxZuSV432ACugW1ZbZaeQvHlrqmX7RJBXS6G3jFNrOj5K9ghwOIbT1Et EeOjJktBbJljTDyxpC9cYZU2JlkUEZpWcPlpsTQf7gk82Dgg7d6DbJ8Y90L+uZCYLtZn VMEB9Q9Qu0WgNSoZB3SkKEU+wNBoak1B44n2ufMoDaC0U/3BXAMilVbZE0IfrKM9VDuM 8x0Ytqprepy69c1xXR8Cj5Wa6nn8aKg89g3zF55TevkEQMAUJcxulfaWz8IkcclJs3Dp ykB9bFnZ2NCkzFeC0RMK1ERD37n6BT6dHCqynFOZ0O3JPP0yW2Cbns9auYknLx3mH9fV TeyA==
MIME-Version: 1.0
Received: by 10.220.222.13 with SMTP id ie13mr7721747vcb.52.1337102296687; Tue, 15 May 2012 10:18:16 -0700 (PDT)
Received: by 10.52.110.100 with HTTP; Tue, 15 May 2012 10:18:16 -0700 (PDT)
In-Reply-To: <1337099057.36064.YahooMailNeo@web31812.mail.mud.yahoo.com>
References: <CA+tG_hWL4H4jkc0ASw-JQSY-akbQ2myv_m3tRm_pXHd8ghU9HA@mail.gmail.com> <1337097864.46559.YahooMailNeo@web31805.mail.mud.yahoo.com> <CA+tG_hUv9vnVxEq02pGtMGT_UnjLSJZyAxN8rvFjsHgDM-ZgxQ@mail.gmail.com> <1337099057.36064.YahooMailNeo@web31812.mail.mud.yahoo.com>
Date: Tue, 15 May 2012 19:18:16 +0200
Message-ID: <CA+tG_hU-mCp-RpfJBTbW2db0mWste46PMdtK-5N3ucCPpyq2EA@mail.gmail.com>
From: Sergey Shishkin <sergei.shishkin@gmail.com>
To: William Mills <wmills@yahoo-inc.com>
Content-Type: multipart/alternative; boundary=14dae9ccd4566c24ed04c0166386
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth Bearer: Response to an unauthenticated request
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 May 2012 17:18:18 -0000

--14dae9ccd4566c24ed04c0166386
Content-Type: text/plain; charset=UTF-8

Bill,

it might be me misreading the Implicit Grant Flow, but I understood it like
this:

1. client tries to get a resource from server;
2. server redirects client to auth-service;
3. client authenticates against auth-service (HTTP Basic or whatever);
4. auth-service redirects client back to the resource;
5. client tries to get the resource providing the token.

In step 3 the client is of course responsible for protecting its password
from phishing, so auth-service should authenticate itself with a
certificate.

Am I right? If, yes my idea was to use this flow while choosing a
standardized token - Bearer. But Bearer insists on 401 instead of redirects
and that confused me.

Sergey

On Tue, May 15, 2012 at 6:24 PM, William Mills <wmills@yahoo-inc.com> wrote:

> You can hard configure it into your client, that's safe.  The problem
> comes when the client can be sent to an arbitrary, possibly phishing, site
> to do authentication.  If the client supports the password grant then it
> probably just hands in the username and password without user interaction.
>
> -bill
>
>   ------------------------------
> *From:* Sergey Shishkin <sergei.shishkin@gmail.com>
> *To:* William Mills <wmills@yahoo-inc.com>
> *Cc:* "oauth@ietf.org" <oauth@ietf.org>
> *Sent:* Tuesday, May 15, 2012 9:09 AM
> *Subject:* Re: [OAUTH-WG] OAuth Bearer: Response to an unauthenticated
> request
>
> In my scenario I control both the resource provider and the token issuer
> and I'm fine with the resource provider knowing the issuer. So, discovery
> is not needed. Or do I miss something?
>
> On Tue, May 15, 2012 at 6:04 PM, William Mills <wmills@yahoo-inc.com>wrote:
>
> Yes, what you're running across here is the "discovery" problem.  How do
> you discover the authentication endpoints for a service.  Unfortunately it
> turns out returning that as part of the 401 has big security concerns.
> It's still being figured out.
>
>   ------------------------------
> *From:* Sergey Shishkin <sergei.shishkin@gmail.com>
> *To:* oauth@ietf.org
> *Sent:* Tuesday, May 15, 2012 5:12 AM
> *Subject:* [OAUTH-WG] OAuth Bearer: Response to an unauthenticated request
>
> While designing a hypermedia-driven API I'm evaluating possibilities to
> use OAuth Bearer tokens for claims-based authorization. Currently I
> struggle with how to communicate to the API client the way to obtain the
> token. In a hypermedia-driven manner I don't want the API client to get
> this information out of band, but rather let the client "just follow the
> links".
>
> The Bearer draft [
> http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-19#section-3]
> advises to send a 401 response with a WWW-Authenticate challenge specifying
> optional realm and scope. The problem here: neither realm nor scope
> identify the token issuer.
>
> The OAuth 2.0 draft [
> http://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.1.1] suggests
> to redirect the resource owner to the token issuer, IIRC. I like this way
> from the hypermedia perspective, but still have mixed feelings about missed
> 401 and WWW-Authenticate challenge.
>
> Did I missed some part of draft covering my scenario? Are there any known
> grassroots implementations doing just that on the internet? Any opinion on
> the subject is very much appreciated.
>
> Thanks in advance,
> Sergey
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>
>
>
>
>

--14dae9ccd4566c24ed04c0166386
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Bill,<div><br></div><div>it might be me misreading the Implicit Grant Flow,=
 but I understood it like this:</div><div><br></div><div>1. client tries to=
 get a resource from server;</div><div>2. server redirects client to auth-s=
ervice;</div>
<div>3. client authenticates against auth-service (HTTP Basic or whatever);=
</div><div>4. auth-service redirects client back to the resource;</div><div=
>5. client tries to get the resource providing the token.</div><div><br>
</div><div>In step 3 the client is of course responsible for protecting its=
 password from phishing, so auth-service should authenticate itself with a =
certificate.</div><div><br></div><div>Am I right? If, yes my idea was to us=
e this flow while choosing a standardized token - Bearer. But Bearer insist=
s on 401 instead of redirects and that confused me.</div>
<div><br></div><div>Sergey</div><div><br><div class=3D"gmail_quote">On Tue,=
 May 15, 2012 at 6:24 PM, William Mills <span dir=3D"ltr">&lt;<a href=3D"ma=
ilto:wmills@yahoo-inc.com" target=3D"_blank">wmills@yahoo-inc.com</a>&gt;</=
span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div><div style=3D"font-size:14pt;font-famil=
y:Courier New,courier,monaco,monospace,sans-serif"><div><span>You can hard =
configure it into your client, that&#39;s safe.=C2=A0 The problem comes whe=
n the client can be sent to an arbitrary, possibly phishing, site to do aut=
hentication.=C2=A0 If the client supports the password grant then it probab=
ly just hands in the username and password without user interaction.<br>
</span></div><div><br></div><div>-bill</div><div><br><blockquote style=3D"b=
order-left:2px solid rgb(16,16,255);margin-left:5px;margin-top:5px;padding-=
left:5px">  <div style=3D"font-family:Courier New,courier,monaco,monospace,=
sans-serif;font-size:14pt">
 <div style=3D"font-family:times new roman,new york,times,serif;font-size:1=
2pt"> <div dir=3D"ltr"> <font face=3D"Arial"><div class=3D"im"> <hr size=3D=
"1">  <b><span style=3D"font-weight:bold">From:</span></b> Sergey Shishkin
 &lt;<a href=3D"mailto:sergei.shishkin@gmail.com" target=3D"_blank">sergei.=
shishkin@gmail.com</a>&gt;<br> </div><b><span style=3D"font-weight:bold">To=
:</span></b> William Mills &lt;<a href=3D"mailto:wmills@yahoo-inc.com" targ=
et=3D"_blank">wmills@yahoo-inc.com</a>&gt; <br>
<b><span style=3D"font-weight:bold">Cc:</span></b> &quot;<a href=3D"mailto:=
oauth@ietf.org" target=3D"_blank">oauth@ietf.org</a>&quot; &lt;<a href=3D"m=
ailto:oauth@ietf.org" target=3D"_blank">oauth@ietf.org</a>&gt; <br> <b><spa=
n style=3D"font-weight:bold">Sent:</span></b> Tuesday, May 15, 2012 9:09 AM=
<br>
 <b><span style=3D"font-weight:bold">Subject:</span></b> Re: [OAUTH-WG] OAu=
th Bearer: Response to an unauthenticated request<br> </font> </div><div><d=
iv class=3D"h5"> <br>
<div>In my scenario I control both the resource provider and the token issu=
er and I&#39;m fine with the resource provider knowing the issuer. So, disc=
overy is not needed. Or do I miss something?<br><br><div>
On Tue, May 15, 2012 at 6:04 PM, William Mills <span dir=3D"ltr">&lt;<a rel=
=3D"nofollow" href=3D"mailto:wmills@yahoo-inc.com" target=3D"_blank">wmills=
@yahoo-inc.com</a>&gt;</span> wrote:<br><blockquote style=3D"margin:0 0 0 .=
8ex;border-left:1px #ccc solid;padding-left:1ex">

<div><div style=3D"font-size:14pt;font-family:Courier New,courier,monaco,mo=
nospace,sans-serif"><div><span>Yes, what you&#39;re running across here is =
the &quot;discovery&quot; problem.=C2=A0 How do you discover the authentica=
tion endpoints for a service.=C2=A0 Unfortunately it turns out returning th=
at as part of the 401 has big security concerns.=C2=A0 It&#39;s still being=
 figured out.<br>

</span></div><div><br><blockquote style=3D"border-left:2px solid rgb(16,16,=
255);margin-left:5px;margin-top:5px;padding-left:5px">  <div style=3D"font-=
family:Courier New,courier,monaco,monospace,sans-serif;font-size:14pt"> <di=
v style=3D"font-family:times new roman,new york,times,serif;font-size:12pt"=
>

 <div dir=3D"ltr"> <font face=3D"Arial"> <hr size=3D"1">  <b><span style=3D=
"font-weight:bold">From:</span></b> Sergey Shishkin &lt;<a rel=3D"nofollow"=
 href=3D"mailto:sergei.shishkin@gmail.com" target=3D"_blank">sergei.shishki=
n@gmail.com</a>&gt;<br>
 <b><span style=3D"font-weight:bold">To:</span></b>
 <a rel=3D"nofollow" href=3D"mailto:oauth@ietf.org" target=3D"_blank">oauth=
@ietf.org</a> <br> <b><span style=3D"font-weight:bold">Sent:</span></b> Tue=
sday, May 15, 2012 5:12 AM<br> <b><span style=3D"font-weight:bold">Subject:=
</span></b> [OAUTH-WG] OAuth Bearer: Response to an unauthenticated request=
<br>

 </font> </div><div><div> <br>
<div><div>While designing a hypermedia-driven API I&#39;m evaluating possib=
ilities to use OAuth Bearer tokens for claims-based authorization. Currentl=
y I struggle with how to communicate to the API client the way to obtain th=
e token. In a hypermedia-driven manner I don&#39;t want the API client to g=
et this information out of band, but rather let the client &quot;just follo=
w the links&quot;.</div>


<div><br></div>The Bearer draft [<a href=3D"http://tools.ietf.org/html/draf=
t-ietf-oauth-v2-bearer-19#section-3" target=3D"_blank">http://tools.ietf.or=
g/html/draft-ietf-oauth-v2-bearer-19#section-3</a>] advises to send a 401 r=
esponse with a WWW-Authenticate challenge specifying optional realm and sco=
pe. The problem here: neither realm nor scope identify the token issuer.=C2=
=A0<div>


<br></div><div>The OAuth 2.0 draft [<a href=3D"http://tools.ietf.org/html/d=
raft-ietf-oauth-v2-26#section-4.1.1" target=3D"_blank">http://tools.ietf.or=
g/html/draft-ietf-oauth-v2-26#section-4.1.1</a>] suggests to redirect the r=
esource owner to the token issuer, IIRC. I like this way from the hypermedi=
a perspective, but still have mixed feelings about missed 401 and WWW-Authe=
nticate challenge.</div>


<div><br></div><div>Did I missed some part of draft covering my scenario? A=
re there any known grassroots implementations doing just that on the intern=
et? Any opinion on the subject is very much appreciated.</div><div><br>


</div><div>Thanks in advance,</div><div>Sergey</div>
</div><br></div></div><div>_______________________________________________<=
br>OAuth mailing list<br><a rel=3D"nofollow" href=3D"mailto:OAuth@ietf.org"=
 target=3D"_blank">OAuth@ietf.org</a><br><a rel=3D"nofollow" href=3D"https:=
//www.ietf.org/mailman/listinfo/oauth" target=3D"_blank">https://www.ietf.o=
rg/mailman/listinfo/oauth</a><br>

<br><br> </div></div> </div> </blockquote></div>   </div></div></blockquote=
></div><br>
</div><br><br> </div></div></div> </div> </blockquote></div>   </div></div>=
</blockquote></div><br></div>

--14dae9ccd4566c24ed04c0166386--

From iesg-secretary@ietf.org  Tue May 15 10:41:38 2012
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A1FF21F8871; Tue, 15 May 2012 10:41:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.563
X-Spam-Level: 
X-Spam-Status: No, score=-102.563 tagged_above=-999 required=5 tests=[AWL=0.036, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gNcA4Ryx7Wft; Tue, 15 May 2012 10:41:37 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5BAD821F8866; Tue, 15 May 2012 10:41:37 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: IESG Secretary <iesg-secretary@ietf.org>
To: IETF Announcement List <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 4.02
Message-ID: <20120515174137.9638.20789.idtracker@ietfa.amsl.com>
Date: Tue, 15 May 2012 10:41:37 -0700
Cc: derek@ihtfp.com, oauth@ietf.org
Subject: [OAUTH-WG] WG Action: RECHARTER: Web Authorization Protocol (oauth)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 May 2012 17:41:38 -0000

The Web Authorization Protocol (oauth) working group in the Security Area o=
f the IETF has been rechartered.  For additional information, please contac=
t the Area Directors or the working group Chairs.

Web Authorization Protocol (oauth)
------------------------------------------
Current Status: Active
Last updated: 2012-05-10

Chairs:
Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
Derek Atkins <derek@ihtfp.com>

Security Area Directors:
Stephen Farrell <stephen.farrell@cs.tcd.ie>
Sean Turner <turners@ieca.com>

Security Area Advisor:
Stephen Farrell <stephen.farrell@cs.tcd.ie>

Technical Advisor:
Peter Saint-Andre <stpeter@stpeter.im>

Mailing Lists:
Address:      oauth@ietf.org
To Subscribe: https://www.ietf.org/mailman/listinfo/oauth
Archive:      http://www.ietf.org/mail-archive/web/oauth/

Description of Working Group:

The Web Authorization (OAuth) protocol allows a user to grant a
third-party Web site or application access to the user's protected
resources, without necessarily revealing their long-term credentials,
or even their identity. For example, a photo-sharing site that
supports OAuth could allow its users to use a third-party printing Web
site to print their private pictures, without allowing the printing
site to gain full control of the user's account and without having the
user share his or her photo-sharing sites' long-term credential with
the printing site.

The OAuth protocol suite encompasses =


* a procedure for allowing a client to discover an authorization =

 server, =

* a protocol for obtaining authorization tokens from an authorization =

 server with the resource owner's consent, =

* protocols for presenting these authorization tokens to protected =

 resources for access to a resource, and =

* consequently for sharing data in a security and privacy respective =

 way.

The working group also developed security schemes for presenting
authorization tokens to access a protected resource. This led to the
publication of the bearer token, as well as work that remains to be
completed on message authentication code (MAC) access authentication
and SAML assertions to interwork with existing identity management
solutions.  The working group will complete those remaining documents,
and will also complete documentation of the OAuth threat model that
was started under the previous charter.

The ongoing standardization effort within the OAuth working group will
focus on enhancing interoperability of OAuth deployments.  A standard
for a token revocation service, which can be separated from the
existing web tokens to the token repertoire will enable wider
deployment of OAuth.  Extended documentation of OAuth use cases will
enhance the understanding of the OAuth framework and provide
assistance to implementors.  And dynamic client registration will make
it easier to broadly deploy OAuth clients (performing services to
users).

Goals and Milestones

Done  Submit 'OAuth 2.0 Threat Model and Security Considerations' as a
  working group item
Done  Submit 'HTTP Authentication: MAC Authentication' as a working
  group item
Done  Submit 'The OAuth 2.0 Protocol: Bearer Tokens' to the IESG for
  consideration as a Proposed Standard
Done  Submit 'The OAuth 2.0 Authorization Protocol' to the IESG for
  consideration as a Proposed Standard

May  2012  Submit 'SAML 2.0 Bearer Assertion Profiles for OAuth 2.0' to
       the IESG for consideration as a Proposed Standard
May  2012  Submit 'OAuth 2.0 Assertion Profile' to the IESG for
       consideration as a Proposed Standard
May  2012  Submit 'An IETF URN Sub-Namespace for OAuth' to the IESG for
       consideration as a Proposed Standard
May  2012  Submit 'OAuth 2.0 Threat Model and Security Considerations'
       to the IESG for consideration as an Informational RFC

Aug. 2012  Submit 'Token Revocation' to the IESG for consideration as a
       Proposed Standard
[Starting point for the work will be
http://datatracker.ietf.org/doc/draft-lodderstedt-oauth-revocation/]

Nov. 2012  Submit 'JSON Web Token (JWT)' to the IESG for consideration
       as a Proposed Standard
[Starting point for the work will be
http://tools.ietf.org/html/draft-jones-json-web-token]

Nov. 2012  Submit 'JSON Web Token (JWT) Bearer Token Profiles for OAuth
       2.0' to the IESG for consideration as a Proposed Standard
[Starting point for the work will be
http://tools.ietf.org/html/draft-jones-oauth-jwt-bearer]

Dec. 2012  Submit 'HTTP Authentication: MAC Authentication' to the IESG
       for consideration as a Proposed Standard

Dec. 2012  Submit 'OAuth Use Cases' to the IESG for consideration as an
       Informational RFC
[Starting point for the work will be
http://tools.ietf.org/html/draft-zeltsan-oauth-use-cases]

Jul. 2013  Submit 'OAuth Dynamic Client Registration Protocol' to the
       IESG for consideration as a Proposed Standard
[Starting point for the work will be
http://tools.ietf.org/html/draft-hardjono-oauth-dynreg]

From ve7jtb@ve7jtb.com  Tue May 15 10:45:39 2012
Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2558C21F8772 for <oauth@ietfa.amsl.com>; Tue, 15 May 2012 10:45:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.521
X-Spam-Level: 
X-Spam-Status: No, score=-3.521 tagged_above=-999 required=5 tests=[AWL=0.077,  BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z9xedVVi+ZfD for <oauth@ietfa.amsl.com>; Tue, 15 May 2012 10:45:38 -0700 (PDT)
Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by ietfa.amsl.com (Postfix) with ESMTP id DF02621F876F for <oauth@ietf.org>; Tue, 15 May 2012 10:45:37 -0700 (PDT)
Received: by yenq13 with SMTP id q13so6736400yen.31 for <oauth@ietf.org>; Tue, 15 May 2012 10:45:31 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=FRxzp6+PTPpLKKwADOrnfGN5qRIDLsETjSbc+fcLNVI=; b=Czf7gY9d3RkLY2Uy0mhbY3rj5/i9OIZ5G0FiWJwW2dBuwmk1gy7d7WYwjVw5C3ldl9 rvDaIX6CAqEuiDij53w9+ieQnrZrQKDHi0I88kIqQWyDcDkedMAoVQw/W61eR7xXtSQf ZxSL5kk9N/O8VBECt5dKE/3UMBA9Aux9ox5kl4jkvK2JuZ1rcxWAXUg+KUynOWhTRJ+K HQ9hut93Ke6iVUt1fweF+q2kBN81wEjN51vP6f63lNtzA6ZCL6olxUmHro1r6y04S1T2 qijzxBkaodKnB+aW25gxlGfyBVWEFwJsA03d6xqjY9z3LARYdgpSfGetH17iK22AoTY0 +t0w==
Received: by 10.236.76.233 with SMTP id b69mr13192653yhe.52.1337103931313; Tue, 15 May 2012 10:45:31 -0700 (PDT)
Received: from [192.168.1.213] (190-20-39-254.baf.movistar.cl. [190.20.39.254]) by mx.google.com with ESMTPS id r6sm979320ank.19.2012.05.15.10.45.27 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 15 May 2012 10:45:30 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: multipart/signed; boundary="Apple-Mail=_D0D858D3-24F0-4403-8CCC-1BBF6030B4E5"; protocol="application/pkcs7-signature"; micalg=sha1
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <CA+tG_hU-mCp-RpfJBTbW2db0mWste46PMdtK-5N3ucCPpyq2EA@mail.gmail.com>
Date: Tue, 15 May 2012 13:45:19 -0400
Message-Id: <C341CDE7-246C-4F09-A754-E6AD57D4F03B@ve7jtb.com>
References: <CA+tG_hWL4H4jkc0ASw-JQSY-akbQ2myv_m3tRm_pXHd8ghU9HA@mail.gmail.com> <1337097864.46559.YahooMailNeo@web31805.mail.mud.yahoo.com> <CA+tG_hUv9vnVxEq02pGtMGT_UnjLSJZyAxN8rvFjsHgDM-ZgxQ@mail.gmail.com> <1337099057.36064.YahooMailNeo@web31812.mail.mud.yahoo.com> <CA+tG_hU-mCp-RpfJBTbW2db0mWste46PMdtK-5N3ucCPpyq2EA@mail.gmail.com>
To: Sergey Shishkin <sergei.shishkin@gmail.com>
X-Mailer: Apple Mail (2.1278)
X-Gm-Message-State: ALoCoQlvtFb9JNfu1326QHtUMUrbHzl0K5ZeEe2+rP5hX1tBrhEmIIUtiZnZA9n7f+5hgQNLqQvU
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth Bearer: Response to an unauthenticated request
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 May 2012 17:45:39 -0000

--Apple-Mail=_D0D858D3-24F0-4403-8CCC-1BBF6030B4E5
Content-Type: multipart/alternative;
	boundary="Apple-Mail=_AE5F494D-DB05-43F8-AEAC-E851082307B4"


--Apple-Mail=_AE5F494D-DB05-43F8-AEAC-E851082307B4
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

The danger is a bad resource,  If that can redirect the client to a =
arbitrary AS to phish the resource owner's credentials that is a bad =
thing.

The presumption is that the client knows where the trusted AS for that =
resource is, and if it needs to discover it that is a much bigger issue.

In the IMAP case the client probably needs to do discovery on the =
identifier itself to figure out where to send the user.

John B.
On 2012-05-15, at 1:18 PM, Sergey Shishkin wrote:

> Bill,
>=20
> it might be me misreading the Implicit Grant Flow, but I understood it =
like this:
>=20
> 1. client tries to get a resource from server;
> 2. server redirects client to auth-service;
> 3. client authenticates against auth-service (HTTP Basic or whatever);
> 4. auth-service redirects client back to the resource;
> 5. client tries to get the resource providing the token.
>=20
> In step 3 the client is of course responsible for protecting its =
password from phishing, so auth-service should authenticate itself with =
a certificate.
>=20
> Am I right? If, yes my idea was to use this flow while choosing a =
standardized token - Bearer. But Bearer insists on 401 instead of =
redirects and that confused me.
>=20
> Sergey
>=20
> On Tue, May 15, 2012 at 6:24 PM, William Mills <wmills@yahoo-inc.com> =
wrote:
> You can hard configure it into your client, that's safe.  The problem =
comes when the client can be sent to an arbitrary, possibly phishing, =
site to do authentication.  If the client supports the password grant =
then it probably just hands in the username and password without user =
interaction.
>=20
> -bill
>=20
> From: Sergey Shishkin <sergei.shishkin@gmail.com>
> To: William Mills <wmills@yahoo-inc.com>=20
> Cc: "oauth@ietf.org" <oauth@ietf.org>=20
> Sent: Tuesday, May 15, 2012 9:09 AM
> Subject: Re: [OAUTH-WG] OAuth Bearer: Response to an unauthenticated =
request
>=20
> In my scenario I control both the resource provider and the token =
issuer and I'm fine with the resource provider knowing the issuer. So, =
discovery is not needed. Or do I miss something?
>=20
> On Tue, May 15, 2012 at 6:04 PM, William Mills <wmills@yahoo-inc.com> =
wrote:
> Yes, what you're running across here is the "discovery" problem.  How =
do you discover the authentication endpoints for a service.  =
Unfortunately it turns out returning that as part of the 401 has big =
security concerns.  It's still being figured out.
>=20
> From: Sergey Shishkin <sergei.shishkin@gmail.com>
> To: oauth@ietf.org=20
> Sent: Tuesday, May 15, 2012 5:12 AM
> Subject: [OAUTH-WG] OAuth Bearer: Response to an unauthenticated =
request
>=20
> While designing a hypermedia-driven API I'm evaluating possibilities =
to use OAuth Bearer tokens for claims-based authorization. Currently I =
struggle with how to communicate to the API client the way to obtain the =
token. In a hypermedia-driven manner I don't want the API client to get =
this information out of band, but rather let the client "just follow the =
links".
>=20
> The Bearer draft =
[http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-19#section-3] =
advises to send a 401 response with a WWW-Authenticate challenge =
specifying optional realm and scope. The problem here: neither realm nor =
scope identify the token issuer.=20
>=20
> The OAuth 2.0 draft =
[http://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.1.1] =
suggests to redirect the resource owner to the token issuer, IIRC. I =
like this way from the hypermedia perspective, but still have mixed =
feelings about missed 401 and WWW-Authenticate challenge.
>=20
> Did I missed some part of draft covering my scenario? Are there any =
known grassroots implementations doing just that on the internet? Any =
opinion on the subject is very much appreciated.
>=20
> Thanks in advance,
> Sergey
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>=20
>=20
>=20
>=20
>=20
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


--Apple-Mail=_AE5F494D-DB05-43F8-AEAC-E851082307B4
Content-Transfer-Encoding: 7bit
Content-Type: text/html;
	charset=us-ascii

<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">The danger is a bad resource, &nbsp;If that can redirect the client to a arbitrary AS to phish the resource owner's credentials that is a bad thing.<div><br></div><div>The presumption is that the client knows where the trusted AS for that resource is, and if it needs to discover it that is a much bigger issue.</div><div><br></div><div>In the IMAP case the client probably needs to do discovery on the identifier itself to figure out where to send the user.</div><div><br></div><div>John B.<br><div><div>On 2012-05-15, at 1:18 PM, Sergey Shishkin wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">Bill,<div><br></div><div>it might be me misreading the Implicit Grant Flow, but I understood it like this:</div><div><br></div><div>1. client tries to get a resource from server;</div><div>2. server redirects client to auth-service;</div>
<div>3. client authenticates against auth-service (HTTP Basic or whatever);</div><div>4. auth-service redirects client back to the resource;</div><div>5. client tries to get the resource providing the token.</div><div><br>
</div><div>In step 3 the client is of course responsible for protecting its password from phishing, so auth-service should authenticate itself with a certificate.</div><div><br></div><div>Am I right? If, yes my idea was to use this flow while choosing a standardized token - Bearer. But Bearer insists on 401 instead of redirects and that confused me.</div>
<div><br></div><div>Sergey</div><div><br><div class="gmail_quote">On Tue, May 15, 2012 at 6:24 PM, William Mills <span dir="ltr">&lt;<a href="mailto:wmills@yahoo-inc.com" target="_blank">wmills@yahoo-inc.com</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="font-size:14pt;font-family:Courier New,courier,monaco,monospace,sans-serif"><div><span>You can hard configure it into your client, that's safe.&nbsp; The problem comes when the client can be sent to an arbitrary, possibly phishing, site to do authentication.&nbsp; If the client supports the password grant then it probably just hands in the username and password without user interaction.<br>
</span></div><div><br></div><div>-bill</div><div><br><blockquote style="border-left:2px solid rgb(16,16,255);margin-left:5px;margin-top:5px;padding-left:5px">  <div style="font-family:Courier New,courier,monaco,monospace,sans-serif;font-size:14pt">
 <div style="font-family:times new roman,new york,times,serif;font-size:12pt"> <div dir="ltr"> <font face="Arial"><div class="im"> <hr size="1">  <b><span style="font-weight:bold">From:</span></b> Sergey Shishkin
 &lt;<a href="mailto:sergei.shishkin@gmail.com" target="_blank">sergei.shishkin@gmail.com</a>&gt;<br> </div><b><span style="font-weight:bold">To:</span></b> William Mills &lt;<a href="mailto:wmills@yahoo-inc.com" target="_blank">wmills@yahoo-inc.com</a>&gt; <br>
<b><span style="font-weight:bold">Cc:</span></b> "<a href="mailto:oauth@ietf.org" target="_blank">oauth@ietf.org</a>" &lt;<a href="mailto:oauth@ietf.org" target="_blank">oauth@ietf.org</a>&gt; <br> <b><span style="font-weight:bold">Sent:</span></b> Tuesday, May 15, 2012 9:09 AM<br>
 <b><span style="font-weight:bold">Subject:</span></b> Re: [OAUTH-WG] OAuth Bearer: Response to an unauthenticated request<br> </font> </div><div><div class="h5"> <br>
<div>In my scenario I control both the resource provider and the token issuer and I'm fine with the resource provider knowing the issuer. So, discovery is not needed. Or do I miss something?<br><br><div>
On Tue, May 15, 2012 at 6:04 PM, William Mills <span dir="ltr">&lt;<a rel="nofollow" href="mailto:wmills@yahoo-inc.com" target="_blank">wmills@yahoo-inc.com</a>&gt;</span> wrote:<br><blockquote style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

<div><div style="font-size:14pt;font-family:Courier New,courier,monaco,monospace,sans-serif"><div><span>Yes, what you're running across here is the "discovery" problem.&nbsp; How do you discover the authentication endpoints for a service.&nbsp; Unfortunately it turns out returning that as part of the 401 has big security concerns.&nbsp; It's still being figured out.<br>

</span></div><div><br><blockquote style="border-left:2px solid rgb(16,16,255);margin-left:5px;margin-top:5px;padding-left:5px">  <div style="font-family:Courier New,courier,monaco,monospace,sans-serif;font-size:14pt"> <div style="font-family:times new roman,new york,times,serif;font-size:12pt">

 <div dir="ltr"> <font face="Arial"> <hr size="1">  <b><span style="font-weight:bold">From:</span></b> Sergey Shishkin &lt;<a rel="nofollow" href="mailto:sergei.shishkin@gmail.com" target="_blank">sergei.shishkin@gmail.com</a>&gt;<br>
 <b><span style="font-weight:bold">To:</span></b>
 <a rel="nofollow" href="mailto:oauth@ietf.org" target="_blank">oauth@ietf.org</a> <br> <b><span style="font-weight:bold">Sent:</span></b> Tuesday, May 15, 2012 5:12 AM<br> <b><span style="font-weight:bold">Subject:</span></b> [OAUTH-WG] OAuth Bearer: Response to an unauthenticated request<br>

 </font> </div><div><div> <br>
<div><div>While designing a hypermedia-driven API I'm evaluating possibilities to use OAuth Bearer tokens for claims-based authorization. Currently I struggle with how to communicate to the API client the way to obtain the token. In a hypermedia-driven manner I don't want the API client to get this information out of band, but rather let the client "just follow the links".</div>


<div><br></div>The Bearer draft [<a href="http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-19#section-3" target="_blank">http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-19#section-3</a>] advises to send a 401 response with a WWW-Authenticate challenge specifying optional realm and scope. The problem here: neither realm nor scope identify the token issuer.&nbsp;<div>


<br></div><div>The OAuth 2.0 draft [<a href="http://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.1.1" target="_blank">http://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.1.1</a>] suggests to redirect the resource owner to the token issuer, IIRC. I like this way from the hypermedia perspective, but still have mixed feelings about missed 401 and WWW-Authenticate challenge.</div>


<div><br></div><div>Did I missed some part of draft covering my scenario? Are there any known grassroots implementations doing just that on the internet? Any opinion on the subject is very much appreciated.</div><div><br>


</div><div>Thanks in advance,</div><div>Sergey</div>
</div><br></div></div><div>_______________________________________________<br>OAuth mailing list<br><a rel="nofollow" href="mailto:OAuth@ietf.org" target="_blank">OAuth@ietf.org</a><br><a rel="nofollow" href="https://www.ietf.org/mailman/listinfo/oauth" target="_blank">https://www.ietf.org/mailman/listinfo/oauth</a><br>

<br><br> </div></div> </div> </blockquote></div>   </div></div></blockquote></div><br>
</div><br><br> </div></div></div> </div> </blockquote></div>   </div></div></blockquote></div><br></div>
_______________________________________________<br>OAuth mailing list<br><a href="mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>https://www.ietf.org/mailman/listinfo/oauth<br></blockquote></div><br></div></body></html>
--Apple-Mail=_AE5F494D-DB05-43F8-AEAC-E851082307B4--

--Apple-Mail=_D0D858D3-24F0-4403-8CCC-1BBF6030B4E5
Content-Disposition: attachment;
	filename=smime.p7s
Content-Type: application/pkcs7-signature;
	name=smime.p7s
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIPnzCCB7Uw
ggadoAMCAQICAh5cMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3Rh
cnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4
MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0Ew
HhcNMTIwMzE4MDQzMjQ4WhcNMTQwMzE5MTEwNzMyWjCBmzEZMBcGA1UEDRMQR3JUTTZMUzdYMzU3
NzhzOTELMAkGA1UEBhMCQ0wxIjAgBgNVBAgTGU1ldHJvcG9saXRhbmEgZGUgU2FudGlhZ28xFjAU
BgNVBAcTDUlzbGEgZGUgTWFpcG8xFTATBgNVBAMTDEpvaG4gQnJhZGxleTEeMBwGCSqGSIb3DQEJ
ARYPamJyYWRsZXlAbWUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskrlBI93
rBTLOQGSwIT6co6dAw/rwDPrRXl6/F2oc4KDn+QN6CdFeHo08H846VJS9CDjLKvnK9jbxxs4wYqe
nKdPb3jgzt8oc7b9ZXtWkOgsxgMf6dBZ/IPm4lWBpCbSr3seDGDXEpiE2lTZXno7c25OguR4E6Qa
hcpHABZjeEWK65mMH25gmoRf5MY1k3quu5y+FCYCHE2iwU5jzq+mI3HmG59+UMFLx1fjV+zTslRw
26cQDC/uepwjeYSp8S26hfWipVWwQj4js/C7RoPtvt2iyeU+LSH81jG4wlAWntiOG1WtoXUuXWSc
ExhciKeKWCnemy9qqmxRfJqBROeGlQIDAQABo4IEDjCCBAowCQYDVR0TBAIwADALBgNVHQ8EBAMC
BLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBQ/A7/CxKEnzpqmZlLz
9iaQMy24eTAfBgNVHSMEGDAWgBSuVYNv7DHKufcd+q9rMfPIHeOsuzB+BgNVHREEdzB1gQ9qYnJh
ZGxleUBtZS5jb22BD2picmFkbGV5QG1lLmNvbYEQamJyYWRsZXlAbWFjLmNvbYERdmU3anRiQHZl
N2p0Yi5jb22BE2picmFkbGV5QHdpbmdhYS5jb22BF2pvaG4uYnJhZGxleUB3aW5nYWEuY29tMIIC
IQYDVR0gBIICGDCCAhQwggIQBgsrBgEEAYG1NwECAjCCAf8wLgYIKwYBBQUHAgEWImh0dHA6Ly93
d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3RhcnRz
c2wuY29tL2ludGVybWVkaWF0ZS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1ZWQgYWNj
b3JkaW5nIHRvIHRoZSBDbGFzcyAyIFZhbGlkYXRpb24gcmVxdWlyZW1lbnRzIG9mIHRoZSBTdGFy
dENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9yIHRoZSBpbnRlbmRlZCBwdXJwb3NlIGlu
IGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlpbmcgcGFydHkgb2JsaWdhdGlvbnMuMIGcBggrBgEFBQcC
AjCBjzAnFiBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgECGmRMaWFiaWxpdHkg
YW5kIHdhcnJhbnRpZXMgYXJlIGxpbWl0ZWQhIFNlZSBzZWN0aW9uICJMZWdhbCBhbmQgTGltaXRh
dGlvbnMiIG9mIHRoZSBTdGFydENvbSBDQSBwb2xpY3kuMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6
Ly9jcmwuc3RhcnRzc2wuY29tL2NydHUyLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8wOQYIKwYB
BQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MyL2NsaWVudC9jYTBCBggr
BgEFBQcwAoY2aHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNzMi5jbGllbnQu
Y2EuY3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQUF
AAOCAQEAEcfD4PmHrX+W3zaP/KsR4gwLAL0UTaMz14SIng6a9F3kb8ZDbTUneS9ubgpqeJQP2IFc
0U5gQnJ3XeCH6p9I88mvm1NqKQw8WvfglS0aIS19vfpTgXJSPdIO2JJPRqaBtXf3zkdXJwckX9/d
NMrLGeGvaFT9fUNdQdHU4BI1pVUpgKr796T7LTc/ERfH8iFp1+CmdVkJ6Y2iJdWUp4h17XmbxbIT
0CdS4SSk/VW8LFsn/mVz6hB73VthwjGsIku54Wp4pRuq1KX+pATnRk3pHRa1z3mxJMmq7OEXENcC
Vm+bAnyUrYbUilNS9UVTYS8/3dVsKiNupBaOZO+vOgJqVDCCB+IwggXKoAMCAQICAQ4wDQYJKoZI
hvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT
IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDI1NFoXDTEyMTAyMjIxMDI1NFowgYwx
CzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGln
aXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAyIFByaW1h
cnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMsohUWcASz7GfKrpTOMKqANy9BV7V0igWdGxA8IU77L3aTxErQ+fcxtDYZ36Z6GH0YFn7fq5RAD
teP0AYzrCA+EQTfi8q1+kA3m0nwtwXG94M5sIqsvs7lRP1aycBke/s5g9hJHryZ2acScnzczjBCA
o7X1v5G3yw8MDP2m2RCye0KfgZ4nODerZJVzhAlOD9YejvAXZqHksw56HzElVIoYSZ3q4+RJuPXX
fIoyby+Y2m1E+YzX5iCZXBx05gk6MKAW1vaw4/v2OOLy6FZH3XHHtOkzUreG//CsFnB9+uaYSlR6
5cdGzTsmoIK8WH1ygoXhRBm98SD7Hf/r3FELNvUCAwEAAaOCA1swggNXMAwGA1UdEwQFMAMBAf8w
CwYDVR0PBAQDAgGmMB0GA1UdDgQWBBSuVYNv7DHKufcd+q9rMfPIHeOsuzCBqAYDVR0jBIGgMIGd
gBROC+8apEBbpRdphzDKNGhD0EGu8qGBgaR/MH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFy
dENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkw
JwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBATAJBgNVHRIEAjAAMD0G
CCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAoYhaHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2Eu
Y3J0MGAGA1UdHwRZMFcwLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwu
Y3JsMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwggFdBgNVHSAEggFU
MIIBUDCCAUwGCysGAQQBgbU3AQEEMIIBOzAvBggrBgEFBQcCARYjaHR0cDovL2NlcnQuc3RhcnRj
b20ub3JnL3BvbGljeS5wZGYwNQYIKwYBBQUHAgEWKWh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9p
bnRlcm1lZGlhdGUucGRmMIHQBggrBgEFBQcCAjCBwzAnFiBTdGFydCBDb21tZXJjaWFsIChTdGFy
dENvbSkgTHRkLjADAgEBGoGXTGltaXRlZCBMaWFiaWxpdHksIHJlYWQgdGhlIHNlY3Rpb24gKkxl
Z2FsIExpbWl0YXRpb25zKiBvZiB0aGUgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
UG9saWN5IGF2YWlsYWJsZSBhdCBodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvcG9saWN5LnBkZjAR
BglghkgBhvhCAQEEBAMCAAcwUAYJYIZIAYb4QgENBEMWQVN0YXJ0Q29tIENsYXNzIDIgUHJpbWFy
eSBJbnRlcm1lZGlhdGUgRnJlZSBTU0wgRW1haWwgQ2VydGlmaWNhdGVzMA0GCSqGSIb3DQEBBQUA
A4ICAQAe9xAX/vbphHkvkDdNrslXWdO7fD3JaqnTT3jmmDu55r7UpW1H/v/J40UBXsw9DKU8TylE
4RwZT5HDAMW42f1x498AzM4FOnL/pUTTvr6BiRlrify5ZovkDYVWjy1GYTJ+hPiBEv0HmHnDxjhn
JIIkEvJ+niMHLLEdpNMhZnxMiTFRAtIF4WeYcpgXBjAxsEDRKBvw40K+r3N4lykySQNp2ElIJ8H1
z2BmhxtppUdWpOVJ4Q1Gvn9jfV1qnMhFCDY+X1X8DrkKrTcpDExcGlefweQs7+DYUK3spiQkJpN7
qpPYlfy2GYHedv7lGa1ZAghMI/4882QVAK2zq6M60nHpOUMtYD61XtAs3ZD5L3yn9LCdeK2j4ZbQ
3uRdwvxAMFWwXyUK/ALP4lCu9QhxbnETOkBWT3FJul4/FUgzM0RRCEGhuQWiOFSoa35XJTcYf/4E
/ZuvOXhK04nUpe7DYTMWzRqL04yyoJQVHKHKSboytueydKuqFZKdJA9gi77OnPBYL/yxkXGgkLC9
tsi77oT4AgZry0/6lgX56ak+f/umQihNPgtKSQQjEYq9S8MlOHzpUM0vxsghATYsdUPBw6r6ZxDH
jXoUAD03DUMEbKsWvqFB7nJNVesngbu8miw1EYLA+fHfTaCidoV3CL75jKqM/KE87qrh9Fqti9bK
qnkvpTGCA2wwggNoAgEBMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk
LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMv
U3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMAkGBSsO
AwIaBQCgggGtMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEyMDUx
NTE3NDUyMFowIwYJKoZIhvcNAQkEMRYEFOUVtjgHnhFrstOghn7uaQ4Fb2UVMIGkBgkrBgEEAYI3
EAQxgZYwgZMwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQL
EyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBD
bGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQICHlwwgaYGCyqGSIb3DQEJEAIL
MYGWoIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xh
c3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMA0GCSqGSIb3DQEBAQUABIIB
AJPL+vv78Ia37aFHnQ/20tKCSdMHcMlfyxG4JnelXS/sCCcTMyPFHCXP03P+bgd9A79Vc3rxQtCc
5zxcrRQwzH25p1eMEpO0b5k61REmRfoOwjnJVBbF8RpNDZECJ2OZ4I8RzPOhvH2dSxTbF9o9lJDo
YmbvnXVrG3uLGgCXXLZ96Na1bNyVnQ94Ox/1QrXv/zPKU10PvMxlXCAGMlchCaGYeYzU7lD78bJE
g41/HSn5hoEXV12f00Bq7dJWgi+2EkbHS3aPlUtB/Aoo9PoJ0VuXChpFENg9F7fggpOrcf2HKmzs
i7p+M+7MZj4j7wiW28PrMg1c67P8KdZHIWyErj8AAAAAAAA=

--Apple-Mail=_D0D858D3-24F0-4403-8CCC-1BBF6030B4E5--

From Hannes.Tschofenig@gmx.net  Tue May 15 14:26:47 2012
Return-Path: <Hannes.Tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F59911E8083 for <oauth@ietfa.amsl.com>; Tue, 15 May 2012 14:26:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.605
X-Spam-Level: 
X-Spam-Status: No, score=-102.605 tagged_above=-999 required=5 tests=[AWL=-0.006, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RjZp7v3XC8we for <oauth@ietfa.amsl.com>; Tue, 15 May 2012 14:26:47 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id 90B6111E8074 for <oauth@ietf.org>; Tue, 15 May 2012 14:26:46 -0700 (PDT)
Received: (qmail invoked by alias); 15 May 2012 21:26:45 -0000
Received: from a88-115-216-191.elisa-laajakaista.fi (EHLO [192.168.100.110]) [88.115.216.191] by mail.gmx.net (mp012) with SMTP; 15 May 2012 23:26:45 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX18VLQQfuHQVeXFq4s3siPIBhSY86PiyM/qtz357lg 92rv+q0LNK1DCz
From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Date: Wed, 16 May 2012 00:26:44 +0300
Message-Id: <42B29A82-D8BA-40B8-9569-B209CBBBC3B7@gmx.net>
To: "oauth@ietf.org WG" <oauth@ietf.org>
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Subject: [OAUTH-WG] Error Registry: Conclusion
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 May 2012 21:26:47 -0000

Hi all,=20

on May 8th we called for consensus on an open issue regarding the =
location of the error registry. Here is the call for comments: =
http://www.ietf.org/mail-archive/web/oauth/current/msg08952.html.=20

Thank you all for the feedback. The consensus is to create the registry =
in the core document.

Section 11.4.1 already sort-of creates sub-registries to illustrate =
where the different errors can be used. This is needed since some of the =
errors may only appear in certain error responses. Hence, we need add =
another one to this list (suggestion: 'resource access error response'). =
In fact, I would prefer IANA to create separate tables for each of these =
sub-registries to avoid confusion for the reader (instead of putting =
everything into a single table).=20

We believe that these changes are really minor and address IESG =
feedback.

Ciao
Hannes & Derek



From eran@hueniverse.com  Tue May 15 15:42:46 2012
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9748321F85C4 for <oauth@ietfa.amsl.com>; Tue, 15 May 2012 15:42:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.559
X-Spam-Level: 
X-Spam-Status: No, score=-2.559 tagged_above=-999 required=5 tests=[AWL=0.040,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4rMOwy9Skam7 for <oauth@ietfa.amsl.com>; Tue, 15 May 2012 15:42:46 -0700 (PDT)
Received: from p3plex2out03.prod.phx3.secureserver.net (p3plex2out03.prod.phx3.secureserver.net [184.168.131.16]) by ietfa.amsl.com (Postfix) with ESMTP id 087BC21F85BD for <oauth@ietf.org>; Tue, 15 May 2012 15:42:45 -0700 (PDT)
Received: from P3PWEX2HT001.ex2.secureserver.net ([184.168.131.9]) by p3plex2out03.prod.phx3.secureserver.net with bizsmtp id ANil1j0040CJzpC01NilMU; Tue, 15 May 2012 15:42:45 -0700
Received: from P3PWEX2MB008.ex2.secureserver.net ([169.254.8.88]) by P3PWEX2HT001.ex2.secureserver.net ([184.168.131.9]) with mapi id 14.02.0247.003; Tue, 15 May 2012 15:42:45 -0700
From: Eran Hammer <eran@hueniverse.com>
To: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>, "oauth@ietf.org WG" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Error Registry: Conclusion
Thread-Index: AQHNMuFwtP9879I68kmlwW7Kuf94GpbLY1uQ
Date: Tue, 15 May 2012 22:42:45 +0000
Message-ID: <0CBAEB56DDB3A140BA8E8C124C04ECA2010329B8@P3PWEX2MB008.ex2.secureserver.net>
References: <42B29A82-D8BA-40B8-9569-B209CBBBC3B7@gmx.net>
In-Reply-To: <42B29A82-D8BA-40B8-9569-B209CBBBC3B7@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [64.74.213.174]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] Error Registry: Conclusion
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 May 2012 22:42:46 -0000

In order to make the prescribed change, new text is needed:

* New subsection for section 7 (Accessing Protected Resources) providing gu=
idelines for use of the new 'resource access error response' error registry=
:

   1. What are the valid cases in which a 'resource access error response' =
may be registered:
      - OAuth-related HTTP authentication schemes? E.g. Bearer.
      - General purpose HTTP authentication schemes with OAuth binding? E.g=
. MAC.
      - Other HTTP authentication schemes not related or useable with OAuth=
? E.g. Digest-like

   2. Clarify how the parameter may be transmitted (e.g. HTTP authenticatio=
n headers, response payload)?
=20
   3. Any requirement or recommendation to opt-into the registry by future =
OAuth or other authentication schemes (e.g. MAC)?

* New text for explaining the new location for section 8.5

   1. Text for any changes in the parameter value character set to align wi=
th common transport restrictions for protected resources errors

* New text for publishing each parameter location in a separate table for s=
ection 11.4.1

   1. Is there a requirement for a parameter to carry the same meaning acro=
ss locations, now that each location is registered in a separate record?
   2. Clarify registration process for parameter used across locations (mul=
tiple entries or one template?).

As soon as the new text is posted to the list and agreed upon by the workin=
g group, I will make the change to the document.

EH



> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf
> Of Hannes Tschofenig
> Sent: Tuesday, May 15, 2012 2:27 PM
> To: oauth@ietf.org WG
> Subject: [OAUTH-WG] Error Registry: Conclusion
>=20
> Hi all,
>=20
> on May 8th we called for consensus on an open issue regarding the locatio=
n
> of the error registry. Here is the call for comments:
> http://www.ietf.org/mail-archive/web/oauth/current/msg08952.html.
>=20
> Thank you all for the feedback. The consensus is to create the registry i=
n the
> core document.
>=20
> Section 11.4.1 already sort-of creates sub-registries to illustrate where=
 the
> different errors can be used. This is needed since some of the errors may
> only appear in certain error responses. Hence, we need add another one to
> this list (suggestion: 'resource access error response'). In fact, I woul=
d prefer
> IANA to create separate tables for each of these sub-registries to avoid
> confusion for the reader (instead of putting everything into a single tab=
le).
>=20
> We believe that these changes are really minor and address IESG feedback.
>=20
> Ciao
> Hannes & Derek
>=20
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

From eran@hueniverse.com  Tue May 15 18:41:40 2012
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6491811E80AF for <oauth@ietfa.amsl.com>; Tue, 15 May 2012 18:41:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.559
X-Spam-Level: 
X-Spam-Status: No, score=-2.559 tagged_above=-999 required=5 tests=[AWL=0.039,  BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OWlpwxcTgopR for <oauth@ietfa.amsl.com>; Tue, 15 May 2012 18:41:40 -0700 (PDT)
Received: from p3plex2out03.prod.phx3.secureserver.net (p3plex2out03.prod.phx3.secureserver.net [184.168.131.16]) by ietfa.amsl.com (Postfix) with ESMTP id DDA4D11E80B0 for <oauth@ietf.org>; Tue, 15 May 2012 18:41:39 -0700 (PDT)
Received: from P3PWEX2HT003.ex2.secureserver.net ([184.168.131.11]) by p3plex2out03.prod.phx3.secureserver.net with bizsmtp id ARhf1j0020EuLVk01Rhfg8; Tue, 15 May 2012 18:41:39 -0700
Received: from P3PWEX2MB008.ex2.secureserver.net ([169.254.8.88]) by P3PWEX2HT003.ex2.secureserver.net ([184.168.131.11]) with mapi id 14.02.0247.003; Tue, 15 May 2012 18:41:38 -0700
From: Eran Hammer <eran@hueniverse.com>
To: "oauth@ietf.org WG (oauth@ietf.org)" <oauth@ietf.org>
Thread-Topic: MAC Token draft
Thread-Index: Ac0zBJqHVinitBNqTfK/xJbnQVk6bQ==
Date: Wed, 16 May 2012 01:41:38 +0000
Message-ID: <0CBAEB56DDB3A140BA8E8C124C04ECA2010335A4@P3PWEX2MB008.ex2.secureserver.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [64.74.213.174]
Content-Type: multipart/alternative; boundary="_000_0CBAEB56DDB3A140BA8E8C124C04ECA2010335A4P3PWEX2MB008ex2_"
MIME-Version: 1.0
Subject: [OAUTH-WG] MAC Token draft
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 May 2012 01:41:40 -0000

--_000_0CBAEB56DDB3A140BA8E8C124C04ECA2010335A4P3PWEX2MB008ex2_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I am stepping down from my role as editor of the MAC token specification. I=
 do not intend to participate in this work moving forward. I will forward m=
y notes to the next editor if requested.

EH

--_000_0CBAEB56DDB3A140BA8E8C124C04ECA2010335A4P3PWEX2MB008ex2_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-family:"Calibri","sans-serif";}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal">I am stepping down from my role as editor of the MAC=
 token specification. I do not intend to participate in this work moving fo=
rward. I will forward my notes to the next editor if requested.<o:p></o:p><=
/p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">EH<o:p></o:p></p>
</div>
</body>
</html>

--_000_0CBAEB56DDB3A140BA8E8C124C04ECA2010335A4P3PWEX2MB008ex2_--

From James.H.Manger@team.telstra.com  Tue May 15 22:30:22 2012
Return-Path: <James.H.Manger@team.telstra.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B342F21F864E for <oauth@ietfa.amsl.com>; Tue, 15 May 2012 22:30:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.777
X-Spam-Level: 
X-Spam-Status: No, score=-0.777 tagged_above=-999 required=5 tests=[AWL=0.123,  BAYES_00=-2.599, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, HTML_MESSAGE=0.001, RELAY_IS_203=0.994]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DnGpQGU4m0X5 for <oauth@ietfa.amsl.com>; Tue, 15 May 2012 22:30:19 -0700 (PDT)
Received: from ipxavo.tcif.telstra.com.au (ipxavo.tcif.telstra.com.au [203.35.135.200]) by ietfa.amsl.com (Postfix) with ESMTP id 5F2CA21F864B for <oauth@ietf.org>; Tue, 15 May 2012 22:30:16 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.75,601,1330866000"; d="scan'208,217";a="73998690"
Received: from unknown (HELO ipccvi.tcif.telstra.com.au) ([10.97.217.208]) by ipoavi.tcif.telstra.com.au with ESMTP; 16 May 2012 15:30:15 +1000
X-IronPort-AV: E=McAfee;i="5400,1158,6712"; a="62751752"
Received: from wsmsg3707.srv.dir.telstra.com ([172.49.40.81]) by ipccvi.tcif.telstra.com.au with ESMTP; 16 May 2012 15:30:15 +1000
Received: from WSMSG3153V.srv.dir.telstra.com ([172.49.40.159]) by wsmsg3707.srv.dir.telstra.com ([172.49.40.81]) with mapi; Wed, 16 May 2012 15:30:14 +1000
From: "Manger, James H" <James.H.Manger@team.telstra.com>
To: Sergey Shishkin <sergei.shishkin@gmail.com>, "oauth@ietf.org" <oauth@ietf.org>
Date: Wed, 16 May 2012 15:30:13 +1000
Thread-Topic: [OAUTH-WG] OAuth Bearer: Response to an unauthenticated request
Thread-Index: Ac0ywo5y1r9Nbbf7Rfie5+KPY2C3kQAXOQVg
Message-ID: <255B9BB34FB7D647A506DC292726F6E114F2E1B22B@WSMSG3153V.srv.dir.telstra.com>
References: <CA+tG_hWL4H4jkc0ASw-JQSY-akbQ2myv_m3tRm_pXHd8ghU9HA@mail.gmail.com> <1337097864.46559.YahooMailNeo@web31805.mail.mud.yahoo.com> <CA+tG_hUv9vnVxEq02pGtMGT_UnjLSJZyAxN8rvFjsHgDM-ZgxQ@mail.gmail.com> <1337099057.36064.YahooMailNeo@web31812.mail.mud.yahoo.com> <CA+tG_hU-mCp-RpfJBTbW2db0mWste46PMdtK-5N3ucCPpyq2EA@mail.gmail.com> <C341CDE7-246C-4F09-A754-E6AD57D4F03B@ve7jtb.com>
In-Reply-To: <C341CDE7-246C-4F09-A754-E6AD57D4F03B@ve7jtb.com>
Accept-Language: en-US, en-AU
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US, en-AU
Content-Type: multipart/alternative; boundary="_000_255B9BB34FB7D647A506DC292726F6E114F2E1B22BWSMSG3153Vsrv_"
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] OAuth Bearer: Response to an unauthenticated request
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 May 2012 05:30:22 -0000

--_000_255B9BB34FB7D647A506DC292726F6E114F2E1B22BWSMSG3153Vsrv_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Sergey,

A hypermedia-driven (RESTful) API should be able to use OAuth. Unfortunatel=
y, OAuth does not have a RESTful design.

Most APIs require client apps (not just the user) to be pre-registered with=
 the service. That seems to have made hypermedia-driven design less importa=
nt - if a client app has to explicitly register with a service it may as we=
ll learn details like the authorization URI at registration time as well.

A WWW-Authenticate response header that identifies an authorization server =
(AS) would be a great hypermedia-driven solution. It tells the client app w=
hich AS a service trusts. The client app can then get a token. Before sendi=
ng a AS-issued token to the original service the client app needs to know t=
he AS trusts that service. Unfortunately this detail is missing from OAuth:=
 tokens are issued with no indication of where they can safely be used [htt=
p://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.1.4].

--
James Manger

From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of J=
ohn Bradley
Sent: Wednesday, 16 May 2012 3:45 AM
To: Sergey Shishkin
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] OAuth Bearer: Response to an unauthenticated reques=
t

The danger is a bad resource,  If that can redirect the client to a arbitra=
ry AS to phish the resource owner's credentials that is a bad thing.

The presumption is that the client knows where the trusted AS for that reso=
urce is, and if it needs to discover it that is a much bigger issue.

In the IMAP case the client probably needs to do discovery on the identifie=
r itself to figure out where to send the user.

John B.
On 2012-05-15, at 1:18 PM, Sergey Shishkin wrote:


Bill,

it might be me misreading the Implicit Grant Flow, but I understood it like=
 this:

1. client tries to get a resource from server;
2. server redirects client to auth-service;
3. client authenticates against auth-service (HTTP Basic or whatever);
4. auth-service redirects client back to the resource;
5. client tries to get the resource providing the token.

In step 3 the client is of course responsible for protecting its password f=
rom phishing, so auth-service should authenticate itself with a certificate=
.

Am I right? If, yes my idea was to use this flow while choosing a standardi=
zed token - Bearer. But Bearer insists on 401 instead of redirects and that=
 confused me.

Sergey

On Tue, May 15, 2012 at 6:24 PM, William Mills <wmills@yahoo-inc.com<mailto=
:wmills@yahoo-inc.com>> wrote:
You can hard configure it into your client, that's safe.  The problem comes=
 when the client can be sent to an arbitrary, possibly phishing, site to do=
 authentication.  If the client supports the password grant then it probabl=
y just hands in the username and password without user interaction.

-bill

________________________________
From: Sergey Shishkin <sergei.shishkin@gmail.com<mailto:sergei.shishkin@gma=
il.com>>
To: William Mills <wmills@yahoo-inc.com<mailto:wmills@yahoo-inc.com>>
Cc: "oauth@ietf.org<mailto:oauth@ietf.org>" <oauth@ietf.org<mailto:oauth@ie=
tf.org>>
Sent: Tuesday, May 15, 2012 9:09 AM
Subject: Re: [OAUTH-WG] OAuth Bearer: Response to an unauthenticated reques=
t

In my scenario I control both the resource provider and the token issuer an=
d I'm fine with the resource provider knowing the issuer. So, discovery is =
not needed. Or do I miss something?
On Tue, May 15, 2012 at 6:04 PM, William Mills <wmills@yahoo-inc.com<mailto=
:wmills@yahoo-inc.com>> wrote:
Yes, what you're running across here is the "discovery" problem.  How do yo=
u discover the authentication endpoints for a service.  Unfortunately it tu=
rns out returning that as part of the 401 has big security concerns.  It's =
still being figured out.

________________________________
From: Sergey Shishkin <sergei.shishkin@gmail.com<mailto:sergei.shishkin@gma=
il.com>>
To: oauth@ietf.org<mailto:oauth@ietf.org>
Sent: Tuesday, May 15, 2012 5:12 AM
Subject: [OAUTH-WG] OAuth Bearer: Response to an unauthenticated request

While designing a hypermedia-driven API I'm evaluating possibilities to use=
 OAuth Bearer tokens for claims-based authorization. Currently I struggle w=
ith how to communicate to the API client the way to obtain the token. In a =
hypermedia-driven manner I don't want the API client to get this informatio=
n out of band, but rather let the client "just follow the links".

The Bearer draft [http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-19#=
section-3] advises to send a 401 response with a WWW-Authenticate challenge=
 specifying optional realm and scope. The problem here: neither realm nor s=
cope identify the token issuer.

The OAuth 2.0 draft [http://tools.ietf.org/html/draft-ietf-oauth-v2-26#sect=
ion-4.1.1] suggests to redirect the resource owner to the token issuer, IIR=
C. I like this way from the hypermedia perspective, but still have mixed fe=
elings about missed 401 and WWW-Authenticate challenge.

Did I missed some part of draft covering my scenario? Are there any known g=
rassroots implementations doing just that on the internet? Any opinion on t=
he subject is very much appreciated.

Thanks in advance,
Sergey

_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth




_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth


--_000_255B9BB34FB7D647A506DC292726F6E114F2E1B22BWSMSG3153Vsrv_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:x=3D"urn:schemas-microsoft-com:office:excel" xmlns:p=3D"urn:schemas-m=
icrosoft-com:office:powerpoint" xmlns:a=3D"urn:schemas-microsoft-com:office=
:access" xmlns:dt=3D"uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s=3D"=
uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs=3D"urn:schemas-microsof=
t-com:rowset" xmlns:z=3D"#RowsetSchema" xmlns:b=3D"urn:schemas-microsoft-co=
m:office:publisher" xmlns:ss=3D"urn:schemas-microsoft-com:office:spreadshee=
t" xmlns:c=3D"urn:schemas-microsoft-com:office:component:spreadsheet" xmlns=
:odc=3D"urn:schemas-microsoft-com:office:odc" xmlns:oa=3D"urn:schemas-micro=
soft-com:office:activation" xmlns:html=3D"http://www.w3.org/TR/REC-html40" =
xmlns:q=3D"http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc=3D"http://m=
icrosoft.com/officenet/conferencing" xmlns:D=3D"DAV:" xmlns:Repl=3D"http://=
schemas.microsoft.com/repl/" xmlns:mt=3D"http://schemas.microsoft.com/share=
point/soap/meetings/" xmlns:x2=3D"http://schemas.microsoft.com/office/excel=
/2003/xml" xmlns:ppda=3D"http://www.passport.com/NameSpace.xsd" xmlns:ois=
=3D"http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir=3D"http://=
schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds=3D"http://www.w3=
.org/2000/09/xmldsig#" xmlns:dsp=3D"http://schemas.microsoft.com/sharepoint=
/dsp" xmlns:udc=3D"http://schemas.microsoft.com/data/udc" xmlns:xsd=3D"http=
://www.w3.org/2001/XMLSchema" xmlns:sub=3D"http://schemas.microsoft.com/sha=
repoint/soap/2002/1/alerts/" xmlns:ec=3D"http://www.w3.org/2001/04/xmlenc#"=
 xmlns:sp=3D"http://schemas.microsoft.com/sharepoint/" xmlns:sps=3D"http://=
schemas.microsoft.com/sharepoint/soap/" xmlns:xsi=3D"http://www.w3.org/2001=
/XMLSchema-instance" xmlns:udcs=3D"http://schemas.microsoft.com/data/udc/so=
ap" xmlns:udcxf=3D"http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udc=
p2p=3D"http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf=3D"http:/=
/schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss=3D"http://sche=
mas.microsoft.com/office/2006/digsig-setup" xmlns:dssi=3D"http://schemas.mi=
crosoft.com/office/2006/digsig" xmlns:mdssi=3D"http://schemas.openxmlformat=
s.org/package/2006/digital-signature" xmlns:mver=3D"http://schemas.openxmlf=
ormats.org/markup-compatibility/2006" xmlns:m=3D"http://schemas.microsoft.c=
om/office/2004/12/omml" xmlns:mrels=3D"http://schemas.openxmlformats.org/pa=
ckage/2006/relationships" xmlns:spwp=3D"http://microsoft.com/sharepoint/web=
partpages" xmlns:ex12t=3D"http://schemas.microsoft.com/exchange/services/20=
06/types" xmlns:ex12m=3D"http://schemas.microsoft.com/exchange/services/200=
6/messages" xmlns:pptsl=3D"http://schemas.microsoft.com/sharepoint/soap/Sli=
deLibrary/" xmlns:spsl=3D"http://microsoft.com/webservices/SharePointPortal=
Server/PublishedLinksService" xmlns:Z=3D"urn:schemas-microsoft-com:" xmlns:=
st=3D"&#1;" xmlns=3D"http://www.w3.org/TR/REC-html40"><head><meta http-equi=
v=3DContent-Type content=3D"text/html; charset=3Dus-ascii"><meta name=3DGen=
erator content=3D"Microsoft Word 12 (filtered medium)"><!--[if !mso]><style=
>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal-reply;
	font-family:"Calibri","sans-serif";
	color:#1F497D;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:10.0pt;}
@page WordSection1
	{size:612.0pt 792.0pt;
	margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]--></head><body lang=3DEN-AU link=3Dblue vli=
nk=3Dpurple style=3D'word-wrap: break-word;-webkit-nbsp-mode: space;-webkit=
-line-break: after-white-space'><div class=3DWordSection1><p class=3DMsoNor=
mal><span style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";colo=
r:#1F497D'>Sergey,<o:p></o:p></span></p><p class=3DMsoNormal><span style=3D=
'font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p>&n=
bsp;</o:p></span></p><p class=3DMsoNormal><span style=3D'font-size:11.0pt;f=
ont-family:"Calibri","sans-serif";color:#1F497D'>A hypermedia-driven (RESTf=
ul) API should be able to use OAuth. Unfortunately, OAuth does not have a R=
ESTful design.<o:p></o:p></span></p><p class=3DMsoNormal><span style=3D'fon=
t-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p>&nbsp;=
</o:p></span></p><p class=3DMsoNormal><span style=3D'font-size:11.0pt;font-=
family:"Calibri","sans-serif";color:#1F497D'>Most APIs require client apps =
(not just the user) to be pre-registered with the service. That seems to ha=
ve made hypermedia-driven design less important &#8212; if a client app has=
 to explicitly register with a service it may as well learn details like th=
e authorization URI at registration time as well.<o:p></o:p></span></p><p c=
lass=3DMsoNormal><span style=3D'font-size:11.0pt;font-family:"Calibri","san=
s-serif";color:#1F497D'><o:p>&nbsp;</o:p></span></p><p class=3DMsoNormal><s=
pan style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F4=
97D'>A WWW-Authenticate response header that identifies an authorization se=
rver (AS) would be a great hypermedia-driven solution. It tells the client =
app which AS a service trusts. The client app can then get a token. Before =
sending a AS-issued token to the original service the client app needs to k=
now the AS trusts that service. Unfortunately this detail is missing from O=
Auth: tokens are issued with no indication of where they can safely be used=
 [</span><a href=3D"http://tools.ietf.org/html/draft-ietf-oauth-v2-26#secti=
on-4.1.4">http://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.1.4</=
a>]<span style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";color=
:#1F497D'>.<o:p></o:p></span></p><p class=3DMsoNormal><span style=3D'font-s=
ize:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p>&nbsp;</o=
:p></span></p><div><p class=3DMsoNormal><span style=3D'font-size:11.0pt;fon=
t-family:"Calibri","sans-serif";color:#1F497D'>--<o:p></o:p></span></p><p c=
lass=3DMsoNormal><span style=3D'font-size:11.0pt;font-family:"Calibri","san=
s-serif";color:#1F497D'>James Manger<o:p></o:p></span></p></div><p class=3D=
MsoNormal><span style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif=
";color:#1F497D'><o:p>&nbsp;</o:p></span></p><div><div style=3D'border:none=
;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=3DMsoNo=
rmal><b><span lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Tahoma","=
sans-serif"'>From:</span></b><span lang=3DEN-US style=3D'font-size:10.0pt;f=
ont-family:"Tahoma","sans-serif"'> oauth-bounces@ietf.org [mailto:oauth-bou=
nces@ietf.org] <b>On Behalf Of </b>John Bradley<br><b>Sent:</b> Wednesday, =
16 May 2012 3:45 AM<br><b>To:</b> Sergey Shishkin<br><b>Cc:</b> oauth@ietf.=
org<br><b>Subject:</b> Re: [OAUTH-WG] OAuth Bearer: Response to an unauthen=
ticated request<o:p></o:p></span></p></div></div><p class=3DMsoNormal><o:p>=
&nbsp;</o:p></p><p class=3DMsoNormal>The danger is a bad resource, &nbsp;If=
 that can redirect the client to a arbitrary AS to phish the resource owner=
's credentials that is a bad thing.<o:p></o:p></p><div><p class=3DMsoNormal=
><o:p>&nbsp;</o:p></p></div><div><p class=3DMsoNormal>The presumption is th=
at the client knows where the trusted AS for that resource is, and if it ne=
eds to discover it that is a much bigger issue.<o:p></o:p></p></div><div><p=
 class=3DMsoNormal><o:p>&nbsp;</o:p></p></div><div><p class=3DMsoNormal>In =
the IMAP case the client probably needs to do discovery on the identifier i=
tself to figure out where to send the user.<o:p></o:p></p></div><div><p cla=
ss=3DMsoNormal><o:p>&nbsp;</o:p></p></div><div><p class=3DMsoNormal>John B.=
<o:p></o:p></p><div><div><p class=3DMsoNormal>On 2012-05-15, at 1:18 PM, Se=
rgey Shishkin wrote:<o:p></o:p></p></div><p class=3DMsoNormal><br><br><o:p>=
</o:p></p><p class=3DMsoNormal>Bill,<o:p></o:p></p><div><p class=3DMsoNorma=
l><o:p>&nbsp;</o:p></p></div><div><p class=3DMsoNormal>it might be me misre=
ading the Implicit Grant Flow, but I understood it like this:<o:p></o:p></p=
></div><div><p class=3DMsoNormal><o:p>&nbsp;</o:p></p></div><div><p class=
=3DMsoNormal>1. client tries to get a resource from server;<o:p></o:p></p><=
/div><div><p class=3DMsoNormal>2. server redirects client to auth-service;<=
o:p></o:p></p></div><div><p class=3DMsoNormal>3. client authenticates again=
st auth-service (HTTP Basic or whatever);<o:p></o:p></p></div><div><p class=
=3DMsoNormal>4. auth-service redirects client back to the resource;<o:p></o=
:p></p></div><div><p class=3DMsoNormal>5. client tries to get the resource =
providing the token.<o:p></o:p></p></div><div><p class=3DMsoNormal><o:p>&nb=
sp;</o:p></p></div><div><p class=3DMsoNormal>In step 3 the client is of cou=
rse responsible for protecting its password from phishing, so auth-service =
should authenticate itself with a certificate.<o:p></o:p></p></div><div><p =
class=3DMsoNormal><o:p>&nbsp;</o:p></p></div><div><p class=3DMsoNormal>Am I=
 right? If, yes my idea was to use this flow while choosing a standardized =
token - Bearer. But Bearer insists on 401 instead of redirects and that con=
fused me.<o:p></o:p></p></div><div><p class=3DMsoNormal><o:p>&nbsp;</o:p></=
p></div><div><p class=3DMsoNormal>Sergey<o:p></o:p></p></div><div><p class=
=3DMsoNormal><o:p>&nbsp;</o:p></p><div><p class=3DMsoNormal>On Tue, May 15,=
 2012 at 6:24 PM, William Mills &lt;<a href=3D"mailto:wmills@yahoo-inc.com"=
 target=3D"_blank">wmills@yahoo-inc.com</a>&gt; wrote:<o:p></o:p></p><div><=
div><div><p class=3DMsoNormal><span style=3D'font-size:14.0pt;font-family:"=
Courier New"'>You can hard configure it into your client, that's safe.&nbsp=
; The problem comes when the client can be sent to an arbitrary, possibly p=
hishing, site to do authentication.&nbsp; If the client supports the passwo=
rd grant then it probably just hands in the username and password without u=
ser interaction.<o:p></o:p></span></p></div><div><p class=3DMsoNormal><span=
 style=3D'font-size:14.0pt;font-family:"Courier New"'><o:p>&nbsp;</o:p></sp=
an></p></div><div><p class=3DMsoNormal><span style=3D'font-size:14.0pt;font=
-family:"Courier New"'>-bill<o:p></o:p></span></p></div><div><blockquote st=
yle=3D'border:none;border-left:solid #1010FF 1.5pt;padding:0cm 0cm 0cm 4.0p=
t;margin-left:3.75pt;margin-top:3.75pt;margin-bottom:5.0pt'><p class=3DMsoN=
ormal><span style=3D'font-size:14.0pt;font-family:"Courier New"'><o:p>&nbsp=
;</o:p></span></p><div><div><div><div><div class=3DMsoNormal align=3Dcenter=
 style=3D'text-align:center'><span style=3D'font-family:"Arial","sans-serif=
"'><hr size=3D1 width=3D"100%" align=3Dcenter></span></div><p class=3DMsoNo=
rmal><b><span style=3D'font-family:"Arial","sans-serif"'>From:</span></b><s=
pan style=3D'font-family:"Arial","sans-serif"'> Sergey Shishkin &lt;<a href=
=3D"mailto:sergei.shishkin@gmail.com" target=3D"_blank">sergei.shishkin@gma=
il.com</a>&gt;<o:p></o:p></span></p></div><p class=3DMsoNormal><b><span sty=
le=3D'font-family:"Arial","sans-serif"'>To:</span></b><span style=3D'font-f=
amily:"Arial","sans-serif"'> William Mills &lt;<a href=3D"mailto:wmills@yah=
oo-inc.com" target=3D"_blank">wmills@yahoo-inc.com</a>&gt; <br><b>Cc:</b> &=
quot;<a href=3D"mailto:oauth@ietf.org" target=3D"_blank">oauth@ietf.org</a>=
&quot; &lt;<a href=3D"mailto:oauth@ietf.org" target=3D"_blank">oauth@ietf.o=
rg</a>&gt; <br><b>Sent:</b> Tuesday, May 15, 2012 9:09 AM<br><b>Subject:</b=
> Re: [OAUTH-WG] OAuth Bearer: Response to an unauthenticated request</span=
><o:p></o:p></p></div><div><div><p class=3DMsoNormal><o:p>&nbsp;</o:p></p><=
div><p class=3DMsoNormal style=3D'margin-bottom:12.0pt'>In my scenario I co=
ntrol both the resource provider and the token issuer and I'm fine with the=
 resource provider knowing the issuer. So, discovery is not needed. Or do I=
 miss something?<o:p></o:p></p><div><p class=3DMsoNormal>On Tue, May 15, 20=
12 at 6:04 PM, William Mills &lt;<a href=3D"mailto:wmills@yahoo-inc.com" ta=
rget=3D"_blank">wmills@yahoo-inc.com</a>&gt; wrote:<o:p></o:p></p><div><div=
><div><p class=3DMsoNormal><span style=3D'font-size:14.0pt;font-family:"Cou=
rier New"'>Yes, what you're running across here is the &quot;discovery&quot=
; problem.&nbsp; How do you discover the authentication endpoints for a ser=
vice.&nbsp; Unfortunately it turns out returning that as part of the 401 ha=
s big security concerns.&nbsp; It's still being figured out.<o:p></o:p></sp=
an></p></div><div><blockquote style=3D'border:none;border-left:solid #1010F=
F 1.5pt;padding:0cm 0cm 0cm 4.0pt;margin-left:3.75pt;margin-top:3.75pt;marg=
in-bottom:5.0pt'><p class=3DMsoNormal><span style=3D'font-size:14.0pt;font-=
family:"Courier New"'><o:p>&nbsp;</o:p></span></p><div><div><div><div class=
=3DMsoNormal align=3Dcenter style=3D'text-align:center'><span style=3D'font=
-family:"Arial","sans-serif"'><hr size=3D1 width=3D"100%" align=3Dcenter></=
span></div><p class=3DMsoNormal><b><span style=3D'font-family:"Arial","sans=
-serif"'>From:</span></b><span style=3D'font-family:"Arial","sans-serif"'> =
Sergey Shishkin &lt;<a href=3D"mailto:sergei.shishkin@gmail.com" target=3D"=
_blank">sergei.shishkin@gmail.com</a>&gt;<br><b>To:</b> <a href=3D"mailto:o=
auth@ietf.org" target=3D"_blank">oauth@ietf.org</a> <br><b>Sent:</b> Tuesda=
y, May 15, 2012 5:12 AM<br><b>Subject:</b> [OAUTH-WG] OAuth Bearer: Respons=
e to an unauthenticated request</span><o:p></o:p></p></div><div><div><p cla=
ss=3DMsoNormal><o:p>&nbsp;</o:p></p><div><div><p class=3DMsoNormal>While de=
signing a hypermedia-driven API I'm evaluating possibilities to use OAuth B=
earer tokens for claims-based authorization. Currently I struggle with how =
to communicate to the API client the way to obtain the token. In a hypermed=
ia-driven manner I don't want the API client to get this information out of=
 band, but rather let the client &quot;just follow the links&quot;.<o:p></o=
:p></p></div><div><p class=3DMsoNormal><o:p>&nbsp;</o:p></p></div><p class=
=3DMsoNormal>The Bearer draft [<a href=3D"http://tools.ietf.org/html/draft-=
ietf-oauth-v2-bearer-19#section-3" target=3D"_blank">http://tools.ietf.org/=
html/draft-ietf-oauth-v2-bearer-19#section-3</a>] advises to send a 401 res=
ponse with a WWW-Authenticate challenge specifying optional realm and scope=
. The problem here: neither realm nor scope identify the token issuer.&nbsp=
;<o:p></o:p></p><div><p class=3DMsoNormal><o:p>&nbsp;</o:p></p></div><div><=
p class=3DMsoNormal>The OAuth 2.0 draft [<a href=3D"http://tools.ietf.org/h=
tml/draft-ietf-oauth-v2-26#section-4.1.1" target=3D"_blank">http://tools.ie=
tf.org/html/draft-ietf-oauth-v2-26#section-4.1.1</a>] suggests to redirect =
the resource owner to the token issuer, IIRC. I like this way from the hype=
rmedia perspective, but still have mixed feelings about missed 401 and WWW-=
Authenticate challenge.<o:p></o:p></p></div><div><p class=3DMsoNormal><o:p>=
&nbsp;</o:p></p></div><div><p class=3DMsoNormal>Did I missed some part of d=
raft covering my scenario? Are there any known grassroots implementations d=
oing just that on the internet? Any opinion on the subject is very much app=
reciated.<o:p></o:p></p></div><div><p class=3DMsoNormal><o:p>&nbsp;</o:p></=
p></div><div><p class=3DMsoNormal>Thanks in advance,<o:p></o:p></p></div><d=
iv><p class=3DMsoNormal>Sergey<o:p></o:p></p></div></div><p class=3DMsoNorm=
al><o:p>&nbsp;</o:p></p></div></div><div><p class=3DMsoNormal style=3D'marg=
in-bottom:12.0pt'>_______________________________________________<br>OAuth =
mailing list<br><a href=3D"mailto:OAuth@ietf.org" target=3D"_blank">OAuth@i=
etf.org</a><br><a href=3D"https://www.ietf.org/mailman/listinfo/oauth" targ=
et=3D"_blank">https://www.ietf.org/mailman/listinfo/oauth</a><br><br><o:p><=
/o:p></p></div></div></div></blockquote></div></div></div></div><p class=3D=
MsoNormal><o:p>&nbsp;</o:p></p></div><p class=3DMsoNormal style=3D'margin-b=
ottom:12.0pt'><o:p>&nbsp;</o:p></p></div></div></div></div></blockquote></d=
iv></div></div></div><p class=3DMsoNormal><o:p>&nbsp;</o:p></p></div><p cla=
ss=3DMsoNormal>_______________________________________________<br>OAuth mai=
ling list<br><a href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>https:=
//www.ietf.org/mailman/listinfo/oauth<o:p></o:p></p></div><p class=3DMsoNor=
mal><o:p>&nbsp;</o:p></p></div></div></body></html>=

--_000_255B9BB34FB7D647A506DC292726F6E114F2E1B22BWSMSG3153Vsrv_--

From wmills@yahoo-inc.com  Tue May 15 23:12:07 2012
Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBBC221F8758 for <oauth@ietfa.amsl.com>; Tue, 15 May 2012 23:12:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.181
X-Spam-Level: 
X-Spam-Status: No, score=-17.181 tagged_above=-999 required=5 tests=[AWL=0.417, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DipbSvIaweHE for <oauth@ietfa.amsl.com>; Tue, 15 May 2012 23:12:06 -0700 (PDT)
Received: from nm12-vm1.bullet.mail.ne1.yahoo.com (nm12-vm1.bullet.mail.ne1.yahoo.com [98.138.91.41]) by ietfa.amsl.com (Postfix) with SMTP id 3B41621F875A for <oauth@ietf.org>; Tue, 15 May 2012 23:12:05 -0700 (PDT)
Received: from [98.138.90.48] by nm12.bullet.mail.ne1.yahoo.com with NNFMP; 16 May 2012 06:12:02 -0000
Received: from [98.138.88.239] by tm1.bullet.mail.ne1.yahoo.com with NNFMP; 16 May 2012 06:12:02 -0000
Received: from [127.0.0.1] by omp1039.mail.ne1.yahoo.com with NNFMP; 16 May 2012 06:12:02 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 502752.67484.bm@omp1039.mail.ne1.yahoo.com
Received: (qmail 38679 invoked by uid 60001); 16 May 2012 06:12:02 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1337148721; bh=3UFPpdHPsdyPLJMqZ+jlmNipo1gS7qfxQ1Cp+lOIEw4=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=PUMUjzYT65HQlZwjClO1GhXbNzBjX/zmoNO1CbJAAUOr5pAPeNREQ/nhGtOLVFYnBnrx3TyXkzxV9F0XzoMR/hJAzPSNh0COSchj8aLnX5AB/IGis1eyf/dysfyGhnFaFX/pCjhtEd65/Dka9P/+wnuiaf4raqE8kxgfUarxBtw=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=OmTF7rx6CJ1GGUxXgi/h7+rUsv1AP3RTDrfEC7abs5ug0AWFyY8OqMgRHZbfXrKArxUBLCxwzO4+HFZkFB5Cae78NuG4IJ3voHuAzN2QuOWpIg5QVajs7zht/7O53mp9gETTja8yCiQTzOM2BJxrX8/IF+wA0ptvzX9usWpTfTg=;
X-YMail-OSG: nYRdOZAVM1mLrkAV8IzqfoIBE518xxONj119nvwHQ8pZbp. yfVOkuOIxKJlUaiTikn.R0CPHjy4pRqMjO4fVg2YpqTwB5.2FztFfEUOdkAf GG4fBvV.kjmXL25yea.bDuv.Q4i0UQ9FIY5ZsnbRrxSTXyd_5yJI1SlRXFM8 Jc8omEoTaJ82Wgasi9PkNlmzaqqc5XD4JAhwiPGQ8egHm7nOSiE1W6kPYiYY .T.qptHseg_9U3xhsGiGdwTn7zWscKRRcqlaNaoOR.4XMqkaOWLoUQx1HvGe IjXpY38NS0uLBGA679cplVAjsAGUm4si_UeuJJmSPVB9_cCB2azFDcEKvZfP cpjyjHmOdauHxZygsqKduJyQ0Xf1uld6iLe6Bru9DPiLQYsvMxMpSrttRygG iHaZNTlCMGJtS88y4WdCP33nrlkRsWMPkD_SZ3g7vOGofj41VXx_K
Received: from [209.131.62.115] by web31807.mail.mud.yahoo.com via HTTP; Tue, 15 May 2012 23:12:01 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.118.349524
References: <CA+tG_hWL4H4jkc0ASw-JQSY-akbQ2myv_m3tRm_pXHd8ghU9HA@mail.gmail.com> <1337097864.46559.YahooMailNeo@web31805.mail.mud.yahoo.com> <CA+tG_hUv9vnVxEq02pGtMGT_UnjLSJZyAxN8rvFjsHgDM-ZgxQ@mail.gmail.com> <1337099057.36064.YahooMailNeo@web31812.mail.mud.yahoo.com> <CA+tG_hU-mCp-RpfJBTbW2db0mWste46PMdtK-5N3ucCPpyq2EA@mail.gmail.com> <C341CDE7-246C-4F09-A754-E6AD57D4F03B@ve7jtb.com> <255B9BB34FB7D647A506DC292726F6E114F2E1B22B@WSMSG3153V.srv.dir.telstra.com>
Message-ID: <1337148721.1745.YahooMailNeo@web31807.mail.mud.yahoo.com>
Date: Tue, 15 May 2012 23:12:01 -0700 (PDT)
From: William Mills <wmills@yahoo-inc.com>
To: "Manger, James H" <James.H.Manger@team.telstra.com>, Sergey Shishkin <sergei.shishkin@gmail.com>, "oauth@ietf.org" <oauth@ietf.org>
In-Reply-To: <255B9BB34FB7D647A506DC292726F6E114F2E1B22B@WSMSG3153V.srv.dir.telstra.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-125733401-2103867556-1337148721=:1745"
Subject: Re: [OAUTH-WG] OAuth Bearer: Response to an unauthenticated request
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills@yahoo-inc.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 May 2012 06:12:08 -0000

---125733401-2103867556-1337148721=:1745
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Yeah, unfortunately the WWW-Authenticate solution advertising an AS has bad=
 (fatal) security problems.=C2=A0 That's the underlying reason/urgency behi=
nd a separate services discovery mechanism.=C2=A0 It's not that we ignored =
WWW-Authenticate, and in fact I'm in process of ripping that mechanism out =
of a draft I'm working on.=0A=0A=0AThis is not hard when the protected reso=
urce or user identifier is in a domain where WebFinger (WF) will work.=C2=
=A0 The problem comes when we have, for example, N email domain names all s=
erved by the same AS, and you have to discover that way.=C2=A0 The solution=
 there may be that you take an indirect path through the MX record (one sug=
gestion), determine the domain from that, and do the WF lookup based on the=
 MX domain.=0A=0AFor arbitrary webservices running on a domain where they c=
an't run their own WF endpoint we don't yet have a solution.=C2=A0 At some =
point the client may well be expected to know somehting about the identity =
it expects to use for a site.=0A=0A=0A-bill=0A=0A=0A=0A=0A>________________=
________________=0A> From: "Manger, James H" <James.H.Manger@team.telstra.c=
om>=0A>To: Sergey Shishkin <sergei.shishkin@gmail.com>; "oauth@ietf.org" <o=
auth@ietf.org> =0A>Sent: Tuesday, May 15, 2012 10:30 PM=0A>Subject: Re: [OA=
UTH-WG] OAuth Bearer: Response to an unauthenticated request=0A> =0A>=0A>Se=
rgey,=0A>=C2=A0=0A>A hypermedia-driven (RESTful) API should be able to use =
OAuth. Unfortunately, OAuth does not have a RESTful design.=0A>=C2=A0=0A>Mo=
st APIs require client apps (not just the user) to be pre-registered with t=
he service. That seems to have made hypermedia-driven design less important=
 =E2=80=94 if a client app has to explicitly register with a service it may=
 as well learn details like the authorization URI at registration time as w=
ell.=0A>=C2=A0=0A>A WWW-Authenticate response header that identifies an aut=
horization server (AS) would be a great hypermedia-driven solution. It tell=
s the client app which AS a service trusts. The client app can then get a t=
oken. Before sending a AS-issued token to the original service the client a=
pp needs to know the AS trusts that service. Unfortunately this detail is m=
issing from OAuth: tokens are issued with no indication of where they can s=
afely be used [http://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.=
1.4].=0A>=C2=A0=0A>--=0A>James Manger=0A>=C2=A0=0A>From:oauth-bounces@ietf.=
org [mailto:oauth-bounces@ietf.org] On Behalf Of John Bradley=0A>Sent: Wedn=
esday, 16 May 2012 3:45 AM=0A>To: Sergey Shishkin=0A>Cc: oauth@ietf.org=0A>=
Subject: Re: [OAUTH-WG] OAuth Bearer: Response to an unauthenticated reques=
t=0A>=C2=A0=0A>The danger is a bad resource, =C2=A0If that can redirect the=
 client to a arbitrary AS to phish the resource owner's credentials that is=
 a bad thing.=0A>=C2=A0=0A>The presumption is that the client knows where t=
he trusted AS for that resource is, and if it needs to discover it that is =
a much bigger issue.=0A>=C2=A0=0A>In the IMAP case the client probably need=
s to do discovery on the identifier itself to figure out where to send the =
user.=0A>=C2=A0=0A>John B.=0A>On 2012-05-15, at 1:18 PM, Sergey Shishkin wr=
ote:=0A>=0A>=0A>=0A>Bill,=0A>=C2=A0=0A>it might be me misreading the Implic=
it Grant Flow, but I understood it like this:=0A>=C2=A0=0A>1. client tries =
to get a resource from server;=0A>2. server redirects client to auth-servic=
e;=0A>3. client authenticates against auth-service (HTTP Basic or whatever)=
;=0A>4. auth-service redirects client back to the resource;=0A>5. client tr=
ies to get the resource providing the token.=0A>=C2=A0=0A>In step 3 the cli=
ent is of course responsible for protecting its password from phishing, so =
auth-service should authenticate itself with a certificate.=0A>=C2=A0=0A>Am=
 I right? If, yes my idea was to use this flow while choosing a standardize=
d token - Bearer. But Bearer insists on 401 instead of redirects and that c=
onfused me.=0A>=C2=A0=0A>Sergey=0A>=C2=A0=0A>On Tue, May 15, 2012 at 6:24 P=
M, William Mills <wmills@yahoo-inc.com> wrote:=0A>You can hard configure it=
 into your client, that's safe.=C2=A0 The problem comes when the client can=
 be sent to an arbitrary, possibly phishing, site to do authentication.=C2=
=A0 If the client supports the password grant then it probably just hands i=
n the username and password without user interaction.=0A>=C2=A0=0A>-bill=0A=
>=C2=A0=0A>>=0A>>________________________________=0A>>=0A>>From:Sergey Shis=
hkin <sergei.shishkin@gmail.com>=0A>>To:William Mills <wmills@yahoo-inc.com=
> =0A>>Cc: "oauth@ietf.org" <oauth@ietf.org> =0A>>Sent: Tuesday, May 15, 20=
12 9:09 AM=0A>>Subject: Re: [OAUTH-WG] OAuth Bearer: Response to an unauthe=
nticated request=0A>>=C2=A0=0A>>In my scenario I control both the resource =
provider and the token issuer and I'm fine with the resource provider knowi=
ng the issuer. So, discovery is not needed. Or do I miss something?=0A>>On =
Tue, May 15, 2012 at 6:04 PM, William Mills <wmills@yahoo-inc.com> wrote:=
=0A>>Yes, what you're running across here is the "discovery" problem.=C2=A0=
 How do you discover the authentication endpoints for a service.=C2=A0 Unfo=
rtunately it turns out returning that as part of the 401 has big security c=
oncerns.=C2=A0 It's still being figured out.=0A>>=C2=A0=0A>>>=0A>>>________=
________________________=0A>>>=0A>>>From:Sergey Shishkin <sergei.shishkin@g=
mail.com>=0A>>>To: oauth@ietf.org =0A>>>Sent: Tuesday, May 15, 2012 5:12 AM=
=0A>>>Subject: [OAUTH-WG] OAuth Bearer: Response to an unauthenticated requ=
est=0A>>>=C2=A0=0A>>>While designing a hypermedia-driven API I'm evaluating=
 possibilities to use OAuth Bearer tokens for claims-based authorization. C=
urrently I struggle with how to communicate to the API client the way to ob=
tain the token. In a hypermedia-driven manner I don't want the API client t=
o get this information out of band, but rather let the client "just follow =
the links".=0A>>>=C2=A0=0A>>>The Bearer draft [http://tools.ietf.org/html/d=
raft-ietf-oauth-v2-bearer-19#section-3] advises to send a 401 response with=
 a WWW-Authenticate challenge specifying optional realm and scope. The prob=
lem here: neither realm nor scope identify the token issuer.=C2=A0=0A>>>=C2=
=A0=0A>>>The OAuth 2.0 draft [http://tools.ietf.org/html/draft-ietf-oauth-v=
2-26#section-4.1.1] suggests to redirect the resource owner to the token is=
suer, IIRC. I like this way from the hypermedia perspective, but still have=
 mixed feelings about missed 401 and WWW-Authenticate challenge.=0A>>>=C2=
=A0=0A>>>Did I missed some part of draft covering my scenario? Are there an=
y known grassroots implementations doing just that on the internet? Any opi=
nion on the subject is very much appreciated.=0A>>>=C2=A0=0A>>>Thanks in ad=
vance,=0A>>>Sergey=0A>>>=C2=A0=0A>>>_______________________________________=
________=0A>>>OAuth mailing list=0A>>>OAuth@ietf.org=0A>>>https://www.ietf.=
org/mailman/listinfo/oauth=0A>>>=0A>>>=0A>>=C2=A0=0A>>=C2=A0=0A>=C2=A0=0A>_=
______________________________________________=0A>OAuth mailing list=0A>OAu=
th@ietf.org=0A>https://www.ietf.org/mailman/listinfo/oauth=0A>=C2=A0=0A>___=
____________________________________________=0A>OAuth mailing list=0A>OAuth=
@ietf.org=0A>https://www.ietf.org/mailman/listinfo/oauth=0A>=0A>=0A>
---125733401-2103867556-1337148721=:1745
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html><body><div style=3D"color:#000; background-color:#fff; font-family:Co=
urier New, courier, monaco, monospace, sans-serif;font-size:14pt"><div><spa=
n>Yeah, unfortunately the WWW-Authenticate solution advertising an AS has b=
ad (fatal) security problems.&nbsp; That's the underlying reason/urgency be=
hind a separate services discovery mechanism.&nbsp; It's not that we ignore=
d WWW-Authenticate, and in fact I'm in process of ripping that mechanism ou=
t of a draft I'm working on.<br></span></div><div><span><br></span></div><d=
iv><span>This is not hard when the protected resource or user identifier is=
 in a domain where WebFinger (WF) will work.&nbsp; The problem comes when w=
e have, for example, N email domain names all served by the same AS, and yo=
u have to discover that way.&nbsp; The solution there may be that you take =
an indirect path through the MX record (one suggestion), determine the doma=
in from that, and do the WF lookup based on the MX
 domain.</span></div><div><br><span></span></div><div><span>For arbitrary w=
ebservices running on a domain where they can't run their own WF endpoint w=
e don't yet have a solution.&nbsp; At some point the client may well be exp=
ected to know somehting about the identity it expects to use for a site.<br=
></span></div><div><br><span></span></div><div><span>-bill<br></span></div>=
<div><br><blockquote style=3D"border-left: 2px solid rgb(16, 16, 255); marg=
in-left: 5px; margin-top: 5px; padding-left: 5px;">  <div style=3D"font-fam=
ily: Courier New, courier, monaco, monospace, sans-serif; font-size: 14pt;"=
> <div style=3D"font-family: times new roman, new york, times, serif; font-=
size: 12pt;"> <div dir=3D"ltr"> <font face=3D"Arial" size=3D"2"> <hr size=
=3D"1">  <b><span style=3D"font-weight:bold;">From:</span></b> "Manger, Jam=
es H" &lt;James.H.Manger@team.telstra.com&gt;<br> <b><span style=3D"font-we=
ight: bold;">To:</span></b> Sergey Shishkin &lt;sergei.shishkin@gmail.com&g=
t;;
 "oauth@ietf.org" &lt;oauth@ietf.org&gt; <br> <b><span style=3D"font-weight=
: bold;">Sent:</span></b> Tuesday, May 15, 2012 10:30 PM<br> <b><span style=
=3D"font-weight: bold;">Subject:</span></b> Re: [OAUTH-WG] OAuth Bearer: Re=
sponse to an unauthenticated request<br> </font> </div> <br>=0A<div id=3D"y=
iv1417943297"><style><!--=0A#yiv1417943297  =0A _filtered #yiv1417943297 {f=
ont-family:"Cambria Math";panose-1:2 4 5 3 5 4 6 3 2 4;}=0A _filtered #yiv1=
417943297 {font-family:Calibri;panose-1:2 15 5 2 2 2 4 3 2 4;}=0A _filtered=
 #yiv1417943297 {font-family:Tahoma;panose-1:2 11 6 4 3 5 4 4 2 4;}=0A#yiv1=
417943297  =0A#yiv1417943297 p.yiv1417943297MsoNormal, #yiv1417943297 li.yi=
v1417943297MsoNormal, #yiv1417943297 div.yiv1417943297MsoNormal=0A=09{margi=
n:0cm;margin-bottom:.0001pt;font-size:12.0pt;font-family:"serif";}=0A#yiv14=
17943297 a:link, #yiv1417943297 span.yiv1417943297MsoHyperlink=0A=09{color:=
blue;text-decoration:underline;}=0A#yiv1417943297 a:visited, #yiv1417943297=
 span.yiv1417943297MsoHyperlinkFollowed=0A=09{color:purple;text-decoration:=
underline;}=0A#yiv1417943297 span.yiv1417943297EmailStyle17=0A=09{font-fami=
ly:"sans-serif";color:#1F497D;}=0A#yiv1417943297 .yiv1417943297MsoChpDefaul=
t=0A=09{font-size:10.0pt;}=0A _filtered #yiv1417943297 {margin:72.0pt 72.0p=
t 72.0pt 72.0pt;}=0A#yiv1417943297 div.yiv1417943297WordSection1=0A=09{}=0A=
--></style><div><div class=3D"yiv1417943297WordSection1"><div class=3D"yiv1=
417943297MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;sans-=
serif&quot;;color:#1F497D;">Sergey,</span></div><div class=3D"yiv1417943297=
MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;sans-serif&quo=
t;;color:#1F497D;"> &nbsp;</span></div><div class=3D"yiv1417943297MsoNormal=
"><span style=3D"font-size:11.0pt;font-family:&quot;sans-serif&quot;;color:=
#1F497D;">A hypermedia-driven (RESTful) API should be able to use OAuth. Un=
fortunately, OAuth does not have a RESTful design.</span></div><div class=
=3D"yiv1417943297MsoNormal"><span style=3D"font-size:11.0pt;font-family:&qu=
ot;sans-serif&quot;;color:#1F497D;"> &nbsp;</span></div><div class=3D"yiv14=
17943297MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;sans-s=
erif&quot;;color:#1F497D;">Most APIs require client apps (not just the user=
) to be pre-registered with the service. That seems to have made hypermedia=
-driven design
 less important =E2=80=94 if a client app has to explicitly register with a=
 service it may as well learn details like the authorization URI at registr=
ation time as well.</span></div><div class=3D"yiv1417943297MsoNormal"><span=
 style=3D"font-size:11.0pt;font-family:&quot;sans-serif&quot;;color:#1F497D=
;"> &nbsp;</span></div><div class=3D"yiv1417943297MsoNormal"><span style=3D=
"font-size:11.0pt;font-family:&quot;sans-serif&quot;;color:#1F497D;">A WWW-=
Authenticate response header that identifies an authorization server (AS) w=
ould be a great hypermedia-driven solution. It tells the client app which A=
S a service trusts. The client app can then get a token. Before sending a A=
S-issued token to the original service the client app needs to know the AS =
trusts that service. Unfortunately this detail is missing from OAuth: token=
s are issued with no indication of where they can safely be used [</span>ht=
tp://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.1.4]<span
 style=3D"font-size:11.0pt;font-family:&quot;sans-serif&quot;;color:#1F497D=
;">.</span></div><div class=3D"yiv1417943297MsoNormal"><span style=3D"font-=
size:11.0pt;font-family:&quot;sans-serif&quot;;color:#1F497D;"> &nbsp;</spa=
n></div><div><div class=3D"yiv1417943297MsoNormal"><span style=3D"font-size=
:11.0pt;font-family:&quot;sans-serif&quot;;color:#1F497D;">--</span></div><=
div class=3D"yiv1417943297MsoNormal"><span style=3D"font-size:11.0pt;font-f=
amily:&quot;sans-serif&quot;;color:#1F497D;">James Manger</span></div></div=
><div class=3D"yiv1417943297MsoNormal"><span style=3D"font-size:11.0pt;font=
-family:&quot;sans-serif&quot;;color:#1F497D;"> &nbsp;</span></div><div><di=
v style=3D"border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm=
 0cm;"><div class=3D"yiv1417943297MsoNormal"><b><span style=3D"font-size:10=
.0pt;font-family:&quot;sans-serif&quot;;" lang=3D"EN-US">From:</span></b><s=
pan style=3D"font-size:10.0pt;font-family:&quot;sans-serif&quot;;" lang=3D"=
EN-US">
 oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] <b>On Behalf Of </b=
>John Bradley<br><b>Sent:</b> Wednesday, 16 May 2012 3:45 AM<br><b>To:</b> =
Sergey Shishkin<br><b>Cc:</b> oauth@ietf.org<br><b>Subject:</b> Re: [OAUTH-=
WG] OAuth Bearer: Response to an unauthenticated request</span></div></div>=
</div><div class=3D"yiv1417943297MsoNormal"> &nbsp;</div><div class=3D"yiv1=
417943297MsoNormal">The danger is a bad resource, &nbsp;If that can redirec=
t the client to a arbitrary AS to phish the resource owner's credentials th=
at is a bad thing.</div><div><div class=3D"yiv1417943297MsoNormal"> &nbsp;<=
/div></div><div><div class=3D"yiv1417943297MsoNormal">The presumption is th=
at the client knows where the trusted AS for that resource is, and if it ne=
eds to discover it that is a much bigger issue.</div></div><div><div class=
=3D"yiv1417943297MsoNormal"> &nbsp;</div></div><div><div class=3D"yiv141794=
3297MsoNormal">In the IMAP case the client probably needs to do discovery o=
n the
 identifier itself to figure out where to send the user.</div></div><div><d=
iv class=3D"yiv1417943297MsoNormal"> &nbsp;</div></div><div><div class=3D"y=
iv1417943297MsoNormal">John B.</div><div><div><div class=3D"yiv1417943297Ms=
oNormal">On 2012-05-15, at 1:18 PM, Sergey Shishkin wrote:</div></div><div =
class=3D"yiv1417943297MsoNormal"><br><br></div><div class=3D"yiv1417943297M=
soNormal">Bill,</div><div><div class=3D"yiv1417943297MsoNormal"> &nbsp;</di=
v></div><div><div class=3D"yiv1417943297MsoNormal">it might be me misreadin=
g the Implicit Grant Flow, but I understood it like this:</div></div><div><=
div class=3D"yiv1417943297MsoNormal"> &nbsp;</div></div><div><div class=3D"=
yiv1417943297MsoNormal">1. client tries to get a resource from server;</div=
></div><div><div class=3D"yiv1417943297MsoNormal">2. server redirects clien=
t to auth-service;</div></div><div><div class=3D"yiv1417943297MsoNormal">3.=
 client authenticates against auth-service (HTTP Basic or whatever);</div><=
/div><div><div
 class=3D"yiv1417943297MsoNormal">4. auth-service redirects client back to =
the resource;</div></div><div><div class=3D"yiv1417943297MsoNormal">5. clie=
nt tries to get the resource providing the token.</div></div><div><div clas=
s=3D"yiv1417943297MsoNormal"> &nbsp;</div></div><div><div class=3D"yiv14179=
43297MsoNormal">In step 3 the client is of course responsible for protectin=
g its password from phishing, so auth-service should authenticate itself wi=
th a certificate.</div></div><div><div class=3D"yiv1417943297MsoNormal"> &n=
bsp;</div></div><div><div class=3D"yiv1417943297MsoNormal">Am I right? If, =
yes my idea was to use this flow while choosing a standardized token - Bear=
er. But Bearer insists on 401 instead of redirects and that confused me.</d=
iv></div><div><div class=3D"yiv1417943297MsoNormal"> &nbsp;</div></div><div=
><div class=3D"yiv1417943297MsoNormal">Sergey</div></div><div><div class=3D=
"yiv1417943297MsoNormal"> &nbsp;</div><div><div class=3D"yiv1417943297MsoNo=
rmal">On Tue,
 May 15, 2012 at 6:24 PM, William Mills &lt;<a rel=3D"nofollow" ymailto=3D"=
mailto:wmills@yahoo-inc.com" target=3D"_blank" href=3D"mailto:wmills@yahoo-=
inc.com">wmills@yahoo-inc.com</a>&gt; wrote:</div><div><div><div><div class=
=3D"yiv1417943297MsoNormal"><span style=3D"font-size:14.0pt;font-family:&qu=
ot;Courier New&quot;;">You can hard configure it into your client, that's s=
afe.&nbsp; The problem comes when the client can be sent to an arbitrary, p=
ossibly phishing, site to do authentication.&nbsp; If the client supports t=
he password grant then it probably just hands in the username and password =
without user interaction.</span></div></div><div><div class=3D"yiv141794329=
7MsoNormal"><span style=3D"font-size:14.0pt;font-family:&quot;Courier New&q=
uot;;"> &nbsp;</span></div></div><div><div class=3D"yiv1417943297MsoNormal"=
><span style=3D"font-size:14.0pt;font-family:&quot;Courier New&quot;;">-bil=
l</span></div></div><div><blockquote style=3D"border:none;border-left:solid=
 #1010FF
 1.5pt;padding:0cm 0cm 0cm 4.0pt;margin-left:3.75pt;margin-top:3.75pt;margi=
n-bottom:5.0pt;"><div class=3D"yiv1417943297MsoNormal"><span style=3D"font-=
size:14.0pt;font-family:&quot;Courier New&quot;;"> &nbsp;</span></div><div>=
<div><div><div><div class=3D"yiv1417943297MsoNormal" style=3D"text-align:ce=
nter;" align=3D"center"><span style=3D"font-family:&quot;sans-serif&quot;;"=
><hr align=3D"center" size=3D"1" width=3D"100%"></span></div><div class=3D"=
yiv1417943297MsoNormal"><b><span style=3D"font-family:&quot;sans-serif&quot=
;;">From:</span></b><span style=3D"font-family:&quot;sans-serif&quot;;"> Se=
rgey Shishkin &lt;<a rel=3D"nofollow" ymailto=3D"mailto:sergei.shishkin@gma=
il.com" target=3D"_blank" href=3D"mailto:sergei.shishkin@gmail.com">sergei.=
shishkin@gmail.com</a>&gt;</span></div></div><div class=3D"yiv1417943297Mso=
Normal"><b><span style=3D"font-family:&quot;sans-serif&quot;;">To:</span></=
b><span style=3D"font-family:&quot;sans-serif&quot;;"> William Mills &lt;<a=
 rel=3D"nofollow"
 ymailto=3D"mailto:wmills@yahoo-inc.com" target=3D"_blank" href=3D"mailto:w=
mills@yahoo-inc.com">wmills@yahoo-inc.com</a>&gt; <br><b>Cc:</b> "<a rel=3D=
"nofollow" ymailto=3D"mailto:oauth@ietf.org" target=3D"_blank" href=3D"mail=
to:oauth@ietf.org">oauth@ietf.org</a>" &lt;<a rel=3D"nofollow" ymailto=3D"m=
ailto:oauth@ietf.org" target=3D"_blank" href=3D"mailto:oauth@ietf.org">oaut=
h@ietf.org</a>&gt; <br><b>Sent:</b> Tuesday, May 15, 2012 9:09 AM<br><b>Sub=
ject:</b> Re: [OAUTH-WG] OAuth Bearer: Response to an unauthenticated reque=
st</span></div></div><div><div><div class=3D"yiv1417943297MsoNormal"> &nbsp=
;</div><div><div class=3D"yiv1417943297MsoNormal" style=3D"margin-bottom:12=
.0pt;">In my scenario I control both the resource provider and the token is=
suer and I'm fine with the resource provider knowing the issuer. So, discov=
ery is not needed. Or do I miss something?</div><div><div class=3D"yiv14179=
43297MsoNormal">On Tue, May 15, 2012 at 6:04 PM, William Mills &lt;<a rel=
=3D"nofollow"
 ymailto=3D"mailto:wmills@yahoo-inc.com" target=3D"_blank" href=3D"mailto:w=
mills@yahoo-inc.com">wmills@yahoo-inc.com</a>&gt; wrote:</div><div><div><di=
v><div class=3D"yiv1417943297MsoNormal"><span style=3D"font-size:14.0pt;fon=
t-family:&quot;Courier New&quot;;">Yes, what you're running across here is =
the "discovery" problem.&nbsp; How do you discover the authentication endpo=
ints for a service.&nbsp; Unfortunately it turns out returning that as part=
 of the 401 has big security concerns.&nbsp; It's still being figured out.<=
/span></div></div><div><blockquote style=3D"border:none;border-left:solid #=
1010FF 1.5pt;padding:0cm 0cm 0cm 4.0pt;margin-left:3.75pt;margin-top:3.75pt=
;margin-bottom:5.0pt;"><div class=3D"yiv1417943297MsoNormal"><span style=3D=
"font-size:14.0pt;font-family:&quot;Courier New&quot;;"> &nbsp;</span></div=
><div><div><div><div class=3D"yiv1417943297MsoNormal" style=3D"text-align:c=
enter;" align=3D"center"><span style=3D"font-family:&quot;sans-serif&quot;;=
"><hr
 align=3D"center" size=3D"1" width=3D"100%"></span></div><div class=3D"yiv1=
417943297MsoNormal"><b><span style=3D"font-family:&quot;sans-serif&quot;;">=
From:</span></b><span style=3D"font-family:&quot;sans-serif&quot;;"> Sergey=
 Shishkin &lt;<a rel=3D"nofollow" ymailto=3D"mailto:sergei.shishkin@gmail.c=
om" target=3D"_blank" href=3D"mailto:sergei.shishkin@gmail.com">sergei.shis=
hkin@gmail.com</a>&gt;<br><b>To:</b> <a rel=3D"nofollow" ymailto=3D"mailto:=
oauth@ietf.org" target=3D"_blank" href=3D"mailto:oauth@ietf.org">oauth@ietf=
.org</a> <br><b>Sent:</b> Tuesday, May 15, 2012 5:12 AM<br><b>Subject:</b> =
[OAUTH-WG] OAuth Bearer: Response to an unauthenticated request</span></div=
></div><div><div><div class=3D"yiv1417943297MsoNormal"> &nbsp;</div><div><d=
iv><div class=3D"yiv1417943297MsoNormal">While designing a hypermedia-drive=
n API I'm evaluating possibilities to use OAuth Bearer tokens for claims-ba=
sed authorization. Currently I struggle with how to communicate to the API =
client the way to obtain
 the token. In a hypermedia-driven manner I don't want the API client to ge=
t this information out of band, but rather let the client "just follow the =
links".</div></div><div><div class=3D"yiv1417943297MsoNormal"> &nbsp;</div>=
</div><div class=3D"yiv1417943297MsoNormal">The Bearer draft [<a rel=3D"nof=
ollow" target=3D"_blank" href=3D"http://tools.ietf.org/html/draft-ietf-oaut=
h-v2-bearer-19#section-3">http://tools.ietf.org/html/draft-ietf-oauth-v2-be=
arer-19#section-3</a>] advises to send a 401 response with a WWW-Authentica=
te challenge specifying optional realm and scope. The problem here: neither=
 realm nor scope identify the token issuer.&nbsp;</div><div><div class=3D"y=
iv1417943297MsoNormal"> &nbsp;</div></div><div><div class=3D"yiv1417943297M=
soNormal">The OAuth 2.0 draft [<a rel=3D"nofollow" target=3D"_blank" href=
=3D"http://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.1.1">http:/=
/tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.1.1</a>] suggests to =
redirect the
 resource owner to the token issuer, IIRC. I like this way from the hyperme=
dia perspective, but still have mixed feelings about missed 401 and WWW-Aut=
henticate challenge.</div></div><div><div class=3D"yiv1417943297MsoNormal">=
 &nbsp;</div></div><div><div class=3D"yiv1417943297MsoNormal">Did I missed =
some part of draft covering my scenario? Are there any known grassroots imp=
lementations doing just that on the internet? Any opinion on the subject is=
 very much appreciated.</div></div><div><div class=3D"yiv1417943297MsoNorma=
l"> &nbsp;</div></div><div><div class=3D"yiv1417943297MsoNormal">Thanks in =
advance,</div></div><div><div class=3D"yiv1417943297MsoNormal">Sergey</div>=
</div></div><div class=3D"yiv1417943297MsoNormal"> &nbsp;</div></div></div>=
<div><div class=3D"yiv1417943297MsoNormal" style=3D"margin-bottom:12.0pt;">=
_______________________________________________<br>OAuth mailing list<br><a=
 rel=3D"nofollow" ymailto=3D"mailto:OAuth@ietf.org" target=3D"_blank"
 href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br><a rel=3D"nofollow" t=
arget=3D"_blank" href=3D"https://www.ietf.org/mailman/listinfo/oauth">https=
://www.ietf.org/mailman/listinfo/oauth</a><br><br></div></div></div></div><=
/blockquote></div></div></div></div><div class=3D"yiv1417943297MsoNormal"> =
&nbsp;</div></div><div class=3D"yiv1417943297MsoNormal" style=3D"margin-bot=
tom:12.0pt;"> &nbsp;</div></div></div></div></div></blockquote></div></div>=
</div></div><div class=3D"yiv1417943297MsoNormal"> &nbsp;</div></div><div c=
lass=3D"yiv1417943297MsoNormal">___________________________________________=
____<br>OAuth mailing list<br><a rel=3D"nofollow" ymailto=3D"mailto:OAuth@i=
etf.org" target=3D"_blank" href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a=
><br>https://www.ietf.org/mailman/listinfo/oauth</div></div><div class=3D"y=
iv1417943297MsoNormal"> &nbsp;</div></div></div></div></div><br>___________=
____________________________________<br>OAuth mailing list<br><a ymailto=3D=
"mailto:OAuth@ietf.org"
 href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br><a href=3D"https://ww=
w.ietf.org/mailman/listinfo/oauth" target=3D"_blank">https://www.ietf.org/m=
ailman/listinfo/oauth</a><br><br><br> </div> </div> </blockquote></div>   <=
/div></body></html>
---125733401-2103867556-1337148721=:1745--

From James.H.Manger@team.telstra.com  Wed May 16 05:55:26 2012
Return-Path: <James.H.Manger@team.telstra.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C44621F8628 for <oauth@ietfa.amsl.com>; Wed, 16 May 2012 05:55:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.789
X-Spam-Level: 
X-Spam-Status: No, score=-0.789 tagged_above=-999 required=5 tests=[AWL=0.112,  BAYES_00=-2.599, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, RELAY_IS_203=0.994]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kv4xZwT7RR-j for <oauth@ietfa.amsl.com>; Wed, 16 May 2012 05:55:25 -0700 (PDT)
Received: from ipxcno.tcif.telstra.com.au (ipxcno.tcif.telstra.com.au [203.35.82.208]) by ietfa.amsl.com (Postfix) with ESMTP id 68E3321F8535 for <oauth@ietf.org>; Wed, 16 May 2012 05:55:24 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.75,603,1330866000"; d="scan'208";a="73342799"
Received: from unknown (HELO ipcbni.tcif.telstra.com.au) ([10.97.216.204]) by ipocni.tcif.telstra.com.au with ESMTP; 16 May 2012 22:55:23 +1000
X-IronPort-AV: E=McAfee;i="5400,1158,6712"; a="63160652"
Received: from wsmsg3757.srv.dir.telstra.com ([172.49.40.85]) by ipcbni.tcif.telstra.com.au with ESMTP; 16 May 2012 22:55:23 +1000
Received: from WSMSG3153V.srv.dir.telstra.com ([172.49.40.159]) by wsmsg3757.srv.dir.telstra.com ([172.49.40.85]) with mapi; Wed, 16 May 2012 22:55:22 +1000
From: "Manger, James H" <James.H.Manger@team.telstra.com>
To: William Mills <wmills@yahoo-inc.com>, "oauth@ietf.org" <oauth@ietf.org>
Date: Wed, 16 May 2012 22:55:21 +1000
Thread-Topic: [OAUTH-WG] OAuth Bearer: Response to an unauthenticated request
Thread-Index: Ac0zKtIw4wIZtmoXSTaM4wM2bRbEyQAM0Z2Q
Message-ID: <255B9BB34FB7D647A506DC292726F6E114F2E1B5CA@WSMSG3153V.srv.dir.telstra.com>
References: <CA+tG_hWL4H4jkc0ASw-JQSY-akbQ2myv_m3tRm_pXHd8ghU9HA@mail.gmail.com> <1337097864.46559.YahooMailNeo@web31805.mail.mud.yahoo.com> <CA+tG_hUv9vnVxEq02pGtMGT_UnjLSJZyAxN8rvFjsHgDM-ZgxQ@mail.gmail.com> <1337099057.36064.YahooMailNeo@web31812.mail.mud.yahoo.com> <CA+tG_hU-mCp-RpfJBTbW2db0mWste46PMdtK-5N3ucCPpyq2EA@mail.gmail.com> <C341CDE7-246C-4F09-A754-E6AD57D4F03B@ve7jtb.com> <255B9BB34FB7D647A506DC292726F6E114F2E1B22B@WSMSG3153V.srv.dir.telstra.com> <1337148721.1745.YahooMailNeo@web31807.mail.mud.yahoo.com>
In-Reply-To: <1337148721.1745.YahooMailNeo@web31807.mail.mud.yahoo.com>
Accept-Language: en-US, en-AU
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US, en-AU
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] OAuth Bearer: Response to an unauthenticated request
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 May 2012 12:55:26 -0000

QmlsbCwNCg0KPj4gQSBXV1ctQXV0aGVudGljYXRlIHJlc3BvbnNlIGhlYWRlciB0aGF0IGlkZW50
aWZpZXMgYW4gYXV0aG9yaXphdGlvbg0KPj4gc2VydmVyIChBUykgd291bGQgYmUgYSBncmVhdCBo
eXBlcm1lZGlhLWRyaXZlbiBzb2x1dGlvbi4NCj4+IEl0IHRlbGxzIHRoZSBjbGllbnQgYXBwIHdo
aWNoIEFTIGEgc2VydmljZSB0cnVzdHMuDQo+PiBUaGUgY2xpZW50IGFwcCBjYW4gdGhlbiBnZXQg
YSB0b2tlbi4gLi4uDQoNCj4gWWVhaCwgdW5mb3J0dW5hdGVseSB0aGUgV1dXLUF1dGhlbnRpY2F0
ZSBzb2x1dGlvbiBhZHZlcnRpc2luZyBhbiBBUw0KPiBoYXMgYmFkIChmYXRhbCkgc2VjdXJpdHkg
cHJvYmxlbXMuDQoNCklzIHBoaXNoaW5nIHRoZSBmYXRhbCBzZWN1cml0eSBwcm9ibGVtPw0KSXQg
ZG9lc24ndCBzb3VuZCBxdWl0ZSBsaWtlICJub3JtYWwiIHBoaXNoaW5nLg0KQXJlIHRoZXJlIHN0
aWxsIGZhdGFsIHByb2JsZW1zIGlmIHBoaXNoaW5nLXJlc2lzdGFudA0KdXNlciBhdXRoZW50aWNh
dGlvbiBtZWNoYW5pc21zIGFyZSB1c2VkPw0KDQpJIHdvdWxkIHJlYWxseSBhcHByZWNpYXRlIGFu
eSBmdXJ0aGVyIGV4cGxhbmF0aW9uDQoob3IgcG9pbnRlcnMgdG8gZXhwbGFuYXRpb25zKS4NCg0K
PiBUaGF0J3MgdGhlIHVuZGVybHlpbmcgcmVhc29uL3VyZ2VuY3kgYmVoaW5kIGEgc2VwYXJhdGUg
c2VydmljZXMNCj4gZGlzY292ZXJ5IG1lY2hhbmlzbS7CoCBJdCdzIG5vdCB0aGF0IHdlIGlnbm9y
ZWQgV1dXLUF1dGhlbnRpY2F0ZSwNCj4gYW5kIGluIGZhY3QgSSdtIGluIHByb2Nlc3Mgb2Ygcmlw
cGluZyB0aGF0IG1lY2hhbmlzbSBvdXQgb2YgYQ0KPiBkcmFmdCBJJ20gd29ya2luZyBvbi4NCj4N
Cj4gVGhpcyBpcyBub3QgaGFyZCB3aGVuIHRoZSBwcm90ZWN0ZWQgcmVzb3VyY2Ugb3IgdXNlciBp
ZGVudGlmaWVyDQo+IGlzIGluIGEgZG9tYWluIHdoZXJlIFdlYkZpbmdlciAoV0YpIHdpbGwgd29y
ay4NCg0KSXMgdGhpcyBiZWNhdXNlIHdlIGFzc3VtZSBhIGRvbWFpbiBjb250cm9scyBpdHMgd2Vi
ZmluZ2VyIFVSSSwNCmJ1dCB3ZSBkb24ndCB3YW50IHRvIGFzc3VtZSBhIGRvbWFpbiBjb250cm9s
cyBhbGwgaXRzIG90aGVyIFVSSXMNCihwZXJoYXBzIGJlY2F1c2Ugc29tZSB3aWxsIHNlcnZlIHVz
ZXItZ2VuZXJhdGVkIGNvbnRlbnQpPw0KDQo+IFRoZSBwcm9ibGVtIGNvbWVzIHdoZW4gd2UgaGF2
ZSwgZm9yIGV4YW1wbGUsIE4gZW1haWwgZG9tYWluIG5hbWVzDQo+IGFsbCBzZXJ2ZWQgYnkgdGhl
IHNhbWUgQVMsIGFuZCB5b3UgaGF2ZSB0byBkaXNjb3ZlciB0aGF0IHdheS4NCj4gVGhlIHNvbHV0
aW9uIHRoZXJlIG1heSBiZSB0aGF0IHlvdSB0YWtlIGFuIGluZGlyZWN0IHBhdGggdGhyb3VnaA0K
PiB0aGUgTVggcmVjb3JkIChvbmUgc3VnZ2VzdGlvbiksIGRldGVybWluZSB0aGUgZG9tYWluIGZy
b20gdGhhdCwNCj4gYW5kIGRvIHRoZSBXRiBsb29rdXAgYmFzZWQgb24gdGhlIE1YIGRvbWFpbi4N
Cg0KVGhpcyBkb2Vzbid0IHNvdW5kIGxpa2UgU2VyZ2V54oCZcyBzaXR1YXRpb24gd2hlcmUgdGhl
IGNsaWVudCBhcHANCmhhcyBtYWRlIGEgd2ViIHJlcXVlc3QgLS0gc28gaXQga25vd3MgdGhlIFVS
SSBpdCB3YW50cy4NCg0KPiBGb3IgYXJiaXRyYXJ5IHdlYnNlcnZpY2VzIHJ1bm5pbmcgb24gYSBk
b21haW4gd2hlcmUgdGhleSBjYW4ndA0KPiBydW4gdGhlaXIgb3duIFdGIGVuZHBvaW50IHdlIGRv
bid0IHlldCBoYXZlIGEgc29sdXRpb24uDQo+IEF0IHNvbWUgcG9pbnQgdGhlIGNsaWVudCBtYXkg
d2VsbCBiZSBleHBlY3RlZCB0byBrbm93IHNvbWV0aGluZw0KPiBhYm91dCB0aGUgaWRlbnRpdHkg
aXQgZXhwZWN0cyB0byB1c2UgZm9yIGEgc2l0ZS4NCg0KQ291bGQgeW91IGNsYXJpZnkgInRoZSBp
ZGVudGl0eSBpdCBleHBlY3RzIHRvIHVzZSBmb3IgYSBzaXRlIj8NCkknbSBub3Qgc3VyZSBpZiB0
aGlzIGlzIHRhbGtpbmcgYWJvdXQgdGhlIHVzZXIncyBpZGVudGl0eSwgdGhlDQpjbGllbnQgYXBw
J3MgaWRlbnRpdHkgb3IgdGhlIHNpdGUncyBpZGVudGl0eS4NCg0KLS0NCkphbWVzIE1hbmdlcg0K
DQo=

From wmills@yahoo-inc.com  Wed May 16 07:29:16 2012
Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AEF4421F8510 for <oauth@ietfa.amsl.com>; Wed, 16 May 2012 07:29:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.191
X-Spam-Level: 
X-Spam-Status: No, score=-17.191 tagged_above=-999 required=5 tests=[AWL=0.407, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yza4POUChnyE for <oauth@ietfa.amsl.com>; Wed, 16 May 2012 07:29:15 -0700 (PDT)
Received: from nm20.bullet.mail.sp2.yahoo.com (nm20.bullet.mail.sp2.yahoo.com [98.139.91.90]) by ietfa.amsl.com (Postfix) with SMTP id 4D84F21F8505 for <oauth@ietf.org>; Wed, 16 May 2012 07:29:15 -0700 (PDT)
Received: from [98.139.91.63] by nm20.bullet.mail.sp2.yahoo.com with NNFMP; 16 May 2012 14:29:11 -0000
Received: from [98.139.91.30] by tm3.bullet.mail.sp2.yahoo.com with NNFMP; 16 May 2012 14:29:11 -0000
Received: from [127.0.0.1] by omp1030.mail.sp2.yahoo.com with NNFMP; 16 May 2012 14:29:11 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 723400.75691.bm@omp1030.mail.sp2.yahoo.com
Received: (qmail 34802 invoked by uid 60001); 16 May 2012 14:29:11 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1337178551; bh=9c7cdXiUA6VUfrDiBUStNWYfUaaeaBcxlte2FMWCZto=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=btLSQII/hbVP8gSRMPMLu0O26UotlMEU99It7jzQXAo5e+rRFoop3G1InV4vp41wOW/lYnTkg7X2eFMceUBvO7IPb/LHWythRqNw0Ek3Q9X0ho15pmuCUMqPk6OgUOvC8f4qBwTFWxgs0B63962A6D0WGkySPy7tEgOgNgohO4I=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=ie7yCGiuCZjeHN3eY9q6kEHNPCWTp0bdFIO9xCEiKvKTCExAr4Y9exHZi/JNsE/+aeeVErh+fG205CEUoKlHGCL+VfMzvHCdw+RA/t+Z042HK/kMz5ABBgsI47/3Ku9iCmJDz3f2BhSz0p/WZMiVz/wtYvjU8F+oW+iu+kjMbSg=;
X-YMail-OSG: EH2mtZMVM1lyFTlzIhnc1uQf1XQmR7QRnJ0F4bcikerVr_S jHSz2lbvdHE8qyvIXjNbEqoZ4akGAzoi6g3UqeZXnVPWTKjyfn_TGONqK6y4 9LJ0vY.dUK9srUBNAzqabN6Hr4P5l6ZCEvOsSzqHyHXcXVFJxwmTd7azQv1V 2trWqauvKpml2YvvpqBGmA4hOl7dBE3gAJ5.LIgd7x_tnVvw3ccBedHx.oLK 09u5nfc5fV_mN13N9TQGiZqVs9a7VsgJGSeW9xSHy92_ZQMynrGwHuqrEx7M b4osIAZMl1ZhdsL4e3BI8_qboCSeIRSYKGB4nXwqzHj2DPJhdhB0FgCqI1Oo pJYZYGVVCSsoGYy_O_6jtyL4.monz7r0.UpZWcxgMl6CxGGWjAuIVqCuOay8 gHUB6mjW5r9DMaVYSEIC7hwnBEcuKvJNaJF6Nq2t3wHJfIlf0SQ--
Received: from [209.131.62.115] by web31812.mail.mud.yahoo.com via HTTP; Wed, 16 May 2012 07:29:11 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.118.349524
References: <CA+tG_hWL4H4jkc0ASw-JQSY-akbQ2myv_m3tRm_pXHd8ghU9HA@mail.gmail.com> <1337097864.46559.YahooMailNeo@web31805.mail.mud.yahoo.com> <CA+tG_hUv9vnVxEq02pGtMGT_UnjLSJZyAxN8rvFjsHgDM-ZgxQ@mail.gmail.com> <1337099057.36064.YahooMailNeo@web31812.mail.mud.yahoo.com> <CA+tG_hU-mCp-RpfJBTbW2db0mWste46PMdtK-5N3ucCPpyq2EA@mail.gmail.com> <C341CDE7-246C-4F09-A754-E6AD57D4F03B@ve7jtb.com> <255B9BB34FB7D647A506DC292726F6E114F2E1B22B@WSMSG3153V.srv.dir.telstra.com> <1337148721.1745.YahooMailNeo@web31807.mail.mud.yahoo.com> <255B9BB34FB7D647A506DC292726F6E114F2E1B5CA@WSMSG3153V.srv.dir.telstra.com>
Message-ID: <1337178551.57685.YahooMailNeo@web31812.mail.mud.yahoo.com>
Date: Wed, 16 May 2012 07:29:11 -0700 (PDT)
From: William Mills <wmills@yahoo-inc.com>
To: "Manger, James H" <James.H.Manger@team.telstra.com>, "oauth@ietf.org" <oauth@ietf.org>
In-Reply-To: <255B9BB34FB7D647A506DC292726F6E114F2E1B5CA@WSMSG3153V.srv.dir.telstra.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="1458549034-633822540-1337178551=:57685"
Subject: Re: [OAUTH-WG] OAuth Bearer: Response to an unauthenticated request
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills@yahoo-inc.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 May 2012 14:29:16 -0000

--1458549034-633822540-1337178551=:57685
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

The problem is the password grant.=C2=A0 Clients that support it would pote=
ntially deliver the username and password without asking the user, or by pr=
ompting in the UI itself and not through a web interaction with the AS.=0A=
=0A=0A=0A=0A>________________________________=0A> From: "Manger, James H" <=
James.H.Manger@team.telstra.com>=0A>To: William Mills <wmills@yahoo-inc.com=
>; "oauth@ietf.org" <oauth@ietf.org> =0A>Sent: Wednesday, May 16, 2012 5:55=
 AM=0A>Subject: RE: [OAUTH-WG] OAuth Bearer: Response to an unauthenticated=
 request=0A> =0A>Bill,=0A>=0A>>> A WWW-Authenticate response header that id=
entifies an authorization=0A>>> server (AS) would be a great hypermedia-dri=
ven solution.=0A>>> It tells the client app which AS a service trusts.=0A>>=
> The client app can then get a token. ...=0A>=0A>> Yeah, unfortunately the=
 WWW-Authenticate solution advertising an AS=0A>> has bad (fatal) security =
problems.=0A>=0A>Is phishing the fatal security problem?=0A>It doesn't soun=
d quite like "normal" phishing.=0A>Are there still fatal problems if phishi=
ng-resistant=0A>user authentication mechanisms are used?=0A>=0A>I would rea=
lly appreciate any further explanation=0A>(or pointers to explanations).=0A=
>=0A>> That's the underlying reason/urgency behind a separate services=0A>>=
 discovery mechanism.=C2=A0 It's not that we ignored WWW-Authenticate,=0A>>=
 and in fact I'm in process of ripping that mechanism out of a=0A>> draft I=
'm working on.=0A>>=0A>> This is not hard when the protected resource or us=
er identifier=0A>> is in a domain where WebFinger (WF) will work.=0A>=0A>Is=
 this because we assume a domain controls its webfinger URI,=0A>but we don'=
t want to assume a domain controls all its other URIs=0A>(perhaps because s=
ome will serve user-generated content)?=0A>=0A>> The problem comes when we =
have, for example, N email domain names=0A>> all served by the same AS, and=
 you have to discover that way.=0A>> The solution there may be that you tak=
e an indirect path through=0A>> the MX record (one suggestion), determine t=
he domain from that,=0A>> and do the WF lookup based on the MX domain.=0A>=
=0A>This doesn't sound like Sergey=E2=80=99s situation where the client app=
=0A>has made a web request -- so it knows the URI it wants.=0A>=0A>> For ar=
bitrary webservices running on a domain where they can't=0A>> run their own=
 WF endpoint we don't yet have a solution.=0A>> At some point the client ma=
y well be expected to know something=0A>> about the identity it expects to =
use for a site.=0A>=0A>Could you clarify "the identity it expects to use fo=
r a site"?=0A>I'm not sure if this is talking about the user's identity, th=
e=0A>client app's identity or the site's identity.=0A>=0A>--=0A>James Mange=
r=0A>=0A>=0A>=0A>
--1458549034-633822540-1337178551=:57685
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html><body><div style=3D"color:#000; background-color:#fff; font-family:Co=
urier New, courier, monaco, monospace, sans-serif;font-size:14pt"><div><spa=
n>The problem is the password grant.&nbsp; Clients that support it would po=
tentially deliver the username and password without asking the user, or by =
prompting in the UI itself and not through a web interaction with the AS.<b=
r></span></div><div><br><blockquote style=3D"border-left: 2px solid rgb(16,=
 16, 255); margin-left: 5px; margin-top: 5px; padding-left: 5px;">  <div st=
yle=3D"font-family: Courier New, courier, monaco, monospace, sans-serif; fo=
nt-size: 14pt;"> <div style=3D"font-family: times new roman, new york, time=
s, serif; font-size: 12pt;"> <div dir=3D"ltr"> <font face=3D"Arial" size=3D=
"2"> <hr size=3D"1">  <b><span style=3D"font-weight:bold;">From:</span></b>=
 "Manger, James H" &lt;James.H.Manger@team.telstra.com&gt;<br> <b><span sty=
le=3D"font-weight: bold;">To:</span></b> William Mills &lt;wmills@yahoo-inc=
.com&gt;;
 "oauth@ietf.org" &lt;oauth@ietf.org&gt; <br> <b><span style=3D"font-weight=
: bold;">Sent:</span></b> Wednesday, May 16, 2012 5:55 AM<br> <b><span styl=
e=3D"font-weight: bold;">Subject:</span></b> RE: [OAUTH-WG] OAuth Bearer: R=
esponse to an unauthenticated request<br> </font> </div> <br>=0ABill,<br><b=
r>&gt;&gt; A WWW-Authenticate response header that identifies an authorizat=
ion<br>&gt;&gt; server (AS) would be a great hypermedia-driven solution.<br=
>&gt;&gt; It tells the client app which AS a service trusts.<br>&gt;&gt; Th=
e client app can then get a token. ...<br><br>&gt; Yeah, unfortunately the =
WWW-Authenticate solution advertising an AS<br>&gt; has bad (fatal) securit=
y problems.<br><br>Is phishing the fatal security problem?<br>It doesn't so=
und quite like "normal" phishing.<br>Are there still fatal problems if phis=
hing-resistant<br>user authentication mechanisms are used?<br><br>I would r=
eally appreciate any further explanation<br>(or pointers to explanations).<=
br><br>&gt; That's the underlying reason/urgency behind a separate services=
<br>&gt; discovery mechanism.&nbsp; It's not that we ignored WWW-Authentica=
te,<br>&gt; and in fact I'm in process of ripping that mechanism out of a<b=
r>&gt; draft I'm working on.<br>&gt;<br>&gt; This is not
 hard when the protected resource or user identifier<br>&gt; is in a domain=
 where WebFinger (WF) will work.<br><br>Is this because we assume a domain =
controls its webfinger URI,<br>but we don't want to assume a domain control=
s all its other URIs<br>(perhaps because some will serve user-generated con=
tent)?<br><br>&gt; The problem comes when we have, for example, N email dom=
ain names<br>&gt; all served by the same AS, and you have to discover that =
way.<br>&gt; The solution there may be that you take an indirect path throu=
gh<br>&gt; the MX record (one suggestion), determine the domain from that,<=
br>&gt; and do the WF lookup based on the MX domain.<br><br>This doesn't so=
und like Sergey=E2=80=99s situation where the client app<br>has made a web =
request -- so it knows the URI it wants.<br><br>&gt; For arbitrary webservi=
ces running on a domain where they can't<br>&gt; run their own WF endpoint =
we don't yet have a solution.<br>&gt; At some point the client may well be
 expected to know something<br>&gt; about the identity it expects to use fo=
r a site.<br><br>Could you clarify "the identity it expects to use for a si=
te"?<br>I'm not sure if this is talking about the user's identity, the<br>c=
lient app's identity or the site's identity.<br><br>--<br>James Manger<br><=
br><br><br> </div> </div> </blockquote></div>   </div></body></html>
--1458549034-633822540-1337178551=:57685--

From lear@cisco.com  Wed May 16 08:42:53 2012
Return-Path: <lear@cisco.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70BB021F84FA for <oauth@ietfa.amsl.com>; Wed, 16 May 2012 08:42:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.368
X-Spam-Level: 
X-Spam-Status: No, score=-110.368 tagged_above=-999 required=5 tests=[AWL=0.231, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KthepB7JirI3 for <oauth@ietfa.amsl.com>; Wed, 16 May 2012 08:42:52 -0700 (PDT)
Received: from ams-iport-2.cisco.com (ams-iport-2.cisco.com [144.254.224.141]) by ietfa.amsl.com (Postfix) with ESMTP id 2E86621F8622 for <oauth@ietf.org>; Wed, 16 May 2012 08:42:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=lear@cisco.com; l=4867; q=dns/txt; s=iport; t=1337182972; x=1338392572; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=EBstog1kyZ+YHOUEWD/LzTwXo1mMenL78iTlmzKqOUY=; b=A46q6ICDkBGbPmtWf+esLgGDDclPPByeNlRU/j5a15GNLwlzj7nKcPYQ y9K112zMn5mF6Gtz2B8R6YGF06cVeUQJ6zpB/urAv5DSHs+J/AjSL2sNN 0OYsAeli1DjwkWs6AYm4qzJAwK1jNLlCBE4U66/bBhvQ/RFakaOPiW2q0 I=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgEFAE/Js0+Q/khN/2dsb2JhbABEhXyuD4EHghUBAQEEAQEBDwEQSwoBDAQLEQQBAQECAgUWCAMCAgkDAgECARUfCQgGDQEFAgEBHodeAwsLmxyNFZJ2BIEmiH5vhECBFQOVeo5XgWmCaw
X-IronPort-AV: E=Sophos;i="4.75,603,1330905600"; d="scan'208";a="73255113"
Received: from ams-core-4.cisco.com ([144.254.72.77]) by ams-iport-2.cisco.com with ESMTP; 16 May 2012 15:42:50 +0000
Received: from ams3-vpn-dhcp4634.cisco.com (ams3-vpn-dhcp4634.cisco.com [10.61.82.25]) by ams-core-4.cisco.com (8.14.3/8.14.3) with ESMTP id q4GFgoeP029076; Wed, 16 May 2012 15:42:50 GMT
Message-ID: <4FB3CAF9.6030506@cisco.com>
Date: Wed, 16 May 2012 17:42:49 +0200
From: Eliot Lear <lear@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <0E17EDDE-567A-40BF-9CB9-0D6B757FF0A5@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA2010259C4@P3PWEX2MB008.ex2.secureserver.net> <6CE569CC-091C-456D-8426-FB3200ED4667@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA201025F4F@P3PWEX2MB008.ex2.secureserver.net> <4FAAC251.3010903@mtcc.com> <0CBAEB56DDB3A140BA8E8C124C04ECA201026058@P3PWEX2MB008.ex2.secureserver.net> <4FAAC6C4.7080502@mtcc.com> <4FAAD2DF.4080500@cs.tcd.ie>
In-Reply-To: <4FAAD2DF.4080500@cs.tcd.ie>
X-Enigmail-Version: 1.4.1
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] IPR on OAuth bearer
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 May 2012 15:42:53 -0000

Stephen, Hannes,

Given the intent to re-run LC, counsel need about 2-3 weeks to answer
the questions you've asked.  Had the patent been disclosed in a timely
fashion they would have had that time long before LC.  Having some
questions answered I believe will help LC discussion.  I hope this
doesn't inconvenience anyone.

Thanks,

Eliot


On 5/9/12 10:26 PM, Stephen Farrell wrote:
> Hi Mike,
>
> On 05/09/2012 08:34 PM, Michael Thomas wrote:
>> On 05/09/2012 12:17 PM, Eran Hammer wrote:
>>> Whoever you talk to for legal advice about IPR issues related to
>>> standards you might implement. My only point is, this group is not
>>> qualified to comment on IPR matters.
>> The IETF gets to decide whether it wants to create standards that
>> use (potentially) encumbered IP. It is the wg's responsibility to
>> decide whether it is a necessary evil, or whether the damage can be
>> routed around. How a working group does that without having a
>> discussion is a mystery to me.
> Yeah, its tricky stuff. The key point as I understand it is
> not to get into discussion about licensing arrangements or
> other commercial matters, nor about the validity of the IPR
> itself, which are not our business. While we may or may not
> have opinions that 90+% of the output of all patent offices
> in the ICT space is pure rubbish, those are not directly
> relevant for the WG. If you're not sure, ask the chairs or
> me and we can try help.
>
> The question is as Hannes stated: does this new information
> change the WG's opinion of this document or not. Silence is
> taken to mean "not" in this case.
>
> S
>
>> Mike
>>
>>> EH
>>>
>>>> -----Original Message-----
>>>> From: Michael Thomas [mailto:mike@mtcc.com]
>>>> Sent: Wednesday, May 09, 2012 12:15 PM
>>>> To: Eran Hammer
>>>> Cc: Hannes Tschofenig; oauth@ietf.org WG
>>>> Subject: Re: [OAUTH-WG] IPR on OAuth bearer
>>>>
>>>> On 05/09/2012 12:06 PM, Eran Hammer wrote:
>>>>> So no discussion of this is expected on the list - correct? That's
>>>>> what I
>>>> wanted to clarify. You asked the WG to "think" about its potential
>>>> implications but I don't want that "thinking" to happen out-loud on
>>>> this list...
>>>>> Raising the issue with your internal IPR team is the right step.
>>>> What internal IPR team? The IETF is not a corpro-only club.
>>>>
>>>> Mike
>>>>> EH
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net]
>>>>>> Sent: Wednesday, May 09, 2012 11:37 AM
>>>>>> To: Eran Hammer
>>>>>> Cc: Hannes Tschofenig; oauth@ietf.org WG
>>>>>> Subject: Re: [OAUTH-WG] IPR on OAuth bearer
>>>>>>
>>>>>> Hi Eran,
>>>>>>
>>>>>> if you care about the specification (and want to use it in your
>>>>>> products) then you may want to reach out to your IPR folks and ask for
>>>> their judgement.
>>>>>> They may be able to tell you whether they find the cited IPR
>>>>>> applicable and whether they had experience with the IPR holder
>>>>>> already.
>>>>>>
>>>>>> Ciao
>>>>>> Hannes
>>>>>>
>>>>>> On May 9, 2012, at 8:51 PM, Eran Hammer wrote:
>>>>>>
>>>>>>> What exactly is the expected WG discussion on this? I hope people
>>>>>>> here
>>>>>> are not expected to read the patent and make legal decisions about
>>>>>> the patent's validity or even applicability as these are questions
>>>>>> for lawyers, not engineers.
>>>>>>> EH
>>>>>>>
>>>>>>>> -----Original Message-----
>>>>>>>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On
>>>>>>>> Behalf Of Hannes Tschofenig
>>>>>>>> Sent: Wednesday, May 09, 2012 10:44 AM
>>>>>>>> To: oauth@ietf.org WG
>>>>>>>> Subject: [OAUTH-WG] IPR on OAuth bearer
>>>>>>>>
>>>>>>>> Hi all,
>>>>>>>>
>>>>>>>> an IPR disclosure had been submitted for the OAuth bearer document
>>>>>>>> recently. In case you may have missed it, here is the link to it:
>>>>>>>> https://datatracker.ietf.org/ipr/1752/
>>>>>>>>
>>>>>>>> The ADs will re-run the IETF last call due to this new IPR filing
>>>>>>>> and we would also like the working group to check the IPR and to
>>>>>>>> think about potential implications.
>>>>>>>>
>>>>>>>> Thanks.
>>>>>>>>
>>>>>>>> Ciao
>>>>>>>> Hannes&   Derek
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> OAuth mailing list
>>>>>>>> OAuth@ietf.org
>>>>>>>> https://www.ietf.org/mailman/listinfo/oauth
>>>>> _______________________________________________
>>>>> OAuth mailing list
>>>>> OAuth@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/oauth
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>

From wmills@yahoo-inc.com  Wed May 16 08:51:38 2012
Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E26D21F86C4 for <oauth@ietfa.amsl.com>; Wed, 16 May 2012 08:51:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -16.271
X-Spam-Level: 
X-Spam-Status: No, score=-16.271 tagged_above=-999 required=5 tests=[AWL=-0.532, BAYES_20=-0.74, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RH8FvRA+uh0c for <oauth@ietfa.amsl.com>; Wed, 16 May 2012 08:51:37 -0700 (PDT)
Received: from nm4-vm0.bullet.mail.bf1.yahoo.com (nm4-vm0.bullet.mail.bf1.yahoo.com [98.139.213.129]) by ietfa.amsl.com (Postfix) with SMTP id 8EA9421F86AB for <oauth@ietf.org>; Wed, 16 May 2012 08:51:30 -0700 (PDT)
Received: from [98.139.215.142] by nm4.bullet.mail.bf1.yahoo.com with NNFMP; 16 May 2012 15:51:29 -0000
Received: from [98.139.212.251] by tm13.bullet.mail.bf1.yahoo.com with NNFMP; 16 May 2012 15:51:29 -0000
Received: from [127.0.0.1] by omp1060.mail.bf1.yahoo.com with NNFMP; 16 May 2012 15:51:29 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 962934.27019.bm@omp1060.mail.bf1.yahoo.com
Received: (qmail 71748 invoked by uid 60001); 16 May 2012 15:51:29 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1337183489; bh=bK3et2g89h8P4h8FYusxaz8ee2Rl/wrp0A8+1oowLgw=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=JzmXsjotgg4OZaXF4E0vAQENtcYIKRMNs5wfdV4VbsUYOKpqGhNC1u0+R7LpfWSvJb5hldbyxKQq6aB+ePWZClD21OMcKCDrx22o3PFoLhPMSoU2Ni/+IesUPruL6hdZWa7303dIZBVDMnm6HQhL7LzIZFYHKz9QWd7xbOAEczM=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=TT2QJzcc1Tzul7pYQ2Fw+lTAy2cJgZtf92zngMVyKzPt5/xqWQf3fwLRKzObq6XmP/iIcgFXOEGbscFYPJHt4xTlOWNT/W5k48ZpAh4eWfSPKF46ZMr7mLePId+dJnI+lJ4NEfjmT/izd1/jd25Ilx4U3WRG8z/0/OBBlLPcjJE=;
X-YMail-OSG: 9cyoXHcVM1kG3u.IruH8pwO0MfCQilERn8PP.5c5yUPjGZG CUyj7tRaiONMSzQxgv3FmYR_wJIPwa7s5Sv3FX2oV7Zw7HXOJ52HugiDA6EK kY_CapSD7ZAtqkJiXnt1WYByweUPif_CKz_bEGUuixeZHefbe0etg_INdXg7 WbhYECH._NEbNeBwOJyXjKM4krBh06ry8odvv8ll6.giuo_A1XibXTlY5igD dlt6nXk_kh_tQnSkbaMpQTig7lnd8qjg.4w_FMxML_F95FyfUInHJ78MDofw UP_Y_6w21S.Ry.CIMKFxh0cpRfIJ_Cl_ja9O1xtP5hRNRNnxDBTqCgieSWEY 1X9rgBmg58TIEJaS9cQPsT5kVDWlayfn5_07Gl.6tdozjwFrwh9ofqzECZJs X3r9r7DMCnrLtCDRR6Rrsc9p3KAwXGwT6FRR_xRKQsmzPzQHEzQ--
Received: from [209.131.62.115] by web31808.mail.mud.yahoo.com via HTTP; Wed, 16 May 2012 08:51:29 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.118.349524
References: <0CBAEB56DDB3A140BA8E8C124C04ECA2010335A4@P3PWEX2MB008.ex2.secureserver.net>
Message-ID: <1337183489.58273.YahooMailNeo@web31808.mail.mud.yahoo.com>
Date: Wed, 16 May 2012 08:51:29 -0700 (PDT)
From: William Mills <wmills@yahoo-inc.com>
To: Eran Hammer <eran@hueniverse.com>, "oauth@ietf.org WG \(oauth@ietf.org\)" <oauth@ietf.org>
In-Reply-To: <0CBAEB56DDB3A140BA8E8C124C04ECA2010335A4@P3PWEX2MB008.ex2.secureserver.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="258328648-31373656-1337183489=:58273"
Subject: Re: [OAUTH-WG] MAC Token draft
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills@yahoo-inc.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 May 2012 15:51:38 -0000

--258328648-31373656-1337183489=:58273
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

I think there is a need for a signed token style OAuth 2 scheme, and MAC fi=
lls this niche, although holder-of-key (as yet un-drafted) would also do th=
is nicely.=A0 Is MAC going to get picked up and driven to completion?=A0 =
=0A=0A=0ADo others feel this token style (and security properties) are need=
ed?=A0 Or am I alone in this?=0A=0A-bill=0A=0A=0A=0A=0A>___________________=
_____________=0A> From: Eran Hammer <eran@hueniverse.com>=0A>To: "oauth@iet=
f.org WG (oauth@ietf.org)" <oauth@ietf.org> =0A>Sent: Tuesday, May 15, 2012=
 6:41 PM=0A>Subject: [OAUTH-WG] MAC Token draft=0A> =0A>=0A> =0A>I am stepp=
ing down from my role as editor of the MAC token specification. I do not in=
tend to participate in this work moving forward. I will forward my notes to=
 the next editor if requested.=0A>=A0=0A>EH=0A>____________________________=
___________________=0A>OAuth mailing list=0A>OAuth@ietf.org=0A>https://www.=
ietf.org/mailman/listinfo/oauth=0A>=0A>=0A>
--258328648-31373656-1337183489=:58273
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

<html><body><div style=3D"color:#000; background-color:#fff; font-family:Co=
urier New, courier, monaco, monospace, sans-serif;font-size:14pt"><div><spa=
n>I think there is a need for a signed token style OAuth 2 scheme, and MAC =
fills this niche, although holder-of-key (as yet un-drafted) would also do =
this nicely.&nbsp; Is MAC going to get picked up and driven to completion?&=
nbsp; </span><br><span></span></div><div><br><span></span></div><div><span>=
Do others feel this token style (and security properties) are needed?&nbsp;=
 Or am I alone in this?</span></div><div><br><span></span></div><div><span>=
-bill<br></span></div><div><br><blockquote style=3D"border-left: 2px solid =
rgb(16, 16, 255); margin-left: 5px; margin-top: 5px; padding-left: 5px;">  =
<div style=3D"font-family: Courier New, courier, monaco, monospace, sans-se=
rif; font-size: 14pt;"> <div style=3D"font-family: times new roman, new yor=
k, times, serif; font-size: 12pt;"> <div dir=3D"ltr"> <font face=3D"Arial"
 size=3D"2"> <hr size=3D"1">  <b><span style=3D"font-weight:bold;">From:</s=
pan></b> Eran Hammer &lt;eran@hueniverse.com&gt;<br> <b><span style=3D"font=
-weight: bold;">To:</span></b> "oauth@ietf.org WG (oauth@ietf.org)" &lt;oau=
th@ietf.org&gt; <br> <b><span style=3D"font-weight: bold;">Sent:</span></b>=
 Tuesday, May 15, 2012 6:41 PM<br> <b><span style=3D"font-weight: bold;">Su=
bject:</span></b> [OAUTH-WG] MAC Token draft<br> </font> </div> <br>=0A<div=
 id=3D"yiv1728835888">=0A=0A =0A =0A<style><!--=0A#yiv1728835888  =0A _filt=
ered #yiv1728835888 {font-family:"Cambria Math";panose-1:2 4 5 3 5 4 6 3 2 =
4;}=0A _filtered #yiv1728835888 {font-family:Calibri;panose-1:2 15 5 2 2 2 =
4 3 2 4;}=0A#yiv1728835888  =0A#yiv1728835888 p.yiv1728835888MsoNormal, #yi=
v1728835888 li.yiv1728835888MsoNormal, #yiv1728835888 div.yiv1728835888MsoN=
ormal=0A=09{margin:0in;margin-bottom:.0001pt;font-size:11.0pt;font-family:"=
sans-serif";}=0A#yiv1728835888 a:link, #yiv1728835888 span.yiv1728835888Mso=
Hyperlink=0A=09{color:blue;text-decoration:underline;}=0A#yiv1728835888 a:v=
isited, #yiv1728835888 span.yiv1728835888MsoHyperlinkFollowed=0A=09{color:p=
urple;text-decoration:underline;}=0A#yiv1728835888 span.yiv1728835888EmailS=
tyle17=0A=09{font-family:"sans-serif";color:windowtext;}=0A#yiv1728835888 .=
yiv1728835888MsoChpDefault=0A=09{font-family:"sans-serif";}=0A _filtered #y=
iv1728835888 {margin:1.0in 1.0in 1.0in 1.0in;}=0A#yiv1728835888 div.yiv1728=
835888WordSection1=0A=09{}=0A--></style>=0A=0A<div>=0A<div class=3D"yiv1728=
835888WordSection1">=0A<div class=3D"yiv1728835888MsoNormal">I am stepping =
down from my role as editor of the MAC token specification. I do not intend=
 to participate in this work moving forward. I will forward my notes to the=
 next editor if requested.</div> =0A<div class=3D"yiv1728835888MsoNormal"> =
&nbsp;</div> =0A<div class=3D"yiv1728835888MsoNormal">EH</div> =0A</div>=0A=
</div>=0A=0A</div><br>_______________________________________________<br>OA=
uth mailing list<br><a ymailto=3D"mailto:OAuth@ietf.org" href=3D"mailto:OAu=
th@ietf.org">OAuth@ietf.org</a><br><a href=3D"https://www.ietf.org/mailman/=
listinfo/oauth" target=3D"_blank">https://www.ietf.org/mailman/listinfo/oau=
th</a><br><br><br> </div> </div> </blockquote></div>   </div></body></html>
--258328648-31373656-1337183489=:58273--

From jricher@mitre.org  Wed May 16 08:59:25 2012
Return-Path: <jricher@mitre.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E72B721F86AB for <oauth@ietfa.amsl.com>; Wed, 16 May 2012 08:59:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.558
X-Spam-Level: 
X-Spam-Status: No, score=-6.558 tagged_above=-999 required=5 tests=[AWL=0.040,  BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id upkdIR5tWxbZ for <oauth@ietfa.amsl.com>; Wed, 16 May 2012 08:59:23 -0700 (PDT)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id 9715721F862B for <oauth@ietf.org>; Wed, 16 May 2012 08:59:23 -0700 (PDT)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 66316BA06EA for <oauth@ietf.org>; Wed, 16 May 2012 11:59:22 -0400 (EDT)
Received: from IMCCAS04.MITRE.ORG (imccas04.mitre.org [129.83.29.81]) by smtpksrv1.mitre.org (Postfix) with ESMTP id B9A9121B277D for <oauth@ietf.org>; Wed, 16 May 2012 11:59:21 -0400 (EDT)
Received: from [129.83.50.12] (129.83.31.51) by IMCCAS04.MITRE.ORG (129.83.29.81) with Microsoft SMTP Server (TLS) id 14.2.283.3; Wed, 16 May 2012 11:59:21 -0400
Message-ID: <4FB3CE92.5020304@mitre.org>
Date: Wed, 16 May 2012 11:58:10 -0400
From: Justin Richer <jricher@mitre.org>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20120430 Thunderbird/12.0.1
MIME-Version: 1.0
To: <oauth@ietf.org>
References: <0CBAEB56DDB3A140BA8E8C124C04ECA2010335A4@P3PWEX2MB008.ex2.secureserver.net> <1337183489.58273.YahooMailNeo@web31808.mail.mud.yahoo.com>
In-Reply-To: <1337183489.58273.YahooMailNeo@web31808.mail.mud.yahoo.com>
Content-Type: multipart/alternative; boundary="------------010100020805060103010106"
X-Originating-IP: [129.83.31.51]
Subject: Re: [OAUTH-WG] MAC Token draft
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 May 2012 15:59:26 -0000

--------------010100020805060103010106
Content-Type: text/plain; charset="ISO-8859-1"; format=flowed
Content-Transfer-Encoding: 7bit

I also think it's worthwhile. OAuth2 doesn't provide a way to do a 
signed-http-request in the way that OAuth1 does. I would definitely like 
to see this draft make its way to completion, but I don't have the 
crypto expertise to pick up editing it myself.

  -- Justin

On 05/16/2012 11:51 AM, William Mills wrote:
> I think there is a need for a signed token style OAuth 2 scheme, and 
> MAC fills this niche, although holder-of-key (as yet un-drafted) would 
> also do this nicely.  Is MAC going to get picked up and driven to 
> completion?
>
> Do others feel this token style (and security properties) are needed?  
> Or am I alone in this?
>
> -bill
>
>     ------------------------------------------------------------------------
>     *From:* Eran Hammer <eran@hueniverse.com>
>     *To:* "oauth@ietf.org WG (oauth@ietf.org)" <oauth@ietf.org>
>     *Sent:* Tuesday, May 15, 2012 6:41 PM
>     *Subject:* [OAUTH-WG] MAC Token draft
>
>     I am stepping down from my role as editor of the MAC token
>     specification. I do not intend to participate in this work moving
>     forward. I will forward my notes to the next editor if requested.
>     EH
>
>     _______________________________________________
>     OAuth mailing list
>     OAuth@ietf.org <mailto:OAuth@ietf.org>
>     https://www.ietf.org/mailman/listinfo/oauth
>
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


--------------010100020805060103010106
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    I also think it's worthwhile. OAuth2 doesn't provide a way to do a
    signed-http-request in the way that OAuth1 does. I would definitely
    like to see this draft make its way to completion, but I don't have
    the crypto expertise to pick up editing it myself.<br>
    <br>
    &nbsp;-- Justin<br>
    <br>
    On 05/16/2012 11:51 AM, William Mills wrote:
    <blockquote
      cite="mid:1337183489.58273.YahooMailNeo@web31808.mail.mud.yahoo.com"
      type="cite">
      <meta http-equiv="Content-Type" content="text/html;
        charset=ISO-8859-1">
      <div style="color:#000; background-color:#fff; font-family:Courier
        New, courier, monaco, monospace, sans-serif;font-size:14pt">
        <div><span>I think there is a need for a signed token style
            OAuth 2 scheme, and MAC fills this niche, although
            holder-of-key (as yet un-drafted) would also do this
            nicely.&nbsp; Is MAC going to get picked up and driven to
            completion?&nbsp; </span><br>
          <span></span></div>
        <div><br>
          <span></span></div>
        <div><span>Do others feel this token style (and security
            properties) are needed?&nbsp; Or am I alone in this?</span></div>
        <div><br>
          <span></span></div>
        <div><span>-bill<br>
          </span></div>
        <div><br>
          <blockquote style="border-left: 2px solid rgb(16, 16, 255);
            margin-left: 5px; margin-top: 5px; padding-left: 5px;">
            <div style="font-family: Courier New, courier, monaco,
              monospace, sans-serif; font-size: 14pt;">
              <div style="font-family: times new roman, new york, times,
                serif; font-size: 12pt;">
                <div dir="ltr"> <font face="Arial" size="2">
                    <hr size="1"> <b><span style="font-weight:bold;">From:</span></b>
                    Eran Hammer <a class="moz-txt-link-rfc2396E" href="mailto:eran@hueniverse.com">&lt;eran@hueniverse.com&gt;</a><br>
                    <b><span style="font-weight: bold;">To:</span></b>
                    <a class="moz-txt-link-rfc2396E" href="mailto:oauth@ietf.orgWG(oauth@ietf.org)">"oauth@ietf.org WG (oauth@ietf.org)"</a>
                    <a class="moz-txt-link-rfc2396E" href="mailto:oauth@ietf.org">&lt;oauth@ietf.org&gt;</a> <br>
                    <b><span style="font-weight: bold;">Sent:</span></b>
                    Tuesday, May 15, 2012 6:41 PM<br>
                    <b><span style="font-weight: bold;">Subject:</span></b>
                    [OAUTH-WG] MAC Token draft<br>
                  </font> </div>
                <br>
                <div id="yiv1728835888">
                  <style><!--
#yiv1728835888  
 _filtered #yiv1728835888 {font-family:"Cambria Math";panose-1:2 4 5 3 5 4 6 3 2 4;}
 _filtered #yiv1728835888 {font-family:Calibri;panose-1:2 15 5 2 2 2 4 3 2 4;}
#yiv1728835888  
#yiv1728835888 p.yiv1728835888MsoNormal, #yiv1728835888 li.yiv1728835888MsoNormal, #yiv1728835888 div.yiv1728835888MsoNormal
	{margin:0in;margin-bottom:.0001pt;font-size:11.0pt;font-family:"sans-serif";}
#yiv1728835888 a:link, #yiv1728835888 span.yiv1728835888MsoHyperlink
	{color:blue;text-decoration:underline;}
#yiv1728835888 a:visited, #yiv1728835888 span.yiv1728835888MsoHyperlinkFollowed
	{color:purple;text-decoration:underline;}
#yiv1728835888 span.yiv1728835888EmailStyle17
	{font-family:"sans-serif";color:windowtext;}
#yiv1728835888 .yiv1728835888MsoChpDefault
	{font-family:"sans-serif";}
 _filtered #yiv1728835888 {margin:1.0in 1.0in 1.0in 1.0in;}
#yiv1728835888 div.yiv1728835888WordSection1
	{}
--></style>
                  <div>
                    <div class="yiv1728835888WordSection1">
                      <div class="yiv1728835888MsoNormal">I am stepping
                        down from my role as editor of the MAC token
                        specification. I do not intend to participate in
                        this work moving forward. I will forward my
                        notes to the next editor if requested.</div>
                      <div class="yiv1728835888MsoNormal"> &nbsp;</div>
                      <div class="yiv1728835888MsoNormal">EH</div>
                    </div>
                  </div>
                </div>
                <br>
                _______________________________________________<br>
                OAuth mailing list<br>
                <a moz-do-not-send="true"
                  ymailto="mailto:OAuth@ietf.org"
                  href="mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>
                <a moz-do-not-send="true"
                  href="https://www.ietf.org/mailman/listinfo/oauth"
                  target="_blank">https://www.ietf.org/mailman/listinfo/oauth</a><br>
                <br>
                <br>
              </div>
            </div>
          </blockquote>
        </div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
OAuth mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OAuth@ietf.org">OAuth@ietf.org</a>
<a class="moz-txt-link-freetext" href="https://www.ietf.org/mailman/listinfo/oauth">https://www.ietf.org/mailman/listinfo/oauth</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>

--------------010100020805060103010106--

From dick.hardt@gmail.com  Wed May 16 09:13:55 2012
Return-Path: <dick.hardt@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0C7321F8655 for <oauth@ietfa.amsl.com>; Wed, 16 May 2012 09:13:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.271
X-Spam-Level: 
X-Spam-Status: No, score=-3.271 tagged_above=-999 required=5 tests=[AWL=-0.272, BAYES_00=-2.599, J_CHICKENPOX_22=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 732RhDBzOpgi for <oauth@ietfa.amsl.com>; Wed, 16 May 2012 09:13:54 -0700 (PDT)
Received: from mail-pb0-f44.google.com (mail-pb0-f44.google.com [209.85.160.44]) by ietfa.amsl.com (Postfix) with ESMTP id 9D16521F8659 for <oauth@ietf.org>; Wed, 16 May 2012 09:13:54 -0700 (PDT)
Received: by pbcwy7 with SMTP id wy7so1335239pbc.31 for <oauth@ietf.org>; Wed, 16 May 2012 09:13:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; bh=TOp8obPu44xIG1ZPU5/Ht+hI9etH/YZRR05/IO7OGzE=; b=hWUT5jfAAwOnwnSoQlzpnxmsqDlbPytmBn+xTwM8EotT/i7Zs1XTa8HZCxeY0Mz5CR uk0Has/Ih2cgKH151ITBcWlapyLpYvr6pDi4ZzBy5XJ3YhawWSizeiSYbu2/olVzKPB1 9D2fqPkEwyrRdPX2qKLdVosdnqEf3Bz1CJYmb30N3NXzVfRoDWbHKFvT2fWBSya3XZ01 Bv9a3d8Z60PVHXDpcFIQEQzkNcpaFxXvVBLxu0GxLUIigMQFxm4wRxjDConmEcnSeUU0 2eWNT89cbRf8HyDJ+7DFeztXgHeQwqPR7/ov6IwBai99y3eYMGl42xv4G5VVBaFtXIwm hsuA==
Received: by 10.68.233.102 with SMTP id tv6mr17588955pbc.153.1337184830506; Wed, 16 May 2012 09:13:50 -0700 (PDT)
Received: from [10.0.0.4] (c-24-5-69-173.hsd1.ca.comcast.net. [24.5.69.173]) by mx.google.com with ESMTPS id ou5sm5891556pbb.54.2012.05.16.09.13.46 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 16 May 2012 09:13:49 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset=us-ascii
From: Dick Hardt <dick.hardt@gmail.com>
In-Reply-To: <tslbolxgha4.fsf@mit.edu>
Date: Wed, 16 May 2012 09:13:44 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <3F2F53B5-20EB-402B-BD3B-030455450B13@gmail.com>
References: <0E17EDDE-567A-40BF-9CB9-0D6B757FF0A5@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA2010259C4@P3PWEX2MB008.ex2.secureserver.net> <6CE569CC-091C-456D-8426-FB3200ED4667@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA201025F4F@P3PWEX2MB008.ex2.secureserver.net> <4FAAC251.3010903@mtcc.com> <0CBAEB56DDB3A140BA8E8C124C04ECA201026058@P3PWEX2MB008.ex2.secureserver.net> <4FAAC6C4.7080502@mtcc.com> <4FAAD2DF.4080500@cs.tcd.ie> <4FAAD43C.501@mtcc.com> <tslbolxgha4.fsf@mit.edu>
To: Sam Hartman <hartmans-ietf@mit.edu>
X-Mailer: Apple Mail (2.1278)
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] IPR on OAuth bearer
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 May 2012 16:13:55 -0000

3) I have read the IPR and I believe I could deploy this specification.

NOTE: I am not a legal expert, but I do have extensive experience with =
identity related patents and after reviewing the claims, I do not =
believe that the OAuth 2.0 or OAuth bearer specifications infringe on =
patent 7272639.

-- Dick

On May 9, 2012, at 2:45 PM, Sam Hartman wrote:

> So, here are statements that  you could make as part of this =
discussion
> that would be entirely in scope:
>=20
> 1) I've read the IPR. Prior to this disclosure I was interested in
> developing|deploying|shipping  an implementation of this
> specification. Now I am not.
>=20
> 2) I think you could go so far as to say. Based on this IPR I would no
> longer feel comfortable making an open-source implementation of this
> spec available.
>=20
> 3) Or on the other  side: I've reviewed this new IPR and I believe I
> could implement|ship|deploy|whatever this specification.
>=20
> Or if you don't like giving out as much information as 1-3:
>=20
> 4) I've reviewed the new IPr and I recommend that we not advance this
> standard
>=20
> 5) I've reviewed the IPR and I do recommend we advance.
>=20
> Obviously, people may weigh statements of the form 1-3 with more value
> than 4-5. However it's really hard to get many organizations to say
> something in the 1-3 range.
>=20
> Other valid things to say in such a context include:
>=20
> 6) We've successfully obtained any licenses we believe that we need in
> order to implement this specification given the IPR.
>=20
> 7) We attempted to obtain the licenses we needed in order to implement
> given this IPR but were unsuccessful.
>=20
> believe all the above statements are acceptable. In particular, none =
of
> them comment on the validity of the IPR nor give legal advice about
> stuff.
>=20
> I believe you could even go so far as to say  something like I believe
> that an open-source implementation of this technology is|is not
> important to whether we should standardize it. I believe we've come =
very
> close to that in the past.=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


From herestomwiththeweather@gmail.com  Wed May 16 16:04:28 2012
Return-Path: <herestomwiththeweather@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AA6E21F8758 for <oauth@ietfa.amsl.com>; Wed, 16 May 2012 16:04:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level: 
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VC69IRg5aHTU for <oauth@ietfa.amsl.com>; Wed, 16 May 2012 16:04:28 -0700 (PDT)
Received: from mail-wi0-f172.google.com (mail-wi0-f172.google.com [209.85.212.172]) by ietfa.amsl.com (Postfix) with ESMTP id 5843911E8086 for <oauth@ietf.org>; Wed, 16 May 2012 16:04:26 -0700 (PDT)
Received: by wibhj8 with SMTP id hj8so3823715wib.13 for <oauth@ietf.org>; Wed, 16 May 2012 16:04:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=/SEnFR2qU9jdO+sk4BPuf4SIvyEszIrQPbBFwwuChpk=; b=ssFUaaUzBwP1S/o5XWGM8MIRFMVLEU4b05HZBBsTjrUkj6q/uM+pnDcKXLXRvwtyBb g1rf9QNCHKxvAIQBzKhxm5X7NWcETJkhkhYqgbZeN99/MareVksil3oMrMov7RdsAIo1 PTI9e10pNFpS4xSN+wh9Cl68AkSRTW939Ge4hr07UwQGl2DpUcTxq40duzmM8kPV9YIr p9afWASUJW64m+kvVO0/T5F7DJeIPS329V0fMmcnCP5wOQAu4789ljRq1/CpvKsq9Ebr r6GBziIi3ZbhMHCQfBAMUrA692lVh3fXMDFT7sG19F4xEAlMN2Eo50IKIZx47hSUU2gy ePTA==
Received: by 10.216.144.216 with SMTP id n66mr3216215wej.107.1337209465439; Wed, 16 May 2012 16:04:25 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.216.4.75 with HTTP; Wed, 16 May 2012 16:04:05 -0700 (PDT)
From: Tom Brown <herestomwiththeweather@gmail.com>
Date: Wed, 16 May 2012 18:04:05 -0500
Message-ID: <CAAkbWvmXXkKRw+uUM_45zZBtJ54K3Tv58+4+oA6Uc6hFhbYRAA@mail.gmail.com>
To: oauth@ietf.org
Content-Type: multipart/alternative; boundary=0016e6d58c3a2d87d804c02f573b
Subject: [OAUTH-WG] dynamic client registration without redirect_url for mobile?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 May 2012 23:04:28 -0000

--0016e6d58c3a2d87d804c02f573b
Content-Type: text/plain; charset=ISO-8859-1

for draft-hardjono-oauth-dynreg, would it make sense to have a type where
no redirect_url is passed and instead the client registration endpoint
assigns the redirect uri itself?

for instance, a mobile app might request this type of registration and the
client registration endpoint could assign the redirect_uri to a url
belonging to the authorization server.  if, for instance, the mobile app is
using an embedded user-agent, upon authorization, it can retrieve the code
param from the url when the page is loaded.

thanks,
tom

--0016e6d58c3a2d87d804c02f573b
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

for draft-hardjono-oauth-dynreg, would it make sense to have a type where n=
o redirect_url is passed and instead the client registration endpoint assig=
ns the redirect uri itself?<br><br>for instance, a mobile app might request=
 this type of registration and the client registration endpoint could assig=
n the redirect_uri to a url belonging to the authorization server.=A0 if, f=
or instance, the mobile app is using an embedded user-agent, upon authoriza=
tion, it can retrieve the code param from the url when the page is loaded.<=
br>

<br>thanks,<br>tom<br>

--0016e6d58c3a2d87d804c02f573b--

From James.H.Manger@team.telstra.com  Wed May 16 17:33:28 2012
Return-Path: <James.H.Manger@team.telstra.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6511E21F861B for <oauth@ietfa.amsl.com>; Wed, 16 May 2012 17:33:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.794
X-Spam-Level: 
X-Spam-Status: No, score=-0.794 tagged_above=-999 required=5 tests=[AWL=0.106,  BAYES_00=-2.599, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, HTML_MESSAGE=0.001, RELAY_IS_203=0.994]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PJ+wdXVGVRoS for <oauth@ietfa.amsl.com>; Wed, 16 May 2012 17:33:27 -0700 (PDT)
Received: from ipxbno.tcif.telstra.com.au (ipxbno.tcif.telstra.com.au [203.35.82.204]) by ietfa.amsl.com (Postfix) with ESMTP id BEEB521F8620 for <oauth@ietf.org>; Wed, 16 May 2012 17:33:25 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.75,606,1330866000"; d="scan'208,217";a="73220780"
Received: from unknown (HELO ipcani.tcif.telstra.com.au) ([10.97.216.200]) by ipobni.tcif.telstra.com.au with ESMTP; 17 May 2012 10:33:24 +1000
X-IronPort-AV: E=McAfee;i="5400,1158,6713"; a="11306009"
Received: from wsmsg3707.srv.dir.telstra.com ([172.49.40.81]) by ipcani.tcif.telstra.com.au with ESMTP; 17 May 2012 10:33:24 +1000
Received: from WSMSG3153V.srv.dir.telstra.com ([172.49.40.159]) by wsmsg3707.srv.dir.telstra.com ([172.49.40.81]) with mapi; Thu, 17 May 2012 10:33:24 +1000
From: "Manger, James H" <James.H.Manger@team.telstra.com>
To: William Mills <wmills@yahoo-inc.com>, "oauth@ietf.org" <oauth@ietf.org>
Date: Thu, 17 May 2012 10:33:22 +1000
Thread-Topic: [OAUTH-WG] OAuth Bearer: Response to an unauthenticated request
Thread-Index: Ac0zcEZW07VsYazMTGeiEE+C53dMvgATX6AA
Message-ID: <255B9BB34FB7D647A506DC292726F6E114F2E1B9CF@WSMSG3153V.srv.dir.telstra.com>
References: <CA+tG_hWL4H4jkc0ASw-JQSY-akbQ2myv_m3tRm_pXHd8ghU9HA@mail.gmail.com> <1337097864.46559.YahooMailNeo@web31805.mail.mud.yahoo.com> <CA+tG_hUv9vnVxEq02pGtMGT_UnjLSJZyAxN8rvFjsHgDM-ZgxQ@mail.gmail.com> <1337099057.36064.YahooMailNeo@web31812.mail.mud.yahoo.com> <CA+tG_hU-mCp-RpfJBTbW2db0mWste46PMdtK-5N3ucCPpyq2EA@mail.gmail.com> <C341CDE7-246C-4F09-A754-E6AD57D4F03B@ve7jtb.com> <255B9BB34FB7D647A506DC292726F6E114F2E1B22B@WSMSG3153V.srv.dir.telstra.com> <1337148721.1745.YahooMailNeo@web31807.mail.mud.yahoo.com> <255B9BB34FB7D647A506DC292726F6E114F2E1B5CA@WSMSG3153V.srv.dir.telstra.com> <1337178551.57685.YahooMailNeo@web31812.mail.mud.yahoo.com>
In-Reply-To: <1337178551.57685.YahooMailNeo@web31812.mail.mud.yahoo.com>
Accept-Language: en-US, en-AU
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US, en-AU
Content-Type: multipart/alternative; boundary="_000_255B9BB34FB7D647A506DC292726F6E114F2E1B9CFWSMSG3153Vsrv_"
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] OAuth Bearer: Response to an unauthenticated request
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 May 2012 00:33:28 -0000

--_000_255B9BB34FB7D647A506DC292726F6E114F2E1B9CFWSMSG3153Vsrv_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

PiBUaGUgcHJvYmxlbSBpcyB0aGUgcGFzc3dvcmQgZ3JhbnQuDQoNClRoaXMgZG9lc27igJl0IHNv
dW5kIGxpa2UgYSBnb29kIHJlYXNvbiB0byBkaXRjaCBBUyBkaXNjb3ZlcnkgdmlhIGFuIFdXVy1B
dXRoZW50aWNhdGUgcmVzcG9uc2UgaGVhZGVyLiBDbGllbnQgYXBwcyB1c2luZyB0aGUgcGFzc3dv
cmQgZ3JhbnQgYXJlIG9ubHkgYSBzdWJzZXQgb2YgT0F1dGggY2xpZW50cywgYW5kIGEgc3BlY2lh
bGl6ZWQgc3Vic2V0IGF0IHRoYXQuIFRoZSBzcGVjIFtkcmFmdC1pZXRmLW9hdXRoLXYyLTI2I3Nl
Y3Rpb24tNC4zXSBzYXlzIHRoZSDigJxhdXRob3JpemF0aW9uIHNlcnZlciBzaG91bGQgdGFrZSBz
cGVjaWFsIGNhcmUgd2hlbiBlbmFibGluZyB0aGlzIGdyYW50IHR5cGUsIGFuZCBvbmx5IGFsbG93
IGl0IHdoZW4gb3RoZXIgZmxvd3MgYXJlIG5vdCB2aWFibGXigJ0uIEp1c3QgdGVsbCB0aG9zZSBm
ZXcg4oCcaGlnaGx5IHByaXZpbGVnZWTigJ0gY2xpZW50IGFwcHMgdXNpbmcgdGhlIHBhc3N3b3Jk
IGdyYW50IG5vdCB0byB1c2UgQVMgZGlzY292ZXJ5IHZpYSBhbiBXV1ctQXV0aGVudGljYXRlIHJl
c3BvbnNlIGlmIGl0IGlzIGEgcHJvYmxlbSAodGhvdWdoIEnigJltIG5vdCBzdXJlIGl0IGlzIGFu
eSB3b3JzZSB0aGFuIGEgcmVzb3VyY2UgcmV0dXJuaW5nIFdXVy1BdXRoZW50aWNhdGU6IEJBU0lD
IC4uLiB0byB0cmlnZ2VyIHRoZSBwYXNzd29yZCBiZWluZyBzZW50PykuDQoNCi0tDQpKYW1lcyBN
YW5nZXINCg0KRnJvbTogV2lsbGlhbSBNaWxscyBbbWFpbHRvOndtaWxsc0B5YWhvby1pbmMuY29t
XQ0KU2VudDogVGh1cnNkYXksIDE3IE1heSAyMDEyIDEyOjI5IEFNDQpUbzogTWFuZ2VyLCBKYW1l
cyBIOyBvYXV0aEBpZXRmLm9yZw0KU3ViamVjdDogUmU6IFtPQVVUSC1XR10gT0F1dGggQmVhcmVy
OiBSZXNwb25zZSB0byBhbiB1bmF1dGhlbnRpY2F0ZWQgcmVxdWVzdA0KDQpUaGUgcHJvYmxlbSBp
cyB0aGUgcGFzc3dvcmQgZ3JhbnQuICBDbGllbnRzIHRoYXQgc3VwcG9ydCBpdCB3b3VsZCBwb3Rl
bnRpYWxseSBkZWxpdmVyIHRoZSB1c2VybmFtZSBhbmQgcGFzc3dvcmQgd2l0aG91dCBhc2tpbmcg
dGhlIHVzZXIsIG9yIGJ5IHByb21wdGluZyBpbiB0aGUgVUkgaXRzZWxmIGFuZCBub3QgdGhyb3Vn
aCBhIHdlYiBpbnRlcmFjdGlvbiB3aXRoIHRoZSBBUy4NCg0KX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX18NCkZyb206ICJNYW5nZXIsIEphbWVzIEgiIDxKYW1lcy5ILk1hbmdlckB0ZWFt
LnRlbHN0cmEuY29tPg0KVG86IFdpbGxpYW0gTWlsbHMgPHdtaWxsc0B5YWhvby1pbmMuY29tPjsg
Im9hdXRoQGlldGYub3JnIiA8b2F1dGhAaWV0Zi5vcmc+DQpTZW50OiBXZWRuZXNkYXksIE1heSAx
NiwgMjAxMiA1OjU1IEFNDQpTdWJqZWN0OiBSRTogW09BVVRILVdHXSBPQXV0aCBCZWFyZXI6IFJl
c3BvbnNlIHRvIGFuIHVuYXV0aGVudGljYXRlZCByZXF1ZXN0DQoNCkJpbGwsDQoNCj4+IEEgV1dX
LUF1dGhlbnRpY2F0ZSByZXNwb25zZSBoZWFkZXIgdGhhdCBpZGVudGlmaWVzIGFuIGF1dGhvcml6
YXRpb24NCj4+IHNlcnZlciAoQVMpIHdvdWxkIGJlIGEgZ3JlYXQgaHlwZXJtZWRpYS1kcml2ZW4g
c29sdXRpb24uDQo+PiBJdCB0ZWxscyB0aGUgY2xpZW50IGFwcCB3aGljaCBBUyBhIHNlcnZpY2Ug
dHJ1c3RzLg0KPj4gVGhlIGNsaWVudCBhcHAgY2FuIHRoZW4gZ2V0IGEgdG9rZW4uIC4uLg0KDQo+
IFllYWgsIHVuZm9ydHVuYXRlbHkgdGhlIFdXVy1BdXRoZW50aWNhdGUgc29sdXRpb24gYWR2ZXJ0
aXNpbmcgYW4gQVMNCj4gaGFzIGJhZCAoZmF0YWwpIHNlY3VyaXR5IHByb2JsZW1zLg0KDQpJcyBw
aGlzaGluZyB0aGUgZmF0YWwgc2VjdXJpdHkgcHJvYmxlbT8NCkl0IGRvZXNuJ3Qgc291bmQgcXVp
dGUgbGlrZSAibm9ybWFsIiBwaGlzaGluZy4NCkFyZSB0aGVyZSBzdGlsbCBmYXRhbCBwcm9ibGVt
cyBpZiBwaGlzaGluZy1yZXNpc3RhbnQNCnVzZXIgYXV0aGVudGljYXRpb24gbWVjaGFuaXNtcyBh
cmUgdXNlZD8NCg0KSSB3b3VsZCByZWFsbHkgYXBwcmVjaWF0ZSBhbnkgZnVydGhlciBleHBsYW5h
dGlvbg0KKG9yIHBvaW50ZXJzIHRvIGV4cGxhbmF0aW9ucykuDQoNCj4gVGhhdCdzIHRoZSB1bmRl
cmx5aW5nIHJlYXNvbi91cmdlbmN5IGJlaGluZCBhIHNlcGFyYXRlIHNlcnZpY2VzDQo+IGRpc2Nv
dmVyeSBtZWNoYW5pc20uICBJdCdzIG5vdCB0aGF0IHdlIGlnbm9yZWQgV1dXLUF1dGhlbnRpY2F0
ZSwNCj4gYW5kIGluIGZhY3QgSSdtIGluIHByb2Nlc3Mgb2YgcmlwcGluZyB0aGF0IG1lY2hhbmlz
bSBvdXQgb2YgYQ0KPiBkcmFmdCBJJ20gd29ya2luZyBvbi4NCj4NCj4gVGhpcyBpcyBub3QgaGFy
ZCB3aGVuIHRoZSBwcm90ZWN0ZWQgcmVzb3VyY2Ugb3IgdXNlciBpZGVudGlmaWVyDQo+IGlzIGlu
IGEgZG9tYWluIHdoZXJlIFdlYkZpbmdlciAoV0YpIHdpbGwgd29yay4NCg0KSXMgdGhpcyBiZWNh
dXNlIHdlIGFzc3VtZSBhIGRvbWFpbiBjb250cm9scyBpdHMgd2ViZmluZ2VyIFVSSSwNCmJ1dCB3
ZSBkb24ndCB3YW50IHRvIGFzc3VtZSBhIGRvbWFpbiBjb250cm9scyBhbGwgaXRzIG90aGVyIFVS
SXMNCihwZXJoYXBzIGJlY2F1c2Ugc29tZSB3aWxsIHNlcnZlIHVzZXItZ2VuZXJhdGVkIGNvbnRl
bnQpPw0KDQo+IFRoZSBwcm9ibGVtIGNvbWVzIHdoZW4gd2UgaGF2ZSwgZm9yIGV4YW1wbGUsIE4g
ZW1haWwgZG9tYWluIG5hbWVzDQo+IGFsbCBzZXJ2ZWQgYnkgdGhlIHNhbWUgQVMsIGFuZCB5b3Ug
aGF2ZSB0byBkaXNjb3ZlciB0aGF0IHdheS4NCj4gVGhlIHNvbHV0aW9uIHRoZXJlIG1heSBiZSB0
aGF0IHlvdSB0YWtlIGFuIGluZGlyZWN0IHBhdGggdGhyb3VnaA0KPiB0aGUgTVggcmVjb3JkIChv
bmUgc3VnZ2VzdGlvbiksIGRldGVybWluZSB0aGUgZG9tYWluIGZyb20gdGhhdCwNCj4gYW5kIGRv
IHRoZSBXRiBsb29rdXAgYmFzZWQgb24gdGhlIE1YIGRvbWFpbi4NCg0KVGhpcyBkb2Vzbid0IHNv
dW5kIGxpa2UgU2VyZ2V54oCZcyBzaXR1YXRpb24gd2hlcmUgdGhlIGNsaWVudCBhcHANCmhhcyBt
YWRlIGEgd2ViIHJlcXVlc3QgLS0gc28gaXQga25vd3MgdGhlIFVSSSBpdCB3YW50cy4NCg0KPiBG
b3IgYXJiaXRyYXJ5IHdlYnNlcnZpY2VzIHJ1bm5pbmcgb24gYSBkb21haW4gd2hlcmUgdGhleSBj
YW4ndA0KPiBydW4gdGhlaXIgb3duIFdGIGVuZHBvaW50IHdlIGRvbid0IHlldCBoYXZlIGEgc29s
dXRpb24uDQo+IEF0IHNvbWUgcG9pbnQgdGhlIGNsaWVudCBtYXkgd2VsbCBiZSBleHBlY3RlZCB0
byBrbm93IHNvbWV0aGluZw0KPiBhYm91dCB0aGUgaWRlbnRpdHkgaXQgZXhwZWN0cyB0byB1c2Ug
Zm9yIGEgc2l0ZS4NCg0KQ291bGQgeW91IGNsYXJpZnkgInRoZSBpZGVudGl0eSBpdCBleHBlY3Rz
IHRvIHVzZSBmb3IgYSBzaXRlIj8NCkknbSBub3Qgc3VyZSBpZiB0aGlzIGlzIHRhbGtpbmcgYWJv
dXQgdGhlIHVzZXIncyBpZGVudGl0eSwgdGhlDQpjbGllbnQgYXBwJ3MgaWRlbnRpdHkgb3IgdGhl
IHNpdGUncyBpZGVudGl0eS4NCg0KLS0NCkphbWVzIE1hbmdlcg0KDQoNCg==

--_000_255B9BB34FB7D647A506DC292726F6E114F2E1B9CFWSMSG3153Vsrv_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+PGhlYWQ+PG1ldGEgaHR0cC1lcXVpdj1Db250ZW50LVR5cGUgY29udGVu
dD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij48bWV0YSBuYW1lPUdlbmVyYXRvciBjb250ZW50
PSJNaWNyb3NvZnQgV29yZCAxMiAoZmlsdGVyZWQgbWVkaXVtKSI+PCEtLVtpZiAhbXNvXT48c3R5
bGU+dlw6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0Kb1w6KiB7YmVoYXZpb3I6dXJs
KCNkZWZhdWx0I1ZNTCk7fQ0Kd1w6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0KLnNo
YXBlIHtiZWhhdmlvcjp1cmwoI2RlZmF1bHQjVk1MKTt9DQo8L3N0eWxlPjwhW2VuZGlmXS0tPjxz
dHlsZT48IS0tDQovKiBGb250IERlZmluaXRpb25zICovDQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFt
aWx5OiJDYW1icmlhIE1hdGgiOw0KCXBhbm9zZS0xOjIgNCA1IDMgNSA0IDYgMyAyIDQ7fQ0KQGZv
bnQtZmFjZQ0KCXtmb250LWZhbWlseTpDYWxpYnJpOw0KCXBhbm9zZS0xOjIgMTUgNSAyIDIgMiA0
IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6VGFob21hOw0KCXBhbm9zZS0xOjIg
MTEgNiA0IDMgNSA0IDQgMiA0O30NCi8qIFN0eWxlIERlZmluaXRpb25zICovDQpwLk1zb05vcm1h
bCwgbGkuTXNvTm9ybWFsLCBkaXYuTXNvTm9ybWFsDQoJe21hcmdpbjowY207DQoJbWFyZ2luLWJv
dHRvbTouMDAwMXB0Ow0KCWZvbnQtc2l6ZToxMi4wcHQ7DQoJZm9udC1mYW1pbHk6IlRpbWVzIE5l
dyBSb21hbiIsInNlcmlmIjt9DQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHls
ZS1wcmlvcml0eTo5OTsNCgljb2xvcjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7
fQ0KYTp2aXNpdGVkLCBzcGFuLk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlv
cml0eTo5OTsNCgljb2xvcjpwdXJwbGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpz
cGFuLkVtYWlsU3R5bGUxNw0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1yZXBseTsNCglmb250
LWZhbWlseToiQ2FsaWJyaSIsInNhbnMtc2VyaWYiOw0KCWNvbG9yOiMxRjQ5N0Q7fQ0KLk1zb0No
cERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1zaXplOjEwLjBw
dDt9DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7c2l6ZTo2MTIuMHB0IDc5Mi4wcHQ7DQoJbWFyZ2lu
OjcyLjBwdCA3Mi4wcHQgNzIuMHB0IDcyLjBwdDt9DQpkaXYuV29yZFNlY3Rpb24xDQoJe3BhZ2U6
V29yZFNlY3Rpb24xO30NCi0tPjwvc3R5bGU+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpz
aGFwZWRlZmF1bHRzIHY6ZXh0PSJlZGl0IiBzcGlkbWF4PSIxMDI2IiAvPg0KPC94bWw+PCFbZW5k
aWZdLS0+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWxheW91dCB2OmV4dD0iZWRp
dCI+DQo8bzppZG1hcCB2OmV4dD0iZWRpdCIgZGF0YT0iMSIgLz4NCjwvbzpzaGFwZWxheW91dD48
L3htbD48IVtlbmRpZl0tLT48L2hlYWQ+PGJvZHkgbGFuZz1FTi1BVSBsaW5rPWJsdWUgdmxpbms9
cHVycGxlPjxkaXYgY2xhc3M9V29yZFNlY3Rpb24xPjxwIGNsYXNzPU1zb05vcm1hbD48c3BhbiBz
dHlsZT0nZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseToiQ2FsaWJyaSIsInNhbnMtc2VyaWYi
O2NvbG9yOiMxRjQ5N0QnPiZndDsgPC9zcGFuPjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTQuMHB0
O2ZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7Y29sb3I6YmxhY2snPlRoZSBwcm9ibGVtIGlzIHRo
ZSBwYXNzd29yZCBncmFudC48L3NwYW4+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMS4wcHQ7Zm9u
dC1mYW1pbHk6IkNhbGlicmkiLCJzYW5zLXNlcmlmIjtjb2xvcjojMUY0OTdEJz48bzpwPjwvbzpw
Pjwvc3Bhbj48L3A+PHAgY2xhc3M9TXNvTm9ybWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTEu
MHB0O2ZvbnQtZmFtaWx5OiJDYWxpYnJpIiwic2Fucy1zZXJpZiI7Y29sb3I6IzFGNDk3RCc+PG86
cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPjxwIGNsYXNzPU1zb05vcm1hbD48c3BhbiBzdHlsZT0n
Zm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseToiQ2FsaWJyaSIsInNhbnMtc2VyaWYiO2NvbG9y
OiMxRjQ5N0QnPlRoaXMgZG9lc27igJl0IHNvdW5kIGxpa2UgYSBnb29kIHJlYXNvbiB0byBkaXRj
aCBBUyBkaXNjb3ZlcnkgdmlhIGFuIFdXVy1BdXRoZW50aWNhdGUgcmVzcG9uc2UgaGVhZGVyLiBD
bGllbnQgYXBwcyB1c2luZyB0aGUgcGFzc3dvcmQgZ3JhbnQgYXJlIG9ubHkgYSBzdWJzZXQgb2Yg
T0F1dGggY2xpZW50cywgYW5kIGEgc3BlY2lhbGl6ZWQgc3Vic2V0IGF0IHRoYXQuIFRoZSBzcGVj
IFtkcmFmdC1pZXRmLW9hdXRoLXYyLTI2I3NlY3Rpb24tNC4zXSBzYXlzIHRoZSDigJxhdXRob3Jp
emF0aW9uIHNlcnZlciBzaG91bGQgdGFrZSBzcGVjaWFsIGNhcmUgd2hlbiBlbmFibGluZyB0aGlz
IGdyYW50IHR5cGUsIGFuZCBvbmx5IGFsbG93IGl0IHdoZW4gb3RoZXIgZmxvd3MgYXJlIG5vdCB2
aWFibGXigJ0uIEp1c3QgdGVsbCB0aG9zZSBmZXcg4oCcaGlnaGx5IHByaXZpbGVnZWTigJ0gY2xp
ZW50IGFwcHMgdXNpbmcgdGhlIHBhc3N3b3JkIGdyYW50IG5vdCB0byB1c2UgQVMgZGlzY292ZXJ5
IHZpYSBhbiBXV1ctQXV0aGVudGljYXRlIHJlc3BvbnNlIGlmIGl0IGlzIGEgcHJvYmxlbSAodGhv
dWdoIEnigJltIG5vdCBzdXJlIGl0IGlzIGFueSB3b3JzZSB0aGFuIGEgcmVzb3VyY2UgcmV0dXJu
aW5nIFdXVy1BdXRoZW50aWNhdGU6IEJBU0lDIC4uLiB0byB0cmlnZ2VyIHRoZSBwYXNzd29yZCBi
ZWluZyBzZW50PykuPG86cD48L286cD48L3NwYW4+PC9wPjxwIGNsYXNzPU1zb05vcm1hbD48c3Bh
biBzdHlsZT0nZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseToiQ2FsaWJyaSIsInNhbnMtc2Vy
aWYiO2NvbG9yOiMxRjQ5N0QnPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD48ZGl2PjxwIGNs
YXNzPU1zb05vcm1hbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseToi
Q2FsaWJyaSIsInNhbnMtc2VyaWYiO2NvbG9yOiMxRjQ5N0QnPi0tPG86cD48L286cD48L3NwYW4+
PC9wPjxwIGNsYXNzPU1zb05vcm1hbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOjExLjBwdDtmb250
LWZhbWlseToiQ2FsaWJyaSIsInNhbnMtc2VyaWYiO2NvbG9yOiMxRjQ5N0QnPkphbWVzIE1hbmdl
cjxvOnA+PC9vOnA+PC9zcGFuPjwvcD48L2Rpdj48cCBjbGFzcz1Nc29Ob3JtYWw+PHNwYW4gc3R5
bGU9J2ZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6IkNhbGlicmkiLCJzYW5zLXNlcmlmIjtj
b2xvcjojMUY0OTdEJz48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+PGRpdj48ZGl2IHN0eWxl
PSdib3JkZXI6bm9uZTtib3JkZXItdG9wOnNvbGlkICNCNUM0REYgMS4wcHQ7cGFkZGluZzozLjBw
dCAwY20gMGNtIDBjbSc+PHAgY2xhc3M9TXNvTm9ybWFsPjxiPjxzcGFuIGxhbmc9RU4tVVMgc3R5
bGU9J2ZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6IlRhaG9tYSIsInNhbnMtc2VyaWYiJz5G
cm9tOjwvc3Bhbj48L2I+PHNwYW4gbGFuZz1FTi1VUyBzdHlsZT0nZm9udC1zaXplOjEwLjBwdDtm
b250LWZhbWlseToiVGFob21hIiwic2Fucy1zZXJpZiInPiBXaWxsaWFtIE1pbGxzIFttYWlsdG86
d21pbGxzQHlhaG9vLWluYy5jb21dIDxicj48Yj5TZW50OjwvYj4gVGh1cnNkYXksIDE3IE1heSAy
MDEyIDEyOjI5IEFNPGJyPjxiPlRvOjwvYj4gTWFuZ2VyLCBKYW1lcyBIOyBvYXV0aEBpZXRmLm9y
Zzxicj48Yj5TdWJqZWN0OjwvYj4gUmU6IFtPQVVUSC1XR10gT0F1dGggQmVhcmVyOiBSZXNwb25z
ZSB0byBhbiB1bmF1dGhlbnRpY2F0ZWQgcmVxdWVzdDxvOnA+PC9vOnA+PC9zcGFuPjwvcD48L2Rp
dj48L2Rpdj48cCBjbGFzcz1Nc29Ob3JtYWw+PG86cD4mbmJzcDs8L286cD48L3A+PGRpdj48ZGl2
PjxwIGNsYXNzPU1zb05vcm1hbCBzdHlsZT0nYmFja2dyb3VuZDp3aGl0ZSc+PHNwYW4gc3R5bGU9
J2ZvbnQtc2l6ZToxNC4wcHQ7Zm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3Ijtjb2xvcjpibGFjayc+
VGhlIHByb2JsZW0gaXMgdGhlIHBhc3N3b3JkIGdyYW50LiZuYnNwOyBDbGllbnRzIHRoYXQgc3Vw
cG9ydCBpdCB3b3VsZCBwb3RlbnRpYWxseSBkZWxpdmVyIHRoZSB1c2VybmFtZSBhbmQgcGFzc3dv
cmQgd2l0aG91dCBhc2tpbmcgdGhlIHVzZXIsIG9yIGJ5IHByb21wdGluZyBpbiB0aGUgVUkgaXRz
ZWxmIGFuZCBub3QgdGhyb3VnaCBhIHdlYiBpbnRlcmFjdGlvbiB3aXRoIHRoZSBBUy48bzpwPjwv
bzpwPjwvc3Bhbj48L3A+PC9kaXY+PGRpdj48YmxvY2txdW90ZSBzdHlsZT0nYm9yZGVyOm5vbmU7
Ym9yZGVyLWxlZnQ6c29saWQgIzEwMTBGRiAxLjVwdDtwYWRkaW5nOjBjbSAwY20gMGNtIDQuMHB0
O21hcmdpbi1sZWZ0OjMuNzVwdDttYXJnaW4tdG9wOjMuNzVwdDttYXJnaW4tYm90dG9tOjUuMHB0
Jz48cCBjbGFzcz1Nc29Ob3JtYWwgc3R5bGU9J2JhY2tncm91bmQ6d2hpdGUnPjxzcGFuIHN0eWxl
PSdmb250LXNpemU6MTQuMHB0O2ZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7Y29sb3I6YmxhY2sn
PjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD48ZGl2PjxkaXY+PGRpdj48ZGl2IGNsYXNzPU1z
b05vcm1hbCBhbGlnbj1jZW50ZXIgc3R5bGU9J3RleHQtYWxpZ246Y2VudGVyO2JhY2tncm91bmQ6
d2hpdGUnPjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiJBcmlhbCIs
InNhbnMtc2VyaWYiO2NvbG9yOmJsYWNrJz48aHIgc2l6ZT0xIHdpZHRoPSIxMDAlIiBhbGlnbj1j
ZW50ZXI+PC9zcGFuPjwvZGl2PjxwIGNsYXNzPU1zb05vcm1hbCBzdHlsZT0nYmFja2dyb3VuZDp3
aGl0ZSc+PGI+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6IkFyaWFs
Iiwic2Fucy1zZXJpZiI7Y29sb3I6YmxhY2snPkZyb206PC9zcGFuPjwvYj48c3BhbiBzdHlsZT0n
Zm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseToiQXJpYWwiLCJzYW5zLXNlcmlmIjtjb2xvcjpi
bGFjayc+ICZxdW90O01hbmdlciwgSmFtZXMgSCZxdW90OyAmbHQ7SmFtZXMuSC5NYW5nZXJAdGVh
bS50ZWxzdHJhLmNvbSZndDs8YnI+PGI+VG86PC9iPiBXaWxsaWFtIE1pbGxzICZsdDt3bWlsbHNA
eWFob28taW5jLmNvbSZndDs7ICZxdW90O29hdXRoQGlldGYub3JnJnF1b3Q7ICZsdDtvYXV0aEBp
ZXRmLm9yZyZndDsgPGJyPjxiPlNlbnQ6PC9iPiBXZWRuZXNkYXksIE1heSAxNiwgMjAxMiA1OjU1
IEFNPGJyPjxiPlN1YmplY3Q6PC9iPiBSRTogW09BVVRILVdHXSBPQXV0aCBCZWFyZXI6IFJlc3Bv
bnNlIHRvIGFuIHVuYXV0aGVudGljYXRlZCByZXF1ZXN0PC9zcGFuPjxzcGFuIHN0eWxlPSdjb2xv
cjpibGFjayc+PG86cD48L286cD48L3NwYW4+PC9wPjwvZGl2PjxwIGNsYXNzPU1zb05vcm1hbCBz
dHlsZT0nbWFyZ2luLWJvdHRvbToxMi4wcHQ7YmFja2dyb3VuZDp3aGl0ZSc+PHNwYW4gc3R5bGU9
J2NvbG9yOmJsYWNrJz48YnI+QmlsbCw8YnI+PGJyPiZndDsmZ3Q7IEEgV1dXLUF1dGhlbnRpY2F0
ZSByZXNwb25zZSBoZWFkZXIgdGhhdCBpZGVudGlmaWVzIGFuIGF1dGhvcml6YXRpb248YnI+Jmd0
OyZndDsgc2VydmVyIChBUykgd291bGQgYmUgYSBncmVhdCBoeXBlcm1lZGlhLWRyaXZlbiBzb2x1
dGlvbi48YnI+Jmd0OyZndDsgSXQgdGVsbHMgdGhlIGNsaWVudCBhcHAgd2hpY2ggQVMgYSBzZXJ2
aWNlIHRydXN0cy48YnI+Jmd0OyZndDsgVGhlIGNsaWVudCBhcHAgY2FuIHRoZW4gZ2V0IGEgdG9r
ZW4uIC4uLjxicj48YnI+Jmd0OyBZZWFoLCB1bmZvcnR1bmF0ZWx5IHRoZSBXV1ctQXV0aGVudGlj
YXRlIHNvbHV0aW9uIGFkdmVydGlzaW5nIGFuIEFTPGJyPiZndDsgaGFzIGJhZCAoZmF0YWwpIHNl
Y3VyaXR5IHByb2JsZW1zLjxicj48YnI+SXMgcGhpc2hpbmcgdGhlIGZhdGFsIHNlY3VyaXR5IHBy
b2JsZW0/PGJyPkl0IGRvZXNuJ3Qgc291bmQgcXVpdGUgbGlrZSAmcXVvdDtub3JtYWwmcXVvdDsg
cGhpc2hpbmcuPGJyPkFyZSB0aGVyZSBzdGlsbCBmYXRhbCBwcm9ibGVtcyBpZiBwaGlzaGluZy1y
ZXNpc3RhbnQ8YnI+dXNlciBhdXRoZW50aWNhdGlvbiBtZWNoYW5pc21zIGFyZSB1c2VkPzxicj48
YnI+SSB3b3VsZCByZWFsbHkgYXBwcmVjaWF0ZSBhbnkgZnVydGhlciBleHBsYW5hdGlvbjxicj4o
b3IgcG9pbnRlcnMgdG8gZXhwbGFuYXRpb25zKS48YnI+PGJyPiZndDsgVGhhdCdzIHRoZSB1bmRl
cmx5aW5nIHJlYXNvbi91cmdlbmN5IGJlaGluZCBhIHNlcGFyYXRlIHNlcnZpY2VzPGJyPiZndDsg
ZGlzY292ZXJ5IG1lY2hhbmlzbS4mbmJzcDsgSXQncyBub3QgdGhhdCB3ZSBpZ25vcmVkIFdXVy1B
dXRoZW50aWNhdGUsPGJyPiZndDsgYW5kIGluIGZhY3QgSSdtIGluIHByb2Nlc3Mgb2YgcmlwcGlu
ZyB0aGF0IG1lY2hhbmlzbSBvdXQgb2YgYTxicj4mZ3Q7IGRyYWZ0IEknbSB3b3JraW5nIG9uLjxi
cj4mZ3Q7PGJyPiZndDsgVGhpcyBpcyBub3QgaGFyZCB3aGVuIHRoZSBwcm90ZWN0ZWQgcmVzb3Vy
Y2Ugb3IgdXNlciBpZGVudGlmaWVyPGJyPiZndDsgaXMgaW4gYSBkb21haW4gd2hlcmUgV2ViRmlu
Z2VyIChXRikgd2lsbCB3b3JrLjxicj48YnI+SXMgdGhpcyBiZWNhdXNlIHdlIGFzc3VtZSBhIGRv
bWFpbiBjb250cm9scyBpdHMgd2ViZmluZ2VyIFVSSSw8YnI+YnV0IHdlIGRvbid0IHdhbnQgdG8g
YXNzdW1lIGEgZG9tYWluIGNvbnRyb2xzIGFsbCBpdHMgb3RoZXIgVVJJczxicj4ocGVyaGFwcyBi
ZWNhdXNlIHNvbWUgd2lsbCBzZXJ2ZSB1c2VyLWdlbmVyYXRlZCBjb250ZW50KT88YnI+PGJyPiZn
dDsgVGhlIHByb2JsZW0gY29tZXMgd2hlbiB3ZSBoYXZlLCBmb3IgZXhhbXBsZSwgTiBlbWFpbCBk
b21haW4gbmFtZXM8YnI+Jmd0OyBhbGwgc2VydmVkIGJ5IHRoZSBzYW1lIEFTLCBhbmQgeW91IGhh
dmUgdG8gZGlzY292ZXIgdGhhdCB3YXkuPGJyPiZndDsgVGhlIHNvbHV0aW9uIHRoZXJlIG1heSBi
ZSB0aGF0IHlvdSB0YWtlIGFuIGluZGlyZWN0IHBhdGggdGhyb3VnaDxicj4mZ3Q7IHRoZSBNWCBy
ZWNvcmQgKG9uZSBzdWdnZXN0aW9uKSwgZGV0ZXJtaW5lIHRoZSBkb21haW4gZnJvbSB0aGF0LDxi
cj4mZ3Q7IGFuZCBkbyB0aGUgV0YgbG9va3VwIGJhc2VkIG9uIHRoZSBNWCBkb21haW4uPGJyPjxi
cj5UaGlzIGRvZXNuJ3Qgc291bmQgbGlrZSBTZXJnZXnigJlzIHNpdHVhdGlvbiB3aGVyZSB0aGUg
Y2xpZW50IGFwcDxicj5oYXMgbWFkZSBhIHdlYiByZXF1ZXN0IC0tIHNvIGl0IGtub3dzIHRoZSBV
UkkgaXQgd2FudHMuPGJyPjxicj4mZ3Q7IEZvciBhcmJpdHJhcnkgd2Vic2VydmljZXMgcnVubmlu
ZyBvbiBhIGRvbWFpbiB3aGVyZSB0aGV5IGNhbid0PGJyPiZndDsgcnVuIHRoZWlyIG93biBXRiBl
bmRwb2ludCB3ZSBkb24ndCB5ZXQgaGF2ZSBhIHNvbHV0aW9uLjxicj4mZ3Q7IEF0IHNvbWUgcG9p
bnQgdGhlIGNsaWVudCBtYXkgd2VsbCBiZSBleHBlY3RlZCB0byBrbm93IHNvbWV0aGluZzxicj4m
Z3Q7IGFib3V0IHRoZSBpZGVudGl0eSBpdCBleHBlY3RzIHRvIHVzZSBmb3IgYSBzaXRlLjxicj48
YnI+Q291bGQgeW91IGNsYXJpZnkgJnF1b3Q7dGhlIGlkZW50aXR5IGl0IGV4cGVjdHMgdG8gdXNl
IGZvciBhIHNpdGUmcXVvdDs/PGJyPkknbSBub3Qgc3VyZSBpZiB0aGlzIGlzIHRhbGtpbmcgYWJv
dXQgdGhlIHVzZXIncyBpZGVudGl0eSwgdGhlPGJyPmNsaWVudCBhcHAncyBpZGVudGl0eSBvciB0
aGUgc2l0ZSdzIGlkZW50aXR5Ljxicj48YnI+LS08YnI+SmFtZXMgTWFuZ2VyPGJyPjxicj48YnI+
PG86cD48L286cD48L3NwYW4+PC9wPjwvZGl2PjwvZGl2PjwvYmxvY2txdW90ZT48L2Rpdj48L2Rp
dj48L2Rpdj48L2JvZHk+PC9odG1sPg==

--_000_255B9BB34FB7D647A506DC292726F6E114F2E1B9CFWSMSG3153Vsrv_--

From wmills@yahoo-inc.com  Wed May 16 20:06:41 2012
Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AE8E11E8089 for <oauth@ietfa.amsl.com>; Wed, 16 May 2012 20:06:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.25
X-Spam-Level: 
X-Spam-Status: No, score=-17.25 tagged_above=-999 required=5 tests=[AWL=0.348,  BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0v3ndC34esYg for <oauth@ietfa.amsl.com>; Wed, 16 May 2012 20:06:40 -0700 (PDT)
Received: from nm5-vm0.bullet.mail.bf1.yahoo.com (nm5-vm0.bullet.mail.bf1.yahoo.com [98.139.213.150]) by ietfa.amsl.com (Postfix) with SMTP id 1C12711E809C for <oauth@ietf.org>; Wed, 16 May 2012 20:06:33 -0700 (PDT)
Received: from [98.139.212.152] by nm5.bullet.mail.bf1.yahoo.com with NNFMP; 17 May 2012 03:06:32 -0000
Received: from [98.139.212.236] by tm9.bullet.mail.bf1.yahoo.com with NNFMP; 17 May 2012 03:06:32 -0000
Received: from [127.0.0.1] by omp1045.mail.bf1.yahoo.com with NNFMP; 17 May 2012 03:06:32 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 512840.36449.bm@omp1045.mail.bf1.yahoo.com
Received: (qmail 4108 invoked by uid 60001); 17 May 2012 03:06:31 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1337223991; bh=TfwP1AodS1QWi2ThrbR3SrNopVTXwH6AVk4O145VVKY=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=AIF+W/KC/AfHKDVt/IeZWnb09wuu3fW5uY1q5m/u0juLQ7nub6phx6Af8tRfJ4q0EgrUiYLP22J/XO9yXvm3XUK9VOkpud8UbiCSHuHcXLtODTPArXFDiwjURVV5yf2eWUQaSS5uJlmUYvZ1l9RSZICc99T1SLmNklcyHKRJnzQ=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=j1/6GyFqwm3DJH7+zjPL99aeTOTuEK6o5TRvtQuotWcc11Hl2V3tFAfFpEYbBCnlTnIvhnqnxQK0X1KPEtR2FA/7kv6V2TEl7eingYJOmDshp4082uVgmNIu+i4WkSFAr8kTZUCkghyFM1yTHggbLXLFeTYsSZnySw1UNxKSqpI=;
X-YMail-OSG: zPAnBMwVM1mMVLjJsoU6N9j3W7UxESASJJBHwab6ADNxJ9G Apm.917Ib5IxEWlXaEw2vUnbfLqNnNf0sdxyCcPWFZ1DuthXZJkIGEsSEg5y Xeak2FCYkn54YbJuVAEYpqTkmHLUzPocI86V0Q5PCVd21AcRo5_jGDvragAz Uf.PcKf8a8nNbxrmzztJeeT1_V4rJw33l6a14uxd4VaYgz2S3ycueb27x.bq lLkr6K.pM58fUKKF8Eqtj4ELdvn.vd.T5o8crkqUcfNr3vBIu.7cp_Xox1yx gu48mtbdzuS6PuMGIoPoth0xqYNd5zjJjQQKJ0cRUHcn.JtrDzxqnfa3x.mR DyLgss1Fphu9UasL9PC_hyxTrwERnXgVynoU_ziCFj7DkTGslPlO1FvQuvE5 vhsMiM5Dvz5xBCdX_doMiBpwbUD0-
Received: from [99.31.212.42] by web31804.mail.mud.yahoo.com via HTTP; Wed, 16 May 2012 20:06:31 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.118.349524
References: <CA+tG_hWL4H4jkc0ASw-JQSY-akbQ2myv_m3tRm_pXHd8ghU9HA@mail.gmail.com> <1337097864.46559.YahooMailNeo@web31805.mail.mud.yahoo.com> <CA+tG_hUv9vnVxEq02pGtMGT_UnjLSJZyAxN8rvFjsHgDM-ZgxQ@mail.gmail.com> <1337099057.36064.YahooMailNeo@web31812.mail.mud.yahoo.com> <CA+tG_hU-mCp-RpfJBTbW2db0mWste46PMdtK-5N3ucCPpyq2EA@mail.gmail.com> <C341CDE7-246C-4F09-A754-E6AD57D4F03B@ve7jtb.com> <255B9BB34FB7D647A506DC292726F6E114F2E1B22B@WSMSG3153V.srv.dir.telstra.com> <1337148721.1745.YahooMailNeo@web31807.mail.mud.yahoo.com> <255B9BB34FB7D647A506DC292726F6E114F2E1B5CA@WSMSG3153V.srv.dir.telstra.com> <1337178551.57685.YahooMailNeo@web31812.mail.mud.yahoo.com> <255B9BB34FB7D647A506DC292726F6E114F2E1B9CF@WSMSG3153V.srv.dir.telstra.com>
Message-ID: <1337223991.3100.YahooMailNeo@web31804.mail.mud.yahoo.com>
Date: Wed, 16 May 2012 20:06:31 -0700 (PDT)
From: William Mills <wmills@yahoo-inc.com>
To: "Manger, James H" <James.H.Manger@team.telstra.com>, "oauth@ietf.org" <oauth@ietf.org>
In-Reply-To: <255B9BB34FB7D647A506DC292726F6E114F2E1B9CF@WSMSG3153V.srv.dir.telstra.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="835683298-342176410-1337223991=:3100"
Subject: Re: [OAUTH-WG] OAuth Bearer: Response to an unauthenticated request
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills@yahoo-inc.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 May 2012 03:06:41 -0000

--835683298-342176410-1337223991=:3100
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

The problem is not with the auth servers, it's with clients that support pa=
ssword grant.=C2=A0 If they trust info sent to them by a resource server th=
ey will give up the goods.=0A=0A=0A=0A=0A>________________________________=
=0A> From: "Manger, James H" <James.H.Manger@team.telstra.com>=0A>To: Willi=
am Mills <wmills@yahoo-inc.com>; "oauth@ietf.org" <oauth@ietf.org> =0A>Sent=
: Wednesday, May 16, 2012 5:33 PM=0A>Subject: RE: [OAUTH-WG] OAuth Bearer: =
Response to an unauthenticated request=0A> =0A>=0A>> The problem is the pas=
sword grant.=0A>=C2=A0=0A>This doesn=E2=80=99t sound like a good reason to =
ditch AS discovery via an WWW-Authenticate response header. Client apps usi=
ng the password grant are only a subset of OAuth clients, and a specialized=
 subset at that. The spec [draft-ietf-oauth-v2-26#section-4.3] says the =E2=
=80=9Cauthorization server should take special care when enabling this gran=
t type, and only allow it when other flows are not viable=E2=80=9D. Just te=
ll those few =E2=80=9Chighly privileged=E2=80=9D client apps using the pass=
word grant not to use AS discovery via an WWW-Authenticate response if it i=
s a problem (though I=E2=80=99m not sure it is any worse than a resource re=
turning WWW-Authenticate: BASIC ... to trigger the password being sent?).=
=0A>=C2=A0=0A>--=0A>James Manger=0A>=C2=A0=0A>From:William Mills [mailto:wm=
ills@yahoo-inc.com] =0A>Sent: Thursday, 17 May 2012 12:29 AM=0A>To: Manger,=
 James H; oauth@ietf.org=0A>Subject: Re: [OAUTH-WG] OAuth Bearer: Response =
to an unauthenticated request=0A>=C2=A0=0A>The problem is the password gran=
t.=C2=A0 Clients that support it would potentially deliver the username and=
 password without asking the user, or by prompting in the UI itself and not=
 through a web interaction with the AS.=0A>=C2=A0=0A>>=0A>>________________=
________________=0A>>=0A>>From:"Manger, James H" <James.H.Manger@team.telst=
ra.com>=0A>>To: William Mills <wmills@yahoo-inc.com>; "oauth@ietf.org" <oau=
th@ietf.org> =0A>>Sent: Wednesday, May 16, 2012 5:55 AM=0A>>Subject: RE: [O=
AUTH-WG] OAuth Bearer: Response to an unauthenticated request=0A>>=0A>>Bill=
,=0A>>=0A>>>> A WWW-Authenticate response header that identifies an authori=
zation=0A>>>> server (AS) would be a great hypermedia-driven solution.=0A>>=
>> It tells the client app which AS a service trusts.=0A>>>> The client app=
 can then get a token. ...=0A>>=0A>>> Yeah, unfortunately the WWW-Authentic=
ate solution advertising an AS=0A>>> has bad (fatal) security problems.=0A>=
>=0A>>Is phishing the fatal security problem?=0A>>It doesn't sound quite li=
ke "normal" phishing.=0A>>Are there still fatal problems if phishing-resist=
ant=0A>>user authentication mechanisms are used?=0A>>=0A>>I would really ap=
preciate any further explanation=0A>>(or pointers to explanations).=0A>>=0A=
>>> That's the underlying reason/urgency behind a separate services=0A>>> d=
iscovery mechanism.=C2=A0 It's not that we ignored WWW-Authenticate,=0A>>> =
and in fact I'm in process of ripping that mechanism out of a=0A>>> draft I=
'm working on.=0A>>>=0A>>> This is not hard when the protected resource or =
user identifier=0A>>> is in a domain where WebFinger (WF) will work.=0A>>=
=0A>>Is this because we assume a domain controls its webfinger URI,=0A>>but=
 we don't want to assume a domain controls all its other URIs=0A>>(perhaps =
because some will serve user-generated content)?=0A>>=0A>>> The problem com=
es when we have, for example, N email domain names=0A>>> all served by the =
same AS, and you have to discover that way.=0A>>> The solution there may be=
 that you take an indirect path through=0A>>> the MX record (one suggestion=
), determine the domain from that,=0A>>> and do the WF lookup based on the =
MX domain.=0A>>=0A>>This doesn't sound like Sergey=E2=80=99s situation wher=
e the client app=0A>>has made a web request -- so it knows the URI it wants=
.=0A>>=0A>>> For arbitrary webservices running on a domain where they can't=
=0A>>> run their own WF endpoint we don't yet have a solution.=0A>>> At som=
e point the client may well be expected to know something=0A>>> about the i=
dentity it expects to use for a site.=0A>>=0A>>Could you clarify "the ident=
ity it expects to use for a site"?=0A>>I'm not sure if this is talking abou=
t the user's identity, the=0A>>client app's identity or the site's identity=
.=0A>>=0A>>--=0A>>James Manger=0A>>=0A>>=0A>>=0A>=0A>
--835683298-342176410-1337223991=:3100
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html><body><div style=3D"color:#000; background-color:#fff; font-family:Co=
urier New, courier, monaco, monospace, sans-serif;font-size:14pt"><div><spa=
n>The problem is not with the auth servers, it's with clients that support =
password grant.&nbsp; If they trust info sent to them by a resource server =
they will give up the goods.<br></span></div><div><br><blockquote style=3D"=
border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; margin-top: 5px;=
 padding-left: 5px;">  <div style=3D"font-family: Courier New, courier, mon=
aco, monospace, sans-serif; font-size: 14pt;"> <div style=3D"font-family: t=
imes new roman, new york, times, serif; font-size: 12pt;"> <div dir=3D"ltr"=
> <font face=3D"Arial" size=3D"2"> <hr size=3D"1">  <b><span style=3D"font-=
weight:bold;">From:</span></b> "Manger, James H" &lt;James.H.Manger@team.te=
lstra.com&gt;<br> <b><span style=3D"font-weight: bold;">To:</span></b> Will=
iam Mills &lt;wmills@yahoo-inc.com&gt;; "oauth@ietf.org" &lt;oauth@ietf.org=
&gt; <br>
 <b><span style=3D"font-weight: bold;">Sent:</span></b> Wednesday, May 16, =
2012 5:33 PM<br> <b><span style=3D"font-weight: bold;">Subject:</span></b> =
RE: [OAUTH-WG] OAuth Bearer: Response to an unauthenticated request<br> </f=
ont> </div> <br>=0A<div id=3D"yiv201024936"><style><!--=0A#yiv201024936  =
=0A _filtered #yiv201024936 {font-family:"Cambria Math";=0Apanose-1:2 4 5 3=
 5 4 6 3 2 4;}=0A _filtered #yiv201024936 {font-family:Calibri;=0Apanose-1:=
2 15 5 2 2 2 4 3 2 4;}=0A _filtered #yiv201024936 {font-family:Tahoma;=0Apa=
nose-1:2 11 6 4 3 5 4 4 2 4;}=0A#yiv201024936  =0A#yiv201024936 p.yiv201024=
936MsoNormal, #yiv201024936 li.yiv201024936MsoNormal, #yiv201024936 div.yiv=
201024936MsoNormal=0A=09{margin:0cm;=0Amargin-bottom:.0001pt;=0Afont-size:1=
2.0pt;=0Afont-family:"serif";}=0A#yiv201024936 a:link, #yiv201024936 span.y=
iv201024936MsoHyperlink=0A=09{=0Acolor:blue;=0Atext-decoration:underline;}=
=0A#yiv201024936 a:visited, #yiv201024936 span.yiv201024936MsoHyperlinkFoll=
owed=0A=09{=0Acolor:purple;=0Atext-decoration:underline;}=0A#yiv201024936 s=
pan.yiv201024936EmailStyle17=0A=09{=0Afont-family:"sans-serif";=0Acolor:#1F=
497D;}=0A#yiv201024936 .yiv201024936MsoChpDefault=0A=09{=0Afont-size:10.0pt=
;}=0A _filtered #yiv201024936 {=0Amargin:72.0pt 72.0pt 72.0pt 72.0pt;}=0A#y=
iv201024936 div.yiv201024936WordSection1=0A=09{}=0A--></style><div><div cla=
ss=3D"yiv201024936WordSection1"><div class=3D"yiv201024936MsoNormal"><span =
style=3D"font-size:11.0pt;font-family:&quot;sans-serif&quot;;color:#1F497D;=
">&gt; </span><span style=3D"font-size:14.0pt;font-family:&quot;Courier New=
&quot;;color:black;">The problem is the password grant.</span><span style=
=3D"font-size:11.0pt;font-family:&quot;sans-serif&quot;;color:#1F497D;"></s=
pan></div><div class=3D"yiv201024936MsoNormal"><span style=3D"font-size:11.=
0pt;font-family:&quot;sans-serif&quot;;color:#1F497D;"> &nbsp;</span></div>=
<div class=3D"yiv201024936MsoNormal"><span style=3D"font-size:11.0pt;font-f=
amily:&quot;sans-serif&quot;;color:#1F497D;">This doesn=E2=80=99t sound lik=
e a good reason to ditch AS discovery via an WWW-Authenticate response head=
er. Client apps using the password grant are only a subset of OAuth clients=
, and a specialized subset at that. The spec [draft-ietf-oauth-v2-26#sectio=
n-4.3] says the =E2=80=9Cauthorization server should take special care when
 enabling this grant type, and only allow it when other flows are not viabl=
e=E2=80=9D. Just tell those few =E2=80=9Chighly privileged=E2=80=9D client =
apps using the password grant not to use AS discovery via an WWW-Authentica=
te response if it is a problem (though I=E2=80=99m not sure it is any worse=
 than a resource returning WWW-Authenticate: BASIC ... to trigger the passw=
ord being sent?).</span></div><div class=3D"yiv201024936MsoNormal"><span st=
yle=3D"font-size:11.0pt;font-family:&quot;sans-serif&quot;;color:#1F497D;">=
 &nbsp;</span></div><div><div class=3D"yiv201024936MsoNormal"><span style=
=3D"font-size:11.0pt;font-family:&quot;sans-serif&quot;;color:#1F497D;">--<=
/span></div><div class=3D"yiv201024936MsoNormal"><span style=3D"font-size:1=
1.0pt;font-family:&quot;sans-serif&quot;;color:#1F497D;">James Manger</span=
></div></div><div class=3D"yiv201024936MsoNormal"><span style=3D"font-size:=
11.0pt;font-family:&quot;sans-serif&quot;;color:#1F497D;"> &nbsp;</span></d=
iv><div><div
 style=3D"border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm =
0cm;"><div class=3D"yiv201024936MsoNormal"><b><span style=3D"font-size:10.0=
pt;font-family:&quot;sans-serif&quot;;" lang=3D"EN-US">From:</span></b><spa=
n style=3D"font-size:10.0pt;font-family:&quot;sans-serif&quot;;" lang=3D"EN=
-US"> William Mills [mailto:wmills@yahoo-inc.com] <br><b>Sent:</b> Thursday=
, 17 May 2012 12:29 AM<br><b>To:</b> Manger, James H; oauth@ietf.org<br><b>=
Subject:</b> Re: [OAUTH-WG] OAuth Bearer: Response to an unauthenticated re=
quest</span></div></div></div><div class=3D"yiv201024936MsoNormal"> &nbsp;<=
/div><div><div><div class=3D"yiv201024936MsoNormal" style=3D"background:whi=
te;"><span style=3D"font-size:14.0pt;font-family:&quot;Courier New&quot;;co=
lor:black;">The problem is the password grant.&nbsp; Clients that support i=
t would potentially deliver the username and password without asking the us=
er, or by prompting in the UI itself and not through a web interaction with=
 the
 AS.</span></div></div><div><blockquote style=3D"border:none;border-left:so=
lid #1010FF 1.5pt;padding:0cm 0cm 0cm 4.0pt;margin-left:3.75pt;margin-top:3=
.75pt;margin-bottom:5.0pt;"><div class=3D"yiv201024936MsoNormal" style=3D"b=
ackground:white;"><span style=3D"font-size:14.0pt;font-family:&quot;Courier=
 New&quot;;color:black;"> &nbsp;</span></div><div><div><div><div class=3D"y=
iv201024936MsoNormal" style=3D"text-align:center;background:white;" align=
=3D"center"><span style=3D"font-size:10.0pt;font-family:&quot;sans-serif&qu=
ot;;color:black;"><hr align=3D"center" size=3D"1" width=3D"100%"></span></d=
iv><div class=3D"yiv201024936MsoNormal" style=3D"background:white;"><b><spa=
n style=3D"font-size:10.0pt;font-family:&quot;sans-serif&quot;;color:black;=
">From:</span></b><span style=3D"font-size:10.0pt;font-family:&quot;sans-se=
rif&quot;;color:black;"> "Manger, James H" &lt;James.H.Manger@team.telstra.=
com&gt;<br><b>To:</b> William Mills &lt;wmills@yahoo-inc.com&gt;; "oauth@ie=
tf.org"
 &lt;oauth@ietf.org&gt; <br><b>Sent:</b> Wednesday, May 16, 2012 5:55 AM<br=
><b>Subject:</b> RE: [OAUTH-WG] OAuth Bearer: Response to an unauthenticate=
d request</span><span style=3D"color:black;"></span></div></div><div class=
=3D"yiv201024936MsoNormal" style=3D"margin-bottom:12.0pt;background:white;"=
><span style=3D"color:black;"><br>Bill,<br><br>&gt;&gt; A WWW-Authenticate =
response header that identifies an authorization<br>&gt;&gt; server (AS) wo=
uld be a great hypermedia-driven solution.<br>&gt;&gt; It tells the client =
app which AS a service trusts.<br>&gt;&gt; The client app can then get a to=
ken. ...<br><br>&gt; Yeah, unfortunately the WWW-Authenticate solution adve=
rtising an AS<br>&gt; has bad (fatal) security problems.<br><br>Is phishing=
 the fatal security problem?<br>It doesn't sound quite like "normal" phishi=
ng.<br>Are there still fatal problems if phishing-resistant<br>user authent=
ication mechanisms are used?<br><br>I would really appreciate any further
 explanation<br>(or pointers to explanations).<br><br>&gt; That's the under=
lying reason/urgency behind a separate services<br>&gt; discovery mechanism=
.&nbsp; It's not that we ignored WWW-Authenticate,<br>&gt; and in fact I'm =
in process of ripping that mechanism out of a<br>&gt; draft I'm working on.=
<br>&gt;<br>&gt; This is not hard when the protected resource or user ident=
ifier<br>&gt; is in a domain where WebFinger (WF) will work.<br><br>Is this=
 because we assume a domain controls its webfinger URI,<br>but we don't wan=
t to assume a domain controls all its other URIs<br>(perhaps because some w=
ill serve user-generated content)?<br><br>&gt; The problem comes when we ha=
ve, for example, N email domain names<br>&gt; all served by the same AS, an=
d you have to discover that way.<br>&gt; The solution there may be that you=
 take an indirect path through<br>&gt; the MX record (one suggestion), dete=
rmine the domain from that,<br>&gt; and do the WF lookup based on
 the MX domain.<br><br>This doesn't sound like Sergey=E2=80=99s situation w=
here the client app<br>has made a web request -- so it knows the URI it wan=
ts.<br><br>&gt; For arbitrary webservices running on a domain where they ca=
n't<br>&gt; run their own WF endpoint we don't yet have a solution.<br>&gt;=
 At some point the client may well be expected to know something<br>&gt; ab=
out the identity it expects to use for a site.<br><br>Could you clarify "th=
e identity it expects to use for a site"?<br>I'm not sure if this is talkin=
g about the user's identity, the<br>client app's identity or the site's ide=
ntity.<br><br>--<br>James Manger<br><br><br></span></div></div></div></bloc=
kquote></div></div></div></div></div><br><br> </div> </div> </blockquote></=
div>   </div></body></html>
--835683298-342176410-1337223991=:3100--

From ve7jtb@ve7jtb.com  Thu May 17 09:52:16 2012
Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28DDE21F86AA for <oauth@ietfa.amsl.com>; Thu, 17 May 2012 09:52:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.531
X-Spam-Level: 
X-Spam-Status: No, score=-3.531 tagged_above=-999 required=5 tests=[AWL=0.068,  BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2+LhcregQNf0 for <oauth@ietfa.amsl.com>; Thu, 17 May 2012 09:52:15 -0700 (PDT)
Received: from mail-gg0-f172.google.com (mail-gg0-f172.google.com [209.85.161.172]) by ietfa.amsl.com (Postfix) with ESMTP id 630F821F86A6 for <oauth@ietf.org>; Thu, 17 May 2012 09:52:08 -0700 (PDT)
Received: by ggnc4 with SMTP id c4so2371421ggn.31 for <oauth@ietf.org>; Thu, 17 May 2012 09:52:08 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=from:content-type:subject:date:message-id:to:mime-version:x-mailer :x-gm-message-state; bh=RTZlg+OBGqzm/ENd9HX+dXSSCqMchniUivegm2Sy3ok=; b=h+C8+aFGMpzzvZkGAGW0LNYrCw+j8uv0mWqNoLutit6F+QOv+kf2wGimA8EVmQ9yKo avVq/KFJj2VBu6+2oodjmA+XfWTh3T+jOZ9XXSeb93u4tDBhg54d5wh2VqK1fVbqZZOS OYti++sDYGr7tsB+4k8/PVN5hivfaViMXZPecWzhXNzIa0AgzFtGESL9VGn68+ksLtOO BWXjq+11rriY+JpT8SVKOJ5vX0jWBQKoGI4oflF9JqiGuhoKJA29zWwh9EQkyZT36iRD ZGxU4gzIyrhDxXaWck7/Z9DPnYp/qvuff2mnbzZOepHSVH6DIuqmxb8/4+Wg66JtL3BC mfiQ==
Received: by 10.236.177.1 with SMTP id c1mr8743318yhm.41.1337273528401; Thu, 17 May 2012 09:52:08 -0700 (PDT)
Received: from [192.168.1.213] (190-20-26-206.baf.movistar.cl. [190.20.26.206]) by mx.google.com with ESMTPS id r1sm11318973anj.16.2012.05.17.09.52.05 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 17 May 2012 09:52:06 -0700 (PDT)
From: John Bradley <ve7jtb@ve7jtb.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_29A3FC0D-9AF1-4611-9811-3FFD65C85477"; protocol="application/pkcs7-signature"; micalg=sha1
Date: Thu, 17 May 2012 12:51:58 -0400
Message-Id: <ED3DAA8B-FDDE-4635-BF69-0147E0B17790@ve7jtb.com>
To: "oauth@ietf.org WG" <oauth@ietf.org>
Mime-Version: 1.0 (Apple Message framework v1278)
X-Mailer: Apple Mail (2.1278)
X-Gm-Message-State: ALoCoQlDO/+mEX+bsrvaszTmFBgcxd5CSBqUUkjuV9dph9Q0zOFStwSlXOT0X6FTQzE1t1Ha8OM5
Subject: [OAUTH-WG] nit
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 May 2012 16:52:16 -0000

--Apple-Mail=_29A3FC0D-9AF1-4611-9811-3FFD65C85477
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii


Just noticed an extra "and" in Draft 26

Sec 4.1.3
redirect_uri
         REQUIRED, if the "redirect_uri" parameter was included in the
         authorization request as described in Section 4.1.1,=20
         and their values MUST be identical.



Eliminating the and would be better. =20
It would also be clearer if broken up into separate statements.

redirect_uri
         REQUIRED, if the "redirect_uri" parameter was included in the
         authorization request as described in Section 4.1.1. The
         value MUST be identical to the value of the "redirect_uri"=20
         parameter that was included in the authorization request.

I had someone ask for clarification on what that was trying to say, so =
thought I would mention it.

John B.


--Apple-Mail=_29A3FC0D-9AF1-4611-9811-3FFD65C85477
Content-Disposition: attachment;
	filename=smime.p7s
Content-Type: application/pkcs7-signature;
	name=smime.p7s
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIPnzCCB7Uw
ggadoAMCAQICAh5cMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3Rh
cnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4
MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0Ew
HhcNMTIwMzE4MDQzMjQ4WhcNMTQwMzE5MTEwNzMyWjCBmzEZMBcGA1UEDRMQR3JUTTZMUzdYMzU3
NzhzOTELMAkGA1UEBhMCQ0wxIjAgBgNVBAgTGU1ldHJvcG9saXRhbmEgZGUgU2FudGlhZ28xFjAU
BgNVBAcTDUlzbGEgZGUgTWFpcG8xFTATBgNVBAMTDEpvaG4gQnJhZGxleTEeMBwGCSqGSIb3DQEJ
ARYPamJyYWRsZXlAbWUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskrlBI93
rBTLOQGSwIT6co6dAw/rwDPrRXl6/F2oc4KDn+QN6CdFeHo08H846VJS9CDjLKvnK9jbxxs4wYqe
nKdPb3jgzt8oc7b9ZXtWkOgsxgMf6dBZ/IPm4lWBpCbSr3seDGDXEpiE2lTZXno7c25OguR4E6Qa
hcpHABZjeEWK65mMH25gmoRf5MY1k3quu5y+FCYCHE2iwU5jzq+mI3HmG59+UMFLx1fjV+zTslRw
26cQDC/uepwjeYSp8S26hfWipVWwQj4js/C7RoPtvt2iyeU+LSH81jG4wlAWntiOG1WtoXUuXWSc
ExhciKeKWCnemy9qqmxRfJqBROeGlQIDAQABo4IEDjCCBAowCQYDVR0TBAIwADALBgNVHQ8EBAMC
BLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBQ/A7/CxKEnzpqmZlLz
9iaQMy24eTAfBgNVHSMEGDAWgBSuVYNv7DHKufcd+q9rMfPIHeOsuzB+BgNVHREEdzB1gQ9qYnJh
ZGxleUBtZS5jb22BD2picmFkbGV5QG1lLmNvbYEQamJyYWRsZXlAbWFjLmNvbYERdmU3anRiQHZl
N2p0Yi5jb22BE2picmFkbGV5QHdpbmdhYS5jb22BF2pvaG4uYnJhZGxleUB3aW5nYWEuY29tMIIC
IQYDVR0gBIICGDCCAhQwggIQBgsrBgEEAYG1NwECAjCCAf8wLgYIKwYBBQUHAgEWImh0dHA6Ly93
d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3RhcnRz
c2wuY29tL2ludGVybWVkaWF0ZS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1ZWQgYWNj
b3JkaW5nIHRvIHRoZSBDbGFzcyAyIFZhbGlkYXRpb24gcmVxdWlyZW1lbnRzIG9mIHRoZSBTdGFy
dENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9yIHRoZSBpbnRlbmRlZCBwdXJwb3NlIGlu
IGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlpbmcgcGFydHkgb2JsaWdhdGlvbnMuMIGcBggrBgEFBQcC
AjCBjzAnFiBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgECGmRMaWFiaWxpdHkg
YW5kIHdhcnJhbnRpZXMgYXJlIGxpbWl0ZWQhIFNlZSBzZWN0aW9uICJMZWdhbCBhbmQgTGltaXRh
dGlvbnMiIG9mIHRoZSBTdGFydENvbSBDQSBwb2xpY3kuMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6
Ly9jcmwuc3RhcnRzc2wuY29tL2NydHUyLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8wOQYIKwYB
BQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MyL2NsaWVudC9jYTBCBggr
BgEFBQcwAoY2aHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNzMi5jbGllbnQu
Y2EuY3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQUF
AAOCAQEAEcfD4PmHrX+W3zaP/KsR4gwLAL0UTaMz14SIng6a9F3kb8ZDbTUneS9ubgpqeJQP2IFc
0U5gQnJ3XeCH6p9I88mvm1NqKQw8WvfglS0aIS19vfpTgXJSPdIO2JJPRqaBtXf3zkdXJwckX9/d
NMrLGeGvaFT9fUNdQdHU4BI1pVUpgKr796T7LTc/ERfH8iFp1+CmdVkJ6Y2iJdWUp4h17XmbxbIT
0CdS4SSk/VW8LFsn/mVz6hB73VthwjGsIku54Wp4pRuq1KX+pATnRk3pHRa1z3mxJMmq7OEXENcC
Vm+bAnyUrYbUilNS9UVTYS8/3dVsKiNupBaOZO+vOgJqVDCCB+IwggXKoAMCAQICAQ4wDQYJKoZI
hvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT
IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDI1NFoXDTEyMTAyMjIxMDI1NFowgYwx
CzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGln
aXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAyIFByaW1h
cnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMsohUWcASz7GfKrpTOMKqANy9BV7V0igWdGxA8IU77L3aTxErQ+fcxtDYZ36Z6GH0YFn7fq5RAD
teP0AYzrCA+EQTfi8q1+kA3m0nwtwXG94M5sIqsvs7lRP1aycBke/s5g9hJHryZ2acScnzczjBCA
o7X1v5G3yw8MDP2m2RCye0KfgZ4nODerZJVzhAlOD9YejvAXZqHksw56HzElVIoYSZ3q4+RJuPXX
fIoyby+Y2m1E+YzX5iCZXBx05gk6MKAW1vaw4/v2OOLy6FZH3XHHtOkzUreG//CsFnB9+uaYSlR6
5cdGzTsmoIK8WH1ygoXhRBm98SD7Hf/r3FELNvUCAwEAAaOCA1swggNXMAwGA1UdEwQFMAMBAf8w
CwYDVR0PBAQDAgGmMB0GA1UdDgQWBBSuVYNv7DHKufcd+q9rMfPIHeOsuzCBqAYDVR0jBIGgMIGd
gBROC+8apEBbpRdphzDKNGhD0EGu8qGBgaR/MH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFy
dENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkw
JwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBATAJBgNVHRIEAjAAMD0G
CCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAoYhaHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2Eu
Y3J0MGAGA1UdHwRZMFcwLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwu
Y3JsMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwggFdBgNVHSAEggFU
MIIBUDCCAUwGCysGAQQBgbU3AQEEMIIBOzAvBggrBgEFBQcCARYjaHR0cDovL2NlcnQuc3RhcnRj
b20ub3JnL3BvbGljeS5wZGYwNQYIKwYBBQUHAgEWKWh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9p
bnRlcm1lZGlhdGUucGRmMIHQBggrBgEFBQcCAjCBwzAnFiBTdGFydCBDb21tZXJjaWFsIChTdGFy
dENvbSkgTHRkLjADAgEBGoGXTGltaXRlZCBMaWFiaWxpdHksIHJlYWQgdGhlIHNlY3Rpb24gKkxl
Z2FsIExpbWl0YXRpb25zKiBvZiB0aGUgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
UG9saWN5IGF2YWlsYWJsZSBhdCBodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvcG9saWN5LnBkZjAR
BglghkgBhvhCAQEEBAMCAAcwUAYJYIZIAYb4QgENBEMWQVN0YXJ0Q29tIENsYXNzIDIgUHJpbWFy
eSBJbnRlcm1lZGlhdGUgRnJlZSBTU0wgRW1haWwgQ2VydGlmaWNhdGVzMA0GCSqGSIb3DQEBBQUA
A4ICAQAe9xAX/vbphHkvkDdNrslXWdO7fD3JaqnTT3jmmDu55r7UpW1H/v/J40UBXsw9DKU8TylE
4RwZT5HDAMW42f1x498AzM4FOnL/pUTTvr6BiRlrify5ZovkDYVWjy1GYTJ+hPiBEv0HmHnDxjhn
JIIkEvJ+niMHLLEdpNMhZnxMiTFRAtIF4WeYcpgXBjAxsEDRKBvw40K+r3N4lykySQNp2ElIJ8H1
z2BmhxtppUdWpOVJ4Q1Gvn9jfV1qnMhFCDY+X1X8DrkKrTcpDExcGlefweQs7+DYUK3spiQkJpN7
qpPYlfy2GYHedv7lGa1ZAghMI/4882QVAK2zq6M60nHpOUMtYD61XtAs3ZD5L3yn9LCdeK2j4ZbQ
3uRdwvxAMFWwXyUK/ALP4lCu9QhxbnETOkBWT3FJul4/FUgzM0RRCEGhuQWiOFSoa35XJTcYf/4E
/ZuvOXhK04nUpe7DYTMWzRqL04yyoJQVHKHKSboytueydKuqFZKdJA9gi77OnPBYL/yxkXGgkLC9
tsi77oT4AgZry0/6lgX56ak+f/umQihNPgtKSQQjEYq9S8MlOHzpUM0vxsghATYsdUPBw6r6ZxDH
jXoUAD03DUMEbKsWvqFB7nJNVesngbu8miw1EYLA+fHfTaCidoV3CL75jKqM/KE87qrh9Fqti9bK
qnkvpTGCA2wwggNoAgEBMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk
LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMv
U3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMAkGBSsO
AwIaBQCgggGtMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEyMDUx
NzE2NTE1OVowIwYJKoZIhvcNAQkEMRYEFGPkdV6fCov/XLwsXeno+K4u6UFUMIGkBgkrBgEEAYI3
EAQxgZYwgZMwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQL
EyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBD
bGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQICHlwwgaYGCyqGSIb3DQEJEAIL
MYGWoIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xh
c3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh5cMA0GCSqGSIb3DQEBAQUABIIB
AFhFdQ4o4+jBnB6/HTqPCIAZDhhzJ/3JTzu3mZcGXsnEIFM2xE0cP84vczXJ9QkYsvR090nlNpES
1kLfCKZ45BUYxcrzs8aXtpmOeWCfSqwpTMUvNkcEbFQ3xArSItdSEIUTLIGE6LmmRGAmZxNZN55c
52hcO0pxd9BbMoCAbSisrX1cTjyLBurlFXN+PoEsi8GZn9efTBDI2ucXfigS/ACXu1/OC690koH8
8JBb/TYk83X1XQFjdyeToHC0wtw/eiE89f9gXjBrbiZKoqju5IbWJsw0Fbzg8O0loVqVlYb6f4Qi
Qz7kUQdueyJje7OtE5iShsF2+59CGkuL1KE3jw8AAAAAAAA=

--Apple-Mail=_29A3FC0D-9AF1-4611-9811-3FFD65C85477--

From Michael.Jones@microsoft.com  Thu May 17 15:11:20 2012
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58D7E21F87CB for <oauth@ietfa.amsl.com>; Thu, 17 May 2012 15:11:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.91
X-Spam-Level: 
X-Spam-Status: No, score=-3.91 tagged_above=-999 required=5 tests=[AWL=-0.312,  BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uzyE1DFNeAln for <oauth@ietfa.amsl.com>; Thu, 17 May 2012 15:11:19 -0700 (PDT)
Received: from ch1outboundpool.messaging.microsoft.com (ch1ehsobe003.messaging.microsoft.com [216.32.181.183]) by ietfa.amsl.com (Postfix) with ESMTP id 7B11021F87E0 for <oauth@ietf.org>; Thu, 17 May 2012 15:11:19 -0700 (PDT)
Received: from mail57-ch1-R.bigfish.com (10.43.68.250) by CH1EHSOBE017.bigfish.com (10.43.70.67) with Microsoft SMTP Server id 14.1.225.23; Thu, 17 May 2012 22:11:10 +0000
Received: from mail57-ch1 (localhost [127.0.0.1])	by mail57-ch1-R.bigfish.com (Postfix) with ESMTP id D1C5EE025A; Thu, 17 May 2012 22:11:10 +0000 (UTC)
X-SpamScore: 0
X-BigFish: VS0(zzc85fhzz1202hzz8275bh8275dhz2fh2a8h668h839hd25hf0ah)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC101.redmond.corp.microsoft.com; RD:none; EFVD:NLI
Received-SPF: pass (mail57-ch1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14MLTC101.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail57-ch1 (localhost.localdomain [127.0.0.1]) by mail57-ch1 (MessageSwitch) id 1337292668527839_5789; Thu, 17 May 2012 22:11:08 +0000 (UTC)
Received: from CH1EHSMHS018.bigfish.com (snatpool3.int.messaging.microsoft.com [10.43.68.226])	by mail57-ch1.bigfish.com (Postfix) with ESMTP id 7280F100057;	Thu, 17 May 2012 22:11:08 +0000 (UTC)
Received: from TK5EX14MLTC101.redmond.corp.microsoft.com (131.107.125.8) by CH1EHSMHS018.bigfish.com (10.43.70.18) with Microsoft SMTP Server (TLS) id 14.1.225.23; Thu, 17 May 2012 22:11:07 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.189]) by TK5EX14MLTC101.redmond.corp.microsoft.com ([157.54.79.178]) with mapi id 14.02.0298.005; Thu, 17 May 2012 22:11:13 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: FYI - Text resolving DISCUSS issue about Bearer URI Query Parameter method
Thread-Index: Ac00efYUfRXj86CaR5e2v90Td0g/OQ==
Date: Thu, 17 May 2012 22:11:12 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739436650C7FA@TK5EX14MBXC284.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.70]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739436650C7FATK5EX14MBXC284r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: Mark Nottingham <mnot@mnot.net>
Subject: [OAUTH-WG] FYI - Text resolving DISCUSS issue about Bearer URI Query Parameter method
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 May 2012 22:11:20 -0000

--_000_4E1F6AAD24975D4BA5B16804296739436650C7FATK5EX14MBXC284r_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Dear working group members:



I'm going through the remaining open issues that have been raised about the=
 Bearer spec so as to be ready to publish an updated draft once the outstan=
ding consensus call issues are resolved.

This DISCUSS had been raised about the URI Query Parameter method:


   * Section 2.3 URI Query Parameter



   This section effectively reserves a URI query parameter for the

    draft's use. This should not be done lightly, since this would be a

    precedent for the IETF encroaching upon a server's URIs (done

    previously in RFC5785, but in a much more limited fashion, as a

    tactic to prevent further, uncontrolled encroachment).



   Given that the draft already discourages the use of this mechanism,

    I'd recommend dropping it altogether. If the Working Group wishes it

    to remain, this issues should be vetted both through the APPS area

    and the W3C liaison.

I wanted to let you know that the agreed-upon resolution to this issue is t=
o add the following text to the URI Query Parameter section:


    This method is included to document current use; its use is

    NOT RECOMMENDED, both due to its security deficiencies (see

    Security Considerations) and because it uses a reserved query

    parameter name, which is counter to URI namespace best

    practices [W3C TAG WebArch].

The reference above is to http://www.w3.org/TR/webarch/.

Thanks to Mark Nottingham, Stephen Farrell, Pete Resnick, and Dick Hardt fo=
r helping us get to this resolution.

                                                                Cheers,
                                                                -- Mike


--_000_4E1F6AAD24975D4BA5B16804296739436650C7FATK5EX14MBXC284r_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
	{mso-style-priority:99;
	mso-style-link:"Plain Text Char";
	margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
span.PlainTextChar
	{mso-style-name:"Plain Text Char";
	mso-style-priority:99;
	mso-style-link:"Plain Text";
	font-family:"Calibri","sans-serif";}
.MsoChpDefault
	{mso-style-type:export-only;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoPlainText">Dear working group members:<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">I'm going through the remaining open issues that =
have been raised about the Bearer spec so as to be ready to publish an upda=
ted draft once the outstanding consensus call issues are resolved.<o:p></o:=
p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">This DISCUSS had been raised about the URI Query Par=
ameter method:<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">&nbsp;&nbsp;&nbsp;* Section 2.3 URI Query Paramet=
er<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">&nbsp;&nbsp;&nbsp;This section effectively reserv=
es a URI query parameter for the
<o:p></o:p></p>
<p class=3D"MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;draft's use. This should =
not be done lightly, since this would be a
<o:p></o:p></p>
<p class=3D"MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;precedent for the IETF en=
croaching upon a server's URIs (done
<o:p></o:p></p>
<p class=3D"MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;previously in RFC5785, bu=
t in a much more limited fashion, as a
<o:p></o:p></p>
<p class=3D"MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;tactic to prevent further=
, uncontrolled encroachment).<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">&nbsp;&nbsp;&nbsp;Given that the draft already di=
scourages the use of this mechanism,
<o:p></o:p></p>
<p class=3D"MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;I'd recommend dropping it=
 altogether. If the Working Group wishes it
<o:p></o:p></p>
<p class=3D"MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;to remain, this issues sh=
ould be vetted both through the APPS area
<o:p></o:p></p>
<p class=3D"MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;and the W3C liaison.<o:p>=
</o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">I wanted to let you know that the agreed-upon resolu=
tion to this issue is to add the following text to the URI Query Parameter =
section:<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText"><span style=3D"color:#953735;mso-style-textfill-f=
ill-color:#953735;mso-style-textfill-fill-alpha:100.0%">&nbsp;&nbsp; &nbsp;=
This method is included to document current use; its use is<o:p></o:p></spa=
n></p>
<p class=3D"MsoPlainText"><span style=3D"color:#953735;mso-style-textfill-f=
ill-color:#953735;mso-style-textfill-fill-alpha:100.0%">&nbsp;&nbsp;&nbsp; =
NOT RECOMMENDED, both due to its security deficiencies (see<o:p></o:p></spa=
n></p>
<p class=3D"MsoPlainText"><span style=3D"color:#953735;mso-style-textfill-f=
ill-color:#953735;mso-style-textfill-fill-alpha:100.0%">&nbsp;&nbsp;&nbsp; =
Security Considerations) and because it uses a reserved query<o:p></o:p></s=
pan></p>
<p class=3D"MsoPlainText"><span style=3D"color:#953735;mso-style-textfill-f=
ill-color:#953735;mso-style-textfill-fill-alpha:100.0%">&nbsp;&nbsp; &nbsp;=
parameter name, which is counter to URI namespace best<o:p></o:p></span></p=
>
<p class=3D"MsoPlainText"><span style=3D"color:#953735;mso-style-textfill-f=
ill-color:#953735;mso-style-textfill-fill-alpha:100.0%">&nbsp;&nbsp;&nbsp; =
practices [W3C TAG WebArch].<o:p></o:p></span></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">The reference above is to http://www.w3.org/TR/webar=
ch/.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Thanks to Mark Nottingham, Stephen Farrell, Pete Res=
nick, and Dick Hardt for helping us get to this resolution.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp; Cheers,<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp; -- Mike<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
</body>
</html>

--_000_4E1F6AAD24975D4BA5B16804296739436650C7FATK5EX14MBXC284r_--

From Michael.Jones@microsoft.com  Thu May 17 15:12:31 2012
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9297F21F85D1 for <oauth@ietfa.amsl.com>; Thu, 17 May 2012 15:12:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.906
X-Spam-Level: 
X-Spam-Status: No, score=-3.906 tagged_above=-999 required=5 tests=[AWL=-0.308, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ywggpGuT98WQ for <oauth@ietfa.amsl.com>; Thu, 17 May 2012 15:12:30 -0700 (PDT)
Received: from db3outboundpool.messaging.microsoft.com (db3ehsobe002.messaging.microsoft.com [213.199.154.140]) by ietfa.amsl.com (Postfix) with ESMTP id A291A21F85E3 for <oauth@ietf.org>; Thu, 17 May 2012 15:12:29 -0700 (PDT)
Received: from mail68-db3-R.bigfish.com (10.3.81.252) by DB3EHSOBE005.bigfish.com (10.3.84.25) with Microsoft SMTP Server id 14.1.225.23; Thu, 17 May 2012 22:12:20 +0000
Received: from mail68-db3 (localhost [127.0.0.1])	by mail68-db3-R.bigfish.com (Postfix) with ESMTP id 7FA47E0617; Thu, 17 May 2012 22:12:20 +0000 (UTC)
X-SpamScore: -44
X-BigFish: VS-44(zzbb2dI9371I936eKc85fh542Mdf9M1432N98dKzz1202hzz1033IL8275bh8275dhz2fh2a8h668h839hd25hf0ah)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC102.redmond.corp.microsoft.com; RD:none; EFVD:NLI
Received-SPF: pass (mail68-db3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC102.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail68-db3 (localhost.localdomain [127.0.0.1]) by mail68-db3 (MessageSwitch) id 1337292737879915_24598; Thu, 17 May 2012 22:12:17 +0000 (UTC)
Received: from DB3EHSMHS011.bigfish.com (unknown [10.3.81.226])	by mail68-db3.bigfish.com (Postfix) with ESMTP id D00BB400064; Thu, 17 May 2012 22:12:17 +0000 (UTC)
Received: from TK5EX14HUBC102.redmond.corp.microsoft.com (131.107.125.8) by DB3EHSMHS011.bigfish.com (10.3.87.111) with Microsoft SMTP Server (TLS) id 14.1.225.23; Thu, 17 May 2012 22:12:16 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.189]) by TK5EX14HUBC102.redmond.corp.microsoft.com ([157.54.7.154]) with mapi id 14.02.0298.005; Thu, 17 May 2012 22:12:13 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: Cache-Control headers for Bearer URI Query Parameter method
Thread-Index: Ac00ehInJP4tPakhRcSaiMWKDZ7bSQ==
Date: Thu, 17 May 2012 22:12:11 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739436650C821@TK5EX14MBXC284.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.70]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739436650C821TK5EX14MBXC284r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Subject: [OAUTH-WG] Cache-Control headers for Bearer URI Query Parameter method
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 May 2012 22:12:31 -0000

--_000_4E1F6AAD24975D4BA5B16804296739436650C821TK5EX14MBXC284r_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Dear working group members:



I'm going through the remaining open issues that have been raised about the=
 Bearer spec so as to be ready to publish an updated draft once the outstan=
ding consensus call issues are resolved.



Amos Jeffries had cited this requirement in the HTTPbis spec ( http://tools=
.ietf.org/html/draft-ietf-httpbis-p7-auth-19#section-2.3.1):



   o  The credentials carried in an Authorization header field are

      specific to the User Agent, and therefore have the same effect on

      HTTP caches as the "private" Cache-Control response directive,

      within the scope of the request they appear in.



      Therefore, new authentication schemes which choose not to carry

      credentials in the Authorization header (e.g., using a newly

      defined header) will need to explicitly disallow caching, by

      mandating the use of either Cache-Control request directives

      (e.g., "no-store") or response directives (e.g., "private").



I propose to add the following text in order to satisfy this requirement.  =
I have changed Amos' MUSTs to SHOULDs because, in practice, applications th=
at have no option but to use the URI Query Parameter method are likely to a=
lso not have control over the request's Cache-Control directives (just as t=
hey do not have the ability to use an "Authorization: Bearer" header value)=
:



    Clients using the URI Query Parameter method SHOULD also send a

    Cache-Control header containing the "no-store" option.  Server success

    (2XX status) responses to these requests SHOULD contain a Cache-Control

    header with the "private" option.



Comments?



                                                                -- Mike



-----Original Message-----
From: Amos Jeffries [mailto:squid3@treenet.co.nz]
Sent: Monday, April 23, 2012 10:13 PM
To: Mike Jones
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-bearer-19.txt



On 24/04/2012 4:33 p.m., Mike Jones wrote:

> What specific language would you suggest be added to what section(s)?

>

>                                                             -- Mike





Perhapse the last paragraph appended:

"



    Because of the security weaknesses associated with the URI method

    (see Section 5), including the high likelihood that the URL

    containing the access token will be logged, it SHOULD NOT be used

    unless it is impossible to transport the access token in the

    "Authorization" request header field or the HTTP request entity-body.

    Resource servers compliant with this specification MAY support this

    method.



    Clients requesting URL containing the access token MUST also send a

    Cache-Control header containing the "no-store" option. Server success

    (2xx status) responses to these requests MUST contain a Cache-Control

    header with the "private" option.



"



I'm a little suspicious that the "SHOUDL NOT" in that top paragraph likely =
should be a MUST NOT to further discourage needless use.





AYJ





>

> -----Original Message-----

> From: oauth-bounces@ietf.org<mailto:oauth-bounces@ietf.org> On Behalf Of =
Amos Jeffries

> Sent: Monday, April 23, 2012 7:10 PM

> To: oauth@ietf.org<mailto:oauth@ietf.org>

> Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-bearer-19.txt

>

> On 24.04.2012 13:46, internet-drafts@ietf.org<mailto:internet-drafts@ietf=
.org> wrote:

>> A New Internet-Draft is available from the on-line Internet-Drafts

>> directories. This draft is a work item of the Web Authorization

>> Protocol Working Group of the IETF.

>>

>>           Title           : The OAuth 2.0 Authorization Protocol: Bearer

>> Tokens

>>           Author(s)       : Michael B. Jones

>>                            Dick Hardt

>>                            David Recordon

>>           Filename        : draft-ietf-oauth-v2-bearer-19.txt

>>           Pages           : 24

>>           Date            : 2012-04-23

>>

>>     This specification describes how to use bearer tokens in HTTP

>>     requests to access OAuth 2.0 protected resources.  Any party in

>>     possession of a bearer token (a "bearer") can use it to get

>> access to

>>     the associated resources (without demonstrating possession of a

>>     cryptographic key).  To prevent misuse, bearer tokens need to be

>>     protected from disclosure in storage and in transport.

>>

>>

>> A URL for this Internet-Draft is:

>> http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-bearer-19.txt

>

>

> The section 2.3 (URL Query Parameter) text is still lacking explicit and =
specific security requirements. The overarching TLS requirement is good in =
general, but insufficient in the presence of HTTP intermediaries on the TLS=
 connection path as is becoming a common practice.

>

> The upcoming HTTPbis specs document this issue as a requirement for new a=
uth schemes such as Bearer:

>

> http://tools.ietf.org/html/draft-ietf-httpbis-p7-auth-19#section-2.3.1

> "

>         Therefore, new authentication schemes which choose not to carry

>         credentials in the Authorization header (e.g., using a newly

>         defined header) will need to explicitly disallow caching, by

>         mandating the use of either Cache-Control request directives

>         (e.g., "no-store") or response directives (e.g., "private").

> "

>

>

> AYJ

>

> _______________________________________________

> OAuth mailing list

> OAuth@ietf.org<mailto:OAuth@ietf.org>

> https://www.ietf.org/mailman/listinfo/oauth

>

>





--_000_4E1F6AAD24975D4BA5B16804296739436650C821TK5EX14MBXC284r_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
	{mso-style-priority:99;
	mso-style-link:"Plain Text Char";
	margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
	{mso-style-priority:99;
	mso-style-link:"Balloon Text Char";
	margin:0in;
	margin-bottom:.0001pt;
	font-size:8.0pt;
	font-family:"Tahoma","sans-serif";}
span.PlainTextChar
	{mso-style-name:"Plain Text Char";
	mso-style-priority:99;
	mso-style-link:"Plain Text";
	font-family:"Calibri","sans-serif";}
span.BalloonTextChar
	{mso-style-name:"Balloon Text Char";
	mso-style-priority:99;
	mso-style-link:"Balloon Text";
	font-family:"Tahoma","sans-serif";}
.MsoChpDefault
	{mso-style-type:export-only;
	font-family:"Calibri","sans-serif";}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoPlainText">Dear working group members:<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">I'm going through the remaining open issues that =
have been raised about the Bearer spec so as to be ready to publish an upda=
ted draft once the outstanding consensus call issues are resolved.<o:p></o:=
p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">Amos Jeffries had cited this requirement in the H=
TTPbis spec (
<a href=3D"http://tools.ietf.org/html/draft-ietf-httpbis-p7-auth-19#section=
-2.3.1">
http://tools.ietf.org/html/draft-ietf-httpbis-p7-auth-19#section-2.3.1</a>)=
:<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">&nbsp;&nbsp; o&nbsp; The credentials carried in a=
n Authorization header field are<o:p></o:p></p>
<p class=3D"MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; specific to the Us=
er Agent, and therefore have the same effect on<o:p></o:p></p>
<p class=3D"MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; HTTP caches as the=
 &quot;private&quot; Cache-Control response directive,<o:p></o:p></p>
<p class=3D"MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; within the scope o=
f the request they appear in.<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Therefore, new aut=
hentication schemes which choose not to carry<o:p></o:p></p>
<p class=3D"MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; credentials in the=
 Authorization header (e.g., using a newly<o:p></o:p></p>
<p class=3D"MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; defined header) wi=
ll need to explicitly disallow caching, by<o:p></o:p></p>
<p class=3D"MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; mandating the use =
of either Cache-Control request directives<o:p></o:p></p>
<p class=3D"MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (e.g., &quot;no-st=
ore&quot;) or response directives (e.g., &quot;private&quot;).<o:p></o:p></=
p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">I propose to add the following text in order to s=
atisfy this requirement.&nbsp; I have changed Amos' MUSTs to SHOULDs becaus=
e, in practice, applications that have no option but to use the URI Query P=
arameter method are likely to also not
 have control over the request's Cache-Control directives (just as they do =
not have the ability to use an &quot;Authorization: Bearer&quot; header val=
ue):<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText"><span style=3D"color:#953735;mso-style-textfill-f=
ill-color:#953735;mso-style-textfill-fill-alpha:100.0%">&nbsp;&nbsp;&nbsp; =
Clients using the URI Query Parameter method SHOULD also send a<o:p></o:p><=
/span></p>
<p class=3D"MsoPlainText"><span style=3D"color:#953735;mso-style-textfill-f=
ill-color:#953735;mso-style-textfill-fill-alpha:100.0%">&nbsp;&nbsp;&nbsp; =
Cache-Control header containing the &quot;no-store&quot; option. &nbsp;Serv=
er success<o:p></o:p></span></p>
<p class=3D"MsoPlainText"><span style=3D"color:#953735;mso-style-textfill-f=
ill-color:#953735;mso-style-textfill-fill-alpha:100.0%">&nbsp;&nbsp;&nbsp; =
(2XX status) responses to these requests SHOULD contain a Cache-Control<o:p=
></o:p></span></p>
<p class=3D"MsoPlainText"><span style=3D"color:#953735;mso-style-textfill-f=
ill-color:#953735;mso-style-textfill-fill-alpha:100.0%">&nbsp;&nbsp;&nbsp; =
header with the &quot;private&quot; option.<o:p></o:p></span></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">Comments?<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- Mike<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">-----Original Message-----<br>
From: Amos Jeffries [mailto:squid3@treenet.co.nz] <br>
Sent: Monday, April 23, 2012 10:13 PM<br>
To: Mike Jones<br>
Cc: oauth@ietf.org<br>
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-bearer-19.txt</p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">On 24/04/2012 4:33 p.m., Mike Jones wrote:<o:p></=
o:p></p>
<p class=3D"MsoPlainText">&gt; What specific language would you suggest be =
added to what section(s)?<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;<o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; -- Mike<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">Perhapse the last paragraph appended:<o:p></o:p><=
/p>
<p class=3D"MsoPlainText">&quot;<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">&nbsp;&nbsp;&nbsp; Because of the security weakne=
sses associated with the URI method<o:p></o:p></p>
<p class=3D"MsoPlainText">&nbsp;&nbsp;&nbsp; (see Section 5), including the=
 high likelihood that the URL<o:p></o:p></p>
<p class=3D"MsoPlainText">&nbsp;&nbsp;&nbsp; containing the access token wi=
ll be logged, it SHOULD NOT be used<o:p></o:p></p>
<p class=3D"MsoPlainText">&nbsp;&nbsp;&nbsp; unless it is impossible to tra=
nsport the access token in the<o:p></o:p></p>
<p class=3D"MsoPlainText">&nbsp;&nbsp;&nbsp; &quot;Authorization&quot; requ=
est header field or the HTTP request entity-body.<o:p></o:p></p>
<p class=3D"MsoPlainText">&nbsp;&nbsp;&nbsp; Resource servers compliant wit=
h this specification MAY support this<o:p></o:p></p>
<p class=3D"MsoPlainText">&nbsp;&nbsp;&nbsp; method.<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">&nbsp;&nbsp;&nbsp; Clients requesting URL contain=
ing the access token MUST also send a<o:p></o:p></p>
<p class=3D"MsoPlainText">&nbsp;&nbsp;&nbsp; Cache-Control header containin=
g the &quot;no-store&quot; option. Server success<o:p></o:p></p>
<p class=3D"MsoPlainText">&nbsp;&nbsp;&nbsp; (2xx status) responses to thes=
e requests MUST contain a Cache-Control<o:p></o:p></p>
<p class=3D"MsoPlainText">&nbsp;&nbsp;&nbsp; header with the &quot;private&=
quot; option.<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">&quot;<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">I'm a little suspicious that the &quot;SHOUDL NOT=
&quot; in that top paragraph likely should be a MUST NOT to further discour=
age needless use.<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">AYJ<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">&gt;<o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">&gt; -----Original Message-----<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt; From: <a href=3D"mailto:oauth-bounces@ietf.o=
rg"><span style=3D"color:windowtext;text-decoration:none">oauth-bounces@iet=
f.org</span></a> On Behalf Of Amos Jeffries<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt; Sent: Monday, April 23, 2012 7:10 PM<o:p></o=
:p></p>
<p class=3D"MsoPlainText">&gt; To: <a href=3D"mailto:oauth@ietf.org"><span =
style=3D"color:windowtext;text-decoration:none">oauth@ietf.org</span></a><o=
:p></o:p></p>
<p class=3D"MsoPlainText">&gt; Subject: Re: [OAUTH-WG] I-D Action: draft-ie=
tf-oauth-v2-bearer-19.txt<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;<o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">&gt; On 24.04.2012 13:46, <a href=3D"mailto:inter=
net-drafts@ietf.org">
<span style=3D"color:windowtext;text-decoration:none">internet-drafts@ietf.=
org</span></a> wrote:<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&gt; A New Internet-Draft is available from t=
he on-line Internet-Drafts
<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&gt; directories. This draft is a work item o=
f the Web Authorization
<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&gt; Protocol Working Group of the IETF.<o:p>=
</o:p></p>
<p class=3D"MsoPlainText">&gt;&gt;<o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">&gt;&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp; Title&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp; : The OAuth 2.0 Authorization Protocol: Bearer<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&gt; Tokens<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp; Author(s)&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : Michael B. J=
ones<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Dick Hardt<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;David Recordon<o:p></o:p></p=
>
<p class=3D"MsoPlainText">&gt;&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp; Filename&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : draft-i=
etf-oauth-v2-bearer-19.txt<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp; Pages&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp; : 24<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp; Date&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; : 2012-04-23<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&gt;<o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">&gt;&gt;&nbsp;&nbsp;&nbsp;&nbsp; This specificati=
on describes how to use bearer tokens in HTTP<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&gt;&nbsp;&nbsp;&nbsp;&nbsp; requests to acce=
ss OAuth 2.0 protected resources.&nbsp; Any party in<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&gt;&nbsp;&nbsp;&nbsp;&nbsp; possession of a =
bearer token (a &quot;bearer&quot;) can use it to get
<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&gt; access to<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&gt;&nbsp;&nbsp;&nbsp;&nbsp; the associated r=
esources (without demonstrating possession of a<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&gt;&nbsp;&nbsp;&nbsp;&nbsp; cryptographic ke=
y).&nbsp; To prevent misuse, bearer tokens need to be<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&gt;&nbsp;&nbsp;&nbsp;&nbsp; protected from d=
isclosure in storage and in transport.<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&gt;<o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">&gt;&gt;<o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">&gt;&gt; A URL for this Internet-Draft is:<o:p></=
o:p></p>
<p class=3D"MsoPlainText">&gt;&gt; <a href=3D"http://www.ietf.org/internet-=
drafts/draft-ietf-oauth-v2-bearer-19.txt">
<span style=3D"color:windowtext;text-decoration:none">http://www.ietf.org/i=
nternet-drafts/draft-ietf-oauth-v2-bearer-19.txt</span></a><o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;<o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">&gt;<o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">&gt; The section 2.3 (URL Query Parameter) text i=
s still lacking explicit and specific security requirements. The overarchin=
g TLS requirement is good in general, but insufficient in the presence of H=
TTP intermediaries on the TLS connection
 path as is becoming a common practice.<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;<o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">&gt; The upcoming HTTPbis specs document this iss=
ue as a requirement for new auth schemes such as Bearer:<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;<o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">&gt; <a href=3D"http://tools.ietf.org/html/draft-=
ietf-httpbis-p7-auth-19#section-2.3.1">
<span style=3D"color:windowtext;text-decoration:none">http://tools.ietf.org=
/html/draft-ietf-httpbis-p7-auth-19#section-2.3.1</span></a><o:p></o:p></p>
<p class=3D"MsoPlainText">&gt; &quot;<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp; Therefore, new authentication schemes which choose not to carry<o:p></o=
:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp; credentials in the Authorization header (e.g., using a newly<o:p></o:p>=
</p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp; defined header) will need to explicitly disallow caching, by<o:p></o:p>=
</p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp; mandating the use of either Cache-Control request directives<o:p></o:p>=
</p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp; (e.g., &quot;no-store&quot;) or response directives (e.g., &quot;privat=
e&quot;).<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt; &quot;<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;<o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">&gt;<o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">&gt; AYJ<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;<o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">&gt; ____________________________________________=
___<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt; OAuth mailing list<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt; <a href=3D"mailto:OAuth@ietf.org"><span styl=
e=3D"color:windowtext;text-decoration:none">OAuth@ietf.org</span></a><o:p><=
/o:p></p>
<p class=3D"MsoPlainText">&gt; <a href=3D"https://www.ietf.org/mailman/list=
info/oauth"><span style=3D"color:windowtext;text-decoration:none">https://w=
ww.ietf.org/mailman/listinfo/oauth</span></a><o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;<o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">&gt;<o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
</div>
</body>
</html>

--_000_4E1F6AAD24975D4BA5B16804296739436650C821TK5EX14MBXC284r_--

From Michael.Jones@microsoft.com  Thu May 17 15:13:06 2012
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFD8621F85E3 for <oauth@ietfa.amsl.com>; Thu, 17 May 2012 15:13:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.902
X-Spam-Level: 
X-Spam-Status: No, score=-3.902 tagged_above=-999 required=5 tests=[AWL=-0.304, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dY7GtGbKMqkP for <oauth@ietfa.amsl.com>; Thu, 17 May 2012 15:13:05 -0700 (PDT)
Received: from db3outboundpool.messaging.microsoft.com (db3ehsobe002.messaging.microsoft.com [213.199.154.140]) by ietfa.amsl.com (Postfix) with ESMTP id 0F02921F84DF for <oauth@ietf.org>; Thu, 17 May 2012 15:13:05 -0700 (PDT)
Received: from mail22-db3-R.bigfish.com (10.3.81.247) by DB3EHSOBE001.bigfish.com (10.3.84.21) with Microsoft SMTP Server id 14.1.225.23; Thu, 17 May 2012 22:12:55 +0000
Received: from mail22-db3 (localhost [127.0.0.1])	by mail22-db3-R.bigfish.com (Postfix) with ESMTP id E66CE180684	for <oauth@ietf.org>; Thu, 17 May 2012 22:12:55 +0000 (UTC)
X-SpamScore: 0
X-BigFish: VS0(zzc85fhzz1202hzz8275bh8275dhz2fh2a8h668h839hd25hf0ah)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC102.redmond.corp.microsoft.com; RD:none; EFVD:NLI
Received-SPF: pass (mail22-db3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14MLTC102.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail22-db3 (localhost.localdomain [127.0.0.1]) by mail22-db3 (MessageSwitch) id 1337292772802622_17415; Thu, 17 May 2012 22:12:52 +0000 (UTC)
Received: from DB3EHSMHS005.bigfish.com (unknown [10.3.81.232])	by mail22-db3.bigfish.com (Postfix) with ESMTP id BFA802A0052	for <oauth@ietf.org>; Thu, 17 May 2012 22:12:52 +0000 (UTC)
Received: from TK5EX14MLTC102.redmond.corp.microsoft.com (131.107.125.8) by DB3EHSMHS005.bigfish.com (10.3.87.105) with Microsoft SMTP Server (TLS) id 14.1.225.23; Thu, 17 May 2012 22:12:50 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.189]) by TK5EX14MLTC102.redmond.corp.microsoft.com ([157.54.79.180]) with mapi id 14.02.0298.005; Thu, 17 May 2012 22:12:55 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: Bearer specification title
Thread-Index: Ac00ejUK6FrCAsp/SCOriVamR85qbA==
Date: Thu, 17 May 2012 22:12:54 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739436650C848@TK5EX14MBXC284.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.70]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739436650C848TK5EX14MBXC284r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Subject: [OAUTH-WG] Bearer specification title
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 May 2012 22:13:07 -0000

--_000_4E1F6AAD24975D4BA5B16804296739436650C848TK5EX14MBXC284r_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Dear working group members:



I'm going through the remaining open issues that have been raised about the=
 Bearer spec so as to be ready to publish an updated draft once the outstan=
ding consensus call issues are resolved.

Between -25 and -26 of the Core spec, the title was changed from "The OAuth=
 2.0 Authorization Protocol" to "The OAuth 2.0 Authorization Framework".  C=
urrently the Bearer spec's title is: "The OAuth 2.0 Authorization Protocol:=
 Bearer Tokens".  I'm planning to make the parallel change to keep the Bear=
er spec in sync with the Core spec - changing the word "Protocol" to "Frame=
work" in the title.

Also, given the recurring confusion that I believe that is caused by the cu=
rrent title wherein people are under the (false) impression that the Bearer=
 spec defines bearer tokens, rather than defines *how to use* bearer tokens=
, I'm planning to add the word "Usage" to the title.  Thus, the new title w=
ill be:
                The OAuth 2.0 Authorization Framework: Bearer Token Usage

This fits well with the text in the abstract that begins with "This specifi=
cation describes *how to use* bearer tokens".

I don't believe this should be controversial, but I wanted to inform the wo=
rking group of this pending change before it happens.

                                                                Best wishes=
,
                                                                -- Mike


--_000_4E1F6AAD24975D4BA5B16804296739436650C848TK5EX14MBXC284r_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
	{mso-style-priority:99;
	mso-style-link:"Plain Text Char";
	margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
span.PlainTextChar
	{mso-style-name:"Plain Text Char";
	mso-style-priority:99;
	mso-style-link:"Plain Text";
	font-family:"Calibri","sans-serif";}
.MsoChpDefault
	{mso-style-type:export-only;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoPlainText">Dear working group members:<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">I'm going through the remaining open issues that =
have been raised about the Bearer spec so as to be ready to publish an upda=
ted draft once the outstanding consensus call issues are resolved.<o:p></o:=
p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Between -25 and -26 of the Core spec, the title was =
changed from &#8220;The OAuth 2.0 Authorization Protocol&#8221; to &#8220;T=
he OAuth 2.0 Authorization Framework&#8221;.&nbsp; Currently the Bearer spe=
c&#8217;s title is: &#8220;The OAuth 2.0 Authorization Protocol: Bearer Tok=
ens&#8221;.&nbsp;
 I&#8217;m planning to make the parallel change to keep the Bearer spec in =
sync with the Core spec &#8211; changing the word &#8220;Protocol&#8221; to=
 &#8220;Framework&#8221; in the title.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Also, given the recurring confusion that I believe t=
hat is caused by the current title wherein people are under the (false) imp=
ression that the Bearer spec defines bearer tokens, rather than defines *<b=
>how to use</b>* bearer tokens, I&#8217;m
 planning to add the word &#8220;Usage&#8221; to the title.&nbsp; Thus, the=
 new title will be:<o:p></o:p></p>
<p class=3D"MsoNormal"><span style=3D"color:#953735;mso-style-textfill-fill=
-color:#953735;mso-style-textfill-fill-alpha:100.0%">&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; The OA=
uth 2.0 Authorization Framework: Bearer Token Usage<o:p></o:p></span></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">This fits well with the text in the abstract that be=
gins with &#8220;This specification describes *<b>how to use</b>* bearer to=
kens&#8221;.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">I don&#8217;t believe this should be controversial, =
but I wanted to inform the working group of this pending change before it h=
appens.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp; Best wishes,<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp; -- Mike<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
</body>
</html>

--_000_4E1F6AAD24975D4BA5B16804296739436650C848TK5EX14MBXC284r_--

From wmills@yahoo-inc.com  Thu May 17 15:32:58 2012
Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D3AC21F8809 for <oauth@ietfa.amsl.com>; Thu, 17 May 2012 15:32:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.214
X-Spam-Level: 
X-Spam-Status: No, score=-17.214 tagged_above=-999 required=5 tests=[AWL=0.384, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O8a4FXYxiqTK for <oauth@ietfa.amsl.com>; Thu, 17 May 2012 15:32:57 -0700 (PDT)
Received: from nm27.bullet.mail.bf1.yahoo.com (nm27.bullet.mail.bf1.yahoo.com [98.139.212.186]) by ietfa.amsl.com (Postfix) with SMTP id BC3D921F87FD for <oauth@ietf.org>; Thu, 17 May 2012 15:32:56 -0700 (PDT)
Received: from [98.139.215.140] by nm27.bullet.mail.bf1.yahoo.com with NNFMP; 17 May 2012 22:32:56 -0000
Received: from [98.139.212.205] by tm11.bullet.mail.bf1.yahoo.com with NNFMP; 17 May 2012 22:32:56 -0000
Received: from [127.0.0.1] by omp1014.mail.bf1.yahoo.com with NNFMP; 17 May 2012 22:32:56 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 169001.35422.bm@omp1014.mail.bf1.yahoo.com
Received: (qmail 13372 invoked by uid 60001); 17 May 2012 22:32:55 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1337293975; bh=xZShf59q0SAYEjYb/duBw3bEwq99PNuVPwCtrjY8tn8=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=MUWuM+CLPOr7kTYSkJpu/16X6loNaoott4MNfCQww5xC/fXLW78tp0eevlNQpepULyu0XSDd/CmnQU2VjUrl2ETpbgPRbzE1QVrKU+pTCv9DTctDkm2/Wbv0I7KzVxzaLmoe7bxW+r8QU7xTZaTFVmcBvDnSqAZEAWFvkshC18M=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=cscYKzd9jlZmy3mFeZKMqxr8RLuZ2UlBnoxzhGnyJnlmnJFmH8i2/LlFJTvtCO0qt3PttsMMS/V5tthc+Q8UMVhUN5qbMfiS/seNsqDhRsOSgXH04GyHtd4gbmCU4D46r0Jwsuv23iWifj0saNjGlGJnMafcS3u7/uFSEL1dFZw=;
X-YMail-OSG: 1iDwSpEVM1m3EMVWDyLgZQ5NJd9X.57hb8t8TD9JzX5Igxx FbchsTmIZKZF8t3aHXhwqiVW5CLa8SW8sPDmdLwYtjX.upQuzWi1817.fGUc Qz9DGSsgzgOycXWh5mnWq1vF4Okgbd0gO3eVUfzB07EHJfh_8.ThrpRr_csK RlT4rRqXHJuGhe5v3wQ_bp3V1H3WJUHFGhJVSpjrhyO7P9EMWTGuGeouXEgx PBiV3vEyW7rF6Z_JUfRerZlkfFgUv9m47REm21RkUy8MmfxzriPXb9gSiIDQ wvZsPUtk0GznujhFg3LFGx.q4iRXNGPwyG.xk_QOqW7jrxApp62Kk8cN1v_D Mcf2rj2zD11g.lIx29np.IDp6l9jax02h7uil150HuMRBX9pysa6mXWJIYsM fouIft.6tZ9MSqMltjqx.NwvAL0_FbAanuLKSBhHdwn0FsKCkhQ--
Received: from [209.131.51.116] by web31812.mail.mud.yahoo.com via HTTP; Thu, 17 May 2012 15:32:55 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.118.349524
References: <4E1F6AAD24975D4BA5B16804296739436650C821@TK5EX14MBXC284.redmond.corp.microsoft.com>
Message-ID: <1337293975.5655.YahooMailNeo@web31812.mail.mud.yahoo.com>
Date: Thu, 17 May 2012 15:32:55 -0700 (PDT)
From: William Mills <wmills@yahoo-inc.com>
To: Mike Jones <Michael.Jones@microsoft.com>, "oauth@ietf.org" <oauth@ietf.org>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739436650C821@TK5EX14MBXC284.redmond.corp.microsoft.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="1458549034-1457185695-1337293975=:5655"
Subject: Re: [OAUTH-WG] Cache-Control headers for Bearer URI Query Parameter method
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills@yahoo-inc.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 May 2012 22:32:58 -0000

--1458549034-1457185695-1337293975=:5655
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

That works.=0A=0A=0A=0A=0A>________________________________=0A> From: Mike =
Jones <Michael.Jones@microsoft.com>=0A>To: "oauth@ietf.org" <oauth@ietf.org=
> =0A>Sent: Thursday, May 17, 2012 3:12 PM=0A>Subject: [OAUTH-WG] Cache-Con=
trol headers for Bearer URI Query Parameter method=0A> =0A>=0A> =0A>Dear wo=
rking group members:=0A>=A0=0A>I'm going through the remaining open issues =
that have been raised about the Bearer spec so as to be ready to publish an=
 updated draft once the outstanding consensus call issues are resolved.=0A>=
=A0=0A>Amos Jeffries had cited this requirement in the HTTPbis spec (=0Ahtt=
p://tools.ietf.org/html/draft-ietf-httpbis-p7-auth-19#section-2.3.1):=0A>=
=A0=0A>=A0=A0 o=A0 The credentials carried in an Authorization header field=
 are=0A>=A0=A0=A0=A0=A0 specific to the User Agent, and therefore have the =
same effect on=0A>=A0=A0=A0=A0=A0 HTTP caches as the "private" Cache-Contro=
l response directive,=0A>=A0=A0=A0=A0=A0 within the scope of the request th=
ey appear in.=0A>=A0=0A>=A0=A0=A0=A0=A0 Therefore, new authentication schem=
es which choose not to carry=0A>=A0=A0=A0=A0=A0 credentials in the Authoriz=
ation header (e.g., using a newly=0A>=A0=A0=A0=A0=A0 defined header) will n=
eed to explicitly disallow caching, by=0A>=A0=A0=A0=A0=A0 mandating the use=
 of either Cache-Control request directives=0A>=A0=A0=A0=A0=A0 (e.g., "no-s=
tore") or response directives (e.g., "private").=0A>=A0=0A>I propose to add=
 the following text in order to satisfy this requirement.=A0 I have changed=
 Amos' MUSTs to SHOULDs because, in practice, applications that have no opt=
ion but to use the URI Query Parameter method are likely to also not have c=
ontrol over the request's Cache-Control directives (just as they do not hav=
e the ability to use an "Authorization: Bearer" header value):=0A>=A0=0A>=
=A0=A0=A0 Clients using the URI Query Parameter method SHOULD also send a=
=0A>=A0=A0=A0 Cache-Control header containing the "no-store" option. =A0Ser=
ver success=0A>=A0=A0=A0 (2XX status) responses to these requests SHOULD co=
ntain a Cache-Control=0A>=A0=A0=A0 header with the "private" option.=0A>=A0=
=0A>Comments?=0A>=A0=0A>=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 -- Mike=0A>=
=A0=0A>-----Original Message-----=0A>From: Amos Jeffries [mailto:squid3@tre=
enet.co.nz] =0A>Sent: Monday, April 23, 2012 10:13 PM=0A>To: Mike Jones=0A>=
Cc: oauth@ietf.org=0A>Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-=
v2-bearer-19.txt=0A>=A0=0A>On 24/04/2012 4:33 p.m., Mike Jones wrote:=0A>> =
What specific language would you suggest be added to what section(s)?=0A>> =
=A0=0A>> =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 -- Mike=0A>=A0=0A>=A0=0A>Perhapse the =
last paragraph appended:=0A>"=0A>=A0=0A>=A0=A0=A0 Because of the security w=
eaknesses associated with the URI method=0A>=A0=A0=A0 (see Section 5), incl=
uding the high likelihood that the URL=0A>=A0=A0=A0 containing the access t=
oken will be logged, it SHOULD NOT be used=0A>=A0=A0=A0 unless it is imposs=
ible to transport the access token in the=0A>=A0=A0=A0 "Authorization" requ=
est header field or the HTTP request entity-body.=0A>=A0=A0=A0 Resource ser=
vers compliant with this specification MAY support this=0A>=A0=A0=A0 method=
.=0A>=A0=0A>=A0=A0=A0 Clients requesting URL containing the access token MU=
ST also send a=0A>=A0=A0=A0 Cache-Control header containing the "no-store" =
option. Server success=0A>=A0=A0=A0 (2xx status) responses to these request=
s MUST contain a Cache-Control=0A>=A0=A0=A0 header with the "private" optio=
n.=0A>=A0=0A>"=0A>=A0=0A>I'm a little suspicious that the "SHOUDL NOT" in t=
hat top paragraph likely should be a MUST NOT to further discourage needles=
s use.=0A>=A0=0A>=A0=0A>AYJ=0A>=A0=0A>=A0=0A>> =A0=0A>> -----Original Messa=
ge-----=0A>> From: oauth-bounces@ietf.org On Behalf Of Amos Jeffries=0A>> S=
ent: Monday, April 23, 2012 7:10 PM=0A>> To: oauth@ietf.org=0A>> Subject: R=
e: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-bearer-19.txt=0A>> =A0=0A>> O=
n 24.04.2012 13:46, internet-drafts@ietf.org wrote:=0A>>> A New Internet-Dr=
aft is available from the on-line Internet-Drafts =0A>>> directories. This =
draft is a work item of the Web Authorization =0A>>> Protocol Working Group=
 of the IETF.=0A>>> =A0=0A>>> =A0=A0=A0=A0=A0=A0=A0=A0=A0 Title=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0 : The OAuth 2.0 Authorization Protocol: Bearer=0A>>> Tok=
ens=0A>>> =A0=A0=A0=A0=A0=A0=A0=A0=A0 Author(s)=A0=A0=A0=A0=A0=A0 : Michael=
 B. Jones=0A>>>=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0 Dick Hardt=0A>>>=A0=A0=A0=A0=A0=A0=A0=A0=A0 =A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0David Recordon=0A>>> =A0=A0=A0=
=A0=A0=A0=A0=A0=A0 Filename=A0=A0=A0=A0=A0=A0=A0 : draft-ietf-oauth-v2-bear=
er-19.txt=0A>>> =A0=A0=A0=A0=A0=A0=A0=A0=A0 Pages=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0 : 24=0A>>> =A0=A0=A0=A0=A0=A0=A0=A0=A0 Date=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0 : 2012-04-23=0A>>> =A0=0A>>>=A0=A0=A0=A0 This specification descr=
ibes how to use bearer tokens in HTTP=0A>>>=A0=A0=A0=A0 requests to access =
OAuth 2.0 protected resources.=A0 Any party in=0A>>>=A0=A0=A0=A0 possession=
 of a bearer token (a "bearer") can use it to get =0A>>> access to=0A>>>=A0=
=A0=A0=A0 the associated resources (without demonstrating possession of a=
=0A>>>=A0=A0=A0=A0 cryptographic key).=A0 To prevent misuse, bearer tokens =
need to be=0A>>>=A0=A0=A0=A0 protected from disclosure in storage and in tr=
ansport.=0A>>> =A0=0A>>> =A0=0A>>> A URL for this Internet-Draft is:=0A>>> =
http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-bearer-19.txt=0A>> =
=A0=0A>> =A0=0A>> The section 2.3 (URL Query Parameter) text is still lacki=
ng explicit and specific security requirements. The overarching TLS require=
ment is good in general, but insufficient in the presence of HTTP intermedi=
aries on the TLS connection path as is becoming a common practice.=0A>> =A0=
=0A>> The upcoming HTTPbis specs document this issue as a requirement for n=
ew auth schemes such as Bearer:=0A>> =A0=0A>> http://tools.ietf.org/html/dr=
aft-ietf-httpbis-p7-auth-19#section-2.3.1=0A>> "=0A>>=A0=A0=A0=A0=A0=A0=A0=
=A0 Therefore, new authentication schemes which choose not to carry=0A>>=A0=
=A0=A0=A0=A0=A0=A0=A0 credentials in the Authorization header (e.g., using =
a newly=0A>>=A0=A0=A0=A0=A0=A0=A0=A0 defined header) will need to explicitl=
y disallow caching, by=0A>>=A0=A0=A0=A0=A0=A0=A0=A0 mandating the use of ei=
ther Cache-Control request directives=0A>>=A0=A0=A0=A0=A0=A0=A0=A0 (e.g., "=
no-store") or response directives (e.g., "private").=0A>> "=0A>> =A0=0A>> =
=A0=0A>> AYJ=0A>> =A0=0A>> _______________________________________________=
=0A>> OAuth mailing list=0A>> OAuth@ietf.org=0A>> https://www.ietf.org/mail=
man/listinfo/oauth=0A>> =A0=0A>> =A0=0A>=A0=0A>=A0=0A>_____________________=
__________________________=0A>OAuth mailing list=0A>OAuth@ietf.org=0A>https=
://www.ietf.org/mailman/listinfo/oauth=0A>=0A>=0A>
--1458549034-1457185695-1337293975=:5655
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

<html><body><div style=3D"color:#000; background-color:#fff; font-family:Co=
urier New, courier, monaco, monospace, sans-serif;font-size:14pt"><div><spa=
n>That works.</span></div><div><br><blockquote style=3D"border-left: 2px so=
lid rgb(16, 16, 255); margin-left: 5px; margin-top: 5px; padding-left: 5px;=
">  <div style=3D"font-family: Courier New, courier, monaco, monospace, san=
s-serif; font-size: 14pt;"> <div style=3D"font-family: times new roman, new=
 york, times, serif; font-size: 12pt;"> <div dir=3D"ltr"> <font face=3D"Ari=
al" size=3D"2"> <hr size=3D"1">  <b><span style=3D"font-weight:bold;">From:=
</span></b> Mike Jones &lt;Michael.Jones@microsoft.com&gt;<br> <b><span sty=
le=3D"font-weight: bold;">To:</span></b> "oauth@ietf.org" &lt;oauth@ietf.or=
g&gt; <br> <b><span style=3D"font-weight: bold;">Sent:</span></b> Thursday,=
 May 17, 2012 3:12 PM<br> <b><span style=3D"font-weight: bold;">Subject:</s=
pan></b> [OAUTH-WG] Cache-Control headers for Bearer URI Query Parameter me=
thod<br> </font>
 </div> <br>=0A<div id=3D"yiv710054670">=0A=0A =0A =0A<style><!--=0A#yiv710=
054670  =0A _filtered #yiv710054670 {font-family:Calibri;panose-1:2 15 5 2 =
2 2 4 3 2 4;}=0A _filtered #yiv710054670 {font-family:Tahoma;panose-1:2 11 =
6 4 3 5 4 4 2 4;}=0A#yiv710054670  =0A#yiv710054670 p.yiv710054670MsoNormal=
, #yiv710054670 li.yiv710054670MsoNormal, #yiv710054670 div.yiv710054670Mso=
Normal=0A=09{margin:0in;margin-bottom:.0001pt;font-size:11.0pt;font-family:=
"sans-serif";}=0A#yiv710054670 a:link, #yiv710054670 span.yiv710054670MsoHy=
perlink=0A=09{color:blue;text-decoration:underline;}=0A#yiv710054670 a:visi=
ted, #yiv710054670 span.yiv710054670MsoHyperlinkFollowed=0A=09{color:purple=
;text-decoration:underline;}=0A#yiv710054670 p.yiv710054670MsoPlainText, #y=
iv710054670 li.yiv710054670MsoPlainText, #yiv710054670 div.yiv710054670MsoP=
lainText=0A=09{margin:0in;margin-bottom:.0001pt;font-size:11.0pt;font-famil=
y:"sans-serif";}=0A#yiv710054670 p.yiv710054670MsoAcetate, #yiv710054670 li=
.yiv710054670MsoAcetate, #yiv710054670 div.yiv710054670MsoAcetate=0A=09{mar=
gin:0in;margin-bottom:.0001pt;font-size:8.0pt;font-family:"sans-serif";}=0A=
#yiv710054670 span.yiv710054670PlainTextChar=0A=09{font-family:"sans-serif"=
;}=0A#yiv710054670 span.yiv710054670BalloonTextChar=0A=09{font-family:"sans=
-serif";}=0A#yiv710054670 .yiv710054670MsoChpDefault=0A=09{font-family:"san=
s-serif";}=0A _filtered #yiv710054670 {margin:1.0in 1.0in 1.0in 1.0in;}=0A#=
yiv710054670 div.yiv710054670WordSection1=0A=09{}=0A--></style>=0A=0A<div>=
=0A<div class=3D"yiv710054670WordSection1">=0A<div class=3D"yiv710054670Mso=
PlainText">Dear working group members:</div> =0A<div class=3D"yiv710054670M=
soPlainText"> &nbsp;</div> =0A<div class=3D"yiv710054670MsoPlainText">I'm g=
oing through the remaining open issues that have been raised about the Bear=
er spec so as to be ready to publish an updated draft once the outstanding =
consensus call issues are resolved.</div> =0A<div class=3D"yiv710054670MsoP=
lainText"> &nbsp;</div> =0A<div class=3D"yiv710054670MsoPlainText">Amos Jef=
fries had cited this requirement in the HTTPbis spec (=0Ahttp://tools.ietf.=
org/html/draft-ietf-httpbis-p7-auth-19#section-2.3.1):</div> =0A<div class=
=3D"yiv710054670MsoPlainText"> &nbsp;</div> =0A<div class=3D"yiv710054670Ms=
oPlainText">&nbsp;&nbsp; o&nbsp; The credentials carried in an Authorizatio=
n header field are</div> =0A<div class=3D"yiv710054670MsoPlainText">&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp; specific to the User Agent, and therefore have the =
same effect on</div> =0A<div class=3D"yiv710054670MsoPlainText">&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp; HTTP caches as the "private" Cache-Control response dir=
ective,</div> =0A<div class=3D"yiv710054670MsoPlainText">&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp; within the scope of the request they appear in.</div> =0A<div =
class=3D"yiv710054670MsoPlainText"> &nbsp;</div> =0A<div class=3D"yiv710054=
670MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Therefore, new authenticati=
on schemes which choose not to carry</div> =0A<div class=3D"yiv710054670Mso=
PlainText">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; credentials in the Authorization =
header (e.g., using a newly</div> =0A<div class=3D"yiv710054670MsoPlainText=
">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; defined header) will need to explicitly di=
sallow caching, by</div> =0A<div class=3D"yiv710054670MsoPlainText">&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp; mandating the use of either Cache-Control request d=
irectives</div> =0A<div class=3D"yiv710054670MsoPlainText">&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp; (e.g., "no-store") or response directives (e.g., "private").=
</div> =0A<div class=3D"yiv710054670MsoPlainText"> &nbsp;</div> =0A<div cla=
ss=3D"yiv710054670MsoPlainText">I propose to add the following text in orde=
r to satisfy this requirement.&nbsp; I have changed Amos' MUSTs to SHOULDs =
because, in practice, applications that have no option but to use the URI Q=
uery Parameter method are likely to also not=0A have control over the reque=
st's Cache-Control directives (just as they do not have the ability to use =
an "Authorization: Bearer" header value):</div> =0A<div class=3D"yiv7100546=
70MsoPlainText"> &nbsp;</div> =0A<div class=3D"yiv710054670MsoPlainText"><s=
pan style=3D"color:#953735;">&nbsp;&nbsp;&nbsp; Clients using the URI Query=
 Parameter method SHOULD also send a</span></div> =0A<div class=3D"yiv71005=
4670MsoPlainText"><span style=3D"color:#953735;">&nbsp;&nbsp;&nbsp; Cache-C=
ontrol header containing the "no-store" option. &nbsp;Server success</span>=
</div> =0A<div class=3D"yiv710054670MsoPlainText"><span style=3D"color:#953=
735;">&nbsp;&nbsp;&nbsp; (2XX status) responses to these requests SHOULD co=
ntain a Cache-Control</span></div> =0A<div class=3D"yiv710054670MsoPlainTex=
t"><span style=3D"color:#953735;">&nbsp;&nbsp;&nbsp; header with the "priva=
te" option.</span></div> =0A<div class=3D"yiv710054670MsoPlainText"> &nbsp;=
</div> =0A<div class=3D"yiv710054670MsoPlainText">Comments?</div> =0A<div c=
lass=3D"yiv710054670MsoPlainText"> &nbsp;</div> =0A<div class=3D"yiv7100546=
70MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp; -- Mike</div> =0A<div class=3D"yiv710054670MsoPlainText=
"> &nbsp;</div> =0A<div class=3D"yiv710054670MsoPlainText">-----Original Me=
ssage-----<br>=0AFrom: Amos Jeffries [mailto:squid3@treenet.co.nz] <br>=0AS=
ent: Monday, April 23, 2012 10:13 PM<br>=0ATo: Mike Jones<br>=0ACc: oauth@i=
etf.org<br>=0ASubject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-beare=
r-19.txt</div>=0A<div class=3D"yiv710054670MsoPlainText"> &nbsp;</div> =0A<=
div class=3D"yiv710054670MsoPlainText">On 24/04/2012 4:33 p.m., Mike Jones =
wrote:</div> =0A<div class=3D"yiv710054670MsoPlainText">&gt; What specific =
language would you suggest be added to what section(s)?</div> =0A<div class=
=3D"yiv710054670MsoPlainText">&gt; &nbsp;</div> =0A<div class=3D"yiv7100546=
70MsoPlainText">&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
 -- Mike</div> =0A<div class=3D"yiv710054670MsoPlainText"> &nbsp;</div> =0A=
<div class=3D"yiv710054670MsoPlainText"> &nbsp;</div> =0A<div class=3D"yiv7=
10054670MsoPlainText">Perhapse the last paragraph appended:</div> =0A<div c=
lass=3D"yiv710054670MsoPlainText">"</div> =0A<div class=3D"yiv710054670MsoP=
lainText"> &nbsp;</div> =0A<div class=3D"yiv710054670MsoPlainText">&nbsp;&n=
bsp;&nbsp; Because of the security weaknesses associated with the URI metho=
d</div> =0A<div class=3D"yiv710054670MsoPlainText">&nbsp;&nbsp;&nbsp; (see =
Section 5), including the high likelihood that the URL</div> =0A<div class=
=3D"yiv710054670MsoPlainText">&nbsp;&nbsp;&nbsp; containing the access toke=
n will be logged, it SHOULD NOT be used</div> =0A<div class=3D"yiv710054670=
MsoPlainText">&nbsp;&nbsp;&nbsp; unless it is impossible to transport the a=
ccess token in the</div> =0A<div class=3D"yiv710054670MsoPlainText">&nbsp;&=
nbsp;&nbsp; "Authorization" request header field or the HTTP request entity=
-body.</div> =0A<div class=3D"yiv710054670MsoPlainText">&nbsp;&nbsp;&nbsp; =
Resource servers compliant with this specification MAY support this</div> =
=0A<div class=3D"yiv710054670MsoPlainText">&nbsp;&nbsp;&nbsp; method.</div>=
 =0A<div class=3D"yiv710054670MsoPlainText"> &nbsp;</div> =0A<div class=3D"=
yiv710054670MsoPlainText">&nbsp;&nbsp;&nbsp; Clients requesting URL contain=
ing the access token MUST also send a</div> =0A<div class=3D"yiv710054670Ms=
oPlainText">&nbsp;&nbsp;&nbsp; Cache-Control header containing the "no-stor=
e" option. Server success</div> =0A<div class=3D"yiv710054670MsoPlainText">=
&nbsp;&nbsp;&nbsp; (2xx status) responses to these requests MUST contain a =
Cache-Control</div> =0A<div class=3D"yiv710054670MsoPlainText">&nbsp;&nbsp;=
&nbsp; header with the "private" option.</div> =0A<div class=3D"yiv71005467=
0MsoPlainText"> &nbsp;</div> =0A<div class=3D"yiv710054670MsoPlainText">"</=
div> =0A<div class=3D"yiv710054670MsoPlainText"> &nbsp;</div> =0A<div class=
=3D"yiv710054670MsoPlainText">I'm a little suspicious that the "SHOUDL NOT"=
 in that top paragraph likely should be a MUST NOT to further discourage ne=
edless use.</div> =0A<div class=3D"yiv710054670MsoPlainText"> &nbsp;</div> =
=0A<div class=3D"yiv710054670MsoPlainText"> &nbsp;</div> =0A<div class=3D"y=
iv710054670MsoPlainText">AYJ</div> =0A<div class=3D"yiv710054670MsoPlainTex=
t"> &nbsp;</div> =0A<div class=3D"yiv710054670MsoPlainText"> &nbsp;</div> =
=0A<div class=3D"yiv710054670MsoPlainText">&gt; &nbsp;</div> =0A<div class=
=3D"yiv710054670MsoPlainText">&gt; -----Original Message-----</div> =0A<div=
 class=3D"yiv710054670MsoPlainText">&gt; From: <a rel=3D"nofollow" ymailto=
=3D"mailto:oauth-bounces@ietf.org" target=3D"_blank" href=3D"mailto:oauth-b=
ounces@ietf.org"><span style=3D"color:windowtext;text-decoration:none;">oau=
th-bounces@ietf.org</span></a> On Behalf Of Amos Jeffries</div> =0A<div cla=
ss=3D"yiv710054670MsoPlainText">&gt; Sent: Monday, April 23, 2012 7:10 PM</=
div> =0A<div class=3D"yiv710054670MsoPlainText">&gt; To: <a rel=3D"nofollow=
" ymailto=3D"mailto:oauth@ietf.org" target=3D"_blank" href=3D"mailto:oauth@=
ietf.org"><span style=3D"color:windowtext;text-decoration:none;">oauth@ietf=
.org</span></a></div> =0A<div class=3D"yiv710054670MsoPlainText">&gt; Subje=
ct: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-bearer-19.txt</div> =0A<=
div class=3D"yiv710054670MsoPlainText">&gt; &nbsp;</div> =0A<div class=3D"y=
iv710054670MsoPlainText">&gt; On 24.04.2012 13:46, <a rel=3D"nofollow" ymai=
lto=3D"mailto:internet-drafts@ietf.org" target=3D"_blank" href=3D"mailto:in=
ternet-drafts@ietf.org">=0A<span style=3D"color:windowtext;text-decoration:=
none;">internet-drafts@ietf.org</span></a> wrote:</div> =0A<div class=3D"yi=
v710054670MsoPlainText">&gt;&gt; A New Internet-Draft is available from the=
 on-line Internet-Drafts=0A</div> =0A<div class=3D"yiv710054670MsoPlainText=
">&gt;&gt; directories. This draft is a work item of the Web Authorization=
=0A</div> =0A<div class=3D"yiv710054670MsoPlainText">&gt;&gt; Protocol Work=
ing Group of the IETF.</div> =0A<div class=3D"yiv710054670MsoPlainText">&gt=
;&gt; &nbsp;</div> =0A<div class=3D"yiv710054670MsoPlainText">&gt;&gt; &nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Title&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : The OAuth 2.0 Authorization Pro=
tocol: Bearer</div> =0A<div class=3D"yiv710054670MsoPlainText">&gt;&gt; Tok=
ens</div> =0A<div class=3D"yiv710054670MsoPlainText">&gt;&gt; &nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Author(s)&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp; : Michael B. Jones</div> =0A<div class=3D"yiv710054670MsoPlain=
Text">&gt;&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp; Dick Hardt</div> =0A<div class=3D"yiv710054670Ms=
oPlainText">&gt;&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;David Recordon</div> =0A<div class=3D"yiv7=
10054670MsoPlainText">&gt;&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; Filename&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : draft-ietf-=
oauth-v2-bearer-19.txt</div> =0A<div class=3D"yiv710054670MsoPlainText">&gt=
;&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Pages&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 24</div> =0A<div clas=
s=3D"yiv710054670MsoPlainText">&gt;&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp; Date&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; : 2012-04-23</div> =0A<div class=3D"yiv710054670MsoPlainTex=
t">&gt;&gt; &nbsp;</div> =0A<div class=3D"yiv710054670MsoPlainText">&gt;&gt=
;&nbsp;&nbsp;&nbsp;&nbsp; This specification describes how to use bearer to=
kens in HTTP</div> =0A<div class=3D"yiv710054670MsoPlainText">&gt;&gt;&nbsp=
;&nbsp;&nbsp;&nbsp; requests to access OAuth 2.0 protected resources.&nbsp;=
 Any party in</div> =0A<div class=3D"yiv710054670MsoPlainText">&gt;&gt;&nbs=
p;&nbsp;&nbsp;&nbsp; possession of a bearer token (a "bearer") can use it t=
o get=0A</div> =0A<div class=3D"yiv710054670MsoPlainText">&gt;&gt; access t=
o</div> =0A<div class=3D"yiv710054670MsoPlainText">&gt;&gt;&nbsp;&nbsp;&nbs=
p;&nbsp; the associated resources (without demonstrating possession of a</d=
iv> =0A<div class=3D"yiv710054670MsoPlainText">&gt;&gt;&nbsp;&nbsp;&nbsp;&n=
bsp; cryptographic key).&nbsp; To prevent misuse, bearer tokens need to be<=
/div> =0A<div class=3D"yiv710054670MsoPlainText">&gt;&gt;&nbsp;&nbsp;&nbsp;=
&nbsp; protected from disclosure in storage and in transport.</div> =0A<div=
 class=3D"yiv710054670MsoPlainText">&gt;&gt; &nbsp;</div> =0A<div class=3D"=
yiv710054670MsoPlainText">&gt;&gt; &nbsp;</div> =0A<div class=3D"yiv7100546=
70MsoPlainText">&gt;&gt; A URL for this Internet-Draft is:</div> =0A<div cl=
ass=3D"yiv710054670MsoPlainText">&gt;&gt; <a rel=3D"nofollow" target=3D"_bl=
ank" href=3D"http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-bearer=
-19.txt">=0A<span style=3D"color:windowtext;text-decoration:none;">http://w=
ww.ietf.org/internet-drafts/draft-ietf-oauth-v2-bearer-19.txt</span></a></d=
iv> =0A<div class=3D"yiv710054670MsoPlainText">&gt; &nbsp;</div> =0A<div cl=
ass=3D"yiv710054670MsoPlainText">&gt; &nbsp;</div> =0A<div class=3D"yiv7100=
54670MsoPlainText">&gt; The section 2.3 (URL Query Parameter) text is still=
 lacking explicit and specific security requirements. The overarching TLS r=
equirement is good in general, but insufficient in the presence of HTTP int=
ermediaries on the TLS connection=0A path as is becoming a common practice.=
</div> =0A<div class=3D"yiv710054670MsoPlainText">&gt; &nbsp;</div> =0A<div=
 class=3D"yiv710054670MsoPlainText">&gt; The upcoming HTTPbis specs documen=
t this issue as a requirement for new auth schemes such as Bearer:</div> =
=0A<div class=3D"yiv710054670MsoPlainText">&gt; &nbsp;</div> =0A<div class=
=3D"yiv710054670MsoPlainText">&gt; <a rel=3D"nofollow" target=3D"_blank" hr=
ef=3D"http://tools.ietf.org/html/draft-ietf-httpbis-p7-auth-19#section-2.3.=
1">=0A<span style=3D"color:windowtext;text-decoration:none;">http://tools.i=
etf.org/html/draft-ietf-httpbis-p7-auth-19#section-2.3.1</span></a></div> =
=0A<div class=3D"yiv710054670MsoPlainText">&gt; "</div> =0A<div class=3D"yi=
v710054670MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
; Therefore, new authentication schemes which choose not to carry</div> =0A=
<div class=3D"yiv710054670MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp; credentials in the Authorization header (e.g., using a ne=
wly</div> =0A<div class=3D"yiv710054670MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; defined header) will need to explicitly disa=
llow caching, by</div> =0A<div class=3D"yiv710054670MsoPlainText">&gt;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; mandating the use of either Cac=
he-Control request directives</div> =0A<div class=3D"yiv710054670MsoPlainTe=
xt">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (e.g., "no-store")=
 or response directives (e.g., "private").</div> =0A<div class=3D"yiv710054=
670MsoPlainText">&gt; "</div> =0A<div class=3D"yiv710054670MsoPlainText">&g=
t; &nbsp;</div> =0A<div class=3D"yiv710054670MsoPlainText">&gt; &nbsp;</div=
> =0A<div class=3D"yiv710054670MsoPlainText">&gt; AYJ</div> =0A<div class=
=3D"yiv710054670MsoPlainText">&gt; &nbsp;</div> =0A<div class=3D"yiv7100546=
70MsoPlainText">&gt; _______________________________________________</div> =
=0A<div class=3D"yiv710054670MsoPlainText">&gt; OAuth mailing list</div> =
=0A<div class=3D"yiv710054670MsoPlainText">&gt; <a rel=3D"nofollow" ymailto=
=3D"mailto:OAuth@ietf.org" target=3D"_blank" href=3D"mailto:OAuth@ietf.org"=
><span style=3D"color:windowtext;text-decoration:none;">OAuth@ietf.org</spa=
n></a></div> =0A<div class=3D"yiv710054670MsoPlainText">&gt; <a rel=3D"nofo=
llow" target=3D"_blank" href=3D"https://www.ietf.org/mailman/listinfo/oauth=
"><span style=3D"color:windowtext;text-decoration:none;">https://www.ietf.o=
rg/mailman/listinfo/oauth</span></a></div> =0A<div class=3D"yiv710054670Mso=
PlainText">&gt; &nbsp;</div> =0A<div class=3D"yiv710054670MsoPlainText">&gt=
; &nbsp;</div> =0A<div class=3D"yiv710054670MsoPlainText"> &nbsp;</div> =0A=
<div class=3D"yiv710054670MsoPlainText"> &nbsp;</div> =0A</div>=0A</div>=0A=
=0A</div><br>_______________________________________________<br>OAuth maili=
ng list<br><a ymailto=3D"mailto:OAuth@ietf.org" href=3D"mailto:OAuth@ietf.o=
rg">OAuth@ietf.org</a><br><a href=3D"https://www.ietf.org/mailman/listinfo/=
oauth" target=3D"_blank">https://www.ietf.org/mailman/listinfo/oauth</a><br=
><br><br> </div> </div> </blockquote></div>   </div></body></html>
--1458549034-1457185695-1337293975=:5655--

From wmills@yahoo-inc.com  Thu May 17 15:33:43 2012
Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44DA121F880C for <oauth@ietfa.amsl.com>; Thu, 17 May 2012 15:33:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.222
X-Spam-Level: 
X-Spam-Status: No, score=-17.222 tagged_above=-999 required=5 tests=[AWL=0.376, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cB-jplDS8mSK for <oauth@ietfa.amsl.com>; Thu, 17 May 2012 15:33:42 -0700 (PDT)
Received: from nm23-vm0.bullet.mail.ac4.yahoo.com (nm23-vm0.bullet.mail.ac4.yahoo.com [98.139.53.220]) by ietfa.amsl.com (Postfix) with SMTP id 3FB8C21F87FD for <oauth@ietf.org>; Thu, 17 May 2012 15:33:42 -0700 (PDT)
Received: from [98.139.52.193] by nm23.bullet.mail.ac4.yahoo.com with NNFMP; 17 May 2012 22:33:36 -0000
Received: from [98.139.52.131] by tm6.bullet.mail.ac4.yahoo.com with NNFMP; 17 May 2012 22:33:36 -0000
Received: from [127.0.0.1] by omp1014.mail.ac4.yahoo.com with NNFMP; 17 May 2012 22:33:36 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 779049.16419.bm@omp1014.mail.ac4.yahoo.com
Received: (qmail 68346 invoked by uid 60001); 17 May 2012 22:33:36 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1337294016; bh=0ATQAPv3rlvzey0cih0lh8vMmeaKd/HatIsjHix5S3k=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=PF2ll/GOfuRBOubKLagvF+N1dv+Zy8HOeMVtITuuLSDfjUSFTJEB8csJxtRQR88lLhPmvqFeheF2HP7RbPugRMtRLauxNTwdl/pMZyhO6hyffZbmeFXL4gRQG5/1Wm8v3R9MkwFTo2lx5j0vwIb7LyuXK2dAGt3xSj/ZZrJY06E=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=TiZQjwMawu/d5H2XmW0pMifuDAsPoxV2JBn4Gd7rK7AZXzflwI5AVzoNzKvTDKHU4ZFok41SECtwDkXesHUJhNK8hwSv45zO3Fjfe1AldWMtBXsvTTFmSIIsQZ2hR2/SvKpfanric1usAT7BZ4LdXAavhJTb476ONYIBXM7g+sI=;
X-YMail-OSG: p2mpUXMVM1mOaILSwBTRO4QodA7XyCTeAL962WZZUnPMcZa 0bD_YnkgDIj7Ak139_k7_lZY3ZTK5FFKAsR528cAyllgnAxYRQCbUJteGBb3 DSnKUhaTu2t58AMvek4Et1UaHdHrFeaDUaHKmBJjm.jTbxxW_Szy5Hly_W8q cVzWr6iLN4cHnZAjnLsnAG9c6LOGNy36oJDX.divwJmPr2uwG88.udjyfDPB f7IXLGZnqXYtAy4QJ_QgugduMYBytBOaXeDw_tJUitfZaALfaTAa5qZeonsR 5GEusXm.hZm4QA9gamsXT0QLHybA5otpnuNzMEKxVaKX4HX69gBUxNU0igIy _X83CDyIBDZPGDtlWdoQgoMGhpJ1l7Y3NmlyIb7GeGtEn4bangz7fBlQfb5V ss_NnY4n1dl.fLCxhYY6HAyIjCIgbtu7PGb6KWcChcfmj55KMdwbDTIRa2Ry MXamM3psO1yEBaxRQyxo7zxuYvaUfhVRISsdxO63UnWdIoswoYuJx
Received: from [209.131.51.116] by web31804.mail.mud.yahoo.com via HTTP; Thu, 17 May 2012 15:33:35 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.118.349524
References: <4E1F6AAD24975D4BA5B16804296739436650C7FA@TK5EX14MBXC284.redmond.corp.microsoft.com>
Message-ID: <1337294015.60490.YahooMailNeo@web31804.mail.mud.yahoo.com>
Date: Thu, 17 May 2012 15:33:35 -0700 (PDT)
From: William Mills <wmills@yahoo-inc.com>
To: Mike Jones <Michael.Jones@microsoft.com>, "oauth@ietf.org" <oauth@ietf.org>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739436650C7FA@TK5EX14MBXC284.redmond.corp.microsoft.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="835683298-2013000321-1337294015=:60490"
Cc: Mark Nottingham <mnot@mnot.net>
Subject: Re: [OAUTH-WG] FYI - Text resolving DISCUSS issue about Bearer URI Query Parameter method
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills@yahoo-inc.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 May 2012 22:33:43 -0000

--835683298-2013000321-1337294015=:60490
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

wfm=0A=0A=0A=0A=0A>________________________________=0A> From: Mike Jones <M=
ichael.Jones@microsoft.com>=0A>To: "oauth@ietf.org" <oauth@ietf.org> =0A>Cc=
: Mark Nottingham <mnot@mnot.net> =0A>Sent: Thursday, May 17, 2012 3:11 PM=
=0A>Subject: [OAUTH-WG] FYI - Text resolving DISCUSS issue about Bearer URI=
 Query Parameter method=0A> =0A>=0A> =0A>Dear working group members:=0A>=A0=
=0A>I'm going through the remaining open issues that have been raised about=
 the Bearer spec so as to be ready to publish an updated draft once the out=
standing consensus call issues are resolved.=0A>=A0=0A>This DISCUSS had bee=
n raised about the URI Query Parameter method:=0A>=A0=0A>=A0=A0=A0* Section=
 2.3 URI Query Parameter=0A>=A0=0A>=A0=A0=A0This section effectively reserv=
es a URI query parameter for the =0A>=A0=A0=A0=A0draft's use. This should n=
ot be done lightly, since this would be a =0A>=A0=A0=A0=A0precedent for the=
 IETF encroaching upon a server's URIs (done =0A>=A0=A0=A0=A0previously in =
RFC5785, but in a much more limited fashion, as a =0A>=A0=A0=A0=A0tactic to=
 prevent further, uncontrolled encroachment).=0A>=A0=0A>=A0=A0=A0Given that=
 the draft already discourages the use of this mechanism, =0A>=A0=A0=A0=A0I=
'd recommend dropping it altogether. If the Working Group wishes it =0A>=A0=
=A0=A0=A0to remain, this issues should be vetted both through the APPS area=
 =0A>=A0=A0=A0=A0and the W3C liaison.=0A>=A0=0A>I wanted to let you know th=
at the agreed-upon resolution to this issue is to add the following text to=
 the URI Query Parameter section:=0A>=A0=0A>=A0=A0 =A0This method is includ=
ed to document current use; its use is=0A>=A0=A0=A0 NOT RECOMMENDED, both d=
ue to its security deficiencies (see=0A>=A0=A0=A0 Security Considerations) =
and because it uses a reserved query=0A>=A0=A0 =A0parameter name, which is =
counter to URI namespace best=0A>=A0=A0=A0 practices [W3C TAG WebArch].=0A>=
=A0=0A>The reference above is to http://www.w3.org/TR/webarch/.=0A>=A0=0A>T=
hanks to Mark Nottingham, Stephen Farrell, Pete Resnick, and Dick Hardt for=
 helping us get to this resolution.=0A>=A0=0A>=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0 Cheers,=0A>=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 -- Mike=0A>=
=A0=0A>_______________________________________________=0A>OAuth mailing lis=
t=0A>OAuth@ietf.org=0A>https://www.ietf.org/mailman/listinfo/oauth=0A>=0A>=
=0A>
--835683298-2013000321-1337294015=:60490
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

<html><body><div style=3D"color:#000; background-color:#fff; font-family:Co=
urier New, courier, monaco, monospace, sans-serif;font-size:14pt"><div><spa=
n>wfm</span></div><div><br><blockquote style=3D"border-left: 2px solid rgb(=
16, 16, 255); margin-left: 5px; margin-top: 5px; padding-left: 5px;">  <div=
 style=3D"font-family: Courier New, courier, monaco, monospace, sans-serif;=
 font-size: 14pt;"> <div style=3D"font-family: times new roman, new york, t=
imes, serif; font-size: 12pt;"> <div dir=3D"ltr"> <font face=3D"Arial" size=
=3D"2"> <hr size=3D"1">  <b><span style=3D"font-weight:bold;">From:</span><=
/b> Mike Jones &lt;Michael.Jones@microsoft.com&gt;<br> <b><span style=3D"fo=
nt-weight: bold;">To:</span></b> "oauth@ietf.org" &lt;oauth@ietf.org&gt; <b=
r><b><span style=3D"font-weight: bold;">Cc:</span></b> Mark Nottingham &lt;=
mnot@mnot.net&gt; <br> <b><span style=3D"font-weight: bold;">Sent:</span></=
b> Thursday, May 17, 2012 3:11 PM<br> <b><span style=3D"font-weight:
 bold;">Subject:</span></b> [OAUTH-WG] FYI - Text resolving DISCUSS issue a=
bout Bearer URI Query Parameter method<br> </font> </div> <br>=0A<div id=3D=
"yiv700771596">=0A=0A =0A =0A<style><!--=0A#yiv700771596  =0A _filtered #yi=
v700771596 {font-family:Calibri;panose-1:2 15 5 2 2 2 4 3 2 4;}=0A#yiv70077=
1596  =0A#yiv700771596 p.yiv700771596MsoNormal, #yiv700771596 li.yiv7007715=
96MsoNormal, #yiv700771596 div.yiv700771596MsoNormal=0A=09{margin:0in;margi=
n-bottom:.0001pt;font-size:11.0pt;font-family:"sans-serif";}=0A#yiv70077159=
6 a:link, #yiv700771596 span.yiv700771596MsoHyperlink=0A=09{color:blue;text=
-decoration:underline;}=0A#yiv700771596 a:visited, #yiv700771596 span.yiv70=
0771596MsoHyperlinkFollowed=0A=09{color:purple;text-decoration:underline;}=
=0A#yiv700771596 p.yiv700771596MsoPlainText, #yiv700771596 li.yiv700771596M=
soPlainText, #yiv700771596 div.yiv700771596MsoPlainText=0A=09{margin:0in;ma=
rgin-bottom:.0001pt;font-size:11.0pt;font-family:"sans-serif";}=0A#yiv70077=
1596 span.yiv700771596EmailStyle17=0A=09{font-family:"sans-serif";color:win=
dowtext;}=0A#yiv700771596 span.yiv700771596PlainTextChar=0A=09{font-family:=
"sans-serif";}=0A#yiv700771596 .yiv700771596MsoChpDefault=0A=09{}=0A _filte=
red #yiv700771596 {margin:1.0in 1.0in 1.0in 1.0in;}=0A#yiv700771596 div.yiv=
700771596WordSection1=0A=09{}=0A--></style>=0A=0A<div>=0A<div class=3D"yiv7=
00771596WordSection1">=0A<div class=3D"yiv700771596MsoPlainText">Dear worki=
ng group members:</div> =0A<div class=3D"yiv700771596MsoPlainText"> &nbsp;<=
/div> =0A<div class=3D"yiv700771596MsoPlainText">I'm going through the rema=
ining open issues that have been raised about the Bearer spec so as to be r=
eady to publish an updated draft once the outstanding consensus call issues=
 are resolved.</div> =0A<div class=3D"yiv700771596MsoNormal"> &nbsp;</div> =
=0A<div class=3D"yiv700771596MsoNormal">This DISCUSS had been raised about =
the URI Query Parameter method:</div> =0A<div class=3D"yiv700771596MsoNorma=
l"> &nbsp;</div> =0A<div class=3D"yiv700771596MsoPlainText">&nbsp;&nbsp;&nb=
sp;* Section 2.3 URI Query Parameter</div> =0A<div class=3D"yiv700771596Mso=
PlainText"> &nbsp;</div> =0A<div class=3D"yiv700771596MsoPlainText">&nbsp;&=
nbsp;&nbsp;This section effectively reserves a URI query parameter for the=
=0A</div> =0A<div class=3D"yiv700771596MsoPlainText">&nbsp;&nbsp;&nbsp;&nbs=
p;draft's use. This should not be done lightly, since this would be a=0A</d=
iv> =0A<div class=3D"yiv700771596MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;prec=
edent for the IETF encroaching upon a server's URIs (done=0A</div> =0A<div =
class=3D"yiv700771596MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;previously in RF=
C5785, but in a much more limited fashion, as a=0A</div> =0A<div class=3D"y=
iv700771596MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;tactic to prevent further,=
 uncontrolled encroachment).</div> =0A<div class=3D"yiv700771596MsoPlainTex=
t"> &nbsp;</div> =0A<div class=3D"yiv700771596MsoPlainText">&nbsp;&nbsp;&nb=
sp;Given that the draft already discourages the use of this mechanism,=0A</=
div> =0A<div class=3D"yiv700771596MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;I'd=
 recommend dropping it altogether. If the Working Group wishes it=0A</div> =
=0A<div class=3D"yiv700771596MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;to remai=
n, this issues should be vetted both through the APPS area=0A</div> =0A<div=
 class=3D"yiv700771596MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;and the W3C lia=
ison.</div> =0A<div class=3D"yiv700771596MsoNormal"> &nbsp;</div> =0A<div c=
lass=3D"yiv700771596MsoNormal">I wanted to let you know that the agreed-upo=
n resolution to this issue is to add the following text to the URI Query Pa=
rameter section:</div> =0A<div class=3D"yiv700771596MsoNormal"> &nbsp;</div=
> =0A<div class=3D"yiv700771596MsoPlainText"><span style=3D"color:#953735;"=
>&nbsp;&nbsp; &nbsp;This method is included to document current use; its us=
e is</span></div> =0A<div class=3D"yiv700771596MsoPlainText"><span style=3D=
"color:#953735;">&nbsp;&nbsp;&nbsp; NOT RECOMMENDED, both due to its securi=
ty deficiencies (see</span></div> =0A<div class=3D"yiv700771596MsoPlainText=
"><span style=3D"color:#953735;">&nbsp;&nbsp;&nbsp; Security Considerations=
) and because it uses a reserved query</span></div> =0A<div class=3D"yiv700=
771596MsoPlainText"><span style=3D"color:#953735;">&nbsp;&nbsp; &nbsp;param=
eter name, which is counter to URI namespace best</span></div> =0A<div clas=
s=3D"yiv700771596MsoPlainText"><span style=3D"color:#953735;">&nbsp;&nbsp;&=
nbsp; practices [W3C TAG WebArch].</span></div> =0A<div class=3D"yiv7007715=
96MsoNormal"> &nbsp;</div> =0A<div class=3D"yiv700771596MsoNormal">The refe=
rence above is to http://www.w3.org/TR/webarch/.</div> =0A<div class=3D"yiv=
700771596MsoNormal"> &nbsp;</div> =0A<div class=3D"yiv700771596MsoNormal">T=
hanks to Mark Nottingham, Stephen Farrell, Pete Resnick, and Dick Hardt for=
 helping us get to this resolution.</div> =0A<div class=3D"yiv700771596MsoN=
ormal"> &nbsp;</div> =0A<div class=3D"yiv700771596MsoNormal">&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Cheers,</d=
iv> =0A<div class=3D"yiv700771596MsoNormal">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- Mike</div> =0A<div class=
=3D"yiv700771596MsoNormal"> &nbsp;</div> =0A</div>=0A</div>=0A=0A</div><br>=
_______________________________________________<br>OAuth mailing list<br><a=
 ymailto=3D"mailto:OAuth@ietf.org" href=3D"mailto:OAuth@ietf.org">OAuth@iet=
f.org</a><br><a href=3D"https://www.ietf.org/mailman/listinfo/oauth" target=
=3D"_blank">https://www.ietf.org/mailman/listinfo/oauth</a><br><br><br> </d=
iv> </div> </blockquote></div>   </div></body></html>
--835683298-2013000321-1337294015=:60490--

From julian.reschke@gmx.de  Fri May 18 00:15:29 2012
Return-Path: <julian.reschke@gmx.de>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2BAF221F86BA for <oauth@ietfa.amsl.com>; Fri, 18 May 2012 00:15:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.582
X-Spam-Level: 
X-Spam-Status: No, score=-102.582 tagged_above=-999 required=5 tests=[AWL=0.017, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YGUudP187QLP for <oauth@ietfa.amsl.com>; Fri, 18 May 2012 00:15:28 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id 2F5A221F854A for <oauth@ietf.org>; Fri, 18 May 2012 00:15:27 -0700 (PDT)
Received: (qmail invoked by alias); 18 May 2012 07:15:25 -0000
Received: from p54BB26EE.dip.t-dialin.net (EHLO [192.168.178.36]) [84.187.38.238] by mail.gmx.net (mp034) with SMTP; 18 May 2012 09:15:25 +0200
X-Authenticated: #1915285
X-Provags-ID: V01U2FsdGVkX19yWeEsEGByxUce3rzeQHkfoqaaUrvJ5b4GMgFstL /p4i9sWTUguEqW
Message-ID: <4FB5F703.90907@gmx.de>
Date: Fri, 18 May 2012 09:15:15 +0200
From: Julian Reschke <julian.reschke@gmx.de>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: Mike Jones <Michael.Jones@microsoft.com>
References: <4E1F6AAD24975D4BA5B16804296739436650C7FA@TK5EX14MBXC284.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739436650C7FA@TK5EX14MBXC284.redmond.corp.microsoft.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Cc: Mark Nottingham <mnot@mnot.net>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] FYI - Text resolving DISCUSS issue about Bearer URI Query Parameter method
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 May 2012 07:15:29 -0000

On 2012-05-18 00:11, Mike Jones wrote:
> Dear working group members:
>
> I'm going through the remaining open issues that have been raised about
> the Bearer spec so as to be ready to publish an updated draft once the
> outstanding consensus call issues are resolved.
>
> This DISCUSS had been raised about the URI Query Parameter method:
>
> * Section 2.3 URI Query Parameter
>
> This section effectively reserves a URI query parameter for the
>
> draft's use. This should not be done lightly, since this would be a
>
> precedent for the IETF encroaching upon a server's URIs (done
>
> previously in RFC5785, but in a much more limited fashion, as a
>
> tactic to prevent further, uncontrolled encroachment).
>
> Given that the draft already discourages the use of this mechanism,
>
> I'd recommend dropping it altogether. If the Working Group wishes it
>
> to remain, this issues should be vetted both through the APPS area
>
> and the W3C liaison.
>
> I wanted to let you know that the agreed-upon resolution to this issue
> is to add the following text to the URI Query Parameter section:
>
> This method is included to document current use; its use is
>
> NOT RECOMMENDED, both due to its security deficiencies (see
>
> Security Considerations) and because it uses a reserved query
>
> parameter name, which is counter to URI namespace best
>
> practices [W3C TAG WebArch].
>
> The reference above is to http://www.w3.org/TR/webarch/.
>
> Thanks to Mark Nottingham, Stephen Farrell, Pete Resnick, and Dick Hardt
> for helping us get to this resolution.
> ...

Did you consider to *also* move the whole section into an appendix, so 
that it's status is also reflected by the document structure?

Best regards, Julian

From internet-drafts@ietf.org  Wed May 23 00:42:39 2012
Return-Path: <internet-drafts@ietf.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B4BE21F8552; Wed, 23 May 2012 00:42:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.507
X-Spam-Level: 
X-Spam-Status: No, score=-102.507 tagged_above=-999 required=5 tests=[AWL=0.092, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gVOCS4u+pidv; Wed, 23 May 2012 00:42:38 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA68121F8547; Wed, 23 May 2012 00:42:38 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 4.02
Message-ID: <20120523074238.28567.24310.idtracker@ietfa.amsl.com>
Date: Wed, 23 May 2012 00:42:38 -0700
Cc: oauth@ietf.org
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-jwt-bearer-00.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 May 2012 07:42:39 -0000

A New Internet-Draft is available from the on-line Internet-Drafts director=
ies. This draft is a work item of the Web Authorization Protocol Working Gr=
oup of the IETF.

	Title           : JSON Web Token (JWT) Bearer Token Profiles for OAuth 2.0
	Author(s)       : Michael B. Jones
                          Brian Campbell
                          Chuck Mortimore
	Filename        : draft-ietf-oauth-jwt-bearer-00.txt
	Pages           : 10
	Date            : 2012-05-22

   This specification defines the use of a JSON Web Token (JWT) Bearer
   Token as a means for requesting an OAuth 2.0 access token as well as
   for use as a means of client authentication.


A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-oauth-jwt-bearer-00.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

This Internet-Draft can be retrieved at:
ftp://ftp.ietf.org/internet-drafts/draft-ietf-oauth-jwt-bearer-00.txt

The IETF datatracker page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-bearer/


From internet-drafts@ietf.org  Wed May 23 00:44:11 2012
Return-Path: <internet-drafts@ietf.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBBF921F85D0; Wed, 23 May 2012 00:44:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.521
X-Spam-Level: 
X-Spam-Status: No, score=-102.521 tagged_above=-999 required=5 tests=[AWL=0.078, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I0TpVzISZYdX; Wed, 23 May 2012 00:44:11 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7093D21F8552; Wed, 23 May 2012 00:44:11 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 4.02
Message-ID: <20120523074411.29408.58519.idtracker@ietfa.amsl.com>
Date: Wed, 23 May 2012 00:44:11 -0700
Cc: oauth@ietf.org
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-json-web-token-00.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 May 2012 07:44:12 -0000

A New Internet-Draft is available from the on-line Internet-Drafts director=
ies. This draft is a work item of the Web Authorization Protocol Working Gr=
oup of the IETF.

	Title           : JSON Web Token (JWT)
	Author(s)       : Michael B. Jones
                          John Bradley
                          Nat Sakimura
	Filename        : draft-ietf-oauth-json-web-token-00.txt
	Pages           : 19
	Date            : 2012-05-22

   JSON Web Token (JWT) is a means of representing claims to be
   transferred between two parties.  The claims in a JWT are encoded as
   a JSON object that is digitally signed or MACed using JSON Web
   Signature (JWS) and/or encrypted using JSON Web Encryption (JWE).

   The suggested pronunciation of JWT is the same as the English word
   "jot".



A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-oauth-json-web-token-00.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

This Internet-Draft can be retrieved at:
ftp://ftp.ietf.org/internet-drafts/draft-ietf-oauth-json-web-token-00.txt

The IETF datatracker page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-json-web-token/


From internet-drafts@ietf.org  Wed May 23 09:21:07 2012
Return-Path: <internet-drafts@ietf.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF30E21F86D4; Wed, 23 May 2012 09:21:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.377
X-Spam-Level: 
X-Spam-Status: No, score=-102.377 tagged_above=-999 required=5 tests=[AWL=0.222, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t7Csi-pbF30D; Wed, 23 May 2012 09:21:07 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30AED21F85A4; Wed, 23 May 2012 09:21:07 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 4.02
Message-ID: <20120523162107.10011.88142.idtracker@ietfa.amsl.com>
Date: Wed, 23 May 2012 09:21:07 -0700
Cc: oauth@ietf.org
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-use-cases-00.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 May 2012 16:21:08 -0000

A New Internet-Draft is available from the on-line Internet-Drafts director=
ies. This draft is a work item of the Web Authorization Protocol Working Gr=
oup of the IETF.

	Title           : OAuth Use Cases
	Author(s)       : George Fletcher
                          Torsten Lodderstedt
                          Zachary Zeltsan
	Filename        : draft-ietf-oauth-use-cases-00.txt
	Pages           : 23
	Date            : 2012-05-23

   This document lists the OAuth use cases.  The provided list is based
   on the Internet-Drafts of the OAUTH working group and discussions on
   the group's mailing list.


A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-oauth-use-cases-00.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

This Internet-Draft can be retrieved at:
ftp://ftp.ietf.org/internet-drafts/draft-ietf-oauth-use-cases-00.txt

The IETF datatracker page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-use-cases/


From internet-drafts@ietf.org  Wed May 23 09:21:44 2012
Return-Path: <internet-drafts@ietf.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B89A21F8550; Wed, 23 May 2012 09:21:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.441
X-Spam-Level: 
X-Spam-Status: No, score=-102.441 tagged_above=-999 required=5 tests=[AWL=0.159, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3YC-AQroY8PZ; Wed, 23 May 2012 09:21:43 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7458A21F8753; Wed, 23 May 2012 09:21:40 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 4.02
Message-ID: <20120523162140.10492.33792.idtracker@ietfa.amsl.com>
Date: Wed, 23 May 2012 09:21:40 -0700
Cc: oauth@ietf.org
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-dyn-reg-00.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 May 2012 16:21:44 -0000

A New Internet-Draft is available from the on-line Internet-Drafts director=
ies. This draft is a work item of the Web Authorization Protocol Working Gr=
oup of the IETF.

	Title           : OAuth Dynamic Client Registration Protocol
	Author(s)       : Thomas Hardjono
                          Maciej Machulak
                          Eve Maler
                          Christian Scholz
	Filename        : draft-ietf-oauth-dyn-reg-00.txt
	Pages           : 19
	Date            : 2012-05-23

   This specification proposes an OAuth Dynamic Client Registration
   protocol.


A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-oauth-dyn-reg-00.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

This Internet-Draft can be retrieved at:
ftp://ftp.ietf.org/internet-drafts/draft-ietf-oauth-dyn-reg-00.txt

The IETF datatracker page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-dyn-reg/


From hannes.tschofenig@gmx.net  Wed May 23 11:12:04 2012
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7024C21F8781 for <oauth@ietfa.amsl.com>; Wed, 23 May 2012 11:12:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HHmil3tjYDfL for <oauth@ietfa.amsl.com>; Wed, 23 May 2012 11:12:04 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id 0F1E321F877C for <oauth@ietf.org>; Wed, 23 May 2012 11:12:02 -0700 (PDT)
Received: (qmail invoked by alias); 23 May 2012 18:12:01 -0000
Received: from a88-115-216-191.elisa-laajakaista.fi (EHLO [192.168.100.101]) [88.115.216.191] by mail.gmx.net (mp024) with SMTP; 23 May 2012 20:12:01 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1+hHCFkxLuhMJD0gd1stj8hNFZbjOq32sk6MASdA1 uRTyYSxtmxlDZJ
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=us-ascii
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
In-Reply-To: <0CBAEB56DDB3A140BA8E8C124C04ECA20102A14C@P3PWEX2MB008.ex2.secureserver.net>
Date: Wed, 23 May 2012 21:11:57 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <9A8F1AFD-25CF-47BA-925D-CED755DFC4F9@gmx.net>
References: <7D98C51F-84D8-48AA-B94D-EABE4D0921DB@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA201026B48@P3PWEX2MB008.ex2.secureserver.net> <4E1F6AAD24975D4BA5B1680429673943664CE3AE@TK5EX14MBXC283.redmond.corp.microsoft.com> <0CBAEB56DDB3A140BA8E8C124C04ECA201026CA8@P3PWEX2MB008.ex2.secureserver.net> <6.2.5.6.2.20120510235528.0a735658@resistor.net> <0CBAEB56DDB3A140BA8E8C124C04ECA201029A8A@P3PWEX2MB008.ex2.secureserver.net> <9452079D1A51524AA5749AD23E00392811E21F@exch-mbx901.corp.cloudmark.com> <0CBAEB56DDB3A140BA8E8C124C04ECA20102A14C@P3PWEX2MB008.ex2.secureserver.net>
To: Eran Hammer <eran@hueniverse.com>
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 May 2012 18:12:04 -0000

I am the shepherd for the bearer specification.=20

On May 11, 2012, at 4:57 PM, Eran Hammer wrote:

> Ok. Would the document shepherd for the bearer specification please =
raise your hand?
>=20
> EH
>=20
>> -----Original Message-----
>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On =
Behalf
>> Of Murray S. Kucherawy
>> Sent: Friday, May 11, 2012 6:52 AM
>> To: oauth@ietf.org
>> Subject: Re: [OAUTH-WG] Encoding of Errors in the Base and in the =
Bearer
>> Spec
>>=20
>>> -----Original Message-----
>>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On =
Behalf
>>> Of Eran Hammer
>>> Sent: Friday, May 11, 2012 12:19 AM
>>> To: SM
>>> Cc: oauth@ietf.org
>>> Subject: Re: [OAUTH-WG] Encoding of Errors in the Base and in the
>>> Bearer Spec
>>>=20
>>> Don't know. In the 5 RFCs I've worked on, I - as editor - was the =
only
>>> personal who interacted with the IESG. Either way, it is usually the
>>> editor who is addressing questions about the text and proposing
>>> changes.
>>=20
>> It sounds like you've had some pretty hands-off shepherds in your
>> experience (as have I), or you dealt with the issues yourself which =
obviated
>> the need for that person to act.  But formally, SM is correct about =
the
>> Document Shepherd's function.  See RFC4858.
>>=20
>> -MSK
>>=20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


From hannes.tschofenig@gmx.net  Wed May 23 11:27:07 2012
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DABFA21F8724 for <oauth@ietfa.amsl.com>; Wed, 23 May 2012 11:27:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BXkS9mp6C7h1 for <oauth@ietfa.amsl.com>; Wed, 23 May 2012 11:27:07 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id 0E0EB21F86FF for <oauth@ietf.org>; Wed, 23 May 2012 11:27:05 -0700 (PDT)
Received: (qmail invoked by alias); 23 May 2012 18:27:04 -0000
Received: from a88-115-216-191.elisa-laajakaista.fi (EHLO [192.168.100.101]) [88.115.216.191] by mail.gmx.net (mp027) with SMTP; 23 May 2012 20:27:04 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX18mWB8MN14mbGPQtkRbocpouihFvXFJwgj79l1uDR yZyBfnnsQm9/x8
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Date: Wed, 23 May 2012 21:27:03 +0300
Message-Id: <FADC0EB3-75F7-45E8-93B8-A9C3A07E2E88@gmx.net>
To: "oauth@ietf.org WG" <oauth@ietf.org>
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Subject: [OAUTH-WG] Error Encoding: Conclusion
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 May 2012 18:27:08 -0000

Hi all,=20

on May 10th we called for consensus on an open issue regarding the error =
encoding. Here is the link to the call:=20
http://www.ietf.org/mail-archive/web/oauth/current/msg08994.html

Thank you all for the feedback. The conclusion of the consensus call was =
to harmonize the encoding between the two specifications by =
incorporating the restrictions from the bearer specification into the =
base specification. The error encoding will go into the core =
specification and the bearer specification will reference it.=20

Ciao
Hannes & Derek


From Michael.Jones@microsoft.com  Wed May 23 13:38:37 2012
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74CC811E8099 for <oauth@ietfa.amsl.com>; Wed, 23 May 2012 13:38:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level: 
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iNKF+t-x5pEy for <oauth@ietfa.amsl.com>; Wed, 23 May 2012 13:38:36 -0700 (PDT)
Received: from am1outboundpool.messaging.microsoft.com (am1ehsobe003.messaging.microsoft.com [213.199.154.206]) by ietfa.amsl.com (Postfix) with ESMTP id E8B2B11E8094 for <oauth@ietf.org>; Wed, 23 May 2012 13:38:35 -0700 (PDT)
Received: from mail45-am1-R.bigfish.com (10.3.201.237) by AM1EHSOBE001.bigfish.com (10.3.204.21) with Microsoft SMTP Server id 14.1.225.23; Wed, 23 May 2012 20:38:26 +0000
Received: from mail45-am1 (localhost [127.0.0.1])	by mail45-am1-R.bigfish.com (Postfix) with ESMTP id 411521C00A0	for <oauth@ietf.org>; Wed, 23 May 2012 20:38:19 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC104.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -19
X-BigFish: VS-19(zzc85fhzz1202hzz1033IL8275eh8275bh8275dha1495iz2fh2a8h668h839hd25hf0ah)
Received-SPF: pass (mail45-am1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14MLTC104.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail45-am1 (localhost.localdomain [127.0.0.1]) by mail45-am1 (MessageSwitch) id 1337805496879232_30182; Wed, 23 May 2012 20:38:16 +0000 (UTC)
Received: from AM1EHSMHS013.bigfish.com (unknown [10.3.201.225])	by mail45-am1.bigfish.com (Postfix) with ESMTP id D312240048	for <oauth@ietf.org>; Wed, 23 May 2012 20:38:16 +0000 (UTC)
Received: from TK5EX14MLTC104.redmond.corp.microsoft.com (131.107.125.8) by AM1EHSMHS013.bigfish.com (10.3.207.151) with Microsoft SMTP Server (TLS) id 14.1.225.23; Wed, 23 May 2012 20:38:23 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.189]) by TK5EX14MLTC104.redmond.corp.microsoft.com ([157.54.79.159]) with mapi id 14.02.0298.005; Wed, 23 May 2012 20:37:57 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: Initial Standards Track JSON Web Token (JWT) Specifications
Thread-Index: Ac05I+57DQDaqyyTTNWGsIswaMFZcw==
Date: Wed, 23 May 2012 20:37:56 +0000
Message-ID: <4E1F6AAD24975D4BA5B168042967394366515EA1@TK5EX14MBXC284.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.78]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B168042967394366515EA1TK5EX14MBXC284r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Subject: [OAUTH-WG] Initial Standards Track JSON Web Token (JWT) Specifications
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 May 2012 20:38:37 -0000

--_000_4E1F6AAD24975D4BA5B168042967394366515EA1TK5EX14MBXC284r_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

The JSON Web Token (JWT)<http://tools.ietf.org/html/draft-ietf-oauth-json-w=
eb-token> specification and the OAuth 2.0 JWT Bearer Token Profiles<http://=
tools.ietf.org/html/draft-ietf-oauth-jwt-bearer> specification are now IETF=
 standards track documents in the OAuth working group<http://datatracker.ie=
tf.org/wg/oauth/>. These versions are based upon the individual submission =
versions draft-jones-json-web-token-10<http://tools.ietf.org/html/draft-jon=
es-json-web-token-10> and draft-jones-oauth-jwt-bearer-04<http://tools.ietf=
.org/html/draft-jones-oauth-jwt-bearer-04> with no normative changes.  The =
JWT specification builds upon the JWS<http://tools.ietf.org/html/draft-ietf=
-jose-json-web-signature>, JWE<http://tools.ietf.org/html/draft-ietf-jose-j=
son-web-encryption>, JWK<http://tools.ietf.org/html/draft-ietf-jose-json-we=
b-key>, and JWA<http://tools.ietf.org/html/draft-ietf-jose-json-web-algorit=
hms> specifications in the JOSE working group<http://datatracker.ietf.org/w=
g/jose/>.


These specifications are available at:

*         http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-00

*         http://tools.ietf.org/html/draft-ietf-oauth-jwt-bearer-00



HTML formatted versions are available at:

*         http://self-issued.info/docs/draft-ietf-oauth-json-web-token-00.h=
tml

*         http://self-issued.info/docs/draft-ietf-oauth-jwt-bearer-00.html

                                                                -- Mike

(This message also posted at http://self-issued.info/?p=3D735.)


--_000_4E1F6AAD24975D4BA5B168042967394366515EA1TK5EX14MBXC284r_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:Wingdings;
	panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
	{font-family:Wingdings;
	panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	line-height:normal;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
p
	{mso-style-priority:99;
	mso-margin-top-alt:auto;
	margin-right:0in;
	margin-bottom:12.0pt;
	margin-left:0in;
	line-height:21.0pt;
	font-size:12.0pt;
	font-family:"Times New Roman","serif";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
	{mso-style-priority:34;
	margin-top:0in;
	margin-right:0in;
	margin-bottom:0in;
	margin-left:.5in;
	margin-bottom:.0001pt;
	line-height:normal;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-family:"Calibri","sans-serif";}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
/* List Definitions */
@list l0
	{mso-list-id:55787162;
	mso-list-type:hybrid;
	mso-list-template-ids:-1016586544 67698689 67698691 67698693 67698689 6769=
8691 67698693 67698689 67698691 67698693;}
@list l0:level1
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l0:level2
	{mso-level-number-format:bullet;
	mso-level-text:o;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:"Courier New";}
@list l0:level3
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Wingdings;}
@list l0:level4
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l0:level5
	{mso-level-number-format:bullet;
	mso-level-text:o;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:"Courier New";}
@list l0:level6
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Wingdings;}
@list l0:level7
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l0:level8
	{mso-level-number-format:bullet;
	mso-level-text:o;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:"Courier New";}
@list l0:level9
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Wingdings;}
@list l1
	{mso-list-id:951132926;
	mso-list-type:hybrid;
	mso-list-template-ids:1549583580 67698689 67698691 67698693 67698689 67698=
691 67698693 67698689 67698691 67698693;}
@list l1:level1
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l1:level2
	{mso-level-number-format:bullet;
	mso-level-text:o;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:"Courier New";}
@list l1:level3
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Wingdings;}
@list l1:level4
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l1:level5
	{mso-level-number-format:bullet;
	mso-level-text:o;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:"Courier New";}
@list l1:level6
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Wingdings;}
@list l1:level7
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l1:level8
	{mso-level-number-format:bullet;
	mso-level-text:o;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:"Courier New";}
@list l1:level9
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Wingdings;}
@list l2
	{mso-list-id:1521701929;
	mso-list-template-ids:-1111332142;}
@list l2:level1
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Symbol;}
@list l2:level2
	{mso-level-number-format:image;
	list-style-image:url("PicExportError");
	mso-level-text:o;
	mso-level-tab-stop:1.0in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:"Courier New";
	mso-bidi-font-family:"Times New Roman";}
@list l2:level3
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:1.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Wingdings;}
@list l2:level4
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:2.0in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Wingdings;}
@list l2:level5
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:2.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Wingdings;}
@list l2:level6
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:3.0in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Wingdings;}
@list l2:level7
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:3.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Wingdings;}
@list l2:level8
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:4.0in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Wingdings;}
@list l2:level9
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:4.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Wingdings;}
@list l3
	{mso-list-id:1993945118;
	mso-list-template-ids:1273905246;}
@list l3:level1
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Symbol;}
@list l3:level2
	{mso-level-number-format:image;
	list-style-image:url("PicExportError");
	mso-level-text:o;
	mso-level-tab-stop:1.0in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:"Courier New";
	mso-bidi-font-family:"Times New Roman";}
@list l3:level3
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:1.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Wingdings;}
@list l3:level4
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:2.0in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Wingdings;}
@list l3:level5
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:2.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Wingdings;}
@list l3:level6
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:3.0in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Wingdings;}
@list l3:level7
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:3.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Wingdings;}
@list l3:level8
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:4.0in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Wingdings;}
@list l3:level9
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:4.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	mso-ansi-font-size:10.0pt;
	font-family:Wingdings;}
ol
	{margin-bottom:0in;}
ul
	{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal">The <span style=3D"color:#555555"><a href=3D"http://=
tools.ietf.org/html/draft-ietf-oauth-json-web-token">JSON Web Token (JWT)</=
a></span> specification and the
<span style=3D"color:#555555"><a href=3D"http://tools.ietf.org/html/draft-i=
etf-oauth-jwt-bearer">OAuth 2.0 JWT Bearer Token Profiles</a></span> specif=
ication are now IETF standards track documents in the
<span style=3D"color:#555555"><a href=3D"http://datatracker.ietf.org/wg/oau=
th/">OAuth working group</a></span>. These versions are based upon the indi=
vidual submission versions
<span style=3D"color:#555555"><a href=3D"http://tools.ietf.org/html/draft-j=
ones-json-web-token-10">draft-jones-json-web-token-10</a></span> and
<span style=3D"color:#555555"><a href=3D"http://tools.ietf.org/html/draft-j=
ones-oauth-jwt-bearer-04">draft-jones-oauth-jwt-bearer-04</a></span> with n=
o normative changes.&nbsp; The JWT specification builds upon the
<span style=3D"color:#555555"><a href=3D"http://tools.ietf.org/html/draft-i=
etf-jose-json-web-signature">JWS</a></span>,
<span style=3D"color:#555555"><a href=3D"http://tools.ietf.org/html/draft-i=
etf-jose-json-web-encryption">JWE</a></span>,
<span style=3D"color:#555555"><a href=3D"http://tools.ietf.org/html/draft-i=
etf-jose-json-web-key">JWK</a></span>, and
<span style=3D"color:#555555"><a href=3D"http://tools.ietf.org/html/draft-i=
etf-jose-json-web-algorithms">JWA</a></span> specifications in the
<span style=3D"color:#555555"><a href=3D"http://datatracker.ietf.org/wg/jos=
e/">JOSE working group</a></span>.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p style=3D"margin:0in;margin-bottom:.0001pt;line-height:normal;background:=
white"><span style=3D"font-size:11.0pt;font-family:&quot;Calibri&quot;,&quo=
t;sans-serif&quot;">These specifications are available at:<o:p></o:p></span=
></p>
<p class=3D"MsoListParagraph" style=3D"text-indent:-.25in;mso-list:l1 level=
1 lfo3;background:white">
<![if !supportLists]><span style=3D"font-family:Symbol;color:#555555"><span=
 style=3D"mso-list:Ignore">&middot;<span style=3D"font:7.0pt &quot;Times Ne=
w Roman&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span></span><![endif]><span style=3D"color:#555555"><a href=3D"htt=
p://tools.ietf.org/html/draft-ietf-oauth-json-web-token-00">http://tools.ie=
tf.org/html/draft-ietf-oauth-json-web-token-00</a><o:p></o:p></span></p>
<p class=3D"MsoListParagraph" style=3D"text-indent:-.25in;mso-list:l1 level=
1 lfo3;background:white">
<![if !supportLists]><span style=3D"font-family:Symbol;color:#555555"><span=
 style=3D"mso-list:Ignore">&middot;<span style=3D"font:7.0pt &quot;Times Ne=
w Roman&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span></span><![endif]><span style=3D"color:#555555"><a href=3D"htt=
p://tools.ietf.org/html/draft-ietf-oauth-jwt-bearer-00">http://tools.ietf.o=
rg/html/draft-ietf-oauth-jwt-bearer-00</a><o:p></o:p></span></p>
<p style=3D"margin:0in;margin-bottom:.0001pt;line-height:normal;background:=
white"><span style=3D"font-size:11.0pt;font-family:&quot;Calibri&quot;,&quo=
t;sans-serif&quot;"><o:p>&nbsp;</o:p></span></p>
<p style=3D"margin:0in;margin-bottom:.0001pt;line-height:normal;background:=
white"><span style=3D"font-size:11.0pt;font-family:&quot;Calibri&quot;,&quo=
t;sans-serif&quot;">HTML formatted versions are available at:<o:p></o:p></s=
pan></p>
<p class=3D"MsoListParagraph" style=3D"text-indent:-.25in;mso-list:l0 level=
1 lfo4;background:white">
<![if !supportLists]><span style=3D"font-family:Symbol;color:#555555"><span=
 style=3D"mso-list:Ignore">&middot;<span style=3D"font:7.0pt &quot;Times Ne=
w Roman&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span></span><![endif]><span style=3D"color:#555555"><a href=3D"htt=
p://self-issued.info/docs/draft-ietf-oauth-json-web-token-00.html">http://s=
elf-issued.info/docs/draft-ietf-oauth-json-web-token-00.html</a><o:p></o:p>=
</span></p>
<p class=3D"MsoListParagraph" style=3D"text-indent:-.25in;mso-list:l0 level=
1 lfo4;background:white">
<![if !supportLists]><span style=3D"font-family:Symbol;color:#555555"><span=
 style=3D"mso-list:Ignore">&middot;<span style=3D"font:7.0pt &quot;Times Ne=
w Roman&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span></span><![endif]><span style=3D"color:#555555"><a href=3D"htt=
p://self-issued.info/docs/draft-ietf-oauth-jwt-bearer-00.html">http://self-=
issued.info/docs/draft-ietf-oauth-jwt-bearer-00.html</a><o:p></o:p></span><=
/p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp; -- Mike<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">(This message also posted at <a href=3D"http://self-=
issued.info/?p=3D735">
http://self-issued.info/?p=3D735</a>.)<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
</body>
</html>

--_000_4E1F6AAD24975D4BA5B168042967394366515EA1TK5EX14MBXC284r_--

From Michael.Jones@microsoft.com  Wed May 23 22:23:07 2012
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B597E21F8564 for <oauth@ietfa.amsl.com>; Wed, 23 May 2012 22:23:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level: 
X-Spam-Status: No, score=x tagged_above=-999 required=5 tests=[]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id acfH-hVqX4rd for <oauth@ietfa.amsl.com>; Wed, 23 May 2012 22:23:07 -0700 (PDT)
Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe002.messaging.microsoft.com [216.32.180.12]) by ietfa.amsl.com (Postfix) with ESMTP id A787B21F85A5 for <oauth@ietf.org>; Wed, 23 May 2012 22:22:57 -0700 (PDT)
Received: from mail82-va3-R.bigfish.com (10.7.14.237) by VA3EHSOBE010.bigfish.com (10.7.40.12) with Microsoft SMTP Server id 14.1.225.22; Thu, 24 May 2012 05:22:49 +0000
Received: from mail82-va3 (localhost [127.0.0.1])	by mail82-va3-R.bigfish.com (Postfix) with ESMTP id 1880E420343; Thu, 24 May 2012 05:22:49 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC102.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -38
X-BigFish: VS-38(zz9371Ic85fh14ffI542M1432N179cMzz1202hzz1033IL8275bh8275dhz2fh2a8h668h839hd25hf0ah34h)
Received-SPF: pass (mail82-va3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14MLTC102.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail82-va3 (localhost.localdomain [127.0.0.1]) by mail82-va3 (MessageSwitch) id 1337836966119081_20447; Thu, 24 May 2012 05:22:46 +0000 (UTC)
Received: from VA3EHSMHS017.bigfish.com (unknown [10.7.14.253])	by mail82-va3.bigfish.com (Postfix) with ESMTP id 078324E004D; Thu, 24 May 2012 05:22:46 +0000 (UTC)
Received: from TK5EX14MLTC102.redmond.corp.microsoft.com (131.107.125.8) by VA3EHSMHS017.bigfish.com (10.7.99.27) with Microsoft SMTP Server (TLS) id 14.1.225.23; Thu, 24 May 2012 05:22:43 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.189]) by TK5EX14MLTC102.redmond.corp.microsoft.com ([157.54.79.180]) with mapi id 14.02.0298.005; Thu, 24 May 2012 05:22:47 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, Eran Hammer <eran@hueniverse.com>, "oauth@ietf.org WG" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Error Encoding: Conclusion
Thread-Index: AQHNORGtuzciwTXPbU2x0B3Abs7zkpbYRq5Q
Date: Thu, 24 May 2012 05:22:46 +0000
Message-ID: <4E1F6AAD24975D4BA5B168042967394366516960@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <FADC0EB3-75F7-45E8-93B8-A9C3A07E2E88@gmx.net>
In-Reply-To: <FADC0EB3-75F7-45E8-93B8-A9C3A07E2E88@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.35]
Content-Type: multipart/mixed; boundary="_006_4E1F6AAD24975D4BA5B168042967394366516960TK5EX14MBXC284r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Subject: Re: [OAUTH-WG] Error Encoding: Conclusion
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 May 2012 05:23:07 -0000

--_006_4E1F6AAD24975D4BA5B168042967394366516960TK5EX14MBXC284r_
Content-Type: multipart/alternative;
	boundary="_000_4E1F6AAD24975D4BA5B168042967394366516960TK5EX14MBXC284r_"

--_000_4E1F6AAD24975D4BA5B168042967394366516960TK5EX14MBXC284r_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Thanks Hannes.  In the interest of hopefully completing the edits to remove=
 the DISCUSS issues for the Bearer and Core specs in the next few days so t=
hat we can send the docs to the RFC editors, I'd like to propose specific l=
anguage for the Core spec to address both of the consensus call issue resol=
utions.  After there's consensus on the specific text for Core, it will be =
easy for us to add a reference in Bearer to the language in Core for the er=
ror syntax restrictions and to use the OAuth errors registry.  I'll do that=
 in parallel with the discussions on the proposed core language changes.



A summary of the changes I made in response to the consensus call conclusio=
ns are:

*        Add syntax restrictions for "error", "error_description", and "err=
or_uri" from Bearer to Core

*        Add section 7.2 about error responses from resource access request=
s

*        Add "resource access error response" to the category of OAuth erro=
rs that can be registered



Additional editorial changes that I made as I encountered issues in the doc=
ument were:

*        Updated out of date references, especially the draft-hardt-oauth-0=
1 reference, which contained an invalid link

*        Added Derek Atkins to the list of chairs

*        Added Yaron Goland's middle initial Y. (since he prefers to includ=
e it in publications)

*        Replaced use of the deprecated <appendix> element, which prevented=
 the spec from building with strict checking, with a <section> element in t=
he <back> section (which creates an appendix)



To make it easy to incorporate these changes into the document and so the p=
roposed changes are unambiguous, I produced an edited version of Core -26 c=
ontaining these changes.  The xml, txt, and html versions are attached to f=
acilitate review.  Pertinent diffs from the .txt version follow.



                                                            Cheers,

                                                            -- Mike



683c683,684

<    notation of [RFC5234].

---

>    notation of [RFC5234].  Additionally, the rule URI-Reference is

>    included from Uniform Resource Identifier (URI) [RFC3986].

1441c1441,1442

<          REQUIRED.  A single error code from the following:

---

>          REQUIRED.  A single ASCII [USASCII] error code from the

>          following:

1474a1475,1476

>          Values for the "error" parameter MUST NOT include characters

>          outside the set %x20-21 / %x23-5B / %x5D-7E.

1476c1478

<          OPTIONAL.  A human-readable UTF-8 encoded text providing

---

>          OPTIONAL.  A human-readable ASCII [USASCII] text providing

1478a1481,1482

>          Values for the "error_description" parameter MUST NOT include

>          characters outside the set %x20-21 / %x23-5B / %x5D-7E.

1482a1487,1489

>          Values for the "error_uri" parameter MUST conform to the URI-

>          Reference syntax, and thus MUST NOT include characters outside

>          the set %x21 / %x23-5B / %x5D-7E.

1840c1840,1841

<          REQUIRED.  A single error code from the following:

---

>          REQUIRED.  A single ASCII [USASCII] error code from the

>          following:

1873a1874,1875

>          Values for the "error" parameter MUST NOT include characters

>          outside the set %x20-21 / %x23-5B / %x5D-7E.

1875c1877

<          OPTIONAL.  A human-readable UTF-8 encoded text providing

---

>          OPTIONAL.  A human-readable ASCII [USASCII] text providing

1877a1880,1881

>          Values for the "error_description" parameter MUST NOT include

>          characters outside the set %x20-21 / %x23-5B / %x5D-7E.

1881a1886,1888

>          Values for the "error_uri" parameter MUST conform to the URI-

>          Reference syntax, and thus MUST NOT include characters outside

>          the set %x21 / %x23-5B / %x5D-7E.

<          REQUIRED.  A single error code from the following:

---

>          REQUIRED.  A single ASCII [USASCII] error code from the

>          following:

2325a2326,2327

>          Values for the "error" parameter MUST NOT include characters

>          outside the set %x20-21 / %x23-5B / %x5D-7E.

2327c2329

<          OPTIONAL.  A human-readable UTF-8 encoded text providing

---

>          OPTIONAL.  A human-readable ASCII [USASCII] text providing

2329a2332,2333

>          Values for the "error_description" parameter MUST NOT include

>          characters outside the set %x20-21 / %x23-5B / %x5D-7E.

2333a2338,2340

>          Values for the "error_uri" parameter MUST conform to the URI-

>          Reference syntax, and thus MUST NOT include characters outside

>          the set %x21 / %x23-5B / %x5D-7E.

2450c2460,2468

<    The method in which the client utilized the access token to

---

>    The method in which the client utilizes the access token to

2479c2489

<      Authorization: Bearer 7Fjfp0ZBr1KtDRbnfVdmIw

---

>      Authorization: Bearer mF_9.B5f-4.1JqM

2503a2514,2533

>

> 7.2.  Error Response

>

>    If a resource access request fails, the resource server SHOULD inform

>    the client of the error.  While the specific error responses possible

>    and methods for transmitting those errors when using any particular

>    access token type are beyond the scope of this specification, any

>    error codes defined for use with OAuth resource access methods MUST

>    be registered (following the procedures in Section 11.4).

>

>

2602,2603c2624,2626

<    (Section 4.2.2.1), or the token error response (Section 5.2), such

<    error codes MAY be defined.

---

>    (Section 4.2.2.1), the token error response (Section 5.2), or the

>    resource access error response (Section 7.2), such error codes MAY be

>    defined.

3444c3484,3485

<       (Section 4.2.2.1), or token error response (Section 5.2).

---

>       (Section 4.2.2.1), token error response (Section 5.2), or resource

>       access error response (Section 7.2).

3596a3554,3557

>    [USASCII]  American National Standards Institute, "Coded Character

>               Set -- 7-bit American Standard Code for Information

>               Interchange", ANSI X3.4, 1986.

>

3611,3612c3572,3573

<               OAuth 2.0", draft-ietf-oauth-saml2-bearer-08 (work in

<               progress), August 2011.

---

>               OAuth 2.0", draft-ietf-oauth-saml2-bearer-12 (work in

>               progress), May 2012.

3616,3617c3577,3579

<               Protocol: Bearer Tokens", draft-ietf-oauth-v2-bearer-08

<               (work in progress), July 2011.

---

>               Authorization Protocol: Bearer Tokens",

>               draft-ietf-oauth-v2-bearer-19 (work in progress),

>               April 2012.

3620,3623c3589,3591

<               Hammer-Lahav, E., Barth, A., and B. Adida, "HTTP

<               Authentication: MAC Access Authentication",

<               draft-ietf-oauth-v2-http-mac-00 (work in progress),

<               May 2011.

---

>               Hammer-Lahav, E., "HTTP Authentication: MAC Access

>               Authentication", draft-ietf-oauth-v2-http-mac-01 (work in

>               progress), February 2012.

3626c3594

<               Lodderstedt, T., McGloin, M., and P. Hunt, "OAuth 2.0

---

>               McGloin, M., Hunt, P., and T. Lodderstedt, "OAuth 2.0

3628,3629c3596,3597

<               draft-ietf-oauth-v2-threatmodel-00 (work in progress),

<               July 2011.

---

>               draft-ietf-oauth-v2-threatmodel-02 (work in progress),

>               February 2012.

3468,3546d3503

<    Brian Eaton, Yaron Goland, Dick Hardt, and Allen Tom.

3639c3609,3639

>    Brian Eaton, Yaron Y. Goland, Dick Hardt, and Allen Tom.

3468,3546d3503

<    Yaron Goland, Brent Goldman, Kristoffer Gronowski, Justin Hart,

3644,3645c3644,3656

>    Yaron Y. Goland, Brent Goldman, Kristoffer Gronowski, Justin Hart,

3468,3546d3503

<    This document was produced under the chairmanship of Blaine Cook,

<    Peter Saint-Andre, Hannes Tschofenig, and Barry Leiba.  The area

<    directors included Lisa Dusseault, Peter Saint-Andre, and Stephen

<    Farrell.

3646a3658,3661

>    This document was produced under the chairmanship of Blaine Cook,

>    Peter Saint-Andre, Hannes Tschofenig, Barry Leiba, and Derek Atkins.

>    The area directors included Lisa Dusseault, Peter Saint-Andre, and

>    Stephen Farrell.



-----Original Message-----
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of H=
annes Tschofenig
Sent: Wednesday, May 23, 2012 11:27 AM
To: oauth@ietf.org WG
Subject: [OAUTH-WG] Error Encoding: Conclusion



Hi all,



on May 10th we called for consensus on an open issue regarding the error en=
coding. Here is the link to the call:

http://www.ietf.org/mail-archive/web/oauth/current/msg08994.html



Thank you all for the feedback. The conclusion of the consensus call was to=
 harmonize the encoding between the two specifications by incorporating the=
 restrictions from the bearer specification into the base specification. Th=
e error encoding will go into the core specification and the bearer specifi=
cation will reference it.



Ciao

Hannes & Derek



_______________________________________________

OAuth mailing list

OAuth@ietf.org<mailto:OAuth@ietf.org>

https://www.ietf.org/mailman/listinfo/oauth



--_000_4E1F6AAD24975D4BA5B168042967394366516960TK5EX14MBXC284r_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:Wingdings;
	panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
	{font-family:Wingdings;
	panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Consolas;
	panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
	{mso-style-priority:99;
	mso-style-link:"Plain Text Char";
	margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
span.PlainTextChar
	{mso-style-name:"Plain Text Char";
	mso-style-priority:99;
	mso-style-link:"Plain Text";
	font-family:"Calibri","sans-serif";}
.MsoChpDefault
	{mso-style-type:export-only;
	font-family:"Calibri","sans-serif";}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
/* List Definitions */
@list l0
	{mso-list-id:162670015;
	mso-list-type:hybrid;
	mso-list-template-ids:-1548813908 67698689 67698691 67698693 67698689 6769=
8691 67698693 67698689 67698691 67698693;}
@list l0:level1
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l0:level2
	{mso-level-number-format:bullet;
	mso-level-text:o;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:"Courier New";}
@list l0:level3
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Wingdings;}
@list l0:level4
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l0:level5
	{mso-level-number-format:bullet;
	mso-level-text:o;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:"Courier New";}
@list l0:level6
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Wingdings;}
@list l0:level7
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l0:level8
	{mso-level-number-format:bullet;
	mso-level-text:o;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:"Courier New";}
@list l0:level9
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Wingdings;}
@list l1
	{mso-list-id:1789154231;
	mso-list-type:hybrid;
	mso-list-template-ids:-622923458 67698689 67698691 67698693 67698689 67698=
691 67698693 67698689 67698691 67698693;}
@list l1:level1
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l1:level2
	{mso-level-number-format:bullet;
	mso-level-text:o;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:"Courier New";}
@list l1:level3
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Wingdings;}
@list l1:level4
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l1:level5
	{mso-level-number-format:bullet;
	mso-level-text:o;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:"Courier New";}
@list l1:level6
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Wingdings;}
@list l1:level7
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l1:level8
	{mso-level-number-format:bullet;
	mso-level-text:o;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:"Courier New";}
@list l1:level9
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:none;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Wingdings;}
ol
	{margin-bottom:0in;}
ul
	{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoPlainText">Thanks Hannes.&nbsp; In the interest of hopefully=
 completing the edits to remove the DISCUSS issues for the Bearer and Core =
specs in the next few days so that we can send the docs to the RFC editors,=
 I'd like to propose specific language
 for the Core spec to address both of the consensus call issue resolutions.=
&nbsp; After there's consensus on the specific text for Core, it will be ea=
sy for us to add a reference in Bearer to the language in Core for the erro=
r syntax restrictions and to use the
 OAuth errors registry.&nbsp; I'll do that in parallel with the discussions=
 on the proposed core language changes.<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">A summary of the changes I made in response to th=
e consensus call conclusions are:<o:p></o:p></p>
<p class=3D"MsoPlainText" style=3D"margin-left:.5in;text-indent:-.25in;mso-=
list:l0 level1 lfo1">
<![if !supportLists]><span style=3D"font-family:Symbol"><span style=3D"mso-=
list:Ignore">&middot;<span style=3D"font:7.0pt &quot;Times New Roman&quot;"=
>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span></span><![endif]>Add syntax restrictions for &#8220;error&#82=
21;, &#8220;error_description&#8221;, and &#8220;error_uri&#8221; from Bear=
er to Core<o:p></o:p></p>
<p class=3D"MsoPlainText" style=3D"margin-left:.5in;text-indent:-.25in;mso-=
list:l0 level1 lfo1">
<![if !supportLists]><span style=3D"font-family:Symbol"><span style=3D"mso-=
list:Ignore">&middot;<span style=3D"font:7.0pt &quot;Times New Roman&quot;"=
>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span></span><![endif]>Add section 7.2 about error responses from r=
esource access requests<o:p></o:p></p>
<p class=3D"MsoPlainText" style=3D"margin-left:.5in;text-indent:-.25in;mso-=
list:l0 level1 lfo1">
<![if !supportLists]><span style=3D"font-family:Symbol"><span style=3D"mso-=
list:Ignore">&middot;<span style=3D"font:7.0pt &quot;Times New Roman&quot;"=
>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span></span><![endif]>Add &#8220;resource access error response&#8=
221; to the category of OAuth errors that can be registered<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">Additional editorial changes that I made as I enc=
ountered issues in the document were:<o:p></o:p></p>
<p class=3D"MsoPlainText" style=3D"margin-left:.5in;text-indent:-.25in;mso-=
list:l1 level1 lfo2">
<![if !supportLists]><span style=3D"font-family:Symbol"><span style=3D"mso-=
list:Ignore">&middot;<span style=3D"font:7.0pt &quot;Times New Roman&quot;"=
>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span></span><![endif]>Updated out of date references, especially t=
he draft-hardt-oauth-01 reference, which contained an invalid link<o:p></o:=
p></p>
<p class=3D"MsoPlainText" style=3D"margin-left:.5in;text-indent:-.25in;mso-=
list:l1 level1 lfo2">
<![if !supportLists]><span style=3D"font-family:Symbol"><span style=3D"mso-=
list:Ignore">&middot;<span style=3D"font:7.0pt &quot;Times New Roman&quot;"=
>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span></span><![endif]>Added Derek Atkins to the list of chairs<o:p=
></o:p></p>
<p class=3D"MsoPlainText" style=3D"margin-left:.5in;text-indent:-.25in;mso-=
list:l1 level1 lfo2">
<![if !supportLists]><span style=3D"font-family:Symbol"><span style=3D"mso-=
list:Ignore">&middot;<span style=3D"font:7.0pt &quot;Times New Roman&quot;"=
>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span></span><![endif]>Added Yaron Goland&#8217;s middle initial Y.=
 (since he prefers to include it in publications)<o:p></o:p></p>
<p class=3D"MsoPlainText" style=3D"margin-left:.5in;text-indent:-.25in;mso-=
list:l1 level1 lfo2">
<![if !supportLists]><span style=3D"font-family:Symbol"><span style=3D"mso-=
list:Ignore">&middot;<span style=3D"font:7.0pt &quot;Times New Roman&quot;"=
>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span></span><![endif]>Replaced use of the deprecated &lt;appendix&=
gt; element, which prevented the spec from building with strict checking, w=
ith a &lt;section&gt; element in the &lt;back&gt; section (which creates an=
 appendix)<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">To make it easy to incorporate these changes into=
 the document and so the proposed changes are unambiguous, I produced an ed=
ited version of Core -26 containing these changes.&nbsp; The xml, txt, and =
html versions are attached to facilitate
 review.&nbsp; Pertinent diffs from the .txt version follow.<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp; Cheers,<o:p></o:p></p>
<p class=3D"MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp; -- Mike<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">683c683,684<o:p></o:p></p>
<p class=3D"MsoPlainText">&lt;&nbsp;&nbsp;&nbsp; notation of [RFC5234].<o:p=
></o:p></p>
<p class=3D"MsoPlainText">---<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp; notation of [RFC5234].&nbs=
p; Additionally, the rule URI-Reference is<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp; included from Uniform Reso=
urce Identifier (URI) [RFC3986].<o:p></o:p></p>
<p class=3D"MsoPlainText">1441c1441,1442<o:p></o:p></p>
<p class=3D"MsoPlainText">&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&n=
bsp;&nbsp;REQUIRED.&nbsp; A single error code from the following:<o:p></o:p=
></p>
<p class=3D"MsoPlainText">---<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; REQUIRED.&nbsp; A single ASCII [USASCII] error code from the<o:p>=
</o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; following:<o:p></o:p></p>
<p class=3D"MsoPlainText">1474a1475,1476<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; Values for the &quot;error&quot; parameter MUST NOT include chara=
cters<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; outside the set %x20-21 / %x23-5B / %x5D-7E.<o:p></o:p></p>
<p class=3D"MsoPlainText">1476c1478<o:p></o:p></p>
<p class=3D"MsoPlainText">&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; OPTIONAL.&nbsp; A human-readable UTF-8 encoded text providing<o:p=
></o:p></p>
<p class=3D"MsoPlainText">---<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; OPTIONAL.&nbsp; A human-readable ASCII [USASCII] text providing<o=
:p></o:p></p>
<p class=3D"MsoPlainText">1478a1481,1482<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; Values for the &quot;error_description&quot; parameter MUST NOT i=
nclude<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; characters outside the set %x20-21 / %x23-5B / %x5D-7E.<o:p></o:p=
></p>
<p class=3D"MsoPlainText">1482a1487,1489<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; Values for the &quot;error_uri&quot; parameter MUST conform to th=
e URI-<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; Reference syntax, and thus MUST NOT include characters outside<o:=
p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; the set %x21 / %x23-5B / %x5D-7E.<o:p></o:p></p>
<p class=3D"MsoPlainText">1840c1840,1841<o:p></o:p></p>
<p class=3D"MsoPlainText">&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; REQUIRED.&nbsp; A single error code from the following:<o:p></o:p=
></p>
<p class=3D"MsoPlainText">---<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; REQUIRED.&nbsp; A single ASCII [USASCII] error code from the<o:p>=
</o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; following:<o:p></o:p></p>
<p class=3D"MsoPlainText">1873a1874,1875<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; Values for the &quot;error&quot; parameter MUST NOT include chara=
cters<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; outside the set %x20-21 / %x23-5B / %x5D-7E.<o:p></o:p></p>
<p class=3D"MsoPlainText">1875c1877<o:p></o:p></p>
<p class=3D"MsoPlainText">&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; OPTIONAL.&nbsp; A human-readable UTF-8 encoded text providing<o:p=
></o:p></p>
<p class=3D"MsoPlainText">---<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; OPTIONAL.&nbsp; A human-readable ASCII [USASCII] text providing<o=
:p></o:p></p>
<p class=3D"MsoPlainText">1877a1880,1881<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; Values for the &quot;error_description&quot; parameter MUST NOT i=
nclude<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; characters outside the set %x20-21 / %x23-5B / %x5D-7E.<o:p></o:p=
></p>
<p class=3D"MsoPlainText">1881a1886,1888<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; Values for the &quot;error_uri&quot; parameter MUST conform to th=
e URI-<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; Reference syntax, and thus MUST NOT include characters outside<o:=
p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; the set %x21 / %x23-5B / %x5D-7E.<o:p></o:p></p>
<p class=3D"MsoPlainText">&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; REQUIRED.&nbsp; A single error code from the following:<o:p></o:p=
></p>
<p class=3D"MsoPlainText">---<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; REQUIRED.&nbsp; A single ASCII [USASCII] error code from the<o:p>=
</o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; following:<o:p></o:p></p>
<p class=3D"MsoPlainText">2325a2326,2327<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; Values for the &quot;error&quot; parameter MUST NOT include chara=
cters<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; outside the set %x20-21 / %x23-5B / %x5D-7E.<o:p></o:p></p>
<p class=3D"MsoPlainText">2327c2329<o:p></o:p></p>
<p class=3D"MsoPlainText">&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; OPTIONAL.&nbsp; A human-readable UTF-8 encoded text providing<o:p=
></o:p></p>
<p class=3D"MsoPlainText">---<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; OPTIONAL.&nbsp; A human-readable ASCII [USASCII] text providing<o=
:p></o:p></p>
<p class=3D"MsoPlainText">2329a2332,2333<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; Values for the &quot;error_description&quot; parameter MUST NOT i=
nclude<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; characters outside the set %x20-21 / %x23-5B / %x5D-7E.<o:p></o:p=
></p>
<p class=3D"MsoPlainText">2333a2338,2340<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; Values for the &quot;error_uri&quot; parameter MUST conform to th=
e URI-<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; Reference syntax, and thus MUST NOT include characters outside<o:=
p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; the set %x21 / %x23-5B / %x5D-7E.<o:p></o:p></p>
<p class=3D"MsoPlainText">2450c2460,2468<o:p></o:p></p>
<p class=3D"MsoPlainText">&lt;&nbsp;&nbsp;&nbsp; The method in which the cl=
ient utilized the access token to<o:p></o:p></p>
<p class=3D"MsoPlainText">---<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp; The method in which the cl=
ient utilizes the access token to<o:p></o:p></p>
<p class=3D"MsoPlainText">2479c2489<o:p></o:p></p>
<p class=3D"MsoPlainText">&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Authorization:=
 Bearer 7Fjfp0ZBr1KtDRbnfVdmIw<o:p></o:p></p>
<p class=3D"MsoPlainText">---<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Authorization:=
 Bearer mF_9.B5f-4.1JqM<o:p></o:p></p>
<p class=3D"MsoPlainText">2503a2514,2533<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt; <o:p></o:p></p>
<p class=3D"MsoPlainText">&gt; 7.2.&nbsp; Error Response<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt; <o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp; If a resource access reque=
st fails, the resource server SHOULD inform<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp; the client of the error.&n=
bsp; While the specific error responses possible<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp; and methods for transmitti=
ng those errors when using any particular<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp; access token type are beyo=
nd the scope of this specification, any<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp; error codes defined for us=
e with OAuth resource access methods MUST<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp; be registered (following t=
he procedures in Section 11.4).<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt; <o:p></o:p></p>
<p class=3D"MsoPlainText">&gt; <o:p></o:p></p>
<p class=3D"MsoPlainText">2602,2603c2624,2626<o:p></o:p></p>
<p class=3D"MsoPlainText">&lt;&nbsp;&nbsp;&nbsp; (Section 4.2.2.1), or the =
token error response (Section 5.2), such<o:p></o:p></p>
<p class=3D"MsoPlainText">&lt;&nbsp;&nbsp;&nbsp; error codes MAY be defined=
.<o:p></o:p></p>
<p class=3D"MsoPlainText">---<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp; (Section 4.2.2.1), the tok=
en error response (Section 5.2), or the<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp; resource access error resp=
onse (Section 7.2), such error codes MAY be<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp; defined.<o:p></o:p></p>
<p class=3D"MsoPlainText">3444c3484,3485<o:p></o:p></p>
<p class=3D"MsoPlainText">&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (Section=
 4.2.2.1), or token error response (Section 5.2).<o:p></o:p></p>
<p class=3D"MsoPlainText">---<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (Section=
 4.2.2.1), token error response (Section 5.2), or resource<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; access e=
rror response (Section 7.2).<o:p></o:p></p>
<p class=3D"MsoPlainText">3596a3554,3557<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp; [USASCII]&nbsp; American N=
ational Standards Institute, &quot;Coded Character<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Set -- 7-bit American Standard Code=
 for Information<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Interchange&quot;, ANSI X3.4, 1986.=
<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt; <o:p></o:p></p>
<p class=3D"MsoPlainText">3611,3612c3572,3573<o:p></o:p></p>
<p class=3D"MsoPlainText">&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; OAuth 2.0&quot;, draft-ietf-oauth-s=
aml2-bearer-08 (work in<o:p></o:p></p>
<p class=3D"MsoPlainText">&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; progress), August 2011.<o:p></o:p><=
/p>
<p class=3D"MsoPlainText">---<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; OAuth 2.0&quot;, draft-ietf-oauth-s=
aml2-bearer-12 (work in<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; progress), May 2012.<o:p></o:p></p>
<p class=3D"MsoPlainText">3616,3617c3577,3579<o:p></o:p></p>
<p class=3D"MsoPlainText">&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Protocol: Bearer Tokens&quot;, draf=
t-ietf-oauth-v2-bearer-08<o:p></o:p></p>
<p class=3D"MsoPlainText">&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (work in progress), July 2011.<o:p>=
</o:p></p>
<p class=3D"MsoPlainText">---<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Authorization Protocol: Bearer Toke=
ns&quot;,<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; draft-ietf-oauth-v2-bearer-19 (work=
 in progress),<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; April 2012.<o:p></o:p></p>
<p class=3D"MsoPlainText">3620,3623c3589,3591<o:p></o:p></p>
<p class=3D"MsoPlainText">&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Hammer-Lahav, E., Barth, A., and B.=
 Adida, &quot;HTTP<o:p></o:p></p>
<p class=3D"MsoPlainText">&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Authentication: MAC Access Authenti=
cation&quot;,<o:p></o:p></p>
<p class=3D"MsoPlainText">&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; draft-ietf-oauth-v2-http-mac-00 (wo=
rk in progress),<o:p></o:p></p>
<p class=3D"MsoPlainText">&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; May 2011.<o:p></o:p></p>
<p class=3D"MsoPlainText">---<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Hammer-Lahav, E., &quot;HTTP Authen=
tication: MAC Access<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Authentication&quot;, draft-ietf-oa=
uth-v2-http-mac-01 (work in<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; progress), February 2012.<o:p></o:p=
></p>
<p class=3D"MsoPlainText">3626c3594<o:p></o:p></p>
<p class=3D"MsoPlainText">&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Lodderstedt, T., McGloin, M., and P=
. Hunt, &quot;OAuth 2.0<o:p></o:p></p>
<p class=3D"MsoPlainText">---<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; McGloin, M., Hunt, P., and T. Lodde=
rstedt, &quot;OAuth 2.0<o:p></o:p></p>
<p class=3D"MsoPlainText">3628,3629c3596,3597<o:p></o:p></p>
<p class=3D"MsoPlainText">&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; draft-ietf-oauth-v2-threatmodel-00 =
(work in progress),<o:p></o:p></p>
<p class=3D"MsoPlainText">&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; July 2011.<o:p></o:p></p>
<p class=3D"MsoPlainText">---<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; draft-ietf-oauth-v2-threatmodel-02 =
(work in progress),<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; February 2012.<o:p></o:p></p>
<p class=3D"MsoPlainText">3468,3546d3503<o:p></o:p></p>
<p class=3D"MsoPlainText">&lt;&nbsp;&nbsp; &nbsp;Brian Eaton, Yaron Goland,=
 Dick Hardt, and Allen Tom.<o:p></o:p></p>
<p class=3D"MsoPlainText">3639c3609,3639<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp; Brian Eaton, Yaron Y. Gola=
nd, Dick Hardt, and Allen Tom.<o:p></o:p></p>
<p class=3D"MsoPlainText">3468,3546d3503<o:p></o:p></p>
<p class=3D"MsoPlainText">&lt;&nbsp;&nbsp;&nbsp; Yaron Goland, Brent Goldma=
n, Kristoffer Gronowski, Justin Hart,<o:p></o:p></p>
<p class=3D"MsoPlainText">3644,3645c3644,3656<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp; Yaron Y. Goland, Brent Gol=
dman, Kristoffer Gronowski, Justin Hart,<o:p></o:p></p>
<p class=3D"MsoPlainText">3468,3546d3503<o:p></o:p></p>
<p class=3D"MsoPlainText">&lt;&nbsp;&nbsp;&nbsp; This document was produced=
 under the chairmanship of Blaine Cook,<o:p></o:p></p>
<p class=3D"MsoPlainText">&lt;&nbsp;&nbsp;&nbsp; Peter Saint-Andre, Hannes =
Tschofenig, and Barry Leiba.&nbsp; The area<o:p></o:p></p>
<p class=3D"MsoPlainText">&lt;&nbsp;&nbsp;&nbsp; directors included Lisa Du=
sseault, Peter Saint-Andre, and Stephen<o:p></o:p></p>
<p class=3D"MsoPlainText">&lt;&nbsp;&nbsp;&nbsp; Farrell.<o:p></o:p></p>
<p class=3D"MsoPlainText">3646a3658,3661<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp; This document was produced=
 under the chairmanship of Blaine Cook,<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp; Peter Saint-Andre, Hannes =
Tschofenig, Barry Leiba, and Derek Atkins.<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp; The area directors include=
d Lisa Dusseault, Peter Saint-Andre, and<o:p></o:p></p>
<p class=3D"MsoPlainText">&gt;&nbsp;&nbsp;&nbsp; Stephen Farrell.<o:p></o:p=
></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">-----Original Message-----<br>
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of H=
annes Tschofenig<br>
Sent: Wednesday, May 23, 2012 11:27 AM<br>
To: oauth@ietf.org WG<br>
Subject: [OAUTH-WG] Error Encoding: Conclusion</p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">Hi all, <o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">on May 10th we called for consensus on an open is=
sue regarding the error encoding. Here is the link to the call:
<o:p></o:p></p>
<p class=3D"MsoPlainText"><a href=3D"http://www.ietf.org/mail-archive/web/o=
auth/current/msg08994.html"><span style=3D"color:windowtext;text-decoration=
:none">http://www.ietf.org/mail-archive/web/oauth/current/msg08994.html</sp=
an></a><o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">Thank you all for the feedback. The conclusion of=
 the consensus call was to harmonize the encoding between the two specifica=
tions by incorporating the restrictions from the bearer specification into =
the base specification. The error
 encoding will go into the core specification and the bearer specification =
will reference it.
<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">Ciao<o:p></o:p></p>
<p class=3D"MsoPlainText">Hannes &amp; Derek<o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoPlainText">_______________________________________________<o=
:p></o:p></p>
<p class=3D"MsoPlainText">OAuth mailing list<o:p></o:p></p>
<p class=3D"MsoPlainText"><a href=3D"mailto:OAuth@ietf.org"><span style=3D"=
color:windowtext;text-decoration:none">OAuth@ietf.org</span></a><o:p></o:p>=
</p>
<p class=3D"MsoPlainText"><a href=3D"https://www.ietf.org/mailman/listinfo/=
oauth"><span style=3D"color:windowtext;text-decoration:none">https://www.ie=
tf.org/mailman/listinfo/oauth</span></a><o:p></o:p></p>
<p class=3D"MsoPlainText"><o:p>&nbsp;</o:p></p>
</div>
</body>
</html>

--_000_4E1F6AAD24975D4BA5B168042967394366516960TK5EX14MBXC284r_--

--_006_4E1F6AAD24975D4BA5B168042967394366516960TK5EX14MBXC284r_
Content-Type: text/xml; name="draft-ietf-oauth-v2-26+mbj.xml"
Content-Description: draft-ietf-oauth-v2-26+mbj.xml
Content-Disposition: attachment; filename="draft-ietf-oauth-v2-26+mbj.xml";
	size=177893; creation-date="Thu, 24 May 2012 02:23:54 GMT";
	modification-date="Thu, 24 May 2012 01:25:34 GMT"
Content-Transfer-Encoding: base64

PD94bWwgdmVyc2lvbj0nMS4wJyBlbmNvZGluZz0nVVRGLTgnID8+CjwhRE9DVFlQRSByZmMgU1lT
VEVNICdyZmMyNjI5LmR0ZCc+Cjw/eG1sLXN0eWxlc2hlZXQgdHlwZT0ndGV4dC94c2wnIGhyZWY9
J3JmYzI2MjkueHNsdCcgPz4KCjxyZmMgY2F0ZWdvcnk9J3N0ZCcgaXByPSd0cnVzdDIwMDkwMicg
b2Jzb2xldGVzPSc1ODQ5JyBkb2NOYW1lPSdkcmFmdC1pZXRmLW9hdXRoLXYyLTI3Jz4KICA8P3Jm
YyBzdHJpY3Q9J3llcycgPz4KICA8P3JmYyB0b2M9J3llcycgPz4KICA8P3JmYyB0b2NkZXB0aD0n
MycgPz4KICA8P3JmYyBzeW1yZWZzPSd5ZXMnID8+CiAgPD9yZmMgc29ydHJlZnM9J3llcycgPz4K
ICA8P3JmYyBjb21wYWN0PSd5ZXMnID8+CiAgPD9yZmMgc3ViY29tcGFjdD0neWVzJyA/PgoKICAK
ICA8ZnJvbnQ+CiAgICA8dGl0bGUgYWJicmV2PSdPQXV0aCAyLjAnPlRoZSBPQXV0aCAyLjAgQXV0
aG9yaXphdGlvbiBGcmFtZXdvcms8L3RpdGxlPgoKICAgIDxhdXRob3IgZnVsbG5hbWU9J0VyYW4g
SGFtbWVyJyBzdXJuYW1lPSdIYW1tZXInIGluaXRpYWxzPSdFJyByb2xlPSdlZGl0b3InPgogICAg
ICA8b3JnYW5pemF0aW9uPjwvb3JnYW5pemF0aW9uPgogICAgICA8YWRkcmVzcz4KICAgICAgICA8
ZW1haWw+ZXJhbkBodWVuaXZlcnNlLmNvbTwvZW1haWw+CiAgICAgICAgPHVyaT5odHRwOi8vaHVl
bml2ZXJzZS5jb208L3VyaT4KICAgICAgPC9hZGRyZXNzPgogICAgPC9hdXRob3I+CiAgICA8YXV0
aG9yIGZ1bGxuYW1lPSdEYXZpZCBSZWNvcmRvbicgc3VybmFtZT0nUmVjb3Jkb24nIGluaXRpYWxz
PSdEJz4KICAgICAgPG9yZ2FuaXphdGlvbj5GYWNlYm9vazwvb3JnYW5pemF0aW9uPgogICAgICA8
YWRkcmVzcz4KICAgICAgICA8ZW1haWw+ZHJAZmIuY29tPC9lbWFpbD4KICAgICAgICA8dXJpPmh0
dHA6Ly93d3cuZGF2aWRyZWNvcmRvbi5jb20vPC91cmk+CiAgICAgIDwvYWRkcmVzcz4KICAgIDwv
YXV0aG9yPgogICAgPGF1dGhvciBmdWxsbmFtZT0nRGljayBIYXJkdCcgc3VybmFtZT0nSGFyZHQn
IGluaXRpYWxzPSdEJz4KICAgICAgPG9yZ2FuaXphdGlvbj5NaWNyb3NvZnQ8L29yZ2FuaXphdGlv
bj4KICAgICAgPGFkZHJlc3M+CiAgICAgICAgPGVtYWlsPmRpY2suaGFyZHRAZ21haWwuY29tPC9l
bWFpbD4KICAgICAgICA8dXJpPmh0dHA6Ly9kaWNraGFyZHQub3JnLzwvdXJpPgogICAgICA8L2Fk
ZHJlc3M+CiAgICA8L2F1dGhvcj4KCiAgICA8ZGF0ZSB5ZWFyPScyMDEyJyAvPgoKICAgIDxhYnN0
cmFjdD4KICAgICAgPHQ+CiAgICAgICAgVGhlIE9BdXRoIDIuMCBhdXRob3JpemF0aW9uIGZyYW1l
d29yayBlbmFibGVzIGEgdGhpcmQtcGFydHkgYXBwbGljYXRpb24gdG8gb2J0YWluIGxpbWl0ZWQK
ICAgICAgICBhY2Nlc3MgdG8gYW4gSFRUUCBzZXJ2aWNlLCBlaXRoZXIgb24gYmVoYWxmIG9mIGEg
cmVzb3VyY2Ugb3duZXIgYnkgb3JjaGVzdHJhdGluZyBhbiBhcHByb3ZhbAogICAgICAgIGludGVy
YWN0aW9uIGJldHdlZW4gdGhlIHJlc291cmNlIG93bmVyIGFuZCB0aGUgSFRUUCBzZXJ2aWNlLCBv
ciBieSBhbGxvd2luZyB0aGUgdGhpcmQtcGFydHkKICAgICAgICBhcHBsaWNhdGlvbiB0byBvYnRh
aW4gYWNjZXNzIG9uIGl0cyBvd24gYmVoYWxmLiBUaGlzIHNwZWNpZmljYXRpb24gcmVwbGFjZXMg
YW5kIG9ic29sZXRlcwogICAgICAgIHRoZSBPQXV0aCAxLjAgcHJvdG9jb2wgZGVzY3JpYmVkIGlu
IFJGQyA1ODQ5LgogICAgICA8L3Q+CiAgICA8L2Fic3RyYWN0PgogIDwvZnJvbnQ+CgogIDxtaWRk
bGU+CgogICAgPHNlY3Rpb24gdGl0bGU9J0ludHJvZHVjdGlvbic+CiAgICAgIDx0PgogICAgICAg
IEluIHRoZSB0cmFkaXRpb25hbCBjbGllbnQtc2VydmVyIGF1dGhlbnRpY2F0aW9uIG1vZGVsLCB0
aGUgY2xpZW50IHJlcXVlc3RzIGFuIGFjY2VzcwogICAgICAgIHJlc3RyaWN0ZWQgcmVzb3VyY2Ug
KHByb3RlY3RlZCByZXNvdXJjZSkgb24gdGhlIHNlcnZlciBieSBhdXRoZW50aWNhdGluZyB3aXRo
IHRoZSBzZXJ2ZXIKICAgICAgICB1c2luZyB0aGUgcmVzb3VyY2Ugb3duZXIncyBjcmVkZW50aWFs
cy4gSW4gb3JkZXIgdG8gcHJvdmlkZSB0aGlyZC1wYXJ0eSBhcHBsaWNhdGlvbnMgYWNjZXNzCiAg
ICAgICAgdG8gcmVzdHJpY3RlZCByZXNvdXJjZXMsIHRoZSByZXNvdXJjZSBvd25lciBzaGFyZXMg
aXRzIGNyZWRlbnRpYWxzIHdpdGggdGhlIHRoaXJkLXBhcnR5LgogICAgICAgIFRoaXMgY3JlYXRl
cyBzZXZlcmFsIHByb2JsZW1zIGFuZCBsaW1pdGF0aW9uczoKICAgICAgPC90PgogICAgICA8dD4K
ICAgICAgICA8bGlzdCBzdHlsZT0nc3ltYm9scyc+CiAgICAgICAgICA8dD4KICAgICAgICAgICAg
VGhpcmQtcGFydHkgYXBwbGljYXRpb25zIGFyZSByZXF1aXJlZCB0byBzdG9yZSB0aGUgcmVzb3Vy
Y2Ugb3duZXIncyBjcmVkZW50aWFscwogICAgICAgICAgICBmb3IgZnV0dXJlIHVzZSwgdHlwaWNh
bGx5IGEgcGFzc3dvcmQgaW4gY2xlYXItdGV4dC4KICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0
PgogICAgICAgICAgICBTZXJ2ZXJzIGFyZSByZXF1aXJlZCB0byBzdXBwb3J0IHBhc3N3b3JkIGF1
dGhlbnRpY2F0aW9uLCBkZXNwaXRlIHRoZSBzZWN1cml0eQogICAgICAgICAgICB3ZWFrbmVzc2Vz
IGluaGVyZW50IGluIHBhc3N3b3Jkcy4KICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAg
ICAgICAgICBUaGlyZC1wYXJ0eSBhcHBsaWNhdGlvbnMgZ2FpbiBvdmVybHkgYnJvYWQgYWNjZXNz
IHRvIHRoZSByZXNvdXJjZSBvd25lcidzIHByb3RlY3RlZAogICAgICAgICAgICByZXNvdXJjZXMs
IGxlYXZpbmcgcmVzb3VyY2Ugb3duZXJzIHdpdGhvdXQgYW55IGFiaWxpdHkgdG8gcmVzdHJpY3Qg
ZHVyYXRpb24gb3IgYWNjZXNzCiAgICAgICAgICAgIHRvIGEgbGltaXRlZCBzdWJzZXQgb2YgcmVz
b3VyY2VzLgogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIFJlc291cmNl
IG93bmVycyBjYW5ub3QgcmV2b2tlIGFjY2VzcyB0byBhbiBpbmRpdmlkdWFsIHRoaXJkLXBhcnR5
IHdpdGhvdXQgcmV2b2tpbmcKICAgICAgICAgICAgYWNjZXNzIHRvIGFsbCB0aGlyZC1wYXJ0aWVz
LCBhbmQgbXVzdCBkbyBzbyBieSBjaGFuZ2luZyB0aGVpciBwYXNzd29yZC4KICAgICAgICAgIDwv
dD4KICAgICAgICAgIDx0PgogICAgICAgICAgICBDb21wcm9taXNlIG9mIGFueSB0aGlyZC1wYXJ0
eSBhcHBsaWNhdGlvbiByZXN1bHRzIGluIGNvbXByb21pc2Ugb2YgdGhlIGVuZC11c2VyJ3MKICAg
ICAgICAgICAgcGFzc3dvcmQgYW5kIGFsbCBvZiB0aGUgZGF0YSBwcm90ZWN0ZWQgYnkgdGhhdCBw
YXNzd29yZC4KICAgICAgICAgIDwvdD4KICAgICAgICA8L2xpc3Q+CiAgICAgIDwvdD4KICAgICAg
PHQ+CiAgICAgICAgT0F1dGggYWRkcmVzc2VzIHRoZXNlIGlzc3VlcyBieSBpbnRyb2R1Y2luZyBh
biBhdXRob3JpemF0aW9uIGxheWVyIGFuZCBzZXBhcmF0aW5nIHRoZSByb2xlCiAgICAgICAgb2Yg
dGhlIGNsaWVudCBmcm9tIHRoYXQgb2YgdGhlIHJlc291cmNlIG93bmVyLiBJbiBPQXV0aCwgdGhl
IGNsaWVudCByZXF1ZXN0cyBhY2Nlc3MgdG8KICAgICAgICByZXNvdXJjZXMgY29udHJvbGxlZCBi
eSB0aGUgcmVzb3VyY2Ugb3duZXIgYW5kIGhvc3RlZCBieSB0aGUgcmVzb3VyY2Ugc2VydmVyLCBh
bmQgaXMgaXNzdWVkCiAgICAgICAgYSBkaWZmZXJlbnQgc2V0IG9mIGNyZWRlbnRpYWxzIHRoYW4g
dGhvc2Ugb2YgdGhlIHJlc291cmNlIG93bmVyLgogICAgICA8L3Q+CiAgICAgIDx0PgogICAgICAg
IEluc3RlYWQgb2YgdXNpbmcgdGhlIHJlc291cmNlIG93bmVyJ3MgY3JlZGVudGlhbHMgdG8gYWNj
ZXNzIHByb3RlY3RlZCByZXNvdXJjZXMsIHRoZSBjbGllbnQKICAgICAgICBvYnRhaW5zIGFuIGFj
Y2VzcyB0b2tlbiAtIGEgc3RyaW5nIGRlbm90aW5nIGEgc3BlY2lmaWMgc2NvcGUsIGxpZmV0aW1l
LCBhbmQgb3RoZXIgYWNjZXNzCiAgICAgICAgYXR0cmlidXRlcy4gQWNjZXNzIHRva2VucyBhcmUg
aXNzdWVkIHRvIHRoaXJkLXBhcnR5IGNsaWVudHMgYnkgYW4gYXV0aG9yaXphdGlvbiBzZXJ2ZXIg
d2l0aAogICAgICAgIHRoZSBhcHByb3ZhbCBvZiB0aGUgcmVzb3VyY2Ugb3duZXIuIFRoZSBjbGll
bnQgdXNlcyB0aGUgYWNjZXNzIHRva2VuIHRvIGFjY2VzcyB0aGUKICAgICAgICBwcm90ZWN0ZWQg
cmVzb3VyY2VzIGhvc3RlZCBieSB0aGUgcmVzb3VyY2Ugc2VydmVyLgogICAgICA8L3Q+CiAgICAg
IDx0PgogICAgICAgIEZvciBleGFtcGxlLCBhbiBlbmQtdXNlciAocmVzb3VyY2Ugb3duZXIpIGNh
biBncmFudCBhIHByaW50aW5nIHNlcnZpY2UgKGNsaWVudCkgYWNjZXNzCiAgICAgICAgdG8gaGVy
IHByb3RlY3RlZCBwaG90b3Mgc3RvcmVkIGF0IGEgcGhvdG8gc2hhcmluZyBzZXJ2aWNlIChyZXNv
dXJjZSBzZXJ2ZXIpLCB3aXRob3V0CiAgICAgICAgc2hhcmluZyBoZXIgdXNlcm5hbWUgYW5kIHBh
c3N3b3JkIHdpdGggdGhlIHByaW50aW5nIHNlcnZpY2UuIEluc3RlYWQsIHNoZSBhdXRoZW50aWNh
dGVzCiAgICAgICAgZGlyZWN0bHkgd2l0aCBhIHNlcnZlciB0cnVzdGVkIGJ5IHRoZSBwaG90byBz
aGFyaW5nIHNlcnZpY2UgKGF1dGhvcml6YXRpb24gc2VydmVyKSB3aGljaAogICAgICAgIGlzc3Vl
cyB0aGUgcHJpbnRpbmcgc2VydmljZSBkZWxlZ2F0aW9uLXNwZWNpZmljIGNyZWRlbnRpYWxzIChh
Y2Nlc3MgdG9rZW4pLgogICAgICA8L3Q+CiAgICAgIDx0PgogICAgICAgIFRoaXMgc3BlY2lmaWNh
dGlvbiBpcyBkZXNpZ25lZCBmb3IgdXNlIHdpdGggSFRUUCAoPHhyZWYgdGFyZ2V0PSdSRkMyNjE2
JyAvPikuIFRoZSB1c2Ugb2YKICAgICAgICBPQXV0aCBvdmVyIGFueSBvdGhlciBwcm90b2NvbCB0
aGFuIEhUVFAgaXMgb3V0IG9mIHNjb3BlLgogICAgICA8L3Q+CiAgICAgIDx0PgogICAgICAgIFRo
ZSBPQXV0aCAxLjAgcHJvdG9jb2wgKDx4cmVmIHRhcmdldD0nUkZDNTg0OScgLz4pLCBwdWJsaXNo
ZWQgYXMgYW4gaW5mb3JtYXRpb25hbCBkb2N1bWVudCwKICAgICAgICB3YXMgdGhlIHJlc3VsdCBv
ZiBhIHNtYWxsIGFkLWhvYyBjb21tdW5pdHkgZWZmb3J0LiBUaGlzIHN0YW5kYXJkcy10cmFjayBz
cGVjaWZpY2F0aW9uIGJ1aWxkcwogICAgICAgIG9uIHRoZSBPQXV0aCAxLjAgZGVwbG95bWVudCBl
eHBlcmllbmNlLCBhcyB3ZWxsIGFzIGFkZGl0aW9uYWwgdXNlIGNhc2VzIGFuZCBleHRlbnNpYmls
aXR5CiAgICAgICAgcmVxdWlyZW1lbnRzIGdhdGhlcmVkIGZyb20gdGhlIHdpZGVyIElFVEYgY29t
bXVuaXR5LiBUaGUgT0F1dGggMi4wIHByb3RvY29sIGlzIG5vdCBiYWNrd2FyZAogICAgICAgIGNv
bXBhdGlibGUgd2l0aCBPQXV0aCAxLjAuIFRoZSB0d28gdmVyc2lvbnMgbWF5IGNvLWV4aXN0IG9u
IHRoZSBuZXR3b3JrIGFuZCBpbXBsZW1lbnRhdGlvbnMKICAgICAgICBtYXkgY2hvb3NlIHRvIHN1
cHBvcnQgYm90aC4gSG93ZXZlciwgaXQgaXMgdGhlIGludGVudGlvbiBvZiB0aGlzIHNwZWNpZmlj
YXRpb24gdGhhdCBuZXcKICAgICAgICBpbXBsZW1lbnRhdGlvbiBzdXBwb3J0IE9BdXRoIDIuMCBh
cyBzcGVjaWZpZWQgaW4gdGhpcyBkb2N1bWVudCwgYW5kIHRoYXQgT0F1dGggMS4wIGlzIHVzZWQK
ICAgICAgICBvbmx5IHRvIHN1cHBvcnQgZXhpc3RpbmcgZGVwbG95bWVudHMuIFRoZSBPQXV0aCAy
LjAgcHJvdG9jb2wgc2hhcmVzIHZlcnkgZmV3IGltcGxlbWVudGF0aW9uCiAgICAgICAgZGV0YWls
cyB3aXRoIHRoZSBPQXV0aCAxLjAgcHJvdG9jb2wuIEltcGxlbWVudGVycyBmYW1pbGlhciB3aXRo
IE9BdXRoIDEuMCBzaG91bGQgYXBwcm9hY2gKICAgICAgICB0aGlzIGRvY3VtZW50IHdpdGhvdXQg
YW55IGFzc3VtcHRpb25zIGFzIHRvIGl0cyBzdHJ1Y3R1cmUgYW5kIGRldGFpbHMuCiAgICAgIDwv
dD4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSdSb2xlcyc+CiAgICAgICAgPHQ+CiAgICAgICAgICBP
QXV0aCBkZWZpbmVzIGZvdXIgcm9sZXM6CiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAg
ICAgPGxpc3Qgc3R5bGU9J2hhbmdpbmcnPgogICAgICAgICAgICA8dCBoYW5nVGV4dD0ncmVzb3Vy
Y2Ugb3duZXInPgogICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICBBbiBlbnRp
dHkgY2FwYWJsZSBvZiBncmFudGluZyBhY2Nlc3MgdG8gYSBwcm90ZWN0ZWQgcmVzb3VyY2UuIFdo
ZW4gdGhlIHJlc291cmNlIG93bmVyCiAgICAgICAgICAgICAgaXMgYSBwZXJzb24sIGl0IGlzIHJl
ZmVycmVkIHRvIGFzIGFuIGVuZC11c2VyLgogICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDx0
IGhhbmdUZXh0PSdyZXNvdXJjZSBzZXJ2ZXInPgogICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAg
ICAgICAgICAgICBUaGUgc2VydmVyIGhvc3RpbmcgdGhlIHByb3RlY3RlZCByZXNvdXJjZXMsIGNh
cGFibGUgb2YgYWNjZXB0aW5nIGFuZCByZXNwb25kaW5nIHRvCiAgICAgICAgICAgICAgcHJvdGVj
dGVkIHJlc291cmNlIHJlcXVlc3RzIHVzaW5nIGFjY2VzcyB0b2tlbnMuCiAgICAgICAgICAgIDwv
dD4KICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J2NsaWVudCc+CiAgICAgICAgICAgICAgPHZzcGFj
ZSAvPgogICAgICAgICAgICAgIEFuIGFwcGxpY2F0aW9uIG1ha2luZyBwcm90ZWN0ZWQgcmVzb3Vy
Y2UgcmVxdWVzdHMgb24gYmVoYWxmIG9mIHRoZSByZXNvdXJjZSBvd25lciBhbmQKICAgICAgICAg
ICAgICB3aXRoIGl0cyBhdXRob3JpemF0aW9uLiBUaGUgdGVybSBjbGllbnQgZG9lcyBub3QgaW1w
bHkgYW55IHBhcnRpY3VsYXIgaW1wbGVtZW50YXRpb24KICAgICAgICAgICAgICBjaGFyYWN0ZXJp
c3RpY3MgKGUuZy4gd2hldGhlciB0aGUgYXBwbGljYXRpb24gZXhlY3V0ZXMgb24gYSBzZXJ2ZXIs
IGEgZGVza3RvcCwgb3IKICAgICAgICAgICAgICBvdGhlciBkZXZpY2VzKS4KICAgICAgICAgICAg
PC90PgogICAgICAgICAgICA8dCBoYW5nVGV4dD0nYXV0aG9yaXphdGlvbiBzZXJ2ZXInPgogICAg
ICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICBUaGUgc2VydmVyIGlzc3VpbmcgYWNj
ZXNzIHRva2VucyB0byB0aGUgY2xpZW50IGFmdGVyIHN1Y2Nlc3NmdWxseSBhdXRoZW50aWNhdGlu
ZyB0aGUKICAgICAgICAgICAgICByZXNvdXJjZSBvd25lciBhbmQgb2J0YWluaW5nIGF1dGhvcml6
YXRpb24uCiAgICAgICAgICAgIDwvdD4KICAgICAgICAgIDwvbGlzdD4KICAgICAgICA8L3Q+CiAg
ICAgICAgPHQ+CiAgICAgICAgICBUaGUgaW50ZXJhY3Rpb24gYmV0d2VlbiB0aGUgYXV0aG9yaXph
dGlvbiBzZXJ2ZXIgYW5kIHJlc291cmNlIHNlcnZlciBpcyBiZXlvbmQgdGhlIHNjb3BlCiAgICAg
ICAgICBvZiB0aGlzIHNwZWNpZmljYXRpb24uIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBtYXkg
YmUgdGhlIHNhbWUgc2VydmVyIGFzIHRoZSByZXNvdXJjZQogICAgICAgICAgc2VydmVyIG9yIGEg
c2VwYXJhdGUgZW50aXR5LiBBIHNpbmdsZSBhdXRob3JpemF0aW9uIHNlcnZlciBtYXkgaXNzdWUg
YWNjZXNzIHRva2VucwogICAgICAgICAgYWNjZXB0ZWQgYnkgbXVsdGlwbGUgcmVzb3VyY2Ugc2Vy
dmVycy4KICAgICAgICA8L3Q+CiAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDxzZWN0aW9uIHRpdGxl
PSdQcm90b2NvbCBGbG93Jz4KICAgICAgICA8ZmlndXJlIHRpdGxlPSdBYnN0cmFjdCBQcm90b2Nv
bCBGbG93JyBhbmNob3I9J0ZpZ3VyZS0xJz4KICAgICAgICAgIDxhcnR3b3JrPgogICAgICAgICAg
ICA8IVtDREFUQVsKICArLS0tLS0tLS0rICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICst
LS0tLS0tLS0tLS0tLS0rCiAgfCAgICAgICAgfC0tKEEpLSBBdXRob3JpemF0aW9uIFJlcXVlc3Qg
LT58ICAgUmVzb3VyY2UgICAgfAogIHwgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgfCAgICAgT3duZXIgICAgIHwKICB8ICAgICAgICB8PC0oQiktLSBBdXRob3JpemF0aW9u
IEdyYW50IC0tLXwgICAgICAgICAgICAgICB8CiAgfCAgICAgICAgfCAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tKwogIHwgICAgICAgIHwKICB8ICAgICAgICB8
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICstLS0tLS0tLS0tLS0tLS0rCiAgfCAgICAg
ICAgfC0tKEMpLS0gQXV0aG9yaXphdGlvbiBHcmFudCAtLT58IEF1dGhvcml6YXRpb24gfAogIHwg
Q2xpZW50IHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgICAgU2VydmVyICAgIHwK
ICB8ICAgICAgICB8PC0oRCktLS0tLSBBY2Nlc3MgVG9rZW4gLS0tLS0tLXwgICAgICAgICAgICAg
ICB8CiAgfCAgICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICArLS0tLS0tLS0t
LS0tLS0tKwogIHwgICAgICAgIHwKICB8ICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICstLS0tLS0tLS0tLS0tLS0rCiAgfCAgICAgICAgfC0tKEUpLS0tLS0gQWNjZXNzIFRv
a2VuIC0tLS0tLT58ICAgIFJlc291cmNlICAgfAogIHwgICAgICAgIHwgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgfCAgICAgU2VydmVyICAgIHwKICB8ICAgICAgICB8PC0oRiktLS0gUHJv
dGVjdGVkIFJlc291cmNlIC0tLXwgICAgICAgICAgICAgICB8CiAgKy0tLS0tLS0tKyAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tKwpdXT4KICAgICAgICAgIDwv
YXJ0d29yaz4KICAgICAgICA8L2ZpZ3VyZT4KICAgICAgICA8dD4KICAgICAgICAgIFRoZSBhYnN0
cmFjdCBmbG93IGlsbHVzdHJhdGVkIGluIDx4cmVmIHRhcmdldD0nRmlndXJlLTEnIC8+IGRlc2Ny
aWJlcyB0aGUgaW50ZXJhY3Rpb24KICAgICAgICAgIGJldHdlZW4gdGhlIGZvdXIgcm9sZXMgYW5k
IGluY2x1ZGVzIHRoZSBmb2xsb3dpbmcgc3RlcHM6CiAgICAgICAgPC90PgogICAgICAgIDx0Pgog
ICAgICAgICAgPGxpc3Qgc3R5bGU9J2Zvcm1hdCAoJUMpJz4KICAgICAgICAgICAgPHQ+CiAgICAg
ICAgICAgICAgVGhlIGNsaWVudCByZXF1ZXN0cyBhdXRob3JpemF0aW9uIGZyb20gdGhlIHJlc291
cmNlIG93bmVyLiBUaGUgYXV0aG9yaXphdGlvbiByZXF1ZXN0CiAgICAgICAgICAgICAgY2FuIGJl
IG1hZGUgZGlyZWN0bHkgdG8gdGhlIHJlc291cmNlIG93bmVyIChhcyBzaG93biksIG9yIHByZWZl
cmFibHkgaW5kaXJlY3RseSB2aWEKICAgICAgICAgICAgICB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2
ZXIgYXMgYW4gaW50ZXJtZWRpYXJ5LgogICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDx0Pgog
ICAgICAgICAgICAgIFRoZSBjbGllbnQgcmVjZWl2ZXMgYW4gYXV0aG9yaXphdGlvbiBncmFudCB3
aGljaCBpcyBhIGNyZWRlbnRpYWwgcmVwcmVzZW50aW5nCiAgICAgICAgICAgICAgdGhlIHJlc291
cmNlIG93bmVyJ3MgYXV0aG9yaXphdGlvbiwgZXhwcmVzc2VkIHVzaW5nIG9uZSBvZiBmb3VyIGdy
YW50IHR5cGVzIGRlZmluZWQKICAgICAgICAgICAgICBpbiB0aGlzIHNwZWNpZmljYXRpb24gb3Ig
dXNpbmcgYW4gZXh0ZW5zaW9uIGdyYW50IHR5cGUuIFRoZSBhdXRob3JpemF0aW9uIGdyYW50IHR5
cGUKICAgICAgICAgICAgICBkZXBlbmRzIG9uIHRoZSBtZXRob2QgdXNlZCBieSB0aGUgY2xpZW50
IHRvIHJlcXVlc3QgYXV0aG9yaXphdGlvbiBhbmQgdGhlIHR5cGVzCiAgICAgICAgICAgICAgc3Vw
cG9ydGVkIGJ5IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4KICAgICAgICAgICAgPC90PgogICAg
ICAgICAgICA8dD4KICAgICAgICAgICAgICBUaGUgY2xpZW50IHJlcXVlc3RzIGFuIGFjY2VzcyB0
b2tlbiBieSBhdXRoZW50aWNhdGluZyB3aXRoIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcgogICAg
ICAgICAgICAgIGFuZCBwcmVzZW50aW5nIHRoZSBhdXRob3JpemF0aW9uIGdyYW50LgogICAgICAg
ICAgICA8L3Q+CiAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9u
IHNlcnZlciBhdXRoZW50aWNhdGVzIHRoZSBjbGllbnQgYW5kIHZhbGlkYXRlcyB0aGUgYXV0aG9y
aXphdGlvbgogICAgICAgICAgICAgIGdyYW50LCBhbmQgaWYgdmFsaWQgaXNzdWVzIGFuIGFjY2Vz
cyB0b2tlbi4KICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8dD4KICAgICAgICAgICAgICBU
aGUgY2xpZW50IHJlcXVlc3RzIHRoZSBwcm90ZWN0ZWQgcmVzb3VyY2UgZnJvbSB0aGUgcmVzb3Vy
Y2Ugc2VydmVyIGFuZCBhdXRoZW50aWNhdGVzCiAgICAgICAgICAgICAgYnkgcHJlc2VudGluZyB0
aGUgYWNjZXNzIHRva2VuLgogICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDx0PgogICAgICAg
ICAgICAgIFRoZSByZXNvdXJjZSBzZXJ2ZXIgdmFsaWRhdGVzIHRoZSBhY2Nlc3MgdG9rZW4sIGFu
ZCBpZiB2YWxpZCwgc2VydmVzIHRoZSByZXF1ZXN0LgogICAgICAgICAgICA8L3Q+CiAgICAgICAg
ICA8L2xpc3Q+CiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgVGhlIHByZWZlcnJl
ZCBtZXRob2QgZm9yIHRoZSBjbGllbnQgdG8gb2J0YWluIGFuIGF1dGhvcml6YXRpb24gZ3JhbnQg
ZnJvbSB0aGUgcmVzb3VyY2UKICAgICAgICAgIG93bmVyIChkZXBpY3RlZCBpbiBzdGVwcyAoQSkg
YW5kIChCKSkgaXMgdG8gdXNlIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhcyBhbiBpbnRlcm1l
ZGlhcnkKICAgICAgICAgIHdoaWNoIGlzIGlsbHVzdHJhdGVkIGluIDx4cmVmIHRhcmdldD0nRmln
dXJlLTMnIC8+LgogICAgICAgIDwvdD4KICAgICAgPC9zZWN0aW9uPgoKICAgICAgPHNlY3Rpb24g
dGl0bGU9J0F1dGhvcml6YXRpb24gR3JhbnQnPgogICAgICAgIDx0PgogICAgICAgICAgQW4gYXV0
aG9yaXphdGlvbiBncmFudCBpcyBhIGNyZWRlbnRpYWwgcmVwcmVzZW50aW5nIHRoZSByZXNvdXJj
ZSBvd25lcidzIGF1dGhvcml6YXRpb24KICAgICAgICAgICh0byBhY2Nlc3MgaXRzIHByb3RlY3Rl
ZCByZXNvdXJjZXMpIHVzZWQgYnkgdGhlIGNsaWVudCB0byBvYnRhaW4gYW4gYWNjZXNzIHRva2Vu
LiBUaGlzCiAgICAgICAgICBzcGVjaWZpY2F0aW9uIGRlZmluZXMgZm91ciBncmFudCB0eXBlczog
YXV0aG9yaXphdGlvbiBjb2RlLCBpbXBsaWNpdCwgcmVzb3VyY2Ugb3duZXIKICAgICAgICAgIHBh
c3N3b3JkIGNyZWRlbnRpYWxzLCBhbmQgY2xpZW50IGNyZWRlbnRpYWxzLCBhcyB3ZWxsIGFzIGFu
IGV4dGVuc2liaWxpdHkgbWVjaGFuaXNtIGZvcgogICAgICAgICAgZGVmaW5pbmcgYWRkaXRpb25h
bCB0eXBlcy4KICAgICAgICA8L3Q+CgogICAgICAgIDxzZWN0aW9uIHRpdGxlPSdBdXRob3JpemF0
aW9uIENvZGUnPgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIGNv
ZGUgaXMgb2J0YWluZWQgYnkgdXNpbmcgYW4gYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXMgYW4gaW50
ZXJtZWRpYXJ5CiAgICAgICAgICAgIGJldHdlZW4gdGhlIGNsaWVudCBhbmQgcmVzb3VyY2Ugb3du
ZXIuIEluc3RlYWQgb2YgcmVxdWVzdGluZyBhdXRob3JpemF0aW9uIGRpcmVjdGx5CiAgICAgICAg
ICAgIGZyb20gdGhlIHJlc291cmNlIG93bmVyLCB0aGUgY2xpZW50IGRpcmVjdHMgdGhlIHJlc291
cmNlIG93bmVyIHRvIGFuIGF1dGhvcml6YXRpb24KICAgICAgICAgICAgc2VydmVyICh2aWEgaXRz
IHVzZXItYWdlbnQgYXMgZGVmaW5lZCBpbiA8eHJlZiB0YXJnZXQ9J1JGQzI2MTYnIC8+KSwgd2hp
Y2ggaW4gdHVybgogICAgICAgICAgICBkaXJlY3RzIHRoZSByZXNvdXJjZSBvd25lciBiYWNrIHRv
IHRoZSBjbGllbnQgd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBjb2RlLgogICAgICAgICAgPC90Pgog
ICAgICAgICAgPHQ+CiAgICAgICAgICAgIEJlZm9yZSBkaXJlY3RpbmcgdGhlIHJlc291cmNlIG93
bmVyIGJhY2sgdG8gdGhlIGNsaWVudCB3aXRoIHRoZSBhdXRob3JpemF0aW9uIGNvZGUsIHRoZQog
ICAgICAgICAgICBhdXRob3JpemF0aW9uIHNlcnZlciBhdXRoZW50aWNhdGVzIHRoZSByZXNvdXJj
ZSBvd25lciBhbmQgb2J0YWlucyBhdXRob3JpemF0aW9uLgogICAgICAgICAgICBCZWNhdXNlIHRo
ZSByZXNvdXJjZSBvd25lciBvbmx5IGF1dGhlbnRpY2F0ZXMgd2l0aCB0aGUgYXV0aG9yaXphdGlv
biBzZXJ2ZXIsIHRoZQogICAgICAgICAgICByZXNvdXJjZSBvd25lcidzIGNyZWRlbnRpYWxzIGFy
ZSBuZXZlciBzaGFyZWQgd2l0aCB0aGUgY2xpZW50LgogICAgICAgICAgPC90PgogICAgICAgICAg
PHQ+CiAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIGNvZGUgcHJvdmlkZXMgYSBmZXcgaW1w
b3J0YW50IHNlY3VyaXR5IGJlbmVmaXRzIHN1Y2ggYXMgdGhlIGFiaWxpdHkKICAgICAgICAgICAg
dG8gYXV0aGVudGljYXRlIHRoZSBjbGllbnQsIGFuZCB0aGUgdHJhbnNtaXNzaW9uIG9mIHRoZSBh
Y2Nlc3MgdG9rZW4gZGlyZWN0bHkgdG8KICAgICAgICAgICAgdGhlIGNsaWVudCB3aXRob3V0IHBh
c3NpbmcgaXQgdGhyb3VnaCB0aGUgcmVzb3VyY2Ugb3duZXIncyB1c2VyLWFnZW50LCBwb3RlbnRp
YWxseQogICAgICAgICAgICBleHBvc2luZyBpdCB0byBvdGhlcnMsIGluY2x1ZGluZyB0aGUgcmVz
b3VyY2Ugb3duZXIuCiAgICAgICAgICA8L3Q+CiAgICAgICAgPC9zZWN0aW9uPgoKICAgICAgICA8
c2VjdGlvbiB0aXRsZT0nSW1wbGljaXQnPgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIFRoZSBp
bXBsaWNpdCBncmFudCBpcyBhIHNpbXBsaWZpZWQgYXV0aG9yaXphdGlvbiBjb2RlIGZsb3cgb3B0
aW1pemVkIGZvciBjbGllbnRzCiAgICAgICAgICAgIGltcGxlbWVudGVkIGluIGEgYnJvd3NlciB1
c2luZyBhIHNjcmlwdGluZyBsYW5ndWFnZSBzdWNoIGFzIEphdmFTY3JpcHQuIEluIHRoZSBpbXBs
aWNpdAogICAgICAgICAgICBmbG93LCBpbnN0ZWFkIG9mIGlzc3VpbmcgdGhlIGNsaWVudCBhbiBh
dXRob3JpemF0aW9uIGNvZGUsIHRoZSBjbGllbnQgaXMgaXNzdWVkIGFuCiAgICAgICAgICAgIGFj
Y2VzcyB0b2tlbiBkaXJlY3RseSAoYXMgdGhlIHJlc3VsdCBvZiB0aGUgcmVzb3VyY2Ugb3duZXIg
YXV0aG9yaXphdGlvbikuIFRoZSBncmFudAogICAgICAgICAgICB0eXBlIGlzIGltcGxpY2l0IGFz
IG5vIGludGVybWVkaWF0ZSBjcmVkZW50aWFscyAoc3VjaCBhcyBhbiBhdXRob3JpemF0aW9uIGNv
ZGUpIGFyZQogICAgICAgICAgICBpc3N1ZWQgKGFuZCBsYXRlciB1c2VkIHRvIG9idGFpbiBhbiBh
Y2Nlc3MgdG9rZW4pLgogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIFdo
ZW4gaXNzdWluZyBhbiBhY2Nlc3MgdG9rZW4gZHVyaW5nIHRoZSBpbXBsaWNpdCBncmFudCBmbG93
LCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIKICAgICAgICAgICAgZG9lcyBub3QgYXV0aGVudGlj
YXRlIHRoZSBjbGllbnQuIEluIHNvbWUgY2FzZXMsIHRoZSBjbGllbnQgaWRlbnRpdHkgY2FuIGJl
IHZlcmlmaWVkCiAgICAgICAgICAgIHZpYSB0aGUgcmVkaXJlY3Rpb24gVVJJIHVzZWQgdG8gZGVs
aXZlciB0aGUgYWNjZXNzIHRva2VuIHRvIHRoZSBjbGllbnQuIFRoZSBhY2Nlc3MKICAgICAgICAg
ICAgdG9rZW4gbWF5IGJlIGV4cG9zZWQgdG8gdGhlIHJlc291cmNlIG93bmVyIG9yIG90aGVyIGFw
cGxpY2F0aW9ucyB3aXRoIGFjY2VzcyB0byB0aGUKICAgICAgICAgICAgcmVzb3VyY2Ugb3duZXIn
cyB1c2VyLWFnZW50LgogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIElt
cGxpY2l0IGdyYW50cyBpbXByb3ZlIHRoZSByZXNwb25zaXZlbmVzcyBhbmQgZWZmaWNpZW5jeSBv
ZiBzb21lIGNsaWVudHMgKHN1Y2ggYXMgYQogICAgICAgICAgICBjbGllbnQgaW1wbGVtZW50ZWQg
YXMgYW4gaW4tYnJvd3NlciBhcHBsaWNhdGlvbikgc2luY2UgaXQgcmVkdWNlcyB0aGUgbnVtYmVy
IG9mIHJvdW5kCiAgICAgICAgICAgIHRyaXBzIHJlcXVpcmVkIHRvIG9idGFpbiBhbiBhY2Nlc3Mg
dG9rZW4uIEhvd2V2ZXIsIHRoaXMgY29udmVuaWVuY2Ugc2hvdWxkIGJlIHdlaWdoZWQKICAgICAg
ICAgICAgYWdhaW5zdCB0aGUgc2VjdXJpdHkgaW1wbGljYXRpb25zIG9mIHVzaW5nIGltcGxpY2l0
IGdyYW50cywgZXNwZWNpYWxseSB3aGVuIHRoZQogICAgICAgICAgICBhdXRob3JpemF0aW9uIGNv
ZGUgZ3JhbnQgdHlwZSBpcyBhdmFpbGFibGUuCiAgICAgICAgICA8L3Q+CiAgICAgICAgPC9zZWN0
aW9uPgoKICAgICAgICA8c2VjdGlvbiB0aXRsZT0iUmVzb3VyY2UgT3duZXIgUGFzc3dvcmQgQ3Jl
ZGVudGlhbHMiPgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIFRoZSByZXNvdXJjZSBvd25lciBw
YXNzd29yZCBjcmVkZW50aWFscyAoaS5lLiB1c2VybmFtZSBhbmQgcGFzc3dvcmQpIGNhbiBiZSB1
c2VkCiAgICAgICAgICAgIGRpcmVjdGx5IGFzIGFuIGF1dGhvcml6YXRpb24gZ3JhbnQgdG8gb2J0
YWluIGFuIGFjY2VzcyB0b2tlbi4gVGhlIGNyZWRlbnRpYWxzIHNob3VsZAogICAgICAgICAgICBv
bmx5IGJlIHVzZWQgd2hlbiB0aGVyZSBpcyBhIGhpZ2ggZGVncmVlIG9mIHRydXN0IGJldHdlZW4g
dGhlIHJlc291cmNlIG93bmVyIGFuZCB0aGUKICAgICAgICAgICAgY2xpZW50IChlLmcuIHRoZSBj
bGllbnQgaXMgcGFydCBvZiB0aGUgZGV2aWNlIG9wZXJhdGluZyBzeXN0ZW0gb3IgYSBoaWdobHkg
cHJpdmlsZWdlZAogICAgICAgICAgICBhcHBsaWNhdGlvbiksIGFuZCB3aGVuIG90aGVyIGF1dGhv
cml6YXRpb24gZ3JhbnQgdHlwZXMgYXJlIG5vdCBhdmFpbGFibGUgKHN1Y2ggYXMgYW4KICAgICAg
ICAgICAgYXV0aG9yaXphdGlvbiBjb2RlKS4KICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0Pgog
ICAgICAgICAgICBFdmVuIHRob3VnaCB0aGlzIGdyYW50IHR5cGUgcmVxdWlyZXMgZGlyZWN0IGNs
aWVudCBhY2Nlc3MgdG8gdGhlIHJlc291cmNlIG93bmVyCiAgICAgICAgICAgIGNyZWRlbnRpYWxz
LCB0aGUgcmVzb3VyY2Ugb3duZXIgY3JlZGVudGlhbHMgYXJlIHVzZWQgZm9yIGEgc2luZ2xlIHJl
cXVlc3QgYW5kIGFyZQogICAgICAgICAgICBleGNoYW5nZWQgZm9yIGFuIGFjY2VzcyB0b2tlbi4g
VGhpcyBncmFudCB0eXBlIGNhbiBlbGltaW5hdGUgdGhlIG5lZWQgZm9yIHRoZSBjbGllbnQKICAg
ICAgICAgICAgdG8gc3RvcmUgdGhlIHJlc291cmNlIG93bmVyIGNyZWRlbnRpYWxzIGZvciBmdXR1
cmUgdXNlLCBieSBleGNoYW5naW5nIHRoZSBjcmVkZW50aWFscwogICAgICAgICAgICB3aXRoIGEg
bG9uZy1saXZlZCBhY2Nlc3MgdG9rZW4gb3IgcmVmcmVzaCB0b2tlbi4KICAgICAgICAgIDwvdD4K
ICAgICAgICA8L3NlY3Rpb24+CgogICAgICAgIDxzZWN0aW9uIHRpdGxlPSdDbGllbnQgQ3JlZGVu
dGlhbHMnPgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIFRoZSBjbGllbnQgY3JlZGVudGlhbHMg
KG9yIG90aGVyIGZvcm1zIG9mIGNsaWVudCBhdXRoZW50aWNhdGlvbikgY2FuIGJlIHVzZWQgYXMg
YW4KICAgICAgICAgICAgYXV0aG9yaXphdGlvbiBncmFudCB3aGVuIHRoZSBhdXRob3JpemF0aW9u
IHNjb3BlIGlzIGxpbWl0ZWQgdG8gdGhlIHByb3RlY3RlZCByZXNvdXJjZXMKICAgICAgICAgICAg
dW5kZXIgdGhlIGNvbnRyb2wgb2YgdGhlIGNsaWVudCwgb3IgdG8gcHJvdGVjdGVkIHJlc291cmNl
cyBwcmV2aW91c2x5IGFycmFuZ2VkIHdpdGggdGhlCiAgICAgICAgICAgIGF1dGhvcml6YXRpb24g
c2VydmVyLiBDbGllbnQgY3JlZGVudGlhbHMgYXJlIHVzZWQgYXMgYW4gYXV0aG9yaXphdGlvbiBn
cmFudCB0eXBpY2FsbHkKICAgICAgICAgICAgd2hlbiB0aGUgY2xpZW50IGlzIGFjdGluZyBvbiBp
dHMgb3duIGJlaGFsZiAodGhlIGNsaWVudCBpcyBhbHNvIHRoZSByZXNvdXJjZSBvd25lciksIG9y
CiAgICAgICAgICAgIGlzIHJlcXVlc3RpbmcgYWNjZXNzIHRvIHByb3RlY3RlZCByZXNvdXJjZXMg
YmFzZWQgb24gYW4gYXV0aG9yaXphdGlvbiBwcmV2aW91c2x5CiAgICAgICAgICAgIGFycmFuZ2Vk
IHdpdGggdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLgogICAgICAgICAgPC90PgogICAgICAgIDwv
c2VjdGlvbj4KCiAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSdBY2Nlc3Mg
VG9rZW4nPgogICAgICAgIDx0PgogICAgICAgICAgQWNjZXNzIHRva2VucyBhcmUgY3JlZGVudGlh
bHMgdXNlZCB0byBhY2Nlc3MgcHJvdGVjdGVkIHJlc291cmNlcy4gQW4gYWNjZXNzIHRva2VuIGlz
IGEKICAgICAgICAgIHN0cmluZyByZXByZXNlbnRpbmcgYW4gYXV0aG9yaXphdGlvbiBpc3N1ZWQg
dG8gdGhlIGNsaWVudC4gVGhlIHN0cmluZyBpcyB1c3VhbGx5IG9wYXF1ZQogICAgICAgICAgdG8g
dGhlIGNsaWVudC4gVG9rZW5zIHJlcHJlc2VudCBzcGVjaWZpYyBzY29wZXMgYW5kIGR1cmF0aW9u
cyBvZiBhY2Nlc3MsIGdyYW50ZWQgYnkgdGhlCiAgICAgICAgICByZXNvdXJjZSBvd25lciwgYW5k
IGVuZm9yY2VkIGJ5IHRoZSByZXNvdXJjZSBzZXJ2ZXIgYW5kIGF1dGhvcml6YXRpb24gc2VydmVy
LgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIFRoZSB0b2tlbiBtYXkgZGVub3Rl
IGFuIGlkZW50aWZpZXIgdXNlZCB0byByZXRyaWV2ZSB0aGUgYXV0aG9yaXphdGlvbiBpbmZvcm1h
dGlvbiwgb3IKICAgICAgICAgIHNlbGYtY29udGFpbiB0aGUgYXV0aG9yaXphdGlvbiBpbmZvcm1h
dGlvbiBpbiBhIHZlcmlmaWFibGUgbWFubmVyIChpLmUuIGEgdG9rZW4gc3RyaW5nCiAgICAgICAg
ICBjb25zaXN0aW5nIG9mIHNvbWUgZGF0YSBhbmQgYSBzaWduYXR1cmUpLiBBZGRpdGlvbmFsIGF1
dGhlbnRpY2F0aW9uIGNyZWRlbnRpYWxzLCB3aGljaAogICAgICAgICAgYXJlIGJleW9uZCB0aGUg
c2NvcGUgb2YgdGhpcyBzcGVjaWZpY2F0aW9uLCBtYXkgYmUgcmVxdWlyZWQgaW4gb3JkZXIgZm9y
IHRoZSBjbGllbnQgdG8KICAgICAgICAgIHVzZSBhIHRva2VuLgogICAgICAgIDwvdD4KICAgICAg
ICA8dD4KICAgICAgICAgIFRoZSBhY2Nlc3MgdG9rZW4gcHJvdmlkZXMgYW4gYWJzdHJhY3Rpb24g
bGF5ZXIsIHJlcGxhY2luZyBkaWZmZXJlbnQgYXV0aG9yaXphdGlvbgogICAgICAgICAgY29uc3Ry
dWN0cyAoZS5nLiB1c2VybmFtZSBhbmQgcGFzc3dvcmQpIHdpdGggYSBzaW5nbGUgdG9rZW4gdW5k
ZXJzdG9vZCBieSB0aGUgcmVzb3VyY2UKICAgICAgICAgIHNlcnZlci4gVGhpcyBhYnN0cmFjdGlv
biBlbmFibGVzIGlzc3VpbmcgYWNjZXNzIHRva2VucyBtb3JlIHJlc3RyaWN0aXZlIHRoYW4gdGhl
CiAgICAgICAgICBhdXRob3JpemF0aW9uIGdyYW50IHVzZWQgdG8gb2J0YWluIHRoZW0sIGFzIHdl
bGwgYXMgcmVtb3ZpbmcgdGhlIHJlc291cmNlIHNlcnZlcidzIG5lZWQgdG8KICAgICAgICAgIHVu
ZGVyc3RhbmQgYSB3aWRlIHJhbmdlIG9mIGF1dGhlbnRpY2F0aW9uIG1ldGhvZHMuCiAgICAgICAg
PC90PgogICAgICAgIDx0PgogICAgICAgICAgQWNjZXNzIHRva2VucyBjYW4gaGF2ZSBkaWZmZXJl
bnQgZm9ybWF0cywgc3RydWN0dXJlcywgYW5kIG1ldGhvZHMgb2YgdXRpbGl6YXRpb24gKGUuZy4K
ICAgICAgICAgIGNyeXB0b2dyYXBoaWMgcHJvcGVydGllcykgYmFzZWQgb24gdGhlIHJlc291cmNl
IHNlcnZlciBzZWN1cml0eSByZXF1aXJlbWVudHMuIEFjY2VzcyB0b2tlbgogICAgICAgICAgYXR0
cmlidXRlcyBhbmQgdGhlIG1ldGhvZHMgdXNlZCB0byBhY2Nlc3MgcHJvdGVjdGVkIHJlc291cmNl
cyBhcmUgYmV5b25kIHRoZSBzY29wZSBvZiB0aGlzCiAgICAgICAgICBzcGVjaWZpY2F0aW9uIGFu
ZCBhcmUgZGVmaW5lZCBieSBjb21wYW5pb24gc3BlY2lmaWNhdGlvbnMuCiAgICAgICAgPC90Pgog
ICAgICA8L3NlY3Rpb24+CgogICAgICA8c2VjdGlvbiB0aXRsZT0nUmVmcmVzaCBUb2tlbic+CiAg
ICAgICAgPHQ+CiAgICAgICAgICBSZWZyZXNoIHRva2VucyBhcmUgY3JlZGVudGlhbHMgdXNlZCB0
byBvYnRhaW4gYWNjZXNzIHRva2Vucy4gUmVmcmVzaCB0b2tlbnMgYXJlIGlzc3VlZCB0bwogICAg
ICAgICAgdGhlIGNsaWVudCBieSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYW5kIGFyZSB1c2Vk
IHRvIG9idGFpbiBhIG5ldyBhY2Nlc3MgdG9rZW4gd2hlbiB0aGUKICAgICAgICAgIGN1cnJlbnQg
YWNjZXNzIHRva2VuIGJlY29tZXMgaW52YWxpZCBvciBleHBpcmVzLCBvciB0byBvYnRhaW4gYWRk
aXRpb25hbCBhY2Nlc3MgdG9rZW5zCiAgICAgICAgICB3aXRoIGlkZW50aWNhbCBvciBuYXJyb3dl
ciBzY29wZSAoYWNjZXNzIHRva2VucyBtYXkgaGF2ZSBhIHNob3J0ZXIgbGlmZXRpbWUgYW5kIGZl
d2VyCiAgICAgICAgICBwZXJtaXNzaW9ucyB0aGFuIGF1dGhvcml6ZWQgYnkgdGhlIHJlc291cmNl
IG93bmVyKS4gSXNzdWluZyBhIHJlZnJlc2ggdG9rZW4gaXMgb3B0aW9uYWwKICAgICAgICAgIGF0
IHRoZSBkaXNjcmV0aW9uIG9mIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4gSWYgdGhlIGF1dGhv
cml6YXRpb24gc2VydmVyIGlzc3VlcyBhCiAgICAgICAgICByZWZyZXNoIHRva2VuLCBpdCBpcyBp
bmNsdWRlZCB3aGVuIGlzc3VpbmcgYW4gYWNjZXNzIHRva2VuIChpLmUuIHN0ZXAgKEQpIGluCiAg
ICAgICAgICA8eHJlZiB0YXJnZXQ9J0ZpZ3VyZS0xJyAvPikuCiAgICAgICAgPC90PgogICAgICAg
IDx0PgogICAgICAgICAgQSByZWZyZXNoIHRva2VuIGlzIGEgc3RyaW5nIHJlcHJlc2VudGluZyB0
aGUgYXV0aG9yaXphdGlvbiBncmFudGVkIHRvIHRoZSBjbGllbnQgYnkgdGhlCiAgICAgICAgICBy
ZXNvdXJjZSBvd25lci4gVGhlIHN0cmluZyBpcyB1c3VhbGx5IG9wYXF1ZSB0byB0aGUgY2xpZW50
LiBUaGUgdG9rZW4gZGVub3RlcyBhbgogICAgICAgICAgaWRlbnRpZmllciB1c2VkIHRvIHJldHJp
ZXZlIHRoZSBhdXRob3JpemF0aW9uIGluZm9ybWF0aW9uLiBVbmxpa2UgYWNjZXNzIHRva2Vucywg
cmVmcmVzaAogICAgICAgICAgdG9rZW5zIGFyZSBpbnRlbmRlZCBmb3IgdXNlIG9ubHkgd2l0aCBh
dXRob3JpemF0aW9uIHNlcnZlcnMgYW5kIGFyZSBuZXZlciBzZW50IHRvCiAgICAgICAgICByZXNv
dXJjZSBzZXJ2ZXJzLgogICAgICAgIDwvdD4KICAgICAgICA8ZmlndXJlIHRpdGxlPSdSZWZyZXNo
aW5nIGFuIEV4cGlyZWQgQWNjZXNzIFRva2VuJyBhbmNob3I9J0ZpZ3VyZS0yJz4KICAgICAgICAg
IDxhcnR3b3JrPgogICAgICAgICAgICA8IVtDREFUQVsKICArLS0tLS0tLS0rICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICstLS0tLS0tLS0tLS0tLS0rCiAgfCAgICAg
ICAgfC0tKEEpLS0tLS0tLSBBdXRob3JpemF0aW9uIEdyYW50IC0tLS0tLS0tLT58ICAgICAgICAg
ICAgICAgfAogIHwgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgfCAgICAgICAgICAgICAgIHwKICB8ICAgICAgICB8PC0oQiktLS0tLS0tLS0tLSBBY2Nl
c3MgVG9rZW4gLS0tLS0tLS0tLS0tLXwgICAgICAgICAgICAgICB8CiAgfCAgICAgICAgfCAgICAg
ICAgICAgICAgICYgUmVmcmVzaCBUb2tlbiAgICAgICAgICAgICB8ICAgICAgICAgICAgICAgfAog
IHwgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAg
ICAgICAgICAgICAgIHwKICB8ICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICst
LS0tLS0tLS0tKyAgIHwgICAgICAgICAgICAgICB8CiAgfCAgICAgICAgfC0tKEMpLS0tLSBBY2Nl
c3MgVG9rZW4gLS0tLT58ICAgICAgICAgIHwgICB8ICAgICAgICAgICAgICAgfAogIHwgICAgICAg
IHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgICAgICAgICB8ICAgfCAgICAgICAgICAg
ICAgIHwKICB8ICAgICAgICB8PC0oRCktIFByb3RlY3RlZCBSZXNvdXJjZSAtLXwgUmVzb3VyY2Ug
fCAgIHwgQXV0aG9yaXphdGlvbiB8CiAgfCBDbGllbnQgfCAgICAgICAgICAgICAgICAgICAgICAg
ICAgICB8ICBTZXJ2ZXIgIHwgICB8ICAgICBTZXJ2ZXIgICAgfAogIHwgICAgICAgIHwtLShFKS0t
LS0gQWNjZXNzIFRva2VuIC0tLS0+fCAgICAgICAgICB8ICAgfCAgICAgICAgICAgICAgIHwKICB8
ICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgICAgICAgfCAgIHwgICAg
ICAgICAgICAgICB8CiAgfCAgICAgICAgfDwtKEYpLSBJbnZhbGlkIFRva2VuIEVycm9yIC18ICAg
ICAgICAgIHwgICB8ICAgICAgICAgICAgICAgfAogIHwgICAgICAgIHwgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgKy0tLS0tLS0tLS0rICAgfCAgICAgICAgICAgICAgIHwKICB8ICAgICAgICB8
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgICAgICAgICAg
ICB8CiAgfCAgICAgICAgfC0tKEcpLS0tLS0tLS0tLS0gUmVmcmVzaCBUb2tlbiAtLS0tLS0tLS0t
LT58ICAgICAgICAgICAgICAgfAogIHwgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgfCAgICAgICAgICAgICAgIHwKICB8ICAgICAgICB8PC0oSCktLS0t
LS0tLS0tLSBBY2Nlc3MgVG9rZW4gLS0tLS0tLS0tLS0tLXwgICAgICAgICAgICAgICB8CiAgKy0t
LS0tLS0tKyAgICAgICAgICAgJiBPcHRpb25hbCBSZWZyZXNoIFRva2VuICAgICAgICArLS0tLS0t
LS0tLS0tLS0tKwpdXT4KICAgICAgICAgIDwvYXJ0d29yaz4KICAgICAgICA8L2ZpZ3VyZT4KICAg
ICAgICA8dD4KICAgICAgICAgIFRoZSBmbG93IGlsbHVzdHJhdGVkIGluIDx4cmVmIHRhcmdldD0n
RmlndXJlLTInIC8+IGluY2x1ZGVzIHRoZSBmb2xsb3dpbmcgc3RlcHM6CiAgICAgICAgPC90Pgog
ICAgICAgIDx0PgogICAgICAgICAgPGxpc3Qgc3R5bGU9J2Zvcm1hdCAoJUMpJz4KICAgICAgICAg
ICAgPHQ+CiAgICAgICAgICAgICAgVGhlIGNsaWVudCByZXF1ZXN0cyBhbiBhY2Nlc3MgdG9rZW4g
YnkgYXV0aGVudGljYXRpbmcgd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIsCiAgICAgICAg
ICAgICAgYW5kIHByZXNlbnRpbmcgYW4gYXV0aG9yaXphdGlvbiBncmFudC4KICAgICAgICAgICAg
PC90PgogICAgICAgICAgICA8dD4KICAgICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2
ZXIgYXV0aGVudGljYXRlcyB0aGUgY2xpZW50IGFuZCB2YWxpZGF0ZXMgdGhlIGF1dGhvcml6YXRp
b24KICAgICAgICAgICAgICBncmFudCwgYW5kIGlmIHZhbGlkIGlzc3VlcyBhbiBhY2Nlc3MgdG9r
ZW4gYW5kIGEgcmVmcmVzaCB0b2tlbi4KICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8dD4K
ICAgICAgICAgICAgICBUaGUgY2xpZW50IG1ha2VzIGEgcHJvdGVjdGVkIHJlc291cmNlIHJlcXVl
c3QgdG8gdGhlIHJlc291cmNlIHNlcnZlciBieSBwcmVzZW50aW5nCiAgICAgICAgICAgICAgdGhl
IGFjY2VzcyB0b2tlbi4KICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8dD4KICAgICAgICAg
ICAgICBUaGUgcmVzb3VyY2Ugc2VydmVyIHZhbGlkYXRlcyB0aGUgYWNjZXNzIHRva2VuLCBhbmQg
aWYgdmFsaWQsIHNlcnZlcyB0aGUgcmVxdWVzdC4KICAgICAgICAgICAgPC90PgogICAgICAgICAg
ICA8dD4KICAgICAgICAgICAgICBTdGVwcyAoQykgYW5kIChEKSByZXBlYXQgdW50aWwgdGhlIGFj
Y2VzcyB0b2tlbiBleHBpcmVzLiBJZiB0aGUgY2xpZW50IGtub3dzIHRoZQogICAgICAgICAgICAg
IGFjY2VzcyB0b2tlbiBleHBpcmVkLCBpdCBza2lwcyB0byBzdGVwIChHKSwgb3RoZXJ3aXNlIGl0
IG1ha2VzIGFub3RoZXIgcHJvdGVjdGVkCiAgICAgICAgICAgICAgcmVzb3VyY2UgcmVxdWVzdC4K
ICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8dD4KICAgICAgICAgICAgICBTaW5jZSB0aGUg
YWNjZXNzIHRva2VuIGlzIGludmFsaWQsIHRoZSByZXNvdXJjZSBzZXJ2ZXIgcmV0dXJucyBhbiBp
bnZhbGlkIHRva2VuCiAgICAgICAgICAgICAgZXJyb3IuCiAgICAgICAgICAgIDwvdD4KICAgICAg
ICAgICAgPHQ+CiAgICAgICAgICAgICAgVGhlIGNsaWVudCByZXF1ZXN0cyBhIG5ldyBhY2Nlc3Mg
dG9rZW4gYnkgYXV0aGVudGljYXRpbmcgd2l0aCB0aGUgYXV0aG9yaXphdGlvbgogICAgICAgICAg
ICAgIHNlcnZlciBhbmQgcHJlc2VudGluZyB0aGUgcmVmcmVzaCB0b2tlbi4gVGhlIGNsaWVudCBh
dXRoZW50aWNhdGlvbiByZXF1aXJlbWVudHMgYXJlCiAgICAgICAgICAgICAgYmFzZWQgb24gdGhl
IGNsaWVudCB0eXBlIGFuZCBvbiB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgcG9saWNpZXMuCiAg
ICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgVGhlIGF1dGhvcml6
YXRpb24gc2VydmVyIGF1dGhlbnRpY2F0ZXMgdGhlIGNsaWVudCBhbmQgdmFsaWRhdGVzIHRoZSBy
ZWZyZXNoIHRva2VuLAogICAgICAgICAgICAgIGFuZCBpZiB2YWxpZCBpc3N1ZXMgYSBuZXcgYWNj
ZXNzIHRva2VuIChhbmQgb3B0aW9uYWxseSwgYSBuZXcgcmVmcmVzaCB0b2tlbikuCiAgICAgICAg
ICAgIDwvdD4KICAgICAgICAgIDwvbGlzdD4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAg
ICAgICBTdGVwcyBDLCBELCBFLCBhbmQgRiBhcmUgb3V0c2lkZSB0aGUgc2NvcGUgb2YgdGhpcyBz
cGVjaWZpY2F0aW9uIGFzIGRlc2NyaWJlZCBpbgogICAgICAgICAgPHhyZWYgdGFyZ2V0PSdhY2Nl
c3MtcmVzb3VyY2UnIC8+LgogICAgICAgIDwvdD4KICAgICAgPC9zZWN0aW9uPgoKICAgICAgPHNl
Y3Rpb24gdGl0bGU9J1RMUyBWZXJzaW9uJyBhbmNob3I9J3Rscyc+CiAgICAgICAgPHQ+CiAgICAg
ICAgICBXaGVuZXZlciBUTFMgaXMgdXNlZCBieSB0aGlzIHNwZWNpZmljYXRpb24sIHRoZSBhcHBy
b3ByaWF0ZSB2ZXJzaW9uIChvciB2ZXJzaW9ucykgb2YKICAgICAgICAgIFRMUyB3aWxsIHZhcnkg
b3ZlciB0aW1lLCBiYXNlZCBvbiB0aGUgd2lkZXNwcmVhZCBkZXBsb3ltZW50IGFuZCBrbm93biBz
ZWN1cml0eQogICAgICAgICAgdnVsbmVyYWJpbGl0aWVzLiBBdCB0aGUgdGltZSBvZiB0aGlzIHdy
aXRpbmcsIFRMUyB2ZXJzaW9uIDEuMiA8eHJlZiB0YXJnZXQ9J1JGQzUyNDYnIC8+CiAgICAgICAg
ICBpcyB0aGUgbW9zdCByZWNlbnQgdmVyc2lvbiwgYnV0IGhhcyBhIHZlcnkgbGltaXRlZCBkZXBs
b3ltZW50IGJhc2UgYW5kIG1pZ2h0IG5vdCBiZQogICAgICAgICAgcmVhZGlseSBhdmFpbGFibGUg
Zm9yIGltcGxlbWVudGF0aW9uLiBUTFMgdmVyc2lvbiAxLjAgPHhyZWYgdGFyZ2V0PSdSRkMyMjQ2
JyAvPiBpcyB0aGUKICAgICAgICAgIG1vc3Qgd2lkZWx5IGRlcGxveWVkIHZlcnNpb24sIGFuZCB3
aWxsIHByb3ZpZGUgdGhlIGJyb2FkZXN0IGludGVyb3BlcmFiaWxpdHkuCiAgICAgICAgPC90Pgog
ICAgICAgIDx0PgogICAgICAgICAgSW1wbGVtZW50YXRpb25zIE1BWSBhbHNvIHN1cHBvcnQgYWRk
aXRpb25hbCB0cmFuc3BvcnQtbGF5ZXIgc2VjdXJpdHkgbWVjaGFuaXNtcwogICAgICAgICAgdGhh
dCBtZWV0IHRoZWlyIHNlY3VyaXR5IHJlcXVpcmVtZW50cy4KICAgICAgICA8L3Q+CiAgICAgIDwv
c2VjdGlvbj4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSdIVFRQIFJlZGlyZWN0aW9ucyc+CiAgICAg
ICAgPHQ+CiAgICAgICAgICBUaGlzIHNwZWNpZmljYXRpb24gbWFrZXMgZXh0ZW5zaXZlIHVzZSBv
ZiBIVFRQIHJlZGlyZWN0aW9ucywgaW4gd2hpY2ggdGhlIGNsaWVudCBvciB0aGUKICAgICAgICAg
IGF1dGhvcml6YXRpb24gc2VydmVyIGRpcmVjdCB0aGUgcmVzb3VyY2Ugb3duZXIncyB1c2VyLWFn
ZW50IHRvIGFub3RoZXIgZGVzdGluYXRpb24uIFdoaWxlCiAgICAgICAgICB0aGUgZXhhbXBsZXMg
aW4gdGhpcyBzcGVjaWZpY2F0aW9uIHNob3cgdGhlIHVzZSBvZiB0aGUgSFRUUCAzMDIgc3RhdHVz
IGNvZGUsIGFueSBvdGhlcgogICAgICAgICAgbWV0aG9kIGF2YWlsYWJsZSB2aWEgdGhlIHVzZXIt
YWdlbnQgdG8gYWNjb21wbGlzaCB0aGlzIHJlZGlyZWN0aW9uIGlzIGFsbG93ZWQgYW5kIGlzCiAg
ICAgICAgICBjb25zaWRlcmVkIHRvIGJlIGFuIGltcGxlbWVudGF0aW9uIGRldGFpbC4KICAgICAg
ICA8L3Q+CiAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSdJbnRlcm9wZXJh
YmlsaXR5Jz4KICAgICAgICA8dD4KICAgICAgICAgIE9BdXRoIDIuMCBwcm92aWRlcyBhIHJpY2gg
YXV0aG9yaXphdGlvbiBmcmFtZXdvcmsgd2l0aCB3ZWxsLWRlZmluZWQgc2VjdXJpdHkgcHJvcGVy
dGllcy4KICAgICAgICAgIEhvd2V2ZXIsIGFzIGEgcmljaCBhbmQgaGlnaGx5IGV4dGVuc2libGUg
ZnJhbWV3b3JrIHdpdGggbWFueSBvcHRpb25hbCBjb21wb25lbnRzLCBvbiBpdHMKICAgICAgICAg
IG93biwgdGhpcyBzcGVjaWZpY2F0aW9uIGlzIGxpa2VseSB0byBwcm9kdWNlIGEgd2lkZSByYW5n
ZSBvZiBub24taW50ZXJvcGVyYWJsZQogICAgICAgICAgaW1wbGVtZW50YXRpb25zLgogICAgICAg
IDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIEluIGFkZGl0aW9uLCB0aGlzIHNwZWNpZmljYXRp
b24gbGVhdmVzIGEgZmV3IHJlcXVpcmVkIGNvbXBvbmVudHMgcGFydGlhbGx5IG9yIGZ1bGx5CiAg
ICAgICAgICB1bmRlZmluZWQgKGUuZy4gY2xpZW50IHJlZ2lzdHJhdGlvbiwgYXV0aG9yaXphdGlv
biBzZXJ2ZXIgY2FwYWJpbGl0aWVzLCBlbmRwb2ludAogICAgICAgICAgZGlzY292ZXJ5KS4gV2l0
aG91dCB0aGVzZSBjb21wb25lbnRzLCBjbGllbnRzIG11c3QgYmUgbWFudWFsbHkgYW5kIHNwZWNp
ZmljYWxseQogICAgICAgICAgY29uZmlndXJlZCBhZ2FpbnN0IGEgc3BlY2lmaWMgYXV0aG9yaXph
dGlvbiBzZXJ2ZXIgYW5kIHJlc291cmNlIHNlcnZlciBpbiBvcmRlciB0bwogICAgICAgICAgaW50
ZXJvcGVyYXRlLgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIFRoaXMgZnJhbWV3
b3JrIHdhcyBkZXNpZ25lZCB3aXRoIHRoZSBjbGVhciBleHBlY3RhdGlvbiB0aGF0IGZ1dHVyZSB3
b3JrIHdpbGwgZGVmaW5lCiAgICAgICAgICBwcmVzY3JpcHRpdmUgcHJvZmlsZXMgYW5kIGV4dGVu
c2lvbnMgbmVjZXNzYXJ5IHRvIGFjaGlldmUgZnVsbCB3ZWItc2NhbGUKICAgICAgICAgIGludGVy
b3BlcmFiaWxpdHkuCiAgICAgICAgPC90PgogICAgICA8L3NlY3Rpb24+CgogICAgICA8c2VjdGlv
biB0aXRsZT0nTm90YXRpb25hbCBDb252ZW50aW9ucyc+CiAgICAgICAgPHQ+CiAgICAgICAgICBU
aGUga2V5IHdvcmRzICJNVVNUIiwgIk1VU1QgTk9UIiwgIlJFUVVJUkVEIiwgIlNIQUxMIiwgIlNI
QUxMIE5PVCIsICJTSE9VTEQiLCAiU0hPVUxECiAgICAgICAgICBOT1QiLCAiUkVDT01NRU5ERUQi
LCAiTUFZIiwgYW5kICJPUFRJT05BTCIgaW4gdGhpcyBzcGVjaWZpY2F0aW9uIGFyZSB0byBiZSBp
bnRlcnByZXRlZCBhcwogICAgICAgICAgZGVzY3JpYmVkIGluIDx4cmVmIHRhcmdldD0nUkZDMjEx
OScgLz4uCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgVGhpcyBzcGVjaWZpY2F0
aW9uIHVzZXMgdGhlIEF1Z21lbnRlZCBCYWNrdXMtTmF1ciBGb3JtIChBQk5GKSBub3RhdGlvbiBv
ZgogICAgICAgICAgPHhyZWYgdGFyZ2V0PSdSRkM1MjM0JyAvPi4KCSAgQWRkaXRpb25hbGx5LCB0
aGUgcnVsZSBVUkktUmVmZXJlbmNlIGlzIGluY2x1ZGVkIGZyb20KCSAgVW5pZm9ybSBSZXNvdXJj
ZSBJZGVudGlmaWVyIChVUkkpIDx4cmVmIHRhcmdldD0nUkZDMzk4NicgLz4uCiAgICAgICAgPC90
PgogICAgICAgIDx0PgogICAgICAgICAgQ2VydGFpbiBzZWN1cml0eS1yZWxhdGVkIHRlcm1zIGFy
ZSB0byBiZSB1bmRlcnN0b29kIGluIHRoZSBzZW5zZSBkZWZpbmVkIGluCiAgICAgICAgICA8eHJl
ZiB0YXJnZXQ9J1JGQzQ5NDknIC8+LiBUaGVzZSB0ZXJtcyBpbmNsdWRlLCBidXQgYXJlIG5vdCBs
aW1pdGVkIHRvLCAiYXR0YWNrIiwKICAgICAgICAgICJhdXRoZW50aWNhdGlvbiIsICJhdXRob3Jp
emF0aW9uIiwgImNlcnRpZmljYXRlIiwgImNvbmZpZGVudGlhbGl0eSIsICJjcmVkZW50aWFsIiwK
ICAgICAgICAgICJlbmNyeXB0aW9uIiwgImlkZW50aXR5IiwgInNpZ24iLCAic2lnbmF0dXJlIiwg
InRydXN0IiwgInZhbGlkYXRlIiwgYW5kICJ2ZXJpZnkiLgogICAgICAgIDwvdD4KICAgICAgICA8
dD4KICAgICAgICAgIFVubGVzcyBvdGhlcndpc2Ugbm90ZWQsIGFsbCB0aGUgcHJvdG9jb2wgcGFy
YW1ldGVyIG5hbWVzIGFuZCB2YWx1ZXMgYXJlIGNhc2Ugc2Vuc2l0aXZlLgogICAgICAgIDwvdD4K
ICAgICAgPC9zZWN0aW9uPgoKICAgIDwvc2VjdGlvbj4KCiAgICA8c2VjdGlvbiB0aXRsZT0nQ2xp
ZW50IFJlZ2lzdHJhdGlvbic+CiAgICAgIDx0PgogICAgICAgIEJlZm9yZSBpbml0aWF0aW5nIHRo
ZSBwcm90b2NvbCwgdGhlIGNsaWVudCByZWdpc3RlcnMgd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBz
ZXJ2ZXIuIFRoZQogICAgICAgIG1lYW5zIHRocm91Z2ggd2hpY2ggdGhlIGNsaWVudCByZWdpc3Rl
cnMgd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXJlIGJleW9uZCB0aGUKICAgICAgICBz
Y29wZSBvZiB0aGlzIHNwZWNpZmljYXRpb24sIGJ1dCB0eXBpY2FsbHkgaW52b2x2ZSBlbmQtdXNl
ciBpbnRlcmFjdGlvbiB3aXRoIGFuIEhUTUwKICAgICAgICByZWdpc3RyYXRpb24gZm9ybS4KICAg
ICAgPC90PgogICAgICA8dD4KICAgICAgICBDbGllbnQgcmVnaXN0cmF0aW9uIGRvZXMgbm90IHJl
cXVpcmUgYSBkaXJlY3QgaW50ZXJhY3Rpb24gYmV0d2VlbiB0aGUgY2xpZW50IGFuZCB0aGUKICAg
ICAgICBhdXRob3JpemF0aW9uIHNlcnZlci4gV2hlbiBzdXBwb3J0ZWQgYnkgdGhlIGF1dGhvcml6
YXRpb24gc2VydmVyLCByZWdpc3RyYXRpb24gY2FuIHJlbHkKICAgICAgICBvbiBvdGhlciBtZWFu
cyBmb3IgZXN0YWJsaXNoaW5nIHRydXN0IGFuZCBvYnRhaW5pbmcgdGhlIHJlcXVpcmVkIGNsaWVu
dCBwcm9wZXJ0aWVzIChlLmcuCiAgICAgICAgcmVkaXJlY3Rpb24gVVJJLCBjbGllbnQgdHlwZSku
IEZvciBleGFtcGxlLCByZWdpc3RyYXRpb24gY2FuIGJlIGFjY29tcGxpc2hlZCB1c2luZyBhCiAg
ICAgICAgc2VsZi1pc3N1ZWQgb3IgdGhpcmQtcGFydHktaXNzdWVkIGFzc2VydGlvbiwgb3IgYnkg
dGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHBlcmZvcm1pbmcKICAgICAgICBjbGllbnQgZGlzY292
ZXJ5IHVzaW5nIGEgdHJ1c3RlZCBjaGFubmVsLgogICAgICA8L3Q+CiAgICAgIDx0PgogICAgICAg
IFdoZW4gcmVnaXN0ZXJpbmcgYSBjbGllbnQsIHRoZSBjbGllbnQgZGV2ZWxvcGVyIFNIQUxMOgog
ICAgICA8L3Q+CiAgICAgIDx0PgogICAgICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4KICAgICAg
ICAgIDx0PgogICAgICAgICAgICBzcGVjaWZpZXMgdGhlIGNsaWVudCB0eXBlIGFzIGRlc2NyaWJl
ZCBpbiA8eHJlZiB0YXJnZXQ9J2NsaWVudC10eXBlcycgLz4sCiAgICAgICAgICA8L3Q+CiAgICAg
ICAgICA8dD4KICAgICAgICAgICAgcHJvdmlkZXMgaXRzIGNsaWVudCByZWRpcmVjdGlvbiBVUklz
IGFzIGRlc2NyaWJlZCBpbgogICAgICAgICAgICA8eHJlZiB0YXJnZXQ9J3JlZGlyZWN0LXVyaScg
Lz4sIGFuZAogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIGluY2x1ZGVz
IGFueSBvdGhlciBpbmZvcm1hdGlvbiByZXF1aXJlZCBieSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2
ZXIgKGUuZy4gYXBwbGljYXRpb24KICAgICAgICAgICAgbmFtZSwgd2Vic2l0ZSwgZGVzY3JpcHRp
b24sIGxvZ28gaW1hZ2UsIHRoZSBhY2NlcHRhbmNlIG9mIGxlZ2FsIHRlcm1zKS4KICAgICAgICAg
IDwvdD4KICAgICAgICA8L2xpc3Q+CiAgICAgIDwvdD4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSdD
bGllbnQgVHlwZXMnIGFuY2hvcj0nY2xpZW50LXR5cGVzJz4KICAgICAgICA8dD4KICAgICAgICAg
IE9BdXRoIGRlZmluZXMgdHdvIGNsaWVudCB0eXBlcywgYmFzZWQgb24gdGhlaXIgYWJpbGl0eSB0
byBhdXRoZW50aWNhdGUgc2VjdXJlbHkgd2l0aCB0aGUKICAgICAgICAgIGF1dGhvcml6YXRpb24g
c2VydmVyIChpLmUuIGFiaWxpdHkgdG8gbWFpbnRhaW4gdGhlIGNvbmZpZGVudGlhbGl0eSBvZiB0
aGVpciBjbGllbnQKICAgICAgICAgIGNyZWRlbnRpYWxzKToKICAgICAgICA8L3Q+CiAgICAgICAg
PHQ+CiAgICAgICAgICA8bGlzdCBzdHlsZT0naGFuZ2luZyc+CiAgICAgICAgICAgIDx0IGhhbmdU
ZXh0PSdjb25maWRlbnRpYWwnPgogICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAg
ICBDbGllbnRzIGNhcGFibGUgb2YgbWFpbnRhaW5pbmcgdGhlIGNvbmZpZGVudGlhbGl0eSBvZiB0
aGVpciBjcmVkZW50aWFscyAoZS5nLgogICAgICAgICAgICAgIGNsaWVudCBpbXBsZW1lbnRlZCBv
biBhIHNlY3VyZSBzZXJ2ZXIgd2l0aCByZXN0cmljdGVkIGFjY2VzcyB0byB0aGUgY2xpZW50CiAg
ICAgICAgICAgICAgY3JlZGVudGlhbHMpLCBvciBjYXBhYmxlIG9mIHNlY3VyZSBjbGllbnQgYXV0
aGVudGljYXRpb24gdXNpbmcgb3RoZXIgbWVhbnMuCiAgICAgICAgICAgIDwvdD4KICAgICAgICAg
ICAgPHQgaGFuZ1RleHQ9J3B1YmxpYyc+CiAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAg
ICAgICAgIENsaWVudHMgaW5jYXBhYmxlIG9mIG1haW50YWluaW5nIHRoZSBjb25maWRlbnRpYWxp
dHkgb2YgdGhlaXIgY3JlZGVudGlhbHMgKGUuZy4KICAgICAgICAgICAgICBjbGllbnRzIGV4ZWN1
dGluZyBvbiB0aGUgZGV2aWNlIHVzZWQgYnkgdGhlIHJlc291cmNlIG93bmVyIHN1Y2ggYXMgYW4g
aW5zdGFsbGVkCiAgICAgICAgICAgICAgbmF0aXZlIGFwcGxpY2F0aW9uIG9yIGEgd2ViIGJyb3dz
ZXItYmFzZWQgYXBwbGljYXRpb24pLCBhbmQgaW5jYXBhYmxlIG9mIHNlY3VyZQogICAgICAgICAg
ICAgIGNsaWVudCBhdXRoZW50aWNhdGlvbiB2aWEgYW55IG90aGVyIG1lYW5zLgogICAgICAgICAg
ICA8L3Q+CiAgICAgICAgICA8L2xpc3Q+CiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAg
ICAgVGhlIGNsaWVudCB0eXBlIGRlc2lnbmF0aW9uIGlzIGJhc2VkIG9uIHRoZSBhdXRob3JpemF0
aW9uIHNlcnZlcidzIGRlZmluaXRpb24gb2Ygc2VjdXJlCiAgICAgICAgICBhdXRoZW50aWNhdGlv
biBhbmQgaXRzIGFjY2VwdGFibGUgZXhwb3N1cmUgbGV2ZWxzIG9mIGNsaWVudCBjcmVkZW50aWFs
cy4gVGhlCiAgICAgICAgICBhdXRob3JpemF0aW9uIHNlcnZlciBTSE9VTEQgTk9UIG1ha2UgYXNz
dW1wdGlvbnMgYWJvdXQgdGhlIGNsaWVudCB0eXBlLgogICAgICAgIDwvdD4KICAgICAgICA8dD4K
ICAgICAgICAgIEEgY2xpZW50IG1heSBiZSBpbXBsZW1lbnRlZCBhcyBhIGRpc3RyaWJ1dGVkIHNl
dCBvZiBjb21wb25lbnRzLCBlYWNoIHdpdGggYSBkaWZmZXJlbnQKICAgICAgICAgIGNsaWVudCB0
eXBlIGFuZCBzZWN1cml0eSBjb250ZXh0IChlLmcuIGEgZGlzdHJpYnV0ZWQgY2xpZW50IHdpdGgg
Ym90aCBhIGNvbmZpZGVudGlhbAogICAgICAgICAgc2VydmVyLWJhc2VkIGNvbXBvbmVudCBhbmQg
YSBwdWJsaWMgYnJvd3Nlci1iYXNlZCBjb21wb25lbnQpLiBJZiB0aGUgYXV0aG9yaXphdGlvbiBz
ZXJ2ZXIKICAgICAgICAgIGRvZXMgbm90IHByb3ZpZGUgc3VwcG9ydCBmb3Igc3VjaCBjbGllbnRz
LCBvciBkb2VzIG5vdCBwcm92aWRlIGd1aWRhbmNlIHdpdGggcmVnYXJkIHRvCiAgICAgICAgICB0
aGVpciByZWdpc3RyYXRpb24sIHRoZSBjbGllbnQgU0hPVUxEIHJlZ2lzdGVyIGVhY2ggY29tcG9u
ZW50IGFzIGEgc2VwYXJhdGUgY2xpZW50LgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAg
ICAgIFRoaXMgc3BlY2lmaWNhdGlvbiBoYXMgYmVlbiBkZXNpZ25lZCBhcm91bmQgdGhlIGZvbGxv
d2luZyBjbGllbnQgcHJvZmlsZXM6CiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAg
PGxpc3Qgc3R5bGU9J2hhbmdpbmcnPgogICAgICAgICAgICA8dCBoYW5nVGV4dD0nd2ViIGFwcGxp
Y2F0aW9uJz4KICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgQSB3ZWIgYXBw
bGljYXRpb24gaXMgYSBjb25maWRlbnRpYWwgY2xpZW50IHJ1bm5pbmcgb24gYSB3ZWIgc2VydmVy
LiBSZXNvdXJjZSBvd25lcnMKICAgICAgICAgICAgICBhY2Nlc3MgdGhlIGNsaWVudCB2aWEgYW4g
SFRNTCB1c2VyIGludGVyZmFjZSByZW5kZXJlZCBpbiBhIHVzZXItYWdlbnQgb24gdGhlIGRldmlj
ZQogICAgICAgICAgICAgIHVzZWQgYnkgdGhlIHJlc291cmNlIG93bmVyLiBUaGUgY2xpZW50IGNy
ZWRlbnRpYWxzIGFzIHdlbGwgYXMgYW55IGFjY2VzcyB0b2tlbiBpc3N1ZWQKICAgICAgICAgICAg
ICB0byB0aGUgY2xpZW50IGFyZSBzdG9yZWQgb24gdGhlIHdlYiBzZXJ2ZXIgYW5kIGFyZSBub3Qg
ZXhwb3NlZCB0byBvciBhY2Nlc3NpYmxlIGJ5CiAgICAgICAgICAgICAgdGhlIHJlc291cmNlIG93
bmVyLgogICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDx0IGhhbmdUZXh0PSd1c2VyLWFnZW50
LWJhc2VkIGFwcGxpY2F0aW9uJz4KICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAg
ICAgQSB1c2VyLWFnZW50LWJhc2VkIGFwcGxpY2F0aW9uIGlzIGEgcHVibGljIGNsaWVudCBpbiB3
aGljaCB0aGUgY2xpZW50IGNvZGUgaXMKICAgICAgICAgICAgICBkb3dubG9hZGVkIGZyb20gYSB3
ZWIgc2VydmVyIGFuZCBleGVjdXRlcyB3aXRoaW4gYSB1c2VyLWFnZW50IChlLmcuIHdlYiBicm93
c2VyKSBvbgogICAgICAgICAgICAgIHRoZSBkZXZpY2UgdXNlZCBieSB0aGUgcmVzb3VyY2Ugb3du
ZXIuIFByb3RvY29sIGRhdGEgYW5kIGNyZWRlbnRpYWxzIGFyZSBlYXNpbHkKICAgICAgICAgICAg
ICBhY2Nlc3NpYmxlIChhbmQgb2Z0ZW4gdmlzaWJsZSkgdG8gdGhlIHJlc291cmNlIG93bmVyLiBT
aW5jZSBzdWNoIGFwcGxpY2F0aW9ucyByZXNpZGUKICAgICAgICAgICAgICB3aXRoaW4gdGhlIHVz
ZXItYWdlbnQsIHRoZXkgY2FuIG1ha2Ugc2VhbWxlc3MgdXNlIG9mIHRoZSB1c2VyLWFnZW50IGNh
cGFiaWxpdGllcyB3aGVuCiAgICAgICAgICAgICAgcmVxdWVzdGluZyBhdXRob3JpemF0aW9uLgog
ICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDx0IGhhbmdUZXh0PSduYXRpdmUgYXBwbGljYXRp
b24nPgogICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICBBIG5hdGl2ZSBhcHBs
aWNhdGlvbiBpcyBhIHB1YmxpYyBjbGllbnQgaW5zdGFsbGVkIGFuZCBleGVjdXRlZCBvbiB0aGUg
ZGV2aWNlIHVzZWQgYnkKICAgICAgICAgICAgICB0aGUgcmVzb3VyY2Ugb3duZXIuIFByb3RvY29s
IGRhdGEgYW5kIGNyZWRlbnRpYWxzIGFyZSBhY2Nlc3NpYmxlIHRvIHRoZSByZXNvdXJjZQogICAg
ICAgICAgICAgIG93bmVyLiBJdCBpcyBhc3N1bWVkIHRoYXQgYW55IGNsaWVudCBhdXRoZW50aWNh
dGlvbiBjcmVkZW50aWFscyBpbmNsdWRlZCBpbiB0aGUKICAgICAgICAgICAgICBhcHBsaWNhdGlv
biBjYW4gYmUgZXh0cmFjdGVkLiBPbiB0aGUgb3RoZXIgaGFuZCwgZHluYW1pY2FsbHkgaXNzdWVk
IGNyZWRlbnRpYWxzIHN1Y2gKICAgICAgICAgICAgICBhcyBhY2Nlc3MgdG9rZW5zIG9yIHJlZnJl
c2ggdG9rZW5zIGNhbiByZWNlaXZlIGFuIGFjY2VwdGFibGUgbGV2ZWwgb2YgcHJvdGVjdGlvbi4g
QXQgYQogICAgICAgICAgICAgIG1pbmltdW0sIHRoZXNlIGNyZWRlbnRpYWxzIGFyZSBwcm90ZWN0
ZWQgZnJvbSBob3N0aWxlIHNlcnZlcnMgd2l0aCB3aGljaCB0aGUKICAgICAgICAgICAgICBhcHBs
aWNhdGlvbiBtYXkgaW50ZXJhY3Qgd2l0aC4gT24gc29tZSBwbGF0Zm9ybXMgdGhlc2UgY3JlZGVu
dGlhbHMgbWlnaHQgYmUgcHJvdGVjdGVkCiAgICAgICAgICAgICAgZnJvbSBvdGhlciBhcHBsaWNh
dGlvbnMgcmVzaWRpbmcgb24gdGhlIHNhbWUgZGV2aWNlLgogICAgICAgICAgICA8L3Q+CiAgICAg
ICAgICA8L2xpc3Q+CiAgICAgICAgPC90PgogICAgICA8L3NlY3Rpb24+CgogICAgICA8c2VjdGlv
biB0aXRsZT0nQ2xpZW50IElkZW50aWZpZXInIGFuY2hvcj0nY2xpZW50LWlkZW50aWZpZXInPgog
ICAgICAgIDx0PgogICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGlzc3VlcyB0aGUg
cmVnaXN0ZXJlZCBjbGllbnQgYSBjbGllbnQgaWRlbnRpZmllciAtIGEgdW5pcXVlCiAgICAgICAg
ICBzdHJpbmcgcmVwcmVzZW50aW5nIHRoZSByZWdpc3RyYXRpb24gaW5mb3JtYXRpb24gcHJvdmlk
ZWQgYnkgdGhlIGNsaWVudC4gVGhlIGNsaWVudAogICAgICAgICAgaWRlbnRpZmllciBpcyBub3Qg
YSBzZWNyZXQsIGl0IGlzIGV4cG9zZWQgdG8gdGhlIHJlc291cmNlIG93bmVyLCBhbmQgTVVTVCBO
T1QgYmUgdXNlZAogICAgICAgICAgYWxvbmUgZm9yIGNsaWVudCBhdXRoZW50aWNhdGlvbi4gVGhl
IGNsaWVudCBpZGVudGlmaWVyIGlzIHVuaXF1ZSB0byB0aGUgYXV0aG9yaXphdGlvbgogICAgICAg
ICAgc2VydmVyLgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIFRoZSBjbGllbnQg
aWRlbnRpZmllciBzdHJpbmcgc2l6ZSBpcyBsZWZ0IHVuZGVmaW5lZCBieSB0aGlzIHNwZWNpZmlj
YXRpb24uIFRoZSBjbGllbnQKICAgICAgICAgIHNob3VsZCBhdm9pZCBtYWtpbmcgYXNzdW1wdGlv
bnMgYWJvdXQgdGhlIGlkZW50aWZpZXIgc2l6ZS4gIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlcgog
ICAgICAgICAgU0hPVUxEIGRvY3VtZW50IHRoZSBzaXplIG9mIGFueSBpZGVudGlmaWVyIGl0IGlz
c3Vlcy4KICAgICAgICA8L3Q+CiAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDxzZWN0aW9uIHRpdGxl
PSdDbGllbnQgQXV0aGVudGljYXRpb24nIGFuY2hvcj0nY2xpZW50LWF1dGhlbnRpY2F0aW9uJz4K
ICAgICAgICA8dD4KICAgICAgICAgIElmIHRoZSBjbGllbnQgdHlwZSBpcyBjb25maWRlbnRpYWws
IHRoZSBjbGllbnQgYW5kIGF1dGhvcml6YXRpb24gc2VydmVyIGVzdGFibGlzaCBhIGNsaWVudAog
ICAgICAgICAgYXV0aGVudGljYXRpb24gbWV0aG9kIHN1aXRhYmxlIGZvciB0aGUgc2VjdXJpdHkg
cmVxdWlyZW1lbnRzIG9mIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4KICAgICAgICAgIFRoZSBh
dXRob3JpemF0aW9uIHNlcnZlciBNQVkgYWNjZXB0IGFueSBmb3JtIG9mIGNsaWVudCBhdXRoZW50
aWNhdGlvbiBtZWV0aW5nIGl0cwogICAgICAgICAgc2VjdXJpdHkgcmVxdWlyZW1lbnRzLgogICAg
ICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIENvbmZpZGVudGlhbCBjbGllbnRzIGFyZSB0
eXBpY2FsbHkgaXNzdWVkIChvciBlc3RhYmxpc2gpIGEgc2V0IG9mIGNsaWVudCBjcmVkZW50aWFs
cyB1c2VkIGZvcgogICAgICAgICAgYXV0aGVudGljYXRpbmcgd2l0aCB0aGUgYXV0aG9yaXphdGlv
biBzZXJ2ZXIgKGUuZy4gcGFzc3dvcmQsIHB1YmxpYy9wcml2YXRlIGtleSBwYWlyKS4KICAgICAg
ICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTUFZ
IGVzdGFibGlzaCBhIGNsaWVudCBhdXRoZW50aWNhdGlvbiBtZXRob2Qgd2l0aCBwdWJsaWMgY2xp
ZW50cy4KICAgICAgICAgIEhvd2V2ZXIsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIE5P
VCByZWx5IG9uIHB1YmxpYyBjbGllbnQgYXV0aGVudGljYXRpb24gZm9yIHRoZQogICAgICAgICAg
cHVycG9zZSBvZiBpZGVudGlmeWluZyB0aGUgY2xpZW50LgogICAgICAgIDwvdD4KICAgICAgICA8
dD4KICAgICAgICAgIFRoZSBjbGllbnQgTVVTVCBOT1QgdXNlIG1vcmUgdGhhbiBvbmUgYXV0aGVu
dGljYXRpb24gbWV0aG9kIGluIGVhY2ggcmVxdWVzdC4KICAgICAgICA8L3Q+CgogICAgICAgIDxz
ZWN0aW9uIHRpdGxlPSdDbGllbnQgUGFzc3dvcmQnPgogICAgICAgICAgPHQ+CiAgICAgICAgICAg
IENsaWVudHMgaW4gcG9zc2Vzc2lvbiBvZiBhIGNsaWVudCBwYXNzd29yZCBNQVkgdXNlIHRoZSBI
VFRQIEJhc2ljIGF1dGhlbnRpY2F0aW9uIHNjaGVtZQogICAgICAgICAgICBhcyBkZWZpbmVkIGlu
IDx4cmVmIHRhcmdldD0nUkZDMjYxNycgLz4gdG8gYXV0aGVudGljYXRlIHdpdGggdGhlIGF1dGhv
cml6YXRpb24gc2VydmVyLgogICAgICAgICAgICBUaGUgY2xpZW50IGlkZW50aWZpZXIgaXMgdXNl
ZCBhcyB0aGUgdXNlcm5hbWUsIGFuZCB0aGUgY2xpZW50IHBhc3N3b3JkIGlzIHVzZWQgYXMgdGhl
CiAgICAgICAgICAgIHBhc3N3b3JkLiBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBzdXBw
b3J0IHRoZSBIVFRQIEJhc2ljIGF1dGhlbnRpY2F0aW9uIHNjaGVtZQogICAgICAgICAgICBmb3Ig
YXV0aGVudGljYXRpbmcgY2xpZW50cyB3aGljaCB3ZXJlIGlzc3VlZCBhIGNsaWVudCBwYXNzd29y
ZC4KICAgICAgICAgIDwvdD4KICAgICAgICAgIDxmaWd1cmU+CiAgICAgICAgICAgIDxwcmVhbWJs
ZT4KICAgICAgICAgICAgICBGb3IgZXhhbXBsZSAoZXh0cmEgbGluZSBicmVha3MgYXJlIGZvciBk
aXNwbGF5IHB1cnBvc2VzIG9ubHkpOgogICAgICAgICAgICA8L3ByZWFtYmxlPgogICAgICAgICAg
ICA8YXJ0d29yaz4KICAgICAgICAgICAgICA8IVtDREFUQVsKICBBdXRob3JpemF0aW9uOiBCYXNp
YyBjelpDYUdSU2EzRjBNem8zUm1wbWNEQmFRbkl4UzNSRVVtSnVabFprYlVsMwpdXT4KICAgICAg
ICAgICAgPC9hcnR3b3JrPgogICAgICAgICAgPC9maWd1cmU+CiAgICAgICAgICA8dD4KICAgICAg
ICAgICAgQWx0ZXJuYXRpdmVseSwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1BWSBzdXBwb3J0
IGluY2x1ZGluZyB0aGUgY2xpZW50IGNyZWRlbnRpYWxzIGluCiAgICAgICAgICAgIHRoZSByZXF1
ZXN0IGJvZHkgdXNpbmcgdGhlIGZvbGxvd2luZyBwYXJhbWV0ZXJzOgogICAgICAgICAgPC90Pgog
ICAgICAgICAgPHQ+CiAgICAgICAgICAgIDxsaXN0IHN0eWxlPSdoYW5naW5nJyBoYW5nSW5kZW50
PSc2Jz4KICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0nY2xpZW50X2lkJz4KICAgICAgICAgICAg
ICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgIFJFUVVJUkVELiBUaGUgY2xpZW50IGlkZW50
aWZpZXIgaXNzdWVkIHRvIHRoZSBjbGllbnQgZHVyaW5nIHRoZSByZWdpc3RyYXRpb24gcHJvY2Vz
cwogICAgICAgICAgICAgICAgZGVzY3JpYmVkIGJ5IDx4cmVmIHRhcmdldD0nY2xpZW50LWlkZW50
aWZpZXInIC8+LgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0n
Y2xpZW50X3NlY3JldCc+CiAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAg
ICBSRVFVSVJFRC4gVGhlIGNsaWVudCBzZWNyZXQuIFRoZSBjbGllbnQgTUFZIG9taXQgdGhlIHBh
cmFtZXRlciBpZiB0aGUgY2xpZW50IHNlY3JldAogICAgICAgICAgICAgICAgaXMgYW4gZW1wdHkg
c3RyaW5nLgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPC9saXN0PgogICAgICAgICAg
PC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIEluY2x1ZGluZyB0aGUgY2xpZW50IGNyZWRl
bnRpYWxzIGluIHRoZSByZXF1ZXN0IGJvZHkgdXNpbmcgdGhlIHR3byBwYXJhbWV0ZXJzIGlzIE5P
VAogICAgICAgICAgICBSRUNPTU1FTkRFRCwgYW5kIFNIT1VMRCBiZSBsaW1pdGVkIHRvIGNsaWVu
dHMgdW5hYmxlIHRvIGRpcmVjdGx5IHV0aWxpemUgdGhlIEhUVFAgQmFzaWMKICAgICAgICAgICAg
YXV0aGVudGljYXRpb24gc2NoZW1lIChvciBvdGhlciBwYXNzd29yZC1iYXNlZCBIVFRQIGF1dGhl
bnRpY2F0aW9uIHNjaGVtZXMpLiBUaGUKICAgICAgICAgICAgcGFyYW1ldGVycyBjYW4gb25seSBi
ZSB0cmFuc21pdHRlZCBpbiB0aGUgcmVxdWVzdCBib2R5IGFuZCBNVVNUIE5PVCBiZSBpbmNsdWRl
ZCBpbiB0aGUKICAgICAgICAgICAgcmVxdWVzdCBVUkkuCiAgICAgICAgICA8L3Q+CiAgICAgICAg
ICA8ZmlndXJlPgogICAgICAgICAgICA8cHJlYW1ibGU+CiAgICAgICAgICAgICAgRm9yIGV4YW1w
bGUsIHJlcXVlc3RpbmcgdG8gcmVmcmVzaCBhbiBhY2Nlc3MgdG9rZW4gKDx4cmVmIHRhcmdldD0n
dG9rZW4tcmVmcmVzaCcgLz4pCiAgICAgICAgICAgICAgdXNpbmcgdGhlIGJvZHkgcGFyYW1ldGVy
cyAoZXh0cmEgbGluZSBicmVha3MgYXJlIGZvciBkaXNwbGF5IHB1cnBvc2VzIG9ubHkpOgogICAg
ICAgICAgICA8L3ByZWFtYmxlPgogICAgICAgICAgICA8YXJ0d29yaz4KICAgICAgICAgICAgICA8
IVtDREFUQVsKICBQT1NUIC90b2tlbiBIVFRQLzEuMQogIEhvc3Q6IHNlcnZlci5leGFtcGxlLmNv
bQogIENvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkO2NoYXJz
ZXQ9VVRGLTgKCiAgZ3JhbnRfdHlwZT1yZWZyZXNoX3Rva2VuJnJlZnJlc2hfdG9rZW49dEd6djNK
T2tGMFhHNVF4MlRsS1dJQQogICZjbGllbnRfaWQ9czZCaGRSa3F0MyZjbGllbnRfc2VjcmV0PTdG
amZwMFpCcjFLdERSYm5mVmRtSXcKXV0+CiAgICAgICAgICAgIDwvYXJ0d29yaz4KICAgICAgICAg
IDwvZmlndXJlPgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNl
cnZlciBNVVNUIHJlcXVpcmUgdGhlIHVzZSBvZiBUTFMgYXMgZGVzY3JpYmVkIGluCiAgICAgICAg
ICAgIDx4cmVmIHRhcmdldD0ndGxzJyAvPiB3aGVuIHNlbmRpbmcgcmVxdWVzdHMgdXNpbmcgcGFz
c3dvcmQgYXV0aGVudGljYXRpb24uCiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAgICAg
ICAgICAgU2luY2UgdGhpcyBjbGllbnQgYXV0aGVudGljYXRpb24gbWV0aG9kIGludm9sdmVzIGEg
cGFzc3dvcmQsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcgogICAgICAgICAgICBNVVNUIHByb3Rl
Y3QgYW55IGVuZHBvaW50IHV0aWxpemluZyBpdCBhZ2FpbnN0IGJydXRlIGZvcmNlIGF0dGFja3Mu
CiAgICAgICAgICA8L3Q+CiAgICAgICAgPC9zZWN0aW9uPgoKICAgICAgICA8c2VjdGlvbiB0aXRs
ZT0nT3RoZXIgQXV0aGVudGljYXRpb24gTWV0aG9kcyc+CiAgICAgICAgICA8dD4KICAgICAgICAg
ICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1BWSBzdXBwb3J0IGFueSBzdWl0YWJsZSBIVFRQ
IGF1dGhlbnRpY2F0aW9uIHNjaGVtZSBtYXRjaGluZwogICAgICAgICAgICBpdHMgc2VjdXJpdHkg
cmVxdWlyZW1lbnRzLiBXaGVuIHVzaW5nIG90aGVyIGF1dGhlbnRpY2F0aW9uIG1ldGhvZHMsIHRo
ZSBhdXRob3JpemF0aW9uCiAgICAgICAgICAgIHNlcnZlciBNVVNUIGRlZmluZSBhIG1hcHBpbmcg
YmV0d2VlbiB0aGUgY2xpZW50IGlkZW50aWZpZXIgKHJlZ2lzdHJhdGlvbiByZWNvcmQpIGFuZAog
ICAgICAgICAgICBhdXRoZW50aWNhdGlvbiBzY2hlbWUuCiAgICAgICAgICA8L3Q+CiAgICAgICAg
PC9zZWN0aW9uPgoKICAgICAgPC9zZWN0aW9uPgoKICAgICAgPHNlY3Rpb24gdGl0bGU9J1VucmVn
aXN0ZXJlZCBDbGllbnRzJz4KICAgICAgICA8dD4KICAgICAgICAgIFRoaXMgc3BlY2lmaWNhdGlv
biBkb2VzIG5vdCBleGNsdWRlIHRoZSB1c2Ugb2YgdW5yZWdpc3RlcmVkIGNsaWVudHMuIEhvd2V2
ZXIsIHRoZSB1c2UKICAgICAgICAgIHdpdGggc3VjaCBjbGllbnRzIGlzIGJleW9uZCB0aGUgc2Nv
cGUgb2YgdGhpcyBzcGVjaWZpY2F0aW9uLCBhbmQgcmVxdWlyZXMgYWRkaXRpb25hbAogICAgICAg
ICAgc2VjdXJpdHkgYW5hbHlzaXMgYW5kIHJldmlldyBvZiBpdHMgaW50ZXJvcGVyYWJpbGl0eSBp
bXBhY3QuCiAgICAgICAgPC90PgogICAgICA8L3NlY3Rpb24+CiAgICAgIAogICAgPC9zZWN0aW9u
PgoKICAgIDxzZWN0aW9uIHRpdGxlPSdQcm90b2NvbCBFbmRwb2ludHMnPgogICAgICA8dD4KICAg
ICAgICBUaGUgYXV0aG9yaXphdGlvbiBwcm9jZXNzIHV0aWxpemVzIHR3byBhdXRob3JpemF0aW9u
IHNlcnZlciBlbmRwb2ludHMgKEhUVFAgcmVzb3VyY2VzKToKICAgICAgPC90PgogICAgICA8dD4K
ICAgICAgICA8bGlzdCBzdHlsZT0nc3ltYm9scyc+CiAgICAgICAgICA8dD4KICAgICAgICAgICAg
QXV0aG9yaXphdGlvbiBlbmRwb2ludCAtIHVzZWQgYnkgdGhlIGNsaWVudCB0byBvYnRhaW4gYXV0
aG9yaXphdGlvbiBmcm9tIHRoZSByZXNvdXJjZQogICAgICAgICAgICBvd25lciB2aWEgdXNlci1h
Z2VudCByZWRpcmVjdGlvbi4KICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAg
ICBUb2tlbiBlbmRwb2ludCAtIHVzZWQgYnkgdGhlIGNsaWVudCB0byBleGNoYW5nZSBhbiBhdXRo
b3JpemF0aW9uIGdyYW50IGZvciBhbiBhY2Nlc3MKICAgICAgICAgICAgdG9rZW4sIHR5cGljYWxs
eSB3aXRoIGNsaWVudCBhdXRoZW50aWNhdGlvbi4KICAgICAgICAgIDwvdD4KICAgICAgICA8L2xp
c3Q+CiAgICAgIDwvdD4KICAgICAgPHQ+CiAgICAgICAgQXMgd2VsbCBhcyBvbmUgY2xpZW50IGVu
ZHBvaW50OgogICAgICA8L3Q+CiAgICAgIDx0PgogICAgICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xz
Jz4KICAgICAgICAgIDx0PgogICAgICAgICAgICBSZWRpcmVjdGlvbiBlbmRwb2ludCAtIHVzZWQg
YnkgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHRvIHJldHVybiBhdXRob3JpemF0aW9uCiAgICAg
ICAgICAgIGNyZWRlbnRpYWxzIHJlc3BvbnNlcyB0byB0aGUgY2xpZW50IHZpYSB0aGUgcmVzb3Vy
Y2Ugb3duZXIgdXNlci1hZ2VudC4KICAgICAgICAgIDwvdD4KICAgICAgICA8L2xpc3Q+CiAgICAg
IDwvdD4KICAgICAgPHQ+CiAgICAgICAgTm90IGV2ZXJ5IGF1dGhvcml6YXRpb24gZ3JhbnQgdHlw
ZSB1dGlsaXplcyBib3RoIGVuZHBvaW50cy4gRXh0ZW5zaW9uIGdyYW50IHR5cGVzIE1BWQogICAg
ICAgIGRlZmluZSBhZGRpdGlvbmFsIGVuZHBvaW50cyBhcyBuZWVkZWQuCiAgICAgIDwvdD4KCiAg
ICAgIDxzZWN0aW9uIHRpdGxlPSdBdXRob3JpemF0aW9uIEVuZHBvaW50Jz4KICAgICAgICA8dD4K
ICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIGVuZHBvaW50IGlzIHVzZWQgdG8gaW50ZXJhY3Qg
d2l0aCB0aGUgcmVzb3VyY2Ugb3duZXIgYW5kIG9idGFpbgogICAgICAgICAgYW4gYXV0aG9yaXph
dGlvbiBncmFudC4gVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgZmlyc3QgdmVyaWZ5IHRo
ZSBpZGVudGl0eSBvZiB0aGUKICAgICAgICAgIHJlc291cmNlIG93bmVyLiBUaGUgd2F5IGluIHdo
aWNoIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhdXRoZW50aWNhdGVzIHRoZSByZXNvdXJjZQog
ICAgICAgICAgb3duZXIgKGUuZy4gdXNlcm5hbWUgYW5kIHBhc3N3b3JkIGxvZ2luLCBzZXNzaW9u
IGNvb2tpZXMpIGlzIGJleW9uZCB0aGUgc2NvcGUgb2YgdGhpcwogICAgICAgICAgc3BlY2lmaWNh
dGlvbi4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUgbWVhbnMgdGhyb3Vn
aCB3aGljaCB0aGUgY2xpZW50IG9idGFpbnMgdGhlIGxvY2F0aW9uIG9mIHRoZSBhdXRob3JpemF0
aW9uIGVuZHBvaW50IGFyZQogICAgICAgICAgYmV5b25kIHRoZSBzY29wZSBvZiB0aGlzIHNwZWNp
ZmljYXRpb24sIGJ1dCB0aGUgbG9jYXRpb24gaXMgdHlwaWNhbGx5IHByb3ZpZGVkIGluIHRoZQog
ICAgICAgICAgc2VydmljZSBkb2N1bWVudGF0aW9uLgogICAgICAgIDwvdD4KICAgICAgICA8dD4K
ICAgICAgICAgIFRoZSBlbmRwb2ludCBVUkkgTUFZIGluY2x1ZGUgYW4KICAgICAgICAgIDxzcGFu
eCBzdHlsZT0ndmVyYic+YXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkPC9zcGFueD4g
Zm9ybWF0dGVkCiAgICAgICAgICAoPHhyZWYgdGFyZ2V0PSdXM0MuUkVDLWh0bWw0MDEtMTk5OTEy
MjQnIC8+KSBxdWVyeSBjb21wb25lbnQgKDx4cmVmIHRhcmdldD0nUkZDMzk4NicgLz4KICAgICAg
ICAgIHNlY3Rpb24gMy40KSwgd2hpY2ggTVVTVCBiZSByZXRhaW5lZCB3aGVuIGFkZGluZyBhZGRp
dGlvbmFsIHF1ZXJ5IHBhcmFtZXRlcnMuIFRoZQogICAgICAgICAgZW5kcG9pbnQgVVJJIE1VU1Qg
Tk9UIGluY2x1ZGUgYSBmcmFnbWVudCBjb21wb25lbnQuCiAgICAgICAgPC90PgogICAgICAgIDx0
PgogICAgICAgICAgU2luY2UgcmVxdWVzdHMgdG8gdGhlIGF1dGhvcml6YXRpb24gZW5kcG9pbnQg
cmVzdWx0IGluIHVzZXIgYXV0aGVudGljYXRpb24gYW5kIHRoZQogICAgICAgICAgdHJhbnNtaXNz
aW9uIG9mIGNsZWFyLXRleHQgY3JlZGVudGlhbHMgKGluIHRoZSBIVFRQIHJlc3BvbnNlKSwgdGhl
IGF1dGhvcml6YXRpb24gc2VydmVyCiAgICAgICAgICBNVVNUIHJlcXVpcmUgdGhlIHVzZSBvZiBU
TFMgYXMgZGVzY3JpYmVkIGluIDx4cmVmIHRhcmdldD0ndGxzJyAvPiB3aGVuIHNlbmRpbmcgcmVx
dWVzdHMKICAgICAgICAgIHRvIHRoZSBhdXRob3JpemF0aW9uIGVuZHBvaW50LgogICAgICAgIDwv
dD4KICAgICAgICA8dD4KICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIHN1
cHBvcnQgdGhlIHVzZSBvZiB0aGUgSFRUUCA8c3Bhbnggc3R5bGU9J3ZlcmInPkdFVDwvc3Bhbng+
CiAgICAgICAgICBtZXRob2QgPHhyZWYgdGFyZ2V0PSdSRkMyNjE2JyAvPiBmb3IgdGhlIGF1dGhv
cml6YXRpb24gZW5kcG9pbnQsIGFuZCBNQVkgc3VwcG9ydCB0aGUgdXNlCiAgICAgICAgICBvZiB0
aGUgPHNwYW54IHN0eWxlPSd2ZXJiJz5QT1NUPC9zcGFueD4gbWV0aG9kIGFzIHdlbGwuCiAgICAg
ICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgUGFyYW1ldGVycyBzZW50IHdpdGhvdXQgYSB2
YWx1ZSBNVVNUIGJlIHRyZWF0ZWQgYXMgaWYgdGhleSB3ZXJlIG9taXR0ZWQgZnJvbSB0aGUgcmVx
dWVzdC4KICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIGlnbm9yZSB1bnJl
Y29nbml6ZWQgcmVxdWVzdCBwYXJhbWV0ZXJzLiBSZXF1ZXN0IGFuZAogICAgICAgICAgcmVzcG9u
c2UgcGFyYW1ldGVycyBNVVNUIE5PVCBiZSBpbmNsdWRlZCBtb3JlIHRoYW4gb25jZS4KICAgICAg
ICA8L3Q+CgogICAgICAgIDxzZWN0aW9uIHRpdGxlPSdSZXNwb25zZSBUeXBlJz4KICAgICAgICAg
IDx0PgogICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBlbmRwb2ludCBpcyB1c2VkIGJ5IHRo
ZSBhdXRob3JpemF0aW9uIGNvZGUgZ3JhbnQgdHlwZSBhbmQgaW1wbGljaXQKICAgICAgICAgICAg
Z3JhbnQgdHlwZSBmbG93cy4gVGhlIGNsaWVudCBpbmZvcm1zIHRoZSBhdXRob3JpemF0aW9uIHNl
cnZlciBvZiB0aGUgZGVzaXJlZCBncmFudAogICAgICAgICAgICB0eXBlIHVzaW5nIHRoZSBmb2xs
b3dpbmcgcGFyYW1ldGVyOgogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAg
IDxsaXN0IHN0eWxlPSdoYW5naW5nJyBoYW5nSW5kZW50PSc2Jz4KICAgICAgICAgICAgICA8dCBo
YW5nVGV4dD0ncmVzcG9uc2VfdHlwZSc+CiAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAg
ICAgICAgICAgICBSRVFVSVJFRC4gVGhlIHZhbHVlIE1VU1QgYmUgb25lIG9mIDxzcGFueCBzdHls
ZT0ndmVyYic+Y29kZTwvc3Bhbng+IGZvciByZXF1ZXN0aW5nCiAgICAgICAgICAgICAgICBhbiBh
dXRob3JpemF0aW9uIGNvZGUgYXMgZGVzY3JpYmVkIGJ5IDx4cmVmIHRhcmdldD0nY29kZS1hdXRo
ei1yZXEnIC8+LAogICAgICAgICAgICAgICAgPHNwYW54IHN0eWxlPSd2ZXJiJz50b2tlbjwvc3Bh
bng+IGZvciByZXF1ZXN0aW5nIGFuIGFjY2VzcyB0b2tlbiAoaW1wbGljaXQgZ3JhbnQpCiAgICAg
ICAgICAgICAgICBhcyBkZXNjcmliZWQgYnkgPHhyZWYgdGFyZ2V0PSdpbXBsaWNpdC1hdXRoei1y
ZXEnIC8+LCBvciBhIHJlZ2lzdGVyZWQgZXh0ZW5zaW9uCiAgICAgICAgICAgICAgICB2YWx1ZSBh
cyBkZXNjcmliZWQgYnkgPHhyZWYgdGFyZ2V0PSdyZXNwb25zZS10eXBlLWV4dCcgLz4uCiAgICAg
ICAgICAgICAgPC90PgogICAgICAgICAgICA8L2xpc3Q+CiAgICAgICAgICA8L3Q+CiAgICAgICAg
ICA8dD4KICAgICAgICAgICAgRXh0ZW5zaW9uIHJlc3BvbnNlIHR5cGVzIE1BWSBjb250YWluIGEg
c3BhY2UtZGVsaW1pdGVkICgleDIwKSBsaXN0IG9mIHZhbHVlcywgd2hlcmUgdGhlCiAgICAgICAg
ICAgIG9yZGVyIG9mIHZhbHVlcyBkb2VzIG5vdCBtYXR0ZXIgKGUuZy4gcmVzcG9uc2UgdHlwZSA8
c3Bhbnggc3R5bGU9J3ZlcmInPmEgYjwvc3Bhbng+IGlzCiAgICAgICAgICAgIHRoZSBzYW1lIGFz
IDxzcGFueCBzdHlsZT0ndmVyYic+YiBhPC9zcGFueD4pLiBUaGUgbWVhbmluZyBvZiBzdWNoIGNv
bXBvc2l0ZSByZXNwb25zZQogICAgICAgICAgICB0eXBlcyBpcyBkZWZpbmVkIGJ5IHRoZWlyIHJl
c3BlY3RpdmUgc3BlY2lmaWNhdGlvbnMuCiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAg
ICAgICAgICAgSWYgYW4gYXV0aG9yaXphdGlvbiByZXF1ZXN0IGlzIG1pc3NpbmcgdGhlIDxzcGFu
eCBzdHlsZT0ndmVyYic+cmVzcG9uc2VfdHlwZTwvc3Bhbng+CiAgICAgICAgICAgIHBhcmFtZXRl
ciwgb3IgaWYgdGhlIHJlc3BvbnNlIHR5cGUgaXMgbm90IHVuZGVyc3Rvb2QsIHRoZSBhdXRob3Jp
emF0aW9uIHNlcnZlciBNVVNUCiAgICAgICAgICAgIHJldHVybiBhbiBlcnJvciByZXNwb25zZSBh
cyBkZXNjcmliZWQgaW4gPHhyZWYgdGFyZ2V0PSdjb2RlLWF1dGh6LWVycm9yJyAvPi4KICAgICAg
ICAgIDwvdD4KICAgICAgICA8L3NlY3Rpb24+CgogICAgICAgIDxzZWN0aW9uIHRpdGxlPSdSZWRp
cmVjdGlvbiBFbmRwb2ludCcgYW5jaG9yPSdyZWRpcmVjdC11cmknPgogICAgICAgICAgPHQ+CiAg
ICAgICAgICAgIEFmdGVyIGNvbXBsZXRpbmcgaXRzIGludGVyYWN0aW9uIHdpdGggdGhlIHJlc291
cmNlIG93bmVyLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIKICAgICAgICAgICAgZGlyZWN0cyB0
aGUgcmVzb3VyY2Ugb3duZXIncyB1c2VyLWFnZW50IGJhY2sgdG8gdGhlIGNsaWVudC4gVGhlIGF1
dGhvcml6YXRpb24gc2VydmVyCiAgICAgICAgICAgIHJlZGlyZWN0cyB0aGUgdXNlci1hZ2VudCB0
byB0aGUgY2xpZW50J3MgcmVkaXJlY3Rpb24gZW5kcG9pbnQgcHJldmlvdXNseSBlc3RhYmxpc2hl
ZAogICAgICAgICAgICB3aXRoIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBkdXJpbmcgdGhlIGNs
aWVudCByZWdpc3RyYXRpb24gcHJvY2VzcyBvciB3aGVuIG1ha2luZwogICAgICAgICAgICB0aGUg
YXV0aG9yaXphdGlvbiByZXF1ZXN0LgogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAg
ICAgICAgIFRoZSByZWRpcmVjdGlvbiBlbmRwb2ludCBVUkkgTVVTVCBiZSBhbiBhYnNvbHV0ZSBV
UkkgYXMgZGVmaW5lZCBieQogICAgICAgICAgICA8eHJlZiB0YXJnZXQ9J1JGQzM5ODYnIC8+IHNl
Y3Rpb24gNC4zLiBUaGUgZW5kcG9pbnQgVVJJIE1BWSBpbmNsdWRlIGFuCiAgICAgICAgICAgIDxz
cGFueCBzdHlsZT0ndmVyYic+YXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkPC9zcGFu
eD4gZm9ybWF0dGVkCiAgICAgICAgICAgICg8eHJlZiB0YXJnZXQ9J1czQy5SRUMtaHRtbDQwMS0x
OTk5MTIyNCcgLz4pIHF1ZXJ5IGNvbXBvbmVudCAoPHhyZWYgdGFyZ2V0PSdSRkMzOTg2JyAvPgog
ICAgICAgICAgICBzZWN0aW9uIDMuNCksIHdoaWNoIE1VU1QgYmUgcmV0YWluZWQgd2hlbiBhZGRp
bmcgYWRkaXRpb25hbCBxdWVyeSBwYXJhbWV0ZXJzLiBUaGUKICAgICAgICAgICAgZW5kcG9pbnQg
VVJJIE1VU1QgTk9UIGluY2x1ZGUgYSBmcmFnbWVudCBjb21wb25lbnQuCiAgICAgICAgICA8L3Q+
CgogICAgICAgICAgPHNlY3Rpb24gdGl0bGU9J0VuZHBvaW50IFJlcXVlc3QgQ29uZmlkZW50aWFs
aXR5Jz4KICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgVGhlIHJlZGlyZWN0aW9uIGVuZHBv
aW50IFNIT1VMRCByZXF1aXJlIHRoZSB1c2Ugb2YgVExTIGFzIGRlc2NyaWJlZCBpbgogICAgICAg
ICAgICAgIDx4cmVmIHRhcmdldD0ndGxzJyAvPiB3aGVuIHRoZSByZXF1ZXN0ZWQgcmVzcG9uc2Ug
dHlwZSBpcwogICAgICAgICAgICAgIDxzcGFueCBzdHlsZT0ndmVyYic+Y29kZTwvc3Bhbng+IG9y
IDxzcGFueCBzdHlsZT0ndmVyYic+dG9rZW48L3NwYW54Piwgb3IKICAgICAgICAgICAgICB3aGVu
IHRoZSByZWRpcmVjdGlvbiByZXF1ZXN0IHdpbGwgcmVzdWx0IGluIHRoZSB0cmFuc21pc3Npb24g
b2Ygc2Vuc2l0aXZlIGNyZWRlbnRpYWxzCiAgICAgICAgICAgICAgb3ZlciBhbiBvcGVuIG5ldHdv
cmsuIFRoaXMgc3BlY2lmaWNhdGlvbiBkb2VzIG5vdCBtYW5kYXRlIHRoZSB1c2Ugb2YgVExTIGJl
Y2F1c2UgYXQKICAgICAgICAgICAgICB0aGUgdGltZSBvZiB0aGlzIHdyaXRpbmcsIHJlcXVpcmlu
ZyBjbGllbnRzIHRvIGRlcGxveSBUTFMgaXMgYSBzaWduaWZpY2FudCBodXJkbGUgZm9yCiAgICAg
ICAgICAgICAgbWFueSBjbGllbnQgZGV2ZWxvcGVycy4gSWYgVExTIGlzIG5vdCBhdmFpbGFibGUs
IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBTSE9VTEQgd2FybgogICAgICAgICAgICAgIHRoZSBy
ZXNvdXJjZSBvd25lciBhYm91dCB0aGUgaW5zZWN1cmUgZW5kcG9pbnQgcHJpb3IgdG8gcmVkaXJl
Y3Rpb24gKGUuZy4gZGlzcGxheSBhCiAgICAgICAgICAgICAgbWVzc2FnZSBkdXJpbmcgdGhlIGF1
dGhvcml6YXRpb24gcmVxdWVzdCkuCiAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPHQ+CiAg
ICAgICAgICAgICAgTGFjayBvZiB0cmFuc3BvcnQtbGF5ZXIgc2VjdXJpdHkgY2FuIGhhdmUgYSBz
ZXZlcmUgaW1wYWN0IG9uIHRoZSBzZWN1cml0eSBvZiB0aGUKICAgICAgICAgICAgICBjbGllbnQg
YW5kIHRoZSBwcm90ZWN0ZWQgcmVzb3VyY2VzIGl0IGlzIGF1dGhvcml6ZWQgdG8gYWNjZXNzLiBU
aGUgdXNlIG9mCiAgICAgICAgICAgICAgdHJhbnNwb3J0LWxheWVyIHNlY3VyaXR5IGlzIHBhcnRp
Y3VsYXJseSBjcml0aWNhbCB3aGVuIHRoZSBhdXRob3JpemF0aW9uIHByb2Nlc3MgaXMKICAgICAg
ICAgICAgICB1c2VkIGFzIGEgZm9ybSBvZiBkZWxlZ2F0ZWQgZW5kLXVzZXIgYXV0aGVudGljYXRp
b24gYnkgdGhlIGNsaWVudCAoZS5nLiB0aGlyZC1wYXJ0eQogICAgICAgICAgICAgIHNpZ24taW4g
c2VydmljZSkuCiAgICAgICAgICAgIDwvdD4KICAgICAgICAgIDwvc2VjdGlvbj4KCiAgICAgICAg
ICA8c2VjdGlvbiB0aXRsZT0nUmVnaXN0cmF0aW9uIFJlcXVpcmVtZW50cyc+CiAgICAgICAgICAg
IDx0PgogICAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIHJlcXVpcmUg
dGhlIGZvbGxvd2luZyBjbGllbnRzIHRvIHJlZ2lzdGVyIHRoZWlyCiAgICAgICAgICAgICAgcmVk
aXJlY3Rpb24gZW5kcG9pbnQ6CiAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPHQ+CiAgICAg
ICAgICAgICAgPGxpc3Qgc3R5bGU9J3N5bWJvbHMnPgogICAgICAgICAgICAgICAgPHQ+CiAgICAg
ICAgICAgICAgICAgIFB1YmxpYyBjbGllbnRzLgogICAgICAgICAgICAgICAgPC90PgogICAgICAg
ICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICAgIENvbmZpZGVudGlhbCBjbGllbnRzIHV0aWxp
emluZyB0aGUgaW1wbGljaXQgZ3JhbnQgdHlwZS4KICAgICAgICAgICAgICAgIDwvdD4KICAgICAg
ICAgICAgICA8L2xpc3Q+CiAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPHQ+CiAgICAgICAg
ICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCByZXF1aXJlIGFsbCBjbGllbnRz
IHRvIHJlZ2lzdGVyIHRoZWlyIHJlZGlyZWN0aW9uCiAgICAgICAgICAgICAgZW5kcG9pbnQgcHJp
b3IgdG8gdXRpbGl6aW5nIHRoZSBhdXRob3JpemF0aW9uIGVuZHBvaW50LgogICAgICAgICAgICA8
L3Q+CiAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZl
ciBTSE9VTEQgcmVxdWlyZSB0aGUgY2xpZW50IHRvIHByb3ZpZGUgdGhlIGNvbXBsZXRlCiAgICAg
ICAgICAgICAgcmVkaXJlY3Rpb24gVVJJICh0aGUgY2xpZW50IE1BWSB1c2UgdGhlIDxzcGFueCBz
dHlsZT0ndmVyYic+c3RhdGU8L3NwYW54PiByZXF1ZXN0CiAgICAgICAgICAgICAgcGFyYW1ldGVy
IHRvIGFjaGlldmUgcGVyLXJlcXVlc3QgY3VzdG9taXphdGlvbikuIElmIHJlcXVpcmluZyB0aGUg
cmVnaXN0cmF0aW9uIG9mCiAgICAgICAgICAgICAgdGhlIGNvbXBsZXRlIHJlZGlyZWN0aW9uIFVS
SSBpcyBub3QgcG9zc2libGUsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBTSE9VTEQgcmVxdWly
ZQogICAgICAgICAgICAgIHRoZSByZWdpc3RyYXRpb24gb2YgdGhlIFVSSSBzY2hlbWUsIGF1dGhv
cml0eSwgYW5kIHBhdGggKGFsbG93aW5nIHRoZSBjbGllbnQgdG8KICAgICAgICAgICAgICBkeW5h
bWljYWxseSB2YXJ5IG9ubHkgdGhlIHF1ZXJ5IGNvbXBvbmVudCBvZiB0aGUgcmVkaXJlY3Rpb24g
VVJJIHdoZW4gcmVxdWVzdGluZwogICAgICAgICAgICAgIGF1dGhvcml6YXRpb24pLgogICAgICAg
ICAgICA8L3Q+CiAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9u
IHNlcnZlciBNQVkgYWxsb3cgdGhlIGNsaWVudCB0byByZWdpc3RlciBtdWx0aXBsZSByZWRpcmVj
dGlvbgogICAgICAgICAgICAgIGVuZHBvaW50cy4KICAgICAgICAgICAgPC90PgogICAgICAgICAg
ICA8dD4KICAgICAgICAgICAgICBMYWNrIG9mIGEgcmVkaXJlY3Rpb24gVVJJIHJlZ2lzdHJhdGlv
biByZXF1aXJlbWVudCBjYW4gZW5hYmxlIGFuIGF0dGFja2VyIHRvIHVzZQogICAgICAgICAgICAg
IHRoZSBhdXRob3JpemF0aW9uIGVuZHBvaW50IGFzIG9wZW4gcmVkaXJlY3RvciBhcyBkZXNjcmli
ZWQgaW4KICAgICAgICAgICAgICA8eHJlZiB0YXJnZXQ9J29wZW4tcmVkaXJlY3QnIC8+LgogICAg
ICAgICAgICA8L3Q+CiAgICAgICAgICA8L3NlY3Rpb24+CgogICAgICAgICAgPHNlY3Rpb24gdGl0
bGU9J0R5bmFtaWMgQ29uZmlndXJhdGlvbic+CiAgICAgICAgICAgIDx0PgogICAgICAgICAgICAg
IElmIG11bHRpcGxlIHJlZGlyZWN0aW9uIFVSSXMgaGF2ZSBiZWVuIHJlZ2lzdGVyZWQsIGlmIG9u
bHkgcGFydCBvZiB0aGUgcmVkaXJlY3Rpb24KICAgICAgICAgICAgICBVUkkgaGFzIGJlZW4gcmVn
aXN0ZXJlZCwgb3IgaWYgbm8gcmVkaXJlY3Rpb24gVVJJIGhhcyBiZWVuIHJlZ2lzdGVyZWQsIHRo
ZSBjbGllbnQKICAgICAgICAgICAgICBNVVNUIGluY2x1ZGUgYSByZWRpcmVjdGlvbiBVUkkgd2l0
aCB0aGUgYXV0aG9yaXphdGlvbiByZXF1ZXN0IHVzaW5nIHRoZQogICAgICAgICAgICAgIDxzcGFu
eCBzdHlsZT0ndmVyYic+cmVkaXJlY3RfdXJpPC9zcGFueD4gcmVxdWVzdCBwYXJhbWV0ZXIuCiAg
ICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgV2hlbiBhIHJlZGly
ZWN0aW9uIFVSSSBpcyBpbmNsdWRlZCBpbiBhbiBhdXRob3JpemF0aW9uIHJlcXVlc3QsIHRoZSBh
dXRob3JpemF0aW9uCiAgICAgICAgICAgICAgc2VydmVyIE1VU1QgY29tcGFyZSBhbmQgbWF0Y2gg
dGhlIHZhbHVlIHJlY2VpdmVkIGFnYWluc3QgYXQgbGVhc3Qgb25lIG9mIHRoZQogICAgICAgICAg
ICAgIHJlZ2lzdGVyZWQgcmVkaXJlY3Rpb24gVVJJcyAob3IgVVJJIGNvbXBvbmVudHMpIGFzIGRl
ZmluZWQgaW4KICAgICAgICAgICAgICA8eHJlZiB0YXJnZXQ9J1JGQzM5ODYnIC8+IHNlY3Rpb24g
NiwgaWYgYW55IHJlZGlyZWN0aW9uIFVSSXMgd2VyZSByZWdpc3RlcmVkLgogICAgICAgICAgICAg
IElmIHRoZSBjbGllbnQgcmVnaXN0cmF0aW9uIGluY2x1ZGVkIHRoZSBmdWxsIHJlZGlyZWN0aW9u
IFVSSSwgdGhlIGF1dGhvcml6YXRpb24KICAgICAgICAgICAgICBzZXJ2ZXIgTVVTVCBjb21wYXJl
IHRoZSB0d28gVVJJcyB1c2luZyBzaW1wbGUgc3RyaW5nIGNvbXBhcmlzb24gYXMgZGVmaW5lZAog
ICAgICAgICAgICAgIGluIDx4cmVmIHRhcmdldD0nUkZDMzk4NicgLz4gc2VjdGlvbiA2LjIuMS4K
ICAgICAgICAgICAgPC90PgogICAgICAgICA8L3NlY3Rpb24+CgogICAgICAgICAgPHNlY3Rpb24g
dGl0bGU9J0ludmFsaWQgRW5kcG9pbnQnPgogICAgICAgICAgICA8dD4KICAgICAgICAgICAgICBJ
ZiBhbiBhdXRob3JpemF0aW9uIHJlcXVlc3QgZmFpbHMgdmFsaWRhdGlvbiBkdWUgdG8gYSBtaXNz
aW5nLCBpbnZhbGlkLCBvcgogICAgICAgICAgICAgIG1pc21hdGNoaW5nIHJlZGlyZWN0aW9uIFVS
SSwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCBpbmZvcm0gdGhlIHJlc291cmNlCiAg
ICAgICAgICAgICAgb3duZXIgb2YgdGhlIGVycm9yLCBhbmQgTVVTVCBOT1QgYXV0b21hdGljYWxs
eSByZWRpcmVjdCB0aGUgdXNlci1hZ2VudCB0byB0aGUgaW52YWxpZAogICAgICAgICAgICAgIHJl
ZGlyZWN0aW9uIFVSSS4KICAgICAgICAgICAgPC90PgogICAgICAgICAgPC9zZWN0aW9uPgoKICAg
ICAgICAgIDxzZWN0aW9uIHRpdGxlPSdFbmRwb2ludCBDb250ZW50Jz4KICAgICAgICAgICAgPHQ+
CiAgICAgICAgICAgICAgVGhlIHJlZGlyZWN0aW9uIHJlcXVlc3QgdG8gdGhlIGNsaWVudCdzIGVu
ZHBvaW50IHR5cGljYWxseSByZXN1bHRzIGluIGFuIEhUTUwKICAgICAgICAgICAgICBkb2N1bWVu
dCByZXNwb25zZSwgcHJvY2Vzc2VkIGJ5IHRoZSB1c2VyLWFnZW50LiBJZiB0aGUgSFRNTCByZXNw
b25zZSBpcyBzZXJ2ZWQKICAgICAgICAgICAgICBkaXJlY3RseSBhcyB0aGUgcmVzdWx0IG9mIHRo
ZSByZWRpcmVjdGlvbiByZXF1ZXN0LCBhbnkgc2NyaXB0IGluY2x1ZGVkIGluIHRoZSBIVE1MCiAg
ICAgICAgICAgICAgZG9jdW1lbnQgd2lsbCBleGVjdXRlIHdpdGggZnVsbCBhY2Nlc3MgdG8gdGhl
IHJlZGlyZWN0aW9uIFVSSSBhbmQgdGhlIGNyZWRlbnRpYWxzIGl0CiAgICAgICAgICAgICAgY29u
dGFpbnMuCiAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgVGhl
IGNsaWVudCBTSE9VTEQgTk9UIGluY2x1ZGUgYW55IHRoaXJkLXBhcnR5IHNjcmlwdHMgKGUuZy4g
dGhpcmQtcGFydHkgYW5hbHl0aWNzLAogICAgICAgICAgICAgIHNvY2lhbCBwbHVnLWlucywgYWQg
bmV0d29ya3MpIGluIHRoZSByZWRpcmVjdGlvbiBlbmRwb2ludCByZXNwb25zZS4gSW5zdGVhZCwg
aXQKICAgICAgICAgICAgICBTSE9VTEQgZXh0cmFjdCB0aGUgY3JlZGVudGlhbHMgZnJvbSB0aGUg
VVJJIGFuZCByZWRpcmVjdCB0aGUgdXNlci1hZ2VudCBhZ2FpbiB0bwogICAgICAgICAgICAgIGFu
b3RoZXIgZW5kcG9pbnQgd2l0aG91dCBleHBvc2luZyB0aGUgY3JlZGVudGlhbHMgKGluIHRoZSBV
Ukkgb3IgZWxzZXdoZXJlKS4gSWYKICAgICAgICAgICAgICB0aGlyZC1wYXJ0eSBzY3JpcHRzIGFy
ZSBpbmNsdWRlZCwgdGhlIGNsaWVudCBNVVNUIGVuc3VyZSB0aGF0IGl0cyBvd24gc2NyaXB0cwog
ICAgICAgICAgICAgICh1c2VkIHRvIGV4dHJhY3QgYW5kIHJlbW92ZSB0aGUgY3JlZGVudGlhbHMg
ZnJvbSB0aGUgVVJJKSB3aWxsIGV4ZWN1dGUgZmlyc3QuCiAgICAgICAgICAgIDwvdD4KICAgICAg
ICAgIDwvc2VjdGlvbj4KICAgICAgICAgIAogICAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDwvc2Vj
dGlvbj4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSdUb2tlbiBFbmRwb2ludCc+CiAgICAgICAgPHQ+
CiAgICAgICAgICBUaGUgdG9rZW4gZW5kcG9pbnQgaXMgdXNlZCBieSB0aGUgY2xpZW50IHRvIG9i
dGFpbiBhbiBhY2Nlc3MgdG9rZW4gYnkgcHJlc2VudGluZyBpdHMKICAgICAgICAgIGF1dGhvcml6
YXRpb24gZ3JhbnQgb3IgcmVmcmVzaCB0b2tlbi4gVGhlIHRva2VuIGVuZHBvaW50IGlzIHVzZWQg
d2l0aCBldmVyeSBhdXRob3JpemF0aW9uCiAgICAgICAgICBncmFudCBleGNlcHQgZm9yIHRoZSBp
bXBsaWNpdCBncmFudCB0eXBlIChzaW5jZSBhbiBhY2Nlc3MgdG9rZW4gaXMgaXNzdWVkIGRpcmVj
dGx5KS4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUgbWVhbnMgdGhyb3Vn
aCB3aGljaCB0aGUgY2xpZW50IG9idGFpbnMgdGhlIGxvY2F0aW9uIG9mIHRoZSB0b2tlbiBlbmRw
b2ludCBhcmUKICAgICAgICAgIGJleW9uZCB0aGUgc2NvcGUgb2YgdGhpcyBzcGVjaWZpY2F0aW9u
IGJ1dCBpcyB0eXBpY2FsbHkgcHJvdmlkZWQgaW4gdGhlIHNlcnZpY2UKICAgICAgICAgIGRvY3Vt
ZW50YXRpb24uCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgVGhlIGVuZHBvaW50
IFVSSSBNQVkgaW5jbHVkZSBhbgogICAgICAgICAgPHNwYW54IHN0eWxlPSd2ZXJiJz5hcHBsaWNh
dGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ8L3NwYW54PiBmb3JtYXR0ZWQKICAgICAgICAgICg8
eHJlZiB0YXJnZXQ9J1czQy5SRUMtaHRtbDQwMS0xOTk5MTIyNCcgLz4pIHF1ZXJ5IGNvbXBvbmVu
dCAoPHhyZWYgdGFyZ2V0PSdSRkMzOTg2JyAvPgogICAgICAgICAgc2VjdGlvbiAzLjQpLCB3aGlj
aCBNVVNUIGJlIHJldGFpbmVkIHdoZW4gYWRkaW5nIGFkZGl0aW9uYWwgcXVlcnkgcGFyYW1ldGVy
cy4gVGhlCiAgICAgICAgICBlbmRwb2ludCBVUkkgTVVTVCBOT1QgaW5jbHVkZSBhIGZyYWdtZW50
IGNvbXBvbmVudC4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBTaW5jZSByZXF1
ZXN0cyB0byB0aGUgdG9rZW4gZW5kcG9pbnQgcmVzdWx0IGluIHRoZSB0cmFuc21pc3Npb24gb2Yg
Y2xlYXItdGV4dCBjcmVkZW50aWFscwogICAgICAgICAgKGluIHRoZSBIVFRQIHJlcXVlc3QgYW5k
IHJlc3BvbnNlKSwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgcmVxdWlyZSB0aGUgdXNl
IG9mIFRMUwogICAgICAgICAgYXMgZGVzY3JpYmVkIGluIDx4cmVmIHRhcmdldD0ndGxzJyAvPiB3
aGVuIHNlbmRpbmcgcmVxdWVzdHMgdG8gdGhlIHRva2VuIGVuZHBvaW50LgogICAgICAgIDwvdD4K
ICAgICAgICA8dD4KICAgICAgICAgIFRoZSBjbGllbnQgTVVTVCB1c2UgdGhlIEhUVFAgPHNwYW54
IHN0eWxlPSd2ZXJiJz5QT1NUPC9zcGFueD4gbWV0aG9kIHdoZW4gbWFraW5nIGFjY2VzcwogICAg
ICAgICAgdG9rZW4gcmVxdWVzdHMuCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAg
UGFyYW1ldGVycyBzZW50IHdpdGhvdXQgYSB2YWx1ZSBNVVNUIGJlIHRyZWF0ZWQgYXMgaWYgdGhl
eSB3ZXJlIG9taXR0ZWQgZnJvbSB0aGUgcmVxdWVzdC4KICAgICAgICAgIFRoZSBhdXRob3JpemF0
aW9uIHNlcnZlciBNVVNUIGlnbm9yZSB1bnJlY29nbml6ZWQgcmVxdWVzdCBwYXJhbWV0ZXJzLiBS
ZXF1ZXN0IGFuZAogICAgICAgICAgcmVzcG9uc2UgcGFyYW1ldGVycyBNVVNUIE5PVCBiZSBpbmNs
dWRlZCBtb3JlIHRoYW4gb25jZS4KICAgICAgICA8L3Q+CgogICAgICAgIDxzZWN0aW9uIHRpdGxl
PSdDbGllbnQgQXV0aGVudGljYXRpb24nIGFuY2hvcj0ndG9rZW4tZW5kcG9pbnQtYXV0aCc+CiAg
ICAgICAgICA8dD4KICAgICAgICAgICAgQ29uZmlkZW50aWFsIGNsaWVudHMgb3Igb3RoZXIgY2xp
ZW50cyBpc3N1ZWQgY2xpZW50IGNyZWRlbnRpYWxzIE1VU1QgYXV0aGVudGljYXRlIHdpdGgKICAg
ICAgICAgICAgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGFzIGRlc2NyaWJlZCBpbiA8eHJlZiB0
YXJnZXQ9J2NsaWVudC1hdXRoZW50aWNhdGlvbicgLz4gd2hlbgogICAgICAgICAgICBtYWtpbmcg
cmVxdWVzdHMgdG8gdGhlIHRva2VuIGVuZHBvaW50LiBDbGllbnQgYXV0aGVudGljYXRpb24gaXMg
dXNlZCBmb3I6CiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgPGxpc3Qg
c3R5bGU9J3N5bWJvbHMnPgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgRW5mb3Jj
aW5nIHRoZSBiaW5kaW5nIG9mIHJlZnJlc2ggdG9rZW5zIGFuZCBhdXRob3JpemF0aW9uIGNvZGVz
IHRvIHRoZSBjbGllbnQgdGhleQogICAgICAgICAgICAgICAgd2VyZSBpc3N1ZWQgdG8uIENsaWVu
dCBhdXRoZW50aWNhdGlvbiBpcyBjcml0aWNhbCB3aGVuIGFuIGF1dGhvcml6YXRpb24gY29kZSBp
cwogICAgICAgICAgICAgICAgdHJhbnNtaXR0ZWQgdG8gdGhlIHJlZGlyZWN0aW9uIGVuZHBvaW50
IG92ZXIgYW4gaW5zZWN1cmUgY2hhbm5lbCwgb3Igd2hlbiB0aGUKICAgICAgICAgICAgICAgIHJl
ZGlyZWN0aW9uIFVSSSBoYXMgbm90IGJlZW4gcmVnaXN0ZXJlZCBpbiBmdWxsLgogICAgICAgICAg
ICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFJlY292ZXJpbmcgZnJv
bSBhIGNvbXByb21pc2VkIGNsaWVudCBieSBkaXNhYmxpbmcgdGhlIGNsaWVudCBvciBjaGFuZ2lu
ZyBpdHMKICAgICAgICAgICAgICAgIGNyZWRlbnRpYWxzLCB0aHVzIHByZXZlbnRpbmcgYW4gYXR0
YWNrZXIgZnJvbSBhYnVzaW5nIHN0b2xlbiByZWZyZXNoIHRva2Vucy4gQ2hhbmdpbmcKICAgICAg
ICAgICAgICAgIGEgc2luZ2xlIHNldCBvZiBjbGllbnQgY3JlZGVudGlhbHMgaXMgc2lnbmlmaWNh
bnRseSBmYXN0ZXIgdGhhbiByZXZva2luZyBhbiBlbnRpcmUKICAgICAgICAgICAgICAgIHNldCBv
ZiByZWZyZXNoIHRva2Vucy4KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAg
ICAgICAgICAgICAgICBJbXBsZW1lbnRpbmcgYXV0aGVudGljYXRpb24gbWFuYWdlbWVudCBiZXN0
IHByYWN0aWNlcyB3aGljaCByZXF1aXJlIHBlcmlvZGljCiAgICAgICAgICAgICAgICBjcmVkZW50
aWFsIHJvdGF0aW9uLiBSb3RhdGlvbiBvZiBhbiBlbnRpcmUgc2V0IG9mIHJlZnJlc2ggdG9rZW5z
IGNhbiBiZQogICAgICAgICAgICAgICAgY2hhbGxlbmdpbmcsIHdoaWxlIHJvdGF0aW9uIG9mIGEg
c2luZ2xlIHNldCBvZiBjbGllbnQgY3JlZGVudGlhbHMgaXMgc2lnbmlmaWNhbnRseQogICAgICAg
ICAgICAgICAgZWFzaWVyLgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPC9saXN0Pgog
ICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIEEgcHVibGljIGNsaWVudCB0
aGF0IHdhcyBub3QgaXNzdWVkIGEgY2xpZW50IHBhc3N3b3JkIE1BWSB1c2UgdGhlCiAgICAgICAg
ICAgIDxzcGFueCBzdHlsZT0ndmVyYic+Y2xpZW50X2lkPC9zcGFueD4gcmVxdWVzdCBwYXJhbWV0
ZXIgdG8gaWRlbnRpZnkgaXRzZWxmIHdoZW4gc2VuZGluZwogICAgICAgICAgICByZXF1ZXN0cyB0
byB0aGUgdG9rZW4gZW5kcG9pbnQgKGUuZy4gZm9yIHRoZSBwdXJwb3NlIG9mIHByb3ZpZGluZyBl
bmQtdXNlciBjb250ZXh0LAogICAgICAgICAgICBjbGllbnQgdXNhZ2Ugc3RhdGlzdGljcykuCiAg
ICAgICAgICA8L3Q+CiAgICAgICAgPC9zZWN0aW9uPgoKICAgICAgPC9zZWN0aW9uPgoKICAgICAg
PHNlY3Rpb24gdGl0bGU9J0FjY2VzcyBUb2tlbiBTY29wZScgYW5jaG9yPSdzY29wZSc+CiAgICAg
ICAgPHQ+CiAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBhbmQgdG9rZW4gZW5kcG9pbnRzIGFs
bG93IHRoZSBjbGllbnQgdG8gc3BlY2lmeSB0aGUgc2NvcGUgb2YgdGhlIGFjY2VzcwogICAgICAg
ICAgcmVxdWVzdCB1c2luZyB0aGUgPHNwYW54IHN0eWxlPSd2ZXJiJz5zY29wZTwvc3Bhbng+IHJl
cXVlc3QgcGFyYW1ldGVyLiBJbiB0dXJuLCB0aGUKICAgICAgICAgIGF1dGhvcml6YXRpb24gc2Vy
dmVyIHVzZXMgdGhlIDxzcGFueCBzdHlsZT0ndmVyYic+c2NvcGU8L3NwYW54PiByZXNwb25zZSBw
YXJhbWV0ZXIgdG8KICAgICAgICAgIGluZm9ybSB0aGUgY2xpZW50IG9mIHRoZSBzY29wZSBvZiB0
aGUgYWNjZXNzIHRva2VuIGlzc3VlZC4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAg
ICBUaGUgdmFsdWUgb2YgdGhlIHNjb3BlIHBhcmFtZXRlciBpcyBleHByZXNzZWQgYXMgYSBsaXN0
IG9mIHNwYWNlLWRlbGltaXRlZCwgY2FzZQogICAgICAgICAgc2Vuc2l0aXZlIHN0cmluZ3MuIFRo
ZSBzdHJpbmdzIGFyZSBkZWZpbmVkIGJ5IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4gSWYgdGhl
IHZhbHVlCiAgICAgICAgICBjb250YWlucyBtdWx0aXBsZSBzcGFjZS1kZWxpbWl0ZWQgc3RyaW5n
cywgdGhlaXIgb3JkZXIgZG9lcyBub3QgbWF0dGVyLCBhbmQgZWFjaCBzdHJpbmcKICAgICAgICAg
IGFkZHMgYW4gYWRkaXRpb25hbCBhY2Nlc3MgcmFuZ2UgdG8gdGhlIHJlcXVlc3RlZCBzY29wZS4K
ICAgICAgICA8L3Q+CiAgICAgICAgPGZpZ3VyZT4KICAgICAgICAgIDxhcnR3b3JrPgogICAgICAg
ICAgICA8IVtDREFUQVsKICBzY29wZSAgICAgICA9IHNjb3BlLXRva2VuICooIFNQIHNjb3BlLXRv
a2VuICkKICBzY29wZS10b2tlbiA9IDEqKCAleDIxIC8gJXgyMy01QiAvICV4NUQtN0UgKQpdXT4K
ICAgICAgICAgIDwvYXJ0d29yaz4KICAgICAgICA8L2ZpZ3VyZT4KICAgICAgICA8dD4KICAgICAg
ICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNQVkgZnVsbHkgb3IgcGFydGlhbGx5IGlnbm9y
ZSB0aGUgc2NvcGUgcmVxdWVzdGVkIGJ5IHRoZSBjbGllbnQKICAgICAgICAgIGJhc2VkIG9uIHRo
ZSBhdXRob3JpemF0aW9uIHNlcnZlciBwb2xpY3kgb3IgdGhlIHJlc291cmNlIG93bmVyJ3MgaW5z
dHJ1Y3Rpb25zLiBJZiB0aGUKICAgICAgICAgIGlzc3VlZCBhY2Nlc3MgdG9rZW4gc2NvcGUgaXMg
ZGlmZmVyZW50IGZyb20gdGhlIG9uZSByZXF1ZXN0ZWQgYnkgdGhlIGNsaWVudCwgdGhlCiAgICAg
ICAgICBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIGluY2x1ZGUgdGhlIDxzcGFueCBzdHlsZT0n
dmVyYic+c2NvcGU8L3NwYW54PiByZXNwb25zZQogICAgICAgICAgcGFyYW1ldGVyIHRvIGluZm9y
bSB0aGUgY2xpZW50IG9mIHRoZSBhY3R1YWwgc2NvcGUgZ3JhbnRlZC4KICAgICAgICA8L3Q+CiAg
ICAgICAgPHQ+CiAgICAgICAgICBJZiB0aGUgY2xpZW50IG9taXRzIHRoZSBzY29wZSBwYXJhbWV0
ZXIgd2hlbiByZXF1ZXN0aW5nIGF1dGhvcml6YXRpb24sIHRoZSBhdXRob3JpemF0aW9uCiAgICAg
ICAgICBzZXJ2ZXIgTVVTVCBlaXRoZXIgcHJvY2VzcyB0aGUgcmVxdWVzdCB1c2luZyBhIHByZS1k
ZWZpbmVkIGRlZmF1bHQgdmFsdWUsIG9yIGZhaWwgdGhlCiAgICAgICAgICByZXF1ZXN0IGluZGlj
YXRpbmcgYW4gaW52YWxpZCBzY29wZS4gVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCBk
b2N1bWVudCBpdHMgc2NvcGUKICAgICAgICAgIHJlcXVpcmVtZW50cyBhbmQgZGVmYXVsdCB2YWx1
ZSAoaWYgZGVmaW5lZCkuCiAgICAgICAgPC90PgogICAgICA8L3NlY3Rpb24+CgogICAgPC9zZWN0
aW9uPgoKICAgIDxzZWN0aW9uIHRpdGxlPSdPYnRhaW5pbmcgQXV0aG9yaXphdGlvbic+CiAgICAg
IDx0PgogICAgICAgIFRvIHJlcXVlc3QgYW4gYWNjZXNzIHRva2VuLCB0aGUgY2xpZW50IG9idGFp
bnMgYXV0aG9yaXphdGlvbiBmcm9tIHRoZSByZXNvdXJjZSBvd25lci4gVGhlCiAgICAgICAgYXV0
aG9yaXphdGlvbiBpcyBleHByZXNzZWQgaW4gdGhlIGZvcm0gb2YgYW4gYXV0aG9yaXphdGlvbiBn
cmFudCB3aGljaCB0aGUgY2xpZW50IHVzZXMgdG8KICAgICAgICByZXF1ZXN0IHRoZSBhY2Nlc3Mg
dG9rZW4uIE9BdXRoIGRlZmluZXMgZm91ciBncmFudCB0eXBlczogYXV0aG9yaXphdGlvbiBjb2Rl
LCBpbXBsaWNpdCwKICAgICAgICByZXNvdXJjZSBvd25lciBwYXNzd29yZCBjcmVkZW50aWFscywg
YW5kIGNsaWVudCBjcmVkZW50aWFscy4gSXQgYWxzbyBwcm92aWRlcyBhbiBleHRlbnNpb24KICAg
ICAgICBtZWNoYW5pc20gZm9yIGRlZmluaW5nIGFkZGl0aW9uYWwgZ3JhbnQgdHlwZXMuCiAgICAg
IDwvdD4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSdBdXRob3JpemF0aW9uIENvZGUgR3JhbnQnIGFu
Y2hvcj0nZ3JhbnQtY29kZSc+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUgYXV0aG9yaXphdGlv
biBjb2RlIGdyYW50IHR5cGUgaXMgdXNlZCB0byBvYnRhaW4gYm90aCBhY2Nlc3MgdG9rZW5zIGFu
ZCByZWZyZXNoCiAgICAgICAgICB0b2tlbnMgYW5kIGlzIG9wdGltaXplZCBmb3IgY29uZmlkZW50
aWFsIGNsaWVudHMuIEFzIGEgcmVkaXJlY3Rpb24tYmFzZWQgZmxvdywgdGhlIGNsaWVudAogICAg
ICAgICAgbXVzdCBiZSBjYXBhYmxlIG9mIGludGVyYWN0aW5nIHdpdGggdGhlIHJlc291cmNlIG93
bmVyJ3MgdXNlci1hZ2VudCAodHlwaWNhbGx5IGEgd2ViCiAgICAgICAgICBicm93c2VyKSBhbmQg
Y2FwYWJsZSBvZiByZWNlaXZpbmcgaW5jb21pbmcgcmVxdWVzdHMgKHZpYSByZWRpcmVjdGlvbikg
ZnJvbSB0aGUKICAgICAgICAgIGF1dGhvcml6YXRpb24gc2VydmVyLgogICAgICAgIDwvdD4KICAg
ICAgICA8ZmlndXJlIHRpdGxlPSdBdXRob3JpemF0aW9uIENvZGUgRmxvdycgYW5jaG9yPSdGaWd1
cmUtMyc+CiAgICAgICAgICA8YXJ0d29yaz4KICAgICAgICAgICAgPCFbQ0RBVEFbCiAgKy0tLS0t
LS0tLS0rCiAgfCByZXNvdXJjZSB8CiAgfCAgIG93bmVyICB8CiAgfCAgICAgICAgICB8CiAgKy0t
LS0tLS0tLS0rCiAgICAgICBeCiAgICAgICB8CiAgICAgIChCKSAgICAgIAogICstLS0tfC0tLS0t
KyAgICAgICAgICBDbGllbnQgSWRlbnRpZmllciAgICAgICstLS0tLS0tLS0tLS0tLS0rCiAgfCAg
ICAgICAgIC0rLS0tLShBKS0tICYgUmVkaXJlY3Rpb24gVVJJIC0tLS0+fCAgICAgICAgICAgICAg
IHwKICB8ICBVc2VyLSAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8IEF1dGhv
cml6YXRpb24gfAogIHwgIEFnZW50ICAtKy0tLS0oQiktLSBVc2VyIGF1dGhlbnRpY2F0ZXMgLS0t
PnwgICAgIFNlcnZlciAgICB8CiAgfCAgICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgfCAgICAgICAgICAgICAgIHwKICB8ICAgICAgICAgLSstLS0tKEMpLS0gQXV0aG9y
aXphdGlvbiBDb2RlIC0tLTx8ICAgICAgICAgICAgICAgfAogICstfC0tLS18LS0tKyAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICstLS0tLS0tLS0tLS0tLS0rCiAgICB8ICAgIHwgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIF4gICAgICB2CiAgIChBKSAgKEMp
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgICB8CiAgICB8ICAg
IHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgICB8CiAgICBe
ICAgIHYgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgICB8CiAg
Ky0tLS0tLS0tLSsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgICB8
CiAgfCAgICAgICAgIHw+LS0tKEQpLS0gQXV0aG9yaXphdGlvbiBDb2RlIC0tLS0tLS0tLScgICAg
ICB8CiAgfCAgQ2xpZW50IHwgICAgICAgICAgJiBSZWRpcmVjdGlvbiBVUkkgICAgICAgICAgICAg
ICAgICB8CiAgfCAgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICB8CiAgfCAgICAgICAgIHw8LS0tKEUpLS0tLS0gQWNjZXNzIFRva2VuIC0tLS0tLS0t
LS0tLS0tLS0tLS0nCiAgKy0tLS0tLS0tLSsgICAgICAgKHcvIE9wdGlvbmFsIFJlZnJlc2ggVG9r
ZW4pCl1dPgogICAgICAgICAgPC9hcnR3b3JrPgogICAgICAgICAgPHBvc3RhbWJsZT4KICAgICAg
ICAgICAgTm90ZTogVGhlIGxpbmVzIGlsbHVzdHJhdGluZyBzdGVwcyBBLCBCLCBhbmQgQyBhcmUg
YnJva2VuIGludG8gdHdvIHBhcnRzIGFzIHRoZXkgcGFzcwogICAgICAgICAgICB0aHJvdWdoIHRo
ZSB1c2VyLWFnZW50LgogICAgICAgICAgPC9wb3N0YW1ibGU+CiAgICAgICAgPC9maWd1cmU+CiAg
ICAgICAgPHQ+CiAgICAgICAgICBUaGUgZmxvdyBpbGx1c3RyYXRlZCBpbiA8eHJlZiB0YXJnZXQ9
J0ZpZ3VyZS0zJyAvPiBpbmNsdWRlcyB0aGUgZm9sbG93aW5nIHN0ZXBzOgogICAgICAgIDwvdD4K
ICAgICAgICA8dD4KICAgICAgICAgIDxsaXN0IHN0eWxlPSdmb3JtYXQgKCVDKSc+CiAgICAgICAg
ICAgIDx0PgogICAgICAgICAgICAgIFRoZSBjbGllbnQgaW5pdGlhdGVzIHRoZSBmbG93IGJ5IGRp
cmVjdGluZyB0aGUgcmVzb3VyY2Ugb3duZXIncyB1c2VyLWFnZW50IHRvIHRoZQogICAgICAgICAg
ICAgIGF1dGhvcml6YXRpb24gZW5kcG9pbnQuIFRoZSBjbGllbnQgaW5jbHVkZXMgaXRzIGNsaWVu
dCBpZGVudGlmaWVyLCByZXF1ZXN0ZWQKICAgICAgICAgICAgICBzY29wZSwgbG9jYWwgc3RhdGUs
IGFuZCBhIHJlZGlyZWN0aW9uIFVSSSB0byB3aGljaCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIg
d2lsbCBzZW5kCiAgICAgICAgICAgICAgdGhlIHVzZXItYWdlbnQgYmFjayBvbmNlIGFjY2VzcyBp
cyBncmFudGVkIChvciBkZW5pZWQpLgogICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDx0Pgog
ICAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhdXRoZW50aWNhdGVzIHRoZSBy
ZXNvdXJjZSBvd25lciAodmlhIHRoZSB1c2VyLWFnZW50KSBhbmQKICAgICAgICAgICAgICBlc3Rh
Ymxpc2hlcyB3aGV0aGVyIHRoZSByZXNvdXJjZSBvd25lciBncmFudHMgb3IgZGVuaWVzIHRoZSBj
bGllbnQncyBhY2Nlc3MgcmVxdWVzdC4KICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8dD4K
ICAgICAgICAgICAgICBBc3N1bWluZyB0aGUgcmVzb3VyY2Ugb3duZXIgZ3JhbnRzIGFjY2Vzcywg
dGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHJlZGlyZWN0cyB0aGUKICAgICAgICAgICAgICB1c2Vy
LWFnZW50IGJhY2sgdG8gdGhlIGNsaWVudCB1c2luZyB0aGUgcmVkaXJlY3Rpb24gVVJJIHByb3Zp
ZGVkIGVhcmxpZXIgKGluIHRoZQogICAgICAgICAgICAgIHJlcXVlc3Qgb3IgZHVyaW5nIGNsaWVu
dCByZWdpc3RyYXRpb24pLiBUaGUgcmVkaXJlY3Rpb24gVVJJIGluY2x1ZGVzIGFuIGF1dGhvcml6
YXRpb24KICAgICAgICAgICAgICBjb2RlIGFuZCBhbnkgbG9jYWwgc3RhdGUgcHJvdmlkZWQgYnkg
dGhlIGNsaWVudCBlYXJsaWVyLgogICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDx0PgogICAg
ICAgICAgICAgIFRoZSBjbGllbnQgcmVxdWVzdHMgYW4gYWNjZXNzIHRva2VuIGZyb20gdGhlIGF1
dGhvcml6YXRpb24gc2VydmVyJ3MgdG9rZW4gZW5kcG9pbnQKICAgICAgICAgICAgICBieSBpbmNs
dWRpbmcgdGhlIGF1dGhvcml6YXRpb24gY29kZSByZWNlaXZlZCBpbiB0aGUgcHJldmlvdXMgc3Rl
cC4gV2hlbiBtYWtpbmcgdGhlCiAgICAgICAgICAgICAgcmVxdWVzdCwgdGhlIGNsaWVudCBhdXRo
ZW50aWNhdGVzIHdpdGggdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLiBUaGUgY2xpZW50IGluY2x1
ZGVzCiAgICAgICAgICAgICAgdGhlIHJlZGlyZWN0aW9uIFVSSSB1c2VkIHRvIG9idGFpbiB0aGUg
YXV0aG9yaXphdGlvbiBjb2RlIGZvciB2ZXJpZmljYXRpb24uCiAgICAgICAgICAgIDwvdD4KICAg
ICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGF1dGhl
bnRpY2F0ZXMgdGhlIGNsaWVudCwgdmFsaWRhdGVzIHRoZSBhdXRob3JpemF0aW9uIGNvZGUsCiAg
ICAgICAgICAgICAgYW5kIGVuc3VyZXMgdGhlIHJlZGlyZWN0aW9uIFVSSSByZWNlaXZlZCBtYXRj
aGVzIHRoZSBVUkkgdXNlZCB0byByZWRpcmVjdCB0aGUgY2xpZW50CiAgICAgICAgICAgICAgaW4g
c3RlcCAoQykuIElmIHZhbGlkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgcmVzcG9uZHMgYmFj
ayB3aXRoIGFuIGFjY2VzcyB0b2tlbgogICAgICAgICAgICAgIGFuZCBvcHRpb25hbGx5LCBhIHJl
ZnJlc2ggdG9rZW4uCiAgICAgICAgICAgIDwvdD4KICAgICAgICAgIDwvbGlzdD4KICAgICAgICA8
L3Q+CgogICAgICAgIDxzZWN0aW9uIHRpdGxlPSdBdXRob3JpemF0aW9uIFJlcXVlc3QnIGFuY2hv
cj0nY29kZS1hdXRoei1yZXEnPgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIFRoZSBjbGllbnQg
Y29uc3RydWN0cyB0aGUgcmVxdWVzdCBVUkkgYnkgYWRkaW5nIHRoZSBmb2xsb3dpbmcgcGFyYW1l
dGVycyB0byB0aGUKICAgICAgICAgICAgcXVlcnkgY29tcG9uZW50IG9mIHRoZSBhdXRob3JpemF0
aW9uIGVuZHBvaW50IFVSSSB1c2luZyB0aGUKICAgICAgICAgICAgPHNwYW54IHN0eWxlPSd2ZXJi
Jz5hcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ8L3NwYW54PiBmb3JtYXQgYXMgZGVm
aW5lZCBieQogICAgICAgICAgICA8eHJlZiB0YXJnZXQ9J1czQy5SRUMtaHRtbDQwMS0xOTk5MTIy
NCcgLz46CiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgPGxpc3Qgc3R5
bGU9J2hhbmdpbmcnIGhhbmdJbmRlbnQ9JzYnPgogICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdy
ZXNwb25zZV90eXBlJz4KICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAg
IFJFUVVJUkVELiBWYWx1ZSBNVVNUIGJlIHNldCB0byA8c3Bhbnggc3R5bGU9J3ZlcmInPmNvZGU8
L3NwYW54Pi4KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J2Ns
aWVudF9pZCc+CiAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICBSRVFV
SVJFRC4gVGhlIGNsaWVudCBpZGVudGlmaWVyIGFzIGRlc2NyaWJlZCBpbgogICAgICAgICAgICAg
ICAgPHhyZWYgdGFyZ2V0PSdjbGllbnQtaWRlbnRpZmllcicgLz4uCiAgICAgICAgICAgICAgPC90
PgogICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdyZWRpcmVjdF91cmknPgogICAgICAgICAgICAg
ICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAgT1BUSU9OQUwuIEFzIGRlc2NyaWJlZCBpbiA8
eHJlZiB0YXJnZXQ9J3JlZGlyZWN0LXVyaScgLz4uCiAgICAgICAgICAgICAgPC90PgogICAgICAg
ICAgICAgIDx0IGhhbmdUZXh0PSdzY29wZSc+CiAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAg
ICAgICAgICAgICAgICBPUFRJT05BTC4gVGhlIHNjb3BlIG9mIHRoZSBhY2Nlc3MgcmVxdWVzdCBh
cyBkZXNjcmliZWQgYnkgPHhyZWYgdGFyZ2V0PSdzY29wZScgLz4uCiAgICAgICAgICAgICAgPC90
PgogICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdzdGF0ZSc+CiAgICAgICAgICAgICAgICA8dnNw
YWNlIC8+CiAgICAgICAgICAgICAgICBSRUNPTU1FTkRFRC4gQW4gb3BhcXVlIHZhbHVlIHVzZWQg
YnkgdGhlIGNsaWVudCB0byBtYWludGFpbiBzdGF0ZSBiZXR3ZWVuIHRoZSByZXF1ZXN0CiAgICAg
ICAgICAgICAgICBhbmQgY2FsbGJhY2suIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBpbmNsdWRl
cyB0aGlzIHZhbHVlIHdoZW4gcmVkaXJlY3RpbmcgdGhlCiAgICAgICAgICAgICAgICB1c2VyLWFn
ZW50IGJhY2sgdG8gdGhlIGNsaWVudC4gVGhlIHBhcmFtZXRlciBTSE9VTEQgYmUgdXNlZCBmb3Ig
cHJldmVudGluZwogICAgICAgICAgICAgICAgY3Jvc3Mtc2l0ZSByZXF1ZXN0IGZvcmdlcnkgYXMg
ZGVzY3JpYmVkIGluIDx4cmVmIHRhcmdldD0nQ1NSRicgLz4uCiAgICAgICAgICAgICAgPC90Pgog
ICAgICAgICAgICA8L2xpc3Q+CiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAgICAgICAg
ICAgVGhlIGNsaWVudCBkaXJlY3RzIHRoZSByZXNvdXJjZSBvd25lciB0byB0aGUgY29uc3RydWN0
ZWQgVVJJIHVzaW5nIGFuIEhUVFAgcmVkaXJlY3Rpb24KICAgICAgICAgICAgcmVzcG9uc2UsIG9y
IGJ5IG90aGVyIG1lYW5zIGF2YWlsYWJsZSB0byBpdCB2aWEgdGhlIHVzZXItYWdlbnQuCiAgICAg
ICAgICA8L3Q+CiAgICAgICAgICA8ZmlndXJlPgogICAgICAgICAgICA8cHJlYW1ibGU+CiAgICAg
ICAgICAgICAgRm9yIGV4YW1wbGUsIHRoZSBjbGllbnQgZGlyZWN0cyB0aGUgdXNlci1hZ2VudCB0
byBtYWtlIHRoZSBmb2xsb3dpbmcgSFRUUCByZXF1ZXN0CiAgICAgICAgICAgICAgdXNpbmcgVExT
IChleHRyYSBsaW5lIGJyZWFrcyBhcmUgZm9yIGRpc3BsYXkgcHVycG9zZXMgb25seSk6CiAgICAg
ICAgICAgIDwvcHJlYW1ibGU+CiAgICAgICAgICAgIDxhcnR3b3JrPgogICAgICAgICAgICAgIDwh
W0NEQVRBWwogIEdFVCAvYXV0aG9yaXplP3Jlc3BvbnNlX3R5cGU9Y29kZSZjbGllbnRfaWQ9czZC
aGRSa3F0MyZzdGF0ZT14eXoKICAgICAgJnJlZGlyZWN0X3VyaT1odHRwcyUzQSUyRiUyRmNsaWVu
dCUyRWV4YW1wbGUlMkVjb20lMkZjYiBIVFRQLzEuMQogIEhvc3Q6IHNlcnZlci5leGFtcGxlLmNv
bQpdXT4KICAgICAgICAgICAgPC9hcnR3b3JrPgogICAgICAgICAgPC9maWd1cmU+CiAgICAgICAg
ICA8dD4KICAgICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHZhbGlkYXRlcyB0aGUg
cmVxdWVzdCB0byBlbnN1cmUgYWxsIHJlcXVpcmVkIHBhcmFtZXRlcnMgYXJlCiAgICAgICAgICAg
IHByZXNlbnQgYW5kIHZhbGlkLiBJZiB0aGUgcmVxdWVzdCBpcyB2YWxpZCwgdGhlIGF1dGhvcml6
YXRpb24gc2VydmVyIGF1dGhlbnRpY2F0ZXMgdGhlCiAgICAgICAgICAgIHJlc291cmNlIG93bmVy
IGFuZCBvYnRhaW5zIGFuIGF1dGhvcml6YXRpb24gZGVjaXNpb24gKGJ5IGFza2luZyB0aGUgcmVz
b3VyY2Ugb3duZXIgb3IKICAgICAgICAgICAgYnkgZXN0YWJsaXNoaW5nIGFwcHJvdmFsIHZpYSBv
dGhlciBtZWFucykuCiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgV2hl
biBhIGRlY2lzaW9uIGlzIGVzdGFibGlzaGVkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgZGly
ZWN0cyB0aGUgdXNlci1hZ2VudCB0byB0aGUKICAgICAgICAgICAgcHJvdmlkZWQgY2xpZW50IHJl
ZGlyZWN0aW9uIFVSSSB1c2luZyBhbiBIVFRQIHJlZGlyZWN0aW9uIHJlc3BvbnNlLCBvciBieSBv
dGhlciBtZWFucwogICAgICAgICAgICBhdmFpbGFibGUgdG8gaXQgdmlhIHRoZSB1c2VyLWFnZW50
LgogICAgICAgICAgPC90PgogICAgICAgIDwvc2VjdGlvbj4KCiAgICAgICAgPHNlY3Rpb24gdGl0
bGU9J0F1dGhvcml6YXRpb24gUmVzcG9uc2UnPgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIElm
IHRoZSByZXNvdXJjZSBvd25lciBncmFudHMgdGhlIGFjY2VzcyByZXF1ZXN0LCB0aGUgYXV0aG9y
aXphdGlvbiBzZXJ2ZXIgaXNzdWVzIGFuCiAgICAgICAgICAgIGF1dGhvcml6YXRpb24gY29kZSBh
bmQgZGVsaXZlcnMgaXQgdG8gdGhlIGNsaWVudCBieSBhZGRpbmcgdGhlIGZvbGxvd2luZyBwYXJh
bWV0ZXJzIHRvCiAgICAgICAgICAgIHRoZSBxdWVyeSBjb21wb25lbnQgb2YgdGhlIHJlZGlyZWN0
aW9uIFVSSSB1c2luZyB0aGUKICAgICAgICAgICAgPHNwYW54IHN0eWxlPSd2ZXJiJz5hcHBsaWNh
dGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ8L3NwYW54PiBmb3JtYXQ6CiAgICAgICAgICA8L3Q+
CiAgICAgICAgICA8dD4KICAgICAgICAgICAgPGxpc3Qgc3R5bGU9J2hhbmdpbmcnIGhhbmdJbmRl
bnQ9JzYnPgogICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdjb2RlJz4KICAgICAgICAgICAgICAg
IDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgIFJFUVVJUkVELiBUaGUgYXV0aG9yaXphdGlvbiBj
b2RlIGdlbmVyYXRlZCBieSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuIFRoZQogICAgICAgICAg
ICAgICAgYXV0aG9yaXphdGlvbiBjb2RlIE1VU1QgZXhwaXJlIHNob3J0bHkgYWZ0ZXIgaXQgaXMg
aXNzdWVkIHRvIG1pdGlnYXRlIHRoZSByaXNrIG9mCiAgICAgICAgICAgICAgICBsZWFrcy4gQSBt
YXhpbXVtIGF1dGhvcml6YXRpb24gY29kZSBsaWZldGltZSBvZiAxMCBtaW51dGVzIGlzIFJFQ09N
TUVOREVELiBUaGUKICAgICAgICAgICAgICAgIGNsaWVudCBNVVNUIE5PVCB1c2UgdGhlIGF1dGhv
cml6YXRpb24gY29kZSBtb3JlIHRoYW4gb25jZS4gSWYgYW4gYXV0aG9yaXphdGlvbiBjb2RlCiAg
ICAgICAgICAgICAgICBpcyB1c2VkIG1vcmUgdGhhbiBvbmNlLCB0aGUgYXV0aG9yaXphdGlvbiBz
ZXJ2ZXIgTVVTVCBkZW55IHRoZSByZXF1ZXN0IGFuZCBTSE9VTEQKICAgICAgICAgICAgICAgIHJl
dm9rZSAod2hlbiBwb3NzaWJsZSkgYWxsIHRva2VucyBwcmV2aW91c2x5IGlzc3VlZCBiYXNlZCBv
biB0aGF0IGF1dGhvcml6YXRpb24KICAgICAgICAgICAgICAgIGNvZGUuIFRoZSBhdXRob3JpemF0
aW9uIGNvZGUgaXMgYm91bmQgdG8gdGhlIGNsaWVudCBpZGVudGlmaWVyIGFuZCByZWRpcmVjdGlv
biBVUkkuCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdzdGF0
ZSc+CiAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICBSRVFVSVJFRCBp
ZiB0aGUgPHNwYW54IHN0eWxlPSd2ZXJiJz5zdGF0ZTwvc3Bhbng+IHBhcmFtZXRlciB3YXMgcHJl
c2VudCBpbiB0aGUKICAgICAgICAgICAgICAgIGNsaWVudCBhdXRob3JpemF0aW9uIHJlcXVlc3Qu
IFRoZSBleGFjdCB2YWx1ZSByZWNlaXZlZCBmcm9tIHRoZSBjbGllbnQuCiAgICAgICAgICAgICAg
PC90PgogICAgICAgICAgICA8L2xpc3Q+CiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8ZmlndXJl
PgogICAgICAgICAgICA8cHJlYW1ibGU+CiAgICAgICAgICAgICAgRm9yIGV4YW1wbGUsIHRoZSBh
dXRob3JpemF0aW9uIHNlcnZlciByZWRpcmVjdHMgdGhlIHVzZXItYWdlbnQgYnkgc2VuZGluZyB0
aGUKICAgICAgICAgICAgICBmb2xsb3dpbmcgSFRUUCByZXNwb25zZToKICAgICAgICAgICAgPC9w
cmVhbWJsZT4KICAgICAgICAgICAgPGFydHdvcms+CiAgICAgICAgICAgICAgPCFbQ0RBVEFbCiAg
SFRUUC8xLjEgMzAyIEZvdW5kCiAgTG9jYXRpb246IGh0dHBzOi8vY2xpZW50LmV4YW1wbGUuY29t
L2NiP2NvZGU9U3BseGxPQmVaUVFZYllTNld4U2JJQQogICAgICAgICAgICAmc3RhdGU9eHl6Cl1d
PgogICAgICAgICAgICA8L2FydHdvcms+CiAgICAgICAgICA8L2ZpZ3VyZT4KICAgICAgICAgIDx0
PgogICAgICAgICAgICBUaGUgY2xpZW50IE1VU1QgaWdub3JlIHVucmVjb2duaXplZCByZXNwb25z
ZSBwYXJhbWV0ZXJzLiBUaGUgYXV0aG9yaXphdGlvbiBjb2RlCiAgICAgICAgICAgIHN0cmluZyBz
aXplIGlzIGxlZnQgdW5kZWZpbmVkIGJ5IHRoaXMgc3BlY2lmaWNhdGlvbi4gVGhlIGNsaWVudCBz
aG91bGQgYXZvaWQgbWFraW5nCiAgICAgICAgICAgIGFzc3VtcHRpb25zIGFib3V0IGNvZGUgdmFs
dWUgc2l6ZXMuIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBTSE9VTEQgZG9jdW1lbnQgdGhlIHNp
emUKICAgICAgICAgICAgb2YgYW55IHZhbHVlIGl0IGlzc3Vlcy4KICAgICAgICAgIDwvdD4KCiAg
ICAgICAgICA8c2VjdGlvbiB0aXRsZT0nRXJyb3IgUmVzcG9uc2UnIGFuY2hvcj0nY29kZS1hdXRo
ei1lcnJvcic+CiAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgIElmIHRoZSByZXF1ZXN0IGZh
aWxzIGR1ZSB0byBhIG1pc3NpbmcsIGludmFsaWQsIG9yIG1pc21hdGNoaW5nIHJlZGlyZWN0aW9u
IFVSSSwgb3IgaWYKICAgICAgICAgICAgICB0aGUgY2xpZW50IGlkZW50aWZpZXIgaXMgbWlzc2lu
ZyBvciBpbnZhbGlkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgU0hPVUxEIGluZm9ybQogICAg
ICAgICAgICAgIHRoZSByZXNvdXJjZSBvd25lciBvZiB0aGUgZXJyb3IsIGFuZCBNVVNUIE5PVCBh
dXRvbWF0aWNhbGx5IHJlZGlyZWN0IHRoZSB1c2VyLWFnZW50CiAgICAgICAgICAgICAgdG8gdGhl
IGludmFsaWQgcmVkaXJlY3Rpb24gVVJJLgogICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDx0
PgogICAgICAgICAgICAgIElmIHRoZSByZXNvdXJjZSBvd25lciBkZW5pZXMgdGhlIGFjY2VzcyBy
ZXF1ZXN0IG9yIGlmIHRoZSByZXF1ZXN0IGZhaWxzIGZvciByZWFzb25zCiAgICAgICAgICAgICAg
b3RoZXIgdGhhbiBhIG1pc3Npbmcgb3IgaW52YWxpZCByZWRpcmVjdGlvbiBVUkksIHRoZSBhdXRo
b3JpemF0aW9uIHNlcnZlciBpbmZvcm1zIHRoZQogICAgICAgICAgICAgIGNsaWVudCBieSBhZGRp
bmcgdGhlIGZvbGxvd2luZyBwYXJhbWV0ZXJzIHRvIHRoZSBxdWVyeSBjb21wb25lbnQgb2YgdGhl
IHJlZGlyZWN0aW9uCiAgICAgICAgICAgICAgVVJJIHVzaW5nIHRoZSA8c3Bhbnggc3R5bGU9J3Zl
cmInPmFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZDwvc3Bhbng+IGZvcm1hdDoKICAg
ICAgICAgICAgPC90PgogICAgICAgICAgICA8dD4KICAgICAgICAgICAgICA8bGlzdCBzdHlsZT0n
aGFuZ2luZycgaGFuZ0luZGVudD0nNic+CiAgICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0nZXJy
b3InPgogICAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICAgIFJFUVVJ
UkVELiBBIHNpbmdsZSBBU0NJSSA8eHJlZiB0YXJnZXQ9IlVTQVNDSUkiIC8+IGVycm9yIGNvZGUg
ZnJvbSB0aGUgZm9sbG93aW5nOgoKICAgICAgICAgICAgICAgICAgPGxpc3Qgc3R5bGU9J2hhbmdp
bmcnIGhhbmdJbmRlbnQ9JzYnPgogICAgICAgICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdpbnZh
bGlkX3JlcXVlc3QnPgogICAgICAgICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAg
ICAgICAgICAgICAgVGhlIHJlcXVlc3QgaXMgbWlzc2luZyBhIHJlcXVpcmVkIHBhcmFtZXRlciwg
aW5jbHVkZXMgYW4gaW52YWxpZAogICAgICAgICAgICAgICAgICAgICAgcGFyYW1ldGVyIHZhbHVl
LCBpbmNsdWRlcyBhIHBhcmFtZXRlciBtb3JlIHRoYW4gb25jZSwgb3IgaXMgb3RoZXJ3aXNlCiAg
ICAgICAgICAgICAgICAgICAgICBtYWxmb3JtZWQuCiAgICAgICAgICAgICAgICAgICAgPC90Pgog
ICAgICAgICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSd1bmF1dGhvcml6ZWRfY2xpZW50Jz4KICAg
ICAgICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgICAgICAgIFRoZSBj
bGllbnQgaXMgbm90IGF1dGhvcml6ZWQgdG8gcmVxdWVzdCBhbiBhdXRob3JpemF0aW9uIGNvZGUg
dXNpbmcgdGhpcwogICAgICAgICAgICAgICAgICAgICAgbWV0aG9kLgogICAgICAgICAgICAgICAg
ICAgIDwvdD4KICAgICAgICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0nYWNjZXNzX2RlbmllZCc+
CiAgICAgICAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICAgICAgICBU
aGUgcmVzb3VyY2Ugb3duZXIgb3IgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgZGVuaWVkIHRoZSByZXF1
ZXN0LgogICAgICAgICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICAgICAgICA8dCBoYW5n
VGV4dD0ndW5zdXBwb3J0ZWRfcmVzcG9uc2VfdHlwZSc+CiAgICAgICAgICAgICAgICAgICAgICA8
dnNwYWNlIC8+CiAgICAgICAgICAgICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIg
ZG9lcyBub3Qgc3VwcG9ydCBvYnRhaW5pbmcgYW4gYXV0aG9yaXphdGlvbiBjb2RlCiAgICAgICAg
ICAgICAgICAgICAgICB1c2luZyB0aGlzIG1ldGhvZC4KICAgICAgICAgICAgICAgICAgICA8L3Q+
CiAgICAgICAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J2ludmFsaWRfc2NvcGUnPgogICAgICAg
ICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAgICAgICAgVGhlIHJlcXVl
c3RlZCBzY29wZSBpcyBpbnZhbGlkLCB1bmtub3duLCBvciBtYWxmb3JtZWQuCiAgICAgICAgICAg
ICAgICAgICAgPC90PgogICAgICAgICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdzZXJ2ZXJfZXJy
b3InPgogICAgICAgICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAgICAg
ICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGVuY291bnRlcmVkIGFuIHVuZXhwZWN0ZWQgY29u
ZGl0aW9uIHdoaWNoIHByZXZlbnRlZAogICAgICAgICAgICAgICAgICAgICAgaXQgZnJvbSBmdWxm
aWxsaW5nIHRoZSByZXF1ZXN0LgogICAgICAgICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAg
ICAgICAgICA8dCBoYW5nVGV4dD0ndGVtcG9yYXJpbHlfdW5hdmFpbGFibGUnPgogICAgICAgICAg
ICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAgICAgICAgVGhlIGF1dGhvcml6
YXRpb24gc2VydmVyIGlzIGN1cnJlbnRseSB1bmFibGUgdG8gaGFuZGxlIHRoZSByZXF1ZXN0IGR1
ZSB0byBhCiAgICAgICAgICAgICAgICAgICAgICB0ZW1wb3Jhcnkgb3ZlcmxvYWRpbmcgb3IgbWFp
bnRlbmFuY2Ugb2YgdGhlIHNlcnZlci4KICAgICAgICAgICAgICAgICAgICA8L3Q+CiAgICAgICAg
ICAgICAgICAgIDwvbGlzdD4KCgkJICBWYWx1ZXMgZm9yIHRoZSA8c3Bhbnggc3R5bGU9J3ZlcmIn
PmVycm9yPC9zcGFueD4gcGFyYW1ldGVyIE1VU1QgTk9UIGluY2x1ZGUKCQkgIGNoYXJhY3RlcnMg
b3V0c2lkZSB0aGUgc2V0ICV4MjAtMjEgLyAleDIzLTVCIC8gJXg1RC03RS4KICAgICAgICAgICAg
ICAgIDwvdD4KICAgICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdlcnJvcl9kZXNjcmlwdGlvbic+
CiAgICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgICAgT1BUSU9OQUwu
IEEgaHVtYW4tcmVhZGFibGUgQVNDSUkgPHhyZWYgdGFyZ2V0PSJVU0FTQ0lJIiAvPiB0ZXh0IHBy
b3ZpZGluZyBhZGRpdGlvbmFsIGluZm9ybWF0aW9uLAogICAgICAgICAgICAgICAgICB1c2VkIHRv
IGFzc2lzdCB0aGUgY2xpZW50IGRldmVsb3BlciBpbiB1bmRlcnN0YW5kaW5nIHRoZSBlcnJvciB0
aGF0IG9jY3VycmVkLgoJCSAgPHZzcGFjZS8+CgkJICBWYWx1ZXMgZm9yIHRoZSA8c3Bhbnggc3R5
bGU9J3ZlcmInPmVycm9yX2Rlc2NyaXB0aW9uPC9zcGFueD4gcGFyYW1ldGVyIE1VU1QgTk9UIGlu
Y2x1ZGUKCQkgIGNoYXJhY3RlcnMgb3V0c2lkZSB0aGUgc2V0ICV4MjAtMjEgLyAleDIzLTVCIC8g
JXg1RC03RS4KICAgICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICAgIDx0IGhhbmdUZXh0
PSdlcnJvcl91cmknPgogICAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAg
ICAgIE9QVElPTkFMLiBBIFVSSSBpZGVudGlmeWluZyBhIGh1bWFuLXJlYWRhYmxlIHdlYiBwYWdl
IHdpdGggaW5mb3JtYXRpb24gYWJvdXQgdGhlCiAgICAgICAgICAgICAgICAgIGVycm9yLCB1c2Vk
IHRvIHByb3ZpZGUgdGhlIGNsaWVudCBkZXZlbG9wZXIgd2l0aCBhZGRpdGlvbmFsIGluZm9ybWF0
aW9uIGFib3V0IHRoZQogICAgICAgICAgICAgICAgICBlcnJvci4KCQkgIDx2c3BhY2UvPgoJCSAg
VmFsdWVzIGZvciB0aGUgPHNwYW54IHN0eWxlPSd2ZXJiJz5lcnJvcl91cmk8L3NwYW54PiBwYXJh
bWV0ZXIKCQkgIE1VU1QgY29uZm9ybSB0byB0aGUgVVJJLVJlZmVyZW5jZSBzeW50YXgsIGFuZCB0
aHVzIE1VU1QgTk9UIGluY2x1ZGUKCQkgIGNoYXJhY3RlcnMgb3V0c2lkZSB0aGUgc2V0ICV4MjEg
LyAleDIzLTVCIC8gJXg1RC03RS4KICAgICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICAg
IDx0IGhhbmdUZXh0PSdzdGF0ZSc+CiAgICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAg
ICAgICAgICAgICAgUkVRVUlSRUQgaWYgYSA8c3Bhbnggc3R5bGU9J3ZlcmInPnN0YXRlPC9zcGFu
eD4gcGFyYW1ldGVyIHdhcyBwcmVzZW50IGluIHRoZQogICAgICAgICAgICAgICAgICBjbGllbnQg
YXV0aG9yaXphdGlvbiByZXF1ZXN0LiBUaGUgZXhhY3QgdmFsdWUgcmVjZWl2ZWQgZnJvbSB0aGUg
Y2xpZW50LgogICAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDwvbGlzdD4KICAgICAg
ICAgICAgPC90PgogICAgICAgICAgICA8ZmlndXJlPgogICAgICAgICAgICAgIDxwcmVhbWJsZT4K
ICAgICAgICAgICAgICAgIEZvciBleGFtcGxlLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgcmVk
aXJlY3RzIHRoZSB1c2VyLWFnZW50IGJ5IHNlbmRpbmcgdGhlCiAgICAgICAgICAgICAgICBmb2xs
b3dpbmcgSFRUUCByZXNwb25zZToKICAgICAgICAgICAgICA8L3ByZWFtYmxlPgogICAgICAgICAg
ICAgIDxhcnR3b3JrPgogICAgICAgICAgICAgICAgPCFbQ0RBVEFbCiAgSFRUUC8xLjEgMzAyIEZv
dW5kCiAgTG9jYXRpb246IGh0dHBzOi8vY2xpZW50LmV4YW1wbGUuY29tL2NiP2Vycm9yPWFjY2Vz
c19kZW5pZWQmc3RhdGU9eHl6Cl1dPgogICAgICAgICAgICAgIDwvYXJ0d29yaz4KICAgICAgICAg
ICAgPC9maWd1cmU+CiAgICAgICAgICA8L3NlY3Rpb24+CgogICAgICAgIDwvc2VjdGlvbj4KCiAg
ICAgICAgPHNlY3Rpb24gdGl0bGU9J0FjY2VzcyBUb2tlbiBSZXF1ZXN0Jz4KICAgICAgICAgIDx0
PgogICAgICAgICAgICBUaGUgY2xpZW50IG1ha2VzIGEgcmVxdWVzdCB0byB0aGUgdG9rZW4gZW5k
cG9pbnQgYnkgYWRkaW5nIHRoZSBmb2xsb3dpbmcgcGFyYW1ldGVycwogICAgICAgICAgICB1c2lu
ZyB0aGUgPHNwYW54IHN0eWxlPSd2ZXJiJz5hcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29k
ZWQ8L3NwYW54PiBmb3JtYXQgaW4gdGhlCiAgICAgICAgICAgIEhUVFAgcmVxdWVzdCBlbnRpdHkt
Ym9keToKICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAgICA8bGlzdCBzdHls
ZT0naGFuZ2luZycgaGFuZ0luZGVudD0nNic+CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J2dy
YW50X3R5cGUnPgogICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAgUkVR
VUlSRUQuIFZhbHVlIE1VU1QgYmUgc2V0IHRvIDxzcGFueCBzdHlsZT0ndmVyYic+YXV0aG9yaXph
dGlvbl9jb2RlPC9zcGFueD4uCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0IGhh
bmdUZXh0PSdjb2RlJz4KICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAg
IFJFUVVJUkVELiBUaGUgYXV0aG9yaXphdGlvbiBjb2RlIHJlY2VpdmVkIGZyb20gdGhlIGF1dGhv
cml6YXRpb24gc2VydmVyLgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dCBoYW5n
VGV4dD0ncmVkaXJlY3RfdXJpJz4KICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAg
ICAgICAgIFJFUVVJUkVELCBpZiB0aGUgPHNwYW54IHN0eWxlPSd2ZXJiJz5yZWRpcmVjdF91cmk8
L3NwYW54PiBwYXJhbWV0ZXIgd2FzIGluY2x1ZGVkIGluCiAgICAgICAgICAgICAgICB0aGUgYXV0
aG9yaXphdGlvbiByZXF1ZXN0IGFzIGRlc2NyaWJlZCBpbiA8eHJlZiB0YXJnZXQ9J2NvZGUtYXV0
aHotcmVxJyAvPiwgYW5kCiAgICAgICAgICAgICAgICB0aGVpciB2YWx1ZXMgTVVTVCBiZSBpZGVu
dGljYWwuCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8L2xpc3Q+CiAgICAgICAgICA8
L3Q+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgSWYgdGhlIGNsaWVudCB0eXBlIGlzIGNvbmZp
ZGVudGlhbCBvciB0aGUgY2xpZW50IHdhcyBpc3N1ZWQgY2xpZW50IGNyZWRlbnRpYWxzIChvcgog
ICAgICAgICAgICBhc3NpZ25lZCBvdGhlciBhdXRoZW50aWNhdGlvbiByZXF1aXJlbWVudHMpLCB0
aGUgY2xpZW50IE1VU1QgYXV0aGVudGljYXRlIHdpdGggdGhlCiAgICAgICAgICAgIGF1dGhvcml6
YXRpb24gc2VydmVyIGFzIGRlc2NyaWJlZCBpbiA8eHJlZiB0YXJnZXQ9J3Rva2VuLWVuZHBvaW50
LWF1dGgnIC8+LgogICAgICAgICAgPC90PgogICAgICAgICAgPGZpZ3VyZT4KICAgICAgICAgICAg
PHByZWFtYmxlPgogICAgICAgICAgICAgIEZvciBleGFtcGxlLCB0aGUgY2xpZW50IG1ha2VzIHRo
ZSBmb2xsb3dpbmcgSFRUUCByZXF1ZXN0IHVzaW5nIFRMUyAoZXh0cmEgbGluZSBicmVha3MKICAg
ICAgICAgICAgICBhcmUgZm9yIGRpc3BsYXkgcHVycG9zZXMgb25seSk6CiAgICAgICAgICAgIDwv
cHJlYW1ibGU+CiAgICAgICAgICAgIDxhcnR3b3JrPgogICAgICAgICAgICAgIDwhW0NEQVRBWwog
IFBPU1QgL3Rva2VuIEhUVFAvMS4xCiAgSG9zdDogc2VydmVyLmV4YW1wbGUuY29tCiAgQXV0aG9y
aXphdGlvbjogQmFzaWMgY3paQ2FHUlNhM0YwTXpwbldERm1RbUYwTTJKVwogIENvbnRlbnQtVHlw
ZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkO2NoYXJzZXQ9VVRGLTgKCiAgZ3Jh
bnRfdHlwZT1hdXRob3JpemF0aW9uX2NvZGUmY29kZT1TcGx4bE9CZVpRUVliWVM2V3hTYklBCiAg
JnJlZGlyZWN0X3VyaT1odHRwcyUzQSUyRiUyRmNsaWVudCUyRWV4YW1wbGUlMkVjb20lMkZjYgpd
XT4KICAgICAgICAgICAgPC9hcnR3b3JrPgogICAgICAgICAgPC9maWd1cmU+CiAgICAgICAgICA8
dD4KICAgICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1Q6CiAgICAgICAgICA8
L3Q+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgPGxpc3Qgc3R5bGU9J3N5bWJvbHMnPgogICAg
ICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgcmVxdWlyZSBjbGllbnQgYXV0aGVudGljYXRp
b24gZm9yIGNvbmZpZGVudGlhbCBjbGllbnRzIG9yIGZvciBhbnkgY2xpZW50IHRoYXQgd2FzCiAg
ICAgICAgICAgICAgICBpc3N1ZWQgY2xpZW50IGNyZWRlbnRpYWxzIChvciB3aXRoIG90aGVyIGF1
dGhlbnRpY2F0aW9uIHJlcXVpcmVtZW50cyksCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAg
ICAgIDx0PgogICAgICAgICAgICAgICAgYXV0aGVudGljYXRlIHRoZSBjbGllbnQgaWYgY2xpZW50
IGF1dGhlbnRpY2F0aW9uIGlzIGluY2x1ZGVkIGFuZCBlbnN1cmUgdGhlCiAgICAgICAgICAgICAg
ICBhdXRob3JpemF0aW9uIGNvZGUgd2FzIGlzc3VlZCB0byB0aGUgYXV0aGVudGljYXRlZCBjbGll
bnQsCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAg
dmVyaWZ5IHRoYXQgdGhlIGF1dGhvcml6YXRpb24gY29kZSBpcyB2YWxpZCwgYW5kCiAgICAgICAg
ICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgZW5zdXJlIHRoYXQg
dGhlIDxzcGFueCBzdHlsZT0ndmVyYic+cmVkaXJlY3RfdXJpPC9zcGFueD4gcGFyYW1ldGVyIGlz
IHByZXNlbnQgaWYKICAgICAgICAgICAgICAgIHRoZSA8c3Bhbnggc3R5bGU9J3ZlcmInPnJlZGly
ZWN0X3VyaTwvc3Bhbng+IHBhcmFtZXRlciB3YXMgaW5jbHVkZWQgaW4gdGhlIGluaXRpYWwKICAg
ICAgICAgICAgICAgIGF1dGhvcml6YXRpb24gcmVxdWVzdCBhcyBkZXNjcmliZWQgaW4gPHhyZWYg
dGFyZ2V0PSdjb2RlLWF1dGh6LXJlcScgLz4sIGFuZCBpZgogICAgICAgICAgICAgICAgaW5jbHVk
ZWQgZW5zdXJlIHRoZWlyIHZhbHVlcyBhcmUgaWRlbnRpY2FsLgogICAgICAgICAgICAgIDwvdD4K
ICAgICAgICAgICAgPC9saXN0PgogICAgICAgICAgPC90PgogICAgICAgIDwvc2VjdGlvbj4KCiAg
ICAgICAgPHNlY3Rpb24gdGl0bGU9J0FjY2VzcyBUb2tlbiBSZXNwb25zZSc+CiAgICAgICAgICA8
dD4KICAgICAgICAgICAgSWYgdGhlIGFjY2VzcyB0b2tlbiByZXF1ZXN0IGlzIHZhbGlkIGFuZCBh
dXRob3JpemVkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgaXNzdWVzIGFuCiAgICAgICAgICAg
IGFjY2VzcyB0b2tlbiBhbmQgb3B0aW9uYWwgcmVmcmVzaCB0b2tlbiBhcyBkZXNjcmliZWQgaW4g
PHhyZWYgdGFyZ2V0PSd0b2tlbi1yZXNwb25zZScgLz4uCiAgICAgICAgICAgIElmIHRoZSByZXF1
ZXN0IGNsaWVudCBhdXRoZW50aWNhdGlvbiBmYWlsZWQgb3IgaXMgaW52YWxpZCwgdGhlIGF1dGhv
cml6YXRpb24gc2VydmVyIHJldHVybnMKICAgICAgICAgICAgYW4gZXJyb3IgcmVzcG9uc2UgYXMg
ZGVzY3JpYmVkIGluIDx4cmVmIHRhcmdldD0ndG9rZW4tZXJyb3JzJyAvPi4KICAgICAgICAgIDwv
dD4KICAgICAgICAgIDxmaWd1cmU+CiAgICAgICAgICAgIDxwcmVhbWJsZT4KICAgICAgICAgICAg
ICBBbiBleGFtcGxlIHN1Y2Nlc3NmdWwgcmVzcG9uc2U6CiAgICAgICAgICAgIDwvcHJlYW1ibGU+
CiAgICAgICAgICAgIDxhcnR3b3JrPgogICAgICAgICAgICAgIDwhW0NEQVRBWwogIEhUVFAvMS4x
IDIwMCBPSwogIENvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vanNvbjtjaGFyc2V0PVVURi04CiAg
Q2FjaGUtQ29udHJvbDogbm8tc3RvcmUKICBQcmFnbWE6IG5vLWNhY2hlCgogIHsKICAgICJhY2Nl
c3NfdG9rZW4iOiIyWW90bkZaRkVqcjF6Q3NpY01XcEFBIiwKICAgICJ0b2tlbl90eXBlIjoiZXhh
bXBsZSIsCiAgICAiZXhwaXJlc19pbiI6MzYwMCwKICAgICJyZWZyZXNoX3Rva2VuIjoidEd6djNK
T2tGMFhHNVF4MlRsS1dJQSIsCiAgICAiZXhhbXBsZV9wYXJhbWV0ZXIiOiJleGFtcGxlX3ZhbHVl
IgogIH0KXV0+CiAgICAgICAgICAgIDwvYXJ0d29yaz4KICAgICAgICAgIDwvZmlndXJlPgogICAg
ICAgIDwvc2VjdGlvbj4KCiAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSdJ
bXBsaWNpdCBHcmFudCcgYW5jaG9yPSdncmFudC1pbXBsaWNpdCc+CiAgICAgICAgPHQ+CiAgICAg
ICAgICBUaGUgaW1wbGljaXQgZ3JhbnQgdHlwZSBpcyB1c2VkIHRvIG9idGFpbiBhY2Nlc3MgdG9r
ZW5zIChpdCBkb2VzIG5vdCBzdXBwb3J0IHRoZSBpc3N1YW5jZQogICAgICAgICAgb2YgcmVmcmVz
aCB0b2tlbnMpIGFuZCBpcyBvcHRpbWl6ZWQgZm9yIHB1YmxpYyBjbGllbnRzIGtub3duIHRvIG9w
ZXJhdGUgYSBwYXJ0aWN1bGFyCiAgICAgICAgICByZWRpcmVjdGlvbiBVUkkuIFRoZXNlIGNsaWVu
dHMgYXJlIHR5cGljYWxseSBpbXBsZW1lbnRlZCBpbiBhIGJyb3dzZXIgdXNpbmcgYSBzY3JpcHRp
bmcKICAgICAgICAgIGxhbmd1YWdlIHN1Y2ggYXMgSmF2YVNjcmlwdC4KICAgICAgICA8L3Q+CiAg
ICAgICAgPHQ+CiAgICAgICAgICBBcyBhIHJlZGlyZWN0aW9uLWJhc2VkIGZsb3csIHRoZSBjbGll
bnQgbXVzdCBiZSBjYXBhYmxlIG9mIGludGVyYWN0aW5nIHdpdGggdGhlCiAgICAgICAgICByZXNv
dXJjZSBvd25lcidzIHVzZXItYWdlbnQgKHR5cGljYWxseSBhIHdlYiBicm93c2VyKSBhbmQgY2Fw
YWJsZSBvZiByZWNlaXZpbmcgaW5jb21pbmcKICAgICAgICAgIHJlcXVlc3RzICh2aWEgcmVkaXJl
Y3Rpb24pIGZyb20gdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLgogICAgICAgIDwvdD4KICAgICAg
ICA8dD4KICAgICAgICAgIFVubGlrZSB0aGUgYXV0aG9yaXphdGlvbiBjb2RlIGdyYW50IHR5cGUg
aW4gd2hpY2ggdGhlIGNsaWVudCBtYWtlcyBzZXBhcmF0ZSByZXF1ZXN0cyBmb3IKICAgICAgICAg
IGF1dGhvcml6YXRpb24gYW5kIGFjY2VzcyB0b2tlbiwgdGhlIGNsaWVudCByZWNlaXZlcyB0aGUg
YWNjZXNzIHRva2VuIGFzIHRoZSByZXN1bHQgb2YgdGhlCiAgICAgICAgICBhdXRob3JpemF0aW9u
IHJlcXVlc3QuCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgVGhlIGltcGxpY2l0
IGdyYW50IHR5cGUgZG9lcyBub3QgaW5jbHVkZSBjbGllbnQgYXV0aGVudGljYXRpb24sIGFuZCBy
ZWxpZXMgb24gdGhlCiAgICAgICAgICBwcmVzZW5jZSBvZiB0aGUgcmVzb3VyY2Ugb3duZXIgYW5k
IHRoZSByZWdpc3RyYXRpb24gb2YgdGhlIHJlZGlyZWN0aW9uIFVSSS4gQmVjYXVzZSB0aGUKICAg
ICAgICAgIGFjY2VzcyB0b2tlbiBpcyBlbmNvZGVkIGludG8gdGhlIHJlZGlyZWN0aW9uIFVSSSwg
aXQgbWF5IGJlIGV4cG9zZWQgdG8gdGhlIHJlc291cmNlIG93bmVyCiAgICAgICAgICBhbmQgb3Ro
ZXIgYXBwbGljYXRpb25zIHJlc2lkaW5nIG9uIHRoZSBzYW1lIGRldmljZS4KICAgICAgICA8L3Q+
CiAgICAgICAgPGZpZ3VyZSB0aXRsZT0nSW1wbGljaXQgR3JhbnQgRmxvdycgYW5jaG9yPSdGaWd1
cmUtNCc+CiAgICAgICAgICA8YXJ0d29yaz4KICAgICAgICAgICAgPCFbQ0RBVEFbCiAgKy0tLS0t
LS0tLS0rCiAgfCBSZXNvdXJjZSB8CiAgfCAgT3duZXIgICB8CiAgfCAgICAgICAgICB8CiAgKy0t
LS0tLS0tLS0rCiAgICAgICBeCiAgICAgICB8CiAgICAgIChCKSAgICAgIAogICstLS0tfC0tLS0t
KyAgICAgICAgICBDbGllbnQgSWRlbnRpZmllciAgICAgKy0tLS0tLS0tLS0tLS0tLSsKICB8ICAg
ICAgICAgLSstLS0tKEEpLS0gJiBSZWRpcmVjdGlvbiBVUkkgLS0tPnwgICAgICAgICAgICAgICB8
CiAgfCAgVXNlci0gICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8IEF1dGhvcml6
YXRpb24gfAogIHwgIEFnZW50ICAtfC0tLS0oQiktLSBVc2VyIGF1dGhlbnRpY2F0ZXMgLS0+fCAg
ICAgU2VydmVyICAgIHwKICB8ICAgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgIHwgICAgICAgICAgICAgICB8CiAgfCAgICAgICAgICB8PC0tLShDKS0tLSBSZWRpcmVjdGlv
biBVUkkgLS0tLTx8ICAgICAgICAgICAgICAgfAogIHwgICAgICAgICAgfCAgICAgICAgICB3aXRo
IEFjY2VzcyBUb2tlbiAgICAgKy0tLS0tLS0tLS0tLS0tLSsKICB8ICAgICAgICAgIHwgICAgICAg
ICAgICBpbiBGcmFnbWVudAogIHwgICAgICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgKy0tLS0tLS0tLS0tLS0tLSsKICB8ICAgICAgICAgIHwtLS0tKEQpLS0tIFJlZGlyZWN0
aW9uIFVSSSAtLS0tPnwgICBXZWItSG9zdGVkICB8CiAgfCAgICAgICAgICB8ICAgICAgICAgIHdp
dGhvdXQgRnJhZ21lbnQgICAgICB8ICAgICBDbGllbnQgICAgfAogIHwgICAgICAgICAgfCAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgICBSZXNvdXJjZSAgIHwKICB8ICAgICAoRikg
IHw8LS0tKEUpLS0tLS0tLSBTY3JpcHQgLS0tLS0tLS0tPHwgICAgICAgICAgICAgICB8CiAgfCAg
ICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0t
KwogICstfC0tLS0tLS0tKwogICAgfCAgICB8ICAgIAogICAoQSkgIChHKSBBY2Nlc3MgVG9rZW4K
ICAgIHwgICAgfAogICAgXiAgICB2CiAgKy0tLS0tLS0tLSsKICB8ICAgICAgICAgfAogIHwgIENs
aWVudCB8CiAgfCAgICAgICAgIHwKICArLS0tLS0tLS0tKwpdXT4KICAgICAgICAgIDwvYXJ0d29y
az4KICAgICAgICAgIDxwb3N0YW1ibGU+CiAgICAgICAgICAgIE5vdGU6IFRoZSBsaW5lcyBpbGx1
c3RyYXRpbmcgc3RlcHMgQSBhbmQgQiBhcmUgYnJva2VuIGludG8gdHdvIHBhcnRzIGFzIHRoZXkg
cGFzcwogICAgICAgICAgICB0aHJvdWdoIHRoZSB1c2VyLWFnZW50LgogICAgICAgICAgPC9wb3N0
YW1ibGU+CiAgICAgICAgPC9maWd1cmU+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUgZmxvdyBp
bGx1c3RyYXRlZCBpbiA8eHJlZiB0YXJnZXQ9J0ZpZ3VyZS00JyAvPiBpbmNsdWRlcyB0aGUgZm9s
bG93aW5nIHN0ZXBzOgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIDxsaXN0IHN0
eWxlPSdmb3JtYXQgKCVDKSc+CiAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgIFRoZSBjbGll
bnQgaW5pdGlhdGVzIHRoZSBmbG93IGJ5IGRpcmVjdGluZyB0aGUgcmVzb3VyY2Ugb3duZXIncyB1
c2VyLWFnZW50IHRvIHRoZQogICAgICAgICAgICAgIGF1dGhvcml6YXRpb24gZW5kcG9pbnQuIFRo
ZSBjbGllbnQgaW5jbHVkZXMgaXRzIGNsaWVudCBpZGVudGlmaWVyLCByZXF1ZXN0ZWQKICAgICAg
ICAgICAgICBzY29wZSwgbG9jYWwgc3RhdGUsIGFuZCBhIHJlZGlyZWN0aW9uIFVSSSB0byB3aGlj
aCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgd2lsbCBzZW5kCiAgICAgICAgICAgICAgdGhlIHVz
ZXItYWdlbnQgYmFjayBvbmNlIGFjY2VzcyBpcyBncmFudGVkIChvciBkZW5pZWQpLgogICAgICAg
ICAgICA8L3Q+CiAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9u
IHNlcnZlciBhdXRoZW50aWNhdGVzIHRoZSByZXNvdXJjZSBvd25lciAodmlhIHRoZSB1c2VyLWFn
ZW50KSBhbmQKICAgICAgICAgICAgICBlc3RhYmxpc2hlcyB3aGV0aGVyIHRoZSByZXNvdXJjZSBv
d25lciBncmFudHMgb3IgZGVuaWVzIHRoZSBjbGllbnQncyBhY2Nlc3MgcmVxdWVzdC4KICAgICAg
ICAgICAgPC90PgogICAgICAgICAgICA8dD4KICAgICAgICAgICAgICBBc3N1bWluZyB0aGUgcmVz
b3VyY2Ugb3duZXIgZ3JhbnRzIGFjY2VzcywgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHJlZGly
ZWN0cyB0aGUKICAgICAgICAgICAgICB1c2VyLWFnZW50IGJhY2sgdG8gdGhlIGNsaWVudCB1c2lu
ZyB0aGUgcmVkaXJlY3Rpb24gVVJJIHByb3ZpZGVkIGVhcmxpZXIuIFRoZQogICAgICAgICAgICAg
IHJlZGlyZWN0aW9uIFVSSSBpbmNsdWRlcyB0aGUgYWNjZXNzIHRva2VuIGluIHRoZSBVUkkgZnJh
Z21lbnQuCiAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgVGhl
IHVzZXItYWdlbnQgZm9sbG93cyB0aGUgcmVkaXJlY3Rpb24gaW5zdHJ1Y3Rpb25zIGJ5IG1ha2lu
ZyBhIHJlcXVlc3QgdG8gdGhlCiAgICAgICAgICAgICAgd2ViLWhvc3RlZCBjbGllbnQgcmVzb3Vy
Y2UgKHdoaWNoIGRvZXMgbm90IGluY2x1ZGUgdGhlIGZyYWdtZW50IHBlcgogICAgICAgICAgICAg
IDx4cmVmIHRhcmdldD0nUkZDMjYxNicgLz4pLiBUaGUgdXNlci1hZ2VudCByZXRhaW5zIHRoZSBm
cmFnbWVudCBpbmZvcm1hdGlvbiBsb2NhbGx5LgogICAgICAgICAgICA8L3Q+CiAgICAgICAgICAg
IDx0PgogICAgICAgICAgICAgIFRoZSB3ZWItaG9zdGVkIGNsaWVudCByZXNvdXJjZSByZXR1cm5z
IGEgd2ViIHBhZ2UgKHR5cGljYWxseSBhbiBIVE1MIGRvY3VtZW50IHdpdGggYW4KICAgICAgICAg
ICAgICBlbWJlZGRlZCBzY3JpcHQpIGNhcGFibGUgb2YgYWNjZXNzaW5nIHRoZSBmdWxsIHJlZGly
ZWN0aW9uIFVSSSBpbmNsdWRpbmcgdGhlIGZyYWdtZW50CiAgICAgICAgICAgICAgcmV0YWluZWQg
YnkgdGhlIHVzZXItYWdlbnQsIGFuZCBleHRyYWN0aW5nIHRoZSBhY2Nlc3MgdG9rZW4gKGFuZCBv
dGhlciBwYXJhbWV0ZXJzKQogICAgICAgICAgICAgIGNvbnRhaW5lZCBpbiB0aGUgZnJhZ21lbnQu
CiAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgVGhlIHVzZXIt
YWdlbnQgZXhlY3V0ZXMgdGhlIHNjcmlwdCBwcm92aWRlZCBieSB0aGUgd2ViLWhvc3RlZCBjbGll
bnQgcmVzb3VyY2UKICAgICAgICAgICAgICBsb2NhbGx5LCB3aGljaCBleHRyYWN0cyB0aGUgYWNj
ZXNzIHRva2VuIGFuZCBwYXNzZXMgaXQgdG8gdGhlIGNsaWVudC4KICAgICAgICAgICAgPC90Pgog
ICAgICAgICAgPC9saXN0PgogICAgICAgIDwvdD4KCiAgICAgICAgPHNlY3Rpb24gdGl0bGU9J0F1
dGhvcml6YXRpb24gUmVxdWVzdCcgYW5jaG9yPSdpbXBsaWNpdC1hdXRoei1yZXEnPgogICAgICAg
ICAgPHQ+CiAgICAgICAgICAgIFRoZSBjbGllbnQgY29uc3RydWN0cyB0aGUgcmVxdWVzdCBVUkkg
YnkgYWRkaW5nIHRoZSBmb2xsb3dpbmcgcGFyYW1ldGVycyB0byB0aGUKICAgICAgICAgICAgcXVl
cnkgY29tcG9uZW50IG9mIHRoZSBhdXRob3JpemF0aW9uIGVuZHBvaW50IFVSSSB1c2luZyB0aGUK
ICAgICAgICAgICAgPHNwYW54IHN0eWxlPSd2ZXJiJz5hcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVy
bGVuY29kZWQ8L3NwYW54PiBmb3JtYXQ6CiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAg
ICAgICAgICAgPGxpc3Qgc3R5bGU9J2hhbmdpbmcnIGhhbmdJbmRlbnQ9JzYnPgogICAgICAgICAg
ICAgIDx0IGhhbmdUZXh0PSdyZXNwb25zZV90eXBlJz4KICAgICAgICAgICAgICAgIDx2c3BhY2Ug
Lz4KICAgICAgICAgICAgICAgIFJFUVVJUkVELiBWYWx1ZSBNVVNUIGJlIHNldCB0byA8c3Bhbngg
c3R5bGU9J3ZlcmInPnRva2VuPC9zcGFueD4uCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAg
ICAgIDx0IGhhbmdUZXh0PSdjbGllbnRfaWQnPgogICAgICAgICAgICAgICAgPHZzcGFjZSAvPgog
ICAgICAgICAgICAgICAgUkVRVUlSRUQuIFRoZSBjbGllbnQgaWRlbnRpZmllciBhcyBkZXNjcmli
ZWQgaW4KICAgICAgICAgICAgICAgIDx4cmVmIHRhcmdldD0nY2xpZW50LWlkZW50aWZpZXInIC8+
LgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0ncmVkaXJlY3Rf
dXJpJz4KICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgIE9QVElPTkFM
LiBBcyBkZXNjcmliZWQgaW4gPHhyZWYgdGFyZ2V0PSdyZWRpcmVjdC11cmknIC8+LgogICAgICAg
ICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0nc2NvcGUnPgogICAgICAgICAg
ICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAgT1BUSU9OQUwuIFRoZSBzY29wZSBvZiB0
aGUgYWNjZXNzIHJlcXVlc3QgYXMgZGVzY3JpYmVkIGJ5IDx4cmVmIHRhcmdldD0nc2NvcGUnIC8+
LgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0nc3RhdGUnPgog
ICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAgUkVDT01NRU5ERUQuIEFu
IG9wYXF1ZSB2YWx1ZSB1c2VkIGJ5IHRoZSBjbGllbnQgdG8gbWFpbnRhaW4gc3RhdGUgYmV0d2Vl
biB0aGUgcmVxdWVzdAogICAgICAgICAgICAgICAgYW5kIGNhbGxiYWNrLiBUaGUgYXV0aG9yaXph
dGlvbiBzZXJ2ZXIgaW5jbHVkZXMgdGhpcyB2YWx1ZSB3aGVuIHJlZGlyZWN0aW5nIHRoZQogICAg
ICAgICAgICAgICAgdXNlci1hZ2VudCBiYWNrIHRvIHRoZSBjbGllbnQuIFRoZSBwYXJhbWV0ZXIg
U0hPVUxEIGJlIHVzZWQgZm9yIHByZXZlbnRpbmcKICAgICAgICAgICAgICAgIGNyb3NzLXNpdGUg
cmVxdWVzdCBmb3JnZXJ5IGFzIGRlc2NyaWJlZCBpbiA8eHJlZiB0YXJnZXQ9J0NTUkYnIC8+Lgog
ICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPC9saXN0PgogICAgICAgICAgPC90PgogICAg
ICAgICAgPHQ+CiAgICAgICAgICAgIFRoZSBjbGllbnQgZGlyZWN0cyB0aGUgcmVzb3VyY2Ugb3du
ZXIgdG8gdGhlIGNvbnN0cnVjdGVkIFVSSSB1c2luZyBhbiBIVFRQIHJlZGlyZWN0aW9uCiAgICAg
ICAgICAgIHJlc3BvbnNlLCBvciBieSBvdGhlciBtZWFucyBhdmFpbGFibGUgdG8gaXQgdmlhIHRo
ZSB1c2VyLWFnZW50LgogICAgICAgICAgPC90PgogICAgICAgICAgPGZpZ3VyZT4KICAgICAgICAg
ICAgPHByZWFtYmxlPgogICAgICAgICAgICAgIEZvciBleGFtcGxlLCB0aGUgY2xpZW50IGRpcmVj
dHMgdGhlIHVzZXItYWdlbnQgdG8gbWFrZSB0aGUgZm9sbG93aW5nIEhUVFAgcmVxdWVzdAogICAg
ICAgICAgICAgIHVzaW5nIFRMUyAoZXh0cmEgbGluZSBicmVha3MgYXJlIGZvciBkaXNwbGF5IHB1
cnBvc2VzIG9ubHkpOgogICAgICAgICAgICA8L3ByZWFtYmxlPgogICAgICAgICAgICA8YXJ0d29y
az4KICAgICAgICAgICAgICA8IVtDREFUQVsKICBHRVQgL2F1dGhvcml6ZT9yZXNwb25zZV90eXBl
PXRva2VuJmNsaWVudF9pZD1zNkJoZFJrcXQzJnN0YXRlPXh5egogICAgICAmcmVkaXJlY3RfdXJp
PWh0dHBzJTNBJTJGJTJGY2xpZW50JTJFZXhhbXBsZSUyRWNvbSUyRmNiIEhUVFAvMS4xCiAgSG9z
dDogc2VydmVyLmV4YW1wbGUuY29tCl1dPgogICAgICAgICAgICA8L2FydHdvcms+CiAgICAgICAg
ICA8L2ZpZ3VyZT4KICAgICAgICAgIDx0PgogICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBz
ZXJ2ZXIgdmFsaWRhdGVzIHRoZSByZXF1ZXN0IHRvIGVuc3VyZSBhbGwgcmVxdWlyZWQgcGFyYW1l
dGVycyBhcmUKICAgICAgICAgICAgcHJlc2VudCBhbmQgdmFsaWQuIFRoZSBhdXRob3JpemF0aW9u
IHNlcnZlciBNVVNUIHZlcmlmeSB0aGF0IHRoZSByZWRpcmVjdGlvbiBVUkkgdG8gd2hpY2gKICAg
ICAgICAgICAgaXQgd2lsbCByZWRpcmVjdCB0aGUgYWNjZXNzIHRva2VuIG1hdGNoZXMgYSByZWRp
cmVjdGlvbiBVUkkgcmVnaXN0ZXJlZCBieSB0aGUgY2xpZW50IGFzCiAgICAgICAgICAgIGRlc2Ny
aWJlZCBpbiA8eHJlZiB0YXJnZXQ9J3JlZGlyZWN0LXVyaScgLz4uCiAgICAgICAgICA8L3Q+CiAg
ICAgICAgICA8dD4KICAgICAgICAgICAgSWYgdGhlIHJlcXVlc3QgaXMgdmFsaWQsIHRoZSBhdXRo
b3JpemF0aW9uIHNlcnZlciBhdXRoZW50aWNhdGVzIHRoZSByZXNvdXJjZSBvd25lciBhbmQKICAg
ICAgICAgICAgb2J0YWlucyBhbiBhdXRob3JpemF0aW9uIGRlY2lzaW9uIChieSBhc2tpbmcgdGhl
IHJlc291cmNlIG93bmVyIG9yIGJ5IGVzdGFibGlzaGluZwogICAgICAgICAgICBhcHByb3ZhbCB2
aWEgb3RoZXIgbWVhbnMpLgogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAg
IFdoZW4gYSBkZWNpc2lvbiBpcyBlc3RhYmxpc2hlZCwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVy
IGRpcmVjdHMgdGhlIHVzZXItYWdlbnQgdG8gdGhlCiAgICAgICAgICAgIHByb3ZpZGVkIGNsaWVu
dCByZWRpcmVjdGlvbiBVUkkgdXNpbmcgYW4gSFRUUCByZWRpcmVjdGlvbiByZXNwb25zZSwgb3Ig
Ynkgb3RoZXIgbWVhbnMKICAgICAgICAgICAgYXZhaWxhYmxlIHRvIGl0IHZpYSB0aGUgdXNlci1h
Z2VudC4KICAgICAgICAgIDwvdD4KICAgICAgICA8L3NlY3Rpb24+CgogICAgICAgIDxzZWN0aW9u
IHRpdGxlPSdBY2Nlc3MgVG9rZW4gUmVzcG9uc2UnPgogICAgICAgICAgPHQ+CiAgICAgICAgICAg
IElmIHRoZSByZXNvdXJjZSBvd25lciBncmFudHMgdGhlIGFjY2VzcyByZXF1ZXN0LCB0aGUgYXV0
aG9yaXphdGlvbiBzZXJ2ZXIgaXNzdWVzIGFuCiAgICAgICAgICAgIGFjY2VzcyB0b2tlbiBhbmQg
ZGVsaXZlcnMgaXQgdG8gdGhlIGNsaWVudCBieSBhZGRpbmcgdGhlIGZvbGxvd2luZyBwYXJhbWV0
ZXJzIHRvCiAgICAgICAgICAgIHRoZSBmcmFnbWVudCBjb21wb25lbnQgb2YgdGhlIHJlZGlyZWN0
aW9uIFVSSSB1c2luZyB0aGUKICAgICAgICAgICAgPHNwYW54IHN0eWxlPSd2ZXJiJz5hcHBsaWNh
dGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ8L3NwYW54PiBmb3JtYXQ6CiAgICAgICAgICA8L3Q+
CiAgICAgICAgICA8dD4KICAgICAgICAgICAgPGxpc3Qgc3R5bGU9J2hhbmdpbmcnIGhhbmdJbmRl
bnQ9JzYnPgogICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdhY2Nlc3NfdG9rZW4nPgogICAgICAg
ICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAgUkVRVUlSRUQuIFRoZSBhY2Nlc3Mg
dG9rZW4gaXNzdWVkIGJ5IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4KICAgICAgICAgICAgICA8
L3Q+CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J3Rva2VuX3R5cGUnPgogICAgICAgICAgICAg
ICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAgUkVRVUlSRUQuIFRoZSB0eXBlIG9mIHRoZSB0
b2tlbiBpc3N1ZWQgYXMgZGVzY3JpYmVkIGluCiAgICAgICAgICAgICAgICA8eHJlZiB0YXJnZXQ9
J3Rva2VuLXR5cGVzJyAvPi4gVmFsdWUgaXMgY2FzZSBpbnNlbnNpdGl2ZS4KICAgICAgICAgICAg
ICA8L3Q+CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J2V4cGlyZXNfaW4nPgogICAgICAgICAg
ICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAgUkVDT01NRU5ERUQuIFRoZSBsaWZldGlt
ZSBpbiBzZWNvbmRzIG9mIHRoZSBhY2Nlc3MgdG9rZW4uIEZvciBleGFtcGxlLCB0aGUgdmFsdWUK
ICAgICAgICAgICAgICAgIDxzcGFueCBzdHlsZT0ndmVyYic+MzYwMDwvc3Bhbng+IGRlbm90ZXMg
dGhhdCB0aGUgYWNjZXNzIHRva2VuIHdpbGwgZXhwaXJlIGluIG9uZQogICAgICAgICAgICAgICAg
aG91ciBmcm9tIHRoZSB0aW1lIHRoZSByZXNwb25zZSB3YXMgZ2VuZXJhdGVkLiBJZiBvbWl0dGVk
LCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIKICAgICAgICAgICAgICAgIFNIT1VMRCBwcm92aWRl
IHRoZSBleHBpcmF0aW9uIHRpbWUgdmlhIG90aGVyIG1lYW5zIG9yIGRvY3VtZW50IHRoZSBkZWZh
dWx0IHZhbHVlLgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0n
c2NvcGUnPgogICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAgT1BUSU9O
QUwsIGlmIGlkZW50aWNhbCB0byB0aGUgc2NvcGUgcmVxdWVzdGVkIGJ5IHRoZSBjbGllbnQsIG90
aGVyd2lzZSBSRVFVSVJFRC4gVGhlCiAgICAgICAgICAgICAgICBzY29wZSBvZiB0aGUgYWNjZXNz
IHRva2VuIGFzIGRlc2NyaWJlZCBieSA8eHJlZiB0YXJnZXQ9J3Njb3BlJyAvPi4KICAgICAgICAg
ICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J3N0YXRlJz4KICAgICAgICAgICAg
ICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgIFJFUVVJUkVEIGlmIHRoZSA8c3Bhbnggc3R5
bGU9J3ZlcmInPnN0YXRlPC9zcGFueD4gcGFyYW1ldGVyIHdhcyBwcmVzZW50IGluIHRoZQogICAg
ICAgICAgICAgICAgY2xpZW50IGF1dGhvcml6YXRpb24gcmVxdWVzdC4gVGhlIGV4YWN0IHZhbHVl
IHJlY2VpdmVkIGZyb20gdGhlIGNsaWVudC4KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAg
IDwvbGlzdD4KICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAgICBUaGUgYXV0
aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBOT1QgaXNzdWUgYSByZWZyZXNoIHRva2VuLgogICAgICAg
ICAgPC90PgogICAgICAgICAgPGZpZ3VyZT4KICAgICAgICAgICAgPHByZWFtYmxlPgogICAgICAg
ICAgICAgIEZvciBleGFtcGxlLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgcmVkaXJlY3RzIHRo
ZSB1c2VyLWFnZW50IGJ5IHNlbmRpbmcgdGhlCiAgICAgICAgICAgICAgZm9sbG93aW5nIEhUVFAg
cmVzcG9uc2UgKFVSSSBleHRyYSBsaW5lIGJyZWFrcyBhcmUgZm9yIGRpc3BsYXkgcHVycG9zZXMg
b25seSk6CiAgICAgICAgICAgIDwvcHJlYW1ibGU+CiAgICAgICAgICAgIDxhcnR3b3JrPgogICAg
ICAgICAgICAgIDwhW0NEQVRBWwogIEhUVFAvMS4xIDMwMiBGb3VuZAogIExvY2F0aW9uOiBodHRw
Oi8vZXhhbXBsZS5jb20vY2IjYWNjZXNzX3Rva2VuPTJZb3RuRlpGRWpyMXpDc2ljTVdwQUEKICAg
ICAgICAgICAgJnN0YXRlPXh5eiZ0b2tlbl90eXBlPWV4YW1wbGUmZXhwaXJlc19pbj0zNjAwCl1d
PgogICAgICAgICAgICA8L2FydHdvcms+CiAgICAgICAgICAgIDxwb3N0YW1ibGU+CiAgICAgICAg
ICAgICAgRGV2ZWxvcGVycyBzaG91bGQgbm90ZSB0aGF0IHNvbWUgdXNlci1hZ2VudHMgZG8gbm90
IHN1cHBvcnQgdGhlIGluY2x1c2lvbiBvZiBhCiAgICAgICAgICAgICAgZnJhZ21lbnQgY29tcG9u
ZW50IGluIHRoZSBIVFRQIDxzcGFueCBzdHlsZT0ndmVyYic+TG9jYXRpb248L3NwYW54PiByZXNw
b25zZSBoZWFkZXIKICAgICAgICAgICAgICBmaWVsZC4gU3VjaCBjbGllbnRzIHdpbGwgcmVxdWly
ZSB1c2luZyBvdGhlciBtZXRob2RzIGZvciByZWRpcmVjdGluZyB0aGUgY2xpZW50IHRoYW4KICAg
ICAgICAgICAgICBhIDN4eCByZWRpcmVjdGlvbiByZXNwb25zZS4gRm9yIGV4YW1wbGUsIHJldHVy
bmluZyBhbiBIVE1MIHBhZ2Ugd2hpY2ggaW5jbHVkZXMgYQogICAgICAgICAgICAgICdjb250aW51
ZScgYnV0dG9uIHdpdGggYW4gYWN0aW9uIGxpbmtlZCB0byB0aGUgcmVkaXJlY3Rpb24gVVJJLgog
ICAgICAgICAgICA8L3Bvc3RhbWJsZT4KICAgICAgICAgIDwvZmlndXJlPgogICAgICAgICAgPHQ+
CiAgICAgICAgICAgIFRoZSBjbGllbnQgTVVTVCBpZ25vcmUgdW5yZWNvZ25pemVkIHJlc3BvbnNl
IHBhcmFtZXRlcnMuIFRoZSBhY2Nlc3MgdG9rZW4gc3RyaW5nIHNpemUKICAgICAgICAgICAgaXMg
bGVmdCB1bmRlZmluZWQgYnkgdGhpcyBzcGVjaWZpY2F0aW9uLiBUaGUgY2xpZW50IHNob3VsZCBh
dm9pZCBtYWtpbmcgYXNzdW1wdGlvbnMKICAgICAgICAgICAgYWJvdXQgdmFsdWUgc2l6ZXMuIFRo
ZSBhdXRob3JpemF0aW9uIHNlcnZlciBTSE9VTEQgZG9jdW1lbnQgdGhlIHNpemUgb2YgYW55IHZh
bHVlIGl0CiAgICAgICAgICAgIGlzc3Vlcy4KICAgICAgICAgIDwvdD4KCiAgICAgICAgICA8c2Vj
dGlvbiB0aXRsZT0nRXJyb3IgUmVzcG9uc2UnIGFuY2hvcj0naW1wbGljaXQtYXV0aHotZXJyb3In
PgogICAgICAgICAgICA8dD4KICAgICAgICAgICAgICBJZiB0aGUgcmVxdWVzdCBmYWlscyBkdWUg
dG8gYSBtaXNzaW5nLCBpbnZhbGlkLCBvciBtaXNtYXRjaGluZyByZWRpcmVjdGlvbiBVUkksIG9y
IGlmCiAgICAgICAgICAgICAgdGhlIGNsaWVudCBpZGVudGlmaWVyIGlzIG1pc3Npbmcgb3IgaW52
YWxpZCwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCBpbmZvcm0KICAgICAgICAgICAg
ICB0aGUgcmVzb3VyY2Ugb3duZXIgb2YgdGhlIGVycm9yLCBhbmQgTVVTVCBOT1QgYXV0b21hdGlj
YWxseSByZWRpcmVjdCB0aGUgdXNlci1hZ2VudAogICAgICAgICAgICAgIHRvIHRoZSBpbnZhbGlk
IHJlZGlyZWN0aW9uIFVSSS4KICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8dD4KICAgICAg
ICAgICAgICBJZiB0aGUgcmVzb3VyY2Ugb3duZXIgZGVuaWVzIHRoZSBhY2Nlc3MgcmVxdWVzdCBv
ciBpZiB0aGUgcmVxdWVzdCBmYWlscyBmb3IgcmVhc29ucwogICAgICAgICAgICAgIG90aGVyIHRo
YW4gYSBtaXNzaW5nIG9yIGludmFsaWQgcmVkaXJlY3Rpb24gVVJJLCB0aGUgYXV0aG9yaXphdGlv
biBzZXJ2ZXIgaW5mb3JtcyB0aGUKICAgICAgICAgICAgICBjbGllbnQgYnkgYWRkaW5nIHRoZSBm
b2xsb3dpbmcgcGFyYW1ldGVycyB0byB0aGUgZnJhZ21lbnQgY29tcG9uZW50IG9mIHRoZQogICAg
ICAgICAgICAgIHJlZGlyZWN0aW9uIFVSSSB1c2luZyB0aGUKICAgICAgICAgICAgICA8c3Bhbngg
c3R5bGU9J3ZlcmInPmFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZDwvc3Bhbng+IGZv
cm1hdDoKICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8dD4KICAgICAgICAgICAgICA8bGlz
dCBzdHlsZT0naGFuZ2luZycgaGFuZ0luZGVudD0nNic+CiAgICAgICAgICAgICAgICA8dCBoYW5n
VGV4dD0nZXJyb3InPgogICAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAg
ICAgIFJFUVVJUkVELiBBIHNpbmdsZSBBU0NJSSA8eHJlZiB0YXJnZXQ9IlVTQVNDSUkiIC8+IGVy
cm9yIGNvZGUgZnJvbSB0aGUgZm9sbG93aW5nOgoKICAgICAgICAgICAgICAgICAgPGxpc3Qgc3R5
bGU9J2hhbmdpbmcnIGhhbmdJbmRlbnQ9JzYnPgogICAgICAgICAgICAgICAgICAgIDx0IGhhbmdU
ZXh0PSdpbnZhbGlkX3JlcXVlc3QnPgogICAgICAgICAgICAgICAgICAgICAgPHZzcGFjZSAvPgog
ICAgICAgICAgICAgICAgICAgICAgVGhlIHJlcXVlc3QgaXMgbWlzc2luZyBhIHJlcXVpcmVkIHBh
cmFtZXRlciwgaW5jbHVkZXMgYW4gaW52YWxpZAogICAgICAgICAgICAgICAgICAgICAgcGFyYW1l
dGVyIHZhbHVlLCBpbmNsdWRlcyBhIHBhcmFtZXRlciBtb3JlIHRoYW4gb25jZSwgb3IgaXMgb3Ro
ZXJ3aXNlIG1hbGZvcm1lZC4KICAgICAgICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAg
ICAgICAgPHQgaGFuZ1RleHQ9J3VuYXV0aG9yaXplZF9jbGllbnQnPgogICAgICAgICAgICAgICAg
ICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAgICAgICAgVGhlIGNsaWVudCBpcyBub3Qg
YXV0aG9yaXplZCB0byByZXF1ZXN0IGFuIGFjY2VzcyB0b2tlbiB1c2luZyB0aGlzIG1ldGhvZC4K
ICAgICAgICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9
J2FjY2Vzc19kZW5pZWQnPgogICAgICAgICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAg
ICAgICAgICAgICAgICAgVGhlIHJlc291cmNlIG93bmVyIG9yIGF1dGhvcml6YXRpb24gc2VydmVy
IGRlbmllZCB0aGUgcmVxdWVzdC4KICAgICAgICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAg
ICAgICAgICAgPHQgaGFuZ1RleHQ9J3Vuc3VwcG9ydGVkX3Jlc3BvbnNlX3R5cGUnPgogICAgICAg
ICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAgICAgICAgVGhlIGF1dGhv
cml6YXRpb24gc2VydmVyIGRvZXMgbm90IHN1cHBvcnQgb2J0YWluaW5nIGFuIGFjY2VzcyB0b2tl
biB1c2luZwogICAgICAgICAgICAgICAgICAgICAgdGhpcyBtZXRob2QuCiAgICAgICAgICAgICAg
ICAgICAgPC90PgogICAgICAgICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdpbnZhbGlkX3Njb3Bl
Jz4KICAgICAgICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgICAgICAg
IFRoZSByZXF1ZXN0ZWQgc2NvcGUgaXMgaW52YWxpZCwgdW5rbm93biwgb3IgbWFsZm9ybWVkLgog
ICAgICAgICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0n
c2VydmVyX2Vycm9yJz4KICAgICAgICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAg
ICAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBlbmNvdW50ZXJlZCBhbiB1bmV4
cGVjdGVkIGNvbmRpdGlvbiB3aGljaCBwcmV2ZW50ZWQKICAgICAgICAgICAgICAgICAgICAgIGl0
IGZyb20gZnVsZmlsbGluZyB0aGUgcmVxdWVzdC4KICAgICAgICAgICAgICAgICAgICA8L3Q+CiAg
ICAgICAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J3RlbXBvcmFyaWx5X3VuYXZhaWxhYmxlJz4K
ICAgICAgICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgICAgICAgIFRo
ZSBhdXRob3JpemF0aW9uIHNlcnZlciBpcyBjdXJyZW50bHkgdW5hYmxlIHRvIGhhbmRsZSB0aGUg
cmVxdWVzdCBkdWUgdG8gYQogICAgICAgICAgICAgICAgICAgICAgdGVtcG9yYXJ5IG92ZXJsb2Fk
aW5nIG9yIG1haW50ZW5hbmNlIG9mIHRoZSBzZXJ2ZXIuCiAgICAgICAgICAgICAgICAgICAgPC90
PgogICAgICAgICAgICAgICAgICA8L2xpc3Q+CgoJCSAgVmFsdWVzIGZvciB0aGUgPHNwYW54IHN0
eWxlPSd2ZXJiJz5lcnJvcjwvc3Bhbng+IHBhcmFtZXRlciBNVVNUIE5PVCBpbmNsdWRlCgkJICBj
aGFyYWN0ZXJzIG91dHNpZGUgdGhlIHNldCAleDIwLTIxIC8gJXgyMy01QiAvICV4NUQtN0UuCiAg
ICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0nZXJyb3JfZGVz
Y3JpcHRpb24nPgogICAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICAg
IE9QVElPTkFMLiBBIGh1bWFuLXJlYWRhYmxlIEFTQ0lJIDx4cmVmIHRhcmdldD0iVVNBU0NJSSIg
Lz4gdGV4dCBwcm92aWRpbmcgYWRkaXRpb25hbCBpbmZvcm1hdGlvbiwKICAgICAgICAgICAgICAg
ICAgdXNlZCB0byBhc3Npc3QgdGhlIGNsaWVudCBkZXZlbG9wZXIgaW4gdW5kZXJzdGFuZGluZyB0
aGUgZXJyb3IgdGhhdCBvY2N1cnJlZC4KCQkgIDx2c3BhY2UvPgoJCSAgVmFsdWVzIGZvciB0aGUg
PHNwYW54IHN0eWxlPSd2ZXJiJz5lcnJvcl9kZXNjcmlwdGlvbjwvc3Bhbng+IHBhcmFtZXRlciBN
VVNUIE5PVCBpbmNsdWRlCgkJICBjaGFyYWN0ZXJzIG91dHNpZGUgdGhlIHNldCAleDIwLTIxIC8g
JXgyMy01QiAvICV4NUQtN0UuCiAgICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgICA8
dCBoYW5nVGV4dD0nZXJyb3JfdXJpJz4KICAgICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAg
ICAgICAgICAgICAgICBPUFRJT05BTC4gQSBVUkkgaWRlbnRpZnlpbmcgYSBodW1hbi1yZWFkYWJs
ZSB3ZWIgcGFnZSB3aXRoIGluZm9ybWF0aW9uIGFib3V0IHRoZQogICAgICAgICAgICAgICAgICBl
cnJvciwgdXNlZCB0byBwcm92aWRlIHRoZSBjbGllbnQgZGV2ZWxvcGVyIHdpdGggYWRkaXRpb25h
bCBpbmZvcm1hdGlvbiBhYm91dCB0aGUKICAgICAgICAgICAgICAgICAgZXJyb3IuCgkJICA8dnNw
YWNlLz4KCQkgIFZhbHVlcyBmb3IgdGhlIDxzcGFueCBzdHlsZT0ndmVyYic+ZXJyb3JfdXJpPC9z
cGFueD4gcGFyYW1ldGVyCgkJICBNVVNUIGNvbmZvcm0gdG8gdGhlIFVSSS1SZWZlcmVuY2Ugc3lu
dGF4LCBhbmQgdGh1cyBNVVNUIE5PVCBpbmNsdWRlCgkJICBjaGFyYWN0ZXJzIG91dHNpZGUgdGhl
IHNldCAleDIxIC8gJXgyMy01QiAvICV4NUQtN0UuCiAgICAgICAgICAgICAgICA8L3Q+CiAgICAg
ICAgICAgICAgICA8dCBoYW5nVGV4dD0nc3RhdGUnPgogICAgICAgICAgICAgICAgICA8dnNwYWNl
IC8+CiAgICAgICAgICAgICAgICAgIFJFUVVJUkVEIGlmIGEgPHNwYW54IHN0eWxlPSd2ZXJiJz5z
dGF0ZTwvc3Bhbng+IHBhcmFtZXRlciB3YXMgcHJlc2VudCBpbiB0aGUKICAgICAgICAgICAgICAg
ICAgY2xpZW50IGF1dGhvcml6YXRpb24gcmVxdWVzdC4gVGhlIGV4YWN0IHZhbHVlIHJlY2VpdmVk
IGZyb20gdGhlIGNsaWVudC4KICAgICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8L2xp
c3Q+CiAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPGZpZ3VyZT4KICAgICAgICAgICAgICA8
cHJlYW1ibGU+CiAgICAgICAgICAgICAgICBGb3IgZXhhbXBsZSwgdGhlIGF1dGhvcml6YXRpb24g
c2VydmVyIHJlZGlyZWN0cyB0aGUgdXNlci1hZ2VudCBieSBzZW5kaW5nIHRoZQogICAgICAgICAg
ICAgICAgZm9sbG93aW5nIEhUVFAgcmVzcG9uc2U6CiAgICAgICAgICAgICAgPC9wcmVhbWJsZT4K
ICAgICAgICAgICAgICA8YXJ0d29yaz4KICAgICAgICAgICAgICAgIDwhW0NEQVRBWwogIEhUVFAv
MS4xIDMwMiBGb3VuZAogIExvY2F0aW9uOiBodHRwczovL2NsaWVudC5leGFtcGxlLmNvbS9jYiNl
cnJvcj1hY2Nlc3NfZGVuaWVkJnN0YXRlPXh5egpdXT4KICAgICAgICAgICAgICA8L2FydHdvcms+
CiAgICAgICAgICAgIDwvZmlndXJlPgogICAgICAgICAgPC9zZWN0aW9uPgoKICAgICAgICA8L3Nl
Y3Rpb24+CgogICAgICA8L3NlY3Rpb24+CgogICAgICA8c2VjdGlvbiB0aXRsZT0nUmVzb3VyY2Ug
T3duZXIgUGFzc3dvcmQgQ3JlZGVudGlhbHMgR3JhbnQnIGFuY2hvcj0nZ3JhbnQtcGFzc3dvcmQn
PgogICAgICAgIDx0PgogICAgICAgICAgVGhlIHJlc291cmNlIG93bmVyIHBhc3N3b3JkIGNyZWRl
bnRpYWxzIGdyYW50IHR5cGUgaXMgc3VpdGFibGUgaW4gY2FzZXMgd2hlcmUgdGhlCiAgICAgICAg
ICByZXNvdXJjZSBvd25lciBoYXMgYSB0cnVzdCByZWxhdGlvbnNoaXAgd2l0aCB0aGUgY2xpZW50
LCBzdWNoIGFzIHRoZSBkZXZpY2Ugb3BlcmF0aW5nCiAgICAgICAgICBzeXN0ZW0gb3IgYSBoaWdo
bHkgcHJpdmlsZWdlZCBhcHBsaWNhdGlvbi4gVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHNob3Vs
ZCB0YWtlIHNwZWNpYWwKICAgICAgICAgIGNhcmUgd2hlbiBlbmFibGluZyB0aGlzIGdyYW50IHR5
cGUsIGFuZCBvbmx5IGFsbG93IGl0IHdoZW4gb3RoZXIgZmxvd3MgYXJlIG5vdCB2aWFibGUuCiAg
ICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgVGhlIGdyYW50IHR5cGUgaXMgc3VpdGFi
bGUgZm9yIGNsaWVudHMgY2FwYWJsZSBvZiBvYnRhaW5pbmcgdGhlIHJlc291cmNlIG93bmVyJ3MK
ICAgICAgICAgIGNyZWRlbnRpYWxzICh1c2VybmFtZSBhbmQgcGFzc3dvcmQsIHR5cGljYWxseSB1
c2luZyBhbiBpbnRlcmFjdGl2ZSBmb3JtKS4gSXQgaXMgYWxzbyB1c2VkCiAgICAgICAgICB0byBt
aWdyYXRlIGV4aXN0aW5nIGNsaWVudHMgdXNpbmcgZGlyZWN0IGF1dGhlbnRpY2F0aW9uIHNjaGVt
ZXMgc3VjaCBhcyBIVFRQIEJhc2ljIG9yCiAgICAgICAgICBEaWdlc3QgYXV0aGVudGljYXRpb24g
dG8gT0F1dGggYnkgY29udmVydGluZyB0aGUgc3RvcmVkIGNyZWRlbnRpYWxzIHRvIGFuIGFjY2Vz
cyB0b2tlbi4KICAgICAgICA8L3Q+CiAgICAgICAgPGZpZ3VyZSB0aXRsZT0nUmVzb3VyY2UgT3du
ZXIgUGFzc3dvcmQgQ3JlZGVudGlhbHMgRmxvdycgYW5jaG9yPSdGaWd1cmUtNSc+CiAgICAgICAg
ICA8YXJ0d29yaz4KICAgICAgICAgICAgPCFbQ0RBVEFbCiAgKy0tLS0tLS0tLS0rCiAgfCBSZXNv
dXJjZSB8CiAgfCAgT3duZXIgICB8CiAgfCAgICAgICAgICB8CiAgKy0tLS0tLS0tLS0rCiAgICAg
ICB2CiAgICAgICB8ICAgIFJlc291cmNlIE93bmVyCiAgICAgIChBKSBQYXNzd29yZCBDcmVkZW50
aWFscwogICAgICAgfAogICAgICAgdgogICstLS0tLS0tLS0rICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICstLS0tLS0tLS0tLS0tLS0rCiAgfCAgICAgICAgIHw+LS0oQiktLS0tIFJl
c291cmNlIE93bmVyIC0tLS0tLS0+fCAgICAgICAgICAgICAgIHwKICB8ICAgICAgICAgfCAgICAg
ICAgIFBhc3N3b3JkIENyZWRlbnRpYWxzICAgICB8IEF1dGhvcml6YXRpb24gfAogIHwgQ2xpZW50
ICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgIFNlcnZlciAgICB8CiAg
fCAgICAgICAgIHw8LS0oQyktLS0tIEFjY2VzcyBUb2tlbiAtLS0tLS0tLS08fCAgICAgICAgICAg
ICAgIHwKICB8ICAgICAgICAgfCAgICAody8gT3B0aW9uYWwgUmVmcmVzaCBUb2tlbikgICB8ICAg
ICAgICAgICAgICAgfAogICstLS0tLS0tLS0rICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICstLS0tLS0tLS0tLS0tLS0rCl1dPgogICAgICAgICAgPC9hcnR3b3JrPgogICAgICAgIDwv
ZmlndXJlPgogICAgICAgIDx0PgogICAgICAgICAgVGhlIGZsb3cgaWxsdXN0cmF0ZWQgaW4gPHhy
ZWYgdGFyZ2V0PSdGaWd1cmUtNScgLz4gaW5jbHVkZXMgdGhlIGZvbGxvd2luZyBzdGVwczoKICAg
ICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICA8bGlzdCBzdHlsZT0nZm9ybWF0ICglQykn
PgogICAgICAgICAgICA8dD4KICAgICAgICAgICAgICBUaGUgcmVzb3VyY2Ugb3duZXIgcHJvdmlk
ZXMgdGhlIGNsaWVudCB3aXRoIGl0cyB1c2VybmFtZSBhbmQgcGFzc3dvcmQuCiAgICAgICAgICAg
IDwvdD4KICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgVGhlIGNsaWVudCByZXF1ZXN0cyBh
biBhY2Nlc3MgdG9rZW4gZnJvbSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIncyB0b2tlbiBlbmRw
b2ludCBieQogICAgICAgICAgICAgIGluY2x1ZGluZyB0aGUgY3JlZGVudGlhbHMgcmVjZWl2ZWQg
ZnJvbSB0aGUgcmVzb3VyY2Ugb3duZXIuIFdoZW4gbWFraW5nIHRoZSByZXF1ZXN0LAogICAgICAg
ICAgICAgIHRoZSBjbGllbnQgYXV0aGVudGljYXRlcyB3aXRoIHRoZSBhdXRob3JpemF0aW9uIHNl
cnZlci4KICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8dD4KICAgICAgICAgICAgICBUaGUg
YXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXV0aGVudGljYXRlcyB0aGUgY2xpZW50IGFuZCB2YWxpZGF0
ZXMgdGhlIHJlc291cmNlIG93bmVyCiAgICAgICAgICAgICAgY3JlZGVudGlhbHMsIGFuZCBpZiB2
YWxpZCBpc3N1ZXMgYW4gYWNjZXNzIHRva2VuLgogICAgICAgICAgICA8L3Q+CiAgICAgICAgICA8
L2xpc3Q+CiAgICAgICAgPC90PgoKICAgICAgICA8c2VjdGlvbiB0aXRsZT0nQXV0aG9yaXphdGlv
biBSZXF1ZXN0IGFuZCBSZXNwb25zZSc+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgVGhlIG1l
dGhvZCB0aHJvdWdoIHdoaWNoIHRoZSBjbGllbnQgb2J0YWlucyB0aGUgcmVzb3VyY2Ugb3duZXIg
Y3JlZGVudGlhbHMgaXMgYmV5b25kCiAgICAgICAgICAgIHRoZSBzY29wZSBvZiB0aGlzIHNwZWNp
ZmljYXRpb24uIFRoZSBjbGllbnQgTVVTVCBkaXNjYXJkIHRoZSBjcmVkZW50aWFscyBvbmNlIGFu
IGFjY2VzcwogICAgICAgICAgICB0b2tlbiBoYXMgYmVlbiBvYnRhaW5lZC4KICAgICAgICAgIDwv
dD4KICAgICAgICA8L3NlY3Rpb24+CgogICAgICAgIDxzZWN0aW9uIHRpdGxlPSdBY2Nlc3MgVG9r
ZW4gUmVxdWVzdCc+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgVGhlIGNsaWVudCBtYWtlcyBh
IHJlcXVlc3QgdG8gdGhlIHRva2VuIGVuZHBvaW50IGJ5IGFkZGluZyB0aGUgZm9sbG93aW5nIHBh
cmFtZXRlcnMKICAgICAgICAgICAgdXNpbmcgdGhlIDxzcGFueCBzdHlsZT0ndmVyYic+YXBwbGlj
YXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkPC9zcGFueD4gZm9ybWF0IGluIHRoZQogICAgICAg
ICAgICBIVFRQIHJlcXVlc3QgZW50aXR5LWJvZHk6CiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8
dD4KICAgICAgICAgICAgPGxpc3Qgc3R5bGU9J2hhbmdpbmcnIGhhbmdJbmRlbnQ9JzYnPgogICAg
ICAgICAgICAgIDx0IGhhbmdUZXh0PSdncmFudF90eXBlJz4KICAgICAgICAgICAgICAgIDx2c3Bh
Y2UgLz4KICAgICAgICAgICAgICAgIFJFUVVJUkVELiBWYWx1ZSBNVVNUIGJlIHNldCB0byA8c3Bh
bnggc3R5bGU9J3ZlcmInPnBhc3N3b3JkPC9zcGFueD4uCiAgICAgICAgICAgICAgPC90PgogICAg
ICAgICAgICAgIDx0IGhhbmdUZXh0PSd1c2VybmFtZSc+CiAgICAgICAgICAgICAgICA8dnNwYWNl
IC8+CiAgICAgICAgICAgICAgICBSRVFVSVJFRC4gVGhlIHJlc291cmNlIG93bmVyIHVzZXJuYW1l
LCBlbmNvZGVkIGFzIFVURi04LgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dCBo
YW5nVGV4dD0ncGFzc3dvcmQnPgogICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAg
ICAgICAgUkVRVUlSRUQuIFRoZSByZXNvdXJjZSBvd25lciBwYXNzd29yZCwgZW5jb2RlZCBhcyBV
VEYtOC4KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J3Njb3Bl
Jz4KICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgIE9QVElPTkFMLiBU
aGUgc2NvcGUgb2YgdGhlIGFjY2VzcyByZXF1ZXN0IGFzIGRlc2NyaWJlZCBieSA8eHJlZiB0YXJn
ZXQ9J3Njb3BlJyAvPi4KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDwvbGlzdD4KICAg
ICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAgICBJZiB0aGUgY2xpZW50IHR5cGUg
aXMgY29uZmlkZW50aWFsIG9yIHRoZSBjbGllbnQgd2FzIGlzc3VlZCBjbGllbnQgY3JlZGVudGlh
bHMgKG9yCiAgICAgICAgICAgIGFzc2lnbmVkIG90aGVyIGF1dGhlbnRpY2F0aW9uIHJlcXVpcmVt
ZW50cyksIHRoZSBjbGllbnQgTVVTVCBhdXRoZW50aWNhdGUgd2l0aCB0aGUKICAgICAgICAgICAg
YXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXMgZGVzY3JpYmVkIGluIDx4cmVmIHRhcmdldD0ndG9rZW4t
ZW5kcG9pbnQtYXV0aCcgLz4uCiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8ZmlndXJlPgogICAg
ICAgICAgICA8cHJlYW1ibGU+CiAgICAgICAgICAgICAgRm9yIGV4YW1wbGUsIHRoZSBjbGllbnQg
bWFrZXMgdGhlIGZvbGxvd2luZyBIVFRQIHJlcXVlc3QgdXNpbmcgdHJhbnNwb3J0LWxheWVyCiAg
ICAgICAgICAgICAgc2VjdXJpdHkgKGV4dHJhIGxpbmUgYnJlYWtzIGFyZSBmb3IgZGlzcGxheSBw
dXJwb3NlcyBvbmx5KToKICAgICAgICAgICAgPC9wcmVhbWJsZT4KICAgICAgICAgICAgPGFydHdv
cms+CiAgICAgICAgICAgICAgPCFbQ0RBVEFbCiAgUE9TVCAvdG9rZW4gSFRUUC8xLjEKICBIb3N0
OiBzZXJ2ZXIuZXhhbXBsZS5jb20KICBBdXRob3JpemF0aW9uOiBCYXNpYyBjelpDYUdSU2EzRjBN
enBuV0RGbVFtRjBNMkpXCiAgQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVy
bGVuY29kZWQ7Y2hhcnNldD1VVEYtOAogIAogIGdyYW50X3R5cGU9cGFzc3dvcmQmdXNlcm5hbWU9
am9obmRvZSZwYXNzd29yZD1BM2RkajN3Cl1dPgogICAgICAgICAgICA8L2FydHdvcms+CiAgICAg
ICAgICA8L2ZpZ3VyZT4KICAgICAgICAgIDx0PgogICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlv
biBzZXJ2ZXIgTVVTVDoKICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAgICA8
bGlzdCBzdHlsZT0nc3ltYm9scyc+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBy
ZXF1aXJlIGNsaWVudCBhdXRoZW50aWNhdGlvbiBmb3IgY29uZmlkZW50aWFsIGNsaWVudHMgb3Ig
Zm9yIGFueSBjbGllbnQgdGhhdCB3YXMKICAgICAgICAgICAgICAgIGlzc3VlZCBjbGllbnQgY3Jl
ZGVudGlhbHMgKG9yIHdpdGggb3RoZXIgYXV0aGVudGljYXRpb24gcmVxdWlyZW1lbnRzKSwKICAg
ICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBhdXRoZW50
aWNhdGUgdGhlIGNsaWVudCBpZiBjbGllbnQgYXV0aGVudGljYXRpb24gaXMgaW5jbHVkZWQsIGFu
ZAogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIHZh
bGlkYXRlIHRoZSByZXNvdXJjZSBvd25lciBwYXNzd29yZCBjcmVkZW50aWFscyB1c2luZyBpdHMg
ZXhpc3RpbmcgcGFzc3dvcmQKICAgICAgICAgICAgICAgIHZhbGlkYXRpb24gYWxnb3JpdGhtLgog
ICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPC9saXN0PgogICAgICAgICAgPC90PgogICAg
ICAgICAgPHQ+CiAgICAgICAgICAgIFNpbmNlIHRoaXMgYWNjZXNzIHRva2VuIHJlcXVlc3QgdXRp
bGl6ZXMgdGhlIHJlc291cmNlIG93bmVyJ3MgcGFzc3dvcmQsIHRoZQogICAgICAgICAgICBhdXRo
b3JpemF0aW9uIHNlcnZlciBNVVNUIHByb3RlY3QgdGhlIGVuZHBvaW50IGFnYWluc3QgYnJ1dGUg
Zm9yY2UgYXR0YWNrcyAoZS5nLiB1c2luZwogICAgICAgICAgICByYXRlLWxpbWl0YXRpb24gb3Ig
Z2VuZXJhdGluZyBhbGVydHMpLgogICAgICAgICAgPC90PgogICAgICAgIDwvc2VjdGlvbj4KCiAg
ICAgICAgPHNlY3Rpb24gdGl0bGU9J0FjY2VzcyBUb2tlbiBSZXNwb25zZSc+CiAgICAgICAgICA8
dD4KICAgICAgICAgICAgSWYgdGhlIGFjY2VzcyB0b2tlbiByZXF1ZXN0IGlzIHZhbGlkIGFuZCBh
dXRob3JpemVkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgaXNzdWVzIGFuCiAgICAgICAgICAg
IGFjY2VzcyB0b2tlbiBhbmQgb3B0aW9uYWwgcmVmcmVzaCB0b2tlbiBhcyBkZXNjcmliZWQgaW4g
PHhyZWYgdGFyZ2V0PSd0b2tlbi1yZXNwb25zZScgLz4uCiAgICAgICAgICAgIElmIHRoZSByZXF1
ZXN0IGZhaWxlZCBjbGllbnQgYXV0aGVudGljYXRpb24gb3IgaXMgaW52YWxpZCwgdGhlIGF1dGhv
cml6YXRpb24gc2VydmVyIHJldHVybnMKICAgICAgICAgICAgYW4gZXJyb3IgcmVzcG9uc2UgYXMg
ZGVzY3JpYmVkIGluIDx4cmVmIHRhcmdldD0ndG9rZW4tZXJyb3JzJyAvPi4KICAgICAgICAgIDwv
dD4KICAgICAgICAgIDxmaWd1cmU+CiAgICAgICAgICAgIDxwcmVhbWJsZT4KICAgICAgICAgICAg
ICBBbiBleGFtcGxlIHN1Y2Nlc3NmdWwgcmVzcG9uc2U6CiAgICAgICAgICAgIDwvcHJlYW1ibGU+
CiAgICAgICAgICAgIDxhcnR3b3JrPgogICAgICAgICAgICAgIDwhW0NEQVRBWwogIEhUVFAvMS4x
IDIwMCBPSwogIENvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vanNvbjtjaGFyc2V0PVVURi04CiAg
Q2FjaGUtQ29udHJvbDogbm8tc3RvcmUKICBQcmFnbWE6IG5vLWNhY2hlCgogIHsKICAgICJhY2Nl
c3NfdG9rZW4iOiIyWW90bkZaRkVqcjF6Q3NpY01XcEFBIiwKICAgICJ0b2tlbl90eXBlIjoiZXhh
bXBsZSIsCiAgICAiZXhwaXJlc19pbiI6MzYwMCwKICAgICJyZWZyZXNoX3Rva2VuIjoidEd6djNK
T2tGMFhHNVF4MlRsS1dJQSIsCiAgICAiZXhhbXBsZV9wYXJhbWV0ZXIiOiJleGFtcGxlX3ZhbHVl
IgogIH0KXV0+CiAgICAgICAgICAgIDwvYXJ0d29yaz4KICAgICAgICAgIDwvZmlndXJlPgogICAg
ICAgIDwvc2VjdGlvbj4KCiAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSdD
bGllbnQgQ3JlZGVudGlhbHMgR3JhbnQnIGFuY2hvcj0nZ3JhbnQtY2xpZW50Jz4KICAgICAgICA8
dD4KICAgICAgICAgIFRoZSBjbGllbnQgY2FuIHJlcXVlc3QgYW4gYWNjZXNzIHRva2VuIHVzaW5n
IG9ubHkgaXRzIGNsaWVudCBjcmVkZW50aWFscyAob3Igb3RoZXIKICAgICAgICAgIHN1cHBvcnRl
ZCBtZWFucyBvZiBhdXRoZW50aWNhdGlvbikgd2hlbiB0aGUgY2xpZW50IGlzIHJlcXVlc3Rpbmcg
YWNjZXNzIHRvIHRoZQogICAgICAgICAgcHJvdGVjdGVkIHJlc291cmNlcyB1bmRlciBpdHMgY29u
dHJvbCwgb3IgdGhvc2Ugb2YgYW5vdGhlciByZXNvdXJjZSBvd25lciB3aGljaCBoYXMgYmVlbgog
ICAgICAgICAgcHJldmlvdXNseSBhcnJhbmdlZCB3aXRoIHRoZSBhdXRob3JpemF0aW9uIHNlcnZl
ciAodGhlIG1ldGhvZCBvZiB3aGljaCBpcyBiZXlvbmQgdGhlCiAgICAgICAgICBzY29wZSBvZiB0
aGlzIHNwZWNpZmljYXRpb24pLgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIFRo
ZSBjbGllbnQgY3JlZGVudGlhbHMgZ3JhbnQgdHlwZSBNVVNUIG9ubHkgYmUgdXNlZCBieSBjb25m
aWRlbnRpYWwgY2xpZW50cy4KICAgICAgICA8L3Q+CiAgICAgICAgPGZpZ3VyZSB0aXRsZT0nQ2xp
ZW50IENyZWRlbnRpYWxzIEZsb3cnIGFuY2hvcj0nRmlndXJlLTYnPgogICAgICAgICAgPGFydHdv
cms+CiAgICAgICAgICAgIDwhW0NEQVRBWwogICstLS0tLS0tLS0rICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICstLS0tLS0tLS0tLS0tLS0rCiAgfCAgICAgICAgIHwgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgfCAgICAgICAgICAgICAgIHwKICB8ICAgICAgICAgfD4t
LShBKS0gQ2xpZW50IEF1dGhlbnRpY2F0aW9uIC0tLT58IEF1dGhvcml6YXRpb24gfAogIHwgQ2xp
ZW50ICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgIFNlcnZlciAgICB8
CiAgfCAgICAgICAgIHw8LS0oQiktLS0tIEFjY2VzcyBUb2tlbiAtLS0tLS0tLS08fCAgICAgICAg
ICAgICAgIHwKICB8ICAgICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8
ICAgICAgICAgICAgICAgfAogICstLS0tLS0tLS0rICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICstLS0tLS0tLS0tLS0tLS0rCl1dPgogICAgICAgICAgPC9hcnR3b3JrPgogICAgICAg
IDwvZmlndXJlPgogICAgICAgIDx0PgogICAgICAgICAgVGhlIGZsb3cgaWxsdXN0cmF0ZWQgaW4g
PHhyZWYgdGFyZ2V0PSdGaWd1cmUtNicgLz4gaW5jbHVkZXMgdGhlIGZvbGxvd2luZyBzdGVwczoK
ICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICA8bGlzdCBzdHlsZT0nZm9ybWF0ICgl
QyknPgogICAgICAgICAgICA8dD4KICAgICAgICAgICAgICBUaGUgY2xpZW50IGF1dGhlbnRpY2F0
ZXMgd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYW5kIHJlcXVlc3RzIGFuIGFjY2VzcyB0
b2tlbgogICAgICAgICAgICAgIGZyb20gdGhlIHRva2VuIGVuZHBvaW50LgogICAgICAgICAgICA8
L3Q+CiAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZl
ciBhdXRoZW50aWNhdGVzIHRoZSBjbGllbnQsIGFuZCBpZiB2YWxpZCBpc3N1ZXMgYW4gYWNjZXNz
CiAgICAgICAgICAgICAgdG9rZW4uCiAgICAgICAgICAgIDwvdD4KICAgICAgICAgIDwvbGlzdD4K
ICAgICAgICA8L3Q+CgogICAgICAgIDxzZWN0aW9uIHRpdGxlPSdBdXRob3JpemF0aW9uIFJlcXVl
c3QgYW5kIFJlc3BvbnNlJz4KICAgICAgICAgIDx0PgogICAgICAgICAgICBTaW5jZSB0aGUgY2xp
ZW50IGF1dGhlbnRpY2F0aW9uIGlzIHVzZWQgYXMgdGhlIGF1dGhvcml6YXRpb24gZ3JhbnQsIG5v
IGFkZGl0aW9uYWwKICAgICAgICAgICAgYXV0aG9yaXphdGlvbiByZXF1ZXN0IGlzIG5lZWRlZC4K
ICAgICAgICAgIDwvdD4KICAgICAgICA8L3NlY3Rpb24+CgogICAgICAgIDxzZWN0aW9uIHRpdGxl
PSdBY2Nlc3MgVG9rZW4gUmVxdWVzdCc+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgVGhlIGNs
aWVudCBtYWtlcyBhIHJlcXVlc3QgdG8gdGhlIHRva2VuIGVuZHBvaW50IGJ5IGFkZGluZyB0aGUg
Zm9sbG93aW5nIHBhcmFtZXRlcnMKICAgICAgICAgICAgdXNpbmcgdGhlIDxzcGFueCBzdHlsZT0n
dmVyYic+YXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkPC9zcGFueD4gZm9ybWF0IGlu
IHRoZQogICAgICAgICAgICBIVFRQIHJlcXVlc3QgZW50aXR5LWJvZHk6CiAgICAgICAgICA8L3Q+
CiAgICAgICAgICA8dD4KICAgICAgICAgICAgPGxpc3Qgc3R5bGU9J2hhbmdpbmcnIGhhbmdJbmRl
bnQ9JzYnPgogICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdncmFudF90eXBlJz4KICAgICAgICAg
ICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgIFJFUVVJUkVELiBWYWx1ZSBNVVNUIGJl
IHNldCB0byA8c3Bhbnggc3R5bGU9J3ZlcmInPmNsaWVudF9jcmVkZW50aWFsczwvc3Bhbng+Lgog
ICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0nc2NvcGUnPgogICAg
ICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAgT1BUSU9OQUwuIFRoZSBzY29w
ZSBvZiB0aGUgYWNjZXNzIHJlcXVlc3QgYXMgZGVzY3JpYmVkIGJ5IDx4cmVmIHRhcmdldD0nc2Nv
cGUnIC8+LgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPC9saXN0PgogICAgICAgICAg
PC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIFRoZSBjbGllbnQgTVVTVCBhdXRoZW50aWNh
dGUgd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXMgZGVzY3JpYmVkIGluCiAgICAgICAg
ICAgIDx4cmVmIHRhcmdldD0ndG9rZW4tZW5kcG9pbnQtYXV0aCcgLz4uCiAgICAgICAgICA8L3Q+
CiAgICAgICAgICA8ZmlndXJlPgogICAgICAgICAgICA8cHJlYW1ibGU+CiAgICAgICAgICAgICAg
Rm9yIGV4YW1wbGUsIHRoZSBjbGllbnQgbWFrZXMgdGhlIGZvbGxvd2luZyBIVFRQIHJlcXVlc3Qg
dXNpbmcgdHJhbnNwb3J0LWxheWVyCiAgICAgICAgICAgICAgc2VjdXJpdHkgKGV4dHJhIGxpbmUg
YnJlYWtzIGFyZSBmb3IgZGlzcGxheSBwdXJwb3NlcyBvbmx5KToKICAgICAgICAgICAgPC9wcmVh
bWJsZT4KICAgICAgICAgICAgPGFydHdvcms+CiAgICAgICAgICAgICAgPCFbQ0RBVEFbCiAgUE9T
VCAvdG9rZW4gSFRUUC8xLjEKICBIb3N0OiBzZXJ2ZXIuZXhhbXBsZS5jb20KICBBdXRob3JpemF0
aW9uOiBCYXNpYyBjelpDYUdSU2EzRjBNenBuV0RGbVFtRjBNMkpXCiAgQ29udGVudC1UeXBlOiBh
cHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ7Y2hhcnNldD1VVEYtOAogIAogIGdyYW50
X3R5cGU9Y2xpZW50X2NyZWRlbnRpYWxzCl1dPgogICAgICAgICAgICA8L2FydHdvcms+CiAgICAg
ICAgICA8L2ZpZ3VyZT4KICAgICAgICAgIDx0PgogICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlv
biBzZXJ2ZXIgTVVTVCBhdXRoZW50aWNhdGUgdGhlIGNsaWVudC4KICAgICAgICAgIDwvdD4KICAg
ICAgICA8L3NlY3Rpb24+CgogICAgICAgIDxzZWN0aW9uIHRpdGxlPSdBY2Nlc3MgVG9rZW4gUmVz
cG9uc2UnPgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIElmIHRoZSBhY2Nlc3MgdG9rZW4gcmVx
dWVzdCBpcyB2YWxpZCBhbmQgYXV0aG9yaXplZCwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGlz
c3VlcyBhbgogICAgICAgICAgICBhY2Nlc3MgdG9rZW4gYXMgZGVzY3JpYmVkIGluIDx4cmVmIHRh
cmdldD0ndG9rZW4tcmVzcG9uc2UnIC8+LiBBIHJlZnJlc2ggdG9rZW4gU0hPVUxECiAgICAgICAg
ICAgIE5PVCBiZSBpbmNsdWRlZC4gSWYgdGhlIHJlcXVlc3QgZmFpbGVkIGNsaWVudCBhdXRoZW50
aWNhdGlvbiBvciBpcyBpbnZhbGlkLCB0aGUKICAgICAgICAgICAgYXV0aG9yaXphdGlvbiBzZXJ2
ZXIgcmV0dXJucyBhbiBlcnJvciByZXNwb25zZSBhcyBkZXNjcmliZWQgaW4KICAgICAgICAgICAg
PHhyZWYgdGFyZ2V0PSd0b2tlbi1lcnJvcnMnIC8+LgogICAgICAgICAgPC90PgogICAgICAgICAg
PGZpZ3VyZT4KICAgICAgICAgICAgPHByZWFtYmxlPgogICAgICAgICAgICAgIEFuIGV4YW1wbGUg
c3VjY2Vzc2Z1bCByZXNwb25zZToKICAgICAgICAgICAgPC9wcmVhbWJsZT4KICAgICAgICAgICAg
PGFydHdvcms+CiAgICAgICAgICAgICAgPCFbQ0RBVEFbCiAgSFRUUC8xLjEgMjAwIE9LCiAgQ29u
dGVudC1UeXBlOiBhcHBsaWNhdGlvbi9qc29uO2NoYXJzZXQ9VVRGLTgKICBDYWNoZS1Db250cm9s
OiBuby1zdG9yZQogIFByYWdtYTogbm8tY2FjaGUKICAKICB7CiAgICAiYWNjZXNzX3Rva2VuIjoi
MllvdG5GWkZFanIxekNzaWNNV3BBQSIsCiAgICAidG9rZW5fdHlwZSI6ImV4YW1wbGUiLAogICAg
ImV4cGlyZXNfaW4iOjM2MDAsCiAgICAiZXhhbXBsZV9wYXJhbWV0ZXIiOiJleGFtcGxlX3ZhbHVl
IgogIH0KXV0+CiAgICAgICAgICAgIDwvYXJ0d29yaz4KICAgICAgICAgIDwvZmlndXJlPgogICAg
ICAgIDwvc2VjdGlvbj4KCiAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSdF
eHRlbnNpb24gR3JhbnRzJz4KICAgICAgICA8dD4KICAgICAgICAgIFRoZSBjbGllbnQgdXNlcyBh
biBleHRlbnNpb24gZ3JhbnQgdHlwZSBieSBzcGVjaWZ5aW5nIHRoZSBncmFudCB0eXBlIHVzaW5n
IGFuCiAgICAgICAgICBhYnNvbHV0ZSBVUkkgKGRlZmluZWQgYnkgdGhlIGF1dGhvcml6YXRpb24g
c2VydmVyKSBhcyB0aGUgdmFsdWUgb2YgdGhlCiAgICAgICAgICA8c3Bhbnggc3R5bGU9J3ZlcmIn
PmdyYW50X3R5cGU8L3NwYW54PiBwYXJhbWV0ZXIgb2YgdGhlIHRva2VuIGVuZHBvaW50LCBhbmQg
YnkKICAgICAgICAgIGFkZGluZyBhbnkgYWRkaXRpb25hbCBwYXJhbWV0ZXJzIG5lY2Vzc2FyeS4K
ICAgICAgICA8L3Q+CiAgICAgICAgPGZpZ3VyZT4KICAgICAgICAgIDxwcmVhbWJsZT4KICAgICAg
ICAgICAgRm9yIGV4YW1wbGUsIHRvIHJlcXVlc3QgYW4gYWNjZXNzIHRva2VuIHVzaW5nIGEgU0FN
TCAyLjAgYXNzZXJ0aW9uIGdyYW50IHR5cGUgYXMKICAgICAgICAgICAgZGVmaW5lZCBieSA8eHJl
ZiB0YXJnZXQ9J0ktRC5pZXRmLW9hdXRoLXNhbWwyLWJlYXJlcicgLz4sIHRoZSBjbGllbnQgbWFr
ZXMgdGhlCiAgICAgICAgICAgIGZvbGxvd2luZyBIVFRQIHJlcXVlc3QgdXNpbmcgVExTIChsaW5l
IGJyZWFrcyBhcmUgZm9yIGRpc3BsYXkgcHVycG9zZXMgb25seSk6CiAgICAgICAgICA8L3ByZWFt
YmxlPgogICAgICAgICAgPGFydHdvcms+CiAgICAgICAgICAgIDwhW0NEQVRBWwogIFBPU1QgL3Rv
a2VuIEhUVFAvMS4xCiAgSG9zdDogc2VydmVyLmV4YW1wbGUuY29tCiAgQ29udGVudC1UeXBlOiBh
cHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ7Y2hhcnNldD1VVEYtOAoKICBncmFudF90
eXBlPXVybiUzQWlldGYlM0FwYXJhbXMlM0FvYXV0aCUzQWdyYW50LXR5cGUlM0FzYW1sMi0KICBi
ZWFyZXImYXNzZXJ0aW9uPVBFRnpjMlZ5ZEdsdmJpQkpjM04xWlVsdWMzUmhiblE5SWpJd01URXRN
RFUKICBbLi4ub21pdHRlZCBmb3IgYnJldml0eS4uLl1hRzVUZEdGMFpXMWxiblEtUEM5QmMzTmxj
blJwYjI0LQpdXT4KICAgICAgICAgIDwvYXJ0d29yaz4KICAgICAgICA8L2ZpZ3VyZT4KICAgICAg
ICA8dD4KICAgICAgICAgIElmIHRoZSBhY2Nlc3MgdG9rZW4gcmVxdWVzdCBpcyB2YWxpZCBhbmQg
YXV0aG9yaXplZCwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGlzc3VlcyBhbgogICAgICAgICAg
YWNjZXNzIHRva2VuIGFuZCBvcHRpb25hbCByZWZyZXNoIHRva2VuIGFzIGRlc2NyaWJlZCBpbiA8
eHJlZiB0YXJnZXQ9J3Rva2VuLXJlc3BvbnNlJyAvPi4KICAgICAgICAgIElmIHRoZSByZXF1ZXN0
IGZhaWxlZCBjbGllbnQgYXV0aGVudGljYXRpb24gb3IgaXMgaW52YWxpZCwgdGhlIGF1dGhvcml6
YXRpb24gc2VydmVyIHJldHVybnMKICAgICAgICAgIGFuIGVycm9yIHJlc3BvbnNlIGFzIGRlc2Ny
aWJlZCBpbiA8eHJlZiB0YXJnZXQ9J3Rva2VuLWVycm9ycycgLz4uCiAgICAgICAgPC90PgogICAg
ICA8L3NlY3Rpb24+CgogICAgPC9zZWN0aW9uPgoKICAgIDxzZWN0aW9uIHRpdGxlPSdJc3N1aW5n
IGFuIEFjY2VzcyBUb2tlbicgYW5jaG9yPSd0b2tlbi1pc3N1ZSc+CiAgICAgIDx0PgogICAgICAg
IElmIHRoZSBhY2Nlc3MgdG9rZW4gcmVxdWVzdCBpcyB2YWxpZCBhbmQgYXV0aG9yaXplZCwgdGhl
IGF1dGhvcml6YXRpb24gc2VydmVyIGlzc3VlcyBhbgogICAgICAgIGFjY2VzcyB0b2tlbiBhbmQg
b3B0aW9uYWwgcmVmcmVzaCB0b2tlbiBhcyBkZXNjcmliZWQgaW4gPHhyZWYgdGFyZ2V0PSd0b2tl
bi1yZXNwb25zZScgLz4uCiAgICAgICAgSWYgdGhlIHJlcXVlc3QgZmFpbGVkIGNsaWVudCBhdXRo
ZW50aWNhdGlvbiBvciBpcyBpbnZhbGlkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgcmV0dXJu
cwogICAgICAgIGFuIGVycm9yIHJlc3BvbnNlIGFzIGRlc2NyaWJlZCBpbiA8eHJlZiB0YXJnZXQ9
J3Rva2VuLWVycm9ycycgLz4uCiAgICAgIDwvdD4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSdTdWNj
ZXNzZnVsIFJlc3BvbnNlJyBhbmNob3I9J3Rva2VuLXJlc3BvbnNlJz4KICAgICAgICA8dD4KICAg
ICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBpc3N1ZXMgYW4gYWNjZXNzIHRva2VuIGFu
ZCBvcHRpb25hbCByZWZyZXNoIHRva2VuLCBhbmQKICAgICAgICAgIGNvbnN0cnVjdHMgdGhlIHJl
c3BvbnNlIGJ5IGFkZGluZyB0aGUgZm9sbG93aW5nIHBhcmFtZXRlcnMgdG8gdGhlIGVudGl0eSBi
b2R5IG9mIHRoZSBIVFRQCiAgICAgICAgICByZXNwb25zZSB3aXRoIGEgMjAwIChPSykgc3RhdHVz
IGNvZGU6CiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgPGxpc3Qgc3R5bGU9J2hh
bmdpbmcnIGhhbmdJbmRlbnQ9JzYnPgogICAgICAgICAgICA8dCBoYW5nVGV4dD0nYWNjZXNzX3Rv
a2VuJz4KICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgUkVRVUlSRUQuIFRo
ZSBhY2Nlc3MgdG9rZW4gaXNzdWVkIGJ5IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4KICAgICAg
ICAgICAgPC90PgogICAgICAgICAgICA8dCBoYW5nVGV4dD0ndG9rZW5fdHlwZSc+CiAgICAgICAg
ICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgIFJFUVVJUkVELiBUaGUgdHlwZSBvZiB0aGUg
dG9rZW4gaXNzdWVkIGFzIGRlc2NyaWJlZCBpbiA8eHJlZiB0YXJnZXQ9J3Rva2VuLXR5cGVzJyAv
Pi4KICAgICAgICAgICAgICBWYWx1ZSBpcyBjYXNlIGluc2Vuc2l0aXZlLgogICAgICAgICAgICA8
L3Q+CiAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdleHBpcmVzX2luJz4KICAgICAgICAgICAgICA8
dnNwYWNlIC8+CiAgICAgICAgICAgICAgUkVDT01NRU5ERUQuIFRoZSBsaWZldGltZSBpbiBzZWNv
bmRzIG9mIHRoZSBhY2Nlc3MgdG9rZW4uIEZvciBleGFtcGxlLCB0aGUgdmFsdWUKICAgICAgICAg
ICAgICA8c3Bhbnggc3R5bGU9J3ZlcmInPjM2MDA8L3NwYW54PiBkZW5vdGVzIHRoYXQgdGhlIGFj
Y2VzcyB0b2tlbiB3aWxsIGV4cGlyZSBpbiBvbmUKICAgICAgICAgICAgICBob3VyIGZyb20gdGhl
IHRpbWUgdGhlIHJlc3BvbnNlIHdhcyBnZW5lcmF0ZWQuIElmIG9taXR0ZWQsIHRoZSBhdXRob3Jp
emF0aW9uIHNlcnZlcgogICAgICAgICAgICAgIFNIT1VMRCBwcm92aWRlIHRoZSBleHBpcmF0aW9u
IHRpbWUgdmlhIG90aGVyIG1lYW5zIG9yIGRvY3VtZW50IHRoZSBkZWZhdWx0IHZhbHVlLgogICAg
ICAgICAgICA8L3Q+CiAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdyZWZyZXNoX3Rva2VuJz4KICAg
ICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgT1BUSU9OQUwuIFRoZSByZWZyZXNo
IHRva2VuIHdoaWNoIGNhbiBiZSB1c2VkIHRvIG9idGFpbiBuZXcgYWNjZXNzIHRva2VucyB1c2lu
ZyB0aGUKICAgICAgICAgICAgICBzYW1lIGF1dGhvcml6YXRpb24gZ3JhbnQgYXMgZGVzY3JpYmVk
IGluIDx4cmVmIHRhcmdldD0ndG9rZW4tcmVmcmVzaCcgLz4uCiAgICAgICAgICAgIDwvdD4KICAg
ICAgICAgICAgPHQgaGFuZ1RleHQ9J3Njb3BlJz4KICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAg
ICAgICAgICAgICAgT1BUSU9OQUwsIGlmIGlkZW50aWNhbCB0byB0aGUgc2NvcGUgcmVxdWVzdGVk
IGJ5IHRoZSBjbGllbnQsIG90aGVyd2lzZSBSRVFVSVJFRC4gVGhlCiAgICAgICAgICAgICAgc2Nv
cGUgb2YgdGhlIGFjY2VzcyB0b2tlbiBhcyBkZXNjcmliZWQgYnkgPHhyZWYgdGFyZ2V0PSdzY29w
ZScgLz4uCiAgICAgICAgICAgIDwvdD4KICAgICAgICAgIDwvbGlzdD4KICAgICAgICA8L3Q+CiAg
ICAgICAgPHQ+CiAgICAgICAgICBUaGUgcGFyYW1ldGVycyBhcmUgaW5jbHVkZWQgaW4gdGhlIGVu
dGl0eSBib2R5IG9mIHRoZSBIVFRQIHJlc3BvbnNlIHVzaW5nIHRoZQogICAgICAgICAgPHNwYW54
IHN0eWxlPSd2ZXJiJz5hcHBsaWNhdGlvbi9qc29uPC9zcGFueD4gbWVkaWEgdHlwZSBhcyBkZWZp
bmVkIGJ5CiAgICAgICAgICA8eHJlZiB0YXJnZXQ9J1JGQzQ2MjcnIC8+LiBUaGUgcGFyYW1ldGVy
cyBhcmUgc2VyaWFsaXplZCBpbnRvIGEgSlNPTiBzdHJ1Y3R1cmUgYnkKICAgICAgICAgIGFkZGlu
ZyBlYWNoIHBhcmFtZXRlciBhdCB0aGUgaGlnaGVzdCBzdHJ1Y3R1cmUgbGV2ZWwuIFBhcmFtZXRl
ciBuYW1lcyBhbmQgc3RyaW5nIHZhbHVlcwogICAgICAgICAgYXJlIGluY2x1ZGVkIGFzIEpTT04g
c3RyaW5ncy4gTnVtZXJpY2FsIHZhbHVlcyBhcmUgaW5jbHVkZWQgYXMgSlNPTiBudW1iZXJzLiBU
aGUgb3JkZXIgb2YKICAgICAgICAgIHBhcmFtZXRlcnMgZG9lcyBub3QgbWF0dGVyIGFuZCBjYW4g
dmFyeS4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUgYXV0aG9yaXphdGlv
biBzZXJ2ZXIgTVVTVCBpbmNsdWRlIHRoZSBIVFRQCiAgICAgICAgICA8c3Bhbnggc3R5bGU9J3Zl
cmInPkNhY2hlLUNvbnRyb2w8L3NwYW54PiByZXNwb25zZSBoZWFkZXIgZmllbGQgPHhyZWYgdGFy
Z2V0PSdSRkMyNjE2JyAvPgogICAgICAgICAgd2l0aCBhIHZhbHVlIG9mIDxzcGFueCBzdHlsZT0n
dmVyYic+bm8tc3RvcmU8L3NwYW54PiBpbiBhbnkgcmVzcG9uc2UgY29udGFpbmluZyB0b2tlbnMs
CiAgICAgICAgICBjcmVkZW50aWFscywgb3Igb3RoZXIgc2Vuc2l0aXZlIGluZm9ybWF0aW9uLCBh
cyB3ZWxsIGFzIHRoZQogICAgICAgICAgPHNwYW54IHN0eWxlPSd2ZXJiJz5QcmFnbWE8L3NwYW54
PiByZXNwb25zZSBoZWFkZXIgZmllbGQgPHhyZWYgdGFyZ2V0PSdSRkMyNjE2JyAvPiB3aXRoIGEK
ICAgICAgICAgIHZhbHVlIG9mIDxzcGFueCBzdHlsZT0ndmVyYic+bm8tY2FjaGU8L3NwYW54Pi4K
ICAgICAgICA8L3Q+CiAgICAgICAgPGZpZ3VyZT4KICAgICAgICAgIDxwcmVhbWJsZT4KICAgICAg
ICAgICAgRm9yIGV4YW1wbGU6CiAgICAgICAgICA8L3ByZWFtYmxlPgogICAgICAgICAgPGFydHdv
cms+CiAgICAgICAgICAgIDwhW0NEQVRBWwogIEhUVFAvMS4xIDIwMCBPSwogIENvbnRlbnQtVHlw
ZTogYXBwbGljYXRpb24vanNvbjtjaGFyc2V0PVVURi04CiAgQ2FjaGUtQ29udHJvbDogbm8tc3Rv
cmUKICBQcmFnbWE6IG5vLWNhY2hlCgogIHsKICAgICJhY2Nlc3NfdG9rZW4iOiIyWW90bkZaRkVq
cjF6Q3NpY01XcEFBIiwKICAgICJ0b2tlbl90eXBlIjoiZXhhbXBsZSIsCiAgICAiZXhwaXJlc19p
biI6MzYwMCwKICAgICJyZWZyZXNoX3Rva2VuIjoidEd6djNKT2tGMFhHNVF4MlRsS1dJQSIsCiAg
ICAiZXhhbXBsZV9wYXJhbWV0ZXIiOiJleGFtcGxlX3ZhbHVlIgogIH0KXV0+CiAgICAgICAgICA8
L2FydHdvcms+CiAgICAgICAgPC9maWd1cmU+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUgY2xp
ZW50IE1VU1QgaWdub3JlIHVucmVjb2duaXplZCB2YWx1ZSBuYW1lcyBpbiB0aGUgcmVzcG9uc2Uu
IFRoZSBzaXplcyBvZiB0b2tlbnMgYW5kCiAgICAgICAgICBvdGhlciB2YWx1ZXMgcmVjZWl2ZWQg
ZnJvbSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXJlIGxlZnQgdW5kZWZpbmVkLiBUaGUgY2xp
ZW50IHNob3VsZAogICAgICAgICAgYXZvaWQgbWFraW5nIGFzc3VtcHRpb25zIGFib3V0IHZhbHVl
IHNpemVzLiBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgU0hPVUxEIGRvY3VtZW50IHRoZQogICAg
ICAgICAgc2l6ZSBvZiBhbnkgdmFsdWUgaXQgaXNzdWVzLgogICAgICAgIDwvdD4KICAgICAgPC9z
ZWN0aW9uPgoKICAgICAgPHNlY3Rpb24gdGl0bGU9J0Vycm9yIFJlc3BvbnNlJyBhbmNob3I9J3Rv
a2VuLWVycm9ycyc+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2
ZXIgcmVzcG9uZHMgd2l0aCBhbiBIVFRQIDQwMCAoQmFkIFJlcXVlc3QpIHN0YXR1cyBjb2RlICh1
bmxlc3MKICAgICAgICAgIHNwZWNpZmllZCBvdGhlcndpc2UpIGFuZCBpbmNsdWRlcyB0aGUgZm9s
bG93aW5nIHBhcmFtZXRlcnMgd2l0aCB0aGUgcmVzcG9uc2U6CiAgICAgICAgPC90PgogICAgICAg
IDx0PgogICAgICAgICAgPGxpc3Qgc3R5bGU9J2hhbmdpbmcnIGhhbmdJbmRlbnQ9JzYnPgogICAg
ICAgICAgICA8dCBoYW5nVGV4dD0nZXJyb3InPgogICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAg
ICAgICAgICAgICBSRVFVSVJFRC4gQSBzaW5nbGUgQVNDSUkgPHhyZWYgdGFyZ2V0PSJVU0FTQ0lJ
IiAvPiBlcnJvciBjb2RlIGZyb20gdGhlIGZvbGxvd2luZzoKCiAgICAgICAgICAgICAgPGxpc3Qg
c3R5bGU9J2hhbmdpbmcnIGhhbmdJbmRlbnQ9JzYnPgogICAgICAgICAgICAgICAgPHQgaGFuZ1Rl
eHQ9J2ludmFsaWRfcmVxdWVzdCc+CiAgICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAg
ICAgICAgICAgICAgVGhlIHJlcXVlc3QgaXMgbWlzc2luZyBhIHJlcXVpcmVkIHBhcmFtZXRlciwg
aW5jbHVkZXMgYW4gdW5zdXBwb3J0ZWQKICAgICAgICAgICAgICAgICAgcGFyYW1ldGVyIHZhbHVl
IChvdGhlciB0aGFuIGdyYW50IHR5cGUpLCByZXBlYXRzIGEgcGFyYW1ldGVyLCBpbmNsdWRlcyBt
dWx0aXBsZQogICAgICAgICAgICAgICAgICBjcmVkZW50aWFscywgdXRpbGl6ZXMgbW9yZSB0aGFu
IG9uZSBtZWNoYW5pc20gZm9yIGF1dGhlbnRpY2F0aW5nIHRoZSBjbGllbnQsCiAgICAgICAgICAg
ICAgICAgIG9yIGlzIG90aGVyd2lzZSBtYWxmb3JtZWQuCiAgICAgICAgICAgICAgICA8L3Q+CiAg
ICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0naW52YWxpZF9jbGllbnQnPgogICAgICAgICAgICAg
ICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICAgIENsaWVudCBhdXRoZW50aWNhdGlvbiBm
YWlsZWQgKGUuZy4gdW5rbm93biBjbGllbnQsIG5vIGNsaWVudCBhdXRoZW50aWNhdGlvbgogICAg
ICAgICAgICAgICAgICBpbmNsdWRlZCwgb3IgdW5zdXBwb3J0ZWQgYXV0aGVudGljYXRpb24gbWV0
aG9kKS4gVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1BWQogICAgICAgICAgICAgICAgICByZXR1
cm4gYW4gSFRUUCA0MDEgKFVuYXV0aG9yaXplZCkgc3RhdHVzIGNvZGUgdG8gaW5kaWNhdGUgd2hp
Y2ggSFRUUAogICAgICAgICAgICAgICAgICBhdXRoZW50aWNhdGlvbiBzY2hlbWVzIGFyZSBzdXBw
b3J0ZWQuIElmIHRoZSBjbGllbnQgYXR0ZW1wdGVkIHRvIGF1dGhlbnRpY2F0ZSB2aWEKICAgICAg
ICAgICAgICAgICAgdGhlIDxzcGFueCBzdHlsZT0ndmVyYic+QXV0aG9yaXphdGlvbjwvc3Bhbng+
IHJlcXVlc3QgaGVhZGVyIGZpZWxkLAogICAgICAgICAgICAgICAgICB0aGUgYXV0aG9yaXphdGlv
biBzZXJ2ZXIgTVVTVCByZXNwb25kIHdpdGggYW4gSFRUUCA0MDEgKFVuYXV0aG9yaXplZCkgc3Rh
dHVzCiAgICAgICAgICAgICAgICAgIGNvZGUsIGFuZCBpbmNsdWRlIHRoZSA8c3Bhbnggc3R5bGU9
J3ZlcmInPldXVy1BdXRoZW50aWNhdGU8L3NwYW54PiByZXNwb25zZQogICAgICAgICAgICAgICAg
ICBoZWFkZXIgZmllbGQgbWF0Y2hpbmcgdGhlIGF1dGhlbnRpY2F0aW9uIHNjaGVtZSB1c2VkIGJ5
IHRoZSBjbGllbnQuCiAgICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgICA8dCBoYW5n
VGV4dD0naW52YWxpZF9ncmFudCc+CiAgICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAg
ICAgICAgICAgICAgVGhlIHByb3ZpZGVkIGF1dGhvcml6YXRpb24gZ3JhbnQgKGUuZy4gYXV0aG9y
aXphdGlvbiBjb2RlLCByZXNvdXJjZSBvd25lcgogICAgICAgICAgICAgICAgICBjcmVkZW50aWFs
cykgb3IgcmVmcmVzaCB0b2tlbiBpcyBpbnZhbGlkLCBleHBpcmVkLCByZXZva2VkLCBkb2VzIG5v
dCBtYXRjaCB0aGUKICAgICAgICAgICAgICAgICAgcmVkaXJlY3Rpb24gVVJJIHVzZWQgaW4gdGhl
IGF1dGhvcml6YXRpb24gcmVxdWVzdCwgb3Igd2FzIGlzc3VlZCB0byBhbm90aGVyCiAgICAgICAg
ICAgICAgICAgIGNsaWVudC4KICAgICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICAgIDx0
IGhhbmdUZXh0PSd1bmF1dGhvcml6ZWRfY2xpZW50Jz4KICAgICAgICAgICAgICAgICAgPHZzcGFj
ZSAvPgogICAgICAgICAgICAgICAgICBUaGUgYXV0aGVudGljYXRlZCBjbGllbnQgaXMgbm90IGF1
dGhvcml6ZWQgdG8gdXNlIHRoaXMgYXV0aG9yaXphdGlvbiBncmFudCB0eXBlLgogICAgICAgICAg
ICAgICAgPC90PgogICAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J3Vuc3VwcG9ydGVkX2dyYW50
X3R5cGUnPgogICAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICAgIFRo
ZSBhdXRob3JpemF0aW9uIGdyYW50IHR5cGUgaXMgbm90IHN1cHBvcnRlZCBieSB0aGUgYXV0aG9y
aXphdGlvbiBzZXJ2ZXIuCiAgICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgICA8dCBo
YW5nVGV4dD0naW52YWxpZF9zY29wZSc+CiAgICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAg
ICAgICAgICAgICAgICAgVGhlIHJlcXVlc3RlZCBzY29wZSBpcyBpbnZhbGlkLCB1bmtub3duLCBt
YWxmb3JtZWQsIG9yIGV4Y2VlZHMgdGhlIHNjb3BlIGdyYW50ZWQKICAgICAgICAgICAgICAgICAg
YnkgdGhlIHJlc291cmNlIG93bmVyLgogICAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAg
IDwvbGlzdD4KCgkgICAgICBWYWx1ZXMgZm9yIHRoZSA8c3Bhbnggc3R5bGU9J3ZlcmInPmVycm9y
PC9zcGFueD4gcGFyYW1ldGVyIE1VU1QgTk9UIGluY2x1ZGUKCSAgICAgIGNoYXJhY3RlcnMgb3V0
c2lkZSB0aGUgc2V0ICV4MjAtMjEgLyAleDIzLTVCIC8gJXg1RC03RS4KICAgICAgICAgICAgPC90
PgogICAgICAgICAgICA8dCBoYW5nVGV4dD0nZXJyb3JfZGVzY3JpcHRpb24nPgogICAgICAgICAg
ICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICBPUFRJT05BTC4gQSBodW1hbi1yZWFkYWJsZSBB
U0NJSSA8eHJlZiB0YXJnZXQ9IlVTQVNDSUkiIC8+IHRleHQgcHJvdmlkaW5nIGFkZGl0aW9uYWwg
aW5mb3JtYXRpb24sCiAgICAgICAgICAgICAgdXNlZCB0byBhc3Npc3QgdGhlIGNsaWVudCBkZXZl
bG9wZXIgaW4gdW5kZXJzdGFuZGluZyB0aGUgZXJyb3IgdGhhdCBvY2N1cnJlZC4KCSAgICAgIDx2
c3BhY2UvPgoJICAgICAgVmFsdWVzIGZvciB0aGUgPHNwYW54IHN0eWxlPSd2ZXJiJz5lcnJvcl9k
ZXNjcmlwdGlvbjwvc3Bhbng+IHBhcmFtZXRlciBNVVNUIE5PVCBpbmNsdWRlCgkgICAgICBjaGFy
YWN0ZXJzIG91dHNpZGUgdGhlIHNldCAleDIwLTIxIC8gJXgyMy01QiAvICV4NUQtN0UuCiAgICAg
ICAgICAgIDwvdD4KICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J2Vycm9yX3VyaSc+CiAgICAgICAg
ICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgIE9QVElPTkFMLiBBIFVSSSBpZGVudGlmeWlu
ZyBhIGh1bWFuLXJlYWRhYmxlIHdlYiBwYWdlIHdpdGggaW5mb3JtYXRpb24gYWJvdXQgdGhlCiAg
ICAgICAgICAgICAgZXJyb3IsIHVzZWQgdG8gcHJvdmlkZSB0aGUgY2xpZW50IGRldmVsb3BlciB3
aXRoIGFkZGl0aW9uYWwgaW5mb3JtYXRpb24gYWJvdXQgdGhlCiAgICAgICAgICAgICAgZXJyb3Iu
CgkgICAgICA8dnNwYWNlLz4KCSAgICAgIFZhbHVlcyBmb3IgdGhlIDxzcGFueCBzdHlsZT0ndmVy
Yic+ZXJyb3JfdXJpPC9zcGFueD4gcGFyYW1ldGVyCgkgICAgICBNVVNUIGNvbmZvcm0gdG8gdGhl
IFVSSS1SZWZlcmVuY2Ugc3ludGF4LCBhbmQgdGh1cyBNVVNUIE5PVCBpbmNsdWRlCgkgICAgICBj
aGFyYWN0ZXJzIG91dHNpZGUgdGhlIHNldCAleDIxIC8gJXgyMy01QiAvICV4NUQtN0UuCiAgICAg
ICAgICAgIDwvdD4KICAgICAgICAgIDwvbGlzdD4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAg
ICAgICAgICBUaGUgcGFyYW1ldGVycyBhcmUgaW5jbHVkZWQgaW4gdGhlIGVudGl0eSBib2R5IG9m
IHRoZSBIVFRQIHJlc3BvbnNlIHVzaW5nIHRoZQogICAgICAgICAgPHNwYW54IHN0eWxlPSd2ZXJi
Jz5hcHBsaWNhdGlvbi9qc29uPC9zcGFueD4gbWVkaWEgdHlwZSBhcyBkZWZpbmVkIGJ5CiAgICAg
ICAgICA8eHJlZiB0YXJnZXQ9J1JGQzQ2MjcnIC8+LiBUaGUgcGFyYW1ldGVycyBhcmUgc2VyaWFs
aXplZCBpbnRvIGEgSlNPTiBzdHJ1Y3R1cmUgYnkKICAgICAgICAgIGFkZGluZyBlYWNoIHBhcmFt
ZXRlciBhdCB0aGUgaGlnaGVzdCBzdHJ1Y3R1cmUgbGV2ZWwuIFBhcmFtZXRlciBuYW1lcyBhbmQg
c3RyaW5nIHZhbHVlcwogICAgICAgICAgYXJlIGluY2x1ZGVkIGFzIEpTT04gc3RyaW5ncy4gTnVt
ZXJpY2FsIHZhbHVlcyBhcmUgaW5jbHVkZWQgYXMgSlNPTiBudW1iZXJzLiBUaGUgb3JkZXIgb2YK
ICAgICAgICAgIHBhcmFtZXRlcnMgZG9lcyBub3QgbWF0dGVyIGFuZCBjYW4gdmFyeS4KICAgICAg
ICA8L3Q+CiAgICAgICAgPGZpZ3VyZT4KICAgICAgICAgIDxwcmVhbWJsZT4KICAgICAgICAgICAg
Rm9yIGV4YW1wbGU6CiAgICAgICAgICA8L3ByZWFtYmxlPgogICAgICAgICAgPGFydHdvcms+CiAg
ICAgICAgICAgIDwhW0NEQVRBWwogIEhUVFAvMS4xIDQwMCBCYWQgUmVxdWVzdAogIENvbnRlbnQt
VHlwZTogYXBwbGljYXRpb24vanNvbjtjaGFyc2V0PVVURi04CiAgQ2FjaGUtQ29udHJvbDogbm8t
c3RvcmUKICBQcmFnbWE6IG5vLWNhY2hlCgogIHsKICAgICJlcnJvciI6ImludmFsaWRfcmVxdWVz
dCIKICB9Cl1dPgogICAgICAgICAgPC9hcnR3b3JrPgogICAgICAgIDwvZmlndXJlPgogICAgICA8
L3NlY3Rpb24+CgogICAgPC9zZWN0aW9uPgoKICAgIDxzZWN0aW9uIHRpdGxlPSdSZWZyZXNoaW5n
IGFuIEFjY2VzcyBUb2tlbicgYW5jaG9yPSd0b2tlbi1yZWZyZXNoJz4KICAgICAgPHQ+CiAgICAg
ICAgSWYgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGlzc3VlZCBhIHJlZnJlc2ggdG9rZW4gdG8g
dGhlIGNsaWVudCwgdGhlIGNsaWVudCBtYWtlcyBhCiAgICAgICAgcmVmcmVzaCByZXF1ZXN0IHRv
IHRoZSB0b2tlbiBlbmRwb2ludCBieSBhZGRpbmcgdGhlIGZvbGxvd2luZyBwYXJhbWV0ZXJzIHVz
aW5nIHRoZQogICAgICAgIDxzcGFueCBzdHlsZT0ndmVyYic+YXBwbGljYXRpb24veC13d3ctZm9y
bS11cmxlbmNvZGVkPC9zcGFueD4gZm9ybWF0IGluIHRoZSBIVFRQIHJlcXVlc3QKICAgICAgICBl
bnRpdHktYm9keToKICAgICAgPC90PgogICAgICA8dD4KICAgICAgICA8bGlzdCBzdHlsZT0naGFu
Z2luZycgaGFuZ0luZGVudD0nNic+CiAgICAgICAgICA8dCBoYW5nVGV4dD0nZ3JhbnRfdHlwZSc+
CiAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgUkVRVUlSRUQuIFZhbHVlIE1VU1Qg
YmUgc2V0IHRvIDxzcGFueCBzdHlsZT0ndmVyYic+cmVmcmVzaF90b2tlbjwvc3Bhbng+LgogICAg
ICAgICAgPC90PgogICAgICAgICAgPHQgaGFuZ1RleHQ9J3JlZnJlc2hfdG9rZW4nPgogICAgICAg
ICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgIFJFUVVJUkVELiBUaGUgcmVmcmVzaCB0b2tlbiBp
c3N1ZWQgdG8gdGhlIGNsaWVudC4KICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0IGhhbmdUZXh0
PSdzY29wZSc+CiAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgT1BUSU9OQUwuIFRo
ZSBzY29wZSBvZiB0aGUgYWNjZXNzIHJlcXVlc3QgYXMgZGVzY3JpYmVkIGJ5IDx4cmVmIHRhcmdl
dD0nc2NvcGUnIC8+LgogICAgICAgICAgICBUaGUgcmVxdWVzdGVkIHNjb3BlIE1VU1QgTk9UIGlu
Y2x1ZGUgYW55IHNjb3BlIG5vdCBvcmlnaW5hbGx5IGdyYW50ZWQgYnkgdGhlIHJlc291cmNlCiAg
ICAgICAgICAgIG93bmVyLCBhbmQgaWYgb21pdHRlZCBpcyB0cmVhdGVkIGFzIGVxdWFsIHRvIHRo
ZSBzY29wZSBvcmlnaW5hbGx5IGdyYW50ZWQgYnkgdGhlCiAgICAgICAgICAgIHJlc291cmNlIG93
bmVyLgogICAgICAgICAgPC90PgogICAgICAgIDwvbGlzdD4KICAgICAgPC90PgogICAgICA8dD4K
ICAgICAgICBCZWNhdXNlIHJlZnJlc2ggdG9rZW5zIGFyZSB0eXBpY2FsbHkgbG9uZy1sYXN0aW5n
IGNyZWRlbnRpYWxzIHVzZWQgdG8gcmVxdWVzdCBhZGRpdGlvbmFsCiAgICAgICAgYWNjZXNzIHRv
a2VucywgdGhlIHJlZnJlc2ggdG9rZW4gaXMgYm91bmQgdG8gdGhlIGNsaWVudCB3aGljaCBpdCB3
YXMgaXNzdWVkLiBJZiB0aGUgY2xpZW50IHR5cGUKICAgICAgICBpcyBjb25maWRlbnRpYWwgb3Ig
dGhlIGNsaWVudCB3YXMgaXNzdWVkIGNsaWVudCBjcmVkZW50aWFscyAob3IgYXNzaWduZWQgb3Ro
ZXIKICAgICAgICBhdXRoZW50aWNhdGlvbiByZXF1aXJlbWVudHMpLCB0aGUgY2xpZW50IE1VU1Qg
YXV0aGVudGljYXRlIHdpdGggdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGFzCiAgICAgICAgZGVz
Y3JpYmVkIGluIDx4cmVmIHRhcmdldD0ndG9rZW4tZW5kcG9pbnQtYXV0aCcgLz4uCiAgICAgIDwv
dD4KICAgICAgPGZpZ3VyZT4KICAgICAgICA8cHJlYW1ibGU+CiAgICAgICAgICBGb3IgZXhhbXBs
ZSwgdGhlIGNsaWVudCBtYWtlcyB0aGUgZm9sbG93aW5nIEhUVFAgcmVxdWVzdCB1c2luZyB0cmFu
c3BvcnQtbGF5ZXIKICAgICAgICAgIHNlY3VyaXR5IChleHRyYSBsaW5lIGJyZWFrcyBhcmUgZm9y
IGRpc3BsYXkgcHVycG9zZXMgb25seSk6CiAgICAgICAgPC9wcmVhbWJsZT4KICAgICAgICA8YXJ0
d29yaz4KICAgICAgICAgIDwhW0NEQVRBWwogIFBPU1QgL3Rva2VuIEhUVFAvMS4xCiAgSG9zdDog
c2VydmVyLmV4YW1wbGUuY29tCiAgQXV0aG9yaXphdGlvbjogQmFzaWMgY3paQ2FHUlNhM0YwTXpw
bldERm1RbUYwTTJKVwogIENvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxl
bmNvZGVkO2NoYXJzZXQ9VVRGLTgKICAKICBncmFudF90eXBlPXJlZnJlc2hfdG9rZW4mcmVmcmVz
aF90b2tlbj10R3p2M0pPa0YwWEc1UXgyVGxLV0lBCl1dPgogICAgICAgIDwvYXJ0d29yaz4KICAg
ICAgPC9maWd1cmU+CiAgICAgIDx0PgogICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBN
VVNUOgogICAgICA8L3Q+CiAgICAgIDx0PgogICAgICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4K
ICAgICAgICAgIDx0PgogICAgICAgICAgICByZXF1aXJlIGNsaWVudCBhdXRoZW50aWNhdGlvbiBm
b3IgY29uZmlkZW50aWFsIGNsaWVudHMgb3IgZm9yIGFueSBjbGllbnQgdGhhdCB3YXMKICAgICAg
ICAgICAgaXNzdWVkIGNsaWVudCBjcmVkZW50aWFscyAob3Igd2l0aCBvdGhlciBhdXRoZW50aWNh
dGlvbiByZXF1aXJlbWVudHMpLAogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAg
ICAgIGF1dGhlbnRpY2F0ZSB0aGUgY2xpZW50IGlmIGNsaWVudCBhdXRoZW50aWNhdGlvbiBpcyBp
bmNsdWRlZCBhbmQgZW5zdXJlIHRoZQogICAgICAgICAgICByZWZyZXNoIHRva2VuIHdhcyBpc3N1
ZWQgdG8gdGhlIGF1dGhlbnRpY2F0ZWQgY2xpZW50LCBhbmQKICAgICAgICAgIDwvdD4KICAgICAg
ICAgIDx0PgogICAgICAgICAgICB2YWxpZGF0ZSB0aGUgcmVmcmVzaCB0b2tlbi4KICAgICAgICAg
IDwvdD4KICAgICAgICA8L2xpc3Q+CiAgICAgIDwvdD4KICAgICAgPHQ+CiAgICAgICAgSWYgdmFs
aWQgYW5kIGF1dGhvcml6ZWQsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBpc3N1ZXMgYW4gYWNj
ZXNzIHRva2VuIGFzIGRlc2NyaWJlZCBpbgogICAgICAgIDx4cmVmIHRhcmdldD0ndG9rZW4tcmVz
cG9uc2UnIC8+LiBJZiB0aGUgcmVxdWVzdCBmYWlsZWQgdmVyaWZpY2F0aW9uIG9yIGlzIGludmFs
aWQsIHRoZQogICAgICAgIGF1dGhvcml6YXRpb24gc2VydmVyIHJldHVybnMgYW4gZXJyb3IgcmVz
cG9uc2UgYXMgZGVzY3JpYmVkIGluCiAgICAgICAgPHhyZWYgdGFyZ2V0PSd0b2tlbi1lcnJvcnMn
IC8+LgogICAgICA8L3Q+CiAgICAgIDx0PgogICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZl
ciBNQVkgaXNzdWUgYSBuZXcgcmVmcmVzaCB0b2tlbiwgaW4gd2hpY2ggY2FzZSB0aGUgY2xpZW50
IE1VU1QKICAgICAgICBkaXNjYXJkIHRoZSBvbGQgcmVmcmVzaCB0b2tlbiBhbmQgcmVwbGFjZSBp
dCB3aXRoIHRoZSBuZXcgcmVmcmVzaCB0b2tlbi4gVGhlIGF1dGhvcml6YXRpb24KICAgICAgICBz
ZXJ2ZXIgTUFZIHJldm9rZSB0aGUgb2xkIHJlZnJlc2ggdG9rZW4gYWZ0ZXIgaXNzdWluZyBhIG5l
dyByZWZyZXNoIHRva2VuIHRvIHRoZSBjbGllbnQuIElmCiAgICAgICAgYSBuZXcgcmVmcmVzaCB0
b2tlbiBpcyBpc3N1ZWQsIHRoZSByZWZyZXNoIHRva2VuIHNjb3BlIE1VU1QgYmUgaWRlbnRpY2Fs
IHRvIHRoYXQgb2YgdGhlCiAgICAgICAgcmVmcmVzaCB0b2tlbiBpbmNsdWRlZCBieSB0aGUgY2xp
ZW50IGluIHRoZSByZXF1ZXN0LgogICAgICA8L3Q+CiAgICA8L3NlY3Rpb24+CgogICAgPHNlY3Rp
b24gdGl0bGU9J0FjY2Vzc2luZyBQcm90ZWN0ZWQgUmVzb3VyY2VzJyBhbmNob3I9J2FjY2Vzcy1y
ZXNvdXJjZSc+CiAgICAgIDx0PgogICAgICAgIFRoZSBjbGllbnQgYWNjZXNzZXMgcHJvdGVjdGVk
IHJlc291cmNlcyBieSBwcmVzZW50aW5nIHRoZSBhY2Nlc3MgdG9rZW4gdG8gdGhlIHJlc291cmNl
CiAgICAgICAgc2VydmVyLiBUaGUgcmVzb3VyY2Ugc2VydmVyIE1VU1QgdmFsaWRhdGUgdGhlIGFj
Y2VzcyB0b2tlbiBhbmQgZW5zdXJlIGl0IGhhcyBub3QgZXhwaXJlZAogICAgICAgIGFuZCB0aGF0
IGl0cyBzY29wZSBjb3ZlcnMgdGhlIHJlcXVlc3RlZCByZXNvdXJjZS4gVGhlIG1ldGhvZHMgdXNl
ZCBieSB0aGUgcmVzb3VyY2Ugc2VydmVyCiAgICAgICAgdG8gdmFsaWRhdGUgdGhlIGFjY2VzcyB0
b2tlbiAoYXMgd2VsbCBhcyBhbnkgZXJyb3IgcmVzcG9uc2VzKSBhcmUgYmV5b25kIHRoZSBzY29w
ZSBvZiB0aGlzCiAgICAgICAgc3BlY2lmaWNhdGlvbiwgYnV0IGdlbmVyYWxseSBpbnZvbHZlIGFu
IGludGVyYWN0aW9uIG9yIGNvb3JkaW5hdGlvbiBiZXR3ZWVuIHRoZSByZXNvdXJjZQogICAgICAg
IHNlcnZlciBhbmQgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLgogICAgICA8L3Q+CiAgICAgIDx0
PgogICAgICAgIFRoZSBtZXRob2QgaW4gd2hpY2ggdGhlIGNsaWVudCB1dGlsaXplcyB0aGUgYWNj
ZXNzIHRva2VuIHRvIGF1dGhlbnRpY2F0ZSB3aXRoIHRoZSByZXNvdXJjZQogICAgICAgIHNlcnZl
ciBkZXBlbmRzIG9uIHRoZSB0eXBlIG9mIGFjY2VzcyB0b2tlbiBpc3N1ZWQgYnkgdGhlIGF1dGhv
cml6YXRpb24gc2VydmVyLiBUeXBpY2FsbHksCiAgICAgICAgaXQgaW52b2x2ZXMgdXNpbmcgdGhl
IEhUVFAgPHNwYW54IHN0eWxlPSd2ZXJiJz5BdXRob3JpemF0aW9uPC9zcGFueD4gcmVxdWVzdCBo
ZWFkZXIgZmllbGQKICAgICAgICA8eHJlZiB0YXJnZXQ9J1JGQzI2MTcnIC8+IHdpdGggYW4gYXV0
aGVudGljYXRpb24gc2NoZW1lIGRlZmluZWQgYnkgdGhlIGFjY2VzcyB0b2tlbiB0eXBlCiAgICAg
ICAgc3BlY2lmaWNhdGlvbi4KICAgICAgPC90PgoKICAgICAgPHNlY3Rpb24gdGl0bGU9J0FjY2Vz
cyBUb2tlbiBUeXBlcycgYW5jaG9yPSd0b2tlbi10eXBlcyc+CiAgICAgICAgPHQ+CiAgICAgICAg
ICBUaGUgYWNjZXNzIHRva2VuIHR5cGUgcHJvdmlkZXMgdGhlIGNsaWVudCB3aXRoIHRoZSBpbmZv
cm1hdGlvbiByZXF1aXJlZCB0byBzdWNjZXNzZnVsbHkKICAgICAgICAgIHV0aWxpemUgdGhlIGFj
Y2VzcyB0b2tlbiB0byBtYWtlIGEgcHJvdGVjdGVkIHJlc291cmNlIHJlcXVlc3QgKGFsb25nIHdp
dGggdHlwZS1zcGVjaWZpYwogICAgICAgICAgYXR0cmlidXRlcykuIFRoZSBjbGllbnQgTVVTVCBO
T1QgdXNlIGFuIGFjY2VzcyB0b2tlbiBpZiBpdCBkb2VzIG5vdCB1bmRlcnN0YW5kIHRoZSB0b2tl
bgogICAgICAgICAgdHlwZS4KICAgICAgICA8L3Q+CiAgICAgICAgPGZpZ3VyZT4KICAgICAgICAg
IDxwcmVhbWJsZT4KICAgICAgICAgICAgRm9yIGV4YW1wbGUsIHRoZSA8c3Bhbnggc3R5bGU9J3Zl
cmInPmJlYXJlcjwvc3Bhbng+IHRva2VuIHR5cGUgZGVmaW5lZCBpbgogICAgICAgICAgICA8eHJl
ZiB0YXJnZXQ9J0ktRC5pZXRmLW9hdXRoLXYyLWJlYXJlcicgLz4gaXMgdXRpbGl6ZWQgYnkgc2lt
cGx5IGluY2x1ZGluZyB0aGUgYWNjZXNzCiAgICAgICAgICAgIHRva2VuIHN0cmluZyBpbiB0aGUg
cmVxdWVzdDoKICAgICAgICAgIDwvcHJlYW1ibGU+CiAgICAgICAgICA8YXJ0d29yaz4KICAgICAg
ICAgICAgPCFbQ0RBVEFbCiAgR0VUIC9yZXNvdXJjZS8xIEhUVFAvMS4xCiAgSG9zdDogZXhhbXBs
ZS5jb20KICBBdXRob3JpemF0aW9uOiBCZWFyZXIgbUZfOS5CNWYtNC4xSnFNCl1dPgogICAgICAg
ICAgPC9hcnR3b3JrPgogICAgICAgIDwvZmlndXJlPgogICAgICAgIDxmaWd1cmU+CiAgICAgICAg
ICA8cHJlYW1ibGU+CiAgICAgICAgICAgIHdoaWxlIHRoZSA8c3Bhbnggc3R5bGU9J3ZlcmInPm1h
Yzwvc3Bhbng+IHRva2VuIHR5cGUgZGVmaW5lZCBpbgogICAgICAgICAgICA8eHJlZiB0YXJnZXQ9
J0ktRC5pZXRmLW9hdXRoLXYyLWh0dHAtbWFjJyAvPiBpcyB1dGlsaXplZCBieSBpc3N1aW5nIGEg
TUFDIGtleQogICAgICAgICAgICB0b2dldGhlciB3aXRoIHRoZSBhY2Nlc3MgdG9rZW4gd2hpY2gg
aXMgdXNlZCB0byBzaWduIGNlcnRhaW4gY29tcG9uZW50cyBvZiB0aGUgSFRUUAogICAgICAgICAg
ICByZXF1ZXN0czoKICAgICAgICAgIDwvcHJlYW1ibGU+CiAgICAgICAgICA8YXJ0d29yaz4KICAg
ICAgICAgICAgPCFbQ0RBVEFbCiAgR0VUIC9yZXNvdXJjZS8xIEhUVFAvMS4xCiAgSG9zdDogZXhh
bXBsZS5jb20KICBBdXRob3JpemF0aW9uOiBNQUMgaWQ9Img0ODBkanM5M2hkOCIsCiAgICAgICAg
ICAgICAgICAgICAgIG5vbmNlPSIyNzQzMTI6ZGo4M2hzOXMiLAogICAgICAgICAgICAgICAgICAg
ICBtYWM9ImtEWnZkZGtuZHh2aEdSWFpodnVEakVXaEdlRT0iCl1dPgogICAgICAgICAgPC9hcnR3
b3JrPgogICAgICAgIDwvZmlndXJlPgogICAgICAgIDx0PgogICAgICAgICAgVGhlIGFib3ZlIGV4
YW1wbGVzIGFyZSBwcm92aWRlZCBmb3IgaWxsdXN0cmF0aW9uIHB1cnBvc2VzIG9ubHkuIERldmVs
b3BlcnMgYXJlIGFkdmlzZWQgdG8KICAgICAgICAgIGNvbnN1bHQgdGhlIDx4cmVmIHRhcmdldD0n
SS1ELmlldGYtb2F1dGgtdjItYmVhcmVyJyAvPiBhbmQKICAgICAgICAgIDx4cmVmIHRhcmdldD0n
SS1ELmlldGYtb2F1dGgtdjItaHR0cC1tYWMnIC8+IHNwZWNpZmljYXRpb25zIGJlZm9yZSB1c2Uu
CiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgRWFjaCBhY2Nlc3MgdG9rZW4gdHlw
ZSBkZWZpbml0aW9uIHNwZWNpZmllcyB0aGUgYWRkaXRpb25hbCBhdHRyaWJ1dGVzIChpZiBhbnkp
IHNlbnQgdG8KICAgICAgICAgIHRoZSBjbGllbnQgdG9nZXRoZXIgd2l0aCB0aGUgPHNwYW54IHN0
eWxlPSd2ZXJiJz5hY2Nlc3NfdG9rZW48L3NwYW54PiByZXNwb25zZSBwYXJhbWV0ZXIuCiAgICAg
ICAgICBJdCBhbHNvIGRlZmluZXMgdGhlIEhUVFAgYXV0aGVudGljYXRpb24gbWV0aG9kIHVzZWQg
dG8gaW5jbHVkZSB0aGUgYWNjZXNzIHRva2VuIHdoZW4KICAgICAgICAgIG1ha2luZyBhIHByb3Rl
Y3RlZCByZXNvdXJjZSByZXF1ZXN0LgogICAgICAgIDwvdD4KICAgICAgPC9zZWN0aW9uPgoKICAg
ICAgPHNlY3Rpb24gdGl0bGU9J0Vycm9yIFJlc3BvbnNlJyBhbmNob3I9J3Jlc291cmNlLWVycm9y
cyc+Cgk8dD4KCSAgSWYgYSByZXNvdXJjZSBhY2Nlc3MgcmVxdWVzdCBmYWlscywgdGhlIHJlc291
cmNlIHNlcnZlciBTSE9VTEQgaW5mb3JtCgkgIHRoZSBjbGllbnQgb2YgdGhlIGVycm9yLiAgV2hp
bGUgdGhlIHNwZWNpZmljIGVycm9yIHJlc3BvbnNlcyBwb3NzaWJsZQoJICBhbmQgbWV0aG9kcyBm
b3IgdHJhbnNtaXR0aW5nIHRob3NlIGVycm9ycyB3aGVuIHVzaW5nIGFueSBwYXJ0aWN1bGFyCgkg
IGFjY2VzcyB0b2tlbiB0eXBlIGFyZSBiZXlvbmQgdGhlIHNjb3BlIG9mIHRoaXMgc3BlY2lmaWNh
dGlvbiwKCSAgYW55IGVycm9yIGNvZGVzIGRlZmluZWQgZm9yIHVzZSB3aXRoIE9BdXRoIHJlc291
cmNlIGFjY2VzcyBtZXRob2RzCgkgIE1VU1QgYmUgcmVnaXN0ZXJlZAoJICAoZm9sbG93aW5nIHRo
ZSBwcm9jZWR1cmVzIGluIDx4cmVmIHRhcmdldD0nZXJyb3ItcmVnaXN0cnknIC8+KS4KCTwvdD4K
ICAgICAgPC9zZWN0aW9uPgoKICAgIDwvc2VjdGlvbj4KCiAgICA8c2VjdGlvbiB0aXRsZT0nRXh0
ZW5zaWJpbGl0eScgYW5jaG9yPSdleHRlbnNpb25zJz4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSdE
ZWZpbmluZyBBY2Nlc3MgVG9rZW4gVHlwZXMnIGFuY2hvcj0nbmV3LXR5cGVzJz4KICAgICAgICA8
dD4KICAgICAgICAgIEFjY2VzcyB0b2tlbiB0eXBlcyBjYW4gYmUgZGVmaW5lZCBpbiBvbmUgb2Yg
dHdvIHdheXM6IHJlZ2lzdGVyZWQgaW4gdGhlIGFjY2VzcyB0b2tlbiB0eXBlCiAgICAgICAgICBy
ZWdpc3RyeSAoZm9sbG93aW5nIHRoZSBwcm9jZWR1cmVzIGluIDx4cmVmIHRhcmdldD0ndHlwZS1y
ZWdpc3RyeScgLz4pLCBvciBieSB1c2luZyBhCiAgICAgICAgICB1bmlxdWUgYWJzb2x1dGUgVVJJ
IGFzIGl0cyBuYW1lLgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIFR5cGVzIHV0
aWxpemluZyBhIFVSSSBuYW1lIFNIT1VMRCBiZSBsaW1pdGVkIHRvIHZlbmRvci1zcGVjaWZpYyBp
bXBsZW1lbnRhdGlvbnMgdGhhdCBhcmUKICAgICAgICAgIG5vdCBjb21tb25seSBhcHBsaWNhYmxl
LCBhbmQgYXJlIHNwZWNpZmljIHRvIHRoZSBpbXBsZW1lbnRhdGlvbiBkZXRhaWxzIG9mIHRoZSBy
ZXNvdXJjZQogICAgICAgICAgc2VydmVyIHdoZXJlIHRoZXkgYXJlIHVzZWQuCiAgICAgICAgPC90
PgogICAgICAgIDx0PgogICAgICAgICAgQWxsIG90aGVyIHR5cGVzIE1VU1QgYmUgcmVnaXN0ZXJl
ZC4gVHlwZSBuYW1lcyBNVVNUIGNvbmZvcm0gdG8gdGhlIHR5cGUtbmFtZSBBQk5GLiBJZiB0aGUK
ICAgICAgICAgIHR5cGUgZGVmaW5pdGlvbiBpbmNsdWRlcyBhIG5ldyBIVFRQIGF1dGhlbnRpY2F0
aW9uIHNjaGVtZSwgdGhlIHR5cGUgbmFtZSBTSE9VTEQgYmUKICAgICAgICAgIGlkZW50aWNhbCB0
byB0aGUgSFRUUCBhdXRoZW50aWNhdGlvbiBzY2hlbWUgbmFtZSAoYXMgZGVmaW5lZCBieSA8eHJl
ZiB0YXJnZXQ9J1JGQzI2MTcnIC8+KS4KICAgICAgICAgIFRoZSB0b2tlbiB0eXBlIDxzcGFueCBz
dHlsZT0ndmVyYic+ZXhhbXBsZTwvc3Bhbng+IGlzIHJlc2VydmVkIGZvciB1c2UgaW4gZXhhbXBs
ZXMuCiAgICAgICAgPC90PgogICAgICAgIDxmaWd1cmU+CiAgICAgICAgICA8YXJ0d29yaz4KICAg
ICAgICAgICAgPCFbQ0RBVEFbCiAgdHlwZS1uYW1lICA9IDEqbmFtZS1jaGFyCiAgbmFtZS1jaGFy
ICAgPSAiLSIgLyAiLiIgLyAiXyIgLyBESUdJVCAvIEFMUEhBCl1dPgogICAgICAgICAgPC9hcnR3
b3JrPgogICAgICAgIDwvZmlndXJlPgogICAgICA8L3NlY3Rpb24+CgogICAgICA8c2VjdGlvbiB0
aXRsZT0nRGVmaW5pbmcgTmV3IEVuZHBvaW50IFBhcmFtZXRlcnMnPgogICAgICAgIDx0PgogICAg
ICAgICAgTmV3IHJlcXVlc3Qgb3IgcmVzcG9uc2UgcGFyYW1ldGVycyBmb3IgdXNlIHdpdGggdGhl
IGF1dGhvcml6YXRpb24gZW5kcG9pbnQgb3IgdGhlIHRva2VuCiAgICAgICAgICBlbmRwb2ludCBh
cmUgZGVmaW5lZCBhbmQgcmVnaXN0ZXJlZCBpbiB0aGUgcGFyYW1ldGVycyByZWdpc3RyeSBmb2xs
b3dpbmcgdGhlIHByb2NlZHVyZSBpbgogICAgICAgICAgPHhyZWYgdGFyZ2V0PSdwYXJhbWV0ZXJz
LXJlZ2lzdHJ5JyAvPi4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBQYXJhbWV0
ZXIgbmFtZXMgTVVTVCBjb25mb3JtIHRvIHRoZSBwYXJhbS1uYW1lIEFCTkYgYW5kIHBhcmFtZXRl
ciB2YWx1ZXMgc3ludGF4IE1VU1QgYmUKICAgICAgICAgIHdlbGwtZGVmaW5lZCAoZS5nLiwgdXNp
bmcgQUJORiwgb3IgYSByZWZlcmVuY2UgdG8gdGhlIHN5bnRheCBvZiBhbiBleGlzdGluZyBwYXJh
bWV0ZXIpLgogICAgICAgIDwvdD4KICAgICAgICA8ZmlndXJlPgogICAgICAgICAgPGFydHdvcms+
CiAgICAgICAgICAgIDwhW0NEQVRBWwogIHBhcmFtLW5hbWUgID0gMSpuYW1lLWNoYXIKICBuYW1l
LWNoYXIgICA9ICItIiAvICIuIiAvICJfIiAvIERJR0lUIC8gQUxQSEEKXV0+CiAgICAgICAgICA8
L2FydHdvcms+CiAgICAgICAgPC9maWd1cmU+CiAgICAgICAgPHQ+CiAgICAgICAgICBVbnJlZ2lz
dGVyZWQgdmVuZG9yLXNwZWNpZmljIHBhcmFtZXRlciBleHRlbnNpb25zIHRoYXQgYXJlIG5vdCBj
b21tb25seSBhcHBsaWNhYmxlLCBhbmQKICAgICAgICAgIGFyZSBzcGVjaWZpYyB0byB0aGUgaW1w
bGVtZW50YXRpb24gZGV0YWlscyBvZiB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgd2hlcmUgdGhl
eSBhcmUKICAgICAgICAgIHVzZWQgU0hPVUxEIHV0aWxpemUgYSB2ZW5kb3Itc3BlY2lmaWMgcHJl
Zml4IHRoYXQgaXMgbm90IGxpa2VseSB0byBjb25mbGljdCB3aXRoIG90aGVyCiAgICAgICAgICBy
ZWdpc3RlcmVkIHZhbHVlcyAoZS5nLiBiZWdpbiB3aXRoICdjb21wYW55bmFtZV8nKS4KICAgICAg
ICA8L3Q+CiAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSdEZWZpbmluZyBO
ZXcgQXV0aG9yaXphdGlvbiBHcmFudCBUeXBlcyc+CiAgICAgICAgPHQ+CiAgICAgICAgICBOZXcg
YXV0aG9yaXphdGlvbiBncmFudCB0eXBlcyBjYW4gYmUgZGVmaW5lZCBieSBhc3NpZ25pbmcgdGhl
bSBhIHVuaXF1ZSBhYnNvbHV0ZSBVUkkgZm9yCiAgICAgICAgICB1c2Ugd2l0aCB0aGUgPHNwYW54
IHN0eWxlPSd2ZXJiJz5ncmFudF90eXBlPC9zcGFueD4gcGFyYW1ldGVyLiBJZiB0aGUgZXh0ZW5z
aW9uIGdyYW50CiAgICAgICAgICB0eXBlIHJlcXVpcmVzIGFkZGl0aW9uYWwgdG9rZW4gZW5kcG9p
bnQgcGFyYW1ldGVycywgdGhleSBNVVNUIGJlIHJlZ2lzdGVyZWQgaW4gdGhlIE9BdXRoCiAgICAg
ICAgICBwYXJhbWV0ZXJzIHJlZ2lzdHJ5IGFzIGRlc2NyaWJlZCBieSA8eHJlZiB0YXJnZXQ9J3Bh
cmFtZXRlcnMtcmVnaXN0cnknIC8+LgogICAgICAgIDwvdD4KICAgICAgPC9zZWN0aW9uPgoKICAg
ICAgPHNlY3Rpb24gdGl0bGU9J0RlZmluaW5nIE5ldyBBdXRob3JpemF0aW9uIEVuZHBvaW50IFJl
c3BvbnNlIFR5cGVzJyBhbmNob3I9J3Jlc3BvbnNlLXR5cGUtZXh0Jz4KICAgICAgICA8dD4KICAg
ICAgICAgIE5ldyByZXNwb25zZSB0eXBlcyBmb3IgdXNlIHdpdGggdGhlIGF1dGhvcml6YXRpb24g
ZW5kcG9pbnQgYXJlIGRlZmluZWQgYW5kIHJlZ2lzdGVyZWQgaW4KICAgICAgICAgIHRoZSBhdXRo
b3JpemF0aW9uIGVuZHBvaW50IHJlc3BvbnNlIHR5cGUgcmVnaXN0cnkgZm9sbG93aW5nIHRoZSBw
cm9jZWR1cmUgaW4KICAgICAgICAgIDx4cmVmIHRhcmdldD0ncmVzcG9uc2UtdHlwZS1yZWdpc3Ry
eScgLz4uIFJlc3BvbnNlIHR5cGUgbmFtZXMgTVVTVCBjb25mb3JtIHRvIHRoZQogICAgICAgICAg
cmVzcG9uc2UtdHlwZSBBQk5GLgogICAgICAgIDwvdD4KICAgICAgICA8ZmlndXJlPgogICAgICAg
ICAgPGFydHdvcms+CiAgICAgICAgICAgIDwhW0NEQVRBWwogIHJlc3BvbnNlLXR5cGUgID0gcmVz
cG9uc2UtbmFtZSAqKCBTUCByZXNwb25zZS1uYW1lICkKICByZXNwb25zZS1uYW1lICA9IDEqcmVz
cG9uc2UtY2hhcgogIHJlc3BvbnNlLWNoYXIgID0gIl8iIC8gRElHSVQgLyBBTFBIQQpdXT4KICAg
ICAgICAgIDwvYXJ0d29yaz4KICAgICAgICA8L2ZpZ3VyZT4KICAgICAgICA8dD4KICAgICAgICAg
IElmIGEgcmVzcG9uc2UgdHlwZSBjb250YWlucyBvbmUgb3IgbW9yZSBzcGFjZSBjaGFyYWN0ZXJz
ICgleDIwKSwgaXQgaXMgY29tcGFyZWQgYXMgYQogICAgICAgICAgc3BhY2UtZGVsaW1pdGVkIGxp
c3Qgb2YgdmFsdWVzIGluIHdoaWNoIHRoZSBvcmRlciBvZiB2YWx1ZXMgZG9lcyBub3QgbWF0dGVy
LiBPbmx5IG9uZQogICAgICAgICAgb3JkZXIgb2YgdmFsdWVzIGNhbiBiZSByZWdpc3RlcmVkLCB3
aGljaCBjb3ZlcnMgYWxsIG90aGVyIGFycmFuZ2VtZW50cyBvZiB0aGUgc2FtZSBzZXQgb2YKICAg
ICAgICAgIHZhbHVlcy4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBGb3IgZXhh
bXBsZSwgdGhlIHJlc3BvbnNlIHR5cGUgPHNwYW54IHN0eWxlPSd2ZXJiJz50b2tlbiBjb2RlPC9z
cGFueD4gaXMgbGVmdCB1bmRlZmluZWQKICAgICAgICAgIGJ5IHRoaXMgc3BlY2lmaWNhdGlvbi4g
SG93ZXZlciwgYW4gZXh0ZW5zaW9uIGNhbiBkZWZpbmUgYW5kIHJlZ2lzdGVyIHRoZQogICAgICAg
ICAgPHNwYW54IHN0eWxlPSd2ZXJiJz50b2tlbiBjb2RlPC9zcGFueD4gcmVzcG9uc2UgdHlwZS4g
T25jZSByZWdpc3RlcmVkLCB0aGUgc2FtZQogICAgICAgICAgY29tYmluYXRpb24gY2Fubm90IGJl
IHJlZ2lzdGVyZWQgYXMgPHNwYW54IHN0eWxlPSd2ZXJiJz5jb2RlIHRva2VuPC9zcGFueD4sIGJ1
dCBib3RoCiAgICAgICAgICB2YWx1ZXMgY2FuIGJlIHVzZWQgdG8gZGVub3RlIHRoZSBzYW1lIHJl
c3BvbnNlIHR5cGUuCiAgICAgICAgPC90PgogICAgICA8L3NlY3Rpb24+CgogICAgICA8c2VjdGlv
biB0aXRsZT0nRGVmaW5pbmcgQWRkaXRpb25hbCBFcnJvciBDb2RlcycgYW5jaG9yPSduZXctZXJy
b3JzJz4KICAgICAgICA8dD4KICAgICAgICAgIEluIGNhc2VzIHdoZXJlIHByb3RvY29sIGV4dGVu
c2lvbnMgKGkuZS4gYWNjZXNzIHRva2VuIHR5cGVzLCBleHRlbnNpb24gcGFyYW1ldGVycywgb3IK
ICAgICAgICAgIGV4dGVuc2lvbiBncmFudCB0eXBlcykgcmVxdWlyZSBhZGRpdGlvbmFsIGVycm9y
IGNvZGVzIHRvIGJlIHVzZWQgd2l0aCB0aGUgYXV0aG9yaXphdGlvbgogICAgICAgICAgY29kZSBn
cmFudCBlcnJvciByZXNwb25zZSAoPHhyZWYgdGFyZ2V0PSdjb2RlLWF1dGh6LWVycm9yJyAvPiks
IHRoZSBpbXBsaWNpdCBncmFudCBlcnJvcgogICAgICAgICAgcmVzcG9uc2UgKDx4cmVmIHRhcmdl
dD0naW1wbGljaXQtYXV0aHotZXJyb3InIC8+KSwgdGhlIHRva2VuIGVycm9yIHJlc3BvbnNlCiAg
ICAgICAgICAoPHhyZWYgdGFyZ2V0PSd0b2tlbi1lcnJvcnMnIC8+KSwKCSAgb3IgdGhlIHJlc291
cmNlIGFjY2VzcyBlcnJvciByZXNwb25zZSAoPHhyZWYgdGFyZ2V0PSdyZXNvdXJjZS1lcnJvcnMn
IC8+KSwKCSAgc3VjaCBlcnJvciBjb2RlcyBNQVkgYmUgZGVmaW5lZC4KICAgICAgICA8L3Q+CiAg
ICAgICAgPHQ+CiAgICAgICAgICBFeHRlbnNpb24gZXJyb3IgY29kZXMgTVVTVCBiZSByZWdpc3Rl
cmVkIChmb2xsb3dpbmcgdGhlIHByb2NlZHVyZXMgaW4KICAgICAgICAgIDx4cmVmIHRhcmdldD0n
ZXJyb3ItcmVnaXN0cnknIC8+KSBpZiB0aGUgZXh0ZW5zaW9uIHRoZXkgYXJlIHVzZWQgaW4gY29u
anVuY3Rpb24gd2l0aCBpcwogICAgICAgICAgYSByZWdpc3RlcmVkIGFjY2VzcyB0b2tlbiB0eXBl
LCBhIHJlZ2lzdGVyZWQgZW5kcG9pbnQgcGFyYW1ldGVyLCBvciBhbiBleHRlbnNpb24gZ3JhbnQK
ICAgICAgICAgIHR5cGUuIEVycm9yIGNvZGVzIHVzZWQgd2l0aCB1bnJlZ2lzdGVyZWQgZXh0ZW5z
aW9ucyBNQVkgYmUgcmVnaXN0ZXJlZC4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAg
ICBFcnJvciBjb2RlcyBNVVNUIGNvbmZvcm0gdG8gdGhlIGVycm9yLWNvZGUgQUJORiwgYW5kIFNI
T1VMRCBiZSBwcmVmaXhlZCBieSBhbiBpZGVudGlmeWluZwogICAgICAgICAgbmFtZSB3aGVuIHBv
c3NpYmxlLiBGb3IgZXhhbXBsZSwgYW4gZXJyb3IgaWRlbnRpZnlpbmcgYW4gaW52YWxpZCB2YWx1
ZSBzZXQgdG8gdGhlCiAgICAgICAgICBleHRlbnNpb24gcGFyYW1ldGVyIDxzcGFueCBzdHlsZT0n
dmVyYic+ZXhhbXBsZTwvc3Bhbng+IFNIT1VMRCBiZSBuYW1lZAogICAgICAgICAgPHNwYW54IHN0
eWxlPSd2ZXJiJz5leGFtcGxlX2ludmFsaWQ8L3NwYW54Pi4KICAgICAgICA8L3Q+CiAgICAgICAg
PGZpZ3VyZT4KICAgICAgICAgIDxhcnR3b3JrPgogICAgICAgICAgICA8IVtDREFUQVsKICBlcnJv
ci1jb2RlICAgPSBBTFBIQSAqZXJyb3ItY2hhcgogIGVycm9yLWNoYXIgICA9ICItIiAvICIuIiAv
ICJfIiAvIERJR0lUIC8gQUxQSEEKXV0+CiAgICAgICAgICA8L2FydHdvcms+CiAgICAgICAgPC9m
aWd1cmU+CiAgICAgIDwvc2VjdGlvbj4KCiAgICA8L3NlY3Rpb24+CgogICAgPHNlY3Rpb24gdGl0
bGU9J05hdGl2ZSBBcHBsaWNhdGlvbnMnPgogICAgICA8dD4KICAgICAgICBOYXRpdmUgYXBwbGlj
YXRpb25zIGFyZSBjbGllbnRzIGluc3RhbGxlZCBhbmQgZXhlY3V0ZWQgb24gdGhlIGRldmljZSB1
c2VkIGJ5IHRoZSByZXNvdXJjZQogICAgICAgIG93bmVyIChpLmUuIGRlc2t0b3AgYXBwbGljYXRp
b24sIG5hdGl2ZSBtb2JpbGUgYXBwbGljYXRpb24pLiBOYXRpdmUgYXBwbGljYXRpb25zIHJlcXVp
cmUKICAgICAgICBzcGVjaWFsIGNvbnNpZGVyYXRpb24gcmVsYXRlZCB0byBzZWN1cml0eSwgcGxh
dGZvcm0gY2FwYWJpbGl0aWVzLCBhbmQgb3ZlcmFsbCBlbmQtdXNlcgogICAgICAgIGV4cGVyaWVu
Y2UuCiAgICAgIDwvdD4KICAgICAgPHQ+CiAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gZW5kcG9p
bnQgcmVxdWlyZXMgaW50ZXJhY3Rpb24gYmV0d2VlbiB0aGUgY2xpZW50IGFuZCB0aGUgcmVzb3Vy
Y2UKICAgICAgICBvd25lcidzIHVzZXItYWdlbnQuIE5hdGl2ZSBhcHBsaWNhdGlvbnMgY2FuIGlu
dm9rZSBhbiBleHRlcm5hbCB1c2VyLWFnZW50IG9yIGVtYmVkIGEKICAgICAgICB1c2VyLWFnZW50
IHdpdGhpbiB0aGUgYXBwbGljYXRpb24uIEZvciBleGFtcGxlOgogICAgICA8L3Q+CiAgICAgIDx0
PgogICAgICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4KICAgICAgICAgIDx0PgogICAgICAgICAg
ICBFeHRlcm5hbCB1c2VyLWFnZW50IC0gdGhlIG5hdGl2ZSBhcHBsaWNhdGlvbiBjYW4gY2FwdHVy
ZSB0aGUgcmVzcG9uc2UgZnJvbSB0aGUKICAgICAgICAgICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIg
dXNpbmcgYSByZWRpcmVjdGlvbiBVUkkgd2l0aCBhIHNjaGVtZSByZWdpc3RlcmVkIHdpdGggdGhl
CiAgICAgICAgICAgIG9wZXJhdGluZyBzeXN0ZW0gdG8gaW52b2tlIHRoZSBjbGllbnQgYXMgdGhl
IGhhbmRsZXIsIG1hbnVhbCBjb3B5LWFuZC1wYXN0ZSBvZiB0aGUKICAgICAgICAgICAgY3JlZGVu
dGlhbHMsIHJ1bm5pbmcgYSBsb2NhbCB3ZWIgc2VydmVyLCBpbnN0YWxsaW5nIGEgdXNlci1hZ2Vu
dCBleHRlbnNpb24sIG9yIGJ5CiAgICAgICAgICAgIHByb3ZpZGluZyBhIHJlZGlyZWN0aW9uIFVS
SSBpZGVudGlmeWluZyBhIHNlcnZlci1ob3N0ZWQgcmVzb3VyY2UgdW5kZXIgdGhlIGNsaWVudCdz
CiAgICAgICAgICAgIGNvbnRyb2wsIHdoaWNoIGluIHR1cm4gbWFrZXMgdGhlIHJlc3BvbnNlIGF2
YWlsYWJsZSB0byB0aGUgbmF0aXZlIGFwcGxpY2F0aW9uLgogICAgICAgICAgPC90PgogICAgICAg
ICAgPHQ+CiAgICAgICAgICAgIEVtYmVkZGVkIHVzZXItYWdlbnQgLSB0aGUgbmF0aXZlIGFwcGxp
Y2F0aW9uIG9idGFpbnMgdGhlIHJlc3BvbnNlIGJ5IGRpcmVjdGx5CiAgICAgICAgICAgIGNvbW11
bmljYXRpbmcgd2l0aCB0aGUgZW1iZWRkZWQgdXNlci1hZ2VudCBieSBtb25pdG9yaW5nIHN0YXRl
IGNoYW5nZXMgZW1pdHRlZCBkdXJpbmcKICAgICAgICAgICAgdGhlIHJlc291cmNlIGxvYWQsIG9y
IGFjY2Vzc2luZyB0aGUgdXNlci1hZ2VudCdzIGNvb2tpZXMgc3RvcmFnZS4KICAgICAgICAgIDwv
dD4KICAgICAgICA8L2xpc3Q+CiAgICAgIDwvdD4KICAgICAgPHQ+CiAgICAgICAgV2hlbiBjaG9v
c2luZyBiZXR3ZWVuIGFuIGV4dGVybmFsIG9yIGVtYmVkZGVkIHVzZXItYWdlbnQsIGRldmVsb3Bl
cnMgc2hvdWxkIGNvbnNpZGVyOgogICAgICA8L3Q+CiAgICAgIDx0PgogICAgICAgIDxsaXN0IHN0
eWxlPSdzeW1ib2xzJz4KICAgICAgICAgIDx0PgogICAgICAgICAgICBBbiBFeHRlcm5hbCB1c2Vy
LWFnZW50IG1heSBpbXByb3ZlIGNvbXBsZXRpb24gcmF0ZSBhcyB0aGUgcmVzb3VyY2Ugb3duZXIg
bWF5IGFscmVhZHkgaGF2ZQogICAgICAgICAgICBhbiBhY3RpdmUgc2Vzc2lvbiB3aXRoIHRoZSBh
dXRob3JpemF0aW9uIHNlcnZlciByZW1vdmluZyB0aGUgbmVlZCB0byByZS1hdXRoZW50aWNhdGUu
IEl0CiAgICAgICAgICAgIHByb3ZpZGVzIGEgZmFtaWxpYXIgZW5kLXVzZXIgZXhwZXJpZW5jZSBh
bmQgZnVuY3Rpb25hbGl0eS4gVGhlIHJlc291cmNlIG93bmVyIG1heSBhbHNvCiAgICAgICAgICAg
IHJlbHkgb24gdXNlci1hZ2VudCBmZWF0dXJlcyBvciBleHRlbnNpb25zIHRvIGFzc2lzdCB3aXRo
IGF1dGhlbnRpY2F0aW9uIChlLmcuIHBhc3N3b3JkCiAgICAgICAgICAgIG1hbmFnZXIsIDItZmFj
dG9yIGRldmljZSByZWFkZXIpLgogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAg
ICAgIEFuIGVtYmVkZGVkIHVzZXItYWdlbnQgbWF5IG9mZmVyIGltcHJvdmVkIHVzYWJpbGl0eSwg
YXMgaXQgcmVtb3ZlcyB0aGUgbmVlZCB0byBzd2l0Y2gKICAgICAgICAgICAgY29udGV4dCBhbmQg
b3BlbiBuZXcgd2luZG93cy4KICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAg
ICBBbiBlbWJlZGRlZCB1c2VyLWFnZW50IHBvc2VzIGEgc2VjdXJpdHkgY2hhbGxlbmdlIGJlY2F1
c2UgcmVzb3VyY2Ugb3duZXJzIGFyZQogICAgICAgICAgICBhdXRoZW50aWNhdGluZyBpbiBhbiB1
bmlkZW50aWZpZWQgd2luZG93IHdpdGhvdXQgYWNjZXNzIHRvIHRoZSB2aXN1YWwgcHJvdGVjdGlv
bnMgZm91bmQKICAgICAgICAgICAgaW4gbW9zdCBleHRlcm5hbCB1c2VyLWFnZW50cy4gQW4gZW1i
ZWRkZWQgdXNlci1hZ2VudCBlZHVjYXRlcyBlbmQtdXNlcnMgdG8gdHJ1c3QKICAgICAgICAgICAg
dW5pZGVudGlmaWVkIHJlcXVlc3RzIGZvciBhdXRoZW50aWNhdGlvbiAobWFraW5nIHBoaXNoaW5n
IGF0dGFja3MgZWFzaWVyIHRvIGV4ZWN1dGUpLgogICAgICAgICAgPC90PgogICAgICAgIDwvbGlz
dD4KICAgICAgPC90PgogICAgICA8dD4KICAgICAgICBXaGVuIGNob29zaW5nIGJldHdlZW4gdGhl
IGltcGxpY2l0IGdyYW50IHR5cGUgYW5kIHRoZSBhdXRob3JpemF0aW9uIGNvZGUgZ3JhbnQgdHlw
ZSwgdGhlCiAgICAgICAgZm9sbG93aW5nIHNob3VsZCBiZSBjb25zaWRlcmVkOgogICAgICA8L3Q+
CiAgICAgIDx0PgogICAgICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4KICAgICAgICAgIDx0Pgog
ICAgICAgICAgICBOYXRpdmUgYXBwbGljYXRpb25zIHRoYXQgdXNlIHRoZSBhdXRob3JpemF0aW9u
IGNvZGUgZ3JhbnQgdHlwZSBTSE9VTEQgZG8gc28gd2l0aG91dAogICAgICAgICAgICB1c2luZyBj
bGllbnQgY3JlZGVudGlhbHMsIGR1ZSB0byB0aGUgbmF0aXZlIGFwcGxpY2F0aW9uJ3MgaW5hYmls
aXR5IHRvIGtlZXAgY2xpZW50CiAgICAgICAgICAgIGNyZWRlbnRpYWxzIGNvbmZpZGVudGlhbC4K
ICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAgICBXaGVuIHVzaW5nIHRoZSBp
bXBsaWNpdCBncmFudCB0eXBlIGZsb3cgYSByZWZyZXNoIHRva2VuIGlzIG5vdCByZXR1cm5lZCB3
aGljaCByZXF1aXJlcwogICAgICAgICAgICByZXBlYXRpbmcgdGhlIGF1dGhvcml6YXRpb24gcHJv
Y2VzcyBvbmNlIHRoZSBhY2Nlc3MgdG9rZW4gZXhwaXJlcy4KICAgICAgICAgIDwvdD4KICAgICAg
ICA8L2xpc3Q+CiAgICAgIDwvdD4KICAgIDwvc2VjdGlvbj4KCiAgICA8c2VjdGlvbiB0aXRsZT0n
U2VjdXJpdHkgQ29uc2lkZXJhdGlvbnMnPgogICAgICA8dD4KICAgICAgICBBcyBhIGZsZXhpYmxl
IGFuZCBleHRlbnNpYmxlIGZyYW1ld29yaywgT0F1dGgncyBzZWN1cml0eSBjb25zaWRlcmF0aW9u
cyBkZXBlbmQgb24gbWFueQogICAgICAgIGZhY3RvcnMuIFRoZSBmb2xsb3dpbmcgc2VjdGlvbnMg
cHJvdmlkZSBpbXBsZW1lbnRlcnMgd2l0aCBzZWN1cml0eSBndWlkZWxpbmVzIGZvY3VzZWQgb24K
ICAgICAgICB0aGUgdGhyZWUgY2xpZW50IHByb2ZpbGVzIGRlc2NyaWJlZCBpbiA8eHJlZiB0YXJn
ZXQ9J2NsaWVudC10eXBlcycgLz46IHdlYiBhcHBsaWNhdGlvbiwKICAgICAgICB1c2VyLWFnZW50
LWJhc2VkIGFwcGxpY2F0aW9uLCBhbmQgbmF0aXZlIGFwcGxpY2F0aW9uLgogICAgICA8L3Q+CiAg
ICAgIDx0PgogICAgICAgIEEgY29tcHJlaGVuc2l2ZSBPQXV0aCBzZWN1cml0eSBtb2RlbCBhbmQg
YW5hbHlzaXMsIGFzIHdlbGwgYXMgYmFja2dyb3VuZCBmb3IgdGhlIHByb3RvY29sCiAgICAgICAg
ZGVzaWduIGlzIHByb3ZpZGVkIGJ5IDx4cmVmIHRhcmdldD0nSS1ELmlldGYtb2F1dGgtdjItdGhy
ZWF0bW9kZWwnIC8+LgogICAgICA8L3Q+CgogICAgICA8c2VjdGlvbiB0aXRsZT0nQ2xpZW50IEF1
dGhlbnRpY2F0aW9uJz4KICAgICAgICA8dD4KICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNl
cnZlciBlc3RhYmxpc2hlcyBjbGllbnQgY3JlZGVudGlhbHMgd2l0aCB3ZWIgYXBwbGljYXRpb24g
Y2xpZW50cyBmb3IKICAgICAgICAgIHRoZSBwdXJwb3NlIG9mIGNsaWVudCBhdXRoZW50aWNhdGlv
bi4gVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGlzIGVuY291cmFnZWQgdG8gY29uc2lkZXIKICAg
ICAgICAgIHN0cm9uZ2VyIGNsaWVudCBhdXRoZW50aWNhdGlvbiBtZWFucyB0aGFuIGEgY2xpZW50
IHBhc3N3b3JkLiBXZWIgYXBwbGljYXRpb24gY2xpZW50cyBNVVNUCiAgICAgICAgICBlbnN1cmUg
Y29uZmlkZW50aWFsaXR5IG9mIGNsaWVudCBwYXNzd29yZHMgYW5kIG90aGVyIGNsaWVudCBjcmVk
ZW50aWFscy4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUgYXV0aG9yaXph
dGlvbiBzZXJ2ZXIgTVVTVCBOT1QgaXNzdWUgY2xpZW50IHBhc3N3b3JkcyBvciBvdGhlciBjbGll
bnQgY3JlZGVudGlhbHMgdG8KICAgICAgICAgIG5hdGl2ZSBhcHBsaWNhdGlvbiBvciB1c2VyLWFn
ZW50LWJhc2VkIGFwcGxpY2F0aW9uIGNsaWVudHMgZm9yIHRoZSBwdXJwb3NlIG9mIGNsaWVudAog
ICAgICAgICAgYXV0aGVudGljYXRpb24uIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNQVkgaXNz
dWUgYSBjbGllbnQgcGFzc3dvcmQgb3Igb3RoZXIgY3JlZGVudGlhbHMKICAgICAgICAgIGZvciBh
IHNwZWNpZmljIGluc3RhbGxhdGlvbiBvZiBhIG5hdGl2ZSBhcHBsaWNhdGlvbiBjbGllbnQgb24g
YSBzcGVjaWZpYyBkZXZpY2UuCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgV2hl
biBjbGllbnQgYXV0aGVudGljYXRpb24gaXMgbm90IHBvc3NpYmxlLCB0aGUgYXV0aG9yaXphdGlv
biBzZXJ2ZXIgU0hPVUxEIGVtcGxveSBvdGhlcgogICAgICAgICAgbWVhbnMgdG8gdmFsaWRhdGUg
dGhlIGNsaWVudCdzIGlkZW50aXR5LiBGb3IgZXhhbXBsZSwgYnkgcmVxdWlyaW5nIHRoZSByZWdp
c3RyYXRpb24gb2YKICAgICAgICAgIHRoZSBjbGllbnQgcmVkaXJlY3Rpb24gVVJJIG9yIGVubGlz
dGluZyB0aGUgcmVzb3VyY2Ugb3duZXIgdG8gY29uZmlybSBpZGVudGl0eS4gQSB2YWxpZAogICAg
ICAgICAgcmVkaXJlY3Rpb24gVVJJIGlzIG5vdCBzdWZmaWNpZW50IHRvIHZlcmlmeSB0aGUgY2xp
ZW50J3MgaWRlbnRpdHkgd2hlbiBhc2tpbmcgZm9yCiAgICAgICAgICByZXNvdXJjZSBvd25lciBh
dXRob3JpemF0aW9uLCBidXQgY2FuIGJlIHVzZWQgdG8gcHJldmVudCBkZWxpdmVyaW5nIGNyZWRl
bnRpYWxzIHRvIGEKICAgICAgICAgIGNvdW50ZXJmZWl0IGNsaWVudCBhZnRlciBvYnRhaW5pbmcg
cmVzb3VyY2Ugb3duZXIgYXV0aG9yaXphdGlvbi4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAg
ICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgbXVzdCBjb25zaWRlciB0aGUgc2VjdXJp
dHkgaW1wbGljYXRpb25zIG9mIGludGVyYWN0aW5nIHdpdGgKICAgICAgICAgIHVuYXV0aGVudGlj
YXRlZCBjbGllbnRzIGFuZCB0YWtlIG1lYXN1cmVzIHRvIGxpbWl0IHRoZSBwb3RlbnRpYWwgZXhw
b3N1cmUgb2Ygb3RoZXIKICAgICAgICAgIGNyZWRlbnRpYWxzIChlLmcuIHJlZnJlc2ggdG9rZW5z
KSBpc3N1ZWQgdG8gc3VjaCBjbGllbnRzLgogICAgICAgIDwvdD4KICAgICAgPC9zZWN0aW9uPgoK
ICAgICAgPHNlY3Rpb24gdGl0bGU9J0NsaWVudCBJbXBlcnNvbmF0aW9uJz4KICAgICAgICA8dD4K
ICAgICAgICAgIEEgbWFsaWNpb3VzIGNsaWVudCBjYW4gaW1wZXJzb25hdGUgYW5vdGhlciBjbGll
bnQgYW5kIG9idGFpbiBhY2Nlc3MgdG8gcHJvdGVjdGVkCiAgICAgICAgICByZXNvdXJjZXMsIGlm
IHRoZSBpbXBlcnNvbmF0ZWQgY2xpZW50IGZhaWxzIHRvLCBvciBpcyB1bmFibGUgdG8sIGtlZXAg
aXRzIGNsaWVudAogICAgICAgICAgY3JlZGVudGlhbHMgY29uZmlkZW50aWFsLgogICAgICAgIDwv
dD4KICAgICAgICA8dD4KICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIGF1
dGhlbnRpY2F0ZSB0aGUgY2xpZW50IHdoZW5ldmVyIHBvc3NpYmxlLiBJZiB0aGUKICAgICAgICAg
IGF1dGhvcml6YXRpb24gc2VydmVyIGNhbm5vdCBhdXRoZW50aWNhdGUgdGhlIGNsaWVudCBkdWUg
dG8gdGhlIGNsaWVudCdzIG5hdHVyZSwgdGhlCiAgICAgICAgICBhdXRob3JpemF0aW9uIHNlcnZl
ciBNVVNUIHJlcXVpcmUgdGhlIHJlZ2lzdHJhdGlvbiBvZiBhbnkgcmVkaXJlY3Rpb24gVVJJIHVz
ZWQgZm9yCiAgICAgICAgICByZWNlaXZpbmcgYXV0aG9yaXphdGlvbiByZXNwb25zZXMsIGFuZCBT
SE9VTEQgdXRpbGl6ZSBvdGhlciBtZWFucyB0byBwcm90ZWN0IHJlc291cmNlCiAgICAgICAgICBv
d25lcnMgZnJvbSBzdWNoIHBvdGVudGlhbGx5IG1hbGljaW91cyBjbGllbnRzLiBGb3IgZXhhbXBs
ZSwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyCiAgICAgICAgICBjYW4gZW5nYWdlIHRoZSByZXNv
dXJjZSBvd25lciB0byBhc3Npc3QgaW4gaWRlbnRpZnlpbmcgdGhlIGNsaWVudCBhbmQgaXRzIG9y
aWdpbi4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUgYXV0aG9yaXphdGlv
biBzZXJ2ZXIgU0hPVUxEIGVuZm9yY2UgZXhwbGljaXQgcmVzb3VyY2Ugb3duZXIgYXV0aGVudGlj
YXRpb24gYW5kCiAgICAgICAgICBwcm92aWRlIHRoZSByZXNvdXJjZSBvd25lciB3aXRoIGluZm9y
bWF0aW9uIGFib3V0IHRoZSBjbGllbnQgYW5kIHRoZSByZXF1ZXN0ZWQKICAgICAgICAgIGF1dGhv
cml6YXRpb24gc2NvcGUgYW5kIGxpZmV0aW1lLiBJdCBpcyB1cCB0byB0aGUgcmVzb3VyY2Ugb3du
ZXIgdG8gcmV2aWV3IHRoZQogICAgICAgICAgaW5mb3JtYXRpb24gaW4gdGhlIGNvbnRleHQgb2Yg
dGhlIGN1cnJlbnQgY2xpZW50LCBhbmQgYXV0aG9yaXplIG9yIGRlbnkgdGhlIHJlcXVlc3QuCiAg
ICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVy
IFNIT1VMRCBOT1QgcHJvY2VzcyByZXBlYXRlZCBhdXRob3JpemF0aW9uIHJlcXVlc3RzCiAgICAg
ICAgICBhdXRvbWF0aWNhbGx5ICh3aXRob3V0IGFjdGl2ZSByZXNvdXJjZSBvd25lciBpbnRlcmFj
dGlvbikgd2l0aG91dCBhdXRoZW50aWNhdGluZyB0aGUKICAgICAgICAgIGNsaWVudCBvciByZWx5
aW5nIG9uIG90aGVyIG1lYXN1cmVzIHRvIGVuc3VyZSB0aGUgcmVwZWF0ZWQgcmVxdWVzdCBjb21l
cyBmcm9tIHRoZQogICAgICAgICAgb3JpZ2luYWwgY2xpZW50IGFuZCBub3QgYW4gaW1wZXJzb25h
dG9yLgogICAgICAgIDwvdD4KICAgICAgPC9zZWN0aW9uPgoKICAgICAgPHNlY3Rpb24gdGl0bGU9
J0FjY2VzcyBUb2tlbnMnPgogICAgICAgIDx0PgogICAgICAgICAgQWNjZXNzIHRva2VuIGNyZWRl
bnRpYWxzIChhcyB3ZWxsIGFzIGFueSBjb25maWRlbnRpYWwgYWNjZXNzIHRva2VuIGF0dHJpYnV0
ZXMpIE1VU1QgYmUKICAgICAgICAgIGtlcHQgY29uZmlkZW50aWFsIGluIHRyYW5zaXQgYW5kIHN0
b3JhZ2UsIGFuZCBvbmx5IHNoYXJlZCBhbW9uZyB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIsCiAg
ICAgICAgICB0aGUgcmVzb3VyY2Ugc2VydmVycyB0aGUgYWNjZXNzIHRva2VuIGlzIHZhbGlkIGZv
ciwgYW5kIHRoZSBjbGllbnQgdG8gd2hvbSB0aGUgYWNjZXNzCiAgICAgICAgICB0b2tlbiBpcyBp
c3N1ZWQuIEFjY2VzcyB0b2tlbiBjcmVkZW50aWFscyBNVVNUIG9ubHkgYmUgdHJhbnNtaXR0ZWQg
dXNpbmcgVExTIGFzIGRlc2NyaWJlZAogICAgICAgICAgaW4gPHhyZWYgdGFyZ2V0PSd0bHMnIC8+
IHdpdGggc2VydmVyIGF1dGhlbnRpY2F0aW9uIGFzIGRlZmluZWQgYnkKICAgICAgICAgIDx4cmVm
IHRhcmdldD0nUkZDMjgxOCcgLz4uCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAg
V2hlbiB1c2luZyB0aGUgaW1wbGljaXQgZ3JhbnQgdHlwZSwgdGhlIGFjY2VzcyB0b2tlbiBpcyB0
cmFuc21pdHRlZCBpbiB0aGUgVVJJIGZyYWdtZW50LAogICAgICAgICAgd2hpY2ggY2FuIGV4cG9z
ZSBpdCB0byB1bmF1dGhvcml6ZWQgcGFydGllcy4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAg
ICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBlbnN1cmUgdGhhdCBhY2Nlc3Mg
dG9rZW5zIGNhbm5vdCBiZSBnZW5lcmF0ZWQsIG1vZGlmaWVkLCBvcgogICAgICAgICAgZ3Vlc3Nl
ZCB0byBwcm9kdWNlIHZhbGlkIGFjY2VzcyB0b2tlbnMgYnkgdW5hdXRob3JpemVkIHBhcnRpZXMu
CiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgVGhlIGNsaWVudCBTSE9VTEQgcmVx
dWVzdCBhY2Nlc3MgdG9rZW5zIHdpdGggdGhlIG1pbmltYWwgc2NvcGUgbmVjZXNzYXJ5LiBUaGUK
ICAgICAgICAgIGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCB0YWtlIHRoZSBjbGllbnQgaWRl
bnRpdHkgaW50byBhY2NvdW50IHdoZW4gY2hvb3NpbmcgaG93CiAgICAgICAgICB0byBob25vciB0
aGUgcmVxdWVzdGVkIHNjb3BlLCBhbmQgTUFZIGlzc3VlIGFuIGFjY2VzcyB0b2tlbiB3aXRoIGEg
bGVzcyByaWdodHMgdGhhbgogICAgICAgICAgcmVxdWVzdGVkLgogICAgICAgIDwvdD4KICAgICAg
ICA8dD4KICAgICAgICAgIFRoaXMgc3BlY2lmaWNhdGlvbiBkb2VzIG5vdCBwcm92aWRlIGFueSBt
ZXRob2RzIGZvciB0aGUgcmVzb3VyY2Ugc2VydmVyIHRvIGVuc3VyZSB0aGF0IGFuCiAgICAgICAg
ICBhY2Nlc3MgdG9rZW4gcHJlc2VudGVkIHRvIGl0IGJ5IGEgZ2l2ZW4gY2xpZW50LCB3YXMgaXNz
dWVkIHRvIHRoZSB0aGF0IGNsaWVudCBieSB0aGUKICAgICAgICAgIGF1dGhvcml6YXRpb24gc2Vy
dmVyLgogICAgICAgIDwvdD4KICAgICAgPC9zZWN0aW9uPgoKICAgICAgPHNlY3Rpb24gdGl0bGU9
J1JlZnJlc2ggVG9rZW5zJz4KICAgICAgICA8dD4KICAgICAgICAgIEF1dGhvcml6YXRpb24gc2Vy
dmVycyBNQVkgaXNzdWUgcmVmcmVzaCB0b2tlbnMgdG8gd2ViIGFwcGxpY2F0aW9uIGNsaWVudHMg
YW5kIG5hdGl2ZQogICAgICAgICAgYXBwbGljYXRpb24gY2xpZW50cy4KICAgICAgICA8L3Q+CiAg
ICAgICAgPHQ+CiAgICAgICAgICBSZWZyZXNoIHRva2VucyBNVVNUIGJlIGtlcHQgY29uZmlkZW50
aWFsIGluIHRyYW5zaXQgYW5kIHN0b3JhZ2UsIGFuZCBzaGFyZWQgb25seSBhbW9uZwogICAgICAg
ICAgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGFuZCB0aGUgY2xpZW50IHRvIHdob20gdGhlIHJl
ZnJlc2ggdG9rZW5zIHdlcmUgaXNzdWVkLiBUaGUKICAgICAgICAgIGF1dGhvcml6YXRpb24gc2Vy
dmVyIE1VU1QgbWFpbnRhaW4gdGhlIGJpbmRpbmcgYmV0d2VlbiBhIHJlZnJlc2ggdG9rZW4gYW5k
IHRoZSBjbGllbnQgdG8KICAgICAgICAgIHdob20gaXQgd2FzIGlzc3VlZC4gUmVmcmVzaCB0b2tl
bnMgTVVTVCBvbmx5IGJlIHRyYW5zbWl0dGVkIHVzaW5nIFRMUyBhcyBkZXNjcmliZWQgaW4KICAg
ICAgICAgIDx4cmVmIHRhcmdldD0ndGxzJyAvPiB3aXRoIHNlcnZlciBhdXRoZW50aWNhdGlvbiBh
cyBkZWZpbmVkIGJ5IDx4cmVmIHRhcmdldD0nUkZDMjgxOCcgLz4uCiAgICAgICAgPC90PgogICAg
ICAgIDx0PgogICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgdmVyaWZ5IHRo
ZSBiaW5kaW5nIGJldHdlZW4gdGhlIHJlZnJlc2ggdG9rZW4gYW5kIGNsaWVudAogICAgICAgICAg
aWRlbnRpdHkgd2hlbmV2ZXIgdGhlIGNsaWVudCBpZGVudGl0eSBjYW4gYmUgYXV0aGVudGljYXRl
ZC4gV2hlbiBjbGllbnQgYXV0aGVudGljYXRpb24gaXMKICAgICAgICAgIG5vdCBwb3NzaWJsZSwg
dGhlIGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCBkZXBsb3kgb3RoZXIgbWVhbnMgdG8gZGV0
ZWN0IHJlZnJlc2ggdG9rZW4KICAgICAgICAgIGFidXNlLgogICAgICAgIDwvdD4KICAgICAgICA8
dD4KICAgICAgICAgIEZvciBleGFtcGxlLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgY291bGQg
ZW1wbG95IHJlZnJlc2ggdG9rZW4gcm90YXRpb24gaW4gd2hpY2ggYSBuZXcKICAgICAgICAgIHJl
ZnJlc2ggdG9rZW4gaXMgaXNzdWVkIHdpdGggZXZlcnkgYWNjZXNzIHRva2VuIHJlZnJlc2ggcmVz
cG9uc2UuIFRoZSBwcmV2aW91cyByZWZyZXNoCiAgICAgICAgICB0b2tlbiBpcyBpbnZhbGlkYXRl
ZCBidXQgcmV0YWluZWQgYnkgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLiBJZiBhIHJlZnJlc2gg
dG9rZW4gaXMKICAgICAgICAgIGNvbXByb21pc2VkIGFuZCBzdWJzZXF1ZW50bHkgdXNlZCBieSBi
b3RoIHRoZSBhdHRhY2tlciBhbmQgdGhlIGxlZ2l0aW1hdGUgY2xpZW50LCBvbmUgb2YKICAgICAg
ICAgIHRoZW0gd2lsbCBwcmVzZW50IGFuIGludmFsaWRhdGVkIHJlZnJlc2ggdG9rZW4gd2hpY2gg
d2lsbCBpbmZvcm0gdGhlIGF1dGhvcml6YXRpb24gc2VydmVyCiAgICAgICAgICBvZiB0aGUgYnJl
YWNoLgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9u
IHNlcnZlciBNVVNUIGVuc3VyZSB0aGF0IHJlZnJlc2ggdG9rZW5zIGNhbm5vdCBiZSBnZW5lcmF0
ZWQsIG1vZGlmaWVkLAogICAgICAgICAgb3IgZ3Vlc3NlZCB0byBwcm9kdWNlIHZhbGlkIHJlZnJl
c2ggdG9rZW5zIGJ5IHVuYXV0aG9yaXplZCBwYXJ0aWVzLgogICAgICAgIDwvdD4KICAgICAgPC9z
ZWN0aW9uPgoKICAgICAgPHNlY3Rpb24gdGl0bGU9J0F1dGhvcml6YXRpb24gQ29kZXMnPgogICAg
ICAgIDx0PgogICAgICAgICAgVGhlIHRyYW5zbWlzc2lvbiBvZiBhdXRob3JpemF0aW9uIGNvZGVz
IFNIT1VMRCBiZSBtYWRlIG92ZXIgYSBzZWN1cmUgY2hhbm5lbCwgYW5kIHRoZQogICAgICAgICAg
Y2xpZW50IFNIT1VMRCByZXF1aXJlIHRoZSB1c2Ugb2YgVExTIHdpdGggaXRzIHJlZGlyZWN0aW9u
IFVSSSBpZiB0aGUgVVJJIGlkZW50aWZpZXMgYQogICAgICAgICAgbmV0d29yayByZXNvdXJjZS4g
U2luY2UgYXV0aG9yaXphdGlvbiBjb2RlcyBhcmUgdHJhbnNtaXR0ZWQgdmlhIHVzZXItYWdlbnQg
cmVkaXJlY3Rpb25zLAogICAgICAgICAgdGhleSBjb3VsZCBwb3RlbnRpYWxseSBiZSBkaXNjbG9z
ZWQgdGhyb3VnaCB1c2VyLWFnZW50IGhpc3RvcnkgYW5kIEhUVFAgcmVmZXJyZXIgaGVhZGVycy4K
ICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBBdXRob3JpemF0aW9uIGNvZGVzIG9w
ZXJhdGUgYXMgcGxhaW50ZXh0IGJlYXJlciBjcmVkZW50aWFscywgdXNlZCB0byB2ZXJpZnkgdGhh
dCB0aGUKICAgICAgICAgIHJlc291cmNlIG93bmVyIHdobyBncmFudGVkIGF1dGhvcml6YXRpb24g
YXQgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGlzIHRoZSBzYW1lCiAgICAgICAgICByZXNvdXJj
ZSBvd25lciByZXR1cm5pbmcgdG8gdGhlIGNsaWVudCB0byBjb21wbGV0ZSB0aGUgcHJvY2Vzcy4g
VGhlcmVmb3JlLCBpZiB0aGUgY2xpZW50CiAgICAgICAgICByZWxpZXMgb24gdGhlIGF1dGhvcml6
YXRpb24gY29kZSBmb3IgaXRzIG93biByZXNvdXJjZSBvd25lciBhdXRoZW50aWNhdGlvbiwgdGhl
IGNsaWVudAogICAgICAgICAgcmVkaXJlY3Rpb24gZW5kcG9pbnQgTVVTVCByZXF1aXJlIHRoZSB1
c2Ugb2YgVExTLgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIEF1dGhvcml6YXRp
b24gY29kZXMgTVVTVCBiZSBzaG9ydCBsaXZlZCBhbmQgc2luZ2xlIHVzZS4gSWYgdGhlIGF1dGhv
cml6YXRpb24gc2VydmVyCiAgICAgICAgICBvYnNlcnZlcyBtdWx0aXBsZSBhdHRlbXB0cyB0byBl
eGNoYW5nZSBhbiBhdXRob3JpemF0aW9uIGNvZGUgZm9yIGFuIGFjY2VzcyB0b2tlbiwgdGhlCiAg
ICAgICAgICBhdXRob3JpemF0aW9uIHNlcnZlciBTSE9VTEQgYXR0ZW1wdCB0byByZXZva2UgYWxs
IGFjY2VzcyB0b2tlbnMgYWxyZWFkeSBncmFudGVkIGJhc2VkIG9uCiAgICAgICAgICB0aGUgY29t
cHJvbWlzZWQgYXV0aG9yaXphdGlvbiBjb2RlLgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAg
ICAgICAgIElmIHRoZSBjbGllbnQgY2FuIGJlIGF1dGhlbnRpY2F0ZWQsIHRoZSBhdXRob3JpemF0
aW9uIHNlcnZlcnMgTVVTVCBhdXRoZW50aWNhdGUgdGhlCiAgICAgICAgICBjbGllbnQgYW5kIGVu
c3VyZSB0aGF0IHRoZSBhdXRob3JpemF0aW9uIGNvZGUgd2FzIGlzc3VlZCB0byB0aGUgc2FtZSBj
bGllbnQuCiAgICAgICAgPC90PgogICAgICA8L3NlY3Rpb24+CgogICAgICA8c2VjdGlvbiB0aXRs
ZT0nQXV0aG9yaXphdGlvbiBDb2RlIFJlZGlyZWN0aW9uIFVSSSBNYW5pcHVsYXRpb24nPgogICAg
ICAgIDx0PgogICAgICAgICAgV2hlbiByZXF1ZXN0aW5nIGF1dGhvcml6YXRpb24gdXNpbmcgdGhl
IGF1dGhvcml6YXRpb24gY29kZSBncmFudCB0eXBlLCB0aGUgY2xpZW50IGNhbgogICAgICAgICAg
c3BlY2lmeSBhIHJlZGlyZWN0aW9uIFVSSSB2aWEgdGhlIDxzcGFueCBzdHlsZT0ndmVyYic+cmVk
aXJlY3RfdXJpPC9zcGFueD4gcGFyYW1ldGVyLgogICAgICAgICAgSWYgYW4gYXR0YWNrZXIgY2Fu
IG1hbmlwdWxhdGUgdGhlIHZhbHVlIG9mIHRoZSByZWRpcmVjdGlvbiBVUkksIGl0IGNhbiBjYXVz
ZSB0aGUKICAgICAgICAgIGF1dGhvcml6YXRpb24gc2VydmVyIHRvIHJlZGlyZWN0IHRoZSByZXNv
dXJjZSBvd25lciB1c2VyLWFnZW50IHRvIGEgVVJJIHVuZGVyIHRoZSBjb250cm9sCiAgICAgICAg
ICBvZiB0aGUgYXR0YWNrZXIgd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBjb2RlLgogICAgICAgIDwv
dD4KICAgICAgICA8dD4KICAgICAgICAgIEFuIGF0dGFja2VyIGNhbiBjcmVhdGUgYW4gYWNjb3Vu
dCBhdCBhIGxlZ2l0aW1hdGUgY2xpZW50IGFuZCBpbml0aWF0ZSB0aGUgYXV0aG9yaXphdGlvbgog
ICAgICAgICAgZmxvdy4gV2hlbiB0aGUgYXR0YWNrZXIncyB1c2VyLWFnZW50IGlzIHNlbnQgdG8g
dGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHRvIGdyYW50IGFjY2VzcywKICAgICAgICAgIHRoZSBh
dHRhY2tlciBncmFicyB0aGUgYXV0aG9yaXphdGlvbiBVUkkgcHJvdmlkZWQgYnkgdGhlIGxlZ2l0
aW1hdGUgY2xpZW50LCBhbmQgcmVwbGFjZXMKICAgICAgICAgIHRoZSBjbGllbnQncyByZWRpcmVj
dGlvbiBVUkkgd2l0aCBhIFVSSSB1bmRlciB0aGUgY29udHJvbCBvZiB0aGUgYXR0YWNrZXIuIFRo
ZSBhdHRhY2tlcgogICAgICAgICAgdGhlbiB0cmlja3MgdGhlIHZpY3RpbSBpbnRvIGZvbGxvd2lu
ZyB0aGUgbWFuaXB1bGF0ZWQgbGluayB0byBhdXRob3JpemUgYWNjZXNzIHRvIHRoZQogICAgICAg
ICAgbGVnaXRpbWF0ZSBjbGllbnQuCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAg
T25jZSBhdCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIsIHRoZSB2aWN0aW0gaXMgcHJvbXB0ZWQg
d2l0aCBhIG5vcm1hbCwgdmFsaWQgcmVxdWVzdCBvbgogICAgICAgICAgYmVoYWxmIG9mIGEgbGVn
aXRpbWF0ZSBhbmQgdHJ1c3RlZCBjbGllbnQsIGFuZCBhdXRob3JpemVzIHRoZSByZXF1ZXN0LiBU
aGUgdmljdGltIGlzCiAgICAgICAgICB0aGVuIHJlZGlyZWN0ZWQgdG8gYW4gZW5kcG9pbnQgdW5k
ZXIgdGhlIGNvbnRyb2wgb2YgdGhlIGF0dGFja2VyIHdpdGggdGhlIGF1dGhvcml6YXRpb24KICAg
ICAgICAgIGNvZGUuIFRoZSBhdHRhY2tlciBjb21wbGV0ZXMgdGhlIGF1dGhvcml6YXRpb24gZmxv
dyBieSBzZW5kaW5nIHRoZSBhdXRob3JpemF0aW9uIGNvZGUgdG8KICAgICAgICAgIHRoZSBjbGll
bnQgdXNpbmcgdGhlIG9yaWdpbmFsIHJlZGlyZWN0aW9uIFVSSSBwcm92aWRlZCBieSB0aGUgY2xp
ZW50LiBUaGUgY2xpZW50CiAgICAgICAgICBleGNoYW5nZXMgdGhlIGF1dGhvcml6YXRpb24gY29k
ZSB3aXRoIGFuIGFjY2VzcyB0b2tlbiBhbmQgbGlua3MgaXQgdG8gdGhlIGF0dGFja2VyJ3MKICAg
ICAgICAgIGNsaWVudCBhY2NvdW50IHdoaWNoIGNhbiBub3cgZ2FpbiBhY2Nlc3MgdG8gdGhlIHBy
b3RlY3RlZCByZXNvdXJjZXMgYXV0aG9yaXplZCBieSB0aGUKICAgICAgICAgIHZpY3RpbSAodmlh
IHRoZSBjbGllbnQpLgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIEluIG9yZGVy
IHRvIHByZXZlbnQgc3VjaCBhbiBhdHRhY2ssIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNU
IGVuc3VyZSB0aGF0IHRoZQogICAgICAgICAgcmVkaXJlY3Rpb24gVVJJIHVzZWQgdG8gb2J0YWlu
IHRoZSBhdXRob3JpemF0aW9uIGNvZGUgaXMgaWRlbnRpY2FsIHRvIHRoZSByZWRpcmVjdGlvbiBV
UkkKICAgICAgICAgIHByb3ZpZGVkIHdoZW4gZXhjaGFuZ2luZyB0aGUgYXV0aG9yaXphdGlvbiBj
b2RlIGZvciBhbiBhY2Nlc3MgdG9rZW4uIFRoZSBhdXRob3JpemF0aW9uCiAgICAgICAgICBzZXJ2
ZXIgTVVTVCByZXF1aXJlIHB1YmxpYyBjbGllbnRzIGFuZCBTSE9VTEQgcmVxdWlyZSBjb25maWRl
bnRpYWwgY2xpZW50cyB0byByZWdpc3RlcgogICAgICAgICAgdGhlaXIgcmVkaXJlY3Rpb24gVVJJ
cy4gSWYgYSByZWRpcmVjdGlvbiBVUkkgaXMgcHJvdmlkZWQgaW4gdGhlIHJlcXVlc3QsIHRoZQog
ICAgICAgICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCB2YWxpZGF0ZSBpdCBhZ2FpbnN0IHRo
ZSByZWdpc3RlcmVkIHZhbHVlLgogICAgICAgIDwvdD4KICAgICAgPC9zZWN0aW9uPgoKICAgICAg
PHNlY3Rpb24gdGl0bGU9J1Jlc291cmNlIE93bmVyIFBhc3N3b3JkIENyZWRlbnRpYWxzJz4KICAg
ICAgICA8dD4KICAgICAgICAgIFRoZSByZXNvdXJjZSBvd25lciBwYXNzd29yZCBjcmVkZW50aWFs
cyBncmFudCB0eXBlIGlzIG9mdGVuIHVzZWQgZm9yIGxlZ2FjeSBvciBtaWdyYXRpb24KICAgICAg
ICAgIHJlYXNvbnMuIEl0IHJlZHVjZXMgdGhlIG92ZXJhbGwgcmlzayBvZiBzdG9yaW5nIHVzZXJu
YW1lIGFuZCBwYXNzd29yZCBieSB0aGUgY2xpZW50LCBidXQKICAgICAgICAgIGRvZXMgbm90IGVs
aW1pbmF0ZSB0aGUgbmVlZCB0byBleHBvc2UgaGlnaGx5IHByaXZpbGVnZWQgY3JlZGVudGlhbHMg
dG8gdGhlIGNsaWVudC4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGlzIGdy
YW50IHR5cGUgY2FycmllcyBhIGhpZ2hlciByaXNrIHRoYW4gb3RoZXIgZ3JhbnQgdHlwZXMgYmVj
YXVzZSBpdCBtYWludGFpbnMgdGhlCiAgICAgICAgICBwYXNzd29yZCBhbnRpLXBhdHRlcm4gdGhp
cyBwcm90b2NvbCBzZWVrcyB0byBhdm9pZC4gVGhlIGNsaWVudCBjb3VsZCBhYnVzZSB0aGUgcGFz
c3dvcmQKICAgICAgICAgIG9yIHRoZSBwYXNzd29yZCBjb3VsZCB1bmludGVudGlvbmFsbHkgYmUg
ZGlzY2xvc2VkIHRvIGFuIGF0dGFja2VyIChlLmcuIHZpYSBsb2cgZmlsZXMgb3IKICAgICAgICAg
IG90aGVyIHJlY29yZHMga2VwdCBieSB0aGUgY2xpZW50KS4KICAgICAgICA8L3Q+CiAgICAgICAg
PHQ+CiAgICAgICAgICBBZGRpdGlvbmFsbHksIGJlY2F1c2UgdGhlIHJlc291cmNlIG93bmVyIGRv
ZXMgbm90IGhhdmUgY29udHJvbCBvdmVyIHRoZSBhdXRob3JpemF0aW9uCiAgICAgICAgICBwcm9j
ZXNzICh0aGUgcmVzb3VyY2Ugb3duZXIgaW52b2x2ZW1lbnQgZW5kcyB3aGVuIGl0IGhhbmRzIG92
ZXIgaXRzIGNyZWRlbnRpYWxzIHRvIHRoZQogICAgICAgICAgY2xpZW50KSwgdGhlIGNsaWVudCBj
YW4gb2J0YWluIGFjY2VzcyB0b2tlbnMgd2l0aCBhIGJyb2FkZXIgc2NvcGUgdGhhbiBkZXNpcmVk
IGJ5IHRoZQogICAgICAgICAgcmVzb3VyY2Ugb3duZXIuIFRoZSBhdXRob3JpemF0aW9uIHNlcnZl
ciBzaG91bGQgY29uc2lkZXIgdGhlIHNjb3BlIGFuZCBsaWZldGltZSBvZgogICAgICAgICAgYWNj
ZXNzIHRva2VucyBpc3N1ZWQgdmlhIHRoaXMgZ3JhbnQgdHlwZS4KICAgICAgICA8L3Q+CiAgICAg
ICAgPHQ+CiAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYW5kIGNsaWVudCBTSE9V
TEQgbWluaW1pemUgdXNlIG9mIHRoaXMgZ3JhbnQgdHlwZSBhbmQgdXRpbGl6ZQogICAgICAgICAg
b3RoZXIgZ3JhbnQgdHlwZXMgd2hlbmV2ZXIgcG9zc2libGUuCiAgICAgICAgPC90PgogICAgICA8
L3NlY3Rpb24+CgogICAgICA8c2VjdGlvbiB0aXRsZT0nUmVxdWVzdCBDb25maWRlbnRpYWxpdHkn
PgogICAgICAgIDx0PgogICAgICAgICAgQWNjZXNzIHRva2VucywgcmVmcmVzaCB0b2tlbnMsIHJl
c291cmNlIG93bmVyIHBhc3N3b3JkcywgYW5kIGNsaWVudCBjcmVkZW50aWFscyBNVVNUIE5PVAog
ICAgICAgICAgYmUgdHJhbnNtaXR0ZWQgaW4gdGhlIGNsZWFyLiBBdXRob3JpemF0aW9uIGNvZGVz
IFNIT1VMRCBOT1QgYmUgdHJhbnNtaXR0ZWQgaW4gdGhlIGNsZWFyLgogICAgICAgIDwvdD4KICAg
ICAgICA8dD4KICAgICAgICAgIFRoZSA8c3Bhbnggc3R5bGU9J3ZlcmInPnN0YXRlPC9zcGFueD4g
YW5kIDxzcGFueCBzdHlsZT0ndmVyYic+c2NvcGU8L3NwYW54PiBwYXJhbWV0ZXJzCiAgICAgICAg
ICBTSE9VTEQgTk9UIGluY2x1ZGUgc2Vuc2l0aXZlIGNsaWVudCBvciByZXNvdXJjZSBvd25lciBp
bmZvcm1hdGlvbiBpbiBwbGFpbiB0ZXh0IGFzIHRoZXkKICAgICAgICAgIGNhbiBiZSB0cmFuc21p
dHRlZCBvdmVyIGluc2VjdXJlIGNoYW5uZWxzIG9yIHN0b3JlZCBpbnNlY3VyZWx5LgogICAgICAg
IDwvdD4KICAgICAgPC9zZWN0aW9uPgoKICAgICAgPHNlY3Rpb24gdGl0bGU9J0VuZHBvaW50cyBB
dXRoZW50aWNpdHknPgogICAgICAgIDx0PgogICAgICAgICAgSW4gb3JkZXIgdG8gcHJldmVudCBt
YW4taW4tdGhlLW1pZGRsZSBhdHRhY2tzLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBy
ZXF1aXJlIHRoZQogICAgICAgICAgdXNlIG9mIFRMUyB3aXRoIHNlcnZlciBhdXRoZW50aWNhdGlv
biBhcyBkZWZpbmVkIGJ5IDx4cmVmIHRhcmdldD0nUkZDMjgxOCcgLz4gZm9yCiAgICAgICAgICBh
bnkgcmVxdWVzdCBzZW50IHRvIHRoZSBhdXRob3JpemF0aW9uIGFuZCB0b2tlbiBlbmRwb2ludHMu
IFRoZSBjbGllbnQgTVVTVCB2YWxpZGF0ZSB0aGUKICAgICAgICAgIGF1dGhvcml6YXRpb24gc2Vy
dmVyJ3MgVExTIGNlcnRpZmljYXRlIGFzIGRlZmluZWQgYnkgPHhyZWYgdGFyZ2V0PSdSRkM2MTI1
JyAvPiwgYW5kIGluCiAgICAgICAgICBhY2NvcmRhbmNlIHdpdGggaXRzIHJlcXVpcmVtZW50cyBm
b3Igc2VydmVyIGlkZW50aXR5IGF1dGhlbnRpY2F0aW9uLgogICAgICAgIDwvdD4KICAgICAgPC9z
ZWN0aW9uPgoKICAgICAgPHNlY3Rpb24gdGl0bGU9J0NyZWRlbnRpYWxzIEd1ZXNzaW5nIEF0dGFj
a3MnIGFuY2hvcj0nYW50aHJvcHknPgogICAgICAgIDx0PgogICAgICAgICAgVGhlIGF1dGhvcml6
YXRpb24gc2VydmVyIE1VU1QgcHJldmVudCBhdHRhY2tlcnMgZnJvbSBndWVzc2luZyBhY2Nlc3Mg
dG9rZW5zLAogICAgICAgICAgYXV0aG9yaXphdGlvbiBjb2RlcywgcmVmcmVzaCB0b2tlbnMsIHJl
c291cmNlIG93bmVyIHBhc3N3b3JkcywgYW5kIGNsaWVudCBjcmVkZW50aWFscy4KICAgICAgICA8
L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUgcHJvYmFiaWxpdHkgb2YgYW4gYXR0YWNrZXIg
Z3Vlc3NpbmcgZ2VuZXJhdGVkIHRva2VucyAoYW5kIG90aGVyIGNyZWRlbnRpYWxzIG5vdAogICAg
ICAgICAgaW50ZW5kZWQgZm9yIGhhbmRsaW5nIGJ5IGVuZC11c2VycykgTVVTVCBiZSBsZXNzIHRo
YW4gb3IgZXF1YWwgdG8gMl4oLTEyOCkgYW5kIFNIT1VMRCBiZQogICAgICAgICAgbGVzcyB0aGFu
IG9yIGVxdWFsIHRvIDJeKC0xNjApLgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAg
IFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIHV0aWxpemUgb3RoZXIgbWVhbnMgdG8gcHJv
dGVjdCBjcmVkZW50aWFscyBpbnRlbmRlZCBmb3IKICAgICAgICAgIGVuZC11c2VyIHVzYWdlLgog
ICAgICAgIDwvdD4KICAgICAgPC9zZWN0aW9uPgoKICAgICAgPHNlY3Rpb24gdGl0bGU9J1BoaXNo
aW5nIEF0dGFja3MnPgogICAgICAgIDx0PgogICAgICAgICAgV2lkZSBkZXBsb3ltZW50IG9mIHRo
aXMgYW5kIHNpbWlsYXIgcHJvdG9jb2xzIG1heSBjYXVzZSBlbmQtdXNlcnMgdG8gYmVjb21lIGlu
dXJlZAogICAgICAgICAgdG8gdGhlIHByYWN0aWNlIG9mIGJlaW5nIHJlZGlyZWN0ZWQgdG8gd2Vi
c2l0ZXMgd2hlcmUgdGhleSBhcmUgYXNrZWQgdG8gZW50ZXIgdGhlaXIKICAgICAgICAgIHBhc3N3
b3Jkcy4gSWYgZW5kLXVzZXJzIGFyZSBub3QgY2FyZWZ1bCB0byB2ZXJpZnkgdGhlIGF1dGhlbnRp
Y2l0eSBvZiB0aGVzZSB3ZWJzaXRlcwogICAgICAgICAgYmVmb3JlIGVudGVyaW5nIHRoZWlyIGNy
ZWRlbnRpYWxzLCBpdCB3aWxsIGJlIHBvc3NpYmxlIGZvciBhdHRhY2tlcnMgdG8gZXhwbG9pdCB0
aGlzCiAgICAgICAgICBwcmFjdGljZSB0byBzdGVhbCByZXNvdXJjZSBvd25lcnMnIHBhc3N3b3Jk
cy4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBTZXJ2aWNlIHByb3ZpZGVycyBz
aG91bGQgYXR0ZW1wdCB0byBlZHVjYXRlIGVuZC11c2VycyBhYm91dCB0aGUgcmlza3MgcGhpc2hp
bmcgYXR0YWNrcwogICAgICAgICAgcG9zZSwgYW5kIHNob3VsZCBwcm92aWRlIG1lY2hhbmlzbXMg
dGhhdCBtYWtlIGl0IGVhc3kgZm9yIGVuZC11c2VycyB0byBjb25maXJtIHRoZQogICAgICAgICAg
YXV0aGVudGljaXR5IG9mIHRoZWlyIHNpdGVzLiBDbGllbnQgZGV2ZWxvcGVycyBzaG91bGQgY29u
c2lkZXIgdGhlIHNlY3VyaXR5IGltcGxpY2F0aW9ucwogICAgICAgICAgb2YgaG93IHRoZXkgaW50
ZXJhY3Qgd2l0aCB0aGUgdXNlci1hZ2VudCAoZS5nLiwgZXh0ZXJuYWwsIGVtYmVkZGVkKSwgYW5k
IHRoZSBhYmlsaXR5IG9mCiAgICAgICAgICB0aGUgZW5kLXVzZXIgdG8gdmVyaWZ5IHRoZSBhdXRo
ZW50aWNpdHkgb2YgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLgogICAgICAgIDwvdD4KICAgICAg
ICA8dD4KICAgICAgICAgIFRvIHJlZHVjZSB0aGUgcmlzayBvZiBwaGlzaGluZyBhdHRhY2tzLCB0
aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXJzIE1VU1QgcmVxdWlyZSB0aGUgdXNlIG9mCiAgICAgICAg
ICBUTFMgb24gZXZlcnkgZW5kcG9pbnQgdXNlZCBmb3IgZW5kLXVzZXIgaW50ZXJhY3Rpb24uCiAg
ICAgICAgPC90PgogICAgICA8L3NlY3Rpb24+CgogICAgICA8c2VjdGlvbiB0aXRsZT0nQ3Jvc3Mt
U2l0ZSBSZXF1ZXN0IEZvcmdlcnknIGFuY2hvcj0nQ1NSRic+CiAgICAgICAgPHQ+CiAgICAgICAg
ICBDcm9zcy1zaXRlIHJlcXVlc3QgZm9yZ2VyeSAoQ1NSRikgaXMgYW4gZXhwbG9pdCBpbiB3aGlj
aCBhbiBhdHRhY2tlciBjYXVzZXMgdGhlCiAgICAgICAgICB1c2VyLWFnZW50IG9mIGEgdmljdGlt
IGVuZC11c2VyIHRvIGZvbGxvdyBhIG1hbGljaW91cyBVUkkgKGUuZy4gcHJvdmlkZWQgdG8gdGhl
CiAgICAgICAgICB1c2VyLWFnZW50IGFzIGEgbWlzbGVhZGluZyBsaW5rLCBpbWFnZSwgb3IgcmVk
aXJlY3Rpb24pIHRvIGEgdHJ1c3Rpbmcgc2VydmVyICh1c3VhbGx5CiAgICAgICAgICBlc3RhYmxp
c2hlZCB2aWEgdGhlIHByZXNlbmNlIG9mIGEgdmFsaWQgc2Vzc2lvbiBjb29raWUpLgogICAgICAg
IDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIEEgQ1NSRiBhdHRhY2sgYWdhaW5zdCB0aGUgY2xp
ZW50J3MgcmVkaXJlY3Rpb24gVVJJIGFsbG93cyBhbiBhdHRhY2tlciB0byBpbmplY3QgdGhlaXIg
b3duCiAgICAgICAgICBhdXRob3JpemF0aW9uIGNvZGUgb3IgYWNjZXNzIHRva2VuLCB3aGljaCBj
YW4gcmVzdWx0IGluIHRoZSBjbGllbnQgdXNpbmcgYW4gYWNjZXNzIHRva2VuCiAgICAgICAgICBh
c3NvY2lhdGVkIHdpdGggdGhlIGF0dGFja2VyJ3MgcHJvdGVjdGVkIHJlc291cmNlcyByYXRoZXIg
dGhhbiB0aGUgdmljdGltJ3MgKGUuZy4gc2F2ZQogICAgICAgICAgdGhlIHZpY3RpbSdzIGJhbmsg
YWNjb3VudCBpbmZvcm1hdGlvbiB0byBhIHByb3RlY3RlZCByZXNvdXJjZSBjb250cm9sbGVkIGJ5
IHRoZQogICAgICAgICAgYXR0YWNrZXIpLgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAg
ICAgIFRoZSBjbGllbnQgTVVTVCBpbXBsZW1lbnQgQ1NSRiBwcm90ZWN0aW9uIGZvciBpdHMgcmVk
aXJlY3Rpb24gVVJJLiBUaGlzIGlzIHR5cGljYWxseQogICAgICAgICAgYWNjb21wbGlzaGVkIGJ5
IHJlcXVpcmluZyBhbnkgcmVxdWVzdCBzZW50IHRvIHRoZSByZWRpcmVjdGlvbiBVUkkgZW5kcG9p
bnQgdG8gaW5jbHVkZSBhCiAgICAgICAgICB2YWx1ZSB0aGF0IGJpbmRzIHRoZSByZXF1ZXN0IHRv
IHRoZSB1c2VyLWFnZW50J3MgYXV0aGVudGljYXRlZCBzdGF0ZSAoZS5nLiBhIGhhc2ggb2YgdGhl
CiAgICAgICAgICBzZXNzaW9uIGNvb2tpZSB1c2VkIHRvIGF1dGhlbnRpY2F0ZSB0aGUgdXNlci1h
Z2VudCkuIFRoZSBjbGllbnQgU0hPVUxEIHV0aWxpemUgdGhlCiAgICAgICAgICA8c3Bhbnggc3R5
bGU9J3ZlcmInPnN0YXRlPC9zcGFueD4gcmVxdWVzdCBwYXJhbWV0ZXIgdG8gZGVsaXZlciB0aGlz
IHZhbHVlIHRvIHRoZQogICAgICAgICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgd2hlbiBtYWtpbmcg
YW4gYXV0aG9yaXphdGlvbiByZXF1ZXN0LgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAg
ICAgIE9uY2UgYXV0aG9yaXphdGlvbiBoYXMgYmVlbiBvYnRhaW5lZCBmcm9tIHRoZSBlbmQtdXNl
ciwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyCiAgICAgICAgICByZWRpcmVjdHMgdGhlIGVuZC11
c2VyJ3MgdXNlci1hZ2VudCBiYWNrIHRvIHRoZSBjbGllbnQgd2l0aCB0aGUgcmVxdWlyZWQgYmlu
ZGluZyB2YWx1ZQogICAgICAgICAgY29udGFpbmVkIGluIHRoZSA8c3Bhbnggc3R5bGU9J3ZlcmIn
PnN0YXRlPC9zcGFueD4gcGFyYW1ldGVyLiBUaGUgYmluZGluZyB2YWx1ZSBlbmFibGVzCiAgICAg
ICAgICB0aGUgY2xpZW50IHRvIHZlcmlmeSB0aGUgdmFsaWRpdHkgb2YgdGhlIHJlcXVlc3QgYnkg
bWF0Y2hpbmcgdGhlIGJpbmRpbmcgdmFsdWUgdG8gdGhlCiAgICAgICAgICB1c2VyLWFnZW50J3Mg
YXV0aGVudGljYXRlZCBzdGF0ZS4gVGhlIGJpbmRpbmcgdmFsdWUgdXNlZCBmb3IgQ1NSRiBwcm90
ZWN0aW9uIE1VU1QgY29udGFpbgogICAgICAgICAgYSBub24tZ3Vlc3NhYmxlIHZhbHVlIChhcyBk
ZXNjcmliZWQgaW4gPHhyZWYgdGFyZ2V0PSdhbnRocm9weScgLz4pLCBhbmQgdGhlIHVzZXItYWdl
bnQncwogICAgICAgICAgYXV0aGVudGljYXRlZCBzdGF0ZSAoZS5nLiBzZXNzaW9uIGNvb2tpZSwg
SFRNTDUgbG9jYWwgc3RvcmFnZSkgTVVTVCBiZSBrZXB0IGluIGEgbG9jYXRpb24KICAgICAgICAg
IGFjY2Vzc2libGUgb25seSB0byB0aGUgY2xpZW50IGFuZCB0aGUgdXNlci1hZ2VudCAoaS5lLiwg
cHJvdGVjdGVkIGJ5IHNhbWUtb3JpZ2luIHBvbGljeSkuCiAgICAgICAgPC90PgogICAgICAgIDx0
PgogICAgICAgICAgQSBDU1JGIGF0dGFjayBhZ2FpbnN0IHRoZSBhdXRob3JpemF0aW9uIHNlcnZl
cidzIGF1dGhvcml6YXRpb24gZW5kcG9pbnQgY2FuIHJlc3VsdCBpbiBhbgogICAgICAgICAgYXR0
YWNrZXIgb2J0YWluaW5nIGVuZC11c2VyIGF1dGhvcml6YXRpb24gZm9yIGEgbWFsaWNpb3VzIGNs
aWVudCB3aXRob3V0IGludm9sdmluZyBvcgogICAgICAgICAgYWxlcnRpbmcgdGhlIGVuZC11c2Vy
LgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNl
cnZlciBNVVNUIGltcGxlbWVudCBDU1JGIHByb3RlY3Rpb24gZm9yIGl0cyBhdXRob3JpemF0aW9u
IGVuZHBvaW50LAogICAgICAgICAgYW5kIGVuc3VyZSB0aGF0IGEgbWFsaWNpb3VzIGNsaWVudCBj
YW5ub3Qgb2J0YWluIGF1dGhvcml6YXRpb24gd2l0aG91dCB0aGUgYXdhcmVuZXNzIGFuZAogICAg
ICAgICAgZXhwbGljaXQgY29uc2VudCBvZiB0aGUgcmVzb3VyY2Ugb3duZXIuCiAgICAgICAgPC90
PgogICAgICA8L3NlY3Rpb24+CgogICAgICA8c2VjdGlvbiB0aXRsZT0nQ2xpY2tqYWNraW5nJz4K
ICAgICAgICA8dD4KICAgICAgICAgIEluIGEgY2xpY2tqYWNraW5nIGF0dGFjaywgYW4gYXR0YWNr
ZXIgcmVnaXN0ZXJzIGEgbGVnaXRpbWF0ZSBjbGllbnQgYW5kIHRoZW4gY29uc3RydWN0cyBhCiAg
ICAgICAgICBtYWxpY2lvdXMgc2l0ZSBpbiB3aGljaCBpdCBsb2FkcyB0aGUgYXV0aG9yaXphdGlv
biBzZXJ2ZXIncyBhdXRob3JpemF0aW9uIGVuZHBvaW50IHdlYgogICAgICAgICAgcGFnZSBpbiBh
IHRyYW5zcGFyZW50IGlmcmFtZSBvdmVybGFpZCBvbiB0b3Agb2YgYSBzZXQgb2YgZHVtbXkgYnV0
dG9ucyB3aGljaCBhcmUKICAgICAgICAgIGNhcmVmdWxseSBjb25zdHJ1Y3RlZCB0byBiZSBwbGFj
ZWQgZGlyZWN0bHkgdW5kZXIgaW1wb3J0YW50IGJ1dHRvbnMgb24gdGhlIGF1dGhvcml6YXRpb24K
ICAgICAgICAgIHBhZ2UuIFdoZW4gYW4gZW5kLXVzZXIgY2xpY2tzIGEgbWlzbGVhZGluZyB2aXNp
YmxlIGJ1dHRvbiwgdGhlIGVuZC11c2VyIGlzIGFjdHVhbGx5CiAgICAgICAgICBjbGlja2luZyBh
biBpbnZpc2libGUgYnV0dG9uIG9uIHRoZSBhdXRob3JpemF0aW9uIHBhZ2UgKHN1Y2ggYXMgYW4g
IkF1dGhvcml6ZSIgYnV0dG9uKS4KICAgICAgICAgIFRoaXMgYWxsb3dzIGFuIGF0dGFja2VyIHRv
IHRyaWNrIGEgcmVzb3VyY2Ugb3duZXIgaW50byBncmFudGluZyBpdHMgY2xpZW50IGFjY2VzcyB3
aXRob3V0CiAgICAgICAgICB0aGVpciBrbm93bGVkZ2UuCiAgICAgICAgPC90PgogICAgICAgIDx0
PgogICAgICAgICAgVG8gcHJldmVudCB0aGlzIGZvcm0gb2YgYXR0YWNrLCBuYXRpdmUgYXBwbGlj
YXRpb25zIFNIT1VMRCB1c2UgZXh0ZXJuYWwgYnJvd3NlcnMgaW5zdGVhZAogICAgICAgICAgb2Yg
ZW1iZWRkaW5nIGJyb3dzZXJzIHdpdGhpbiB0aGUgYXBwbGljYXRpb24gd2hlbiByZXF1ZXN0aW5n
IGVuZC11c2VyIGF1dGhvcml6YXRpb24uIEZvcgogICAgICAgICAgbW9zdCBuZXdlciBicm93c2Vy
cywgYXZvaWRhbmNlIG9mIGlmcmFtZXMgY2FuIGJlIGVuZm9yY2VkIGJ5IHRoZSBhdXRob3JpemF0
aW9uIHNlcnZlcgogICAgICAgICAgdXNpbmcgdGhlIChub24tc3RhbmRhcmQpIDxzcGFueCBzdHls
ZT0ndmVyYic+eC1mcmFtZS1vcHRpb25zPC9zcGFueD4gaGVhZGVyLiBUaGlzIGhlYWRlcgogICAg
ICAgICAgY2FuIGhhdmUgdHdvIHZhbHVlcywgPHNwYW54IHN0eWxlPSd2ZXJiJz5kZW55PC9zcGFu
eD4gYW5kCiAgICAgICAgICA8c3Bhbnggc3R5bGU9J3ZlcmInPnNhbWVvcmlnaW48L3NwYW54Piwg
d2hpY2ggd2lsbCBibG9jayBhbnkgZnJhbWluZywgb3IgZnJhbWluZyBieSBzaXRlcwogICAgICAg
ICAgd2l0aCBhIGRpZmZlcmVudCBvcmlnaW4sIHJlc3BlY3RpdmVseS4gRm9yIG9sZGVyIGJyb3dz
ZXJzLCBqYXZhc2NyaXB0IGZyYW1lYnVzdGluZwogICAgICAgICAgdGVjaG5pcXVlcyBjYW4gYmUg
dXNlZCBidXQgbWF5IG5vdCBiZSBlZmZlY3RpdmUgaW4gYWxsIGJyb3dzZXJzLgogICAgICAgIDwv
dD4KICAgICAgPC9zZWN0aW9uPgoKICAgICAgPHNlY3Rpb24gdGl0bGU9J0NvZGUgSW5qZWN0aW9u
IGFuZCBJbnB1dCBWYWxpZGF0aW9uJz4KICAgICAgICA8dD4KICAgICAgICAgIEEgY29kZSBpbmpl
Y3Rpb24gYXR0YWNrIG9jY3VycyB3aGVuIGFuIGlucHV0IG9yIG90aGVyd2lzZSBleHRlcm5hbCB2
YXJpYWJsZSBpcyB1c2VkIGJ5IGFuCiAgICAgICAgICBhcHBsaWNhdGlvbiB1bnNhbml0aXplZCBh
bmQgY2F1c2VzIG1vZGlmaWNhdGlvbiB0byB0aGUgYXBwbGljYXRpb24gbG9naWMuIFRoaXMgbWF5
IGFsbG93CiAgICAgICAgICBhbiBhdHRhY2tlciB0byBnYWluIGFjY2VzcyB0byB0aGUgYXBwbGlj
YXRpb24gZGV2aWNlIG9yIGl0cyBkYXRhLCBjYXVzZSBkZW5pYWwgb2YKICAgICAgICAgIHNlcnZp
Y2UsIG9yIGEgd2lkZSByYW5nZSBvZiBtYWxpY2lvdXMgc2lkZS1lZmZlY3RzLgogICAgICAgIDwv
dD4KICAgICAgICA8dD4KICAgICAgICAgIFRoZSBBdXRob3JpemF0aW9uIHNlcnZlciBhbmQgY2xp
ZW50IE1VU1Qgc2FuaXRpemUgKGFuZCB2YWxpZGF0ZSB3aGVuIHBvc3NpYmxlKSBhbnkgdmFsdWUK
ICAgICAgICAgIHJlY2VpdmVkLCBpbiBwYXJ0aWN1bGFyLCB0aGUgdmFsdWUgb2YgdGhlIDxzcGFu
eCBzdHlsZT0ndmVyYic+c3RhdGU8L3NwYW54PiBhbmQKICAgICAgICAgIDxzcGFueCBzdHlsZT0n
dmVyYic+cmVkaXJlY3RfdXJpPC9zcGFueD4gcGFyYW1ldGVycy4KICAgICAgICA8L3Q+CiAgICAg
IDwvc2VjdGlvbj4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSdPcGVuIFJlZGlyZWN0b3JzJyBhbmNo
b3I9J29wZW4tcmVkaXJlY3QnPgogICAgICAgIDx0PgogICAgICAgICAgVGhlIGF1dGhvcml6YXRp
b24gc2VydmVyIGF1dGhvcml6YXRpb24gZW5kcG9pbnQgYW5kIHRoZSBjbGllbnQgcmVkaXJlY3Rp
b24gZW5kcG9pbnQgY2FuCiAgICAgICAgICBiZSBpbXByb3Blcmx5IGNvbmZpZ3VyZWQgYW5kIG9w
ZXJhdGUgYXMgb3BlbiByZWRpcmVjdG9ycy4gQW4gb3BlbiByZWRpcmVjdG9yIGlzIGFuCiAgICAg
ICAgICBlbmRwb2ludCB1c2luZyBhIHBhcmFtZXRlciB0byBhdXRvbWF0aWNhbGx5IHJlZGlyZWN0
IGEgdXNlci1hZ2VudCB0byB0aGUgbG9jYXRpb24KICAgICAgICAgIHNwZWNpZmllZCBieSB0aGUg
cGFyYW1ldGVyIHZhbHVlIHdpdGhvdXQgYW55IHZhbGlkYXRpb24uCiAgICAgICAgPC90PgogICAg
ICAgIDx0PgogICAgICAgICAgT3BlbiByZWRpcmVjdG9ycyBjYW4gYmUgdXNlZCBpbiBwaGlzaGlu
ZyBhdHRhY2tzLCBvciBieSBhbiBhdHRhY2tlciB0byBnZXQgZW5kLXVzZXJzIHRvCiAgICAgICAg
ICB2aXNpdCBtYWxpY2lvdXMgc2l0ZXMgYnkgbWFraW5nIHRoZSBVUkkncyBhdXRob3JpdHkgbG9v
ayBsaWtlIGEgZmFtaWxpYXIgYW5kIHRydXN0ZWQKICAgICAgICAgIGRlc3RpbmF0aW9uLiBJbiBh
ZGRpdGlvbiwgaWYgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGFsbG93cyB0aGUgY2xpZW50IHRv
IHJlZ2lzdGVyIG9ubHkKICAgICAgICAgIHBhcnQgb2YgdGhlIHJlZGlyZWN0aW9uIFVSSSwgYW4g
YXR0YWNrZXIgY2FuIHVzZSBhbiBvcGVuIHJlZGlyZWN0b3Igb3BlcmF0ZWQgYnkgdGhlCiAgICAg
ICAgICBjbGllbnQgdG8gY29uc3RydWN0IGEgcmVkaXJlY3Rpb24gVVJJIHRoYXQgd2lsbCBwYXNz
IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciB2YWxpZGF0aW9uCiAgICAgICAgICBidXQgd2lsbCBz
ZW5kIHRoZSBhdXRob3JpemF0aW9uIGNvZGUgb3IgYWNjZXNzIHRva2VuIHRvIGFuIGVuZHBvaW50
IHVuZGVyIHRoZSBjb250cm9sIG9mCiAgICAgICAgICB0aGUgYXR0YWNrZXIuCiAgICAgICAgPC90
PgogICAgICA8L3NlY3Rpb24+CgogICAgPC9zZWN0aW9uPgoKICAgIDxzZWN0aW9uIHRpdGxlPSdJ
QU5BIENvbnNpZGVyYXRpb25zJz4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSdUaGUgT0F1dGggQWNj
ZXNzIFRva2VuIFR5cGUgUmVnaXN0cnknIGFuY2hvcj0ndHlwZS1yZWdpc3RyeSc+CiAgICAgICAg
PHQ+CiAgICAgICAgICBUaGlzIHNwZWNpZmljYXRpb24gZXN0YWJsaXNoZXMgdGhlIE9BdXRoIGFj
Y2VzcyB0b2tlbiB0eXBlIHJlZ2lzdHJ5LgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAg
ICAgIEFjY2VzcyB0b2tlbiB0eXBlcyBhcmUgcmVnaXN0ZXJlZCB3aXRoIGEgU3BlY2lmaWNhdGlv
biBSZXF1aXJlZAogICAgICAgICAgKDx4cmVmIHRhcmdldD0nUkZDNTIyNicgLz4pIGFmdGVyIGEg
dHdvIHdlZWtzIHJldmlldyBwZXJpb2Qgb24gdGhlIFtUQkRdQGlldGYub3JnIG1haWxpbmcKICAg
ICAgICAgIGxpc3QsIG9uIHRoZSBhZHZpY2Ugb2Ygb25lIG9yIG1vcmUgRGVzaWduYXRlZCBFeHBl
cnRzLiBIb3dldmVyLCB0byBhbGxvdyBmb3IgdGhlCiAgICAgICAgICBhbGxvY2F0aW9uIG9mIHZh
bHVlcyBwcmlvciB0byBwdWJsaWNhdGlvbiwgdGhlIERlc2lnbmF0ZWQgRXhwZXJ0KHMpIG1heSBh
cHByb3ZlCiAgICAgICAgICByZWdpc3RyYXRpb24gb25jZSB0aGV5IGFyZSBzYXRpc2ZpZWQgdGhh
dCBzdWNoIGEgc3BlY2lmaWNhdGlvbiB3aWxsIGJlIHB1Ymxpc2hlZC4KICAgICAgICA8L3Q+CiAg
ICAgICAgPHQ+CiAgICAgICAgICBSZWdpc3RyYXRpb24gcmVxdWVzdHMgbXVzdCBiZSBzZW50IHRv
IHRoZSBbVEJEXUBpZXRmLm9yZyBtYWlsaW5nIGxpc3QgZm9yIHJldmlldyBhbmQKICAgICAgICAg
IGNvbW1lbnQsIHdpdGggYW4gYXBwcm9wcmlhdGUgc3ViamVjdCAoZS5nLiwgIlJlcXVlc3QgZm9y
IGFjY2VzcyB0b2tlbiB0eXBlOiBleGFtcGxlIikuCiAgICAgICAgICBbWyBOb3RlIHRvIFJGQy1F
RElUT1I6IFRoZSBuYW1lIG9mIHRoZSBtYWlsaW5nIGxpc3Qgc2hvdWxkIGJlIGRldGVybWluZWQg
aW4gY29uc3VsdGF0aW9uCiAgICAgICAgICB3aXRoIHRoZSBJRVNHIGFuZCBJQU5BLiBTdWdnZXN0
ZWQgbmFtZTogb2F1dGgtZXh0LXJldmlldy4gXV0KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAg
ICAgICAgICBXaXRoaW4gdGhlIHJldmlldyBwZXJpb2QsIHRoZSBEZXNpZ25hdGVkIEV4cGVydChz
KSB3aWxsIGVpdGhlciBhcHByb3ZlIG9yCiAgICAgICAgICBkZW55IHRoZSByZWdpc3RyYXRpb24g
cmVxdWVzdCwgY29tbXVuaWNhdGluZyB0aGlzIGRlY2lzaW9uIHRvIHRoZSByZXZpZXcgbGlzdCBh
bmQgSUFOQS4KICAgICAgICAgIERlbmlhbHMgc2hvdWxkIGluY2x1ZGUgYW4gZXhwbGFuYXRpb24g
YW5kLCBpZiBhcHBsaWNhYmxlLCBzdWdnZXN0aW9ucyBhcyB0byBob3cgdG8gbWFrZQogICAgICAg
ICAgdGhlIHJlcXVlc3Qgc3VjY2Vzc2Z1bC4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAg
ICAgICBJQU5BIG11c3Qgb25seSBhY2NlcHQgcmVnaXN0cnkgdXBkYXRlcyBmcm9tIHRoZSBEZXNp
Z25hdGVkIEV4cGVydChzKSwgYW5kIHNob3VsZCBkaXJlY3QKICAgICAgICAgIGFsbCByZXF1ZXN0
cyBmb3IgcmVnaXN0cmF0aW9uIHRvIHRoZSByZXZpZXcgbWFpbGluZyBsaXN0LgogICAgICAgIDwv
dD4KCiAgICAgICAgPHNlY3Rpb24gdGl0bGU9J1JlZ2lzdHJhdGlvbiBUZW1wbGF0ZSc+CiAgICAg
ICAgICA8dD4KICAgICAgICAgICAgPGxpc3Qgc3R5bGU9J2hhbmdpbmcnPgogICAgICAgICAgICAg
IDx0IGhhbmdUZXh0PSdUeXBlIG5hbWU6Jz4KICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAg
ICAgICAgICAgICAgIFRoZSBuYW1lIHJlcXVlc3RlZCAoZS5nLiwgImV4YW1wbGUiKS4KICAgICAg
ICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J0FkZGl0aW9uYWwgVG9rZW4g
RW5kcG9pbnQgUmVzcG9uc2UgUGFyYW1ldGVyczonPgogICAgICAgICAgICAgICAgPHZzcGFjZSAv
PgogICAgICAgICAgICAgICAgQWRkaXRpb25hbCByZXNwb25zZSBwYXJhbWV0ZXJzIHJldHVybmVk
IHRvZ2V0aGVyIHdpdGggdGhlCiAgICAgICAgICAgICAgICA8c3Bhbnggc3R5bGU9J3ZlcmInPmFj
Y2Vzc190b2tlbjwvc3Bhbng+IHBhcmFtZXRlci4gTmV3IHBhcmFtZXRlcnMgTVVTVCBiZQogICAg
ICAgICAgICAgICAgc2VwYXJhdGVseSByZWdpc3RlcmVkIGluIHRoZSBPQXV0aCBwYXJhbWV0ZXJz
IHJlZ2lzdHJ5IGFzIGRlc2NyaWJlZCBieQogICAgICAgICAgICAgICAgPHhyZWYgdGFyZ2V0PSdw
YXJhbWV0ZXJzLXJlZ2lzdHJ5JyAvPi4KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAg
PHQgaGFuZ1RleHQ9J0hUVFAgQXV0aGVudGljYXRpb24gU2NoZW1lKHMpOic+CiAgICAgICAgICAg
ICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICBUaGUgSFRUUCBhdXRoZW50aWNhdGlvbiBz
Y2hlbWUgbmFtZShzKSwgaWYgYW55LCB1c2VkIHRvIGF1dGhlbnRpY2F0ZSBwcm90ZWN0ZWQKICAg
ICAgICAgICAgICAgIHJlc291cmNlcyByZXF1ZXN0cyB1c2luZyBhY2Nlc3MgdG9rZW5zIG9mIHRo
aXMgdHlwZS4KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J0No
YW5nZSBjb250cm9sbGVyOic+CiAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAg
ICAgICBGb3Igc3RhbmRhcmRzLXRyYWNrIFJGQ3MsIHN0YXRlICJJRVRGIi4gRm9yIG90aGVycywg
Z2l2ZSB0aGUgbmFtZSBvZiB0aGUKICAgICAgICAgICAgICAgIHJlc3BvbnNpYmxlIHBhcnR5LiBP
dGhlciBkZXRhaWxzIChlLmcuLCBwb3N0YWwgYWRkcmVzcywgZS1tYWlsIGFkZHJlc3MsIGhvbWUg
cGFnZQogICAgICAgICAgICAgICAgVVJJKSBtYXkgYWxzbyBiZSBpbmNsdWRlZC4KICAgICAgICAg
ICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J1NwZWNpZmljYXRpb24gZG9jdW1l
bnQocyk6Jz4KICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgIFJlZmVy
ZW5jZSB0byB0aGUgZG9jdW1lbnQgdGhhdCBzcGVjaWZpZXMgdGhlIHBhcmFtZXRlciwgcHJlZmVy
YWJseSBpbmNsdWRpbmcgYSBVUkkgdGhhdAogICAgICAgICAgICAgICAgY2FuIGJlIHVzZWQgdG8g
cmV0cmlldmUgYSBjb3B5IG9mIHRoZSBkb2N1bWVudC4gQW4gaW5kaWNhdGlvbiBvZiB0aGUgcmVs
ZXZhbnQKICAgICAgICAgICAgICAgIHNlY3Rpb25zIG1heSBhbHNvIGJlIGluY2x1ZGVkLCBidXQg
aXMgbm90IHJlcXVpcmVkLgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPC9saXN0Pgog
ICAgICAgICAgPC90PgogICAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDwvc2VjdGlvbj4KCiAgICAg
IDxzZWN0aW9uIHRpdGxlPSdUaGUgT0F1dGggUGFyYW1ldGVycyBSZWdpc3RyeScgYW5jaG9yPSdw
YXJhbWV0ZXJzLXJlZ2lzdHJ5Jz4KICAgICAgICA8dD4KICAgICAgICAgIFRoaXMgc3BlY2lmaWNh
dGlvbiBlc3RhYmxpc2hlcyB0aGUgT0F1dGggcGFyYW1ldGVycyByZWdpc3RyeS4KICAgICAgICA8
L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBBZGRpdGlvbmFsIHBhcmFtZXRlcnMgZm9yIGluY2x1
c2lvbiBpbiB0aGUgYXV0aG9yaXphdGlvbiBlbmRwb2ludCByZXF1ZXN0LCB0aGUKICAgICAgICAg
IGF1dGhvcml6YXRpb24gZW5kcG9pbnQgcmVzcG9uc2UsIHRoZSB0b2tlbiBlbmRwb2ludCByZXF1
ZXN0LCBvciB0aGUgdG9rZW4gZW5kcG9pbnQKICAgICAgICAgIHJlc3BvbnNlIGFyZSByZWdpc3Rl
cmVkIHdpdGggYSBTcGVjaWZpY2F0aW9uIFJlcXVpcmVkCiAgICAgICAgICAoPHhyZWYgdGFyZ2V0
PSdSRkM1MjI2JyAvPikgYWZ0ZXIgYSB0d28gd2Vla3MgcmV2aWV3IHBlcmlvZCBvbiB0aGUgW1RC
RF1AaWV0Zi5vcmcgbWFpbGluZwogICAgICAgICAgbGlzdCwgb24gdGhlIGFkdmljZSBvZiBvbmUg
b3IgbW9yZSBEZXNpZ25hdGVkIEV4cGVydHMuIEhvd2V2ZXIsIHRvIGFsbG93IGZvciB0aGUKICAg
ICAgICAgIGFsbG9jYXRpb24gb2YgdmFsdWVzIHByaW9yIHRvIHB1YmxpY2F0aW9uLCB0aGUgRGVz
aWduYXRlZCBFeHBlcnQocykgbWF5IGFwcHJvdmUKICAgICAgICAgIHJlZ2lzdHJhdGlvbiBvbmNl
IHRoZXkgYXJlIHNhdGlzZmllZCB0aGF0IHN1Y2ggYSBzcGVjaWZpY2F0aW9uIHdpbGwgYmUgcHVi
bGlzaGVkLgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIFJlZ2lzdHJhdGlvbiBy
ZXF1ZXN0cyBtdXN0IGJlIHNlbnQgdG8gdGhlIFtUQkRdQGlldGYub3JnIG1haWxpbmcgbGlzdCBm
b3IgcmV2aWV3IGFuZAogICAgICAgICAgY29tbWVudCwgd2l0aCBhbiBhcHByb3ByaWF0ZSBzdWJq
ZWN0IChlLmcuLCAiUmVxdWVzdCBmb3IgcGFyYW1ldGVyOiBleGFtcGxlIikuCiAgICAgICAgICBb
WyBOb3RlIHRvIFJGQy1FRElUT1I6IFRoZSBuYW1lIG9mIHRoZSBtYWlsaW5nIGxpc3Qgc2hvdWxk
IGJlIGRldGVybWluZWQgaW4gY29uc3VsdGF0aW9uCiAgICAgICAgICB3aXRoIHRoZSBJRVNHIGFu
ZCBJQU5BLiBTdWdnZXN0ZWQgbmFtZTogb2F1dGgtZXh0LXJldmlldy4gXV0KICAgICAgICA8L3Q+
CiAgICAgICAgPHQ+CiAgICAgICAgICBXaXRoaW4gdGhlIHJldmlldyBwZXJpb2QsIHRoZSBEZXNp
Z25hdGVkIEV4cGVydChzKSB3aWxsIGVpdGhlciBhcHByb3ZlIG9yCiAgICAgICAgICBkZW55IHRo
ZSByZWdpc3RyYXRpb24gcmVxdWVzdCwgY29tbXVuaWNhdGluZyB0aGlzIGRlY2lzaW9uIHRvIHRo
ZSByZXZpZXcgbGlzdCBhbmQgSUFOQS4KICAgICAgICAgIERlbmlhbHMgc2hvdWxkIGluY2x1ZGUg
YW4gZXhwbGFuYXRpb24gYW5kLCBpZiBhcHBsaWNhYmxlLCBzdWdnZXN0aW9ucyBhcyB0byBob3cg
dG8gbWFrZQogICAgICAgICAgdGhlIHJlcXVlc3Qgc3VjY2Vzc2Z1bC4KICAgICAgICA8L3Q+CiAg
ICAgICAgPHQ+CiAgICAgICAgICBJQU5BIG11c3Qgb25seSBhY2NlcHQgcmVnaXN0cnkgdXBkYXRl
cyBmcm9tIHRoZSBEZXNpZ25hdGVkIEV4cGVydChzKSwgYW5kIHNob3VsZCBkaXJlY3QKICAgICAg
ICAgIGFsbCByZXF1ZXN0cyBmb3IgcmVnaXN0cmF0aW9uIHRvIHRoZSByZXZpZXcgbWFpbGluZyBs
aXN0LgogICAgICAgIDwvdD4KCiAgICAgICAgPHNlY3Rpb24gdGl0bGU9J1JlZ2lzdHJhdGlvbiBU
ZW1wbGF0ZSc+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgPGxpc3Qgc3R5bGU9J2hhbmdpbmcn
PgogICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdQYXJhbWV0ZXIgbmFtZTonPgogICAgICAgICAg
ICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAgVGhlIG5hbWUgcmVxdWVzdGVkIChlLmcu
LCAiZXhhbXBsZSIpLgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dCBoYW5nVGV4
dD0nUGFyYW1ldGVyIHVzYWdlIGxvY2F0aW9uOic+CiAgICAgICAgICAgICAgICA8dnNwYWNlIC8+
CiAgICAgICAgICAgICAgICBUaGUgbG9jYXRpb24ocykgd2hlcmUgcGFyYW1ldGVyIGNhbiBiZSB1
c2VkLiBUaGUgcG9zc2libGUgbG9jYXRpb25zIGFyZToKICAgICAgICAgICAgICAgIGF1dGhvcml6
YXRpb24gcmVxdWVzdCwgYXV0aG9yaXphdGlvbiByZXNwb25zZSwgdG9rZW4gcmVxdWVzdCwgb3Ig
dG9rZW4gcmVzcG9uc2UuCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0IGhhbmdU
ZXh0PSdDaGFuZ2UgY29udHJvbGxlcjonPgogICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAg
ICAgICAgICAgICAgRm9yIHN0YW5kYXJkcy10cmFjayBSRkNzLCBzdGF0ZSAiSUVURiIuIEZvciBv
dGhlcnMsIGdpdmUgdGhlIG5hbWUgb2YgdGhlCiAgICAgICAgICAgICAgICByZXNwb25zaWJsZSBw
YXJ0eS4gT3RoZXIgZGV0YWlscyAoZS5nLiwgcG9zdGFsIGFkZHJlc3MsIGUtbWFpbCBhZGRyZXNz
LCBob21lIHBhZ2UKICAgICAgICAgICAgICAgIFVSSSkgbWF5IGFsc28gYmUgaW5jbHVkZWQuCiAg
ICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdTcGVjaWZpY2F0aW9u
IGRvY3VtZW50KHMpOic+CiAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAg
ICBSZWZlcmVuY2UgdG8gdGhlIGRvY3VtZW50IHRoYXQgc3BlY2lmaWVzIHRoZSBwYXJhbWV0ZXIs
IHByZWZlcmFibHkgaW5jbHVkaW5nIGEgVVJJIHRoYXQKICAgICAgICAgICAgICAgIGNhbiBiZSB1
c2VkIHRvIHJldHJpZXZlIGEgY29weSBvZiB0aGUgZG9jdW1lbnQuIEFuIGluZGljYXRpb24gb2Yg
dGhlIHJlbGV2YW50CiAgICAgICAgICAgICAgICBzZWN0aW9ucyBtYXkgYWxzbyBiZSBpbmNsdWRl
ZCwgYnV0IGlzIG5vdCByZXF1aXJlZC4KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDwv
bGlzdD4KICAgICAgICAgIDwvdD4KICAgICAgICA8L3NlY3Rpb24+CgogICAgICAgIDxzZWN0aW9u
IHRpdGxlPSdJbml0aWFsIFJlZ2lzdHJ5IENvbnRlbnRzJz4KICAgICAgICAgIDx0PgogICAgICAg
ICAgICBUaGUgT0F1dGggUGFyYW1ldGVycyBSZWdpc3RyeSdzIGluaXRpYWwgY29udGVudHMgYXJl
OgogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIDxsaXN0IHN0eWxlPSdz
eW1ib2xzJz4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFBhcmFtZXRlciBuYW1l
OiBjbGllbnRfaWQKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAg
ICAgICAgICBQYXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb246IGF1dGhvcml6YXRpb24gcmVxdWVzdCwg
dG9rZW4gcmVxdWVzdAogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAg
ICAgICAgICAgIENoYW5nZSBjb250cm9sbGVyOiBJRVRGCiAgICAgICAgICAgICAgPC90PgogICAg
ICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTog
W1sgdGhpcyBkb2N1bWVudCBdXQogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPC9saXN0
PgogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIDxsaXN0IHN0eWxlPSdz
eW1ib2xzJz4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFBhcmFtZXRlciBuYW1l
OiBjbGllbnRfc2VjcmV0CiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAg
ICAgICAgICAgICAgUGFyYW1ldGVyIHVzYWdlIGxvY2F0aW9uOiB0b2tlbiByZXF1ZXN0CiAgICAg
ICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgQ2hhbmdlIGNv
bnRyb2xsZXI6IElFVEYKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAg
ICAgICAgICAgICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOiBbWyB0aGlzIGRvY3VtZW50IF1d
CiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8L2xpc3Q+CiAgICAgICAgICA8L3Q+CiAg
ICAgICAgICA8dD4KICAgICAgICAgICAgPGxpc3Qgc3R5bGU9J3N5bWJvbHMnPgogICAgICAgICAg
ICAgIDx0PgogICAgICAgICAgICAgICAgUGFyYW1ldGVyIG5hbWU6IHJlc3BvbnNlX3R5cGUKICAg
ICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBQYXJhbWV0
ZXIgdXNhZ2UgbG9jYXRpb246IGF1dGhvcml6YXRpb24gcmVxdWVzdAogICAgICAgICAgICAgIDwv
dD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIENoYW5nZSBjb250cm9sbGVyOiBJ
RVRGCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAg
U3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBdXQogICAgICAgICAg
ICAgIDwvdD4KICAgICAgICAgICAgPC9saXN0PgogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+
CiAgICAgICAgICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4KICAgICAgICAgICAgICA8dD4KICAg
ICAgICAgICAgICAgIFBhcmFtZXRlciBuYW1lOiByZWRpcmVjdF91cmkKICAgICAgICAgICAgICA8
L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBQYXJhbWV0ZXIgdXNhZ2UgbG9j
YXRpb246IGF1dGhvcml6YXRpb24gcmVxdWVzdCwgdG9rZW4gcmVxdWVzdAogICAgICAgICAgICAg
IDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIENoYW5nZSBjb250cm9sbGVy
OiBJRVRGCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAg
ICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBdXQogICAgICAg
ICAgICAgIDwvdD4KICAgICAgICAgICAgPC9saXN0PgogICAgICAgICAgPC90PgogICAgICAgICAg
PHQ+CiAgICAgICAgICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4KICAgICAgICAgICAgICA8dD4K
ICAgICAgICAgICAgICAgIFBhcmFtZXRlciBuYW1lOiBzY29wZQogICAgICAgICAgICAgIDwvdD4K
ICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFBhcmFtZXRlciB1c2FnZSBsb2NhdGlv
bjogYXV0aG9yaXphdGlvbiByZXF1ZXN0LCBhdXRob3JpemF0aW9uIHJlc3BvbnNlLCB0b2tlbgog
ICAgICAgICAgICAgICAgcmVxdWVzdCwgdG9rZW4gcmVzcG9uc2UKICAgICAgICAgICAgICA8L3Q+
CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBDaGFuZ2UgY29udHJvbGxlcjogSUVU
RgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFNw
ZWNpZmljYXRpb24gZG9jdW1lbnQocyk6IFtbIHRoaXMgZG9jdW1lbnQgXV0KICAgICAgICAgICAg
ICA8L3Q+CiAgICAgICAgICAgIDwvbGlzdD4KICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0Pgog
ICAgICAgICAgICA8bGlzdCBzdHlsZT0nc3ltYm9scyc+CiAgICAgICAgICAgICAgPHQ+CiAgICAg
ICAgICAgICAgICBQYXJhbWV0ZXIgbmFtZTogc3RhdGUKICAgICAgICAgICAgICA8L3Q+CiAgICAg
ICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBQYXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb246IGF1
dGhvcml6YXRpb24gcmVxdWVzdCwgYXV0aG9yaXphdGlvbiByZXNwb25zZQogICAgICAgICAgICAg
IDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIENoYW5nZSBjb250cm9sbGVy
OiBJRVRGCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAg
ICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBdXQogICAgICAg
ICAgICAgIDwvdD4KICAgICAgICAgICAgPC9saXN0PgogICAgICAgICAgPC90PgogICAgICAgICAg
PHQ+CiAgICAgICAgICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4KICAgICAgICAgICAgICA8dD4K
ICAgICAgICAgICAgICAgIFBhcmFtZXRlciBuYW1lOiBjb2RlCiAgICAgICAgICAgICAgPC90Pgog
ICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgUGFyYW1ldGVyIHVzYWdlIGxvY2F0aW9u
OiBhdXRob3JpemF0aW9uIHJlc3BvbnNlLCB0b2tlbiByZXF1ZXN0CiAgICAgICAgICAgICAgPC90
PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgQ2hhbmdlIGNvbnRyb2xsZXI6IElF
VEYKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBT
cGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOiBbWyB0aGlzIGRvY3VtZW50IF1dCiAgICAgICAgICAg
ICAgPC90PgogICAgICAgICAgICA8L2xpc3Q+CiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4K
ICAgICAgICAgICAgPGxpc3Qgc3R5bGU9J3N5bWJvbHMnPgogICAgICAgICAgICAgIDx0PgogICAg
ICAgICAgICAgICAgUGFyYW1ldGVyIG5hbWU6IGVycm9yX2Rlc2NyaXB0aW9uCiAgICAgICAgICAg
ICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgUGFyYW1ldGVyIHVzYWdl
IGxvY2F0aW9uOiBhdXRob3JpemF0aW9uIHJlc3BvbnNlLCB0b2tlbiByZXNwb25zZQogICAgICAg
ICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIENoYW5nZSBjb250
cm9sbGVyOiBJRVRGCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAg
ICAgICAgICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBdXQog
ICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPC9saXN0PgogICAgICAgICAgPC90PgogICAg
ICAgICAgPHQ+CiAgICAgICAgICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4KICAgICAgICAgICAg
ICA8dD4KICAgICAgICAgICAgICAgIFBhcmFtZXRlciBuYW1lOiBlcnJvcl91cmkKICAgICAgICAg
ICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBQYXJhbWV0ZXIgdXNh
Z2UgbG9jYXRpb246IGF1dGhvcml6YXRpb24gcmVzcG9uc2UsIHRva2VuIHJlc3BvbnNlCiAgICAg
ICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgQ2hhbmdlIGNv
bnRyb2xsZXI6IElFVEYKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAg
ICAgICAgICAgICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOiBbWyB0aGlzIGRvY3VtZW50IF1d
CiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8L2xpc3Q+CiAgICAgICAgICA8L3Q+CiAg
ICAgICAgICA8dD4KICAgICAgICAgICAgPGxpc3Qgc3R5bGU9J3N5bWJvbHMnPgogICAgICAgICAg
ICAgIDx0PgogICAgICAgICAgICAgICAgUGFyYW1ldGVyIG5hbWU6IGdyYW50X3R5cGUKICAgICAg
ICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBQYXJhbWV0ZXIg
dXNhZ2UgbG9jYXRpb246IHRva2VuIHJlcXVlc3QKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAg
ICAgICAgPHQ+CiAgICAgICAgICAgICAgICBDaGFuZ2UgY29udHJvbGxlcjogSUVURgogICAgICAg
ICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFNwZWNpZmljYXRp
b24gZG9jdW1lbnQocyk6IFtbIHRoaXMgZG9jdW1lbnQgXV0KICAgICAgICAgICAgICA8L3Q+CiAg
ICAgICAgICAgIDwvbGlzdD4KICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAg
ICA8bGlzdCBzdHlsZT0nc3ltYm9scyc+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAg
ICBQYXJhbWV0ZXIgbmFtZTogYWNjZXNzX3Rva2VuCiAgICAgICAgICAgICAgPC90PgogICAgICAg
ICAgICAgIDx0PgogICAgICAgICAgICAgICAgUGFyYW1ldGVyIHVzYWdlIGxvY2F0aW9uOiBhdXRo
b3JpemF0aW9uIHJlc3BvbnNlLCB0b2tlbiByZXNwb25zZQogICAgICAgICAgICAgIDwvdD4KICAg
ICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIENoYW5nZSBjb250cm9sbGVyOiBJRVRGCiAg
ICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgU3BlY2lm
aWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBdXQogICAgICAgICAgICAgIDwv
dD4KICAgICAgICAgICAgPC9saXN0PgogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAg
ICAgICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4KICAgICAgICAgICAgICA8dD4KICAgICAgICAg
ICAgICAgIFBhcmFtZXRlciBuYW1lOiB0b2tlbl90eXBlCiAgICAgICAgICAgICAgPC90PgogICAg
ICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgUGFyYW1ldGVyIHVzYWdlIGxvY2F0aW9uOiBh
dXRob3JpemF0aW9uIHJlc3BvbnNlLCB0b2tlbiByZXNwb25zZQogICAgICAgICAgICAgIDwvdD4K
ICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIENoYW5nZSBjb250cm9sbGVyOiBJRVRG
CiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgU3Bl
Y2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBdXQogICAgICAgICAgICAg
IDwvdD4KICAgICAgICAgICAgPC9saXN0PgogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAg
ICAgICAgICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4KICAgICAgICAgICAgICA8dD4KICAgICAg
ICAgICAgICAgIFBhcmFtZXRlciBuYW1lOiBleHBpcmVzX2luCiAgICAgICAgICAgICAgPC90Pgog
ICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgUGFyYW1ldGVyIHVzYWdlIGxvY2F0aW9u
OiBhdXRob3JpemF0aW9uIHJlc3BvbnNlLCB0b2tlbiByZXNwb25zZQogICAgICAgICAgICAgIDwv
dD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIENoYW5nZSBjb250cm9sbGVyOiBJ
RVRGCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAg
U3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBdXQogICAgICAgICAg
ICAgIDwvdD4KICAgICAgICAgICAgPC9saXN0PgogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+
CiAgICAgICAgICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4KICAgICAgICAgICAgICA8dD4KICAg
ICAgICAgICAgICAgIFBhcmFtZXRlciBuYW1lOiB1c2VybmFtZQogICAgICAgICAgICAgIDwvdD4K
ICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFBhcmFtZXRlciB1c2FnZSBsb2NhdGlv
bjogdG9rZW4gcmVxdWVzdAogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAg
ICAgICAgICAgICAgIENoYW5nZSBjb250cm9sbGVyOiBJRVRGCiAgICAgICAgICAgICAgPC90Pgog
ICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChz
KTogW1sgdGhpcyBkb2N1bWVudCBdXQogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPC9s
aXN0PgogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIDxsaXN0IHN0eWxl
PSdzeW1ib2xzJz4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFBhcmFtZXRlciBu
YW1lOiBwYXNzd29yZAogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAg
ICAgICAgICAgIFBhcmFtZXRlciB1c2FnZSBsb2NhdGlvbjogdG9rZW4gcmVxdWVzdAogICAgICAg
ICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIENoYW5nZSBjb250
cm9sbGVyOiBJRVRGCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAg
ICAgICAgICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBdXQog
ICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPC9saXN0PgogICAgICAgICAgPC90PgogICAg
ICAgICAgPHQ+CiAgICAgICAgICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4KICAgICAgICAgICAg
ICA8dD4KICAgICAgICAgICAgICAgIFBhcmFtZXRlciBuYW1lOiByZWZyZXNoX3Rva2VuCiAgICAg
ICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgUGFyYW1ldGVy
IHVzYWdlIGxvY2F0aW9uOiB0b2tlbiByZXF1ZXN0LCB0b2tlbiByZXNwb25zZQogICAgICAgICAg
ICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIENoYW5nZSBjb250cm9s
bGVyOiBJRVRGCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAg
ICAgICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBdXQogICAg
ICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPC9saXN0PgogICAgICAgICAgPC90PgogICAgICAg
IDwvc2VjdGlvbj4KCiAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSdUaGUg
T0F1dGggQXV0aG9yaXphdGlvbiBFbmRwb2ludCBSZXNwb25zZSBUeXBlIFJlZ2lzdHJ5JyBhbmNo
b3I9J3Jlc3BvbnNlLXR5cGUtcmVnaXN0cnknPgogICAgICAgIDx0PgogICAgICAgICAgVGhpcyBz
cGVjaWZpY2F0aW9uIGVzdGFibGlzaGVzIHRoZSBPQXV0aCBhdXRob3JpemF0aW9uIGVuZHBvaW50
IHJlc3BvbnNlIHR5cGUgcmVnaXN0cnkuCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAg
ICAgICBBZGRpdGlvbmFsIHJlc3BvbnNlIHR5cGUgZm9yIHVzZSB3aXRoIHRoZSBhdXRob3JpemF0
aW9uIGVuZHBvaW50IGFyZSByZWdpc3RlcmVkIHdpdGggYQogICAgICAgICAgICBTcGVjaWZpY2F0
aW9uIFJlcXVpcmVkICg8eHJlZiB0YXJnZXQ9J1JGQzUyMjYnIC8+KSBhZnRlciBhIHR3byB3ZWVr
cyByZXZpZXcgcGVyaW9kIG9uCiAgICAgICAgICAgIHRoZSBbVEJEXUBpZXRmLm9yZyBtYWlsaW5n
IGxpc3QsIG9uIHRoZSBhZHZpY2Ugb2Ygb25lIG9yIG1vcmUgRGVzaWduYXRlZCBFeHBlcnRzLgog
ICAgICAgICAgICBIb3dldmVyLCB0byBhbGxvdyBmb3IgdGhlIGFsbG9jYXRpb24gb2YgdmFsdWVz
IHByaW9yIHRvIHB1YmxpY2F0aW9uLCB0aGUgRGVzaWduYXRlZAogICAgICAgICAgICBFeHBlcnQo
cykgbWF5IGFwcHJvdmUgcmVnaXN0cmF0aW9uIG9uY2UgdGhleSBhcmUgc2F0aXNmaWVkIHRoYXQg
c3VjaCBhIHNwZWNpZmljYXRpb24KICAgICAgICAgICAgd2lsbCBiZSBwdWJsaXNoZWQuCiAgICAg
ICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgUmVnaXN0cmF0aW9uIHJlcXVlc3Rz
IG11c3QgYmUgc2VudCB0byB0aGUgW1RCRF1AaWV0Zi5vcmcgbWFpbGluZyBsaXN0IGZvciByZXZp
ZXcgYW5kCiAgICAgICAgICAgIGNvbW1lbnQsIHdpdGggYW4gYXBwcm9wcmlhdGUgc3ViamVjdCAo
ZS5nLiwgIlJlcXVlc3QgZm9yIHJlc3BvbnNlIHR5cGU6IGV4YW1wbGUiKS4KICAgICAgICAgICAg
W1sgTm90ZSB0byBSRkMtRURJVE9SOiBUaGUgbmFtZSBvZiB0aGUgbWFpbGluZyBsaXN0IHNob3Vs
ZCBiZSBkZXRlcm1pbmVkIGluIGNvbnN1bHRhdGlvbgogICAgICAgICAgICB3aXRoIHRoZSBJRVNH
IGFuZCBJQU5BLiBTdWdnZXN0ZWQgbmFtZTogb2F1dGgtZXh0LXJldmlldy4gXV0KICAgICAgICAg
IDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAgICBXaXRoaW4gdGhlIHJldmlldyBwZXJpb2Qs
IHRoZSBEZXNpZ25hdGVkIEV4cGVydChzKSB3aWxsIGVpdGhlciBhcHByb3ZlIG9yCiAgICAgICAg
ICAgIGRlbnkgdGhlIHJlZ2lzdHJhdGlvbiByZXF1ZXN0LCBjb21tdW5pY2F0aW5nIHRoaXMgZGVj
aXNpb24gdG8gdGhlIHJldmlldyBsaXN0IGFuZCBJQU5BLgogICAgICAgICAgICBEZW5pYWxzIHNo
b3VsZCBpbmNsdWRlIGFuIGV4cGxhbmF0aW9uIGFuZCwgaWYgYXBwbGljYWJsZSwgc3VnZ2VzdGlv
bnMgYXMgdG8gaG93IHRvIG1ha2UKICAgICAgICAgICAgdGhlIHJlcXVlc3Qgc3VjY2Vzc2Z1bC4K
ICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAgICBJQU5BIG11c3Qgb25seSBh
Y2NlcHQgcmVnaXN0cnkgdXBkYXRlcyBmcm9tIHRoZSBEZXNpZ25hdGVkIEV4cGVydChzKSwgYW5k
IHNob3VsZCBkaXJlY3QKICAgICAgICAgICAgYWxsIHJlcXVlc3RzIGZvciByZWdpc3RyYXRpb24g
dG8gdGhlIHJldmlldyBtYWlsaW5nIGxpc3QuCiAgICAgICAgICA8L3Q+CgoKICAgICAgICAgIDxz
ZWN0aW9uIHRpdGxlPSdSZWdpc3RyYXRpb24gVGVtcGxhdGUnPgogICAgICAgICAgPHQ+CiAgICAg
ICAgICAgIDxsaXN0IHN0eWxlPSdoYW5naW5nJz4KICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0n
UmVzcG9uc2UgdHlwZSBuYW1lOic+CiAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAg
ICAgICAgICBUaGUgbmFtZSByZXF1ZXN0ZWQgKGUuZy4sICJleGFtcGxlIikuCiAgICAgICAgICAg
ICAgPC90PgogICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdDaGFuZ2UgY29udHJvbGxlcjonPgog
ICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAgRm9yIHN0YW5kYXJkcy10
cmFjayBSRkNzLCBzdGF0ZSAiSUVURiIuIEZvciBvdGhlcnMsIGdpdmUgdGhlIG5hbWUgb2YgdGhl
CiAgICAgICAgICAgICAgICByZXNwb25zaWJsZSBwYXJ0eS4gT3RoZXIgZGV0YWlscyAoZS5nLiwg
cG9zdGFsIGFkZHJlc3MsIGUtbWFpbCBhZGRyZXNzLCBob21lIHBhZ2UKICAgICAgICAgICAgICAg
IFVSSSkgbWF5IGFsc28gYmUgaW5jbHVkZWQuCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAg
ICAgIDx0IGhhbmdUZXh0PSdTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOic+CiAgICAgICAgICAg
ICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICBSZWZlcmVuY2UgdG8gdGhlIGRvY3VtZW50
IHRoYXQgc3BlY2lmaWVzIHRoZSB0eXBlLCBwcmVmZXJhYmx5IGluY2x1ZGluZyBhIFVSSSB0aGF0
CiAgICAgICAgICAgICAgICBjYW4gYmUgdXNlZCB0byByZXRyaWV2ZSBhIGNvcHkgb2YgdGhlIGRv
Y3VtZW50LiBBbiBpbmRpY2F0aW9uIG9mIHRoZSByZWxldmFudAogICAgICAgICAgICAgICAgc2Vj
dGlvbnMgbWF5IGFsc28gYmUgaW5jbHVkZWQsIGJ1dCBpcyBub3QgcmVxdWlyZWQuCiAgICAgICAg
ICAgICAgPC90PgogICAgICAgICAgICA8L2xpc3Q+CiAgICAgICAgICA8L3Q+CiAgICAgICAgPC9z
ZWN0aW9uPgoKICAgICAgICA8c2VjdGlvbiB0aXRsZT0nSW5pdGlhbCBSZWdpc3RyeSBDb250ZW50
cyc+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgVGhlIE9BdXRoIEF1dGhvcml6YXRpb24gRW5k
cG9pbnQgUmVzcG9uc2UgVHlwZSBSZWdpc3RyeSdzIGluaXRpYWwgY29udGVudHMgYXJlOgogICAg
ICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xz
Jz4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFJlc3BvbnNlIHR5cGUgbmFtZTog
Y29kZQogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAg
IENoYW5nZSBjb250cm9sbGVyOiBJRVRGCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAg
IDx0PgogICAgICAgICAgICAgICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBk
b2N1bWVudCBdXQogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPC9saXN0PgogICAgICAg
ICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4K
ICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFJlc3BvbnNlIHR5cGUgbmFtZTogdG9r
ZW4KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBD
aGFuZ2UgY29udHJvbGxlcjogSUVURgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8
dD4KICAgICAgICAgICAgICAgIFNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6IFtbIHRoaXMgZG9j
dW1lbnQgXV0KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDwvbGlzdD4KICAgICAgICAg
IDwvdD4KICAgICAgICA8L3NlY3Rpb24+CgogICAgICA8L3NlY3Rpb24+CgogICAgICA8c2VjdGlv
biB0aXRsZT0nVGhlIE9BdXRoIEV4dGVuc2lvbnMgRXJyb3IgUmVnaXN0cnknIGFuY2hvcj0nZXJy
b3ItcmVnaXN0cnknPgogICAgICAgIDx0PgogICAgICAgICAgVGhpcyBzcGVjaWZpY2F0aW9uIGVz
dGFibGlzaGVzIHRoZSBPQXV0aCBleHRlbnNpb25zIGVycm9yIHJlZ2lzdHJ5LgogICAgICAgIDwv
dD4KICAgICAgICA8dD4KICAgICAgICAgIEFkZGl0aW9uYWwgZXJyb3IgY29kZXMgdXNlZCB0b2dl
dGhlciB3aXRoIG90aGVyIHByb3RvY29sIGV4dGVuc2lvbnMgKGkuZS4gZXh0ZW5zaW9uIGdyYW50
CiAgICAgICAgICB0eXBlcywgYWNjZXNzIHRva2VuIHR5cGVzLCBvciBleHRlbnNpb24gcGFyYW1l
dGVycykgYXJlIHJlZ2lzdGVyZWQgd2l0aCBhIFNwZWNpZmljYXRpb24KICAgICAgICAgIFJlcXVp
cmVkICg8eHJlZiB0YXJnZXQ9J1JGQzUyMjYnIC8+KSBhZnRlciBhIHR3byB3ZWVrcyByZXZpZXcg
cGVyaW9kIG9uIHRoZQogICAgICAgICAgW1RCRF1AaWV0Zi5vcmcgbWFpbGluZyBsaXN0LCBvbiB0
aGUgYWR2aWNlIG9mIG9uZSBvciBtb3JlIERlc2lnbmF0ZWQgRXhwZXJ0cy4gSG93ZXZlciwgdG8K
ICAgICAgICAgIGFsbG93IGZvciB0aGUgYWxsb2NhdGlvbiBvZiB2YWx1ZXMgcHJpb3IgdG8gcHVi
bGljYXRpb24sIHRoZSBEZXNpZ25hdGVkIEV4cGVydChzKSBtYXkKICAgICAgICAgIGFwcHJvdmUg
cmVnaXN0cmF0aW9uIG9uY2UgdGhleSBhcmUgc2F0aXNmaWVkIHRoYXQgc3VjaCBhIHNwZWNpZmlj
YXRpb24gd2lsbCBiZSBwdWJsaXNoZWQuCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAg
ICAgUmVnaXN0cmF0aW9uIHJlcXVlc3RzIG11c3QgYmUgc2VudCB0byB0aGUgW1RCRF1AaWV0Zi5v
cmcgbWFpbGluZyBsaXN0IGZvciByZXZpZXcgYW5kCiAgICAgICAgICBjb21tZW50LCB3aXRoIGFu
IGFwcHJvcHJpYXRlIHN1YmplY3QgKGUuZy4sICJSZXF1ZXN0IGZvciBlcnJvciBjb2RlOiBleGFt
cGxlIikuCiAgICAgICAgICBbWyBOb3RlIHRvIFJGQy1FRElUT1I6IFRoZSBuYW1lIG9mIHRoZSBt
YWlsaW5nIGxpc3Qgc2hvdWxkIGJlIGRldGVybWluZWQgaW4gY29uc3VsdGF0aW9uCiAgICAgICAg
ICB3aXRoIHRoZSBJRVNHIGFuZCBJQU5BLiBTdWdnZXN0ZWQgbmFtZTogb2F1dGgtZXh0LXJldmll
dy4gXV0KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBXaXRoaW4gdGhlIHJldmll
dyBwZXJpb2QsIHRoZSBEZXNpZ25hdGVkIEV4cGVydChzKSB3aWxsIGVpdGhlciBhcHByb3ZlIG9y
CiAgICAgICAgICBkZW55IHRoZSByZWdpc3RyYXRpb24gcmVxdWVzdCwgY29tbXVuaWNhdGluZyB0
aGlzIGRlY2lzaW9uIHRvIHRoZSByZXZpZXcgbGlzdCBhbmQgSUFOQS4KICAgICAgICAgIERlbmlh
bHMgc2hvdWxkIGluY2x1ZGUgYW4gZXhwbGFuYXRpb24gYW5kLCBpZiBhcHBsaWNhYmxlLCBzdWdn
ZXN0aW9ucyBhcyB0byBob3cgdG8gbWFrZQogICAgICAgICAgdGhlIHJlcXVlc3Qgc3VjY2Vzc2Z1
bC4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBJQU5BIG11c3Qgb25seSBhY2Nl
cHQgcmVnaXN0cnkgdXBkYXRlcyBmcm9tIHRoZSBEZXNpZ25hdGVkIEV4cGVydChzKSwgYW5kIHNo
b3VsZCBkaXJlY3QKICAgICAgICAgIGFsbCByZXF1ZXN0cyBmb3IgcmVnaXN0cmF0aW9uIHRvIHRo
ZSByZXZpZXcgbWFpbGluZyBsaXN0LgogICAgICAgIDwvdD4KCgogICAgICAgIDxzZWN0aW9uIHRp
dGxlPSdSZWdpc3RyYXRpb24gVGVtcGxhdGUnPgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIDxs
aXN0IHN0eWxlPSdoYW5naW5nJz4KICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0nRXJyb3IgbmFt
ZTonPgogICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAgVGhlIG5hbWUg
cmVxdWVzdGVkIChlLmcuLCAiZXhhbXBsZSIpLgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAg
ICAgICA8dCBoYW5nVGV4dD0nRXJyb3IgdXNhZ2UgbG9jYXRpb246Jz4KICAgICAgICAgICAgICAg
IDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgIFRoZSBsb2NhdGlvbihzKSB3aGVyZSB0aGUgZXJy
b3IgY2FuIGJlIHVzZWQuIFRoZSBwb3NzaWJsZSBsb2NhdGlvbnMgYXJlOgogICAgICAgICAgICAg
ICAgYXV0aG9yaXphdGlvbiBjb2RlIGdyYW50IGVycm9yIHJlc3BvbnNlICg8eHJlZiB0YXJnZXQ9
J2NvZGUtYXV0aHotZXJyb3InIC8+KSwKICAgICAgICAgICAgICAgIGltcGxpY2l0IGdyYW50IGVy
cm9yIHJlc3BvbnNlICg8eHJlZiB0YXJnZXQ9J2ltcGxpY2l0LWF1dGh6LWVycm9yJyAvPiksCgkJ
dG9rZW4gZXJyb3IgcmVzcG9uc2UgKDx4cmVmIHRhcmdldD0ndG9rZW4tZXJyb3JzJyAvPiksIG9y
CgkJcmVzb3VyY2UgYWNjZXNzIGVycm9yIHJlc3BvbnNlICg8eHJlZiB0YXJnZXQ9J3Jlc291cmNl
LWVycm9ycycgLz4pLgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dCBoYW5nVGV4
dD0nUmVsYXRlZCBwcm90b2NvbCBleHRlbnNpb246Jz4KICAgICAgICAgICAgICAgIDx2c3BhY2Ug
Lz4KICAgICAgICAgICAgICAgIFRoZSBuYW1lIG9mIHRoZSBleHRlbnNpb24gZ3JhbnQgdHlwZSwg
YWNjZXNzIHRva2VuIHR5cGUsIG9yIGV4dGVuc2lvbiBwYXJhbWV0ZXIsCiAgICAgICAgICAgICAg
ICB0aGUgZXJyb3IgY29kZSBpcyB1c2VkIGluIGNvbmp1bmN0aW9uIHdpdGguCiAgICAgICAgICAg
ICAgPC90PgogICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdDaGFuZ2UgY29udHJvbGxlcjonPgog
ICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAgRm9yIHN0YW5kYXJkcy10
cmFjayBSRkNzLCBzdGF0ZSAiSUVURiIuIEZvciBvdGhlcnMsIGdpdmUgdGhlIG5hbWUgb2YgdGhl
CiAgICAgICAgICAgICAgICByZXNwb25zaWJsZSBwYXJ0eS4gT3RoZXIgZGV0YWlscyAoZS5nLiwg
cG9zdGFsIGFkZHJlc3MsIGUtbWFpbCBhZGRyZXNzLCBob21lIHBhZ2UKICAgICAgICAgICAgICAg
IFVSSSkgbWF5IGFsc28gYmUgaW5jbHVkZWQuCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAg
ICAgIDx0IGhhbmdUZXh0PSdTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOic+CiAgICAgICAgICAg
ICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICBSZWZlcmVuY2UgdG8gdGhlIGRvY3VtZW50
IHRoYXQgc3BlY2lmaWVzIHRoZSBlcnJvciBjb2RlLCBwcmVmZXJhYmx5IGluY2x1ZGluZyBhIFVS
SQogICAgICAgICAgICAgICAgdGhhdCBjYW4gYmUgdXNlZCB0byByZXRyaWV2ZSBhIGNvcHkgb2Yg
dGhlIGRvY3VtZW50LiBBbiBpbmRpY2F0aW9uIG9mIHRoZSByZWxldmFudAogICAgICAgICAgICAg
ICAgc2VjdGlvbnMgbWF5IGFsc28gYmUgaW5jbHVkZWQsIGJ1dCBpcyBub3QgcmVxdWlyZWQuCiAg
ICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8L2xpc3Q+CiAgICAgICAgICA8L3Q+CiAgICAg
ICAgPC9zZWN0aW9uPgoKICAgICAgPC9zZWN0aW9uPgoKICAgIDwvc2VjdGlvbj4KCiAgPC9taWRk
bGU+CgogIDxiYWNrPgoKICAgIDxyZWZlcmVuY2VzIHRpdGxlPSdOb3JtYXRpdmUgUmVmZXJlbmNl
cyc+CgogICAgICA8P3JmYyBpbmNsdWRlPSdodHRwOi8veG1sLnJlc291cmNlLm9yZy9wdWJsaWMv
cmZjL2JpYnhtbC9yZWZlcmVuY2UuUkZDLjIxMTkueG1sJyA/PgogICAgICA8P3JmYyBpbmNsdWRl
PSdodHRwOi8veG1sLnJlc291cmNlLm9yZy9wdWJsaWMvcmZjL2JpYnhtbC9yZWZlcmVuY2UuUkZD
LjIyNDYueG1sJyA/PgogICAgICA8P3JmYyBpbmNsdWRlPSdodHRwOi8veG1sLnJlc291cmNlLm9y
Zy9wdWJsaWMvcmZjL2JpYnhtbC9yZWZlcmVuY2UuUkZDLjI2MTYueG1sJyA/PgogICAgICA8P3Jm
YyBpbmNsdWRlPSdodHRwOi8veG1sLnJlc291cmNlLm9yZy9wdWJsaWMvcmZjL2JpYnhtbC9yZWZl
cmVuY2UuUkZDLjI2MTcueG1sJyA/PgogICAgICA8P3JmYyBpbmNsdWRlPSdodHRwOi8veG1sLnJl
c291cmNlLm9yZy9wdWJsaWMvcmZjL2JpYnhtbC9yZWZlcmVuY2UuUkZDLjI4MTgueG1sJyA/Pgog
ICAgICA8P3JmYyBpbmNsdWRlPSdodHRwOi8veG1sLnJlc291cmNlLm9yZy9wdWJsaWMvcmZjL2Jp
YnhtbC9yZWZlcmVuY2UuUkZDLjM5ODYueG1sJyA/PgogICAgICA8P3JmYyBpbmNsdWRlPSdodHRw
Oi8veG1sLnJlc291cmNlLm9yZy9wdWJsaWMvcmZjL2JpYnhtbC9yZWZlcmVuY2UuUkZDLjQ2Mjcu
eG1sJyA/PgogICAgICA8P3JmYyBpbmNsdWRlPSdodHRwOi8veG1sLnJlc291cmNlLm9yZy9wdWJs
aWMvcmZjL2JpYnhtbC9yZWZlcmVuY2UuUkZDLjQ5NDkueG1sJyA/PgogICAgICA8P3JmYyBpbmNs
dWRlPSdodHRwOi8veG1sLnJlc291cmNlLm9yZy9wdWJsaWMvcmZjL2JpYnhtbC9yZWZlcmVuY2Uu
UkZDLjUyMjYueG1sJyA/PgogICAgICA8P3JmYyBpbmNsdWRlPSdodHRwOi8veG1sLnJlc291cmNl
Lm9yZy9wdWJsaWMvcmZjL2JpYnhtbC9yZWZlcmVuY2UuUkZDLjUyMzQueG1sJyA/PgogICAgICA8
P3JmYyBpbmNsdWRlPSdodHRwOi8veG1sLnJlc291cmNlLm9yZy9wdWJsaWMvcmZjL2JpYnhtbC9y
ZWZlcmVuY2UuUkZDLjUyNDYueG1sJyA/PgogICAgICA8P3JmYyBpbmNsdWRlPSdodHRwOi8veG1s
LnJlc291cmNlLm9yZy9wdWJsaWMvcmZjL2JpYnhtbC9yZWZlcmVuY2UuUkZDLjYxMjUueG1sJyA/
PgogICAgICA8P3JmYyBpbmNsdWRlPSdodHRwOi8veG1sLnJlc291cmNlLm9yZy9wdWJsaWMvcmZj
L2JpYnhtbDQvcmVmZXJlbmNlLlczQy5SRUMtaHRtbDQwMS0xOTk5MTIyNC54bWwnID8+CgogICAg
ICA8cmVmZXJlbmNlIGFuY2hvcj0iVVNBU0NJSSI+Cgk8ZnJvbnQ+CgkgIDx0aXRsZT5Db2RlZCBD
aGFyYWN0ZXIgU2V0IC0tIDctYml0IEFtZXJpY2FuIFN0YW5kYXJkIENvZGUgZm9yIEluZm9ybWF0
aW9uIEludGVyY2hhbmdlPC90aXRsZT4KCSAgPGF1dGhvcj4KCSAgICA8b3JnYW5pemF0aW9uPkFt
ZXJpY2FuIE5hdGlvbmFsIFN0YW5kYXJkcyBJbnN0aXR1dGU8L29yZ2FuaXphdGlvbj4KCSAgPC9h
dXRob3I+CgkgIDxkYXRlIHllYXI9IjE5ODYiLz4KCTwvZnJvbnQ+Cgk8c2VyaWVzSW5mbyBuYW1l
PSJBTlNJIiB2YWx1ZT0iWDMuNCIvPgogICAgICA8L3JlZmVyZW5jZT4KCiAgICA8L3JlZmVyZW5j
ZXM+CgogICAgPHJlZmVyZW5jZXMgdGl0bGU9J0luZm9ybWF0aXZlIFJlZmVyZW5jZXMnPgoKICAg
ICAgPD9yZmMgaW5jbHVkZT0naHR0cDovL3htbC5yZXNvdXJjZS5vcmcvcHVibGljL3JmYy9iaWJ4
bWwvcmVmZXJlbmNlLlJGQy41ODQ5LnhtbCcgPz4KICAgICAgPD9yZmMgaW5jbHVkZT0naHR0cDov
L3htbC5yZXNvdXJjZS5vcmcvcHVibGljL3JmYy9iaWJ4bWwzL3JlZmVyZW5jZS5JLUQuZHJhZnQt
aWV0Zi1vYXV0aC12Mi1iZWFyZXItMTkueG1sJyA/PgogICAgICA8P3JmYyBpbmNsdWRlPSdodHRw
Oi8veG1sLnJlc291cmNlLm9yZy9wdWJsaWMvcmZjL2JpYnhtbDMvcmVmZXJlbmNlLkktRC5kcmFm
dC1pZXRmLW9hdXRoLXNhbWwyLWJlYXJlci0xMi54bWwnID8+CiAgICAgIDw/cmZjIGluY2x1ZGU9
J2h0dHA6Ly94bWwucmVzb3VyY2Uub3JnL3B1YmxpYy9yZmMvYmlieG1sMy9yZWZlcmVuY2UuSS1E
LmRyYWZ0LWlldGYtb2F1dGgtdjItaHR0cC1tYWMtMDEueG1sJyA/PgogICAgICA8P3JmYyBpbmNs
dWRlPSdodHRwOi8veG1sLnJlc291cmNlLm9yZy9wdWJsaWMvcmZjL2JpYnhtbDMvcmVmZXJlbmNl
LkktRC5kcmFmdC1pZXRmLW9hdXRoLXYyLXRocmVhdG1vZGVsLTAyLnhtbCcgPz4KICAgICAgPD9y
ZmMgaW5jbHVkZT0naHR0cDovL3htbC5yZXNvdXJjZS5vcmcvcHVibGljL3JmYy9iaWJ4bWwyL3Jl
ZmVyZW5jZS5PQVNJUy5zYW1sLWNvcmUtMi4wLW9zLnhtbCcgPz4KCiAgICAgIDxyZWZlcmVuY2Ug
YW5jaG9yPSJJLUQuZHJhZnQtaGFyZHQtb2F1dGgtMDEiPgogICAgICAgIDxmcm9udD4KICAgICAg
ICAgIDx0aXRsZT5PQXV0aCBXZWIgUmVzb3VyY2UgQXV0aG9yaXphdGlvbiBQcm9maWxlczwvdGl0
bGU+CiAgICAgICAgICA8YXV0aG9yIGluaXRpYWxzPSJEIiBzdXJuYW1lPSJIYXJkdCIgZnVsbG5h
bWU9IkRpY2sgSGFyZHQiIHJvbGU9ImVkaXRvciIgLz4KICAgICAgICAgIDxhdXRob3IgaW5pdGlh
bHM9IkEiIHN1cm5hbWU9IlRvbSIgZnVsbG5hbWU9IkFsbGVuIFRvbSIgLz4KICAgICAgICAgIDxh
dXRob3IgaW5pdGlhbHM9IkIiIHN1cm5hbWU9IkVhdG9uIiBmdWxsbmFtZT0iQnJpYW4gRWF0b24i
IC8+CiAgICAgICAgICA8YXV0aG9yIGluaXRpYWxzPSJZIiBzdXJuYW1lPSJHb2xhbmQiIGZ1bGxu
YW1lPSJZYXJvbiBHb2xhbmQiIC8+CiAgICAgICAgICA8ZGF0ZSBtb250aD0iSmFudWFyeSIgZGF5
PSIxNSIgeWVhcj0iMjAxMCIgLz4KICAgICAgICA8L2Zyb250PgogICAgICAgIDxmb3JtYXQgdGFy
Z2V0PSJodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1oYXJkdC1vYXV0aC0wMSIgdHlw
ZT0iSFRNTCIgLz4KICAgICAgPC9yZWZlcmVuY2U+CgogICAgPC9yZWZlcmVuY2VzPgoKICAgIDxz
ZWN0aW9uIHRpdGxlPSdBY2tub3dsZWRnZW1lbnRzJz4KICAgICAgPHQ+CiAgICAgICAgVGhlIGlu
aXRpYWwgT0F1dGggMi4wIHByb3RvY29sIHNwZWNpZmljYXRpb24gd2FzIGVkaXRlZCBieSBEYXZp
ZCBSZWNvcmRvbiwgYmFzZWQgb24gdHdvCiAgICAgICAgcHJldmlvdXMgcHVibGljYXRpb25zOiB0
aGUgT0F1dGggMS4wIGNvbW11bml0eSBzcGVjaWZpY2F0aW9uIDx4cmVmIHRhcmdldD0nUkZDNTg0
OScgLz4sIGFuZAogICAgICAgIE9BdXRoIFdSQVAgKE9BdXRoIFdlYiBSZXNvdXJjZSBBdXRob3Jp
emF0aW9uIFByb2ZpbGVzKQogICAgICAgIDx4cmVmIHRhcmdldD0nSS1ELmRyYWZ0LWhhcmR0LW9h
dXRoLTAxJyAvPi4gVGhlIFNlY3VyaXR5IENvbnNpZGVyYXRpb25zIHNlY3Rpb24gd2FzIGRyYWZ0
ZWQKICAgICAgICBieSBUb3JzdGVuIExvZGRlcnN0ZWR0LCBNYXJrIE1jR2xvaW4sIFBoaWwgSHVu
dCwgYW5kIEFudGhvbnkgTmFkYWxpbi4KICAgICAgPC90PgogICAgICA8dD4KICAgICAgICBUaGUg
T0F1dGggMS4wIGNvbW11bml0eSBzcGVjaWZpY2F0aW9uIHdhcyBlZGl0ZWQgYnkgRXJhbiBIYW1t
ZXIgYW5kIGF1dGhvcmVkIGJ5CiAgICAgICAgTWFyayBBdHdvb2QsIERpcmsgQmFsZmFueiwgRGFy
cmVuIEJvdW5kcywgUmljaGFyZCBNLiBDb25sYW4sIEJsYWluZSBDb29rLCBMZWFoIEN1bHZlciwK
ICAgICAgICBCcmVubyBkZSBNZWRlaXJvcywgQnJpYW4gRWF0b24sIEtlbGxhbiBFbGxpb3R0LU1j
Q3JlYSwgTGFycnkgSGFsZmYsIEVyYW4gSGFtbWVyLAogICAgICAgIEJlbiBMYXVyaWUsIENocmlz
IE1lc3NpbmEsIEpvaG4gUGFuemVyLCBTYW0gUXVpZ2xleSwgRGF2aWQgUmVjb3Jkb24sIEVyYW4g
U2FuZGxlciwKICAgICAgICBKb25hdGhhbiBTZXJnZW50LCBUb2RkIFNpZWxpbmcsIEJyaWFuIFNs
ZXNpbnNreSwgYW5kIEFuZHkgU21pdGguCiAgICAgIDwvdD4KICAgICAgPHQ+CiAgICAgICAgVGhl
IE9BdXRoIFdSQVAgc3BlY2lmaWNhdGlvbiB3YXMgZWRpdGVkIGJ5IERpY2sgSGFyZHQgYW5kIGF1
dGhvcmVkIGJ5IEJyaWFuIEVhdG9uLAogICAgICAgIFlhcm9uIFkuIEdvbGFuZCwgRGljayBIYXJk
dCwgYW5kIEFsbGVuIFRvbS4KICAgICAgPC90PgogICAgICA8dD4KICAgICAgICBUaGlzIHNwZWNp
ZmljYXRpb24gaXMgdGhlIHdvcmsgb2YgdGhlIE9BdXRoIFdvcmtpbmcgR3JvdXAgd2hpY2ggaW5j
bHVkZXMgZG96ZW5zIG9mIGFjdGl2ZQogICAgICAgIGFuZCBkZWRpY2F0ZWQgcGFydGljaXBhbnRz
LiBJbiBwYXJ0aWN1bGFyLCB0aGUgZm9sbG93aW5nIGluZGl2aWR1YWxzIGNvbnRyaWJ1dGVkIGlk
ZWFzLAogICAgICAgIGZlZWRiYWNrLCBhbmQgd29yZGluZyB3aGljaCBzaGFwZWQgYW5kIGZvcm1l
ZCB0aGUgZmluYWwgc3BlY2lmaWNhdGlvbjoKICAgICAgPC90PgogICAgICA8dD4KICAgICAgICBN
aWNoYWVsIEFkYW1zLCBBbWFuZGEgQW5nYW5lcywgQW5kcmV3IEFybm90dCwgRGlyayBCYWxmYW56
LCBBaWRlbiBCZWxsLCBCcmlhbiBDYW1wYmVsbCwKICAgICAgICBTY290dCBDYW50b3IsIE1hcmNv
cyBDYWNlcmVzLCBCbGFpbmUgQ29vaywgUm9nZXIgQ3JldywgQnJpYW4gRWF0b24sIFdlc2xleSBF
ZGR5LCBMZWFoIEN1bHZlciwKICAgICAgICBCaWxsIGRlIGhPcmEsIEFuZHJlIERlTWFycmUsIEJy
aWFuIEVhdG9uLCBXb2x0ZXIgRWxkZXJpbmcsIEJyaWFuIEVsbGluLCBJZ29yIEZheW5iZXJnLAog
ICAgICAgIEdlb3JnZSBGbGV0Y2hlciwgVGltIEZyZWVtYW4sIEx1Y2EgRnJvc2luaSwgRXZhbiBH
aWxiZXJ0LCBZYXJvbiBZLiBHb2xhbmQsIEJyZW50IEdvbGRtYW4sCiAgICAgICAgS3Jpc3RvZmZl
ciBHcm9ub3dza2ksIEp1c3RpbiBIYXJ0LCBEaWNrIEhhcmR0LCBDcmFpZyBIZWF0aCwgUGhpbCBI
dW50LCBNaWNoYWVsIEIuIEpvbmVzLAogICAgICAgIFRlcnJ5IEpvbmVzLCBKb2huIEtlbXAsIE1h
cmsgS2VudCwgUmFmZmkgS3Jpa29yaWFuLCBDaGFzZW4gTGUgSGFyYSwgUmFzbXVzIExlcmRvcmYs
CiAgICAgICAgVG9yc3RlbiBMb2RkZXJzdGVkdCwgSHVpLUxhbiBMdSwgQ2FzZXkgTHVjYXMsIFBh
dWwgTWFkc2VuLCBBbGFzdGFpciBNYWlyLCBFdmUgTWFsZXIsCiAgICAgICAgSmFtZXMgTWFuZ2Vy
LCBNYXJrIE1jR2xvaW4sIExhdXJlbmNlIE1pYW8sIFdpbGxpYW0gTWlsbHMsIENodWNrIE1vcnRp
bW9yZSwgQW50aG9ueSBOYWRhbGluLAogICAgICAgIEp1bGlhbiBSZXNjaGtlLCBKdXN0aW4gUmlj
aGVyLCBQZXRlciBTYWludC1BbmRyZSwgTmF0IFNha2ltdXJhLCBSb2IgU2F5cmUsCiAgICAgICAg
TWFyaXVzIFNjdXJ0ZXNjdSwgTmFpdGlrIFNoYWgsIEx1a2UgU2hlcGFyZCwgVmxhZCBTa3ZvcnRz
b3YsIEp1c3RpbiBTbWl0aCwgSGFpYmluIFNvbmcsCiAgICAgICAgTml2IFN0ZWluZ2FydGVuLCBD
aHJpc3RpYW4gU3R1Ym5lciwgSmVyZW15IFN1cmllbCwgUGF1bCBUYXJqYW4sIENocmlzdG9waGVy
IFRob21hcywKICAgICAgICBIZW5yeSBTLiBUaG9tcHNvbiwgQWxsZW4gVG9tLCBGcmFua2xpbiBU
c2UsIE5pY2sgV2Fsa2VyLCBTaGFuZSBXZWVkZW4sIGFuZCBTa3lsYXIgV29vZHdhcmQuCiAgICAg
IDwvdD4KICAgICAgPHQ+CiAgICAgICAgVGhpcyBkb2N1bWVudCB3YXMgcHJvZHVjZWQgdW5kZXIg
dGhlIGNoYWlybWFuc2hpcCBvZiBCbGFpbmUgQ29vaywgUGV0ZXIgU2FpbnQtQW5kcmUsCiAgICAg
ICAgSGFubmVzIFRzY2hvZmVuaWcsIEJhcnJ5IExlaWJhLCBhbmQgRGVyZWsgQXRraW5zLiBUaGUg
YXJlYSBkaXJlY3RvcnMgaW5jbHVkZWQgTGlzYSBEdXNzZWF1bHQsCiAgICAgICAgUGV0ZXIgU2Fp
bnQtQW5kcmUsIGFuZCBTdGVwaGVuIEZhcnJlbGwuCiAgICAgIDwvdD4KICAgIDwvc2VjdGlvbj4K
CiAgICA8c2VjdGlvbiB0aXRsZT0iRWRpdG9yJ3MgTm90ZXMiPgogICAgICA8dD4KICAgICAgICBX
aGlsZSBtYW55IHBlb3BsZSBjb250cmlidXRlZCB0byB0aGlzIHNwZWNpZmljYXRpb24gdGhyb3Vn
aG91dCBpdHMgbG9uZyBqb3VybmV5LCB0aGUgZWRpdG9yCiAgICAgICAgd291bGQgbGlrZSB0byBh
Y2tub3dsZWRnZSBhbmQgdGhhbmsgYSBmZXcgaW5kaXZpZHVhbHMgZm9yIHRoZWlyIG91dHN0YW5k
aW5nIGFuZCBpbnZhbHVhYmxlCiAgICAgICAgZWZmb3J0cyBsZWFkaW5nIHVwIHRvIHRoZSBwdWJs
aWNhdGlvbiBvZiB0aGlzIHNwZWNpZmljYXRpb24uCiAgICAgIDwvdD4KICAgICAgPHQ+CiAgICAg
ICAgRGF2aWQgUmVjb3Jkb24gZm9yIGNvbnRpbnVvdXNseSBiZWluZyBvbmUgb2YgT0F1dGgncyBt
b3N0IHZhbHVhYmxlIGFzc2V0cywgYnJpbmdpbmcKICAgICAgICBwcmFnbWF0aXNtIGFuZCB1cmdl
bmN5IHRvIHRoZSB3b3JrLCBhbmQgaGVscGluZyBzaGFwZSBpdCBmcm9tIGl0cyB2ZXJ5IGJlZ2lu
bmluZywgYXMgd2VsbAogICAgICAgIGFzIGJlaW5nIG9uZSBvZiB0aGUgYmVzdCBjb2xsYWJvcmF0
b3JzIEkgaGFkIHRoZSBwbGVhc3VyZSBvZiB3b3JraW5nIHdpdGguCiAgICAgIDwvdD4KICAgICAg
PHQ+CiAgICAgICAgSmFtZXMgTWFuZ2VyIGZvciBoaXMgY3JlYXRpdmUgaWRlYXMgYW5kIGFsd2F5
cyBpbnNpZ2h0ZnVsIGZlZWRiYWNrLiBCcmlhbiBDYW1wYmVsbCwKICAgICAgICBUb3JzdGVuIExv
ZGRlcnN0ZWR0LCBDaHVjayBNb3J0aW1vcmUsIEp1c3RpbiBSaWNoZXIsIE1hcml1cyBTY3VydGVz
Y3UsIGFuZCBMdWtlIFNoZXBhcmQgZm9yCiAgICAgICAgdGhlaXIgY29udGludWVkIHBhcnRpY2lw
YXRpb24gYW5kIHZhbHVhYmxlIGZlZWRiYWNrLgogICAgICA8L3Q+CiAgICAgIDx0PgogICAgICAg
IFNwZWNpYWwgdGhhbmtzIGdvZXMgdG8gTWlrZSBDdXJ0aXMgYW5kIFlhaG9vISBmb3IgdGhlaXIg
dW5jb25kaXRpb25hbCBzdXBwb3J0IG9mIHRoaXMgd29yawogICAgICAgIGZvciBvdmVyIHRocmVl
IHllYXJzLgogICAgICA8L3Q+CiAgICA8L3NlY3Rpb24+CgogIDwvYmFjaz4KCjwvcmZjPgo=

--_006_4E1F6AAD24975D4BA5B168042967394366516960TK5EX14MBXC284r_
Content-Type: text/plain; name="draft-ietf-oauth-v2-26+mbj.txt"
Content-Description: draft-ietf-oauth-v2-26+mbj.txt
Content-Disposition: attachment; filename="draft-ietf-oauth-v2-26+mbj.txt";
	size=152271; creation-date="Thu, 24 May 2012 02:23:53 GMT";
	modification-date="Thu, 24 May 2012 01:27:26 GMT"
Content-Transfer-Encoding: base64

CgoKTmV0d29yayBXb3JraW5nIEdyb3VwICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgIEUuIEhhbW1lciwgRWQuCkludGVybmV0LURyYWZ0Ck9ic29sZXRlczogNTg0OSAoaWYgYXBw
cm92ZWQpICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBELiBSZWNvcmRvbgpJbnRlbmRl
ZCBzdGF0dXM6IFN0YW5kYXJkcyBUcmFjayAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
RmFjZWJvb2sKRXhwaXJlczogTm92ZW1iZXIgMjUsIDIwMTIgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgIEQuIEhhcmR0CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE1pY3Jvc29mdAogICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBNYXkgMjQsIDIwMTIK
CgogICAgICAgICAgICAgICAgIFRoZSBPQXV0aCAyLjAgQXV0aG9yaXphdGlvbiBGcmFtZXdvcmsK
ICAgICAgICAgICAgICAgICAgICAgICAgIGRyYWZ0LWlldGYtb2F1dGgtdjItMjcKCkFic3RyYWN0
CgogICBUaGUgT0F1dGggMi4wIGF1dGhvcml6YXRpb24gZnJhbWV3b3JrIGVuYWJsZXMgYSB0aGly
ZC1wYXJ0eQogICBhcHBsaWNhdGlvbiB0byBvYnRhaW4gbGltaXRlZCBhY2Nlc3MgdG8gYW4gSFRU
UCBzZXJ2aWNlLCBlaXRoZXIgb24KICAgYmVoYWxmIG9mIGEgcmVzb3VyY2Ugb3duZXIgYnkgb3Jj
aGVzdHJhdGluZyBhbiBhcHByb3ZhbCBpbnRlcmFjdGlvbgogICBiZXR3ZWVuIHRoZSByZXNvdXJj
ZSBvd25lciBhbmQgdGhlIEhUVFAgc2VydmljZSwgb3IgYnkgYWxsb3dpbmcgdGhlCiAgIHRoaXJk
LXBhcnR5IGFwcGxpY2F0aW9uIHRvIG9idGFpbiBhY2Nlc3Mgb24gaXRzIG93biBiZWhhbGYuICBU
aGlzCiAgIHNwZWNpZmljYXRpb24gcmVwbGFjZXMgYW5kIG9ic29sZXRlcyB0aGUgT0F1dGggMS4w
IHByb3RvY29sIGRlc2NyaWJlZAogICBpbiBSRkMgNTg0OS4KClN0YXR1cyBvZiB0aGlzIE1lbW8K
CiAgIFRoaXMgSW50ZXJuZXQtRHJhZnQgaXMgc3VibWl0dGVkIGluIGZ1bGwgY29uZm9ybWFuY2Ug
d2l0aCB0aGUKICAgcHJvdmlzaW9ucyBvZiBCQ1AgNzggYW5kIEJDUCA3OS4KCiAgIEludGVybmV0
LURyYWZ0cyBhcmUgd29ya2luZyBkb2N1bWVudHMgb2YgdGhlIEludGVybmV0IEVuZ2luZWVyaW5n
CiAgIFRhc2sgRm9yY2UgKElFVEYpLiAgTm90ZSB0aGF0IG90aGVyIGdyb3VwcyBtYXkgYWxzbyBk
aXN0cmlidXRlCiAgIHdvcmtpbmcgZG9jdW1lbnRzIGFzIEludGVybmV0LURyYWZ0cy4gIFRoZSBs
aXN0IG9mIGN1cnJlbnQgSW50ZXJuZXQtCiAgIERyYWZ0cyBpcyBhdCBodHRwOi8vZGF0YXRyYWNr
ZXIuaWV0Zi5vcmcvZHJhZnRzL2N1cnJlbnQvLgoKICAgSW50ZXJuZXQtRHJhZnRzIGFyZSBkcmFm
dCBkb2N1bWVudHMgdmFsaWQgZm9yIGEgbWF4aW11bSBvZiBzaXggbW9udGhzCiAgIGFuZCBtYXkg
YmUgdXBkYXRlZCwgcmVwbGFjZWQsIG9yIG9ic29sZXRlZCBieSBvdGhlciBkb2N1bWVudHMgYXQg
YW55CiAgIHRpbWUuICBJdCBpcyBpbmFwcHJvcHJpYXRlIHRvIHVzZSBJbnRlcm5ldC1EcmFmdHMg
YXMgcmVmZXJlbmNlCiAgIG1hdGVyaWFsIG9yIHRvIGNpdGUgdGhlbSBvdGhlciB0aGFuIGFzICJ3
b3JrIGluIHByb2dyZXNzLiIKCiAgIFRoaXMgSW50ZXJuZXQtRHJhZnQgd2lsbCBleHBpcmUgb24g
Tm92ZW1iZXIgMjUsIDIwMTIuCgpDb3B5cmlnaHQgTm90aWNlCgogICBDb3B5cmlnaHQgKGMpIDIw
MTIgSUVURiBUcnVzdCBhbmQgdGhlIHBlcnNvbnMgaWRlbnRpZmllZCBhcyB0aGUKICAgZG9jdW1l
bnQgYXV0aG9ycy4gIEFsbCByaWdodHMgcmVzZXJ2ZWQuCgogICBUaGlzIGRvY3VtZW50IGlzIHN1
YmplY3QgdG8gQkNQIDc4IGFuZCB0aGUgSUVURiBUcnVzdCdzIExlZ2FsCiAgIFByb3Zpc2lvbnMg
UmVsYXRpbmcgdG8gSUVURiBEb2N1bWVudHMKICAgKGh0dHA6Ly90cnVzdGVlLmlldGYub3JnL2xp
Y2Vuc2UtaW5mbykgaW4gZWZmZWN0IG9uIHRoZSBkYXRlIG9mCiAgIHB1YmxpY2F0aW9uIG9mIHRo
aXMgZG9jdW1lbnQuICBQbGVhc2UgcmV2aWV3IHRoZXNlIGRvY3VtZW50cwoKCgpIYW1tZXIsIGV0
IGFsLiAgICAgICAgICBFeHBpcmVzIE5vdmVtYmVyIDI1LCAyMDEyICAgICAgICAgICAgICAgW1Bh
Z2UgMV0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAg
ICAgICAgICAgICAgICAgTWF5IDIwMTIKCgogICBjYXJlZnVsbHksIGFzIHRoZXkgZGVzY3JpYmUg
eW91ciByaWdodHMgYW5kIHJlc3RyaWN0aW9ucyB3aXRoIHJlc3BlY3QKICAgdG8gdGhpcyBkb2N1
bWVudC4gIENvZGUgQ29tcG9uZW50cyBleHRyYWN0ZWQgZnJvbSB0aGlzIGRvY3VtZW50IG11c3QK
ICAgaW5jbHVkZSBTaW1wbGlmaWVkIEJTRCBMaWNlbnNlIHRleHQgYXMgZGVzY3JpYmVkIGluIFNl
Y3Rpb24gNC5lIG9mCiAgIHRoZSBUcnVzdCBMZWdhbCBQcm92aXNpb25zIGFuZCBhcmUgcHJvdmlk
ZWQgd2l0aG91dCB3YXJyYW50eSBhcwogICBkZXNjcmliZWQgaW4gdGhlIFNpbXBsaWZpZWQgQlNE
IExpY2Vuc2UuCgoKVGFibGUgb2YgQ29udGVudHMKCiAgIDEuICBJbnRyb2R1Y3Rpb24gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgNQogICAgIDEuMS4g
ICBSb2xlcyAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gIDYKICAgICAxLjIuICAgUHJvdG9jb2wgRmxvdyAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuICA3CiAgICAgMS4zLiAgIEF1dGhvcml6YXRpb24gR3JhbnQgLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgOAogICAgICAgMS4zLjEuICBBdXRo
b3JpemF0aW9uIENvZGUgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDgKICAg
ICAgIDEuMy4yLiAgSW1wbGljaXQgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuICA4CiAgICAgICAxLjMuMy4gIFJlc291cmNlIE93bmVyIFBhc3N3b3JkIENyZWRl
bnRpYWxzICAuIC4gLiAuIC4gLiAuIC4gLiAgOQogICAgICAgMS4zLjQuICBDbGllbnQgQ3JlZGVu
dGlhbHMgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDkKICAgICAxLjQuICAg
QWNjZXNzIFRva2VuICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
ICA5CiAgICAgMS41LiAgIFJlZnJlc2ggVG9rZW4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAxMAogICAgIDEuNi4gICBUTFMgVmVyc2lvbiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMTIKICAgICAxLjcuICAgSFRUUCBSZWRp
cmVjdGlvbnMgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDEyCiAgICAg
MS44LiAgIEludGVyb3BlcmFiaWxpdHkgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAxMgogICAgIDEuOS4gICBOb3RhdGlvbmFsIENvbnZlbnRpb25zICAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMTMKICAgMi4gIENsaWVudCBSZWdpc3RyYXRpb24gIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDEzCiAgICAgMi4xLiAgIENs
aWVudCBUeXBlcyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAx
NAogICAgIDIuMi4gICBDbGllbnQgSWRlbnRpZmllciAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gMTUKICAgICAyLjMuICAgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDE1CiAgICAgICAyLjMuMS4gIENsaWVudCBQ
YXNzd29yZCAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAxNgogICAgICAg
Mi4zLjIuICBPdGhlciBBdXRoZW50aWNhdGlvbiBNZXRob2RzIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gMTcKICAgICAyLjQuICAgVW5yZWdpc3RlcmVkIENsaWVudHMgIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIDE3CiAgIDMuICBQcm90b2NvbCBFbmRwb2ludHMgLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAxNwogICAgIDMuMS4gICBBdXRo
b3JpemF0aW9uIEVuZHBvaW50ICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMTcK
ICAgICAgIDMuMS4xLiAgUmVzcG9uc2UgVHlwZSAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIDE4CiAgICAgICAzLjEuMi4gIFJlZGlyZWN0aW9uIEVuZHBvaW50IC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAxOQogICAgIDMuMi4gICBUb2tlbiBFbmRwb2lu
dCAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMjEKICAgICAgIDMu
Mi4xLiAgQ2xpZW50IEF1dGhlbnRpY2F0aW9uICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIDIxCiAgICAgMy4zLiAgIEFjY2VzcyBUb2tlbiBTY29wZSAgLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAyMgogICA0LiAgT2J0YWluaW5nIEF1dGhvcml6YXRpb24gIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMjMKICAgICA0LjEuICAgQXV0aG9y
aXphdGlvbiBDb2RlIEdyYW50ICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDIzCiAg
ICAgICA0LjEuMS4gIEF1dGhvcml6YXRpb24gUmVxdWVzdCAgLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAyNAogICAgICAgNC4xLjIuICBBdXRob3JpemF0aW9uIFJlc3BvbnNlIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMjUKICAgICAgIDQuMS4zLiAgQWNjZXNzIFRva2Vu
IFJlcXVlc3QgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDI3CiAgICAgICA0LjEu
NC4gIEFjY2VzcyBUb2tlbiBSZXNwb25zZSAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAyOAogICAgIDQuMi4gICBJbXBsaWNpdCBHcmFudCAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gMjkKICAgICAgIDQuMi4xLiAgQXV0aG9yaXphdGlvbiBSZXF1ZXN0
ICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDMxCiAgICAgICA0LjIuMi4gIEFjY2Vz
cyBUb2tlbiBSZXNwb25zZSAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAzMgogICAg
IDQuMy4gICBSZXNvdXJjZSBPd25lciBQYXNzd29yZCBDcmVkZW50aWFscyBHcmFudCAuIC4gLiAu
IC4gLiAuIC4gMzUKICAgICAgIDQuMy4xLiAgQXV0aG9yaXphdGlvbiBSZXF1ZXN0IGFuZCBSZXNw
b25zZSAuIC4gLiAuIC4gLiAuIC4gLiAuIDM2CgoKCkhhbW1lciwgZXQgYWwuICAgICAgICAgIEV4
cGlyZXMgTm92ZW1iZXIgMjUsIDIwMTIgICAgICAgICAgICAgICBbUGFnZSAyXQoMCkludGVybmV0
LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAgICAgICAgICAgICAgICAgICBN
YXkgMjAxMgoKCiAgICAgICA0LjMuMi4gIEFjY2VzcyBUb2tlbiBSZXF1ZXN0IC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAzNgogICAgICAgNC4zLjMuICBBY2Nlc3MgVG9rZW4gUmVz
cG9uc2UgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMzcKICAgICA0LjQuICAgQ2xp
ZW50IENyZWRlbnRpYWxzIEdyYW50ICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDM3
CiAgICAgICA0LjQuMS4gIEF1dGhvcml6YXRpb24gUmVxdWVzdCBhbmQgUmVzcG9uc2UgLiAuIC4g
LiAuIC4gLiAuIC4gLiAzOAogICAgICAgNC40LjIuICBBY2Nlc3MgVG9rZW4gUmVxdWVzdCAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMzgKICAgICAgIDQuNC4zLiAgQWNjZXNzIFRv
a2VuIFJlc3BvbnNlICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDM5CiAgICAgNC41
LiAgIEV4dGVuc2lvbiBHcmFudHMgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAzOQogICA1LiAgSXNzdWluZyBhbiBBY2Nlc3MgVG9rZW4gIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gNDAKICAgICA1LjEuICAgU3VjY2Vzc2Z1bCBSZXNwb25zZSAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDQwCiAgICAgNS4yLiAgIEVycm9y
IFJlc3BvbnNlICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiA0MQog
ICA2LiAgUmVmcmVzaGluZyBhbiBBY2Nlc3MgVG9rZW4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gNDMKICAgNy4gIEFjY2Vzc2luZyBQcm90ZWN0ZWQgUmVzb3VyY2VzICAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDQ0CiAgICAgNy4xLiAgIEFjY2VzcyBUb2tlbiBU
eXBlcyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiA0NQogICAgIDcuMi4g
ICBFcnJvciBSZXNwb25zZSAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gNDYKICAgOC4gIEV4dGVuc2liaWxpdHkgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIDQ2CiAgICAgOC4xLiAgIERlZmluaW5nIEFjY2VzcyBUb2tlbiBU
eXBlcyAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiA0NgogICAgIDguMi4gICBEZWZpbmlu
ZyBOZXcgRW5kcG9pbnQgUGFyYW1ldGVycyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gNDYKICAg
ICA4LjMuICAgRGVmaW5pbmcgTmV3IEF1dGhvcml6YXRpb24gR3JhbnQgVHlwZXMgIC4gLiAuIC4g
LiAuIC4gLiAuIDQ3CiAgICAgOC40LiAgIERlZmluaW5nIE5ldyBBdXRob3JpemF0aW9uIEVuZHBv
aW50IFJlc3BvbnNlIFR5cGVzICAuIC4gLiA0NwogICAgIDguNS4gICBEZWZpbmluZyBBZGRpdGlv
bmFsIEVycm9yIENvZGVzIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gNDcKICAgOS4gIE5hdGl2
ZSBBcHBsaWNhdGlvbnMgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IDQ4CiAgIDEwLiBTZWN1cml0eSBDb25zaWRlcmF0aW9ucyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiA0OQogICAgIDEwLjEuICBDbGllbnQgQXV0aGVudGljYXRpb24gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gNDkKICAgICAxMC4yLiAgQ2xpZW50IElt
cGVyc29uYXRpb24gIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDUwCiAgICAg
MTAuMy4gIEFjY2VzcyBUb2tlbnMgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiA1MQogICAgIDEwLjQuICBSZWZyZXNoIFRva2VucyAgLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gNTEKICAgICAxMC41LiAgQXV0aG9yaXphdGlvbiBDb2Rl
cyAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDUyCiAgICAgMTAuNi4gIEF1
dGhvcml6YXRpb24gQ29kZSBSZWRpcmVjdGlvbiBVUkkgTWFuaXB1bGF0aW9uIC4gLiAuIC4gLiA1
MgogICAgIDEwLjcuICBSZXNvdXJjZSBPd25lciBQYXNzd29yZCBDcmVkZW50aWFscyAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gNTMKICAgICAxMC44LiAgUmVxdWVzdCBDb25maWRlbnRpYWxpdHkgLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDU0CiAgICAgMTAuOS4gIEVuZHBvaW50cyBB
dXRoZW50aWNpdHkgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiA1NAogICAgIDEw
LjEwLiBDcmVkZW50aWFscyBHdWVzc2luZyBBdHRhY2tzICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gNTQKICAgICAxMC4xMS4gUGhpc2hpbmcgQXR0YWNrcyAgLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIDU0CiAgICAgMTAuMTIuIENyb3NzLVNpdGUgUmVxdWVzdCBG
b3JnZXJ5ICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiA1NQogICAgIDEwLjEzLiBDbGlj
a2phY2tpbmcgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gNTYK
ICAgICAxMC4xNC4gQ29kZSBJbmplY3Rpb24gYW5kIElucHV0IFZhbGlkYXRpb24gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIDU2CiAgICAgMTAuMTUuIE9wZW4gUmVkaXJlY3RvcnMgIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiA1NgogICAxMS4gSUFOQSBDb25zaWRlcmF0aW9u
cyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gNTcKICAgICAxMS4x
LiAgVGhlIE9BdXRoIEFjY2VzcyBUb2tlbiBUeXBlIFJlZ2lzdHJ5ICAuIC4gLiAuIC4gLiAuIC4g
LiAuIDU3CiAgICAgICAxMS4xLjEuIFJlZ2lzdHJhdGlvbiBUZW1wbGF0ZSAgLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiA1NwogICAgIDExLjIuICBUaGUgT0F1dGggUGFyYW1ldGVycyBS
ZWdpc3RyeSAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gNTgKICAgICAgIDExLjIuMS4gUmVn
aXN0cmF0aW9uIFRlbXBsYXRlICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDU4CiAg
ICAgICAxMS4yLjIuIEluaXRpYWwgUmVnaXN0cnkgQ29udGVudHMgIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiA1OQogICAgIDExLjMuICBUaGUgT0F1dGggQXV0aG9yaXphdGlvbiBFbmRwb2lu
dCBSZXNwb25zZSBUeXBlCiAgICAgICAgICAgIFJlZ2lzdHJ5ICAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiA2MQogICAgICAgMTEuMy4xLiBSZWdpc3RyYXRp
b24gVGVtcGxhdGUgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gNjEKICAgICAgIDEx
LjMuMi4gSW5pdGlhbCBSZWdpc3RyeSBDb250ZW50cyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIDYyCiAgICAgMTEuNC4gIFRoZSBPQXV0aCBFeHRlbnNpb25zIEVycm9yIFJlZ2lzdHJ5IC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiA2MgoKCgpIYW1tZXIsIGV0IGFsLiAgICAgICAgICBFeHBpcmVz
IE5vdmVtYmVyIDI1LCAyMDEyICAgICAgICAgICAgICAgW1BhZ2UgM10KDApJbnRlcm5ldC1EcmFm
dCAgICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICAgTWF5IDIw
MTIKCgogICAgICAgMTEuNC4xLiBSZWdpc3RyYXRpb24gVGVtcGxhdGUgIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gNjMKICAgMTIuIFJlZmVyZW5jZXMgLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDYzCiAgICAgMTIuMS4gIE5vcm1hdGl2
ZSBSZWZlcmVuY2VzICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiA2MwogICAg
IDEyLjIuICBJbmZvcm1hdGl2ZSBSZWZlcmVuY2VzICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gNjQKICAgQXBwZW5kaXggQS4gIEFja25vd2xlZGdlbWVudHMgIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDY1CiAgIEFwcGVuZGl4IEIuICBFZGl0b3IncyBOb3Rl
cyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiA2NgogICBBdXRob3JzJyBB
ZGRyZXNzZXMgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
NjYKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgpIYW1tZXIsIGV0
IGFsLiAgICAgICAgICBFeHBpcmVzIE5vdmVtYmVyIDI1LCAyMDEyICAgICAgICAgICAgICAgW1Bh
Z2UgNF0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAg
ICAgICAgICAgICAgICAgTWF5IDIwMTIKCgoxLiAgSW50cm9kdWN0aW9uCgogICBJbiB0aGUgdHJh
ZGl0aW9uYWwgY2xpZW50LXNlcnZlciBhdXRoZW50aWNhdGlvbiBtb2RlbCwgdGhlIGNsaWVudAog
ICByZXF1ZXN0cyBhbiBhY2Nlc3MgcmVzdHJpY3RlZCByZXNvdXJjZSAocHJvdGVjdGVkIHJlc291
cmNlKSBvbiB0aGUKICAgc2VydmVyIGJ5IGF1dGhlbnRpY2F0aW5nIHdpdGggdGhlIHNlcnZlciB1
c2luZyB0aGUgcmVzb3VyY2Ugb3duZXIncwogICBjcmVkZW50aWFscy4gIEluIG9yZGVyIHRvIHBy
b3ZpZGUgdGhpcmQtcGFydHkgYXBwbGljYXRpb25zIGFjY2VzcyB0bwogICByZXN0cmljdGVkIHJl
c291cmNlcywgdGhlIHJlc291cmNlIG93bmVyIHNoYXJlcyBpdHMgY3JlZGVudGlhbHMgd2l0aAog
ICB0aGUgdGhpcmQtcGFydHkuICBUaGlzIGNyZWF0ZXMgc2V2ZXJhbCBwcm9ibGVtcyBhbmQgbGlt
aXRhdGlvbnM6CgogICBvICBUaGlyZC1wYXJ0eSBhcHBsaWNhdGlvbnMgYXJlIHJlcXVpcmVkIHRv
IHN0b3JlIHRoZSByZXNvdXJjZQogICAgICBvd25lcidzIGNyZWRlbnRpYWxzIGZvciBmdXR1cmUg
dXNlLCB0eXBpY2FsbHkgYSBwYXNzd29yZCBpbiBjbGVhci0KICAgICAgdGV4dC4KICAgbyAgU2Vy
dmVycyBhcmUgcmVxdWlyZWQgdG8gc3VwcG9ydCBwYXNzd29yZCBhdXRoZW50aWNhdGlvbiwgZGVz
cGl0ZQogICAgICB0aGUgc2VjdXJpdHkgd2Vha25lc3NlcyBpbmhlcmVudCBpbiBwYXNzd29yZHMu
CiAgIG8gIFRoaXJkLXBhcnR5IGFwcGxpY2F0aW9ucyBnYWluIG92ZXJseSBicm9hZCBhY2Nlc3Mg
dG8gdGhlIHJlc291cmNlCiAgICAgIG93bmVyJ3MgcHJvdGVjdGVkIHJlc291cmNlcywgbGVhdmlu
ZyByZXNvdXJjZSBvd25lcnMgd2l0aG91dCBhbnkKICAgICAgYWJpbGl0eSB0byByZXN0cmljdCBk
dXJhdGlvbiBvciBhY2Nlc3MgdG8gYSBsaW1pdGVkIHN1YnNldCBvZgogICAgICByZXNvdXJjZXMu
CiAgIG8gIFJlc291cmNlIG93bmVycyBjYW5ub3QgcmV2b2tlIGFjY2VzcyB0byBhbiBpbmRpdmlk
dWFsIHRoaXJkLXBhcnR5CiAgICAgIHdpdGhvdXQgcmV2b2tpbmcgYWNjZXNzIHRvIGFsbCB0aGly
ZC1wYXJ0aWVzLCBhbmQgbXVzdCBkbyBzbyBieQogICAgICBjaGFuZ2luZyB0aGVpciBwYXNzd29y
ZC4KICAgbyAgQ29tcHJvbWlzZSBvZiBhbnkgdGhpcmQtcGFydHkgYXBwbGljYXRpb24gcmVzdWx0
cyBpbiBjb21wcm9taXNlIG9mCiAgICAgIHRoZSBlbmQtdXNlcidzIHBhc3N3b3JkIGFuZCBhbGwg
b2YgdGhlIGRhdGEgcHJvdGVjdGVkIGJ5IHRoYXQKICAgICAgcGFzc3dvcmQuCgogICBPQXV0aCBh
ZGRyZXNzZXMgdGhlc2UgaXNzdWVzIGJ5IGludHJvZHVjaW5nIGFuIGF1dGhvcml6YXRpb24gbGF5
ZXIKICAgYW5kIHNlcGFyYXRpbmcgdGhlIHJvbGUgb2YgdGhlIGNsaWVudCBmcm9tIHRoYXQgb2Yg
dGhlIHJlc291cmNlCiAgIG93bmVyLiAgSW4gT0F1dGgsIHRoZSBjbGllbnQgcmVxdWVzdHMgYWNj
ZXNzIHRvIHJlc291cmNlcyBjb250cm9sbGVkCiAgIGJ5IHRoZSByZXNvdXJjZSBvd25lciBhbmQg
aG9zdGVkIGJ5IHRoZSByZXNvdXJjZSBzZXJ2ZXIsIGFuZCBpcwogICBpc3N1ZWQgYSBkaWZmZXJl
bnQgc2V0IG9mIGNyZWRlbnRpYWxzIHRoYW4gdGhvc2Ugb2YgdGhlIHJlc291cmNlCiAgIG93bmVy
LgoKICAgSW5zdGVhZCBvZiB1c2luZyB0aGUgcmVzb3VyY2Ugb3duZXIncyBjcmVkZW50aWFscyB0
byBhY2Nlc3MgcHJvdGVjdGVkCiAgIHJlc291cmNlcywgdGhlIGNsaWVudCBvYnRhaW5zIGFuIGFj
Y2VzcyB0b2tlbiAtIGEgc3RyaW5nIGRlbm90aW5nIGEKICAgc3BlY2lmaWMgc2NvcGUsIGxpZmV0
aW1lLCBhbmQgb3RoZXIgYWNjZXNzIGF0dHJpYnV0ZXMuICBBY2Nlc3MgdG9rZW5zCiAgIGFyZSBp
c3N1ZWQgdG8gdGhpcmQtcGFydHkgY2xpZW50cyBieSBhbiBhdXRob3JpemF0aW9uIHNlcnZlciB3
aXRoIHRoZQogICBhcHByb3ZhbCBvZiB0aGUgcmVzb3VyY2Ugb3duZXIuICBUaGUgY2xpZW50IHVz
ZXMgdGhlIGFjY2VzcyB0b2tlbiB0bwogICBhY2Nlc3MgdGhlIHByb3RlY3RlZCByZXNvdXJjZXMg
aG9zdGVkIGJ5IHRoZSByZXNvdXJjZSBzZXJ2ZXIuCgogICBGb3IgZXhhbXBsZSwgYW4gZW5kLXVz
ZXIgKHJlc291cmNlIG93bmVyKSBjYW4gZ3JhbnQgYSBwcmludGluZwogICBzZXJ2aWNlIChjbGll
bnQpIGFjY2VzcyB0byBoZXIgcHJvdGVjdGVkIHBob3RvcyBzdG9yZWQgYXQgYSBwaG90bwogICBz
aGFyaW5nIHNlcnZpY2UgKHJlc291cmNlIHNlcnZlciksIHdpdGhvdXQgc2hhcmluZyBoZXIgdXNl
cm5hbWUgYW5kCiAgIHBhc3N3b3JkIHdpdGggdGhlIHByaW50aW5nIHNlcnZpY2UuICBJbnN0ZWFk
LCBzaGUgYXV0aGVudGljYXRlcwogICBkaXJlY3RseSB3aXRoIGEgc2VydmVyIHRydXN0ZWQgYnkg
dGhlIHBob3RvIHNoYXJpbmcgc2VydmljZQogICAoYXV0aG9yaXphdGlvbiBzZXJ2ZXIpIHdoaWNo
IGlzc3VlcyB0aGUgcHJpbnRpbmcgc2VydmljZSBkZWxlZ2F0aW9uLQogICBzcGVjaWZpYyBjcmVk
ZW50aWFscyAoYWNjZXNzIHRva2VuKS4KCiAgIFRoaXMgc3BlY2lmaWNhdGlvbiBpcyBkZXNpZ25l
ZCBmb3IgdXNlIHdpdGggSFRUUCAoW1JGQzI2MTZdKS4gIFRoZQoKCgpIYW1tZXIsIGV0IGFsLiAg
ICAgICAgICBFeHBpcmVzIE5vdmVtYmVyIDI1LCAyMDEyICAgICAgICAgICAgICAgW1BhZ2UgNV0K
DApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAg
ICAgICAgICAgTWF5IDIwMTIKCgogICB1c2Ugb2YgT0F1dGggb3ZlciBhbnkgb3RoZXIgcHJvdG9j
b2wgdGhhbiBIVFRQIGlzIG91dCBvZiBzY29wZS4KCiAgIFRoZSBPQXV0aCAxLjAgcHJvdG9jb2wg
KFtSRkM1ODQ5XSksIHB1Ymxpc2hlZCBhcyBhbiBpbmZvcm1hdGlvbmFsCiAgIGRvY3VtZW50LCB3
YXMgdGhlIHJlc3VsdCBvZiBhIHNtYWxsIGFkLWhvYyBjb21tdW5pdHkgZWZmb3J0LiAgVGhpcwog
ICBzdGFuZGFyZHMtdHJhY2sgc3BlY2lmaWNhdGlvbiBidWlsZHMgb24gdGhlIE9BdXRoIDEuMCBk
ZXBsb3ltZW50CiAgIGV4cGVyaWVuY2UsIGFzIHdlbGwgYXMgYWRkaXRpb25hbCB1c2UgY2FzZXMg
YW5kIGV4dGVuc2liaWxpdHkKICAgcmVxdWlyZW1lbnRzIGdhdGhlcmVkIGZyb20gdGhlIHdpZGVy
IElFVEYgY29tbXVuaXR5LiAgVGhlIE9BdXRoIDIuMAogICBwcm90b2NvbCBpcyBub3QgYmFja3dh
cmQgY29tcGF0aWJsZSB3aXRoIE9BdXRoIDEuMC4gIFRoZSB0d28gdmVyc2lvbnMKICAgbWF5IGNv
LWV4aXN0IG9uIHRoZSBuZXR3b3JrIGFuZCBpbXBsZW1lbnRhdGlvbnMgbWF5IGNob29zZSB0byBz
dXBwb3J0CiAgIGJvdGguICBIb3dldmVyLCBpdCBpcyB0aGUgaW50ZW50aW9uIG9mIHRoaXMgc3Bl
Y2lmaWNhdGlvbiB0aGF0IG5ldwogICBpbXBsZW1lbnRhdGlvbiBzdXBwb3J0IE9BdXRoIDIuMCBh
cyBzcGVjaWZpZWQgaW4gdGhpcyBkb2N1bWVudCwgYW5kCiAgIHRoYXQgT0F1dGggMS4wIGlzIHVz
ZWQgb25seSB0byBzdXBwb3J0IGV4aXN0aW5nIGRlcGxveW1lbnRzLiAgVGhlCiAgIE9BdXRoIDIu
MCBwcm90b2NvbCBzaGFyZXMgdmVyeSBmZXcgaW1wbGVtZW50YXRpb24gZGV0YWlscyB3aXRoIHRo
ZQogICBPQXV0aCAxLjAgcHJvdG9jb2wuICBJbXBsZW1lbnRlcnMgZmFtaWxpYXIgd2l0aCBPQXV0
aCAxLjAgc2hvdWxkCiAgIGFwcHJvYWNoIHRoaXMgZG9jdW1lbnQgd2l0aG91dCBhbnkgYXNzdW1w
dGlvbnMgYXMgdG8gaXRzIHN0cnVjdHVyZQogICBhbmQgZGV0YWlscy4KCjEuMS4gIFJvbGVzCgog
ICBPQXV0aCBkZWZpbmVzIGZvdXIgcm9sZXM6CgogICByZXNvdXJjZSBvd25lcgogICAgICBBbiBl
bnRpdHkgY2FwYWJsZSBvZiBncmFudGluZyBhY2Nlc3MgdG8gYSBwcm90ZWN0ZWQgcmVzb3VyY2Uu
CiAgICAgIFdoZW4gdGhlIHJlc291cmNlIG93bmVyIGlzIGEgcGVyc29uLCBpdCBpcyByZWZlcnJl
ZCB0byBhcyBhbiBlbmQtCiAgICAgIHVzZXIuCiAgIHJlc291cmNlIHNlcnZlcgogICAgICBUaGUg
c2VydmVyIGhvc3RpbmcgdGhlIHByb3RlY3RlZCByZXNvdXJjZXMsIGNhcGFibGUgb2YgYWNjZXB0
aW5nCiAgICAgIGFuZCByZXNwb25kaW5nIHRvIHByb3RlY3RlZCByZXNvdXJjZSByZXF1ZXN0cyB1
c2luZyBhY2Nlc3MgdG9rZW5zLgogICBjbGllbnQKICAgICAgQW4gYXBwbGljYXRpb24gbWFraW5n
IHByb3RlY3RlZCByZXNvdXJjZSByZXF1ZXN0cyBvbiBiZWhhbGYgb2YgdGhlCiAgICAgIHJlc291
cmNlIG93bmVyIGFuZCB3aXRoIGl0cyBhdXRob3JpemF0aW9uLiAgVGhlIHRlcm0gY2xpZW50IGRv
ZXMKICAgICAgbm90IGltcGx5IGFueSBwYXJ0aWN1bGFyIGltcGxlbWVudGF0aW9uIGNoYXJhY3Rl
cmlzdGljcyAoZS5nLgogICAgICB3aGV0aGVyIHRoZSBhcHBsaWNhdGlvbiBleGVjdXRlcyBvbiBh
IHNlcnZlciwgYSBkZXNrdG9wLCBvciBvdGhlcgogICAgICBkZXZpY2VzKS4KICAgYXV0aG9yaXph
dGlvbiBzZXJ2ZXIKICAgICAgVGhlIHNlcnZlciBpc3N1aW5nIGFjY2VzcyB0b2tlbnMgdG8gdGhl
IGNsaWVudCBhZnRlciBzdWNjZXNzZnVsbHkKICAgICAgYXV0aGVudGljYXRpbmcgdGhlIHJlc291
cmNlIG93bmVyIGFuZCBvYnRhaW5pbmcgYXV0aG9yaXphdGlvbi4KCiAgIFRoZSBpbnRlcmFjdGlv
biBiZXR3ZWVuIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhbmQgcmVzb3VyY2Ugc2VydmVyCiAg
IGlzIGJleW9uZCB0aGUgc2NvcGUgb2YgdGhpcyBzcGVjaWZpY2F0aW9uLiAgVGhlIGF1dGhvcml6
YXRpb24gc2VydmVyCiAgIG1heSBiZSB0aGUgc2FtZSBzZXJ2ZXIgYXMgdGhlIHJlc291cmNlIHNl
cnZlciBvciBhIHNlcGFyYXRlIGVudGl0eS4KICAgQSBzaW5nbGUgYXV0aG9yaXphdGlvbiBzZXJ2
ZXIgbWF5IGlzc3VlIGFjY2VzcyB0b2tlbnMgYWNjZXB0ZWQgYnkKICAgbXVsdGlwbGUgcmVzb3Vy
Y2Ugc2VydmVycy4KCgoKCgoKCgpIYW1tZXIsIGV0IGFsLiAgICAgICAgICBFeHBpcmVzIE5vdmVt
YmVyIDI1LCAyMDEyICAgICAgICAgICAgICAgW1BhZ2UgNl0KDApJbnRlcm5ldC1EcmFmdCAgICAg
ICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICAgTWF5IDIwMTIKCgox
LjIuICBQcm90b2NvbCBGbG93CgoKICAgICArLS0tLS0tLS0rICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICstLS0tLS0tLS0tLS0tLS0rCiAgICAgfCAgICAgICAgfC0tKEEpLSBBdXRob3Jp
emF0aW9uIFJlcXVlc3QgLT58ICAgUmVzb3VyY2UgICAgfAogICAgIHwgICAgICAgIHwgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgfCAgICAgT3duZXIgICAgIHwKICAgICB8ICAgICAgICB8
PC0oQiktLSBBdXRob3JpemF0aW9uIEdyYW50IC0tLXwgICAgICAgICAgICAgICB8CiAgICAgfCAg
ICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tKwog
ICAgIHwgICAgICAgIHwKICAgICB8ICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICstLS0tLS0tLS0tLS0tLS0rCiAgICAgfCAgICAgICAgfC0tKEMpLS0gQXV0aG9yaXphdGlv
biBHcmFudCAtLT58IEF1dGhvcml6YXRpb24gfAogICAgIHwgQ2xpZW50IHwgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgfCAgICAgU2VydmVyICAgIHwKICAgICB8ICAgICAgICB8PC0oRCkt
LS0tLSBBY2Nlc3MgVG9rZW4gLS0tLS0tLXwgICAgICAgICAgICAgICB8CiAgICAgfCAgICAgICAg
fCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tKwogICAgIHwg
ICAgICAgIHwKICAgICB8ICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICst
LS0tLS0tLS0tLS0tLS0rCiAgICAgfCAgICAgICAgfC0tKEUpLS0tLS0gQWNjZXNzIFRva2VuIC0t
LS0tLT58ICAgIFJlc291cmNlICAgfAogICAgIHwgICAgICAgIHwgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgfCAgICAgU2VydmVyICAgIHwKICAgICB8ICAgICAgICB8PC0oRiktLS0gUHJv
dGVjdGVkIFJlc291cmNlIC0tLXwgICAgICAgICAgICAgICB8CiAgICAgKy0tLS0tLS0tKyAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tKwoKCiAgICAgICAgICAg
ICAgICAgICAgIEZpZ3VyZSAxOiBBYnN0cmFjdCBQcm90b2NvbCBGbG93CgogICBUaGUgYWJzdHJh
Y3QgZmxvdyBpbGx1c3RyYXRlZCBpbiBGaWd1cmUgMSBkZXNjcmliZXMgdGhlIGludGVyYWN0aW9u
CiAgIGJldHdlZW4gdGhlIGZvdXIgcm9sZXMgYW5kIGluY2x1ZGVzIHRoZSBmb2xsb3dpbmcgc3Rl
cHM6CgogICAoQSkgIFRoZSBjbGllbnQgcmVxdWVzdHMgYXV0aG9yaXphdGlvbiBmcm9tIHRoZSBy
ZXNvdXJjZSBvd25lci4gIFRoZQogICAgICAgIGF1dGhvcml6YXRpb24gcmVxdWVzdCBjYW4gYmUg
bWFkZSBkaXJlY3RseSB0byB0aGUgcmVzb3VyY2Ugb3duZXIKICAgICAgICAoYXMgc2hvd24pLCBv
ciBwcmVmZXJhYmx5IGluZGlyZWN0bHkgdmlhIHRoZSBhdXRob3JpemF0aW9uCiAgICAgICAgc2Vy
dmVyIGFzIGFuIGludGVybWVkaWFyeS4KICAgKEIpICBUaGUgY2xpZW50IHJlY2VpdmVzIGFuIGF1
dGhvcml6YXRpb24gZ3JhbnQgd2hpY2ggaXMgYSBjcmVkZW50aWFsCiAgICAgICAgcmVwcmVzZW50
aW5nIHRoZSByZXNvdXJjZSBvd25lcidzIGF1dGhvcml6YXRpb24sIGV4cHJlc3NlZCB1c2luZwog
ICAgICAgIG9uZSBvZiBmb3VyIGdyYW50IHR5cGVzIGRlZmluZWQgaW4gdGhpcyBzcGVjaWZpY2F0
aW9uIG9yIHVzaW5nCiAgICAgICAgYW4gZXh0ZW5zaW9uIGdyYW50IHR5cGUuICBUaGUgYXV0aG9y
aXphdGlvbiBncmFudCB0eXBlIGRlcGVuZHMKICAgICAgICBvbiB0aGUgbWV0aG9kIHVzZWQgYnkg
dGhlIGNsaWVudCB0byByZXF1ZXN0IGF1dGhvcml6YXRpb24gYW5kCiAgICAgICAgdGhlIHR5cGVz
IHN1cHBvcnRlZCBieSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuCiAgIChDKSAgVGhlIGNsaWVu
dCByZXF1ZXN0cyBhbiBhY2Nlc3MgdG9rZW4gYnkgYXV0aGVudGljYXRpbmcgd2l0aCB0aGUKICAg
ICAgICBhdXRob3JpemF0aW9uIHNlcnZlciBhbmQgcHJlc2VudGluZyB0aGUgYXV0aG9yaXphdGlv
biBncmFudC4KICAgKEQpICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXV0aGVudGljYXRlcyB0
aGUgY2xpZW50IGFuZCB2YWxpZGF0ZXMKICAgICAgICB0aGUgYXV0aG9yaXphdGlvbiBncmFudCwg
YW5kIGlmIHZhbGlkIGlzc3VlcyBhbiBhY2Nlc3MgdG9rZW4uCiAgIChFKSAgVGhlIGNsaWVudCBy
ZXF1ZXN0cyB0aGUgcHJvdGVjdGVkIHJlc291cmNlIGZyb20gdGhlIHJlc291cmNlCiAgICAgICAg
c2VydmVyIGFuZCBhdXRoZW50aWNhdGVzIGJ5IHByZXNlbnRpbmcgdGhlIGFjY2VzcyB0b2tlbi4K
ICAgKEYpICBUaGUgcmVzb3VyY2Ugc2VydmVyIHZhbGlkYXRlcyB0aGUgYWNjZXNzIHRva2VuLCBh
bmQgaWYgdmFsaWQsCiAgICAgICAgc2VydmVzIHRoZSByZXF1ZXN0LgoKICAgVGhlIHByZWZlcnJl
ZCBtZXRob2QgZm9yIHRoZSBjbGllbnQgdG8gb2J0YWluIGFuIGF1dGhvcml6YXRpb24gZ3JhbnQK
ICAgZnJvbSB0aGUgcmVzb3VyY2Ugb3duZXIgKGRlcGljdGVkIGluIHN0ZXBzIChBKSBhbmQgKEIp
KSBpcyB0byB1c2UgdGhlCgoKCkhhbW1lciwgZXQgYWwuICAgICAgICAgIEV4cGlyZXMgTm92ZW1i
ZXIgMjUsIDIwMTIgICAgICAgICAgICAgICBbUGFnZSA3XQoMCkludGVybmV0LURyYWZ0ICAgICAg
ICAgICAgICAgICAgT0F1dGggMi4wICAgICAgICAgICAgICAgICAgICAgICBNYXkgMjAxMgoKCiAg
IGF1dGhvcml6YXRpb24gc2VydmVyIGFzIGFuIGludGVybWVkaWFyeSB3aGljaCBpcyBpbGx1c3Ry
YXRlZCBpbgogICBGaWd1cmUgMy4KCjEuMy4gIEF1dGhvcml6YXRpb24gR3JhbnQKCiAgIEFuIGF1
dGhvcml6YXRpb24gZ3JhbnQgaXMgYSBjcmVkZW50aWFsIHJlcHJlc2VudGluZyB0aGUgcmVzb3Vy
Y2UKICAgb3duZXIncyBhdXRob3JpemF0aW9uICh0byBhY2Nlc3MgaXRzIHByb3RlY3RlZCByZXNv
dXJjZXMpIHVzZWQgYnkgdGhlCiAgIGNsaWVudCB0byBvYnRhaW4gYW4gYWNjZXNzIHRva2VuLiAg
VGhpcyBzcGVjaWZpY2F0aW9uIGRlZmluZXMgZm91cgogICBncmFudCB0eXBlczogYXV0aG9yaXph
dGlvbiBjb2RlLCBpbXBsaWNpdCwgcmVzb3VyY2Ugb3duZXIgcGFzc3dvcmQKICAgY3JlZGVudGlh
bHMsIGFuZCBjbGllbnQgY3JlZGVudGlhbHMsIGFzIHdlbGwgYXMgYW4gZXh0ZW5zaWJpbGl0eQog
ICBtZWNoYW5pc20gZm9yIGRlZmluaW5nIGFkZGl0aW9uYWwgdHlwZXMuCgoxLjMuMS4gIEF1dGhv
cml6YXRpb24gQ29kZQoKICAgVGhlIGF1dGhvcml6YXRpb24gY29kZSBpcyBvYnRhaW5lZCBieSB1
c2luZyBhbiBhdXRob3JpemF0aW9uIHNlcnZlcgogICBhcyBhbiBpbnRlcm1lZGlhcnkgYmV0d2Vl
biB0aGUgY2xpZW50IGFuZCByZXNvdXJjZSBvd25lci4gIEluc3RlYWQgb2YKICAgcmVxdWVzdGlu
ZyBhdXRob3JpemF0aW9uIGRpcmVjdGx5IGZyb20gdGhlIHJlc291cmNlIG93bmVyLCB0aGUgY2xp
ZW50CiAgIGRpcmVjdHMgdGhlIHJlc291cmNlIG93bmVyIHRvIGFuIGF1dGhvcml6YXRpb24gc2Vy
dmVyICh2aWEgaXRzIHVzZXItCiAgIGFnZW50IGFzIGRlZmluZWQgaW4gW1JGQzI2MTZdKSwgd2hp
Y2ggaW4gdHVybiBkaXJlY3RzIHRoZSByZXNvdXJjZQogICBvd25lciBiYWNrIHRvIHRoZSBjbGll
bnQgd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBjb2RlLgoKICAgQmVmb3JlIGRpcmVjdGluZyB0aGUg
cmVzb3VyY2Ugb3duZXIgYmFjayB0byB0aGUgY2xpZW50IHdpdGggdGhlCiAgIGF1dGhvcml6YXRp
b24gY29kZSwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGF1dGhlbnRpY2F0ZXMgdGhlCiAgIHJl
c291cmNlIG93bmVyIGFuZCBvYnRhaW5zIGF1dGhvcml6YXRpb24uICBCZWNhdXNlIHRoZSByZXNv
dXJjZSBvd25lcgogICBvbmx5IGF1dGhlbnRpY2F0ZXMgd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBz
ZXJ2ZXIsIHRoZSByZXNvdXJjZQogICBvd25lcidzIGNyZWRlbnRpYWxzIGFyZSBuZXZlciBzaGFy
ZWQgd2l0aCB0aGUgY2xpZW50LgoKICAgVGhlIGF1dGhvcml6YXRpb24gY29kZSBwcm92aWRlcyBh
IGZldyBpbXBvcnRhbnQgc2VjdXJpdHkgYmVuZWZpdHMKICAgc3VjaCBhcyB0aGUgYWJpbGl0eSB0
byBhdXRoZW50aWNhdGUgdGhlIGNsaWVudCwgYW5kIHRoZSB0cmFuc21pc3Npb24KICAgb2YgdGhl
IGFjY2VzcyB0b2tlbiBkaXJlY3RseSB0byB0aGUgY2xpZW50IHdpdGhvdXQgcGFzc2luZyBpdCB0
aHJvdWdoCiAgIHRoZSByZXNvdXJjZSBvd25lcidzIHVzZXItYWdlbnQsIHBvdGVudGlhbGx5IGV4
cG9zaW5nIGl0IHRvIG90aGVycywKICAgaW5jbHVkaW5nIHRoZSByZXNvdXJjZSBvd25lci4KCjEu
My4yLiAgSW1wbGljaXQKCiAgIFRoZSBpbXBsaWNpdCBncmFudCBpcyBhIHNpbXBsaWZpZWQgYXV0
aG9yaXphdGlvbiBjb2RlIGZsb3cgb3B0aW1pemVkCiAgIGZvciBjbGllbnRzIGltcGxlbWVudGVk
IGluIGEgYnJvd3NlciB1c2luZyBhIHNjcmlwdGluZyBsYW5ndWFnZSBzdWNoCiAgIGFzIEphdmFT
Y3JpcHQuICBJbiB0aGUgaW1wbGljaXQgZmxvdywgaW5zdGVhZCBvZiBpc3N1aW5nIHRoZSBjbGll
bnQKICAgYW4gYXV0aG9yaXphdGlvbiBjb2RlLCB0aGUgY2xpZW50IGlzIGlzc3VlZCBhbiBhY2Nl
c3MgdG9rZW4gZGlyZWN0bHkKICAgKGFzIHRoZSByZXN1bHQgb2YgdGhlIHJlc291cmNlIG93bmVy
IGF1dGhvcml6YXRpb24pLiAgVGhlIGdyYW50IHR5cGUKICAgaXMgaW1wbGljaXQgYXMgbm8gaW50
ZXJtZWRpYXRlIGNyZWRlbnRpYWxzIChzdWNoIGFzIGFuIGF1dGhvcml6YXRpb24KICAgY29kZSkg
YXJlIGlzc3VlZCAoYW5kIGxhdGVyIHVzZWQgdG8gb2J0YWluIGFuIGFjY2VzcyB0b2tlbikuCgog
ICBXaGVuIGlzc3VpbmcgYW4gYWNjZXNzIHRva2VuIGR1cmluZyB0aGUgaW1wbGljaXQgZ3JhbnQg
ZmxvdywgdGhlCiAgIGF1dGhvcml6YXRpb24gc2VydmVyIGRvZXMgbm90IGF1dGhlbnRpY2F0ZSB0
aGUgY2xpZW50LiAgSW4gc29tZQogICBjYXNlcywgdGhlIGNsaWVudCBpZGVudGl0eSBjYW4gYmUg
dmVyaWZpZWQgdmlhIHRoZSByZWRpcmVjdGlvbiBVUkkKICAgdXNlZCB0byBkZWxpdmVyIHRoZSBh
Y2Nlc3MgdG9rZW4gdG8gdGhlIGNsaWVudC4gIFRoZSBhY2Nlc3MgdG9rZW4gbWF5CiAgIGJlIGV4
cG9zZWQgdG8gdGhlIHJlc291cmNlIG93bmVyIG9yIG90aGVyIGFwcGxpY2F0aW9ucyB3aXRoIGFj
Y2VzcyB0bwoKCgpIYW1tZXIsIGV0IGFsLiAgICAgICAgICBFeHBpcmVzIE5vdmVtYmVyIDI1LCAy
MDEyICAgICAgICAgICAgICAgW1BhZ2UgOF0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAg
ICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICAgTWF5IDIwMTIKCgogICB0aGUgcmVz
b3VyY2Ugb3duZXIncyB1c2VyLWFnZW50LgoKICAgSW1wbGljaXQgZ3JhbnRzIGltcHJvdmUgdGhl
IHJlc3BvbnNpdmVuZXNzIGFuZCBlZmZpY2llbmN5IG9mIHNvbWUKICAgY2xpZW50cyAoc3VjaCBh
cyBhIGNsaWVudCBpbXBsZW1lbnRlZCBhcyBhbiBpbi1icm93c2VyIGFwcGxpY2F0aW9uKQogICBz
aW5jZSBpdCByZWR1Y2VzIHRoZSBudW1iZXIgb2Ygcm91bmQgdHJpcHMgcmVxdWlyZWQgdG8gb2J0
YWluIGFuCiAgIGFjY2VzcyB0b2tlbi4gIEhvd2V2ZXIsIHRoaXMgY29udmVuaWVuY2Ugc2hvdWxk
IGJlIHdlaWdoZWQgYWdhaW5zdAogICB0aGUgc2VjdXJpdHkgaW1wbGljYXRpb25zIG9mIHVzaW5n
IGltcGxpY2l0IGdyYW50cywgZXNwZWNpYWxseSB3aGVuCiAgIHRoZSBhdXRob3JpemF0aW9uIGNv
ZGUgZ3JhbnQgdHlwZSBpcyBhdmFpbGFibGUuCgoxLjMuMy4gIFJlc291cmNlIE93bmVyIFBhc3N3
b3JkIENyZWRlbnRpYWxzCgogICBUaGUgcmVzb3VyY2Ugb3duZXIgcGFzc3dvcmQgY3JlZGVudGlh
bHMgKGkuZS4gdXNlcm5hbWUgYW5kIHBhc3N3b3JkKQogICBjYW4gYmUgdXNlZCBkaXJlY3RseSBh
cyBhbiBhdXRob3JpemF0aW9uIGdyYW50IHRvIG9idGFpbiBhbiBhY2Nlc3MKICAgdG9rZW4uICBU
aGUgY3JlZGVudGlhbHMgc2hvdWxkIG9ubHkgYmUgdXNlZCB3aGVuIHRoZXJlIGlzIGEgaGlnaAog
ICBkZWdyZWUgb2YgdHJ1c3QgYmV0d2VlbiB0aGUgcmVzb3VyY2Ugb3duZXIgYW5kIHRoZSBjbGll
bnQgKGUuZy4gdGhlCiAgIGNsaWVudCBpcyBwYXJ0IG9mIHRoZSBkZXZpY2Ugb3BlcmF0aW5nIHN5
c3RlbSBvciBhIGhpZ2hseSBwcml2aWxlZ2VkCiAgIGFwcGxpY2F0aW9uKSwgYW5kIHdoZW4gb3Ro
ZXIgYXV0aG9yaXphdGlvbiBncmFudCB0eXBlcyBhcmUgbm90CiAgIGF2YWlsYWJsZSAoc3VjaCBh
cyBhbiBhdXRob3JpemF0aW9uIGNvZGUpLgoKICAgRXZlbiB0aG91Z2ggdGhpcyBncmFudCB0eXBl
IHJlcXVpcmVzIGRpcmVjdCBjbGllbnQgYWNjZXNzIHRvIHRoZQogICByZXNvdXJjZSBvd25lciBj
cmVkZW50aWFscywgdGhlIHJlc291cmNlIG93bmVyIGNyZWRlbnRpYWxzIGFyZSB1c2VkCiAgIGZv
ciBhIHNpbmdsZSByZXF1ZXN0IGFuZCBhcmUgZXhjaGFuZ2VkIGZvciBhbiBhY2Nlc3MgdG9rZW4u
ICBUaGlzCiAgIGdyYW50IHR5cGUgY2FuIGVsaW1pbmF0ZSB0aGUgbmVlZCBmb3IgdGhlIGNsaWVu
dCB0byBzdG9yZSB0aGUKICAgcmVzb3VyY2Ugb3duZXIgY3JlZGVudGlhbHMgZm9yIGZ1dHVyZSB1
c2UsIGJ5IGV4Y2hhbmdpbmcgdGhlCiAgIGNyZWRlbnRpYWxzIHdpdGggYSBsb25nLWxpdmVkIGFj
Y2VzcyB0b2tlbiBvciByZWZyZXNoIHRva2VuLgoKMS4zLjQuICBDbGllbnQgQ3JlZGVudGlhbHMK
CiAgIFRoZSBjbGllbnQgY3JlZGVudGlhbHMgKG9yIG90aGVyIGZvcm1zIG9mIGNsaWVudCBhdXRo
ZW50aWNhdGlvbikgY2FuCiAgIGJlIHVzZWQgYXMgYW4gYXV0aG9yaXphdGlvbiBncmFudCB3aGVu
IHRoZSBhdXRob3JpemF0aW9uIHNjb3BlIGlzCiAgIGxpbWl0ZWQgdG8gdGhlIHByb3RlY3RlZCBy
ZXNvdXJjZXMgdW5kZXIgdGhlIGNvbnRyb2wgb2YgdGhlIGNsaWVudCwKICAgb3IgdG8gcHJvdGVj
dGVkIHJlc291cmNlcyBwcmV2aW91c2x5IGFycmFuZ2VkIHdpdGggdGhlIGF1dGhvcml6YXRpb24K
ICAgc2VydmVyLiAgQ2xpZW50IGNyZWRlbnRpYWxzIGFyZSB1c2VkIGFzIGFuIGF1dGhvcml6YXRp
b24gZ3JhbnQKICAgdHlwaWNhbGx5IHdoZW4gdGhlIGNsaWVudCBpcyBhY3Rpbmcgb24gaXRzIG93
biBiZWhhbGYgKHRoZSBjbGllbnQgaXMKICAgYWxzbyB0aGUgcmVzb3VyY2Ugb3duZXIpLCBvciBp
cyByZXF1ZXN0aW5nIGFjY2VzcyB0byBwcm90ZWN0ZWQKICAgcmVzb3VyY2VzIGJhc2VkIG9uIGFu
IGF1dGhvcml6YXRpb24gcHJldmlvdXNseSBhcnJhbmdlZCB3aXRoIHRoZQogICBhdXRob3JpemF0
aW9uIHNlcnZlci4KCjEuNC4gIEFjY2VzcyBUb2tlbgoKICAgQWNjZXNzIHRva2VucyBhcmUgY3Jl
ZGVudGlhbHMgdXNlZCB0byBhY2Nlc3MgcHJvdGVjdGVkIHJlc291cmNlcy4gIEFuCiAgIGFjY2Vz
cyB0b2tlbiBpcyBhIHN0cmluZyByZXByZXNlbnRpbmcgYW4gYXV0aG9yaXphdGlvbiBpc3N1ZWQg
dG8gdGhlCiAgIGNsaWVudC4gIFRoZSBzdHJpbmcgaXMgdXN1YWxseSBvcGFxdWUgdG8gdGhlIGNs
aWVudC4gIFRva2VucwogICByZXByZXNlbnQgc3BlY2lmaWMgc2NvcGVzIGFuZCBkdXJhdGlvbnMg
b2YgYWNjZXNzLCBncmFudGVkIGJ5IHRoZQogICByZXNvdXJjZSBvd25lciwgYW5kIGVuZm9yY2Vk
IGJ5IHRoZSByZXNvdXJjZSBzZXJ2ZXIgYW5kIGF1dGhvcml6YXRpb24KICAgc2VydmVyLgoKICAg
VGhlIHRva2VuIG1heSBkZW5vdGUgYW4gaWRlbnRpZmllciB1c2VkIHRvIHJldHJpZXZlIHRoZSBh
dXRob3JpemF0aW9uCgoKCkhhbW1lciwgZXQgYWwuICAgICAgICAgIEV4cGlyZXMgTm92ZW1iZXIg
MjUsIDIwMTIgICAgICAgICAgICAgICBbUGFnZSA5XQoMCkludGVybmV0LURyYWZ0ICAgICAgICAg
ICAgICAgICAgT0F1dGggMi4wICAgICAgICAgICAgICAgICAgICAgICBNYXkgMjAxMgoKCiAgIGlu
Zm9ybWF0aW9uLCBvciBzZWxmLWNvbnRhaW4gdGhlIGF1dGhvcml6YXRpb24gaW5mb3JtYXRpb24g
aW4gYQogICB2ZXJpZmlhYmxlIG1hbm5lciAoaS5lLiBhIHRva2VuIHN0cmluZyBjb25zaXN0aW5n
IG9mIHNvbWUgZGF0YSBhbmQgYQogICBzaWduYXR1cmUpLiAgQWRkaXRpb25hbCBhdXRoZW50aWNh
dGlvbiBjcmVkZW50aWFscywgd2hpY2ggYXJlIGJleW9uZAogICB0aGUgc2NvcGUgb2YgdGhpcyBz
cGVjaWZpY2F0aW9uLCBtYXkgYmUgcmVxdWlyZWQgaW4gb3JkZXIgZm9yIHRoZQogICBjbGllbnQg
dG8gdXNlIGEgdG9rZW4uCgogICBUaGUgYWNjZXNzIHRva2VuIHByb3ZpZGVzIGFuIGFic3RyYWN0
aW9uIGxheWVyLCByZXBsYWNpbmcgZGlmZmVyZW50CiAgIGF1dGhvcml6YXRpb24gY29uc3RydWN0
cyAoZS5nLiB1c2VybmFtZSBhbmQgcGFzc3dvcmQpIHdpdGggYSBzaW5nbGUKICAgdG9rZW4gdW5k
ZXJzdG9vZCBieSB0aGUgcmVzb3VyY2Ugc2VydmVyLiAgVGhpcyBhYnN0cmFjdGlvbiBlbmFibGVz
CiAgIGlzc3VpbmcgYWNjZXNzIHRva2VucyBtb3JlIHJlc3RyaWN0aXZlIHRoYW4gdGhlIGF1dGhv
cml6YXRpb24gZ3JhbnQKICAgdXNlZCB0byBvYnRhaW4gdGhlbSwgYXMgd2VsbCBhcyByZW1vdmlu
ZyB0aGUgcmVzb3VyY2Ugc2VydmVyJ3MgbmVlZAogICB0byB1bmRlcnN0YW5kIGEgd2lkZSByYW5n
ZSBvZiBhdXRoZW50aWNhdGlvbiBtZXRob2RzLgoKICAgQWNjZXNzIHRva2VucyBjYW4gaGF2ZSBk
aWZmZXJlbnQgZm9ybWF0cywgc3RydWN0dXJlcywgYW5kIG1ldGhvZHMgb2YKICAgdXRpbGl6YXRp
b24gKGUuZy4gY3J5cHRvZ3JhcGhpYyBwcm9wZXJ0aWVzKSBiYXNlZCBvbiB0aGUgcmVzb3VyY2UK
ICAgc2VydmVyIHNlY3VyaXR5IHJlcXVpcmVtZW50cy4gIEFjY2VzcyB0b2tlbiBhdHRyaWJ1dGVz
IGFuZCB0aGUKICAgbWV0aG9kcyB1c2VkIHRvIGFjY2VzcyBwcm90ZWN0ZWQgcmVzb3VyY2VzIGFy
ZSBiZXlvbmQgdGhlIHNjb3BlIG9mCiAgIHRoaXMgc3BlY2lmaWNhdGlvbiBhbmQgYXJlIGRlZmlu
ZWQgYnkgY29tcGFuaW9uIHNwZWNpZmljYXRpb25zLgoKMS41LiAgUmVmcmVzaCBUb2tlbgoKICAg
UmVmcmVzaCB0b2tlbnMgYXJlIGNyZWRlbnRpYWxzIHVzZWQgdG8gb2J0YWluIGFjY2VzcyB0b2tl
bnMuICBSZWZyZXNoCiAgIHRva2VucyBhcmUgaXNzdWVkIHRvIHRoZSBjbGllbnQgYnkgdGhlIGF1
dGhvcml6YXRpb24gc2VydmVyIGFuZCBhcmUKICAgdXNlZCB0byBvYnRhaW4gYSBuZXcgYWNjZXNz
IHRva2VuIHdoZW4gdGhlIGN1cnJlbnQgYWNjZXNzIHRva2VuCiAgIGJlY29tZXMgaW52YWxpZCBv
ciBleHBpcmVzLCBvciB0byBvYnRhaW4gYWRkaXRpb25hbCBhY2Nlc3MgdG9rZW5zCiAgIHdpdGgg
aWRlbnRpY2FsIG9yIG5hcnJvd2VyIHNjb3BlIChhY2Nlc3MgdG9rZW5zIG1heSBoYXZlIGEgc2hv
cnRlcgogICBsaWZldGltZSBhbmQgZmV3ZXIgcGVybWlzc2lvbnMgdGhhbiBhdXRob3JpemVkIGJ5
IHRoZSByZXNvdXJjZQogICBvd25lcikuICBJc3N1aW5nIGEgcmVmcmVzaCB0b2tlbiBpcyBvcHRp
b25hbCBhdCB0aGUgZGlzY3JldGlvbiBvZiB0aGUKICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuICBJ
ZiB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgaXNzdWVzIGEgcmVmcmVzaAogICB0b2tlbiwgaXQg
aXMgaW5jbHVkZWQgd2hlbiBpc3N1aW5nIGFuIGFjY2VzcyB0b2tlbiAoaS5lLiBzdGVwIChEKSBp
bgogICBGaWd1cmUgMSkuCgogICBBIHJlZnJlc2ggdG9rZW4gaXMgYSBzdHJpbmcgcmVwcmVzZW50
aW5nIHRoZSBhdXRob3JpemF0aW9uIGdyYW50ZWQgdG8KICAgdGhlIGNsaWVudCBieSB0aGUgcmVz
b3VyY2Ugb3duZXIuICBUaGUgc3RyaW5nIGlzIHVzdWFsbHkgb3BhcXVlIHRvCiAgIHRoZSBjbGll
bnQuICBUaGUgdG9rZW4gZGVub3RlcyBhbiBpZGVudGlmaWVyIHVzZWQgdG8gcmV0cmlldmUgdGhl
CiAgIGF1dGhvcml6YXRpb24gaW5mb3JtYXRpb24uICBVbmxpa2UgYWNjZXNzIHRva2VucywgcmVm
cmVzaCB0b2tlbnMgYXJlCiAgIGludGVuZGVkIGZvciB1c2Ugb25seSB3aXRoIGF1dGhvcml6YXRp
b24gc2VydmVycyBhbmQgYXJlIG5ldmVyIHNlbnQKICAgdG8gcmVzb3VyY2Ugc2VydmVycy4KCgoK
CgoKCgoKCgoKCkhhbW1lciwgZXQgYWwuICAgICAgICAgIEV4cGlyZXMgTm92ZW1iZXIgMjUsIDIw
MTIgICAgICAgICAgICAgIFtQYWdlIDEwXQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAg
ICAgT0F1dGggMi4wICAgICAgICAgICAgICAgICAgICAgICBNYXkgMjAxMgoKCiAgKy0tLS0tLS0t
KyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0t
LS0tKwogIHwgICAgICAgIHwtLShBKS0tLS0tLS0gQXV0aG9yaXphdGlvbiBHcmFudCAtLS0tLS0t
LS0+fCAgICAgICAgICAgICAgIHwKICB8ICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgIHwgICAgICAgICAgICAgICB8CiAgfCAgICAgICAgfDwtKEIpLS0t
LS0tLS0tLS0gQWNjZXNzIFRva2VuIC0tLS0tLS0tLS0tLS18ICAgICAgICAgICAgICAgfAogIHwg
ICAgICAgIHwgICAgICAgICAgICAgICAmIFJlZnJlc2ggVG9rZW4gICAgICAgICAgICAgfCAgICAg
ICAgICAgICAgIHwKICB8ICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgIHwgICAgICAgICAgICAgICB8CiAgfCAgICAgICAgfCAgICAgICAgICAgICAgICAg
ICAgICAgICAgICArLS0tLS0tLS0tLSsgICB8ICAgICAgICAgICAgICAgfAogIHwgICAgICAgIHwt
LShDKS0tLS0gQWNjZXNzIFRva2VuIC0tLS0+fCAgICAgICAgICB8ICAgfCAgICAgICAgICAgICAg
IHwKICB8ICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgICAgICAgfCAg
IHwgICAgICAgICAgICAgICB8CiAgfCAgICAgICAgfDwtKEQpLSBQcm90ZWN0ZWQgUmVzb3VyY2Ug
LS18IFJlc291cmNlIHwgICB8IEF1dGhvcml6YXRpb24gfAogIHwgQ2xpZW50IHwgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgfCAgU2VydmVyICB8ICAgfCAgICAgU2VydmVyICAgIHwKICB8ICAg
ICAgICB8LS0oRSktLS0tIEFjY2VzcyBUb2tlbiAtLS0tPnwgICAgICAgICAgfCAgIHwgICAgICAg
ICAgICAgICB8CiAgfCAgICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICB8ICAgICAg
ICAgIHwgICB8ICAgICAgICAgICAgICAgfAogIHwgICAgICAgIHw8LShGKS0gSW52YWxpZCBUb2tl
biBFcnJvciAtfCAgICAgICAgICB8ICAgfCAgICAgICAgICAgICAgIHwKICB8ICAgICAgICB8ICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICstLS0tLS0tLS0tKyAgIHwgICAgICAgICAgICAgICB8
CiAgfCAgICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8
ICAgICAgICAgICAgICAgfAogIHwgICAgICAgIHwtLShHKS0tLS0tLS0tLS0tIFJlZnJlc2ggVG9r
ZW4gLS0tLS0tLS0tLS0+fCAgICAgICAgICAgICAgIHwKICB8ICAgICAgICB8ICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgICAgICAgICAgICB8CiAgfCAgICAg
ICAgfDwtKEgpLS0tLS0tLS0tLS0gQWNjZXNzIFRva2VuIC0tLS0tLS0tLS0tLS18ICAgICAgICAg
ICAgICAgfAogICstLS0tLS0tLSsgICAgICAgICAgICYgT3B0aW9uYWwgUmVmcmVzaCBUb2tlbiAg
ICAgICAgKy0tLS0tLS0tLS0tLS0tLSsKCgogICAgICAgICAgICAgICBGaWd1cmUgMjogUmVmcmVz
aGluZyBhbiBFeHBpcmVkIEFjY2VzcyBUb2tlbgoKICAgVGhlIGZsb3cgaWxsdXN0cmF0ZWQgaW4g
RmlndXJlIDIgaW5jbHVkZXMgdGhlIGZvbGxvd2luZyBzdGVwczoKCiAgIChBKSAgVGhlIGNsaWVu
dCByZXF1ZXN0cyBhbiBhY2Nlc3MgdG9rZW4gYnkgYXV0aGVudGljYXRpbmcgd2l0aCB0aGUKICAg
ICAgICBhdXRob3JpemF0aW9uIHNlcnZlciwgYW5kIHByZXNlbnRpbmcgYW4gYXV0aG9yaXphdGlv
biBncmFudC4KICAgKEIpICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXV0aGVudGljYXRlcyB0
aGUgY2xpZW50IGFuZCB2YWxpZGF0ZXMKICAgICAgICB0aGUgYXV0aG9yaXphdGlvbiBncmFudCwg
YW5kIGlmIHZhbGlkIGlzc3VlcyBhbiBhY2Nlc3MgdG9rZW4gYW5kCiAgICAgICAgYSByZWZyZXNo
IHRva2VuLgogICAoQykgIFRoZSBjbGllbnQgbWFrZXMgYSBwcm90ZWN0ZWQgcmVzb3VyY2UgcmVx
dWVzdCB0byB0aGUgcmVzb3VyY2UKICAgICAgICBzZXJ2ZXIgYnkgcHJlc2VudGluZyB0aGUgYWNj
ZXNzIHRva2VuLgogICAoRCkgIFRoZSByZXNvdXJjZSBzZXJ2ZXIgdmFsaWRhdGVzIHRoZSBhY2Nl
c3MgdG9rZW4sIGFuZCBpZiB2YWxpZCwKICAgICAgICBzZXJ2ZXMgdGhlIHJlcXVlc3QuCiAgIChF
KSAgU3RlcHMgKEMpIGFuZCAoRCkgcmVwZWF0IHVudGlsIHRoZSBhY2Nlc3MgdG9rZW4gZXhwaXJl
cy4gIElmIHRoZQogICAgICAgIGNsaWVudCBrbm93cyB0aGUgYWNjZXNzIHRva2VuIGV4cGlyZWQs
IGl0IHNraXBzIHRvIHN0ZXAgKEcpLAogICAgICAgIG90aGVyd2lzZSBpdCBtYWtlcyBhbm90aGVy
IHByb3RlY3RlZCByZXNvdXJjZSByZXF1ZXN0LgogICAoRikgIFNpbmNlIHRoZSBhY2Nlc3MgdG9r
ZW4gaXMgaW52YWxpZCwgdGhlIHJlc291cmNlIHNlcnZlciByZXR1cm5zCiAgICAgICAgYW4gaW52
YWxpZCB0b2tlbiBlcnJvci4KICAgKEcpICBUaGUgY2xpZW50IHJlcXVlc3RzIGEgbmV3IGFjY2Vz
cyB0b2tlbiBieSBhdXRoZW50aWNhdGluZyB3aXRoCiAgICAgICAgdGhlIGF1dGhvcml6YXRpb24g
c2VydmVyIGFuZCBwcmVzZW50aW5nIHRoZSByZWZyZXNoIHRva2VuLiAgVGhlCiAgICAgICAgY2xp
ZW50IGF1dGhlbnRpY2F0aW9uIHJlcXVpcmVtZW50cyBhcmUgYmFzZWQgb24gdGhlIGNsaWVudCB0
eXBlCiAgICAgICAgYW5kIG9uIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBwb2xpY2llcy4KCgoK
CgoKCkhhbW1lciwgZXQgYWwuICAgICAgICAgIEV4cGlyZXMgTm92ZW1iZXIgMjUsIDIwMTIgICAg
ICAgICAgICAgIFtQYWdlIDExXQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1
dGggMi4wICAgICAgICAgICAgICAgICAgICAgICBNYXkgMjAxMgoKCiAgIChIKSAgVGhlIGF1dGhv
cml6YXRpb24gc2VydmVyIGF1dGhlbnRpY2F0ZXMgdGhlIGNsaWVudCBhbmQgdmFsaWRhdGVzCiAg
ICAgICAgdGhlIHJlZnJlc2ggdG9rZW4sIGFuZCBpZiB2YWxpZCBpc3N1ZXMgYSBuZXcgYWNjZXNz
IHRva2VuIChhbmQKICAgICAgICBvcHRpb25hbGx5LCBhIG5ldyByZWZyZXNoIHRva2VuKS4KCiAg
IFN0ZXBzIEMsIEQsIEUsIGFuZCBGIGFyZSBvdXRzaWRlIHRoZSBzY29wZSBvZiB0aGlzIHNwZWNp
ZmljYXRpb24gYXMKICAgZGVzY3JpYmVkIGluIFNlY3Rpb24gNy4KCjEuNi4gIFRMUyBWZXJzaW9u
CgogICBXaGVuZXZlciBUTFMgaXMgdXNlZCBieSB0aGlzIHNwZWNpZmljYXRpb24sIHRoZSBhcHBy
b3ByaWF0ZSB2ZXJzaW9uCiAgIChvciB2ZXJzaW9ucykgb2YgVExTIHdpbGwgdmFyeSBvdmVyIHRp
bWUsIGJhc2VkIG9uIHRoZSB3aWRlc3ByZWFkCiAgIGRlcGxveW1lbnQgYW5kIGtub3duIHNlY3Vy
aXR5IHZ1bG5lcmFiaWxpdGllcy4gIEF0IHRoZSB0aW1lIG9mIHRoaXMKICAgd3JpdGluZywgVExT
IHZlcnNpb24gMS4yIFtSRkM1MjQ2XSBpcyB0aGUgbW9zdCByZWNlbnQgdmVyc2lvbiwgYnV0CiAg
IGhhcyBhIHZlcnkgbGltaXRlZCBkZXBsb3ltZW50IGJhc2UgYW5kIG1pZ2h0IG5vdCBiZSByZWFk
aWx5IGF2YWlsYWJsZQogICBmb3IgaW1wbGVtZW50YXRpb24uICBUTFMgdmVyc2lvbiAxLjAgW1JG
QzIyNDZdIGlzIHRoZSBtb3N0IHdpZGVseQogICBkZXBsb3llZCB2ZXJzaW9uLCBhbmQgd2lsbCBw
cm92aWRlIHRoZSBicm9hZGVzdCBpbnRlcm9wZXJhYmlsaXR5LgoKICAgSW1wbGVtZW50YXRpb25z
IE1BWSBhbHNvIHN1cHBvcnQgYWRkaXRpb25hbCB0cmFuc3BvcnQtbGF5ZXIgc2VjdXJpdHkKICAg
bWVjaGFuaXNtcyB0aGF0IG1lZXQgdGhlaXIgc2VjdXJpdHkgcmVxdWlyZW1lbnRzLgoKMS43LiAg
SFRUUCBSZWRpcmVjdGlvbnMKCiAgIFRoaXMgc3BlY2lmaWNhdGlvbiBtYWtlcyBleHRlbnNpdmUg
dXNlIG9mIEhUVFAgcmVkaXJlY3Rpb25zLCBpbiB3aGljaAogICB0aGUgY2xpZW50IG9yIHRoZSBh
dXRob3JpemF0aW9uIHNlcnZlciBkaXJlY3QgdGhlIHJlc291cmNlIG93bmVyJ3MKICAgdXNlci1h
Z2VudCB0byBhbm90aGVyIGRlc3RpbmF0aW9uLiAgV2hpbGUgdGhlIGV4YW1wbGVzIGluIHRoaXMK
ICAgc3BlY2lmaWNhdGlvbiBzaG93IHRoZSB1c2Ugb2YgdGhlIEhUVFAgMzAyIHN0YXR1cyBjb2Rl
LCBhbnkgb3RoZXIKICAgbWV0aG9kIGF2YWlsYWJsZSB2aWEgdGhlIHVzZXItYWdlbnQgdG8gYWNj
b21wbGlzaCB0aGlzIHJlZGlyZWN0aW9uIGlzCiAgIGFsbG93ZWQgYW5kIGlzIGNvbnNpZGVyZWQg
dG8gYmUgYW4gaW1wbGVtZW50YXRpb24gZGV0YWlsLgoKMS44LiAgSW50ZXJvcGVyYWJpbGl0eQoK
ICAgT0F1dGggMi4wIHByb3ZpZGVzIGEgcmljaCBhdXRob3JpemF0aW9uIGZyYW1ld29yayB3aXRo
IHdlbGwtZGVmaW5lZAogICBzZWN1cml0eSBwcm9wZXJ0aWVzLiAgSG93ZXZlciwgYXMgYSByaWNo
IGFuZCBoaWdobHkgZXh0ZW5zaWJsZQogICBmcmFtZXdvcmsgd2l0aCBtYW55IG9wdGlvbmFsIGNv
bXBvbmVudHMsIG9uIGl0cyBvd24sIHRoaXMKICAgc3BlY2lmaWNhdGlvbiBpcyBsaWtlbHkgdG8g
cHJvZHVjZSBhIHdpZGUgcmFuZ2Ugb2Ygbm9uLWludGVyb3BlcmFibGUKICAgaW1wbGVtZW50YXRp
b25zLgoKICAgSW4gYWRkaXRpb24sIHRoaXMgc3BlY2lmaWNhdGlvbiBsZWF2ZXMgYSBmZXcgcmVx
dWlyZWQgY29tcG9uZW50cwogICBwYXJ0aWFsbHkgb3IgZnVsbHkgdW5kZWZpbmVkIChlLmcuIGNs
aWVudCByZWdpc3RyYXRpb24sIGF1dGhvcml6YXRpb24KICAgc2VydmVyIGNhcGFiaWxpdGllcywg
ZW5kcG9pbnQgZGlzY292ZXJ5KS4gIFdpdGhvdXQgdGhlc2UgY29tcG9uZW50cywKICAgY2xpZW50
cyBtdXN0IGJlIG1hbnVhbGx5IGFuZCBzcGVjaWZpY2FsbHkgY29uZmlndXJlZCBhZ2FpbnN0IGEK
ICAgc3BlY2lmaWMgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYW5kIHJlc291cmNlIHNlcnZlciBpbiBv
cmRlciB0bwogICBpbnRlcm9wZXJhdGUuCgogICBUaGlzIGZyYW1ld29yayB3YXMgZGVzaWduZWQg
d2l0aCB0aGUgY2xlYXIgZXhwZWN0YXRpb24gdGhhdCBmdXR1cmUKICAgd29yayB3aWxsIGRlZmlu
ZSBwcmVzY3JpcHRpdmUgcHJvZmlsZXMgYW5kIGV4dGVuc2lvbnMgbmVjZXNzYXJ5IHRvCiAgIGFj
aGlldmUgZnVsbCB3ZWItc2NhbGUgaW50ZXJvcGVyYWJpbGl0eS4KCgoKCkhhbW1lciwgZXQgYWwu
ICAgICAgICAgIEV4cGlyZXMgTm92ZW1iZXIgMjUsIDIwMTIgICAgICAgICAgICAgIFtQYWdlIDEy
XQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAgICAgICAg
ICAgICAgICAgICBNYXkgMjAxMgoKCjEuOS4gIE5vdGF0aW9uYWwgQ29udmVudGlvbnMKCiAgIFRo
ZSBrZXkgd29yZHMgIk1VU1QiLCAiTVVTVCBOT1QiLCAiUkVRVUlSRUQiLCAiU0hBTEwiLCAiU0hB
TEwgTk9UIiwKICAgIlNIT1VMRCIsICJTSE9VTEQgTk9UIiwgIlJFQ09NTUVOREVEIiwgIk1BWSIs
IGFuZCAiT1BUSU9OQUwiIGluIHRoaXMKICAgc3BlY2lmaWNhdGlvbiBhcmUgdG8gYmUgaW50ZXJw
cmV0ZWQgYXMgZGVzY3JpYmVkIGluIFtSRkMyMTE5XS4KCiAgIFRoaXMgc3BlY2lmaWNhdGlvbiB1
c2VzIHRoZSBBdWdtZW50ZWQgQmFja3VzLU5hdXIgRm9ybSAoQUJORikKICAgbm90YXRpb24gb2Yg
W1JGQzUyMzRdLiAgQWRkaXRpb25hbGx5LCB0aGUgcnVsZSBVUkktUmVmZXJlbmNlIGlzCiAgIGlu
Y2x1ZGVkIGZyb20gVW5pZm9ybSBSZXNvdXJjZSBJZGVudGlmaWVyIChVUkkpIFtSRkMzOTg2XS4K
CiAgIENlcnRhaW4gc2VjdXJpdHktcmVsYXRlZCB0ZXJtcyBhcmUgdG8gYmUgdW5kZXJzdG9vZCBp
biB0aGUgc2Vuc2UKICAgZGVmaW5lZCBpbiBbUkZDNDk0OV0uICBUaGVzZSB0ZXJtcyBpbmNsdWRl
LCBidXQgYXJlIG5vdCBsaW1pdGVkIHRvLAogICAiYXR0YWNrIiwgImF1dGhlbnRpY2F0aW9uIiwg
ImF1dGhvcml6YXRpb24iLCAiY2VydGlmaWNhdGUiLAogICAiY29uZmlkZW50aWFsaXR5IiwgImNy
ZWRlbnRpYWwiLCAiZW5jcnlwdGlvbiIsICJpZGVudGl0eSIsICJzaWduIiwKICAgInNpZ25hdHVy
ZSIsICJ0cnVzdCIsICJ2YWxpZGF0ZSIsIGFuZCAidmVyaWZ5Ii4KCiAgIFVubGVzcyBvdGhlcndp
c2Ugbm90ZWQsIGFsbCB0aGUgcHJvdG9jb2wgcGFyYW1ldGVyIG5hbWVzIGFuZCB2YWx1ZXMKICAg
YXJlIGNhc2Ugc2Vuc2l0aXZlLgoKCjIuICBDbGllbnQgUmVnaXN0cmF0aW9uCgogICBCZWZvcmUg
aW5pdGlhdGluZyB0aGUgcHJvdG9jb2wsIHRoZSBjbGllbnQgcmVnaXN0ZXJzIHdpdGggdGhlCiAg
IGF1dGhvcml6YXRpb24gc2VydmVyLiAgVGhlIG1lYW5zIHRocm91Z2ggd2hpY2ggdGhlIGNsaWVu
dCByZWdpc3RlcnMKICAgd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXJlIGJleW9uZCB0
aGUgc2NvcGUgb2YgdGhpcwogICBzcGVjaWZpY2F0aW9uLCBidXQgdHlwaWNhbGx5IGludm9sdmUg
ZW5kLXVzZXIgaW50ZXJhY3Rpb24gd2l0aCBhbgogICBIVE1MIHJlZ2lzdHJhdGlvbiBmb3JtLgoK
ICAgQ2xpZW50IHJlZ2lzdHJhdGlvbiBkb2VzIG5vdCByZXF1aXJlIGEgZGlyZWN0IGludGVyYWN0
aW9uIGJldHdlZW4gdGhlCiAgIGNsaWVudCBhbmQgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLiAg
V2hlbiBzdXBwb3J0ZWQgYnkgdGhlCiAgIGF1dGhvcml6YXRpb24gc2VydmVyLCByZWdpc3RyYXRp
b24gY2FuIHJlbHkgb24gb3RoZXIgbWVhbnMgZm9yCiAgIGVzdGFibGlzaGluZyB0cnVzdCBhbmQg
b2J0YWluaW5nIHRoZSByZXF1aXJlZCBjbGllbnQgcHJvcGVydGllcyAoZS5nLgogICByZWRpcmVj
dGlvbiBVUkksIGNsaWVudCB0eXBlKS4gIEZvciBleGFtcGxlLCByZWdpc3RyYXRpb24gY2FuIGJl
CiAgIGFjY29tcGxpc2hlZCB1c2luZyBhIHNlbGYtaXNzdWVkIG9yIHRoaXJkLXBhcnR5LWlzc3Vl
ZCBhc3NlcnRpb24sIG9yCiAgIGJ5IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBwZXJmb3JtaW5n
IGNsaWVudCBkaXNjb3ZlcnkgdXNpbmcgYQogICB0cnVzdGVkIGNoYW5uZWwuCgogICBXaGVuIHJl
Z2lzdGVyaW5nIGEgY2xpZW50LCB0aGUgY2xpZW50IGRldmVsb3BlciBTSEFMTDoKCiAgIG8gIHNw
ZWNpZmllcyB0aGUgY2xpZW50IHR5cGUgYXMgZGVzY3JpYmVkIGluIFNlY3Rpb24gMi4xLAogICBv
ICBwcm92aWRlcyBpdHMgY2xpZW50IHJlZGlyZWN0aW9uIFVSSXMgYXMgZGVzY3JpYmVkIGluCiAg
ICAgIFNlY3Rpb24gMy4xLjIsIGFuZAogICBvICBpbmNsdWRlcyBhbnkgb3RoZXIgaW5mb3JtYXRp
b24gcmVxdWlyZWQgYnkgdGhlIGF1dGhvcml6YXRpb24KICAgICAgc2VydmVyIChlLmcuIGFwcGxp
Y2F0aW9uIG5hbWUsIHdlYnNpdGUsIGRlc2NyaXB0aW9uLCBsb2dvIGltYWdlLAogICAgICB0aGUg
YWNjZXB0YW5jZSBvZiBsZWdhbCB0ZXJtcykuCgoKCgoKCkhhbW1lciwgZXQgYWwuICAgICAgICAg
IEV4cGlyZXMgTm92ZW1iZXIgMjUsIDIwMTIgICAgICAgICAgICAgIFtQYWdlIDEzXQoMCkludGVy
bmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAgICAgICAgICAgICAgICAg
ICBNYXkgMjAxMgoKCjIuMS4gIENsaWVudCBUeXBlcwoKICAgT0F1dGggZGVmaW5lcyB0d28gY2xp
ZW50IHR5cGVzLCBiYXNlZCBvbiB0aGVpciBhYmlsaXR5IHRvCiAgIGF1dGhlbnRpY2F0ZSBzZWN1
cmVseSB3aXRoIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciAoaS5lLiBhYmlsaXR5IHRvCiAgIG1h
aW50YWluIHRoZSBjb25maWRlbnRpYWxpdHkgb2YgdGhlaXIgY2xpZW50IGNyZWRlbnRpYWxzKToK
CiAgIGNvbmZpZGVudGlhbAogICAgICBDbGllbnRzIGNhcGFibGUgb2YgbWFpbnRhaW5pbmcgdGhl
IGNvbmZpZGVudGlhbGl0eSBvZiB0aGVpcgogICAgICBjcmVkZW50aWFscyAoZS5nLiBjbGllbnQg
aW1wbGVtZW50ZWQgb24gYSBzZWN1cmUgc2VydmVyIHdpdGgKICAgICAgcmVzdHJpY3RlZCBhY2Nl
c3MgdG8gdGhlIGNsaWVudCBjcmVkZW50aWFscyksIG9yIGNhcGFibGUgb2Ygc2VjdXJlCiAgICAg
IGNsaWVudCBhdXRoZW50aWNhdGlvbiB1c2luZyBvdGhlciBtZWFucy4KICAgcHVibGljCiAgICAg
IENsaWVudHMgaW5jYXBhYmxlIG9mIG1haW50YWluaW5nIHRoZSBjb25maWRlbnRpYWxpdHkgb2Yg
dGhlaXIKICAgICAgY3JlZGVudGlhbHMgKGUuZy4gY2xpZW50cyBleGVjdXRpbmcgb24gdGhlIGRl
dmljZSB1c2VkIGJ5IHRoZQogICAgICByZXNvdXJjZSBvd25lciBzdWNoIGFzIGFuIGluc3RhbGxl
ZCBuYXRpdmUgYXBwbGljYXRpb24gb3IgYSB3ZWIKICAgICAgYnJvd3Nlci1iYXNlZCBhcHBsaWNh
dGlvbiksIGFuZCBpbmNhcGFibGUgb2Ygc2VjdXJlIGNsaWVudAogICAgICBhdXRoZW50aWNhdGlv
biB2aWEgYW55IG90aGVyIG1lYW5zLgoKICAgVGhlIGNsaWVudCB0eXBlIGRlc2lnbmF0aW9uIGlz
IGJhc2VkIG9uIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcidzCiAgIGRlZmluaXRpb24gb2Ygc2Vj
dXJlIGF1dGhlbnRpY2F0aW9uIGFuZCBpdHMgYWNjZXB0YWJsZSBleHBvc3VyZQogICBsZXZlbHMg
b2YgY2xpZW50IGNyZWRlbnRpYWxzLiAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCBO
T1QKICAgbWFrZSBhc3N1bXB0aW9ucyBhYm91dCB0aGUgY2xpZW50IHR5cGUuCgogICBBIGNsaWVu
dCBtYXkgYmUgaW1wbGVtZW50ZWQgYXMgYSBkaXN0cmlidXRlZCBzZXQgb2YgY29tcG9uZW50cywg
ZWFjaAogICB3aXRoIGEgZGlmZmVyZW50IGNsaWVudCB0eXBlIGFuZCBzZWN1cml0eSBjb250ZXh0
IChlLmcuIGEgZGlzdHJpYnV0ZWQKICAgY2xpZW50IHdpdGggYm90aCBhIGNvbmZpZGVudGlhbCBz
ZXJ2ZXItYmFzZWQgY29tcG9uZW50IGFuZCBhIHB1YmxpYwogICBicm93c2VyLWJhc2VkIGNvbXBv
bmVudCkuICBJZiB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgZG9lcyBub3QKICAgcHJvdmlkZSBz
dXBwb3J0IGZvciBzdWNoIGNsaWVudHMsIG9yIGRvZXMgbm90IHByb3ZpZGUgZ3VpZGFuY2Ugd2l0
aAogICByZWdhcmQgdG8gdGhlaXIgcmVnaXN0cmF0aW9uLCB0aGUgY2xpZW50IFNIT1VMRCByZWdp
c3RlciBlYWNoCiAgIGNvbXBvbmVudCBhcyBhIHNlcGFyYXRlIGNsaWVudC4KCiAgIFRoaXMgc3Bl
Y2lmaWNhdGlvbiBoYXMgYmVlbiBkZXNpZ25lZCBhcm91bmQgdGhlIGZvbGxvd2luZyBjbGllbnQK
ICAgcHJvZmlsZXM6CgogICB3ZWIgYXBwbGljYXRpb24KICAgICAgQSB3ZWIgYXBwbGljYXRpb24g
aXMgYSBjb25maWRlbnRpYWwgY2xpZW50IHJ1bm5pbmcgb24gYSB3ZWIKICAgICAgc2VydmVyLiAg
UmVzb3VyY2Ugb3duZXJzIGFjY2VzcyB0aGUgY2xpZW50IHZpYSBhbiBIVE1MIHVzZXIKICAgICAg
aW50ZXJmYWNlIHJlbmRlcmVkIGluIGEgdXNlci1hZ2VudCBvbiB0aGUgZGV2aWNlIHVzZWQgYnkg
dGhlCiAgICAgIHJlc291cmNlIG93bmVyLiAgVGhlIGNsaWVudCBjcmVkZW50aWFscyBhcyB3ZWxs
IGFzIGFueSBhY2Nlc3MKICAgICAgdG9rZW4gaXNzdWVkIHRvIHRoZSBjbGllbnQgYXJlIHN0b3Jl
ZCBvbiB0aGUgd2ViIHNlcnZlciBhbmQgYXJlCiAgICAgIG5vdCBleHBvc2VkIHRvIG9yIGFjY2Vz
c2libGUgYnkgdGhlIHJlc291cmNlIG93bmVyLgogICB1c2VyLWFnZW50LWJhc2VkIGFwcGxpY2F0
aW9uCiAgICAgIEEgdXNlci1hZ2VudC1iYXNlZCBhcHBsaWNhdGlvbiBpcyBhIHB1YmxpYyBjbGll
bnQgaW4gd2hpY2ggdGhlCiAgICAgIGNsaWVudCBjb2RlIGlzIGRvd25sb2FkZWQgZnJvbSBhIHdl
YiBzZXJ2ZXIgYW5kIGV4ZWN1dGVzIHdpdGhpbiBhCiAgICAgIHVzZXItYWdlbnQgKGUuZy4gd2Vi
IGJyb3dzZXIpIG9uIHRoZSBkZXZpY2UgdXNlZCBieSB0aGUgcmVzb3VyY2UKICAgICAgb3duZXIu
ICBQcm90b2NvbCBkYXRhIGFuZCBjcmVkZW50aWFscyBhcmUgZWFzaWx5IGFjY2Vzc2libGUgKGFu
ZAogICAgICBvZnRlbiB2aXNpYmxlKSB0byB0aGUgcmVzb3VyY2Ugb3duZXIuICBTaW5jZSBzdWNo
IGFwcGxpY2F0aW9ucwogICAgICByZXNpZGUgd2l0aGluIHRoZSB1c2VyLWFnZW50LCB0aGV5IGNh
biBtYWtlIHNlYW1sZXNzIHVzZSBvZiB0aGUKCgoKSGFtbWVyLCBldCBhbC4gICAgICAgICAgRXhw
aXJlcyBOb3ZlbWJlciAyNSwgMjAxMiAgICAgICAgICAgICAgW1BhZ2UgMTRdCgwKSW50ZXJuZXQt
RHJhZnQgICAgICAgICAgICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAgICAgICAgIE1h
eSAyMDEyCgoKICAgICAgdXNlci1hZ2VudCBjYXBhYmlsaXRpZXMgd2hlbiByZXF1ZXN0aW5nIGF1
dGhvcml6YXRpb24uCiAgIG5hdGl2ZSBhcHBsaWNhdGlvbgogICAgICBBIG5hdGl2ZSBhcHBsaWNh
dGlvbiBpcyBhIHB1YmxpYyBjbGllbnQgaW5zdGFsbGVkIGFuZCBleGVjdXRlZCBvbgogICAgICB0
aGUgZGV2aWNlIHVzZWQgYnkgdGhlIHJlc291cmNlIG93bmVyLiAgUHJvdG9jb2wgZGF0YSBhbmQK
ICAgICAgY3JlZGVudGlhbHMgYXJlIGFjY2Vzc2libGUgdG8gdGhlIHJlc291cmNlIG93bmVyLiAg
SXQgaXMgYXNzdW1lZAogICAgICB0aGF0IGFueSBjbGllbnQgYXV0aGVudGljYXRpb24gY3JlZGVu
dGlhbHMgaW5jbHVkZWQgaW4gdGhlCiAgICAgIGFwcGxpY2F0aW9uIGNhbiBiZSBleHRyYWN0ZWQu
ICBPbiB0aGUgb3RoZXIgaGFuZCwgZHluYW1pY2FsbHkKICAgICAgaXNzdWVkIGNyZWRlbnRpYWxz
IHN1Y2ggYXMgYWNjZXNzIHRva2VucyBvciByZWZyZXNoIHRva2VucyBjYW4KICAgICAgcmVjZWl2
ZSBhbiBhY2NlcHRhYmxlIGxldmVsIG9mIHByb3RlY3Rpb24uICBBdCBhIG1pbmltdW0sIHRoZXNl
CiAgICAgIGNyZWRlbnRpYWxzIGFyZSBwcm90ZWN0ZWQgZnJvbSBob3N0aWxlIHNlcnZlcnMgd2l0
aCB3aGljaCB0aGUKICAgICAgYXBwbGljYXRpb24gbWF5IGludGVyYWN0IHdpdGguICBPbiBzb21l
IHBsYXRmb3JtcyB0aGVzZQogICAgICBjcmVkZW50aWFscyBtaWdodCBiZSBwcm90ZWN0ZWQgZnJv
bSBvdGhlciBhcHBsaWNhdGlvbnMgcmVzaWRpbmcgb24KICAgICAgdGhlIHNhbWUgZGV2aWNlLgoK
Mi4yLiAgQ2xpZW50IElkZW50aWZpZXIKCiAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBpc3N1
ZXMgdGhlIHJlZ2lzdGVyZWQgY2xpZW50IGEgY2xpZW50CiAgIGlkZW50aWZpZXIgLSBhIHVuaXF1
ZSBzdHJpbmcgcmVwcmVzZW50aW5nIHRoZSByZWdpc3RyYXRpb24KICAgaW5mb3JtYXRpb24gcHJv
dmlkZWQgYnkgdGhlIGNsaWVudC4gIFRoZSBjbGllbnQgaWRlbnRpZmllciBpcyBub3QgYQogICBz
ZWNyZXQsIGl0IGlzIGV4cG9zZWQgdG8gdGhlIHJlc291cmNlIG93bmVyLCBhbmQgTVVTVCBOT1Qg
YmUgdXNlZAogICBhbG9uZSBmb3IgY2xpZW50IGF1dGhlbnRpY2F0aW9uLiAgVGhlIGNsaWVudCBp
ZGVudGlmaWVyIGlzIHVuaXF1ZSB0bwogICB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuCgogICBU
aGUgY2xpZW50IGlkZW50aWZpZXIgc3RyaW5nIHNpemUgaXMgbGVmdCB1bmRlZmluZWQgYnkgdGhp
cwogICBzcGVjaWZpY2F0aW9uLiAgVGhlIGNsaWVudCBzaG91bGQgYXZvaWQgbWFraW5nIGFzc3Vt
cHRpb25zIGFib3V0IHRoZQogICBpZGVudGlmaWVyIHNpemUuICBUaGUgYXV0aG9yaXphdGlvbiBz
ZXJ2ZXIgU0hPVUxEIGRvY3VtZW50IHRoZSBzaXplCiAgIG9mIGFueSBpZGVudGlmaWVyIGl0IGlz
c3Vlcy4KCjIuMy4gIENsaWVudCBBdXRoZW50aWNhdGlvbgoKICAgSWYgdGhlIGNsaWVudCB0eXBl
IGlzIGNvbmZpZGVudGlhbCwgdGhlIGNsaWVudCBhbmQgYXV0aG9yaXphdGlvbgogICBzZXJ2ZXIg
ZXN0YWJsaXNoIGEgY2xpZW50IGF1dGhlbnRpY2F0aW9uIG1ldGhvZCBzdWl0YWJsZSBmb3IgdGhl
CiAgIHNlY3VyaXR5IHJlcXVpcmVtZW50cyBvZiB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuICBU
aGUgYXV0aG9yaXphdGlvbgogICBzZXJ2ZXIgTUFZIGFjY2VwdCBhbnkgZm9ybSBvZiBjbGllbnQg
YXV0aGVudGljYXRpb24gbWVldGluZyBpdHMKICAgc2VjdXJpdHkgcmVxdWlyZW1lbnRzLgoKICAg
Q29uZmlkZW50aWFsIGNsaWVudHMgYXJlIHR5cGljYWxseSBpc3N1ZWQgKG9yIGVzdGFibGlzaCkg
YSBzZXQgb2YKICAgY2xpZW50IGNyZWRlbnRpYWxzIHVzZWQgZm9yIGF1dGhlbnRpY2F0aW5nIHdp
dGggdGhlIGF1dGhvcml6YXRpb24KICAgc2VydmVyIChlLmcuIHBhc3N3b3JkLCBwdWJsaWMvcHJp
dmF0ZSBrZXkgcGFpcikuCgogICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTUFZIGVzdGFibGlz
aCBhIGNsaWVudCBhdXRoZW50aWNhdGlvbiBtZXRob2QKICAgd2l0aCBwdWJsaWMgY2xpZW50cy4g
IEhvd2V2ZXIsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIE5PVCByZWx5CiAgIG9uIHB1
YmxpYyBjbGllbnQgYXV0aGVudGljYXRpb24gZm9yIHRoZSBwdXJwb3NlIG9mIGlkZW50aWZ5aW5n
IHRoZQogICBjbGllbnQuCgogICBUaGUgY2xpZW50IE1VU1QgTk9UIHVzZSBtb3JlIHRoYW4gb25l
IGF1dGhlbnRpY2F0aW9uIG1ldGhvZCBpbiBlYWNoCiAgIHJlcXVlc3QuCgoKCgpIYW1tZXIsIGV0
IGFsLiAgICAgICAgICBFeHBpcmVzIE5vdmVtYmVyIDI1LCAyMDEyICAgICAgICAgICAgICBbUGFn
ZSAxNV0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAg
ICAgICAgICAgICAgICAgTWF5IDIwMTIKCgoyLjMuMS4gIENsaWVudCBQYXNzd29yZAoKICAgQ2xp
ZW50cyBpbiBwb3NzZXNzaW9uIG9mIGEgY2xpZW50IHBhc3N3b3JkIE1BWSB1c2UgdGhlIEhUVFAg
QmFzaWMKICAgYXV0aGVudGljYXRpb24gc2NoZW1lIGFzIGRlZmluZWQgaW4gW1JGQzI2MTddIHRv
IGF1dGhlbnRpY2F0ZSB3aXRoCiAgIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4gIFRoZSBjbGll
bnQgaWRlbnRpZmllciBpcyB1c2VkIGFzIHRoZQogICB1c2VybmFtZSwgYW5kIHRoZSBjbGllbnQg
cGFzc3dvcmQgaXMgdXNlZCBhcyB0aGUgcGFzc3dvcmQuICBUaGUKICAgYXV0aG9yaXphdGlvbiBz
ZXJ2ZXIgTVVTVCBzdXBwb3J0IHRoZSBIVFRQIEJhc2ljIGF1dGhlbnRpY2F0aW9uCiAgIHNjaGVt
ZSBmb3IgYXV0aGVudGljYXRpbmcgY2xpZW50cyB3aGljaCB3ZXJlIGlzc3VlZCBhIGNsaWVudAog
ICBwYXNzd29yZC4KCiAgIEZvciBleGFtcGxlIChleHRyYSBsaW5lIGJyZWFrcyBhcmUgZm9yIGRp
c3BsYXkgcHVycG9zZXMgb25seSk6CgoKICAgICBBdXRob3JpemF0aW9uOiBCYXNpYyBjelpDYUdS
U2EzRjBNem8zUm1wbWNEQmFRbkl4UzNSRVVtSnVabFprYlVsMwoKCiAgIEFsdGVybmF0aXZlbHks
IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNQVkgc3VwcG9ydCBpbmNsdWRpbmcgdGhlCiAgIGNs
aWVudCBjcmVkZW50aWFscyBpbiB0aGUgcmVxdWVzdCBib2R5IHVzaW5nIHRoZSBmb2xsb3dpbmcK
ICAgcGFyYW1ldGVyczoKCiAgIGNsaWVudF9pZAogICAgICAgICBSRVFVSVJFRC4gIFRoZSBjbGll
bnQgaWRlbnRpZmllciBpc3N1ZWQgdG8gdGhlIGNsaWVudCBkdXJpbmcKICAgICAgICAgdGhlIHJl
Z2lzdHJhdGlvbiBwcm9jZXNzIGRlc2NyaWJlZCBieSBTZWN0aW9uIDIuMi4KICAgY2xpZW50X3Nl
Y3JldAogICAgICAgICBSRVFVSVJFRC4gIFRoZSBjbGllbnQgc2VjcmV0LiAgVGhlIGNsaWVudCBN
QVkgb21pdCB0aGUKICAgICAgICAgcGFyYW1ldGVyIGlmIHRoZSBjbGllbnQgc2VjcmV0IGlzIGFu
IGVtcHR5IHN0cmluZy4KCiAgIEluY2x1ZGluZyB0aGUgY2xpZW50IGNyZWRlbnRpYWxzIGluIHRo
ZSByZXF1ZXN0IGJvZHkgdXNpbmcgdGhlIHR3bwogICBwYXJhbWV0ZXJzIGlzIE5PVCBSRUNPTU1F
TkRFRCwgYW5kIFNIT1VMRCBiZSBsaW1pdGVkIHRvIGNsaWVudHMKICAgdW5hYmxlIHRvIGRpcmVj
dGx5IHV0aWxpemUgdGhlIEhUVFAgQmFzaWMgYXV0aGVudGljYXRpb24gc2NoZW1lIChvcgogICBv
dGhlciBwYXNzd29yZC1iYXNlZCBIVFRQIGF1dGhlbnRpY2F0aW9uIHNjaGVtZXMpLiAgVGhlIHBh
cmFtZXRlcnMKICAgY2FuIG9ubHkgYmUgdHJhbnNtaXR0ZWQgaW4gdGhlIHJlcXVlc3QgYm9keSBh
bmQgTVVTVCBOT1QgYmUgaW5jbHVkZWQKICAgaW4gdGhlIHJlcXVlc3QgVVJJLgoKICAgRm9yIGV4
YW1wbGUsIHJlcXVlc3RpbmcgdG8gcmVmcmVzaCBhbiBhY2Nlc3MgdG9rZW4gKFNlY3Rpb24gNikg
dXNpbmcKICAgdGhlIGJvZHkgcGFyYW1ldGVycyAoZXh0cmEgbGluZSBicmVha3MgYXJlIGZvciBk
aXNwbGF5IHB1cnBvc2VzCiAgIG9ubHkpOgoKCiAgICAgUE9TVCAvdG9rZW4gSFRUUC8xLjEKICAg
ICBIb3N0OiBzZXJ2ZXIuZXhhbXBsZS5jb20KICAgICBDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9u
L3gtd3d3LWZvcm0tdXJsZW5jb2RlZDtjaGFyc2V0PVVURi04CgogICAgIGdyYW50X3R5cGU9cmVm
cmVzaF90b2tlbiZyZWZyZXNoX3Rva2VuPXRHenYzSk9rRjBYRzVReDJUbEtXSUEKICAgICAmY2xp
ZW50X2lkPXM2QmhkUmtxdDMmY2xpZW50X3NlY3JldD03RmpmcDBaQnIxS3REUmJuZlZkbUl3CgoK
ICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgcmVxdWlyZSB0aGUgdXNlIG9mIFRMUyBh
cyBkZXNjcmliZWQgaW4KCgoKSGFtbWVyLCBldCBhbC4gICAgICAgICAgRXhwaXJlcyBOb3ZlbWJl
ciAyNSwgMjAxMiAgICAgICAgICAgICAgW1BhZ2UgMTZdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAg
ICAgICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAgICAgICAgIE1heSAyMDEyCgoKICAg
U2VjdGlvbiAxLjYgd2hlbiBzZW5kaW5nIHJlcXVlc3RzIHVzaW5nIHBhc3N3b3JkIGF1dGhlbnRp
Y2F0aW9uLgoKICAgU2luY2UgdGhpcyBjbGllbnQgYXV0aGVudGljYXRpb24gbWV0aG9kIGludm9s
dmVzIGEgcGFzc3dvcmQsIHRoZQogICBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIHByb3RlY3Qg
YW55IGVuZHBvaW50IHV0aWxpemluZyBpdCBhZ2FpbnN0CiAgIGJydXRlIGZvcmNlIGF0dGFja3Mu
CgoyLjMuMi4gIE90aGVyIEF1dGhlbnRpY2F0aW9uIE1ldGhvZHMKCiAgIFRoZSBhdXRob3JpemF0
aW9uIHNlcnZlciBNQVkgc3VwcG9ydCBhbnkgc3VpdGFibGUgSFRUUCBhdXRoZW50aWNhdGlvbgog
ICBzY2hlbWUgbWF0Y2hpbmcgaXRzIHNlY3VyaXR5IHJlcXVpcmVtZW50cy4gIFdoZW4gdXNpbmcg
b3RoZXIKICAgYXV0aGVudGljYXRpb24gbWV0aG9kcywgdGhlIGF1dGhvcml6YXRpb24gc2VydmVy
IE1VU1QgZGVmaW5lIGEKICAgbWFwcGluZyBiZXR3ZWVuIHRoZSBjbGllbnQgaWRlbnRpZmllciAo
cmVnaXN0cmF0aW9uIHJlY29yZCkgYW5kCiAgIGF1dGhlbnRpY2F0aW9uIHNjaGVtZS4KCjIuNC4g
IFVucmVnaXN0ZXJlZCBDbGllbnRzCgogICBUaGlzIHNwZWNpZmljYXRpb24gZG9lcyBub3QgZXhj
bHVkZSB0aGUgdXNlIG9mIHVucmVnaXN0ZXJlZCBjbGllbnRzLgogICBIb3dldmVyLCB0aGUgdXNl
IHdpdGggc3VjaCBjbGllbnRzIGlzIGJleW9uZCB0aGUgc2NvcGUgb2YgdGhpcwogICBzcGVjaWZp
Y2F0aW9uLCBhbmQgcmVxdWlyZXMgYWRkaXRpb25hbCBzZWN1cml0eSBhbmFseXNpcyBhbmQgcmV2
aWV3CiAgIG9mIGl0cyBpbnRlcm9wZXJhYmlsaXR5IGltcGFjdC4KCgozLiAgUHJvdG9jb2wgRW5k
cG9pbnRzCgogICBUaGUgYXV0aG9yaXphdGlvbiBwcm9jZXNzIHV0aWxpemVzIHR3byBhdXRob3Jp
emF0aW9uIHNlcnZlciBlbmRwb2ludHMKICAgKEhUVFAgcmVzb3VyY2VzKToKCiAgIG8gIEF1dGhv
cml6YXRpb24gZW5kcG9pbnQgLSB1c2VkIGJ5IHRoZSBjbGllbnQgdG8gb2J0YWluCiAgICAgIGF1
dGhvcml6YXRpb24gZnJvbSB0aGUgcmVzb3VyY2Ugb3duZXIgdmlhIHVzZXItYWdlbnQgcmVkaXJl
Y3Rpb24uCiAgIG8gIFRva2VuIGVuZHBvaW50IC0gdXNlZCBieSB0aGUgY2xpZW50IHRvIGV4Y2hh
bmdlIGFuIGF1dGhvcml6YXRpb24KICAgICAgZ3JhbnQgZm9yIGFuIGFjY2VzcyB0b2tlbiwgdHlw
aWNhbGx5IHdpdGggY2xpZW50IGF1dGhlbnRpY2F0aW9uLgoKICAgQXMgd2VsbCBhcyBvbmUgY2xp
ZW50IGVuZHBvaW50OgoKICAgbyAgUmVkaXJlY3Rpb24gZW5kcG9pbnQgLSB1c2VkIGJ5IHRoZSBh
dXRob3JpemF0aW9uIHNlcnZlciB0byByZXR1cm4KICAgICAgYXV0aG9yaXphdGlvbiBjcmVkZW50
aWFscyByZXNwb25zZXMgdG8gdGhlIGNsaWVudCB2aWEgdGhlIHJlc291cmNlCiAgICAgIG93bmVy
IHVzZXItYWdlbnQuCgogICBOb3QgZXZlcnkgYXV0aG9yaXphdGlvbiBncmFudCB0eXBlIHV0aWxp
emVzIGJvdGggZW5kcG9pbnRzLgogICBFeHRlbnNpb24gZ3JhbnQgdHlwZXMgTUFZIGRlZmluZSBh
ZGRpdGlvbmFsIGVuZHBvaW50cyBhcyBuZWVkZWQuCgozLjEuICBBdXRob3JpemF0aW9uIEVuZHBv
aW50CgogICBUaGUgYXV0aG9yaXphdGlvbiBlbmRwb2ludCBpcyB1c2VkIHRvIGludGVyYWN0IHdp
dGggdGhlIHJlc291cmNlCiAgIG93bmVyIGFuZCBvYnRhaW4gYW4gYXV0aG9yaXphdGlvbiBncmFu
dC4gIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlcgogICBNVVNUIGZpcnN0IHZlcmlmeSB0aGUgaWRl
bnRpdHkgb2YgdGhlIHJlc291cmNlIG93bmVyLiAgVGhlIHdheSBpbgogICB3aGljaCB0aGUgYXV0
aG9yaXphdGlvbiBzZXJ2ZXIgYXV0aGVudGljYXRlcyB0aGUgcmVzb3VyY2Ugb3duZXIgKGUuZy4K
ICAgdXNlcm5hbWUgYW5kIHBhc3N3b3JkIGxvZ2luLCBzZXNzaW9uIGNvb2tpZXMpIGlzIGJleW9u
ZCB0aGUgc2NvcGUgb2YKCgoKSGFtbWVyLCBldCBhbC4gICAgICAgICAgRXhwaXJlcyBOb3ZlbWJl
ciAyNSwgMjAxMiAgICAgICAgICAgICAgW1BhZ2UgMTddCgwKSW50ZXJuZXQtRHJhZnQgICAgICAg
ICAgICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAgICAgICAgIE1heSAyMDEyCgoKICAg
dGhpcyBzcGVjaWZpY2F0aW9uLgoKICAgVGhlIG1lYW5zIHRocm91Z2ggd2hpY2ggdGhlIGNsaWVu
dCBvYnRhaW5zIHRoZSBsb2NhdGlvbiBvZiB0aGUKICAgYXV0aG9yaXphdGlvbiBlbmRwb2ludCBh
cmUgYmV5b25kIHRoZSBzY29wZSBvZiB0aGlzIHNwZWNpZmljYXRpb24sCiAgIGJ1dCB0aGUgbG9j
YXRpb24gaXMgdHlwaWNhbGx5IHByb3ZpZGVkIGluIHRoZSBzZXJ2aWNlIGRvY3VtZW50YXRpb24u
CgogICBUaGUgZW5kcG9pbnQgVVJJIE1BWSBpbmNsdWRlIGFuICJhcHBsaWNhdGlvbi94LXd3dy1m
b3JtLXVybGVuY29kZWQiCiAgIGZvcm1hdHRlZCAoW1czQy5SRUMtaHRtbDQwMS0xOTk5MTIyNF0p
IHF1ZXJ5IGNvbXBvbmVudCAoW1JGQzM5ODZdCiAgIHNlY3Rpb24gMy40KSwgd2hpY2ggTVVTVCBi
ZSByZXRhaW5lZCB3aGVuIGFkZGluZyBhZGRpdGlvbmFsIHF1ZXJ5CiAgIHBhcmFtZXRlcnMuICBU
aGUgZW5kcG9pbnQgVVJJIE1VU1QgTk9UIGluY2x1ZGUgYSBmcmFnbWVudCBjb21wb25lbnQuCgog
ICBTaW5jZSByZXF1ZXN0cyB0byB0aGUgYXV0aG9yaXphdGlvbiBlbmRwb2ludCByZXN1bHQgaW4g
dXNlcgogICBhdXRoZW50aWNhdGlvbiBhbmQgdGhlIHRyYW5zbWlzc2lvbiBvZiBjbGVhci10ZXh0
IGNyZWRlbnRpYWxzIChpbiB0aGUKICAgSFRUUCByZXNwb25zZSksIHRoZSBhdXRob3JpemF0aW9u
IHNlcnZlciBNVVNUIHJlcXVpcmUgdGhlIHVzZSBvZiBUTFMKICAgYXMgZGVzY3JpYmVkIGluIFNl
Y3Rpb24gMS42IHdoZW4gc2VuZGluZyByZXF1ZXN0cyB0byB0aGUKICAgYXV0aG9yaXphdGlvbiBl
bmRwb2ludC4KCiAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIHN1cHBvcnQgdGhlIHVz
ZSBvZiB0aGUgSFRUUCAiR0VUIgogICBtZXRob2QgW1JGQzI2MTZdIGZvciB0aGUgYXV0aG9yaXph
dGlvbiBlbmRwb2ludCwgYW5kIE1BWSBzdXBwb3J0IHRoZQogICB1c2Ugb2YgdGhlICJQT1NUIiBt
ZXRob2QgYXMgd2VsbC4KCiAgIFBhcmFtZXRlcnMgc2VudCB3aXRob3V0IGEgdmFsdWUgTVVTVCBi
ZSB0cmVhdGVkIGFzIGlmIHRoZXkgd2VyZQogICBvbWl0dGVkIGZyb20gdGhlIHJlcXVlc3QuICBU
aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBpZ25vcmUKICAgdW5yZWNvZ25pemVkIHJlcXVl
c3QgcGFyYW1ldGVycy4gIFJlcXVlc3QgYW5kIHJlc3BvbnNlIHBhcmFtZXRlcnMKICAgTVVTVCBO
T1QgYmUgaW5jbHVkZWQgbW9yZSB0aGFuIG9uY2UuCgozLjEuMS4gIFJlc3BvbnNlIFR5cGUKCiAg
IFRoZSBhdXRob3JpemF0aW9uIGVuZHBvaW50IGlzIHVzZWQgYnkgdGhlIGF1dGhvcml6YXRpb24g
Y29kZSBncmFudAogICB0eXBlIGFuZCBpbXBsaWNpdCBncmFudCB0eXBlIGZsb3dzLiAgVGhlIGNs
aWVudCBpbmZvcm1zIHRoZQogICBhdXRob3JpemF0aW9uIHNlcnZlciBvZiB0aGUgZGVzaXJlZCBn
cmFudCB0eXBlIHVzaW5nIHRoZSBmb2xsb3dpbmcKICAgcGFyYW1ldGVyOgoKICAgcmVzcG9uc2Vf
dHlwZQogICAgICAgICBSRVFVSVJFRC4gIFRoZSB2YWx1ZSBNVVNUIGJlIG9uZSBvZiAiY29kZSIg
Zm9yIHJlcXVlc3RpbmcgYW4KICAgICAgICAgYXV0aG9yaXphdGlvbiBjb2RlIGFzIGRlc2NyaWJl
ZCBieSBTZWN0aW9uIDQuMS4xLCAidG9rZW4iIGZvcgogICAgICAgICByZXF1ZXN0aW5nIGFuIGFj
Y2VzcyB0b2tlbiAoaW1wbGljaXQgZ3JhbnQpIGFzIGRlc2NyaWJlZCBieQogICAgICAgICBTZWN0
aW9uIDQuMi4xLCBvciBhIHJlZ2lzdGVyZWQgZXh0ZW5zaW9uIHZhbHVlIGFzIGRlc2NyaWJlZCBi
eQogICAgICAgICBTZWN0aW9uIDguNC4KCiAgIEV4dGVuc2lvbiByZXNwb25zZSB0eXBlcyBNQVkg
Y29udGFpbiBhIHNwYWNlLWRlbGltaXRlZCAoJXgyMCkgbGlzdCBvZgogICB2YWx1ZXMsIHdoZXJl
IHRoZSBvcmRlciBvZiB2YWx1ZXMgZG9lcyBub3QgbWF0dGVyIChlLmcuIHJlc3BvbnNlIHR5cGUK
ICAgImEgYiIgaXMgdGhlIHNhbWUgYXMgImIgYSIpLiAgVGhlIG1lYW5pbmcgb2Ygc3VjaCBjb21w
b3NpdGUgcmVzcG9uc2UKICAgdHlwZXMgaXMgZGVmaW5lZCBieSB0aGVpciByZXNwZWN0aXZlIHNw
ZWNpZmljYXRpb25zLgoKICAgSWYgYW4gYXV0aG9yaXphdGlvbiByZXF1ZXN0IGlzIG1pc3Npbmcg
dGhlICJyZXNwb25zZV90eXBlIiBwYXJhbWV0ZXIsCiAgIG9yIGlmIHRoZSByZXNwb25zZSB0eXBl
IGlzIG5vdCB1bmRlcnN0b29kLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIKICAgTVVTVCByZXR1
cm4gYW4gZXJyb3IgcmVzcG9uc2UgYXMgZGVzY3JpYmVkIGluIFNlY3Rpb24gNC4xLjIuMS4KCgoK
SGFtbWVyLCBldCBhbC4gICAgICAgICAgRXhwaXJlcyBOb3ZlbWJlciAyNSwgMjAxMiAgICAgICAg
ICAgICAgW1BhZ2UgMThdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBPQXV0aCAy
LjAgICAgICAgICAgICAgICAgICAgICAgIE1heSAyMDEyCgoKMy4xLjIuICBSZWRpcmVjdGlvbiBF
bmRwb2ludAoKICAgQWZ0ZXIgY29tcGxldGluZyBpdHMgaW50ZXJhY3Rpb24gd2l0aCB0aGUgcmVz
b3VyY2Ugb3duZXIsIHRoZQogICBhdXRob3JpemF0aW9uIHNlcnZlciBkaXJlY3RzIHRoZSByZXNv
dXJjZSBvd25lcidzIHVzZXItYWdlbnQgYmFjayB0bwogICB0aGUgY2xpZW50LiAgVGhlIGF1dGhv
cml6YXRpb24gc2VydmVyIHJlZGlyZWN0cyB0aGUgdXNlci1hZ2VudCB0byB0aGUKICAgY2xpZW50
J3MgcmVkaXJlY3Rpb24gZW5kcG9pbnQgcHJldmlvdXNseSBlc3RhYmxpc2hlZCB3aXRoIHRoZQog
ICBhdXRob3JpemF0aW9uIHNlcnZlciBkdXJpbmcgdGhlIGNsaWVudCByZWdpc3RyYXRpb24gcHJv
Y2VzcyBvciB3aGVuCiAgIG1ha2luZyB0aGUgYXV0aG9yaXphdGlvbiByZXF1ZXN0LgoKICAgVGhl
IHJlZGlyZWN0aW9uIGVuZHBvaW50IFVSSSBNVVNUIGJlIGFuIGFic29sdXRlIFVSSSBhcyBkZWZp
bmVkIGJ5CiAgIFtSRkMzOTg2XSBzZWN0aW9uIDQuMy4gIFRoZSBlbmRwb2ludCBVUkkgTUFZIGlu
Y2x1ZGUgYW4KICAgImFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZCIgZm9ybWF0dGVk
CiAgIChbVzNDLlJFQy1odG1sNDAxLTE5OTkxMjI0XSkgcXVlcnkgY29tcG9uZW50IChbUkZDMzk4
Nl0gc2VjdGlvbiAzLjQpLAogICB3aGljaCBNVVNUIGJlIHJldGFpbmVkIHdoZW4gYWRkaW5nIGFk
ZGl0aW9uYWwgcXVlcnkgcGFyYW1ldGVycy4gIFRoZQogICBlbmRwb2ludCBVUkkgTVVTVCBOT1Qg
aW5jbHVkZSBhIGZyYWdtZW50IGNvbXBvbmVudC4KCjMuMS4yLjEuICBFbmRwb2ludCBSZXF1ZXN0
IENvbmZpZGVudGlhbGl0eQoKICAgVGhlIHJlZGlyZWN0aW9uIGVuZHBvaW50IFNIT1VMRCByZXF1
aXJlIHRoZSB1c2Ugb2YgVExTIGFzIGRlc2NyaWJlZAogICBpbiBTZWN0aW9uIDEuNiB3aGVuIHRo
ZSByZXF1ZXN0ZWQgcmVzcG9uc2UgdHlwZSBpcyAiY29kZSIgb3IgInRva2VuIiwKICAgb3Igd2hl
biB0aGUgcmVkaXJlY3Rpb24gcmVxdWVzdCB3aWxsIHJlc3VsdCBpbiB0aGUgdHJhbnNtaXNzaW9u
IG9mCiAgIHNlbnNpdGl2ZSBjcmVkZW50aWFscyBvdmVyIGFuIG9wZW4gbmV0d29yay4gIFRoaXMg
c3BlY2lmaWNhdGlvbiBkb2VzCiAgIG5vdCBtYW5kYXRlIHRoZSB1c2Ugb2YgVExTIGJlY2F1c2Ug
YXQgdGhlIHRpbWUgb2YgdGhpcyB3cml0aW5nLAogICByZXF1aXJpbmcgY2xpZW50cyB0byBkZXBs
b3kgVExTIGlzIGEgc2lnbmlmaWNhbnQgaHVyZGxlIGZvciBtYW55CiAgIGNsaWVudCBkZXZlbG9w
ZXJzLiAgSWYgVExTIGlzIG5vdCBhdmFpbGFibGUsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcgog
ICBTSE9VTEQgd2FybiB0aGUgcmVzb3VyY2Ugb3duZXIgYWJvdXQgdGhlIGluc2VjdXJlIGVuZHBv
aW50IHByaW9yIHRvCiAgIHJlZGlyZWN0aW9uIChlLmcuIGRpc3BsYXkgYSBtZXNzYWdlIGR1cmlu
ZyB0aGUgYXV0aG9yaXphdGlvbgogICByZXF1ZXN0KS4KCiAgIExhY2sgb2YgdHJhbnNwb3J0LWxh
eWVyIHNlY3VyaXR5IGNhbiBoYXZlIGEgc2V2ZXJlIGltcGFjdCBvbiB0aGUKICAgc2VjdXJpdHkg
b2YgdGhlIGNsaWVudCBhbmQgdGhlIHByb3RlY3RlZCByZXNvdXJjZXMgaXQgaXMgYXV0aG9yaXpl
ZAogICB0byBhY2Nlc3MuICBUaGUgdXNlIG9mIHRyYW5zcG9ydC1sYXllciBzZWN1cml0eSBpcyBw
YXJ0aWN1bGFybHkKICAgY3JpdGljYWwgd2hlbiB0aGUgYXV0aG9yaXphdGlvbiBwcm9jZXNzIGlz
IHVzZWQgYXMgYSBmb3JtIG9mCiAgIGRlbGVnYXRlZCBlbmQtdXNlciBhdXRoZW50aWNhdGlvbiBi
eSB0aGUgY2xpZW50IChlLmcuIHRoaXJkLXBhcnR5CiAgIHNpZ24taW4gc2VydmljZSkuCgozLjEu
Mi4yLiAgUmVnaXN0cmF0aW9uIFJlcXVpcmVtZW50cwoKICAgVGhlIGF1dGhvcml6YXRpb24gc2Vy
dmVyIE1VU1QgcmVxdWlyZSB0aGUgZm9sbG93aW5nIGNsaWVudHMgdG8KICAgcmVnaXN0ZXIgdGhl
aXIgcmVkaXJlY3Rpb24gZW5kcG9pbnQ6CgogICBvICBQdWJsaWMgY2xpZW50cy4KICAgbyAgQ29u
ZmlkZW50aWFsIGNsaWVudHMgdXRpbGl6aW5nIHRoZSBpbXBsaWNpdCBncmFudCB0eXBlLgoKICAg
VGhlIGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCByZXF1aXJlIGFsbCBjbGllbnRzIHRvIHJl
Z2lzdGVyIHRoZWlyCiAgIHJlZGlyZWN0aW9uIGVuZHBvaW50IHByaW9yIHRvIHV0aWxpemluZyB0
aGUgYXV0aG9yaXphdGlvbiBlbmRwb2ludC4KCiAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBT
SE9VTEQgcmVxdWlyZSB0aGUgY2xpZW50IHRvIHByb3ZpZGUgdGhlCgoKCkhhbW1lciwgZXQgYWwu
ICAgICAgICAgIEV4cGlyZXMgTm92ZW1iZXIgMjUsIDIwMTIgICAgICAgICAgICAgIFtQYWdlIDE5
XQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAgICAgICAg
ICAgICAgICAgICBNYXkgMjAxMgoKCiAgIGNvbXBsZXRlIHJlZGlyZWN0aW9uIFVSSSAodGhlIGNs
aWVudCBNQVkgdXNlIHRoZSAic3RhdGUiIHJlcXVlc3QKICAgcGFyYW1ldGVyIHRvIGFjaGlldmUg
cGVyLXJlcXVlc3QgY3VzdG9taXphdGlvbikuICBJZiByZXF1aXJpbmcgdGhlCiAgIHJlZ2lzdHJh
dGlvbiBvZiB0aGUgY29tcGxldGUgcmVkaXJlY3Rpb24gVVJJIGlzIG5vdCBwb3NzaWJsZSwgdGhl
CiAgIGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCByZXF1aXJlIHRoZSByZWdpc3RyYXRpb24g
b2YgdGhlIFVSSQogICBzY2hlbWUsIGF1dGhvcml0eSwgYW5kIHBhdGggKGFsbG93aW5nIHRoZSBj
bGllbnQgdG8gZHluYW1pY2FsbHkgdmFyeQogICBvbmx5IHRoZSBxdWVyeSBjb21wb25lbnQgb2Yg
dGhlIHJlZGlyZWN0aW9uIFVSSSB3aGVuIHJlcXVlc3RpbmcKICAgYXV0aG9yaXphdGlvbikuCgog
ICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTUFZIGFsbG93IHRoZSBjbGllbnQgdG8gcmVnaXN0
ZXIgbXVsdGlwbGUKICAgcmVkaXJlY3Rpb24gZW5kcG9pbnRzLgoKICAgTGFjayBvZiBhIHJlZGly
ZWN0aW9uIFVSSSByZWdpc3RyYXRpb24gcmVxdWlyZW1lbnQgY2FuIGVuYWJsZSBhbgogICBhdHRh
Y2tlciB0byB1c2UgdGhlIGF1dGhvcml6YXRpb24gZW5kcG9pbnQgYXMgb3BlbiByZWRpcmVjdG9y
IGFzCiAgIGRlc2NyaWJlZCBpbiBTZWN0aW9uIDEwLjE1LgoKMy4xLjIuMy4gIER5bmFtaWMgQ29u
ZmlndXJhdGlvbgoKICAgSWYgbXVsdGlwbGUgcmVkaXJlY3Rpb24gVVJJcyBoYXZlIGJlZW4gcmVn
aXN0ZXJlZCwgaWYgb25seSBwYXJ0IG9mCiAgIHRoZSByZWRpcmVjdGlvbiBVUkkgaGFzIGJlZW4g
cmVnaXN0ZXJlZCwgb3IgaWYgbm8gcmVkaXJlY3Rpb24gVVJJIGhhcwogICBiZWVuIHJlZ2lzdGVy
ZWQsIHRoZSBjbGllbnQgTVVTVCBpbmNsdWRlIGEgcmVkaXJlY3Rpb24gVVJJIHdpdGggdGhlCiAg
IGF1dGhvcml6YXRpb24gcmVxdWVzdCB1c2luZyB0aGUgInJlZGlyZWN0X3VyaSIgcmVxdWVzdCBw
YXJhbWV0ZXIuCgogICBXaGVuIGEgcmVkaXJlY3Rpb24gVVJJIGlzIGluY2x1ZGVkIGluIGFuIGF1
dGhvcml6YXRpb24gcmVxdWVzdCwgdGhlCiAgIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgY29t
cGFyZSBhbmQgbWF0Y2ggdGhlIHZhbHVlIHJlY2VpdmVkCiAgIGFnYWluc3QgYXQgbGVhc3Qgb25l
IG9mIHRoZSByZWdpc3RlcmVkIHJlZGlyZWN0aW9uIFVSSXMgKG9yIFVSSQogICBjb21wb25lbnRz
KSBhcyBkZWZpbmVkIGluIFtSRkMzOTg2XSBzZWN0aW9uIDYsIGlmIGFueSByZWRpcmVjdGlvbgog
ICBVUklzIHdlcmUgcmVnaXN0ZXJlZC4gIElmIHRoZSBjbGllbnQgcmVnaXN0cmF0aW9uIGluY2x1
ZGVkIHRoZSBmdWxsCiAgIHJlZGlyZWN0aW9uIFVSSSwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVy
IE1VU1QgY29tcGFyZSB0aGUgdHdvIFVSSXMKICAgdXNpbmcgc2ltcGxlIHN0cmluZyBjb21wYXJp
c29uIGFzIGRlZmluZWQgaW4gW1JGQzM5ODZdIHNlY3Rpb24gNi4yLjEuCgozLjEuMi40LiAgSW52
YWxpZCBFbmRwb2ludAoKICAgSWYgYW4gYXV0aG9yaXphdGlvbiByZXF1ZXN0IGZhaWxzIHZhbGlk
YXRpb24gZHVlIHRvIGEgbWlzc2luZywKICAgaW52YWxpZCwgb3IgbWlzbWF0Y2hpbmcgcmVkaXJl
Y3Rpb24gVVJJLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIKICAgU0hPVUxEIGluZm9ybSB0aGUg
cmVzb3VyY2Ugb3duZXIgb2YgdGhlIGVycm9yLCBhbmQgTVVTVCBOT1QKICAgYXV0b21hdGljYWxs
eSByZWRpcmVjdCB0aGUgdXNlci1hZ2VudCB0byB0aGUgaW52YWxpZCByZWRpcmVjdGlvbiBVUkku
CgozLjEuMi41LiAgRW5kcG9pbnQgQ29udGVudAoKICAgVGhlIHJlZGlyZWN0aW9uIHJlcXVlc3Qg
dG8gdGhlIGNsaWVudCdzIGVuZHBvaW50IHR5cGljYWxseSByZXN1bHRzIGluCiAgIGFuIEhUTUwg
ZG9jdW1lbnQgcmVzcG9uc2UsIHByb2Nlc3NlZCBieSB0aGUgdXNlci1hZ2VudC4gIElmIHRoZSBI
VE1MCiAgIHJlc3BvbnNlIGlzIHNlcnZlZCBkaXJlY3RseSBhcyB0aGUgcmVzdWx0IG9mIHRoZSBy
ZWRpcmVjdGlvbiByZXF1ZXN0LAogICBhbnkgc2NyaXB0IGluY2x1ZGVkIGluIHRoZSBIVE1MIGRv
Y3VtZW50IHdpbGwgZXhlY3V0ZSB3aXRoIGZ1bGwKICAgYWNjZXNzIHRvIHRoZSByZWRpcmVjdGlv
biBVUkkgYW5kIHRoZSBjcmVkZW50aWFscyBpdCBjb250YWlucy4KCiAgIFRoZSBjbGllbnQgU0hP
VUxEIE5PVCBpbmNsdWRlIGFueSB0aGlyZC1wYXJ0eSBzY3JpcHRzIChlLmcuIHRoaXJkLQogICBw
YXJ0eSBhbmFseXRpY3MsIHNvY2lhbCBwbHVnLWlucywgYWQgbmV0d29ya3MpIGluIHRoZSByZWRp
cmVjdGlvbgogICBlbmRwb2ludCByZXNwb25zZS4gIEluc3RlYWQsIGl0IFNIT1VMRCBleHRyYWN0
IHRoZSBjcmVkZW50aWFscyBmcm9tCgoKCkhhbW1lciwgZXQgYWwuICAgICAgICAgIEV4cGlyZXMg
Tm92ZW1iZXIgMjUsIDIwMTIgICAgICAgICAgICAgIFtQYWdlIDIwXQoMCkludGVybmV0LURyYWZ0
ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAgICAgICAgICAgICAgICAgICBNYXkgMjAx
MgoKCiAgIHRoZSBVUkkgYW5kIHJlZGlyZWN0IHRoZSB1c2VyLWFnZW50IGFnYWluIHRvIGFub3Ro
ZXIgZW5kcG9pbnQgd2l0aG91dAogICBleHBvc2luZyB0aGUgY3JlZGVudGlhbHMgKGluIHRoZSBV
Ukkgb3IgZWxzZXdoZXJlKS4gIElmIHRoaXJkLXBhcnR5CiAgIHNjcmlwdHMgYXJlIGluY2x1ZGVk
LCB0aGUgY2xpZW50IE1VU1QgZW5zdXJlIHRoYXQgaXRzIG93biBzY3JpcHRzCiAgICh1c2VkIHRv
IGV4dHJhY3QgYW5kIHJlbW92ZSB0aGUgY3JlZGVudGlhbHMgZnJvbSB0aGUgVVJJKSB3aWxsCiAg
IGV4ZWN1dGUgZmlyc3QuCgozLjIuICBUb2tlbiBFbmRwb2ludAoKICAgVGhlIHRva2VuIGVuZHBv
aW50IGlzIHVzZWQgYnkgdGhlIGNsaWVudCB0byBvYnRhaW4gYW4gYWNjZXNzIHRva2VuIGJ5CiAg
IHByZXNlbnRpbmcgaXRzIGF1dGhvcml6YXRpb24gZ3JhbnQgb3IgcmVmcmVzaCB0b2tlbi4gIFRo
ZSB0b2tlbgogICBlbmRwb2ludCBpcyB1c2VkIHdpdGggZXZlcnkgYXV0aG9yaXphdGlvbiBncmFu
dCBleGNlcHQgZm9yIHRoZQogICBpbXBsaWNpdCBncmFudCB0eXBlIChzaW5jZSBhbiBhY2Nlc3Mg
dG9rZW4gaXMgaXNzdWVkIGRpcmVjdGx5KS4KCiAgIFRoZSBtZWFucyB0aHJvdWdoIHdoaWNoIHRo
ZSBjbGllbnQgb2J0YWlucyB0aGUgbG9jYXRpb24gb2YgdGhlIHRva2VuCiAgIGVuZHBvaW50IGFy
ZSBiZXlvbmQgdGhlIHNjb3BlIG9mIHRoaXMgc3BlY2lmaWNhdGlvbiBidXQgaXMgdHlwaWNhbGx5
CiAgIHByb3ZpZGVkIGluIHRoZSBzZXJ2aWNlIGRvY3VtZW50YXRpb24uCgogICBUaGUgZW5kcG9p
bnQgVVJJIE1BWSBpbmNsdWRlIGFuICJhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQi
CiAgIGZvcm1hdHRlZCAoW1czQy5SRUMtaHRtbDQwMS0xOTk5MTIyNF0pIHF1ZXJ5IGNvbXBvbmVu
dCAoW1JGQzM5ODZdCiAgIHNlY3Rpb24gMy40KSwgd2hpY2ggTVVTVCBiZSByZXRhaW5lZCB3aGVu
IGFkZGluZyBhZGRpdGlvbmFsIHF1ZXJ5CiAgIHBhcmFtZXRlcnMuICBUaGUgZW5kcG9pbnQgVVJJ
IE1VU1QgTk9UIGluY2x1ZGUgYSBmcmFnbWVudCBjb21wb25lbnQuCgogICBTaW5jZSByZXF1ZXN0
cyB0byB0aGUgdG9rZW4gZW5kcG9pbnQgcmVzdWx0IGluIHRoZSB0cmFuc21pc3Npb24gb2YKICAg
Y2xlYXItdGV4dCBjcmVkZW50aWFscyAoaW4gdGhlIEhUVFAgcmVxdWVzdCBhbmQgcmVzcG9uc2Up
LCB0aGUKICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCByZXF1aXJlIHRoZSB1c2Ugb2YgVExT
IGFzIGRlc2NyaWJlZCBpbgogICBTZWN0aW9uIDEuNiB3aGVuIHNlbmRpbmcgcmVxdWVzdHMgdG8g
dGhlIHRva2VuIGVuZHBvaW50LgoKICAgVGhlIGNsaWVudCBNVVNUIHVzZSB0aGUgSFRUUCAiUE9T
VCIgbWV0aG9kIHdoZW4gbWFraW5nIGFjY2VzcyB0b2tlbgogICByZXF1ZXN0cy4KCiAgIFBhcmFt
ZXRlcnMgc2VudCB3aXRob3V0IGEgdmFsdWUgTVVTVCBiZSB0cmVhdGVkIGFzIGlmIHRoZXkgd2Vy
ZQogICBvbWl0dGVkIGZyb20gdGhlIHJlcXVlc3QuICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIg
TVVTVCBpZ25vcmUKICAgdW5yZWNvZ25pemVkIHJlcXVlc3QgcGFyYW1ldGVycy4gIFJlcXVlc3Qg
YW5kIHJlc3BvbnNlIHBhcmFtZXRlcnMKICAgTVVTVCBOT1QgYmUgaW5jbHVkZWQgbW9yZSB0aGFu
IG9uY2UuCgozLjIuMS4gIENsaWVudCBBdXRoZW50aWNhdGlvbgoKICAgQ29uZmlkZW50aWFsIGNs
aWVudHMgb3Igb3RoZXIgY2xpZW50cyBpc3N1ZWQgY2xpZW50IGNyZWRlbnRpYWxzIE1VU1QKICAg
YXV0aGVudGljYXRlIHdpdGggdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGFzIGRlc2NyaWJlZCBp
bgogICBTZWN0aW9uIDIuMyB3aGVuIG1ha2luZyByZXF1ZXN0cyB0byB0aGUgdG9rZW4gZW5kcG9p
bnQuICBDbGllbnQKICAgYXV0aGVudGljYXRpb24gaXMgdXNlZCBmb3I6CgogICBvICBFbmZvcmNp
bmcgdGhlIGJpbmRpbmcgb2YgcmVmcmVzaCB0b2tlbnMgYW5kIGF1dGhvcml6YXRpb24gY29kZXMg
dG8KICAgICAgdGhlIGNsaWVudCB0aGV5IHdlcmUgaXNzdWVkIHRvLiAgQ2xpZW50IGF1dGhlbnRp
Y2F0aW9uIGlzIGNyaXRpY2FsCiAgICAgIHdoZW4gYW4gYXV0aG9yaXphdGlvbiBjb2RlIGlzIHRy
YW5zbWl0dGVkIHRvIHRoZSByZWRpcmVjdGlvbgogICAgICBlbmRwb2ludCBvdmVyIGFuIGluc2Vj
dXJlIGNoYW5uZWwsIG9yIHdoZW4gdGhlIHJlZGlyZWN0aW9uIFVSSSBoYXMKICAgICAgbm90IGJl
ZW4gcmVnaXN0ZXJlZCBpbiBmdWxsLgoKCgoKSGFtbWVyLCBldCBhbC4gICAgICAgICAgRXhwaXJl
cyBOb3ZlbWJlciAyNSwgMjAxMiAgICAgICAgICAgICAgW1BhZ2UgMjFdCgwKSW50ZXJuZXQtRHJh
ZnQgICAgICAgICAgICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAgICAgICAgIE1heSAy
MDEyCgoKICAgbyAgUmVjb3ZlcmluZyBmcm9tIGEgY29tcHJvbWlzZWQgY2xpZW50IGJ5IGRpc2Fi
bGluZyB0aGUgY2xpZW50IG9yCiAgICAgIGNoYW5naW5nIGl0cyBjcmVkZW50aWFscywgdGh1cyBw
cmV2ZW50aW5nIGFuIGF0dGFja2VyIGZyb20gYWJ1c2luZwogICAgICBzdG9sZW4gcmVmcmVzaCB0
b2tlbnMuICBDaGFuZ2luZyBhIHNpbmdsZSBzZXQgb2YgY2xpZW50CiAgICAgIGNyZWRlbnRpYWxz
IGlzIHNpZ25pZmljYW50bHkgZmFzdGVyIHRoYW4gcmV2b2tpbmcgYW4gZW50aXJlIHNldCBvZgog
ICAgICByZWZyZXNoIHRva2Vucy4KICAgbyAgSW1wbGVtZW50aW5nIGF1dGhlbnRpY2F0aW9uIG1h
bmFnZW1lbnQgYmVzdCBwcmFjdGljZXMgd2hpY2gKICAgICAgcmVxdWlyZSBwZXJpb2RpYyBjcmVk
ZW50aWFsIHJvdGF0aW9uLiAgUm90YXRpb24gb2YgYW4gZW50aXJlIHNldAogICAgICBvZiByZWZy
ZXNoIHRva2VucyBjYW4gYmUgY2hhbGxlbmdpbmcsIHdoaWxlIHJvdGF0aW9uIG9mIGEgc2luZ2xl
CiAgICAgIHNldCBvZiBjbGllbnQgY3JlZGVudGlhbHMgaXMgc2lnbmlmaWNhbnRseSBlYXNpZXIu
CgogICBBIHB1YmxpYyBjbGllbnQgdGhhdCB3YXMgbm90IGlzc3VlZCBhIGNsaWVudCBwYXNzd29y
ZCBNQVkgdXNlIHRoZQogICAiY2xpZW50X2lkIiByZXF1ZXN0IHBhcmFtZXRlciB0byBpZGVudGlm
eSBpdHNlbGYgd2hlbiBzZW5kaW5nCiAgIHJlcXVlc3RzIHRvIHRoZSB0b2tlbiBlbmRwb2ludCAo
ZS5nLiBmb3IgdGhlIHB1cnBvc2Ugb2YgcHJvdmlkaW5nCiAgIGVuZC11c2VyIGNvbnRleHQsIGNs
aWVudCB1c2FnZSBzdGF0aXN0aWNzKS4KCjMuMy4gIEFjY2VzcyBUb2tlbiBTY29wZQoKICAgVGhl
IGF1dGhvcml6YXRpb24gYW5kIHRva2VuIGVuZHBvaW50cyBhbGxvdyB0aGUgY2xpZW50IHRvIHNw
ZWNpZnkgdGhlCiAgIHNjb3BlIG9mIHRoZSBhY2Nlc3MgcmVxdWVzdCB1c2luZyB0aGUgInNjb3Bl
IiByZXF1ZXN0IHBhcmFtZXRlci4gIEluCiAgIHR1cm4sIHRoZSBhdXRob3JpemF0aW9uIHNlcnZl
ciB1c2VzIHRoZSAic2NvcGUiIHJlc3BvbnNlIHBhcmFtZXRlciB0bwogICBpbmZvcm0gdGhlIGNs
aWVudCBvZiB0aGUgc2NvcGUgb2YgdGhlIGFjY2VzcyB0b2tlbiBpc3N1ZWQuCgogICBUaGUgdmFs
dWUgb2YgdGhlIHNjb3BlIHBhcmFtZXRlciBpcyBleHByZXNzZWQgYXMgYSBsaXN0IG9mIHNwYWNl
LQogICBkZWxpbWl0ZWQsIGNhc2Ugc2Vuc2l0aXZlIHN0cmluZ3MuICBUaGUgc3RyaW5ncyBhcmUg
ZGVmaW5lZCBieSB0aGUKICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuICBJZiB0aGUgdmFsdWUgY29u
dGFpbnMgbXVsdGlwbGUgc3BhY2UtZGVsaW1pdGVkCiAgIHN0cmluZ3MsIHRoZWlyIG9yZGVyIGRv
ZXMgbm90IG1hdHRlciwgYW5kIGVhY2ggc3RyaW5nIGFkZHMgYW4KICAgYWRkaXRpb25hbCBhY2Nl
c3MgcmFuZ2UgdG8gdGhlIHJlcXVlc3RlZCBzY29wZS4KCgogICAgIHNjb3BlICAgICAgID0gc2Nv
cGUtdG9rZW4gKiggU1Agc2NvcGUtdG9rZW4gKQogICAgIHNjb3BlLXRva2VuID0gMSooICV4MjEg
LyAleDIzLTVCIC8gJXg1RC03RSApCgoKICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1BWSBm
dWxseSBvciBwYXJ0aWFsbHkgaWdub3JlIHRoZSBzY29wZQogICByZXF1ZXN0ZWQgYnkgdGhlIGNs
aWVudCBiYXNlZCBvbiB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgcG9saWN5IG9yCiAgIHRoZSBy
ZXNvdXJjZSBvd25lcidzIGluc3RydWN0aW9ucy4gIElmIHRoZSBpc3N1ZWQgYWNjZXNzIHRva2Vu
IHNjb3BlCiAgIGlzIGRpZmZlcmVudCBmcm9tIHRoZSBvbmUgcmVxdWVzdGVkIGJ5IHRoZSBjbGll
bnQsIHRoZSBhdXRob3JpemF0aW9uCiAgIHNlcnZlciBNVVNUIGluY2x1ZGUgdGhlICJzY29wZSIg
cmVzcG9uc2UgcGFyYW1ldGVyIHRvIGluZm9ybSB0aGUKICAgY2xpZW50IG9mIHRoZSBhY3R1YWwg
c2NvcGUgZ3JhbnRlZC4KCiAgIElmIHRoZSBjbGllbnQgb21pdHMgdGhlIHNjb3BlIHBhcmFtZXRl
ciB3aGVuIHJlcXVlc3RpbmcKICAgYXV0aG9yaXphdGlvbiwgdGhlIGF1dGhvcml6YXRpb24gc2Vy
dmVyIE1VU1QgZWl0aGVyIHByb2Nlc3MgdGhlCiAgIHJlcXVlc3QgdXNpbmcgYSBwcmUtZGVmaW5l
ZCBkZWZhdWx0IHZhbHVlLCBvciBmYWlsIHRoZSByZXF1ZXN0CiAgIGluZGljYXRpbmcgYW4gaW52
YWxpZCBzY29wZS4gIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBTSE9VTEQKICAgZG9jdW1lbnQg
aXRzIHNjb3BlIHJlcXVpcmVtZW50cyBhbmQgZGVmYXVsdCB2YWx1ZSAoaWYgZGVmaW5lZCkuCgoK
CgoKCkhhbW1lciwgZXQgYWwuICAgICAgICAgIEV4cGlyZXMgTm92ZW1iZXIgMjUsIDIwMTIgICAg
ICAgICAgICAgIFtQYWdlIDIyXQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1
dGggMi4wICAgICAgICAgICAgICAgICAgICAgICBNYXkgMjAxMgoKCjQuICBPYnRhaW5pbmcgQXV0
aG9yaXphdGlvbgoKICAgVG8gcmVxdWVzdCBhbiBhY2Nlc3MgdG9rZW4sIHRoZSBjbGllbnQgb2J0
YWlucyBhdXRob3JpemF0aW9uIGZyb20gdGhlCiAgIHJlc291cmNlIG93bmVyLiAgVGhlIGF1dGhv
cml6YXRpb24gaXMgZXhwcmVzc2VkIGluIHRoZSBmb3JtIG9mIGFuCiAgIGF1dGhvcml6YXRpb24g
Z3JhbnQgd2hpY2ggdGhlIGNsaWVudCB1c2VzIHRvIHJlcXVlc3QgdGhlIGFjY2VzcwogICB0b2tl
bi4gIE9BdXRoIGRlZmluZXMgZm91ciBncmFudCB0eXBlczogYXV0aG9yaXphdGlvbiBjb2RlLCBp
bXBsaWNpdCwKICAgcmVzb3VyY2Ugb3duZXIgcGFzc3dvcmQgY3JlZGVudGlhbHMsIGFuZCBjbGll
bnQgY3JlZGVudGlhbHMuICBJdCBhbHNvCiAgIHByb3ZpZGVzIGFuIGV4dGVuc2lvbiBtZWNoYW5p
c20gZm9yIGRlZmluaW5nIGFkZGl0aW9uYWwgZ3JhbnQgdHlwZXMuCgo0LjEuICBBdXRob3JpemF0
aW9uIENvZGUgR3JhbnQKCiAgIFRoZSBhdXRob3JpemF0aW9uIGNvZGUgZ3JhbnQgdHlwZSBpcyB1
c2VkIHRvIG9idGFpbiBib3RoIGFjY2VzcwogICB0b2tlbnMgYW5kIHJlZnJlc2ggdG9rZW5zIGFu
ZCBpcyBvcHRpbWl6ZWQgZm9yIGNvbmZpZGVudGlhbCBjbGllbnRzLgogICBBcyBhIHJlZGlyZWN0
aW9uLWJhc2VkIGZsb3csIHRoZSBjbGllbnQgbXVzdCBiZSBjYXBhYmxlIG9mCiAgIGludGVyYWN0
aW5nIHdpdGggdGhlIHJlc291cmNlIG93bmVyJ3MgdXNlci1hZ2VudCAodHlwaWNhbGx5IGEgd2Vi
CiAgIGJyb3dzZXIpIGFuZCBjYXBhYmxlIG9mIHJlY2VpdmluZyBpbmNvbWluZyByZXF1ZXN0cyAo
dmlhIHJlZGlyZWN0aW9uKQogICBmcm9tIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4KCgogICAg
ICstLS0tLS0tLS0tKwogICAgIHwgcmVzb3VyY2UgfAogICAgIHwgICBvd25lciAgfAogICAgIHwg
ICAgICAgICAgfAogICAgICstLS0tLS0tLS0tKwogICAgICAgICAgXgogICAgICAgICAgfAogICAg
ICAgICAoQikKICAgICArLS0tLXwtLS0tLSsgICAgICAgICAgQ2xpZW50IElkZW50aWZpZXIgICAg
ICArLS0tLS0tLS0tLS0tLS0tKwogICAgIHwgICAgICAgICAtKy0tLS0oQSktLSAmIFJlZGlyZWN0
aW9uIFVSSSAtLS0tPnwgICAgICAgICAgICAgICB8CiAgICAgfCAgVXNlci0gICB8ICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgfCBBdXRob3JpemF0aW9uIHwKICAgICB8ICBBZ2VudCAg
LSstLS0tKEIpLS0gVXNlciBhdXRoZW50aWNhdGVzIC0tLT58ICAgICBTZXJ2ZXIgICAgfAogICAg
IHwgICAgICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgICAgICAg
ICAgICB8CiAgICAgfCAgICAgICAgIC0rLS0tLShDKS0tIEF1dGhvcml6YXRpb24gQ29kZSAtLS08
fCAgICAgICAgICAgICAgIHwKICAgICArLXwtLS0tfC0tLSsgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tKwogICAgICAgfCAgICB8ICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICBeICAgICAgdgogICAgICAoQSkgIChDKSAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8ICAgICAgfAogICAgICAgfCAgICB8ICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8ICAgICAgfAogICAgICAgXiAg
ICB2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8ICAgICAgfAogICAg
ICstLS0tLS0tLS0rICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8ICAgICAg
fAogICAgIHwgICAgICAgICB8Pi0tLShEKS0tIEF1dGhvcml6YXRpb24gQ29kZSAtLS0tLS0tLS0n
ICAgICAgfAogICAgIHwgIENsaWVudCB8ICAgICAgICAgICYgUmVkaXJlY3Rpb24gVVJJICAgICAg
ICAgICAgICAgICAgfAogICAgIHwgICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgfAogICAgIHwgICAgICAgICB8PC0tLShFKS0tLS0tIEFjY2VzcyBU
b2tlbiAtLS0tLS0tLS0tLS0tLS0tLS0tJwogICAgICstLS0tLS0tLS0rICAgICAgICh3LyBPcHRp
b25hbCBSZWZyZXNoIFRva2VuKQoKCiAgIE5vdGU6IFRoZSBsaW5lcyBpbGx1c3RyYXRpbmcgc3Rl
cHMgQSwgQiwgYW5kIEMgYXJlIGJyb2tlbiBpbnRvIHR3bwogICBwYXJ0cyBhcyB0aGV5IHBhc3Mg
dGhyb3VnaCB0aGUgdXNlci1hZ2VudC4KCgoKSGFtbWVyLCBldCBhbC4gICAgICAgICAgRXhwaXJl
cyBOb3ZlbWJlciAyNSwgMjAxMiAgICAgICAgICAgICAgW1BhZ2UgMjNdCgwKSW50ZXJuZXQtRHJh
ZnQgICAgICAgICAgICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAgICAgICAgIE1heSAy
MDEyCgoKICAgICAgICAgICAgICAgICAgICAgRmlndXJlIDM6IEF1dGhvcml6YXRpb24gQ29kZSBG
bG93CgogICBUaGUgZmxvdyBpbGx1c3RyYXRlZCBpbiBGaWd1cmUgMyBpbmNsdWRlcyB0aGUgZm9s
bG93aW5nIHN0ZXBzOgoKICAgKEEpICBUaGUgY2xpZW50IGluaXRpYXRlcyB0aGUgZmxvdyBieSBk
aXJlY3RpbmcgdGhlIHJlc291cmNlIG93bmVyJ3MKICAgICAgICB1c2VyLWFnZW50IHRvIHRoZSBh
dXRob3JpemF0aW9uIGVuZHBvaW50LiAgVGhlIGNsaWVudCBpbmNsdWRlcwogICAgICAgIGl0cyBj
bGllbnQgaWRlbnRpZmllciwgcmVxdWVzdGVkIHNjb3BlLCBsb2NhbCBzdGF0ZSwgYW5kIGEKICAg
ICAgICByZWRpcmVjdGlvbiBVUkkgdG8gd2hpY2ggdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHdp
bGwgc2VuZCB0aGUKICAgICAgICB1c2VyLWFnZW50IGJhY2sgb25jZSBhY2Nlc3MgaXMgZ3JhbnRl
ZCAob3IgZGVuaWVkKS4KICAgKEIpICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXV0aGVudGlj
YXRlcyB0aGUgcmVzb3VyY2Ugb3duZXIgKHZpYQogICAgICAgIHRoZSB1c2VyLWFnZW50KSBhbmQg
ZXN0YWJsaXNoZXMgd2hldGhlciB0aGUgcmVzb3VyY2Ugb3duZXIKICAgICAgICBncmFudHMgb3Ig
ZGVuaWVzIHRoZSBjbGllbnQncyBhY2Nlc3MgcmVxdWVzdC4KICAgKEMpICBBc3N1bWluZyB0aGUg
cmVzb3VyY2Ugb3duZXIgZ3JhbnRzIGFjY2VzcywgdGhlIGF1dGhvcml6YXRpb24KICAgICAgICBz
ZXJ2ZXIgcmVkaXJlY3RzIHRoZSB1c2VyLWFnZW50IGJhY2sgdG8gdGhlIGNsaWVudCB1c2luZyB0
aGUKICAgICAgICByZWRpcmVjdGlvbiBVUkkgcHJvdmlkZWQgZWFybGllciAoaW4gdGhlIHJlcXVl
c3Qgb3IgZHVyaW5nCiAgICAgICAgY2xpZW50IHJlZ2lzdHJhdGlvbikuICBUaGUgcmVkaXJlY3Rp
b24gVVJJIGluY2x1ZGVzIGFuCiAgICAgICAgYXV0aG9yaXphdGlvbiBjb2RlIGFuZCBhbnkgbG9j
YWwgc3RhdGUgcHJvdmlkZWQgYnkgdGhlIGNsaWVudAogICAgICAgIGVhcmxpZXIuCiAgIChEKSAg
VGhlIGNsaWVudCByZXF1ZXN0cyBhbiBhY2Nlc3MgdG9rZW4gZnJvbSB0aGUgYXV0aG9yaXphdGlv
bgogICAgICAgIHNlcnZlcidzIHRva2VuIGVuZHBvaW50IGJ5IGluY2x1ZGluZyB0aGUgYXV0aG9y
aXphdGlvbiBjb2RlCiAgICAgICAgcmVjZWl2ZWQgaW4gdGhlIHByZXZpb3VzIHN0ZXAuICBXaGVu
IG1ha2luZyB0aGUgcmVxdWVzdCwgdGhlCiAgICAgICAgY2xpZW50IGF1dGhlbnRpY2F0ZXMgd2l0
aCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuICBUaGUgY2xpZW50CiAgICAgICAgaW5jbHVkZXMg
dGhlIHJlZGlyZWN0aW9uIFVSSSB1c2VkIHRvIG9idGFpbiB0aGUgYXV0aG9yaXphdGlvbgogICAg
ICAgIGNvZGUgZm9yIHZlcmlmaWNhdGlvbi4KICAgKEUpICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2
ZXIgYXV0aGVudGljYXRlcyB0aGUgY2xpZW50LCB2YWxpZGF0ZXMgdGhlCiAgICAgICAgYXV0aG9y
aXphdGlvbiBjb2RlLCBhbmQgZW5zdXJlcyB0aGUgcmVkaXJlY3Rpb24gVVJJIHJlY2VpdmVkCiAg
ICAgICAgbWF0Y2hlcyB0aGUgVVJJIHVzZWQgdG8gcmVkaXJlY3QgdGhlIGNsaWVudCBpbiBzdGVw
IChDKS4gIElmCiAgICAgICAgdmFsaWQsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciByZXNwb25k
cyBiYWNrIHdpdGggYW4gYWNjZXNzCiAgICAgICAgdG9rZW4gYW5kIG9wdGlvbmFsbHksIGEgcmVm
cmVzaCB0b2tlbi4KCjQuMS4xLiAgQXV0aG9yaXphdGlvbiBSZXF1ZXN0CgogICBUaGUgY2xpZW50
IGNvbnN0cnVjdHMgdGhlIHJlcXVlc3QgVVJJIGJ5IGFkZGluZyB0aGUgZm9sbG93aW5nCiAgIHBh
cmFtZXRlcnMgdG8gdGhlIHF1ZXJ5IGNvbXBvbmVudCBvZiB0aGUgYXV0aG9yaXphdGlvbiBlbmRw
b2ludCBVUkkKICAgdXNpbmcgdGhlICJhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQi
IGZvcm1hdCBhcyBkZWZpbmVkIGJ5CiAgIFtXM0MuUkVDLWh0bWw0MDEtMTk5OTEyMjRdOgoKICAg
cmVzcG9uc2VfdHlwZQogICAgICAgICBSRVFVSVJFRC4gIFZhbHVlIE1VU1QgYmUgc2V0IHRvICJj
b2RlIi4KICAgY2xpZW50X2lkCiAgICAgICAgIFJFUVVJUkVELiAgVGhlIGNsaWVudCBpZGVudGlm
aWVyIGFzIGRlc2NyaWJlZCBpbiBTZWN0aW9uIDIuMi4KICAgcmVkaXJlY3RfdXJpCiAgICAgICAg
IE9QVElPTkFMLiAgQXMgZGVzY3JpYmVkIGluIFNlY3Rpb24gMy4xLjIuCiAgIHNjb3BlCiAgICAg
ICAgIE9QVElPTkFMLiAgVGhlIHNjb3BlIG9mIHRoZSBhY2Nlc3MgcmVxdWVzdCBhcyBkZXNjcmli
ZWQgYnkKICAgICAgICAgU2VjdGlvbiAzLjMuCgoKCgoKSGFtbWVyLCBldCBhbC4gICAgICAgICAg
RXhwaXJlcyBOb3ZlbWJlciAyNSwgMjAxMiAgICAgICAgICAgICAgW1BhZ2UgMjRdCgwKSW50ZXJu
ZXQtRHJhZnQgICAgICAgICAgICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAgICAgICAg
IE1heSAyMDEyCgoKICAgc3RhdGUKICAgICAgICAgUkVDT01NRU5ERUQuICBBbiBvcGFxdWUgdmFs
dWUgdXNlZCBieSB0aGUgY2xpZW50IHRvIG1haW50YWluCiAgICAgICAgIHN0YXRlIGJldHdlZW4g
dGhlIHJlcXVlc3QgYW5kIGNhbGxiYWNrLiAgVGhlIGF1dGhvcml6YXRpb24KICAgICAgICAgc2Vy
dmVyIGluY2x1ZGVzIHRoaXMgdmFsdWUgd2hlbiByZWRpcmVjdGluZyB0aGUgdXNlci1hZ2VudCBi
YWNrCiAgICAgICAgIHRvIHRoZSBjbGllbnQuICBUaGUgcGFyYW1ldGVyIFNIT1VMRCBiZSB1c2Vk
IGZvciBwcmV2ZW50aW5nCiAgICAgICAgIGNyb3NzLXNpdGUgcmVxdWVzdCBmb3JnZXJ5IGFzIGRl
c2NyaWJlZCBpbiBTZWN0aW9uIDEwLjEyLgoKICAgVGhlIGNsaWVudCBkaXJlY3RzIHRoZSByZXNv
dXJjZSBvd25lciB0byB0aGUgY29uc3RydWN0ZWQgVVJJIHVzaW5nIGFuCiAgIEhUVFAgcmVkaXJl
Y3Rpb24gcmVzcG9uc2UsIG9yIGJ5IG90aGVyIG1lYW5zIGF2YWlsYWJsZSB0byBpdCB2aWEgdGhl
CiAgIHVzZXItYWdlbnQuCgogICBGb3IgZXhhbXBsZSwgdGhlIGNsaWVudCBkaXJlY3RzIHRoZSB1
c2VyLWFnZW50IHRvIG1ha2UgdGhlIGZvbGxvd2luZwogICBIVFRQIHJlcXVlc3QgdXNpbmcgVExT
IChleHRyYSBsaW5lIGJyZWFrcyBhcmUgZm9yIGRpc3BsYXkgcHVycG9zZXMKICAgb25seSk6CgoK
ICAgIEdFVCAvYXV0aG9yaXplP3Jlc3BvbnNlX3R5cGU9Y29kZSZjbGllbnRfaWQ9czZCaGRSa3F0
MyZzdGF0ZT14eXoKICAgICAgICAmcmVkaXJlY3RfdXJpPWh0dHBzJTNBJTJGJTJGY2xpZW50JTJF
ZXhhbXBsZSUyRWNvbSUyRmNiIEhUVFAvMS4xCiAgICBIb3N0OiBzZXJ2ZXIuZXhhbXBsZS5jb20K
CgogICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgdmFsaWRhdGVzIHRoZSByZXF1ZXN0IHRvIGVu
c3VyZSBhbGwgcmVxdWlyZWQKICAgcGFyYW1ldGVycyBhcmUgcHJlc2VudCBhbmQgdmFsaWQuICBJ
ZiB0aGUgcmVxdWVzdCBpcyB2YWxpZCwgdGhlCiAgIGF1dGhvcml6YXRpb24gc2VydmVyIGF1dGhl
bnRpY2F0ZXMgdGhlIHJlc291cmNlIG93bmVyIGFuZCBvYnRhaW5zIGFuCiAgIGF1dGhvcml6YXRp
b24gZGVjaXNpb24gKGJ5IGFza2luZyB0aGUgcmVzb3VyY2Ugb3duZXIgb3IgYnkKICAgZXN0YWJs
aXNoaW5nIGFwcHJvdmFsIHZpYSBvdGhlciBtZWFucykuCgogICBXaGVuIGEgZGVjaXNpb24gaXMg
ZXN0YWJsaXNoZWQsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBkaXJlY3RzIHRoZQogICB1c2Vy
LWFnZW50IHRvIHRoZSBwcm92aWRlZCBjbGllbnQgcmVkaXJlY3Rpb24gVVJJIHVzaW5nIGFuIEhU
VFAKICAgcmVkaXJlY3Rpb24gcmVzcG9uc2UsIG9yIGJ5IG90aGVyIG1lYW5zIGF2YWlsYWJsZSB0
byBpdCB2aWEgdGhlIHVzZXItCiAgIGFnZW50LgoKNC4xLjIuICBBdXRob3JpemF0aW9uIFJlc3Bv
bnNlCgogICBJZiB0aGUgcmVzb3VyY2Ugb3duZXIgZ3JhbnRzIHRoZSBhY2Nlc3MgcmVxdWVzdCwg
dGhlIGF1dGhvcml6YXRpb24KICAgc2VydmVyIGlzc3VlcyBhbiBhdXRob3JpemF0aW9uIGNvZGUg
YW5kIGRlbGl2ZXJzIGl0IHRvIHRoZSBjbGllbnQgYnkKICAgYWRkaW5nIHRoZSBmb2xsb3dpbmcg
cGFyYW1ldGVycyB0byB0aGUgcXVlcnkgY29tcG9uZW50IG9mIHRoZQogICByZWRpcmVjdGlvbiBV
UkkgdXNpbmcgdGhlICJhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQiIGZvcm1hdDoK
CiAgIGNvZGUKICAgICAgICAgUkVRVUlSRUQuICBUaGUgYXV0aG9yaXphdGlvbiBjb2RlIGdlbmVy
YXRlZCBieSB0aGUKICAgICAgICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuICBUaGUgYXV0aG9yaXph
dGlvbiBjb2RlIE1VU1QgZXhwaXJlCiAgICAgICAgIHNob3J0bHkgYWZ0ZXIgaXQgaXMgaXNzdWVk
IHRvIG1pdGlnYXRlIHRoZSByaXNrIG9mIGxlYWtzLiAgQQogICAgICAgICBtYXhpbXVtIGF1dGhv
cml6YXRpb24gY29kZSBsaWZldGltZSBvZiAxMCBtaW51dGVzIGlzCiAgICAgICAgIFJFQ09NTUVO
REVELiAgVGhlIGNsaWVudCBNVVNUIE5PVCB1c2UgdGhlIGF1dGhvcml6YXRpb24gY29kZQogICAg
ICAgICBtb3JlIHRoYW4gb25jZS4gIElmIGFuIGF1dGhvcml6YXRpb24gY29kZSBpcyB1c2VkIG1v
cmUgdGhhbgogICAgICAgICBvbmNlLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBkZW55
IHRoZSByZXF1ZXN0IGFuZCBTSE9VTEQKICAgICAgICAgcmV2b2tlICh3aGVuIHBvc3NpYmxlKSBh
bGwgdG9rZW5zIHByZXZpb3VzbHkgaXNzdWVkIGJhc2VkIG9uCgoKCkhhbW1lciwgZXQgYWwuICAg
ICAgICAgIEV4cGlyZXMgTm92ZW1iZXIgMjUsIDIwMTIgICAgICAgICAgICAgIFtQYWdlIDI1XQoM
CkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAgICAgICAgICAg
ICAgICAgICBNYXkgMjAxMgoKCiAgICAgICAgIHRoYXQgYXV0aG9yaXphdGlvbiBjb2RlLiAgVGhl
IGF1dGhvcml6YXRpb24gY29kZSBpcyBib3VuZCB0bwogICAgICAgICB0aGUgY2xpZW50IGlkZW50
aWZpZXIgYW5kIHJlZGlyZWN0aW9uIFVSSS4KICAgc3RhdGUKICAgICAgICAgUkVRVUlSRUQgaWYg
dGhlICJzdGF0ZSIgcGFyYW1ldGVyIHdhcyBwcmVzZW50IGluIHRoZSBjbGllbnQKICAgICAgICAg
YXV0aG9yaXphdGlvbiByZXF1ZXN0LiAgVGhlIGV4YWN0IHZhbHVlIHJlY2VpdmVkIGZyb20gdGhl
CiAgICAgICAgIGNsaWVudC4KCiAgIEZvciBleGFtcGxlLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2
ZXIgcmVkaXJlY3RzIHRoZSB1c2VyLWFnZW50IGJ5CiAgIHNlbmRpbmcgdGhlIGZvbGxvd2luZyBI
VFRQIHJlc3BvbnNlOgoKCiAgICAgSFRUUC8xLjEgMzAyIEZvdW5kCiAgICAgTG9jYXRpb246IGh0
dHBzOi8vY2xpZW50LmV4YW1wbGUuY29tL2NiP2NvZGU9U3BseGxPQmVaUVFZYllTNld4U2JJQQog
ICAgICAgICAgICAgICAmc3RhdGU9eHl6CgoKICAgVGhlIGNsaWVudCBNVVNUIGlnbm9yZSB1bnJl
Y29nbml6ZWQgcmVzcG9uc2UgcGFyYW1ldGVycy4gIFRoZQogICBhdXRob3JpemF0aW9uIGNvZGUg
c3RyaW5nIHNpemUgaXMgbGVmdCB1bmRlZmluZWQgYnkgdGhpcwogICBzcGVjaWZpY2F0aW9uLiAg
VGhlIGNsaWVudCBzaG91bGQgYXZvaWQgbWFraW5nIGFzc3VtcHRpb25zIGFib3V0IGNvZGUKICAg
dmFsdWUgc2l6ZXMuICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgU0hPVUxEIGRvY3VtZW50IHRo
ZSBzaXplIG9mCiAgIGFueSB2YWx1ZSBpdCBpc3N1ZXMuCgo0LjEuMi4xLiAgRXJyb3IgUmVzcG9u
c2UKCiAgIElmIHRoZSByZXF1ZXN0IGZhaWxzIGR1ZSB0byBhIG1pc3NpbmcsIGludmFsaWQsIG9y
IG1pc21hdGNoaW5nCiAgIHJlZGlyZWN0aW9uIFVSSSwgb3IgaWYgdGhlIGNsaWVudCBpZGVudGlm
aWVyIGlzIG1pc3Npbmcgb3IgaW52YWxpZCwKICAgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIFNI
T1VMRCBpbmZvcm0gdGhlIHJlc291cmNlIG93bmVyIG9mIHRoZQogICBlcnJvciwgYW5kIE1VU1Qg
Tk9UIGF1dG9tYXRpY2FsbHkgcmVkaXJlY3QgdGhlIHVzZXItYWdlbnQgdG8gdGhlCiAgIGludmFs
aWQgcmVkaXJlY3Rpb24gVVJJLgoKICAgSWYgdGhlIHJlc291cmNlIG93bmVyIGRlbmllcyB0aGUg
YWNjZXNzIHJlcXVlc3Qgb3IgaWYgdGhlIHJlcXVlc3QKICAgZmFpbHMgZm9yIHJlYXNvbnMgb3Ro
ZXIgdGhhbiBhIG1pc3Npbmcgb3IgaW52YWxpZCByZWRpcmVjdGlvbiBVUkksCiAgIHRoZSBhdXRo
b3JpemF0aW9uIHNlcnZlciBpbmZvcm1zIHRoZSBjbGllbnQgYnkgYWRkaW5nIHRoZSBmb2xsb3dp
bmcKICAgcGFyYW1ldGVycyB0byB0aGUgcXVlcnkgY29tcG9uZW50IG9mIHRoZSByZWRpcmVjdGlv
biBVUkkgdXNpbmcgdGhlCiAgICJhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQiIGZv
cm1hdDoKCiAgIGVycm9yCiAgICAgICAgIFJFUVVJUkVELiAgQSBzaW5nbGUgQVNDSUkgW1VTQVND
SUldIGVycm9yIGNvZGUgZnJvbSB0aGUKICAgICAgICAgZm9sbG93aW5nOgogICAgICAgICBpbnZh
bGlkX3JlcXVlc3QKICAgICAgICAgICAgICAgVGhlIHJlcXVlc3QgaXMgbWlzc2luZyBhIHJlcXVp
cmVkIHBhcmFtZXRlciwgaW5jbHVkZXMgYW4KICAgICAgICAgICAgICAgaW52YWxpZCBwYXJhbWV0
ZXIgdmFsdWUsIGluY2x1ZGVzIGEgcGFyYW1ldGVyIG1vcmUgdGhhbgogICAgICAgICAgICAgICBv
bmNlLCBvciBpcyBvdGhlcndpc2UgbWFsZm9ybWVkLgogICAgICAgICB1bmF1dGhvcml6ZWRfY2xp
ZW50CiAgICAgICAgICAgICAgIFRoZSBjbGllbnQgaXMgbm90IGF1dGhvcml6ZWQgdG8gcmVxdWVz
dCBhbiBhdXRob3JpemF0aW9uCiAgICAgICAgICAgICAgIGNvZGUgdXNpbmcgdGhpcyBtZXRob2Qu
CgoKCgoKSGFtbWVyLCBldCBhbC4gICAgICAgICAgRXhwaXJlcyBOb3ZlbWJlciAyNSwgMjAxMiAg
ICAgICAgICAgICAgW1BhZ2UgMjZdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBP
QXV0aCAyLjAgICAgICAgICAgICAgICAgICAgICAgIE1heSAyMDEyCgoKICAgICAgICAgYWNjZXNz
X2RlbmllZAogICAgICAgICAgICAgICBUaGUgcmVzb3VyY2Ugb3duZXIgb3IgYXV0aG9yaXphdGlv
biBzZXJ2ZXIgZGVuaWVkIHRoZQogICAgICAgICAgICAgICByZXF1ZXN0LgogICAgICAgICB1bnN1
cHBvcnRlZF9yZXNwb25zZV90eXBlCiAgICAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNl
cnZlciBkb2VzIG5vdCBzdXBwb3J0IG9idGFpbmluZyBhbgogICAgICAgICAgICAgICBhdXRob3Jp
emF0aW9uIGNvZGUgdXNpbmcgdGhpcyBtZXRob2QuCiAgICAgICAgIGludmFsaWRfc2NvcGUKICAg
ICAgICAgICAgICAgVGhlIHJlcXVlc3RlZCBzY29wZSBpcyBpbnZhbGlkLCB1bmtub3duLCBvciBt
YWxmb3JtZWQuCiAgICAgICAgIHNlcnZlcl9lcnJvcgogICAgICAgICAgICAgICBUaGUgYXV0aG9y
aXphdGlvbiBzZXJ2ZXIgZW5jb3VudGVyZWQgYW4gdW5leHBlY3RlZAogICAgICAgICAgICAgICBj
b25kaXRpb24gd2hpY2ggcHJldmVudGVkIGl0IGZyb20gZnVsZmlsbGluZyB0aGUgcmVxdWVzdC4K
ICAgICAgICAgdGVtcG9yYXJpbHlfdW5hdmFpbGFibGUKICAgICAgICAgICAgICAgVGhlIGF1dGhv
cml6YXRpb24gc2VydmVyIGlzIGN1cnJlbnRseSB1bmFibGUgdG8gaGFuZGxlCiAgICAgICAgICAg
ICAgIHRoZSByZXF1ZXN0IGR1ZSB0byBhIHRlbXBvcmFyeSBvdmVybG9hZGluZyBvciBtYWludGVu
YW5jZQogICAgICAgICAgICAgICBvZiB0aGUgc2VydmVyLgogICAgICAgICBWYWx1ZXMgZm9yIHRo
ZSAiZXJyb3IiIHBhcmFtZXRlciBNVVNUIE5PVCBpbmNsdWRlIGNoYXJhY3RlcnMKICAgICAgICAg
b3V0c2lkZSB0aGUgc2V0ICV4MjAtMjEgLyAleDIzLTVCIC8gJXg1RC03RS4KICAgZXJyb3JfZGVz
Y3JpcHRpb24KICAgICAgICAgT1BUSU9OQUwuICBBIGh1bWFuLXJlYWRhYmxlIEFTQ0lJIFtVU0FT
Q0lJXSB0ZXh0IHByb3ZpZGluZwogICAgICAgICBhZGRpdGlvbmFsIGluZm9ybWF0aW9uLCB1c2Vk
IHRvIGFzc2lzdCB0aGUgY2xpZW50IGRldmVsb3BlciBpbgogICAgICAgICB1bmRlcnN0YW5kaW5n
IHRoZSBlcnJvciB0aGF0IG9jY3VycmVkLgogICAgICAgICBWYWx1ZXMgZm9yIHRoZSAiZXJyb3Jf
ZGVzY3JpcHRpb24iIHBhcmFtZXRlciBNVVNUIE5PVCBpbmNsdWRlCiAgICAgICAgIGNoYXJhY3Rl
cnMgb3V0c2lkZSB0aGUgc2V0ICV4MjAtMjEgLyAleDIzLTVCIC8gJXg1RC03RS4KICAgZXJyb3Jf
dXJpCiAgICAgICAgIE9QVElPTkFMLiAgQSBVUkkgaWRlbnRpZnlpbmcgYSBodW1hbi1yZWFkYWJs
ZSB3ZWIgcGFnZSB3aXRoCiAgICAgICAgIGluZm9ybWF0aW9uIGFib3V0IHRoZSBlcnJvciwgdXNl
ZCB0byBwcm92aWRlIHRoZSBjbGllbnQKICAgICAgICAgZGV2ZWxvcGVyIHdpdGggYWRkaXRpb25h
bCBpbmZvcm1hdGlvbiBhYm91dCB0aGUgZXJyb3IuCiAgICAgICAgIFZhbHVlcyBmb3IgdGhlICJl
cnJvcl91cmkiIHBhcmFtZXRlciBNVVNUIGNvbmZvcm0gdG8gdGhlIFVSSS0KICAgICAgICAgUmVm
ZXJlbmNlIHN5bnRheCwgYW5kIHRodXMgTVVTVCBOT1QgaW5jbHVkZSBjaGFyYWN0ZXJzIG91dHNp
ZGUKICAgICAgICAgdGhlIHNldCAleDIxIC8gJXgyMy01QiAvICV4NUQtN0UuCiAgIHN0YXRlCiAg
ICAgICAgIFJFUVVJUkVEIGlmIGEgInN0YXRlIiBwYXJhbWV0ZXIgd2FzIHByZXNlbnQgaW4gdGhl
IGNsaWVudAogICAgICAgICBhdXRob3JpemF0aW9uIHJlcXVlc3QuICBUaGUgZXhhY3QgdmFsdWUg
cmVjZWl2ZWQgZnJvbSB0aGUKICAgICAgICAgY2xpZW50LgoKICAgRm9yIGV4YW1wbGUsIHRoZSBh
dXRob3JpemF0aW9uIHNlcnZlciByZWRpcmVjdHMgdGhlIHVzZXItYWdlbnQgYnkKICAgc2VuZGlu
ZyB0aGUgZm9sbG93aW5nIEhUVFAgcmVzcG9uc2U6CgoKICAgSFRUUC8xLjEgMzAyIEZvdW5kCiAg
IExvY2F0aW9uOiBodHRwczovL2NsaWVudC5leGFtcGxlLmNvbS9jYj9lcnJvcj1hY2Nlc3NfZGVu
aWVkJnN0YXRlPXh5egoKCjQuMS4zLiAgQWNjZXNzIFRva2VuIFJlcXVlc3QKCiAgIFRoZSBjbGll
bnQgbWFrZXMgYSByZXF1ZXN0IHRvIHRoZSB0b2tlbiBlbmRwb2ludCBieSBhZGRpbmcgdGhlCiAg
IGZvbGxvd2luZyBwYXJhbWV0ZXJzIHVzaW5nIHRoZSAiYXBwbGljYXRpb24veC13d3ctZm9ybS11
cmxlbmNvZGVkIgogICBmb3JtYXQgaW4gdGhlIEhUVFAgcmVxdWVzdCBlbnRpdHktYm9keToKCgoK
SGFtbWVyLCBldCBhbC4gICAgICAgICAgRXhwaXJlcyBOb3ZlbWJlciAyNSwgMjAxMiAgICAgICAg
ICAgICAgW1BhZ2UgMjddCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBPQXV0aCAy
LjAgICAgICAgICAgICAgICAgICAgICAgIE1heSAyMDEyCgoKICAgZ3JhbnRfdHlwZQogICAgICAg
ICBSRVFVSVJFRC4gIFZhbHVlIE1VU1QgYmUgc2V0IHRvICJhdXRob3JpemF0aW9uX2NvZGUiLgog
ICBjb2RlCiAgICAgICAgIFJFUVVJUkVELiAgVGhlIGF1dGhvcml6YXRpb24gY29kZSByZWNlaXZl
ZCBmcm9tIHRoZQogICAgICAgICBhdXRob3JpemF0aW9uIHNlcnZlci4KICAgcmVkaXJlY3RfdXJp
CiAgICAgICAgIFJFUVVJUkVELCBpZiB0aGUgInJlZGlyZWN0X3VyaSIgcGFyYW1ldGVyIHdhcyBp
bmNsdWRlZCBpbiB0aGUKICAgICAgICAgYXV0aG9yaXphdGlvbiByZXF1ZXN0IGFzIGRlc2NyaWJl
ZCBpbiBTZWN0aW9uIDQuMS4xLCBhbmQgdGhlaXIKICAgICAgICAgdmFsdWVzIE1VU1QgYmUgaWRl
bnRpY2FsLgoKICAgSWYgdGhlIGNsaWVudCB0eXBlIGlzIGNvbmZpZGVudGlhbCBvciB0aGUgY2xp
ZW50IHdhcyBpc3N1ZWQgY2xpZW50CiAgIGNyZWRlbnRpYWxzIChvciBhc3NpZ25lZCBvdGhlciBh
dXRoZW50aWNhdGlvbiByZXF1aXJlbWVudHMpLCB0aGUKICAgY2xpZW50IE1VU1QgYXV0aGVudGlj
YXRlIHdpdGggdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGFzIGRlc2NyaWJlZAogICBpbiBTZWN0
aW9uIDMuMi4xLgoKICAgRm9yIGV4YW1wbGUsIHRoZSBjbGllbnQgbWFrZXMgdGhlIGZvbGxvd2lu
ZyBIVFRQIHJlcXVlc3QgdXNpbmcgVExTCiAgIChleHRyYSBsaW5lIGJyZWFrcyBhcmUgZm9yIGRp
c3BsYXkgcHVycG9zZXMgb25seSk6CgoKICAgICBQT1NUIC90b2tlbiBIVFRQLzEuMQogICAgIEhv
c3Q6IHNlcnZlci5leGFtcGxlLmNvbQogICAgIEF1dGhvcml6YXRpb246IEJhc2ljIGN6WkNhR1JT
YTNGME16cG5XREZtUW1GME0ySlcKICAgICBDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3
LWZvcm0tdXJsZW5jb2RlZDtjaGFyc2V0PVVURi04CgogICAgIGdyYW50X3R5cGU9YXV0aG9yaXph
dGlvbl9jb2RlJmNvZGU9U3BseGxPQmVaUVFZYllTNld4U2JJQQogICAgICZyZWRpcmVjdF91cmk9
aHR0cHMlM0ElMkYlMkZjbGllbnQlMkVleGFtcGxlJTJFY29tJTJGY2IKCgogICBUaGUgYXV0aG9y
aXphdGlvbiBzZXJ2ZXIgTVVTVDoKCiAgIG8gIHJlcXVpcmUgY2xpZW50IGF1dGhlbnRpY2F0aW9u
IGZvciBjb25maWRlbnRpYWwgY2xpZW50cyBvciBmb3IgYW55CiAgICAgIGNsaWVudCB0aGF0IHdh
cyBpc3N1ZWQgY2xpZW50IGNyZWRlbnRpYWxzIChvciB3aXRoIG90aGVyCiAgICAgIGF1dGhlbnRp
Y2F0aW9uIHJlcXVpcmVtZW50cyksCiAgIG8gIGF1dGhlbnRpY2F0ZSB0aGUgY2xpZW50IGlmIGNs
aWVudCBhdXRoZW50aWNhdGlvbiBpcyBpbmNsdWRlZCBhbmQKICAgICAgZW5zdXJlIHRoZSBhdXRo
b3JpemF0aW9uIGNvZGUgd2FzIGlzc3VlZCB0byB0aGUgYXV0aGVudGljYXRlZAogICAgICBjbGll
bnQsCiAgIG8gIHZlcmlmeSB0aGF0IHRoZSBhdXRob3JpemF0aW9uIGNvZGUgaXMgdmFsaWQsIGFu
ZAogICBvICBlbnN1cmUgdGhhdCB0aGUgInJlZGlyZWN0X3VyaSIgcGFyYW1ldGVyIGlzIHByZXNl
bnQgaWYgdGhlCiAgICAgICJyZWRpcmVjdF91cmkiIHBhcmFtZXRlciB3YXMgaW5jbHVkZWQgaW4g
dGhlIGluaXRpYWwgYXV0aG9yaXphdGlvbgogICAgICByZXF1ZXN0IGFzIGRlc2NyaWJlZCBpbiBT
ZWN0aW9uIDQuMS4xLCBhbmQgaWYgaW5jbHVkZWQgZW5zdXJlCiAgICAgIHRoZWlyIHZhbHVlcyBh
cmUgaWRlbnRpY2FsLgoKNC4xLjQuICBBY2Nlc3MgVG9rZW4gUmVzcG9uc2UKCiAgIElmIHRoZSBh
Y2Nlc3MgdG9rZW4gcmVxdWVzdCBpcyB2YWxpZCBhbmQgYXV0aG9yaXplZCwgdGhlCiAgIGF1dGhv
cml6YXRpb24gc2VydmVyIGlzc3VlcyBhbiBhY2Nlc3MgdG9rZW4gYW5kIG9wdGlvbmFsIHJlZnJl
c2gKICAgdG9rZW4gYXMgZGVzY3JpYmVkIGluIFNlY3Rpb24gNS4xLiAgSWYgdGhlIHJlcXVlc3Qg
Y2xpZW50CiAgIGF1dGhlbnRpY2F0aW9uIGZhaWxlZCBvciBpcyBpbnZhbGlkLCB0aGUgYXV0aG9y
aXphdGlvbiBzZXJ2ZXIgcmV0dXJucwoKCgpIYW1tZXIsIGV0IGFsLiAgICAgICAgICBFeHBpcmVz
IE5vdmVtYmVyIDI1LCAyMDEyICAgICAgICAgICAgICBbUGFnZSAyOF0KDApJbnRlcm5ldC1EcmFm
dCAgICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICAgTWF5IDIw
MTIKCgogICBhbiBlcnJvciByZXNwb25zZSBhcyBkZXNjcmliZWQgaW4gU2VjdGlvbiA1LjIuCgog
ICBBbiBleGFtcGxlIHN1Y2Nlc3NmdWwgcmVzcG9uc2U6CgoKICAgICBIVFRQLzEuMSAyMDAgT0sK
ICAgICBDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb247Y2hhcnNldD1VVEYtOAogICAgIENh
Y2hlLUNvbnRyb2w6IG5vLXN0b3JlCiAgICAgUHJhZ21hOiBuby1jYWNoZQoKICAgICB7CiAgICAg
ICAiYWNjZXNzX3Rva2VuIjoiMllvdG5GWkZFanIxekNzaWNNV3BBQSIsCiAgICAgICAidG9rZW5f
dHlwZSI6ImV4YW1wbGUiLAogICAgICAgImV4cGlyZXNfaW4iOjM2MDAsCiAgICAgICAicmVmcmVz
aF90b2tlbiI6InRHenYzSk9rRjBYRzVReDJUbEtXSUEiLAogICAgICAgImV4YW1wbGVfcGFyYW1l
dGVyIjoiZXhhbXBsZV92YWx1ZSIKICAgICB9CgoKNC4yLiAgSW1wbGljaXQgR3JhbnQKCiAgIFRo
ZSBpbXBsaWNpdCBncmFudCB0eXBlIGlzIHVzZWQgdG8gb2J0YWluIGFjY2VzcyB0b2tlbnMgKGl0
IGRvZXMgbm90CiAgIHN1cHBvcnQgdGhlIGlzc3VhbmNlIG9mIHJlZnJlc2ggdG9rZW5zKSBhbmQg
aXMgb3B0aW1pemVkIGZvciBwdWJsaWMKICAgY2xpZW50cyBrbm93biB0byBvcGVyYXRlIGEgcGFy
dGljdWxhciByZWRpcmVjdGlvbiBVUkkuICBUaGVzZSBjbGllbnRzCiAgIGFyZSB0eXBpY2FsbHkg
aW1wbGVtZW50ZWQgaW4gYSBicm93c2VyIHVzaW5nIGEgc2NyaXB0aW5nIGxhbmd1YWdlCiAgIHN1
Y2ggYXMgSmF2YVNjcmlwdC4KCiAgIEFzIGEgcmVkaXJlY3Rpb24tYmFzZWQgZmxvdywgdGhlIGNs
aWVudCBtdXN0IGJlIGNhcGFibGUgb2YKICAgaW50ZXJhY3Rpbmcgd2l0aCB0aGUgcmVzb3VyY2Ug
b3duZXIncyB1c2VyLWFnZW50ICh0eXBpY2FsbHkgYSB3ZWIKICAgYnJvd3NlcikgYW5kIGNhcGFi
bGUgb2YgcmVjZWl2aW5nIGluY29taW5nIHJlcXVlc3RzICh2aWEgcmVkaXJlY3Rpb24pCiAgIGZy
b20gdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLgoKICAgVW5saWtlIHRoZSBhdXRob3JpemF0aW9u
IGNvZGUgZ3JhbnQgdHlwZSBpbiB3aGljaCB0aGUgY2xpZW50IG1ha2VzCiAgIHNlcGFyYXRlIHJl
cXVlc3RzIGZvciBhdXRob3JpemF0aW9uIGFuZCBhY2Nlc3MgdG9rZW4sIHRoZSBjbGllbnQKICAg
cmVjZWl2ZXMgdGhlIGFjY2VzcyB0b2tlbiBhcyB0aGUgcmVzdWx0IG9mIHRoZSBhdXRob3JpemF0
aW9uIHJlcXVlc3QuCgogICBUaGUgaW1wbGljaXQgZ3JhbnQgdHlwZSBkb2VzIG5vdCBpbmNsdWRl
IGNsaWVudCBhdXRoZW50aWNhdGlvbiwgYW5kCiAgIHJlbGllcyBvbiB0aGUgcHJlc2VuY2Ugb2Yg
dGhlIHJlc291cmNlIG93bmVyIGFuZCB0aGUgcmVnaXN0cmF0aW9uIG9mCiAgIHRoZSByZWRpcmVj
dGlvbiBVUkkuICBCZWNhdXNlIHRoZSBhY2Nlc3MgdG9rZW4gaXMgZW5jb2RlZCBpbnRvIHRoZQog
ICByZWRpcmVjdGlvbiBVUkksIGl0IG1heSBiZSBleHBvc2VkIHRvIHRoZSByZXNvdXJjZSBvd25l
ciBhbmQgb3RoZXIKICAgYXBwbGljYXRpb25zIHJlc2lkaW5nIG9uIHRoZSBzYW1lIGRldmljZS4K
CgoKCgoKCgoKCkhhbW1lciwgZXQgYWwuICAgICAgICAgIEV4cGlyZXMgTm92ZW1iZXIgMjUsIDIw
MTIgICAgICAgICAgICAgIFtQYWdlIDI5XQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAg
ICAgT0F1dGggMi4wICAgICAgICAgICAgICAgICAgICAgICBNYXkgMjAxMgoKCiAgICAgKy0tLS0t
LS0tLS0rCiAgICAgfCBSZXNvdXJjZSB8CiAgICAgfCAgT3duZXIgICB8CiAgICAgfCAgICAgICAg
ICB8CiAgICAgKy0tLS0tLS0tLS0rCiAgICAgICAgICBeCiAgICAgICAgICB8CiAgICAgICAgIChC
KQogICAgICstLS0tfC0tLS0tKyAgICAgICAgICBDbGllbnQgSWRlbnRpZmllciAgICAgKy0tLS0t
LS0tLS0tLS0tLSsKICAgICB8ICAgICAgICAgLSstLS0tKEEpLS0gJiBSZWRpcmVjdGlvbiBVUkkg
LS0tPnwgICAgICAgICAgICAgICB8CiAgICAgfCAgVXNlci0gICB8ICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICB8IEF1dGhvcml6YXRpb24gfAogICAgIHwgIEFnZW50ICAtfC0tLS0oQikt
LSBVc2VyIGF1dGhlbnRpY2F0ZXMgLS0+fCAgICAgU2VydmVyICAgIHwKICAgICB8ICAgICAgICAg
IHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgICAgICAgICAgICB8CiAgICAg
fCAgICAgICAgICB8PC0tLShDKS0tLSBSZWRpcmVjdGlvbiBVUkkgLS0tLTx8ICAgICAgICAgICAg
ICAgfAogICAgIHwgICAgICAgICAgfCAgICAgICAgICB3aXRoIEFjY2VzcyBUb2tlbiAgICAgKy0t
LS0tLS0tLS0tLS0tLSsKICAgICB8ICAgICAgICAgIHwgICAgICAgICAgICBpbiBGcmFnbWVudAog
ICAgIHwgICAgICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKy0tLS0tLS0t
LS0tLS0tLSsKICAgICB8ICAgICAgICAgIHwtLS0tKEQpLS0tIFJlZGlyZWN0aW9uIFVSSSAtLS0t
PnwgICBXZWItSG9zdGVkICB8CiAgICAgfCAgICAgICAgICB8ICAgICAgICAgIHdpdGhvdXQgRnJh
Z21lbnQgICAgICB8ICAgICBDbGllbnQgICAgfAogICAgIHwgICAgICAgICAgfCAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgfCAgICBSZXNvdXJjZSAgIHwKICAgICB8ICAgICAoRikgIHw8
LS0tKEUpLS0tLS0tLSBTY3JpcHQgLS0tLS0tLS0tPHwgICAgICAgICAgICAgICB8CiAgICAgfCAg
ICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0t
KwogICAgICstfC0tLS0tLS0tKwogICAgICAgfCAgICB8CiAgICAgIChBKSAgKEcpIEFjY2VzcyBU
b2tlbgogICAgICAgfCAgICB8CiAgICAgICBeICAgIHYKICAgICArLS0tLS0tLS0tKwogICAgIHwg
ICAgICAgICB8CiAgICAgfCAgQ2xpZW50IHwKICAgICB8ICAgICAgICAgfAogICAgICstLS0tLS0t
LS0rCgoKICAgTm90ZTogVGhlIGxpbmVzIGlsbHVzdHJhdGluZyBzdGVwcyBBIGFuZCBCIGFyZSBi
cm9rZW4gaW50byB0d28gcGFydHMKICAgYXMgdGhleSBwYXNzIHRocm91Z2ggdGhlIHVzZXItYWdl
bnQuCgogICAgICAgICAgICAgICAgICAgICAgIEZpZ3VyZSA0OiBJbXBsaWNpdCBHcmFudCBGbG93
CgogICBUaGUgZmxvdyBpbGx1c3RyYXRlZCBpbiBGaWd1cmUgNCBpbmNsdWRlcyB0aGUgZm9sbG93
aW5nIHN0ZXBzOgoKICAgKEEpICBUaGUgY2xpZW50IGluaXRpYXRlcyB0aGUgZmxvdyBieSBkaXJl
Y3RpbmcgdGhlIHJlc291cmNlIG93bmVyJ3MKICAgICAgICB1c2VyLWFnZW50IHRvIHRoZSBhdXRo
b3JpemF0aW9uIGVuZHBvaW50LiAgVGhlIGNsaWVudCBpbmNsdWRlcwogICAgICAgIGl0cyBjbGll
bnQgaWRlbnRpZmllciwgcmVxdWVzdGVkIHNjb3BlLCBsb2NhbCBzdGF0ZSwgYW5kIGEKICAgICAg
ICByZWRpcmVjdGlvbiBVUkkgdG8gd2hpY2ggdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHdpbGwg
c2VuZCB0aGUKICAgICAgICB1c2VyLWFnZW50IGJhY2sgb25jZSBhY2Nlc3MgaXMgZ3JhbnRlZCAo
b3IgZGVuaWVkKS4KCgoKCgpIYW1tZXIsIGV0IGFsLiAgICAgICAgICBFeHBpcmVzIE5vdmVtYmVy
IDI1LCAyMDEyICAgICAgICAgICAgICBbUGFnZSAzMF0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAg
ICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICAgTWF5IDIwMTIKCgogICAo
QikgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhdXRoZW50aWNhdGVzIHRoZSByZXNvdXJjZSBv
d25lciAodmlhCiAgICAgICAgdGhlIHVzZXItYWdlbnQpIGFuZCBlc3RhYmxpc2hlcyB3aGV0aGVy
IHRoZSByZXNvdXJjZSBvd25lcgogICAgICAgIGdyYW50cyBvciBkZW5pZXMgdGhlIGNsaWVudCdz
IGFjY2VzcyByZXF1ZXN0LgogICAoQykgIEFzc3VtaW5nIHRoZSByZXNvdXJjZSBvd25lciBncmFu
dHMgYWNjZXNzLCB0aGUgYXV0aG9yaXphdGlvbgogICAgICAgIHNlcnZlciByZWRpcmVjdHMgdGhl
IHVzZXItYWdlbnQgYmFjayB0byB0aGUgY2xpZW50IHVzaW5nIHRoZQogICAgICAgIHJlZGlyZWN0
aW9uIFVSSSBwcm92aWRlZCBlYXJsaWVyLiAgVGhlIHJlZGlyZWN0aW9uIFVSSSBpbmNsdWRlcwog
ICAgICAgIHRoZSBhY2Nlc3MgdG9rZW4gaW4gdGhlIFVSSSBmcmFnbWVudC4KICAgKEQpICBUaGUg
dXNlci1hZ2VudCBmb2xsb3dzIHRoZSByZWRpcmVjdGlvbiBpbnN0cnVjdGlvbnMgYnkgbWFraW5n
IGEKICAgICAgICByZXF1ZXN0IHRvIHRoZSB3ZWItaG9zdGVkIGNsaWVudCByZXNvdXJjZSAod2hp
Y2ggZG9lcyBub3QKICAgICAgICBpbmNsdWRlIHRoZSBmcmFnbWVudCBwZXIgW1JGQzI2MTZdKS4g
IFRoZSB1c2VyLWFnZW50IHJldGFpbnMgdGhlCiAgICAgICAgZnJhZ21lbnQgaW5mb3JtYXRpb24g
bG9jYWxseS4KICAgKEUpICBUaGUgd2ViLWhvc3RlZCBjbGllbnQgcmVzb3VyY2UgcmV0dXJucyBh
IHdlYiBwYWdlICh0eXBpY2FsbHkgYW4KICAgICAgICBIVE1MIGRvY3VtZW50IHdpdGggYW4gZW1i
ZWRkZWQgc2NyaXB0KSBjYXBhYmxlIG9mIGFjY2Vzc2luZyB0aGUKICAgICAgICBmdWxsIHJlZGly
ZWN0aW9uIFVSSSBpbmNsdWRpbmcgdGhlIGZyYWdtZW50IHJldGFpbmVkIGJ5IHRoZQogICAgICAg
IHVzZXItYWdlbnQsIGFuZCBleHRyYWN0aW5nIHRoZSBhY2Nlc3MgdG9rZW4gKGFuZCBvdGhlcgog
ICAgICAgIHBhcmFtZXRlcnMpIGNvbnRhaW5lZCBpbiB0aGUgZnJhZ21lbnQuCiAgIChGKSAgVGhl
IHVzZXItYWdlbnQgZXhlY3V0ZXMgdGhlIHNjcmlwdCBwcm92aWRlZCBieSB0aGUgd2ViLWhvc3Rl
ZAogICAgICAgIGNsaWVudCByZXNvdXJjZSBsb2NhbGx5LCB3aGljaCBleHRyYWN0cyB0aGUgYWNj
ZXNzIHRva2VuIGFuZAogICAgICAgIHBhc3NlcyBpdCB0byB0aGUgY2xpZW50LgoKNC4yLjEuICBB
dXRob3JpemF0aW9uIFJlcXVlc3QKCiAgIFRoZSBjbGllbnQgY29uc3RydWN0cyB0aGUgcmVxdWVz
dCBVUkkgYnkgYWRkaW5nIHRoZSBmb2xsb3dpbmcKICAgcGFyYW1ldGVycyB0byB0aGUgcXVlcnkg
Y29tcG9uZW50IG9mIHRoZSBhdXRob3JpemF0aW9uIGVuZHBvaW50IFVSSQogICB1c2luZyB0aGUg
ImFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZCIgZm9ybWF0OgoKICAgcmVzcG9uc2Vf
dHlwZQogICAgICAgICBSRVFVSVJFRC4gIFZhbHVlIE1VU1QgYmUgc2V0IHRvICJ0b2tlbiIuCiAg
IGNsaWVudF9pZAogICAgICAgICBSRVFVSVJFRC4gIFRoZSBjbGllbnQgaWRlbnRpZmllciBhcyBk
ZXNjcmliZWQgaW4gU2VjdGlvbiAyLjIuCiAgIHJlZGlyZWN0X3VyaQogICAgICAgICBPUFRJT05B
TC4gIEFzIGRlc2NyaWJlZCBpbiBTZWN0aW9uIDMuMS4yLgogICBzY29wZQogICAgICAgICBPUFRJ
T05BTC4gIFRoZSBzY29wZSBvZiB0aGUgYWNjZXNzIHJlcXVlc3QgYXMgZGVzY3JpYmVkIGJ5CiAg
ICAgICAgIFNlY3Rpb24gMy4zLgogICBzdGF0ZQogICAgICAgICBSRUNPTU1FTkRFRC4gIEFuIG9w
YXF1ZSB2YWx1ZSB1c2VkIGJ5IHRoZSBjbGllbnQgdG8gbWFpbnRhaW4KICAgICAgICAgc3RhdGUg
YmV0d2VlbiB0aGUgcmVxdWVzdCBhbmQgY2FsbGJhY2suICBUaGUgYXV0aG9yaXphdGlvbgogICAg
ICAgICBzZXJ2ZXIgaW5jbHVkZXMgdGhpcyB2YWx1ZSB3aGVuIHJlZGlyZWN0aW5nIHRoZSB1c2Vy
LWFnZW50IGJhY2sKICAgICAgICAgdG8gdGhlIGNsaWVudC4gIFRoZSBwYXJhbWV0ZXIgU0hPVUxE
IGJlIHVzZWQgZm9yIHByZXZlbnRpbmcKICAgICAgICAgY3Jvc3Mtc2l0ZSByZXF1ZXN0IGZvcmdl
cnkgYXMgZGVzY3JpYmVkIGluIFNlY3Rpb24gMTAuMTIuCgogICBUaGUgY2xpZW50IGRpcmVjdHMg
dGhlIHJlc291cmNlIG93bmVyIHRvIHRoZSBjb25zdHJ1Y3RlZCBVUkkgdXNpbmcgYW4KICAgSFRU
UCByZWRpcmVjdGlvbiByZXNwb25zZSwgb3IgYnkgb3RoZXIgbWVhbnMgYXZhaWxhYmxlIHRvIGl0
IHZpYSB0aGUKICAgdXNlci1hZ2VudC4KCgoKCgoKSGFtbWVyLCBldCBhbC4gICAgICAgICAgRXhw
aXJlcyBOb3ZlbWJlciAyNSwgMjAxMiAgICAgICAgICAgICAgW1BhZ2UgMzFdCgwKSW50ZXJuZXQt
RHJhZnQgICAgICAgICAgICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAgICAgICAgIE1h
eSAyMDEyCgoKICAgRm9yIGV4YW1wbGUsIHRoZSBjbGllbnQgZGlyZWN0cyB0aGUgdXNlci1hZ2Vu
dCB0byBtYWtlIHRoZSBmb2xsb3dpbmcKICAgSFRUUCByZXF1ZXN0IHVzaW5nIFRMUyAoZXh0cmEg
bGluZSBicmVha3MgYXJlIGZvciBkaXNwbGF5IHB1cnBvc2VzCiAgIG9ubHkpOgoKCiAgICBHRVQg
L2F1dGhvcml6ZT9yZXNwb25zZV90eXBlPXRva2VuJmNsaWVudF9pZD1zNkJoZFJrcXQzJnN0YXRl
PXh5egogICAgICAgICZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZjbGllbnQlMkVleGFtcGxl
JTJFY29tJTJGY2IgSFRUUC8xLjEKICAgIEhvc3Q6IHNlcnZlci5leGFtcGxlLmNvbQoKCiAgIFRo
ZSBhdXRob3JpemF0aW9uIHNlcnZlciB2YWxpZGF0ZXMgdGhlIHJlcXVlc3QgdG8gZW5zdXJlIGFs
bCByZXF1aXJlZAogICBwYXJhbWV0ZXJzIGFyZSBwcmVzZW50IGFuZCB2YWxpZC4gIFRoZSBhdXRo
b3JpemF0aW9uIHNlcnZlciBNVVNUCiAgIHZlcmlmeSB0aGF0IHRoZSByZWRpcmVjdGlvbiBVUkkg
dG8gd2hpY2ggaXQgd2lsbCByZWRpcmVjdCB0aGUgYWNjZXNzCiAgIHRva2VuIG1hdGNoZXMgYSBy
ZWRpcmVjdGlvbiBVUkkgcmVnaXN0ZXJlZCBieSB0aGUgY2xpZW50IGFzIGRlc2NyaWJlZAogICBp
biBTZWN0aW9uIDMuMS4yLgoKICAgSWYgdGhlIHJlcXVlc3QgaXMgdmFsaWQsIHRoZSBhdXRob3Jp
emF0aW9uIHNlcnZlciBhdXRoZW50aWNhdGVzIHRoZQogICByZXNvdXJjZSBvd25lciBhbmQgb2J0
YWlucyBhbiBhdXRob3JpemF0aW9uIGRlY2lzaW9uIChieSBhc2tpbmcgdGhlCiAgIHJlc291cmNl
IG93bmVyIG9yIGJ5IGVzdGFibGlzaGluZyBhcHByb3ZhbCB2aWEgb3RoZXIgbWVhbnMpLgoKICAg
V2hlbiBhIGRlY2lzaW9uIGlzIGVzdGFibGlzaGVkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIg
ZGlyZWN0cyB0aGUKICAgdXNlci1hZ2VudCB0byB0aGUgcHJvdmlkZWQgY2xpZW50IHJlZGlyZWN0
aW9uIFVSSSB1c2luZyBhbiBIVFRQCiAgIHJlZGlyZWN0aW9uIHJlc3BvbnNlLCBvciBieSBvdGhl
ciBtZWFucyBhdmFpbGFibGUgdG8gaXQgdmlhIHRoZSB1c2VyLQogICBhZ2VudC4KCjQuMi4yLiAg
QWNjZXNzIFRva2VuIFJlc3BvbnNlCgogICBJZiB0aGUgcmVzb3VyY2Ugb3duZXIgZ3JhbnRzIHRo
ZSBhY2Nlc3MgcmVxdWVzdCwgdGhlIGF1dGhvcml6YXRpb24KICAgc2VydmVyIGlzc3VlcyBhbiBh
Y2Nlc3MgdG9rZW4gYW5kIGRlbGl2ZXJzIGl0IHRvIHRoZSBjbGllbnQgYnkgYWRkaW5nCiAgIHRo
ZSBmb2xsb3dpbmcgcGFyYW1ldGVycyB0byB0aGUgZnJhZ21lbnQgY29tcG9uZW50IG9mIHRoZSBy
ZWRpcmVjdGlvbgogICBVUkkgdXNpbmcgdGhlICJhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVu
Y29kZWQiIGZvcm1hdDoKCiAgIGFjY2Vzc190b2tlbgogICAgICAgICBSRVFVSVJFRC4gIFRoZSBh
Y2Nlc3MgdG9rZW4gaXNzdWVkIGJ5IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4KICAgdG9rZW5f
dHlwZQogICAgICAgICBSRVFVSVJFRC4gIFRoZSB0eXBlIG9mIHRoZSB0b2tlbiBpc3N1ZWQgYXMg
ZGVzY3JpYmVkIGluCiAgICAgICAgIFNlY3Rpb24gNy4xLiAgVmFsdWUgaXMgY2FzZSBpbnNlbnNp
dGl2ZS4KICAgZXhwaXJlc19pbgogICAgICAgICBSRUNPTU1FTkRFRC4gIFRoZSBsaWZldGltZSBp
biBzZWNvbmRzIG9mIHRoZSBhY2Nlc3MgdG9rZW4uICBGb3IKICAgICAgICAgZXhhbXBsZSwgdGhl
IHZhbHVlICIzNjAwIiBkZW5vdGVzIHRoYXQgdGhlIGFjY2VzcyB0b2tlbiB3aWxsCiAgICAgICAg
IGV4cGlyZSBpbiBvbmUgaG91ciBmcm9tIHRoZSB0aW1lIHRoZSByZXNwb25zZSB3YXMgZ2VuZXJh
dGVkLgogICAgICAgICBJZiBvbWl0dGVkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgU0hPVUxE
IHByb3ZpZGUgdGhlCiAgICAgICAgIGV4cGlyYXRpb24gdGltZSB2aWEgb3RoZXIgbWVhbnMgb3Ig
ZG9jdW1lbnQgdGhlIGRlZmF1bHQgdmFsdWUuCiAgIHNjb3BlCiAgICAgICAgIE9QVElPTkFMLCBp
ZiBpZGVudGljYWwgdG8gdGhlIHNjb3BlIHJlcXVlc3RlZCBieSB0aGUgY2xpZW50LAogICAgICAg
ICBvdGhlcndpc2UgUkVRVUlSRUQuICBUaGUgc2NvcGUgb2YgdGhlIGFjY2VzcyB0b2tlbiBhcyBk
ZXNjcmliZWQKICAgICAgICAgYnkgU2VjdGlvbiAzLjMuCgoKCgpIYW1tZXIsIGV0IGFsLiAgICAg
ICAgICBFeHBpcmVzIE5vdmVtYmVyIDI1LCAyMDEyICAgICAgICAgICAgICBbUGFnZSAzMl0KDApJ
bnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAg
ICAgICAgTWF5IDIwMTIKCgogICBzdGF0ZQogICAgICAgICBSRVFVSVJFRCBpZiB0aGUgInN0YXRl
IiBwYXJhbWV0ZXIgd2FzIHByZXNlbnQgaW4gdGhlIGNsaWVudAogICAgICAgICBhdXRob3JpemF0
aW9uIHJlcXVlc3QuICBUaGUgZXhhY3QgdmFsdWUgcmVjZWl2ZWQgZnJvbSB0aGUKICAgICAgICAg
Y2xpZW50LgoKICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgTk9UIGlzc3VlIGEgcmVm
cmVzaCB0b2tlbi4KCiAgIEZvciBleGFtcGxlLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgcmVk
aXJlY3RzIHRoZSB1c2VyLWFnZW50IGJ5CiAgIHNlbmRpbmcgdGhlIGZvbGxvd2luZyBIVFRQIHJl
c3BvbnNlIChVUkkgZXh0cmEgbGluZSBicmVha3MgYXJlIGZvcgogICBkaXNwbGF5IHB1cnBvc2Vz
IG9ubHkpOgoKCiAgICAgSFRUUC8xLjEgMzAyIEZvdW5kCiAgICAgTG9jYXRpb246IGh0dHA6Ly9l
eGFtcGxlLmNvbS9jYiNhY2Nlc3NfdG9rZW49MllvdG5GWkZFanIxekNzaWNNV3BBQQogICAgICAg
ICAgICAgICAmc3RhdGU9eHl6JnRva2VuX3R5cGU9ZXhhbXBsZSZleHBpcmVzX2luPTM2MDAKCgog
ICBEZXZlbG9wZXJzIHNob3VsZCBub3RlIHRoYXQgc29tZSB1c2VyLWFnZW50cyBkbyBub3Qgc3Vw
cG9ydCB0aGUKICAgaW5jbHVzaW9uIG9mIGEgZnJhZ21lbnQgY29tcG9uZW50IGluIHRoZSBIVFRQ
ICJMb2NhdGlvbiIgcmVzcG9uc2UKICAgaGVhZGVyIGZpZWxkLiAgU3VjaCBjbGllbnRzIHdpbGwg
cmVxdWlyZSB1c2luZyBvdGhlciBtZXRob2RzIGZvcgogICByZWRpcmVjdGluZyB0aGUgY2xpZW50
IHRoYW4gYSAzeHggcmVkaXJlY3Rpb24gcmVzcG9uc2UuICBGb3IgZXhhbXBsZSwKICAgcmV0dXJu
aW5nIGFuIEhUTUwgcGFnZSB3aGljaCBpbmNsdWRlcyBhICdjb250aW51ZScgYnV0dG9uIHdpdGgg
YW4KICAgYWN0aW9uIGxpbmtlZCB0byB0aGUgcmVkaXJlY3Rpb24gVVJJLgoKICAgVGhlIGNsaWVu
dCBNVVNUIGlnbm9yZSB1bnJlY29nbml6ZWQgcmVzcG9uc2UgcGFyYW1ldGVycy4gIFRoZSBhY2Nl
c3MKICAgdG9rZW4gc3RyaW5nIHNpemUgaXMgbGVmdCB1bmRlZmluZWQgYnkgdGhpcyBzcGVjaWZp
Y2F0aW9uLiAgVGhlCiAgIGNsaWVudCBzaG91bGQgYXZvaWQgbWFraW5nIGFzc3VtcHRpb25zIGFi
b3V0IHZhbHVlIHNpemVzLiAgVGhlCiAgIGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCBkb2N1
bWVudCB0aGUgc2l6ZSBvZiBhbnkgdmFsdWUgaXQgaXNzdWVzLgoKNC4yLjIuMS4gIEVycm9yIFJl
c3BvbnNlCgogICBJZiB0aGUgcmVxdWVzdCBmYWlscyBkdWUgdG8gYSBtaXNzaW5nLCBpbnZhbGlk
LCBvciBtaXNtYXRjaGluZwogICByZWRpcmVjdGlvbiBVUkksIG9yIGlmIHRoZSBjbGllbnQgaWRl
bnRpZmllciBpcyBtaXNzaW5nIG9yIGludmFsaWQsCiAgIHRoZSBhdXRob3JpemF0aW9uIHNlcnZl
ciBTSE9VTEQgaW5mb3JtIHRoZSByZXNvdXJjZSBvd25lciBvZiB0aGUKICAgZXJyb3IsIGFuZCBN
VVNUIE5PVCBhdXRvbWF0aWNhbGx5IHJlZGlyZWN0IHRoZSB1c2VyLWFnZW50IHRvIHRoZQogICBp
bnZhbGlkIHJlZGlyZWN0aW9uIFVSSS4KCiAgIElmIHRoZSByZXNvdXJjZSBvd25lciBkZW5pZXMg
dGhlIGFjY2VzcyByZXF1ZXN0IG9yIGlmIHRoZSByZXF1ZXN0CiAgIGZhaWxzIGZvciByZWFzb25z
IG90aGVyIHRoYW4gYSBtaXNzaW5nIG9yIGludmFsaWQgcmVkaXJlY3Rpb24gVVJJLAogICB0aGUg
YXV0aG9yaXphdGlvbiBzZXJ2ZXIgaW5mb3JtcyB0aGUgY2xpZW50IGJ5IGFkZGluZyB0aGUgZm9s
bG93aW5nCiAgIHBhcmFtZXRlcnMgdG8gdGhlIGZyYWdtZW50IGNvbXBvbmVudCBvZiB0aGUgcmVk
aXJlY3Rpb24gVVJJIHVzaW5nIHRoZQogICAiYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNv
ZGVkIiBmb3JtYXQ6CgogICBlcnJvcgogICAgICAgICBSRVFVSVJFRC4gIEEgc2luZ2xlIEFTQ0lJ
IFtVU0FTQ0lJXSBlcnJvciBjb2RlIGZyb20gdGhlCiAgICAgICAgIGZvbGxvd2luZzoKCgoKCgpI
YW1tZXIsIGV0IGFsLiAgICAgICAgICBFeHBpcmVzIE5vdmVtYmVyIDI1LCAyMDEyICAgICAgICAg
ICAgICBbUGFnZSAzM10KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIE9BdXRoIDIu
MCAgICAgICAgICAgICAgICAgICAgICAgTWF5IDIwMTIKCgogICAgICAgICBpbnZhbGlkX3JlcXVl
c3QKICAgICAgICAgICAgICAgVGhlIHJlcXVlc3QgaXMgbWlzc2luZyBhIHJlcXVpcmVkIHBhcmFt
ZXRlciwgaW5jbHVkZXMgYW4KICAgICAgICAgICAgICAgaW52YWxpZCBwYXJhbWV0ZXIgdmFsdWUs
IGluY2x1ZGVzIGEgcGFyYW1ldGVyIG1vcmUgdGhhbgogICAgICAgICAgICAgICBvbmNlLCBvciBp
cyBvdGhlcndpc2UgbWFsZm9ybWVkLgogICAgICAgICB1bmF1dGhvcml6ZWRfY2xpZW50CiAgICAg
ICAgICAgICAgIFRoZSBjbGllbnQgaXMgbm90IGF1dGhvcml6ZWQgdG8gcmVxdWVzdCBhbiBhY2Nl
c3MgdG9rZW4KICAgICAgICAgICAgICAgdXNpbmcgdGhpcyBtZXRob2QuCiAgICAgICAgIGFjY2Vz
c19kZW5pZWQKICAgICAgICAgICAgICAgVGhlIHJlc291cmNlIG93bmVyIG9yIGF1dGhvcml6YXRp
b24gc2VydmVyIGRlbmllZCB0aGUKICAgICAgICAgICAgICAgcmVxdWVzdC4KICAgICAgICAgdW5z
dXBwb3J0ZWRfcmVzcG9uc2VfdHlwZQogICAgICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBz
ZXJ2ZXIgZG9lcyBub3Qgc3VwcG9ydCBvYnRhaW5pbmcgYW4KICAgICAgICAgICAgICAgYWNjZXNz
IHRva2VuIHVzaW5nIHRoaXMgbWV0aG9kLgogICAgICAgICBpbnZhbGlkX3Njb3BlCiAgICAgICAg
ICAgICAgIFRoZSByZXF1ZXN0ZWQgc2NvcGUgaXMgaW52YWxpZCwgdW5rbm93biwgb3IgbWFsZm9y
bWVkLgogICAgICAgICBzZXJ2ZXJfZXJyb3IKICAgICAgICAgICAgICAgVGhlIGF1dGhvcml6YXRp
b24gc2VydmVyIGVuY291bnRlcmVkIGFuIHVuZXhwZWN0ZWQKICAgICAgICAgICAgICAgY29uZGl0
aW9uIHdoaWNoIHByZXZlbnRlZCBpdCBmcm9tIGZ1bGZpbGxpbmcgdGhlIHJlcXVlc3QuCiAgICAg
ICAgIHRlbXBvcmFyaWx5X3VuYXZhaWxhYmxlCiAgICAgICAgICAgICAgIFRoZSBhdXRob3JpemF0
aW9uIHNlcnZlciBpcyBjdXJyZW50bHkgdW5hYmxlIHRvIGhhbmRsZQogICAgICAgICAgICAgICB0
aGUgcmVxdWVzdCBkdWUgdG8gYSB0ZW1wb3Jhcnkgb3ZlcmxvYWRpbmcgb3IgbWFpbnRlbmFuY2UK
ICAgICAgICAgICAgICAgb2YgdGhlIHNlcnZlci4KICAgICAgICAgVmFsdWVzIGZvciB0aGUgImVy
cm9yIiBwYXJhbWV0ZXIgTVVTVCBOT1QgaW5jbHVkZSBjaGFyYWN0ZXJzCiAgICAgICAgIG91dHNp
ZGUgdGhlIHNldCAleDIwLTIxIC8gJXgyMy01QiAvICV4NUQtN0UuCiAgIGVycm9yX2Rlc2NyaXB0
aW9uCiAgICAgICAgIE9QVElPTkFMLiAgQSBodW1hbi1yZWFkYWJsZSBBU0NJSSBbVVNBU0NJSV0g
dGV4dCBwcm92aWRpbmcKICAgICAgICAgYWRkaXRpb25hbCBpbmZvcm1hdGlvbiwgdXNlZCB0byBh
c3Npc3QgdGhlIGNsaWVudCBkZXZlbG9wZXIgaW4KICAgICAgICAgdW5kZXJzdGFuZGluZyB0aGUg
ZXJyb3IgdGhhdCBvY2N1cnJlZC4KICAgICAgICAgVmFsdWVzIGZvciB0aGUgImVycm9yX2Rlc2Ny
aXB0aW9uIiBwYXJhbWV0ZXIgTVVTVCBOT1QgaW5jbHVkZQogICAgICAgICBjaGFyYWN0ZXJzIG91
dHNpZGUgdGhlIHNldCAleDIwLTIxIC8gJXgyMy01QiAvICV4NUQtN0UuCiAgIGVycm9yX3VyaQog
ICAgICAgICBPUFRJT05BTC4gIEEgVVJJIGlkZW50aWZ5aW5nIGEgaHVtYW4tcmVhZGFibGUgd2Vi
IHBhZ2Ugd2l0aAogICAgICAgICBpbmZvcm1hdGlvbiBhYm91dCB0aGUgZXJyb3IsIHVzZWQgdG8g
cHJvdmlkZSB0aGUgY2xpZW50CiAgICAgICAgIGRldmVsb3BlciB3aXRoIGFkZGl0aW9uYWwgaW5m
b3JtYXRpb24gYWJvdXQgdGhlIGVycm9yLgogICAgICAgICBWYWx1ZXMgZm9yIHRoZSAiZXJyb3Jf
dXJpIiBwYXJhbWV0ZXIgTVVTVCBjb25mb3JtIHRvIHRoZSBVUkktCiAgICAgICAgIFJlZmVyZW5j
ZSBzeW50YXgsIGFuZCB0aHVzIE1VU1QgTk9UIGluY2x1ZGUgY2hhcmFjdGVycyBvdXRzaWRlCiAg
ICAgICAgIHRoZSBzZXQgJXgyMSAvICV4MjMtNUIgLyAleDVELTdFLgogICBzdGF0ZQogICAgICAg
ICBSRVFVSVJFRCBpZiBhICJzdGF0ZSIgcGFyYW1ldGVyIHdhcyBwcmVzZW50IGluIHRoZSBjbGll
bnQKICAgICAgICAgYXV0aG9yaXphdGlvbiByZXF1ZXN0LiAgVGhlIGV4YWN0IHZhbHVlIHJlY2Vp
dmVkIGZyb20gdGhlCiAgICAgICAgIGNsaWVudC4KCiAgIEZvciBleGFtcGxlLCB0aGUgYXV0aG9y
aXphdGlvbiBzZXJ2ZXIgcmVkaXJlY3RzIHRoZSB1c2VyLWFnZW50IGJ5CiAgIHNlbmRpbmcgdGhl
IGZvbGxvd2luZyBIVFRQIHJlc3BvbnNlOgoKCiAgIEhUVFAvMS4xIDMwMiBGb3VuZAogICBMb2Nh
dGlvbjogaHR0cHM6Ly9jbGllbnQuZXhhbXBsZS5jb20vY2IjZXJyb3I9YWNjZXNzX2RlbmllZCZz
dGF0ZT14eXoKCgoKSGFtbWVyLCBldCBhbC4gICAgICAgICAgRXhwaXJlcyBOb3ZlbWJlciAyNSwg
MjAxMiAgICAgICAgICAgICAgW1BhZ2UgMzRdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAg
ICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAgICAgICAgIE1heSAyMDEyCgoKNC4zLiAgUmVz
b3VyY2UgT3duZXIgUGFzc3dvcmQgQ3JlZGVudGlhbHMgR3JhbnQKCiAgIFRoZSByZXNvdXJjZSBv
d25lciBwYXNzd29yZCBjcmVkZW50aWFscyBncmFudCB0eXBlIGlzIHN1aXRhYmxlIGluCiAgIGNh
c2VzIHdoZXJlIHRoZSByZXNvdXJjZSBvd25lciBoYXMgYSB0cnVzdCByZWxhdGlvbnNoaXAgd2l0
aCB0aGUKICAgY2xpZW50LCBzdWNoIGFzIHRoZSBkZXZpY2Ugb3BlcmF0aW5nIHN5c3RlbSBvciBh
IGhpZ2hseSBwcml2aWxlZ2VkCiAgIGFwcGxpY2F0aW9uLiAgVGhlIGF1dGhvcml6YXRpb24gc2Vy
dmVyIHNob3VsZCB0YWtlIHNwZWNpYWwgY2FyZSB3aGVuCiAgIGVuYWJsaW5nIHRoaXMgZ3JhbnQg
dHlwZSwgYW5kIG9ubHkgYWxsb3cgaXQgd2hlbiBvdGhlciBmbG93cyBhcmUgbm90CiAgIHZpYWJs
ZS4KCiAgIFRoZSBncmFudCB0eXBlIGlzIHN1aXRhYmxlIGZvciBjbGllbnRzIGNhcGFibGUgb2Yg
b2J0YWluaW5nIHRoZQogICByZXNvdXJjZSBvd25lcidzIGNyZWRlbnRpYWxzICh1c2VybmFtZSBh
bmQgcGFzc3dvcmQsIHR5cGljYWxseSB1c2luZwogICBhbiBpbnRlcmFjdGl2ZSBmb3JtKS4gIEl0
IGlzIGFsc28gdXNlZCB0byBtaWdyYXRlIGV4aXN0aW5nIGNsaWVudHMKICAgdXNpbmcgZGlyZWN0
IGF1dGhlbnRpY2F0aW9uIHNjaGVtZXMgc3VjaCBhcyBIVFRQIEJhc2ljIG9yIERpZ2VzdAogICBh
dXRoZW50aWNhdGlvbiB0byBPQXV0aCBieSBjb252ZXJ0aW5nIHRoZSBzdG9yZWQgY3JlZGVudGlh
bHMgdG8gYW4KICAgYWNjZXNzIHRva2VuLgoKCiAgICAgKy0tLS0tLS0tLS0rCiAgICAgfCBSZXNv
dXJjZSB8CiAgICAgfCAgT3duZXIgICB8CiAgICAgfCAgICAgICAgICB8CiAgICAgKy0tLS0tLS0t
LS0rCiAgICAgICAgICB2CiAgICAgICAgICB8ICAgIFJlc291cmNlIE93bmVyCiAgICAgICAgIChB
KSBQYXNzd29yZCBDcmVkZW50aWFscwogICAgICAgICAgfAogICAgICAgICAgdgogICAgICstLS0t
LS0tLS0rICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICstLS0tLS0tLS0tLS0tLS0r
CiAgICAgfCAgICAgICAgIHw+LS0oQiktLS0tIFJlc291cmNlIE93bmVyIC0tLS0tLS0+fCAgICAg
ICAgICAgICAgIHwKICAgICB8ICAgICAgICAgfCAgICAgICAgIFBhc3N3b3JkIENyZWRlbnRpYWxz
ICAgICB8IEF1dGhvcml6YXRpb24gfAogICAgIHwgQ2xpZW50ICB8ICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgIHwgICAgIFNlcnZlciAgICB8CiAgICAgfCAgICAgICAgIHw8LS0oQykt
LS0tIEFjY2VzcyBUb2tlbiAtLS0tLS0tLS08fCAgICAgICAgICAgICAgIHwKICAgICB8ICAgICAg
ICAgfCAgICAody8gT3B0aW9uYWwgUmVmcmVzaCBUb2tlbikgICB8ICAgICAgICAgICAgICAgfAog
ICAgICstLS0tLS0tLS0rICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICstLS0tLS0t
LS0tLS0tLS0rCgoKICAgICAgICAgICAgRmlndXJlIDU6IFJlc291cmNlIE93bmVyIFBhc3N3b3Jk
IENyZWRlbnRpYWxzIEZsb3cKCiAgIFRoZSBmbG93IGlsbHVzdHJhdGVkIGluIEZpZ3VyZSA1IGlu
Y2x1ZGVzIHRoZSBmb2xsb3dpbmcgc3RlcHM6CgogICAoQSkgIFRoZSByZXNvdXJjZSBvd25lciBw
cm92aWRlcyB0aGUgY2xpZW50IHdpdGggaXRzIHVzZXJuYW1lIGFuZAogICAgICAgIHBhc3N3b3Jk
LgogICAoQikgIFRoZSBjbGllbnQgcmVxdWVzdHMgYW4gYWNjZXNzIHRva2VuIGZyb20gdGhlIGF1
dGhvcml6YXRpb24KICAgICAgICBzZXJ2ZXIncyB0b2tlbiBlbmRwb2ludCBieSBpbmNsdWRpbmcg
dGhlIGNyZWRlbnRpYWxzIHJlY2VpdmVkCiAgICAgICAgZnJvbSB0aGUgcmVzb3VyY2Ugb3duZXIu
ICBXaGVuIG1ha2luZyB0aGUgcmVxdWVzdCwgdGhlIGNsaWVudAogICAgICAgIGF1dGhlbnRpY2F0
ZXMgd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuCgoKCgoKSGFtbWVyLCBldCBhbC4gICAg
ICAgICAgRXhwaXJlcyBOb3ZlbWJlciAyNSwgMjAxMiAgICAgICAgICAgICAgW1BhZ2UgMzVdCgwK
SW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAg
ICAgICAgIE1heSAyMDEyCgoKICAgKEMpICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXV0aGVu
dGljYXRlcyB0aGUgY2xpZW50IGFuZCB2YWxpZGF0ZXMKICAgICAgICB0aGUgcmVzb3VyY2Ugb3du
ZXIgY3JlZGVudGlhbHMsIGFuZCBpZiB2YWxpZCBpc3N1ZXMgYW4gYWNjZXNzCiAgICAgICAgdG9r
ZW4uCgo0LjMuMS4gIEF1dGhvcml6YXRpb24gUmVxdWVzdCBhbmQgUmVzcG9uc2UKCiAgIFRoZSBt
ZXRob2QgdGhyb3VnaCB3aGljaCB0aGUgY2xpZW50IG9idGFpbnMgdGhlIHJlc291cmNlIG93bmVy
CiAgIGNyZWRlbnRpYWxzIGlzIGJleW9uZCB0aGUgc2NvcGUgb2YgdGhpcyBzcGVjaWZpY2F0aW9u
LiAgVGhlIGNsaWVudAogICBNVVNUIGRpc2NhcmQgdGhlIGNyZWRlbnRpYWxzIG9uY2UgYW4gYWNj
ZXNzIHRva2VuIGhhcyBiZWVuIG9idGFpbmVkLgoKNC4zLjIuICBBY2Nlc3MgVG9rZW4gUmVxdWVz
dAoKICAgVGhlIGNsaWVudCBtYWtlcyBhIHJlcXVlc3QgdG8gdGhlIHRva2VuIGVuZHBvaW50IGJ5
IGFkZGluZyB0aGUKICAgZm9sbG93aW5nIHBhcmFtZXRlcnMgdXNpbmcgdGhlICJhcHBsaWNhdGlv
bi94LXd3dy1mb3JtLXVybGVuY29kZWQiCiAgIGZvcm1hdCBpbiB0aGUgSFRUUCByZXF1ZXN0IGVu
dGl0eS1ib2R5OgoKICAgZ3JhbnRfdHlwZQogICAgICAgICBSRVFVSVJFRC4gIFZhbHVlIE1VU1Qg
YmUgc2V0IHRvICJwYXNzd29yZCIuCiAgIHVzZXJuYW1lCiAgICAgICAgIFJFUVVJUkVELiAgVGhl
IHJlc291cmNlIG93bmVyIHVzZXJuYW1lLCBlbmNvZGVkIGFzIFVURi04LgogICBwYXNzd29yZAog
ICAgICAgICBSRVFVSVJFRC4gIFRoZSByZXNvdXJjZSBvd25lciBwYXNzd29yZCwgZW5jb2RlZCBh
cyBVVEYtOC4KICAgc2NvcGUKICAgICAgICAgT1BUSU9OQUwuICBUaGUgc2NvcGUgb2YgdGhlIGFj
Y2VzcyByZXF1ZXN0IGFzIGRlc2NyaWJlZCBieQogICAgICAgICBTZWN0aW9uIDMuMy4KCiAgIElm
IHRoZSBjbGllbnQgdHlwZSBpcyBjb25maWRlbnRpYWwgb3IgdGhlIGNsaWVudCB3YXMgaXNzdWVk
IGNsaWVudAogICBjcmVkZW50aWFscyAob3IgYXNzaWduZWQgb3RoZXIgYXV0aGVudGljYXRpb24g
cmVxdWlyZW1lbnRzKSwgdGhlCiAgIGNsaWVudCBNVVNUIGF1dGhlbnRpY2F0ZSB3aXRoIHRoZSBh
dXRob3JpemF0aW9uIHNlcnZlciBhcyBkZXNjcmliZWQKICAgaW4gU2VjdGlvbiAzLjIuMS4KCiAg
IEZvciBleGFtcGxlLCB0aGUgY2xpZW50IG1ha2VzIHRoZSBmb2xsb3dpbmcgSFRUUCByZXF1ZXN0
IHVzaW5nCiAgIHRyYW5zcG9ydC1sYXllciBzZWN1cml0eSAoZXh0cmEgbGluZSBicmVha3MgYXJl
IGZvciBkaXNwbGF5IHB1cnBvc2VzCiAgIG9ubHkpOgoKCiAgICAgUE9TVCAvdG9rZW4gSFRUUC8x
LjEKICAgICBIb3N0OiBzZXJ2ZXIuZXhhbXBsZS5jb20KICAgICBBdXRob3JpemF0aW9uOiBCYXNp
YyBjelpDYUdSU2EzRjBNenBuV0RGbVFtRjBNMkpXCiAgICAgQ29udGVudC1UeXBlOiBhcHBsaWNh
dGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ7Y2hhcnNldD1VVEYtOAoKICAgICBncmFudF90eXBl
PXBhc3N3b3JkJnVzZXJuYW1lPWpvaG5kb2UmcGFzc3dvcmQ9QTNkZGozdwoKCiAgIFRoZSBhdXRo
b3JpemF0aW9uIHNlcnZlciBNVVNUOgoKCgoKCgpIYW1tZXIsIGV0IGFsLiAgICAgICAgICBFeHBp
cmVzIE5vdmVtYmVyIDI1LCAyMDEyICAgICAgICAgICAgICBbUGFnZSAzNl0KDApJbnRlcm5ldC1E
cmFmdCAgICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICAgTWF5
IDIwMTIKCgogICBvICByZXF1aXJlIGNsaWVudCBhdXRoZW50aWNhdGlvbiBmb3IgY29uZmlkZW50
aWFsIGNsaWVudHMgb3IgZm9yIGFueQogICAgICBjbGllbnQgdGhhdCB3YXMgaXNzdWVkIGNsaWVu
dCBjcmVkZW50aWFscyAob3Igd2l0aCBvdGhlcgogICAgICBhdXRoZW50aWNhdGlvbiByZXF1aXJl
bWVudHMpLAogICBvICBhdXRoZW50aWNhdGUgdGhlIGNsaWVudCBpZiBjbGllbnQgYXV0aGVudGlj
YXRpb24gaXMgaW5jbHVkZWQsIGFuZAogICBvICB2YWxpZGF0ZSB0aGUgcmVzb3VyY2Ugb3duZXIg
cGFzc3dvcmQgY3JlZGVudGlhbHMgdXNpbmcgaXRzCiAgICAgIGV4aXN0aW5nIHBhc3N3b3JkIHZh
bGlkYXRpb24gYWxnb3JpdGhtLgoKICAgU2luY2UgdGhpcyBhY2Nlc3MgdG9rZW4gcmVxdWVzdCB1
dGlsaXplcyB0aGUgcmVzb3VyY2Ugb3duZXIncwogICBwYXNzd29yZCwgdGhlIGF1dGhvcml6YXRp
b24gc2VydmVyIE1VU1QgcHJvdGVjdCB0aGUgZW5kcG9pbnQgYWdhaW5zdAogICBicnV0ZSBmb3Jj
ZSBhdHRhY2tzIChlLmcuIHVzaW5nIHJhdGUtbGltaXRhdGlvbiBvciBnZW5lcmF0aW5nCiAgIGFs
ZXJ0cykuCgo0LjMuMy4gIEFjY2VzcyBUb2tlbiBSZXNwb25zZQoKICAgSWYgdGhlIGFjY2VzcyB0
b2tlbiByZXF1ZXN0IGlzIHZhbGlkIGFuZCBhdXRob3JpemVkLCB0aGUKICAgYXV0aG9yaXphdGlv
biBzZXJ2ZXIgaXNzdWVzIGFuIGFjY2VzcyB0b2tlbiBhbmQgb3B0aW9uYWwgcmVmcmVzaAogICB0
b2tlbiBhcyBkZXNjcmliZWQgaW4gU2VjdGlvbiA1LjEuICBJZiB0aGUgcmVxdWVzdCBmYWlsZWQg
Y2xpZW50CiAgIGF1dGhlbnRpY2F0aW9uIG9yIGlzIGludmFsaWQsIHRoZSBhdXRob3JpemF0aW9u
IHNlcnZlciByZXR1cm5zIGFuCiAgIGVycm9yIHJlc3BvbnNlIGFzIGRlc2NyaWJlZCBpbiBTZWN0
aW9uIDUuMi4KCiAgIEFuIGV4YW1wbGUgc3VjY2Vzc2Z1bCByZXNwb25zZToKCgogICAgIEhUVFAv
MS4xIDIwMCBPSwogICAgIENvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vanNvbjtjaGFyc2V0PVVU
Ri04CiAgICAgQ2FjaGUtQ29udHJvbDogbm8tc3RvcmUKICAgICBQcmFnbWE6IG5vLWNhY2hlCgog
ICAgIHsKICAgICAgICJhY2Nlc3NfdG9rZW4iOiIyWW90bkZaRkVqcjF6Q3NpY01XcEFBIiwKICAg
ICAgICJ0b2tlbl90eXBlIjoiZXhhbXBsZSIsCiAgICAgICAiZXhwaXJlc19pbiI6MzYwMCwKICAg
ICAgICJyZWZyZXNoX3Rva2VuIjoidEd6djNKT2tGMFhHNVF4MlRsS1dJQSIsCiAgICAgICAiZXhh
bXBsZV9wYXJhbWV0ZXIiOiJleGFtcGxlX3ZhbHVlIgogICAgIH0KCgo0LjQuICBDbGllbnQgQ3Jl
ZGVudGlhbHMgR3JhbnQKCiAgIFRoZSBjbGllbnQgY2FuIHJlcXVlc3QgYW4gYWNjZXNzIHRva2Vu
IHVzaW5nIG9ubHkgaXRzIGNsaWVudAogICBjcmVkZW50aWFscyAob3Igb3RoZXIgc3VwcG9ydGVk
IG1lYW5zIG9mIGF1dGhlbnRpY2F0aW9uKSB3aGVuIHRoZQogICBjbGllbnQgaXMgcmVxdWVzdGlu
ZyBhY2Nlc3MgdG8gdGhlIHByb3RlY3RlZCByZXNvdXJjZXMgdW5kZXIgaXRzCiAgIGNvbnRyb2ws
IG9yIHRob3NlIG9mIGFub3RoZXIgcmVzb3VyY2Ugb3duZXIgd2hpY2ggaGFzIGJlZW4gcHJldmlv
dXNseQogICBhcnJhbmdlZCB3aXRoIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciAodGhlIG1ldGhv
ZCBvZiB3aGljaCBpcyBiZXlvbmQKICAgdGhlIHNjb3BlIG9mIHRoaXMgc3BlY2lmaWNhdGlvbiku
CgogICBUaGUgY2xpZW50IGNyZWRlbnRpYWxzIGdyYW50IHR5cGUgTVVTVCBvbmx5IGJlIHVzZWQg
YnkgY29uZmlkZW50aWFsCiAgIGNsaWVudHMuCgoKCkhhbW1lciwgZXQgYWwuICAgICAgICAgIEV4
cGlyZXMgTm92ZW1iZXIgMjUsIDIwMTIgICAgICAgICAgICAgIFtQYWdlIDM3XQoMCkludGVybmV0
LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAgICAgICAgICAgICAgICAgICBN
YXkgMjAxMgoKCiAgICAgKy0tLS0tLS0tLSsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgKy0tLS0tLS0tLS0tLS0tLSsKICAgICB8ICAgICAgICAgfCAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICB8ICAgICAgICAgICAgICAgfAogICAgIHwgICAgICAgICB8Pi0tKEEpLSBD
bGllbnQgQXV0aGVudGljYXRpb24gLS0tPnwgQXV0aG9yaXphdGlvbiB8CiAgICAgfCBDbGllbnQg
IHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgICAgU2VydmVyICAgIHwKICAg
ICB8ICAgICAgICAgfDwtLShCKS0tLS0gQWNjZXNzIFRva2VuIC0tLS0tLS0tLTx8ICAgICAgICAg
ICAgICAgfAogICAgIHwgICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
IHwgICAgICAgICAgICAgICB8CiAgICAgKy0tLS0tLS0tLSsgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgKy0tLS0tLS0tLS0tLS0tLSsKCgogICAgICAgICAgICAgICAgICAgICBGaWd1
cmUgNjogQ2xpZW50IENyZWRlbnRpYWxzIEZsb3cKCiAgIFRoZSBmbG93IGlsbHVzdHJhdGVkIGlu
IEZpZ3VyZSA2IGluY2x1ZGVzIHRoZSBmb2xsb3dpbmcgc3RlcHM6CgogICAoQSkgIFRoZSBjbGll
bnQgYXV0aGVudGljYXRlcyB3aXRoIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhbmQKICAgICAg
ICByZXF1ZXN0cyBhbiBhY2Nlc3MgdG9rZW4gZnJvbSB0aGUgdG9rZW4gZW5kcG9pbnQuCiAgIChC
KSAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGF1dGhlbnRpY2F0ZXMgdGhlIGNsaWVudCwgYW5k
IGlmIHZhbGlkCiAgICAgICAgaXNzdWVzIGFuIGFjY2VzcyB0b2tlbi4KCjQuNC4xLiAgQXV0aG9y
aXphdGlvbiBSZXF1ZXN0IGFuZCBSZXNwb25zZQoKICAgU2luY2UgdGhlIGNsaWVudCBhdXRoZW50
aWNhdGlvbiBpcyB1c2VkIGFzIHRoZSBhdXRob3JpemF0aW9uIGdyYW50LAogICBubyBhZGRpdGlv
bmFsIGF1dGhvcml6YXRpb24gcmVxdWVzdCBpcyBuZWVkZWQuCgo0LjQuMi4gIEFjY2VzcyBUb2tl
biBSZXF1ZXN0CgogICBUaGUgY2xpZW50IG1ha2VzIGEgcmVxdWVzdCB0byB0aGUgdG9rZW4gZW5k
cG9pbnQgYnkgYWRkaW5nIHRoZQogICBmb2xsb3dpbmcgcGFyYW1ldGVycyB1c2luZyB0aGUgImFw
cGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZCIKICAgZm9ybWF0IGluIHRoZSBIVFRQIHJl
cXVlc3QgZW50aXR5LWJvZHk6CgogICBncmFudF90eXBlCiAgICAgICAgIFJFUVVJUkVELiAgVmFs
dWUgTVVTVCBiZSBzZXQgdG8gImNsaWVudF9jcmVkZW50aWFscyIuCiAgIHNjb3BlCiAgICAgICAg
IE9QVElPTkFMLiAgVGhlIHNjb3BlIG9mIHRoZSBhY2Nlc3MgcmVxdWVzdCBhcyBkZXNjcmliZWQg
YnkKICAgICAgICAgU2VjdGlvbiAzLjMuCgogICBUaGUgY2xpZW50IE1VU1QgYXV0aGVudGljYXRl
IHdpdGggdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGFzCiAgIGRlc2NyaWJlZCBpbiBTZWN0aW9u
IDMuMi4xLgoKICAgRm9yIGV4YW1wbGUsIHRoZSBjbGllbnQgbWFrZXMgdGhlIGZvbGxvd2luZyBI
VFRQIHJlcXVlc3QgdXNpbmcKICAgdHJhbnNwb3J0LWxheWVyIHNlY3VyaXR5IChleHRyYSBsaW5l
IGJyZWFrcyBhcmUgZm9yIGRpc3BsYXkgcHVycG9zZXMKICAgb25seSk6CgoKICAgICBQT1NUIC90
b2tlbiBIVFRQLzEuMQogICAgIEhvc3Q6IHNlcnZlci5leGFtcGxlLmNvbQogICAgIEF1dGhvcml6
YXRpb246IEJhc2ljIGN6WkNhR1JTYTNGME16cG5XREZtUW1GME0ySlcKICAgICBDb250ZW50LVR5
cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZDtjaGFyc2V0PVVURi04CgoKCgpI
YW1tZXIsIGV0IGFsLiAgICAgICAgICBFeHBpcmVzIE5vdmVtYmVyIDI1LCAyMDEyICAgICAgICAg
ICAgICBbUGFnZSAzOF0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIE9BdXRoIDIu
MCAgICAgICAgICAgICAgICAgICAgICAgTWF5IDIwMTIKCgogICAgIGdyYW50X3R5cGU9Y2xpZW50
X2NyZWRlbnRpYWxzCgoKICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgYXV0aGVudGlj
YXRlIHRoZSBjbGllbnQuCgo0LjQuMy4gIEFjY2VzcyBUb2tlbiBSZXNwb25zZQoKICAgSWYgdGhl
IGFjY2VzcyB0b2tlbiByZXF1ZXN0IGlzIHZhbGlkIGFuZCBhdXRob3JpemVkLCB0aGUKICAgYXV0
aG9yaXphdGlvbiBzZXJ2ZXIgaXNzdWVzIGFuIGFjY2VzcyB0b2tlbiBhcyBkZXNjcmliZWQgaW4K
ICAgU2VjdGlvbiA1LjEuICBBIHJlZnJlc2ggdG9rZW4gU0hPVUxEIE5PVCBiZSBpbmNsdWRlZC4g
IElmIHRoZSByZXF1ZXN0CiAgIGZhaWxlZCBjbGllbnQgYXV0aGVudGljYXRpb24gb3IgaXMgaW52
YWxpZCwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyCiAgIHJldHVybnMgYW4gZXJyb3IgcmVzcG9u
c2UgYXMgZGVzY3JpYmVkIGluIFNlY3Rpb24gNS4yLgoKICAgQW4gZXhhbXBsZSBzdWNjZXNzZnVs
IHJlc3BvbnNlOgoKCiAgICAgSFRUUC8xLjEgMjAwIE9LCiAgICAgQ29udGVudC1UeXBlOiBhcHBs
aWNhdGlvbi9qc29uO2NoYXJzZXQ9VVRGLTgKICAgICBDYWNoZS1Db250cm9sOiBuby1zdG9yZQog
ICAgIFByYWdtYTogbm8tY2FjaGUKCiAgICAgewogICAgICAgImFjY2Vzc190b2tlbiI6IjJZb3Ru
RlpGRWpyMXpDc2ljTVdwQUEiLAogICAgICAgInRva2VuX3R5cGUiOiJleGFtcGxlIiwKICAgICAg
ICJleHBpcmVzX2luIjozNjAwLAogICAgICAgImV4YW1wbGVfcGFyYW1ldGVyIjoiZXhhbXBsZV92
YWx1ZSIKICAgICB9CgoKNC41LiAgRXh0ZW5zaW9uIEdyYW50cwoKICAgVGhlIGNsaWVudCB1c2Vz
IGFuIGV4dGVuc2lvbiBncmFudCB0eXBlIGJ5IHNwZWNpZnlpbmcgdGhlIGdyYW50IHR5cGUKICAg
dXNpbmcgYW4gYWJzb2x1dGUgVVJJIChkZWZpbmVkIGJ5IHRoZSBhdXRob3JpemF0aW9uIHNlcnZl
cikgYXMgdGhlCiAgIHZhbHVlIG9mIHRoZSAiZ3JhbnRfdHlwZSIgcGFyYW1ldGVyIG9mIHRoZSB0
b2tlbiBlbmRwb2ludCwgYW5kIGJ5CiAgIGFkZGluZyBhbnkgYWRkaXRpb25hbCBwYXJhbWV0ZXJz
IG5lY2Vzc2FyeS4KCiAgIEZvciBleGFtcGxlLCB0byByZXF1ZXN0IGFuIGFjY2VzcyB0b2tlbiB1
c2luZyBhIFNBTUwgMi4wIGFzc2VydGlvbgogICBncmFudCB0eXBlIGFzIGRlZmluZWQgYnkgW0kt
RC5pZXRmLW9hdXRoLXNhbWwyLWJlYXJlcl0sIHRoZSBjbGllbnQKICAgbWFrZXMgdGhlIGZvbGxv
d2luZyBIVFRQIHJlcXVlc3QgdXNpbmcgVExTIChsaW5lIGJyZWFrcyBhcmUgZm9yCiAgIGRpc3Bs
YXkgcHVycG9zZXMgb25seSk6CgoKICAgICBQT1NUIC90b2tlbiBIVFRQLzEuMQogICAgIEhvc3Q6
IHNlcnZlci5leGFtcGxlLmNvbQogICAgIENvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ct
Zm9ybS11cmxlbmNvZGVkO2NoYXJzZXQ9VVRGLTgKCiAgICAgZ3JhbnRfdHlwZT11cm4lM0FpZXRm
JTNBcGFyYW1zJTNBb2F1dGglM0FncmFudC10eXBlJTNBc2FtbDItCiAgICAgYmVhcmVyJmFzc2Vy
dGlvbj1QRUZ6YzJWeWRHbHZiaUJKYzNOMVpVbHVjM1JoYm5ROUlqSXdNVEV0TURVCgoKCkhhbW1l
ciwgZXQgYWwuICAgICAgICAgIEV4cGlyZXMgTm92ZW1iZXIgMjUsIDIwMTIgICAgICAgICAgICAg
IFtQYWdlIDM5XQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAg
ICAgICAgICAgICAgICAgICAgICBNYXkgMjAxMgoKCiAgICAgWy4uLm9taXR0ZWQgZm9yIGJyZXZp
dHkuLi5dYUc1VGRHRjBaVzFsYm5RLVBDOUJjM05sY25ScGIyNC0KCgogICBJZiB0aGUgYWNjZXNz
IHRva2VuIHJlcXVlc3QgaXMgdmFsaWQgYW5kIGF1dGhvcml6ZWQsIHRoZQogICBhdXRob3JpemF0
aW9uIHNlcnZlciBpc3N1ZXMgYW4gYWNjZXNzIHRva2VuIGFuZCBvcHRpb25hbCByZWZyZXNoCiAg
IHRva2VuIGFzIGRlc2NyaWJlZCBpbiBTZWN0aW9uIDUuMS4gIElmIHRoZSByZXF1ZXN0IGZhaWxl
ZCBjbGllbnQKICAgYXV0aGVudGljYXRpb24gb3IgaXMgaW52YWxpZCwgdGhlIGF1dGhvcml6YXRp
b24gc2VydmVyIHJldHVybnMgYW4KICAgZXJyb3IgcmVzcG9uc2UgYXMgZGVzY3JpYmVkIGluIFNl
Y3Rpb24gNS4yLgoKCjUuICBJc3N1aW5nIGFuIEFjY2VzcyBUb2tlbgoKICAgSWYgdGhlIGFjY2Vz
cyB0b2tlbiByZXF1ZXN0IGlzIHZhbGlkIGFuZCBhdXRob3JpemVkLCB0aGUKICAgYXV0aG9yaXph
dGlvbiBzZXJ2ZXIgaXNzdWVzIGFuIGFjY2VzcyB0b2tlbiBhbmQgb3B0aW9uYWwgcmVmcmVzaAog
ICB0b2tlbiBhcyBkZXNjcmliZWQgaW4gU2VjdGlvbiA1LjEuICBJZiB0aGUgcmVxdWVzdCBmYWls
ZWQgY2xpZW50CiAgIGF1dGhlbnRpY2F0aW9uIG9yIGlzIGludmFsaWQsIHRoZSBhdXRob3JpemF0
aW9uIHNlcnZlciByZXR1cm5zIGFuCiAgIGVycm9yIHJlc3BvbnNlIGFzIGRlc2NyaWJlZCBpbiBT
ZWN0aW9uIDUuMi4KCjUuMS4gIFN1Y2Nlc3NmdWwgUmVzcG9uc2UKCiAgIFRoZSBhdXRob3JpemF0
aW9uIHNlcnZlciBpc3N1ZXMgYW4gYWNjZXNzIHRva2VuIGFuZCBvcHRpb25hbCByZWZyZXNoCiAg
IHRva2VuLCBhbmQgY29uc3RydWN0cyB0aGUgcmVzcG9uc2UgYnkgYWRkaW5nIHRoZSBmb2xsb3dp
bmcgcGFyYW1ldGVycwogICB0byB0aGUgZW50aXR5IGJvZHkgb2YgdGhlIEhUVFAgcmVzcG9uc2Ug
d2l0aCBhIDIwMCAoT0spIHN0YXR1cyBjb2RlOgoKICAgYWNjZXNzX3Rva2VuCiAgICAgICAgIFJF
UVVJUkVELiAgVGhlIGFjY2VzcyB0b2tlbiBpc3N1ZWQgYnkgdGhlIGF1dGhvcml6YXRpb24gc2Vy
dmVyLgogICB0b2tlbl90eXBlCiAgICAgICAgIFJFUVVJUkVELiAgVGhlIHR5cGUgb2YgdGhlIHRv
a2VuIGlzc3VlZCBhcyBkZXNjcmliZWQgaW4KICAgICAgICAgU2VjdGlvbiA3LjEuICBWYWx1ZSBp
cyBjYXNlIGluc2Vuc2l0aXZlLgogICBleHBpcmVzX2luCiAgICAgICAgIFJFQ09NTUVOREVELiAg
VGhlIGxpZmV0aW1lIGluIHNlY29uZHMgb2YgdGhlIGFjY2VzcyB0b2tlbi4gIEZvcgogICAgICAg
ICBleGFtcGxlLCB0aGUgdmFsdWUgIjM2MDAiIGRlbm90ZXMgdGhhdCB0aGUgYWNjZXNzIHRva2Vu
IHdpbGwKICAgICAgICAgZXhwaXJlIGluIG9uZSBob3VyIGZyb20gdGhlIHRpbWUgdGhlIHJlc3Bv
bnNlIHdhcyBnZW5lcmF0ZWQuCiAgICAgICAgIElmIG9taXR0ZWQsIHRoZSBhdXRob3JpemF0aW9u
IHNlcnZlciBTSE9VTEQgcHJvdmlkZSB0aGUKICAgICAgICAgZXhwaXJhdGlvbiB0aW1lIHZpYSBv
dGhlciBtZWFucyBvciBkb2N1bWVudCB0aGUgZGVmYXVsdCB2YWx1ZS4KICAgcmVmcmVzaF90b2tl
bgogICAgICAgICBPUFRJT05BTC4gIFRoZSByZWZyZXNoIHRva2VuIHdoaWNoIGNhbiBiZSB1c2Vk
IHRvIG9idGFpbiBuZXcKICAgICAgICAgYWNjZXNzIHRva2VucyB1c2luZyB0aGUgc2FtZSBhdXRo
b3JpemF0aW9uIGdyYW50IGFzIGRlc2NyaWJlZAogICAgICAgICBpbiBTZWN0aW9uIDYuCiAgIHNj
b3BlCiAgICAgICAgIE9QVElPTkFMLCBpZiBpZGVudGljYWwgdG8gdGhlIHNjb3BlIHJlcXVlc3Rl
ZCBieSB0aGUgY2xpZW50LAogICAgICAgICBvdGhlcndpc2UgUkVRVUlSRUQuICBUaGUgc2NvcGUg
b2YgdGhlIGFjY2VzcyB0b2tlbiBhcyBkZXNjcmliZWQKICAgICAgICAgYnkgU2VjdGlvbiAzLjMu
CgogICBUaGUgcGFyYW1ldGVycyBhcmUgaW5jbHVkZWQgaW4gdGhlIGVudGl0eSBib2R5IG9mIHRo
ZSBIVFRQIHJlc3BvbnNlCiAgIHVzaW5nIHRoZSAiYXBwbGljYXRpb24vanNvbiIgbWVkaWEgdHlw
ZSBhcyBkZWZpbmVkIGJ5IFtSRkM0NjI3XS4gIFRoZQogICBwYXJhbWV0ZXJzIGFyZSBzZXJpYWxp
emVkIGludG8gYSBKU09OIHN0cnVjdHVyZSBieSBhZGRpbmcgZWFjaAogICBwYXJhbWV0ZXIgYXQg
dGhlIGhpZ2hlc3Qgc3RydWN0dXJlIGxldmVsLiAgUGFyYW1ldGVyIG5hbWVzIGFuZCBzdHJpbmcK
CgoKSGFtbWVyLCBldCBhbC4gICAgICAgICAgRXhwaXJlcyBOb3ZlbWJlciAyNSwgMjAxMiAgICAg
ICAgICAgICAgW1BhZ2UgNDBdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBPQXV0
aCAyLjAgICAgICAgICAgICAgICAgICAgICAgIE1heSAyMDEyCgoKICAgdmFsdWVzIGFyZSBpbmNs
dWRlZCBhcyBKU09OIHN0cmluZ3MuICBOdW1lcmljYWwgdmFsdWVzIGFyZSBpbmNsdWRlZAogICBh
cyBKU09OIG51bWJlcnMuICBUaGUgb3JkZXIgb2YgcGFyYW1ldGVycyBkb2VzIG5vdCBtYXR0ZXIg
YW5kIGNhbgogICB2YXJ5LgoKICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgaW5jbHVk
ZSB0aGUgSFRUUCAiQ2FjaGUtQ29udHJvbCIKICAgcmVzcG9uc2UgaGVhZGVyIGZpZWxkIFtSRkMy
NjE2XSB3aXRoIGEgdmFsdWUgb2YgIm5vLXN0b3JlIiBpbiBhbnkKICAgcmVzcG9uc2UgY29udGFp
bmluZyB0b2tlbnMsIGNyZWRlbnRpYWxzLCBvciBvdGhlciBzZW5zaXRpdmUKICAgaW5mb3JtYXRp
b24sIGFzIHdlbGwgYXMgdGhlICJQcmFnbWEiIHJlc3BvbnNlIGhlYWRlciBmaWVsZCBbUkZDMjYx
Nl0KICAgd2l0aCBhIHZhbHVlIG9mICJuby1jYWNoZSIuCgogICBGb3IgZXhhbXBsZToKCgogICAg
IEhUVFAvMS4xIDIwMCBPSwogICAgIENvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vanNvbjtjaGFy
c2V0PVVURi04CiAgICAgQ2FjaGUtQ29udHJvbDogbm8tc3RvcmUKICAgICBQcmFnbWE6IG5vLWNh
Y2hlCgogICAgIHsKICAgICAgICJhY2Nlc3NfdG9rZW4iOiIyWW90bkZaRkVqcjF6Q3NpY01XcEFB
IiwKICAgICAgICJ0b2tlbl90eXBlIjoiZXhhbXBsZSIsCiAgICAgICAiZXhwaXJlc19pbiI6MzYw
MCwKICAgICAgICJyZWZyZXNoX3Rva2VuIjoidEd6djNKT2tGMFhHNVF4MlRsS1dJQSIsCiAgICAg
ICAiZXhhbXBsZV9wYXJhbWV0ZXIiOiJleGFtcGxlX3ZhbHVlIgogICAgIH0KCgogICBUaGUgY2xp
ZW50IE1VU1QgaWdub3JlIHVucmVjb2duaXplZCB2YWx1ZSBuYW1lcyBpbiB0aGUgcmVzcG9uc2Uu
ICBUaGUKICAgc2l6ZXMgb2YgdG9rZW5zIGFuZCBvdGhlciB2YWx1ZXMgcmVjZWl2ZWQgZnJvbSB0
aGUgYXV0aG9yaXphdGlvbgogICBzZXJ2ZXIgYXJlIGxlZnQgdW5kZWZpbmVkLiAgVGhlIGNsaWVu
dCBzaG91bGQgYXZvaWQgbWFraW5nCiAgIGFzc3VtcHRpb25zIGFib3V0IHZhbHVlIHNpemVzLiAg
VGhlIGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRAogICBkb2N1bWVudCB0aGUgc2l6ZSBvZiBh
bnkgdmFsdWUgaXQgaXNzdWVzLgoKNS4yLiAgRXJyb3IgUmVzcG9uc2UKCiAgIFRoZSBhdXRob3Jp
emF0aW9uIHNlcnZlciByZXNwb25kcyB3aXRoIGFuIEhUVFAgNDAwIChCYWQgUmVxdWVzdCkKICAg
c3RhdHVzIGNvZGUgKHVubGVzcyBzcGVjaWZpZWQgb3RoZXJ3aXNlKSBhbmQgaW5jbHVkZXMgdGhl
IGZvbGxvd2luZwogICBwYXJhbWV0ZXJzIHdpdGggdGhlIHJlc3BvbnNlOgoKICAgZXJyb3IKICAg
ICAgICAgUkVRVUlSRUQuICBBIHNpbmdsZSBBU0NJSSBbVVNBU0NJSV0gZXJyb3IgY29kZSBmcm9t
IHRoZQogICAgICAgICBmb2xsb3dpbmc6CiAgICAgICAgIGludmFsaWRfcmVxdWVzdAogICAgICAg
ICAgICAgICBUaGUgcmVxdWVzdCBpcyBtaXNzaW5nIGEgcmVxdWlyZWQgcGFyYW1ldGVyLCBpbmNs
dWRlcyBhbgogICAgICAgICAgICAgICB1bnN1cHBvcnRlZCBwYXJhbWV0ZXIgdmFsdWUgKG90aGVy
IHRoYW4gZ3JhbnQgdHlwZSksCiAgICAgICAgICAgICAgIHJlcGVhdHMgYSBwYXJhbWV0ZXIsIGlu
Y2x1ZGVzIG11bHRpcGxlIGNyZWRlbnRpYWxzLAogICAgICAgICAgICAgICB1dGlsaXplcyBtb3Jl
IHRoYW4gb25lIG1lY2hhbmlzbSBmb3IgYXV0aGVudGljYXRpbmcgdGhlCiAgICAgICAgICAgICAg
IGNsaWVudCwgb3IgaXMgb3RoZXJ3aXNlIG1hbGZvcm1lZC4KCgoKSGFtbWVyLCBldCBhbC4gICAg
ICAgICAgRXhwaXJlcyBOb3ZlbWJlciAyNSwgMjAxMiAgICAgICAgICAgICAgW1BhZ2UgNDFdCgwK
SW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAg
ICAgICAgIE1heSAyMDEyCgoKICAgICAgICAgaW52YWxpZF9jbGllbnQKICAgICAgICAgICAgICAg
Q2xpZW50IGF1dGhlbnRpY2F0aW9uIGZhaWxlZCAoZS5nLiB1bmtub3duIGNsaWVudCwgbm8KICAg
ICAgICAgICAgICAgY2xpZW50IGF1dGhlbnRpY2F0aW9uIGluY2x1ZGVkLCBvciB1bnN1cHBvcnRl
ZAogICAgICAgICAgICAgICBhdXRoZW50aWNhdGlvbiBtZXRob2QpLiAgVGhlIGF1dGhvcml6YXRp
b24gc2VydmVyIE1BWQogICAgICAgICAgICAgICByZXR1cm4gYW4gSFRUUCA0MDEgKFVuYXV0aG9y
aXplZCkgc3RhdHVzIGNvZGUgdG8gaW5kaWNhdGUKICAgICAgICAgICAgICAgd2hpY2ggSFRUUCBh
dXRoZW50aWNhdGlvbiBzY2hlbWVzIGFyZSBzdXBwb3J0ZWQuICBJZiB0aGUKICAgICAgICAgICAg
ICAgY2xpZW50IGF0dGVtcHRlZCB0byBhdXRoZW50aWNhdGUgdmlhIHRoZSAiQXV0aG9yaXphdGlv
biIKICAgICAgICAgICAgICAgcmVxdWVzdCBoZWFkZXIgZmllbGQsIHRoZSBhdXRob3JpemF0aW9u
IHNlcnZlciBNVVNUCiAgICAgICAgICAgICAgIHJlc3BvbmQgd2l0aCBhbiBIVFRQIDQwMSAoVW5h
dXRob3JpemVkKSBzdGF0dXMgY29kZSwgYW5kCiAgICAgICAgICAgICAgIGluY2x1ZGUgdGhlICJX
V1ctQXV0aGVudGljYXRlIiByZXNwb25zZSBoZWFkZXIgZmllbGQKICAgICAgICAgICAgICAgbWF0
Y2hpbmcgdGhlIGF1dGhlbnRpY2F0aW9uIHNjaGVtZSB1c2VkIGJ5IHRoZSBjbGllbnQuCiAgICAg
ICAgIGludmFsaWRfZ3JhbnQKICAgICAgICAgICAgICAgVGhlIHByb3ZpZGVkIGF1dGhvcml6YXRp
b24gZ3JhbnQgKGUuZy4gYXV0aG9yaXphdGlvbgogICAgICAgICAgICAgICBjb2RlLCByZXNvdXJj
ZSBvd25lciBjcmVkZW50aWFscykgb3IgcmVmcmVzaCB0b2tlbiBpcwogICAgICAgICAgICAgICBp
bnZhbGlkLCBleHBpcmVkLCByZXZva2VkLCBkb2VzIG5vdCBtYXRjaCB0aGUgcmVkaXJlY3Rpb24K
ICAgICAgICAgICAgICAgVVJJIHVzZWQgaW4gdGhlIGF1dGhvcml6YXRpb24gcmVxdWVzdCwgb3Ig
d2FzIGlzc3VlZCB0bwogICAgICAgICAgICAgICBhbm90aGVyIGNsaWVudC4KICAgICAgICAgdW5h
dXRob3JpemVkX2NsaWVudAogICAgICAgICAgICAgICBUaGUgYXV0aGVudGljYXRlZCBjbGllbnQg
aXMgbm90IGF1dGhvcml6ZWQgdG8gdXNlIHRoaXMKICAgICAgICAgICAgICAgYXV0aG9yaXphdGlv
biBncmFudCB0eXBlLgogICAgICAgICB1bnN1cHBvcnRlZF9ncmFudF90eXBlCiAgICAgICAgICAg
ICAgIFRoZSBhdXRob3JpemF0aW9uIGdyYW50IHR5cGUgaXMgbm90IHN1cHBvcnRlZCBieSB0aGUK
ICAgICAgICAgICAgICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuCiAgICAgICAgIGludmFsaWRfc2Nv
cGUKICAgICAgICAgICAgICAgVGhlIHJlcXVlc3RlZCBzY29wZSBpcyBpbnZhbGlkLCB1bmtub3du
LCBtYWxmb3JtZWQsIG9yCiAgICAgICAgICAgICAgIGV4Y2VlZHMgdGhlIHNjb3BlIGdyYW50ZWQg
YnkgdGhlIHJlc291cmNlIG93bmVyLgogICAgICAgICBWYWx1ZXMgZm9yIHRoZSAiZXJyb3IiIHBh
cmFtZXRlciBNVVNUIE5PVCBpbmNsdWRlIGNoYXJhY3RlcnMKICAgICAgICAgb3V0c2lkZSB0aGUg
c2V0ICV4MjAtMjEgLyAleDIzLTVCIC8gJXg1RC03RS4KICAgZXJyb3JfZGVzY3JpcHRpb24KICAg
ICAgICAgT1BUSU9OQUwuICBBIGh1bWFuLXJlYWRhYmxlIEFTQ0lJIFtVU0FTQ0lJXSB0ZXh0IHBy
b3ZpZGluZwogICAgICAgICBhZGRpdGlvbmFsIGluZm9ybWF0aW9uLCB1c2VkIHRvIGFzc2lzdCB0
aGUgY2xpZW50IGRldmVsb3BlciBpbgogICAgICAgICB1bmRlcnN0YW5kaW5nIHRoZSBlcnJvciB0
aGF0IG9jY3VycmVkLgogICAgICAgICBWYWx1ZXMgZm9yIHRoZSAiZXJyb3JfZGVzY3JpcHRpb24i
IHBhcmFtZXRlciBNVVNUIE5PVCBpbmNsdWRlCiAgICAgICAgIGNoYXJhY3RlcnMgb3V0c2lkZSB0
aGUgc2V0ICV4MjAtMjEgLyAleDIzLTVCIC8gJXg1RC03RS4KICAgZXJyb3JfdXJpCiAgICAgICAg
IE9QVElPTkFMLiAgQSBVUkkgaWRlbnRpZnlpbmcgYSBodW1hbi1yZWFkYWJsZSB3ZWIgcGFnZSB3
aXRoCiAgICAgICAgIGluZm9ybWF0aW9uIGFib3V0IHRoZSBlcnJvciwgdXNlZCB0byBwcm92aWRl
IHRoZSBjbGllbnQKICAgICAgICAgZGV2ZWxvcGVyIHdpdGggYWRkaXRpb25hbCBpbmZvcm1hdGlv
biBhYm91dCB0aGUgZXJyb3IuCiAgICAgICAgIFZhbHVlcyBmb3IgdGhlICJlcnJvcl91cmkiIHBh
cmFtZXRlciBNVVNUIGNvbmZvcm0gdG8gdGhlIFVSSS0KICAgICAgICAgUmVmZXJlbmNlIHN5bnRh
eCwgYW5kIHRodXMgTVVTVCBOT1QgaW5jbHVkZSBjaGFyYWN0ZXJzIG91dHNpZGUKICAgICAgICAg
dGhlIHNldCAleDIxIC8gJXgyMy01QiAvICV4NUQtN0UuCgogICBUaGUgcGFyYW1ldGVycyBhcmUg
aW5jbHVkZWQgaW4gdGhlIGVudGl0eSBib2R5IG9mIHRoZSBIVFRQIHJlc3BvbnNlCiAgIHVzaW5n
IHRoZSAiYXBwbGljYXRpb24vanNvbiIgbWVkaWEgdHlwZSBhcyBkZWZpbmVkIGJ5IFtSRkM0NjI3
XS4gIFRoZQogICBwYXJhbWV0ZXJzIGFyZSBzZXJpYWxpemVkIGludG8gYSBKU09OIHN0cnVjdHVy
ZSBieSBhZGRpbmcgZWFjaAogICBwYXJhbWV0ZXIgYXQgdGhlIGhpZ2hlc3Qgc3RydWN0dXJlIGxl
dmVsLiAgUGFyYW1ldGVyIG5hbWVzIGFuZCBzdHJpbmcKICAgdmFsdWVzIGFyZSBpbmNsdWRlZCBh
cyBKU09OIHN0cmluZ3MuICBOdW1lcmljYWwgdmFsdWVzIGFyZSBpbmNsdWRlZAogICBhcyBKU09O
IG51bWJlcnMuICBUaGUgb3JkZXIgb2YgcGFyYW1ldGVycyBkb2VzIG5vdCBtYXR0ZXIgYW5kIGNh
bgoKCgpIYW1tZXIsIGV0IGFsLiAgICAgICAgICBFeHBpcmVzIE5vdmVtYmVyIDI1LCAyMDEyICAg
ICAgICAgICAgICBbUGFnZSA0Ml0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIE9B
dXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICAgTWF5IDIwMTIKCgogICB2YXJ5LgoKICAgRm9y
IGV4YW1wbGU6CgoKICAgICBIVFRQLzEuMSA0MDAgQmFkIFJlcXVlc3QKICAgICBDb250ZW50LVR5
cGU6IGFwcGxpY2F0aW9uL2pzb247Y2hhcnNldD1VVEYtOAogICAgIENhY2hlLUNvbnRyb2w6IG5v
LXN0b3JlCiAgICAgUHJhZ21hOiBuby1jYWNoZQoKICAgICB7CiAgICAgICAiZXJyb3IiOiJpbnZh
bGlkX3JlcXVlc3QiCiAgICAgfQoKCgo2LiAgUmVmcmVzaGluZyBhbiBBY2Nlc3MgVG9rZW4KCiAg
IElmIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBpc3N1ZWQgYSByZWZyZXNoIHRva2VuIHRvIHRo
ZSBjbGllbnQsIHRoZQogICBjbGllbnQgbWFrZXMgYSByZWZyZXNoIHJlcXVlc3QgdG8gdGhlIHRv
a2VuIGVuZHBvaW50IGJ5IGFkZGluZyB0aGUKICAgZm9sbG93aW5nIHBhcmFtZXRlcnMgdXNpbmcg
dGhlICJhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQiCiAgIGZvcm1hdCBpbiB0aGUg
SFRUUCByZXF1ZXN0IGVudGl0eS1ib2R5OgoKICAgZ3JhbnRfdHlwZQogICAgICAgICBSRVFVSVJF
RC4gIFZhbHVlIE1VU1QgYmUgc2V0IHRvICJyZWZyZXNoX3Rva2VuIi4KICAgcmVmcmVzaF90b2tl
bgogICAgICAgICBSRVFVSVJFRC4gIFRoZSByZWZyZXNoIHRva2VuIGlzc3VlZCB0byB0aGUgY2xp
ZW50LgogICBzY29wZQogICAgICAgICBPUFRJT05BTC4gIFRoZSBzY29wZSBvZiB0aGUgYWNjZXNz
IHJlcXVlc3QgYXMgZGVzY3JpYmVkIGJ5CiAgICAgICAgIFNlY3Rpb24gMy4zLiAgVGhlIHJlcXVl
c3RlZCBzY29wZSBNVVNUIE5PVCBpbmNsdWRlIGFueSBzY29wZQogICAgICAgICBub3Qgb3JpZ2lu
YWxseSBncmFudGVkIGJ5IHRoZSByZXNvdXJjZSBvd25lciwgYW5kIGlmIG9taXR0ZWQgaXMKICAg
ICAgICAgdHJlYXRlZCBhcyBlcXVhbCB0byB0aGUgc2NvcGUgb3JpZ2luYWxseSBncmFudGVkIGJ5
IHRoZQogICAgICAgICByZXNvdXJjZSBvd25lci4KCiAgIEJlY2F1c2UgcmVmcmVzaCB0b2tlbnMg
YXJlIHR5cGljYWxseSBsb25nLWxhc3RpbmcgY3JlZGVudGlhbHMgdXNlZCB0bwogICByZXF1ZXN0
IGFkZGl0aW9uYWwgYWNjZXNzIHRva2VucywgdGhlIHJlZnJlc2ggdG9rZW4gaXMgYm91bmQgdG8g
dGhlCiAgIGNsaWVudCB3aGljaCBpdCB3YXMgaXNzdWVkLiAgSWYgdGhlIGNsaWVudCB0eXBlIGlz
IGNvbmZpZGVudGlhbCBvcgogICB0aGUgY2xpZW50IHdhcyBpc3N1ZWQgY2xpZW50IGNyZWRlbnRp
YWxzIChvciBhc3NpZ25lZCBvdGhlcgogICBhdXRoZW50aWNhdGlvbiByZXF1aXJlbWVudHMpLCB0
aGUgY2xpZW50IE1VU1QgYXV0aGVudGljYXRlIHdpdGggdGhlCiAgIGF1dGhvcml6YXRpb24gc2Vy
dmVyIGFzIGRlc2NyaWJlZCBpbiBTZWN0aW9uIDMuMi4xLgoKCgoKCgoKCgoKCkhhbW1lciwgZXQg
YWwuICAgICAgICAgIEV4cGlyZXMgTm92ZW1iZXIgMjUsIDIwMTIgICAgICAgICAgICAgIFtQYWdl
IDQzXQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAgICAg
ICAgICAgICAgICAgICBNYXkgMjAxMgoKCiAgIEZvciBleGFtcGxlLCB0aGUgY2xpZW50IG1ha2Vz
IHRoZSBmb2xsb3dpbmcgSFRUUCByZXF1ZXN0IHVzaW5nCiAgIHRyYW5zcG9ydC1sYXllciBzZWN1
cml0eSAoZXh0cmEgbGluZSBicmVha3MgYXJlIGZvciBkaXNwbGF5IHB1cnBvc2VzCiAgIG9ubHkp
OgoKCiAgICAgUE9TVCAvdG9rZW4gSFRUUC8xLjEKICAgICBIb3N0OiBzZXJ2ZXIuZXhhbXBsZS5j
b20KICAgICBBdXRob3JpemF0aW9uOiBCYXNpYyBjelpDYUdSU2EzRjBNenBuV0RGbVFtRjBNMkpX
CiAgICAgQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ7Y2hh
cnNldD1VVEYtOAoKICAgICBncmFudF90eXBlPXJlZnJlc2hfdG9rZW4mcmVmcmVzaF90b2tlbj10
R3p2M0pPa0YwWEc1UXgyVGxLV0lBCgoKICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1Q6
CgogICBvICByZXF1aXJlIGNsaWVudCBhdXRoZW50aWNhdGlvbiBmb3IgY29uZmlkZW50aWFsIGNs
aWVudHMgb3IgZm9yIGFueQogICAgICBjbGllbnQgdGhhdCB3YXMgaXNzdWVkIGNsaWVudCBjcmVk
ZW50aWFscyAob3Igd2l0aCBvdGhlcgogICAgICBhdXRoZW50aWNhdGlvbiByZXF1aXJlbWVudHMp
LAogICBvICBhdXRoZW50aWNhdGUgdGhlIGNsaWVudCBpZiBjbGllbnQgYXV0aGVudGljYXRpb24g
aXMgaW5jbHVkZWQgYW5kCiAgICAgIGVuc3VyZSB0aGUgcmVmcmVzaCB0b2tlbiB3YXMgaXNzdWVk
IHRvIHRoZSBhdXRoZW50aWNhdGVkIGNsaWVudCwKICAgICAgYW5kCiAgIG8gIHZhbGlkYXRlIHRo
ZSByZWZyZXNoIHRva2VuLgoKICAgSWYgdmFsaWQgYW5kIGF1dGhvcml6ZWQsIHRoZSBhdXRob3Jp
emF0aW9uIHNlcnZlciBpc3N1ZXMgYW4gYWNjZXNzCiAgIHRva2VuIGFzIGRlc2NyaWJlZCBpbiBT
ZWN0aW9uIDUuMS4gIElmIHRoZSByZXF1ZXN0IGZhaWxlZAogICB2ZXJpZmljYXRpb24gb3IgaXMg
aW52YWxpZCwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHJldHVybnMgYW4gZXJyb3IKICAgcmVz
cG9uc2UgYXMgZGVzY3JpYmVkIGluIFNlY3Rpb24gNS4yLgoKICAgVGhlIGF1dGhvcml6YXRpb24g
c2VydmVyIE1BWSBpc3N1ZSBhIG5ldyByZWZyZXNoIHRva2VuLCBpbiB3aGljaCBjYXNlCiAgIHRo
ZSBjbGllbnQgTVVTVCBkaXNjYXJkIHRoZSBvbGQgcmVmcmVzaCB0b2tlbiBhbmQgcmVwbGFjZSBp
dCB3aXRoIHRoZQogICBuZXcgcmVmcmVzaCB0b2tlbi4gIFRoZSBhdXRob3JpemF0aW9uIHNlcnZl
ciBNQVkgcmV2b2tlIHRoZSBvbGQKICAgcmVmcmVzaCB0b2tlbiBhZnRlciBpc3N1aW5nIGEgbmV3
IHJlZnJlc2ggdG9rZW4gdG8gdGhlIGNsaWVudC4gIElmIGEKICAgbmV3IHJlZnJlc2ggdG9rZW4g
aXMgaXNzdWVkLCB0aGUgcmVmcmVzaCB0b2tlbiBzY29wZSBNVVNUIGJlCiAgIGlkZW50aWNhbCB0
byB0aGF0IG9mIHRoZSByZWZyZXNoIHRva2VuIGluY2x1ZGVkIGJ5IHRoZSBjbGllbnQgaW4gdGhl
CiAgIHJlcXVlc3QuCgoKNy4gIEFjY2Vzc2luZyBQcm90ZWN0ZWQgUmVzb3VyY2VzCgogICBUaGUg
Y2xpZW50IGFjY2Vzc2VzIHByb3RlY3RlZCByZXNvdXJjZXMgYnkgcHJlc2VudGluZyB0aGUgYWNj
ZXNzCiAgIHRva2VuIHRvIHRoZSByZXNvdXJjZSBzZXJ2ZXIuICBUaGUgcmVzb3VyY2Ugc2VydmVy
IE1VU1QgdmFsaWRhdGUgdGhlCiAgIGFjY2VzcyB0b2tlbiBhbmQgZW5zdXJlIGl0IGhhcyBub3Qg
ZXhwaXJlZCBhbmQgdGhhdCBpdHMgc2NvcGUgY292ZXJzCiAgIHRoZSByZXF1ZXN0ZWQgcmVzb3Vy
Y2UuICBUaGUgbWV0aG9kcyB1c2VkIGJ5IHRoZSByZXNvdXJjZSBzZXJ2ZXIgdG8KICAgdmFsaWRh
dGUgdGhlIGFjY2VzcyB0b2tlbiAoYXMgd2VsbCBhcyBhbnkgZXJyb3IgcmVzcG9uc2VzKSBhcmUg
YmV5b25kCiAgIHRoZSBzY29wZSBvZiB0aGlzIHNwZWNpZmljYXRpb24sIGJ1dCBnZW5lcmFsbHkg
aW52b2x2ZSBhbiBpbnRlcmFjdGlvbgogICBvciBjb29yZGluYXRpb24gYmV0d2VlbiB0aGUgcmVz
b3VyY2Ugc2VydmVyIGFuZCB0aGUgYXV0aG9yaXphdGlvbgogICBzZXJ2ZXIuCgoKCgpIYW1tZXIs
IGV0IGFsLiAgICAgICAgICBFeHBpcmVzIE5vdmVtYmVyIDI1LCAyMDEyICAgICAgICAgICAgICBb
UGFnZSA0NF0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAg
ICAgICAgICAgICAgICAgICAgTWF5IDIwMTIKCgogICBUaGUgbWV0aG9kIGluIHdoaWNoIHRoZSBj
bGllbnQgdXRpbGl6ZXMgdGhlIGFjY2VzcyB0b2tlbiB0bwogICBhdXRoZW50aWNhdGUgd2l0aCB0
aGUgcmVzb3VyY2Ugc2VydmVyIGRlcGVuZHMgb24gdGhlIHR5cGUgb2YgYWNjZXNzCiAgIHRva2Vu
IGlzc3VlZCBieSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuICBUeXBpY2FsbHksIGl0IGludm9s
dmVzCiAgIHVzaW5nIHRoZSBIVFRQICJBdXRob3JpemF0aW9uIiByZXF1ZXN0IGhlYWRlciBmaWVs
ZCBbUkZDMjYxN10gd2l0aCBhbgogICBhdXRoZW50aWNhdGlvbiBzY2hlbWUgZGVmaW5lZCBieSB0
aGUgYWNjZXNzIHRva2VuIHR5cGUgc3BlY2lmaWNhdGlvbi4KCjcuMS4gIEFjY2VzcyBUb2tlbiBU
eXBlcwoKICAgVGhlIGFjY2VzcyB0b2tlbiB0eXBlIHByb3ZpZGVzIHRoZSBjbGllbnQgd2l0aCB0
aGUgaW5mb3JtYXRpb24KICAgcmVxdWlyZWQgdG8gc3VjY2Vzc2Z1bGx5IHV0aWxpemUgdGhlIGFj
Y2VzcyB0b2tlbiB0byBtYWtlIGEgcHJvdGVjdGVkCiAgIHJlc291cmNlIHJlcXVlc3QgKGFsb25n
IHdpdGggdHlwZS1zcGVjaWZpYyBhdHRyaWJ1dGVzKS4gIFRoZSBjbGllbnQKICAgTVVTVCBOT1Qg
dXNlIGFuIGFjY2VzcyB0b2tlbiBpZiBpdCBkb2VzIG5vdCB1bmRlcnN0YW5kIHRoZSB0b2tlbgog
ICB0eXBlLgoKICAgRm9yIGV4YW1wbGUsIHRoZSAiYmVhcmVyIiB0b2tlbiB0eXBlIGRlZmluZWQg
aW4KICAgW0ktRC5pZXRmLW9hdXRoLXYyLWJlYXJlcl0gaXMgdXRpbGl6ZWQgYnkgc2ltcGx5IGlu
Y2x1ZGluZyB0aGUgYWNjZXNzCiAgIHRva2VuIHN0cmluZyBpbiB0aGUgcmVxdWVzdDoKCgogICAg
IEdFVCAvcmVzb3VyY2UvMSBIVFRQLzEuMQogICAgIEhvc3Q6IGV4YW1wbGUuY29tCiAgICAgQXV0
aG9yaXphdGlvbjogQmVhcmVyIG1GXzkuQjVmLTQuMUpxTQoKCiAgIHdoaWxlIHRoZSAibWFjIiB0
b2tlbiB0eXBlIGRlZmluZWQgaW4gW0ktRC5pZXRmLW9hdXRoLXYyLWh0dHAtbWFjXSBpcwogICB1
dGlsaXplZCBieSBpc3N1aW5nIGEgTUFDIGtleSB0b2dldGhlciB3aXRoIHRoZSBhY2Nlc3MgdG9r
ZW4gd2hpY2ggaXMKICAgdXNlZCB0byBzaWduIGNlcnRhaW4gY29tcG9uZW50cyBvZiB0aGUgSFRU
UCByZXF1ZXN0czoKCgogICAgIEdFVCAvcmVzb3VyY2UvMSBIVFRQLzEuMQogICAgIEhvc3Q6IGV4
YW1wbGUuY29tCiAgICAgQXV0aG9yaXphdGlvbjogTUFDIGlkPSJoNDgwZGpzOTNoZDgiLAogICAg
ICAgICAgICAgICAgICAgICAgICBub25jZT0iMjc0MzEyOmRqODNoczlzIiwKICAgICAgICAgICAg
ICAgICAgICAgICAgbWFjPSJrRFp2ZGRrbmR4dmhHUlhaaHZ1RGpFV2hHZUU9IgoKCiAgIFRoZSBh
Ym92ZSBleGFtcGxlcyBhcmUgcHJvdmlkZWQgZm9yIGlsbHVzdHJhdGlvbiBwdXJwb3NlcyBvbmx5
LgogICBEZXZlbG9wZXJzIGFyZSBhZHZpc2VkIHRvIGNvbnN1bHQgdGhlIFtJLUQuaWV0Zi1vYXV0
aC12Mi1iZWFyZXJdIGFuZAogICBbSS1ELmlldGYtb2F1dGgtdjItaHR0cC1tYWNdIHNwZWNpZmlj
YXRpb25zIGJlZm9yZSB1c2UuCgogICBFYWNoIGFjY2VzcyB0b2tlbiB0eXBlIGRlZmluaXRpb24g
c3BlY2lmaWVzIHRoZSBhZGRpdGlvbmFsIGF0dHJpYnV0ZXMKICAgKGlmIGFueSkgc2VudCB0byB0
aGUgY2xpZW50IHRvZ2V0aGVyIHdpdGggdGhlICJhY2Nlc3NfdG9rZW4iIHJlc3BvbnNlCiAgIHBh
cmFtZXRlci4gIEl0IGFsc28gZGVmaW5lcyB0aGUgSFRUUCBhdXRoZW50aWNhdGlvbiBtZXRob2Qg
dXNlZCB0bwogICBpbmNsdWRlIHRoZSBhY2Nlc3MgdG9rZW4gd2hlbiBtYWtpbmcgYSBwcm90ZWN0
ZWQgcmVzb3VyY2UgcmVxdWVzdC4KCgoKCgoKCkhhbW1lciwgZXQgYWwuICAgICAgICAgIEV4cGly
ZXMgTm92ZW1iZXIgMjUsIDIwMTIgICAgICAgICAgICAgIFtQYWdlIDQ1XQoMCkludGVybmV0LURy
YWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAgICAgICAgICAgICAgICAgICBNYXkg
MjAxMgoKCjcuMi4gIEVycm9yIFJlc3BvbnNlCgogICBJZiBhIHJlc291cmNlIGFjY2VzcyByZXF1
ZXN0IGZhaWxzLCB0aGUgcmVzb3VyY2Ugc2VydmVyIFNIT1VMRCBpbmZvcm0KICAgdGhlIGNsaWVu
dCBvZiB0aGUgZXJyb3IuICBXaGlsZSB0aGUgc3BlY2lmaWMgZXJyb3IgcmVzcG9uc2VzIHBvc3Np
YmxlCiAgIGFuZCBtZXRob2RzIGZvciB0cmFuc21pdHRpbmcgdGhvc2UgZXJyb3JzIHdoZW4gdXNp
bmcgYW55IHBhcnRpY3VsYXIKICAgYWNjZXNzIHRva2VuIHR5cGUgYXJlIGJleW9uZCB0aGUgc2Nv
cGUgb2YgdGhpcyBzcGVjaWZpY2F0aW9uLCBhbnkKICAgZXJyb3IgY29kZXMgZGVmaW5lZCBmb3Ig
dXNlIHdpdGggT0F1dGggcmVzb3VyY2UgYWNjZXNzIG1ldGhvZHMgTVVTVAogICBiZSByZWdpc3Rl
cmVkIChmb2xsb3dpbmcgdGhlIHByb2NlZHVyZXMgaW4gU2VjdGlvbiAxMS40KS4KCgo4LiAgRXh0
ZW5zaWJpbGl0eQoKOC4xLiAgRGVmaW5pbmcgQWNjZXNzIFRva2VuIFR5cGVzCgogICBBY2Nlc3Mg
dG9rZW4gdHlwZXMgY2FuIGJlIGRlZmluZWQgaW4gb25lIG9mIHR3byB3YXlzOiByZWdpc3RlcmVk
IGluCiAgIHRoZSBhY2Nlc3MgdG9rZW4gdHlwZSByZWdpc3RyeSAoZm9sbG93aW5nIHRoZSBwcm9j
ZWR1cmVzIGluCiAgIFNlY3Rpb24gMTEuMSksIG9yIGJ5IHVzaW5nIGEgdW5pcXVlIGFic29sdXRl
IFVSSSBhcyBpdHMgbmFtZS4KCiAgIFR5cGVzIHV0aWxpemluZyBhIFVSSSBuYW1lIFNIT1VMRCBi
ZSBsaW1pdGVkIHRvIHZlbmRvci1zcGVjaWZpYwogICBpbXBsZW1lbnRhdGlvbnMgdGhhdCBhcmUg
bm90IGNvbW1vbmx5IGFwcGxpY2FibGUsIGFuZCBhcmUgc3BlY2lmaWMgdG8KICAgdGhlIGltcGxl
bWVudGF0aW9uIGRldGFpbHMgb2YgdGhlIHJlc291cmNlIHNlcnZlciB3aGVyZSB0aGV5IGFyZQog
ICB1c2VkLgoKICAgQWxsIG90aGVyIHR5cGVzIE1VU1QgYmUgcmVnaXN0ZXJlZC4gIFR5cGUgbmFt
ZXMgTVVTVCBjb25mb3JtIHRvIHRoZQogICB0eXBlLW5hbWUgQUJORi4gIElmIHRoZSB0eXBlIGRl
ZmluaXRpb24gaW5jbHVkZXMgYSBuZXcgSFRUUAogICBhdXRoZW50aWNhdGlvbiBzY2hlbWUsIHRo
ZSB0eXBlIG5hbWUgU0hPVUxEIGJlIGlkZW50aWNhbCB0byB0aGUgSFRUUAogICBhdXRoZW50aWNh
dGlvbiBzY2hlbWUgbmFtZSAoYXMgZGVmaW5lZCBieSBbUkZDMjYxN10pLiAgVGhlIHRva2VuIHR5
cGUKICAgImV4YW1wbGUiIGlzIHJlc2VydmVkIGZvciB1c2UgaW4gZXhhbXBsZXMuCgoKICAgICB0
eXBlLW5hbWUgID0gMSpuYW1lLWNoYXIKICAgICBuYW1lLWNoYXIgICA9ICItIiAvICIuIiAvICJf
IiAvIERJR0lUIC8gQUxQSEEKCgo4LjIuICBEZWZpbmluZyBOZXcgRW5kcG9pbnQgUGFyYW1ldGVy
cwoKICAgTmV3IHJlcXVlc3Qgb3IgcmVzcG9uc2UgcGFyYW1ldGVycyBmb3IgdXNlIHdpdGggdGhl
IGF1dGhvcml6YXRpb24KICAgZW5kcG9pbnQgb3IgdGhlIHRva2VuIGVuZHBvaW50IGFyZSBkZWZp
bmVkIGFuZCByZWdpc3RlcmVkIGluIHRoZQogICBwYXJhbWV0ZXJzIHJlZ2lzdHJ5IGZvbGxvd2lu
ZyB0aGUgcHJvY2VkdXJlIGluIFNlY3Rpb24gMTEuMi4KCiAgIFBhcmFtZXRlciBuYW1lcyBNVVNU
IGNvbmZvcm0gdG8gdGhlIHBhcmFtLW5hbWUgQUJORiBhbmQgcGFyYW1ldGVyCiAgIHZhbHVlcyBz
eW50YXggTVVTVCBiZSB3ZWxsLWRlZmluZWQgKGUuZy4sIHVzaW5nIEFCTkYsIG9yIGEgcmVmZXJl
bmNlCiAgIHRvIHRoZSBzeW50YXggb2YgYW4gZXhpc3RpbmcgcGFyYW1ldGVyKS4KCgogICAgIHBh
cmFtLW5hbWUgID0gMSpuYW1lLWNoYXIKICAgICBuYW1lLWNoYXIgICA9ICItIiAvICIuIiAvICJf
IiAvIERJR0lUIC8gQUxQSEEKCgoKCkhhbW1lciwgZXQgYWwuICAgICAgICAgIEV4cGlyZXMgTm92
ZW1iZXIgMjUsIDIwMTIgICAgICAgICAgICAgIFtQYWdlIDQ2XQoMCkludGVybmV0LURyYWZ0ICAg
ICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAgICAgICAgICAgICAgICAgICBNYXkgMjAxMgoK
CiAgIFVucmVnaXN0ZXJlZCB2ZW5kb3Itc3BlY2lmaWMgcGFyYW1ldGVyIGV4dGVuc2lvbnMgdGhh
dCBhcmUgbm90CiAgIGNvbW1vbmx5IGFwcGxpY2FibGUsIGFuZCBhcmUgc3BlY2lmaWMgdG8gdGhl
IGltcGxlbWVudGF0aW9uIGRldGFpbHMKICAgb2YgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHdo
ZXJlIHRoZXkgYXJlIHVzZWQgU0hPVUxEIHV0aWxpemUgYQogICB2ZW5kb3Itc3BlY2lmaWMgcHJl
Zml4IHRoYXQgaXMgbm90IGxpa2VseSB0byBjb25mbGljdCB3aXRoIG90aGVyCiAgIHJlZ2lzdGVy
ZWQgdmFsdWVzIChlLmcuIGJlZ2luIHdpdGggJ2NvbXBhbnluYW1lXycpLgoKOC4zLiAgRGVmaW5p
bmcgTmV3IEF1dGhvcml6YXRpb24gR3JhbnQgVHlwZXMKCiAgIE5ldyBhdXRob3JpemF0aW9uIGdy
YW50IHR5cGVzIGNhbiBiZSBkZWZpbmVkIGJ5IGFzc2lnbmluZyB0aGVtIGEKICAgdW5pcXVlIGFi
c29sdXRlIFVSSSBmb3IgdXNlIHdpdGggdGhlICJncmFudF90eXBlIiBwYXJhbWV0ZXIuICBJZiB0
aGUKICAgZXh0ZW5zaW9uIGdyYW50IHR5cGUgcmVxdWlyZXMgYWRkaXRpb25hbCB0b2tlbiBlbmRw
b2ludCBwYXJhbWV0ZXJzLAogICB0aGV5IE1VU1QgYmUgcmVnaXN0ZXJlZCBpbiB0aGUgT0F1dGgg
cGFyYW1ldGVycyByZWdpc3RyeSBhcyBkZXNjcmliZWQKICAgYnkgU2VjdGlvbiAxMS4yLgoKOC40
LiAgRGVmaW5pbmcgTmV3IEF1dGhvcml6YXRpb24gRW5kcG9pbnQgUmVzcG9uc2UgVHlwZXMKCiAg
IE5ldyByZXNwb25zZSB0eXBlcyBmb3IgdXNlIHdpdGggdGhlIGF1dGhvcml6YXRpb24gZW5kcG9p
bnQgYXJlCiAgIGRlZmluZWQgYW5kIHJlZ2lzdGVyZWQgaW4gdGhlIGF1dGhvcml6YXRpb24gZW5k
cG9pbnQgcmVzcG9uc2UgdHlwZQogICByZWdpc3RyeSBmb2xsb3dpbmcgdGhlIHByb2NlZHVyZSBp
biBTZWN0aW9uIDExLjMuICBSZXNwb25zZSB0eXBlCiAgIG5hbWVzIE1VU1QgY29uZm9ybSB0byB0
aGUgcmVzcG9uc2UtdHlwZSBBQk5GLgoKCiAgICAgcmVzcG9uc2UtdHlwZSAgPSByZXNwb25zZS1u
YW1lICooIFNQIHJlc3BvbnNlLW5hbWUgKQogICAgIHJlc3BvbnNlLW5hbWUgID0gMSpyZXNwb25z
ZS1jaGFyCiAgICAgcmVzcG9uc2UtY2hhciAgPSAiXyIgLyBESUdJVCAvIEFMUEhBCgoKICAgSWYg
YSByZXNwb25zZSB0eXBlIGNvbnRhaW5zIG9uZSBvciBtb3JlIHNwYWNlIGNoYXJhY3RlcnMgKCV4
MjApLCBpdAogICBpcyBjb21wYXJlZCBhcyBhIHNwYWNlLWRlbGltaXRlZCBsaXN0IG9mIHZhbHVl
cyBpbiB3aGljaCB0aGUgb3JkZXIgb2YKICAgdmFsdWVzIGRvZXMgbm90IG1hdHRlci4gIE9ubHkg
b25lIG9yZGVyIG9mIHZhbHVlcyBjYW4gYmUgcmVnaXN0ZXJlZCwKICAgd2hpY2ggY292ZXJzIGFs
bCBvdGhlciBhcnJhbmdlbWVudHMgb2YgdGhlIHNhbWUgc2V0IG9mIHZhbHVlcy4KCiAgIEZvciBl
eGFtcGxlLCB0aGUgcmVzcG9uc2UgdHlwZSAidG9rZW4gY29kZSIgaXMgbGVmdCB1bmRlZmluZWQg
YnkgdGhpcwogICBzcGVjaWZpY2F0aW9uLiAgSG93ZXZlciwgYW4gZXh0ZW5zaW9uIGNhbiBkZWZp
bmUgYW5kIHJlZ2lzdGVyIHRoZQogICAidG9rZW4gY29kZSIgcmVzcG9uc2UgdHlwZS4gIE9uY2Ug
cmVnaXN0ZXJlZCwgdGhlIHNhbWUgY29tYmluYXRpb24KICAgY2Fubm90IGJlIHJlZ2lzdGVyZWQg
YXMgImNvZGUgdG9rZW4iLCBidXQgYm90aCB2YWx1ZXMgY2FuIGJlIHVzZWQgdG8KICAgZGVub3Rl
IHRoZSBzYW1lIHJlc3BvbnNlIHR5cGUuCgo4LjUuICBEZWZpbmluZyBBZGRpdGlvbmFsIEVycm9y
IENvZGVzCgogICBJbiBjYXNlcyB3aGVyZSBwcm90b2NvbCBleHRlbnNpb25zIChpLmUuIGFjY2Vz
cyB0b2tlbiB0eXBlcywKICAgZXh0ZW5zaW9uIHBhcmFtZXRlcnMsIG9yIGV4dGVuc2lvbiBncmFu
dCB0eXBlcykgcmVxdWlyZSBhZGRpdGlvbmFsCiAgIGVycm9yIGNvZGVzIHRvIGJlIHVzZWQgd2l0
aCB0aGUgYXV0aG9yaXphdGlvbiBjb2RlIGdyYW50IGVycm9yCiAgIHJlc3BvbnNlIChTZWN0aW9u
IDQuMS4yLjEpLCB0aGUgaW1wbGljaXQgZ3JhbnQgZXJyb3IgcmVzcG9uc2UKICAgKFNlY3Rpb24g
NC4yLjIuMSksIHRoZSB0b2tlbiBlcnJvciByZXNwb25zZSAoU2VjdGlvbiA1LjIpLCBvciB0aGUK
ICAgcmVzb3VyY2UgYWNjZXNzIGVycm9yIHJlc3BvbnNlIChTZWN0aW9uIDcuMiksIHN1Y2ggZXJy
b3IgY29kZXMgTUFZIGJlCiAgIGRlZmluZWQuCgoKCgpIYW1tZXIsIGV0IGFsLiAgICAgICAgICBF
eHBpcmVzIE5vdmVtYmVyIDI1LCAyMDEyICAgICAgICAgICAgICBbUGFnZSA0N10KDApJbnRlcm5l
dC1EcmFmdCAgICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICAg
TWF5IDIwMTIKCgogICBFeHRlbnNpb24gZXJyb3IgY29kZXMgTVVTVCBiZSByZWdpc3RlcmVkIChm
b2xsb3dpbmcgdGhlIHByb2NlZHVyZXMgaW4KICAgU2VjdGlvbiAxMS40KSBpZiB0aGUgZXh0ZW5z
aW9uIHRoZXkgYXJlIHVzZWQgaW4gY29uanVuY3Rpb24gd2l0aCBpcyBhCiAgIHJlZ2lzdGVyZWQg
YWNjZXNzIHRva2VuIHR5cGUsIGEgcmVnaXN0ZXJlZCBlbmRwb2ludCBwYXJhbWV0ZXIsIG9yIGFu
CiAgIGV4dGVuc2lvbiBncmFudCB0eXBlLiAgRXJyb3IgY29kZXMgdXNlZCB3aXRoIHVucmVnaXN0
ZXJlZCBleHRlbnNpb25zCiAgIE1BWSBiZSByZWdpc3RlcmVkLgoKICAgRXJyb3IgY29kZXMgTVVT
VCBjb25mb3JtIHRvIHRoZSBlcnJvci1jb2RlIEFCTkYsIGFuZCBTSE9VTEQgYmUKICAgcHJlZml4
ZWQgYnkgYW4gaWRlbnRpZnlpbmcgbmFtZSB3aGVuIHBvc3NpYmxlLiAgRm9yIGV4YW1wbGUsIGFu
IGVycm9yCiAgIGlkZW50aWZ5aW5nIGFuIGludmFsaWQgdmFsdWUgc2V0IHRvIHRoZSBleHRlbnNp
b24gcGFyYW1ldGVyICJleGFtcGxlIgogICBTSE9VTEQgYmUgbmFtZWQgImV4YW1wbGVfaW52YWxp
ZCIuCgoKICAgICBlcnJvci1jb2RlICAgPSBBTFBIQSAqZXJyb3ItY2hhcgogICAgIGVycm9yLWNo
YXIgICA9ICItIiAvICIuIiAvICJfIiAvIERJR0lUIC8gQUxQSEEKCgoKOS4gIE5hdGl2ZSBBcHBs
aWNhdGlvbnMKCiAgIE5hdGl2ZSBhcHBsaWNhdGlvbnMgYXJlIGNsaWVudHMgaW5zdGFsbGVkIGFu
ZCBleGVjdXRlZCBvbiB0aGUgZGV2aWNlCiAgIHVzZWQgYnkgdGhlIHJlc291cmNlIG93bmVyIChp
LmUuIGRlc2t0b3AgYXBwbGljYXRpb24sIG5hdGl2ZSBtb2JpbGUKICAgYXBwbGljYXRpb24pLiAg
TmF0aXZlIGFwcGxpY2F0aW9ucyByZXF1aXJlIHNwZWNpYWwgY29uc2lkZXJhdGlvbgogICByZWxh
dGVkIHRvIHNlY3VyaXR5LCBwbGF0Zm9ybSBjYXBhYmlsaXRpZXMsIGFuZCBvdmVyYWxsIGVuZC11
c2VyCiAgIGV4cGVyaWVuY2UuCgogICBUaGUgYXV0aG9yaXphdGlvbiBlbmRwb2ludCByZXF1aXJl
cyBpbnRlcmFjdGlvbiBiZXR3ZWVuIHRoZSBjbGllbnQKICAgYW5kIHRoZSByZXNvdXJjZSBvd25l
cidzIHVzZXItYWdlbnQuICBOYXRpdmUgYXBwbGljYXRpb25zIGNhbiBpbnZva2UKICAgYW4gZXh0
ZXJuYWwgdXNlci1hZ2VudCBvciBlbWJlZCBhIHVzZXItYWdlbnQgd2l0aGluIHRoZSBhcHBsaWNh
dGlvbi4KICAgRm9yIGV4YW1wbGU6CgogICBvICBFeHRlcm5hbCB1c2VyLWFnZW50IC0gdGhlIG5h
dGl2ZSBhcHBsaWNhdGlvbiBjYW4gY2FwdHVyZSB0aGUKICAgICAgcmVzcG9uc2UgZnJvbSB0aGUg
YXV0aG9yaXphdGlvbiBzZXJ2ZXIgdXNpbmcgYSByZWRpcmVjdGlvbiBVUkkKICAgICAgd2l0aCBh
IHNjaGVtZSByZWdpc3RlcmVkIHdpdGggdGhlIG9wZXJhdGluZyBzeXN0ZW0gdG8gaW52b2tlIHRo
ZQogICAgICBjbGllbnQgYXMgdGhlIGhhbmRsZXIsIG1hbnVhbCBjb3B5LWFuZC1wYXN0ZSBvZiB0
aGUgY3JlZGVudGlhbHMsCiAgICAgIHJ1bm5pbmcgYSBsb2NhbCB3ZWIgc2VydmVyLCBpbnN0YWxs
aW5nIGEgdXNlci1hZ2VudCBleHRlbnNpb24sIG9yCiAgICAgIGJ5IHByb3ZpZGluZyBhIHJlZGly
ZWN0aW9uIFVSSSBpZGVudGlmeWluZyBhIHNlcnZlci1ob3N0ZWQKICAgICAgcmVzb3VyY2UgdW5k
ZXIgdGhlIGNsaWVudCdzIGNvbnRyb2wsIHdoaWNoIGluIHR1cm4gbWFrZXMgdGhlCiAgICAgIHJl
c3BvbnNlIGF2YWlsYWJsZSB0byB0aGUgbmF0aXZlIGFwcGxpY2F0aW9uLgogICBvICBFbWJlZGRl
ZCB1c2VyLWFnZW50IC0gdGhlIG5hdGl2ZSBhcHBsaWNhdGlvbiBvYnRhaW5zIHRoZSByZXNwb25z
ZQogICAgICBieSBkaXJlY3RseSBjb21tdW5pY2F0aW5nIHdpdGggdGhlIGVtYmVkZGVkIHVzZXIt
YWdlbnQgYnkKICAgICAgbW9uaXRvcmluZyBzdGF0ZSBjaGFuZ2VzIGVtaXR0ZWQgZHVyaW5nIHRo
ZSByZXNvdXJjZSBsb2FkLCBvcgogICAgICBhY2Nlc3NpbmcgdGhlIHVzZXItYWdlbnQncyBjb29r
aWVzIHN0b3JhZ2UuCgogICBXaGVuIGNob29zaW5nIGJldHdlZW4gYW4gZXh0ZXJuYWwgb3IgZW1i
ZWRkZWQgdXNlci1hZ2VudCwgZGV2ZWxvcGVycwogICBzaG91bGQgY29uc2lkZXI6CgoKCgoKCkhh
bW1lciwgZXQgYWwuICAgICAgICAgIEV4cGlyZXMgTm92ZW1iZXIgMjUsIDIwMTIgICAgICAgICAg
ICAgIFtQYWdlIDQ4XQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4w
ICAgICAgICAgICAgICAgICAgICAgICBNYXkgMjAxMgoKCiAgIG8gIEFuIEV4dGVybmFsIHVzZXIt
YWdlbnQgbWF5IGltcHJvdmUgY29tcGxldGlvbiByYXRlIGFzIHRoZSByZXNvdXJjZQogICAgICBv
d25lciBtYXkgYWxyZWFkeSBoYXZlIGFuIGFjdGl2ZSBzZXNzaW9uIHdpdGggdGhlIGF1dGhvcml6
YXRpb24KICAgICAgc2VydmVyIHJlbW92aW5nIHRoZSBuZWVkIHRvIHJlLWF1dGhlbnRpY2F0ZS4g
IEl0IHByb3ZpZGVzIGEKICAgICAgZmFtaWxpYXIgZW5kLXVzZXIgZXhwZXJpZW5jZSBhbmQgZnVu
Y3Rpb25hbGl0eS4gIFRoZSByZXNvdXJjZQogICAgICBvd25lciBtYXkgYWxzbyByZWx5IG9uIHVz
ZXItYWdlbnQgZmVhdHVyZXMgb3IgZXh0ZW5zaW9ucyB0byBhc3Npc3QKICAgICAgd2l0aCBhdXRo
ZW50aWNhdGlvbiAoZS5nLiBwYXNzd29yZCBtYW5hZ2VyLCAyLWZhY3RvciBkZXZpY2UKICAgICAg
cmVhZGVyKS4KICAgbyAgQW4gZW1iZWRkZWQgdXNlci1hZ2VudCBtYXkgb2ZmZXIgaW1wcm92ZWQg
dXNhYmlsaXR5LCBhcyBpdCByZW1vdmVzCiAgICAgIHRoZSBuZWVkIHRvIHN3aXRjaCBjb250ZXh0
IGFuZCBvcGVuIG5ldyB3aW5kb3dzLgogICBvICBBbiBlbWJlZGRlZCB1c2VyLWFnZW50IHBvc2Vz
IGEgc2VjdXJpdHkgY2hhbGxlbmdlIGJlY2F1c2UgcmVzb3VyY2UKICAgICAgb3duZXJzIGFyZSBh
dXRoZW50aWNhdGluZyBpbiBhbiB1bmlkZW50aWZpZWQgd2luZG93IHdpdGhvdXQgYWNjZXNzCiAg
ICAgIHRvIHRoZSB2aXN1YWwgcHJvdGVjdGlvbnMgZm91bmQgaW4gbW9zdCBleHRlcm5hbCB1c2Vy
LWFnZW50cy4gIEFuCiAgICAgIGVtYmVkZGVkIHVzZXItYWdlbnQgZWR1Y2F0ZXMgZW5kLXVzZXJz
IHRvIHRydXN0IHVuaWRlbnRpZmllZAogICAgICByZXF1ZXN0cyBmb3IgYXV0aGVudGljYXRpb24g
KG1ha2luZyBwaGlzaGluZyBhdHRhY2tzIGVhc2llciB0bwogICAgICBleGVjdXRlKS4KCiAgIFdo
ZW4gY2hvb3NpbmcgYmV0d2VlbiB0aGUgaW1wbGljaXQgZ3JhbnQgdHlwZSBhbmQgdGhlIGF1dGhv
cml6YXRpb24KICAgY29kZSBncmFudCB0eXBlLCB0aGUgZm9sbG93aW5nIHNob3VsZCBiZSBjb25z
aWRlcmVkOgoKICAgbyAgTmF0aXZlIGFwcGxpY2F0aW9ucyB0aGF0IHVzZSB0aGUgYXV0aG9yaXph
dGlvbiBjb2RlIGdyYW50IHR5cGUKICAgICAgU0hPVUxEIGRvIHNvIHdpdGhvdXQgdXNpbmcgY2xp
ZW50IGNyZWRlbnRpYWxzLCBkdWUgdG8gdGhlIG5hdGl2ZQogICAgICBhcHBsaWNhdGlvbidzIGlu
YWJpbGl0eSB0byBrZWVwIGNsaWVudCBjcmVkZW50aWFscyBjb25maWRlbnRpYWwuCiAgIG8gIFdo
ZW4gdXNpbmcgdGhlIGltcGxpY2l0IGdyYW50IHR5cGUgZmxvdyBhIHJlZnJlc2ggdG9rZW4gaXMg
bm90CiAgICAgIHJldHVybmVkIHdoaWNoIHJlcXVpcmVzIHJlcGVhdGluZyB0aGUgYXV0aG9yaXph
dGlvbiBwcm9jZXNzIG9uY2UKICAgICAgdGhlIGFjY2VzcyB0b2tlbiBleHBpcmVzLgoKCjEwLiAg
U2VjdXJpdHkgQ29uc2lkZXJhdGlvbnMKCiAgIEFzIGEgZmxleGlibGUgYW5kIGV4dGVuc2libGUg
ZnJhbWV3b3JrLCBPQXV0aCdzIHNlY3VyaXR5CiAgIGNvbnNpZGVyYXRpb25zIGRlcGVuZCBvbiBt
YW55IGZhY3RvcnMuICBUaGUgZm9sbG93aW5nIHNlY3Rpb25zCiAgIHByb3ZpZGUgaW1wbGVtZW50
ZXJzIHdpdGggc2VjdXJpdHkgZ3VpZGVsaW5lcyBmb2N1c2VkIG9uIHRoZSB0aHJlZQogICBjbGll
bnQgcHJvZmlsZXMgZGVzY3JpYmVkIGluIFNlY3Rpb24gMi4xOiB3ZWIgYXBwbGljYXRpb24sIHVz
ZXItCiAgIGFnZW50LWJhc2VkIGFwcGxpY2F0aW9uLCBhbmQgbmF0aXZlIGFwcGxpY2F0aW9uLgoK
ICAgQSBjb21wcmVoZW5zaXZlIE9BdXRoIHNlY3VyaXR5IG1vZGVsIGFuZCBhbmFseXNpcywgYXMg
d2VsbCBhcwogICBiYWNrZ3JvdW5kIGZvciB0aGUgcHJvdG9jb2wgZGVzaWduIGlzIHByb3ZpZGVk
IGJ5CiAgIFtJLUQuaWV0Zi1vYXV0aC12Mi10aHJlYXRtb2RlbF0uCgoxMC4xLiAgQ2xpZW50IEF1
dGhlbnRpY2F0aW9uCgogICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgZXN0YWJsaXNoZXMgY2xp
ZW50IGNyZWRlbnRpYWxzIHdpdGggd2ViCiAgIGFwcGxpY2F0aW9uIGNsaWVudHMgZm9yIHRoZSBw
dXJwb3NlIG9mIGNsaWVudCBhdXRoZW50aWNhdGlvbi4gIFRoZQogICBhdXRob3JpemF0aW9uIHNl
cnZlciBpcyBlbmNvdXJhZ2VkIHRvIGNvbnNpZGVyIHN0cm9uZ2VyIGNsaWVudAogICBhdXRoZW50
aWNhdGlvbiBtZWFucyB0aGFuIGEgY2xpZW50IHBhc3N3b3JkLiAgV2ViIGFwcGxpY2F0aW9uIGNs
aWVudHMKICAgTVVTVCBlbnN1cmUgY29uZmlkZW50aWFsaXR5IG9mIGNsaWVudCBwYXNzd29yZHMg
YW5kIG90aGVyIGNsaWVudAogICBjcmVkZW50aWFscy4KCgoKCkhhbW1lciwgZXQgYWwuICAgICAg
ICAgIEV4cGlyZXMgTm92ZW1iZXIgMjUsIDIwMTIgICAgICAgICAgICAgIFtQYWdlIDQ5XQoMCklu
dGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAgICAgICAgICAgICAg
ICAgICBNYXkgMjAxMgoKCiAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIE5PVCBpc3N1
ZSBjbGllbnQgcGFzc3dvcmRzIG9yIG90aGVyCiAgIGNsaWVudCBjcmVkZW50aWFscyB0byBuYXRp
dmUgYXBwbGljYXRpb24gb3IgdXNlci1hZ2VudC1iYXNlZAogICBhcHBsaWNhdGlvbiBjbGllbnRz
IGZvciB0aGUgcHVycG9zZSBvZiBjbGllbnQgYXV0aGVudGljYXRpb24uICBUaGUKICAgYXV0aG9y
aXphdGlvbiBzZXJ2ZXIgTUFZIGlzc3VlIGEgY2xpZW50IHBhc3N3b3JkIG9yIG90aGVyIGNyZWRl
bnRpYWxzCiAgIGZvciBhIHNwZWNpZmljIGluc3RhbGxhdGlvbiBvZiBhIG5hdGl2ZSBhcHBsaWNh
dGlvbiBjbGllbnQgb24gYQogICBzcGVjaWZpYyBkZXZpY2UuCgogICBXaGVuIGNsaWVudCBhdXRo
ZW50aWNhdGlvbiBpcyBub3QgcG9zc2libGUsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcgogICBT
SE9VTEQgZW1wbG95IG90aGVyIG1lYW5zIHRvIHZhbGlkYXRlIHRoZSBjbGllbnQncyBpZGVudGl0
eS4gIEZvcgogICBleGFtcGxlLCBieSByZXF1aXJpbmcgdGhlIHJlZ2lzdHJhdGlvbiBvZiB0aGUg
Y2xpZW50IHJlZGlyZWN0aW9uIFVSSQogICBvciBlbmxpc3RpbmcgdGhlIHJlc291cmNlIG93bmVy
IHRvIGNvbmZpcm0gaWRlbnRpdHkuICBBIHZhbGlkCiAgIHJlZGlyZWN0aW9uIFVSSSBpcyBub3Qg
c3VmZmljaWVudCB0byB2ZXJpZnkgdGhlIGNsaWVudCdzIGlkZW50aXR5CiAgIHdoZW4gYXNraW5n
IGZvciByZXNvdXJjZSBvd25lciBhdXRob3JpemF0aW9uLCBidXQgY2FuIGJlIHVzZWQgdG8KICAg
cHJldmVudCBkZWxpdmVyaW5nIGNyZWRlbnRpYWxzIHRvIGEgY291bnRlcmZlaXQgY2xpZW50IGFm
dGVyCiAgIG9idGFpbmluZyByZXNvdXJjZSBvd25lciBhdXRob3JpemF0aW9uLgoKICAgVGhlIGF1
dGhvcml6YXRpb24gc2VydmVyIG11c3QgY29uc2lkZXIgdGhlIHNlY3VyaXR5IGltcGxpY2F0aW9u
cyBvZgogICBpbnRlcmFjdGluZyB3aXRoIHVuYXV0aGVudGljYXRlZCBjbGllbnRzIGFuZCB0YWtl
IG1lYXN1cmVzIHRvIGxpbWl0CiAgIHRoZSBwb3RlbnRpYWwgZXhwb3N1cmUgb2Ygb3RoZXIgY3Jl
ZGVudGlhbHMgKGUuZy4gcmVmcmVzaCB0b2tlbnMpCiAgIGlzc3VlZCB0byBzdWNoIGNsaWVudHMu
CgoxMC4yLiAgQ2xpZW50IEltcGVyc29uYXRpb24KCiAgIEEgbWFsaWNpb3VzIGNsaWVudCBjYW4g
aW1wZXJzb25hdGUgYW5vdGhlciBjbGllbnQgYW5kIG9idGFpbiBhY2Nlc3MKICAgdG8gcHJvdGVj
dGVkIHJlc291cmNlcywgaWYgdGhlIGltcGVyc29uYXRlZCBjbGllbnQgZmFpbHMgdG8sIG9yIGlz
CiAgIHVuYWJsZSB0bywga2VlcCBpdHMgY2xpZW50IGNyZWRlbnRpYWxzIGNvbmZpZGVudGlhbC4K
CiAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIGF1dGhlbnRpY2F0ZSB0aGUgY2xpZW50
IHdoZW5ldmVyCiAgIHBvc3NpYmxlLiAgSWYgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGNhbm5v
dCBhdXRoZW50aWNhdGUgdGhlIGNsaWVudAogICBkdWUgdG8gdGhlIGNsaWVudCdzIG5hdHVyZSwg
dGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgcmVxdWlyZSB0aGUKICAgcmVnaXN0cmF0aW9u
IG9mIGFueSByZWRpcmVjdGlvbiBVUkkgdXNlZCBmb3IgcmVjZWl2aW5nIGF1dGhvcml6YXRpb24K
ICAgcmVzcG9uc2VzLCBhbmQgU0hPVUxEIHV0aWxpemUgb3RoZXIgbWVhbnMgdG8gcHJvdGVjdCBy
ZXNvdXJjZSBvd25lcnMKICAgZnJvbSBzdWNoIHBvdGVudGlhbGx5IG1hbGljaW91cyBjbGllbnRz
LiAgRm9yIGV4YW1wbGUsIHRoZQogICBhdXRob3JpemF0aW9uIHNlcnZlciBjYW4gZW5nYWdlIHRo
ZSByZXNvdXJjZSBvd25lciB0byBhc3Npc3QgaW4KICAgaWRlbnRpZnlpbmcgdGhlIGNsaWVudCBh
bmQgaXRzIG9yaWdpbi4KCiAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBTSE9VTEQgZW5mb3Jj
ZSBleHBsaWNpdCByZXNvdXJjZSBvd25lcgogICBhdXRoZW50aWNhdGlvbiBhbmQgcHJvdmlkZSB0
aGUgcmVzb3VyY2Ugb3duZXIgd2l0aCBpbmZvcm1hdGlvbiBhYm91dAogICB0aGUgY2xpZW50IGFu
ZCB0aGUgcmVxdWVzdGVkIGF1dGhvcml6YXRpb24gc2NvcGUgYW5kIGxpZmV0aW1lLiAgSXQgaXMK
ICAgdXAgdG8gdGhlIHJlc291cmNlIG93bmVyIHRvIHJldmlldyB0aGUgaW5mb3JtYXRpb24gaW4g
dGhlIGNvbnRleHQgb2YKICAgdGhlIGN1cnJlbnQgY2xpZW50LCBhbmQgYXV0aG9yaXplIG9yIGRl
bnkgdGhlIHJlcXVlc3QuCgogICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgU0hPVUxEIE5PVCBw
cm9jZXNzIHJlcGVhdGVkIGF1dGhvcml6YXRpb24KICAgcmVxdWVzdHMgYXV0b21hdGljYWxseSAo
d2l0aG91dCBhY3RpdmUgcmVzb3VyY2Ugb3duZXIgaW50ZXJhY3Rpb24pCiAgIHdpdGhvdXQgYXV0
aGVudGljYXRpbmcgdGhlIGNsaWVudCBvciByZWx5aW5nIG9uIG90aGVyIG1lYXN1cmVzIHRvCiAg
IGVuc3VyZSB0aGUgcmVwZWF0ZWQgcmVxdWVzdCBjb21lcyBmcm9tIHRoZSBvcmlnaW5hbCBjbGll
bnQgYW5kIG5vdCBhbgogICBpbXBlcnNvbmF0b3IuCgoKCgpIYW1tZXIsIGV0IGFsLiAgICAgICAg
ICBFeHBpcmVzIE5vdmVtYmVyIDI1LCAyMDEyICAgICAgICAgICAgICBbUGFnZSA1MF0KDApJbnRl
cm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAg
ICAgTWF5IDIwMTIKCgoxMC4zLiAgQWNjZXNzIFRva2VucwoKICAgQWNjZXNzIHRva2VuIGNyZWRl
bnRpYWxzIChhcyB3ZWxsIGFzIGFueSBjb25maWRlbnRpYWwgYWNjZXNzIHRva2VuCiAgIGF0dHJp
YnV0ZXMpIE1VU1QgYmUga2VwdCBjb25maWRlbnRpYWwgaW4gdHJhbnNpdCBhbmQgc3RvcmFnZSwg
YW5kCiAgIG9ubHkgc2hhcmVkIGFtb25nIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciwgdGhlIHJl
c291cmNlIHNlcnZlcnMgdGhlCiAgIGFjY2VzcyB0b2tlbiBpcyB2YWxpZCBmb3IsIGFuZCB0aGUg
Y2xpZW50IHRvIHdob20gdGhlIGFjY2VzcyB0b2tlbiBpcwogICBpc3N1ZWQuICBBY2Nlc3MgdG9r
ZW4gY3JlZGVudGlhbHMgTVVTVCBvbmx5IGJlIHRyYW5zbWl0dGVkIHVzaW5nIFRMUwogICBhcyBk
ZXNjcmliZWQgaW4gU2VjdGlvbiAxLjYgd2l0aCBzZXJ2ZXIgYXV0aGVudGljYXRpb24gYXMgZGVm
aW5lZCBieQogICBbUkZDMjgxOF0uCgogICBXaGVuIHVzaW5nIHRoZSBpbXBsaWNpdCBncmFudCB0
eXBlLCB0aGUgYWNjZXNzIHRva2VuIGlzIHRyYW5zbWl0dGVkCiAgIGluIHRoZSBVUkkgZnJhZ21l
bnQsIHdoaWNoIGNhbiBleHBvc2UgaXQgdG8gdW5hdXRob3JpemVkIHBhcnRpZXMuCgogICBUaGUg
YXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBlbnN1cmUgdGhhdCBhY2Nlc3MgdG9rZW5zIGNhbm5v
dCBiZQogICBnZW5lcmF0ZWQsIG1vZGlmaWVkLCBvciBndWVzc2VkIHRvIHByb2R1Y2UgdmFsaWQg
YWNjZXNzIHRva2VucyBieQogICB1bmF1dGhvcml6ZWQgcGFydGllcy4KCiAgIFRoZSBjbGllbnQg
U0hPVUxEIHJlcXVlc3QgYWNjZXNzIHRva2VucyB3aXRoIHRoZSBtaW5pbWFsIHNjb3BlCiAgIG5l
Y2Vzc2FyeS4gIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBTSE9VTEQgdGFrZSB0aGUgY2xpZW50
IGlkZW50aXR5CiAgIGludG8gYWNjb3VudCB3aGVuIGNob29zaW5nIGhvdyB0byBob25vciB0aGUg
cmVxdWVzdGVkIHNjb3BlLCBhbmQgTUFZCiAgIGlzc3VlIGFuIGFjY2VzcyB0b2tlbiB3aXRoIGEg
bGVzcyByaWdodHMgdGhhbiByZXF1ZXN0ZWQuCgogICBUaGlzIHNwZWNpZmljYXRpb24gZG9lcyBu
b3QgcHJvdmlkZSBhbnkgbWV0aG9kcyBmb3IgdGhlIHJlc291cmNlCiAgIHNlcnZlciB0byBlbnN1
cmUgdGhhdCBhbiBhY2Nlc3MgdG9rZW4gcHJlc2VudGVkIHRvIGl0IGJ5IGEgZ2l2ZW4KICAgY2xp
ZW50LCB3YXMgaXNzdWVkIHRvIHRoZSB0aGF0IGNsaWVudCBieSB0aGUgYXV0aG9yaXphdGlvbiBz
ZXJ2ZXIuCgoxMC40LiAgUmVmcmVzaCBUb2tlbnMKCiAgIEF1dGhvcml6YXRpb24gc2VydmVycyBN
QVkgaXNzdWUgcmVmcmVzaCB0b2tlbnMgdG8gd2ViIGFwcGxpY2F0aW9uCiAgIGNsaWVudHMgYW5k
IG5hdGl2ZSBhcHBsaWNhdGlvbiBjbGllbnRzLgoKICAgUmVmcmVzaCB0b2tlbnMgTVVTVCBiZSBr
ZXB0IGNvbmZpZGVudGlhbCBpbiB0cmFuc2l0IGFuZCBzdG9yYWdlLCBhbmQKICAgc2hhcmVkIG9u
bHkgYW1vbmcgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGFuZCB0aGUgY2xpZW50IHRvIHdob20g
dGhlCiAgIHJlZnJlc2ggdG9rZW5zIHdlcmUgaXNzdWVkLiAgVGhlIGF1dGhvcml6YXRpb24gc2Vy
dmVyIE1VU1QgbWFpbnRhaW4KICAgdGhlIGJpbmRpbmcgYmV0d2VlbiBhIHJlZnJlc2ggdG9rZW4g
YW5kIHRoZSBjbGllbnQgdG8gd2hvbSBpdCB3YXMKICAgaXNzdWVkLiAgUmVmcmVzaCB0b2tlbnMg
TVVTVCBvbmx5IGJlIHRyYW5zbWl0dGVkIHVzaW5nIFRMUyBhcwogICBkZXNjcmliZWQgaW4gU2Vj
dGlvbiAxLjYgd2l0aCBzZXJ2ZXIgYXV0aGVudGljYXRpb24gYXMgZGVmaW5lZCBieQogICBbUkZD
MjgxOF0uCgogICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCB2ZXJpZnkgdGhlIGJpbmRp
bmcgYmV0d2VlbiB0aGUgcmVmcmVzaAogICB0b2tlbiBhbmQgY2xpZW50IGlkZW50aXR5IHdoZW5l
dmVyIHRoZSBjbGllbnQgaWRlbnRpdHkgY2FuIGJlCiAgIGF1dGhlbnRpY2F0ZWQuICBXaGVuIGNs
aWVudCBhdXRoZW50aWNhdGlvbiBpcyBub3QgcG9zc2libGUsIHRoZQogICBhdXRob3JpemF0aW9u
IHNlcnZlciBTSE9VTEQgZGVwbG95IG90aGVyIG1lYW5zIHRvIGRldGVjdCByZWZyZXNoCiAgIHRv
a2VuIGFidXNlLgoKICAgRm9yIGV4YW1wbGUsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBjb3Vs
ZCBlbXBsb3kgcmVmcmVzaCB0b2tlbgogICByb3RhdGlvbiBpbiB3aGljaCBhIG5ldyByZWZyZXNo
IHRva2VuIGlzIGlzc3VlZCB3aXRoIGV2ZXJ5IGFjY2VzcwogICB0b2tlbiByZWZyZXNoIHJlc3Bv
bnNlLiAgVGhlIHByZXZpb3VzIHJlZnJlc2ggdG9rZW4gaXMgaW52YWxpZGF0ZWQKCgoKSGFtbWVy
LCBldCBhbC4gICAgICAgICAgRXhwaXJlcyBOb3ZlbWJlciAyNSwgMjAxMiAgICAgICAgICAgICAg
W1BhZ2UgNTFdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBPQXV0aCAyLjAgICAg
ICAgICAgICAgICAgICAgICAgIE1heSAyMDEyCgoKICAgYnV0IHJldGFpbmVkIGJ5IHRoZSBhdXRo
b3JpemF0aW9uIHNlcnZlci4gIElmIGEgcmVmcmVzaCB0b2tlbiBpcwogICBjb21wcm9taXNlZCBh
bmQgc3Vic2VxdWVudGx5IHVzZWQgYnkgYm90aCB0aGUgYXR0YWNrZXIgYW5kIHRoZQogICBsZWdp
dGltYXRlIGNsaWVudCwgb25lIG9mIHRoZW0gd2lsbCBwcmVzZW50IGFuIGludmFsaWRhdGVkIHJl
ZnJlc2gKICAgdG9rZW4gd2hpY2ggd2lsbCBpbmZvcm0gdGhlIGF1dGhvcml6YXRpb24gc2VydmVy
IG9mIHRoZSBicmVhY2guCgogICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBlbnN1cmUg
dGhhdCByZWZyZXNoIHRva2VucyBjYW5ub3QgYmUKICAgZ2VuZXJhdGVkLCBtb2RpZmllZCwgb3Ig
Z3Vlc3NlZCB0byBwcm9kdWNlIHZhbGlkIHJlZnJlc2ggdG9rZW5zIGJ5CiAgIHVuYXV0aG9yaXpl
ZCBwYXJ0aWVzLgoKMTAuNS4gIEF1dGhvcml6YXRpb24gQ29kZXMKCiAgIFRoZSB0cmFuc21pc3Np
b24gb2YgYXV0aG9yaXphdGlvbiBjb2RlcyBTSE9VTEQgYmUgbWFkZSBvdmVyIGEgc2VjdXJlCiAg
IGNoYW5uZWwsIGFuZCB0aGUgY2xpZW50IFNIT1VMRCByZXF1aXJlIHRoZSB1c2Ugb2YgVExTIHdp
dGggaXRzCiAgIHJlZGlyZWN0aW9uIFVSSSBpZiB0aGUgVVJJIGlkZW50aWZpZXMgYSBuZXR3b3Jr
IHJlc291cmNlLiAgU2luY2UKICAgYXV0aG9yaXphdGlvbiBjb2RlcyBhcmUgdHJhbnNtaXR0ZWQg
dmlhIHVzZXItYWdlbnQgcmVkaXJlY3Rpb25zLCB0aGV5CiAgIGNvdWxkIHBvdGVudGlhbGx5IGJl
IGRpc2Nsb3NlZCB0aHJvdWdoIHVzZXItYWdlbnQgaGlzdG9yeSBhbmQgSFRUUAogICByZWZlcnJl
ciBoZWFkZXJzLgoKICAgQXV0aG9yaXphdGlvbiBjb2RlcyBvcGVyYXRlIGFzIHBsYWludGV4dCBi
ZWFyZXIgY3JlZGVudGlhbHMsIHVzZWQgdG8KICAgdmVyaWZ5IHRoYXQgdGhlIHJlc291cmNlIG93
bmVyIHdobyBncmFudGVkIGF1dGhvcml6YXRpb24gYXQgdGhlCiAgIGF1dGhvcml6YXRpb24gc2Vy
dmVyIGlzIHRoZSBzYW1lIHJlc291cmNlIG93bmVyIHJldHVybmluZyB0byB0aGUKICAgY2xpZW50
IHRvIGNvbXBsZXRlIHRoZSBwcm9jZXNzLiAgVGhlcmVmb3JlLCBpZiB0aGUgY2xpZW50IHJlbGll
cyBvbgogICB0aGUgYXV0aG9yaXphdGlvbiBjb2RlIGZvciBpdHMgb3duIHJlc291cmNlIG93bmVy
IGF1dGhlbnRpY2F0aW9uLCB0aGUKICAgY2xpZW50IHJlZGlyZWN0aW9uIGVuZHBvaW50IE1VU1Qg
cmVxdWlyZSB0aGUgdXNlIG9mIFRMUy4KCiAgIEF1dGhvcml6YXRpb24gY29kZXMgTVVTVCBiZSBz
aG9ydCBsaXZlZCBhbmQgc2luZ2xlIHVzZS4gIElmIHRoZQogICBhdXRob3JpemF0aW9uIHNlcnZl
ciBvYnNlcnZlcyBtdWx0aXBsZSBhdHRlbXB0cyB0byBleGNoYW5nZSBhbgogICBhdXRob3JpemF0
aW9uIGNvZGUgZm9yIGFuIGFjY2VzcyB0b2tlbiwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyCiAg
IFNIT1VMRCBhdHRlbXB0IHRvIHJldm9rZSBhbGwgYWNjZXNzIHRva2VucyBhbHJlYWR5IGdyYW50
ZWQgYmFzZWQgb24KICAgdGhlIGNvbXByb21pc2VkIGF1dGhvcml6YXRpb24gY29kZS4KCiAgIElm
IHRoZSBjbGllbnQgY2FuIGJlIGF1dGhlbnRpY2F0ZWQsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZl
cnMgTVVTVAogICBhdXRoZW50aWNhdGUgdGhlIGNsaWVudCBhbmQgZW5zdXJlIHRoYXQgdGhlIGF1
dGhvcml6YXRpb24gY29kZSB3YXMKICAgaXNzdWVkIHRvIHRoZSBzYW1lIGNsaWVudC4KCjEwLjYu
ICBBdXRob3JpemF0aW9uIENvZGUgUmVkaXJlY3Rpb24gVVJJIE1hbmlwdWxhdGlvbgoKICAgV2hl
biByZXF1ZXN0aW5nIGF1dGhvcml6YXRpb24gdXNpbmcgdGhlIGF1dGhvcml6YXRpb24gY29kZSBn
cmFudAogICB0eXBlLCB0aGUgY2xpZW50IGNhbiBzcGVjaWZ5IGEgcmVkaXJlY3Rpb24gVVJJIHZp
YSB0aGUgInJlZGlyZWN0X3VyaSIKICAgcGFyYW1ldGVyLiAgSWYgYW4gYXR0YWNrZXIgY2FuIG1h
bmlwdWxhdGUgdGhlIHZhbHVlIG9mIHRoZQogICByZWRpcmVjdGlvbiBVUkksIGl0IGNhbiBjYXVz
ZSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgdG8gcmVkaXJlY3QKICAgdGhlIHJlc291cmNlIG93
bmVyIHVzZXItYWdlbnQgdG8gYSBVUkkgdW5kZXIgdGhlIGNvbnRyb2wgb2YgdGhlCiAgIGF0dGFj
a2VyIHdpdGggdGhlIGF1dGhvcml6YXRpb24gY29kZS4KCiAgIEFuIGF0dGFja2VyIGNhbiBjcmVh
dGUgYW4gYWNjb3VudCBhdCBhIGxlZ2l0aW1hdGUgY2xpZW50IGFuZCBpbml0aWF0ZQogICB0aGUg
YXV0aG9yaXphdGlvbiBmbG93LiAgV2hlbiB0aGUgYXR0YWNrZXIncyB1c2VyLWFnZW50IGlzIHNl
bnQgdG8KICAgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHRvIGdyYW50IGFjY2VzcywgdGhlIGF0
dGFja2VyIGdyYWJzIHRoZQogICBhdXRob3JpemF0aW9uIFVSSSBwcm92aWRlZCBieSB0aGUgbGVn
aXRpbWF0ZSBjbGllbnQsIGFuZCByZXBsYWNlcyB0aGUKCgoKSGFtbWVyLCBldCBhbC4gICAgICAg
ICAgRXhwaXJlcyBOb3ZlbWJlciAyNSwgMjAxMiAgICAgICAgICAgICAgW1BhZ2UgNTJdCgwKSW50
ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAgICAg
ICAgIE1heSAyMDEyCgoKICAgY2xpZW50J3MgcmVkaXJlY3Rpb24gVVJJIHdpdGggYSBVUkkgdW5k
ZXIgdGhlIGNvbnRyb2wgb2YgdGhlCiAgIGF0dGFja2VyLiAgVGhlIGF0dGFja2VyIHRoZW4gdHJp
Y2tzIHRoZSB2aWN0aW0gaW50byBmb2xsb3dpbmcgdGhlCiAgIG1hbmlwdWxhdGVkIGxpbmsgdG8g
YXV0aG9yaXplIGFjY2VzcyB0byB0aGUgbGVnaXRpbWF0ZSBjbGllbnQuCgogICBPbmNlIGF0IHRo
ZSBhdXRob3JpemF0aW9uIHNlcnZlciwgdGhlIHZpY3RpbSBpcyBwcm9tcHRlZCB3aXRoIGEKICAg
bm9ybWFsLCB2YWxpZCByZXF1ZXN0IG9uIGJlaGFsZiBvZiBhIGxlZ2l0aW1hdGUgYW5kIHRydXN0
ZWQgY2xpZW50LAogICBhbmQgYXV0aG9yaXplcyB0aGUgcmVxdWVzdC4gIFRoZSB2aWN0aW0gaXMg
dGhlbiByZWRpcmVjdGVkIHRvIGFuCiAgIGVuZHBvaW50IHVuZGVyIHRoZSBjb250cm9sIG9mIHRo
ZSBhdHRhY2tlciB3aXRoIHRoZSBhdXRob3JpemF0aW9uCiAgIGNvZGUuICBUaGUgYXR0YWNrZXIg
Y29tcGxldGVzIHRoZSBhdXRob3JpemF0aW9uIGZsb3cgYnkgc2VuZGluZyB0aGUKICAgYXV0aG9y
aXphdGlvbiBjb2RlIHRvIHRoZSBjbGllbnQgdXNpbmcgdGhlIG9yaWdpbmFsIHJlZGlyZWN0aW9u
IFVSSQogICBwcm92aWRlZCBieSB0aGUgY2xpZW50LiAgVGhlIGNsaWVudCBleGNoYW5nZXMgdGhl
IGF1dGhvcml6YXRpb24gY29kZQogICB3aXRoIGFuIGFjY2VzcyB0b2tlbiBhbmQgbGlua3MgaXQg
dG8gdGhlIGF0dGFja2VyJ3MgY2xpZW50IGFjY291bnQKICAgd2hpY2ggY2FuIG5vdyBnYWluIGFj
Y2VzcyB0byB0aGUgcHJvdGVjdGVkIHJlc291cmNlcyBhdXRob3JpemVkIGJ5CiAgIHRoZSB2aWN0
aW0gKHZpYSB0aGUgY2xpZW50KS4KCiAgIEluIG9yZGVyIHRvIHByZXZlbnQgc3VjaCBhbiBhdHRh
Y2ssIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUCiAgIGVuc3VyZSB0aGF0IHRoZSByZWRp
cmVjdGlvbiBVUkkgdXNlZCB0byBvYnRhaW4gdGhlIGF1dGhvcml6YXRpb24gY29kZQogICBpcyBp
ZGVudGljYWwgdG8gdGhlIHJlZGlyZWN0aW9uIFVSSSBwcm92aWRlZCB3aGVuIGV4Y2hhbmdpbmcg
dGhlCiAgIGF1dGhvcml6YXRpb24gY29kZSBmb3IgYW4gYWNjZXNzIHRva2VuLiAgVGhlIGF1dGhv
cml6YXRpb24gc2VydmVyCiAgIE1VU1QgcmVxdWlyZSBwdWJsaWMgY2xpZW50cyBhbmQgU0hPVUxE
IHJlcXVpcmUgY29uZmlkZW50aWFsIGNsaWVudHMKICAgdG8gcmVnaXN0ZXIgdGhlaXIgcmVkaXJl
Y3Rpb24gVVJJcy4gIElmIGEgcmVkaXJlY3Rpb24gVVJJIGlzIHByb3ZpZGVkCiAgIGluIHRoZSBy
ZXF1ZXN0LCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCB2YWxpZGF0ZSBpdCBhZ2FpbnN0
IHRoZQogICByZWdpc3RlcmVkIHZhbHVlLgoKMTAuNy4gIFJlc291cmNlIE93bmVyIFBhc3N3b3Jk
IENyZWRlbnRpYWxzCgogICBUaGUgcmVzb3VyY2Ugb3duZXIgcGFzc3dvcmQgY3JlZGVudGlhbHMg
Z3JhbnQgdHlwZSBpcyBvZnRlbiB1c2VkIGZvcgogICBsZWdhY3kgb3IgbWlncmF0aW9uIHJlYXNv
bnMuICBJdCByZWR1Y2VzIHRoZSBvdmVyYWxsIHJpc2sgb2Ygc3RvcmluZwogICB1c2VybmFtZSBh
bmQgcGFzc3dvcmQgYnkgdGhlIGNsaWVudCwgYnV0IGRvZXMgbm90IGVsaW1pbmF0ZSB0aGUgbmVl
ZAogICB0byBleHBvc2UgaGlnaGx5IHByaXZpbGVnZWQgY3JlZGVudGlhbHMgdG8gdGhlIGNsaWVu
dC4KCiAgIFRoaXMgZ3JhbnQgdHlwZSBjYXJyaWVzIGEgaGlnaGVyIHJpc2sgdGhhbiBvdGhlciBn
cmFudCB0eXBlcyBiZWNhdXNlCiAgIGl0IG1haW50YWlucyB0aGUgcGFzc3dvcmQgYW50aS1wYXR0
ZXJuIHRoaXMgcHJvdG9jb2wgc2Vla3MgdG8gYXZvaWQuCiAgIFRoZSBjbGllbnQgY291bGQgYWJ1
c2UgdGhlIHBhc3N3b3JkIG9yIHRoZSBwYXNzd29yZCBjb3VsZAogICB1bmludGVudGlvbmFsbHkg
YmUgZGlzY2xvc2VkIHRvIGFuIGF0dGFja2VyIChlLmcuIHZpYSBsb2cgZmlsZXMgb3IKICAgb3Ro
ZXIgcmVjb3JkcyBrZXB0IGJ5IHRoZSBjbGllbnQpLgoKICAgQWRkaXRpb25hbGx5LCBiZWNhdXNl
IHRoZSByZXNvdXJjZSBvd25lciBkb2VzIG5vdCBoYXZlIGNvbnRyb2wgb3ZlcgogICB0aGUgYXV0
aG9yaXphdGlvbiBwcm9jZXNzICh0aGUgcmVzb3VyY2Ugb3duZXIgaW52b2x2ZW1lbnQgZW5kcyB3
aGVuCiAgIGl0IGhhbmRzIG92ZXIgaXRzIGNyZWRlbnRpYWxzIHRvIHRoZSBjbGllbnQpLCB0aGUg
Y2xpZW50IGNhbiBvYnRhaW4KICAgYWNjZXNzIHRva2VucyB3aXRoIGEgYnJvYWRlciBzY29wZSB0
aGFuIGRlc2lyZWQgYnkgdGhlIHJlc291cmNlCiAgIG93bmVyLiAgVGhlIGF1dGhvcml6YXRpb24g
c2VydmVyIHNob3VsZCBjb25zaWRlciB0aGUgc2NvcGUgYW5kCiAgIGxpZmV0aW1lIG9mIGFjY2Vz
cyB0b2tlbnMgaXNzdWVkIHZpYSB0aGlzIGdyYW50IHR5cGUuCgogICBUaGUgYXV0aG9yaXphdGlv
biBzZXJ2ZXIgYW5kIGNsaWVudCBTSE9VTEQgbWluaW1pemUgdXNlIG9mIHRoaXMgZ3JhbnQKICAg
dHlwZSBhbmQgdXRpbGl6ZSBvdGhlciBncmFudCB0eXBlcyB3aGVuZXZlciBwb3NzaWJsZS4KCgoK
CgpIYW1tZXIsIGV0IGFsLiAgICAgICAgICBFeHBpcmVzIE5vdmVtYmVyIDI1LCAyMDEyICAgICAg
ICAgICAgICBbUGFnZSA1M10KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIE9BdXRo
IDIuMCAgICAgICAgICAgICAgICAgICAgICAgTWF5IDIwMTIKCgoxMC44LiAgUmVxdWVzdCBDb25m
aWRlbnRpYWxpdHkKCiAgIEFjY2VzcyB0b2tlbnMsIHJlZnJlc2ggdG9rZW5zLCByZXNvdXJjZSBv
d25lciBwYXNzd29yZHMsIGFuZCBjbGllbnQKICAgY3JlZGVudGlhbHMgTVVTVCBOT1QgYmUgdHJh
bnNtaXR0ZWQgaW4gdGhlIGNsZWFyLiAgQXV0aG9yaXphdGlvbgogICBjb2RlcyBTSE9VTEQgTk9U
IGJlIHRyYW5zbWl0dGVkIGluIHRoZSBjbGVhci4KCiAgIFRoZSAic3RhdGUiIGFuZCAic2NvcGUi
IHBhcmFtZXRlcnMgU0hPVUxEIE5PVCBpbmNsdWRlIHNlbnNpdGl2ZQogICBjbGllbnQgb3IgcmVz
b3VyY2Ugb3duZXIgaW5mb3JtYXRpb24gaW4gcGxhaW4gdGV4dCBhcyB0aGV5IGNhbiBiZQogICB0
cmFuc21pdHRlZCBvdmVyIGluc2VjdXJlIGNoYW5uZWxzIG9yIHN0b3JlZCBpbnNlY3VyZWx5LgoK
MTAuOS4gIEVuZHBvaW50cyBBdXRoZW50aWNpdHkKCiAgIEluIG9yZGVyIHRvIHByZXZlbnQgbWFu
LWluLXRoZS1taWRkbGUgYXR0YWNrcywgdGhlIGF1dGhvcml6YXRpb24KICAgc2VydmVyIE1VU1Qg
cmVxdWlyZSB0aGUgdXNlIG9mIFRMUyB3aXRoIHNlcnZlciBhdXRoZW50aWNhdGlvbiBhcwogICBk
ZWZpbmVkIGJ5IFtSRkMyODE4XSBmb3IgYW55IHJlcXVlc3Qgc2VudCB0byB0aGUgYXV0aG9yaXph
dGlvbiBhbmQKICAgdG9rZW4gZW5kcG9pbnRzLiAgVGhlIGNsaWVudCBNVVNUIHZhbGlkYXRlIHRo
ZSBhdXRob3JpemF0aW9uIHNlcnZlcidzCiAgIFRMUyBjZXJ0aWZpY2F0ZSBhcyBkZWZpbmVkIGJ5
IFtSRkM2MTI1XSwgYW5kIGluIGFjY29yZGFuY2Ugd2l0aCBpdHMKICAgcmVxdWlyZW1lbnRzIGZv
ciBzZXJ2ZXIgaWRlbnRpdHkgYXV0aGVudGljYXRpb24uCgoxMC4xMC4gIENyZWRlbnRpYWxzIEd1
ZXNzaW5nIEF0dGFja3MKCiAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIHByZXZlbnQg
YXR0YWNrZXJzIGZyb20gZ3Vlc3NpbmcgYWNjZXNzCiAgIHRva2VucywgYXV0aG9yaXphdGlvbiBj
b2RlcywgcmVmcmVzaCB0b2tlbnMsIHJlc291cmNlIG93bmVyCiAgIHBhc3N3b3JkcywgYW5kIGNs
aWVudCBjcmVkZW50aWFscy4KCiAgIFRoZSBwcm9iYWJpbGl0eSBvZiBhbiBhdHRhY2tlciBndWVz
c2luZyBnZW5lcmF0ZWQgdG9rZW5zIChhbmQgb3RoZXIKICAgY3JlZGVudGlhbHMgbm90IGludGVu
ZGVkIGZvciBoYW5kbGluZyBieSBlbmQtdXNlcnMpIE1VU1QgYmUgbGVzcyB0aGFuCiAgIG9yIGVx
dWFsIHRvIDJeKC0xMjgpIGFuZCBTSE9VTEQgYmUgbGVzcyB0aGFuIG9yIGVxdWFsIHRvIDJeKC0x
NjApLgoKICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgdXRpbGl6ZSBvdGhlciBtZWFu
cyB0byBwcm90ZWN0CiAgIGNyZWRlbnRpYWxzIGludGVuZGVkIGZvciBlbmQtdXNlciB1c2FnZS4K
CjEwLjExLiAgUGhpc2hpbmcgQXR0YWNrcwoKICAgV2lkZSBkZXBsb3ltZW50IG9mIHRoaXMgYW5k
IHNpbWlsYXIgcHJvdG9jb2xzIG1heSBjYXVzZSBlbmQtdXNlcnMgdG8KICAgYmVjb21lIGludXJl
ZCB0byB0aGUgcHJhY3RpY2Ugb2YgYmVpbmcgcmVkaXJlY3RlZCB0byB3ZWJzaXRlcyB3aGVyZQog
ICB0aGV5IGFyZSBhc2tlZCB0byBlbnRlciB0aGVpciBwYXNzd29yZHMuICBJZiBlbmQtdXNlcnMg
YXJlIG5vdAogICBjYXJlZnVsIHRvIHZlcmlmeSB0aGUgYXV0aGVudGljaXR5IG9mIHRoZXNlIHdl
YnNpdGVzIGJlZm9yZSBlbnRlcmluZwogICB0aGVpciBjcmVkZW50aWFscywgaXQgd2lsbCBiZSBw
b3NzaWJsZSBmb3IgYXR0YWNrZXJzIHRvIGV4cGxvaXQgdGhpcwogICBwcmFjdGljZSB0byBzdGVh
bCByZXNvdXJjZSBvd25lcnMnIHBhc3N3b3Jkcy4KCiAgIFNlcnZpY2UgcHJvdmlkZXJzIHNob3Vs
ZCBhdHRlbXB0IHRvIGVkdWNhdGUgZW5kLXVzZXJzIGFib3V0IHRoZSByaXNrcwogICBwaGlzaGlu
ZyBhdHRhY2tzIHBvc2UsIGFuZCBzaG91bGQgcHJvdmlkZSBtZWNoYW5pc21zIHRoYXQgbWFrZSBp
dAogICBlYXN5IGZvciBlbmQtdXNlcnMgdG8gY29uZmlybSB0aGUgYXV0aGVudGljaXR5IG9mIHRo
ZWlyIHNpdGVzLgogICBDbGllbnQgZGV2ZWxvcGVycyBzaG91bGQgY29uc2lkZXIgdGhlIHNlY3Vy
aXR5IGltcGxpY2F0aW9ucyBvZiBob3cKICAgdGhleSBpbnRlcmFjdCB3aXRoIHRoZSB1c2VyLWFn
ZW50IChlLmcuLCBleHRlcm5hbCwgZW1iZWRkZWQpLCBhbmQgdGhlCiAgIGFiaWxpdHkgb2YgdGhl
IGVuZC11c2VyIHRvIHZlcmlmeSB0aGUgYXV0aGVudGljaXR5IG9mIHRoZQogICBhdXRob3JpemF0
aW9uIHNlcnZlci4KCgoKSGFtbWVyLCBldCBhbC4gICAgICAgICAgRXhwaXJlcyBOb3ZlbWJlciAy
NSwgMjAxMiAgICAgICAgICAgICAgW1BhZ2UgNTRdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAg
ICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAgICAgICAgIE1heSAyMDEyCgoKICAgVG8g
cmVkdWNlIHRoZSByaXNrIG9mIHBoaXNoaW5nIGF0dGFja3MsIHRoZSBhdXRob3JpemF0aW9uIHNl
cnZlcnMKICAgTVVTVCByZXF1aXJlIHRoZSB1c2Ugb2YgVExTIG9uIGV2ZXJ5IGVuZHBvaW50IHVz
ZWQgZm9yIGVuZC11c2VyCiAgIGludGVyYWN0aW9uLgoKMTAuMTIuICBDcm9zcy1TaXRlIFJlcXVl
c3QgRm9yZ2VyeQoKICAgQ3Jvc3Mtc2l0ZSByZXF1ZXN0IGZvcmdlcnkgKENTUkYpIGlzIGFuIGV4
cGxvaXQgaW4gd2hpY2ggYW4gYXR0YWNrZXIKICAgY2F1c2VzIHRoZSB1c2VyLWFnZW50IG9mIGEg
dmljdGltIGVuZC11c2VyIHRvIGZvbGxvdyBhIG1hbGljaW91cyBVUkkKICAgKGUuZy4gcHJvdmlk
ZWQgdG8gdGhlIHVzZXItYWdlbnQgYXMgYSBtaXNsZWFkaW5nIGxpbmssIGltYWdlLCBvcgogICBy
ZWRpcmVjdGlvbikgdG8gYSB0cnVzdGluZyBzZXJ2ZXIgKHVzdWFsbHkgZXN0YWJsaXNoZWQgdmlh
IHRoZQogICBwcmVzZW5jZSBvZiBhIHZhbGlkIHNlc3Npb24gY29va2llKS4KCiAgIEEgQ1NSRiBh
dHRhY2sgYWdhaW5zdCB0aGUgY2xpZW50J3MgcmVkaXJlY3Rpb24gVVJJIGFsbG93cyBhbiBhdHRh
Y2tlcgogICB0byBpbmplY3QgdGhlaXIgb3duIGF1dGhvcml6YXRpb24gY29kZSBvciBhY2Nlc3Mg
dG9rZW4sIHdoaWNoIGNhbgogICByZXN1bHQgaW4gdGhlIGNsaWVudCB1c2luZyBhbiBhY2Nlc3Mg
dG9rZW4gYXNzb2NpYXRlZCB3aXRoIHRoZQogICBhdHRhY2tlcidzIHByb3RlY3RlZCByZXNvdXJj
ZXMgcmF0aGVyIHRoYW4gdGhlIHZpY3RpbSdzIChlLmcuIHNhdmUKICAgdGhlIHZpY3RpbSdzIGJh
bmsgYWNjb3VudCBpbmZvcm1hdGlvbiB0byBhIHByb3RlY3RlZCByZXNvdXJjZQogICBjb250cm9s
bGVkIGJ5IHRoZSBhdHRhY2tlcikuCgogICBUaGUgY2xpZW50IE1VU1QgaW1wbGVtZW50IENTUkYg
cHJvdGVjdGlvbiBmb3IgaXRzIHJlZGlyZWN0aW9uIFVSSS4KICAgVGhpcyBpcyB0eXBpY2FsbHkg
YWNjb21wbGlzaGVkIGJ5IHJlcXVpcmluZyBhbnkgcmVxdWVzdCBzZW50IHRvIHRoZQogICByZWRp
cmVjdGlvbiBVUkkgZW5kcG9pbnQgdG8gaW5jbHVkZSBhIHZhbHVlIHRoYXQgYmluZHMgdGhlIHJl
cXVlc3QgdG8KICAgdGhlIHVzZXItYWdlbnQncyBhdXRoZW50aWNhdGVkIHN0YXRlIChlLmcuIGEg
aGFzaCBvZiB0aGUgc2Vzc2lvbgogICBjb29raWUgdXNlZCB0byBhdXRoZW50aWNhdGUgdGhlIHVz
ZXItYWdlbnQpLiAgVGhlIGNsaWVudCBTSE9VTEQKICAgdXRpbGl6ZSB0aGUgInN0YXRlIiByZXF1
ZXN0IHBhcmFtZXRlciB0byBkZWxpdmVyIHRoaXMgdmFsdWUgdG8gdGhlCiAgIGF1dGhvcml6YXRp
b24gc2VydmVyIHdoZW4gbWFraW5nIGFuIGF1dGhvcml6YXRpb24gcmVxdWVzdC4KCiAgIE9uY2Ug
YXV0aG9yaXphdGlvbiBoYXMgYmVlbiBvYnRhaW5lZCBmcm9tIHRoZSBlbmQtdXNlciwgdGhlCiAg
IGF1dGhvcml6YXRpb24gc2VydmVyIHJlZGlyZWN0cyB0aGUgZW5kLXVzZXIncyB1c2VyLWFnZW50
IGJhY2sgdG8gdGhlCiAgIGNsaWVudCB3aXRoIHRoZSByZXF1aXJlZCBiaW5kaW5nIHZhbHVlIGNv
bnRhaW5lZCBpbiB0aGUgInN0YXRlIgogICBwYXJhbWV0ZXIuICBUaGUgYmluZGluZyB2YWx1ZSBl
bmFibGVzIHRoZSBjbGllbnQgdG8gdmVyaWZ5IHRoZQogICB2YWxpZGl0eSBvZiB0aGUgcmVxdWVz
dCBieSBtYXRjaGluZyB0aGUgYmluZGluZyB2YWx1ZSB0byB0aGUgdXNlci0KICAgYWdlbnQncyBh
dXRoZW50aWNhdGVkIHN0YXRlLiAgVGhlIGJpbmRpbmcgdmFsdWUgdXNlZCBmb3IgQ1NSRgogICBw
cm90ZWN0aW9uIE1VU1QgY29udGFpbiBhIG5vbi1ndWVzc2FibGUgdmFsdWUgKGFzIGRlc2NyaWJl
ZCBpbgogICBTZWN0aW9uIDEwLjEwKSwgYW5kIHRoZSB1c2VyLWFnZW50J3MgYXV0aGVudGljYXRl
ZCBzdGF0ZSAoZS5nLgogICBzZXNzaW9uIGNvb2tpZSwgSFRNTDUgbG9jYWwgc3RvcmFnZSkgTVVT
VCBiZSBrZXB0IGluIGEgbG9jYXRpb24KICAgYWNjZXNzaWJsZSBvbmx5IHRvIHRoZSBjbGllbnQg
YW5kIHRoZSB1c2VyLWFnZW50IChpLmUuLCBwcm90ZWN0ZWQgYnkKICAgc2FtZS1vcmlnaW4gcG9s
aWN5KS4KCiAgIEEgQ1NSRiBhdHRhY2sgYWdhaW5zdCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIn
cyBhdXRob3JpemF0aW9uCiAgIGVuZHBvaW50IGNhbiByZXN1bHQgaW4gYW4gYXR0YWNrZXIgb2J0
YWluaW5nIGVuZC11c2VyIGF1dGhvcml6YXRpb24KICAgZm9yIGEgbWFsaWNpb3VzIGNsaWVudCB3
aXRob3V0IGludm9sdmluZyBvciBhbGVydGluZyB0aGUgZW5kLXVzZXIuCgogICBUaGUgYXV0aG9y
aXphdGlvbiBzZXJ2ZXIgTVVTVCBpbXBsZW1lbnQgQ1NSRiBwcm90ZWN0aW9uIGZvciBpdHMKICAg
YXV0aG9yaXphdGlvbiBlbmRwb2ludCwgYW5kIGVuc3VyZSB0aGF0IGEgbWFsaWNpb3VzIGNsaWVu
dCBjYW5ub3QKICAgb2J0YWluIGF1dGhvcml6YXRpb24gd2l0aG91dCB0aGUgYXdhcmVuZXNzIGFu
ZCBleHBsaWNpdCBjb25zZW50IG9mCiAgIHRoZSByZXNvdXJjZSBvd25lci4KCgoKCkhhbW1lciwg
ZXQgYWwuICAgICAgICAgIEV4cGlyZXMgTm92ZW1iZXIgMjUsIDIwMTIgICAgICAgICAgICAgIFtQ
YWdlIDU1XQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAg
ICAgICAgICAgICAgICAgICBNYXkgMjAxMgoKCjEwLjEzLiAgQ2xpY2tqYWNraW5nCgogICBJbiBh
IGNsaWNramFja2luZyBhdHRhY2ssIGFuIGF0dGFja2VyIHJlZ2lzdGVycyBhIGxlZ2l0aW1hdGUg
Y2xpZW50CiAgIGFuZCB0aGVuIGNvbnN0cnVjdHMgYSBtYWxpY2lvdXMgc2l0ZSBpbiB3aGljaCBp
dCBsb2FkcyB0aGUKICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIncyBhdXRob3JpemF0aW9uIGVuZHBv
aW50IHdlYiBwYWdlIGluIGEKICAgdHJhbnNwYXJlbnQgaWZyYW1lIG92ZXJsYWlkIG9uIHRvcCBv
ZiBhIHNldCBvZiBkdW1teSBidXR0b25zIHdoaWNoCiAgIGFyZSBjYXJlZnVsbHkgY29uc3RydWN0
ZWQgdG8gYmUgcGxhY2VkIGRpcmVjdGx5IHVuZGVyIGltcG9ydGFudAogICBidXR0b25zIG9uIHRo
ZSBhdXRob3JpemF0aW9uIHBhZ2UuICBXaGVuIGFuIGVuZC11c2VyIGNsaWNrcyBhCiAgIG1pc2xl
YWRpbmcgdmlzaWJsZSBidXR0b24sIHRoZSBlbmQtdXNlciBpcyBhY3R1YWxseSBjbGlja2luZyBh
bgogICBpbnZpc2libGUgYnV0dG9uIG9uIHRoZSBhdXRob3JpemF0aW9uIHBhZ2UgKHN1Y2ggYXMg
YW4gIkF1dGhvcml6ZSIKICAgYnV0dG9uKS4gIFRoaXMgYWxsb3dzIGFuIGF0dGFja2VyIHRvIHRy
aWNrIGEgcmVzb3VyY2Ugb3duZXIgaW50bwogICBncmFudGluZyBpdHMgY2xpZW50IGFjY2VzcyB3
aXRob3V0IHRoZWlyIGtub3dsZWRnZS4KCiAgIFRvIHByZXZlbnQgdGhpcyBmb3JtIG9mIGF0dGFj
aywgbmF0aXZlIGFwcGxpY2F0aW9ucyBTSE9VTEQgdXNlCiAgIGV4dGVybmFsIGJyb3dzZXJzIGlu
c3RlYWQgb2YgZW1iZWRkaW5nIGJyb3dzZXJzIHdpdGhpbiB0aGUKICAgYXBwbGljYXRpb24gd2hl
biByZXF1ZXN0aW5nIGVuZC11c2VyIGF1dGhvcml6YXRpb24uICBGb3IgbW9zdCBuZXdlcgogICBi
cm93c2VycywgYXZvaWRhbmNlIG9mIGlmcmFtZXMgY2FuIGJlIGVuZm9yY2VkIGJ5IHRoZSBhdXRo
b3JpemF0aW9uCiAgIHNlcnZlciB1c2luZyB0aGUgKG5vbi1zdGFuZGFyZCkgIngtZnJhbWUtb3B0
aW9ucyIgaGVhZGVyLiAgVGhpcwogICBoZWFkZXIgY2FuIGhhdmUgdHdvIHZhbHVlcywgImRlbnki
IGFuZCAic2FtZW9yaWdpbiIsIHdoaWNoIHdpbGwgYmxvY2sKICAgYW55IGZyYW1pbmcsIG9yIGZy
YW1pbmcgYnkgc2l0ZXMgd2l0aCBhIGRpZmZlcmVudCBvcmlnaW4sCiAgIHJlc3BlY3RpdmVseS4g
IEZvciBvbGRlciBicm93c2VycywgamF2YXNjcmlwdCBmcmFtZWJ1c3RpbmcgdGVjaG5pcXVlcwog
ICBjYW4gYmUgdXNlZCBidXQgbWF5IG5vdCBiZSBlZmZlY3RpdmUgaW4gYWxsIGJyb3dzZXJzLgoK
MTAuMTQuICBDb2RlIEluamVjdGlvbiBhbmQgSW5wdXQgVmFsaWRhdGlvbgoKICAgQSBjb2RlIGlu
amVjdGlvbiBhdHRhY2sgb2NjdXJzIHdoZW4gYW4gaW5wdXQgb3Igb3RoZXJ3aXNlIGV4dGVybmFs
CiAgIHZhcmlhYmxlIGlzIHVzZWQgYnkgYW4gYXBwbGljYXRpb24gdW5zYW5pdGl6ZWQgYW5kIGNh
dXNlcwogICBtb2RpZmljYXRpb24gdG8gdGhlIGFwcGxpY2F0aW9uIGxvZ2ljLiAgVGhpcyBtYXkg
YWxsb3cgYW4gYXR0YWNrZXIgdG8KICAgZ2FpbiBhY2Nlc3MgdG8gdGhlIGFwcGxpY2F0aW9uIGRl
dmljZSBvciBpdHMgZGF0YSwgY2F1c2UgZGVuaWFsIG9mCiAgIHNlcnZpY2UsIG9yIGEgd2lkZSBy
YW5nZSBvZiBtYWxpY2lvdXMgc2lkZS1lZmZlY3RzLgoKICAgVGhlIEF1dGhvcml6YXRpb24gc2Vy
dmVyIGFuZCBjbGllbnQgTVVTVCBzYW5pdGl6ZSAoYW5kIHZhbGlkYXRlIHdoZW4KICAgcG9zc2li
bGUpIGFueSB2YWx1ZSByZWNlaXZlZCwgaW4gcGFydGljdWxhciwgdGhlIHZhbHVlIG9mIHRoZSAi
c3RhdGUiCiAgIGFuZCAicmVkaXJlY3RfdXJpIiBwYXJhbWV0ZXJzLgoKMTAuMTUuICBPcGVuIFJl
ZGlyZWN0b3JzCgogICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXV0aG9yaXphdGlvbiBlbmRw
b2ludCBhbmQgdGhlIGNsaWVudAogICByZWRpcmVjdGlvbiBlbmRwb2ludCBjYW4gYmUgaW1wcm9w
ZXJseSBjb25maWd1cmVkIGFuZCBvcGVyYXRlIGFzIG9wZW4KICAgcmVkaXJlY3RvcnMuICBBbiBv
cGVuIHJlZGlyZWN0b3IgaXMgYW4gZW5kcG9pbnQgdXNpbmcgYSBwYXJhbWV0ZXIgdG8KICAgYXV0
b21hdGljYWxseSByZWRpcmVjdCBhIHVzZXItYWdlbnQgdG8gdGhlIGxvY2F0aW9uIHNwZWNpZmll
ZCBieSB0aGUKICAgcGFyYW1ldGVyIHZhbHVlIHdpdGhvdXQgYW55IHZhbGlkYXRpb24uCgogICBP
cGVuIHJlZGlyZWN0b3JzIGNhbiBiZSB1c2VkIGluIHBoaXNoaW5nIGF0dGFja3MsIG9yIGJ5IGFu
IGF0dGFja2VyCiAgIHRvIGdldCBlbmQtdXNlcnMgdG8gdmlzaXQgbWFsaWNpb3VzIHNpdGVzIGJ5
IG1ha2luZyB0aGUgVVJJJ3MKICAgYXV0aG9yaXR5IGxvb2sgbGlrZSBhIGZhbWlsaWFyIGFuZCB0
cnVzdGVkIGRlc3RpbmF0aW9uLiAgSW4gYWRkaXRpb24sCiAgIGlmIHRoZSBhdXRob3JpemF0aW9u
IHNlcnZlciBhbGxvd3MgdGhlIGNsaWVudCB0byByZWdpc3RlciBvbmx5IHBhcnQKICAgb2YgdGhl
IHJlZGlyZWN0aW9uIFVSSSwgYW4gYXR0YWNrZXIgY2FuIHVzZSBhbiBvcGVuIHJlZGlyZWN0b3IK
CgoKSGFtbWVyLCBldCBhbC4gICAgICAgICAgRXhwaXJlcyBOb3ZlbWJlciAyNSwgMjAxMiAgICAg
ICAgICAgICAgW1BhZ2UgNTZdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBPQXV0
aCAyLjAgICAgICAgICAgICAgICAgICAgICAgIE1heSAyMDEyCgoKICAgb3BlcmF0ZWQgYnkgdGhl
IGNsaWVudCB0byBjb25zdHJ1Y3QgYSByZWRpcmVjdGlvbiBVUkkgdGhhdCB3aWxsIHBhc3MKICAg
dGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHZhbGlkYXRpb24gYnV0IHdpbGwgc2VuZCB0aGUgYXV0
aG9yaXphdGlvbgogICBjb2RlIG9yIGFjY2VzcyB0b2tlbiB0byBhbiBlbmRwb2ludCB1bmRlciB0
aGUgY29udHJvbCBvZiB0aGUKICAgYXR0YWNrZXIuCgoKMTEuICBJQU5BIENvbnNpZGVyYXRpb25z
CgoxMS4xLiAgVGhlIE9BdXRoIEFjY2VzcyBUb2tlbiBUeXBlIFJlZ2lzdHJ5CgogICBUaGlzIHNw
ZWNpZmljYXRpb24gZXN0YWJsaXNoZXMgdGhlIE9BdXRoIGFjY2VzcyB0b2tlbiB0eXBlIHJlZ2lz
dHJ5LgoKICAgQWNjZXNzIHRva2VuIHR5cGVzIGFyZSByZWdpc3RlcmVkIHdpdGggYSBTcGVjaWZp
Y2F0aW9uIFJlcXVpcmVkCiAgIChbUkZDNTIyNl0pIGFmdGVyIGEgdHdvIHdlZWtzIHJldmlldyBw
ZXJpb2Qgb24gdGhlIFtUQkRdQGlldGYub3JnCiAgIG1haWxpbmcgbGlzdCwgb24gdGhlIGFkdmlj
ZSBvZiBvbmUgb3IgbW9yZSBEZXNpZ25hdGVkIEV4cGVydHMuCiAgIEhvd2V2ZXIsIHRvIGFsbG93
IGZvciB0aGUgYWxsb2NhdGlvbiBvZiB2YWx1ZXMgcHJpb3IgdG8gcHVibGljYXRpb24sCiAgIHRo
ZSBEZXNpZ25hdGVkIEV4cGVydChzKSBtYXkgYXBwcm92ZSByZWdpc3RyYXRpb24gb25jZSB0aGV5
IGFyZQogICBzYXRpc2ZpZWQgdGhhdCBzdWNoIGEgc3BlY2lmaWNhdGlvbiB3aWxsIGJlIHB1Ymxp
c2hlZC4KCiAgIFJlZ2lzdHJhdGlvbiByZXF1ZXN0cyBtdXN0IGJlIHNlbnQgdG8gdGhlIFtUQkRd
QGlldGYub3JnIG1haWxpbmcgbGlzdAogICBmb3IgcmV2aWV3IGFuZCBjb21tZW50LCB3aXRoIGFu
IGFwcHJvcHJpYXRlIHN1YmplY3QgKGUuZy4sICJSZXF1ZXN0CiAgIGZvciBhY2Nlc3MgdG9rZW4g
dHlwZTogZXhhbXBsZSIpLiBbWyBOb3RlIHRvIFJGQy1FRElUT1I6IFRoZSBuYW1lIG9mCiAgIHRo
ZSBtYWlsaW5nIGxpc3Qgc2hvdWxkIGJlIGRldGVybWluZWQgaW4gY29uc3VsdGF0aW9uIHdpdGgg
dGhlIElFU0cKICAgYW5kIElBTkEuICBTdWdnZXN0ZWQgbmFtZTogb2F1dGgtZXh0LXJldmlldy4g
XV0KCiAgIFdpdGhpbiB0aGUgcmV2aWV3IHBlcmlvZCwgdGhlIERlc2lnbmF0ZWQgRXhwZXJ0KHMp
IHdpbGwgZWl0aGVyCiAgIGFwcHJvdmUgb3IgZGVueSB0aGUgcmVnaXN0cmF0aW9uIHJlcXVlc3Qs
IGNvbW11bmljYXRpbmcgdGhpcyBkZWNpc2lvbgogICB0byB0aGUgcmV2aWV3IGxpc3QgYW5kIElB
TkEuICBEZW5pYWxzIHNob3VsZCBpbmNsdWRlIGFuIGV4cGxhbmF0aW9uCiAgIGFuZCwgaWYgYXBw
bGljYWJsZSwgc3VnZ2VzdGlvbnMgYXMgdG8gaG93IHRvIG1ha2UgdGhlIHJlcXVlc3QKICAgc3Vj
Y2Vzc2Z1bC4KCiAgIElBTkEgbXVzdCBvbmx5IGFjY2VwdCByZWdpc3RyeSB1cGRhdGVzIGZyb20g
dGhlIERlc2lnbmF0ZWQgRXhwZXJ0KHMpLAogICBhbmQgc2hvdWxkIGRpcmVjdCBhbGwgcmVxdWVz
dHMgZm9yIHJlZ2lzdHJhdGlvbiB0byB0aGUgcmV2aWV3IG1haWxpbmcKICAgbGlzdC4KCjExLjEu
MS4gIFJlZ2lzdHJhdGlvbiBUZW1wbGF0ZQoKICAgVHlwZSBuYW1lOgogICAgICBUaGUgbmFtZSBy
ZXF1ZXN0ZWQgKGUuZy4sICJleGFtcGxlIikuCiAgIEFkZGl0aW9uYWwgVG9rZW4gRW5kcG9pbnQg
UmVzcG9uc2UgUGFyYW1ldGVyczoKICAgICAgQWRkaXRpb25hbCByZXNwb25zZSBwYXJhbWV0ZXJz
IHJldHVybmVkIHRvZ2V0aGVyIHdpdGggdGhlCiAgICAgICJhY2Nlc3NfdG9rZW4iIHBhcmFtZXRl
ci4gIE5ldyBwYXJhbWV0ZXJzIE1VU1QgYmUgc2VwYXJhdGVseQogICAgICByZWdpc3RlcmVkIGlu
IHRoZSBPQXV0aCBwYXJhbWV0ZXJzIHJlZ2lzdHJ5IGFzIGRlc2NyaWJlZCBieQogICAgICBTZWN0
aW9uIDExLjIuCgoKCgoKCgpIYW1tZXIsIGV0IGFsLiAgICAgICAgICBFeHBpcmVzIE5vdmVtYmVy
IDI1LCAyMDEyICAgICAgICAgICAgICBbUGFnZSA1N10KDApJbnRlcm5ldC1EcmFmdCAgICAgICAg
ICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICAgTWF5IDIwMTIKCgogICBI
VFRQIEF1dGhlbnRpY2F0aW9uIFNjaGVtZShzKToKICAgICAgVGhlIEhUVFAgYXV0aGVudGljYXRp
b24gc2NoZW1lIG5hbWUocyksIGlmIGFueSwgdXNlZCB0bwogICAgICBhdXRoZW50aWNhdGUgcHJv
dGVjdGVkIHJlc291cmNlcyByZXF1ZXN0cyB1c2luZyBhY2Nlc3MgdG9rZW5zIG9mCiAgICAgIHRo
aXMgdHlwZS4KICAgQ2hhbmdlIGNvbnRyb2xsZXI6CiAgICAgIEZvciBzdGFuZGFyZHMtdHJhY2sg
UkZDcywgc3RhdGUgIklFVEYiLiAgRm9yIG90aGVycywgZ2l2ZSB0aGUgbmFtZQogICAgICBvZiB0
aGUgcmVzcG9uc2libGUgcGFydHkuICBPdGhlciBkZXRhaWxzIChlLmcuLCBwb3N0YWwgYWRkcmVz
cywKICAgICAgZS1tYWlsIGFkZHJlc3MsIGhvbWUgcGFnZSBVUkkpIG1heSBhbHNvIGJlIGluY2x1
ZGVkLgogICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOgogICAgICBSZWZlcmVuY2UgdG8gdGhl
IGRvY3VtZW50IHRoYXQgc3BlY2lmaWVzIHRoZSBwYXJhbWV0ZXIsIHByZWZlcmFibHkKICAgICAg
aW5jbHVkaW5nIGEgVVJJIHRoYXQgY2FuIGJlIHVzZWQgdG8gcmV0cmlldmUgYSBjb3B5IG9mIHRo
ZQogICAgICBkb2N1bWVudC4gIEFuIGluZGljYXRpb24gb2YgdGhlIHJlbGV2YW50IHNlY3Rpb25z
IG1heSBhbHNvIGJlCiAgICAgIGluY2x1ZGVkLCBidXQgaXMgbm90IHJlcXVpcmVkLgoKMTEuMi4g
IFRoZSBPQXV0aCBQYXJhbWV0ZXJzIFJlZ2lzdHJ5CgogICBUaGlzIHNwZWNpZmljYXRpb24gZXN0
YWJsaXNoZXMgdGhlIE9BdXRoIHBhcmFtZXRlcnMgcmVnaXN0cnkuCgogICBBZGRpdGlvbmFsIHBh
cmFtZXRlcnMgZm9yIGluY2x1c2lvbiBpbiB0aGUgYXV0aG9yaXphdGlvbiBlbmRwb2ludAogICBy
ZXF1ZXN0LCB0aGUgYXV0aG9yaXphdGlvbiBlbmRwb2ludCByZXNwb25zZSwgdGhlIHRva2VuIGVu
ZHBvaW50CiAgIHJlcXVlc3QsIG9yIHRoZSB0b2tlbiBlbmRwb2ludCByZXNwb25zZSBhcmUgcmVn
aXN0ZXJlZCB3aXRoIGEKICAgU3BlY2lmaWNhdGlvbiBSZXF1aXJlZCAoW1JGQzUyMjZdKSBhZnRl
ciBhIHR3byB3ZWVrcyByZXZpZXcgcGVyaW9kIG9uCiAgIHRoZSBbVEJEXUBpZXRmLm9yZyBtYWls
aW5nIGxpc3QsIG9uIHRoZSBhZHZpY2Ugb2Ygb25lIG9yIG1vcmUKICAgRGVzaWduYXRlZCBFeHBl
cnRzLiAgSG93ZXZlciwgdG8gYWxsb3cgZm9yIHRoZSBhbGxvY2F0aW9uIG9mIHZhbHVlcwogICBw
cmlvciB0byBwdWJsaWNhdGlvbiwgdGhlIERlc2lnbmF0ZWQgRXhwZXJ0KHMpIG1heSBhcHByb3Zl
CiAgIHJlZ2lzdHJhdGlvbiBvbmNlIHRoZXkgYXJlIHNhdGlzZmllZCB0aGF0IHN1Y2ggYSBzcGVj
aWZpY2F0aW9uIHdpbGwKICAgYmUgcHVibGlzaGVkLgoKICAgUmVnaXN0cmF0aW9uIHJlcXVlc3Rz
IG11c3QgYmUgc2VudCB0byB0aGUgW1RCRF1AaWV0Zi5vcmcgbWFpbGluZyBsaXN0CiAgIGZvciBy
ZXZpZXcgYW5kIGNvbW1lbnQsIHdpdGggYW4gYXBwcm9wcmlhdGUgc3ViamVjdCAoZS5nLiwgIlJl
cXVlc3QKICAgZm9yIHBhcmFtZXRlcjogZXhhbXBsZSIpLiBbWyBOb3RlIHRvIFJGQy1FRElUT1I6
IFRoZSBuYW1lIG9mIHRoZQogICBtYWlsaW5nIGxpc3Qgc2hvdWxkIGJlIGRldGVybWluZWQgaW4g
Y29uc3VsdGF0aW9uIHdpdGggdGhlIElFU0cgYW5kCiAgIElBTkEuICBTdWdnZXN0ZWQgbmFtZTog
b2F1dGgtZXh0LXJldmlldy4gXV0KCiAgIFdpdGhpbiB0aGUgcmV2aWV3IHBlcmlvZCwgdGhlIERl
c2lnbmF0ZWQgRXhwZXJ0KHMpIHdpbGwgZWl0aGVyCiAgIGFwcHJvdmUgb3IgZGVueSB0aGUgcmVn
aXN0cmF0aW9uIHJlcXVlc3QsIGNvbW11bmljYXRpbmcgdGhpcyBkZWNpc2lvbgogICB0byB0aGUg
cmV2aWV3IGxpc3QgYW5kIElBTkEuICBEZW5pYWxzIHNob3VsZCBpbmNsdWRlIGFuIGV4cGxhbmF0
aW9uCiAgIGFuZCwgaWYgYXBwbGljYWJsZSwgc3VnZ2VzdGlvbnMgYXMgdG8gaG93IHRvIG1ha2Ug
dGhlIHJlcXVlc3QKICAgc3VjY2Vzc2Z1bC4KCiAgIElBTkEgbXVzdCBvbmx5IGFjY2VwdCByZWdp
c3RyeSB1cGRhdGVzIGZyb20gdGhlIERlc2lnbmF0ZWQgRXhwZXJ0KHMpLAogICBhbmQgc2hvdWxk
IGRpcmVjdCBhbGwgcmVxdWVzdHMgZm9yIHJlZ2lzdHJhdGlvbiB0byB0aGUgcmV2aWV3IG1haWxp
bmcKICAgbGlzdC4KCjExLjIuMS4gIFJlZ2lzdHJhdGlvbiBUZW1wbGF0ZQoKCgoKCgpIYW1tZXIs
IGV0IGFsLiAgICAgICAgICBFeHBpcmVzIE5vdmVtYmVyIDI1LCAyMDEyICAgICAgICAgICAgICBb
UGFnZSA1OF0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAg
ICAgICAgICAgICAgICAgICAgTWF5IDIwMTIKCgogICBQYXJhbWV0ZXIgbmFtZToKICAgICAgVGhl
IG5hbWUgcmVxdWVzdGVkIChlLmcuLCAiZXhhbXBsZSIpLgogICBQYXJhbWV0ZXIgdXNhZ2UgbG9j
YXRpb246CiAgICAgIFRoZSBsb2NhdGlvbihzKSB3aGVyZSBwYXJhbWV0ZXIgY2FuIGJlIHVzZWQu
ICBUaGUgcG9zc2libGUKICAgICAgbG9jYXRpb25zIGFyZTogYXV0aG9yaXphdGlvbiByZXF1ZXN0
LCBhdXRob3JpemF0aW9uIHJlc3BvbnNlLAogICAgICB0b2tlbiByZXF1ZXN0LCBvciB0b2tlbiBy
ZXNwb25zZS4KICAgQ2hhbmdlIGNvbnRyb2xsZXI6CiAgICAgIEZvciBzdGFuZGFyZHMtdHJhY2sg
UkZDcywgc3RhdGUgIklFVEYiLiAgRm9yIG90aGVycywgZ2l2ZSB0aGUgbmFtZQogICAgICBvZiB0
aGUgcmVzcG9uc2libGUgcGFydHkuICBPdGhlciBkZXRhaWxzIChlLmcuLCBwb3N0YWwgYWRkcmVz
cywKICAgICAgZS1tYWlsIGFkZHJlc3MsIGhvbWUgcGFnZSBVUkkpIG1heSBhbHNvIGJlIGluY2x1
ZGVkLgogICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOgogICAgICBSZWZlcmVuY2UgdG8gdGhl
IGRvY3VtZW50IHRoYXQgc3BlY2lmaWVzIHRoZSBwYXJhbWV0ZXIsIHByZWZlcmFibHkKICAgICAg
aW5jbHVkaW5nIGEgVVJJIHRoYXQgY2FuIGJlIHVzZWQgdG8gcmV0cmlldmUgYSBjb3B5IG9mIHRo
ZQogICAgICBkb2N1bWVudC4gIEFuIGluZGljYXRpb24gb2YgdGhlIHJlbGV2YW50IHNlY3Rpb25z
IG1heSBhbHNvIGJlCiAgICAgIGluY2x1ZGVkLCBidXQgaXMgbm90IHJlcXVpcmVkLgoKMTEuMi4y
LiAgSW5pdGlhbCBSZWdpc3RyeSBDb250ZW50cwoKICAgVGhlIE9BdXRoIFBhcmFtZXRlcnMgUmVn
aXN0cnkncyBpbml0aWFsIGNvbnRlbnRzIGFyZToKCiAgIG8gIFBhcmFtZXRlciBuYW1lOiBjbGll
bnRfaWQKICAgbyAgUGFyYW1ldGVyIHVzYWdlIGxvY2F0aW9uOiBhdXRob3JpemF0aW9uIHJlcXVl
c3QsIHRva2VuIHJlcXVlc3QKICAgbyAgQ2hhbmdlIGNvbnRyb2xsZXI6IElFVEYKICAgbyAgU3Bl
Y2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBdXQoKICAgbyAgUGFyYW1l
dGVyIG5hbWU6IGNsaWVudF9zZWNyZXQKICAgbyAgUGFyYW1ldGVyIHVzYWdlIGxvY2F0aW9uOiB0
b2tlbiByZXF1ZXN0CiAgIG8gIENoYW5nZSBjb250cm9sbGVyOiBJRVRGCiAgIG8gIFNwZWNpZmlj
YXRpb24gZG9jdW1lbnQocyk6IFtbIHRoaXMgZG9jdW1lbnQgXV0KCiAgIG8gIFBhcmFtZXRlciBu
YW1lOiByZXNwb25zZV90eXBlCiAgIG8gIFBhcmFtZXRlciB1c2FnZSBsb2NhdGlvbjogYXV0aG9y
aXphdGlvbiByZXF1ZXN0CiAgIG8gIENoYW5nZSBjb250cm9sbGVyOiBJRVRGCiAgIG8gIFNwZWNp
ZmljYXRpb24gZG9jdW1lbnQocyk6IFtbIHRoaXMgZG9jdW1lbnQgXV0KCiAgIG8gIFBhcmFtZXRl
ciBuYW1lOiByZWRpcmVjdF91cmkKICAgbyAgUGFyYW1ldGVyIHVzYWdlIGxvY2F0aW9uOiBhdXRo
b3JpemF0aW9uIHJlcXVlc3QsIHRva2VuIHJlcXVlc3QKICAgbyAgQ2hhbmdlIGNvbnRyb2xsZXI6
IElFVEYKICAgbyAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBd
XQoKICAgbyAgUGFyYW1ldGVyIG5hbWU6IHNjb3BlCiAgIG8gIFBhcmFtZXRlciB1c2FnZSBsb2Nh
dGlvbjogYXV0aG9yaXphdGlvbiByZXF1ZXN0LCBhdXRob3JpemF0aW9uCiAgICAgIHJlc3BvbnNl
LCB0b2tlbiByZXF1ZXN0LCB0b2tlbiByZXNwb25zZQogICBvICBDaGFuZ2UgY29udHJvbGxlcjog
SUVURgogICBvICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOiBbWyB0aGlzIGRvY3VtZW50IF1d
CgoKCgoKCkhhbW1lciwgZXQgYWwuICAgICAgICAgIEV4cGlyZXMgTm92ZW1iZXIgMjUsIDIwMTIg
ICAgICAgICAgICAgIFtQYWdlIDU5XQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAg
T0F1dGggMi4wICAgICAgICAgICAgICAgICAgICAgICBNYXkgMjAxMgoKCiAgIG8gIFBhcmFtZXRl
ciBuYW1lOiBzdGF0ZQogICBvICBQYXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb246IGF1dGhvcml6YXRp
b24gcmVxdWVzdCwgYXV0aG9yaXphdGlvbgogICAgICByZXNwb25zZQogICBvICBDaGFuZ2UgY29u
dHJvbGxlcjogSUVURgogICBvICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOiBbWyB0aGlzIGRv
Y3VtZW50IF1dCgogICBvICBQYXJhbWV0ZXIgbmFtZTogY29kZQogICBvICBQYXJhbWV0ZXIgdXNh
Z2UgbG9jYXRpb246IGF1dGhvcml6YXRpb24gcmVzcG9uc2UsIHRva2VuIHJlcXVlc3QKICAgbyAg
Q2hhbmdlIGNvbnRyb2xsZXI6IElFVEYKICAgbyAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTog
W1sgdGhpcyBkb2N1bWVudCBdXQoKICAgbyAgUGFyYW1ldGVyIG5hbWU6IGVycm9yX2Rlc2NyaXB0
aW9uCiAgIG8gIFBhcmFtZXRlciB1c2FnZSBsb2NhdGlvbjogYXV0aG9yaXphdGlvbiByZXNwb25z
ZSwgdG9rZW4gcmVzcG9uc2UKICAgbyAgQ2hhbmdlIGNvbnRyb2xsZXI6IElFVEYKICAgbyAgU3Bl
Y2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBdXQoKICAgbyAgUGFyYW1l
dGVyIG5hbWU6IGVycm9yX3VyaQogICBvICBQYXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb246IGF1dGhv
cml6YXRpb24gcmVzcG9uc2UsIHRva2VuIHJlc3BvbnNlCiAgIG8gIENoYW5nZSBjb250cm9sbGVy
OiBJRVRGCiAgIG8gIFNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6IFtbIHRoaXMgZG9jdW1lbnQg
XV0KCiAgIG8gIFBhcmFtZXRlciBuYW1lOiBncmFudF90eXBlCiAgIG8gIFBhcmFtZXRlciB1c2Fn
ZSBsb2NhdGlvbjogdG9rZW4gcmVxdWVzdAogICBvICBDaGFuZ2UgY29udHJvbGxlcjogSUVURgog
ICBvICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOiBbWyB0aGlzIGRvY3VtZW50IF1dCgogICBv
ICBQYXJhbWV0ZXIgbmFtZTogYWNjZXNzX3Rva2VuCiAgIG8gIFBhcmFtZXRlciB1c2FnZSBsb2Nh
dGlvbjogYXV0aG9yaXphdGlvbiByZXNwb25zZSwgdG9rZW4gcmVzcG9uc2UKICAgbyAgQ2hhbmdl
IGNvbnRyb2xsZXI6IElFVEYKICAgbyAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhp
cyBkb2N1bWVudCBdXQoKICAgbyAgUGFyYW1ldGVyIG5hbWU6IHRva2VuX3R5cGUKICAgbyAgUGFy
YW1ldGVyIHVzYWdlIGxvY2F0aW9uOiBhdXRob3JpemF0aW9uIHJlc3BvbnNlLCB0b2tlbiByZXNw
b25zZQogICBvICBDaGFuZ2UgY29udHJvbGxlcjogSUVURgogICBvICBTcGVjaWZpY2F0aW9uIGRv
Y3VtZW50KHMpOiBbWyB0aGlzIGRvY3VtZW50IF1dCgogICBvICBQYXJhbWV0ZXIgbmFtZTogZXhw
aXJlc19pbgogICBvICBQYXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb246IGF1dGhvcml6YXRpb24gcmVz
cG9uc2UsIHRva2VuIHJlc3BvbnNlCiAgIG8gIENoYW5nZSBjb250cm9sbGVyOiBJRVRGCiAgIG8g
IFNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6IFtbIHRoaXMgZG9jdW1lbnQgXV0KCiAgIG8gIFBh
cmFtZXRlciBuYW1lOiB1c2VybmFtZQogICBvICBQYXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb246IHRv
a2VuIHJlcXVlc3QKICAgbyAgQ2hhbmdlIGNvbnRyb2xsZXI6IElFVEYKICAgbyAgU3BlY2lmaWNh
dGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBdXQoKCgoKCgpIYW1tZXIsIGV0IGFs
LiAgICAgICAgICBFeHBpcmVzIE5vdmVtYmVyIDI1LCAyMDEyICAgICAgICAgICAgICBbUGFnZSA2
MF0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAg
ICAgICAgICAgICAgTWF5IDIwMTIKCgogICBvICBQYXJhbWV0ZXIgbmFtZTogcGFzc3dvcmQKICAg
byAgUGFyYW1ldGVyIHVzYWdlIGxvY2F0aW9uOiB0b2tlbiByZXF1ZXN0CiAgIG8gIENoYW5nZSBj
b250cm9sbGVyOiBJRVRGCiAgIG8gIFNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6IFtbIHRoaXMg
ZG9jdW1lbnQgXV0KCiAgIG8gIFBhcmFtZXRlciBuYW1lOiByZWZyZXNoX3Rva2VuCiAgIG8gIFBh
cmFtZXRlciB1c2FnZSBsb2NhdGlvbjogdG9rZW4gcmVxdWVzdCwgdG9rZW4gcmVzcG9uc2UKICAg
byAgQ2hhbmdlIGNvbnRyb2xsZXI6IElFVEYKICAgbyAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChz
KTogW1sgdGhpcyBkb2N1bWVudCBdXQoKMTEuMy4gIFRoZSBPQXV0aCBBdXRob3JpemF0aW9uIEVu
ZHBvaW50IFJlc3BvbnNlIFR5cGUgUmVnaXN0cnkKCiAgIFRoaXMgc3BlY2lmaWNhdGlvbiBlc3Rh
Ymxpc2hlcyB0aGUgT0F1dGggYXV0aG9yaXphdGlvbiBlbmRwb2ludAogICByZXNwb25zZSB0eXBl
IHJlZ2lzdHJ5LgoKICAgQWRkaXRpb25hbCByZXNwb25zZSB0eXBlIGZvciB1c2Ugd2l0aCB0aGUg
YXV0aG9yaXphdGlvbiBlbmRwb2ludCBhcmUKICAgcmVnaXN0ZXJlZCB3aXRoIGEgU3BlY2lmaWNh
dGlvbiBSZXF1aXJlZCAoW1JGQzUyMjZdKSBhZnRlciBhIHR3bwogICB3ZWVrcyByZXZpZXcgcGVy
aW9kIG9uIHRoZSBbVEJEXUBpZXRmLm9yZyBtYWlsaW5nIGxpc3QsIG9uIHRoZSBhZHZpY2UKICAg
b2Ygb25lIG9yIG1vcmUgRGVzaWduYXRlZCBFeHBlcnRzLiAgSG93ZXZlciwgdG8gYWxsb3cgZm9y
IHRoZQogICBhbGxvY2F0aW9uIG9mIHZhbHVlcyBwcmlvciB0byBwdWJsaWNhdGlvbiwgdGhlIERl
c2lnbmF0ZWQgRXhwZXJ0KHMpCiAgIG1heSBhcHByb3ZlIHJlZ2lzdHJhdGlvbiBvbmNlIHRoZXkg
YXJlIHNhdGlzZmllZCB0aGF0IHN1Y2ggYQogICBzcGVjaWZpY2F0aW9uIHdpbGwgYmUgcHVibGlz
aGVkLgoKICAgUmVnaXN0cmF0aW9uIHJlcXVlc3RzIG11c3QgYmUgc2VudCB0byB0aGUgW1RCRF1A
aWV0Zi5vcmcgbWFpbGluZyBsaXN0CiAgIGZvciByZXZpZXcgYW5kIGNvbW1lbnQsIHdpdGggYW4g
YXBwcm9wcmlhdGUgc3ViamVjdCAoZS5nLiwgIlJlcXVlc3QKICAgZm9yIHJlc3BvbnNlIHR5cGU6
IGV4YW1wbGUiKS4gW1sgTm90ZSB0byBSRkMtRURJVE9SOiBUaGUgbmFtZSBvZiB0aGUKICAgbWFp
bGluZyBsaXN0IHNob3VsZCBiZSBkZXRlcm1pbmVkIGluIGNvbnN1bHRhdGlvbiB3aXRoIHRoZSBJ
RVNHIGFuZAogICBJQU5BLiAgU3VnZ2VzdGVkIG5hbWU6IG9hdXRoLWV4dC1yZXZpZXcuIF1dCgog
ICBXaXRoaW4gdGhlIHJldmlldyBwZXJpb2QsIHRoZSBEZXNpZ25hdGVkIEV4cGVydChzKSB3aWxs
IGVpdGhlcgogICBhcHByb3ZlIG9yIGRlbnkgdGhlIHJlZ2lzdHJhdGlvbiByZXF1ZXN0LCBjb21t
dW5pY2F0aW5nIHRoaXMgZGVjaXNpb24KICAgdG8gdGhlIHJldmlldyBsaXN0IGFuZCBJQU5BLiAg
RGVuaWFscyBzaG91bGQgaW5jbHVkZSBhbiBleHBsYW5hdGlvbgogICBhbmQsIGlmIGFwcGxpY2Fi
bGUsIHN1Z2dlc3Rpb25zIGFzIHRvIGhvdyB0byBtYWtlIHRoZSByZXF1ZXN0CiAgIHN1Y2Nlc3Nm
dWwuCgogICBJQU5BIG11c3Qgb25seSBhY2NlcHQgcmVnaXN0cnkgdXBkYXRlcyBmcm9tIHRoZSBE
ZXNpZ25hdGVkIEV4cGVydChzKSwKICAgYW5kIHNob3VsZCBkaXJlY3QgYWxsIHJlcXVlc3RzIGZv
ciByZWdpc3RyYXRpb24gdG8gdGhlIHJldmlldyBtYWlsaW5nCiAgIGxpc3QuCgoxMS4zLjEuICBS
ZWdpc3RyYXRpb24gVGVtcGxhdGUKCiAgIFJlc3BvbnNlIHR5cGUgbmFtZToKICAgICAgVGhlIG5h
bWUgcmVxdWVzdGVkIChlLmcuLCAiZXhhbXBsZSIpLgogICBDaGFuZ2UgY29udHJvbGxlcjoKICAg
ICAgRm9yIHN0YW5kYXJkcy10cmFjayBSRkNzLCBzdGF0ZSAiSUVURiIuICBGb3Igb3RoZXJzLCBn
aXZlIHRoZSBuYW1lCiAgICAgIG9mIHRoZSByZXNwb25zaWJsZSBwYXJ0eS4gIE90aGVyIGRldGFp
bHMgKGUuZy4sIHBvc3RhbCBhZGRyZXNzLAogICAgICBlLW1haWwgYWRkcmVzcywgaG9tZSBwYWdl
IFVSSSkgbWF5IGFsc28gYmUgaW5jbHVkZWQuCgoKCgpIYW1tZXIsIGV0IGFsLiAgICAgICAgICBF
eHBpcmVzIE5vdmVtYmVyIDI1LCAyMDEyICAgICAgICAgICAgICBbUGFnZSA2MV0KDApJbnRlcm5l
dC1EcmFmdCAgICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICAg
TWF5IDIwMTIKCgogICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOgogICAgICBSZWZlcmVuY2Ug
dG8gdGhlIGRvY3VtZW50IHRoYXQgc3BlY2lmaWVzIHRoZSB0eXBlLCBwcmVmZXJhYmx5CiAgICAg
IGluY2x1ZGluZyBhIFVSSSB0aGF0IGNhbiBiZSB1c2VkIHRvIHJldHJpZXZlIGEgY29weSBvZiB0
aGUKICAgICAgZG9jdW1lbnQuICBBbiBpbmRpY2F0aW9uIG9mIHRoZSByZWxldmFudCBzZWN0aW9u
cyBtYXkgYWxzbyBiZQogICAgICBpbmNsdWRlZCwgYnV0IGlzIG5vdCByZXF1aXJlZC4KCjExLjMu
Mi4gIEluaXRpYWwgUmVnaXN0cnkgQ29udGVudHMKCiAgIFRoZSBPQXV0aCBBdXRob3JpemF0aW9u
IEVuZHBvaW50IFJlc3BvbnNlIFR5cGUgUmVnaXN0cnkncyBpbml0aWFsCiAgIGNvbnRlbnRzIGFy
ZToKCiAgIG8gIFJlc3BvbnNlIHR5cGUgbmFtZTogY29kZQogICBvICBDaGFuZ2UgY29udHJvbGxl
cjogSUVURgogICBvICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOiBbWyB0aGlzIGRvY3VtZW50
IF1dCgogICBvICBSZXNwb25zZSB0eXBlIG5hbWU6IHRva2VuCiAgIG8gIENoYW5nZSBjb250cm9s
bGVyOiBJRVRGCiAgIG8gIFNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6IFtbIHRoaXMgZG9jdW1l
bnQgXV0KCjExLjQuICBUaGUgT0F1dGggRXh0ZW5zaW9ucyBFcnJvciBSZWdpc3RyeQoKICAgVGhp
cyBzcGVjaWZpY2F0aW9uIGVzdGFibGlzaGVzIHRoZSBPQXV0aCBleHRlbnNpb25zIGVycm9yIHJl
Z2lzdHJ5LgoKICAgQWRkaXRpb25hbCBlcnJvciBjb2RlcyB1c2VkIHRvZ2V0aGVyIHdpdGggb3Ro
ZXIgcHJvdG9jb2wgZXh0ZW5zaW9ucwogICAoaS5lLiBleHRlbnNpb24gZ3JhbnQgdHlwZXMsIGFj
Y2VzcyB0b2tlbiB0eXBlcywgb3IgZXh0ZW5zaW9uCiAgIHBhcmFtZXRlcnMpIGFyZSByZWdpc3Rl
cmVkIHdpdGggYSBTcGVjaWZpY2F0aW9uIFJlcXVpcmVkIChbUkZDNTIyNl0pCiAgIGFmdGVyIGEg
dHdvIHdlZWtzIHJldmlldyBwZXJpb2Qgb24gdGhlIFtUQkRdQGlldGYub3JnIG1haWxpbmcgbGlz
dCwKICAgb24gdGhlIGFkdmljZSBvZiBvbmUgb3IgbW9yZSBEZXNpZ25hdGVkIEV4cGVydHMuICBI
b3dldmVyLCB0byBhbGxvdwogICBmb3IgdGhlIGFsbG9jYXRpb24gb2YgdmFsdWVzIHByaW9yIHRv
IHB1YmxpY2F0aW9uLCB0aGUgRGVzaWduYXRlZAogICBFeHBlcnQocykgbWF5IGFwcHJvdmUgcmVn
aXN0cmF0aW9uIG9uY2UgdGhleSBhcmUgc2F0aXNmaWVkIHRoYXQgc3VjaAogICBhIHNwZWNpZmlj
YXRpb24gd2lsbCBiZSBwdWJsaXNoZWQuCgogICBSZWdpc3RyYXRpb24gcmVxdWVzdHMgbXVzdCBi
ZSBzZW50IHRvIHRoZSBbVEJEXUBpZXRmLm9yZyBtYWlsaW5nIGxpc3QKICAgZm9yIHJldmlldyBh
bmQgY29tbWVudCwgd2l0aCBhbiBhcHByb3ByaWF0ZSBzdWJqZWN0IChlLmcuLCAiUmVxdWVzdAog
ICBmb3IgZXJyb3IgY29kZTogZXhhbXBsZSIpLiBbWyBOb3RlIHRvIFJGQy1FRElUT1I6IFRoZSBu
YW1lIG9mIHRoZQogICBtYWlsaW5nIGxpc3Qgc2hvdWxkIGJlIGRldGVybWluZWQgaW4gY29uc3Vs
dGF0aW9uIHdpdGggdGhlIElFU0cgYW5kCiAgIElBTkEuICBTdWdnZXN0ZWQgbmFtZTogb2F1dGgt
ZXh0LXJldmlldy4gXV0KCiAgIFdpdGhpbiB0aGUgcmV2aWV3IHBlcmlvZCwgdGhlIERlc2lnbmF0
ZWQgRXhwZXJ0KHMpIHdpbGwgZWl0aGVyCiAgIGFwcHJvdmUgb3IgZGVueSB0aGUgcmVnaXN0cmF0
aW9uIHJlcXVlc3QsIGNvbW11bmljYXRpbmcgdGhpcyBkZWNpc2lvbgogICB0byB0aGUgcmV2aWV3
IGxpc3QgYW5kIElBTkEuICBEZW5pYWxzIHNob3VsZCBpbmNsdWRlIGFuIGV4cGxhbmF0aW9uCiAg
IGFuZCwgaWYgYXBwbGljYWJsZSwgc3VnZ2VzdGlvbnMgYXMgdG8gaG93IHRvIG1ha2UgdGhlIHJl
cXVlc3QKICAgc3VjY2Vzc2Z1bC4KCiAgIElBTkEgbXVzdCBvbmx5IGFjY2VwdCByZWdpc3RyeSB1
cGRhdGVzIGZyb20gdGhlIERlc2lnbmF0ZWQgRXhwZXJ0KHMpLAogICBhbmQgc2hvdWxkIGRpcmVj
dCBhbGwgcmVxdWVzdHMgZm9yIHJlZ2lzdHJhdGlvbiB0byB0aGUgcmV2aWV3IG1haWxpbmcKICAg
bGlzdC4KCgoKCkhhbW1lciwgZXQgYWwuICAgICAgICAgIEV4cGlyZXMgTm92ZW1iZXIgMjUsIDIw
MTIgICAgICAgICAgICAgIFtQYWdlIDYyXQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAg
ICAgT0F1dGggMi4wICAgICAgICAgICAgICAgICAgICAgICBNYXkgMjAxMgoKCjExLjQuMS4gIFJl
Z2lzdHJhdGlvbiBUZW1wbGF0ZQoKICAgRXJyb3IgbmFtZToKICAgICAgVGhlIG5hbWUgcmVxdWVz
dGVkIChlLmcuLCAiZXhhbXBsZSIpLgogICBFcnJvciB1c2FnZSBsb2NhdGlvbjoKICAgICAgVGhl
IGxvY2F0aW9uKHMpIHdoZXJlIHRoZSBlcnJvciBjYW4gYmUgdXNlZC4gIFRoZSBwb3NzaWJsZQog
ICAgICBsb2NhdGlvbnMgYXJlOiBhdXRob3JpemF0aW9uIGNvZGUgZ3JhbnQgZXJyb3IgcmVzcG9u
c2UKICAgICAgKFNlY3Rpb24gNC4xLjIuMSksIGltcGxpY2l0IGdyYW50IGVycm9yIHJlc3BvbnNl
CiAgICAgIChTZWN0aW9uIDQuMi4yLjEpLCB0b2tlbiBlcnJvciByZXNwb25zZSAoU2VjdGlvbiA1
LjIpLCBvciByZXNvdXJjZQogICAgICBhY2Nlc3MgZXJyb3IgcmVzcG9uc2UgKFNlY3Rpb24gNy4y
KS4KICAgUmVsYXRlZCBwcm90b2NvbCBleHRlbnNpb246CiAgICAgIFRoZSBuYW1lIG9mIHRoZSBl
eHRlbnNpb24gZ3JhbnQgdHlwZSwgYWNjZXNzIHRva2VuIHR5cGUsIG9yCiAgICAgIGV4dGVuc2lv
biBwYXJhbWV0ZXIsIHRoZSBlcnJvciBjb2RlIGlzIHVzZWQgaW4gY29uanVuY3Rpb24gd2l0aC4K
ICAgQ2hhbmdlIGNvbnRyb2xsZXI6CiAgICAgIEZvciBzdGFuZGFyZHMtdHJhY2sgUkZDcywgc3Rh
dGUgIklFVEYiLiAgRm9yIG90aGVycywgZ2l2ZSB0aGUgbmFtZQogICAgICBvZiB0aGUgcmVzcG9u
c2libGUgcGFydHkuICBPdGhlciBkZXRhaWxzIChlLmcuLCBwb3N0YWwgYWRkcmVzcywKICAgICAg
ZS1tYWlsIGFkZHJlc3MsIGhvbWUgcGFnZSBVUkkpIG1heSBhbHNvIGJlIGluY2x1ZGVkLgogICBT
cGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOgogICAgICBSZWZlcmVuY2UgdG8gdGhlIGRvY3VtZW50
IHRoYXQgc3BlY2lmaWVzIHRoZSBlcnJvciBjb2RlLAogICAgICBwcmVmZXJhYmx5IGluY2x1ZGlu
ZyBhIFVSSSB0aGF0IGNhbiBiZSB1c2VkIHRvIHJldHJpZXZlIGEgY29weSBvZgogICAgICB0aGUg
ZG9jdW1lbnQuICBBbiBpbmRpY2F0aW9uIG9mIHRoZSByZWxldmFudCBzZWN0aW9ucyBtYXkgYWxz
byBiZQogICAgICBpbmNsdWRlZCwgYnV0IGlzIG5vdCByZXF1aXJlZC4KCgoxMi4gIFJlZmVyZW5j
ZXMKCjEyLjEuICBOb3JtYXRpdmUgUmVmZXJlbmNlcwoKICAgW1JGQzIxMTldICBCcmFkbmVyLCBT
LiwgIktleSB3b3JkcyBmb3IgdXNlIGluIFJGQ3MgdG8gSW5kaWNhdGUKICAgICAgICAgICAgICBS
ZXF1aXJlbWVudCBMZXZlbHMiLCBCQ1AgMTQsIFJGQyAyMTE5LCBNYXJjaCAxOTk3LgoKICAgW1JG
QzIyNDZdICBEaWVya3MsIFQuIGFuZCBDLiBBbGxlbiwgIlRoZSBUTFMgUHJvdG9jb2wgVmVyc2lv
biAxLjAiLAogICAgICAgICAgICAgIFJGQyAyMjQ2LCBKYW51YXJ5IDE5OTkuCgogICBbUkZDMjYx
Nl0gIEZpZWxkaW5nLCBSLiwgR2V0dHlzLCBKLiwgTW9ndWwsIEouLCBGcnlzdHlrLCBILiwKICAg
ICAgICAgICAgICBNYXNpbnRlciwgTC4sIExlYWNoLCBQLiwgYW5kIFQuIEJlcm5lcnMtTGVlLCAi
SHlwZXJ0ZXh0CiAgICAgICAgICAgICAgVHJhbnNmZXIgUHJvdG9jb2wgLS0gSFRUUC8xLjEiLCBS
RkMgMjYxNiwgSnVuZSAxOTk5LgoKICAgW1JGQzI2MTddICBGcmFua3MsIEouLCBIYWxsYW0tQmFr
ZXIsIFAuLCBIb3N0ZXRsZXIsIEouLCBMYXdyZW5jZSwgUy4sCiAgICAgICAgICAgICAgTGVhY2gs
IFAuLCBMdW90b25lbiwgQS4sIGFuZCBMLiBTdGV3YXJ0LCAiSFRUUAogICAgICAgICAgICAgIEF1
dGhlbnRpY2F0aW9uOiBCYXNpYyBhbmQgRGlnZXN0IEFjY2VzcyBBdXRoZW50aWNhdGlvbiIsCiAg
ICAgICAgICAgICAgUkZDIDI2MTcsIEp1bmUgMTk5OS4KCiAgIFtSRkMyODE4XSAgUmVzY29ybGEs
IEUuLCAiSFRUUCBPdmVyIFRMUyIsIFJGQyAyODE4LCBNYXkgMjAwMC4KCiAgIFtSRkMzOTg2XSAg
QmVybmVycy1MZWUsIFQuLCBGaWVsZGluZywgUi4sIGFuZCBMLiBNYXNpbnRlciwgIlVuaWZvcm0K
ICAgICAgICAgICAgICBSZXNvdXJjZSBJZGVudGlmaWVyIChVUkkpOiBHZW5lcmljIFN5bnRheCIs
IFNURCA2NiwKICAgICAgICAgICAgICBSRkMgMzk4NiwgSmFudWFyeSAyMDA1LgoKCgpIYW1tZXIs
IGV0IGFsLiAgICAgICAgICBFeHBpcmVzIE5vdmVtYmVyIDI1LCAyMDEyICAgICAgICAgICAgICBb
UGFnZSA2M10KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAg
ICAgICAgICAgICAgICAgICAgTWF5IDIwMTIKCgogICBbUkZDNDYyN10gIENyb2NrZm9yZCwgRC4s
ICJUaGUgYXBwbGljYXRpb24vanNvbiBNZWRpYSBUeXBlIGZvcgogICAgICAgICAgICAgIEphdmFT
Y3JpcHQgT2JqZWN0IE5vdGF0aW9uIChKU09OKSIsIFJGQyA0NjI3LCBKdWx5IDIwMDYuCgogICBb
UkZDNDk0OV0gIFNoaXJleSwgUi4sICJJbnRlcm5ldCBTZWN1cml0eSBHbG9zc2FyeSwgVmVyc2lv
biAyIiwKICAgICAgICAgICAgICBSRkMgNDk0OSwgQXVndXN0IDIwMDcuCgogICBbUkZDNTIyNl0g
IE5hcnRlbiwgVC4gYW5kIEguIEFsdmVzdHJhbmQsICJHdWlkZWxpbmVzIGZvciBXcml0aW5nIGFu
CiAgICAgICAgICAgICAgSUFOQSBDb25zaWRlcmF0aW9ucyBTZWN0aW9uIGluIFJGQ3MiLCBCQ1Ag
MjYsIFJGQyA1MjI2LAogICAgICAgICAgICAgIE1heSAyMDA4LgoKICAgW1JGQzUyMzRdICBDcm9j
a2VyLCBELiBhbmQgUC4gT3ZlcmVsbCwgIkF1Z21lbnRlZCBCTkYgZm9yIFN5bnRheAogICAgICAg
ICAgICAgIFNwZWNpZmljYXRpb25zOiBBQk5GIiwgU1REIDY4LCBSRkMgNTIzNCwgSmFudWFyeSAy
MDA4LgoKICAgW1JGQzUyNDZdICBEaWVya3MsIFQuIGFuZCBFLiBSZXNjb3JsYSwgIlRoZSBUcmFu
c3BvcnQgTGF5ZXIgU2VjdXJpdHkKICAgICAgICAgICAgICAoVExTKSBQcm90b2NvbCBWZXJzaW9u
IDEuMiIsIFJGQyA1MjQ2LCBBdWd1c3QgMjAwOC4KCiAgIFtSRkM2MTI1XSAgU2FpbnQtQW5kcmUs
IFAuIGFuZCBKLiBIb2RnZXMsICJSZXByZXNlbnRhdGlvbiBhbmQKICAgICAgICAgICAgICBWZXJp
ZmljYXRpb24gb2YgRG9tYWluLUJhc2VkIEFwcGxpY2F0aW9uIFNlcnZpY2UgSWRlbnRpdHkKICAg
ICAgICAgICAgICB3aXRoaW4gSW50ZXJuZXQgUHVibGljIEtleSBJbmZyYXN0cnVjdHVyZSBVc2lu
ZyBYLjUwOQogICAgICAgICAgICAgIChQS0lYKSBDZXJ0aWZpY2F0ZXMgaW4gdGhlIENvbnRleHQg
b2YgVHJhbnNwb3J0IExheWVyCiAgICAgICAgICAgICAgU2VjdXJpdHkgKFRMUykiLCBSRkMgNjEy
NSwgTWFyY2ggMjAxMS4KCiAgIFtVU0FTQ0lJXSAgQW1lcmljYW4gTmF0aW9uYWwgU3RhbmRhcmRz
IEluc3RpdHV0ZSwgIkNvZGVkIENoYXJhY3RlcgogICAgICAgICAgICAgIFNldCAtLSA3LWJpdCBB
bWVyaWNhbiBTdGFuZGFyZCBDb2RlIGZvciBJbmZvcm1hdGlvbgogICAgICAgICAgICAgIEludGVy
Y2hhbmdlIiwgQU5TSSBYMy40LCAxOTg2LgoKICAgW1czQy5SRUMtaHRtbDQwMS0xOTk5MTIyNF0K
ICAgICAgICAgICAgICBIb3JzLCBBLiwgUmFnZ2V0dCwgRC4sIGFuZCBJLiBKYWNvYnMsICJIVE1M
IDQuMDEKICAgICAgICAgICAgICBTcGVjaWZpY2F0aW9uIiwgV29ybGQgV2lkZSBXZWIgQ29uc29y
dGl1bQogICAgICAgICAgICAgIFJlY29tbWVuZGF0aW9uIFJFQy1odG1sNDAxLTE5OTkxMjI0LCBE
ZWNlbWJlciAxOTk5LAogICAgICAgICAgICAgIDxodHRwOi8vd3d3LnczLm9yZy9UUi8xOTk5L1JF
Qy1odG1sNDAxLTE5OTkxMjI0Pi4KCjEyLjIuICBJbmZvcm1hdGl2ZSBSZWZlcmVuY2VzCgogICBb
SS1ELmRyYWZ0LWhhcmR0LW9hdXRoLTAxXQogICAgICAgICAgICAgIEhhcmR0LCBELiwgRWQuLCBU
b20sIEEuLCBFYXRvbiwgQi4sIGFuZCBZLiBHb2xhbmQsICJPQXV0aAogICAgICAgICAgICAgIFdl
YiBSZXNvdXJjZSBBdXRob3JpemF0aW9uIFByb2ZpbGVzIiwgSmFudWFyeSAyMDEwLgoKICAgW0kt
RC5pZXRmLW9hdXRoLXNhbWwyLWJlYXJlcl0KICAgICAgICAgICAgICBNb3J0aW1vcmUsIEMuLCAi
U0FNTCAyLjAgQmVhcmVyIEFzc2VydGlvbiBQcm9maWxlcyBmb3IKICAgICAgICAgICAgICBPQXV0
aCAyLjAiLCBkcmFmdC1pZXRmLW9hdXRoLXNhbWwyLWJlYXJlci0xMiAod29yayBpbgogICAgICAg
ICAgICAgIHByb2dyZXNzKSwgTWF5IDIwMTIuCgogICBbSS1ELmlldGYtb2F1dGgtdjItYmVhcmVy
XQogICAgICAgICAgICAgIEpvbmVzLCBNLiwgSGFyZHQsIEQuLCBhbmQgRC4gUmVjb3Jkb24sICJU
aGUgT0F1dGggMi4wCiAgICAgICAgICAgICAgQXV0aG9yaXphdGlvbiBQcm90b2NvbDogQmVhcmVy
IFRva2VucyIsCiAgICAgICAgICAgICAgZHJhZnQtaWV0Zi1vYXV0aC12Mi1iZWFyZXItMTkgKHdv
cmsgaW4gcHJvZ3Jlc3MpLAogICAgICAgICAgICAgIEFwcmlsIDIwMTIuCgoKCkhhbW1lciwgZXQg
YWwuICAgICAgICAgIEV4cGlyZXMgTm92ZW1iZXIgMjUsIDIwMTIgICAgICAgICAgICAgIFtQYWdl
IDY0XQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAgICAg
ICAgICAgICAgICAgICBNYXkgMjAxMgoKCiAgIFtJLUQuaWV0Zi1vYXV0aC12Mi1odHRwLW1hY10K
ICAgICAgICAgICAgICBIYW1tZXItTGFoYXYsIEUuLCAiSFRUUCBBdXRoZW50aWNhdGlvbjogTUFD
IEFjY2VzcwogICAgICAgICAgICAgIEF1dGhlbnRpY2F0aW9uIiwgZHJhZnQtaWV0Zi1vYXV0aC12
Mi1odHRwLW1hYy0wMSAod29yayBpbgogICAgICAgICAgICAgIHByb2dyZXNzKSwgRmVicnVhcnkg
MjAxMi4KCiAgIFtJLUQuaWV0Zi1vYXV0aC12Mi10aHJlYXRtb2RlbF0KICAgICAgICAgICAgICBN
Y0dsb2luLCBNLiwgSHVudCwgUC4sIGFuZCBULiBMb2RkZXJzdGVkdCwgIk9BdXRoIDIuMAogICAg
ICAgICAgICAgIFRocmVhdCBNb2RlbCBhbmQgU2VjdXJpdHkgQ29uc2lkZXJhdGlvbnMiLAogICAg
ICAgICAgICAgIGRyYWZ0LWlldGYtb2F1dGgtdjItdGhyZWF0bW9kZWwtMDIgKHdvcmsgaW4gcHJv
Z3Jlc3MpLAogICAgICAgICAgICAgIEZlYnJ1YXJ5IDIwMTIuCgogICBbT0FTSVMuc2FtbC1jb3Jl
LTIuMC1vc10KICAgICAgICAgICAgICBDYW50b3IsIFMuLCBLZW1wLCBKLiwgUGhpbHBvdHQsIFIu
LCBhbmQgRS4gTWFsZXIsCiAgICAgICAgICAgICAgIkFzc2VydGlvbnMgYW5kIFByb3RvY29sIGZv
ciB0aGUgT0FTSVMgU2VjdXJpdHkgQXNzZXJ0aW9uCiAgICAgICAgICAgICAgTWFya3VwIExhbmd1
YWdlIChTQU1MKSBWMi4wIiwgT0FTSVMgU3RhbmRhcmQgc2FtbC1jb3JlLQogICAgICAgICAgICAg
IDIuMC1vcywgTWFyY2ggMjAwNS4KCiAgIFtSRkM1ODQ5XSAgSGFtbWVyLUxhaGF2LCBFLiwgIlRo
ZSBPQXV0aCAxLjAgUHJvdG9jb2wiLCBSRkMgNTg0OSwKICAgICAgICAgICAgICBBcHJpbCAyMDEw
LgoKCkFwcGVuZGl4IEEuICBBY2tub3dsZWRnZW1lbnRzCgogICBUaGUgaW5pdGlhbCBPQXV0aCAy
LjAgcHJvdG9jb2wgc3BlY2lmaWNhdGlvbiB3YXMgZWRpdGVkIGJ5IERhdmlkCiAgIFJlY29yZG9u
LCBiYXNlZCBvbiB0d28gcHJldmlvdXMgcHVibGljYXRpb25zOiB0aGUgT0F1dGggMS4wIGNvbW11
bml0eQogICBzcGVjaWZpY2F0aW9uIFtSRkM1ODQ5XSwgYW5kIE9BdXRoIFdSQVAgKE9BdXRoIFdl
YiBSZXNvdXJjZQogICBBdXRob3JpemF0aW9uIFByb2ZpbGVzKSBbSS1ELmRyYWZ0LWhhcmR0LW9h
dXRoLTAxXS4gIFRoZSBTZWN1cml0eQogICBDb25zaWRlcmF0aW9ucyBzZWN0aW9uIHdhcyBkcmFm
dGVkIGJ5IFRvcnN0ZW4gTG9kZGVyc3RlZHQsIE1hcmsKICAgTWNHbG9pbiwgUGhpbCBIdW50LCBh
bmQgQW50aG9ueSBOYWRhbGluLgoKICAgVGhlIE9BdXRoIDEuMCBjb21tdW5pdHkgc3BlY2lmaWNh
dGlvbiB3YXMgZWRpdGVkIGJ5IEVyYW4gSGFtbWVyIGFuZAogICBhdXRob3JlZCBieSBNYXJrIEF0
d29vZCwgRGlyayBCYWxmYW56LCBEYXJyZW4gQm91bmRzLCBSaWNoYXJkIE0uCiAgIENvbmxhbiwg
QmxhaW5lIENvb2ssIExlYWggQ3VsdmVyLCBCcmVubyBkZSBNZWRlaXJvcywgQnJpYW4gRWF0b24s
CiAgIEtlbGxhbiBFbGxpb3R0LU1jQ3JlYSwgTGFycnkgSGFsZmYsIEVyYW4gSGFtbWVyLCBCZW4g
TGF1cmllLCBDaHJpcwogICBNZXNzaW5hLCBKb2huIFBhbnplciwgU2FtIFF1aWdsZXksIERhdmlk
IFJlY29yZG9uLCBFcmFuIFNhbmRsZXIsCiAgIEpvbmF0aGFuIFNlcmdlbnQsIFRvZGQgU2llbGlu
ZywgQnJpYW4gU2xlc2luc2t5LCBhbmQgQW5keSBTbWl0aC4KCiAgIFRoZSBPQXV0aCBXUkFQIHNw
ZWNpZmljYXRpb24gd2FzIGVkaXRlZCBieSBEaWNrIEhhcmR0IGFuZCBhdXRob3JlZCBieQogICBC
cmlhbiBFYXRvbiwgWWFyb24gWS4gR29sYW5kLCBEaWNrIEhhcmR0LCBhbmQgQWxsZW4gVG9tLgoK
ICAgVGhpcyBzcGVjaWZpY2F0aW9uIGlzIHRoZSB3b3JrIG9mIHRoZSBPQXV0aCBXb3JraW5nIEdy
b3VwIHdoaWNoCiAgIGluY2x1ZGVzIGRvemVucyBvZiBhY3RpdmUgYW5kIGRlZGljYXRlZCBwYXJ0
aWNpcGFudHMuICBJbiBwYXJ0aWN1bGFyLAogICB0aGUgZm9sbG93aW5nIGluZGl2aWR1YWxzIGNv
bnRyaWJ1dGVkIGlkZWFzLCBmZWVkYmFjaywgYW5kIHdvcmRpbmcKICAgd2hpY2ggc2hhcGVkIGFu
ZCBmb3JtZWQgdGhlIGZpbmFsIHNwZWNpZmljYXRpb246CgogICBNaWNoYWVsIEFkYW1zLCBBbWFu
ZGEgQW5nYW5lcywgQW5kcmV3IEFybm90dCwgRGlyayBCYWxmYW56LCBBaWRlbgogICBCZWxsLCBC
cmlhbiBDYW1wYmVsbCwgU2NvdHQgQ2FudG9yLCBNYXJjb3MgQ2FjZXJlcywgQmxhaW5lIENvb2ss
CiAgIFJvZ2VyIENyZXcsIEJyaWFuIEVhdG9uLCBXZXNsZXkgRWRkeSwgTGVhaCBDdWx2ZXIsIEJp
bGwgZGUgaE9yYSwKCgoKSGFtbWVyLCBldCBhbC4gICAgICAgICAgRXhwaXJlcyBOb3ZlbWJlciAy
NSwgMjAxMiAgICAgICAgICAgICAgW1BhZ2UgNjVdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAg
ICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAgICAgICAgIE1heSAyMDEyCgoKICAgQW5k
cmUgRGVNYXJyZSwgQnJpYW4gRWF0b24sIFdvbHRlciBFbGRlcmluZywgQnJpYW4gRWxsaW4sIEln
b3IKICAgRmF5bmJlcmcsIEdlb3JnZSBGbGV0Y2hlciwgVGltIEZyZWVtYW4sIEx1Y2EgRnJvc2lu
aSwgRXZhbiBHaWxiZXJ0LAogICBZYXJvbiBZLiBHb2xhbmQsIEJyZW50IEdvbGRtYW4sIEtyaXN0
b2ZmZXIgR3Jvbm93c2tpLCBKdXN0aW4gSGFydCwKICAgRGljayBIYXJkdCwgQ3JhaWcgSGVhdGgs
IFBoaWwgSHVudCwgTWljaGFlbCBCLiBKb25lcywgVGVycnkgSm9uZXMsCiAgIEpvaG4gS2VtcCwg
TWFyayBLZW50LCBSYWZmaSBLcmlrb3JpYW4sIENoYXNlbiBMZSBIYXJhLCBSYXNtdXMKICAgTGVy
ZG9yZiwgVG9yc3RlbiBMb2RkZXJzdGVkdCwgSHVpLUxhbiBMdSwgQ2FzZXkgTHVjYXMsIFBhdWwg
TWFkc2VuLAogICBBbGFzdGFpciBNYWlyLCBFdmUgTWFsZXIsIEphbWVzIE1hbmdlciwgTWFyayBN
Y0dsb2luLCBMYXVyZW5jZSBNaWFvLAogICBXaWxsaWFtIE1pbGxzLCBDaHVjayBNb3J0aW1vcmUs
IEFudGhvbnkgTmFkYWxpbiwgSnVsaWFuIFJlc2Noa2UsCiAgIEp1c3RpbiBSaWNoZXIsIFBldGVy
IFNhaW50LUFuZHJlLCBOYXQgU2FraW11cmEsIFJvYiBTYXlyZSwgTWFyaXVzCiAgIFNjdXJ0ZXNj
dSwgTmFpdGlrIFNoYWgsIEx1a2UgU2hlcGFyZCwgVmxhZCBTa3ZvcnRzb3YsIEp1c3RpbiBTbWl0
aCwKICAgSGFpYmluIFNvbmcsIE5pdiBTdGVpbmdhcnRlbiwgQ2hyaXN0aWFuIFN0dWJuZXIsIEpl
cmVteSBTdXJpZWwsIFBhdWwKICAgVGFyamFuLCBDaHJpc3RvcGhlciBUaG9tYXMsIEhlbnJ5IFMu
IFRob21wc29uLCBBbGxlbiBUb20sIEZyYW5rbGluCiAgIFRzZSwgTmljayBXYWxrZXIsIFNoYW5l
IFdlZWRlbiwgYW5kIFNreWxhciBXb29kd2FyZC4KCiAgIFRoaXMgZG9jdW1lbnQgd2FzIHByb2R1
Y2VkIHVuZGVyIHRoZSBjaGFpcm1hbnNoaXAgb2YgQmxhaW5lIENvb2ssCiAgIFBldGVyIFNhaW50
LUFuZHJlLCBIYW5uZXMgVHNjaG9mZW5pZywgQmFycnkgTGVpYmEsIGFuZCBEZXJlayBBdGtpbnMu
CiAgIFRoZSBhcmVhIGRpcmVjdG9ycyBpbmNsdWRlZCBMaXNhIER1c3NlYXVsdCwgUGV0ZXIgU2Fp
bnQtQW5kcmUsIGFuZAogICBTdGVwaGVuIEZhcnJlbGwuCgoKQXBwZW5kaXggQi4gIEVkaXRvcidz
IE5vdGVzCgogICBXaGlsZSBtYW55IHBlb3BsZSBjb250cmlidXRlZCB0byB0aGlzIHNwZWNpZmlj
YXRpb24gdGhyb3VnaG91dCBpdHMKICAgbG9uZyBqb3VybmV5LCB0aGUgZWRpdG9yIHdvdWxkIGxp
a2UgdG8gYWNrbm93bGVkZ2UgYW5kIHRoYW5rIGEgZmV3CiAgIGluZGl2aWR1YWxzIGZvciB0aGVp
ciBvdXRzdGFuZGluZyBhbmQgaW52YWx1YWJsZSBlZmZvcnRzIGxlYWRpbmcgdXAKICAgdG8gdGhl
IHB1YmxpY2F0aW9uIG9mIHRoaXMgc3BlY2lmaWNhdGlvbi4KCiAgIERhdmlkIFJlY29yZG9uIGZv
ciBjb250aW51b3VzbHkgYmVpbmcgb25lIG9mIE9BdXRoJ3MgbW9zdCB2YWx1YWJsZQogICBhc3Nl
dHMsIGJyaW5naW5nIHByYWdtYXRpc20gYW5kIHVyZ2VuY3kgdG8gdGhlIHdvcmssIGFuZCBoZWxw
aW5nCiAgIHNoYXBlIGl0IGZyb20gaXRzIHZlcnkgYmVnaW5uaW5nLCBhcyB3ZWxsIGFzIGJlaW5n
IG9uZSBvZiB0aGUgYmVzdAogICBjb2xsYWJvcmF0b3JzIEkgaGFkIHRoZSBwbGVhc3VyZSBvZiB3
b3JraW5nIHdpdGguCgogICBKYW1lcyBNYW5nZXIgZm9yIGhpcyBjcmVhdGl2ZSBpZGVhcyBhbmQg
YWx3YXlzIGluc2lnaHRmdWwgZmVlZGJhY2suCiAgIEJyaWFuIENhbXBiZWxsLCBUb3JzdGVuIExv
ZGRlcnN0ZWR0LCBDaHVjayBNb3J0aW1vcmUsIEp1c3RpbiBSaWNoZXIsCiAgIE1hcml1cyBTY3Vy
dGVzY3UsIGFuZCBMdWtlIFNoZXBhcmQgZm9yIHRoZWlyIGNvbnRpbnVlZCBwYXJ0aWNpcGF0aW9u
CiAgIGFuZCB2YWx1YWJsZSBmZWVkYmFjay4KCiAgIFNwZWNpYWwgdGhhbmtzIGdvZXMgdG8gTWlr
ZSBDdXJ0aXMgYW5kIFlhaG9vISBmb3IgdGhlaXIgdW5jb25kaXRpb25hbAogICBzdXBwb3J0IG9m
IHRoaXMgd29yayBmb3Igb3ZlciB0aHJlZSB5ZWFycy4KCgpBdXRob3JzJyBBZGRyZXNzZXMKCiAg
IEVyYW4gSGFtbWVyIChlZGl0b3IpCgogICBFbWFpbDogZXJhbkBodWVuaXZlcnNlLmNvbQogICBV
Ukk6ICAgaHR0cDovL2h1ZW5pdmVyc2UuY29tCgoKCgpIYW1tZXIsIGV0IGFsLiAgICAgICAgICBF
eHBpcmVzIE5vdmVtYmVyIDI1LCAyMDEyICAgICAgICAgICAgICBbUGFnZSA2Nl0KDApJbnRlcm5l
dC1EcmFmdCAgICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICAg
TWF5IDIwMTIKCgogICBEYXZpZCBSZWNvcmRvbgogICBGYWNlYm9vawoKICAgRW1haWw6IGRyQGZi
LmNvbQogICBVUkk6ICAgaHR0cDovL3d3dy5kYXZpZHJlY29yZG9uLmNvbS8KCgogICBEaWNrIEhh
cmR0CiAgIE1pY3Jvc29mdAoKICAgRW1haWw6IGRpY2suaGFyZHRAZ21haWwuY29tCiAgIFVSSTog
ICBodHRwOi8vZGlja2hhcmR0Lm9yZy8KCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoK
CgoKCgoKSGFtbWVyLCBldCBhbC4gICAgICAgICAgRXhwaXJlcyBOb3ZlbWJlciAyNSwgMjAxMiAg
ICAgICAgICAgICAgW1BhZ2UgNjddCgwK

--_006_4E1F6AAD24975D4BA5B168042967394366516960TK5EX14MBXC284r_
Content-Type: text/html; name="draft-ietf-oauth-v2-26+mbj.html"
Content-Description: draft-ietf-oauth-v2-26+mbj.html
Content-Disposition: attachment; filename="draft-ietf-oauth-v2-26+mbj.html";
	size=234465; creation-date="Thu, 24 May 2012 02:23:53 GMT";
	modification-date="Thu, 24 May 2012 01:27:50 GMT"
Content-Transfer-Encoding: base64

PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMDEgVHJhbnNpdGlvbmFs
Ly9FTiIgImh0dHA6Ly93d3cudzMub3JnL1RSL2h0bWw0L2xvb3NlLmR0ZCI+CjxodG1sIGxhbmc9
ImVuIj48aGVhZD48dGl0bGU+VGhlIE9BdXRoIDIuMCBBdXRob3JpemF0aW9uIEZyYW1ld29yazwv
dGl0bGU+CjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0idGV4dC9odG1s
OyBjaGFyc2V0PXV0Zi04Ij4KPG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlRoZSBP
QXV0aCAyLjAgQXV0aG9yaXphdGlvbiBGcmFtZXdvcmsiPgo8bWV0YSBuYW1lPSJnZW5lcmF0b3Ii
IGNvbnRlbnQ9InhtbDJyZmMgdjEuMzYgKGh0dHA6Ly94bWwucmVzb3VyY2Uub3JnLykiPgo8c3R5
bGUgdHlwZT0ndGV4dC9jc3MnPjwhLS0KICAgICAgICBib2R5IHsKICAgICAgICAgICAgICAgIGZv
bnQtZmFtaWx5OiB2ZXJkYW5hLCBjaGFyY29hbCwgaGVsdmV0aWNhLCBhcmlhbCwgc2Fucy1zZXJp
ZjsKICAgICAgICAgICAgICAgIGZvbnQtc2l6ZTogc21hbGw7IGNvbG9yOiAjMDAwOyBiYWNrZ3Jv
dW5kLWNvbG9yOiAjRkZGOwogICAgICAgICAgICAgICAgbWFyZ2luOiAyZW07CiAgICAgICAgfQog
ICAgICAgIGgxLCBoMiwgaDMsIGg0LCBoNSwgaDYgewogICAgICAgICAgICAgICAgZm9udC1mYW1p
bHk6IGhlbHZldGljYSwgbW9uYWNvLCAiTVMgU2FucyBTZXJpZiIsIGFyaWFsLCBzYW5zLXNlcmlm
OwogICAgICAgICAgICAgICAgZm9udC13ZWlnaHQ6IGJvbGQ7IGZvbnQtc3R5bGU6IG5vcm1hbDsK
ICAgICAgICB9CiAgICAgICAgaDEgeyBjb2xvcjogIzkwMDsgYmFja2dyb3VuZC1jb2xvcjogdHJh
bnNwYXJlbnQ7IHRleHQtYWxpZ246IHJpZ2h0OyB9CiAgICAgICAgaDMgeyBjb2xvcjogIzMzMzsg
YmFja2dyb3VuZC1jb2xvcjogdHJhbnNwYXJlbnQ7IH0KCiAgICAgICAgdGQuUkZDYnVnIHsKICAg
ICAgICAgICAgICAgIGZvbnQtc2l6ZTogeC1zbWFsbDsgdGV4dC1kZWNvcmF0aW9uOiBub25lOwog
ICAgICAgICAgICAgICAgd2lkdGg6IDMwcHg7IGhlaWdodDogMzBweDsgcGFkZGluZy10b3A6IDJw
eDsKICAgICAgICAgICAgICAgIHRleHQtYWxpZ246IGp1c3RpZnk7IHZlcnRpY2FsLWFsaWduOiBt
aWRkbGU7CiAgICAgICAgICAgICAgICBiYWNrZ3JvdW5kLWNvbG9yOiAjMDAwOwogICAgICAgIH0K
ICAgICAgICB0ZC5SRkNidWcgc3Bhbi5SRkMgewogICAgICAgICAgICAgICAgZm9udC1mYW1pbHk6
IG1vbmFjbywgY2hhcmNvYWwsIGdlbmV2YSwgIk1TIFNhbnMgU2VyaWYiLCBoZWx2ZXRpY2EsIHZl
cmRhbmEsIHNhbnMtc2VyaWY7CiAgICAgICAgICAgICAgICBmb250LXdlaWdodDogYm9sZDsgY29s
b3I6ICM2NjY7CiAgICAgICAgfQogICAgICAgIHRkLlJGQ2J1ZyBzcGFuLmhvdFRleHQgewogICAg
ICAgICAgICAgICAgZm9udC1mYW1pbHk6IGNoYXJjb2FsLCBtb25hY28sIGdlbmV2YSwgIk1TIFNh
bnMgU2VyaWYiLCBoZWx2ZXRpY2EsIHZlcmRhbmEsIHNhbnMtc2VyaWY7CiAgICAgICAgICAgICAg
ICBmb250LXdlaWdodDogbm9ybWFsOyB0ZXh0LWFsaWduOiBjZW50ZXI7IGNvbG9yOiAjRkZGOwog
ICAgICAgIH0KCiAgICAgICAgdGFibGUuVE9DYnVnIHsgd2lkdGg6IDMwcHg7IGhlaWdodDogMTVw
eDsgfQogICAgICAgIHRkLlRPQ2J1ZyB7CiAgICAgICAgICAgICAgICB0ZXh0LWFsaWduOiBjZW50
ZXI7IHdpZHRoOiAzMHB4OyBoZWlnaHQ6IDE1cHg7CiAgICAgICAgICAgICAgICBjb2xvcjogI0ZG
RjsgYmFja2dyb3VuZC1jb2xvcjogIzkwMDsKICAgICAgICB9CiAgICAgICAgdGQuVE9DYnVnIGEg
ewogICAgICAgICAgICAgICAgZm9udC1mYW1pbHk6IG1vbmFjbywgY2hhcmNvYWwsIGdlbmV2YSwg
Ik1TIFNhbnMgU2VyaWYiLCBoZWx2ZXRpY2EsIHNhbnMtc2VyaWY7CiAgICAgICAgICAgICAgICBm
b250LXdlaWdodDogYm9sZDsgZm9udC1zaXplOiB4LXNtYWxsOyB0ZXh0LWRlY29yYXRpb246IG5v
bmU7CiAgICAgICAgICAgICAgICBjb2xvcjogI0ZGRjsgYmFja2dyb3VuZC1jb2xvcjogdHJhbnNw
YXJlbnQ7CiAgICAgICAgfQoKICAgICAgICB0ZC5oZWFkZXIgewogICAgICAgICAgICAgICAgZm9u
dC1mYW1pbHk6IGFyaWFsLCBoZWx2ZXRpY2EsIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogeC1zbWFs
bDsKICAgICAgICAgICAgICAgIHZlcnRpY2FsLWFsaWduOiB0b3A7IHdpZHRoOiAzMyU7CiAgICAg
ICAgICAgICAgICBjb2xvcjogI0ZGRjsgYmFja2dyb3VuZC1jb2xvcjogIzY2NjsKICAgICAgICB9
CiAgICAgICAgdGQuYXV0aG9yIHsgZm9udC13ZWlnaHQ6IGJvbGQ7IGZvbnQtc2l6ZTogeC1zbWFs
bDsgbWFyZ2luLWxlZnQ6IDRlbTsgfQogICAgICAgIHRkLmF1dGhvci10ZXh0IHsgZm9udC1zaXpl
OiB4LXNtYWxsOyB9CgogICAgICAgIC8qIGluZm8gY29kZSBmcm9tIFNhbnRhS2xhdXNzIGF0IGh0
dHA6Ly93d3cubWFkYWJvdXRzdHlsZS5jb20vdG9vbHRpcDIuaHRtbCAqLwogICAgICAgIGEuaW5m
byB7CiAgICAgICAgICAgICAgICAvKiBUaGlzIGlzIHRoZSBrZXkuICovCiAgICAgICAgICAgICAg
ICBwb3NpdGlvbjogcmVsYXRpdmU7CiAgICAgICAgICAgICAgICB6LWluZGV4OiAyNDsKICAgICAg
ICAgICAgICAgIHRleHQtZGVjb3JhdGlvbjogbm9uZTsKICAgICAgICB9CiAgICAgICAgYS5pbmZv
OmhvdmVyIHsKICAgICAgICAgICAgICAgIHotaW5kZXg6IDI1OwogICAgICAgICAgICAgICAgY29s
b3I6ICNGRkY7IGJhY2tncm91bmQtY29sb3I6ICM5MDA7CiAgICAgICAgfQogICAgICAgIGEuaW5m
byBzcGFuIHsgZGlzcGxheTogbm9uZTsgfQogICAgICAgIGEuaW5mbzpob3ZlciBzcGFuLmluZm8g
ewogICAgICAgICAgICAgICAgLyogVGhlIHNwYW4gd2lsbCBkaXNwbGF5IGp1c3Qgb24gOmhvdmVy
IHN0YXRlLiAqLwogICAgICAgICAgICAgICAgZGlzcGxheTogYmxvY2s7CiAgICAgICAgICAgICAg
ICBwb3NpdGlvbjogYWJzb2x1dGU7CiAgICAgICAgICAgICAgICBmb250LXNpemU6IHNtYWxsZXI7
CiAgICAgICAgICAgICAgICB0b3A6IDJlbTsgbGVmdDogLTVlbTsgd2lkdGg6IDE1ZW07CiAgICAg
ICAgICAgICAgICBwYWRkaW5nOiAycHg7IGJvcmRlcjogMXB4IHNvbGlkICMzMzM7CiAgICAgICAg
ICAgICAgICBjb2xvcjogIzkwMDsgYmFja2dyb3VuZC1jb2xvcjogI0VFRTsKICAgICAgICAgICAg
ICAgIHRleHQtYWxpZ246IGxlZnQ7CiAgICAgICAgfQoKICAgICAgICBhIHsgZm9udC13ZWlnaHQ6
IGJvbGQ7IH0KICAgICAgICBhOmxpbmsgICAgeyBjb2xvcjogIzkwMDsgYmFja2dyb3VuZC1jb2xv
cjogdHJhbnNwYXJlbnQ7IH0KICAgICAgICBhOnZpc2l0ZWQgeyBjb2xvcjogIzYzMzsgYmFja2dy
b3VuZC1jb2xvcjogdHJhbnNwYXJlbnQ7IH0KICAgICAgICBhOmFjdGl2ZSAgeyBjb2xvcjogIzYz
MzsgYmFja2dyb3VuZC1jb2xvcjogdHJhbnNwYXJlbnQ7IH0KCiAgICAgICAgcCB7IG1hcmdpbi1s
ZWZ0OiAyZW07IG1hcmdpbi1yaWdodDogMmVtOyB9CiAgICAgICAgcC5jb3B5cmlnaHQgeyBmb250
LXNpemU6IHgtc21hbGw7IH0KICAgICAgICBwLnRvYyB7IGZvbnQtc2l6ZTogc21hbGw7IGZvbnQt
d2VpZ2h0OiBib2xkOyBtYXJnaW4tbGVmdDogM2VtOyB9CiAgICAgICAgdGFibGUudG9jIHsgbWFy
Z2luOiAwIDAgMCAzZW07IHBhZGRpbmc6IDA7IGJvcmRlcjogMDsgdmVydGljYWwtYWxpZ246IHRl
eHQtdG9wOyB9CiAgICAgICAgdGQudG9jIHsgZm9udC1zaXplOiBzbWFsbDsgZm9udC13ZWlnaHQ6
IGJvbGQ7IHZlcnRpY2FsLWFsaWduOiB0ZXh0LXRvcDsgfQoKICAgICAgICBvbC50ZXh0IHsgbWFy
Z2luLWxlZnQ6IDJlbTsgbWFyZ2luLXJpZ2h0OiAyZW07IH0KICAgICAgICB1bC50ZXh0IHsgbWFy
Z2luLWxlZnQ6IDJlbTsgbWFyZ2luLXJpZ2h0OiAyZW07IH0KICAgICAgICBsaSAgICAgIHsgbWFy
Z2luLWxlZnQ6IDNlbTsgfQoKICAgICAgICAvKiBSRkMtMjYyOSA8c3Bhbng+cyBhbmQgPGFydHdv
cms+cy4gKi8KICAgICAgICBlbSAgICAgeyBmb250LXN0eWxlOiBpdGFsaWM7IH0KICAgICAgICBz
dHJvbmcgeyBmb250LXdlaWdodDogYm9sZDsgfQogICAgICAgIGRmbiAgICB7IGZvbnQtd2VpZ2h0
OiBib2xkOyBmb250LXN0eWxlOiBub3JtYWw7IH0KICAgICAgICBjaXRlICAgeyBmb250LXdlaWdo
dDogbm9ybWFsOyBmb250LXN0eWxlOiBub3JtYWw7IH0KICAgICAgICB0dCAgICAgeyBjb2xvcjog
IzAzNjsgfQogICAgICAgIHR0LCBwcmUsIHByZSBkZm4sIHByZSBlbSwgcHJlIGNpdGUsIHByZSBz
cGFuIHsKICAgICAgICAgICAgICAgIGZvbnQtZmFtaWx5OiAiQ291cmllciBOZXciLCBDb3VyaWVy
LCBtb25vc3BhY2U7IGZvbnQtc2l6ZTogc21hbGw7CiAgICAgICAgfQogICAgICAgIHByZSB7CiAg
ICAgICAgICAgICAgICB0ZXh0LWFsaWduOiBsZWZ0OyBwYWRkaW5nOiA0cHg7CiAgICAgICAgICAg
ICAgICBjb2xvcjogIzAwMDsgYmFja2dyb3VuZC1jb2xvcjogI0NDQzsKICAgICAgICB9CiAgICAg
ICAgcHJlIGRmbiAgeyBjb2xvcjogIzkwMDsgfQogICAgICAgIHByZSBlbSAgIHsgY29sb3I6ICM2
NkY7IGJhY2tncm91bmQtY29sb3I6ICNGRkM7IGZvbnQtd2VpZ2h0OiBub3JtYWw7IH0KICAgICAg
ICBwcmUgLmtleSB7IGNvbG9yOiAjMzNDOyBmb250LXdlaWdodDogYm9sZDsgfQogICAgICAgIHBy
ZSAuaWQgIHsgY29sb3I6ICM5MDA7IH0KICAgICAgICBwcmUgLnN0ciB7IGNvbG9yOiAjMDAwOyBi
YWNrZ3JvdW5kLWNvbG9yOiAjQ0ZGOyB9CiAgICAgICAgcHJlIC52YWwgeyBjb2xvcjogIzA2Njsg
fQogICAgICAgIHByZSAucmVwIHsgY29sb3I6ICM5MDk7IH0KICAgICAgICBwcmUgLm90aCB7IGNv
bG9yOiAjMDAwOyBiYWNrZ3JvdW5kLWNvbG9yOiAjRkNGOyB9CiAgICAgICAgcHJlIC5lcnIgeyBi
YWNrZ3JvdW5kLWNvbG9yOiAjRkNDOyB9CgogICAgICAgIC8qIFJGQy0yNjI5IDx0ZXh0dGFibGU+
cy4gKi8KICAgICAgICB0YWJsZS5hbGwsIHRhYmxlLmZ1bGwsIHRhYmxlLmhlYWRlcnMsIHRhYmxl
Lm5vbmUgewogICAgICAgICAgICAgICAgZm9udC1zaXplOiBzbWFsbDsgdGV4dC1hbGlnbjogY2Vu
dGVyOyBib3JkZXItd2lkdGg6IDJweDsKICAgICAgICAgICAgICAgIHZlcnRpY2FsLWFsaWduOiB0
b3A7IGJvcmRlci1jb2xsYXBzZTogY29sbGFwc2U7CiAgICAgICAgfQogICAgICAgIHRhYmxlLmFs
bCwgdGFibGUuZnVsbCB7IGJvcmRlci1zdHlsZTogc29saWQ7IGJvcmRlci1jb2xvcjogYmxhY2s7
IH0KICAgICAgICB0YWJsZS5oZWFkZXJzLCB0YWJsZS5ub25lIHsgYm9yZGVyLXN0eWxlOiBub25l
OyB9CiAgICAgICAgdGggewogICAgICAgICAgICAgICAgZm9udC13ZWlnaHQ6IGJvbGQ7IGJvcmRl
ci1jb2xvcjogYmxhY2s7CiAgICAgICAgICAgICAgICBib3JkZXItd2lkdGg6IDJweCAycHggM3B4
IDJweDsKICAgICAgICB9CiAgICAgICAgdGFibGUuYWxsIHRoLCB0YWJsZS5mdWxsIHRoIHsgYm9y
ZGVyLXN0eWxlOiBzb2xpZDsgfQogICAgICAgIHRhYmxlLmhlYWRlcnMgdGggeyBib3JkZXItc3R5
bGU6IG5vbmUgbm9uZSBzb2xpZCBub25lOyB9CiAgICAgICAgdGFibGUubm9uZSB0aCB7IGJvcmRl
ci1zdHlsZTogbm9uZTsgfQogICAgICAgIHRhYmxlLmFsbCB0ZCB7CiAgICAgICAgICAgICAgICBi
b3JkZXItc3R5bGU6IHNvbGlkOyBib3JkZXItY29sb3I6ICMzMzM7CiAgICAgICAgICAgICAgICBi
b3JkZXItd2lkdGg6IDFweCAycHg7CiAgICAgICAgfQogICAgICAgIHRhYmxlLmZ1bGwgdGQsIHRh
YmxlLmhlYWRlcnMgdGQsIHRhYmxlLm5vbmUgdGQgeyBib3JkZXItc3R5bGU6IG5vbmU7IH0KCiAg
ICAgICAgaHIgeyBoZWlnaHQ6IDFweDsgfQogICAgICAgIGhyLmluc2VydCB7CiAgICAgICAgICAg
ICAgICB3aWR0aDogODAlOyBib3JkZXItc3R5bGU6IG5vbmU7IGJvcmRlci13aWR0aDogMDsKICAg
ICAgICAgICAgICAgIGNvbG9yOiAjQ0NDOyBiYWNrZ3JvdW5kLWNvbG9yOiAjQ0NDOwogICAgICAg
IH0KLS0+PC9zdHlsZT4KPC9oZWFkPgo8Ym9keT4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2Vs
bHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQi
Pjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9h
PjwvdGQ+PC90cj48L3RhYmxlPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiB3aWR0aD0iNjYlIiBi
b3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCI+PHRyPjx0ZD48dGFibGUg
c3VtbWFyeT0ibGF5b3V0IiB3aWR0aD0iMTAwJSIgYm9yZGVyPSIwIiBjZWxscGFkZGluZz0iMiIg
Y2VsbHNwYWNpbmc9IjEiPgo8dHI+PHRkIGNsYXNzPSJoZWFkZXIiPk5ldHdvcmsgV29ya2luZyBH
cm91cDwvdGQ+PHRkIGNsYXNzPSJoZWFkZXIiPkUuIEhhbW1lciwgRWQuPC90ZD48L3RyPgo8dHI+
PHRkIGNsYXNzPSJoZWFkZXIiPkludGVybmV0LURyYWZ0PC90ZD48dGQgY2xhc3M9ImhlYWRlciI+
Jm5ic3A7PC90ZD48L3RyPgo8dHI+PHRkIGNsYXNzPSJoZWFkZXIiPk9ic29sZXRlczogPGEgaHJl
Zj0naHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvcmZjNTg0OSc+NTg0OTwvYT4gKGlmJm5ic3A7
YXBwcm92ZWQpPC90ZD48dGQgY2xhc3M9ImhlYWRlciI+RC4gUmVjb3Jkb248L3RkPjwvdHI+Cjx0
cj48dGQgY2xhc3M9ImhlYWRlciI+SW50ZW5kZWQgc3RhdHVzOiBTdGFuZGFyZHMgVHJhY2s8L3Rk
Pjx0ZCBjbGFzcz0iaGVhZGVyIj5GYWNlYm9vazwvdGQ+PC90cj4KPHRyPjx0ZCBjbGFzcz0iaGVh
ZGVyIj5FeHBpcmVzOiBOb3ZlbWJlciAyNSwgMjAxMjwvdGQ+PHRkIGNsYXNzPSJoZWFkZXIiPkQu
IEhhcmR0PC90ZD48L3RyPgo8dHI+PHRkIGNsYXNzPSJoZWFkZXIiPiZuYnNwOzwvdGQ+PHRkIGNs
YXNzPSJoZWFkZXIiPk1pY3Jvc29mdDwvdGQ+PC90cj4KPHRyPjx0ZCBjbGFzcz0iaGVhZGVyIj4m
bmJzcDs8L3RkPjx0ZCBjbGFzcz0iaGVhZGVyIj5NYXkgMjQsIDIwMTI8L3RkPjwvdHI+CjwvdGFi
bGU+PC90ZD48L3RyPjwvdGFibGU+CjxoMT48YnIgLz5UaGUgT0F1dGggMi4wIEF1dGhvcml6YXRp
b24gRnJhbWV3b3JrPGJyIC8+ZHJhZnQtaWV0Zi1vYXV0aC12Mi0yNzwvaDE+Cgo8aDM+QWJzdHJh
Y3Q8L2gzPgoKPHA+CiAgICAgICAgVGhlIE9BdXRoIDIuMCBhdXRob3JpemF0aW9uIGZyYW1ld29y
ayBlbmFibGVzIGEgdGhpcmQtcGFydHkgYXBwbGljYXRpb24gdG8gb2J0YWluIGxpbWl0ZWQKICAg
ICAgICBhY2Nlc3MgdG8gYW4gSFRUUCBzZXJ2aWNlLCBlaXRoZXIgb24gYmVoYWxmIG9mIGEgcmVz
b3VyY2Ugb3duZXIgYnkgb3JjaGVzdHJhdGluZyBhbiBhcHByb3ZhbAogICAgICAgIGludGVyYWN0
aW9uIGJldHdlZW4gdGhlIHJlc291cmNlIG93bmVyIGFuZCB0aGUgSFRUUCBzZXJ2aWNlLCBvciBi
eSBhbGxvd2luZyB0aGUgdGhpcmQtcGFydHkKICAgICAgICBhcHBsaWNhdGlvbiB0byBvYnRhaW4g
YWNjZXNzIG9uIGl0cyBvd24gYmVoYWxmLiBUaGlzIHNwZWNpZmljYXRpb24gcmVwbGFjZXMgYW5k
IG9ic29sZXRlcwogICAgICAgIHRoZSBPQXV0aCAxLjAgcHJvdG9jb2wgZGVzY3JpYmVkIGluIFJG
QyA1ODQ5LgogICAgICAKPC9wPgo8aDM+U3RhdHVzIG9mIHRoaXMgTWVtbzwvaDM+CjxwPgpUaGlz
IEludGVybmV0LURyYWZ0IGlzIHN1Ym1pdHRlZCAgaW4gZnVsbApjb25mb3JtYW5jZSB3aXRoIHRo
ZSBwcm92aXNpb25zIG9mIEJDUCZuYnNwOzc4IGFuZCBCQ1AmbmJzcDs3OS48L3A+CjxwPgpJbnRl
cm5ldC1EcmFmdHMgYXJlIHdvcmtpbmcgZG9jdW1lbnRzIG9mIHRoZSBJbnRlcm5ldCBFbmdpbmVl
cmluZwpUYXNrIEZvcmNlIChJRVRGKS4gIE5vdGUgdGhhdCBvdGhlciBncm91cHMgbWF5IGFsc28g
ZGlzdHJpYnV0ZQp3b3JraW5nIGRvY3VtZW50cyBhcyBJbnRlcm5ldC1EcmFmdHMuICBUaGUgbGlz
dCBvZiBjdXJyZW50CkludGVybmV0LURyYWZ0cyBpcyBhdCBodHRwOi8vZGF0YXRyYWNrZXIuaWV0
Zi5vcmcvZHJhZnRzL2N1cnJlbnQvLjwvcD4KPHA+CkludGVybmV0LURyYWZ0cyBhcmUgZHJhZnQg
ZG9jdW1lbnRzIHZhbGlkIGZvciBhIG1heGltdW0gb2Ygc2l4IG1vbnRocwphbmQgbWF5IGJlIHVw
ZGF0ZWQsIHJlcGxhY2VkLCBvciBvYnNvbGV0ZWQgYnkgb3RoZXIgZG9jdW1lbnRzIGF0IGFueSB0
aW1lLgpJdCBpcyBpbmFwcHJvcHJpYXRlIHRvIHVzZSBJbnRlcm5ldC1EcmFmdHMgYXMgcmVmZXJl
bmNlIG1hdGVyaWFsIG9yIHRvIGNpdGUKdGhlbSBvdGhlciB0aGFuIGFzICZsZHF1bzt3b3JrIGlu
IHByb2dyZXNzLiZyZHF1bzs8L3A+CjxwPgpUaGlzIEludGVybmV0LURyYWZ0IHdpbGwgZXhwaXJl
IG9uIE5vdmVtYmVyIDI1LCAyMDEyLjwvcD4KCjxoMz5Db3B5cmlnaHQgTm90aWNlPC9oMz4KPHA+
CkNvcHlyaWdodCAoYykgMjAxMiBJRVRGIFRydXN0IGFuZCB0aGUgcGVyc29ucyBpZGVudGlmaWVk
IGFzIHRoZQpkb2N1bWVudCBhdXRob3JzLiAgQWxsIHJpZ2h0cyByZXNlcnZlZC48L3A+CjxwPgpU
aGlzIGRvY3VtZW50IGlzIHN1YmplY3QgdG8gQkNQIDc4IGFuZCB0aGUgSUVURiBUcnVzdCdzIExl
Z2FsClByb3Zpc2lvbnMgUmVsYXRpbmcgdG8gSUVURiBEb2N1bWVudHMKKGh0dHA6Ly90cnVzdGVl
LmlldGYub3JnL2xpY2Vuc2UtaW5mbykgaW4gZWZmZWN0IG9uIHRoZSBkYXRlIG9mCnB1YmxpY2F0
aW9uIG9mIHRoaXMgZG9jdW1lbnQuICBQbGVhc2UgcmV2aWV3IHRoZXNlIGRvY3VtZW50cwpjYXJl
ZnVsbHksIGFzIHRoZXkgZGVzY3JpYmUgeW91ciByaWdodHMgYW5kIHJlc3RyaWN0aW9ucyB3aXRo
IHJlc3BlY3QKdG8gdGhpcyBkb2N1bWVudC4gQ29kZSBDb21wb25lbnRzIGV4dHJhY3RlZCBmcm9t
IHRoaXMgZG9jdW1lbnQgbXVzdAppbmNsdWRlIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgdGV4dCBh
cyBkZXNjcmliZWQgaW4gU2VjdGlvbiA0LmUgb2YKdGhlIFRydXN0IExlZ2FsIFByb3Zpc2lvbnMg
YW5kIGFyZSBwcm92aWRlZCB3aXRob3V0IHdhcnJhbnR5IGFzCmRlc2NyaWJlZCBpbiB0aGUgU2lt
cGxpZmllZCBCU0QgTGljZW5zZS48L3A+CjxhIG5hbWU9InRvYyI+PC9hPjxiciAvPjxociAvPgo8
aDM+VGFibGUgb2YgQ29udGVudHM8L2gzPgo8cCBjbGFzcz0idG9jIj4KPGEgaHJlZj0iI2FuY2hv
cjEiPjEuPC9hPiZuYnNwOwpJbnRyb2R1Y3Rpb248YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i
c3A7PGEgaHJlZj0iI2FuY2hvcjIiPjEuMS48L2E+Jm5ic3A7ClJvbGVzPGJyIC8+CiZuYnNwOyZu
YnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNhbmNob3IzIj4xLjIuPC9hPiZuYnNwOwpQcm90b2Nv
bCBGbG93PGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNhbmNob3I0Ij4x
LjMuPC9hPiZuYnNwOwpBdXRob3JpemF0aW9uIEdyYW50PGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNhbmNob3I1Ij4xLjMuMS48
L2E+Jm5ic3A7CkF1dGhvcml6YXRpb24gQ29kZTxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJz
cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjYW5jaG9yNiI+MS4zLjIuPC9hPiZu
YnNwOwpJbXBsaWNpdDxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm
bmJzcDsmbmJzcDs8YSBocmVmPSIjYW5jaG9yNyI+MS4zLjMuPC9hPiZuYnNwOwpSZXNvdXJjZSBP
d25lciBQYXNzd29yZCBDcmVkZW50aWFsczxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm
bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjYW5jaG9yOCI+MS4zLjQuPC9hPiZuYnNw
OwpDbGllbnQgQ3JlZGVudGlhbHM8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJl
Zj0iI2FuY2hvcjkiPjEuNC48L2E+Jm5ic3A7CkFjY2VzcyBUb2tlbjxiciAvPgombmJzcDsmbmJz
cDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjYW5jaG9yMTAiPjEuNS48L2E+Jm5ic3A7ClJlZnJlc2gg
VG9rZW48YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI3RscyI+MS42Ljwv
YT4mbmJzcDsKVExTIFZlcnNpb248YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJl
Zj0iI2FuY2hvcjExIj4xLjcuPC9hPiZuYnNwOwpIVFRQIFJlZGlyZWN0aW9uczxiciAvPgombmJz
cDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjYW5jaG9yMTIiPjEuOC48L2E+Jm5ic3A7Cklu
dGVyb3BlcmFiaWxpdHk8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2Fu
Y2hvcjEzIj4xLjkuPC9hPiZuYnNwOwpOb3RhdGlvbmFsIENvbnZlbnRpb25zPGJyIC8+CjxhIGhy
ZWY9IiNhbmNob3IxNCI+Mi48L2E+Jm5ic3A7CkNsaWVudCBSZWdpc3RyYXRpb248YnIgLz4KJm5i
c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2NsaWVudC10eXBlcyI+Mi4xLjwvYT4mbmJz
cDsKQ2xpZW50IFR5cGVzPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNj
bGllbnQtaWRlbnRpZmllciI+Mi4yLjwvYT4mbmJzcDsKQ2xpZW50IElkZW50aWZpZXI8YnIgLz4K
Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2NsaWVudC1hdXRoZW50aWNhdGlvbiI+
Mi4zLjwvYT4mbmJzcDsKQ2xpZW50IEF1dGhlbnRpY2F0aW9uPGJyIC8+CiZuYnNwOyZuYnNwOyZu
YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNhbmNob3IxNSI+Mi4z
LjEuPC9hPiZuYnNwOwpDbGllbnQgUGFzc3dvcmQ8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2FuY2hvcjE2Ij4yLjMuMi48L2E+
Jm5ic3A7Ck90aGVyIEF1dGhlbnRpY2F0aW9uIE1ldGhvZHM8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7PGEgaHJlZj0iI2FuY2hvcjE3Ij4yLjQuPC9hPiZuYnNwOwpVbnJlZ2lzdGVyZWQg
Q2xpZW50czxiciAvPgo8YSBocmVmPSIjYW5jaG9yMTgiPjMuPC9hPiZuYnNwOwpQcm90b2NvbCBF
bmRwb2ludHM8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2FuY2hvcjE5
Ij4zLjEuPC9hPiZuYnNwOwpBdXRob3JpemF0aW9uIEVuZHBvaW50PGJyIC8+CiZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNhbmNob3IyMCI+
My4xLjEuPC9hPiZuYnNwOwpSZXNwb25zZSBUeXBlPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZu
YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNyZWRpcmVjdC11cmkiPjMuMS4y
LjwvYT4mbmJzcDsKUmVkaXJlY3Rpb24gRW5kcG9pbnQ8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7
Jm5ic3A7PGEgaHJlZj0iI2FuY2hvcjI2Ij4zLjIuPC9hPiZuYnNwOwpUb2tlbiBFbmRwb2ludDxi
ciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBo
cmVmPSIjdG9rZW4tZW5kcG9pbnQtYXV0aCI+My4yLjEuPC9hPiZuYnNwOwpDbGllbnQgQXV0aGVu
dGljYXRpb248YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI3Njb3BlIj4z
LjMuPC9hPiZuYnNwOwpBY2Nlc3MgVG9rZW4gU2NvcGU8YnIgLz4KPGEgaHJlZj0iI2FuY2hvcjI3
Ij40LjwvYT4mbmJzcDsKT2J0YWluaW5nIEF1dGhvcml6YXRpb248YnIgLz4KJm5ic3A7Jm5ic3A7
Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2dyYW50LWNvZGUiPjQuMS48L2E+Jm5ic3A7CkF1dGhvcml6
YXRpb24gQ29kZSBHcmFudDxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz
cDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjY29kZS1hdXRoei1yZXEiPjQuMS4xLjwvYT4mbmJzcDsK
QXV0aG9yaXphdGlvbiBSZXF1ZXN0PGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNhbmNob3IyOCI+NC4xLjIuPC9hPiZuYnNwOwpB
dXRob3JpemF0aW9uIFJlc3BvbnNlPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNhbmNob3IyOSI+NC4xLjMuPC9hPiZuYnNwOwpB
Y2Nlc3MgVG9rZW4gUmVxdWVzdDxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm
bmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjYW5jaG9yMzAiPjQuMS40LjwvYT4mbmJzcDsKQWNj
ZXNzIFRva2VuIFJlc3BvbnNlPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9
IiNncmFudC1pbXBsaWNpdCI+NC4yLjwvYT4mbmJzcDsKSW1wbGljaXQgR3JhbnQ8YnIgLz4KJm5i
c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2lt
cGxpY2l0LWF1dGh6LXJlcSI+NC4yLjEuPC9hPiZuYnNwOwpBdXRob3JpemF0aW9uIFJlcXVlc3Q8
YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEg
aHJlZj0iI2FuY2hvcjMxIj40LjIuMi48L2E+Jm5ic3A7CkFjY2VzcyBUb2tlbiBSZXNwb25zZTxi
ciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjZ3JhbnQtcGFzc3dvcmQiPjQu
My48L2E+Jm5ic3A7ClJlc291cmNlIE93bmVyIFBhc3N3b3JkIENyZWRlbnRpYWxzIEdyYW50PGJy
IC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhy
ZWY9IiNhbmNob3IzMiI+NC4zLjEuPC9hPiZuYnNwOwpBdXRob3JpemF0aW9uIFJlcXVlc3QgYW5k
IFJlc3BvbnNlPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOzxhIGhyZWY9IiNhbmNob3IzMyI+NC4zLjIuPC9hPiZuYnNwOwpBY2Nlc3MgVG9rZW4g
UmVxdWVzdDxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm
bmJzcDs8YSBocmVmPSIjYW5jaG9yMzQiPjQuMy4zLjwvYT4mbmJzcDsKQWNjZXNzIFRva2VuIFJl
c3BvbnNlPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNncmFudC1jbGll
bnQiPjQuNC48L2E+Jm5ic3A7CkNsaWVudCBDcmVkZW50aWFscyBHcmFudDxiciAvPgombmJzcDsm
bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjYW5jaG9y
MzUiPjQuNC4xLjwvYT4mbmJzcDsKQXV0aG9yaXphdGlvbiBSZXF1ZXN0IGFuZCBSZXNwb25zZTxi
ciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBo
cmVmPSIjYW5jaG9yMzYiPjQuNC4yLjwvYT4mbmJzcDsKQWNjZXNzIFRva2VuIFJlcXVlc3Q8YnIg
Lz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJl
Zj0iI2FuY2hvcjM3Ij40LjQuMy48L2E+Jm5ic3A7CkFjY2VzcyBUb2tlbiBSZXNwb25zZTxiciAv
PgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjYW5jaG9yMzgiPjQuNS48L2E+Jm5i
c3A7CkV4dGVuc2lvbiBHcmFudHM8YnIgLz4KPGEgaHJlZj0iI3Rva2VuLWlzc3VlIj41LjwvYT4m
bmJzcDsKSXNzdWluZyBhbiBBY2Nlc3MgVG9rZW48YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i
c3A7PGEgaHJlZj0iI3Rva2VuLXJlc3BvbnNlIj41LjEuPC9hPiZuYnNwOwpTdWNjZXNzZnVsIFJl
c3BvbnNlPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiN0b2tlbi1lcnJv
cnMiPjUuMi48L2E+Jm5ic3A7CkVycm9yIFJlc3BvbnNlPGJyIC8+CjxhIGhyZWY9IiN0b2tlbi1y
ZWZyZXNoIj42LjwvYT4mbmJzcDsKUmVmcmVzaGluZyBhbiBBY2Nlc3MgVG9rZW48YnIgLz4KPGEg
aHJlZj0iI2FjY2Vzcy1yZXNvdXJjZSI+Ny48L2E+Jm5ic3A7CkFjY2Vzc2luZyBQcm90ZWN0ZWQg
UmVzb3VyY2VzPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiN0b2tlbi10
eXBlcyI+Ny4xLjwvYT4mbmJzcDsKQWNjZXNzIFRva2VuIFR5cGVzPGJyIC8+CiZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNyZXNvdXJjZS1lcnJvcnMiPjcuMi48L2E+Jm5ic3A7CkVy
cm9yIFJlc3BvbnNlPGJyIC8+CjxhIGhyZWY9IiNleHRlbnNpb25zIj44LjwvYT4mbmJzcDsKRXh0
ZW5zaWJpbGl0eTxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjbmV3LXR5
cGVzIj44LjEuPC9hPiZuYnNwOwpEZWZpbmluZyBBY2Nlc3MgVG9rZW4gVHlwZXM8YnIgLz4KJm5i
c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2FuY2hvcjM5Ij44LjIuPC9hPiZuYnNwOwpE
ZWZpbmluZyBOZXcgRW5kcG9pbnQgUGFyYW1ldGVyczxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsm
bmJzcDs8YSBocmVmPSIjYW5jaG9yNDAiPjguMy48L2E+Jm5ic3A7CkRlZmluaW5nIE5ldyBBdXRo
b3JpemF0aW9uIEdyYW50IFR5cGVzPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhy
ZWY9IiNyZXNwb25zZS10eXBlLWV4dCI+OC40LjwvYT4mbmJzcDsKRGVmaW5pbmcgTmV3IEF1dGhv
cml6YXRpb24gRW5kcG9pbnQgUmVzcG9uc2UgVHlwZXM8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7
Jm5ic3A7PGEgaHJlZj0iI25ldy1lcnJvcnMiPjguNS48L2E+Jm5ic3A7CkRlZmluaW5nIEFkZGl0
aW9uYWwgRXJyb3IgQ29kZXM8YnIgLz4KPGEgaHJlZj0iI2FuY2hvcjQxIj45LjwvYT4mbmJzcDsK
TmF0aXZlIEFwcGxpY2F0aW9uczxiciAvPgo8YSBocmVmPSIjYW5jaG9yNDIiPjEwLjwvYT4mbmJz
cDsKU2VjdXJpdHkgQ29uc2lkZXJhdGlvbnM8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7
PGEgaHJlZj0iI2FuY2hvcjQzIj4xMC4xLjwvYT4mbmJzcDsKQ2xpZW50IEF1dGhlbnRpY2F0aW9u
PGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNhbmNob3I0NCI+MTAuMi48
L2E+Jm5ic3A7CkNsaWVudCBJbXBlcnNvbmF0aW9uPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZu
YnNwOzxhIGhyZWY9IiNhbmNob3I0NSI+MTAuMy48L2E+Jm5ic3A7CkFjY2VzcyBUb2tlbnM8YnIg
Lz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2FuY2hvcjQ2Ij4xMC40LjwvYT4m
bmJzcDsKUmVmcmVzaCBUb2tlbnM8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJl
Zj0iI2FuY2hvcjQ3Ij4xMC41LjwvYT4mbmJzcDsKQXV0aG9yaXphdGlvbiBDb2RlczxiciAvPgom
bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjYW5jaG9yNDgiPjEwLjYuPC9hPiZuYnNw
OwpBdXRob3JpemF0aW9uIENvZGUgUmVkaXJlY3Rpb24gVVJJIE1hbmlwdWxhdGlvbjxiciAvPgom
bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjYW5jaG9yNDkiPjEwLjcuPC9hPiZuYnNw
OwpSZXNvdXJjZSBPd25lciBQYXNzd29yZCBDcmVkZW50aWFsczxiciAvPgombmJzcDsmbmJzcDsm
bmJzcDsmbmJzcDs8YSBocmVmPSIjYW5jaG9yNTAiPjEwLjguPC9hPiZuYnNwOwpSZXF1ZXN0IENv
bmZpZGVudGlhbGl0eTxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjYW5j
aG9yNTEiPjEwLjkuPC9hPiZuYnNwOwpFbmRwb2ludHMgQXV0aGVudGljaXR5PGJyIC8+CiZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNhbnRocm9weSI+MTAuMTAuPC9hPiZuYnNwOwpD
cmVkZW50aWFscyBHdWVzc2luZyBBdHRhY2tzPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OzxhIGhyZWY9IiNhbmNob3I1MiI+MTAuMTEuPC9hPiZuYnNwOwpQaGlzaGluZyBBdHRhY2tzPGJy
IC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNDU1JGIj4xMC4xMi48L2E+Jm5i
c3A7CkNyb3NzLVNpdGUgUmVxdWVzdCBGb3JnZXJ5PGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZu
YnNwOzxhIGhyZWY9IiNhbmNob3I1MyI+MTAuMTMuPC9hPiZuYnNwOwpDbGlja2phY2tpbmc8YnIg
Lz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2FuY2hvcjU0Ij4xMC4xNC48L2E+
Jm5ic3A7CkNvZGUgSW5qZWN0aW9uIGFuZCBJbnB1dCBWYWxpZGF0aW9uPGJyIC8+CiZuYnNwOyZu
YnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNvcGVuLXJlZGlyZWN0Ij4xMC4xNS48L2E+Jm5ic3A7
Ck9wZW4gUmVkaXJlY3RvcnM8YnIgLz4KPGEgaHJlZj0iI2FuY2hvcjU1Ij4xMS48L2E+Jm5ic3A7
CklBTkEgQ29uc2lkZXJhdGlvbnM8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJl
Zj0iI3R5cGUtcmVnaXN0cnkiPjExLjEuPC9hPiZuYnNwOwpUaGUgT0F1dGggQWNjZXNzIFRva2Vu
IFR5cGUgUmVnaXN0cnk8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7
Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2FuY2hvcjU2Ij4xMS4xLjEuPC9hPiZuYnNwOwpSZWdpc3Ry
YXRpb24gVGVtcGxhdGU8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI3Bh
cmFtZXRlcnMtcmVnaXN0cnkiPjExLjIuPC9hPiZuYnNwOwpUaGUgT0F1dGggUGFyYW1ldGVycyBS
ZWdpc3RyeTxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm
bmJzcDs8YSBocmVmPSIjYW5jaG9yNTciPjExLjIuMS48L2E+Jm5ic3A7ClJlZ2lzdHJhdGlvbiBU
ZW1wbGF0ZTxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm
bmJzcDs8YSBocmVmPSIjYW5jaG9yNTgiPjExLjIuMi48L2E+Jm5ic3A7CkluaXRpYWwgUmVnaXN0
cnkgQ29udGVudHM8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI3Jlc3Bv
bnNlLXR5cGUtcmVnaXN0cnkiPjExLjMuPC9hPiZuYnNwOwpUaGUgT0F1dGggQXV0aG9yaXphdGlv
biBFbmRwb2ludCBSZXNwb25zZSBUeXBlIFJlZ2lzdHJ5PGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNhbmNob3I1OSI+MTEuMy4x
LjwvYT4mbmJzcDsKUmVnaXN0cmF0aW9uIFRlbXBsYXRlPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNhbmNob3I2MCI+MTEuMy4y
LjwvYT4mbmJzcDsKSW5pdGlhbCBSZWdpc3RyeSBDb250ZW50czxiciAvPgombmJzcDsmbmJzcDsm
bmJzcDsmbmJzcDs8YSBocmVmPSIjZXJyb3ItcmVnaXN0cnkiPjExLjQuPC9hPiZuYnNwOwpUaGUg
T0F1dGggRXh0ZW5zaW9ucyBFcnJvciBSZWdpc3RyeTxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsm
bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjYW5jaG9yNjEiPjExLjQuMS48
L2E+Jm5ic3A7ClJlZ2lzdHJhdGlvbiBUZW1wbGF0ZTxiciAvPgo8YSBocmVmPSIjcmZjLnJlZmVy
ZW5jZXMxIj4xMi48L2E+Jm5ic3A7ClJlZmVyZW5jZXM8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7
Jm5ic3A7PGEgaHJlZj0iI3JmYy5yZWZlcmVuY2VzMSI+MTIuMS48L2E+Jm5ic3A7Ck5vcm1hdGl2
ZSBSZWZlcmVuY2VzPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNyZmMu
cmVmZXJlbmNlczIiPjEyLjIuPC9hPiZuYnNwOwpJbmZvcm1hdGl2ZSBSZWZlcmVuY2VzPGJyIC8+
CjxhIGhyZWY9IiNhbmNob3I2NCI+QXBwZW5kaXgmbmJzcDtBLjwvYT4mbmJzcDsKQWNrbm93bGVk
Z2VtZW50czxiciAvPgo8YSBocmVmPSIjYW5jaG9yNjUiPkFwcGVuZGl4Jm5ic3A7Qi48L2E+Jm5i
c3A7CkVkaXRvcidzIE5vdGVzPGJyIC8+CjxhIGhyZWY9IiNyZmMuYXV0aG9ycyI+JiMxNjc7PC9h
PiZuYnNwOwpBdXRob3JzJyBBZGRyZXNzZXM8YnIgLz4KPC9wPgo8YnIgY2xlYXI9ImFsbCIgLz4K
CjxhIG5hbWU9ImFuY2hvcjEiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91
dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0i
cmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5i
c3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi4xIj48L2E+PGgz
PjEuJm5ic3A7CkludHJvZHVjdGlvbjwvaDM+Cgo8cD4KICAgICAgICBJbiB0aGUgdHJhZGl0aW9u
YWwgY2xpZW50LXNlcnZlciBhdXRoZW50aWNhdGlvbiBtb2RlbCwgdGhlIGNsaWVudCByZXF1ZXN0
cyBhbiBhY2Nlc3MKICAgICAgICByZXN0cmljdGVkIHJlc291cmNlIChwcm90ZWN0ZWQgcmVzb3Vy
Y2UpIG9uIHRoZSBzZXJ2ZXIgYnkgYXV0aGVudGljYXRpbmcgd2l0aCB0aGUgc2VydmVyCiAgICAg
ICAgdXNpbmcgdGhlIHJlc291cmNlIG93bmVyJ3MgY3JlZGVudGlhbHMuIEluIG9yZGVyIHRvIHBy
b3ZpZGUgdGhpcmQtcGFydHkgYXBwbGljYXRpb25zIGFjY2VzcwogICAgICAgIHRvIHJlc3RyaWN0
ZWQgcmVzb3VyY2VzLCB0aGUgcmVzb3VyY2Ugb3duZXIgc2hhcmVzIGl0cyBjcmVkZW50aWFscyB3
aXRoIHRoZSB0aGlyZC1wYXJ0eS4KICAgICAgICBUaGlzIGNyZWF0ZXMgc2V2ZXJhbCBwcm9ibGVt
cyBhbmQgbGltaXRhdGlvbnM6CiAgICAgIAo8L3A+CjxwPgogICAgICAgIDwvcD4KPHVsIGNsYXNz
PSJ0ZXh0Ij4KPGxpPgogICAgICAgICAgICBUaGlyZC1wYXJ0eSBhcHBsaWNhdGlvbnMgYXJlIHJl
cXVpcmVkIHRvIHN0b3JlIHRoZSByZXNvdXJjZSBvd25lcidzIGNyZWRlbnRpYWxzCiAgICAgICAg
ICAgIGZvciBmdXR1cmUgdXNlLCB0eXBpY2FsbHkgYSBwYXNzd29yZCBpbiBjbGVhci10ZXh0Lgog
ICAgICAgICAgCjwvbGk+CjxsaT4KICAgICAgICAgICAgU2VydmVycyBhcmUgcmVxdWlyZWQgdG8g
c3VwcG9ydCBwYXNzd29yZCBhdXRoZW50aWNhdGlvbiwgZGVzcGl0ZSB0aGUgc2VjdXJpdHkKICAg
ICAgICAgICAgd2Vha25lc3NlcyBpbmhlcmVudCBpbiBwYXNzd29yZHMuCiAgICAgICAgICAKPC9s
aT4KPGxpPgogICAgICAgICAgICBUaGlyZC1wYXJ0eSBhcHBsaWNhdGlvbnMgZ2FpbiBvdmVybHkg
YnJvYWQgYWNjZXNzIHRvIHRoZSByZXNvdXJjZSBvd25lcidzIHByb3RlY3RlZAogICAgICAgICAg
ICByZXNvdXJjZXMsIGxlYXZpbmcgcmVzb3VyY2Ugb3duZXJzIHdpdGhvdXQgYW55IGFiaWxpdHkg
dG8gcmVzdHJpY3QgZHVyYXRpb24gb3IgYWNjZXNzCiAgICAgICAgICAgIHRvIGEgbGltaXRlZCBz
dWJzZXQgb2YgcmVzb3VyY2VzLgogICAgICAgICAgCjwvbGk+CjxsaT4KICAgICAgICAgICAgUmVz
b3VyY2Ugb3duZXJzIGNhbm5vdCByZXZva2UgYWNjZXNzIHRvIGFuIGluZGl2aWR1YWwgdGhpcmQt
cGFydHkgd2l0aG91dCByZXZva2luZwogICAgICAgICAgICBhY2Nlc3MgdG8gYWxsIHRoaXJkLXBh
cnRpZXMsIGFuZCBtdXN0IGRvIHNvIGJ5IGNoYW5naW5nIHRoZWlyIHBhc3N3b3JkLgogICAgICAg
ICAgCjwvbGk+CjxsaT4KICAgICAgICAgICAgQ29tcHJvbWlzZSBvZiBhbnkgdGhpcmQtcGFydHkg
YXBwbGljYXRpb24gcmVzdWx0cyBpbiBjb21wcm9taXNlIG9mIHRoZSBlbmQtdXNlcidzCiAgICAg
ICAgICAgIHBhc3N3b3JkIGFuZCBhbGwgb2YgdGhlIGRhdGEgcHJvdGVjdGVkIGJ5IHRoYXQgcGFz
c3dvcmQuCiAgICAgICAgICAKPC9saT4KPC91bD48cD4KICAgICAgCjwvcD4KPHA+CiAgICAgICAg
T0F1dGggYWRkcmVzc2VzIHRoZXNlIGlzc3VlcyBieSBpbnRyb2R1Y2luZyBhbiBhdXRob3JpemF0
aW9uIGxheWVyIGFuZCBzZXBhcmF0aW5nIHRoZSByb2xlCiAgICAgICAgb2YgdGhlIGNsaWVudCBm
cm9tIHRoYXQgb2YgdGhlIHJlc291cmNlIG93bmVyLiBJbiBPQXV0aCwgdGhlIGNsaWVudCByZXF1
ZXN0cyBhY2Nlc3MgdG8KICAgICAgICByZXNvdXJjZXMgY29udHJvbGxlZCBieSB0aGUgcmVzb3Vy
Y2Ugb3duZXIgYW5kIGhvc3RlZCBieSB0aGUgcmVzb3VyY2Ugc2VydmVyLCBhbmQgaXMgaXNzdWVk
CiAgICAgICAgYSBkaWZmZXJlbnQgc2V0IG9mIGNyZWRlbnRpYWxzIHRoYW4gdGhvc2Ugb2YgdGhl
IHJlc291cmNlIG93bmVyLgogICAgICAKPC9wPgo8cD4KICAgICAgICBJbnN0ZWFkIG9mIHVzaW5n
IHRoZSByZXNvdXJjZSBvd25lcidzIGNyZWRlbnRpYWxzIHRvIGFjY2VzcyBwcm90ZWN0ZWQgcmVz
b3VyY2VzLCB0aGUgY2xpZW50CiAgICAgICAgb2J0YWlucyBhbiBhY2Nlc3MgdG9rZW4gLSBhIHN0
cmluZyBkZW5vdGluZyBhIHNwZWNpZmljIHNjb3BlLCBsaWZldGltZSwgYW5kIG90aGVyIGFjY2Vz
cwogICAgICAgIGF0dHJpYnV0ZXMuIEFjY2VzcyB0b2tlbnMgYXJlIGlzc3VlZCB0byB0aGlyZC1w
YXJ0eSBjbGllbnRzIGJ5IGFuIGF1dGhvcml6YXRpb24gc2VydmVyIHdpdGgKICAgICAgICB0aGUg
YXBwcm92YWwgb2YgdGhlIHJlc291cmNlIG93bmVyLiBUaGUgY2xpZW50IHVzZXMgdGhlIGFjY2Vz
cyB0b2tlbiB0byBhY2Nlc3MgdGhlCiAgICAgICAgcHJvdGVjdGVkIHJlc291cmNlcyBob3N0ZWQg
YnkgdGhlIHJlc291cmNlIHNlcnZlci4KICAgICAgCjwvcD4KPHA+CiAgICAgICAgRm9yIGV4YW1w
bGUsIGFuIGVuZC11c2VyIChyZXNvdXJjZSBvd25lcikgY2FuIGdyYW50IGEgcHJpbnRpbmcgc2Vy
dmljZSAoY2xpZW50KSBhY2Nlc3MKICAgICAgICB0byBoZXIgcHJvdGVjdGVkIHBob3RvcyBzdG9y
ZWQgYXQgYSBwaG90byBzaGFyaW5nIHNlcnZpY2UgKHJlc291cmNlIHNlcnZlciksIHdpdGhvdXQK
ICAgICAgICBzaGFyaW5nIGhlciB1c2VybmFtZSBhbmQgcGFzc3dvcmQgd2l0aCB0aGUgcHJpbnRp
bmcgc2VydmljZS4gSW5zdGVhZCwgc2hlIGF1dGhlbnRpY2F0ZXMKICAgICAgICBkaXJlY3RseSB3
aXRoIGEgc2VydmVyIHRydXN0ZWQgYnkgdGhlIHBob3RvIHNoYXJpbmcgc2VydmljZSAoYXV0aG9y
aXphdGlvbiBzZXJ2ZXIpIHdoaWNoCiAgICAgICAgaXNzdWVzIHRoZSBwcmludGluZyBzZXJ2aWNl
IGRlbGVnYXRpb24tc3BlY2lmaWMgY3JlZGVudGlhbHMgKGFjY2VzcyB0b2tlbikuCiAgICAgIAo8
L3A+CjxwPgogICAgICAgIFRoaXMgc3BlY2lmaWNhdGlvbiBpcyBkZXNpZ25lZCBmb3IgdXNlIHdp
dGggSFRUUCAoPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNSRkMyNjE2Jz5bUkZDMjYxNl08c3Bhbj4g
KDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+RmllbGRpbmcsIFIuLCBHZXR0eXMsIEouLCBNb2d1
bCwgSi4sIEZyeXN0eWssIEguLCBNYXNpbnRlciwgTC4sIExlYWNoLCBQLiwgYW5kIFQuIEJlcm5l
cnMtTGVlLCAmbGRxdW87SHlwZXJ0ZXh0IFRyYW5zZmVyIFByb3RvY29sIC0tIEhUVFAvMS4xLCZy
ZHF1bzsgSnVuZSZuYnNwOzE5OTkuPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPikuIFRoZSB1c2Ug
b2YKICAgICAgICBPQXV0aCBvdmVyIGFueSBvdGhlciBwcm90b2NvbCB0aGFuIEhUVFAgaXMgb3V0
IG9mIHNjb3BlLgogICAgICAKPC9wPgo8cD4KICAgICAgICBUaGUgT0F1dGggMS4wIHByb3RvY29s
ICg8YSBjbGFzcz0naW5mbycgaHJlZj0nI1JGQzU4NDknPltSRkM1ODQ5XTxzcGFuPiAoPC9zcGFu
PjxzcGFuIGNsYXNzPSdpbmZvJz5IYW1tZXItTGFoYXYsIEUuLCAmbGRxdW87VGhlIE9BdXRoIDEu
MCBQcm90b2NvbCwmcmRxdW87IEFwcmlsJm5ic3A7MjAxMC48L3NwYW4+PHNwYW4+KTwvc3Bhbj48
L2E+KSwgcHVibGlzaGVkIGFzIGFuIGluZm9ybWF0aW9uYWwgZG9jdW1lbnQsCiAgICAgICAgd2Fz
IHRoZSByZXN1bHQgb2YgYSBzbWFsbCBhZC1ob2MgY29tbXVuaXR5IGVmZm9ydC4gVGhpcyBzdGFu
ZGFyZHMtdHJhY2sgc3BlY2lmaWNhdGlvbiBidWlsZHMKICAgICAgICBvbiB0aGUgT0F1dGggMS4w
IGRlcGxveW1lbnQgZXhwZXJpZW5jZSwgYXMgd2VsbCBhcyBhZGRpdGlvbmFsIHVzZSBjYXNlcyBh
bmQgZXh0ZW5zaWJpbGl0eQogICAgICAgIHJlcXVpcmVtZW50cyBnYXRoZXJlZCBmcm9tIHRoZSB3
aWRlciBJRVRGIGNvbW11bml0eS4gVGhlIE9BdXRoIDIuMCBwcm90b2NvbCBpcyBub3QgYmFja3dh
cmQKICAgICAgICBjb21wYXRpYmxlIHdpdGggT0F1dGggMS4wLiBUaGUgdHdvIHZlcnNpb25zIG1h
eSBjby1leGlzdCBvbiB0aGUgbmV0d29yayBhbmQgaW1wbGVtZW50YXRpb25zCiAgICAgICAgbWF5
IGNob29zZSB0byBzdXBwb3J0IGJvdGguIEhvd2V2ZXIsIGl0IGlzIHRoZSBpbnRlbnRpb24gb2Yg
dGhpcyBzcGVjaWZpY2F0aW9uIHRoYXQgbmV3CiAgICAgICAgaW1wbGVtZW50YXRpb24gc3VwcG9y
dCBPQXV0aCAyLjAgYXMgc3BlY2lmaWVkIGluIHRoaXMgZG9jdW1lbnQsIGFuZCB0aGF0IE9BdXRo
IDEuMCBpcyB1c2VkCiAgICAgICAgb25seSB0byBzdXBwb3J0IGV4aXN0aW5nIGRlcGxveW1lbnRz
LiBUaGUgT0F1dGggMi4wIHByb3RvY29sIHNoYXJlcyB2ZXJ5IGZldyBpbXBsZW1lbnRhdGlvbgog
ICAgICAgIGRldGFpbHMgd2l0aCB0aGUgT0F1dGggMS4wIHByb3RvY29sLiBJbXBsZW1lbnRlcnMg
ZmFtaWxpYXIgd2l0aCBPQXV0aCAxLjAgc2hvdWxkIGFwcHJvYWNoCiAgICAgICAgdGhpcyBkb2N1
bWVudCB3aXRob3V0IGFueSBhc3N1bXB0aW9ucyBhcyB0byBpdHMgc3RydWN0dXJlIGFuZCBkZXRh
aWxzLgogICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3IyIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJs
ZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9
IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0
b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNl
Y3Rpb24uMS4xIj48L2E+PGgzPjEuMS4mbmJzcDsKUm9sZXM8L2gzPgoKPHA+CiAgICAgICAgICBP
QXV0aCBkZWZpbmVzIGZvdXIgcm9sZXM6CiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICA8L3A+
CjxibG9ja3F1b3RlIGNsYXNzPSJ0ZXh0Ij48ZGw+CjxkdD5yZXNvdXJjZSBvd25lcjwvZHQ+Cjxk
ZD4KICAgICAgICAgICAgICAKICAgICAgICAgICAgICBBbiBlbnRpdHkgY2FwYWJsZSBvZiBncmFu
dGluZyBhY2Nlc3MgdG8gYSBwcm90ZWN0ZWQgcmVzb3VyY2UuIFdoZW4gdGhlIHJlc291cmNlIG93
bmVyCiAgICAgICAgICAgICAgaXMgYSBwZXJzb24sIGl0IGlzIHJlZmVycmVkIHRvIGFzIGFuIGVu
ZC11c2VyLgogICAgICAgICAgICAKPC9kZD4KPGR0PnJlc291cmNlIHNlcnZlcjwvZHQ+CjxkZD4K
ICAgICAgICAgICAgICAKICAgICAgICAgICAgICBUaGUgc2VydmVyIGhvc3RpbmcgdGhlIHByb3Rl
Y3RlZCByZXNvdXJjZXMsIGNhcGFibGUgb2YgYWNjZXB0aW5nIGFuZCByZXNwb25kaW5nIHRvCiAg
ICAgICAgICAgICAgcHJvdGVjdGVkIHJlc291cmNlIHJlcXVlc3RzIHVzaW5nIGFjY2VzcyB0b2tl
bnMuCiAgICAgICAgICAgIAo8L2RkPgo8ZHQ+Y2xpZW50PC9kdD4KPGRkPgogICAgICAgICAgICAg
IAogICAgICAgICAgICAgIEFuIGFwcGxpY2F0aW9uIG1ha2luZyBwcm90ZWN0ZWQgcmVzb3VyY2Ug
cmVxdWVzdHMgb24gYmVoYWxmIG9mIHRoZSByZXNvdXJjZSBvd25lciBhbmQKICAgICAgICAgICAg
ICB3aXRoIGl0cyBhdXRob3JpemF0aW9uLiBUaGUgdGVybSBjbGllbnQgZG9lcyBub3QgaW1wbHkg
YW55IHBhcnRpY3VsYXIgaW1wbGVtZW50YXRpb24KICAgICAgICAgICAgICBjaGFyYWN0ZXJpc3Rp
Y3MgKGUuZy4gd2hldGhlciB0aGUgYXBwbGljYXRpb24gZXhlY3V0ZXMgb24gYSBzZXJ2ZXIsIGEg
ZGVza3RvcCwgb3IKICAgICAgICAgICAgICBvdGhlciBkZXZpY2VzKS4KICAgICAgICAgICAgCjwv
ZGQ+CjxkdD5hdXRob3JpemF0aW9uIHNlcnZlcjwvZHQ+CjxkZD4KICAgICAgICAgICAgICAKICAg
ICAgICAgICAgICBUaGUgc2VydmVyIGlzc3VpbmcgYWNjZXNzIHRva2VucyB0byB0aGUgY2xpZW50
IGFmdGVyIHN1Y2Nlc3NmdWxseSBhdXRoZW50aWNhdGluZyB0aGUKICAgICAgICAgICAgICByZXNv
dXJjZSBvd25lciBhbmQgb2J0YWluaW5nIGF1dGhvcml6YXRpb24uCiAgICAgICAgICAgIAo8L2Rk
Pgo8L2RsPjwvYmxvY2txdW90ZT48cD4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIFRoZSBp
bnRlcmFjdGlvbiBiZXR3ZWVuIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhbmQgcmVzb3VyY2Ug
c2VydmVyIGlzIGJleW9uZCB0aGUgc2NvcGUKICAgICAgICAgIG9mIHRoaXMgc3BlY2lmaWNhdGlv
bi4gVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIG1heSBiZSB0aGUgc2FtZSBzZXJ2ZXIgYXMgdGhl
IHJlc291cmNlCiAgICAgICAgICBzZXJ2ZXIgb3IgYSBzZXBhcmF0ZSBlbnRpdHkuIEEgc2luZ2xl
IGF1dGhvcml6YXRpb24gc2VydmVyIG1heSBpc3N1ZSBhY2Nlc3MgdG9rZW5zCiAgICAgICAgICBh
Y2NlcHRlZCBieSBtdWx0aXBsZSByZXNvdXJjZSBzZXJ2ZXJzLgogICAgICAgIAo8L3A+CjxhIG5h
bWU9ImFuY2hvcjMiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2Vs
bHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQi
Pjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9h
PjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi4xLjIiPjwvYT48aDM+MS4y
LiZuYnNwOwpQcm90b2NvbCBGbG93PC9oMz4KPGJyIC8+PGhyIGNsYXNzPSJpbnNlcnQiIC8+Cjxh
IG5hbWU9IkZpZ3VyZS0xIj48L2E+CjxkaXYgc3R5bGU9J2Rpc3BsYXk6IHRhYmxlOyB3aWR0aDog
MDsgbWFyZ2luLWxlZnQ6IDNlbTsgbWFyZ2luLXJpZ2h0OiBhdXRvJz48cHJlPgoKICArLS0tLS0t
LS0rICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICstLS0tLS0tLS0tLS0tLS0rCiAgfCAg
ICAgICAgfC0tKEEpLSBBdXRob3JpemF0aW9uIFJlcXVlc3QgLSZndDt8ICAgUmVzb3VyY2UgICAg
fAogIHwgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgICAgT3duZXIg
ICAgIHwKICB8ICAgICAgICB8Jmx0Oy0oQiktLSBBdXRob3JpemF0aW9uIEdyYW50IC0tLXwgICAg
ICAgICAgICAgICB8CiAgfCAgICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAr
LS0tLS0tLS0tLS0tLS0tKwogIHwgICAgICAgIHwKICB8ICAgICAgICB8ICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICstLS0tLS0tLS0tLS0tLS0rCiAgfCAgICAgICAgfC0tKEMpLS0gQXV0
aG9yaXphdGlvbiBHcmFudCAtLSZndDt8IEF1dGhvcml6YXRpb24gfAogIHwgQ2xpZW50IHwgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgICAgU2VydmVyICAgIHwKICB8ICAgICAgICB8
Jmx0Oy0oRCktLS0tLSBBY2Nlc3MgVG9rZW4gLS0tLS0tLXwgICAgICAgICAgICAgICB8CiAgfCAg
ICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tKwog
IHwgICAgICAgIHwKICB8ICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICst
LS0tLS0tLS0tLS0tLS0rCiAgfCAgICAgICAgfC0tKEUpLS0tLS0gQWNjZXNzIFRva2VuIC0tLS0t
LSZndDt8ICAgIFJlc291cmNlICAgfAogIHwgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgfCAgICAgU2VydmVyICAgIHwKICB8ICAgICAgICB8Jmx0Oy0oRiktLS0gUHJvdGVj
dGVkIFJlc291cmNlIC0tLXwgICAgICAgICAgICAgICB8CiAgKy0tLS0tLS0tKyAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tKwoKPC9wcmU+PC9kaXY+PHRhYmxl
IGJvcmRlcj0iMCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBhbGlnbj0iY2VudGVy
Ij48dHI+PHRkIGFsaWduPSJjZW50ZXIiPjxmb250IGZhY2U9Im1vbmFjbywgTVMgU2FucyBTZXJp
ZiIgc2l6ZT0iMSI+PGI+Jm5ic3A7RmlndXJlJm5ic3A7MTogQWJzdHJhY3QgUHJvdG9jb2wgRmxv
dyZuYnNwOzwvYj48L2ZvbnQ+PGJyIC8+PC90ZD48L3RyPjwvdGFibGU+PGhyIGNsYXNzPSJpbnNl
cnQiIC8+Cgo8cD4KICAgICAgICAgIFRoZSBhYnN0cmFjdCBmbG93IGlsbHVzdHJhdGVkIGluIDxh
IGNsYXNzPSdpbmZvJyBocmVmPScjRmlndXJlLTEnPkZpZ3VyZSZuYnNwOzE8c3Bhbj4gKDwvc3Bh
bj48c3BhbiBjbGFzcz0naW5mbyc+QWJzdHJhY3QgUHJvdG9jb2wgRmxvdzwvc3Bhbj48c3Bhbj4p
PC9zcGFuPjwvYT4gZGVzY3JpYmVzIHRoZSBpbnRlcmFjdGlvbgogICAgICAgICAgYmV0d2VlbiB0
aGUgZm91ciByb2xlcyBhbmQgaW5jbHVkZXMgdGhlIGZvbGxvd2luZyBzdGVwczoKICAgICAgICAK
PC9wPgo8cD4KICAgICAgICAgIDwvcD4KPGJsb2NrcXVvdGUgY2xhc3M9InRleHQiPjxkbD4KPGR0
PihBKTwvZHQ+CjxkZD4KICAgICAgICAgICAgICBUaGUgY2xpZW50IHJlcXVlc3RzIGF1dGhvcml6
YXRpb24gZnJvbSB0aGUgcmVzb3VyY2Ugb3duZXIuIFRoZSBhdXRob3JpemF0aW9uIHJlcXVlc3QK
ICAgICAgICAgICAgICBjYW4gYmUgbWFkZSBkaXJlY3RseSB0byB0aGUgcmVzb3VyY2Ugb3duZXIg
KGFzIHNob3duKSwgb3IgcHJlZmVyYWJseSBpbmRpcmVjdGx5IHZpYQogICAgICAgICAgICAgIHRo
ZSBhdXRob3JpemF0aW9uIHNlcnZlciBhcyBhbiBpbnRlcm1lZGlhcnkuCiAgICAgICAgICAgIAo8
L2RkPgo8ZHQ+KEIpPC9kdD4KPGRkPgogICAgICAgICAgICAgIFRoZSBjbGllbnQgcmVjZWl2ZXMg
YW4gYXV0aG9yaXphdGlvbiBncmFudCB3aGljaCBpcyBhIGNyZWRlbnRpYWwgcmVwcmVzZW50aW5n
CiAgICAgICAgICAgICAgdGhlIHJlc291cmNlIG93bmVyJ3MgYXV0aG9yaXphdGlvbiwgZXhwcmVz
c2VkIHVzaW5nIG9uZSBvZiBmb3VyIGdyYW50IHR5cGVzIGRlZmluZWQKICAgICAgICAgICAgICBp
biB0aGlzIHNwZWNpZmljYXRpb24gb3IgdXNpbmcgYW4gZXh0ZW5zaW9uIGdyYW50IHR5cGUuIFRo
ZSBhdXRob3JpemF0aW9uIGdyYW50IHR5cGUKICAgICAgICAgICAgICBkZXBlbmRzIG9uIHRoZSBt
ZXRob2QgdXNlZCBieSB0aGUgY2xpZW50IHRvIHJlcXVlc3QgYXV0aG9yaXphdGlvbiBhbmQgdGhl
IHR5cGVzCiAgICAgICAgICAgICAgc3VwcG9ydGVkIGJ5IHRoZSBhdXRob3JpemF0aW9uIHNlcnZl
ci4KICAgICAgICAgICAgCjwvZGQ+CjxkdD4oQyk8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgVGhl
IGNsaWVudCByZXF1ZXN0cyBhbiBhY2Nlc3MgdG9rZW4gYnkgYXV0aGVudGljYXRpbmcgd2l0aCB0
aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIKICAgICAgICAgICAgICBhbmQgcHJlc2VudGluZyB0aGUg
YXV0aG9yaXphdGlvbiBncmFudC4KICAgICAgICAgICAgCjwvZGQ+CjxkdD4oRCk8L2R0Pgo8ZGQ+
CiAgICAgICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGF1dGhlbnRpY2F0ZXMgdGhl
IGNsaWVudCBhbmQgdmFsaWRhdGVzIHRoZSBhdXRob3JpemF0aW9uCiAgICAgICAgICAgICAgZ3Jh
bnQsIGFuZCBpZiB2YWxpZCBpc3N1ZXMgYW4gYWNjZXNzIHRva2VuLgogICAgICAgICAgICAKPC9k
ZD4KPGR0PihFKTwvZHQ+CjxkZD4KICAgICAgICAgICAgICBUaGUgY2xpZW50IHJlcXVlc3RzIHRo
ZSBwcm90ZWN0ZWQgcmVzb3VyY2UgZnJvbSB0aGUgcmVzb3VyY2Ugc2VydmVyIGFuZCBhdXRoZW50
aWNhdGVzCiAgICAgICAgICAgICAgYnkgcHJlc2VudGluZyB0aGUgYWNjZXNzIHRva2VuLgogICAg
ICAgICAgICAKPC9kZD4KPGR0PihGKTwvZHQ+CjxkZD4KICAgICAgICAgICAgICBUaGUgcmVzb3Vy
Y2Ugc2VydmVyIHZhbGlkYXRlcyB0aGUgYWNjZXNzIHRva2VuLCBhbmQgaWYgdmFsaWQsIHNlcnZl
cyB0aGUgcmVxdWVzdC4KICAgICAgICAgICAgCjwvZGQ+CjwvZGw+PC9ibG9ja3F1b3RlPjxwPgog
ICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgVGhlIHByZWZlcnJlZCBtZXRob2QgZm9yIHRoZSBj
bGllbnQgdG8gb2J0YWluIGFuIGF1dGhvcml6YXRpb24gZ3JhbnQgZnJvbSB0aGUgcmVzb3VyY2UK
ICAgICAgICAgIG93bmVyIChkZXBpY3RlZCBpbiBzdGVwcyAoQSkgYW5kIChCKSkgaXMgdG8gdXNl
IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhcyBhbiBpbnRlcm1lZGlhcnkKICAgICAgICAgIHdo
aWNoIGlzIGlsbHVzdHJhdGVkIGluIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjRmlndXJlLTMnPkZp
Z3VyZSZuYnNwOzM8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+QXV0aG9yaXphdGlv
biBDb2RlIEZsb3c8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LgogICAgICAgIAo8L3A+CjxhIG5h
bWU9ImFuY2hvcjQiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2Vs
bHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQi
Pjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9h
PjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi4xLjMiPjwvYT48aDM+MS4z
LiZuYnNwOwpBdXRob3JpemF0aW9uIEdyYW50PC9oMz4KCjxwPgogICAgICAgICAgQW4gYXV0aG9y
aXphdGlvbiBncmFudCBpcyBhIGNyZWRlbnRpYWwgcmVwcmVzZW50aW5nIHRoZSByZXNvdXJjZSBv
d25lcidzIGF1dGhvcml6YXRpb24KICAgICAgICAgICh0byBhY2Nlc3MgaXRzIHByb3RlY3RlZCBy
ZXNvdXJjZXMpIHVzZWQgYnkgdGhlIGNsaWVudCB0byBvYnRhaW4gYW4gYWNjZXNzIHRva2VuLiBU
aGlzCiAgICAgICAgICBzcGVjaWZpY2F0aW9uIGRlZmluZXMgZm91ciBncmFudCB0eXBlczogYXV0
aG9yaXphdGlvbiBjb2RlLCBpbXBsaWNpdCwgcmVzb3VyY2Ugb3duZXIKICAgICAgICAgIHBhc3N3
b3JkIGNyZWRlbnRpYWxzLCBhbmQgY2xpZW50IGNyZWRlbnRpYWxzLCBhcyB3ZWxsIGFzIGFuIGV4
dGVuc2liaWxpdHkgbWVjaGFuaXNtIGZvcgogICAgICAgICAgZGVmaW5pbmcgYWRkaXRpb25hbCB0
eXBlcy4KICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3I1Ij48L2E+PGJyIC8+PGhyIC8+Cjx0
YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xh
c3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9
IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZj
LnNlY3Rpb24uMS4zLjEiPjwvYT48aDM+MS4zLjEuJm5ic3A7CkF1dGhvcml6YXRpb24gQ29kZTwv
aDM+Cgo8cD4KICAgICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gY29kZSBpcyBvYnRhaW5lZCBi
eSB1c2luZyBhbiBhdXRob3JpemF0aW9uIHNlcnZlciBhcyBhbiBpbnRlcm1lZGlhcnkKICAgICAg
ICAgICAgYmV0d2VlbiB0aGUgY2xpZW50IGFuZCByZXNvdXJjZSBvd25lci4gSW5zdGVhZCBvZiBy
ZXF1ZXN0aW5nIGF1dGhvcml6YXRpb24gZGlyZWN0bHkKICAgICAgICAgICAgZnJvbSB0aGUgcmVz
b3VyY2Ugb3duZXIsIHRoZSBjbGllbnQgZGlyZWN0cyB0aGUgcmVzb3VyY2Ugb3duZXIgdG8gYW4g
YXV0aG9yaXphdGlvbgogICAgICAgICAgICBzZXJ2ZXIgKHZpYSBpdHMgdXNlci1hZ2VudCBhcyBk
ZWZpbmVkIGluIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjUkZDMjYxNic+W1JGQzI2MTZdPHNwYW4+
ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkZpZWxkaW5nLCBSLiwgR2V0dHlzLCBKLiwgTW9n
dWwsIEouLCBGcnlzdHlrLCBILiwgTWFzaW50ZXIsIEwuLCBMZWFjaCwgUC4sIGFuZCBULiBCZXJu
ZXJzLUxlZSwgJmxkcXVvO0h5cGVydGV4dCBUcmFuc2ZlciBQcm90b2NvbCAtLSBIVFRQLzEuMSwm
cmRxdW87IEp1bmUmbmJzcDsxOTk5Ljwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4pLCB3aGljaCBp
biB0dXJuCiAgICAgICAgICAgIGRpcmVjdHMgdGhlIHJlc291cmNlIG93bmVyIGJhY2sgdG8gdGhl
IGNsaWVudCB3aXRoIHRoZSBhdXRob3JpemF0aW9uIGNvZGUuCiAgICAgICAgICAKPC9wPgo8cD4K
ICAgICAgICAgICAgQmVmb3JlIGRpcmVjdGluZyB0aGUgcmVzb3VyY2Ugb3duZXIgYmFjayB0byB0
aGUgY2xpZW50IHdpdGggdGhlIGF1dGhvcml6YXRpb24gY29kZSwgdGhlCiAgICAgICAgICAgIGF1
dGhvcml6YXRpb24gc2VydmVyIGF1dGhlbnRpY2F0ZXMgdGhlIHJlc291cmNlIG93bmVyIGFuZCBv
YnRhaW5zIGF1dGhvcml6YXRpb24uCiAgICAgICAgICAgIEJlY2F1c2UgdGhlIHJlc291cmNlIG93
bmVyIG9ubHkgYXV0aGVudGljYXRlcyB3aXRoIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciwgdGhl
CiAgICAgICAgICAgIHJlc291cmNlIG93bmVyJ3MgY3JlZGVudGlhbHMgYXJlIG5ldmVyIHNoYXJl
ZCB3aXRoIHRoZSBjbGllbnQuCiAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgVGhlIGF1
dGhvcml6YXRpb24gY29kZSBwcm92aWRlcyBhIGZldyBpbXBvcnRhbnQgc2VjdXJpdHkgYmVuZWZp
dHMgc3VjaCBhcyB0aGUgYWJpbGl0eQogICAgICAgICAgICB0byBhdXRoZW50aWNhdGUgdGhlIGNs
aWVudCwgYW5kIHRoZSB0cmFuc21pc3Npb24gb2YgdGhlIGFjY2VzcyB0b2tlbiBkaXJlY3RseSB0
bwogICAgICAgICAgICB0aGUgY2xpZW50IHdpdGhvdXQgcGFzc2luZyBpdCB0aHJvdWdoIHRoZSBy
ZXNvdXJjZSBvd25lcidzIHVzZXItYWdlbnQsIHBvdGVudGlhbGx5CiAgICAgICAgICAgIGV4cG9z
aW5nIGl0IHRvIG90aGVycywgaW5jbHVkaW5nIHRoZSByZXNvdXJjZSBvd25lci4KICAgICAgICAg
IAo8L3A+CjxhIG5hbWU9ImFuY2hvcjYiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9
ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBh
bGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7
VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi4xLjMu
MiI+PC9hPjxoMz4xLjMuMi4mbmJzcDsKSW1wbGljaXQ8L2gzPgoKPHA+CiAgICAgICAgICAgIFRo
ZSBpbXBsaWNpdCBncmFudCBpcyBhIHNpbXBsaWZpZWQgYXV0aG9yaXphdGlvbiBjb2RlIGZsb3cg
b3B0aW1pemVkIGZvciBjbGllbnRzCiAgICAgICAgICAgIGltcGxlbWVudGVkIGluIGEgYnJvd3Nl
ciB1c2luZyBhIHNjcmlwdGluZyBsYW5ndWFnZSBzdWNoIGFzIEphdmFTY3JpcHQuIEluIHRoZSBp
bXBsaWNpdAogICAgICAgICAgICBmbG93LCBpbnN0ZWFkIG9mIGlzc3VpbmcgdGhlIGNsaWVudCBh
biBhdXRob3JpemF0aW9uIGNvZGUsIHRoZSBjbGllbnQgaXMgaXNzdWVkIGFuCiAgICAgICAgICAg
IGFjY2VzcyB0b2tlbiBkaXJlY3RseSAoYXMgdGhlIHJlc3VsdCBvZiB0aGUgcmVzb3VyY2Ugb3du
ZXIgYXV0aG9yaXphdGlvbikuIFRoZSBncmFudAogICAgICAgICAgICB0eXBlIGlzIGltcGxpY2l0
IGFzIG5vIGludGVybWVkaWF0ZSBjcmVkZW50aWFscyAoc3VjaCBhcyBhbiBhdXRob3JpemF0aW9u
IGNvZGUpIGFyZQogICAgICAgICAgICBpc3N1ZWQgKGFuZCBsYXRlciB1c2VkIHRvIG9idGFpbiBh
biBhY2Nlc3MgdG9rZW4pLgogICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgIFdoZW4gaXNz
dWluZyBhbiBhY2Nlc3MgdG9rZW4gZHVyaW5nIHRoZSBpbXBsaWNpdCBncmFudCBmbG93LCB0aGUg
YXV0aG9yaXphdGlvbiBzZXJ2ZXIKICAgICAgICAgICAgZG9lcyBub3QgYXV0aGVudGljYXRlIHRo
ZSBjbGllbnQuIEluIHNvbWUgY2FzZXMsIHRoZSBjbGllbnQgaWRlbnRpdHkgY2FuIGJlIHZlcmlm
aWVkCiAgICAgICAgICAgIHZpYSB0aGUgcmVkaXJlY3Rpb24gVVJJIHVzZWQgdG8gZGVsaXZlciB0
aGUgYWNjZXNzIHRva2VuIHRvIHRoZSBjbGllbnQuIFRoZSBhY2Nlc3MKICAgICAgICAgICAgdG9r
ZW4gbWF5IGJlIGV4cG9zZWQgdG8gdGhlIHJlc291cmNlIG93bmVyIG9yIG90aGVyIGFwcGxpY2F0
aW9ucyB3aXRoIGFjY2VzcyB0byB0aGUKICAgICAgICAgICAgcmVzb3VyY2Ugb3duZXIncyB1c2Vy
LWFnZW50LgogICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgIEltcGxpY2l0IGdyYW50cyBp
bXByb3ZlIHRoZSByZXNwb25zaXZlbmVzcyBhbmQgZWZmaWNpZW5jeSBvZiBzb21lIGNsaWVudHMg
KHN1Y2ggYXMgYQogICAgICAgICAgICBjbGllbnQgaW1wbGVtZW50ZWQgYXMgYW4gaW4tYnJvd3Nl
ciBhcHBsaWNhdGlvbikgc2luY2UgaXQgcmVkdWNlcyB0aGUgbnVtYmVyIG9mIHJvdW5kCiAgICAg
ICAgICAgIHRyaXBzIHJlcXVpcmVkIHRvIG9idGFpbiBhbiBhY2Nlc3MgdG9rZW4uIEhvd2V2ZXIs
IHRoaXMgY29udmVuaWVuY2Ugc2hvdWxkIGJlIHdlaWdoZWQKICAgICAgICAgICAgYWdhaW5zdCB0
aGUgc2VjdXJpdHkgaW1wbGljYXRpb25zIG9mIHVzaW5nIGltcGxpY2l0IGdyYW50cywgZXNwZWNp
YWxseSB3aGVuIHRoZQogICAgICAgICAgICBhdXRob3JpemF0aW9uIGNvZGUgZ3JhbnQgdHlwZSBp
cyBhdmFpbGFibGUuCiAgICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3I3Ij48L2E+PGJyIC8+
PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2lu
Zz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWci
PjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEg
bmFtZT0icmZjLnNlY3Rpb24uMS4zLjMiPjwvYT48aDM+MS4zLjMuJm5ic3A7ClJlc291cmNlIE93
bmVyIFBhc3N3b3JkIENyZWRlbnRpYWxzPC9oMz4KCjxwPgogICAgICAgICAgICBUaGUgcmVzb3Vy
Y2Ugb3duZXIgcGFzc3dvcmQgY3JlZGVudGlhbHMgKGkuZS4gdXNlcm5hbWUgYW5kIHBhc3N3b3Jk
KSBjYW4gYmUgdXNlZAogICAgICAgICAgICBkaXJlY3RseSBhcyBhbiBhdXRob3JpemF0aW9uIGdy
YW50IHRvIG9idGFpbiBhbiBhY2Nlc3MgdG9rZW4uIFRoZSBjcmVkZW50aWFscyBzaG91bGQKICAg
ICAgICAgICAgb25seSBiZSB1c2VkIHdoZW4gdGhlcmUgaXMgYSBoaWdoIGRlZ3JlZSBvZiB0cnVz
dCBiZXR3ZWVuIHRoZSByZXNvdXJjZSBvd25lciBhbmQgdGhlCiAgICAgICAgICAgIGNsaWVudCAo
ZS5nLiB0aGUgY2xpZW50IGlzIHBhcnQgb2YgdGhlIGRldmljZSBvcGVyYXRpbmcgc3lzdGVtIG9y
IGEgaGlnaGx5IHByaXZpbGVnZWQKICAgICAgICAgICAgYXBwbGljYXRpb24pLCBhbmQgd2hlbiBv
dGhlciBhdXRob3JpemF0aW9uIGdyYW50IHR5cGVzIGFyZSBub3QgYXZhaWxhYmxlIChzdWNoIGFz
IGFuCiAgICAgICAgICAgIGF1dGhvcml6YXRpb24gY29kZSkuCiAgICAgICAgICAKPC9wPgo8cD4K
ICAgICAgICAgICAgRXZlbiB0aG91Z2ggdGhpcyBncmFudCB0eXBlIHJlcXVpcmVzIGRpcmVjdCBj
bGllbnQgYWNjZXNzIHRvIHRoZSByZXNvdXJjZSBvd25lcgogICAgICAgICAgICBjcmVkZW50aWFs
cywgdGhlIHJlc291cmNlIG93bmVyIGNyZWRlbnRpYWxzIGFyZSB1c2VkIGZvciBhIHNpbmdsZSBy
ZXF1ZXN0IGFuZCBhcmUKICAgICAgICAgICAgZXhjaGFuZ2VkIGZvciBhbiBhY2Nlc3MgdG9rZW4u
IFRoaXMgZ3JhbnQgdHlwZSBjYW4gZWxpbWluYXRlIHRoZSBuZWVkIGZvciB0aGUgY2xpZW50CiAg
ICAgICAgICAgIHRvIHN0b3JlIHRoZSByZXNvdXJjZSBvd25lciBjcmVkZW50aWFscyBmb3IgZnV0
dXJlIHVzZSwgYnkgZXhjaGFuZ2luZyB0aGUgY3JlZGVudGlhbHMKICAgICAgICAgICAgd2l0aCBh
IGxvbmctbGl2ZWQgYWNjZXNzIHRva2VuIG9yIHJlZnJlc2ggdG9rZW4uCiAgICAgICAgICAKPC9w
Pgo8YSBuYW1lPSJhbmNob3I4Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlv
dXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249
InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZu
YnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMS4zLjQiPjwv
YT48aDM+MS4zLjQuJm5ic3A7CkNsaWVudCBDcmVkZW50aWFsczwvaDM+Cgo8cD4KICAgICAgICAg
ICAgVGhlIGNsaWVudCBjcmVkZW50aWFscyAob3Igb3RoZXIgZm9ybXMgb2YgY2xpZW50IGF1dGhl
bnRpY2F0aW9uKSBjYW4gYmUgdXNlZCBhcyBhbgogICAgICAgICAgICBhdXRob3JpemF0aW9uIGdy
YW50IHdoZW4gdGhlIGF1dGhvcml6YXRpb24gc2NvcGUgaXMgbGltaXRlZCB0byB0aGUgcHJvdGVj
dGVkIHJlc291cmNlcwogICAgICAgICAgICB1bmRlciB0aGUgY29udHJvbCBvZiB0aGUgY2xpZW50
LCBvciB0byBwcm90ZWN0ZWQgcmVzb3VyY2VzIHByZXZpb3VzbHkgYXJyYW5nZWQgd2l0aCB0aGUK
ICAgICAgICAgICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuIENsaWVudCBjcmVkZW50aWFscyBhcmUg
dXNlZCBhcyBhbiBhdXRob3JpemF0aW9uIGdyYW50IHR5cGljYWxseQogICAgICAgICAgICB3aGVu
IHRoZSBjbGllbnQgaXMgYWN0aW5nIG9uIGl0cyBvd24gYmVoYWxmICh0aGUgY2xpZW50IGlzIGFs
c28gdGhlIHJlc291cmNlIG93bmVyKSwgb3IKICAgICAgICAgICAgaXMgcmVxdWVzdGluZyBhY2Nl
c3MgdG8gcHJvdGVjdGVkIHJlc291cmNlcyBiYXNlZCBvbiBhbiBhdXRob3JpemF0aW9uIHByZXZp
b3VzbHkKICAgICAgICAgICAgYXJyYW5nZWQgd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIu
CiAgICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3I5Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJs
ZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9
IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0
b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNl
Y3Rpb24uMS40Ij48L2E+PGgzPjEuNC4mbmJzcDsKQWNjZXNzIFRva2VuPC9oMz4KCjxwPgogICAg
ICAgICAgQWNjZXNzIHRva2VucyBhcmUgY3JlZGVudGlhbHMgdXNlZCB0byBhY2Nlc3MgcHJvdGVj
dGVkIHJlc291cmNlcy4gQW4gYWNjZXNzIHRva2VuIGlzIGEKICAgICAgICAgIHN0cmluZyByZXBy
ZXNlbnRpbmcgYW4gYXV0aG9yaXphdGlvbiBpc3N1ZWQgdG8gdGhlIGNsaWVudC4gVGhlIHN0cmlu
ZyBpcyB1c3VhbGx5IG9wYXF1ZQogICAgICAgICAgdG8gdGhlIGNsaWVudC4gVG9rZW5zIHJlcHJl
c2VudCBzcGVjaWZpYyBzY29wZXMgYW5kIGR1cmF0aW9ucyBvZiBhY2Nlc3MsIGdyYW50ZWQgYnkg
dGhlCiAgICAgICAgICByZXNvdXJjZSBvd25lciwgYW5kIGVuZm9yY2VkIGJ5IHRoZSByZXNvdXJj
ZSBzZXJ2ZXIgYW5kIGF1dGhvcml6YXRpb24gc2VydmVyLgogICAgICAgIAo8L3A+CjxwPgogICAg
ICAgICAgVGhlIHRva2VuIG1heSBkZW5vdGUgYW4gaWRlbnRpZmllciB1c2VkIHRvIHJldHJpZXZl
IHRoZSBhdXRob3JpemF0aW9uIGluZm9ybWF0aW9uLCBvcgogICAgICAgICAgc2VsZi1jb250YWlu
IHRoZSBhdXRob3JpemF0aW9uIGluZm9ybWF0aW9uIGluIGEgdmVyaWZpYWJsZSBtYW5uZXIgKGku
ZS4gYSB0b2tlbiBzdHJpbmcKICAgICAgICAgIGNvbnNpc3Rpbmcgb2Ygc29tZSBkYXRhIGFuZCBh
IHNpZ25hdHVyZSkuIEFkZGl0aW9uYWwgYXV0aGVudGljYXRpb24gY3JlZGVudGlhbHMsIHdoaWNo
CiAgICAgICAgICBhcmUgYmV5b25kIHRoZSBzY29wZSBvZiB0aGlzIHNwZWNpZmljYXRpb24sIG1h
eSBiZSByZXF1aXJlZCBpbiBvcmRlciBmb3IgdGhlIGNsaWVudCB0bwogICAgICAgICAgdXNlIGEg
dG9rZW4uCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBUaGUgYWNjZXNzIHRva2VuIHByb3Zp
ZGVzIGFuIGFic3RyYWN0aW9uIGxheWVyLCByZXBsYWNpbmcgZGlmZmVyZW50IGF1dGhvcml6YXRp
b24KICAgICAgICAgIGNvbnN0cnVjdHMgKGUuZy4gdXNlcm5hbWUgYW5kIHBhc3N3b3JkKSB3aXRo
IGEgc2luZ2xlIHRva2VuIHVuZGVyc3Rvb2QgYnkgdGhlIHJlc291cmNlCiAgICAgICAgICBzZXJ2
ZXIuIFRoaXMgYWJzdHJhY3Rpb24gZW5hYmxlcyBpc3N1aW5nIGFjY2VzcyB0b2tlbnMgbW9yZSBy
ZXN0cmljdGl2ZSB0aGFuIHRoZQogICAgICAgICAgYXV0aG9yaXphdGlvbiBncmFudCB1c2VkIHRv
IG9idGFpbiB0aGVtLCBhcyB3ZWxsIGFzIHJlbW92aW5nIHRoZSByZXNvdXJjZSBzZXJ2ZXIncyBu
ZWVkIHRvCiAgICAgICAgICB1bmRlcnN0YW5kIGEgd2lkZSByYW5nZSBvZiBhdXRoZW50aWNhdGlv
biBtZXRob2RzLgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgQWNjZXNzIHRva2VucyBjYW4g
aGF2ZSBkaWZmZXJlbnQgZm9ybWF0cywgc3RydWN0dXJlcywgYW5kIG1ldGhvZHMgb2YgdXRpbGl6
YXRpb24gKGUuZy4KICAgICAgICAgIGNyeXB0b2dyYXBoaWMgcHJvcGVydGllcykgYmFzZWQgb24g
dGhlIHJlc291cmNlIHNlcnZlciBzZWN1cml0eSByZXF1aXJlbWVudHMuIEFjY2VzcyB0b2tlbgog
ICAgICAgICAgYXR0cmlidXRlcyBhbmQgdGhlIG1ldGhvZHMgdXNlZCB0byBhY2Nlc3MgcHJvdGVj
dGVkIHJlc291cmNlcyBhcmUgYmV5b25kIHRoZSBzY29wZSBvZiB0aGlzCiAgICAgICAgICBzcGVj
aWZpY2F0aW9uIGFuZCBhcmUgZGVmaW5lZCBieSBjb21wYW5pb24gc3BlY2lmaWNhdGlvbnMuCiAg
ICAgICAgCjwvcD4KPGEgbmFtZT0iYW5jaG9yMTAiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1
bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9D
YnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+
Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlv
bi4xLjUiPjwvYT48aDM+MS41LiZuYnNwOwpSZWZyZXNoIFRva2VuPC9oMz4KCjxwPgogICAgICAg
ICAgUmVmcmVzaCB0b2tlbnMgYXJlIGNyZWRlbnRpYWxzIHVzZWQgdG8gb2J0YWluIGFjY2VzcyB0
b2tlbnMuIFJlZnJlc2ggdG9rZW5zIGFyZSBpc3N1ZWQgdG8KICAgICAgICAgIHRoZSBjbGllbnQg
YnkgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGFuZCBhcmUgdXNlZCB0byBvYnRhaW4gYSBuZXcg
YWNjZXNzIHRva2VuIHdoZW4gdGhlCiAgICAgICAgICBjdXJyZW50IGFjY2VzcyB0b2tlbiBiZWNv
bWVzIGludmFsaWQgb3IgZXhwaXJlcywgb3IgdG8gb2J0YWluIGFkZGl0aW9uYWwgYWNjZXNzIHRv
a2VucwogICAgICAgICAgd2l0aCBpZGVudGljYWwgb3IgbmFycm93ZXIgc2NvcGUgKGFjY2VzcyB0
b2tlbnMgbWF5IGhhdmUgYSBzaG9ydGVyIGxpZmV0aW1lIGFuZCBmZXdlcgogICAgICAgICAgcGVy
bWlzc2lvbnMgdGhhbiBhdXRob3JpemVkIGJ5IHRoZSByZXNvdXJjZSBvd25lcikuIElzc3Vpbmcg
YSByZWZyZXNoIHRva2VuIGlzIG9wdGlvbmFsCiAgICAgICAgICBhdCB0aGUgZGlzY3JldGlvbiBv
ZiB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuIElmIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBp
c3N1ZXMgYQogICAgICAgICAgcmVmcmVzaCB0b2tlbiwgaXQgaXMgaW5jbHVkZWQgd2hlbiBpc3N1
aW5nIGFuIGFjY2VzcyB0b2tlbiAoaS5lLiBzdGVwIChEKSBpbgogICAgICAgICAgPGEgY2xhc3M9
J2luZm8nIGhyZWY9JyNGaWd1cmUtMSc+RmlndXJlJm5ic3A7MTxzcGFuPiAoPC9zcGFuPjxzcGFu
IGNsYXNzPSdpbmZvJz5BYnN0cmFjdCBQcm90b2NvbCBGbG93PC9zcGFuPjxzcGFuPik8L3NwYW4+
PC9hPikuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBBIHJlZnJlc2ggdG9rZW4gaXMgYSBz
dHJpbmcgcmVwcmVzZW50aW5nIHRoZSBhdXRob3JpemF0aW9uIGdyYW50ZWQgdG8gdGhlIGNsaWVu
dCBieSB0aGUKICAgICAgICAgIHJlc291cmNlIG93bmVyLiBUaGUgc3RyaW5nIGlzIHVzdWFsbHkg
b3BhcXVlIHRvIHRoZSBjbGllbnQuIFRoZSB0b2tlbiBkZW5vdGVzIGFuCiAgICAgICAgICBpZGVu
dGlmaWVyIHVzZWQgdG8gcmV0cmlldmUgdGhlIGF1dGhvcml6YXRpb24gaW5mb3JtYXRpb24uIFVu
bGlrZSBhY2Nlc3MgdG9rZW5zLCByZWZyZXNoCiAgICAgICAgICB0b2tlbnMgYXJlIGludGVuZGVk
IGZvciB1c2Ugb25seSB3aXRoIGF1dGhvcml6YXRpb24gc2VydmVycyBhbmQgYXJlIG5ldmVyIHNl
bnQgdG8KICAgICAgICAgIHJlc291cmNlIHNlcnZlcnMuCiAgICAgICAgCjwvcD48YnIgLz48aHIg
Y2xhc3M9Imluc2VydCIgLz4KPGEgbmFtZT0iRmlndXJlLTIiPjwvYT4KPGRpdiBzdHlsZT0nZGlz
cGxheTogdGFibGU7IHdpZHRoOiAwOyBtYXJnaW4tbGVmdDogM2VtOyBtYXJnaW4tcmlnaHQ6IGF1
dG8nPjxwcmU+CgogICstLS0tLS0tLSsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgKy0tLS0tLS0tLS0tLS0tLSsKICB8ICAgICAgICB8LS0oQSktLS0tLS0tIEF1dGhv
cml6YXRpb24gR3JhbnQgLS0tLS0tLS0tJmd0O3wgICAgICAgICAgICAgICB8CiAgfCAgICAgICAg
fCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8ICAgICAgICAgICAg
ICAgfAogIHwgICAgICAgIHwmbHQ7LShCKS0tLS0tLS0tLS0tIEFjY2VzcyBUb2tlbiAtLS0tLS0t
LS0tLS0tfCAgICAgICAgICAgICAgIHwKICB8ICAgICAgICB8ICAgICAgICAgICAgICAgJmFtcDsg
UmVmcmVzaCBUb2tlbiAgICAgICAgICAgICB8ICAgICAgICAgICAgICAgfAogIHwgICAgICAgIHwg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgICAgICAgICAgICAg
IHwKICB8ICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICstLS0tLS0tLS0tKyAg
IHwgICAgICAgICAgICAgICB8CiAgfCAgICAgICAgfC0tKEMpLS0tLSBBY2Nlc3MgVG9rZW4gLS0t
LSZndDt8ICAgICAgICAgIHwgICB8ICAgICAgICAgICAgICAgfAogIHwgICAgICAgIHwgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgfCAgICAgICAgICB8ICAgfCAgICAgICAgICAgICAgIHwKICB8
ICAgICAgICB8Jmx0Oy0oRCktIFByb3RlY3RlZCBSZXNvdXJjZSAtLXwgUmVzb3VyY2UgfCAgIHwg
QXV0aG9yaXphdGlvbiB8CiAgfCBDbGllbnQgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICB8
ICBTZXJ2ZXIgIHwgICB8ICAgICBTZXJ2ZXIgICAgfAogIHwgICAgICAgIHwtLShFKS0tLS0gQWNj
ZXNzIFRva2VuIC0tLS0mZ3Q7fCAgICAgICAgICB8ICAgfCAgICAgICAgICAgICAgIHwKICB8ICAg
ICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgICAgICAgfCAgIHwgICAgICAg
ICAgICAgICB8CiAgfCAgICAgICAgfCZsdDstKEYpLSBJbnZhbGlkIFRva2VuIEVycm9yIC18ICAg
ICAgICAgIHwgICB8ICAgICAgICAgICAgICAgfAogIHwgICAgICAgIHwgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgKy0tLS0tLS0tLS0rICAgfCAgICAgICAgICAgICAgIHwKICB8ICAgICAgICB8
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgICAgICAgICAg
ICB8CiAgfCAgICAgICAgfC0tKEcpLS0tLS0tLS0tLS0gUmVmcmVzaCBUb2tlbiAtLS0tLS0tLS0t
LSZndDt8ICAgICAgICAgICAgICAgfAogIHwgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgfCAgICAgICAgICAgICAgIHwKICB8ICAgICAgICB8Jmx0Oy0o
SCktLS0tLS0tLS0tLSBBY2Nlc3MgVG9rZW4gLS0tLS0tLS0tLS0tLXwgICAgICAgICAgICAgICB8
CiAgKy0tLS0tLS0tKyAgICAgICAgICAgJmFtcDsgT3B0aW9uYWwgUmVmcmVzaCBUb2tlbiAgICAg
ICAgKy0tLS0tLS0tLS0tLS0tLSsKCjwvcHJlPjwvZGl2Pjx0YWJsZSBib3JkZXI9IjAiIGNlbGxw
YWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgYWxpZ249ImNlbnRlciI+PHRyPjx0ZCBhbGlnbj0i
Y2VudGVyIj48Zm9udCBmYWNlPSJtb25hY28sIE1TIFNhbnMgU2VyaWYiIHNpemU9IjEiPjxiPiZu
YnNwO0ZpZ3VyZSZuYnNwOzI6IFJlZnJlc2hpbmcgYW4gRXhwaXJlZCBBY2Nlc3MgVG9rZW4mbmJz
cDs8L2I+PC9mb250PjxiciAvPjwvdGQ+PC90cj48L3RhYmxlPjxociBjbGFzcz0iaW5zZXJ0IiAv
PgoKPHA+CiAgICAgICAgICBUaGUgZmxvdyBpbGx1c3RyYXRlZCBpbiA8YSBjbGFzcz0naW5mbycg
aHJlZj0nI0ZpZ3VyZS0yJz5GaWd1cmUmbmJzcDsyPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9
J2luZm8nPlJlZnJlc2hpbmcgYW4gRXhwaXJlZCBBY2Nlc3MgVG9rZW48L3NwYW4+PHNwYW4+KTwv
c3Bhbj48L2E+IGluY2x1ZGVzIHRoZSBmb2xsb3dpbmcgc3RlcHM6CiAgICAgICAgCjwvcD4KPHA+
CiAgICAgICAgICA8L3A+CjxibG9ja3F1b3RlIGNsYXNzPSJ0ZXh0Ij48ZGw+CjxkdD4oQSk8L2R0
Pgo8ZGQ+CiAgICAgICAgICAgICAgVGhlIGNsaWVudCByZXF1ZXN0cyBhbiBhY2Nlc3MgdG9rZW4g
YnkgYXV0aGVudGljYXRpbmcgd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIsCiAgICAgICAg
ICAgICAgYW5kIHByZXNlbnRpbmcgYW4gYXV0aG9yaXphdGlvbiBncmFudC4KICAgICAgICAgICAg
CjwvZGQ+CjxkdD4oQik8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24g
c2VydmVyIGF1dGhlbnRpY2F0ZXMgdGhlIGNsaWVudCBhbmQgdmFsaWRhdGVzIHRoZSBhdXRob3Jp
emF0aW9uCiAgICAgICAgICAgICAgZ3JhbnQsIGFuZCBpZiB2YWxpZCBpc3N1ZXMgYW4gYWNjZXNz
IHRva2VuIGFuZCBhIHJlZnJlc2ggdG9rZW4uCiAgICAgICAgICAgIAo8L2RkPgo8ZHQ+KEMpPC9k
dD4KPGRkPgogICAgICAgICAgICAgIFRoZSBjbGllbnQgbWFrZXMgYSBwcm90ZWN0ZWQgcmVzb3Vy
Y2UgcmVxdWVzdCB0byB0aGUgcmVzb3VyY2Ugc2VydmVyIGJ5IHByZXNlbnRpbmcKICAgICAgICAg
ICAgICB0aGUgYWNjZXNzIHRva2VuLgogICAgICAgICAgICAKPC9kZD4KPGR0PihEKTwvZHQ+Cjxk
ZD4KICAgICAgICAgICAgICBUaGUgcmVzb3VyY2Ugc2VydmVyIHZhbGlkYXRlcyB0aGUgYWNjZXNz
IHRva2VuLCBhbmQgaWYgdmFsaWQsIHNlcnZlcyB0aGUgcmVxdWVzdC4KICAgICAgICAgICAgCjwv
ZGQ+CjxkdD4oRSk8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgU3RlcHMgKEMpIGFuZCAoRCkgcmVw
ZWF0IHVudGlsIHRoZSBhY2Nlc3MgdG9rZW4gZXhwaXJlcy4gSWYgdGhlIGNsaWVudCBrbm93cyB0
aGUKICAgICAgICAgICAgICBhY2Nlc3MgdG9rZW4gZXhwaXJlZCwgaXQgc2tpcHMgdG8gc3RlcCAo
RyksIG90aGVyd2lzZSBpdCBtYWtlcyBhbm90aGVyIHByb3RlY3RlZAogICAgICAgICAgICAgIHJl
c291cmNlIHJlcXVlc3QuCiAgICAgICAgICAgIAo8L2RkPgo8ZHQ+KEYpPC9kdD4KPGRkPgogICAg
ICAgICAgICAgIFNpbmNlIHRoZSBhY2Nlc3MgdG9rZW4gaXMgaW52YWxpZCwgdGhlIHJlc291cmNl
IHNlcnZlciByZXR1cm5zIGFuIGludmFsaWQgdG9rZW4KICAgICAgICAgICAgICBlcnJvci4KICAg
ICAgICAgICAgCjwvZGQ+CjxkdD4oRyk8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgVGhlIGNsaWVu
dCByZXF1ZXN0cyBhIG5ldyBhY2Nlc3MgdG9rZW4gYnkgYXV0aGVudGljYXRpbmcgd2l0aCB0aGUg
YXV0aG9yaXphdGlvbgogICAgICAgICAgICAgIHNlcnZlciBhbmQgcHJlc2VudGluZyB0aGUgcmVm
cmVzaCB0b2tlbi4gVGhlIGNsaWVudCBhdXRoZW50aWNhdGlvbiByZXF1aXJlbWVudHMgYXJlCiAg
ICAgICAgICAgICAgYmFzZWQgb24gdGhlIGNsaWVudCB0eXBlIGFuZCBvbiB0aGUgYXV0aG9yaXph
dGlvbiBzZXJ2ZXIgcG9saWNpZXMuCiAgICAgICAgICAgIAo8L2RkPgo8ZHQ+KEgpPC9kdD4KPGRk
PgogICAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhdXRoZW50aWNhdGVzIHRo
ZSBjbGllbnQgYW5kIHZhbGlkYXRlcyB0aGUgcmVmcmVzaCB0b2tlbiwKICAgICAgICAgICAgICBh
bmQgaWYgdmFsaWQgaXNzdWVzIGEgbmV3IGFjY2VzcyB0b2tlbiAoYW5kIG9wdGlvbmFsbHksIGEg
bmV3IHJlZnJlc2ggdG9rZW4pLgogICAgICAgICAgICAKPC9kZD4KPC9kbD48L2Jsb2NrcXVvdGU+
PHA+CiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBTdGVwcyBDLCBELCBFLCBhbmQgRiBhcmUg
b3V0c2lkZSB0aGUgc2NvcGUgb2YgdGhpcyBzcGVjaWZpY2F0aW9uIGFzIGRlc2NyaWJlZCBpbgog
ICAgICAgICAgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNhY2Nlc3MtcmVzb3VyY2UnPlNlY3Rpb24m
bmJzcDs3PHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkFjY2Vzc2luZyBQcm90ZWN0
ZWQgUmVzb3VyY2VzPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4KICAgICAgICAKPC9wPgo8YSBu
YW1lPSJ0bHMiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBh
ZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0
cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwv
dGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi4xLjYiPjwvYT48aDM+MS42LiZu
YnNwOwpUTFMgVmVyc2lvbjwvaDM+Cgo8cD4KICAgICAgICAgIFdoZW5ldmVyIFRMUyBpcyB1c2Vk
IGJ5IHRoaXMgc3BlY2lmaWNhdGlvbiwgdGhlIGFwcHJvcHJpYXRlIHZlcnNpb24gKG9yIHZlcnNp
b25zKSBvZgogICAgICAgICAgVExTIHdpbGwgdmFyeSBvdmVyIHRpbWUsIGJhc2VkIG9uIHRoZSB3
aWRlc3ByZWFkIGRlcGxveW1lbnQgYW5kIGtub3duIHNlY3VyaXR5CiAgICAgICAgICB2dWxuZXJh
YmlsaXRpZXMuIEF0IHRoZSB0aW1lIG9mIHRoaXMgd3JpdGluZywgVExTIHZlcnNpb24gMS4yIDxh
IGNsYXNzPSdpbmZvJyBocmVmPScjUkZDNTI0Nic+W1JGQzUyNDZdPHNwYW4+ICg8L3NwYW4+PHNw
YW4gY2xhc3M9J2luZm8nPkRpZXJrcywgVC4gYW5kIEUuIFJlc2NvcmxhLCAmbGRxdW87VGhlIFRy
YW5zcG9ydCBMYXllciBTZWN1cml0eSAoVExTKSBQcm90b2NvbCBWZXJzaW9uIDEuMiwmcmRxdW87
IEF1Z3VzdCZuYnNwOzIwMDguPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPgogICAgICAgICAgaXMg
dGhlIG1vc3QgcmVjZW50IHZlcnNpb24sIGJ1dCBoYXMgYSB2ZXJ5IGxpbWl0ZWQgZGVwbG95bWVu
dCBiYXNlIGFuZCBtaWdodCBub3QgYmUKICAgICAgICAgIHJlYWRpbHkgYXZhaWxhYmxlIGZvciBp
bXBsZW1lbnRhdGlvbi4gVExTIHZlcnNpb24gMS4wIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjUkZD
MjI0Nic+W1JGQzIyNDZdPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkRpZXJrcywg
VC4gYW5kIEMuIEFsbGVuLCAmbGRxdW87VGhlIFRMUyBQcm90b2NvbCBWZXJzaW9uIDEuMCwmcmRx
dW87IEphbnVhcnkmbmJzcDsxOTk5Ljwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4gaXMgdGhlCiAg
ICAgICAgICBtb3N0IHdpZGVseSBkZXBsb3llZCB2ZXJzaW9uLCBhbmQgd2lsbCBwcm92aWRlIHRo
ZSBicm9hZGVzdCBpbnRlcm9wZXJhYmlsaXR5LgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAg
SW1wbGVtZW50YXRpb25zIE1BWSBhbHNvIHN1cHBvcnQgYWRkaXRpb25hbCB0cmFuc3BvcnQtbGF5
ZXIgc2VjdXJpdHkgbWVjaGFuaXNtcwogICAgICAgICAgdGhhdCBtZWV0IHRoZWlyIHNlY3VyaXR5
IHJlcXVpcmVtZW50cy4KICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3IxMSI+PC9hPjxiciAv
PjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNp
bmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVn
Ij48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+Cjxh
IG5hbWU9InJmYy5zZWN0aW9uLjEuNyI+PC9hPjxoMz4xLjcuJm5ic3A7CkhUVFAgUmVkaXJlY3Rp
b25zPC9oMz4KCjxwPgogICAgICAgICAgVGhpcyBzcGVjaWZpY2F0aW9uIG1ha2VzIGV4dGVuc2l2
ZSB1c2Ugb2YgSFRUUCByZWRpcmVjdGlvbnMsIGluIHdoaWNoIHRoZSBjbGllbnQgb3IgdGhlCiAg
ICAgICAgICBhdXRob3JpemF0aW9uIHNlcnZlciBkaXJlY3QgdGhlIHJlc291cmNlIG93bmVyJ3Mg
dXNlci1hZ2VudCB0byBhbm90aGVyIGRlc3RpbmF0aW9uLiBXaGlsZQogICAgICAgICAgdGhlIGV4
YW1wbGVzIGluIHRoaXMgc3BlY2lmaWNhdGlvbiBzaG93IHRoZSB1c2Ugb2YgdGhlIEhUVFAgMzAy
IHN0YXR1cyBjb2RlLCBhbnkgb3RoZXIKICAgICAgICAgIG1ldGhvZCBhdmFpbGFibGUgdmlhIHRo
ZSB1c2VyLWFnZW50IHRvIGFjY29tcGxpc2ggdGhpcyByZWRpcmVjdGlvbiBpcyBhbGxvd2VkIGFu
ZCBpcwogICAgICAgICAgY29uc2lkZXJlZCB0byBiZSBhbiBpbXBsZW1lbnRhdGlvbiBkZXRhaWwu
CiAgICAgICAgCjwvcD4KPGEgbmFtZT0iYW5jaG9yMTIiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxl
IHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0i
VE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3Rv
YyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2Vj
dGlvbi4xLjgiPjwvYT48aDM+MS44LiZuYnNwOwpJbnRlcm9wZXJhYmlsaXR5PC9oMz4KCjxwPgog
ICAgICAgICAgT0F1dGggMi4wIHByb3ZpZGVzIGEgcmljaCBhdXRob3JpemF0aW9uIGZyYW1ld29y
ayB3aXRoIHdlbGwtZGVmaW5lZCBzZWN1cml0eSBwcm9wZXJ0aWVzLgogICAgICAgICAgSG93ZXZl
ciwgYXMgYSByaWNoIGFuZCBoaWdobHkgZXh0ZW5zaWJsZSBmcmFtZXdvcmsgd2l0aCBtYW55IG9w
dGlvbmFsIGNvbXBvbmVudHMsIG9uIGl0cwogICAgICAgICAgb3duLCB0aGlzIHNwZWNpZmljYXRp
b24gaXMgbGlrZWx5IHRvIHByb2R1Y2UgYSB3aWRlIHJhbmdlIG9mIG5vbi1pbnRlcm9wZXJhYmxl
CiAgICAgICAgICBpbXBsZW1lbnRhdGlvbnMuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBJ
biBhZGRpdGlvbiwgdGhpcyBzcGVjaWZpY2F0aW9uIGxlYXZlcyBhIGZldyByZXF1aXJlZCBjb21w
b25lbnRzIHBhcnRpYWxseSBvciBmdWxseQogICAgICAgICAgdW5kZWZpbmVkIChlLmcuIGNsaWVu
dCByZWdpc3RyYXRpb24sIGF1dGhvcml6YXRpb24gc2VydmVyIGNhcGFiaWxpdGllcywgZW5kcG9p
bnQKICAgICAgICAgIGRpc2NvdmVyeSkuIFdpdGhvdXQgdGhlc2UgY29tcG9uZW50cywgY2xpZW50
cyBtdXN0IGJlIG1hbnVhbGx5IGFuZCBzcGVjaWZpY2FsbHkKICAgICAgICAgIGNvbmZpZ3VyZWQg
YWdhaW5zdCBhIHNwZWNpZmljIGF1dGhvcml6YXRpb24gc2VydmVyIGFuZCByZXNvdXJjZSBzZXJ2
ZXIgaW4gb3JkZXIgdG8KICAgICAgICAgIGludGVyb3BlcmF0ZS4KICAgICAgICAKPC9wPgo8cD4K
ICAgICAgICAgIFRoaXMgZnJhbWV3b3JrIHdhcyBkZXNpZ25lZCB3aXRoIHRoZSBjbGVhciBleHBl
Y3RhdGlvbiB0aGF0IGZ1dHVyZSB3b3JrIHdpbGwgZGVmaW5lCiAgICAgICAgICBwcmVzY3JpcHRp
dmUgcHJvZmlsZXMgYW5kIGV4dGVuc2lvbnMgbmVjZXNzYXJ5IHRvIGFjaGlldmUgZnVsbCB3ZWIt
c2NhbGUKICAgICAgICAgIGludGVyb3BlcmFiaWxpdHkuCiAgICAgICAgCjwvcD4KPGEgbmFtZT0i
YW5jaG9yMTMiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBh
ZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0
cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwv
dGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi4xLjkiPjwvYT48aDM+MS45LiZu
YnNwOwpOb3RhdGlvbmFsIENvbnZlbnRpb25zPC9oMz4KCjxwPgogICAgICAgICAgVGhlIGtleSB3
b3JkcyAiTVVTVCIsICJNVVNUIE5PVCIsICJSRVFVSVJFRCIsICJTSEFMTCIsICJTSEFMTCBOT1Qi
LCAiU0hPVUxEIiwgIlNIT1VMRAogICAgICAgICAgTk9UIiwgIlJFQ09NTUVOREVEIiwgIk1BWSIs
IGFuZCAiT1BUSU9OQUwiIGluIHRoaXMgc3BlY2lmaWNhdGlvbiBhcmUgdG8gYmUgaW50ZXJwcmV0
ZWQgYXMKICAgICAgICAgIGRlc2NyaWJlZCBpbiA8YSBjbGFzcz0naW5mbycgaHJlZj0nI1JGQzIx
MTknPltSRkMyMTE5XTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5CcmFkbmVyLCBT
LiwgJmxkcXVvO0tleSB3b3JkcyBmb3IgdXNlIGluIFJGQ3MgdG8gSW5kaWNhdGUgUmVxdWlyZW1l
bnQgTGV2ZWxzLCZyZHF1bzsgTWFyY2gmbmJzcDsxOTk3Ljwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwv
YT4uCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBUaGlzIHNwZWNpZmljYXRpb24gdXNlcyB0
aGUgQXVnbWVudGVkIEJhY2t1cy1OYXVyIEZvcm0gKEFCTkYpIG5vdGF0aW9uIG9mCiAgICAgICAg
ICA8YSBjbGFzcz0naW5mbycgaHJlZj0nI1JGQzUyMzQnPltSRkM1MjM0XTxzcGFuPiAoPC9zcGFu
PjxzcGFuIGNsYXNzPSdpbmZvJz5Dcm9ja2VyLCBELiBhbmQgUC4gT3ZlcmVsbCwgJmxkcXVvO0F1
Z21lbnRlZCBCTkYgZm9yIFN5bnRheCBTcGVjaWZpY2F0aW9uczogQUJORiwmcmRxdW87IEphbnVh
cnkmbmJzcDsyMDA4Ljwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4uCgkgIEFkZGl0aW9uYWxseSwg
dGhlIHJ1bGUgVVJJLVJlZmVyZW5jZSBpcyBpbmNsdWRlZCBmcm9tCgkgIFVuaWZvcm0gUmVzb3Vy
Y2UgSWRlbnRpZmllciAoVVJJKSA8YSBjbGFzcz0naW5mbycgaHJlZj0nI1JGQzM5ODYnPltSRkMz
OTg2XTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5CZXJuZXJzLUxlZSwgVC4sIEZp
ZWxkaW5nLCBSLiwgYW5kIEwuIE1hc2ludGVyLCAmbGRxdW87VW5pZm9ybSBSZXNvdXJjZSBJZGVu
dGlmaWVyIChVUkkpOiBHZW5lcmljIFN5bnRheCwmcmRxdW87IEphbnVhcnkmbmJzcDsyMDA1Ljwv
c3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4uCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBDZXJ0
YWluIHNlY3VyaXR5LXJlbGF0ZWQgdGVybXMgYXJlIHRvIGJlIHVuZGVyc3Rvb2QgaW4gdGhlIHNl
bnNlIGRlZmluZWQgaW4KICAgICAgICAgIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjUkZDNDk0OSc+
W1JGQzQ5NDldPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPlNoaXJleSwgUi4sICZs
ZHF1bztJbnRlcm5ldCBTZWN1cml0eSBHbG9zc2FyeSwgVmVyc2lvbiAyLCZyZHF1bzsgQXVndXN0
Jm5ic3A7MjAwNy48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LiBUaGVzZSB0ZXJtcyBpbmNsdWRl
LCBidXQgYXJlIG5vdCBsaW1pdGVkIHRvLCAiYXR0YWNrIiwKICAgICAgICAgICJhdXRoZW50aWNh
dGlvbiIsICJhdXRob3JpemF0aW9uIiwgImNlcnRpZmljYXRlIiwgImNvbmZpZGVudGlhbGl0eSIs
ICJjcmVkZW50aWFsIiwKICAgICAgICAgICJlbmNyeXB0aW9uIiwgImlkZW50aXR5IiwgInNpZ24i
LCAic2lnbmF0dXJlIiwgInRydXN0IiwgInZhbGlkYXRlIiwgYW5kICJ2ZXJpZnkiLgogICAgICAg
IAo8L3A+CjxwPgogICAgICAgICAgVW5sZXNzIG90aGVyd2lzZSBub3RlZCwgYWxsIHRoZSBwcm90
b2NvbCBwYXJhbWV0ZXIgbmFtZXMgYW5kIHZhbHVlcyBhcmUgY2FzZSBzZW5zaXRpdmUuCiAgICAg
ICAgCjwvcD4KPGEgbmFtZT0iYW5jaG9yMTQiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1h
cnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVn
IiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5i
c3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi4y
Ij48L2E+PGgzPjIuJm5ic3A7CkNsaWVudCBSZWdpc3RyYXRpb248L2gzPgoKPHA+CiAgICAgICAg
QmVmb3JlIGluaXRpYXRpbmcgdGhlIHByb3RvY29sLCB0aGUgY2xpZW50IHJlZ2lzdGVycyB3aXRo
IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4gVGhlCiAgICAgICAgbWVhbnMgdGhyb3VnaCB3aGlj
aCB0aGUgY2xpZW50IHJlZ2lzdGVycyB3aXRoIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhcmUg
YmV5b25kIHRoZQogICAgICAgIHNjb3BlIG9mIHRoaXMgc3BlY2lmaWNhdGlvbiwgYnV0IHR5cGlj
YWxseSBpbnZvbHZlIGVuZC11c2VyIGludGVyYWN0aW9uIHdpdGggYW4gSFRNTAogICAgICAgIHJl
Z2lzdHJhdGlvbiBmb3JtLgogICAgICAKPC9wPgo8cD4KICAgICAgICBDbGllbnQgcmVnaXN0cmF0
aW9uIGRvZXMgbm90IHJlcXVpcmUgYSBkaXJlY3QgaW50ZXJhY3Rpb24gYmV0d2VlbiB0aGUgY2xp
ZW50IGFuZCB0aGUKICAgICAgICBhdXRob3JpemF0aW9uIHNlcnZlci4gV2hlbiBzdXBwb3J0ZWQg
YnkgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLCByZWdpc3RyYXRpb24gY2FuIHJlbHkKICAgICAg
ICBvbiBvdGhlciBtZWFucyBmb3IgZXN0YWJsaXNoaW5nIHRydXN0IGFuZCBvYnRhaW5pbmcgdGhl
IHJlcXVpcmVkIGNsaWVudCBwcm9wZXJ0aWVzIChlLmcuCiAgICAgICAgcmVkaXJlY3Rpb24gVVJJ
LCBjbGllbnQgdHlwZSkuIEZvciBleGFtcGxlLCByZWdpc3RyYXRpb24gY2FuIGJlIGFjY29tcGxp
c2hlZCB1c2luZyBhCiAgICAgICAgc2VsZi1pc3N1ZWQgb3IgdGhpcmQtcGFydHktaXNzdWVkIGFz
c2VydGlvbiwgb3IgYnkgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHBlcmZvcm1pbmcKICAgICAg
ICBjbGllbnQgZGlzY292ZXJ5IHVzaW5nIGEgdHJ1c3RlZCBjaGFubmVsLgogICAgICAKPC9wPgo8
cD4KICAgICAgICBXaGVuIHJlZ2lzdGVyaW5nIGEgY2xpZW50LCB0aGUgY2xpZW50IGRldmVsb3Bl
ciBTSEFMTDoKICAgICAgCjwvcD4KPHA+CiAgICAgICAgPC9wPgo8dWwgY2xhc3M9InRleHQiPgo8
bGk+CiAgICAgICAgICAgIHNwZWNpZmllcyB0aGUgY2xpZW50IHR5cGUgYXMgZGVzY3JpYmVkIGlu
IDxhIGNsYXNzPSdpbmZvJyBocmVmPScjY2xpZW50LXR5cGVzJz5TZWN0aW9uJm5ic3A7Mi4xPHNw
YW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkNsaWVudCBUeXBlczwvc3Bhbj48c3Bhbj4p
PC9zcGFuPjwvYT4sCiAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICBwcm92aWRlcyBp
dHMgY2xpZW50IHJlZGlyZWN0aW9uIFVSSXMgYXMgZGVzY3JpYmVkIGluCiAgICAgICAgICAgIDxh
IGNsYXNzPSdpbmZvJyBocmVmPScjcmVkaXJlY3QtdXJpJz5TZWN0aW9uJm5ic3A7My4xLjI8c3Bh
bj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+UmVkaXJlY3Rpb24gRW5kcG9pbnQ8L3NwYW4+
PHNwYW4+KTwvc3Bhbj48L2E+LCBhbmQKICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAg
IGluY2x1ZGVzIGFueSBvdGhlciBpbmZvcm1hdGlvbiByZXF1aXJlZCBieSB0aGUgYXV0aG9yaXph
dGlvbiBzZXJ2ZXIgKGUuZy4gYXBwbGljYXRpb24KICAgICAgICAgICAgbmFtZSwgd2Vic2l0ZSwg
ZGVzY3JpcHRpb24sIGxvZ28gaW1hZ2UsIHRoZSBhY2NlcHRhbmNlIG9mIGxlZ2FsIHRlcm1zKS4K
ICAgICAgICAgIAo8L2xpPgo8L3VsPjxwPgogICAgICAKPC9wPgo8YSBuYW1lPSJjbGllbnQtdHlw
ZXMiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9
IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQg
Y2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90
cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi4yLjEiPjwvYT48aDM+Mi4xLiZuYnNwOwpD
bGllbnQgVHlwZXM8L2gzPgoKPHA+CiAgICAgICAgICBPQXV0aCBkZWZpbmVzIHR3byBjbGllbnQg
dHlwZXMsIGJhc2VkIG9uIHRoZWlyIGFiaWxpdHkgdG8gYXV0aGVudGljYXRlIHNlY3VyZWx5IHdp
dGggdGhlCiAgICAgICAgICBhdXRob3JpemF0aW9uIHNlcnZlciAoaS5lLiBhYmlsaXR5IHRvIG1h
aW50YWluIHRoZSBjb25maWRlbnRpYWxpdHkgb2YgdGhlaXIgY2xpZW50CiAgICAgICAgICBjcmVk
ZW50aWFscyk6CiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICA8L3A+CjxibG9ja3F1b3RlIGNs
YXNzPSJ0ZXh0Ij48ZGw+CjxkdD5jb25maWRlbnRpYWw8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAg
CiAgICAgICAgICAgICAgQ2xpZW50cyBjYXBhYmxlIG9mIG1haW50YWluaW5nIHRoZSBjb25maWRl
bnRpYWxpdHkgb2YgdGhlaXIgY3JlZGVudGlhbHMgKGUuZy4KICAgICAgICAgICAgICBjbGllbnQg
aW1wbGVtZW50ZWQgb24gYSBzZWN1cmUgc2VydmVyIHdpdGggcmVzdHJpY3RlZCBhY2Nlc3MgdG8g
dGhlIGNsaWVudAogICAgICAgICAgICAgIGNyZWRlbnRpYWxzKSwgb3IgY2FwYWJsZSBvZiBzZWN1
cmUgY2xpZW50IGF1dGhlbnRpY2F0aW9uIHVzaW5nIG90aGVyIG1lYW5zLgogICAgICAgICAgICAK
PC9kZD4KPGR0PnB1YmxpYzwvZHQ+CjxkZD4KICAgICAgICAgICAgICAKICAgICAgICAgICAgICBD
bGllbnRzIGluY2FwYWJsZSBvZiBtYWludGFpbmluZyB0aGUgY29uZmlkZW50aWFsaXR5IG9mIHRo
ZWlyIGNyZWRlbnRpYWxzIChlLmcuCiAgICAgICAgICAgICAgY2xpZW50cyBleGVjdXRpbmcgb24g
dGhlIGRldmljZSB1c2VkIGJ5IHRoZSByZXNvdXJjZSBvd25lciBzdWNoIGFzIGFuIGluc3RhbGxl
ZAogICAgICAgICAgICAgIG5hdGl2ZSBhcHBsaWNhdGlvbiBvciBhIHdlYiBicm93c2VyLWJhc2Vk
IGFwcGxpY2F0aW9uKSwgYW5kIGluY2FwYWJsZSBvZiBzZWN1cmUKICAgICAgICAgICAgICBjbGll
bnQgYXV0aGVudGljYXRpb24gdmlhIGFueSBvdGhlciBtZWFucy4KICAgICAgICAgICAgCjwvZGQ+
CjwvZGw+PC9ibG9ja3F1b3RlPjxwPgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgVGhlIGNs
aWVudCB0eXBlIGRlc2lnbmF0aW9uIGlzIGJhc2VkIG9uIHRoZSBhdXRob3JpemF0aW9uIHNlcnZl
cidzIGRlZmluaXRpb24gb2Ygc2VjdXJlCiAgICAgICAgICBhdXRoZW50aWNhdGlvbiBhbmQgaXRz
IGFjY2VwdGFibGUgZXhwb3N1cmUgbGV2ZWxzIG9mIGNsaWVudCBjcmVkZW50aWFscy4gVGhlCiAg
ICAgICAgICBhdXRob3JpemF0aW9uIHNlcnZlciBTSE9VTEQgTk9UIG1ha2UgYXNzdW1wdGlvbnMg
YWJvdXQgdGhlIGNsaWVudCB0eXBlLgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgQSBjbGll
bnQgbWF5IGJlIGltcGxlbWVudGVkIGFzIGEgZGlzdHJpYnV0ZWQgc2V0IG9mIGNvbXBvbmVudHMs
IGVhY2ggd2l0aCBhIGRpZmZlcmVudAogICAgICAgICAgY2xpZW50IHR5cGUgYW5kIHNlY3VyaXR5
IGNvbnRleHQgKGUuZy4gYSBkaXN0cmlidXRlZCBjbGllbnQgd2l0aCBib3RoIGEgY29uZmlkZW50
aWFsCiAgICAgICAgICBzZXJ2ZXItYmFzZWQgY29tcG9uZW50IGFuZCBhIHB1YmxpYyBicm93c2Vy
LWJhc2VkIGNvbXBvbmVudCkuIElmIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcgogICAgICAgICAg
ZG9lcyBub3QgcHJvdmlkZSBzdXBwb3J0IGZvciBzdWNoIGNsaWVudHMsIG9yIGRvZXMgbm90IHBy
b3ZpZGUgZ3VpZGFuY2Ugd2l0aCByZWdhcmQgdG8KICAgICAgICAgIHRoZWlyIHJlZ2lzdHJhdGlv
biwgdGhlIGNsaWVudCBTSE9VTEQgcmVnaXN0ZXIgZWFjaCBjb21wb25lbnQgYXMgYSBzZXBhcmF0
ZSBjbGllbnQuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBUaGlzIHNwZWNpZmljYXRpb24g
aGFzIGJlZW4gZGVzaWduZWQgYXJvdW5kIHRoZSBmb2xsb3dpbmcgY2xpZW50IHByb2ZpbGVzOgog
ICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgPC9wPgo8YmxvY2txdW90ZSBjbGFzcz0idGV4dCI+
PGRsPgo8ZHQ+d2ViIGFwcGxpY2F0aW9uPC9kdD4KPGRkPgogICAgICAgICAgICAgIAogICAgICAg
ICAgICAgIEEgd2ViIGFwcGxpY2F0aW9uIGlzIGEgY29uZmlkZW50aWFsIGNsaWVudCBydW5uaW5n
IG9uIGEgd2ViIHNlcnZlci4gUmVzb3VyY2Ugb3duZXJzCiAgICAgICAgICAgICAgYWNjZXNzIHRo
ZSBjbGllbnQgdmlhIGFuIEhUTUwgdXNlciBpbnRlcmZhY2UgcmVuZGVyZWQgaW4gYSB1c2VyLWFn
ZW50IG9uIHRoZSBkZXZpY2UKICAgICAgICAgICAgICB1c2VkIGJ5IHRoZSByZXNvdXJjZSBvd25l
ci4gVGhlIGNsaWVudCBjcmVkZW50aWFscyBhcyB3ZWxsIGFzIGFueSBhY2Nlc3MgdG9rZW4gaXNz
dWVkCiAgICAgICAgICAgICAgdG8gdGhlIGNsaWVudCBhcmUgc3RvcmVkIG9uIHRoZSB3ZWIgc2Vy
dmVyIGFuZCBhcmUgbm90IGV4cG9zZWQgdG8gb3IgYWNjZXNzaWJsZSBieQogICAgICAgICAgICAg
IHRoZSByZXNvdXJjZSBvd25lci4KICAgICAgICAgICAgCjwvZGQ+CjxkdD51c2VyLWFnZW50LWJh
c2VkIGFwcGxpY2F0aW9uPC9kdD4KPGRkPgogICAgICAgICAgICAgIAogICAgICAgICAgICAgIEEg
dXNlci1hZ2VudC1iYXNlZCBhcHBsaWNhdGlvbiBpcyBhIHB1YmxpYyBjbGllbnQgaW4gd2hpY2gg
dGhlIGNsaWVudCBjb2RlIGlzCiAgICAgICAgICAgICAgZG93bmxvYWRlZCBmcm9tIGEgd2ViIHNl
cnZlciBhbmQgZXhlY3V0ZXMgd2l0aGluIGEgdXNlci1hZ2VudCAoZS5nLiB3ZWIgYnJvd3Nlcikg
b24KICAgICAgICAgICAgICB0aGUgZGV2aWNlIHVzZWQgYnkgdGhlIHJlc291cmNlIG93bmVyLiBQ
cm90b2NvbCBkYXRhIGFuZCBjcmVkZW50aWFscyBhcmUgZWFzaWx5CiAgICAgICAgICAgICAgYWNj
ZXNzaWJsZSAoYW5kIG9mdGVuIHZpc2libGUpIHRvIHRoZSByZXNvdXJjZSBvd25lci4gU2luY2Ug
c3VjaCBhcHBsaWNhdGlvbnMgcmVzaWRlCiAgICAgICAgICAgICAgd2l0aGluIHRoZSB1c2VyLWFn
ZW50LCB0aGV5IGNhbiBtYWtlIHNlYW1sZXNzIHVzZSBvZiB0aGUgdXNlci1hZ2VudCBjYXBhYmls
aXRpZXMgd2hlbgogICAgICAgICAgICAgIHJlcXVlc3RpbmcgYXV0aG9yaXphdGlvbi4KICAgICAg
ICAgICAgCjwvZGQ+CjxkdD5uYXRpdmUgYXBwbGljYXRpb248L2R0Pgo8ZGQ+CiAgICAgICAgICAg
ICAgCiAgICAgICAgICAgICAgQSBuYXRpdmUgYXBwbGljYXRpb24gaXMgYSBwdWJsaWMgY2xpZW50
IGluc3RhbGxlZCBhbmQgZXhlY3V0ZWQgb24gdGhlIGRldmljZSB1c2VkIGJ5CiAgICAgICAgICAg
ICAgdGhlIHJlc291cmNlIG93bmVyLiBQcm90b2NvbCBkYXRhIGFuZCBjcmVkZW50aWFscyBhcmUg
YWNjZXNzaWJsZSB0byB0aGUgcmVzb3VyY2UKICAgICAgICAgICAgICBvd25lci4gSXQgaXMgYXNz
dW1lZCB0aGF0IGFueSBjbGllbnQgYXV0aGVudGljYXRpb24gY3JlZGVudGlhbHMgaW5jbHVkZWQg
aW4gdGhlCiAgICAgICAgICAgICAgYXBwbGljYXRpb24gY2FuIGJlIGV4dHJhY3RlZC4gT24gdGhl
IG90aGVyIGhhbmQsIGR5bmFtaWNhbGx5IGlzc3VlZCBjcmVkZW50aWFscyBzdWNoCiAgICAgICAg
ICAgICAgYXMgYWNjZXNzIHRva2VucyBvciByZWZyZXNoIHRva2VucyBjYW4gcmVjZWl2ZSBhbiBh
Y2NlcHRhYmxlIGxldmVsIG9mIHByb3RlY3Rpb24uIEF0IGEKICAgICAgICAgICAgICBtaW5pbXVt
LCB0aGVzZSBjcmVkZW50aWFscyBhcmUgcHJvdGVjdGVkIGZyb20gaG9zdGlsZSBzZXJ2ZXJzIHdp
dGggd2hpY2ggdGhlCiAgICAgICAgICAgICAgYXBwbGljYXRpb24gbWF5IGludGVyYWN0IHdpdGgu
IE9uIHNvbWUgcGxhdGZvcm1zIHRoZXNlIGNyZWRlbnRpYWxzIG1pZ2h0IGJlIHByb3RlY3RlZAog
ICAgICAgICAgICAgIGZyb20gb3RoZXIgYXBwbGljYXRpb25zIHJlc2lkaW5nIG9uIHRoZSBzYW1l
IGRldmljZS4KICAgICAgICAgICAgCjwvZGQ+CjwvZGw+PC9ibG9ja3F1b3RlPjxwPgogICAgICAg
IAo8L3A+CjxhIG5hbWU9ImNsaWVudC1pZGVudGlmaWVyIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJs
ZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9
IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0
b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNl
Y3Rpb24uMi4yIj48L2E+PGgzPjIuMi4mbmJzcDsKQ2xpZW50IElkZW50aWZpZXI8L2gzPgoKPHA+
CiAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgaXNzdWVzIHRoZSByZWdpc3RlcmVk
IGNsaWVudCBhIGNsaWVudCBpZGVudGlmaWVyIC0gYSB1bmlxdWUKICAgICAgICAgIHN0cmluZyBy
ZXByZXNlbnRpbmcgdGhlIHJlZ2lzdHJhdGlvbiBpbmZvcm1hdGlvbiBwcm92aWRlZCBieSB0aGUg
Y2xpZW50LiBUaGUgY2xpZW50CiAgICAgICAgICBpZGVudGlmaWVyIGlzIG5vdCBhIHNlY3JldCwg
aXQgaXMgZXhwb3NlZCB0byB0aGUgcmVzb3VyY2Ugb3duZXIsIGFuZCBNVVNUIE5PVCBiZSB1c2Vk
CiAgICAgICAgICBhbG9uZSBmb3IgY2xpZW50IGF1dGhlbnRpY2F0aW9uLiBUaGUgY2xpZW50IGlk
ZW50aWZpZXIgaXMgdW5pcXVlIHRvIHRoZSBhdXRob3JpemF0aW9uCiAgICAgICAgICBzZXJ2ZXIu
CiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBUaGUgY2xpZW50IGlkZW50aWZpZXIgc3RyaW5n
IHNpemUgaXMgbGVmdCB1bmRlZmluZWQgYnkgdGhpcyBzcGVjaWZpY2F0aW9uLiBUaGUgY2xpZW50
CiAgICAgICAgICBzaG91bGQgYXZvaWQgbWFraW5nIGFzc3VtcHRpb25zIGFib3V0IHRoZSBpZGVu
dGlmaWVyIHNpemUuICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIKICAgICAgICAgIFNIT1VMRCBk
b2N1bWVudCB0aGUgc2l6ZSBvZiBhbnkgaWRlbnRpZmllciBpdCBpc3N1ZXMuCiAgICAgICAgCjwv
cD4KPGEgbmFtZT0iY2xpZW50LWF1dGhlbnRpY2F0aW9uIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJs
ZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9
IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0
b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNl
Y3Rpb24uMi4zIj48L2E+PGgzPjIuMy4mbmJzcDsKQ2xpZW50IEF1dGhlbnRpY2F0aW9uPC9oMz4K
CjxwPgogICAgICAgICAgSWYgdGhlIGNsaWVudCB0eXBlIGlzIGNvbmZpZGVudGlhbCwgdGhlIGNs
aWVudCBhbmQgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgZXN0YWJsaXNoIGEgY2xpZW50CiAgICAgICAg
ICBhdXRoZW50aWNhdGlvbiBtZXRob2Qgc3VpdGFibGUgZm9yIHRoZSBzZWN1cml0eSByZXF1aXJl
bWVudHMgb2YgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLgogICAgICAgICAgVGhlIGF1dGhvcml6
YXRpb24gc2VydmVyIE1BWSBhY2NlcHQgYW55IGZvcm0gb2YgY2xpZW50IGF1dGhlbnRpY2F0aW9u
IG1lZXRpbmcgaXRzCiAgICAgICAgICBzZWN1cml0eSByZXF1aXJlbWVudHMuCiAgICAgICAgCjwv
cD4KPHA+CiAgICAgICAgICBDb25maWRlbnRpYWwgY2xpZW50cyBhcmUgdHlwaWNhbGx5IGlzc3Vl
ZCAob3IgZXN0YWJsaXNoKSBhIHNldCBvZiBjbGllbnQgY3JlZGVudGlhbHMgdXNlZCBmb3IKICAg
ICAgICAgIGF1dGhlbnRpY2F0aW5nIHdpdGggdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIChlLmcu
IHBhc3N3b3JkLCBwdWJsaWMvcHJpdmF0ZSBrZXkgcGFpcikuCiAgICAgICAgCjwvcD4KPHA+CiAg
ICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTUFZIGVzdGFibGlzaCBhIGNsaWVudCBh
dXRoZW50aWNhdGlvbiBtZXRob2Qgd2l0aCBwdWJsaWMgY2xpZW50cy4KICAgICAgICAgIEhvd2V2
ZXIsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIE5PVCByZWx5IG9uIHB1YmxpYyBjbGll
bnQgYXV0aGVudGljYXRpb24gZm9yIHRoZQogICAgICAgICAgcHVycG9zZSBvZiBpZGVudGlmeWlu
ZyB0aGUgY2xpZW50LgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgVGhlIGNsaWVudCBNVVNU
IE5PVCB1c2UgbW9yZSB0aGFuIG9uZSBhdXRoZW50aWNhdGlvbiBtZXRob2QgaW4gZWFjaCByZXF1
ZXN0LgogICAgICAgIAo8L3A+CjxhIG5hbWU9ImFuY2hvcjE1Ij48L2E+PGJyIC8+PGhyIC8+Cjx0
YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xh
c3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9
IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZj
LnNlY3Rpb24uMi4zLjEiPjwvYT48aDM+Mi4zLjEuJm5ic3A7CkNsaWVudCBQYXNzd29yZDwvaDM+
Cgo8cD4KICAgICAgICAgICAgQ2xpZW50cyBpbiBwb3NzZXNzaW9uIG9mIGEgY2xpZW50IHBhc3N3
b3JkIE1BWSB1c2UgdGhlIEhUVFAgQmFzaWMgYXV0aGVudGljYXRpb24gc2NoZW1lCiAgICAgICAg
ICAgIGFzIGRlZmluZWQgaW4gPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNSRkMyNjE3Jz5bUkZDMjYx
N108c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+RnJhbmtzLCBKLiwgSGFsbGFtLUJh
a2VyLCBQLiwgSG9zdGV0bGVyLCBKLiwgTGF3cmVuY2UsIFMuLCBMZWFjaCwgUC4sIEx1b3RvbmVu
LCBBLiwgYW5kIEwuIFN0ZXdhcnQsICZsZHF1bztIVFRQIEF1dGhlbnRpY2F0aW9uOiBCYXNpYyBh
bmQgRGlnZXN0IEFjY2VzcyBBdXRoZW50aWNhdGlvbiwmcmRxdW87IEp1bmUmbmJzcDsxOTk5Ljwv
c3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4gdG8gYXV0aGVudGljYXRlIHdpdGggdGhlIGF1dGhvcml6
YXRpb24gc2VydmVyLgogICAgICAgICAgICBUaGUgY2xpZW50IGlkZW50aWZpZXIgaXMgdXNlZCBh
cyB0aGUgdXNlcm5hbWUsIGFuZCB0aGUgY2xpZW50IHBhc3N3b3JkIGlzIHVzZWQgYXMgdGhlCiAg
ICAgICAgICAgIHBhc3N3b3JkLiBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBzdXBwb3J0
IHRoZSBIVFRQIEJhc2ljIGF1dGhlbnRpY2F0aW9uIHNjaGVtZQogICAgICAgICAgICBmb3IgYXV0
aGVudGljYXRpbmcgY2xpZW50cyB3aGljaCB3ZXJlIGlzc3VlZCBhIGNsaWVudCBwYXNzd29yZC4K
ICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICAgIEZvciBleGFtcGxlIChleHRyYSBsaW5l
IGJyZWFrcyBhcmUgZm9yIGRpc3BsYXkgcHVycG9zZXMgb25seSk6CiAgICAgICAgICAgIAo8L3A+
PGRpdiBzdHlsZT0nZGlzcGxheTogdGFibGU7IHdpZHRoOiAwOyBtYXJnaW4tbGVmdDogM2VtOyBt
YXJnaW4tcmlnaHQ6IGF1dG8nPjxwcmU+CgogIEF1dGhvcml6YXRpb246IEJhc2ljIGN6WkNhR1JT
YTNGME16bzNSbXBtY0RCYVFuSXhTM1JFVW1KdVpsWmtiVWwzCgo8L3ByZT48L2Rpdj4KPHA+CiAg
ICAgICAgICAgIEFsdGVybmF0aXZlbHksIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNQVkgc3Vw
cG9ydCBpbmNsdWRpbmcgdGhlIGNsaWVudCBjcmVkZW50aWFscyBpbgogICAgICAgICAgICB0aGUg
cmVxdWVzdCBib2R5IHVzaW5nIHRoZSBmb2xsb3dpbmcgcGFyYW1ldGVyczoKICAgICAgICAgIAo8
L3A+CjxwPgogICAgICAgICAgICA8L3A+CjxibG9ja3F1b3RlIGNsYXNzPSJ0ZXh0Ij48ZGw+Cjxk
dD5jbGllbnRfaWQ8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgIFJF
UVVJUkVELiBUaGUgY2xpZW50IGlkZW50aWZpZXIgaXNzdWVkIHRvIHRoZSBjbGllbnQgZHVyaW5n
IHRoZSByZWdpc3RyYXRpb24gcHJvY2VzcwogICAgICAgICAgICAgICAgZGVzY3JpYmVkIGJ5IDxh
IGNsYXNzPSdpbmZvJyBocmVmPScjY2xpZW50LWlkZW50aWZpZXInPlNlY3Rpb24mbmJzcDsyLjI8
c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+Q2xpZW50IElkZW50aWZpZXI8L3NwYW4+
PHNwYW4+KTwvc3Bhbj48L2E+LgogICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+Y2xpZW50X3NlY3Jl
dDwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgUkVRVUlSRUQuIFRo
ZSBjbGllbnQgc2VjcmV0LiBUaGUgY2xpZW50IE1BWSBvbWl0IHRoZSBwYXJhbWV0ZXIgaWYgdGhl
IGNsaWVudCBzZWNyZXQKICAgICAgICAgICAgICAgIGlzIGFuIGVtcHR5IHN0cmluZy4KICAgICAg
ICAgICAgICAKPC9kZD4KPC9kbD48L2Jsb2NrcXVvdGU+PHA+CiAgICAgICAgICAKPC9wPgo8cD4K
ICAgICAgICAgICAgSW5jbHVkaW5nIHRoZSBjbGllbnQgY3JlZGVudGlhbHMgaW4gdGhlIHJlcXVl
c3QgYm9keSB1c2luZyB0aGUgdHdvIHBhcmFtZXRlcnMgaXMgTk9UCiAgICAgICAgICAgIFJFQ09N
TUVOREVELCBhbmQgU0hPVUxEIGJlIGxpbWl0ZWQgdG8gY2xpZW50cyB1bmFibGUgdG8gZGlyZWN0
bHkgdXRpbGl6ZSB0aGUgSFRUUCBCYXNpYwogICAgICAgICAgICBhdXRoZW50aWNhdGlvbiBzY2hl
bWUgKG9yIG90aGVyIHBhc3N3b3JkLWJhc2VkIEhUVFAgYXV0aGVudGljYXRpb24gc2NoZW1lcyku
IFRoZQogICAgICAgICAgICBwYXJhbWV0ZXJzIGNhbiBvbmx5IGJlIHRyYW5zbWl0dGVkIGluIHRo
ZSByZXF1ZXN0IGJvZHkgYW5kIE1VU1QgTk9UIGJlIGluY2x1ZGVkIGluIHRoZQogICAgICAgICAg
ICByZXF1ZXN0IFVSSS4KICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICAgIEZvciBleGFt
cGxlLCByZXF1ZXN0aW5nIHRvIHJlZnJlc2ggYW4gYWNjZXNzIHRva2VuICg8YSBjbGFzcz0naW5m
bycgaHJlZj0nI3Rva2VuLXJlZnJlc2gnPlNlY3Rpb24mbmJzcDs2PHNwYW4+ICg8L3NwYW4+PHNw
YW4gY2xhc3M9J2luZm8nPlJlZnJlc2hpbmcgYW4gQWNjZXNzIFRva2VuPC9zcGFuPjxzcGFuPik8
L3NwYW4+PC9hPikKICAgICAgICAgICAgICB1c2luZyB0aGUgYm9keSBwYXJhbWV0ZXJzIChleHRy
YSBsaW5lIGJyZWFrcyBhcmUgZm9yIGRpc3BsYXkgcHVycG9zZXMgb25seSk6CiAgICAgICAgICAg
IAo8L3A+PGRpdiBzdHlsZT0nZGlzcGxheTogdGFibGU7IHdpZHRoOiAwOyBtYXJnaW4tbGVmdDog
M2VtOyBtYXJnaW4tcmlnaHQ6IGF1dG8nPjxwcmU+CgogIFBPU1QgL3Rva2VuIEhUVFAvMS4xCiAg
SG9zdDogc2VydmVyLmV4YW1wbGUuY29tCiAgQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3
dy1mb3JtLXVybGVuY29kZWQ7Y2hhcnNldD1VVEYtOAoKICBncmFudF90eXBlPXJlZnJlc2hfdG9r
ZW4mYW1wO3JlZnJlc2hfdG9rZW49dEd6djNKT2tGMFhHNVF4MlRsS1dJQQogICZhbXA7Y2xpZW50
X2lkPXM2QmhkUmtxdDMmYW1wO2NsaWVudF9zZWNyZXQ9N0ZqZnAwWkJyMUt0RFJibmZWZG1JdwoK
PC9wcmU+PC9kaXY+CjxwPgogICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVT
VCByZXF1aXJlIHRoZSB1c2Ugb2YgVExTIGFzIGRlc2NyaWJlZCBpbgogICAgICAgICAgICA8YSBj
bGFzcz0naW5mbycgaHJlZj0nI3Rscyc+U2VjdGlvbiZuYnNwOzEuNjxzcGFuPiAoPC9zcGFuPjxz
cGFuIGNsYXNzPSdpbmZvJz5UTFMgVmVyc2lvbjwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4gd2hl
biBzZW5kaW5nIHJlcXVlc3RzIHVzaW5nIHBhc3N3b3JkIGF1dGhlbnRpY2F0aW9uLgogICAgICAg
ICAgCjwvcD4KPHA+CiAgICAgICAgICAgIFNpbmNlIHRoaXMgY2xpZW50IGF1dGhlbnRpY2F0aW9u
IG1ldGhvZCBpbnZvbHZlcyBhIHBhc3N3b3JkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIKICAg
ICAgICAgICAgTVVTVCBwcm90ZWN0IGFueSBlbmRwb2ludCB1dGlsaXppbmcgaXQgYWdhaW5zdCBi
cnV0ZSBmb3JjZSBhdHRhY2tzLgogICAgICAgICAgCjwvcD4KPGEgbmFtZT0iYW5jaG9yMTYiPjwv
YT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNl
bGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9
IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3Rh
YmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi4yLjMuMiI+PC9hPjxoMz4yLjMuMi4mbmJzcDsKT3Ro
ZXIgQXV0aGVudGljYXRpb24gTWV0aG9kczwvaDM+Cgo8cD4KICAgICAgICAgICAgVGhlIGF1dGhv
cml6YXRpb24gc2VydmVyIE1BWSBzdXBwb3J0IGFueSBzdWl0YWJsZSBIVFRQIGF1dGhlbnRpY2F0
aW9uIHNjaGVtZSBtYXRjaGluZwogICAgICAgICAgICBpdHMgc2VjdXJpdHkgcmVxdWlyZW1lbnRz
LiBXaGVuIHVzaW5nIG90aGVyIGF1dGhlbnRpY2F0aW9uIG1ldGhvZHMsIHRoZSBhdXRob3JpemF0
aW9uCiAgICAgICAgICAgIHNlcnZlciBNVVNUIGRlZmluZSBhIG1hcHBpbmcgYmV0d2VlbiB0aGUg
Y2xpZW50IGlkZW50aWZpZXIgKHJlZ2lzdHJhdGlvbiByZWNvcmQpIGFuZAogICAgICAgICAgICBh
dXRoZW50aWNhdGlvbiBzY2hlbWUuCiAgICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3IxNyI+
PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIg
Y2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFz
cz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwv
dGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjIuNCI+PC9hPjxoMz4yLjQuJm5ic3A7ClVucmVn
aXN0ZXJlZCBDbGllbnRzPC9oMz4KCjxwPgogICAgICAgICAgVGhpcyBzcGVjaWZpY2F0aW9uIGRv
ZXMgbm90IGV4Y2x1ZGUgdGhlIHVzZSBvZiB1bnJlZ2lzdGVyZWQgY2xpZW50cy4gSG93ZXZlciwg
dGhlIHVzZQogICAgICAgICAgd2l0aCBzdWNoIGNsaWVudHMgaXMgYmV5b25kIHRoZSBzY29wZSBv
ZiB0aGlzIHNwZWNpZmljYXRpb24sIGFuZCByZXF1aXJlcyBhZGRpdGlvbmFsCiAgICAgICAgICBz
ZWN1cml0eSBhbmFseXNpcyBhbmQgcmV2aWV3IG9mIGl0cyBpbnRlcm9wZXJhYmlsaXR5IGltcGFj
dC4KICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3IxOCI+PC9hPjxiciAvPjxociAvPgo8dGFi
bGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNz
PSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIj
dG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5z
ZWN0aW9uLjMiPjwvYT48aDM+My4mbmJzcDsKUHJvdG9jb2wgRW5kcG9pbnRzPC9oMz4KCjxwPgog
ICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHByb2Nlc3MgdXRpbGl6ZXMgdHdvIGF1dGhvcml6YXRp
b24gc2VydmVyIGVuZHBvaW50cyAoSFRUUCByZXNvdXJjZXMpOgogICAgICAKPC9wPgo8cD4KICAg
ICAgICA8L3A+Cjx1bCBjbGFzcz0idGV4dCI+CjxsaT4KICAgICAgICAgICAgQXV0aG9yaXphdGlv
biBlbmRwb2ludCAtIHVzZWQgYnkgdGhlIGNsaWVudCB0byBvYnRhaW4gYXV0aG9yaXphdGlvbiBm
cm9tIHRoZSByZXNvdXJjZQogICAgICAgICAgICBvd25lciB2aWEgdXNlci1hZ2VudCByZWRpcmVj
dGlvbi4KICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgIFRva2VuIGVuZHBvaW50IC0g
dXNlZCBieSB0aGUgY2xpZW50IHRvIGV4Y2hhbmdlIGFuIGF1dGhvcml6YXRpb24gZ3JhbnQgZm9y
IGFuIGFjY2VzcwogICAgICAgICAgICB0b2tlbiwgdHlwaWNhbGx5IHdpdGggY2xpZW50IGF1dGhl
bnRpY2F0aW9uLgogICAgICAgICAgCjwvbGk+CjwvdWw+PHA+CiAgICAgIAo8L3A+CjxwPgogICAg
ICAgIEFzIHdlbGwgYXMgb25lIGNsaWVudCBlbmRwb2ludDoKICAgICAgCjwvcD4KPHA+CiAgICAg
ICAgPC9wPgo8dWwgY2xhc3M9InRleHQiPgo8bGk+CiAgICAgICAgICAgIFJlZGlyZWN0aW9uIGVu
ZHBvaW50IC0gdXNlZCBieSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgdG8gcmV0dXJuIGF1dGhv
cml6YXRpb24KICAgICAgICAgICAgY3JlZGVudGlhbHMgcmVzcG9uc2VzIHRvIHRoZSBjbGllbnQg
dmlhIHRoZSByZXNvdXJjZSBvd25lciB1c2VyLWFnZW50LgogICAgICAgICAgCjwvbGk+CjwvdWw+
PHA+CiAgICAgIAo8L3A+CjxwPgogICAgICAgIE5vdCBldmVyeSBhdXRob3JpemF0aW9uIGdyYW50
IHR5cGUgdXRpbGl6ZXMgYm90aCBlbmRwb2ludHMuIEV4dGVuc2lvbiBncmFudCB0eXBlcyBNQVkK
ICAgICAgICBkZWZpbmUgYWRkaXRpb25hbCBlbmRwb2ludHMgYXMgbmVlZGVkLgogICAgICAKPC9w
Pgo8YSBuYW1lPSJhbmNob3IxOSI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5
b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWdu
PSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0Mm
bmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjMuMSI+PC9h
PjxoMz4zLjEuJm5ic3A7CkF1dGhvcml6YXRpb24gRW5kcG9pbnQ8L2gzPgoKPHA+CiAgICAgICAg
ICBUaGUgYXV0aG9yaXphdGlvbiBlbmRwb2ludCBpcyB1c2VkIHRvIGludGVyYWN0IHdpdGggdGhl
IHJlc291cmNlIG93bmVyIGFuZCBvYnRhaW4KICAgICAgICAgIGFuIGF1dGhvcml6YXRpb24gZ3Jh
bnQuIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIGZpcnN0IHZlcmlmeSB0aGUgaWRlbnRp
dHkgb2YgdGhlCiAgICAgICAgICByZXNvdXJjZSBvd25lci4gVGhlIHdheSBpbiB3aGljaCB0aGUg
YXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXV0aGVudGljYXRlcyB0aGUgcmVzb3VyY2UKICAgICAgICAg
IG93bmVyIChlLmcuIHVzZXJuYW1lIGFuZCBwYXNzd29yZCBsb2dpbiwgc2Vzc2lvbiBjb29raWVz
KSBpcyBiZXlvbmQgdGhlIHNjb3BlIG9mIHRoaXMKICAgICAgICAgIHNwZWNpZmljYXRpb24uCiAg
ICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBUaGUgbWVhbnMgdGhyb3VnaCB3aGljaCB0aGUgY2xp
ZW50IG9idGFpbnMgdGhlIGxvY2F0aW9uIG9mIHRoZSBhdXRob3JpemF0aW9uIGVuZHBvaW50IGFy
ZQogICAgICAgICAgYmV5b25kIHRoZSBzY29wZSBvZiB0aGlzIHNwZWNpZmljYXRpb24sIGJ1dCB0
aGUgbG9jYXRpb24gaXMgdHlwaWNhbGx5IHByb3ZpZGVkIGluIHRoZQogICAgICAgICAgc2Vydmlj
ZSBkb2N1bWVudGF0aW9uLgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgVGhlIGVuZHBvaW50
IFVSSSBNQVkgaW5jbHVkZSBhbgogICAgICAgICAgPHR0PmFwcGxpY2F0aW9uL3gtd3d3LWZvcm0t
dXJsZW5jb2RlZDwvdHQ+IGZvcm1hdHRlZAogICAgICAgICAgKDxhIGNsYXNzPSdpbmZvJyBocmVm
PScjVzNDLlJFQy1odG1sNDAxLTE5OTkxMjI0Jz5bVzNDLlJFQyYjODIwOTtodG1sNDAxJiM4MjA5
OzE5OTkxMjI0XTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5Ib3JzLCBBLiwgUmFn
Z2V0dCwgRC4sIGFuZCBJLiBKYWNvYnMsICZsZHF1bztIVE1MIDQuMDEgU3BlY2lmaWNhdGlvbiwm
cmRxdW87IERlY2VtYmVyJm5ic3A7MTk5OS48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+KSBxdWVy
eSBjb21wb25lbnQgKDxhIGNsYXNzPSdpbmZvJyBocmVmPScjUkZDMzk4Nic+W1JGQzM5ODZdPHNw
YW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkJlcm5lcnMtTGVlLCBULiwgRmllbGRpbmcs
IFIuLCBhbmQgTC4gTWFzaW50ZXIsICZsZHF1bztVbmlmb3JtIFJlc291cmNlIElkZW50aWZpZXIg
KFVSSSk6IEdlbmVyaWMgU3ludGF4LCZyZHF1bzsgSmFudWFyeSZuYnNwOzIwMDUuPC9zcGFuPjxz
cGFuPik8L3NwYW4+PC9hPgogICAgICAgICAgc2VjdGlvbiAzLjQpLCB3aGljaCBNVVNUIGJlIHJl
dGFpbmVkIHdoZW4gYWRkaW5nIGFkZGl0aW9uYWwgcXVlcnkgcGFyYW1ldGVycy4gVGhlCiAgICAg
ICAgICBlbmRwb2ludCBVUkkgTVVTVCBOT1QgaW5jbHVkZSBhIGZyYWdtZW50IGNvbXBvbmVudC4K
ICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIFNpbmNlIHJlcXVlc3RzIHRvIHRoZSBhdXRob3Jp
emF0aW9uIGVuZHBvaW50IHJlc3VsdCBpbiB1c2VyIGF1dGhlbnRpY2F0aW9uIGFuZCB0aGUKICAg
ICAgICAgIHRyYW5zbWlzc2lvbiBvZiBjbGVhci10ZXh0IGNyZWRlbnRpYWxzIChpbiB0aGUgSFRU
UCByZXNwb25zZSksIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcgogICAgICAgICAgTVVTVCByZXF1
aXJlIHRoZSB1c2Ugb2YgVExTIGFzIGRlc2NyaWJlZCBpbiA8YSBjbGFzcz0naW5mbycgaHJlZj0n
I3Rscyc+U2VjdGlvbiZuYnNwOzEuNjxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5U
TFMgVmVyc2lvbjwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4gd2hlbiBzZW5kaW5nIHJlcXVlc3Rz
CiAgICAgICAgICB0byB0aGUgYXV0aG9yaXphdGlvbiBlbmRwb2ludC4KICAgICAgICAKPC9wPgo8
cD4KICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIHN1cHBvcnQgdGhlIHVz
ZSBvZiB0aGUgSFRUUCA8dHQ+R0VUPC90dD4KICAgICAgICAgIG1ldGhvZCA8YSBjbGFzcz0naW5m
bycgaHJlZj0nI1JGQzI2MTYnPltSRkMyNjE2XTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdp
bmZvJz5GaWVsZGluZywgUi4sIEdldHR5cywgSi4sIE1vZ3VsLCBKLiwgRnJ5c3R5aywgSC4sIE1h
c2ludGVyLCBMLiwgTGVhY2gsIFAuLCBhbmQgVC4gQmVybmVycy1MZWUsICZsZHF1bztIeXBlcnRl
eHQgVHJhbnNmZXIgUHJvdG9jb2wgLS0gSFRUUC8xLjEsJnJkcXVvOyBKdW5lJm5ic3A7MTk5OS48
L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+IGZvciB0aGUgYXV0aG9yaXphdGlvbiBlbmRwb2ludCwg
YW5kIE1BWSBzdXBwb3J0IHRoZSB1c2UKICAgICAgICAgIG9mIHRoZSA8dHQ+UE9TVDwvdHQ+IG1l
dGhvZCBhcyB3ZWxsLgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgUGFyYW1ldGVycyBzZW50
IHdpdGhvdXQgYSB2YWx1ZSBNVVNUIGJlIHRyZWF0ZWQgYXMgaWYgdGhleSB3ZXJlIG9taXR0ZWQg
ZnJvbSB0aGUgcmVxdWVzdC4KICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNU
IGlnbm9yZSB1bnJlY29nbml6ZWQgcmVxdWVzdCBwYXJhbWV0ZXJzLiBSZXF1ZXN0IGFuZAogICAg
ICAgICAgcmVzcG9uc2UgcGFyYW1ldGVycyBNVVNUIE5PVCBiZSBpbmNsdWRlZCBtb3JlIHRoYW4g
b25jZS4KICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3IyMCI+PC9hPjxiciAvPjxociAvPgo8
dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNs
YXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVm
PSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJm
Yy5zZWN0aW9uLjMuMS4xIj48L2E+PGgzPjMuMS4xLiZuYnNwOwpSZXNwb25zZSBUeXBlPC9oMz4K
CjxwPgogICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBlbmRwb2ludCBpcyB1c2VkIGJ5IHRo
ZSBhdXRob3JpemF0aW9uIGNvZGUgZ3JhbnQgdHlwZSBhbmQgaW1wbGljaXQKICAgICAgICAgICAg
Z3JhbnQgdHlwZSBmbG93cy4gVGhlIGNsaWVudCBpbmZvcm1zIHRoZSBhdXRob3JpemF0aW9uIHNl
cnZlciBvZiB0aGUgZGVzaXJlZCBncmFudAogICAgICAgICAgICB0eXBlIHVzaW5nIHRoZSBmb2xs
b3dpbmcgcGFyYW1ldGVyOgogICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgIDwvcD4KPGJs
b2NrcXVvdGUgY2xhc3M9InRleHQiPjxkbD4KPGR0PnJlc3BvbnNlX3R5cGU8L2R0Pgo8ZGQ+CiAg
ICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgIFJFUVVJUkVELiBUaGUgdmFsdWUgTVVTVCBi
ZSBvbmUgb2YgPHR0PmNvZGU8L3R0PiBmb3IgcmVxdWVzdGluZwogICAgICAgICAgICAgICAgYW4g
YXV0aG9yaXphdGlvbiBjb2RlIGFzIGRlc2NyaWJlZCBieSA8YSBjbGFzcz0naW5mbycgaHJlZj0n
I2NvZGUtYXV0aHotcmVxJz5TZWN0aW9uJm5ic3A7NC4xLjE8c3Bhbj4gKDwvc3Bhbj48c3BhbiBj
bGFzcz0naW5mbyc+QXV0aG9yaXphdGlvbiBSZXF1ZXN0PC9zcGFuPjxzcGFuPik8L3NwYW4+PC9h
PiwKICAgICAgICAgICAgICAgIDx0dD50b2tlbjwvdHQ+IGZvciByZXF1ZXN0aW5nIGFuIGFjY2Vz
cyB0b2tlbiAoaW1wbGljaXQgZ3JhbnQpCiAgICAgICAgICAgICAgICBhcyBkZXNjcmliZWQgYnkg
PGEgY2xhc3M9J2luZm8nIGhyZWY9JyNpbXBsaWNpdC1hdXRoei1yZXEnPlNlY3Rpb24mbmJzcDs0
LjIuMTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5BdXRob3JpemF0aW9uIFJlcXVl
c3Q8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LCBvciBhIHJlZ2lzdGVyZWQgZXh0ZW5zaW9uCiAg
ICAgICAgICAgICAgICB2YWx1ZSBhcyBkZXNjcmliZWQgYnkgPGEgY2xhc3M9J2luZm8nIGhyZWY9
JyNyZXNwb25zZS10eXBlLWV4dCc+U2VjdGlvbiZuYnNwOzguNDxzcGFuPiAoPC9zcGFuPjxzcGFu
IGNsYXNzPSdpbmZvJz5EZWZpbmluZyBOZXcgQXV0aG9yaXphdGlvbiBFbmRwb2ludCBSZXNwb25z
ZSBUeXBlczwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4uCiAgICAgICAgICAgICAgCjwvZGQ+Cjwv
ZGw+PC9ibG9ja3F1b3RlPjxwPgogICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgIEV4dGVu
c2lvbiByZXNwb25zZSB0eXBlcyBNQVkgY29udGFpbiBhIHNwYWNlLWRlbGltaXRlZCAoJXgyMCkg
bGlzdCBvZiB2YWx1ZXMsIHdoZXJlIHRoZQogICAgICAgICAgICBvcmRlciBvZiB2YWx1ZXMgZG9l
cyBub3QgbWF0dGVyIChlLmcuIHJlc3BvbnNlIHR5cGUgPHR0PmEgYjwvdHQ+IGlzCiAgICAgICAg
ICAgIHRoZSBzYW1lIGFzIDx0dD5iIGE8L3R0PikuIFRoZSBtZWFuaW5nIG9mIHN1Y2ggY29tcG9z
aXRlIHJlc3BvbnNlCiAgICAgICAgICAgIHR5cGVzIGlzIGRlZmluZWQgYnkgdGhlaXIgcmVzcGVj
dGl2ZSBzcGVjaWZpY2F0aW9ucy4KICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICBJZiBh
biBhdXRob3JpemF0aW9uIHJlcXVlc3QgaXMgbWlzc2luZyB0aGUgPHR0PnJlc3BvbnNlX3R5cGU8
L3R0PgogICAgICAgICAgICBwYXJhbWV0ZXIsIG9yIGlmIHRoZSByZXNwb25zZSB0eXBlIGlzIG5v
dCB1bmRlcnN0b29kLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVAogICAgICAgICAgICBy
ZXR1cm4gYW4gZXJyb3IgcmVzcG9uc2UgYXMgZGVzY3JpYmVkIGluIDxhIGNsYXNzPSdpbmZvJyBo
cmVmPScjY29kZS1hdXRoei1lcnJvcic+U2VjdGlvbiZuYnNwOzQuMS4yLjE8c3Bhbj4gKDwvc3Bh
bj48c3BhbiBjbGFzcz0naW5mbyc+RXJyb3IgUmVzcG9uc2U8L3NwYW4+PHNwYW4+KTwvc3Bhbj48
L2E+LgogICAgICAgICAgCjwvcD4KPGEgbmFtZT0icmVkaXJlY3QtdXJpIj48L2E+PGJyIC8+PGhy
IC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0i
MiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxh
IGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFt
ZT0icmZjLnNlY3Rpb24uMy4xLjIiPjwvYT48aDM+My4xLjIuJm5ic3A7ClJlZGlyZWN0aW9uIEVu
ZHBvaW50PC9oMz4KCjxwPgogICAgICAgICAgICBBZnRlciBjb21wbGV0aW5nIGl0cyBpbnRlcmFj
dGlvbiB3aXRoIHRoZSByZXNvdXJjZSBvd25lciwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyCiAg
ICAgICAgICAgIGRpcmVjdHMgdGhlIHJlc291cmNlIG93bmVyJ3MgdXNlci1hZ2VudCBiYWNrIHRv
IHRoZSBjbGllbnQuIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlcgogICAgICAgICAgICByZWRpcmVj
dHMgdGhlIHVzZXItYWdlbnQgdG8gdGhlIGNsaWVudCdzIHJlZGlyZWN0aW9uIGVuZHBvaW50IHBy
ZXZpb3VzbHkgZXN0YWJsaXNoZWQKICAgICAgICAgICAgd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBz
ZXJ2ZXIgZHVyaW5nIHRoZSBjbGllbnQgcmVnaXN0cmF0aW9uIHByb2Nlc3Mgb3Igd2hlbiBtYWtp
bmcKICAgICAgICAgICAgdGhlIGF1dGhvcml6YXRpb24gcmVxdWVzdC4KICAgICAgICAgIAo8L3A+
CjxwPgogICAgICAgICAgICBUaGUgcmVkaXJlY3Rpb24gZW5kcG9pbnQgVVJJIE1VU1QgYmUgYW4g
YWJzb2x1dGUgVVJJIGFzIGRlZmluZWQgYnkKICAgICAgICAgICAgPGEgY2xhc3M9J2luZm8nIGhy
ZWY9JyNSRkMzOTg2Jz5bUkZDMzk4Nl08c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+
QmVybmVycy1MZWUsIFQuLCBGaWVsZGluZywgUi4sIGFuZCBMLiBNYXNpbnRlciwgJmxkcXVvO1Vu
aWZvcm0gUmVzb3VyY2UgSWRlbnRpZmllciAoVVJJKTogR2VuZXJpYyBTeW50YXgsJnJkcXVvOyBK
YW51YXJ5Jm5ic3A7MjAwNS48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+IHNlY3Rpb24gNC4zLiBU
aGUgZW5kcG9pbnQgVVJJIE1BWSBpbmNsdWRlIGFuCiAgICAgICAgICAgIDx0dD5hcHBsaWNhdGlv
bi94LXd3dy1mb3JtLXVybGVuY29kZWQ8L3R0PiBmb3JtYXR0ZWQKICAgICAgICAgICAgKDxhIGNs
YXNzPSdpbmZvJyBocmVmPScjVzNDLlJFQy1odG1sNDAxLTE5OTkxMjI0Jz5bVzNDLlJFQyYjODIw
OTtodG1sNDAxJiM4MjA5OzE5OTkxMjI0XTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZv
Jz5Ib3JzLCBBLiwgUmFnZ2V0dCwgRC4sIGFuZCBJLiBKYWNvYnMsICZsZHF1bztIVE1MIDQuMDEg
U3BlY2lmaWNhdGlvbiwmcmRxdW87IERlY2VtYmVyJm5ic3A7MTk5OS48L3NwYW4+PHNwYW4+KTwv
c3Bhbj48L2E+KSBxdWVyeSBjb21wb25lbnQgKDxhIGNsYXNzPSdpbmZvJyBocmVmPScjUkZDMzk4
Nic+W1JGQzM5ODZdPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkJlcm5lcnMtTGVl
LCBULiwgRmllbGRpbmcsIFIuLCBhbmQgTC4gTWFzaW50ZXIsICZsZHF1bztVbmlmb3JtIFJlc291
cmNlIElkZW50aWZpZXIgKFVSSSk6IEdlbmVyaWMgU3ludGF4LCZyZHF1bzsgSmFudWFyeSZuYnNw
OzIwMDUuPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPgogICAgICAgICAgICBzZWN0aW9uIDMuNCks
IHdoaWNoIE1VU1QgYmUgcmV0YWluZWQgd2hlbiBhZGRpbmcgYWRkaXRpb25hbCBxdWVyeSBwYXJh
bWV0ZXJzLiBUaGUKICAgICAgICAgICAgZW5kcG9pbnQgVVJJIE1VU1QgTk9UIGluY2x1ZGUgYSBm
cmFnbWVudCBjb21wb25lbnQuCiAgICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3IyMSI+PC9h
PjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2Vs
bHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0i
VE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFi
bGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjMuMS4yLjEiPjwvYT48aDM+My4xLjIuMS4mbmJzcDsK
RW5kcG9pbnQgUmVxdWVzdCBDb25maWRlbnRpYWxpdHk8L2gzPgoKPHA+CiAgICAgICAgICAgICAg
VGhlIHJlZGlyZWN0aW9uIGVuZHBvaW50IFNIT1VMRCByZXF1aXJlIHRoZSB1c2Ugb2YgVExTIGFz
IGRlc2NyaWJlZCBpbgogICAgICAgICAgICAgIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjdGxzJz5T
ZWN0aW9uJm5ic3A7MS42PHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPlRMUyBWZXJz
aW9uPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPiB3aGVuIHRoZSByZXF1ZXN0ZWQgcmVzcG9uc2Ug
dHlwZSBpcwogICAgICAgICAgICAgIDx0dD5jb2RlPC90dD4gb3IgPHR0PnRva2VuPC90dD4sIG9y
CiAgICAgICAgICAgICAgd2hlbiB0aGUgcmVkaXJlY3Rpb24gcmVxdWVzdCB3aWxsIHJlc3VsdCBp
biB0aGUgdHJhbnNtaXNzaW9uIG9mIHNlbnNpdGl2ZSBjcmVkZW50aWFscwogICAgICAgICAgICAg
IG92ZXIgYW4gb3BlbiBuZXR3b3JrLiBUaGlzIHNwZWNpZmljYXRpb24gZG9lcyBub3QgbWFuZGF0
ZSB0aGUgdXNlIG9mIFRMUyBiZWNhdXNlIGF0CiAgICAgICAgICAgICAgdGhlIHRpbWUgb2YgdGhp
cyB3cml0aW5nLCByZXF1aXJpbmcgY2xpZW50cyB0byBkZXBsb3kgVExTIGlzIGEgc2lnbmlmaWNh
bnQgaHVyZGxlIGZvcgogICAgICAgICAgICAgIG1hbnkgY2xpZW50IGRldmVsb3BlcnMuIElmIFRM
UyBpcyBub3QgYXZhaWxhYmxlLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgU0hPVUxEIHdhcm4K
ICAgICAgICAgICAgICB0aGUgcmVzb3VyY2Ugb3duZXIgYWJvdXQgdGhlIGluc2VjdXJlIGVuZHBv
aW50IHByaW9yIHRvIHJlZGlyZWN0aW9uIChlLmcuIGRpc3BsYXkgYQogICAgICAgICAgICAgIG1l
c3NhZ2UgZHVyaW5nIHRoZSBhdXRob3JpemF0aW9uIHJlcXVlc3QpLgogICAgICAgICAgICAKPC9w
Pgo8cD4KICAgICAgICAgICAgICBMYWNrIG9mIHRyYW5zcG9ydC1sYXllciBzZWN1cml0eSBjYW4g
aGF2ZSBhIHNldmVyZSBpbXBhY3Qgb24gdGhlIHNlY3VyaXR5IG9mIHRoZQogICAgICAgICAgICAg
IGNsaWVudCBhbmQgdGhlIHByb3RlY3RlZCByZXNvdXJjZXMgaXQgaXMgYXV0aG9yaXplZCB0byBh
Y2Nlc3MuIFRoZSB1c2Ugb2YKICAgICAgICAgICAgICB0cmFuc3BvcnQtbGF5ZXIgc2VjdXJpdHkg
aXMgcGFydGljdWxhcmx5IGNyaXRpY2FsIHdoZW4gdGhlIGF1dGhvcml6YXRpb24gcHJvY2VzcyBp
cwogICAgICAgICAgICAgIHVzZWQgYXMgYSBmb3JtIG9mIGRlbGVnYXRlZCBlbmQtdXNlciBhdXRo
ZW50aWNhdGlvbiBieSB0aGUgY2xpZW50IChlLmcuIHRoaXJkLXBhcnR5CiAgICAgICAgICAgICAg
c2lnbi1pbiBzZXJ2aWNlKS4KICAgICAgICAgICAgCjwvcD4KPGEgbmFtZT0iYW5jaG9yMjIiPjwv
YT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNl
bGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9
IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3Rh
YmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi4zLjEuMi4yIj48L2E+PGgzPjMuMS4yLjIuJm5ic3A7
ClJlZ2lzdHJhdGlvbiBSZXF1aXJlbWVudHM8L2gzPgoKPHA+CiAgICAgICAgICAgICAgVGhlIGF1
dGhvcml6YXRpb24gc2VydmVyIE1VU1QgcmVxdWlyZSB0aGUgZm9sbG93aW5nIGNsaWVudHMgdG8g
cmVnaXN0ZXIgdGhlaXIKICAgICAgICAgICAgICByZWRpcmVjdGlvbiBlbmRwb2ludDoKICAgICAg
ICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgICAgPC9wPgo8dWwgY2xhc3M9InRleHQiPgo8bGk+
CiAgICAgICAgICAgICAgICAgIFB1YmxpYyBjbGllbnRzLgogICAgICAgICAgICAgICAgCjwvbGk+
CjxsaT4KICAgICAgICAgICAgICAgICAgQ29uZmlkZW50aWFsIGNsaWVudHMgdXRpbGl6aW5nIHRo
ZSBpbXBsaWNpdCBncmFudCB0eXBlLgogICAgICAgICAgICAgICAgCjwvbGk+CjwvdWw+PHA+CiAg
ICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZl
ciBTSE9VTEQgcmVxdWlyZSBhbGwgY2xpZW50cyB0byByZWdpc3RlciB0aGVpciByZWRpcmVjdGlv
bgogICAgICAgICAgICAgIGVuZHBvaW50IHByaW9yIHRvIHV0aWxpemluZyB0aGUgYXV0aG9yaXph
dGlvbiBlbmRwb2ludC4KICAgICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgICAgVGhlIGF1
dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCByZXF1aXJlIHRoZSBjbGllbnQgdG8gcHJvdmlkZSB0
aGUgY29tcGxldGUKICAgICAgICAgICAgICByZWRpcmVjdGlvbiBVUkkgKHRoZSBjbGllbnQgTUFZ
IHVzZSB0aGUgPHR0PnN0YXRlPC90dD4gcmVxdWVzdAogICAgICAgICAgICAgIHBhcmFtZXRlciB0
byBhY2hpZXZlIHBlci1yZXF1ZXN0IGN1c3RvbWl6YXRpb24pLiBJZiByZXF1aXJpbmcgdGhlIHJl
Z2lzdHJhdGlvbiBvZgogICAgICAgICAgICAgIHRoZSBjb21wbGV0ZSByZWRpcmVjdGlvbiBVUkkg
aXMgbm90IHBvc3NpYmxlLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgU0hPVUxEIHJlcXVpcmUK
ICAgICAgICAgICAgICB0aGUgcmVnaXN0cmF0aW9uIG9mIHRoZSBVUkkgc2NoZW1lLCBhdXRob3Jp
dHksIGFuZCBwYXRoIChhbGxvd2luZyB0aGUgY2xpZW50IHRvCiAgICAgICAgICAgICAgZHluYW1p
Y2FsbHkgdmFyeSBvbmx5IHRoZSBxdWVyeSBjb21wb25lbnQgb2YgdGhlIHJlZGlyZWN0aW9uIFVS
SSB3aGVuIHJlcXVlc3RpbmcKICAgICAgICAgICAgICBhdXRob3JpemF0aW9uKS4KICAgICAgICAg
ICAgCjwvcD4KPHA+CiAgICAgICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1BWSBh
bGxvdyB0aGUgY2xpZW50IHRvIHJlZ2lzdGVyIG11bHRpcGxlIHJlZGlyZWN0aW9uCiAgICAgICAg
ICAgICAgZW5kcG9pbnRzLgogICAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgICBMYWNr
IG9mIGEgcmVkaXJlY3Rpb24gVVJJIHJlZ2lzdHJhdGlvbiByZXF1aXJlbWVudCBjYW4gZW5hYmxl
IGFuIGF0dGFja2VyIHRvIHVzZQogICAgICAgICAgICAgIHRoZSBhdXRob3JpemF0aW9uIGVuZHBv
aW50IGFzIG9wZW4gcmVkaXJlY3RvciBhcyBkZXNjcmliZWQgaW4KICAgICAgICAgICAgICA8YSBj
bGFzcz0naW5mbycgaHJlZj0nI29wZW4tcmVkaXJlY3QnPlNlY3Rpb24mbmJzcDsxMC4xNTxzcGFu
PiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5PcGVuIFJlZGlyZWN0b3JzPC9zcGFuPjxzcGFu
Pik8L3NwYW4+PC9hPi4KICAgICAgICAgICAgCjwvcD4KPGEgbmFtZT0iYW5jaG9yMjMiPjwvYT48
YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxz
cGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRP
Q2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxl
Pgo8YSBuYW1lPSJyZmMuc2VjdGlvbi4zLjEuMi4zIj48L2E+PGgzPjMuMS4yLjMuJm5ic3A7CkR5
bmFtaWMgQ29uZmlndXJhdGlvbjwvaDM+Cgo8cD4KICAgICAgICAgICAgICBJZiBtdWx0aXBsZSBy
ZWRpcmVjdGlvbiBVUklzIGhhdmUgYmVlbiByZWdpc3RlcmVkLCBpZiBvbmx5IHBhcnQgb2YgdGhl
IHJlZGlyZWN0aW9uCiAgICAgICAgICAgICAgVVJJIGhhcyBiZWVuIHJlZ2lzdGVyZWQsIG9yIGlm
IG5vIHJlZGlyZWN0aW9uIFVSSSBoYXMgYmVlbiByZWdpc3RlcmVkLCB0aGUgY2xpZW50CiAgICAg
ICAgICAgICAgTVVTVCBpbmNsdWRlIGEgcmVkaXJlY3Rpb24gVVJJIHdpdGggdGhlIGF1dGhvcml6
YXRpb24gcmVxdWVzdCB1c2luZyB0aGUKICAgICAgICAgICAgICA8dHQ+cmVkaXJlY3RfdXJpPC90
dD4gcmVxdWVzdCBwYXJhbWV0ZXIuCiAgICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICAg
IFdoZW4gYSByZWRpcmVjdGlvbiBVUkkgaXMgaW5jbHVkZWQgaW4gYW4gYXV0aG9yaXphdGlvbiBy
ZXF1ZXN0LCB0aGUgYXV0aG9yaXphdGlvbgogICAgICAgICAgICAgIHNlcnZlciBNVVNUIGNvbXBh
cmUgYW5kIG1hdGNoIHRoZSB2YWx1ZSByZWNlaXZlZCBhZ2FpbnN0IGF0IGxlYXN0IG9uZSBvZiB0
aGUKICAgICAgICAgICAgICByZWdpc3RlcmVkIHJlZGlyZWN0aW9uIFVSSXMgKG9yIFVSSSBjb21w
b25lbnRzKSBhcyBkZWZpbmVkIGluCiAgICAgICAgICAgICAgPGEgY2xhc3M9J2luZm8nIGhyZWY9
JyNSRkMzOTg2Jz5bUkZDMzk4Nl08c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+QmVy
bmVycy1MZWUsIFQuLCBGaWVsZGluZywgUi4sIGFuZCBMLiBNYXNpbnRlciwgJmxkcXVvO1VuaWZv
cm0gUmVzb3VyY2UgSWRlbnRpZmllciAoVVJJKTogR2VuZXJpYyBTeW50YXgsJnJkcXVvOyBKYW51
YXJ5Jm5ic3A7MjAwNS48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+IHNlY3Rpb24gNiwgaWYgYW55
IHJlZGlyZWN0aW9uIFVSSXMgd2VyZSByZWdpc3RlcmVkLgogICAgICAgICAgICAgIElmIHRoZSBj
bGllbnQgcmVnaXN0cmF0aW9uIGluY2x1ZGVkIHRoZSBmdWxsIHJlZGlyZWN0aW9uIFVSSSwgdGhl
IGF1dGhvcml6YXRpb24KICAgICAgICAgICAgICBzZXJ2ZXIgTVVTVCBjb21wYXJlIHRoZSB0d28g
VVJJcyB1c2luZyBzaW1wbGUgc3RyaW5nIGNvbXBhcmlzb24gYXMgZGVmaW5lZAogICAgICAgICAg
ICAgIGluIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjUkZDMzk4Nic+W1JGQzM5ODZdPHNwYW4+ICg8
L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkJlcm5lcnMtTGVlLCBULiwgRmllbGRpbmcsIFIuLCBh
bmQgTC4gTWFzaW50ZXIsICZsZHF1bztVbmlmb3JtIFJlc291cmNlIElkZW50aWZpZXIgKFVSSSk6
IEdlbmVyaWMgU3ludGF4LCZyZHF1bzsgSmFudWFyeSZuYnNwOzIwMDUuPC9zcGFuPjxzcGFuPik8
L3NwYW4+PC9hPiBzZWN0aW9uIDYuMi4xLgogICAgICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNo
b3IyNCI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGlu
Zz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0
ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48
L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjMuMS4yLjQiPjwvYT48aDM+My4xLjIu
NC4mbmJzcDsKSW52YWxpZCBFbmRwb2ludDwvaDM+Cgo8cD4KICAgICAgICAgICAgICBJZiBhbiBh
dXRob3JpemF0aW9uIHJlcXVlc3QgZmFpbHMgdmFsaWRhdGlvbiBkdWUgdG8gYSBtaXNzaW5nLCBp
bnZhbGlkLCBvcgogICAgICAgICAgICAgIG1pc21hdGNoaW5nIHJlZGlyZWN0aW9uIFVSSSwgdGhl
IGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCBpbmZvcm0gdGhlIHJlc291cmNlCiAgICAgICAg
ICAgICAgb3duZXIgb2YgdGhlIGVycm9yLCBhbmQgTVVTVCBOT1QgYXV0b21hdGljYWxseSByZWRp
cmVjdCB0aGUgdXNlci1hZ2VudCB0byB0aGUgaW52YWxpZAogICAgICAgICAgICAgIHJlZGlyZWN0
aW9uIFVSSS4KICAgICAgICAgICAgCjwvcD4KPGEgbmFtZT0iYW5jaG9yMjUiPjwvYT48YnIgLz48
aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5n
PSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+
PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBu
YW1lPSJyZmMuc2VjdGlvbi4zLjEuMi41Ij48L2E+PGgzPjMuMS4yLjUuJm5ic3A7CkVuZHBvaW50
IENvbnRlbnQ8L2gzPgoKPHA+CiAgICAgICAgICAgICAgVGhlIHJlZGlyZWN0aW9uIHJlcXVlc3Qg
dG8gdGhlIGNsaWVudCdzIGVuZHBvaW50IHR5cGljYWxseSByZXN1bHRzIGluIGFuIEhUTUwKICAg
ICAgICAgICAgICBkb2N1bWVudCByZXNwb25zZSwgcHJvY2Vzc2VkIGJ5IHRoZSB1c2VyLWFnZW50
LiBJZiB0aGUgSFRNTCByZXNwb25zZSBpcyBzZXJ2ZWQKICAgICAgICAgICAgICBkaXJlY3RseSBh
cyB0aGUgcmVzdWx0IG9mIHRoZSByZWRpcmVjdGlvbiByZXF1ZXN0LCBhbnkgc2NyaXB0IGluY2x1
ZGVkIGluIHRoZSBIVE1MCiAgICAgICAgICAgICAgZG9jdW1lbnQgd2lsbCBleGVjdXRlIHdpdGgg
ZnVsbCBhY2Nlc3MgdG8gdGhlIHJlZGlyZWN0aW9uIFVSSSBhbmQgdGhlIGNyZWRlbnRpYWxzIGl0
CiAgICAgICAgICAgICAgY29udGFpbnMuCiAgICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAg
ICAgIFRoZSBjbGllbnQgU0hPVUxEIE5PVCBpbmNsdWRlIGFueSB0aGlyZC1wYXJ0eSBzY3JpcHRz
IChlLmcuIHRoaXJkLXBhcnR5IGFuYWx5dGljcywKICAgICAgICAgICAgICBzb2NpYWwgcGx1Zy1p
bnMsIGFkIG5ldHdvcmtzKSBpbiB0aGUgcmVkaXJlY3Rpb24gZW5kcG9pbnQgcmVzcG9uc2UuIElu
c3RlYWQsIGl0CiAgICAgICAgICAgICAgU0hPVUxEIGV4dHJhY3QgdGhlIGNyZWRlbnRpYWxzIGZy
b20gdGhlIFVSSSBhbmQgcmVkaXJlY3QgdGhlIHVzZXItYWdlbnQgYWdhaW4gdG8KICAgICAgICAg
ICAgICBhbm90aGVyIGVuZHBvaW50IHdpdGhvdXQgZXhwb3NpbmcgdGhlIGNyZWRlbnRpYWxzIChp
biB0aGUgVVJJIG9yIGVsc2V3aGVyZSkuIElmCiAgICAgICAgICAgICAgdGhpcmQtcGFydHkgc2Ny
aXB0cyBhcmUgaW5jbHVkZWQsIHRoZSBjbGllbnQgTVVTVCBlbnN1cmUgdGhhdCBpdHMgb3duIHNj
cmlwdHMKICAgICAgICAgICAgICAodXNlZCB0byBleHRyYWN0IGFuZCByZW1vdmUgdGhlIGNyZWRl
bnRpYWxzIGZyb20gdGhlIFVSSSkgd2lsbCBleGVjdXRlIGZpcnN0LgogICAgICAgICAgICAKPC9w
Pgo8YSBuYW1lPSJhbmNob3IyNiI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5
b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWdu
PSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0Mm
bmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjMuMiI+PC9h
PjxoMz4zLjIuJm5ic3A7ClRva2VuIEVuZHBvaW50PC9oMz4KCjxwPgogICAgICAgICAgVGhlIHRv
a2VuIGVuZHBvaW50IGlzIHVzZWQgYnkgdGhlIGNsaWVudCB0byBvYnRhaW4gYW4gYWNjZXNzIHRv
a2VuIGJ5IHByZXNlbnRpbmcgaXRzCiAgICAgICAgICBhdXRob3JpemF0aW9uIGdyYW50IG9yIHJl
ZnJlc2ggdG9rZW4uIFRoZSB0b2tlbiBlbmRwb2ludCBpcyB1c2VkIHdpdGggZXZlcnkgYXV0aG9y
aXphdGlvbgogICAgICAgICAgZ3JhbnQgZXhjZXB0IGZvciB0aGUgaW1wbGljaXQgZ3JhbnQgdHlw
ZSAoc2luY2UgYW4gYWNjZXNzIHRva2VuIGlzIGlzc3VlZCBkaXJlY3RseSkuCiAgICAgICAgCjwv
cD4KPHA+CiAgICAgICAgICBUaGUgbWVhbnMgdGhyb3VnaCB3aGljaCB0aGUgY2xpZW50IG9idGFp
bnMgdGhlIGxvY2F0aW9uIG9mIHRoZSB0b2tlbiBlbmRwb2ludCBhcmUKICAgICAgICAgIGJleW9u
ZCB0aGUgc2NvcGUgb2YgdGhpcyBzcGVjaWZpY2F0aW9uIGJ1dCBpcyB0eXBpY2FsbHkgcHJvdmlk
ZWQgaW4gdGhlIHNlcnZpY2UKICAgICAgICAgIGRvY3VtZW50YXRpb24uCiAgICAgICAgCjwvcD4K
PHA+CiAgICAgICAgICBUaGUgZW5kcG9pbnQgVVJJIE1BWSBpbmNsdWRlIGFuCiAgICAgICAgICA8
dHQ+YXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkPC90dD4gZm9ybWF0dGVkCiAgICAg
ICAgICAoPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNXM0MuUkVDLWh0bWw0MDEtMTk5OTEyMjQnPltX
M0MuUkVDJiM4MjA5O2h0bWw0MDEmIzgyMDk7MTk5OTEyMjRdPHNwYW4+ICg8L3NwYW4+PHNwYW4g
Y2xhc3M9J2luZm8nPkhvcnMsIEEuLCBSYWdnZXR0LCBELiwgYW5kIEkuIEphY29icywgJmxkcXVv
O0hUTUwgNC4wMSBTcGVjaWZpY2F0aW9uLCZyZHF1bzsgRGVjZW1iZXImbmJzcDsxOTk5Ljwvc3Bh
bj48c3Bhbj4pPC9zcGFuPjwvYT4pIHF1ZXJ5IGNvbXBvbmVudCAoPGEgY2xhc3M9J2luZm8nIGhy
ZWY9JyNSRkMzOTg2Jz5bUkZDMzk4Nl08c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+
QmVybmVycy1MZWUsIFQuLCBGaWVsZGluZywgUi4sIGFuZCBMLiBNYXNpbnRlciwgJmxkcXVvO1Vu
aWZvcm0gUmVzb3VyY2UgSWRlbnRpZmllciAoVVJJKTogR2VuZXJpYyBTeW50YXgsJnJkcXVvOyBK
YW51YXJ5Jm5ic3A7MjAwNS48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+CiAgICAgICAgICBzZWN0
aW9uIDMuNCksIHdoaWNoIE1VU1QgYmUgcmV0YWluZWQgd2hlbiBhZGRpbmcgYWRkaXRpb25hbCBx
dWVyeSBwYXJhbWV0ZXJzLiBUaGUKICAgICAgICAgIGVuZHBvaW50IFVSSSBNVVNUIE5PVCBpbmNs
dWRlIGEgZnJhZ21lbnQgY29tcG9uZW50LgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgU2lu
Y2UgcmVxdWVzdHMgdG8gdGhlIHRva2VuIGVuZHBvaW50IHJlc3VsdCBpbiB0aGUgdHJhbnNtaXNz
aW9uIG9mIGNsZWFyLXRleHQgY3JlZGVudGlhbHMKICAgICAgICAgIChpbiB0aGUgSFRUUCByZXF1
ZXN0IGFuZCByZXNwb25zZSksIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIHJlcXVpcmUg
dGhlIHVzZSBvZiBUTFMKICAgICAgICAgIGFzIGRlc2NyaWJlZCBpbiA8YSBjbGFzcz0naW5mbycg
aHJlZj0nI3Rscyc+U2VjdGlvbiZuYnNwOzEuNjxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdp
bmZvJz5UTFMgVmVyc2lvbjwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4gd2hlbiBzZW5kaW5nIHJl
cXVlc3RzIHRvIHRoZSB0b2tlbiBlbmRwb2ludC4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAg
IFRoZSBjbGllbnQgTVVTVCB1c2UgdGhlIEhUVFAgPHR0PlBPU1Q8L3R0PiBtZXRob2Qgd2hlbiBt
YWtpbmcgYWNjZXNzCiAgICAgICAgICB0b2tlbiByZXF1ZXN0cy4KICAgICAgICAKPC9wPgo8cD4K
ICAgICAgICAgIFBhcmFtZXRlcnMgc2VudCB3aXRob3V0IGEgdmFsdWUgTVVTVCBiZSB0cmVhdGVk
IGFzIGlmIHRoZXkgd2VyZSBvbWl0dGVkIGZyb20gdGhlIHJlcXVlc3QuCiAgICAgICAgICBUaGUg
YXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBpZ25vcmUgdW5yZWNvZ25pemVkIHJlcXVlc3QgcGFy
YW1ldGVycy4gUmVxdWVzdCBhbmQKICAgICAgICAgIHJlc3BvbnNlIHBhcmFtZXRlcnMgTVVTVCBO
T1QgYmUgaW5jbHVkZWQgbW9yZSB0aGFuIG9uY2UuCiAgICAgICAgCjwvcD4KPGEgbmFtZT0idG9r
ZW4tZW5kcG9pbnQtYXV0aCI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0
IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJy
aWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJz
cDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjMuMi4xIj48L2E+
PGgzPjMuMi4xLiZuYnNwOwpDbGllbnQgQXV0aGVudGljYXRpb248L2gzPgoKPHA+CiAgICAgICAg
ICAgIENvbmZpZGVudGlhbCBjbGllbnRzIG9yIG90aGVyIGNsaWVudHMgaXNzdWVkIGNsaWVudCBj
cmVkZW50aWFscyBNVVNUIGF1dGhlbnRpY2F0ZSB3aXRoCiAgICAgICAgICAgIHRoZSBhdXRob3Jp
emF0aW9uIHNlcnZlciBhcyBkZXNjcmliZWQgaW4gPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNjbGll
bnQtYXV0aGVudGljYXRpb24nPlNlY3Rpb24mbmJzcDsyLjM8c3Bhbj4gKDwvc3Bhbj48c3BhbiBj
bGFzcz0naW5mbyc+Q2xpZW50IEF1dGhlbnRpY2F0aW9uPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9h
PiB3aGVuCiAgICAgICAgICAgIG1ha2luZyByZXF1ZXN0cyB0byB0aGUgdG9rZW4gZW5kcG9pbnQu
IENsaWVudCBhdXRoZW50aWNhdGlvbiBpcyB1c2VkIGZvcjoKICAgICAgICAgIAo8L3A+CjxwPgog
ICAgICAgICAgICA8L3A+Cjx1bCBjbGFzcz0idGV4dCI+CjxsaT4KICAgICAgICAgICAgICAgIEVu
Zm9yY2luZyB0aGUgYmluZGluZyBvZiByZWZyZXNoIHRva2VucyBhbmQgYXV0aG9yaXphdGlvbiBj
b2RlcyB0byB0aGUgY2xpZW50IHRoZXkKICAgICAgICAgICAgICAgIHdlcmUgaXNzdWVkIHRvLiBD
bGllbnQgYXV0aGVudGljYXRpb24gaXMgY3JpdGljYWwgd2hlbiBhbiBhdXRob3JpemF0aW9uIGNv
ZGUgaXMKICAgICAgICAgICAgICAgIHRyYW5zbWl0dGVkIHRvIHRoZSByZWRpcmVjdGlvbiBlbmRw
b2ludCBvdmVyIGFuIGluc2VjdXJlIGNoYW5uZWwsIG9yIHdoZW4gdGhlCiAgICAgICAgICAgICAg
ICByZWRpcmVjdGlvbiBVUkkgaGFzIG5vdCBiZWVuIHJlZ2lzdGVyZWQgaW4gZnVsbC4KICAgICAg
ICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAgUmVjb3ZlcmluZyBmcm9tIGEgY29t
cHJvbWlzZWQgY2xpZW50IGJ5IGRpc2FibGluZyB0aGUgY2xpZW50IG9yIGNoYW5naW5nIGl0cwog
ICAgICAgICAgICAgICAgY3JlZGVudGlhbHMsIHRodXMgcHJldmVudGluZyBhbiBhdHRhY2tlciBm
cm9tIGFidXNpbmcgc3RvbGVuIHJlZnJlc2ggdG9rZW5zLiBDaGFuZ2luZwogICAgICAgICAgICAg
ICAgYSBzaW5nbGUgc2V0IG9mIGNsaWVudCBjcmVkZW50aWFscyBpcyBzaWduaWZpY2FudGx5IGZh
c3RlciB0aGFuIHJldm9raW5nIGFuIGVudGlyZQogICAgICAgICAgICAgICAgc2V0IG9mIHJlZnJl
c2ggdG9rZW5zLgogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBJbXBs
ZW1lbnRpbmcgYXV0aGVudGljYXRpb24gbWFuYWdlbWVudCBiZXN0IHByYWN0aWNlcyB3aGljaCBy
ZXF1aXJlIHBlcmlvZGljCiAgICAgICAgICAgICAgICBjcmVkZW50aWFsIHJvdGF0aW9uLiBSb3Rh
dGlvbiBvZiBhbiBlbnRpcmUgc2V0IG9mIHJlZnJlc2ggdG9rZW5zIGNhbiBiZQogICAgICAgICAg
ICAgICAgY2hhbGxlbmdpbmcsIHdoaWxlIHJvdGF0aW9uIG9mIGEgc2luZ2xlIHNldCBvZiBjbGll
bnQgY3JlZGVudGlhbHMgaXMgc2lnbmlmaWNhbnRseQogICAgICAgICAgICAgICAgZWFzaWVyLgog
ICAgICAgICAgICAgIAo8L2xpPgo8L3VsPjxwPgogICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAg
ICAgIEEgcHVibGljIGNsaWVudCB0aGF0IHdhcyBub3QgaXNzdWVkIGEgY2xpZW50IHBhc3N3b3Jk
IE1BWSB1c2UgdGhlCiAgICAgICAgICAgIDx0dD5jbGllbnRfaWQ8L3R0PiByZXF1ZXN0IHBhcmFt
ZXRlciB0byBpZGVudGlmeSBpdHNlbGYgd2hlbiBzZW5kaW5nCiAgICAgICAgICAgIHJlcXVlc3Rz
IHRvIHRoZSB0b2tlbiBlbmRwb2ludCAoZS5nLiBmb3IgdGhlIHB1cnBvc2Ugb2YgcHJvdmlkaW5n
IGVuZC11c2VyIGNvbnRleHQsCiAgICAgICAgICAgIGNsaWVudCB1c2FnZSBzdGF0aXN0aWNzKS4K
ICAgICAgICAgIAo8L3A+CjxhIG5hbWU9InNjb3BlIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBz
dW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRP
Q2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2Mi
PiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rp
b24uMy4zIj48L2E+PGgzPjMuMy4mbmJzcDsKQWNjZXNzIFRva2VuIFNjb3BlPC9oMz4KCjxwPgog
ICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gYW5kIHRva2VuIGVuZHBvaW50cyBhbGxvdyB0aGUg
Y2xpZW50IHRvIHNwZWNpZnkgdGhlIHNjb3BlIG9mIHRoZSBhY2Nlc3MKICAgICAgICAgIHJlcXVl
c3QgdXNpbmcgdGhlIDx0dD5zY29wZTwvdHQ+IHJlcXVlc3QgcGFyYW1ldGVyLiBJbiB0dXJuLCB0
aGUKICAgICAgICAgIGF1dGhvcml6YXRpb24gc2VydmVyIHVzZXMgdGhlIDx0dD5zY29wZTwvdHQ+
IHJlc3BvbnNlIHBhcmFtZXRlciB0bwogICAgICAgICAgaW5mb3JtIHRoZSBjbGllbnQgb2YgdGhl
IHNjb3BlIG9mIHRoZSBhY2Nlc3MgdG9rZW4gaXNzdWVkLgogICAgICAgIAo8L3A+CjxwPgogICAg
ICAgICAgVGhlIHZhbHVlIG9mIHRoZSBzY29wZSBwYXJhbWV0ZXIgaXMgZXhwcmVzc2VkIGFzIGEg
bGlzdCBvZiBzcGFjZS1kZWxpbWl0ZWQsIGNhc2UKICAgICAgICAgIHNlbnNpdGl2ZSBzdHJpbmdz
LiBUaGUgc3RyaW5ncyBhcmUgZGVmaW5lZCBieSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuIElm
IHRoZSB2YWx1ZQogICAgICAgICAgY29udGFpbnMgbXVsdGlwbGUgc3BhY2UtZGVsaW1pdGVkIHN0
cmluZ3MsIHRoZWlyIG9yZGVyIGRvZXMgbm90IG1hdHRlciwgYW5kIGVhY2ggc3RyaW5nCiAgICAg
ICAgICBhZGRzIGFuIGFkZGl0aW9uYWwgYWNjZXNzIHJhbmdlIHRvIHRoZSByZXF1ZXN0ZWQgc2Nv
cGUuCiAgICAgICAgCjwvcD48ZGl2IHN0eWxlPSdkaXNwbGF5OiB0YWJsZTsgd2lkdGg6IDA7IG1h
cmdpbi1sZWZ0OiAzZW07IG1hcmdpbi1yaWdodDogYXV0byc+PHByZT4KCiAgc2NvcGUgICAgICAg
PSBzY29wZS10b2tlbiAqKCBTUCBzY29wZS10b2tlbiApCiAgc2NvcGUtdG9rZW4gPSAxKiggJXgy
MSAvICV4MjMtNUIgLyAleDVELTdFICkKCjwvcHJlPjwvZGl2Pgo8cD4KICAgICAgICAgIFRoZSBh
dXRob3JpemF0aW9uIHNlcnZlciBNQVkgZnVsbHkgb3IgcGFydGlhbGx5IGlnbm9yZSB0aGUgc2Nv
cGUgcmVxdWVzdGVkIGJ5IHRoZSBjbGllbnQKICAgICAgICAgIGJhc2VkIG9uIHRoZSBhdXRob3Jp
emF0aW9uIHNlcnZlciBwb2xpY3kgb3IgdGhlIHJlc291cmNlIG93bmVyJ3MgaW5zdHJ1Y3Rpb25z
LiBJZiB0aGUKICAgICAgICAgIGlzc3VlZCBhY2Nlc3MgdG9rZW4gc2NvcGUgaXMgZGlmZmVyZW50
IGZyb20gdGhlIG9uZSByZXF1ZXN0ZWQgYnkgdGhlIGNsaWVudCwgdGhlCiAgICAgICAgICBhdXRo
b3JpemF0aW9uIHNlcnZlciBNVVNUIGluY2x1ZGUgdGhlIDx0dD5zY29wZTwvdHQ+IHJlc3BvbnNl
CiAgICAgICAgICBwYXJhbWV0ZXIgdG8gaW5mb3JtIHRoZSBjbGllbnQgb2YgdGhlIGFjdHVhbCBz
Y29wZSBncmFudGVkLgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgSWYgdGhlIGNsaWVudCBv
bWl0cyB0aGUgc2NvcGUgcGFyYW1ldGVyIHdoZW4gcmVxdWVzdGluZyBhdXRob3JpemF0aW9uLCB0
aGUgYXV0aG9yaXphdGlvbgogICAgICAgICAgc2VydmVyIE1VU1QgZWl0aGVyIHByb2Nlc3MgdGhl
IHJlcXVlc3QgdXNpbmcgYSBwcmUtZGVmaW5lZCBkZWZhdWx0IHZhbHVlLCBvciBmYWlsIHRoZQog
ICAgICAgICAgcmVxdWVzdCBpbmRpY2F0aW5nIGFuIGludmFsaWQgc2NvcGUuIFRoZSBhdXRob3Jp
emF0aW9uIHNlcnZlciBTSE9VTEQgZG9jdW1lbnQgaXRzIHNjb3BlCiAgICAgICAgICByZXF1aXJl
bWVudHMgYW5kIGRlZmF1bHQgdmFsdWUgKGlmIGRlZmluZWQpLgogICAgICAgIAo8L3A+CjxhIG5h
bWU9ImFuY2hvcjI3Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNl
bGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0
Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwv
YT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uNCI+PC9hPjxoMz40LiZu
YnNwOwpPYnRhaW5pbmcgQXV0aG9yaXphdGlvbjwvaDM+Cgo8cD4KICAgICAgICBUbyByZXF1ZXN0
IGFuIGFjY2VzcyB0b2tlbiwgdGhlIGNsaWVudCBvYnRhaW5zIGF1dGhvcml6YXRpb24gZnJvbSB0
aGUgcmVzb3VyY2Ugb3duZXIuIFRoZQogICAgICAgIGF1dGhvcml6YXRpb24gaXMgZXhwcmVzc2Vk
IGluIHRoZSBmb3JtIG9mIGFuIGF1dGhvcml6YXRpb24gZ3JhbnQgd2hpY2ggdGhlIGNsaWVudCB1
c2VzIHRvCiAgICAgICAgcmVxdWVzdCB0aGUgYWNjZXNzIHRva2VuLiBPQXV0aCBkZWZpbmVzIGZv
dXIgZ3JhbnQgdHlwZXM6IGF1dGhvcml6YXRpb24gY29kZSwgaW1wbGljaXQsCiAgICAgICAgcmVz
b3VyY2Ugb3duZXIgcGFzc3dvcmQgY3JlZGVudGlhbHMsIGFuZCBjbGllbnQgY3JlZGVudGlhbHMu
IEl0IGFsc28gcHJvdmlkZXMgYW4gZXh0ZW5zaW9uCiAgICAgICAgbWVjaGFuaXNtIGZvciBkZWZp
bmluZyBhZGRpdGlvbmFsIGdyYW50IHR5cGVzLgogICAgICAKPC9wPgo8YSBuYW1lPSJncmFudC1j
b2RlIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5n
PSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRk
IGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwv
dHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uNC4xIj48L2E+PGgzPjQuMS4mbmJzcDsK
QXV0aG9yaXphdGlvbiBDb2RlIEdyYW50PC9oMz4KCjxwPgogICAgICAgICAgVGhlIGF1dGhvcml6
YXRpb24gY29kZSBncmFudCB0eXBlIGlzIHVzZWQgdG8gb2J0YWluIGJvdGggYWNjZXNzIHRva2Vu
cyBhbmQgcmVmcmVzaAogICAgICAgICAgdG9rZW5zIGFuZCBpcyBvcHRpbWl6ZWQgZm9yIGNvbmZp
ZGVudGlhbCBjbGllbnRzLiBBcyBhIHJlZGlyZWN0aW9uLWJhc2VkIGZsb3csIHRoZSBjbGllbnQK
ICAgICAgICAgIG11c3QgYmUgY2FwYWJsZSBvZiBpbnRlcmFjdGluZyB3aXRoIHRoZSByZXNvdXJj
ZSBvd25lcidzIHVzZXItYWdlbnQgKHR5cGljYWxseSBhIHdlYgogICAgICAgICAgYnJvd3Nlcikg
YW5kIGNhcGFibGUgb2YgcmVjZWl2aW5nIGluY29taW5nIHJlcXVlc3RzICh2aWEgcmVkaXJlY3Rp
b24pIGZyb20gdGhlCiAgICAgICAgICBhdXRob3JpemF0aW9uIHNlcnZlci4KICAgICAgICAKPC9w
PjxiciAvPjxociBjbGFzcz0iaW5zZXJ0IiAvPgo8YSBuYW1lPSJGaWd1cmUtMyI+PC9hPgo8ZGl2
IHN0eWxlPSdkaXNwbGF5OiB0YWJsZTsgd2lkdGg6IDA7IG1hcmdpbi1sZWZ0OiAzZW07IG1hcmdp
bi1yaWdodDogYXV0byc+PHByZT4KCiAgKy0tLS0tLS0tLS0rCiAgfCByZXNvdXJjZSB8CiAgfCAg
IG93bmVyICB8CiAgfCAgICAgICAgICB8CiAgKy0tLS0tLS0tLS0rCiAgICAgICBeCiAgICAgICB8
CiAgICAgIChCKQogICstLS0tfC0tLS0tKyAgICAgICAgICBDbGllbnQgSWRlbnRpZmllciAgICAg
ICstLS0tLS0tLS0tLS0tLS0rCiAgfCAgICAgICAgIC0rLS0tLShBKS0tICZhbXA7IFJlZGlyZWN0
aW9uIFVSSSAtLS0tJmd0O3wgICAgICAgICAgICAgICB8CiAgfCAgVXNlci0gICB8ICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgfCBBdXRob3JpemF0aW9uIHwKICB8ICBBZ2VudCAgLSst
LS0tKEIpLS0gVXNlciBhdXRoZW50aWNhdGVzIC0tLSZndDt8ICAgICBTZXJ2ZXIgICAgfAogIHwg
ICAgICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgICAgICAgICAg
ICB8CiAgfCAgICAgICAgIC0rLS0tLShDKS0tIEF1dGhvcml6YXRpb24gQ29kZSAtLS0mbHQ7fCAg
ICAgICAgICAgICAgIHwKICArLXwtLS0tfC0tLSsgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICArLS0tLS0tLS0tLS0tLS0tKwogICAgfCAgICB8ICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICBeICAgICAgdgogICAoQSkgIChDKSAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICB8ICAgICAgfAogICAgfCAgICB8ICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICB8ICAgICAgfAogICAgXiAgICB2ICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICB8ICAgICAgfAogICstLS0tLS0tLS0rICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8ICAgICAgfAogIHwgICAgICAgICB8Jmd0Oy0t
LShEKS0tIEF1dGhvcml6YXRpb24gQ29kZSAtLS0tLS0tLS0nICAgICAgfAogIHwgIENsaWVudCB8
ICAgICAgICAgICZhbXA7IFJlZGlyZWN0aW9uIFVSSSAgICAgICAgICAgICAgICAgIHwKICB8ICAg
ICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwKICB8
ICAgICAgICAgfCZsdDstLS0oRSktLS0tLSBBY2Nlc3MgVG9rZW4gLS0tLS0tLS0tLS0tLS0tLS0t
LScKICArLS0tLS0tLS0tKyAgICAgICAody8gT3B0aW9uYWwgUmVmcmVzaCBUb2tlbikKCjwvcHJl
PjwvZGl2Pgo8cD4KICAgICAgICAgICAgTm90ZTogVGhlIGxpbmVzIGlsbHVzdHJhdGluZyBzdGVw
cyBBLCBCLCBhbmQgQyBhcmUgYnJva2VuIGludG8gdHdvIHBhcnRzIGFzIHRoZXkgcGFzcwogICAg
ICAgICAgICB0aHJvdWdoIHRoZSB1c2VyLWFnZW50LgogICAgICAgICAgCjwvcD48dGFibGUgYm9y
ZGVyPSIwIiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGFsaWduPSJjZW50ZXIiPjx0
cj48dGQgYWxpZ249ImNlbnRlciI+PGZvbnQgZmFjZT0ibW9uYWNvLCBNUyBTYW5zIFNlcmlmIiBz
aXplPSIxIj48Yj4mbmJzcDtGaWd1cmUmbmJzcDszOiBBdXRob3JpemF0aW9uIENvZGUgRmxvdyZu
YnNwOzwvYj48L2ZvbnQ+PGJyIC8+PC90ZD48L3RyPjwvdGFibGU+PGhyIGNsYXNzPSJpbnNlcnQi
IC8+Cgo8cD4KICAgICAgICAgIFRoZSBmbG93IGlsbHVzdHJhdGVkIGluIDxhIGNsYXNzPSdpbmZv
JyBocmVmPScjRmlndXJlLTMnPkZpZ3VyZSZuYnNwOzM8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFz
cz0naW5mbyc+QXV0aG9yaXphdGlvbiBDb2RlIEZsb3c8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+
IGluY2x1ZGVzIHRoZSBmb2xsb3dpbmcgc3RlcHM6CiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAg
ICA8L3A+CjxibG9ja3F1b3RlIGNsYXNzPSJ0ZXh0Ij48ZGw+CjxkdD4oQSk8L2R0Pgo8ZGQ+CiAg
ICAgICAgICAgICAgVGhlIGNsaWVudCBpbml0aWF0ZXMgdGhlIGZsb3cgYnkgZGlyZWN0aW5nIHRo
ZSByZXNvdXJjZSBvd25lcidzIHVzZXItYWdlbnQgdG8gdGhlCiAgICAgICAgICAgICAgYXV0aG9y
aXphdGlvbiBlbmRwb2ludC4gVGhlIGNsaWVudCBpbmNsdWRlcyBpdHMgY2xpZW50IGlkZW50aWZp
ZXIsIHJlcXVlc3RlZAogICAgICAgICAgICAgIHNjb3BlLCBsb2NhbCBzdGF0ZSwgYW5kIGEgcmVk
aXJlY3Rpb24gVVJJIHRvIHdoaWNoIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciB3aWxsIHNlbmQK
ICAgICAgICAgICAgICB0aGUgdXNlci1hZ2VudCBiYWNrIG9uY2UgYWNjZXNzIGlzIGdyYW50ZWQg
KG9yIGRlbmllZCkuCiAgICAgICAgICAgIAo8L2RkPgo8ZHQ+KEIpPC9kdD4KPGRkPgogICAgICAg
ICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhdXRoZW50aWNhdGVzIHRoZSByZXNvdXJj
ZSBvd25lciAodmlhIHRoZSB1c2VyLWFnZW50KSBhbmQKICAgICAgICAgICAgICBlc3RhYmxpc2hl
cyB3aGV0aGVyIHRoZSByZXNvdXJjZSBvd25lciBncmFudHMgb3IgZGVuaWVzIHRoZSBjbGllbnQn
cyBhY2Nlc3MgcmVxdWVzdC4KICAgICAgICAgICAgCjwvZGQ+CjxkdD4oQyk8L2R0Pgo8ZGQ+CiAg
ICAgICAgICAgICAgQXNzdW1pbmcgdGhlIHJlc291cmNlIG93bmVyIGdyYW50cyBhY2Nlc3MsIHRo
ZSBhdXRob3JpemF0aW9uIHNlcnZlciByZWRpcmVjdHMgdGhlCiAgICAgICAgICAgICAgdXNlci1h
Z2VudCBiYWNrIHRvIHRoZSBjbGllbnQgdXNpbmcgdGhlIHJlZGlyZWN0aW9uIFVSSSBwcm92aWRl
ZCBlYXJsaWVyIChpbiB0aGUKICAgICAgICAgICAgICByZXF1ZXN0IG9yIGR1cmluZyBjbGllbnQg
cmVnaXN0cmF0aW9uKS4gVGhlIHJlZGlyZWN0aW9uIFVSSSBpbmNsdWRlcyBhbiBhdXRob3JpemF0
aW9uCiAgICAgICAgICAgICAgY29kZSBhbmQgYW55IGxvY2FsIHN0YXRlIHByb3ZpZGVkIGJ5IHRo
ZSBjbGllbnQgZWFybGllci4KICAgICAgICAgICAgCjwvZGQ+CjxkdD4oRCk8L2R0Pgo8ZGQ+CiAg
ICAgICAgICAgICAgVGhlIGNsaWVudCByZXF1ZXN0cyBhbiBhY2Nlc3MgdG9rZW4gZnJvbSB0aGUg
YXV0aG9yaXphdGlvbiBzZXJ2ZXIncyB0b2tlbiBlbmRwb2ludAogICAgICAgICAgICAgIGJ5IGlu
Y2x1ZGluZyB0aGUgYXV0aG9yaXphdGlvbiBjb2RlIHJlY2VpdmVkIGluIHRoZSBwcmV2aW91cyBz
dGVwLiBXaGVuIG1ha2luZyB0aGUKICAgICAgICAgICAgICByZXF1ZXN0LCB0aGUgY2xpZW50IGF1
dGhlbnRpY2F0ZXMgd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuIFRoZSBjbGllbnQgaW5j
bHVkZXMKICAgICAgICAgICAgICB0aGUgcmVkaXJlY3Rpb24gVVJJIHVzZWQgdG8gb2J0YWluIHRo
ZSBhdXRob3JpemF0aW9uIGNvZGUgZm9yIHZlcmlmaWNhdGlvbi4KICAgICAgICAgICAgCjwvZGQ+
CjxkdD4oRSk8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVy
IGF1dGhlbnRpY2F0ZXMgdGhlIGNsaWVudCwgdmFsaWRhdGVzIHRoZSBhdXRob3JpemF0aW9uIGNv
ZGUsCiAgICAgICAgICAgICAgYW5kIGVuc3VyZXMgdGhlIHJlZGlyZWN0aW9uIFVSSSByZWNlaXZl
ZCBtYXRjaGVzIHRoZSBVUkkgdXNlZCB0byByZWRpcmVjdCB0aGUgY2xpZW50CiAgICAgICAgICAg
ICAgaW4gc3RlcCAoQykuIElmIHZhbGlkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgcmVzcG9u
ZHMgYmFjayB3aXRoIGFuIGFjY2VzcyB0b2tlbgogICAgICAgICAgICAgIGFuZCBvcHRpb25hbGx5
LCBhIHJlZnJlc2ggdG9rZW4uCiAgICAgICAgICAgIAo8L2RkPgo8L2RsPjwvYmxvY2txdW90ZT48
cD4KICAgICAgICAKPC9wPgo8YSBuYW1lPSJjb2RlLWF1dGh6LXJlcSI+PC9hPjxiciAvPjxociAv
Pgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIi
IGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBo
cmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9
InJmYy5zZWN0aW9uLjQuMS4xIj48L2E+PGgzPjQuMS4xLiZuYnNwOwpBdXRob3JpemF0aW9uIFJl
cXVlc3Q8L2gzPgoKPHA+CiAgICAgICAgICAgIFRoZSBjbGllbnQgY29uc3RydWN0cyB0aGUgcmVx
dWVzdCBVUkkgYnkgYWRkaW5nIHRoZSBmb2xsb3dpbmcgcGFyYW1ldGVycyB0byB0aGUKICAgICAg
ICAgICAgcXVlcnkgY29tcG9uZW50IG9mIHRoZSBhdXRob3JpemF0aW9uIGVuZHBvaW50IFVSSSB1
c2luZyB0aGUKICAgICAgICAgICAgPHR0PmFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2Rl
ZDwvdHQ+IGZvcm1hdCBhcyBkZWZpbmVkIGJ5CiAgICAgICAgICAgIDxhIGNsYXNzPSdpbmZvJyBo
cmVmPScjVzNDLlJFQy1odG1sNDAxLTE5OTkxMjI0Jz5bVzNDLlJFQyYjODIwOTtodG1sNDAxJiM4
MjA5OzE5OTkxMjI0XTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5Ib3JzLCBBLiwg
UmFnZ2V0dCwgRC4sIGFuZCBJLiBKYWNvYnMsICZsZHF1bztIVE1MIDQuMDEgU3BlY2lmaWNhdGlv
biwmcmRxdW87IERlY2VtYmVyJm5ic3A7MTk5OS48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+Ogog
ICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgIDwvcD4KPGJsb2NrcXVvdGUgY2xhc3M9InRl
eHQiPjxkbD4KPGR0PnJlc3BvbnNlX3R5cGU8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAKICAg
ICAgICAgICAgICAgIFJFUVVJUkVELiBWYWx1ZSBNVVNUIGJlIHNldCB0byA8dHQ+Y29kZTwvdHQ+
LgogICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+Y2xpZW50X2lkPC9kdD4KPGRkPgogICAgICAgICAg
ICAgICAgCiAgICAgICAgICAgICAgICBSRVFVSVJFRC4gVGhlIGNsaWVudCBpZGVudGlmaWVyIGFz
IGRlc2NyaWJlZCBpbgogICAgICAgICAgICAgICAgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNjbGll
bnQtaWRlbnRpZmllcic+U2VjdGlvbiZuYnNwOzIuMjxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNz
PSdpbmZvJz5DbGllbnQgSWRlbnRpZmllcjwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4uCiAgICAg
ICAgICAgICAgCjwvZGQ+CjxkdD5yZWRpcmVjdF91cmk8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAg
ICAKICAgICAgICAgICAgICAgIE9QVElPTkFMLiBBcyBkZXNjcmliZWQgaW4gPGEgY2xhc3M9J2lu
Zm8nIGhyZWY9JyNyZWRpcmVjdC11cmknPlNlY3Rpb24mbmJzcDszLjEuMjxzcGFuPiAoPC9zcGFu
PjxzcGFuIGNsYXNzPSdpbmZvJz5SZWRpcmVjdGlvbiBFbmRwb2ludDwvc3Bhbj48c3Bhbj4pPC9z
cGFuPjwvYT4uCiAgICAgICAgICAgICAgCjwvZGQ+CjxkdD5zY29wZTwvZHQ+CjxkZD4KICAgICAg
ICAgICAgICAgIAogICAgICAgICAgICAgICAgT1BUSU9OQUwuIFRoZSBzY29wZSBvZiB0aGUgYWNj
ZXNzIHJlcXVlc3QgYXMgZGVzY3JpYmVkIGJ5IDxhIGNsYXNzPSdpbmZvJyBocmVmPScjc2NvcGUn
PlNlY3Rpb24mbmJzcDszLjM8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+QWNjZXNz
IFRva2VuIFNjb3BlPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4KICAgICAgICAgICAgICAKPC9k
ZD4KPGR0PnN0YXRlPC9kdD4KPGRkPgogICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBS
RUNPTU1FTkRFRC4gQW4gb3BhcXVlIHZhbHVlIHVzZWQgYnkgdGhlIGNsaWVudCB0byBtYWludGFp
biBzdGF0ZSBiZXR3ZWVuIHRoZSByZXF1ZXN0CiAgICAgICAgICAgICAgICBhbmQgY2FsbGJhY2su
IFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBpbmNsdWRlcyB0aGlzIHZhbHVlIHdoZW4gcmVkaXJl
Y3RpbmcgdGhlCiAgICAgICAgICAgICAgICB1c2VyLWFnZW50IGJhY2sgdG8gdGhlIGNsaWVudC4g
VGhlIHBhcmFtZXRlciBTSE9VTEQgYmUgdXNlZCBmb3IgcHJldmVudGluZwogICAgICAgICAgICAg
ICAgY3Jvc3Mtc2l0ZSByZXF1ZXN0IGZvcmdlcnkgYXMgZGVzY3JpYmVkIGluIDxhIGNsYXNzPSdp
bmZvJyBocmVmPScjQ1NSRic+U2VjdGlvbiZuYnNwOzEwLjEyPHNwYW4+ICg8L3NwYW4+PHNwYW4g
Y2xhc3M9J2luZm8nPkNyb3NzLVNpdGUgUmVxdWVzdCBGb3JnZXJ5PC9zcGFuPjxzcGFuPik8L3Nw
YW4+PC9hPi4KICAgICAgICAgICAgICAKPC9kZD4KPC9kbD48L2Jsb2NrcXVvdGU+PHA+CiAgICAg
ICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgVGhlIGNsaWVudCBkaXJlY3RzIHRoZSByZXNvdXJj
ZSBvd25lciB0byB0aGUgY29uc3RydWN0ZWQgVVJJIHVzaW5nIGFuIEhUVFAgcmVkaXJlY3Rpb24K
ICAgICAgICAgICAgcmVzcG9uc2UsIG9yIGJ5IG90aGVyIG1lYW5zIGF2YWlsYWJsZSB0byBpdCB2
aWEgdGhlIHVzZXItYWdlbnQuCiAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgICBGb3Ig
ZXhhbXBsZSwgdGhlIGNsaWVudCBkaXJlY3RzIHRoZSB1c2VyLWFnZW50IHRvIG1ha2UgdGhlIGZv
bGxvd2luZyBIVFRQIHJlcXVlc3QKICAgICAgICAgICAgICB1c2luZyBUTFMgKGV4dHJhIGxpbmUg
YnJlYWtzIGFyZSBmb3IgZGlzcGxheSBwdXJwb3NlcyBvbmx5KToKICAgICAgICAgICAgCjwvcD48
ZGl2IHN0eWxlPSdkaXNwbGF5OiB0YWJsZTsgd2lkdGg6IDA7IG1hcmdpbi1sZWZ0OiAzZW07IG1h
cmdpbi1yaWdodDogYXV0byc+PHByZT4KCiAgR0VUIC9hdXRob3JpemU/cmVzcG9uc2VfdHlwZT1j
b2RlJmFtcDtjbGllbnRfaWQ9czZCaGRSa3F0MyZhbXA7c3RhdGU9eHl6CiAgICAgICZhbXA7cmVk
aXJlY3RfdXJpPWh0dHBzJTNBJTJGJTJGY2xpZW50JTJFZXhhbXBsZSUyRWNvbSUyRmNiIEhUVFAv
MS4xCiAgSG9zdDogc2VydmVyLmV4YW1wbGUuY29tCgo8L3ByZT48L2Rpdj4KPHA+CiAgICAgICAg
ICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciB2YWxpZGF0ZXMgdGhlIHJlcXVlc3QgdG8gZW5z
dXJlIGFsbCByZXF1aXJlZCBwYXJhbWV0ZXJzIGFyZQogICAgICAgICAgICBwcmVzZW50IGFuZCB2
YWxpZC4gSWYgdGhlIHJlcXVlc3QgaXMgdmFsaWQsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBh
dXRoZW50aWNhdGVzIHRoZQogICAgICAgICAgICByZXNvdXJjZSBvd25lciBhbmQgb2J0YWlucyBh
biBhdXRob3JpemF0aW9uIGRlY2lzaW9uIChieSBhc2tpbmcgdGhlIHJlc291cmNlIG93bmVyIG9y
CiAgICAgICAgICAgIGJ5IGVzdGFibGlzaGluZyBhcHByb3ZhbCB2aWEgb3RoZXIgbWVhbnMpLgog
ICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgIFdoZW4gYSBkZWNpc2lvbiBpcyBlc3RhYmxp
c2hlZCwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGRpcmVjdHMgdGhlIHVzZXItYWdlbnQgdG8g
dGhlCiAgICAgICAgICAgIHByb3ZpZGVkIGNsaWVudCByZWRpcmVjdGlvbiBVUkkgdXNpbmcgYW4g
SFRUUCByZWRpcmVjdGlvbiByZXNwb25zZSwgb3IgYnkgb3RoZXIgbWVhbnMKICAgICAgICAgICAg
YXZhaWxhYmxlIHRvIGl0IHZpYSB0aGUgdXNlci1hZ2VudC4KICAgICAgICAgIAo8L3A+CjxhIG5h
bWU9ImFuY2hvcjI4Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNl
bGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0
Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwv
YT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uNC4xLjIiPjwvYT48aDM+
NC4xLjIuJm5ic3A7CkF1dGhvcml6YXRpb24gUmVzcG9uc2U8L2gzPgoKPHA+CiAgICAgICAgICAg
IElmIHRoZSByZXNvdXJjZSBvd25lciBncmFudHMgdGhlIGFjY2VzcyByZXF1ZXN0LCB0aGUgYXV0
aG9yaXphdGlvbiBzZXJ2ZXIgaXNzdWVzIGFuCiAgICAgICAgICAgIGF1dGhvcml6YXRpb24gY29k
ZSBhbmQgZGVsaXZlcnMgaXQgdG8gdGhlIGNsaWVudCBieSBhZGRpbmcgdGhlIGZvbGxvd2luZyBw
YXJhbWV0ZXJzIHRvCiAgICAgICAgICAgIHRoZSBxdWVyeSBjb21wb25lbnQgb2YgdGhlIHJlZGly
ZWN0aW9uIFVSSSB1c2luZyB0aGUKICAgICAgICAgICAgPHR0PmFwcGxpY2F0aW9uL3gtd3d3LWZv
cm0tdXJsZW5jb2RlZDwvdHQ+IGZvcm1hdDoKICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAg
ICA8L3A+CjxibG9ja3F1b3RlIGNsYXNzPSJ0ZXh0Ij48ZGw+CjxkdD5jb2RlPC9kdD4KPGRkPgog
ICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBSRVFVSVJFRC4gVGhlIGF1dGhvcml6YXRp
b24gY29kZSBnZW5lcmF0ZWQgYnkgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLiBUaGUKICAgICAg
ICAgICAgICAgIGF1dGhvcml6YXRpb24gY29kZSBNVVNUIGV4cGlyZSBzaG9ydGx5IGFmdGVyIGl0
IGlzIGlzc3VlZCB0byBtaXRpZ2F0ZSB0aGUgcmlzayBvZgogICAgICAgICAgICAgICAgbGVha3Mu
IEEgbWF4aW11bSBhdXRob3JpemF0aW9uIGNvZGUgbGlmZXRpbWUgb2YgMTAgbWludXRlcyBpcyBS
RUNPTU1FTkRFRC4gVGhlCiAgICAgICAgICAgICAgICBjbGllbnQgTVVTVCBOT1QgdXNlIHRoZSBh
dXRob3JpemF0aW9uIGNvZGUgbW9yZSB0aGFuIG9uY2UuIElmIGFuIGF1dGhvcml6YXRpb24gY29k
ZQogICAgICAgICAgICAgICAgaXMgdXNlZCBtb3JlIHRoYW4gb25jZSwgdGhlIGF1dGhvcml6YXRp
b24gc2VydmVyIE1VU1QgZGVueSB0aGUgcmVxdWVzdCBhbmQgU0hPVUxECiAgICAgICAgICAgICAg
ICByZXZva2UgKHdoZW4gcG9zc2libGUpIGFsbCB0b2tlbnMgcHJldmlvdXNseSBpc3N1ZWQgYmFz
ZWQgb24gdGhhdCBhdXRob3JpemF0aW9uCiAgICAgICAgICAgICAgICBjb2RlLiBUaGUgYXV0aG9y
aXphdGlvbiBjb2RlIGlzIGJvdW5kIHRvIHRoZSBjbGllbnQgaWRlbnRpZmllciBhbmQgcmVkaXJl
Y3Rpb24gVVJJLgogICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+c3RhdGU8L2R0Pgo8ZGQ+CiAgICAg
ICAgICAgICAgICAKICAgICAgICAgICAgICAgIFJFUVVJUkVEIGlmIHRoZSA8dHQ+c3RhdGU8L3R0
PiBwYXJhbWV0ZXIgd2FzIHByZXNlbnQgaW4gdGhlCiAgICAgICAgICAgICAgICBjbGllbnQgYXV0
aG9yaXphdGlvbiByZXF1ZXN0LiBUaGUgZXhhY3QgdmFsdWUgcmVjZWl2ZWQgZnJvbSB0aGUgY2xp
ZW50LgogICAgICAgICAgICAgIAo8L2RkPgo8L2RsPjwvYmxvY2txdW90ZT48cD4KICAgICAgICAg
IAo8L3A+CjxwPgogICAgICAgICAgICAgIEZvciBleGFtcGxlLCB0aGUgYXV0aG9yaXphdGlvbiBz
ZXJ2ZXIgcmVkaXJlY3RzIHRoZSB1c2VyLWFnZW50IGJ5IHNlbmRpbmcgdGhlCiAgICAgICAgICAg
ICAgZm9sbG93aW5nIEhUVFAgcmVzcG9uc2U6CiAgICAgICAgICAgIAo8L3A+PGRpdiBzdHlsZT0n
ZGlzcGxheTogdGFibGU7IHdpZHRoOiAwOyBtYXJnaW4tbGVmdDogM2VtOyBtYXJnaW4tcmlnaHQ6
IGF1dG8nPjxwcmU+CgogIEhUVFAvMS4xIDMwMiBGb3VuZAogIExvY2F0aW9uOiBodHRwczovL2Ns
aWVudC5leGFtcGxlLmNvbS9jYj9jb2RlPVNwbHhsT0JlWlFRWWJZUzZXeFNiSUEKICAgICAgICAg
ICAgJmFtcDtzdGF0ZT14eXoKCjwvcHJlPjwvZGl2Pgo8cD4KICAgICAgICAgICAgVGhlIGNsaWVu
dCBNVVNUIGlnbm9yZSB1bnJlY29nbml6ZWQgcmVzcG9uc2UgcGFyYW1ldGVycy4gVGhlIGF1dGhv
cml6YXRpb24gY29kZQogICAgICAgICAgICBzdHJpbmcgc2l6ZSBpcyBsZWZ0IHVuZGVmaW5lZCBi
eSB0aGlzIHNwZWNpZmljYXRpb24uIFRoZSBjbGllbnQgc2hvdWxkIGF2b2lkIG1ha2luZwogICAg
ICAgICAgICBhc3N1bXB0aW9ucyBhYm91dCBjb2RlIHZhbHVlIHNpemVzLiBUaGUgYXV0aG9yaXph
dGlvbiBzZXJ2ZXIgU0hPVUxEIGRvY3VtZW50IHRoZSBzaXplCiAgICAgICAgICAgIG9mIGFueSB2
YWx1ZSBpdCBpc3N1ZXMuCiAgICAgICAgICAKPC9wPgo8YSBuYW1lPSJjb2RlLWF1dGh6LWVycm9y
Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIw
IiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNs
YXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+
PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uNC4xLjIuMSI+PC9hPjxoMz40LjEuMi4xLiZu
YnNwOwpFcnJvciBSZXNwb25zZTwvaDM+Cgo8cD4KICAgICAgICAgICAgICBJZiB0aGUgcmVxdWVz
dCBmYWlscyBkdWUgdG8gYSBtaXNzaW5nLCBpbnZhbGlkLCBvciBtaXNtYXRjaGluZyByZWRpcmVj
dGlvbiBVUkksIG9yIGlmCiAgICAgICAgICAgICAgdGhlIGNsaWVudCBpZGVudGlmaWVyIGlzIG1p
c3Npbmcgb3IgaW52YWxpZCwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCBpbmZvcm0K
ICAgICAgICAgICAgICB0aGUgcmVzb3VyY2Ugb3duZXIgb2YgdGhlIGVycm9yLCBhbmQgTVVTVCBO
T1QgYXV0b21hdGljYWxseSByZWRpcmVjdCB0aGUgdXNlci1hZ2VudAogICAgICAgICAgICAgIHRv
IHRoZSBpbnZhbGlkIHJlZGlyZWN0aW9uIFVSSS4KICAgICAgICAgICAgCjwvcD4KPHA+CiAgICAg
ICAgICAgICAgSWYgdGhlIHJlc291cmNlIG93bmVyIGRlbmllcyB0aGUgYWNjZXNzIHJlcXVlc3Qg
b3IgaWYgdGhlIHJlcXVlc3QgZmFpbHMgZm9yIHJlYXNvbnMKICAgICAgICAgICAgICBvdGhlciB0
aGFuIGEgbWlzc2luZyBvciBpbnZhbGlkIHJlZGlyZWN0aW9uIFVSSSwgdGhlIGF1dGhvcml6YXRp
b24gc2VydmVyIGluZm9ybXMgdGhlCiAgICAgICAgICAgICAgY2xpZW50IGJ5IGFkZGluZyB0aGUg
Zm9sbG93aW5nIHBhcmFtZXRlcnMgdG8gdGhlIHF1ZXJ5IGNvbXBvbmVudCBvZiB0aGUgcmVkaXJl
Y3Rpb24KICAgICAgICAgICAgICBVUkkgdXNpbmcgdGhlIDx0dD5hcHBsaWNhdGlvbi94LXd3dy1m
b3JtLXVybGVuY29kZWQ8L3R0PiBmb3JtYXQ6CiAgICAgICAgICAgIAo8L3A+CjxwPgogICAgICAg
ICAgICAgIDwvcD4KPGJsb2NrcXVvdGUgY2xhc3M9InRleHQiPjxkbD4KPGR0PmVycm9yPC9kdD4K
PGRkPgogICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgUkVRVUlSRUQuIEEgc2lu
Z2xlIEFTQ0lJIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjVVNBU0NJSSc+W1VTQVNDSUldPHNwYW4+
ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkFtZXJpY2FuIE5hdGlvbmFsIFN0YW5kYXJkcyBJ
bnN0aXR1dGUsICZsZHF1bztDb2RlZCBDaGFyYWN0ZXIgU2V0IC0tIDctYml0IEFtZXJpY2FuIFN0
YW5kYXJkIENvZGUgZm9yIEluZm9ybWF0aW9uIEludGVyY2hhbmdlLCZyZHF1bzsgMTk4Ni48L3Nw
YW4+PHNwYW4+KTwvc3Bhbj48L2E+IGVycm9yIGNvZGUgZnJvbSB0aGUgZm9sbG93aW5nOgoKICAg
ICAgICAgICAgICAgICAgCjxibG9ja3F1b3RlIGNsYXNzPSJ0ZXh0Ij48ZGw+CjxkdD5pbnZhbGlk
X3JlcXVlc3Q8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAg
ICAgICAgIFRoZSByZXF1ZXN0IGlzIG1pc3NpbmcgYSByZXF1aXJlZCBwYXJhbWV0ZXIsIGluY2x1
ZGVzIGFuIGludmFsaWQKICAgICAgICAgICAgICAgICAgICAgIHBhcmFtZXRlciB2YWx1ZSwgaW5j
bHVkZXMgYSBwYXJhbWV0ZXIgbW9yZSB0aGFuIG9uY2UsIG9yIGlzIG90aGVyd2lzZQogICAgICAg
ICAgICAgICAgICAgICAgbWFsZm9ybWVkLgogICAgICAgICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+
dW5hdXRob3JpemVkX2NsaWVudDwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgICAgICAgIAogICAg
ICAgICAgICAgICAgICAgICAgVGhlIGNsaWVudCBpcyBub3QgYXV0aG9yaXplZCB0byByZXF1ZXN0
IGFuIGF1dGhvcml6YXRpb24gY29kZSB1c2luZyB0aGlzCiAgICAgICAgICAgICAgICAgICAgICBt
ZXRob2QuCiAgICAgICAgICAgICAgICAgICAgCjwvZGQ+CjxkdD5hY2Nlc3NfZGVuaWVkPC9kdD4K
PGRkPgogICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICBUaGUgcmVz
b3VyY2Ugb3duZXIgb3IgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgZGVuaWVkIHRoZSByZXF1ZXN0Lgog
ICAgICAgICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+dW5zdXBwb3J0ZWRfcmVzcG9uc2VfdHlwZTwv
ZHQ+CjxkZD4KICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgVGhl
IGF1dGhvcml6YXRpb24gc2VydmVyIGRvZXMgbm90IHN1cHBvcnQgb2J0YWluaW5nIGFuIGF1dGhv
cml6YXRpb24gY29kZQogICAgICAgICAgICAgICAgICAgICAgdXNpbmcgdGhpcyBtZXRob2QuCiAg
ICAgICAgICAgICAgICAgICAgCjwvZGQ+CjxkdD5pbnZhbGlkX3Njb3BlPC9kdD4KPGRkPgogICAg
ICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICBUaGUgcmVxdWVzdGVkIHNj
b3BlIGlzIGludmFsaWQsIHVua25vd24sIG9yIG1hbGZvcm1lZC4KICAgICAgICAgICAgICAgICAg
ICAKPC9kZD4KPGR0PnNlcnZlcl9lcnJvcjwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgICAgICAg
IAogICAgICAgICAgICAgICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGVuY291bnRl
cmVkIGFuIHVuZXhwZWN0ZWQgY29uZGl0aW9uIHdoaWNoIHByZXZlbnRlZAogICAgICAgICAgICAg
ICAgICAgICAgaXQgZnJvbSBmdWxmaWxsaW5nIHRoZSByZXF1ZXN0LgogICAgICAgICAgICAgICAg
ICAgIAo8L2RkPgo8ZHQ+dGVtcG9yYXJpbHlfdW5hdmFpbGFibGU8L2R0Pgo8ZGQ+CiAgICAgICAg
ICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNl
cnZlciBpcyBjdXJyZW50bHkgdW5hYmxlIHRvIGhhbmRsZSB0aGUgcmVxdWVzdCBkdWUgdG8gYQog
ICAgICAgICAgICAgICAgICAgICAgdGVtcG9yYXJ5IG92ZXJsb2FkaW5nIG9yIG1haW50ZW5hbmNl
IG9mIHRoZSBzZXJ2ZXIuCiAgICAgICAgICAgICAgICAgICAgCjwvZGQ+CjwvZGw+PC9ibG9ja3F1
b3RlPgoKCQkgIFZhbHVlcyBmb3IgdGhlIDx0dD5lcnJvcjwvdHQ+IHBhcmFtZXRlciBNVVNUIE5P
VCBpbmNsdWRlCgkJICBjaGFyYWN0ZXJzIG91dHNpZGUgdGhlIHNldCAleDIwLTIxIC8gJXgyMy01
QiAvICV4NUQtN0UuCiAgICAgICAgICAgICAgICAKPC9kZD4KPGR0PmVycm9yX2Rlc2NyaXB0aW9u
PC9kdD4KPGRkPgogICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgT1BUSU9OQUwu
IEEgaHVtYW4tcmVhZGFibGUgQVNDSUkgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNVU0FTQ0lJJz5b
VVNBU0NJSV08c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+QW1lcmljYW4gTmF0aW9u
YWwgU3RhbmRhcmRzIEluc3RpdHV0ZSwgJmxkcXVvO0NvZGVkIENoYXJhY3RlciBTZXQgLS0gNy1i
aXQgQW1lcmljYW4gU3RhbmRhcmQgQ29kZSBmb3IgSW5mb3JtYXRpb24gSW50ZXJjaGFuZ2UsJnJk
cXVvOyAxOTg2Ljwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4gdGV4dCBwcm92aWRpbmcgYWRkaXRp
b25hbCBpbmZvcm1hdGlvbiwKICAgICAgICAgICAgICAgICAgdXNlZCB0byBhc3Npc3QgdGhlIGNs
aWVudCBkZXZlbG9wZXIgaW4gdW5kZXJzdGFuZGluZyB0aGUgZXJyb3IgdGhhdCBvY2N1cnJlZC4K
CQkgIDxiciAvPgoKCQkgIFZhbHVlcyBmb3IgdGhlIDx0dD5lcnJvcl9kZXNjcmlwdGlvbjwvdHQ+
IHBhcmFtZXRlciBNVVNUIE5PVCBpbmNsdWRlCgkJICBjaGFyYWN0ZXJzIG91dHNpZGUgdGhlIHNl
dCAleDIwLTIxIC8gJXgyMy01QiAvICV4NUQtN0UuCiAgICAgICAgICAgICAgICAKPC9kZD4KPGR0
PmVycm9yX3VyaTwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAg
IE9QVElPTkFMLiBBIFVSSSBpZGVudGlmeWluZyBhIGh1bWFuLXJlYWRhYmxlIHdlYiBwYWdlIHdp
dGggaW5mb3JtYXRpb24gYWJvdXQgdGhlCiAgICAgICAgICAgICAgICAgIGVycm9yLCB1c2VkIHRv
IHByb3ZpZGUgdGhlIGNsaWVudCBkZXZlbG9wZXIgd2l0aCBhZGRpdGlvbmFsIGluZm9ybWF0aW9u
IGFib3V0IHRoZQogICAgICAgICAgICAgICAgICBlcnJvci4KCQkgIDxiciAvPgoKCQkgIFZhbHVl
cyBmb3IgdGhlIDx0dD5lcnJvcl91cmk8L3R0PiBwYXJhbWV0ZXIKCQkgIE1VU1QgY29uZm9ybSB0
byB0aGUgVVJJLVJlZmVyZW5jZSBzeW50YXgsIGFuZCB0aHVzIE1VU1QgTk9UIGluY2x1ZGUKCQkg
IGNoYXJhY3RlcnMgb3V0c2lkZSB0aGUgc2V0ICV4MjEgLyAleDIzLTVCIC8gJXg1RC03RS4KICAg
ICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+c3RhdGU8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAg
IAogICAgICAgICAgICAgICAgICBSRVFVSVJFRCBpZiBhIDx0dD5zdGF0ZTwvdHQ+IHBhcmFtZXRl
ciB3YXMgcHJlc2VudCBpbiB0aGUKICAgICAgICAgICAgICAgICAgY2xpZW50IGF1dGhvcml6YXRp
b24gcmVxdWVzdC4gVGhlIGV4YWN0IHZhbHVlIHJlY2VpdmVkIGZyb20gdGhlIGNsaWVudC4KICAg
ICAgICAgICAgICAgIAo8L2RkPgo8L2RsPjwvYmxvY2txdW90ZT48cD4KICAgICAgICAgICAgCjwv
cD4KPHA+CiAgICAgICAgICAgICAgICBGb3IgZXhhbXBsZSwgdGhlIGF1dGhvcml6YXRpb24gc2Vy
dmVyIHJlZGlyZWN0cyB0aGUgdXNlci1hZ2VudCBieSBzZW5kaW5nIHRoZQogICAgICAgICAgICAg
ICAgZm9sbG93aW5nIEhUVFAgcmVzcG9uc2U6CiAgICAgICAgICAgICAgCjwvcD48ZGl2IHN0eWxl
PSdkaXNwbGF5OiB0YWJsZTsgd2lkdGg6IDA7IG1hcmdpbi1sZWZ0OiAzZW07IG1hcmdpbi1yaWdo
dDogYXV0byc+PHByZT4KCiAgSFRUUC8xLjEgMzAyIEZvdW5kCiAgTG9jYXRpb246IGh0dHBzOi8v
Y2xpZW50LmV4YW1wbGUuY29tL2NiP2Vycm9yPWFjY2Vzc19kZW5pZWQmYW1wO3N0YXRlPXh5egoK
PC9wcmU+PC9kaXY+CjxhIG5hbWU9ImFuY2hvcjI5Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBz
dW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRP
Q2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2Mi
PiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rp
b24uNC4xLjMiPjwvYT48aDM+NC4xLjMuJm5ic3A7CkFjY2VzcyBUb2tlbiBSZXF1ZXN0PC9oMz4K
CjxwPgogICAgICAgICAgICBUaGUgY2xpZW50IG1ha2VzIGEgcmVxdWVzdCB0byB0aGUgdG9rZW4g
ZW5kcG9pbnQgYnkgYWRkaW5nIHRoZSBmb2xsb3dpbmcgcGFyYW1ldGVycwogICAgICAgICAgICB1
c2luZyB0aGUgPHR0PmFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZDwvdHQ+IGZvcm1h
dCBpbiB0aGUKICAgICAgICAgICAgSFRUUCByZXF1ZXN0IGVudGl0eS1ib2R5OgogICAgICAgICAg
CjwvcD4KPHA+CiAgICAgICAgICAgIDwvcD4KPGJsb2NrcXVvdGUgY2xhc3M9InRleHQiPjxkbD4K
PGR0PmdyYW50X3R5cGU8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAg
IFJFUVVJUkVELiBWYWx1ZSBNVVNUIGJlIHNldCB0byA8dHQ+YXV0aG9yaXphdGlvbl9jb2RlPC90
dD4uCiAgICAgICAgICAgICAgCjwvZGQ+CjxkdD5jb2RlPC9kdD4KPGRkPgogICAgICAgICAgICAg
ICAgCiAgICAgICAgICAgICAgICBSRVFVSVJFRC4gVGhlIGF1dGhvcml6YXRpb24gY29kZSByZWNl
aXZlZCBmcm9tIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4KICAgICAgICAgICAgICAKPC9kZD4K
PGR0PnJlZGlyZWN0X3VyaTwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgIAogICAgICAgICAgICAg
ICAgUkVRVUlSRUQsIGlmIHRoZSA8dHQ+cmVkaXJlY3RfdXJpPC90dD4gcGFyYW1ldGVyIHdhcyBp
bmNsdWRlZCBpbgogICAgICAgICAgICAgICAgdGhlIGF1dGhvcml6YXRpb24gcmVxdWVzdCBhcyBk
ZXNjcmliZWQgaW4gPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNjb2RlLWF1dGh6LXJlcSc+U2VjdGlv
biZuYnNwOzQuMS4xPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkF1dGhvcml6YXRp
b24gUmVxdWVzdDwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4sIGFuZAogICAgICAgICAgICAgICAg
dGhlaXIgdmFsdWVzIE1VU1QgYmUgaWRlbnRpY2FsLgogICAgICAgICAgICAgIAo8L2RkPgo8L2Rs
PjwvYmxvY2txdW90ZT48cD4KICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICBJZiB0aGUg
Y2xpZW50IHR5cGUgaXMgY29uZmlkZW50aWFsIG9yIHRoZSBjbGllbnQgd2FzIGlzc3VlZCBjbGll
bnQgY3JlZGVudGlhbHMgKG9yCiAgICAgICAgICAgIGFzc2lnbmVkIG90aGVyIGF1dGhlbnRpY2F0
aW9uIHJlcXVpcmVtZW50cyksIHRoZSBjbGllbnQgTVVTVCBhdXRoZW50aWNhdGUgd2l0aCB0aGUK
ICAgICAgICAgICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXMgZGVzY3JpYmVkIGluIDxhIGNsYXNz
PSdpbmZvJyBocmVmPScjdG9rZW4tZW5kcG9pbnQtYXV0aCc+U2VjdGlvbiZuYnNwOzMuMi4xPHNw
YW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkNsaWVudCBBdXRoZW50aWNhdGlvbjwvc3Bh
bj48c3Bhbj4pPC9zcGFuPjwvYT4uCiAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgICBG
b3IgZXhhbXBsZSwgdGhlIGNsaWVudCBtYWtlcyB0aGUgZm9sbG93aW5nIEhUVFAgcmVxdWVzdCB1
c2luZyBUTFMgKGV4dHJhIGxpbmUgYnJlYWtzCiAgICAgICAgICAgICAgYXJlIGZvciBkaXNwbGF5
IHB1cnBvc2VzIG9ubHkpOgogICAgICAgICAgICAKPC9wPjxkaXYgc3R5bGU9J2Rpc3BsYXk6IHRh
YmxlOyB3aWR0aDogMDsgbWFyZ2luLWxlZnQ6IDNlbTsgbWFyZ2luLXJpZ2h0OiBhdXRvJz48cHJl
PgoKICBQT1NUIC90b2tlbiBIVFRQLzEuMQogIEhvc3Q6IHNlcnZlci5leGFtcGxlLmNvbQogIEF1
dGhvcml6YXRpb246IEJhc2ljIGN6WkNhR1JTYTNGME16cG5XREZtUW1GME0ySlcKICBDb250ZW50
LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZDtjaGFyc2V0PVVURi04Cgog
IGdyYW50X3R5cGU9YXV0aG9yaXphdGlvbl9jb2RlJmFtcDtjb2RlPVNwbHhsT0JlWlFRWWJZUzZX
eFNiSUEKICAmYW1wO3JlZGlyZWN0X3VyaT1odHRwcyUzQSUyRiUyRmNsaWVudCUyRWV4YW1wbGUl
MkVjb20lMkZjYgoKPC9wcmU+PC9kaXY+CjxwPgogICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlv
biBzZXJ2ZXIgTVVTVDoKICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICA8L3A+Cjx1bCBj
bGFzcz0idGV4dCI+CjxsaT4KICAgICAgICAgICAgICAgIHJlcXVpcmUgY2xpZW50IGF1dGhlbnRp
Y2F0aW9uIGZvciBjb25maWRlbnRpYWwgY2xpZW50cyBvciBmb3IgYW55IGNsaWVudCB0aGF0IHdh
cwogICAgICAgICAgICAgICAgaXNzdWVkIGNsaWVudCBjcmVkZW50aWFscyAob3Igd2l0aCBvdGhl
ciBhdXRoZW50aWNhdGlvbiByZXF1aXJlbWVudHMpLAogICAgICAgICAgICAgIAo8L2xpPgo8bGk+
CiAgICAgICAgICAgICAgICBhdXRoZW50aWNhdGUgdGhlIGNsaWVudCBpZiBjbGllbnQgYXV0aGVu
dGljYXRpb24gaXMgaW5jbHVkZWQgYW5kIGVuc3VyZSB0aGUKICAgICAgICAgICAgICAgIGF1dGhv
cml6YXRpb24gY29kZSB3YXMgaXNzdWVkIHRvIHRoZSBhdXRoZW50aWNhdGVkIGNsaWVudCwKICAg
ICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAgdmVyaWZ5IHRoYXQgdGhlIGF1
dGhvcml6YXRpb24gY29kZSBpcyB2YWxpZCwgYW5kCiAgICAgICAgICAgICAgCjwvbGk+CjxsaT4K
ICAgICAgICAgICAgICAgIGVuc3VyZSB0aGF0IHRoZSA8dHQ+cmVkaXJlY3RfdXJpPC90dD4gcGFy
YW1ldGVyIGlzIHByZXNlbnQgaWYKICAgICAgICAgICAgICAgIHRoZSA8dHQ+cmVkaXJlY3RfdXJp
PC90dD4gcGFyYW1ldGVyIHdhcyBpbmNsdWRlZCBpbiB0aGUgaW5pdGlhbAogICAgICAgICAgICAg
ICAgYXV0aG9yaXphdGlvbiByZXF1ZXN0IGFzIGRlc2NyaWJlZCBpbiA8YSBjbGFzcz0naW5mbycg
aHJlZj0nI2NvZGUtYXV0aHotcmVxJz5TZWN0aW9uJm5ic3A7NC4xLjE8c3Bhbj4gKDwvc3Bhbj48
c3BhbiBjbGFzcz0naW5mbyc+QXV0aG9yaXphdGlvbiBSZXF1ZXN0PC9zcGFuPjxzcGFuPik8L3Nw
YW4+PC9hPiwgYW5kIGlmCiAgICAgICAgICAgICAgICBpbmNsdWRlZCBlbnN1cmUgdGhlaXIgdmFs
dWVzIGFyZSBpZGVudGljYWwuCiAgICAgICAgICAgICAgCjwvbGk+CjwvdWw+PHA+CiAgICAgICAg
ICAKPC9wPgo8YSBuYW1lPSJhbmNob3IzMCI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFy
eT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWci
IGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJz
cDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjQu
MS40Ij48L2E+PGgzPjQuMS40LiZuYnNwOwpBY2Nlc3MgVG9rZW4gUmVzcG9uc2U8L2gzPgoKPHA+
CiAgICAgICAgICAgIElmIHRoZSBhY2Nlc3MgdG9rZW4gcmVxdWVzdCBpcyB2YWxpZCBhbmQgYXV0
aG9yaXplZCwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGlzc3VlcyBhbgogICAgICAgICAgICBh
Y2Nlc3MgdG9rZW4gYW5kIG9wdGlvbmFsIHJlZnJlc2ggdG9rZW4gYXMgZGVzY3JpYmVkIGluIDxh
IGNsYXNzPSdpbmZvJyBocmVmPScjdG9rZW4tcmVzcG9uc2UnPlNlY3Rpb24mbmJzcDs1LjE8c3Bh
bj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+U3VjY2Vzc2Z1bCBSZXNwb25zZTwvc3Bhbj48
c3Bhbj4pPC9zcGFuPjwvYT4uCiAgICAgICAgICAgIElmIHRoZSByZXF1ZXN0IGNsaWVudCBhdXRo
ZW50aWNhdGlvbiBmYWlsZWQgb3IgaXMgaW52YWxpZCwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVy
IHJldHVybnMKICAgICAgICAgICAgYW4gZXJyb3IgcmVzcG9uc2UgYXMgZGVzY3JpYmVkIGluIDxh
IGNsYXNzPSdpbmZvJyBocmVmPScjdG9rZW4tZXJyb3JzJz5TZWN0aW9uJm5ic3A7NS4yPHNwYW4+
ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkVycm9yIFJlc3BvbnNlPC9zcGFuPjxzcGFuPik8
L3NwYW4+PC9hPi4KICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICAgIEFuIGV4YW1wbGUg
c3VjY2Vzc2Z1bCByZXNwb25zZToKICAgICAgICAgICAgCjwvcD48ZGl2IHN0eWxlPSdkaXNwbGF5
OiB0YWJsZTsgd2lkdGg6IDA7IG1hcmdpbi1sZWZ0OiAzZW07IG1hcmdpbi1yaWdodDogYXV0byc+
PHByZT4KCiAgSFRUUC8xLjEgMjAwIE9LCiAgQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9qc29u
O2NoYXJzZXQ9VVRGLTgKICBDYWNoZS1Db250cm9sOiBuby1zdG9yZQogIFByYWdtYTogbm8tY2Fj
aGUKCiAgewogICAgImFjY2Vzc190b2tlbiI6IjJZb3RuRlpGRWpyMXpDc2ljTVdwQUEiLAogICAg
InRva2VuX3R5cGUiOiJleGFtcGxlIiwKICAgICJleHBpcmVzX2luIjozNjAwLAogICAgInJlZnJl
c2hfdG9rZW4iOiJ0R3p2M0pPa0YwWEc1UXgyVGxLV0lBIiwKICAgICJleGFtcGxlX3BhcmFtZXRl
ciI6ImV4YW1wbGVfdmFsdWUiCiAgfQoKPC9wcmU+PC9kaXY+CjxhIG5hbWU9ImdyYW50LWltcGxp
Y2l0Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5n
PSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRk
IGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwv
dHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uNC4yIj48L2E+PGgzPjQuMi4mbmJzcDsK
SW1wbGljaXQgR3JhbnQ8L2gzPgoKPHA+CiAgICAgICAgICBUaGUgaW1wbGljaXQgZ3JhbnQgdHlw
ZSBpcyB1c2VkIHRvIG9idGFpbiBhY2Nlc3MgdG9rZW5zIChpdCBkb2VzIG5vdCBzdXBwb3J0IHRo
ZSBpc3N1YW5jZQogICAgICAgICAgb2YgcmVmcmVzaCB0b2tlbnMpIGFuZCBpcyBvcHRpbWl6ZWQg
Zm9yIHB1YmxpYyBjbGllbnRzIGtub3duIHRvIG9wZXJhdGUgYSBwYXJ0aWN1bGFyCiAgICAgICAg
ICByZWRpcmVjdGlvbiBVUkkuIFRoZXNlIGNsaWVudHMgYXJlIHR5cGljYWxseSBpbXBsZW1lbnRl
ZCBpbiBhIGJyb3dzZXIgdXNpbmcgYSBzY3JpcHRpbmcKICAgICAgICAgIGxhbmd1YWdlIHN1Y2gg
YXMgSmF2YVNjcmlwdC4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIEFzIGEgcmVkaXJlY3Rp
b24tYmFzZWQgZmxvdywgdGhlIGNsaWVudCBtdXN0IGJlIGNhcGFibGUgb2YgaW50ZXJhY3Rpbmcg
d2l0aCB0aGUKICAgICAgICAgIHJlc291cmNlIG93bmVyJ3MgdXNlci1hZ2VudCAodHlwaWNhbGx5
IGEgd2ViIGJyb3dzZXIpIGFuZCBjYXBhYmxlIG9mIHJlY2VpdmluZyBpbmNvbWluZwogICAgICAg
ICAgcmVxdWVzdHMgKHZpYSByZWRpcmVjdGlvbikgZnJvbSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2
ZXIuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBVbmxpa2UgdGhlIGF1dGhvcml6YXRpb24g
Y29kZSBncmFudCB0eXBlIGluIHdoaWNoIHRoZSBjbGllbnQgbWFrZXMgc2VwYXJhdGUgcmVxdWVz
dHMgZm9yCiAgICAgICAgICBhdXRob3JpemF0aW9uIGFuZCBhY2Nlc3MgdG9rZW4sIHRoZSBjbGll
bnQgcmVjZWl2ZXMgdGhlIGFjY2VzcyB0b2tlbiBhcyB0aGUgcmVzdWx0IG9mIHRoZQogICAgICAg
ICAgYXV0aG9yaXphdGlvbiByZXF1ZXN0LgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgVGhl
IGltcGxpY2l0IGdyYW50IHR5cGUgZG9lcyBub3QgaW5jbHVkZSBjbGllbnQgYXV0aGVudGljYXRp
b24sIGFuZCByZWxpZXMgb24gdGhlCiAgICAgICAgICBwcmVzZW5jZSBvZiB0aGUgcmVzb3VyY2Ug
b3duZXIgYW5kIHRoZSByZWdpc3RyYXRpb24gb2YgdGhlIHJlZGlyZWN0aW9uIFVSSS4gQmVjYXVz
ZSB0aGUKICAgICAgICAgIGFjY2VzcyB0b2tlbiBpcyBlbmNvZGVkIGludG8gdGhlIHJlZGlyZWN0
aW9uIFVSSSwgaXQgbWF5IGJlIGV4cG9zZWQgdG8gdGhlIHJlc291cmNlIG93bmVyCiAgICAgICAg
ICBhbmQgb3RoZXIgYXBwbGljYXRpb25zIHJlc2lkaW5nIG9uIHRoZSBzYW1lIGRldmljZS4KICAg
ICAgICAKPC9wPjxiciAvPjxociBjbGFzcz0iaW5zZXJ0IiAvPgo8YSBuYW1lPSJGaWd1cmUtNCI+
PC9hPgo8ZGl2IHN0eWxlPSdkaXNwbGF5OiB0YWJsZTsgd2lkdGg6IDA7IG1hcmdpbi1sZWZ0OiAz
ZW07IG1hcmdpbi1yaWdodDogYXV0byc+PHByZT4KCiAgKy0tLS0tLS0tLS0rCiAgfCBSZXNvdXJj
ZSB8CiAgfCAgT3duZXIgICB8CiAgfCAgICAgICAgICB8CiAgKy0tLS0tLS0tLS0rCiAgICAgICBe
CiAgICAgICB8CiAgICAgIChCKQogICstLS0tfC0tLS0tKyAgICAgICAgICBDbGllbnQgSWRlbnRp
ZmllciAgICAgKy0tLS0tLS0tLS0tLS0tLSsKICB8ICAgICAgICAgLSstLS0tKEEpLS0gJmFtcDsg
UmVkaXJlY3Rpb24gVVJJIC0tLSZndDt8ICAgICAgICAgICAgICAgfAogIHwgIFVzZXItICAgfCAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCBBdXRob3JpemF0aW9uIHwKICB8ICBBZ2Vu
dCAgLXwtLS0tKEIpLS0gVXNlciBhdXRoZW50aWNhdGVzIC0tJmd0O3wgICAgIFNlcnZlciAgICB8
CiAgfCAgICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8ICAgICAgICAg
ICAgICAgfAogIHwgICAgICAgICAgfCZsdDstLS0oQyktLS0gUmVkaXJlY3Rpb24gVVJJIC0tLS0m
bHQ7fCAgICAgICAgICAgICAgIHwKICB8ICAgICAgICAgIHwgICAgICAgICAgd2l0aCBBY2Nlc3Mg
VG9rZW4gICAgICstLS0tLS0tLS0tLS0tLS0rCiAgfCAgICAgICAgICB8ICAgICAgICAgICAgaW4g
RnJhZ21lbnQKICB8ICAgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICst
LS0tLS0tLS0tLS0tLS0rCiAgfCAgICAgICAgICB8LS0tLShEKS0tLSBSZWRpcmVjdGlvbiBVUkkg
LS0tLSZndDt8ICAgV2ViLUhvc3RlZCAgfAogIHwgICAgICAgICAgfCAgICAgICAgICB3aXRob3V0
IEZyYWdtZW50ICAgICAgfCAgICAgQ2xpZW50ICAgIHwKICB8ICAgICAgICAgIHwgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgIHwgICAgUmVzb3VyY2UgICB8CiAgfCAgICAgKEYpICB8Jmx0
Oy0tLShFKS0tLS0tLS0gU2NyaXB0IC0tLS0tLS0tLSZsdDt8ICAgICAgICAgICAgICAgfAogIHwg
ICAgICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKy0tLS0tLS0tLS0tLS0t
LSsKICArLXwtLS0tLS0tLSsKICAgIHwgICAgfAogICAoQSkgIChHKSBBY2Nlc3MgVG9rZW4KICAg
IHwgICAgfAogICAgXiAgICB2CiAgKy0tLS0tLS0tLSsKICB8ICAgICAgICAgfAogIHwgIENsaWVu
dCB8CiAgfCAgICAgICAgIHwKICArLS0tLS0tLS0tKwoKPC9wcmU+PC9kaXY+CjxwPgogICAgICAg
ICAgICBOb3RlOiBUaGUgbGluZXMgaWxsdXN0cmF0aW5nIHN0ZXBzIEEgYW5kIEIgYXJlIGJyb2tl
biBpbnRvIHR3byBwYXJ0cyBhcyB0aGV5IHBhc3MKICAgICAgICAgICAgdGhyb3VnaCB0aGUgdXNl
ci1hZ2VudC4KICAgICAgICAgIAo8L3A+PHRhYmxlIGJvcmRlcj0iMCIgY2VsbHBhZGRpbmc9IjAi
IGNlbGxzcGFjaW5nPSIyIiBhbGlnbj0iY2VudGVyIj48dHI+PHRkIGFsaWduPSJjZW50ZXIiPjxm
b250IGZhY2U9Im1vbmFjbywgTVMgU2FucyBTZXJpZiIgc2l6ZT0iMSI+PGI+Jm5ic3A7RmlndXJl
Jm5ic3A7NDogSW1wbGljaXQgR3JhbnQgRmxvdyZuYnNwOzwvYj48L2ZvbnQ+PGJyIC8+PC90ZD48
L3RyPjwvdGFibGU+PGhyIGNsYXNzPSJpbnNlcnQiIC8+Cgo8cD4KICAgICAgICAgIFRoZSBmbG93
IGlsbHVzdHJhdGVkIGluIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjRmlndXJlLTQnPkZpZ3VyZSZu
YnNwOzQ8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+SW1wbGljaXQgR3JhbnQgRmxv
dzwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4gaW5jbHVkZXMgdGhlIGZvbGxvd2luZyBzdGVwczoK
ICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIDwvcD4KPGJsb2NrcXVvdGUgY2xhc3M9InRleHQi
PjxkbD4KPGR0PihBKTwvZHQ+CjxkZD4KICAgICAgICAgICAgICBUaGUgY2xpZW50IGluaXRpYXRl
cyB0aGUgZmxvdyBieSBkaXJlY3RpbmcgdGhlIHJlc291cmNlIG93bmVyJ3MgdXNlci1hZ2VudCB0
byB0aGUKICAgICAgICAgICAgICBhdXRob3JpemF0aW9uIGVuZHBvaW50LiBUaGUgY2xpZW50IGlu
Y2x1ZGVzIGl0cyBjbGllbnQgaWRlbnRpZmllciwgcmVxdWVzdGVkCiAgICAgICAgICAgICAgc2Nv
cGUsIGxvY2FsIHN0YXRlLCBhbmQgYSByZWRpcmVjdGlvbiBVUkkgdG8gd2hpY2ggdGhlIGF1dGhv
cml6YXRpb24gc2VydmVyIHdpbGwgc2VuZAogICAgICAgICAgICAgIHRoZSB1c2VyLWFnZW50IGJh
Y2sgb25jZSBhY2Nlc3MgaXMgZ3JhbnRlZCAob3IgZGVuaWVkKS4KICAgICAgICAgICAgCjwvZGQ+
CjxkdD4oQik8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVy
IGF1dGhlbnRpY2F0ZXMgdGhlIHJlc291cmNlIG93bmVyICh2aWEgdGhlIHVzZXItYWdlbnQpIGFu
ZAogICAgICAgICAgICAgIGVzdGFibGlzaGVzIHdoZXRoZXIgdGhlIHJlc291cmNlIG93bmVyIGdy
YW50cyBvciBkZW5pZXMgdGhlIGNsaWVudCdzIGFjY2VzcyByZXF1ZXN0LgogICAgICAgICAgICAK
PC9kZD4KPGR0PihDKTwvZHQ+CjxkZD4KICAgICAgICAgICAgICBBc3N1bWluZyB0aGUgcmVzb3Vy
Y2Ugb3duZXIgZ3JhbnRzIGFjY2VzcywgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHJlZGlyZWN0
cyB0aGUKICAgICAgICAgICAgICB1c2VyLWFnZW50IGJhY2sgdG8gdGhlIGNsaWVudCB1c2luZyB0
aGUgcmVkaXJlY3Rpb24gVVJJIHByb3ZpZGVkIGVhcmxpZXIuIFRoZQogICAgICAgICAgICAgIHJl
ZGlyZWN0aW9uIFVSSSBpbmNsdWRlcyB0aGUgYWNjZXNzIHRva2VuIGluIHRoZSBVUkkgZnJhZ21l
bnQuCiAgICAgICAgICAgIAo8L2RkPgo8ZHQ+KEQpPC9kdD4KPGRkPgogICAgICAgICAgICAgIFRo
ZSB1c2VyLWFnZW50IGZvbGxvd3MgdGhlIHJlZGlyZWN0aW9uIGluc3RydWN0aW9ucyBieSBtYWtp
bmcgYSByZXF1ZXN0IHRvIHRoZQogICAgICAgICAgICAgIHdlYi1ob3N0ZWQgY2xpZW50IHJlc291
cmNlICh3aGljaCBkb2VzIG5vdCBpbmNsdWRlIHRoZSBmcmFnbWVudCBwZXIKICAgICAgICAgICAg
ICA8YSBjbGFzcz0naW5mbycgaHJlZj0nI1JGQzI2MTYnPltSRkMyNjE2XTxzcGFuPiAoPC9zcGFu
PjxzcGFuIGNsYXNzPSdpbmZvJz5GaWVsZGluZywgUi4sIEdldHR5cywgSi4sIE1vZ3VsLCBKLiwg
RnJ5c3R5aywgSC4sIE1hc2ludGVyLCBMLiwgTGVhY2gsIFAuLCBhbmQgVC4gQmVybmVycy1MZWUs
ICZsZHF1bztIeXBlcnRleHQgVHJhbnNmZXIgUHJvdG9jb2wgLS0gSFRUUC8xLjEsJnJkcXVvOyBK
dW5lJm5ic3A7MTk5OS48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+KS4gVGhlIHVzZXItYWdlbnQg
cmV0YWlucyB0aGUgZnJhZ21lbnQgaW5mb3JtYXRpb24gbG9jYWxseS4KICAgICAgICAgICAgCjwv
ZGQ+CjxkdD4oRSk8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgVGhlIHdlYi1ob3N0ZWQgY2xpZW50
IHJlc291cmNlIHJldHVybnMgYSB3ZWIgcGFnZSAodHlwaWNhbGx5IGFuIEhUTUwgZG9jdW1lbnQg
d2l0aCBhbgogICAgICAgICAgICAgIGVtYmVkZGVkIHNjcmlwdCkgY2FwYWJsZSBvZiBhY2Nlc3Np
bmcgdGhlIGZ1bGwgcmVkaXJlY3Rpb24gVVJJIGluY2x1ZGluZyB0aGUgZnJhZ21lbnQKICAgICAg
ICAgICAgICByZXRhaW5lZCBieSB0aGUgdXNlci1hZ2VudCwgYW5kIGV4dHJhY3RpbmcgdGhlIGFj
Y2VzcyB0b2tlbiAoYW5kIG90aGVyIHBhcmFtZXRlcnMpCiAgICAgICAgICAgICAgY29udGFpbmVk
IGluIHRoZSBmcmFnbWVudC4KICAgICAgICAgICAgCjwvZGQ+CjxkdD4oRik8L2R0Pgo8ZGQ+CiAg
ICAgICAgICAgICAgVGhlIHVzZXItYWdlbnQgZXhlY3V0ZXMgdGhlIHNjcmlwdCBwcm92aWRlZCBi
eSB0aGUgd2ViLWhvc3RlZCBjbGllbnQgcmVzb3VyY2UKICAgICAgICAgICAgICBsb2NhbGx5LCB3
aGljaCBleHRyYWN0cyB0aGUgYWNjZXNzIHRva2VuIGFuZCBwYXNzZXMgaXQgdG8gdGhlIGNsaWVu
dC4KICAgICAgICAgICAgCjwvZGQ+CjwvZGw+PC9ibG9ja3F1b3RlPjxwPgogICAgICAgIAo8L3A+
CjxhIG5hbWU9ImltcGxpY2l0LWF1dGh6LXJlcSI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3Vt
bWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0Ni
dWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4m
bmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9u
LjQuMi4xIj48L2E+PGgzPjQuMi4xLiZuYnNwOwpBdXRob3JpemF0aW9uIFJlcXVlc3Q8L2gzPgoK
PHA+CiAgICAgICAgICAgIFRoZSBjbGllbnQgY29uc3RydWN0cyB0aGUgcmVxdWVzdCBVUkkgYnkg
YWRkaW5nIHRoZSBmb2xsb3dpbmcgcGFyYW1ldGVycyB0byB0aGUKICAgICAgICAgICAgcXVlcnkg
Y29tcG9uZW50IG9mIHRoZSBhdXRob3JpemF0aW9uIGVuZHBvaW50IFVSSSB1c2luZyB0aGUKICAg
ICAgICAgICAgPHR0PmFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZDwvdHQ+IGZvcm1h
dDoKICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICA8L3A+CjxibG9ja3F1b3RlIGNsYXNz
PSJ0ZXh0Ij48ZGw+CjxkdD5yZXNwb25zZV90eXBlPC9kdD4KPGRkPgogICAgICAgICAgICAgICAg
CiAgICAgICAgICAgICAgICBSRVFVSVJFRC4gVmFsdWUgTVVTVCBiZSBzZXQgdG8gPHR0PnRva2Vu
PC90dD4uCiAgICAgICAgICAgICAgCjwvZGQ+CjxkdD5jbGllbnRfaWQ8L2R0Pgo8ZGQ+CiAgICAg
ICAgICAgICAgICAKICAgICAgICAgICAgICAgIFJFUVVJUkVELiBUaGUgY2xpZW50IGlkZW50aWZp
ZXIgYXMgZGVzY3JpYmVkIGluCiAgICAgICAgICAgICAgICA8YSBjbGFzcz0naW5mbycgaHJlZj0n
I2NsaWVudC1pZGVudGlmaWVyJz5TZWN0aW9uJm5ic3A7Mi4yPHNwYW4+ICg8L3NwYW4+PHNwYW4g
Y2xhc3M9J2luZm8nPkNsaWVudCBJZGVudGlmaWVyPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4K
ICAgICAgICAgICAgICAKPC9kZD4KPGR0PnJlZGlyZWN0X3VyaTwvZHQ+CjxkZD4KICAgICAgICAg
ICAgICAgIAogICAgICAgICAgICAgICAgT1BUSU9OQUwuIEFzIGRlc2NyaWJlZCBpbiA8YSBjbGFz
cz0naW5mbycgaHJlZj0nI3JlZGlyZWN0LXVyaSc+U2VjdGlvbiZuYnNwOzMuMS4yPHNwYW4+ICg8
L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPlJlZGlyZWN0aW9uIEVuZHBvaW50PC9zcGFuPjxzcGFu
Pik8L3NwYW4+PC9hPi4KICAgICAgICAgICAgICAKPC9kZD4KPGR0PnNjb3BlPC9kdD4KPGRkPgog
ICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBPUFRJT05BTC4gVGhlIHNjb3BlIG9mIHRo
ZSBhY2Nlc3MgcmVxdWVzdCBhcyBkZXNjcmliZWQgYnkgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNz
Y29wZSc+U2VjdGlvbiZuYnNwOzMuMzxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5B
Y2Nlc3MgVG9rZW4gU2NvcGU8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LgogICAgICAgICAgICAg
IAo8L2RkPgo8ZHQ+c3RhdGU8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAg
ICAgIFJFQ09NTUVOREVELiBBbiBvcGFxdWUgdmFsdWUgdXNlZCBieSB0aGUgY2xpZW50IHRvIG1h
aW50YWluIHN0YXRlIGJldHdlZW4gdGhlIHJlcXVlc3QKICAgICAgICAgICAgICAgIGFuZCBjYWxs
YmFjay4gVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGluY2x1ZGVzIHRoaXMgdmFsdWUgd2hlbiBy
ZWRpcmVjdGluZyB0aGUKICAgICAgICAgICAgICAgIHVzZXItYWdlbnQgYmFjayB0byB0aGUgY2xp
ZW50LiBUaGUgcGFyYW1ldGVyIFNIT1VMRCBiZSB1c2VkIGZvciBwcmV2ZW50aW5nCiAgICAgICAg
ICAgICAgICBjcm9zcy1zaXRlIHJlcXVlc3QgZm9yZ2VyeSBhcyBkZXNjcmliZWQgaW4gPGEgY2xh
c3M9J2luZm8nIGhyZWY9JyNDU1JGJz5TZWN0aW9uJm5ic3A7MTAuMTI8c3Bhbj4gKDwvc3Bhbj48
c3BhbiBjbGFzcz0naW5mbyc+Q3Jvc3MtU2l0ZSBSZXF1ZXN0IEZvcmdlcnk8L3NwYW4+PHNwYW4+
KTwvc3Bhbj48L2E+LgogICAgICAgICAgICAgIAo8L2RkPgo8L2RsPjwvYmxvY2txdW90ZT48cD4K
ICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICBUaGUgY2xpZW50IGRpcmVjdHMgdGhlIHJl
c291cmNlIG93bmVyIHRvIHRoZSBjb25zdHJ1Y3RlZCBVUkkgdXNpbmcgYW4gSFRUUCByZWRpcmVj
dGlvbgogICAgICAgICAgICByZXNwb25zZSwgb3IgYnkgb3RoZXIgbWVhbnMgYXZhaWxhYmxlIHRv
IGl0IHZpYSB0aGUgdXNlci1hZ2VudC4KICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICAg
IEZvciBleGFtcGxlLCB0aGUgY2xpZW50IGRpcmVjdHMgdGhlIHVzZXItYWdlbnQgdG8gbWFrZSB0
aGUgZm9sbG93aW5nIEhUVFAgcmVxdWVzdAogICAgICAgICAgICAgIHVzaW5nIFRMUyAoZXh0cmEg
bGluZSBicmVha3MgYXJlIGZvciBkaXNwbGF5IHB1cnBvc2VzIG9ubHkpOgogICAgICAgICAgICAK
PC9wPjxkaXYgc3R5bGU9J2Rpc3BsYXk6IHRhYmxlOyB3aWR0aDogMDsgbWFyZ2luLWxlZnQ6IDNl
bTsgbWFyZ2luLXJpZ2h0OiBhdXRvJz48cHJlPgoKICBHRVQgL2F1dGhvcml6ZT9yZXNwb25zZV90
eXBlPXRva2VuJmFtcDtjbGllbnRfaWQ9czZCaGRSa3F0MyZhbXA7c3RhdGU9eHl6CiAgICAgICZh
bXA7cmVkaXJlY3RfdXJpPWh0dHBzJTNBJTJGJTJGY2xpZW50JTJFZXhhbXBsZSUyRWNvbSUyRmNi
IEhUVFAvMS4xCiAgSG9zdDogc2VydmVyLmV4YW1wbGUuY29tCgo8L3ByZT48L2Rpdj4KPHA+CiAg
ICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciB2YWxpZGF0ZXMgdGhlIHJlcXVlc3Qg
dG8gZW5zdXJlIGFsbCByZXF1aXJlZCBwYXJhbWV0ZXJzIGFyZQogICAgICAgICAgICBwcmVzZW50
IGFuZCB2YWxpZC4gVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgdmVyaWZ5IHRoYXQgdGhl
IHJlZGlyZWN0aW9uIFVSSSB0byB3aGljaAogICAgICAgICAgICBpdCB3aWxsIHJlZGlyZWN0IHRo
ZSBhY2Nlc3MgdG9rZW4gbWF0Y2hlcyBhIHJlZGlyZWN0aW9uIFVSSSByZWdpc3RlcmVkIGJ5IHRo
ZSBjbGllbnQgYXMKICAgICAgICAgICAgZGVzY3JpYmVkIGluIDxhIGNsYXNzPSdpbmZvJyBocmVm
PScjcmVkaXJlY3QtdXJpJz5TZWN0aW9uJm5ic3A7My4xLjI8c3Bhbj4gKDwvc3Bhbj48c3BhbiBj
bGFzcz0naW5mbyc+UmVkaXJlY3Rpb24gRW5kcG9pbnQ8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+
LgogICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgIElmIHRoZSByZXF1ZXN0IGlzIHZhbGlk
LCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXV0aGVudGljYXRlcyB0aGUgcmVzb3VyY2Ugb3du
ZXIgYW5kCiAgICAgICAgICAgIG9idGFpbnMgYW4gYXV0aG9yaXphdGlvbiBkZWNpc2lvbiAoYnkg
YXNraW5nIHRoZSByZXNvdXJjZSBvd25lciBvciBieSBlc3RhYmxpc2hpbmcKICAgICAgICAgICAg
YXBwcm92YWwgdmlhIG90aGVyIG1lYW5zKS4KICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAg
ICBXaGVuIGEgZGVjaXNpb24gaXMgZXN0YWJsaXNoZWQsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZl
ciBkaXJlY3RzIHRoZSB1c2VyLWFnZW50IHRvIHRoZQogICAgICAgICAgICBwcm92aWRlZCBjbGll
bnQgcmVkaXJlY3Rpb24gVVJJIHVzaW5nIGFuIEhUVFAgcmVkaXJlY3Rpb24gcmVzcG9uc2UsIG9y
IGJ5IG90aGVyIG1lYW5zCiAgICAgICAgICAgIGF2YWlsYWJsZSB0byBpdCB2aWEgdGhlIHVzZXIt
YWdlbnQuCiAgICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3IzMSI+PC9hPjxiciAvPjxociAv
Pgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIi
IGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBo
cmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9
InJmYy5zZWN0aW9uLjQuMi4yIj48L2E+PGgzPjQuMi4yLiZuYnNwOwpBY2Nlc3MgVG9rZW4gUmVz
cG9uc2U8L2gzPgoKPHA+CiAgICAgICAgICAgIElmIHRoZSByZXNvdXJjZSBvd25lciBncmFudHMg
dGhlIGFjY2VzcyByZXF1ZXN0LCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgaXNzdWVzIGFuCiAg
ICAgICAgICAgIGFjY2VzcyB0b2tlbiBhbmQgZGVsaXZlcnMgaXQgdG8gdGhlIGNsaWVudCBieSBh
ZGRpbmcgdGhlIGZvbGxvd2luZyBwYXJhbWV0ZXJzIHRvCiAgICAgICAgICAgIHRoZSBmcmFnbWVu
dCBjb21wb25lbnQgb2YgdGhlIHJlZGlyZWN0aW9uIFVSSSB1c2luZyB0aGUKICAgICAgICAgICAg
PHR0PmFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZDwvdHQ+IGZvcm1hdDoKICAgICAg
ICAgIAo8L3A+CjxwPgogICAgICAgICAgICA8L3A+CjxibG9ja3F1b3RlIGNsYXNzPSJ0ZXh0Ij48
ZGw+CjxkdD5hY2Nlc3NfdG9rZW48L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAKICAgICAgICAg
ICAgICAgIFJFUVVJUkVELiBUaGUgYWNjZXNzIHRva2VuIGlzc3VlZCBieSB0aGUgYXV0aG9yaXph
dGlvbiBzZXJ2ZXIuCiAgICAgICAgICAgICAgCjwvZGQ+CjxkdD50b2tlbl90eXBlPC9kdD4KPGRk
PgogICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBSRVFVSVJFRC4gVGhlIHR5cGUgb2Yg
dGhlIHRva2VuIGlzc3VlZCBhcyBkZXNjcmliZWQgaW4KICAgICAgICAgICAgICAgIDxhIGNsYXNz
PSdpbmZvJyBocmVmPScjdG9rZW4tdHlwZXMnPlNlY3Rpb24mbmJzcDs3LjE8c3Bhbj4gKDwvc3Bh
bj48c3BhbiBjbGFzcz0naW5mbyc+QWNjZXNzIFRva2VuIFR5cGVzPC9zcGFuPjxzcGFuPik8L3Nw
YW4+PC9hPi4gVmFsdWUgaXMgY2FzZSBpbnNlbnNpdGl2ZS4KICAgICAgICAgICAgICAKPC9kZD4K
PGR0PmV4cGlyZXNfaW48L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAg
IFJFQ09NTUVOREVELiBUaGUgbGlmZXRpbWUgaW4gc2Vjb25kcyBvZiB0aGUgYWNjZXNzIHRva2Vu
LiBGb3IgZXhhbXBsZSwgdGhlIHZhbHVlCiAgICAgICAgICAgICAgICA8dHQ+MzYwMDwvdHQ+IGRl
bm90ZXMgdGhhdCB0aGUgYWNjZXNzIHRva2VuIHdpbGwgZXhwaXJlIGluIG9uZQogICAgICAgICAg
ICAgICAgaG91ciBmcm9tIHRoZSB0aW1lIHRoZSByZXNwb25zZSB3YXMgZ2VuZXJhdGVkLiBJZiBv
bWl0dGVkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIKICAgICAgICAgICAgICAgIFNIT1VMRCBw
cm92aWRlIHRoZSBleHBpcmF0aW9uIHRpbWUgdmlhIG90aGVyIG1lYW5zIG9yIGRvY3VtZW50IHRo
ZSBkZWZhdWx0IHZhbHVlLgogICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+c2NvcGU8L2R0Pgo8ZGQ+
CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgIE9QVElPTkFMLCBpZiBpZGVudGljYWwg
dG8gdGhlIHNjb3BlIHJlcXVlc3RlZCBieSB0aGUgY2xpZW50LCBvdGhlcndpc2UgUkVRVUlSRUQu
IFRoZQogICAgICAgICAgICAgICAgc2NvcGUgb2YgdGhlIGFjY2VzcyB0b2tlbiBhcyBkZXNjcmli
ZWQgYnkgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNzY29wZSc+U2VjdGlvbiZuYnNwOzMuMzxzcGFu
PiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5BY2Nlc3MgVG9rZW4gU2NvcGU8L3NwYW4+PHNw
YW4+KTwvc3Bhbj48L2E+LgogICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+c3RhdGU8L2R0Pgo8ZGQ+
CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgIFJFUVVJUkVEIGlmIHRoZSA8dHQ+c3Rh
dGU8L3R0PiBwYXJhbWV0ZXIgd2FzIHByZXNlbnQgaW4gdGhlCiAgICAgICAgICAgICAgICBjbGll
bnQgYXV0aG9yaXphdGlvbiByZXF1ZXN0LiBUaGUgZXhhY3QgdmFsdWUgcmVjZWl2ZWQgZnJvbSB0
aGUgY2xpZW50LgogICAgICAgICAgICAgIAo8L2RkPgo8L2RsPjwvYmxvY2txdW90ZT48cD4KICAg
ICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVT
VCBOT1QgaXNzdWUgYSByZWZyZXNoIHRva2VuLgogICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAg
ICAgICAgRm9yIGV4YW1wbGUsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciByZWRpcmVjdHMgdGhl
IHVzZXItYWdlbnQgYnkgc2VuZGluZyB0aGUKICAgICAgICAgICAgICBmb2xsb3dpbmcgSFRUUCBy
ZXNwb25zZSAoVVJJIGV4dHJhIGxpbmUgYnJlYWtzIGFyZSBmb3IgZGlzcGxheSBwdXJwb3NlcyBv
bmx5KToKICAgICAgICAgICAgCjwvcD48ZGl2IHN0eWxlPSdkaXNwbGF5OiB0YWJsZTsgd2lkdGg6
IDA7IG1hcmdpbi1sZWZ0OiAzZW07IG1hcmdpbi1yaWdodDogYXV0byc+PHByZT4KCiAgSFRUUC8x
LjEgMzAyIEZvdW5kCiAgTG9jYXRpb246IGh0dHA6Ly9leGFtcGxlLmNvbS9jYiNhY2Nlc3NfdG9r
ZW49MllvdG5GWkZFanIxekNzaWNNV3BBQQogICAgICAgICAgICAmYW1wO3N0YXRlPXh5eiZhbXA7
dG9rZW5fdHlwZT1leGFtcGxlJmFtcDtleHBpcmVzX2luPTM2MDAKCjwvcHJlPjwvZGl2Pgo8cD4K
ICAgICAgICAgICAgICBEZXZlbG9wZXJzIHNob3VsZCBub3RlIHRoYXQgc29tZSB1c2VyLWFnZW50
cyBkbyBub3Qgc3VwcG9ydCB0aGUgaW5jbHVzaW9uIG9mIGEKICAgICAgICAgICAgICBmcmFnbWVu
dCBjb21wb25lbnQgaW4gdGhlIEhUVFAgPHR0PkxvY2F0aW9uPC90dD4gcmVzcG9uc2UgaGVhZGVy
CiAgICAgICAgICAgICAgZmllbGQuIFN1Y2ggY2xpZW50cyB3aWxsIHJlcXVpcmUgdXNpbmcgb3Ro
ZXIgbWV0aG9kcyBmb3IgcmVkaXJlY3RpbmcgdGhlIGNsaWVudCB0aGFuCiAgICAgICAgICAgICAg
YSAzeHggcmVkaXJlY3Rpb24gcmVzcG9uc2UuIEZvciBleGFtcGxlLCByZXR1cm5pbmcgYW4gSFRN
TCBwYWdlIHdoaWNoIGluY2x1ZGVzIGEKICAgICAgICAgICAgICAnY29udGludWUnIGJ1dHRvbiB3
aXRoIGFuIGFjdGlvbiBsaW5rZWQgdG8gdGhlIHJlZGlyZWN0aW9uIFVSSS4KICAgICAgICAgICAg
CjwvcD4KPHA+CiAgICAgICAgICAgIFRoZSBjbGllbnQgTVVTVCBpZ25vcmUgdW5yZWNvZ25pemVk
IHJlc3BvbnNlIHBhcmFtZXRlcnMuIFRoZSBhY2Nlc3MgdG9rZW4gc3RyaW5nIHNpemUKICAgICAg
ICAgICAgaXMgbGVmdCB1bmRlZmluZWQgYnkgdGhpcyBzcGVjaWZpY2F0aW9uLiBUaGUgY2xpZW50
IHNob3VsZCBhdm9pZCBtYWtpbmcgYXNzdW1wdGlvbnMKICAgICAgICAgICAgYWJvdXQgdmFsdWUg
c2l6ZXMuIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBTSE9VTEQgZG9jdW1lbnQgdGhlIHNpemUg
b2YgYW55IHZhbHVlIGl0CiAgICAgICAgICAgIGlzc3Vlcy4KICAgICAgICAgIAo8L3A+CjxhIG5h
bWU9ImltcGxpY2l0LWF1dGh6LWVycm9yIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5
PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIg
YWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNw
O1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uNC4y
LjIuMSI+PC9hPjxoMz40LjIuMi4xLiZuYnNwOwpFcnJvciBSZXNwb25zZTwvaDM+Cgo8cD4KICAg
ICAgICAgICAgICBJZiB0aGUgcmVxdWVzdCBmYWlscyBkdWUgdG8gYSBtaXNzaW5nLCBpbnZhbGlk
LCBvciBtaXNtYXRjaGluZyByZWRpcmVjdGlvbiBVUkksIG9yIGlmCiAgICAgICAgICAgICAgdGhl
IGNsaWVudCBpZGVudGlmaWVyIGlzIG1pc3Npbmcgb3IgaW52YWxpZCwgdGhlIGF1dGhvcml6YXRp
b24gc2VydmVyIFNIT1VMRCBpbmZvcm0KICAgICAgICAgICAgICB0aGUgcmVzb3VyY2Ugb3duZXIg
b2YgdGhlIGVycm9yLCBhbmQgTVVTVCBOT1QgYXV0b21hdGljYWxseSByZWRpcmVjdCB0aGUgdXNl
ci1hZ2VudAogICAgICAgICAgICAgIHRvIHRoZSBpbnZhbGlkIHJlZGlyZWN0aW9uIFVSSS4KICAg
ICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgICAgSWYgdGhlIHJlc291cmNlIG93bmVyIGRl
bmllcyB0aGUgYWNjZXNzIHJlcXVlc3Qgb3IgaWYgdGhlIHJlcXVlc3QgZmFpbHMgZm9yIHJlYXNv
bnMKICAgICAgICAgICAgICBvdGhlciB0aGFuIGEgbWlzc2luZyBvciBpbnZhbGlkIHJlZGlyZWN0
aW9uIFVSSSwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGluZm9ybXMgdGhlCiAgICAgICAgICAg
ICAgY2xpZW50IGJ5IGFkZGluZyB0aGUgZm9sbG93aW5nIHBhcmFtZXRlcnMgdG8gdGhlIGZyYWdt
ZW50IGNvbXBvbmVudCBvZiB0aGUKICAgICAgICAgICAgICByZWRpcmVjdGlvbiBVUkkgdXNpbmcg
dGhlCiAgICAgICAgICAgICAgPHR0PmFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZDwv
dHQ+IGZvcm1hdDoKICAgICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgICAgPC9wPgo8Ymxv
Y2txdW90ZSBjbGFzcz0idGV4dCI+PGRsPgo8ZHQ+ZXJyb3I8L2R0Pgo8ZGQ+CiAgICAgICAgICAg
ICAgICAgIAogICAgICAgICAgICAgICAgICBSRVFVSVJFRC4gQSBzaW5nbGUgQVNDSUkgPGEgY2xh
c3M9J2luZm8nIGhyZWY9JyNVU0FTQ0lJJz5bVVNBU0NJSV08c3Bhbj4gKDwvc3Bhbj48c3BhbiBj
bGFzcz0naW5mbyc+QW1lcmljYW4gTmF0aW9uYWwgU3RhbmRhcmRzIEluc3RpdHV0ZSwgJmxkcXVv
O0NvZGVkIENoYXJhY3RlciBTZXQgLS0gNy1iaXQgQW1lcmljYW4gU3RhbmRhcmQgQ29kZSBmb3Ig
SW5mb3JtYXRpb24gSW50ZXJjaGFuZ2UsJnJkcXVvOyAxOTg2Ljwvc3Bhbj48c3Bhbj4pPC9zcGFu
PjwvYT4gZXJyb3IgY29kZSBmcm9tIHRoZSBmb2xsb3dpbmc6CgogICAgICAgICAgICAgICAgICAK
PGJsb2NrcXVvdGUgY2xhc3M9InRleHQiPjxkbD4KPGR0PmludmFsaWRfcmVxdWVzdDwvZHQ+Cjxk
ZD4KICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgVGhlIHJlcXVl
c3QgaXMgbWlzc2luZyBhIHJlcXVpcmVkIHBhcmFtZXRlciwgaW5jbHVkZXMgYW4gaW52YWxpZAog
ICAgICAgICAgICAgICAgICAgICAgcGFyYW1ldGVyIHZhbHVlLCBpbmNsdWRlcyBhIHBhcmFtZXRl
ciBtb3JlIHRoYW4gb25jZSwgb3IgaXMgb3RoZXJ3aXNlIG1hbGZvcm1lZC4KICAgICAgICAgICAg
ICAgICAgICAKPC9kZD4KPGR0PnVuYXV0aG9yaXplZF9jbGllbnQ8L2R0Pgo8ZGQ+CiAgICAgICAg
ICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgIFRoZSBjbGllbnQgaXMgbm90IGF1
dGhvcml6ZWQgdG8gcmVxdWVzdCBhbiBhY2Nlc3MgdG9rZW4gdXNpbmcgdGhpcyBtZXRob2QuCiAg
ICAgICAgICAgICAgICAgICAgCjwvZGQ+CjxkdD5hY2Nlc3NfZGVuaWVkPC9kdD4KPGRkPgogICAg
ICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICBUaGUgcmVzb3VyY2Ugb3du
ZXIgb3IgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgZGVuaWVkIHRoZSByZXF1ZXN0LgogICAgICAgICAg
ICAgICAgICAgIAo8L2RkPgo8ZHQ+dW5zdXBwb3J0ZWRfcmVzcG9uc2VfdHlwZTwvZHQ+CjxkZD4K
ICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgVGhlIGF1dGhvcml6
YXRpb24gc2VydmVyIGRvZXMgbm90IHN1cHBvcnQgb2J0YWluaW5nIGFuIGFjY2VzcyB0b2tlbiB1
c2luZwogICAgICAgICAgICAgICAgICAgICAgdGhpcyBtZXRob2QuCiAgICAgICAgICAgICAgICAg
ICAgCjwvZGQ+CjxkdD5pbnZhbGlkX3Njb3BlPC9kdD4KPGRkPgogICAgICAgICAgICAgICAgICAg
ICAgCiAgICAgICAgICAgICAgICAgICAgICBUaGUgcmVxdWVzdGVkIHNjb3BlIGlzIGludmFsaWQs
IHVua25vd24sIG9yIG1hbGZvcm1lZC4KICAgICAgICAgICAgICAgICAgICAKPC9kZD4KPGR0PnNl
cnZlcl9lcnJvcjwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAg
ICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGVuY291bnRlcmVkIGFuIHVuZXhwZWN0
ZWQgY29uZGl0aW9uIHdoaWNoIHByZXZlbnRlZAogICAgICAgICAgICAgICAgICAgICAgaXQgZnJv
bSBmdWxmaWxsaW5nIHRoZSByZXF1ZXN0LgogICAgICAgICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+
dGVtcG9yYXJpbHlfdW5hdmFpbGFibGU8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAgICAgICAK
ICAgICAgICAgICAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBpcyBjdXJyZW50
bHkgdW5hYmxlIHRvIGhhbmRsZSB0aGUgcmVxdWVzdCBkdWUgdG8gYQogICAgICAgICAgICAgICAg
ICAgICAgdGVtcG9yYXJ5IG92ZXJsb2FkaW5nIG9yIG1haW50ZW5hbmNlIG9mIHRoZSBzZXJ2ZXIu
CiAgICAgICAgICAgICAgICAgICAgCjwvZGQ+CjwvZGw+PC9ibG9ja3F1b3RlPgoKCQkgIFZhbHVl
cyBmb3IgdGhlIDx0dD5lcnJvcjwvdHQ+IHBhcmFtZXRlciBNVVNUIE5PVCBpbmNsdWRlCgkJICBj
aGFyYWN0ZXJzIG91dHNpZGUgdGhlIHNldCAleDIwLTIxIC8gJXgyMy01QiAvICV4NUQtN0UuCiAg
ICAgICAgICAgICAgICAKPC9kZD4KPGR0PmVycm9yX2Rlc2NyaXB0aW9uPC9kdD4KPGRkPgogICAg
ICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgT1BUSU9OQUwuIEEgaHVtYW4tcmVhZGFi
bGUgQVNDSUkgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNVU0FTQ0lJJz5bVVNBU0NJSV08c3Bhbj4g
KDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+QW1lcmljYW4gTmF0aW9uYWwgU3RhbmRhcmRzIElu
c3RpdHV0ZSwgJmxkcXVvO0NvZGVkIENoYXJhY3RlciBTZXQgLS0gNy1iaXQgQW1lcmljYW4gU3Rh
bmRhcmQgQ29kZSBmb3IgSW5mb3JtYXRpb24gSW50ZXJjaGFuZ2UsJnJkcXVvOyAxOTg2Ljwvc3Bh
bj48c3Bhbj4pPC9zcGFuPjwvYT4gdGV4dCBwcm92aWRpbmcgYWRkaXRpb25hbCBpbmZvcm1hdGlv
biwKICAgICAgICAgICAgICAgICAgdXNlZCB0byBhc3Npc3QgdGhlIGNsaWVudCBkZXZlbG9wZXIg
aW4gdW5kZXJzdGFuZGluZyB0aGUgZXJyb3IgdGhhdCBvY2N1cnJlZC4KCQkgIDxiciAvPgoKCQkg
IFZhbHVlcyBmb3IgdGhlIDx0dD5lcnJvcl9kZXNjcmlwdGlvbjwvdHQ+IHBhcmFtZXRlciBNVVNU
IE5PVCBpbmNsdWRlCgkJICBjaGFyYWN0ZXJzIG91dHNpZGUgdGhlIHNldCAleDIwLTIxIC8gJXgy
My01QiAvICV4NUQtN0UuCiAgICAgICAgICAgICAgICAKPC9kZD4KPGR0PmVycm9yX3VyaTwvZHQ+
CjxkZD4KICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgIE9QVElPTkFMLiBBIFVS
SSBpZGVudGlmeWluZyBhIGh1bWFuLXJlYWRhYmxlIHdlYiBwYWdlIHdpdGggaW5mb3JtYXRpb24g
YWJvdXQgdGhlCiAgICAgICAgICAgICAgICAgIGVycm9yLCB1c2VkIHRvIHByb3ZpZGUgdGhlIGNs
aWVudCBkZXZlbG9wZXIgd2l0aCBhZGRpdGlvbmFsIGluZm9ybWF0aW9uIGFib3V0IHRoZQogICAg
ICAgICAgICAgICAgICBlcnJvci4KCQkgIDxiciAvPgoKCQkgIFZhbHVlcyBmb3IgdGhlIDx0dD5l
cnJvcl91cmk8L3R0PiBwYXJhbWV0ZXIKCQkgIE1VU1QgY29uZm9ybSB0byB0aGUgVVJJLVJlZmVy
ZW5jZSBzeW50YXgsIGFuZCB0aHVzIE1VU1QgTk9UIGluY2x1ZGUKCQkgIGNoYXJhY3RlcnMgb3V0
c2lkZSB0aGUgc2V0ICV4MjEgLyAleDIzLTVCIC8gJXg1RC03RS4KICAgICAgICAgICAgICAgIAo8
L2RkPgo8ZHQ+c3RhdGU8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAg
ICAgICBSRVFVSVJFRCBpZiBhIDx0dD5zdGF0ZTwvdHQ+IHBhcmFtZXRlciB3YXMgcHJlc2VudCBp
biB0aGUKICAgICAgICAgICAgICAgICAgY2xpZW50IGF1dGhvcml6YXRpb24gcmVxdWVzdC4gVGhl
IGV4YWN0IHZhbHVlIHJlY2VpdmVkIGZyb20gdGhlIGNsaWVudC4KICAgICAgICAgICAgICAgIAo8
L2RkPgo8L2RsPjwvYmxvY2txdW90ZT48cD4KICAgICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAg
ICAgICAgICBGb3IgZXhhbXBsZSwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHJlZGlyZWN0cyB0
aGUgdXNlci1hZ2VudCBieSBzZW5kaW5nIHRoZQogICAgICAgICAgICAgICAgZm9sbG93aW5nIEhU
VFAgcmVzcG9uc2U6CiAgICAgICAgICAgICAgCjwvcD48ZGl2IHN0eWxlPSdkaXNwbGF5OiB0YWJs
ZTsgd2lkdGg6IDA7IG1hcmdpbi1sZWZ0OiAzZW07IG1hcmdpbi1yaWdodDogYXV0byc+PHByZT4K
CiAgSFRUUC8xLjEgMzAyIEZvdW5kCiAgTG9jYXRpb246IGh0dHBzOi8vY2xpZW50LmV4YW1wbGUu
Y29tL2NiI2Vycm9yPWFjY2Vzc19kZW5pZWQmYW1wO3N0YXRlPXh5egoKPC9wcmU+PC9kaXY+Cjxh
IG5hbWU9ImdyYW50LXBhc3N3b3JkIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJs
YXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxp
Z249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RP
QyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uNC4zIj48
L2E+PGgzPjQuMy4mbmJzcDsKUmVzb3VyY2UgT3duZXIgUGFzc3dvcmQgQ3JlZGVudGlhbHMgR3Jh
bnQ8L2gzPgoKPHA+CiAgICAgICAgICBUaGUgcmVzb3VyY2Ugb3duZXIgcGFzc3dvcmQgY3JlZGVu
dGlhbHMgZ3JhbnQgdHlwZSBpcyBzdWl0YWJsZSBpbiBjYXNlcyB3aGVyZSB0aGUKICAgICAgICAg
IHJlc291cmNlIG93bmVyIGhhcyBhIHRydXN0IHJlbGF0aW9uc2hpcCB3aXRoIHRoZSBjbGllbnQs
IHN1Y2ggYXMgdGhlIGRldmljZSBvcGVyYXRpbmcKICAgICAgICAgIHN5c3RlbSBvciBhIGhpZ2hs
eSBwcml2aWxlZ2VkIGFwcGxpY2F0aW9uLiBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgc2hvdWxk
IHRha2Ugc3BlY2lhbAogICAgICAgICAgY2FyZSB3aGVuIGVuYWJsaW5nIHRoaXMgZ3JhbnQgdHlw
ZSwgYW5kIG9ubHkgYWxsb3cgaXQgd2hlbiBvdGhlciBmbG93cyBhcmUgbm90IHZpYWJsZS4KICAg
ICAgICAKPC9wPgo8cD4KICAgICAgICAgIFRoZSBncmFudCB0eXBlIGlzIHN1aXRhYmxlIGZvciBj
bGllbnRzIGNhcGFibGUgb2Ygb2J0YWluaW5nIHRoZSByZXNvdXJjZSBvd25lcidzCiAgICAgICAg
ICBjcmVkZW50aWFscyAodXNlcm5hbWUgYW5kIHBhc3N3b3JkLCB0eXBpY2FsbHkgdXNpbmcgYW4g
aW50ZXJhY3RpdmUgZm9ybSkuIEl0IGlzIGFsc28gdXNlZAogICAgICAgICAgdG8gbWlncmF0ZSBl
eGlzdGluZyBjbGllbnRzIHVzaW5nIGRpcmVjdCBhdXRoZW50aWNhdGlvbiBzY2hlbWVzIHN1Y2gg
YXMgSFRUUCBCYXNpYyBvcgogICAgICAgICAgRGlnZXN0IGF1dGhlbnRpY2F0aW9uIHRvIE9BdXRo
IGJ5IGNvbnZlcnRpbmcgdGhlIHN0b3JlZCBjcmVkZW50aWFscyB0byBhbiBhY2Nlc3MgdG9rZW4u
CiAgICAgICAgCjwvcD48YnIgLz48aHIgY2xhc3M9Imluc2VydCIgLz4KPGEgbmFtZT0iRmlndXJl
LTUiPjwvYT4KPGRpdiBzdHlsZT0nZGlzcGxheTogdGFibGU7IHdpZHRoOiAwOyBtYXJnaW4tbGVm
dDogM2VtOyBtYXJnaW4tcmlnaHQ6IGF1dG8nPjxwcmU+CgogICstLS0tLS0tLS0tKwogIHwgUmVz
b3VyY2UgfAogIHwgIE93bmVyICAgfAogIHwgICAgICAgICAgfAogICstLS0tLS0tLS0tKwogICAg
ICAgdgogICAgICAgfCAgICBSZXNvdXJjZSBPd25lcgogICAgICAoQSkgUGFzc3dvcmQgQ3JlZGVu
dGlhbHMKICAgICAgIHwKICAgICAgIHYKICArLS0tLS0tLS0tKyAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tKwogIHwgICAgICAgICB8Jmd0Oy0tKEIpLS0t
LSBSZXNvdXJjZSBPd25lciAtLS0tLS0tJmd0O3wgICAgICAgICAgICAgICB8CiAgfCAgICAgICAg
IHwgICAgICAgICBQYXNzd29yZCBDcmVkZW50aWFscyAgICAgfCBBdXRob3JpemF0aW9uIHwKICB8
IENsaWVudCAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8ICAgICBTZXJ2ZXIg
ICAgfAogIHwgICAgICAgICB8Jmx0Oy0tKEMpLS0tLSBBY2Nlc3MgVG9rZW4gLS0tLS0tLS0tJmx0
O3wgICAgICAgICAgICAgICB8CiAgfCAgICAgICAgIHwgICAgKHcvIE9wdGlvbmFsIFJlZnJlc2gg
VG9rZW4pICAgfCAgICAgICAgICAgICAgIHwKICArLS0tLS0tLS0tKyAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tKwoKPC9wcmU+PC9kaXY+PHRhYmxlIGJv
cmRlcj0iMCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBhbGlnbj0iY2VudGVyIj48
dHI+PHRkIGFsaWduPSJjZW50ZXIiPjxmb250IGZhY2U9Im1vbmFjbywgTVMgU2FucyBTZXJpZiIg
c2l6ZT0iMSI+PGI+Jm5ic3A7RmlndXJlJm5ic3A7NTogUmVzb3VyY2UgT3duZXIgUGFzc3dvcmQg
Q3JlZGVudGlhbHMgRmxvdyZuYnNwOzwvYj48L2ZvbnQ+PGJyIC8+PC90ZD48L3RyPjwvdGFibGU+
PGhyIGNsYXNzPSJpbnNlcnQiIC8+Cgo8cD4KICAgICAgICAgIFRoZSBmbG93IGlsbHVzdHJhdGVk
IGluIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjRmlndXJlLTUnPkZpZ3VyZSZuYnNwOzU8c3Bhbj4g
KDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+UmVzb3VyY2UgT3duZXIgUGFzc3dvcmQgQ3JlZGVu
dGlhbHMgRmxvdzwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4gaW5jbHVkZXMgdGhlIGZvbGxvd2lu
ZyBzdGVwczoKICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIDwvcD4KPGJsb2NrcXVvdGUgY2xh
c3M9InRleHQiPjxkbD4KPGR0PihBKTwvZHQ+CjxkZD4KICAgICAgICAgICAgICBUaGUgcmVzb3Vy
Y2Ugb3duZXIgcHJvdmlkZXMgdGhlIGNsaWVudCB3aXRoIGl0cyB1c2VybmFtZSBhbmQgcGFzc3dv
cmQuCiAgICAgICAgICAgIAo8L2RkPgo8ZHQ+KEIpPC9kdD4KPGRkPgogICAgICAgICAgICAgIFRo
ZSBjbGllbnQgcmVxdWVzdHMgYW4gYWNjZXNzIHRva2VuIGZyb20gdGhlIGF1dGhvcml6YXRpb24g
c2VydmVyJ3MgdG9rZW4gZW5kcG9pbnQgYnkKICAgICAgICAgICAgICBpbmNsdWRpbmcgdGhlIGNy
ZWRlbnRpYWxzIHJlY2VpdmVkIGZyb20gdGhlIHJlc291cmNlIG93bmVyLiBXaGVuIG1ha2luZyB0
aGUgcmVxdWVzdCwKICAgICAgICAgICAgICB0aGUgY2xpZW50IGF1dGhlbnRpY2F0ZXMgd2l0aCB0
aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuCiAgICAgICAgICAgIAo8L2RkPgo8ZHQ+KEMpPC9kdD4K
PGRkPgogICAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhdXRoZW50aWNhdGVz
IHRoZSBjbGllbnQgYW5kIHZhbGlkYXRlcyB0aGUgcmVzb3VyY2Ugb3duZXIKICAgICAgICAgICAg
ICBjcmVkZW50aWFscywgYW5kIGlmIHZhbGlkIGlzc3VlcyBhbiBhY2Nlc3MgdG9rZW4uCiAgICAg
ICAgICAgIAo8L2RkPgo8L2RsPjwvYmxvY2txdW90ZT48cD4KICAgICAgICAKPC9wPgo8YSBuYW1l
PSJhbmNob3IzMiI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxs
cGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+
PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+
PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjQuMy4xIj48L2E+PGgzPjQu
My4xLiZuYnNwOwpBdXRob3JpemF0aW9uIFJlcXVlc3QgYW5kIFJlc3BvbnNlPC9oMz4KCjxwPgog
ICAgICAgICAgICBUaGUgbWV0aG9kIHRocm91Z2ggd2hpY2ggdGhlIGNsaWVudCBvYnRhaW5zIHRo
ZSByZXNvdXJjZSBvd25lciBjcmVkZW50aWFscyBpcyBiZXlvbmQKICAgICAgICAgICAgdGhlIHNj
b3BlIG9mIHRoaXMgc3BlY2lmaWNhdGlvbi4gVGhlIGNsaWVudCBNVVNUIGRpc2NhcmQgdGhlIGNy
ZWRlbnRpYWxzIG9uY2UgYW4gYWNjZXNzCiAgICAgICAgICAgIHRva2VuIGhhcyBiZWVuIG9idGFp
bmVkLgogICAgICAgICAgCjwvcD4KPGEgbmFtZT0iYW5jaG9yMzMiPjwvYT48YnIgLz48aHIgLz4K
PHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBj
bGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJl
Zj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJy
ZmMuc2VjdGlvbi40LjMuMiI+PC9hPjxoMz40LjMuMi4mbmJzcDsKQWNjZXNzIFRva2VuIFJlcXVl
c3Q8L2gzPgoKPHA+CiAgICAgICAgICAgIFRoZSBjbGllbnQgbWFrZXMgYSByZXF1ZXN0IHRvIHRo
ZSB0b2tlbiBlbmRwb2ludCBieSBhZGRpbmcgdGhlIGZvbGxvd2luZyBwYXJhbWV0ZXJzCiAgICAg
ICAgICAgIHVzaW5nIHRoZSA8dHQ+YXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkPC90
dD4gZm9ybWF0IGluIHRoZQogICAgICAgICAgICBIVFRQIHJlcXVlc3QgZW50aXR5LWJvZHk6CiAg
ICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgPC9wPgo8YmxvY2txdW90ZSBjbGFzcz0idGV4
dCI+PGRsPgo8ZHQ+Z3JhbnRfdHlwZTwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgIAogICAgICAg
ICAgICAgICAgUkVRVUlSRUQuIFZhbHVlIE1VU1QgYmUgc2V0IHRvIDx0dD5wYXNzd29yZDwvdHQ+
LgogICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+dXNlcm5hbWU8L2R0Pgo8ZGQ+CiAgICAgICAgICAg
ICAgICAKICAgICAgICAgICAgICAgIFJFUVVJUkVELiBUaGUgcmVzb3VyY2Ugb3duZXIgdXNlcm5h
bWUsIGVuY29kZWQgYXMgVVRGLTguCiAgICAgICAgICAgICAgCjwvZGQ+CjxkdD5wYXNzd29yZDwv
ZHQ+CjxkZD4KICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgUkVRVUlSRUQuIFRoZSBy
ZXNvdXJjZSBvd25lciBwYXNzd29yZCwgZW5jb2RlZCBhcyBVVEYtOC4KICAgICAgICAgICAgICAK
PC9kZD4KPGR0PnNjb3BlPC9kdD4KPGRkPgogICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAg
ICBPUFRJT05BTC4gVGhlIHNjb3BlIG9mIHRoZSBhY2Nlc3MgcmVxdWVzdCBhcyBkZXNjcmliZWQg
YnkgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNzY29wZSc+U2VjdGlvbiZuYnNwOzMuMzxzcGFuPiAo
PC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5BY2Nlc3MgVG9rZW4gU2NvcGU8L3NwYW4+PHNwYW4+
KTwvc3Bhbj48L2E+LgogICAgICAgICAgICAgIAo8L2RkPgo8L2RsPjwvYmxvY2txdW90ZT48cD4K
ICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICBJZiB0aGUgY2xpZW50IHR5cGUgaXMgY29u
ZmlkZW50aWFsIG9yIHRoZSBjbGllbnQgd2FzIGlzc3VlZCBjbGllbnQgY3JlZGVudGlhbHMgKG9y
CiAgICAgICAgICAgIGFzc2lnbmVkIG90aGVyIGF1dGhlbnRpY2F0aW9uIHJlcXVpcmVtZW50cyks
IHRoZSBjbGllbnQgTVVTVCBhdXRoZW50aWNhdGUgd2l0aCB0aGUKICAgICAgICAgICAgYXV0aG9y
aXphdGlvbiBzZXJ2ZXIgYXMgZGVzY3JpYmVkIGluIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjdG9r
ZW4tZW5kcG9pbnQtYXV0aCc+U2VjdGlvbiZuYnNwOzMuMi4xPHNwYW4+ICg8L3NwYW4+PHNwYW4g
Y2xhc3M9J2luZm8nPkNsaWVudCBBdXRoZW50aWNhdGlvbjwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwv
YT4uCiAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgICBGb3IgZXhhbXBsZSwgdGhlIGNs
aWVudCBtYWtlcyB0aGUgZm9sbG93aW5nIEhUVFAgcmVxdWVzdCB1c2luZyB0cmFuc3BvcnQtbGF5
ZXIKICAgICAgICAgICAgICBzZWN1cml0eSAoZXh0cmEgbGluZSBicmVha3MgYXJlIGZvciBkaXNw
bGF5IHB1cnBvc2VzIG9ubHkpOgogICAgICAgICAgICAKPC9wPjxkaXYgc3R5bGU9J2Rpc3BsYXk6
IHRhYmxlOyB3aWR0aDogMDsgbWFyZ2luLWxlZnQ6IDNlbTsgbWFyZ2luLXJpZ2h0OiBhdXRvJz48
cHJlPgoKICBQT1NUIC90b2tlbiBIVFRQLzEuMQogIEhvc3Q6IHNlcnZlci5leGFtcGxlLmNvbQog
IEF1dGhvcml6YXRpb246IEJhc2ljIGN6WkNhR1JTYTNGME16cG5XREZtUW1GME0ySlcKICBDb250
ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZDtjaGFyc2V0PVVURi04
CgogIGdyYW50X3R5cGU9cGFzc3dvcmQmYW1wO3VzZXJuYW1lPWpvaG5kb2UmYW1wO3Bhc3N3b3Jk
PUEzZGRqM3cKCjwvcHJlPjwvZGl2Pgo8cD4KICAgICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24g
c2VydmVyIE1VU1Q6CiAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgPC9wPgo8dWwgY2xh
c3M9InRleHQiPgo8bGk+CiAgICAgICAgICAgICAgICByZXF1aXJlIGNsaWVudCBhdXRoZW50aWNh
dGlvbiBmb3IgY29uZmlkZW50aWFsIGNsaWVudHMgb3IgZm9yIGFueSBjbGllbnQgdGhhdCB3YXMK
ICAgICAgICAgICAgICAgIGlzc3VlZCBjbGllbnQgY3JlZGVudGlhbHMgKG9yIHdpdGggb3RoZXIg
YXV0aGVudGljYXRpb24gcmVxdWlyZW1lbnRzKSwKICAgICAgICAgICAgICAKPC9saT4KPGxpPgog
ICAgICAgICAgICAgICAgYXV0aGVudGljYXRlIHRoZSBjbGllbnQgaWYgY2xpZW50IGF1dGhlbnRp
Y2F0aW9uIGlzIGluY2x1ZGVkLCBhbmQKICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAg
ICAgICAgICAgdmFsaWRhdGUgdGhlIHJlc291cmNlIG93bmVyIHBhc3N3b3JkIGNyZWRlbnRpYWxz
IHVzaW5nIGl0cyBleGlzdGluZyBwYXNzd29yZAogICAgICAgICAgICAgICAgdmFsaWRhdGlvbiBh
bGdvcml0aG0uCiAgICAgICAgICAgICAgCjwvbGk+CjwvdWw+PHA+CiAgICAgICAgICAKPC9wPgo8
cD4KICAgICAgICAgICAgU2luY2UgdGhpcyBhY2Nlc3MgdG9rZW4gcmVxdWVzdCB1dGlsaXplcyB0
aGUgcmVzb3VyY2Ugb3duZXIncyBwYXNzd29yZCwgdGhlCiAgICAgICAgICAgIGF1dGhvcml6YXRp
b24gc2VydmVyIE1VU1QgcHJvdGVjdCB0aGUgZW5kcG9pbnQgYWdhaW5zdCBicnV0ZSBmb3JjZSBh
dHRhY2tzIChlLmcuIHVzaW5nCiAgICAgICAgICAgIHJhdGUtbGltaXRhdGlvbiBvciBnZW5lcmF0
aW5nIGFsZXJ0cykuCiAgICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3IzNCI+PC9hPjxiciAv
PjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNp
bmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVn
Ij48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+Cjxh
IG5hbWU9InJmYy5zZWN0aW9uLjQuMy4zIj48L2E+PGgzPjQuMy4zLiZuYnNwOwpBY2Nlc3MgVG9r
ZW4gUmVzcG9uc2U8L2gzPgoKPHA+CiAgICAgICAgICAgIElmIHRoZSBhY2Nlc3MgdG9rZW4gcmVx
dWVzdCBpcyB2YWxpZCBhbmQgYXV0aG9yaXplZCwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGlz
c3VlcyBhbgogICAgICAgICAgICBhY2Nlc3MgdG9rZW4gYW5kIG9wdGlvbmFsIHJlZnJlc2ggdG9r
ZW4gYXMgZGVzY3JpYmVkIGluIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjdG9rZW4tcmVzcG9uc2Un
PlNlY3Rpb24mbmJzcDs1LjE8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+U3VjY2Vz
c2Z1bCBSZXNwb25zZTwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4uCiAgICAgICAgICAgIElmIHRo
ZSByZXF1ZXN0IGZhaWxlZCBjbGllbnQgYXV0aGVudGljYXRpb24gb3IgaXMgaW52YWxpZCwgdGhl
IGF1dGhvcml6YXRpb24gc2VydmVyIHJldHVybnMKICAgICAgICAgICAgYW4gZXJyb3IgcmVzcG9u
c2UgYXMgZGVzY3JpYmVkIGluIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjdG9rZW4tZXJyb3JzJz5T
ZWN0aW9uJm5ic3A7NS4yPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkVycm9yIFJl
c3BvbnNlPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4KICAgICAgICAgIAo8L3A+CjxwPgogICAg
ICAgICAgICAgIEFuIGV4YW1wbGUgc3VjY2Vzc2Z1bCByZXNwb25zZToKICAgICAgICAgICAgCjwv
cD48ZGl2IHN0eWxlPSdkaXNwbGF5OiB0YWJsZTsgd2lkdGg6IDA7IG1hcmdpbi1sZWZ0OiAzZW07
IG1hcmdpbi1yaWdodDogYXV0byc+PHByZT4KCiAgSFRUUC8xLjEgMjAwIE9LCiAgQ29udGVudC1U
eXBlOiBhcHBsaWNhdGlvbi9qc29uO2NoYXJzZXQ9VVRGLTgKICBDYWNoZS1Db250cm9sOiBuby1z
dG9yZQogIFByYWdtYTogbm8tY2FjaGUKCiAgewogICAgImFjY2Vzc190b2tlbiI6IjJZb3RuRlpG
RWpyMXpDc2ljTVdwQUEiLAogICAgInRva2VuX3R5cGUiOiJleGFtcGxlIiwKICAgICJleHBpcmVz
X2luIjozNjAwLAogICAgInJlZnJlc2hfdG9rZW4iOiJ0R3p2M0pPa0YwWEc1UXgyVGxLV0lBIiwK
ICAgICJleGFtcGxlX3BhcmFtZXRlciI6ImV4YW1wbGVfdmFsdWUiCiAgfQoKPC9wcmU+PC9kaXY+
CjxhIG5hbWU9ImdyYW50LWNsaWVudCI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0i
bGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFs
aWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtU
T0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjQuNCI+
PC9hPjxoMz40LjQuJm5ic3A7CkNsaWVudCBDcmVkZW50aWFscyBHcmFudDwvaDM+Cgo8cD4KICAg
ICAgICAgIFRoZSBjbGllbnQgY2FuIHJlcXVlc3QgYW4gYWNjZXNzIHRva2VuIHVzaW5nIG9ubHkg
aXRzIGNsaWVudCBjcmVkZW50aWFscyAob3Igb3RoZXIKICAgICAgICAgIHN1cHBvcnRlZCBtZWFu
cyBvZiBhdXRoZW50aWNhdGlvbikgd2hlbiB0aGUgY2xpZW50IGlzIHJlcXVlc3RpbmcgYWNjZXNz
IHRvIHRoZQogICAgICAgICAgcHJvdGVjdGVkIHJlc291cmNlcyB1bmRlciBpdHMgY29udHJvbCwg
b3IgdGhvc2Ugb2YgYW5vdGhlciByZXNvdXJjZSBvd25lciB3aGljaCBoYXMgYmVlbgogICAgICAg
ICAgcHJldmlvdXNseSBhcnJhbmdlZCB3aXRoIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciAodGhl
IG1ldGhvZCBvZiB3aGljaCBpcyBiZXlvbmQgdGhlCiAgICAgICAgICBzY29wZSBvZiB0aGlzIHNw
ZWNpZmljYXRpb24pLgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgVGhlIGNsaWVudCBjcmVk
ZW50aWFscyBncmFudCB0eXBlIE1VU1Qgb25seSBiZSB1c2VkIGJ5IGNvbmZpZGVudGlhbCBjbGll
bnRzLgogICAgICAgIAo8L3A+PGJyIC8+PGhyIGNsYXNzPSJpbnNlcnQiIC8+CjxhIG5hbWU9IkZp
Z3VyZS02Ij48L2E+CjxkaXYgc3R5bGU9J2Rpc3BsYXk6IHRhYmxlOyB3aWR0aDogMDsgbWFyZ2lu
LWxlZnQ6IDNlbTsgbWFyZ2luLXJpZ2h0OiBhdXRvJz48cHJlPgoKICArLS0tLS0tLS0tKyAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tKwogIHwgICAgICAg
ICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgICAgICAgICAgICB8CiAg
fCAgICAgICAgIHwmZ3Q7LS0oQSktIENsaWVudCBBdXRoZW50aWNhdGlvbiAtLS0mZ3Q7fCBBdXRo
b3JpemF0aW9uIHwKICB8IENsaWVudCAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICB8ICAgICBTZXJ2ZXIgICAgfAogIHwgICAgICAgICB8Jmx0Oy0tKEIpLS0tLSBBY2Nlc3MgVG9r
ZW4gLS0tLS0tLS0tJmx0O3wgICAgICAgICAgICAgICB8CiAgfCAgICAgICAgIHwgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgfCAgICAgICAgICAgICAgIHwKICArLS0tLS0tLS0tKyAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tKwoKPC9wcmU+
PC9kaXY+PHRhYmxlIGJvcmRlcj0iMCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBh
bGlnbj0iY2VudGVyIj48dHI+PHRkIGFsaWduPSJjZW50ZXIiPjxmb250IGZhY2U9Im1vbmFjbywg
TVMgU2FucyBTZXJpZiIgc2l6ZT0iMSI+PGI+Jm5ic3A7RmlndXJlJm5ic3A7NjogQ2xpZW50IENy
ZWRlbnRpYWxzIEZsb3cmbmJzcDs8L2I+PC9mb250PjxiciAvPjwvdGQ+PC90cj48L3RhYmxlPjxo
ciBjbGFzcz0iaW5zZXJ0IiAvPgoKPHA+CiAgICAgICAgICBUaGUgZmxvdyBpbGx1c3RyYXRlZCBp
biA8YSBjbGFzcz0naW5mbycgaHJlZj0nI0ZpZ3VyZS02Jz5GaWd1cmUmbmJzcDs2PHNwYW4+ICg8
L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkNsaWVudCBDcmVkZW50aWFscyBGbG93PC9zcGFuPjxz
cGFuPik8L3NwYW4+PC9hPiBpbmNsdWRlcyB0aGUgZm9sbG93aW5nIHN0ZXBzOgogICAgICAgIAo8
L3A+CjxwPgogICAgICAgICAgPC9wPgo8YmxvY2txdW90ZSBjbGFzcz0idGV4dCI+PGRsPgo8ZHQ+
KEEpPC9kdD4KPGRkPgogICAgICAgICAgICAgIFRoZSBjbGllbnQgYXV0aGVudGljYXRlcyB3aXRo
IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhbmQgcmVxdWVzdHMgYW4gYWNjZXNzIHRva2VuCiAg
ICAgICAgICAgICAgZnJvbSB0aGUgdG9rZW4gZW5kcG9pbnQuCiAgICAgICAgICAgIAo8L2RkPgo8
ZHQ+KEIpPC9kdD4KPGRkPgogICAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBh
dXRoZW50aWNhdGVzIHRoZSBjbGllbnQsIGFuZCBpZiB2YWxpZCBpc3N1ZXMgYW4gYWNjZXNzCiAg
ICAgICAgICAgICAgdG9rZW4uCiAgICAgICAgICAgIAo8L2RkPgo8L2RsPjwvYmxvY2txdW90ZT48
cD4KICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3IzNSI+PC9hPjxiciAvPjxociAvPgo8dGFi
bGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNz
PSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIj
dG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5z
ZWN0aW9uLjQuNC4xIj48L2E+PGgzPjQuNC4xLiZuYnNwOwpBdXRob3JpemF0aW9uIFJlcXVlc3Qg
YW5kIFJlc3BvbnNlPC9oMz4KCjxwPgogICAgICAgICAgICBTaW5jZSB0aGUgY2xpZW50IGF1dGhl
bnRpY2F0aW9uIGlzIHVzZWQgYXMgdGhlIGF1dGhvcml6YXRpb24gZ3JhbnQsIG5vIGFkZGl0aW9u
YWwKICAgICAgICAgICAgYXV0aG9yaXphdGlvbiByZXF1ZXN0IGlzIG5lZWRlZC4KICAgICAgICAg
IAo8L3A+CjxhIG5hbWU9ImFuY2hvcjM2Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5
PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIg
YWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNw
O1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uNC40
LjIiPjwvYT48aDM+NC40LjIuJm5ic3A7CkFjY2VzcyBUb2tlbiBSZXF1ZXN0PC9oMz4KCjxwPgog
ICAgICAgICAgICBUaGUgY2xpZW50IG1ha2VzIGEgcmVxdWVzdCB0byB0aGUgdG9rZW4gZW5kcG9p
bnQgYnkgYWRkaW5nIHRoZSBmb2xsb3dpbmcgcGFyYW1ldGVycwogICAgICAgICAgICB1c2luZyB0
aGUgPHR0PmFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZDwvdHQ+IGZvcm1hdCBpbiB0
aGUKICAgICAgICAgICAgSFRUUCByZXF1ZXN0IGVudGl0eS1ib2R5OgogICAgICAgICAgCjwvcD4K
PHA+CiAgICAgICAgICAgIDwvcD4KPGJsb2NrcXVvdGUgY2xhc3M9InRleHQiPjxkbD4KPGR0Pmdy
YW50X3R5cGU8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgIFJFUVVJ
UkVELiBWYWx1ZSBNVVNUIGJlIHNldCB0byA8dHQ+Y2xpZW50X2NyZWRlbnRpYWxzPC90dD4uCiAg
ICAgICAgICAgICAgCjwvZGQ+CjxkdD5zY29wZTwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgIAog
ICAgICAgICAgICAgICAgT1BUSU9OQUwuIFRoZSBzY29wZSBvZiB0aGUgYWNjZXNzIHJlcXVlc3Qg
YXMgZGVzY3JpYmVkIGJ5IDxhIGNsYXNzPSdpbmZvJyBocmVmPScjc2NvcGUnPlNlY3Rpb24mbmJz
cDszLjM8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+QWNjZXNzIFRva2VuIFNjb3Bl
PC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4KICAgICAgICAgICAgICAKPC9kZD4KPC9kbD48L2Js
b2NrcXVvdGU+PHA+CiAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgVGhlIGNsaWVudCBN
VVNUIGF1dGhlbnRpY2F0ZSB3aXRoIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhcyBkZXNjcmli
ZWQgaW4KICAgICAgICAgICAgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyN0b2tlbi1lbmRwb2ludC1h
dXRoJz5TZWN0aW9uJm5ic3A7My4yLjE8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+
Q2xpZW50IEF1dGhlbnRpY2F0aW9uPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4KICAgICAgICAg
IAo8L3A+CjxwPgogICAgICAgICAgICAgIEZvciBleGFtcGxlLCB0aGUgY2xpZW50IG1ha2VzIHRo
ZSBmb2xsb3dpbmcgSFRUUCByZXF1ZXN0IHVzaW5nIHRyYW5zcG9ydC1sYXllcgogICAgICAgICAg
ICAgIHNlY3VyaXR5IChleHRyYSBsaW5lIGJyZWFrcyBhcmUgZm9yIGRpc3BsYXkgcHVycG9zZXMg
b25seSk6CiAgICAgICAgICAgIAo8L3A+PGRpdiBzdHlsZT0nZGlzcGxheTogdGFibGU7IHdpZHRo
OiAwOyBtYXJnaW4tbGVmdDogM2VtOyBtYXJnaW4tcmlnaHQ6IGF1dG8nPjxwcmU+CgogIFBPU1Qg
L3Rva2VuIEhUVFAvMS4xCiAgSG9zdDogc2VydmVyLmV4YW1wbGUuY29tCiAgQXV0aG9yaXphdGlv
bjogQmFzaWMgY3paQ2FHUlNhM0YwTXpwbldERm1RbUYwTTJKVwogIENvbnRlbnQtVHlwZTogYXBw
bGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkO2NoYXJzZXQ9VVRGLTgKCiAgZ3JhbnRfdHlw
ZT1jbGllbnRfY3JlZGVudGlhbHMKCjwvcHJlPjwvZGl2Pgo8cD4KICAgICAgICAgICAgVGhlIGF1
dGhvcml6YXRpb24gc2VydmVyIE1VU1QgYXV0aGVudGljYXRlIHRoZSBjbGllbnQuCiAgICAgICAg
ICAKPC9wPgo8YSBuYW1lPSJhbmNob3IzNyI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFy
eT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWci
IGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJz
cDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjQu
NC4zIj48L2E+PGgzPjQuNC4zLiZuYnNwOwpBY2Nlc3MgVG9rZW4gUmVzcG9uc2U8L2gzPgoKPHA+
CiAgICAgICAgICAgIElmIHRoZSBhY2Nlc3MgdG9rZW4gcmVxdWVzdCBpcyB2YWxpZCBhbmQgYXV0
aG9yaXplZCwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGlzc3VlcyBhbgogICAgICAgICAgICBh
Y2Nlc3MgdG9rZW4gYXMgZGVzY3JpYmVkIGluIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjdG9rZW4t
cmVzcG9uc2UnPlNlY3Rpb24mbmJzcDs1LjE8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5m
byc+U3VjY2Vzc2Z1bCBSZXNwb25zZTwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4uIEEgcmVmcmVz
aCB0b2tlbiBTSE9VTEQKICAgICAgICAgICAgTk9UIGJlIGluY2x1ZGVkLiBJZiB0aGUgcmVxdWVz
dCBmYWlsZWQgY2xpZW50IGF1dGhlbnRpY2F0aW9uIG9yIGlzIGludmFsaWQsIHRoZQogICAgICAg
ICAgICBhdXRob3JpemF0aW9uIHNlcnZlciByZXR1cm5zIGFuIGVycm9yIHJlc3BvbnNlIGFzIGRl
c2NyaWJlZCBpbgogICAgICAgICAgICA8YSBjbGFzcz0naW5mbycgaHJlZj0nI3Rva2VuLWVycm9y
cyc+U2VjdGlvbiZuYnNwOzUuMjxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5FcnJv
ciBSZXNwb25zZTwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4uCiAgICAgICAgICAKPC9wPgo8cD4K
ICAgICAgICAgICAgICBBbiBleGFtcGxlIHN1Y2Nlc3NmdWwgcmVzcG9uc2U6CiAgICAgICAgICAg
IAo8L3A+PGRpdiBzdHlsZT0nZGlzcGxheTogdGFibGU7IHdpZHRoOiAwOyBtYXJnaW4tbGVmdDog
M2VtOyBtYXJnaW4tcmlnaHQ6IGF1dG8nPjxwcmU+CgogIEhUVFAvMS4xIDIwMCBPSwogIENvbnRl
bnQtVHlwZTogYXBwbGljYXRpb24vanNvbjtjaGFyc2V0PVVURi04CiAgQ2FjaGUtQ29udHJvbDog
bm8tc3RvcmUKICBQcmFnbWE6IG5vLWNhY2hlCgogIHsKICAgICJhY2Nlc3NfdG9rZW4iOiIyWW90
bkZaRkVqcjF6Q3NpY01XcEFBIiwKICAgICJ0b2tlbl90eXBlIjoiZXhhbXBsZSIsCiAgICAiZXhw
aXJlc19pbiI6MzYwMCwKICAgICJleGFtcGxlX3BhcmFtZXRlciI6ImV4YW1wbGVfdmFsdWUiCiAg
fQoKPC9wcmU+PC9kaXY+CjxhIG5hbWU9ImFuY2hvcjM4Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJs
ZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9
IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0
b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNl
Y3Rpb24uNC41Ij48L2E+PGgzPjQuNS4mbmJzcDsKRXh0ZW5zaW9uIEdyYW50czwvaDM+Cgo8cD4K
ICAgICAgICAgIFRoZSBjbGllbnQgdXNlcyBhbiBleHRlbnNpb24gZ3JhbnQgdHlwZSBieSBzcGVj
aWZ5aW5nIHRoZSBncmFudCB0eXBlIHVzaW5nIGFuCiAgICAgICAgICBhYnNvbHV0ZSBVUkkgKGRl
ZmluZWQgYnkgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyKSBhcyB0aGUgdmFsdWUgb2YgdGhlCiAg
ICAgICAgICA8dHQ+Z3JhbnRfdHlwZTwvdHQ+IHBhcmFtZXRlciBvZiB0aGUgdG9rZW4gZW5kcG9p
bnQsIGFuZCBieQogICAgICAgICAgYWRkaW5nIGFueSBhZGRpdGlvbmFsIHBhcmFtZXRlcnMgbmVj
ZXNzYXJ5LgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICBGb3IgZXhhbXBsZSwgdG8gcmVx
dWVzdCBhbiBhY2Nlc3MgdG9rZW4gdXNpbmcgYSBTQU1MIDIuMCBhc3NlcnRpb24gZ3JhbnQgdHlw
ZSBhcwogICAgICAgICAgICBkZWZpbmVkIGJ5IDxhIGNsYXNzPSdpbmZvJyBocmVmPScjSS1ELmll
dGYtb2F1dGgtc2FtbDItYmVhcmVyJz5bSSYjODIwOTtELmlldGYmIzgyMDk7b2F1dGgmIzgyMDk7
c2FtbDImIzgyMDk7YmVhcmVyXTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5Nb3J0
aW1vcmUsIEMuLCAmbGRxdW87U0FNTCAyLjAgQmVhcmVyIEFzc2VydGlvbiBQcm9maWxlcyBmb3Ig
T0F1dGggMi4wLCZyZHF1bzsgTWF5Jm5ic3A7MjAxMi48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+
LCB0aGUgY2xpZW50IG1ha2VzIHRoZQogICAgICAgICAgICBmb2xsb3dpbmcgSFRUUCByZXF1ZXN0
IHVzaW5nIFRMUyAobGluZSBicmVha3MgYXJlIGZvciBkaXNwbGF5IHB1cnBvc2VzIG9ubHkpOgog
ICAgICAgICAgCjwvcD48ZGl2IHN0eWxlPSdkaXNwbGF5OiB0YWJsZTsgd2lkdGg6IDA7IG1hcmdp
bi1sZWZ0OiAzZW07IG1hcmdpbi1yaWdodDogYXV0byc+PHByZT4KCiAgUE9TVCAvdG9rZW4gSFRU
UC8xLjEKICBIb3N0OiBzZXJ2ZXIuZXhhbXBsZS5jb20KICBDb250ZW50LVR5cGU6IGFwcGxpY2F0
aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZDtjaGFyc2V0PVVURi04CgogIGdyYW50X3R5cGU9dXJu
JTNBaWV0ZiUzQXBhcmFtcyUzQW9hdXRoJTNBZ3JhbnQtdHlwZSUzQXNhbWwyLQogIGJlYXJlciZh
bXA7YXNzZXJ0aW9uPVBFRnpjMlZ5ZEdsdmJpQkpjM04xWlVsdWMzUmhiblE5SWpJd01URXRNRFUK
ICBbLi4ub21pdHRlZCBmb3IgYnJldml0eS4uLl1hRzVUZEdGMFpXMWxiblEtUEM5QmMzTmxjblJw
YjI0LQoKPC9wcmU+PC9kaXY+CjxwPgogICAgICAgICAgSWYgdGhlIGFjY2VzcyB0b2tlbiByZXF1
ZXN0IGlzIHZhbGlkIGFuZCBhdXRob3JpemVkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgaXNz
dWVzIGFuCiAgICAgICAgICBhY2Nlc3MgdG9rZW4gYW5kIG9wdGlvbmFsIHJlZnJlc2ggdG9rZW4g
YXMgZGVzY3JpYmVkIGluIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjdG9rZW4tcmVzcG9uc2UnPlNl
Y3Rpb24mbmJzcDs1LjE8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+U3VjY2Vzc2Z1
bCBSZXNwb25zZTwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4uCiAgICAgICAgICBJZiB0aGUgcmVx
dWVzdCBmYWlsZWQgY2xpZW50IGF1dGhlbnRpY2F0aW9uIG9yIGlzIGludmFsaWQsIHRoZSBhdXRo
b3JpemF0aW9uIHNlcnZlciByZXR1cm5zCiAgICAgICAgICBhbiBlcnJvciByZXNwb25zZSBhcyBk
ZXNjcmliZWQgaW4gPGEgY2xhc3M9J2luZm8nIGhyZWY9JyN0b2tlbi1lcnJvcnMnPlNlY3Rpb24m
bmJzcDs1LjI8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+RXJyb3IgUmVzcG9uc2U8
L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LgogICAgICAgIAo8L3A+CjxhIG5hbWU9InRva2VuLWlz
c3VlIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5n
PSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRk
IGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwv
dHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uNSI+PC9hPjxoMz41LiZuYnNwOwpJc3N1
aW5nIGFuIEFjY2VzcyBUb2tlbjwvaDM+Cgo8cD4KICAgICAgICBJZiB0aGUgYWNjZXNzIHRva2Vu
IHJlcXVlc3QgaXMgdmFsaWQgYW5kIGF1dGhvcml6ZWQsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZl
ciBpc3N1ZXMgYW4KICAgICAgICBhY2Nlc3MgdG9rZW4gYW5kIG9wdGlvbmFsIHJlZnJlc2ggdG9r
ZW4gYXMgZGVzY3JpYmVkIGluIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjdG9rZW4tcmVzcG9uc2Un
PlNlY3Rpb24mbmJzcDs1LjE8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+U3VjY2Vz
c2Z1bCBSZXNwb25zZTwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4uCiAgICAgICAgSWYgdGhlIHJl
cXVlc3QgZmFpbGVkIGNsaWVudCBhdXRoZW50aWNhdGlvbiBvciBpcyBpbnZhbGlkLCB0aGUgYXV0
aG9yaXphdGlvbiBzZXJ2ZXIgcmV0dXJucwogICAgICAgIGFuIGVycm9yIHJlc3BvbnNlIGFzIGRl
c2NyaWJlZCBpbiA8YSBjbGFzcz0naW5mbycgaHJlZj0nI3Rva2VuLWVycm9ycyc+U2VjdGlvbiZu
YnNwOzUuMjxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5FcnJvciBSZXNwb25zZTwv
c3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4uCiAgICAgIAo8L3A+CjxhIG5hbWU9InRva2VuLXJlc3Bv
bnNlIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5n
PSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRk
IGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwv
dHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uNS4xIj48L2E+PGgzPjUuMS4mbmJzcDsK
U3VjY2Vzc2Z1bCBSZXNwb25zZTwvaDM+Cgo8cD4KICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9u
IHNlcnZlciBpc3N1ZXMgYW4gYWNjZXNzIHRva2VuIGFuZCBvcHRpb25hbCByZWZyZXNoIHRva2Vu
LCBhbmQKICAgICAgICAgIGNvbnN0cnVjdHMgdGhlIHJlc3BvbnNlIGJ5IGFkZGluZyB0aGUgZm9s
bG93aW5nIHBhcmFtZXRlcnMgdG8gdGhlIGVudGl0eSBib2R5IG9mIHRoZSBIVFRQCiAgICAgICAg
ICByZXNwb25zZSB3aXRoIGEgMjAwIChPSykgc3RhdHVzIGNvZGU6CiAgICAgICAgCjwvcD4KPHA+
CiAgICAgICAgICA8L3A+CjxibG9ja3F1b3RlIGNsYXNzPSJ0ZXh0Ij48ZGw+CjxkdD5hY2Nlc3Nf
dG9rZW48L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgUkVRVUlSRUQuIFRo
ZSBhY2Nlc3MgdG9rZW4gaXNzdWVkIGJ5IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4KICAgICAg
ICAgICAgCjwvZGQ+CjxkdD50b2tlbl90eXBlPC9kdD4KPGRkPgogICAgICAgICAgICAgIAogICAg
ICAgICAgICAgIFJFUVVJUkVELiBUaGUgdHlwZSBvZiB0aGUgdG9rZW4gaXNzdWVkIGFzIGRlc2Ny
aWJlZCBpbiA8YSBjbGFzcz0naW5mbycgaHJlZj0nI3Rva2VuLXR5cGVzJz5TZWN0aW9uJm5ic3A7
Ny4xPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkFjY2VzcyBUb2tlbiBUeXBlczwv
c3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4uCiAgICAgICAgICAgICAgVmFsdWUgaXMgY2FzZSBpbnNl
bnNpdGl2ZS4KICAgICAgICAgICAgCjwvZGQ+CjxkdD5leHBpcmVzX2luPC9kdD4KPGRkPgogICAg
ICAgICAgICAgIAogICAgICAgICAgICAgIFJFQ09NTUVOREVELiBUaGUgbGlmZXRpbWUgaW4gc2Vj
b25kcyBvZiB0aGUgYWNjZXNzIHRva2VuLiBGb3IgZXhhbXBsZSwgdGhlIHZhbHVlCiAgICAgICAg
ICAgICAgPHR0PjM2MDA8L3R0PiBkZW5vdGVzIHRoYXQgdGhlIGFjY2VzcyB0b2tlbiB3aWxsIGV4
cGlyZSBpbiBvbmUKICAgICAgICAgICAgICBob3VyIGZyb20gdGhlIHRpbWUgdGhlIHJlc3BvbnNl
IHdhcyBnZW5lcmF0ZWQuIElmIG9taXR0ZWQsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcgogICAg
ICAgICAgICAgIFNIT1VMRCBwcm92aWRlIHRoZSBleHBpcmF0aW9uIHRpbWUgdmlhIG90aGVyIG1l
YW5zIG9yIGRvY3VtZW50IHRoZSBkZWZhdWx0IHZhbHVlLgogICAgICAgICAgICAKPC9kZD4KPGR0
PnJlZnJlc2hfdG9rZW48L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgT1BU
SU9OQUwuIFRoZSByZWZyZXNoIHRva2VuIHdoaWNoIGNhbiBiZSB1c2VkIHRvIG9idGFpbiBuZXcg
YWNjZXNzIHRva2VucyB1c2luZyB0aGUKICAgICAgICAgICAgICBzYW1lIGF1dGhvcml6YXRpb24g
Z3JhbnQgYXMgZGVzY3JpYmVkIGluIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjdG9rZW4tcmVmcmVz
aCc+U2VjdGlvbiZuYnNwOzY8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+UmVmcmVz
aGluZyBhbiBBY2Nlc3MgVG9rZW48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LgogICAgICAgICAg
ICAKPC9kZD4KPGR0PnNjb3BlPC9kdD4KPGRkPgogICAgICAgICAgICAgIAogICAgICAgICAgICAg
IE9QVElPTkFMLCBpZiBpZGVudGljYWwgdG8gdGhlIHNjb3BlIHJlcXVlc3RlZCBieSB0aGUgY2xp
ZW50LCBvdGhlcndpc2UgUkVRVUlSRUQuIFRoZQogICAgICAgICAgICAgIHNjb3BlIG9mIHRoZSBh
Y2Nlc3MgdG9rZW4gYXMgZGVzY3JpYmVkIGJ5IDxhIGNsYXNzPSdpbmZvJyBocmVmPScjc2NvcGUn
PlNlY3Rpb24mbmJzcDszLjM8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+QWNjZXNz
IFRva2VuIFNjb3BlPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4KICAgICAgICAgICAgCjwvZGQ+
CjwvZGw+PC9ibG9ja3F1b3RlPjxwPgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgVGhlIHBh
cmFtZXRlcnMgYXJlIGluY2x1ZGVkIGluIHRoZSBlbnRpdHkgYm9keSBvZiB0aGUgSFRUUCByZXNw
b25zZSB1c2luZyB0aGUKICAgICAgICAgIDx0dD5hcHBsaWNhdGlvbi9qc29uPC90dD4gbWVkaWEg
dHlwZSBhcyBkZWZpbmVkIGJ5CiAgICAgICAgICA8YSBjbGFzcz0naW5mbycgaHJlZj0nI1JGQzQ2
MjcnPltSRkM0NjI3XTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5Dcm9ja2ZvcmQs
IEQuLCAmbGRxdW87VGhlIGFwcGxpY2F0aW9uL2pzb24gTWVkaWEgVHlwZSBmb3IgSmF2YVNjcmlw
dCBPYmplY3QgTm90YXRpb24gKEpTT04pLCZyZHF1bzsgSnVseSZuYnNwOzIwMDYuPC9zcGFuPjxz
cGFuPik8L3NwYW4+PC9hPi4gVGhlIHBhcmFtZXRlcnMgYXJlIHNlcmlhbGl6ZWQgaW50byBhIEpT
T04gc3RydWN0dXJlIGJ5CiAgICAgICAgICBhZGRpbmcgZWFjaCBwYXJhbWV0ZXIgYXQgdGhlIGhp
Z2hlc3Qgc3RydWN0dXJlIGxldmVsLiBQYXJhbWV0ZXIgbmFtZXMgYW5kIHN0cmluZyB2YWx1ZXMK
ICAgICAgICAgIGFyZSBpbmNsdWRlZCBhcyBKU09OIHN0cmluZ3MuIE51bWVyaWNhbCB2YWx1ZXMg
YXJlIGluY2x1ZGVkIGFzIEpTT04gbnVtYmVycy4gVGhlIG9yZGVyIG9mCiAgICAgICAgICBwYXJh
bWV0ZXJzIGRvZXMgbm90IG1hdHRlciBhbmQgY2FuIHZhcnkuCiAgICAgICAgCjwvcD4KPHA+CiAg
ICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBpbmNsdWRlIHRoZSBIVFRQCiAg
ICAgICAgICA8dHQ+Q2FjaGUtQ29udHJvbDwvdHQ+IHJlc3BvbnNlIGhlYWRlciBmaWVsZCA8YSBj
bGFzcz0naW5mbycgaHJlZj0nI1JGQzI2MTYnPltSRkMyNjE2XTxzcGFuPiAoPC9zcGFuPjxzcGFu
IGNsYXNzPSdpbmZvJz5GaWVsZGluZywgUi4sIEdldHR5cywgSi4sIE1vZ3VsLCBKLiwgRnJ5c3R5
aywgSC4sIE1hc2ludGVyLCBMLiwgTGVhY2gsIFAuLCBhbmQgVC4gQmVybmVycy1MZWUsICZsZHF1
bztIeXBlcnRleHQgVHJhbnNmZXIgUHJvdG9jb2wgLS0gSFRUUC8xLjEsJnJkcXVvOyBKdW5lJm5i
c3A7MTk5OS48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+CiAgICAgICAgICB3aXRoIGEgdmFsdWUg
b2YgPHR0Pm5vLXN0b3JlPC90dD4gaW4gYW55IHJlc3BvbnNlIGNvbnRhaW5pbmcgdG9rZW5zLAog
ICAgICAgICAgY3JlZGVudGlhbHMsIG9yIG90aGVyIHNlbnNpdGl2ZSBpbmZvcm1hdGlvbiwgYXMg
d2VsbCBhcyB0aGUKICAgICAgICAgIDx0dD5QcmFnbWE8L3R0PiByZXNwb25zZSBoZWFkZXIgZmll
bGQgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNSRkMyNjE2Jz5bUkZDMjYxNl08c3Bhbj4gKDwvc3Bh
bj48c3BhbiBjbGFzcz0naW5mbyc+RmllbGRpbmcsIFIuLCBHZXR0eXMsIEouLCBNb2d1bCwgSi4s
IEZyeXN0eWssIEguLCBNYXNpbnRlciwgTC4sIExlYWNoLCBQLiwgYW5kIFQuIEJlcm5lcnMtTGVl
LCAmbGRxdW87SHlwZXJ0ZXh0IFRyYW5zZmVyIFByb3RvY29sIC0tIEhUVFAvMS4xLCZyZHF1bzsg
SnVuZSZuYnNwOzE5OTkuPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPiB3aXRoIGEKICAgICAgICAg
IHZhbHVlIG9mIDx0dD5uby1jYWNoZTwvdHQ+LgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAg
ICBGb3IgZXhhbXBsZToKICAgICAgICAgIAo8L3A+PGRpdiBzdHlsZT0nZGlzcGxheTogdGFibGU7
IHdpZHRoOiAwOyBtYXJnaW4tbGVmdDogM2VtOyBtYXJnaW4tcmlnaHQ6IGF1dG8nPjxwcmU+Cgog
IEhUVFAvMS4xIDIwMCBPSwogIENvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vanNvbjtjaGFyc2V0
PVVURi04CiAgQ2FjaGUtQ29udHJvbDogbm8tc3RvcmUKICBQcmFnbWE6IG5vLWNhY2hlCgogIHsK
ICAgICJhY2Nlc3NfdG9rZW4iOiIyWW90bkZaRkVqcjF6Q3NpY01XcEFBIiwKICAgICJ0b2tlbl90
eXBlIjoiZXhhbXBsZSIsCiAgICAiZXhwaXJlc19pbiI6MzYwMCwKICAgICJyZWZyZXNoX3Rva2Vu
IjoidEd6djNKT2tGMFhHNVF4MlRsS1dJQSIsCiAgICAiZXhhbXBsZV9wYXJhbWV0ZXIiOiJleGFt
cGxlX3ZhbHVlIgogIH0KCjwvcHJlPjwvZGl2Pgo8cD4KICAgICAgICAgIFRoZSBjbGllbnQgTVVT
VCBpZ25vcmUgdW5yZWNvZ25pemVkIHZhbHVlIG5hbWVzIGluIHRoZSByZXNwb25zZS4gVGhlIHNp
emVzIG9mIHRva2VucyBhbmQKICAgICAgICAgIG90aGVyIHZhbHVlcyByZWNlaXZlZCBmcm9tIHRo
ZSBhdXRob3JpemF0aW9uIHNlcnZlciBhcmUgbGVmdCB1bmRlZmluZWQuIFRoZSBjbGllbnQgc2hv
dWxkCiAgICAgICAgICBhdm9pZCBtYWtpbmcgYXNzdW1wdGlvbnMgYWJvdXQgdmFsdWUgc2l6ZXMu
IFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBTSE9VTEQgZG9jdW1lbnQgdGhlCiAgICAgICAgICBz
aXplIG9mIGFueSB2YWx1ZSBpdCBpc3N1ZXMuCiAgICAgICAgCjwvcD4KPGEgbmFtZT0idG9rZW4t
ZXJyb3JzIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRk
aW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+
PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3Rk
PjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uNS4yIj48L2E+PGgzPjUuMi4mbmJz
cDsKRXJyb3IgUmVzcG9uc2U8L2gzPgoKPHA+CiAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBz
ZXJ2ZXIgcmVzcG9uZHMgd2l0aCBhbiBIVFRQIDQwMCAoQmFkIFJlcXVlc3QpIHN0YXR1cyBjb2Rl
ICh1bmxlc3MKICAgICAgICAgIHNwZWNpZmllZCBvdGhlcndpc2UpIGFuZCBpbmNsdWRlcyB0aGUg
Zm9sbG93aW5nIHBhcmFtZXRlcnMgd2l0aCB0aGUgcmVzcG9uc2U6CiAgICAgICAgCjwvcD4KPHA+
CiAgICAgICAgICA8L3A+CjxibG9ja3F1b3RlIGNsYXNzPSJ0ZXh0Ij48ZGw+CjxkdD5lcnJvcjwv
ZHQ+CjxkZD4KICAgICAgICAgICAgICAKICAgICAgICAgICAgICBSRVFVSVJFRC4gQSBzaW5nbGUg
QVNDSUkgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNVU0FTQ0lJJz5bVVNBU0NJSV08c3Bhbj4gKDwv
c3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+QW1lcmljYW4gTmF0aW9uYWwgU3RhbmRhcmRzIEluc3Rp
dHV0ZSwgJmxkcXVvO0NvZGVkIENoYXJhY3RlciBTZXQgLS0gNy1iaXQgQW1lcmljYW4gU3RhbmRh
cmQgQ29kZSBmb3IgSW5mb3JtYXRpb24gSW50ZXJjaGFuZ2UsJnJkcXVvOyAxOTg2Ljwvc3Bhbj48
c3Bhbj4pPC9zcGFuPjwvYT4gZXJyb3IgY29kZSBmcm9tIHRoZSBmb2xsb3dpbmc6CgogICAgICAg
ICAgICAgIAo8YmxvY2txdW90ZSBjbGFzcz0idGV4dCI+PGRsPgo8ZHQ+aW52YWxpZF9yZXF1ZXN0
PC9kdD4KPGRkPgogICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgVGhlIHJlcXVl
c3QgaXMgbWlzc2luZyBhIHJlcXVpcmVkIHBhcmFtZXRlciwgaW5jbHVkZXMgYW4gdW5zdXBwb3J0
ZWQKICAgICAgICAgICAgICAgICAgcGFyYW1ldGVyIHZhbHVlIChvdGhlciB0aGFuIGdyYW50IHR5
cGUpLCByZXBlYXRzIGEgcGFyYW1ldGVyLCBpbmNsdWRlcyBtdWx0aXBsZQogICAgICAgICAgICAg
ICAgICBjcmVkZW50aWFscywgdXRpbGl6ZXMgbW9yZSB0aGFuIG9uZSBtZWNoYW5pc20gZm9yIGF1
dGhlbnRpY2F0aW5nIHRoZSBjbGllbnQsCiAgICAgICAgICAgICAgICAgIG9yIGlzIG90aGVyd2lz
ZSBtYWxmb3JtZWQuCiAgICAgICAgICAgICAgICAKPC9kZD4KPGR0PmludmFsaWRfY2xpZW50PC9k
dD4KPGRkPgogICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgQ2xpZW50IGF1dGhl
bnRpY2F0aW9uIGZhaWxlZCAoZS5nLiB1bmtub3duIGNsaWVudCwgbm8gY2xpZW50IGF1dGhlbnRp
Y2F0aW9uCiAgICAgICAgICAgICAgICAgIGluY2x1ZGVkLCBvciB1bnN1cHBvcnRlZCBhdXRoZW50
aWNhdGlvbiBtZXRob2QpLiBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTUFZCiAgICAgICAgICAg
ICAgICAgIHJldHVybiBhbiBIVFRQIDQwMSAoVW5hdXRob3JpemVkKSBzdGF0dXMgY29kZSB0byBp
bmRpY2F0ZSB3aGljaCBIVFRQCiAgICAgICAgICAgICAgICAgIGF1dGhlbnRpY2F0aW9uIHNjaGVt
ZXMgYXJlIHN1cHBvcnRlZC4gSWYgdGhlIGNsaWVudCBhdHRlbXB0ZWQgdG8gYXV0aGVudGljYXRl
IHZpYQogICAgICAgICAgICAgICAgICB0aGUgPHR0PkF1dGhvcml6YXRpb248L3R0PiByZXF1ZXN0
IGhlYWRlciBmaWVsZCwKICAgICAgICAgICAgICAgICAgdGhlIGF1dGhvcml6YXRpb24gc2VydmVy
IE1VU1QgcmVzcG9uZCB3aXRoIGFuIEhUVFAgNDAxIChVbmF1dGhvcml6ZWQpIHN0YXR1cwogICAg
ICAgICAgICAgICAgICBjb2RlLCBhbmQgaW5jbHVkZSB0aGUgPHR0PldXVy1BdXRoZW50aWNhdGU8
L3R0PiByZXNwb25zZQogICAgICAgICAgICAgICAgICBoZWFkZXIgZmllbGQgbWF0Y2hpbmcgdGhl
IGF1dGhlbnRpY2F0aW9uIHNjaGVtZSB1c2VkIGJ5IHRoZSBjbGllbnQuCiAgICAgICAgICAgICAg
ICAKPC9kZD4KPGR0PmludmFsaWRfZ3JhbnQ8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAgIAog
ICAgICAgICAgICAgICAgICBUaGUgcHJvdmlkZWQgYXV0aG9yaXphdGlvbiBncmFudCAoZS5nLiBh
dXRob3JpemF0aW9uIGNvZGUsIHJlc291cmNlIG93bmVyCiAgICAgICAgICAgICAgICAgIGNyZWRl
bnRpYWxzKSBvciByZWZyZXNoIHRva2VuIGlzIGludmFsaWQsIGV4cGlyZWQsIHJldm9rZWQsIGRv
ZXMgbm90IG1hdGNoIHRoZQogICAgICAgICAgICAgICAgICByZWRpcmVjdGlvbiBVUkkgdXNlZCBp
biB0aGUgYXV0aG9yaXphdGlvbiByZXF1ZXN0LCBvciB3YXMgaXNzdWVkIHRvIGFub3RoZXIKICAg
ICAgICAgICAgICAgICAgY2xpZW50LgogICAgICAgICAgICAgICAgCjwvZGQ+CjxkdD51bmF1dGhv
cml6ZWRfY2xpZW50PC9kdD4KPGRkPgogICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAg
ICAgVGhlIGF1dGhlbnRpY2F0ZWQgY2xpZW50IGlzIG5vdCBhdXRob3JpemVkIHRvIHVzZSB0aGlz
IGF1dGhvcml6YXRpb24gZ3JhbnQgdHlwZS4KICAgICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+dW5z
dXBwb3J0ZWRfZ3JhbnRfdHlwZTwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgICAgCiAgICAgICAg
ICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIGdyYW50IHR5cGUgaXMgbm90IHN1cHBvcnRlZCBi
eSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuCiAgICAgICAgICAgICAgICAKPC9kZD4KPGR0Pmlu
dmFsaWRfc2NvcGU8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAg
ICBUaGUgcmVxdWVzdGVkIHNjb3BlIGlzIGludmFsaWQsIHVua25vd24sIG1hbGZvcm1lZCwgb3Ig
ZXhjZWVkcyB0aGUgc2NvcGUgZ3JhbnRlZAogICAgICAgICAgICAgICAgICBieSB0aGUgcmVzb3Vy
Y2Ugb3duZXIuCiAgICAgICAgICAgICAgICAKPC9kZD4KPC9kbD48L2Jsb2NrcXVvdGU+CgoJICAg
ICAgVmFsdWVzIGZvciB0aGUgPHR0PmVycm9yPC90dD4gcGFyYW1ldGVyIE1VU1QgTk9UIGluY2x1
ZGUKCSAgICAgIGNoYXJhY3RlcnMgb3V0c2lkZSB0aGUgc2V0ICV4MjAtMjEgLyAleDIzLTVCIC8g
JXg1RC03RS4KICAgICAgICAgICAgCjwvZGQ+CjxkdD5lcnJvcl9kZXNjcmlwdGlvbjwvZHQ+Cjxk
ZD4KICAgICAgICAgICAgICAKICAgICAgICAgICAgICBPUFRJT05BTC4gQSBodW1hbi1yZWFkYWJs
ZSBBU0NJSSA8YSBjbGFzcz0naW5mbycgaHJlZj0nI1VTQVNDSUknPltVU0FTQ0lJXTxzcGFuPiAo
PC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5BbWVyaWNhbiBOYXRpb25hbCBTdGFuZGFyZHMgSW5z
dGl0dXRlLCAmbGRxdW87Q29kZWQgQ2hhcmFjdGVyIFNldCAtLSA3LWJpdCBBbWVyaWNhbiBTdGFu
ZGFyZCBDb2RlIGZvciBJbmZvcm1hdGlvbiBJbnRlcmNoYW5nZSwmcmRxdW87IDE5ODYuPC9zcGFu
PjxzcGFuPik8L3NwYW4+PC9hPiB0ZXh0IHByb3ZpZGluZyBhZGRpdGlvbmFsIGluZm9ybWF0aW9u
LAogICAgICAgICAgICAgIHVzZWQgdG8gYXNzaXN0IHRoZSBjbGllbnQgZGV2ZWxvcGVyIGluIHVu
ZGVyc3RhbmRpbmcgdGhlIGVycm9yIHRoYXQgb2NjdXJyZWQuCgkgICAgICA8YnIgLz4KCgkgICAg
ICBWYWx1ZXMgZm9yIHRoZSA8dHQ+ZXJyb3JfZGVzY3JpcHRpb248L3R0PiBwYXJhbWV0ZXIgTVVT
VCBOT1QgaW5jbHVkZQoJICAgICAgY2hhcmFjdGVycyBvdXRzaWRlIHRoZSBzZXQgJXgyMC0yMSAv
ICV4MjMtNUIgLyAleDVELTdFLgogICAgICAgICAgICAKPC9kZD4KPGR0PmVycm9yX3VyaTwvZHQ+
CjxkZD4KICAgICAgICAgICAgICAKICAgICAgICAgICAgICBPUFRJT05BTC4gQSBVUkkgaWRlbnRp
ZnlpbmcgYSBodW1hbi1yZWFkYWJsZSB3ZWIgcGFnZSB3aXRoIGluZm9ybWF0aW9uIGFib3V0IHRo
ZQogICAgICAgICAgICAgIGVycm9yLCB1c2VkIHRvIHByb3ZpZGUgdGhlIGNsaWVudCBkZXZlbG9w
ZXIgd2l0aCBhZGRpdGlvbmFsIGluZm9ybWF0aW9uIGFib3V0IHRoZQogICAgICAgICAgICAgIGVy
cm9yLgoJICAgICAgPGJyIC8+CgoJICAgICAgVmFsdWVzIGZvciB0aGUgPHR0PmVycm9yX3VyaTwv
dHQ+IHBhcmFtZXRlcgoJICAgICAgTVVTVCBjb25mb3JtIHRvIHRoZSBVUkktUmVmZXJlbmNlIHN5
bnRheCwgYW5kIHRodXMgTVVTVCBOT1QgaW5jbHVkZQoJICAgICAgY2hhcmFjdGVycyBvdXRzaWRl
IHRoZSBzZXQgJXgyMSAvICV4MjMtNUIgLyAleDVELTdFLgogICAgICAgICAgICAKPC9kZD4KPC9k
bD48L2Jsb2NrcXVvdGU+PHA+CiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBUaGUgcGFyYW1l
dGVycyBhcmUgaW5jbHVkZWQgaW4gdGhlIGVudGl0eSBib2R5IG9mIHRoZSBIVFRQIHJlc3BvbnNl
IHVzaW5nIHRoZQogICAgICAgICAgPHR0PmFwcGxpY2F0aW9uL2pzb248L3R0PiBtZWRpYSB0eXBl
IGFzIGRlZmluZWQgYnkKICAgICAgICAgIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjUkZDNDYyNyc+
W1JGQzQ2MjddPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkNyb2NrZm9yZCwgRC4s
ICZsZHF1bztUaGUgYXBwbGljYXRpb24vanNvbiBNZWRpYSBUeXBlIGZvciBKYXZhU2NyaXB0IE9i
amVjdCBOb3RhdGlvbiAoSlNPTiksJnJkcXVvOyBKdWx5Jm5ic3A7MjAwNi48L3NwYW4+PHNwYW4+
KTwvc3Bhbj48L2E+LiBUaGUgcGFyYW1ldGVycyBhcmUgc2VyaWFsaXplZCBpbnRvIGEgSlNPTiBz
dHJ1Y3R1cmUgYnkKICAgICAgICAgIGFkZGluZyBlYWNoIHBhcmFtZXRlciBhdCB0aGUgaGlnaGVz
dCBzdHJ1Y3R1cmUgbGV2ZWwuIFBhcmFtZXRlciBuYW1lcyBhbmQgc3RyaW5nIHZhbHVlcwogICAg
ICAgICAgYXJlIGluY2x1ZGVkIGFzIEpTT04gc3RyaW5ncy4gTnVtZXJpY2FsIHZhbHVlcyBhcmUg
aW5jbHVkZWQgYXMgSlNPTiBudW1iZXJzLiBUaGUgb3JkZXIgb2YKICAgICAgICAgIHBhcmFtZXRl
cnMgZG9lcyBub3QgbWF0dGVyIGFuZCBjYW4gdmFyeS4KICAgICAgICAKPC9wPgo8cD4KICAgICAg
ICAgICAgRm9yIGV4YW1wbGU6CiAgICAgICAgICAKPC9wPjxkaXYgc3R5bGU9J2Rpc3BsYXk6IHRh
YmxlOyB3aWR0aDogMDsgbWFyZ2luLWxlZnQ6IDNlbTsgbWFyZ2luLXJpZ2h0OiBhdXRvJz48cHJl
PgoKICBIVFRQLzEuMSA0MDAgQmFkIFJlcXVlc3QKICBDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9u
L2pzb247Y2hhcnNldD1VVEYtOAogIENhY2hlLUNvbnRyb2w6IG5vLXN0b3JlCiAgUHJhZ21hOiBu
by1jYWNoZQoKICB7CiAgICAiZXJyb3IiOiJpbnZhbGlkX3JlcXVlc3QiCiAgfQoKPC9wcmU+PC9k
aXY+CjxhIG5hbWU9InRva2VuLXJlZnJlc2giPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1h
cnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVn
IiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5i
c3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi42
Ij48L2E+PGgzPjYuJm5ic3A7ClJlZnJlc2hpbmcgYW4gQWNjZXNzIFRva2VuPC9oMz4KCjxwPgog
ICAgICAgIElmIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBpc3N1ZWQgYSByZWZyZXNoIHRva2Vu
IHRvIHRoZSBjbGllbnQsIHRoZSBjbGllbnQgbWFrZXMgYQogICAgICAgIHJlZnJlc2ggcmVxdWVz
dCB0byB0aGUgdG9rZW4gZW5kcG9pbnQgYnkgYWRkaW5nIHRoZSBmb2xsb3dpbmcgcGFyYW1ldGVy
cyB1c2luZyB0aGUKICAgICAgICA8dHQ+YXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVk
PC90dD4gZm9ybWF0IGluIHRoZSBIVFRQIHJlcXVlc3QKICAgICAgICBlbnRpdHktYm9keToKICAg
ICAgCjwvcD4KPHA+CiAgICAgICAgPC9wPgo8YmxvY2txdW90ZSBjbGFzcz0idGV4dCI+PGRsPgo8
ZHQ+Z3JhbnRfdHlwZTwvZHQ+CjxkZD4KICAgICAgICAgICAgCiAgICAgICAgICAgIFJFUVVJUkVE
LiBWYWx1ZSBNVVNUIGJlIHNldCB0byA8dHQ+cmVmcmVzaF90b2tlbjwvdHQ+LgogICAgICAgICAg
CjwvZGQ+CjxkdD5yZWZyZXNoX3Rva2VuPC9kdD4KPGRkPgogICAgICAgICAgICAKICAgICAgICAg
ICAgUkVRVUlSRUQuIFRoZSByZWZyZXNoIHRva2VuIGlzc3VlZCB0byB0aGUgY2xpZW50LgogICAg
ICAgICAgCjwvZGQ+CjxkdD5zY29wZTwvZHQ+CjxkZD4KICAgICAgICAgICAgCiAgICAgICAgICAg
IE9QVElPTkFMLiBUaGUgc2NvcGUgb2YgdGhlIGFjY2VzcyByZXF1ZXN0IGFzIGRlc2NyaWJlZCBi
eSA8YSBjbGFzcz0naW5mbycgaHJlZj0nI3Njb3BlJz5TZWN0aW9uJm5ic3A7My4zPHNwYW4+ICg8
L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkFjY2VzcyBUb2tlbiBTY29wZTwvc3Bhbj48c3Bhbj4p
PC9zcGFuPjwvYT4uCiAgICAgICAgICAgIFRoZSByZXF1ZXN0ZWQgc2NvcGUgTVVTVCBOT1QgaW5j
bHVkZSBhbnkgc2NvcGUgbm90IG9yaWdpbmFsbHkgZ3JhbnRlZCBieSB0aGUgcmVzb3VyY2UKICAg
ICAgICAgICAgb3duZXIsIGFuZCBpZiBvbWl0dGVkIGlzIHRyZWF0ZWQgYXMgZXF1YWwgdG8gdGhl
IHNjb3BlIG9yaWdpbmFsbHkgZ3JhbnRlZCBieSB0aGUKICAgICAgICAgICAgcmVzb3VyY2Ugb3du
ZXIuCiAgICAgICAgICAKPC9kZD4KPC9kbD48L2Jsb2NrcXVvdGU+PHA+CiAgICAgIAo8L3A+Cjxw
PgogICAgICAgIEJlY2F1c2UgcmVmcmVzaCB0b2tlbnMgYXJlIHR5cGljYWxseSBsb25nLWxhc3Rp
bmcgY3JlZGVudGlhbHMgdXNlZCB0byByZXF1ZXN0IGFkZGl0aW9uYWwKICAgICAgICBhY2Nlc3Mg
dG9rZW5zLCB0aGUgcmVmcmVzaCB0b2tlbiBpcyBib3VuZCB0byB0aGUgY2xpZW50IHdoaWNoIGl0
IHdhcyBpc3N1ZWQuIElmIHRoZSBjbGllbnQgdHlwZQogICAgICAgIGlzIGNvbmZpZGVudGlhbCBv
ciB0aGUgY2xpZW50IHdhcyBpc3N1ZWQgY2xpZW50IGNyZWRlbnRpYWxzIChvciBhc3NpZ25lZCBv
dGhlcgogICAgICAgIGF1dGhlbnRpY2F0aW9uIHJlcXVpcmVtZW50cyksIHRoZSBjbGllbnQgTVVT
VCBhdXRoZW50aWNhdGUgd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXMKICAgICAgICBk
ZXNjcmliZWQgaW4gPGEgY2xhc3M9J2luZm8nIGhyZWY9JyN0b2tlbi1lbmRwb2ludC1hdXRoJz5T
ZWN0aW9uJm5ic3A7My4yLjE8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+Q2xpZW50
IEF1dGhlbnRpY2F0aW9uPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4KICAgICAgCjwvcD4KPHA+
CiAgICAgICAgICBGb3IgZXhhbXBsZSwgdGhlIGNsaWVudCBtYWtlcyB0aGUgZm9sbG93aW5nIEhU
VFAgcmVxdWVzdCB1c2luZyB0cmFuc3BvcnQtbGF5ZXIKICAgICAgICAgIHNlY3VyaXR5IChleHRy
YSBsaW5lIGJyZWFrcyBhcmUgZm9yIGRpc3BsYXkgcHVycG9zZXMgb25seSk6CiAgICAgICAgCjwv
cD48ZGl2IHN0eWxlPSdkaXNwbGF5OiB0YWJsZTsgd2lkdGg6IDA7IG1hcmdpbi1sZWZ0OiAzZW07
IG1hcmdpbi1yaWdodDogYXV0byc+PHByZT4KCiAgUE9TVCAvdG9rZW4gSFRUUC8xLjEKICBIb3N0
OiBzZXJ2ZXIuZXhhbXBsZS5jb20KICBBdXRob3JpemF0aW9uOiBCYXNpYyBjelpDYUdSU2EzRjBN
enBuV0RGbVFtRjBNMkpXCiAgQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVy
bGVuY29kZWQ7Y2hhcnNldD1VVEYtOAoKICBncmFudF90eXBlPXJlZnJlc2hfdG9rZW4mYW1wO3Jl
ZnJlc2hfdG9rZW49dEd6djNKT2tGMFhHNVF4MlRsS1dJQQoKPC9wcmU+PC9kaXY+CjxwPgogICAg
ICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUOgogICAgICAKPC9wPgo8cD4KICAgICAg
ICA8L3A+Cjx1bCBjbGFzcz0idGV4dCI+CjxsaT4KICAgICAgICAgICAgcmVxdWlyZSBjbGllbnQg
YXV0aGVudGljYXRpb24gZm9yIGNvbmZpZGVudGlhbCBjbGllbnRzIG9yIGZvciBhbnkgY2xpZW50
IHRoYXQgd2FzCiAgICAgICAgICAgIGlzc3VlZCBjbGllbnQgY3JlZGVudGlhbHMgKG9yIHdpdGgg
b3RoZXIgYXV0aGVudGljYXRpb24gcmVxdWlyZW1lbnRzKSwKICAgICAgICAgIAo8L2xpPgo8bGk+
CiAgICAgICAgICAgIGF1dGhlbnRpY2F0ZSB0aGUgY2xpZW50IGlmIGNsaWVudCBhdXRoZW50aWNh
dGlvbiBpcyBpbmNsdWRlZCBhbmQgZW5zdXJlIHRoZQogICAgICAgICAgICByZWZyZXNoIHRva2Vu
IHdhcyBpc3N1ZWQgdG8gdGhlIGF1dGhlbnRpY2F0ZWQgY2xpZW50LCBhbmQKICAgICAgICAgIAo8
L2xpPgo8bGk+CiAgICAgICAgICAgIHZhbGlkYXRlIHRoZSByZWZyZXNoIHRva2VuLgogICAgICAg
ICAgCjwvbGk+CjwvdWw+PHA+CiAgICAgIAo8L3A+CjxwPgogICAgICAgIElmIHZhbGlkIGFuZCBh
dXRob3JpemVkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgaXNzdWVzIGFuIGFjY2VzcyB0b2tl
biBhcyBkZXNjcmliZWQgaW4KICAgICAgICA8YSBjbGFzcz0naW5mbycgaHJlZj0nI3Rva2VuLXJl
c3BvbnNlJz5TZWN0aW9uJm5ic3A7NS4xPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8n
PlN1Y2Nlc3NmdWwgUmVzcG9uc2U8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LiBJZiB0aGUgcmVx
dWVzdCBmYWlsZWQgdmVyaWZpY2F0aW9uIG9yIGlzIGludmFsaWQsIHRoZQogICAgICAgIGF1dGhv
cml6YXRpb24gc2VydmVyIHJldHVybnMgYW4gZXJyb3IgcmVzcG9uc2UgYXMgZGVzY3JpYmVkIGlu
CiAgICAgICAgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyN0b2tlbi1lcnJvcnMnPlNlY3Rpb24mbmJz
cDs1LjI8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+RXJyb3IgUmVzcG9uc2U8L3Nw
YW4+PHNwYW4+KTwvc3Bhbj48L2E+LgogICAgICAKPC9wPgo8cD4KICAgICAgICBUaGUgYXV0aG9y
aXphdGlvbiBzZXJ2ZXIgTUFZIGlzc3VlIGEgbmV3IHJlZnJlc2ggdG9rZW4sIGluIHdoaWNoIGNh
c2UgdGhlIGNsaWVudCBNVVNUCiAgICAgICAgZGlzY2FyZCB0aGUgb2xkIHJlZnJlc2ggdG9rZW4g
YW5kIHJlcGxhY2UgaXQgd2l0aCB0aGUgbmV3IHJlZnJlc2ggdG9rZW4uIFRoZSBhdXRob3JpemF0
aW9uCiAgICAgICAgc2VydmVyIE1BWSByZXZva2UgdGhlIG9sZCByZWZyZXNoIHRva2VuIGFmdGVy
IGlzc3VpbmcgYSBuZXcgcmVmcmVzaCB0b2tlbiB0byB0aGUgY2xpZW50LiBJZgogICAgICAgIGEg
bmV3IHJlZnJlc2ggdG9rZW4gaXMgaXNzdWVkLCB0aGUgcmVmcmVzaCB0b2tlbiBzY29wZSBNVVNU
IGJlIGlkZW50aWNhbCB0byB0aGF0IG9mIHRoZQogICAgICAgIHJlZnJlc2ggdG9rZW4gaW5jbHVk
ZWQgYnkgdGhlIGNsaWVudCBpbiB0aGUgcmVxdWVzdC4KICAgICAgCjwvcD4KPGEgbmFtZT0iYWNj
ZXNzLXJlc291cmNlIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNl
bGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0
Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwv
YT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uNyI+PC9hPjxoMz43LiZu
YnNwOwpBY2Nlc3NpbmcgUHJvdGVjdGVkIFJlc291cmNlczwvaDM+Cgo8cD4KICAgICAgICBUaGUg
Y2xpZW50IGFjY2Vzc2VzIHByb3RlY3RlZCByZXNvdXJjZXMgYnkgcHJlc2VudGluZyB0aGUgYWNj
ZXNzIHRva2VuIHRvIHRoZSByZXNvdXJjZQogICAgICAgIHNlcnZlci4gVGhlIHJlc291cmNlIHNl
cnZlciBNVVNUIHZhbGlkYXRlIHRoZSBhY2Nlc3MgdG9rZW4gYW5kIGVuc3VyZSBpdCBoYXMgbm90
IGV4cGlyZWQKICAgICAgICBhbmQgdGhhdCBpdHMgc2NvcGUgY292ZXJzIHRoZSByZXF1ZXN0ZWQg
cmVzb3VyY2UuIFRoZSBtZXRob2RzIHVzZWQgYnkgdGhlIHJlc291cmNlIHNlcnZlcgogICAgICAg
IHRvIHZhbGlkYXRlIHRoZSBhY2Nlc3MgdG9rZW4gKGFzIHdlbGwgYXMgYW55IGVycm9yIHJlc3Bv
bnNlcykgYXJlIGJleW9uZCB0aGUgc2NvcGUgb2YgdGhpcwogICAgICAgIHNwZWNpZmljYXRpb24s
IGJ1dCBnZW5lcmFsbHkgaW52b2x2ZSBhbiBpbnRlcmFjdGlvbiBvciBjb29yZGluYXRpb24gYmV0
d2VlbiB0aGUgcmVzb3VyY2UKICAgICAgICBzZXJ2ZXIgYW5kIHRoZSBhdXRob3JpemF0aW9uIHNl
cnZlci4KICAgICAgCjwvcD4KPHA+CiAgICAgICAgVGhlIG1ldGhvZCBpbiB3aGljaCB0aGUgY2xp
ZW50IHV0aWxpemVzIHRoZSBhY2Nlc3MgdG9rZW4gdG8gYXV0aGVudGljYXRlIHdpdGggdGhlIHJl
c291cmNlCiAgICAgICAgc2VydmVyIGRlcGVuZHMgb24gdGhlIHR5cGUgb2YgYWNjZXNzIHRva2Vu
IGlzc3VlZCBieSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuIFR5cGljYWxseSwKICAgICAgICBp
dCBpbnZvbHZlcyB1c2luZyB0aGUgSFRUUCA8dHQ+QXV0aG9yaXphdGlvbjwvdHQ+IHJlcXVlc3Qg
aGVhZGVyIGZpZWxkCiAgICAgICAgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNSRkMyNjE3Jz5bUkZD
MjYxN108c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+RnJhbmtzLCBKLiwgSGFsbGFt
LUJha2VyLCBQLiwgSG9zdGV0bGVyLCBKLiwgTGF3cmVuY2UsIFMuLCBMZWFjaCwgUC4sIEx1b3Rv
bmVuLCBBLiwgYW5kIEwuIFN0ZXdhcnQsICZsZHF1bztIVFRQIEF1dGhlbnRpY2F0aW9uOiBCYXNp
YyBhbmQgRGlnZXN0IEFjY2VzcyBBdXRoZW50aWNhdGlvbiwmcmRxdW87IEp1bmUmbmJzcDsxOTk5
Ljwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4gd2l0aCBhbiBhdXRoZW50aWNhdGlvbiBzY2hlbWUg
ZGVmaW5lZCBieSB0aGUgYWNjZXNzIHRva2VuIHR5cGUKICAgICAgICBzcGVjaWZpY2F0aW9uLgog
ICAgICAKPC9wPgo8YSBuYW1lPSJ0b2tlbi10eXBlcyI+PC9hPjxiciAvPjxociAvPgo8dGFibGUg
c3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJU
T0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9j
Ij4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0
aW9uLjcuMSI+PC9hPjxoMz43LjEuJm5ic3A7CkFjY2VzcyBUb2tlbiBUeXBlczwvaDM+Cgo8cD4K
ICAgICAgICAgIFRoZSBhY2Nlc3MgdG9rZW4gdHlwZSBwcm92aWRlcyB0aGUgY2xpZW50IHdpdGgg
dGhlIGluZm9ybWF0aW9uIHJlcXVpcmVkIHRvIHN1Y2Nlc3NmdWxseQogICAgICAgICAgdXRpbGl6
ZSB0aGUgYWNjZXNzIHRva2VuIHRvIG1ha2UgYSBwcm90ZWN0ZWQgcmVzb3VyY2UgcmVxdWVzdCAo
YWxvbmcgd2l0aCB0eXBlLXNwZWNpZmljCiAgICAgICAgICBhdHRyaWJ1dGVzKS4gVGhlIGNsaWVu
dCBNVVNUIE5PVCB1c2UgYW4gYWNjZXNzIHRva2VuIGlmIGl0IGRvZXMgbm90IHVuZGVyc3RhbmQg
dGhlIHRva2VuCiAgICAgICAgICB0eXBlLgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICBG
b3IgZXhhbXBsZSwgdGhlIDx0dD5iZWFyZXI8L3R0PiB0b2tlbiB0eXBlIGRlZmluZWQgaW4KICAg
ICAgICAgICAgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNJLUQuaWV0Zi1vYXV0aC12Mi1iZWFyZXIn
PltJJiM4MjA5O0QuaWV0ZiYjODIwOTtvYXV0aCYjODIwOTt2MiYjODIwOTtiZWFyZXJdPHNwYW4+
ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkpvbmVzLCBNLiwgSGFyZHQsIEQuLCBhbmQgRC4g
UmVjb3Jkb24sICZsZHF1bztUaGUgT0F1dGggMi4wIEF1dGhvcml6YXRpb24gUHJvdG9jb2w6IEJl
YXJlciBUb2tlbnMsJnJkcXVvOyBBcHJpbCZuYnNwOzIwMTIuPC9zcGFuPjxzcGFuPik8L3NwYW4+
PC9hPiBpcyB1dGlsaXplZCBieSBzaW1wbHkgaW5jbHVkaW5nIHRoZSBhY2Nlc3MKICAgICAgICAg
ICAgdG9rZW4gc3RyaW5nIGluIHRoZSByZXF1ZXN0OgogICAgICAgICAgCjwvcD48ZGl2IHN0eWxl
PSdkaXNwbGF5OiB0YWJsZTsgd2lkdGg6IDA7IG1hcmdpbi1sZWZ0OiAzZW07IG1hcmdpbi1yaWdo
dDogYXV0byc+PHByZT4KCiAgR0VUIC9yZXNvdXJjZS8xIEhUVFAvMS4xCiAgSG9zdDogZXhhbXBs
ZS5jb20KICBBdXRob3JpemF0aW9uOiBCZWFyZXIgbUZfOS5CNWYtNC4xSnFNCgo8L3ByZT48L2Rp
dj4KPHA+CiAgICAgICAgICAgIHdoaWxlIHRoZSA8dHQ+bWFjPC90dD4gdG9rZW4gdHlwZSBkZWZp
bmVkIGluCiAgICAgICAgICAgIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjSS1ELmlldGYtb2F1dGgt
djItaHR0cC1tYWMnPltJJiM4MjA5O0QuaWV0ZiYjODIwOTtvYXV0aCYjODIwOTt2MiYjODIwOTto
dHRwJiM4MjA5O21hY108c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+SGFtbWVyLUxh
aGF2LCBFLiwgJmxkcXVvO0hUVFAgQXV0aGVudGljYXRpb246IE1BQyBBY2Nlc3MgQXV0aGVudGlj
YXRpb24sJnJkcXVvOyBGZWJydWFyeSZuYnNwOzIwMTIuPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9h
PiBpcyB1dGlsaXplZCBieSBpc3N1aW5nIGEgTUFDIGtleQogICAgICAgICAgICB0b2dldGhlciB3
aXRoIHRoZSBhY2Nlc3MgdG9rZW4gd2hpY2ggaXMgdXNlZCB0byBzaWduIGNlcnRhaW4gY29tcG9u
ZW50cyBvZiB0aGUgSFRUUAogICAgICAgICAgICByZXF1ZXN0czoKICAgICAgICAgIAo8L3A+PGRp
diBzdHlsZT0nZGlzcGxheTogdGFibGU7IHdpZHRoOiAwOyBtYXJnaW4tbGVmdDogM2VtOyBtYXJn
aW4tcmlnaHQ6IGF1dG8nPjxwcmU+CgogIEdFVCAvcmVzb3VyY2UvMSBIVFRQLzEuMQogIEhvc3Q6
IGV4YW1wbGUuY29tCiAgQXV0aG9yaXphdGlvbjogTUFDIGlkPSJoNDgwZGpzOTNoZDgiLAogICAg
ICAgICAgICAgICAgICAgICBub25jZT0iMjc0MzEyOmRqODNoczlzIiwKICAgICAgICAgICAgICAg
ICAgICAgbWFjPSJrRFp2ZGRrbmR4dmhHUlhaaHZ1RGpFV2hHZUU9IgoKPC9wcmU+PC9kaXY+Cjxw
PgogICAgICAgICAgVGhlIGFib3ZlIGV4YW1wbGVzIGFyZSBwcm92aWRlZCBmb3IgaWxsdXN0cmF0
aW9uIHB1cnBvc2VzIG9ubHkuIERldmVsb3BlcnMgYXJlIGFkdmlzZWQgdG8KICAgICAgICAgIGNv
bnN1bHQgdGhlIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjSS1ELmlldGYtb2F1dGgtdjItYmVhcmVy
Jz5bSSYjODIwOTtELmlldGYmIzgyMDk7b2F1dGgmIzgyMDk7djImIzgyMDk7YmVhcmVyXTxzcGFu
PiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5Kb25lcywgTS4sIEhhcmR0LCBELiwgYW5kIEQu
IFJlY29yZG9uLCAmbGRxdW87VGhlIE9BdXRoIDIuMCBBdXRob3JpemF0aW9uIFByb3RvY29sOiBC
ZWFyZXIgVG9rZW5zLCZyZHF1bzsgQXByaWwmbmJzcDsyMDEyLjwvc3Bhbj48c3Bhbj4pPC9zcGFu
PjwvYT4gYW5kCiAgICAgICAgICA8YSBjbGFzcz0naW5mbycgaHJlZj0nI0ktRC5pZXRmLW9hdXRo
LXYyLWh0dHAtbWFjJz5bSSYjODIwOTtELmlldGYmIzgyMDk7b2F1dGgmIzgyMDk7djImIzgyMDk7
aHR0cCYjODIwOTttYWNdPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkhhbW1lci1M
YWhhdiwgRS4sICZsZHF1bztIVFRQIEF1dGhlbnRpY2F0aW9uOiBNQUMgQWNjZXNzIEF1dGhlbnRp
Y2F0aW9uLCZyZHF1bzsgRmVicnVhcnkmbmJzcDsyMDEyLjwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwv
YT4gc3BlY2lmaWNhdGlvbnMgYmVmb3JlIHVzZS4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAg
IEVhY2ggYWNjZXNzIHRva2VuIHR5cGUgZGVmaW5pdGlvbiBzcGVjaWZpZXMgdGhlIGFkZGl0aW9u
YWwgYXR0cmlidXRlcyAoaWYgYW55KSBzZW50IHRvCiAgICAgICAgICB0aGUgY2xpZW50IHRvZ2V0
aGVyIHdpdGggdGhlIDx0dD5hY2Nlc3NfdG9rZW48L3R0PiByZXNwb25zZSBwYXJhbWV0ZXIuCiAg
ICAgICAgICBJdCBhbHNvIGRlZmluZXMgdGhlIEhUVFAgYXV0aGVudGljYXRpb24gbWV0aG9kIHVz
ZWQgdG8gaW5jbHVkZSB0aGUgYWNjZXNzIHRva2VuIHdoZW4KICAgICAgICAgIG1ha2luZyBhIHBy
b3RlY3RlZCByZXNvdXJjZSByZXF1ZXN0LgogICAgICAgIAo8L3A+CjxhIG5hbWU9InJlc291cmNl
LWVycm9ycyI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFk
ZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRy
Pjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90
ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjcuMiI+PC9hPjxoMz43LjIuJm5i
c3A7CkVycm9yIFJlc3BvbnNlPC9oMz4KCjxwPgoJICBJZiBhIHJlc291cmNlIGFjY2VzcyByZXF1
ZXN0IGZhaWxzLCB0aGUgcmVzb3VyY2Ugc2VydmVyIFNIT1VMRCBpbmZvcm0KCSAgdGhlIGNsaWVu
dCBvZiB0aGUgZXJyb3IuICBXaGlsZSB0aGUgc3BlY2lmaWMgZXJyb3IgcmVzcG9uc2VzIHBvc3Np
YmxlCgkgIGFuZCBtZXRob2RzIGZvciB0cmFuc21pdHRpbmcgdGhvc2UgZXJyb3JzIHdoZW4gdXNp
bmcgYW55IHBhcnRpY3VsYXIKCSAgYWNjZXNzIHRva2VuIHR5cGUgYXJlIGJleW9uZCB0aGUgc2Nv
cGUgb2YgdGhpcyBzcGVjaWZpY2F0aW9uLAoJICBhbnkgZXJyb3IgY29kZXMgZGVmaW5lZCBmb3Ig
dXNlIHdpdGggT0F1dGggcmVzb3VyY2UgYWNjZXNzIG1ldGhvZHMKCSAgTVVTVCBiZSByZWdpc3Rl
cmVkCgkgIChmb2xsb3dpbmcgdGhlIHByb2NlZHVyZXMgaW4gPGEgY2xhc3M9J2luZm8nIGhyZWY9
JyNlcnJvci1yZWdpc3RyeSc+U2VjdGlvbiZuYnNwOzExLjQ8c3Bhbj4gKDwvc3Bhbj48c3BhbiBj
bGFzcz0naW5mbyc+VGhlIE9BdXRoIEV4dGVuc2lvbnMgRXJyb3IgUmVnaXN0cnk8L3NwYW4+PHNw
YW4+KTwvc3Bhbj48L2E+KS4KCQo8L3A+CjxhIG5hbWU9ImV4dGVuc2lvbnMiPjwvYT48YnIgLz48
aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5n
PSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+
PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBu
YW1lPSJyZmMuc2VjdGlvbi44Ij48L2E+PGgzPjguJm5ic3A7CkV4dGVuc2liaWxpdHk8L2gzPgoK
PGEgbmFtZT0ibmV3LXR5cGVzIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlv
dXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249
InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZu
YnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uOC4xIj48L2E+
PGgzPjguMS4mbmJzcDsKRGVmaW5pbmcgQWNjZXNzIFRva2VuIFR5cGVzPC9oMz4KCjxwPgogICAg
ICAgICAgQWNjZXNzIHRva2VuIHR5cGVzIGNhbiBiZSBkZWZpbmVkIGluIG9uZSBvZiB0d28gd2F5
czogcmVnaXN0ZXJlZCBpbiB0aGUgYWNjZXNzIHRva2VuIHR5cGUKICAgICAgICAgIHJlZ2lzdHJ5
IChmb2xsb3dpbmcgdGhlIHByb2NlZHVyZXMgaW4gPGEgY2xhc3M9J2luZm8nIGhyZWY9JyN0eXBl
LXJlZ2lzdHJ5Jz5TZWN0aW9uJm5ic3A7MTEuMTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdp
bmZvJz5UaGUgT0F1dGggQWNjZXNzIFRva2VuIFR5cGUgUmVnaXN0cnk8L3NwYW4+PHNwYW4+KTwv
c3Bhbj48L2E+KSwgb3IgYnkgdXNpbmcgYQogICAgICAgICAgdW5pcXVlIGFic29sdXRlIFVSSSBh
cyBpdHMgbmFtZS4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIFR5cGVzIHV0aWxpemluZyBh
IFVSSSBuYW1lIFNIT1VMRCBiZSBsaW1pdGVkIHRvIHZlbmRvci1zcGVjaWZpYyBpbXBsZW1lbnRh
dGlvbnMgdGhhdCBhcmUKICAgICAgICAgIG5vdCBjb21tb25seSBhcHBsaWNhYmxlLCBhbmQgYXJl
IHNwZWNpZmljIHRvIHRoZSBpbXBsZW1lbnRhdGlvbiBkZXRhaWxzIG9mIHRoZSByZXNvdXJjZQog
ICAgICAgICAgc2VydmVyIHdoZXJlIHRoZXkgYXJlIHVzZWQuCiAgICAgICAgCjwvcD4KPHA+CiAg
ICAgICAgICBBbGwgb3RoZXIgdHlwZXMgTVVTVCBiZSByZWdpc3RlcmVkLiBUeXBlIG5hbWVzIE1V
U1QgY29uZm9ybSB0byB0aGUgdHlwZS1uYW1lIEFCTkYuIElmIHRoZQogICAgICAgICAgdHlwZSBk
ZWZpbml0aW9uIGluY2x1ZGVzIGEgbmV3IEhUVFAgYXV0aGVudGljYXRpb24gc2NoZW1lLCB0aGUg
dHlwZSBuYW1lIFNIT1VMRCBiZQogICAgICAgICAgaWRlbnRpY2FsIHRvIHRoZSBIVFRQIGF1dGhl
bnRpY2F0aW9uIHNjaGVtZSBuYW1lIChhcyBkZWZpbmVkIGJ5IDxhIGNsYXNzPSdpbmZvJyBocmVm
PScjUkZDMjYxNyc+W1JGQzI2MTddPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkZy
YW5rcywgSi4sIEhhbGxhbS1CYWtlciwgUC4sIEhvc3RldGxlciwgSi4sIExhd3JlbmNlLCBTLiwg
TGVhY2gsIFAuLCBMdW90b25lbiwgQS4sIGFuZCBMLiBTdGV3YXJ0LCAmbGRxdW87SFRUUCBBdXRo
ZW50aWNhdGlvbjogQmFzaWMgYW5kIERpZ2VzdCBBY2Nlc3MgQXV0aGVudGljYXRpb24sJnJkcXVv
OyBKdW5lJm5ic3A7MTk5OS48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+KS4KICAgICAgICAgIFRo
ZSB0b2tlbiB0eXBlIDx0dD5leGFtcGxlPC90dD4gaXMgcmVzZXJ2ZWQgZm9yIHVzZSBpbiBleGFt
cGxlcy4KICAgICAgICAKPC9wPjxkaXYgc3R5bGU9J2Rpc3BsYXk6IHRhYmxlOyB3aWR0aDogMDsg
bWFyZ2luLWxlZnQ6IDNlbTsgbWFyZ2luLXJpZ2h0OiBhdXRvJz48cHJlPgoKICB0eXBlLW5hbWUg
ID0gMSpuYW1lLWNoYXIKICBuYW1lLWNoYXIgICA9ICItIiAvICIuIiAvICJfIiAvIERJR0lUIC8g
QUxQSEEKCjwvcHJlPjwvZGl2Pgo8YSBuYW1lPSJhbmNob3IzOSI+PC9hPjxiciAvPjxociAvPgo8
dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNs
YXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVm
PSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJm
Yy5zZWN0aW9uLjguMiI+PC9hPjxoMz44LjIuJm5ic3A7CkRlZmluaW5nIE5ldyBFbmRwb2ludCBQ
YXJhbWV0ZXJzPC9oMz4KCjxwPgogICAgICAgICAgTmV3IHJlcXVlc3Qgb3IgcmVzcG9uc2UgcGFy
YW1ldGVycyBmb3IgdXNlIHdpdGggdGhlIGF1dGhvcml6YXRpb24gZW5kcG9pbnQgb3IgdGhlIHRv
a2VuCiAgICAgICAgICBlbmRwb2ludCBhcmUgZGVmaW5lZCBhbmQgcmVnaXN0ZXJlZCBpbiB0aGUg
cGFyYW1ldGVycyByZWdpc3RyeSBmb2xsb3dpbmcgdGhlIHByb2NlZHVyZSBpbgogICAgICAgICAg
PGEgY2xhc3M9J2luZm8nIGhyZWY9JyNwYXJhbWV0ZXJzLXJlZ2lzdHJ5Jz5TZWN0aW9uJm5ic3A7
MTEuMjxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5UaGUgT0F1dGggUGFyYW1ldGVy
cyBSZWdpc3RyeTwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4uCiAgICAgICAgCjwvcD4KPHA+CiAg
ICAgICAgICBQYXJhbWV0ZXIgbmFtZXMgTVVTVCBjb25mb3JtIHRvIHRoZSBwYXJhbS1uYW1lIEFC
TkYgYW5kIHBhcmFtZXRlciB2YWx1ZXMgc3ludGF4IE1VU1QgYmUKICAgICAgICAgIHdlbGwtZGVm
aW5lZCAoZS5nLiwgdXNpbmcgQUJORiwgb3IgYSByZWZlcmVuY2UgdG8gdGhlIHN5bnRheCBvZiBh
biBleGlzdGluZyBwYXJhbWV0ZXIpLgogICAgICAgIAo8L3A+PGRpdiBzdHlsZT0nZGlzcGxheTog
dGFibGU7IHdpZHRoOiAwOyBtYXJnaW4tbGVmdDogM2VtOyBtYXJnaW4tcmlnaHQ6IGF1dG8nPjxw
cmU+CgogIHBhcmFtLW5hbWUgID0gMSpuYW1lLWNoYXIKICBuYW1lLWNoYXIgICA9ICItIiAvICIu
IiAvICJfIiAvIERJR0lUIC8gQUxQSEEKCjwvcHJlPjwvZGl2Pgo8cD4KICAgICAgICAgIFVucmVn
aXN0ZXJlZCB2ZW5kb3Itc3BlY2lmaWMgcGFyYW1ldGVyIGV4dGVuc2lvbnMgdGhhdCBhcmUgbm90
IGNvbW1vbmx5IGFwcGxpY2FibGUsIGFuZAogICAgICAgICAgYXJlIHNwZWNpZmljIHRvIHRoZSBp
bXBsZW1lbnRhdGlvbiBkZXRhaWxzIG9mIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciB3aGVyZSB0
aGV5IGFyZQogICAgICAgICAgdXNlZCBTSE9VTEQgdXRpbGl6ZSBhIHZlbmRvci1zcGVjaWZpYyBw
cmVmaXggdGhhdCBpcyBub3QgbGlrZWx5IHRvIGNvbmZsaWN0IHdpdGggb3RoZXIKICAgICAgICAg
IHJlZ2lzdGVyZWQgdmFsdWVzIChlLmcuIGJlZ2luIHdpdGggJ2NvbXBhbnluYW1lXycpLgogICAg
ICAgIAo8L3A+CjxhIG5hbWU9ImFuY2hvcjQwIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1t
YXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1
ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZu
YnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24u
OC4zIj48L2E+PGgzPjguMy4mbmJzcDsKRGVmaW5pbmcgTmV3IEF1dGhvcml6YXRpb24gR3JhbnQg
VHlwZXM8L2gzPgoKPHA+CiAgICAgICAgICBOZXcgYXV0aG9yaXphdGlvbiBncmFudCB0eXBlcyBj
YW4gYmUgZGVmaW5lZCBieSBhc3NpZ25pbmcgdGhlbSBhIHVuaXF1ZSBhYnNvbHV0ZSBVUkkgZm9y
CiAgICAgICAgICB1c2Ugd2l0aCB0aGUgPHR0PmdyYW50X3R5cGU8L3R0PiBwYXJhbWV0ZXIuIElm
IHRoZSBleHRlbnNpb24gZ3JhbnQKICAgICAgICAgIHR5cGUgcmVxdWlyZXMgYWRkaXRpb25hbCB0
b2tlbiBlbmRwb2ludCBwYXJhbWV0ZXJzLCB0aGV5IE1VU1QgYmUgcmVnaXN0ZXJlZCBpbiB0aGUg
T0F1dGgKICAgICAgICAgIHBhcmFtZXRlcnMgcmVnaXN0cnkgYXMgZGVzY3JpYmVkIGJ5IDxhIGNs
YXNzPSdpbmZvJyBocmVmPScjcGFyYW1ldGVycy1yZWdpc3RyeSc+U2VjdGlvbiZuYnNwOzExLjI8
c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+VGhlIE9BdXRoIFBhcmFtZXRlcnMgUmVn
aXN0cnk8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LgogICAgICAgIAo8L3A+CjxhIG5hbWU9InJl
c3BvbnNlLXR5cGUtZXh0Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQi
IGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJp
Z2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNw
OzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uOC40Ij48L2E+PGgz
PjguNC4mbmJzcDsKRGVmaW5pbmcgTmV3IEF1dGhvcml6YXRpb24gRW5kcG9pbnQgUmVzcG9uc2Ug
VHlwZXM8L2gzPgoKPHA+CiAgICAgICAgICBOZXcgcmVzcG9uc2UgdHlwZXMgZm9yIHVzZSB3aXRo
IHRoZSBhdXRob3JpemF0aW9uIGVuZHBvaW50IGFyZSBkZWZpbmVkIGFuZCByZWdpc3RlcmVkIGlu
CiAgICAgICAgICB0aGUgYXV0aG9yaXphdGlvbiBlbmRwb2ludCByZXNwb25zZSB0eXBlIHJlZ2lz
dHJ5IGZvbGxvd2luZyB0aGUgcHJvY2VkdXJlIGluCiAgICAgICAgICA8YSBjbGFzcz0naW5mbycg
aHJlZj0nI3Jlc3BvbnNlLXR5cGUtcmVnaXN0cnknPlNlY3Rpb24mbmJzcDsxMS4zPHNwYW4+ICg8
L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPlRoZSBPQXV0aCBBdXRob3JpemF0aW9uIEVuZHBvaW50
IFJlc3BvbnNlIFR5cGUgUmVnaXN0cnk8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LiBSZXNwb25z
ZSB0eXBlIG5hbWVzIE1VU1QgY29uZm9ybSB0byB0aGUKICAgICAgICAgIHJlc3BvbnNlLXR5cGUg
QUJORi4KICAgICAgICAKPC9wPjxkaXYgc3R5bGU9J2Rpc3BsYXk6IHRhYmxlOyB3aWR0aDogMDsg
bWFyZ2luLWxlZnQ6IDNlbTsgbWFyZ2luLXJpZ2h0OiBhdXRvJz48cHJlPgoKICByZXNwb25zZS10
eXBlICA9IHJlc3BvbnNlLW5hbWUgKiggU1AgcmVzcG9uc2UtbmFtZSApCiAgcmVzcG9uc2UtbmFt
ZSAgPSAxKnJlc3BvbnNlLWNoYXIKICByZXNwb25zZS1jaGFyICA9ICJfIiAvIERJR0lUIC8gQUxQ
SEEKCjwvcHJlPjwvZGl2Pgo8cD4KICAgICAgICAgIElmIGEgcmVzcG9uc2UgdHlwZSBjb250YWlu
cyBvbmUgb3IgbW9yZSBzcGFjZSBjaGFyYWN0ZXJzICgleDIwKSwgaXQgaXMgY29tcGFyZWQgYXMg
YQogICAgICAgICAgc3BhY2UtZGVsaW1pdGVkIGxpc3Qgb2YgdmFsdWVzIGluIHdoaWNoIHRoZSBv
cmRlciBvZiB2YWx1ZXMgZG9lcyBub3QgbWF0dGVyLiBPbmx5IG9uZQogICAgICAgICAgb3JkZXIg
b2YgdmFsdWVzIGNhbiBiZSByZWdpc3RlcmVkLCB3aGljaCBjb3ZlcnMgYWxsIG90aGVyIGFycmFu
Z2VtZW50cyBvZiB0aGUgc2FtZSBzZXQgb2YKICAgICAgICAgIHZhbHVlcy4KICAgICAgICAKPC9w
Pgo8cD4KICAgICAgICAgIEZvciBleGFtcGxlLCB0aGUgcmVzcG9uc2UgdHlwZSA8dHQ+dG9rZW4g
Y29kZTwvdHQ+IGlzIGxlZnQgdW5kZWZpbmVkCiAgICAgICAgICBieSB0aGlzIHNwZWNpZmljYXRp
b24uIEhvd2V2ZXIsIGFuIGV4dGVuc2lvbiBjYW4gZGVmaW5lIGFuZCByZWdpc3RlciB0aGUKICAg
ICAgICAgIDx0dD50b2tlbiBjb2RlPC90dD4gcmVzcG9uc2UgdHlwZS4gT25jZSByZWdpc3RlcmVk
LCB0aGUgc2FtZQogICAgICAgICAgY29tYmluYXRpb24gY2Fubm90IGJlIHJlZ2lzdGVyZWQgYXMg
PHR0PmNvZGUgdG9rZW48L3R0PiwgYnV0IGJvdGgKICAgICAgICAgIHZhbHVlcyBjYW4gYmUgdXNl
ZCB0byBkZW5vdGUgdGhlIHNhbWUgcmVzcG9uc2UgdHlwZS4KICAgICAgICAKPC9wPgo8YSBuYW1l
PSJuZXctZXJyb3JzIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNl
bGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0
Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwv
YT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uOC41Ij48L2E+PGgzPjgu
NS4mbmJzcDsKRGVmaW5pbmcgQWRkaXRpb25hbCBFcnJvciBDb2RlczwvaDM+Cgo8cD4KICAgICAg
ICAgIEluIGNhc2VzIHdoZXJlIHByb3RvY29sIGV4dGVuc2lvbnMgKGkuZS4gYWNjZXNzIHRva2Vu
IHR5cGVzLCBleHRlbnNpb24gcGFyYW1ldGVycywgb3IKICAgICAgICAgIGV4dGVuc2lvbiBncmFu
dCB0eXBlcykgcmVxdWlyZSBhZGRpdGlvbmFsIGVycm9yIGNvZGVzIHRvIGJlIHVzZWQgd2l0aCB0
aGUgYXV0aG9yaXphdGlvbgogICAgICAgICAgY29kZSBncmFudCBlcnJvciByZXNwb25zZSAoPGEg
Y2xhc3M9J2luZm8nIGhyZWY9JyNjb2RlLWF1dGh6LWVycm9yJz5TZWN0aW9uJm5ic3A7NC4xLjIu
MTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5FcnJvciBSZXNwb25zZTwvc3Bhbj48
c3Bhbj4pPC9zcGFuPjwvYT4pLCB0aGUgaW1wbGljaXQgZ3JhbnQgZXJyb3IKICAgICAgICAgIHJl
c3BvbnNlICg8YSBjbGFzcz0naW5mbycgaHJlZj0nI2ltcGxpY2l0LWF1dGh6LWVycm9yJz5TZWN0
aW9uJm5ic3A7NC4yLjIuMTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5FcnJvciBS
ZXNwb25zZTwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4pLCB0aGUgdG9rZW4gZXJyb3IgcmVzcG9u
c2UKICAgICAgICAgICg8YSBjbGFzcz0naW5mbycgaHJlZj0nI3Rva2VuLWVycm9ycyc+U2VjdGlv
biZuYnNwOzUuMjxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5FcnJvciBSZXNwb25z
ZTwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4pLAoJICBvciB0aGUgcmVzb3VyY2UgYWNjZXNzIGVy
cm9yIHJlc3BvbnNlICg8YSBjbGFzcz0naW5mbycgaHJlZj0nI3Jlc291cmNlLWVycm9ycyc+U2Vj
dGlvbiZuYnNwOzcuMjxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5FcnJvciBSZXNw
b25zZTwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4pLAoJICBzdWNoIGVycm9yIGNvZGVzIE1BWSBi
ZSBkZWZpbmVkLgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgRXh0ZW5zaW9uIGVycm9yIGNv
ZGVzIE1VU1QgYmUgcmVnaXN0ZXJlZCAoZm9sbG93aW5nIHRoZSBwcm9jZWR1cmVzIGluCiAgICAg
ICAgICA8YSBjbGFzcz0naW5mbycgaHJlZj0nI2Vycm9yLXJlZ2lzdHJ5Jz5TZWN0aW9uJm5ic3A7
MTEuNDxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5UaGUgT0F1dGggRXh0ZW5zaW9u
cyBFcnJvciBSZWdpc3RyeTwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4pIGlmIHRoZSBleHRlbnNp
b24gdGhleSBhcmUgdXNlZCBpbiBjb25qdW5jdGlvbiB3aXRoIGlzCiAgICAgICAgICBhIHJlZ2lz
dGVyZWQgYWNjZXNzIHRva2VuIHR5cGUsIGEgcmVnaXN0ZXJlZCBlbmRwb2ludCBwYXJhbWV0ZXIs
IG9yIGFuIGV4dGVuc2lvbiBncmFudAogICAgICAgICAgdHlwZS4gRXJyb3IgY29kZXMgdXNlZCB3
aXRoIHVucmVnaXN0ZXJlZCBleHRlbnNpb25zIE1BWSBiZSByZWdpc3RlcmVkLgogICAgICAgIAo8
L3A+CjxwPgogICAgICAgICAgRXJyb3IgY29kZXMgTVVTVCBjb25mb3JtIHRvIHRoZSBlcnJvci1j
b2RlIEFCTkYsIGFuZCBTSE9VTEQgYmUgcHJlZml4ZWQgYnkgYW4gaWRlbnRpZnlpbmcKICAgICAg
ICAgIG5hbWUgd2hlbiBwb3NzaWJsZS4gRm9yIGV4YW1wbGUsIGFuIGVycm9yIGlkZW50aWZ5aW5n
IGFuIGludmFsaWQgdmFsdWUgc2V0IHRvIHRoZQogICAgICAgICAgZXh0ZW5zaW9uIHBhcmFtZXRl
ciA8dHQ+ZXhhbXBsZTwvdHQ+IFNIT1VMRCBiZSBuYW1lZAogICAgICAgICAgPHR0PmV4YW1wbGVf
aW52YWxpZDwvdHQ+LgogICAgICAgIAo8L3A+PGRpdiBzdHlsZT0nZGlzcGxheTogdGFibGU7IHdp
ZHRoOiAwOyBtYXJnaW4tbGVmdDogM2VtOyBtYXJnaW4tcmlnaHQ6IGF1dG8nPjxwcmU+CgogIGVy
cm9yLWNvZGUgICA9IEFMUEhBICplcnJvci1jaGFyCiAgZXJyb3ItY2hhciAgID0gIi0iIC8gIi4i
IC8gIl8iIC8gRElHSVQgLyBBTFBIQQoKPC9wcmU+PC9kaXY+CjxhIG5hbWU9ImFuY2hvcjQxIj48
L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBj
ZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNz
PSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90
YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uOSI+PC9hPjxoMz45LiZuYnNwOwpOYXRpdmUgQXBw
bGljYXRpb25zPC9oMz4KCjxwPgogICAgICAgIE5hdGl2ZSBhcHBsaWNhdGlvbnMgYXJlIGNsaWVu
dHMgaW5zdGFsbGVkIGFuZCBleGVjdXRlZCBvbiB0aGUgZGV2aWNlIHVzZWQgYnkgdGhlIHJlc291
cmNlCiAgICAgICAgb3duZXIgKGkuZS4gZGVza3RvcCBhcHBsaWNhdGlvbiwgbmF0aXZlIG1vYmls
ZSBhcHBsaWNhdGlvbikuIE5hdGl2ZSBhcHBsaWNhdGlvbnMgcmVxdWlyZQogICAgICAgIHNwZWNp
YWwgY29uc2lkZXJhdGlvbiByZWxhdGVkIHRvIHNlY3VyaXR5LCBwbGF0Zm9ybSBjYXBhYmlsaXRp
ZXMsIGFuZCBvdmVyYWxsIGVuZC11c2VyCiAgICAgICAgZXhwZXJpZW5jZS4KICAgICAgCjwvcD4K
PHA+CiAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gZW5kcG9pbnQgcmVxdWlyZXMgaW50ZXJhY3Rp
b24gYmV0d2VlbiB0aGUgY2xpZW50IGFuZCB0aGUgcmVzb3VyY2UKICAgICAgICBvd25lcidzIHVz
ZXItYWdlbnQuIE5hdGl2ZSBhcHBsaWNhdGlvbnMgY2FuIGludm9rZSBhbiBleHRlcm5hbCB1c2Vy
LWFnZW50IG9yIGVtYmVkIGEKICAgICAgICB1c2VyLWFnZW50IHdpdGhpbiB0aGUgYXBwbGljYXRp
b24uIEZvciBleGFtcGxlOgogICAgICAKPC9wPgo8cD4KICAgICAgICA8L3A+Cjx1bCBjbGFzcz0i
dGV4dCI+CjxsaT4KICAgICAgICAgICAgRXh0ZXJuYWwgdXNlci1hZ2VudCAtIHRoZSBuYXRpdmUg
YXBwbGljYXRpb24gY2FuIGNhcHR1cmUgdGhlIHJlc3BvbnNlIGZyb20gdGhlCiAgICAgICAgICAg
IGF1dGhvcml6YXRpb24gc2VydmVyIHVzaW5nIGEgcmVkaXJlY3Rpb24gVVJJIHdpdGggYSBzY2hl
bWUgcmVnaXN0ZXJlZCB3aXRoIHRoZQogICAgICAgICAgICBvcGVyYXRpbmcgc3lzdGVtIHRvIGlu
dm9rZSB0aGUgY2xpZW50IGFzIHRoZSBoYW5kbGVyLCBtYW51YWwgY29weS1hbmQtcGFzdGUgb2Yg
dGhlCiAgICAgICAgICAgIGNyZWRlbnRpYWxzLCBydW5uaW5nIGEgbG9jYWwgd2ViIHNlcnZlciwg
aW5zdGFsbGluZyBhIHVzZXItYWdlbnQgZXh0ZW5zaW9uLCBvciBieQogICAgICAgICAgICBwcm92
aWRpbmcgYSByZWRpcmVjdGlvbiBVUkkgaWRlbnRpZnlpbmcgYSBzZXJ2ZXItaG9zdGVkIHJlc291
cmNlIHVuZGVyIHRoZSBjbGllbnQncwogICAgICAgICAgICBjb250cm9sLCB3aGljaCBpbiB0dXJu
IG1ha2VzIHRoZSByZXNwb25zZSBhdmFpbGFibGUgdG8gdGhlIG5hdGl2ZSBhcHBsaWNhdGlvbi4K
ICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgIEVtYmVkZGVkIHVzZXItYWdlbnQgLSB0
aGUgbmF0aXZlIGFwcGxpY2F0aW9uIG9idGFpbnMgdGhlIHJlc3BvbnNlIGJ5IGRpcmVjdGx5CiAg
ICAgICAgICAgIGNvbW11bmljYXRpbmcgd2l0aCB0aGUgZW1iZWRkZWQgdXNlci1hZ2VudCBieSBt
b25pdG9yaW5nIHN0YXRlIGNoYW5nZXMgZW1pdHRlZCBkdXJpbmcKICAgICAgICAgICAgdGhlIHJl
c291cmNlIGxvYWQsIG9yIGFjY2Vzc2luZyB0aGUgdXNlci1hZ2VudCdzIGNvb2tpZXMgc3RvcmFn
ZS4KICAgICAgICAgIAo8L2xpPgo8L3VsPjxwPgogICAgICAKPC9wPgo8cD4KICAgICAgICBXaGVu
IGNob29zaW5nIGJldHdlZW4gYW4gZXh0ZXJuYWwgb3IgZW1iZWRkZWQgdXNlci1hZ2VudCwgZGV2
ZWxvcGVycyBzaG91bGQgY29uc2lkZXI6CiAgICAgIAo8L3A+CjxwPgogICAgICAgIDwvcD4KPHVs
IGNsYXNzPSJ0ZXh0Ij4KPGxpPgogICAgICAgICAgICBBbiBFeHRlcm5hbCB1c2VyLWFnZW50IG1h
eSBpbXByb3ZlIGNvbXBsZXRpb24gcmF0ZSBhcyB0aGUgcmVzb3VyY2Ugb3duZXIgbWF5IGFscmVh
ZHkgaGF2ZQogICAgICAgICAgICBhbiBhY3RpdmUgc2Vzc2lvbiB3aXRoIHRoZSBhdXRob3JpemF0
aW9uIHNlcnZlciByZW1vdmluZyB0aGUgbmVlZCB0byByZS1hdXRoZW50aWNhdGUuIEl0CiAgICAg
ICAgICAgIHByb3ZpZGVzIGEgZmFtaWxpYXIgZW5kLXVzZXIgZXhwZXJpZW5jZSBhbmQgZnVuY3Rp
b25hbGl0eS4gVGhlIHJlc291cmNlIG93bmVyIG1heSBhbHNvCiAgICAgICAgICAgIHJlbHkgb24g
dXNlci1hZ2VudCBmZWF0dXJlcyBvciBleHRlbnNpb25zIHRvIGFzc2lzdCB3aXRoIGF1dGhlbnRp
Y2F0aW9uIChlLmcuIHBhc3N3b3JkCiAgICAgICAgICAgIG1hbmFnZXIsIDItZmFjdG9yIGRldmlj
ZSByZWFkZXIpLgogICAgICAgICAgCjwvbGk+CjxsaT4KICAgICAgICAgICAgQW4gZW1iZWRkZWQg
dXNlci1hZ2VudCBtYXkgb2ZmZXIgaW1wcm92ZWQgdXNhYmlsaXR5LCBhcyBpdCByZW1vdmVzIHRo
ZSBuZWVkIHRvIHN3aXRjaAogICAgICAgICAgICBjb250ZXh0IGFuZCBvcGVuIG5ldyB3aW5kb3dz
LgogICAgICAgICAgCjwvbGk+CjxsaT4KICAgICAgICAgICAgQW4gZW1iZWRkZWQgdXNlci1hZ2Vu
dCBwb3NlcyBhIHNlY3VyaXR5IGNoYWxsZW5nZSBiZWNhdXNlIHJlc291cmNlIG93bmVycyBhcmUK
ICAgICAgICAgICAgYXV0aGVudGljYXRpbmcgaW4gYW4gdW5pZGVudGlmaWVkIHdpbmRvdyB3aXRo
b3V0IGFjY2VzcyB0byB0aGUgdmlzdWFsIHByb3RlY3Rpb25zIGZvdW5kCiAgICAgICAgICAgIGlu
IG1vc3QgZXh0ZXJuYWwgdXNlci1hZ2VudHMuIEFuIGVtYmVkZGVkIHVzZXItYWdlbnQgZWR1Y2F0
ZXMgZW5kLXVzZXJzIHRvIHRydXN0CiAgICAgICAgICAgIHVuaWRlbnRpZmllZCByZXF1ZXN0cyBm
b3IgYXV0aGVudGljYXRpb24gKG1ha2luZyBwaGlzaGluZyBhdHRhY2tzIGVhc2llciB0byBleGVj
dXRlKS4KICAgICAgICAgIAo8L2xpPgo8L3VsPjxwPgogICAgICAKPC9wPgo8cD4KICAgICAgICBX
aGVuIGNob29zaW5nIGJldHdlZW4gdGhlIGltcGxpY2l0IGdyYW50IHR5cGUgYW5kIHRoZSBhdXRo
b3JpemF0aW9uIGNvZGUgZ3JhbnQgdHlwZSwgdGhlCiAgICAgICAgZm9sbG93aW5nIHNob3VsZCBi
ZSBjb25zaWRlcmVkOgogICAgICAKPC9wPgo8cD4KICAgICAgICA8L3A+Cjx1bCBjbGFzcz0idGV4
dCI+CjxsaT4KICAgICAgICAgICAgTmF0aXZlIGFwcGxpY2F0aW9ucyB0aGF0IHVzZSB0aGUgYXV0
aG9yaXphdGlvbiBjb2RlIGdyYW50IHR5cGUgU0hPVUxEIGRvIHNvIHdpdGhvdXQKICAgICAgICAg
ICAgdXNpbmcgY2xpZW50IGNyZWRlbnRpYWxzLCBkdWUgdG8gdGhlIG5hdGl2ZSBhcHBsaWNhdGlv
bidzIGluYWJpbGl0eSB0byBrZWVwIGNsaWVudAogICAgICAgICAgICBjcmVkZW50aWFscyBjb25m
aWRlbnRpYWwuCiAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICBXaGVuIHVzaW5nIHRo
ZSBpbXBsaWNpdCBncmFudCB0eXBlIGZsb3cgYSByZWZyZXNoIHRva2VuIGlzIG5vdCByZXR1cm5l
ZCB3aGljaCByZXF1aXJlcwogICAgICAgICAgICByZXBlYXRpbmcgdGhlIGF1dGhvcml6YXRpb24g
cHJvY2VzcyBvbmNlIHRoZSBhY2Nlc3MgdG9rZW4gZXhwaXJlcy4KICAgICAgICAgIAo8L2xpPgo8
L3VsPjxwPgogICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3I0MiI+PC9hPjxiciAvPjxociAvPgo8
dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNs
YXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVm
PSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJm
Yy5zZWN0aW9uLjEwIj48L2E+PGgzPjEwLiZuYnNwOwpTZWN1cml0eSBDb25zaWRlcmF0aW9uczwv
aDM+Cgo8cD4KICAgICAgICBBcyBhIGZsZXhpYmxlIGFuZCBleHRlbnNpYmxlIGZyYW1ld29yaywg
T0F1dGgncyBzZWN1cml0eSBjb25zaWRlcmF0aW9ucyBkZXBlbmQgb24gbWFueQogICAgICAgIGZh
Y3RvcnMuIFRoZSBmb2xsb3dpbmcgc2VjdGlvbnMgcHJvdmlkZSBpbXBsZW1lbnRlcnMgd2l0aCBz
ZWN1cml0eSBndWlkZWxpbmVzIGZvY3VzZWQgb24KICAgICAgICB0aGUgdGhyZWUgY2xpZW50IHBy
b2ZpbGVzIGRlc2NyaWJlZCBpbiA8YSBjbGFzcz0naW5mbycgaHJlZj0nI2NsaWVudC10eXBlcyc+
U2VjdGlvbiZuYnNwOzIuMTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5DbGllbnQg
VHlwZXM8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+OiB3ZWIgYXBwbGljYXRpb24sCiAgICAgICAg
dXNlci1hZ2VudC1iYXNlZCBhcHBsaWNhdGlvbiwgYW5kIG5hdGl2ZSBhcHBsaWNhdGlvbi4KICAg
ICAgCjwvcD4KPHA+CiAgICAgICAgQSBjb21wcmVoZW5zaXZlIE9BdXRoIHNlY3VyaXR5IG1vZGVs
IGFuZCBhbmFseXNpcywgYXMgd2VsbCBhcyBiYWNrZ3JvdW5kIGZvciB0aGUgcHJvdG9jb2wKICAg
ICAgICBkZXNpZ24gaXMgcHJvdmlkZWQgYnkgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNJLUQuaWV0
Zi1vYXV0aC12Mi10aHJlYXRtb2RlbCc+W0kmIzgyMDk7RC5pZXRmJiM4MjA5O29hdXRoJiM4MjA5
O3YyJiM4MjA5O3RocmVhdG1vZGVsXTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5N
Y0dsb2luLCBNLiwgSHVudCwgUC4sIGFuZCBULiBMb2RkZXJzdGVkdCwgJmxkcXVvO09BdXRoIDIu
MCBUaHJlYXQgTW9kZWwgYW5kIFNlY3VyaXR5IENvbnNpZGVyYXRpb25zLCZyZHF1bzsgRmVicnVh
cnkmbmJzcDsyMDEyLjwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4uCiAgICAgIAo8L3A+CjxhIG5h
bWU9ImFuY2hvcjQzIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNl
bGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0
Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwv
YT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMTAuMSI+PC9hPjxoMz4x
MC4xLiZuYnNwOwpDbGllbnQgQXV0aGVudGljYXRpb248L2gzPgoKPHA+CiAgICAgICAgICBUaGUg
YXV0aG9yaXphdGlvbiBzZXJ2ZXIgZXN0YWJsaXNoZXMgY2xpZW50IGNyZWRlbnRpYWxzIHdpdGgg
d2ViIGFwcGxpY2F0aW9uIGNsaWVudHMgZm9yCiAgICAgICAgICB0aGUgcHVycG9zZSBvZiBjbGll
bnQgYXV0aGVudGljYXRpb24uIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBpcyBlbmNvdXJhZ2Vk
IHRvIGNvbnNpZGVyCiAgICAgICAgICBzdHJvbmdlciBjbGllbnQgYXV0aGVudGljYXRpb24gbWVh
bnMgdGhhbiBhIGNsaWVudCBwYXNzd29yZC4gV2ViIGFwcGxpY2F0aW9uIGNsaWVudHMgTVVTVAog
ICAgICAgICAgZW5zdXJlIGNvbmZpZGVudGlhbGl0eSBvZiBjbGllbnQgcGFzc3dvcmRzIGFuZCBv
dGhlciBjbGllbnQgY3JlZGVudGlhbHMuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBUaGUg
YXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBOT1QgaXNzdWUgY2xpZW50IHBhc3N3b3JkcyBvciBv
dGhlciBjbGllbnQgY3JlZGVudGlhbHMgdG8KICAgICAgICAgIG5hdGl2ZSBhcHBsaWNhdGlvbiBv
ciB1c2VyLWFnZW50LWJhc2VkIGFwcGxpY2F0aW9uIGNsaWVudHMgZm9yIHRoZSBwdXJwb3NlIG9m
IGNsaWVudAogICAgICAgICAgYXV0aGVudGljYXRpb24uIFRoZSBhdXRob3JpemF0aW9uIHNlcnZl
ciBNQVkgaXNzdWUgYSBjbGllbnQgcGFzc3dvcmQgb3Igb3RoZXIgY3JlZGVudGlhbHMKICAgICAg
ICAgIGZvciBhIHNwZWNpZmljIGluc3RhbGxhdGlvbiBvZiBhIG5hdGl2ZSBhcHBsaWNhdGlvbiBj
bGllbnQgb24gYSBzcGVjaWZpYyBkZXZpY2UuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBX
aGVuIGNsaWVudCBhdXRoZW50aWNhdGlvbiBpcyBub3QgcG9zc2libGUsIHRoZSBhdXRob3JpemF0
aW9uIHNlcnZlciBTSE9VTEQgZW1wbG95IG90aGVyCiAgICAgICAgICBtZWFucyB0byB2YWxpZGF0
ZSB0aGUgY2xpZW50J3MgaWRlbnRpdHkuIEZvciBleGFtcGxlLCBieSByZXF1aXJpbmcgdGhlIHJl
Z2lzdHJhdGlvbiBvZgogICAgICAgICAgdGhlIGNsaWVudCByZWRpcmVjdGlvbiBVUkkgb3IgZW5s
aXN0aW5nIHRoZSByZXNvdXJjZSBvd25lciB0byBjb25maXJtIGlkZW50aXR5LiBBIHZhbGlkCiAg
ICAgICAgICByZWRpcmVjdGlvbiBVUkkgaXMgbm90IHN1ZmZpY2llbnQgdG8gdmVyaWZ5IHRoZSBj
bGllbnQncyBpZGVudGl0eSB3aGVuIGFza2luZyBmb3IKICAgICAgICAgIHJlc291cmNlIG93bmVy
IGF1dGhvcml6YXRpb24sIGJ1dCBjYW4gYmUgdXNlZCB0byBwcmV2ZW50IGRlbGl2ZXJpbmcgY3Jl
ZGVudGlhbHMgdG8gYQogICAgICAgICAgY291bnRlcmZlaXQgY2xpZW50IGFmdGVyIG9idGFpbmlu
ZyByZXNvdXJjZSBvd25lciBhdXRob3JpemF0aW9uLgogICAgICAgIAo8L3A+CjxwPgogICAgICAg
ICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIG11c3QgY29uc2lkZXIgdGhlIHNlY3VyaXR5IGlt
cGxpY2F0aW9ucyBvZiBpbnRlcmFjdGluZyB3aXRoCiAgICAgICAgICB1bmF1dGhlbnRpY2F0ZWQg
Y2xpZW50cyBhbmQgdGFrZSBtZWFzdXJlcyB0byBsaW1pdCB0aGUgcG90ZW50aWFsIGV4cG9zdXJl
IG9mIG90aGVyCiAgICAgICAgICBjcmVkZW50aWFscyAoZS5nLiByZWZyZXNoIHRva2VucykgaXNz
dWVkIHRvIHN1Y2ggY2xpZW50cy4KICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3I0NCI+PC9h
PjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2Vs
bHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0i
VE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFi
bGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjEwLjIiPjwvYT48aDM+MTAuMi4mbmJzcDsKQ2xpZW50
IEltcGVyc29uYXRpb248L2gzPgoKPHA+CiAgICAgICAgICBBIG1hbGljaW91cyBjbGllbnQgY2Fu
IGltcGVyc29uYXRlIGFub3RoZXIgY2xpZW50IGFuZCBvYnRhaW4gYWNjZXNzIHRvIHByb3RlY3Rl
ZAogICAgICAgICAgcmVzb3VyY2VzLCBpZiB0aGUgaW1wZXJzb25hdGVkIGNsaWVudCBmYWlscyB0
bywgb3IgaXMgdW5hYmxlIHRvLCBrZWVwIGl0cyBjbGllbnQKICAgICAgICAgIGNyZWRlbnRpYWxz
IGNvbmZpZGVudGlhbC4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIFRoZSBhdXRob3JpemF0
aW9uIHNlcnZlciBNVVNUIGF1dGhlbnRpY2F0ZSB0aGUgY2xpZW50IHdoZW5ldmVyIHBvc3NpYmxl
LiBJZiB0aGUKICAgICAgICAgIGF1dGhvcml6YXRpb24gc2VydmVyIGNhbm5vdCBhdXRoZW50aWNh
dGUgdGhlIGNsaWVudCBkdWUgdG8gdGhlIGNsaWVudCdzIG5hdHVyZSwgdGhlCiAgICAgICAgICBh
dXRob3JpemF0aW9uIHNlcnZlciBNVVNUIHJlcXVpcmUgdGhlIHJlZ2lzdHJhdGlvbiBvZiBhbnkg
cmVkaXJlY3Rpb24gVVJJIHVzZWQgZm9yCiAgICAgICAgICByZWNlaXZpbmcgYXV0aG9yaXphdGlv
biByZXNwb25zZXMsIGFuZCBTSE9VTEQgdXRpbGl6ZSBvdGhlciBtZWFucyB0byBwcm90ZWN0IHJl
c291cmNlCiAgICAgICAgICBvd25lcnMgZnJvbSBzdWNoIHBvdGVudGlhbGx5IG1hbGljaW91cyBj
bGllbnRzLiBGb3IgZXhhbXBsZSwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyCiAgICAgICAgICBj
YW4gZW5nYWdlIHRoZSByZXNvdXJjZSBvd25lciB0byBhc3Npc3QgaW4gaWRlbnRpZnlpbmcgdGhl
IGNsaWVudCBhbmQgaXRzIG9yaWdpbi4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIFRoZSBh
dXRob3JpemF0aW9uIHNlcnZlciBTSE9VTEQgZW5mb3JjZSBleHBsaWNpdCByZXNvdXJjZSBvd25l
ciBhdXRoZW50aWNhdGlvbiBhbmQKICAgICAgICAgIHByb3ZpZGUgdGhlIHJlc291cmNlIG93bmVy
IHdpdGggaW5mb3JtYXRpb24gYWJvdXQgdGhlIGNsaWVudCBhbmQgdGhlIHJlcXVlc3RlZAogICAg
ICAgICAgYXV0aG9yaXphdGlvbiBzY29wZSBhbmQgbGlmZXRpbWUuIEl0IGlzIHVwIHRvIHRoZSBy
ZXNvdXJjZSBvd25lciB0byByZXZpZXcgdGhlCiAgICAgICAgICBpbmZvcm1hdGlvbiBpbiB0aGUg
Y29udGV4dCBvZiB0aGUgY3VycmVudCBjbGllbnQsIGFuZCBhdXRob3JpemUgb3IgZGVueSB0aGUg
cmVxdWVzdC4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNl
cnZlciBTSE9VTEQgTk9UIHByb2Nlc3MgcmVwZWF0ZWQgYXV0aG9yaXphdGlvbiByZXF1ZXN0cwog
ICAgICAgICAgYXV0b21hdGljYWxseSAod2l0aG91dCBhY3RpdmUgcmVzb3VyY2Ugb3duZXIgaW50
ZXJhY3Rpb24pIHdpdGhvdXQgYXV0aGVudGljYXRpbmcgdGhlCiAgICAgICAgICBjbGllbnQgb3Ig
cmVseWluZyBvbiBvdGhlciBtZWFzdXJlcyB0byBlbnN1cmUgdGhlIHJlcGVhdGVkIHJlcXVlc3Qg
Y29tZXMgZnJvbSB0aGUKICAgICAgICAgIG9yaWdpbmFsIGNsaWVudCBhbmQgbm90IGFuIGltcGVy
c29uYXRvci4KICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3I0NSI+PC9hPjxiciAvPjxociAv
Pgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIi
IGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBo
cmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9
InJmYy5zZWN0aW9uLjEwLjMiPjwvYT48aDM+MTAuMy4mbmJzcDsKQWNjZXNzIFRva2VuczwvaDM+
Cgo8cD4KICAgICAgICAgIEFjY2VzcyB0b2tlbiBjcmVkZW50aWFscyAoYXMgd2VsbCBhcyBhbnkg
Y29uZmlkZW50aWFsIGFjY2VzcyB0b2tlbiBhdHRyaWJ1dGVzKSBNVVNUIGJlCiAgICAgICAgICBr
ZXB0IGNvbmZpZGVudGlhbCBpbiB0cmFuc2l0IGFuZCBzdG9yYWdlLCBhbmQgb25seSBzaGFyZWQg
YW1vbmcgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLAogICAgICAgICAgdGhlIHJlc291cmNlIHNl
cnZlcnMgdGhlIGFjY2VzcyB0b2tlbiBpcyB2YWxpZCBmb3IsIGFuZCB0aGUgY2xpZW50IHRvIHdo
b20gdGhlIGFjY2VzcwogICAgICAgICAgdG9rZW4gaXMgaXNzdWVkLiBBY2Nlc3MgdG9rZW4gY3Jl
ZGVudGlhbHMgTVVTVCBvbmx5IGJlIHRyYW5zbWl0dGVkIHVzaW5nIFRMUyBhcyBkZXNjcmliZWQK
ICAgICAgICAgIGluIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjdGxzJz5TZWN0aW9uJm5ic3A7MS42
PHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPlRMUyBWZXJzaW9uPC9zcGFuPjxzcGFu
Pik8L3NwYW4+PC9hPiB3aXRoIHNlcnZlciBhdXRoZW50aWNhdGlvbiBhcyBkZWZpbmVkIGJ5CiAg
ICAgICAgICA8YSBjbGFzcz0naW5mbycgaHJlZj0nI1JGQzI4MTgnPltSRkMyODE4XTxzcGFuPiAo
PC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5SZXNjb3JsYSwgRS4sICZsZHF1bztIVFRQIE92ZXIg
VExTLCZyZHF1bzsgTWF5Jm5ic3A7MjAwMC48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LgogICAg
ICAgIAo8L3A+CjxwPgogICAgICAgICAgV2hlbiB1c2luZyB0aGUgaW1wbGljaXQgZ3JhbnQgdHlw
ZSwgdGhlIGFjY2VzcyB0b2tlbiBpcyB0cmFuc21pdHRlZCBpbiB0aGUgVVJJIGZyYWdtZW50LAog
ICAgICAgICAgd2hpY2ggY2FuIGV4cG9zZSBpdCB0byB1bmF1dGhvcml6ZWQgcGFydGllcy4KICAg
ICAgICAKPC9wPgo8cD4KICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIGVu
c3VyZSB0aGF0IGFjY2VzcyB0b2tlbnMgY2Fubm90IGJlIGdlbmVyYXRlZCwgbW9kaWZpZWQsIG9y
CiAgICAgICAgICBndWVzc2VkIHRvIHByb2R1Y2UgdmFsaWQgYWNjZXNzIHRva2VucyBieSB1bmF1
dGhvcml6ZWQgcGFydGllcy4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIFRoZSBjbGllbnQg
U0hPVUxEIHJlcXVlc3QgYWNjZXNzIHRva2VucyB3aXRoIHRoZSBtaW5pbWFsIHNjb3BlIG5lY2Vz
c2FyeS4gVGhlCiAgICAgICAgICBhdXRob3JpemF0aW9uIHNlcnZlciBTSE9VTEQgdGFrZSB0aGUg
Y2xpZW50IGlkZW50aXR5IGludG8gYWNjb3VudCB3aGVuIGNob29zaW5nIGhvdwogICAgICAgICAg
dG8gaG9ub3IgdGhlIHJlcXVlc3RlZCBzY29wZSwgYW5kIE1BWSBpc3N1ZSBhbiBhY2Nlc3MgdG9r
ZW4gd2l0aCBhIGxlc3MgcmlnaHRzIHRoYW4KICAgICAgICAgIHJlcXVlc3RlZC4KICAgICAgICAK
PC9wPgo8cD4KICAgICAgICAgIFRoaXMgc3BlY2lmaWNhdGlvbiBkb2VzIG5vdCBwcm92aWRlIGFu
eSBtZXRob2RzIGZvciB0aGUgcmVzb3VyY2Ugc2VydmVyIHRvIGVuc3VyZSB0aGF0IGFuCiAgICAg
ICAgICBhY2Nlc3MgdG9rZW4gcHJlc2VudGVkIHRvIGl0IGJ5IGEgZ2l2ZW4gY2xpZW50LCB3YXMg
aXNzdWVkIHRvIHRoZSB0aGF0IGNsaWVudCBieSB0aGUKICAgICAgICAgIGF1dGhvcml6YXRpb24g
c2VydmVyLgogICAgICAgIAo8L3A+CjxhIG5hbWU9ImFuY2hvcjQ2Ij48L2E+PGJyIC8+PGhyIC8+
Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIg
Y2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhy
ZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0i
cmZjLnNlY3Rpb24uMTAuNCI+PC9hPjxoMz4xMC40LiZuYnNwOwpSZWZyZXNoIFRva2VuczwvaDM+
Cgo8cD4KICAgICAgICAgIEF1dGhvcml6YXRpb24gc2VydmVycyBNQVkgaXNzdWUgcmVmcmVzaCB0
b2tlbnMgdG8gd2ViIGFwcGxpY2F0aW9uIGNsaWVudHMgYW5kIG5hdGl2ZQogICAgICAgICAgYXBw
bGljYXRpb24gY2xpZW50cy4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIFJlZnJlc2ggdG9r
ZW5zIE1VU1QgYmUga2VwdCBjb25maWRlbnRpYWwgaW4gdHJhbnNpdCBhbmQgc3RvcmFnZSwgYW5k
IHNoYXJlZCBvbmx5IGFtb25nCiAgICAgICAgICB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYW5k
IHRoZSBjbGllbnQgdG8gd2hvbSB0aGUgcmVmcmVzaCB0b2tlbnMgd2VyZSBpc3N1ZWQuIFRoZQog
ICAgICAgICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBtYWludGFpbiB0aGUgYmluZGluZyBi
ZXR3ZWVuIGEgcmVmcmVzaCB0b2tlbiBhbmQgdGhlIGNsaWVudCB0bwogICAgICAgICAgd2hvbSBp
dCB3YXMgaXNzdWVkLiBSZWZyZXNoIHRva2VucyBNVVNUIG9ubHkgYmUgdHJhbnNtaXR0ZWQgdXNp
bmcgVExTIGFzIGRlc2NyaWJlZCBpbgogICAgICAgICAgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyN0
bHMnPlNlY3Rpb24mbmJzcDsxLjY8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+VExT
IFZlcnNpb248L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+IHdpdGggc2VydmVyIGF1dGhlbnRpY2F0
aW9uIGFzIGRlZmluZWQgYnkgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNSRkMyODE4Jz5bUkZDMjgx
OF08c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+UmVzY29ybGEsIEUuLCAmbGRxdW87
SFRUUCBPdmVyIFRMUywmcmRxdW87IE1heSZuYnNwOzIwMDAuPC9zcGFuPjxzcGFuPik8L3NwYW4+
PC9hPi4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZl
ciBNVVNUIHZlcmlmeSB0aGUgYmluZGluZyBiZXR3ZWVuIHRoZSByZWZyZXNoIHRva2VuIGFuZCBj
bGllbnQKICAgICAgICAgIGlkZW50aXR5IHdoZW5ldmVyIHRoZSBjbGllbnQgaWRlbnRpdHkgY2Fu
IGJlIGF1dGhlbnRpY2F0ZWQuIFdoZW4gY2xpZW50IGF1dGhlbnRpY2F0aW9uIGlzCiAgICAgICAg
ICBub3QgcG9zc2libGUsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBTSE9VTEQgZGVwbG95IG90
aGVyIG1lYW5zIHRvIGRldGVjdCByZWZyZXNoIHRva2VuCiAgICAgICAgICBhYnVzZS4KICAgICAg
ICAKPC9wPgo8cD4KICAgICAgICAgIEZvciBleGFtcGxlLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2
ZXIgY291bGQgZW1wbG95IHJlZnJlc2ggdG9rZW4gcm90YXRpb24gaW4gd2hpY2ggYSBuZXcKICAg
ICAgICAgIHJlZnJlc2ggdG9rZW4gaXMgaXNzdWVkIHdpdGggZXZlcnkgYWNjZXNzIHRva2VuIHJl
ZnJlc2ggcmVzcG9uc2UuIFRoZSBwcmV2aW91cyByZWZyZXNoCiAgICAgICAgICB0b2tlbiBpcyBp
bnZhbGlkYXRlZCBidXQgcmV0YWluZWQgYnkgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLiBJZiBh
IHJlZnJlc2ggdG9rZW4gaXMKICAgICAgICAgIGNvbXByb21pc2VkIGFuZCBzdWJzZXF1ZW50bHkg
dXNlZCBieSBib3RoIHRoZSBhdHRhY2tlciBhbmQgdGhlIGxlZ2l0aW1hdGUgY2xpZW50LCBvbmUg
b2YKICAgICAgICAgIHRoZW0gd2lsbCBwcmVzZW50IGFuIGludmFsaWRhdGVkIHJlZnJlc2ggdG9r
ZW4gd2hpY2ggd2lsbCBpbmZvcm0gdGhlIGF1dGhvcml6YXRpb24gc2VydmVyCiAgICAgICAgICBv
ZiB0aGUgYnJlYWNoLgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgVGhlIGF1dGhvcml6YXRp
b24gc2VydmVyIE1VU1QgZW5zdXJlIHRoYXQgcmVmcmVzaCB0b2tlbnMgY2Fubm90IGJlIGdlbmVy
YXRlZCwgbW9kaWZpZWQsCiAgICAgICAgICBvciBndWVzc2VkIHRvIHByb2R1Y2UgdmFsaWQgcmVm
cmVzaCB0b2tlbnMgYnkgdW5hdXRob3JpemVkIHBhcnRpZXMuCiAgICAgICAgCjwvcD4KPGEgbmFt
ZT0iYW5jaG9yNDciPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2Vs
bHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQi
Pjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9h
PjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi4xMC41Ij48L2E+PGgzPjEw
LjUuJm5ic3A7CkF1dGhvcml6YXRpb24gQ29kZXM8L2gzPgoKPHA+CiAgICAgICAgICBUaGUgdHJh
bnNtaXNzaW9uIG9mIGF1dGhvcml6YXRpb24gY29kZXMgU0hPVUxEIGJlIG1hZGUgb3ZlciBhIHNl
Y3VyZSBjaGFubmVsLCBhbmQgdGhlCiAgICAgICAgICBjbGllbnQgU0hPVUxEIHJlcXVpcmUgdGhl
IHVzZSBvZiBUTFMgd2l0aCBpdHMgcmVkaXJlY3Rpb24gVVJJIGlmIHRoZSBVUkkgaWRlbnRpZmll
cyBhCiAgICAgICAgICBuZXR3b3JrIHJlc291cmNlLiBTaW5jZSBhdXRob3JpemF0aW9uIGNvZGVz
IGFyZSB0cmFuc21pdHRlZCB2aWEgdXNlci1hZ2VudCByZWRpcmVjdGlvbnMsCiAgICAgICAgICB0
aGV5IGNvdWxkIHBvdGVudGlhbGx5IGJlIGRpc2Nsb3NlZCB0aHJvdWdoIHVzZXItYWdlbnQgaGlz
dG9yeSBhbmQgSFRUUCByZWZlcnJlciBoZWFkZXJzLgogICAgICAgIAo8L3A+CjxwPgogICAgICAg
ICAgQXV0aG9yaXphdGlvbiBjb2RlcyBvcGVyYXRlIGFzIHBsYWludGV4dCBiZWFyZXIgY3JlZGVu
dGlhbHMsIHVzZWQgdG8gdmVyaWZ5IHRoYXQgdGhlCiAgICAgICAgICByZXNvdXJjZSBvd25lciB3
aG8gZ3JhbnRlZCBhdXRob3JpemF0aW9uIGF0IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBpcyB0
aGUgc2FtZQogICAgICAgICAgcmVzb3VyY2Ugb3duZXIgcmV0dXJuaW5nIHRvIHRoZSBjbGllbnQg
dG8gY29tcGxldGUgdGhlIHByb2Nlc3MuIFRoZXJlZm9yZSwgaWYgdGhlIGNsaWVudAogICAgICAg
ICAgcmVsaWVzIG9uIHRoZSBhdXRob3JpemF0aW9uIGNvZGUgZm9yIGl0cyBvd24gcmVzb3VyY2Ug
b3duZXIgYXV0aGVudGljYXRpb24sIHRoZSBjbGllbnQKICAgICAgICAgIHJlZGlyZWN0aW9uIGVu
ZHBvaW50IE1VU1QgcmVxdWlyZSB0aGUgdXNlIG9mIFRMUy4KICAgICAgICAKPC9wPgo8cD4KICAg
ICAgICAgIEF1dGhvcml6YXRpb24gY29kZXMgTVVTVCBiZSBzaG9ydCBsaXZlZCBhbmQgc2luZ2xl
IHVzZS4gSWYgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyCiAgICAgICAgICBvYnNlcnZlcyBtdWx0
aXBsZSBhdHRlbXB0cyB0byBleGNoYW5nZSBhbiBhdXRob3JpemF0aW9uIGNvZGUgZm9yIGFuIGFj
Y2VzcyB0b2tlbiwgdGhlCiAgICAgICAgICBhdXRob3JpemF0aW9uIHNlcnZlciBTSE9VTEQgYXR0
ZW1wdCB0byByZXZva2UgYWxsIGFjY2VzcyB0b2tlbnMgYWxyZWFkeSBncmFudGVkIGJhc2VkIG9u
CiAgICAgICAgICB0aGUgY29tcHJvbWlzZWQgYXV0aG9yaXphdGlvbiBjb2RlLgogICAgICAgIAo8
L3A+CjxwPgogICAgICAgICAgSWYgdGhlIGNsaWVudCBjYW4gYmUgYXV0aGVudGljYXRlZCwgdGhl
IGF1dGhvcml6YXRpb24gc2VydmVycyBNVVNUIGF1dGhlbnRpY2F0ZSB0aGUKICAgICAgICAgIGNs
aWVudCBhbmQgZW5zdXJlIHRoYXQgdGhlIGF1dGhvcml6YXRpb24gY29kZSB3YXMgaXNzdWVkIHRv
IHRoZSBzYW1lIGNsaWVudC4KICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3I0OCI+PC9hPjxi
ciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNw
YWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9D
YnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+
CjxhIG5hbWU9InJmYy5zZWN0aW9uLjEwLjYiPjwvYT48aDM+MTAuNi4mbmJzcDsKQXV0aG9yaXph
dGlvbiBDb2RlIFJlZGlyZWN0aW9uIFVSSSBNYW5pcHVsYXRpb248L2gzPgoKPHA+CiAgICAgICAg
ICBXaGVuIHJlcXVlc3RpbmcgYXV0aG9yaXphdGlvbiB1c2luZyB0aGUgYXV0aG9yaXphdGlvbiBj
b2RlIGdyYW50IHR5cGUsIHRoZSBjbGllbnQgY2FuCiAgICAgICAgICBzcGVjaWZ5IGEgcmVkaXJl
Y3Rpb24gVVJJIHZpYSB0aGUgPHR0PnJlZGlyZWN0X3VyaTwvdHQ+IHBhcmFtZXRlci4KICAgICAg
ICAgIElmIGFuIGF0dGFja2VyIGNhbiBtYW5pcHVsYXRlIHRoZSB2YWx1ZSBvZiB0aGUgcmVkaXJl
Y3Rpb24gVVJJLCBpdCBjYW4gY2F1c2UgdGhlCiAgICAgICAgICBhdXRob3JpemF0aW9uIHNlcnZl
ciB0byByZWRpcmVjdCB0aGUgcmVzb3VyY2Ugb3duZXIgdXNlci1hZ2VudCB0byBhIFVSSSB1bmRl
ciB0aGUgY29udHJvbAogICAgICAgICAgb2YgdGhlIGF0dGFja2VyIHdpdGggdGhlIGF1dGhvcml6
YXRpb24gY29kZS4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIEFuIGF0dGFja2VyIGNhbiBj
cmVhdGUgYW4gYWNjb3VudCBhdCBhIGxlZ2l0aW1hdGUgY2xpZW50IGFuZCBpbml0aWF0ZSB0aGUg
YXV0aG9yaXphdGlvbgogICAgICAgICAgZmxvdy4gV2hlbiB0aGUgYXR0YWNrZXIncyB1c2VyLWFn
ZW50IGlzIHNlbnQgdG8gdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHRvIGdyYW50IGFjY2VzcywK
ICAgICAgICAgIHRoZSBhdHRhY2tlciBncmFicyB0aGUgYXV0aG9yaXphdGlvbiBVUkkgcHJvdmlk
ZWQgYnkgdGhlIGxlZ2l0aW1hdGUgY2xpZW50LCBhbmQgcmVwbGFjZXMKICAgICAgICAgIHRoZSBj
bGllbnQncyByZWRpcmVjdGlvbiBVUkkgd2l0aCBhIFVSSSB1bmRlciB0aGUgY29udHJvbCBvZiB0
aGUgYXR0YWNrZXIuIFRoZSBhdHRhY2tlcgogICAgICAgICAgdGhlbiB0cmlja3MgdGhlIHZpY3Rp
bSBpbnRvIGZvbGxvd2luZyB0aGUgbWFuaXB1bGF0ZWQgbGluayB0byBhdXRob3JpemUgYWNjZXNz
IHRvIHRoZQogICAgICAgICAgbGVnaXRpbWF0ZSBjbGllbnQuCiAgICAgICAgCjwvcD4KPHA+CiAg
ICAgICAgICBPbmNlIGF0IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciwgdGhlIHZpY3RpbSBpcyBw
cm9tcHRlZCB3aXRoIGEgbm9ybWFsLCB2YWxpZCByZXF1ZXN0IG9uCiAgICAgICAgICBiZWhhbGYg
b2YgYSBsZWdpdGltYXRlIGFuZCB0cnVzdGVkIGNsaWVudCwgYW5kIGF1dGhvcml6ZXMgdGhlIHJl
cXVlc3QuIFRoZSB2aWN0aW0gaXMKICAgICAgICAgIHRoZW4gcmVkaXJlY3RlZCB0byBhbiBlbmRw
b2ludCB1bmRlciB0aGUgY29udHJvbCBvZiB0aGUgYXR0YWNrZXIgd2l0aCB0aGUgYXV0aG9yaXph
dGlvbgogICAgICAgICAgY29kZS4gVGhlIGF0dGFja2VyIGNvbXBsZXRlcyB0aGUgYXV0aG9yaXph
dGlvbiBmbG93IGJ5IHNlbmRpbmcgdGhlIGF1dGhvcml6YXRpb24gY29kZSB0bwogICAgICAgICAg
dGhlIGNsaWVudCB1c2luZyB0aGUgb3JpZ2luYWwgcmVkaXJlY3Rpb24gVVJJIHByb3ZpZGVkIGJ5
IHRoZSBjbGllbnQuIFRoZSBjbGllbnQKICAgICAgICAgIGV4Y2hhbmdlcyB0aGUgYXV0aG9yaXph
dGlvbiBjb2RlIHdpdGggYW4gYWNjZXNzIHRva2VuIGFuZCBsaW5rcyBpdCB0byB0aGUgYXR0YWNr
ZXIncwogICAgICAgICAgY2xpZW50IGFjY291bnQgd2hpY2ggY2FuIG5vdyBnYWluIGFjY2VzcyB0
byB0aGUgcHJvdGVjdGVkIHJlc291cmNlcyBhdXRob3JpemVkIGJ5IHRoZQogICAgICAgICAgdmlj
dGltICh2aWEgdGhlIGNsaWVudCkuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBJbiBvcmRl
ciB0byBwcmV2ZW50IHN1Y2ggYW4gYXR0YWNrLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVT
VCBlbnN1cmUgdGhhdCB0aGUKICAgICAgICAgIHJlZGlyZWN0aW9uIFVSSSB1c2VkIHRvIG9idGFp
biB0aGUgYXV0aG9yaXphdGlvbiBjb2RlIGlzIGlkZW50aWNhbCB0byB0aGUgcmVkaXJlY3Rpb24g
VVJJCiAgICAgICAgICBwcm92aWRlZCB3aGVuIGV4Y2hhbmdpbmcgdGhlIGF1dGhvcml6YXRpb24g
Y29kZSBmb3IgYW4gYWNjZXNzIHRva2VuLiBUaGUgYXV0aG9yaXphdGlvbgogICAgICAgICAgc2Vy
dmVyIE1VU1QgcmVxdWlyZSBwdWJsaWMgY2xpZW50cyBhbmQgU0hPVUxEIHJlcXVpcmUgY29uZmlk
ZW50aWFsIGNsaWVudHMgdG8gcmVnaXN0ZXIKICAgICAgICAgIHRoZWlyIHJlZGlyZWN0aW9uIFVS
SXMuIElmIGEgcmVkaXJlY3Rpb24gVVJJIGlzIHByb3ZpZGVkIGluIHRoZSByZXF1ZXN0LCB0aGUK
ICAgICAgICAgIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgdmFsaWRhdGUgaXQgYWdhaW5zdCB0
aGUgcmVnaXN0ZXJlZCB2YWx1ZS4KICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3I0OSI+PC9h
PjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2Vs
bHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0i
VE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFi
bGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjEwLjciPjwvYT48aDM+MTAuNy4mbmJzcDsKUmVzb3Vy
Y2UgT3duZXIgUGFzc3dvcmQgQ3JlZGVudGlhbHM8L2gzPgoKPHA+CiAgICAgICAgICBUaGUgcmVz
b3VyY2Ugb3duZXIgcGFzc3dvcmQgY3JlZGVudGlhbHMgZ3JhbnQgdHlwZSBpcyBvZnRlbiB1c2Vk
IGZvciBsZWdhY3kgb3IgbWlncmF0aW9uCiAgICAgICAgICByZWFzb25zLiBJdCByZWR1Y2VzIHRo
ZSBvdmVyYWxsIHJpc2sgb2Ygc3RvcmluZyB1c2VybmFtZSBhbmQgcGFzc3dvcmQgYnkgdGhlIGNs
aWVudCwgYnV0CiAgICAgICAgICBkb2VzIG5vdCBlbGltaW5hdGUgdGhlIG5lZWQgdG8gZXhwb3Nl
IGhpZ2hseSBwcml2aWxlZ2VkIGNyZWRlbnRpYWxzIHRvIHRoZSBjbGllbnQuCiAgICAgICAgCjwv
cD4KPHA+CiAgICAgICAgICBUaGlzIGdyYW50IHR5cGUgY2FycmllcyBhIGhpZ2hlciByaXNrIHRo
YW4gb3RoZXIgZ3JhbnQgdHlwZXMgYmVjYXVzZSBpdCBtYWludGFpbnMgdGhlCiAgICAgICAgICBw
YXNzd29yZCBhbnRpLXBhdHRlcm4gdGhpcyBwcm90b2NvbCBzZWVrcyB0byBhdm9pZC4gVGhlIGNs
aWVudCBjb3VsZCBhYnVzZSB0aGUgcGFzc3dvcmQKICAgICAgICAgIG9yIHRoZSBwYXNzd29yZCBj
b3VsZCB1bmludGVudGlvbmFsbHkgYmUgZGlzY2xvc2VkIHRvIGFuIGF0dGFja2VyIChlLmcuIHZp
YSBsb2cgZmlsZXMgb3IKICAgICAgICAgIG90aGVyIHJlY29yZHMga2VwdCBieSB0aGUgY2xpZW50
KS4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIEFkZGl0aW9uYWxseSwgYmVjYXVzZSB0aGUg
cmVzb3VyY2Ugb3duZXIgZG9lcyBub3QgaGF2ZSBjb250cm9sIG92ZXIgdGhlIGF1dGhvcml6YXRp
b24KICAgICAgICAgIHByb2Nlc3MgKHRoZSByZXNvdXJjZSBvd25lciBpbnZvbHZlbWVudCBlbmRz
IHdoZW4gaXQgaGFuZHMgb3ZlciBpdHMgY3JlZGVudGlhbHMgdG8gdGhlCiAgICAgICAgICBjbGll
bnQpLCB0aGUgY2xpZW50IGNhbiBvYnRhaW4gYWNjZXNzIHRva2VucyB3aXRoIGEgYnJvYWRlciBz
Y29wZSB0aGFuIGRlc2lyZWQgYnkgdGhlCiAgICAgICAgICByZXNvdXJjZSBvd25lci4gVGhlIGF1
dGhvcml6YXRpb24gc2VydmVyIHNob3VsZCBjb25zaWRlciB0aGUgc2NvcGUgYW5kIGxpZmV0aW1l
IG9mCiAgICAgICAgICBhY2Nlc3MgdG9rZW5zIGlzc3VlZCB2aWEgdGhpcyBncmFudCB0eXBlLgog
ICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGFuZCBj
bGllbnQgU0hPVUxEIG1pbmltaXplIHVzZSBvZiB0aGlzIGdyYW50IHR5cGUgYW5kIHV0aWxpemUK
ICAgICAgICAgIG90aGVyIGdyYW50IHR5cGVzIHdoZW5ldmVyIHBvc3NpYmxlLgogICAgICAgIAo8
L3A+CjxhIG5hbWU9ImFuY2hvcjUwIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJs
YXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxp
Z249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RP
QyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMTAuOCI+
PC9hPjxoMz4xMC44LiZuYnNwOwpSZXF1ZXN0IENvbmZpZGVudGlhbGl0eTwvaDM+Cgo8cD4KICAg
ICAgICAgIEFjY2VzcyB0b2tlbnMsIHJlZnJlc2ggdG9rZW5zLCByZXNvdXJjZSBvd25lciBwYXNz
d29yZHMsIGFuZCBjbGllbnQgY3JlZGVudGlhbHMgTVVTVCBOT1QKICAgICAgICAgIGJlIHRyYW5z
bWl0dGVkIGluIHRoZSBjbGVhci4gQXV0aG9yaXphdGlvbiBjb2RlcyBTSE9VTEQgTk9UIGJlIHRy
YW5zbWl0dGVkIGluIHRoZSBjbGVhci4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIFRoZSA8
dHQ+c3RhdGU8L3R0PiBhbmQgPHR0PnNjb3BlPC90dD4gcGFyYW1ldGVycwogICAgICAgICAgU0hP
VUxEIE5PVCBpbmNsdWRlIHNlbnNpdGl2ZSBjbGllbnQgb3IgcmVzb3VyY2Ugb3duZXIgaW5mb3Jt
YXRpb24gaW4gcGxhaW4gdGV4dCBhcyB0aGV5CiAgICAgICAgICBjYW4gYmUgdHJhbnNtaXR0ZWQg
b3ZlciBpbnNlY3VyZSBjaGFubmVscyBvciBzdG9yZWQgaW5zZWN1cmVseS4KICAgICAgICAKPC9w
Pgo8YSBuYW1lPSJhbmNob3I1MSI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5
b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWdu
PSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0Mm
bmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjEwLjkiPjwv
YT48aDM+MTAuOS4mbmJzcDsKRW5kcG9pbnRzIEF1dGhlbnRpY2l0eTwvaDM+Cgo8cD4KICAgICAg
ICAgIEluIG9yZGVyIHRvIHByZXZlbnQgbWFuLWluLXRoZS1taWRkbGUgYXR0YWNrcywgdGhlIGF1
dGhvcml6YXRpb24gc2VydmVyIE1VU1QgcmVxdWlyZSB0aGUKICAgICAgICAgIHVzZSBvZiBUTFMg
d2l0aCBzZXJ2ZXIgYXV0aGVudGljYXRpb24gYXMgZGVmaW5lZCBieSA8YSBjbGFzcz0naW5mbycg
aHJlZj0nI1JGQzI4MTgnPltSRkMyODE4XTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZv
Jz5SZXNjb3JsYSwgRS4sICZsZHF1bztIVFRQIE92ZXIgVExTLCZyZHF1bzsgTWF5Jm5ic3A7MjAw
MC48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+IGZvcgogICAgICAgICAgYW55IHJlcXVlc3Qgc2Vu
dCB0byB0aGUgYXV0aG9yaXphdGlvbiBhbmQgdG9rZW4gZW5kcG9pbnRzLiBUaGUgY2xpZW50IE1V
U1QgdmFsaWRhdGUgdGhlCiAgICAgICAgICBhdXRob3JpemF0aW9uIHNlcnZlcidzIFRMUyBjZXJ0
aWZpY2F0ZSBhcyBkZWZpbmVkIGJ5IDxhIGNsYXNzPSdpbmZvJyBocmVmPScjUkZDNjEyNSc+W1JG
QzYxMjVdPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPlNhaW50LUFuZHJlLCBQLiBh
bmQgSi4gSG9kZ2VzLCAmbGRxdW87UmVwcmVzZW50YXRpb24gYW5kIFZlcmlmaWNhdGlvbiBvZiBE
b21haW4tQmFzZWQgQXBwbGljYXRpb24gU2VydmljZSBJZGVudGl0eSB3aXRoaW4gSW50ZXJuZXQg
UHVibGljIEtleSBJbmZyYXN0cnVjdHVyZSBVc2luZyBYLjUwOSAoUEtJWCkgQ2VydGlmaWNhdGVz
IGluIHRoZSBDb250ZXh0IG9mIFRyYW5zcG9ydCBMYXllciBTZWN1cml0eSAoVExTKSwmcmRxdW87
IE1hcmNoJm5ic3A7MjAxMS48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LCBhbmQgaW4KICAgICAg
ICAgIGFjY29yZGFuY2Ugd2l0aCBpdHMgcmVxdWlyZW1lbnRzIGZvciBzZXJ2ZXIgaWRlbnRpdHkg
YXV0aGVudGljYXRpb24uCiAgICAgICAgCjwvcD4KPGEgbmFtZT0iYW50aHJvcHkiPjwvYT48YnIg
Lz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFj
aW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1
ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8
YSBuYW1lPSJyZmMuc2VjdGlvbi4xMC4xMCI+PC9hPjxoMz4xMC4xMC4mbmJzcDsKQ3JlZGVudGlh
bHMgR3Vlc3NpbmcgQXR0YWNrczwvaDM+Cgo8cD4KICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9u
IHNlcnZlciBNVVNUIHByZXZlbnQgYXR0YWNrZXJzIGZyb20gZ3Vlc3NpbmcgYWNjZXNzIHRva2Vu
cywKICAgICAgICAgIGF1dGhvcml6YXRpb24gY29kZXMsIHJlZnJlc2ggdG9rZW5zLCByZXNvdXJj
ZSBvd25lciBwYXNzd29yZHMsIGFuZCBjbGllbnQgY3JlZGVudGlhbHMuCiAgICAgICAgCjwvcD4K
PHA+CiAgICAgICAgICBUaGUgcHJvYmFiaWxpdHkgb2YgYW4gYXR0YWNrZXIgZ3Vlc3NpbmcgZ2Vu
ZXJhdGVkIHRva2VucyAoYW5kIG90aGVyIGNyZWRlbnRpYWxzIG5vdAogICAgICAgICAgaW50ZW5k
ZWQgZm9yIGhhbmRsaW5nIGJ5IGVuZC11c2VycykgTVVTVCBiZSBsZXNzIHRoYW4gb3IgZXF1YWwg
dG8gMl4oLTEyOCkgYW5kIFNIT1VMRCBiZQogICAgICAgICAgbGVzcyB0aGFuIG9yIGVxdWFsIHRv
IDJeKC0xNjApLgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24g
c2VydmVyIE1VU1QgdXRpbGl6ZSBvdGhlciBtZWFucyB0byBwcm90ZWN0IGNyZWRlbnRpYWxzIGlu
dGVuZGVkIGZvcgogICAgICAgICAgZW5kLXVzZXIgdXNhZ2UuCiAgICAgICAgCjwvcD4KPGEgbmFt
ZT0iYW5jaG9yNTIiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2Vs
bHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQi
Pjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9h
PjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi4xMC4xMSI+PC9hPjxoMz4x
MC4xMS4mbmJzcDsKUGhpc2hpbmcgQXR0YWNrczwvaDM+Cgo8cD4KICAgICAgICAgIFdpZGUgZGVw
bG95bWVudCBvZiB0aGlzIGFuZCBzaW1pbGFyIHByb3RvY29scyBtYXkgY2F1c2UgZW5kLXVzZXJz
IHRvIGJlY29tZSBpbnVyZWQKICAgICAgICAgIHRvIHRoZSBwcmFjdGljZSBvZiBiZWluZyByZWRp
cmVjdGVkIHRvIHdlYnNpdGVzIHdoZXJlIHRoZXkgYXJlIGFza2VkIHRvIGVudGVyIHRoZWlyCiAg
ICAgICAgICBwYXNzd29yZHMuIElmIGVuZC11c2VycyBhcmUgbm90IGNhcmVmdWwgdG8gdmVyaWZ5
IHRoZSBhdXRoZW50aWNpdHkgb2YgdGhlc2Ugd2Vic2l0ZXMKICAgICAgICAgIGJlZm9yZSBlbnRl
cmluZyB0aGVpciBjcmVkZW50aWFscywgaXQgd2lsbCBiZSBwb3NzaWJsZSBmb3IgYXR0YWNrZXJz
IHRvIGV4cGxvaXQgdGhpcwogICAgICAgICAgcHJhY3RpY2UgdG8gc3RlYWwgcmVzb3VyY2Ugb3du
ZXJzJyBwYXNzd29yZHMuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBTZXJ2aWNlIHByb3Zp
ZGVycyBzaG91bGQgYXR0ZW1wdCB0byBlZHVjYXRlIGVuZC11c2VycyBhYm91dCB0aGUgcmlza3Mg
cGhpc2hpbmcgYXR0YWNrcwogICAgICAgICAgcG9zZSwgYW5kIHNob3VsZCBwcm92aWRlIG1lY2hh
bmlzbXMgdGhhdCBtYWtlIGl0IGVhc3kgZm9yIGVuZC11c2VycyB0byBjb25maXJtIHRoZQogICAg
ICAgICAgYXV0aGVudGljaXR5IG9mIHRoZWlyIHNpdGVzLiBDbGllbnQgZGV2ZWxvcGVycyBzaG91
bGQgY29uc2lkZXIgdGhlIHNlY3VyaXR5IGltcGxpY2F0aW9ucwogICAgICAgICAgb2YgaG93IHRo
ZXkgaW50ZXJhY3Qgd2l0aCB0aGUgdXNlci1hZ2VudCAoZS5nLiwgZXh0ZXJuYWwsIGVtYmVkZGVk
KSwgYW5kIHRoZSBhYmlsaXR5IG9mCiAgICAgICAgICB0aGUgZW5kLXVzZXIgdG8gdmVyaWZ5IHRo
ZSBhdXRoZW50aWNpdHkgb2YgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLgogICAgICAgIAo8L3A+
CjxwPgogICAgICAgICAgVG8gcmVkdWNlIHRoZSByaXNrIG9mIHBoaXNoaW5nIGF0dGFja3MsIHRo
ZSBhdXRob3JpemF0aW9uIHNlcnZlcnMgTVVTVCByZXF1aXJlIHRoZSB1c2Ugb2YKICAgICAgICAg
IFRMUyBvbiBldmVyeSBlbmRwb2ludCB1c2VkIGZvciBlbmQtdXNlciBpbnRlcmFjdGlvbi4KICAg
ICAgICAKPC9wPgo8YSBuYW1lPSJDU1JGIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5
PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIg
YWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNw
O1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMTAu
MTIiPjwvYT48aDM+MTAuMTIuJm5ic3A7CkNyb3NzLVNpdGUgUmVxdWVzdCBGb3JnZXJ5PC9oMz4K
CjxwPgogICAgICAgICAgQ3Jvc3Mtc2l0ZSByZXF1ZXN0IGZvcmdlcnkgKENTUkYpIGlzIGFuIGV4
cGxvaXQgaW4gd2hpY2ggYW4gYXR0YWNrZXIgY2F1c2VzIHRoZQogICAgICAgICAgdXNlci1hZ2Vu
dCBvZiBhIHZpY3RpbSBlbmQtdXNlciB0byBmb2xsb3cgYSBtYWxpY2lvdXMgVVJJIChlLmcuIHBy
b3ZpZGVkIHRvIHRoZQogICAgICAgICAgdXNlci1hZ2VudCBhcyBhIG1pc2xlYWRpbmcgbGluaywg
aW1hZ2UsIG9yIHJlZGlyZWN0aW9uKSB0byBhIHRydXN0aW5nIHNlcnZlciAodXN1YWxseQogICAg
ICAgICAgZXN0YWJsaXNoZWQgdmlhIHRoZSBwcmVzZW5jZSBvZiBhIHZhbGlkIHNlc3Npb24gY29v
a2llKS4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIEEgQ1NSRiBhdHRhY2sgYWdhaW5zdCB0
aGUgY2xpZW50J3MgcmVkaXJlY3Rpb24gVVJJIGFsbG93cyBhbiBhdHRhY2tlciB0byBpbmplY3Qg
dGhlaXIgb3duCiAgICAgICAgICBhdXRob3JpemF0aW9uIGNvZGUgb3IgYWNjZXNzIHRva2VuLCB3
aGljaCBjYW4gcmVzdWx0IGluIHRoZSBjbGllbnQgdXNpbmcgYW4gYWNjZXNzIHRva2VuCiAgICAg
ICAgICBhc3NvY2lhdGVkIHdpdGggdGhlIGF0dGFja2VyJ3MgcHJvdGVjdGVkIHJlc291cmNlcyBy
YXRoZXIgdGhhbiB0aGUgdmljdGltJ3MgKGUuZy4gc2F2ZQogICAgICAgICAgdGhlIHZpY3RpbSdz
IGJhbmsgYWNjb3VudCBpbmZvcm1hdGlvbiB0byBhIHByb3RlY3RlZCByZXNvdXJjZSBjb250cm9s
bGVkIGJ5IHRoZQogICAgICAgICAgYXR0YWNrZXIpLgogICAgICAgIAo8L3A+CjxwPgogICAgICAg
ICAgVGhlIGNsaWVudCBNVVNUIGltcGxlbWVudCBDU1JGIHByb3RlY3Rpb24gZm9yIGl0cyByZWRp
cmVjdGlvbiBVUkkuIFRoaXMgaXMgdHlwaWNhbGx5CiAgICAgICAgICBhY2NvbXBsaXNoZWQgYnkg
cmVxdWlyaW5nIGFueSByZXF1ZXN0IHNlbnQgdG8gdGhlIHJlZGlyZWN0aW9uIFVSSSBlbmRwb2lu
dCB0byBpbmNsdWRlIGEKICAgICAgICAgIHZhbHVlIHRoYXQgYmluZHMgdGhlIHJlcXVlc3QgdG8g
dGhlIHVzZXItYWdlbnQncyBhdXRoZW50aWNhdGVkIHN0YXRlIChlLmcuIGEgaGFzaCBvZiB0aGUK
ICAgICAgICAgIHNlc3Npb24gY29va2llIHVzZWQgdG8gYXV0aGVudGljYXRlIHRoZSB1c2VyLWFn
ZW50KS4gVGhlIGNsaWVudCBTSE9VTEQgdXRpbGl6ZSB0aGUKICAgICAgICAgIDx0dD5zdGF0ZTwv
dHQ+IHJlcXVlc3QgcGFyYW1ldGVyIHRvIGRlbGl2ZXIgdGhpcyB2YWx1ZSB0byB0aGUKICAgICAg
ICAgIGF1dGhvcml6YXRpb24gc2VydmVyIHdoZW4gbWFraW5nIGFuIGF1dGhvcml6YXRpb24gcmVx
dWVzdC4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIE9uY2UgYXV0aG9yaXphdGlvbiBoYXMg
YmVlbiBvYnRhaW5lZCBmcm9tIHRoZSBlbmQtdXNlciwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVy
CiAgICAgICAgICByZWRpcmVjdHMgdGhlIGVuZC11c2VyJ3MgdXNlci1hZ2VudCBiYWNrIHRvIHRo
ZSBjbGllbnQgd2l0aCB0aGUgcmVxdWlyZWQgYmluZGluZyB2YWx1ZQogICAgICAgICAgY29udGFp
bmVkIGluIHRoZSA8dHQ+c3RhdGU8L3R0PiBwYXJhbWV0ZXIuIFRoZSBiaW5kaW5nIHZhbHVlIGVu
YWJsZXMKICAgICAgICAgIHRoZSBjbGllbnQgdG8gdmVyaWZ5IHRoZSB2YWxpZGl0eSBvZiB0aGUg
cmVxdWVzdCBieSBtYXRjaGluZyB0aGUgYmluZGluZyB2YWx1ZSB0byB0aGUKICAgICAgICAgIHVz
ZXItYWdlbnQncyBhdXRoZW50aWNhdGVkIHN0YXRlLiBUaGUgYmluZGluZyB2YWx1ZSB1c2VkIGZv
ciBDU1JGIHByb3RlY3Rpb24gTVVTVCBjb250YWluCiAgICAgICAgICBhIG5vbi1ndWVzc2FibGUg
dmFsdWUgKGFzIGRlc2NyaWJlZCBpbiA8YSBjbGFzcz0naW5mbycgaHJlZj0nI2FudGhyb3B5Jz5T
ZWN0aW9uJm5ic3A7MTAuMTA8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+Q3JlZGVu
dGlhbHMgR3Vlc3NpbmcgQXR0YWNrczwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4pLCBhbmQgdGhl
IHVzZXItYWdlbnQncwogICAgICAgICAgYXV0aGVudGljYXRlZCBzdGF0ZSAoZS5nLiBzZXNzaW9u
IGNvb2tpZSwgSFRNTDUgbG9jYWwgc3RvcmFnZSkgTVVTVCBiZSBrZXB0IGluIGEgbG9jYXRpb24K
ICAgICAgICAgIGFjY2Vzc2libGUgb25seSB0byB0aGUgY2xpZW50IGFuZCB0aGUgdXNlci1hZ2Vu
dCAoaS5lLiwgcHJvdGVjdGVkIGJ5IHNhbWUtb3JpZ2luIHBvbGljeSkuCiAgICAgICAgCjwvcD4K
PHA+CiAgICAgICAgICBBIENTUkYgYXR0YWNrIGFnYWluc3QgdGhlIGF1dGhvcml6YXRpb24gc2Vy
dmVyJ3MgYXV0aG9yaXphdGlvbiBlbmRwb2ludCBjYW4gcmVzdWx0IGluIGFuCiAgICAgICAgICBh
dHRhY2tlciBvYnRhaW5pbmcgZW5kLXVzZXIgYXV0aG9yaXphdGlvbiBmb3IgYSBtYWxpY2lvdXMg
Y2xpZW50IHdpdGhvdXQgaW52b2x2aW5nIG9yCiAgICAgICAgICBhbGVydGluZyB0aGUgZW5kLXVz
ZXIuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIg
TVVTVCBpbXBsZW1lbnQgQ1NSRiBwcm90ZWN0aW9uIGZvciBpdHMgYXV0aG9yaXphdGlvbiBlbmRw
b2ludCwKICAgICAgICAgIGFuZCBlbnN1cmUgdGhhdCBhIG1hbGljaW91cyBjbGllbnQgY2Fubm90
IG9idGFpbiBhdXRob3JpemF0aW9uIHdpdGhvdXQgdGhlIGF3YXJlbmVzcyBhbmQKICAgICAgICAg
IGV4cGxpY2l0IGNvbnNlbnQgb2YgdGhlIHJlc291cmNlIG93bmVyLgogICAgICAgIAo8L3A+Cjxh
IG5hbWU9ImFuY2hvcjUzIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQi
IGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJp
Z2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNw
OzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMTAuMTMiPjwvYT48
aDM+MTAuMTMuJm5ic3A7CkNsaWNramFja2luZzwvaDM+Cgo8cD4KICAgICAgICAgIEluIGEgY2xp
Y2tqYWNraW5nIGF0dGFjaywgYW4gYXR0YWNrZXIgcmVnaXN0ZXJzIGEgbGVnaXRpbWF0ZSBjbGll
bnQgYW5kIHRoZW4gY29uc3RydWN0cyBhCiAgICAgICAgICBtYWxpY2lvdXMgc2l0ZSBpbiB3aGlj
aCBpdCBsb2FkcyB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIncyBhdXRob3JpemF0aW9uIGVuZHBv
aW50IHdlYgogICAgICAgICAgcGFnZSBpbiBhIHRyYW5zcGFyZW50IGlmcmFtZSBvdmVybGFpZCBv
biB0b3Agb2YgYSBzZXQgb2YgZHVtbXkgYnV0dG9ucyB3aGljaCBhcmUKICAgICAgICAgIGNhcmVm
dWxseSBjb25zdHJ1Y3RlZCB0byBiZSBwbGFjZWQgZGlyZWN0bHkgdW5kZXIgaW1wb3J0YW50IGJ1
dHRvbnMgb24gdGhlIGF1dGhvcml6YXRpb24KICAgICAgICAgIHBhZ2UuIFdoZW4gYW4gZW5kLXVz
ZXIgY2xpY2tzIGEgbWlzbGVhZGluZyB2aXNpYmxlIGJ1dHRvbiwgdGhlIGVuZC11c2VyIGlzIGFj
dHVhbGx5CiAgICAgICAgICBjbGlja2luZyBhbiBpbnZpc2libGUgYnV0dG9uIG9uIHRoZSBhdXRo
b3JpemF0aW9uIHBhZ2UgKHN1Y2ggYXMgYW4gIkF1dGhvcml6ZSIgYnV0dG9uKS4KICAgICAgICAg
IFRoaXMgYWxsb3dzIGFuIGF0dGFja2VyIHRvIHRyaWNrIGEgcmVzb3VyY2Ugb3duZXIgaW50byBn
cmFudGluZyBpdHMgY2xpZW50IGFjY2VzcyB3aXRob3V0CiAgICAgICAgICB0aGVpciBrbm93bGVk
Z2UuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBUbyBwcmV2ZW50IHRoaXMgZm9ybSBvZiBh
dHRhY2ssIG5hdGl2ZSBhcHBsaWNhdGlvbnMgU0hPVUxEIHVzZSBleHRlcm5hbCBicm93c2VycyBp
bnN0ZWFkCiAgICAgICAgICBvZiBlbWJlZGRpbmcgYnJvd3NlcnMgd2l0aGluIHRoZSBhcHBsaWNh
dGlvbiB3aGVuIHJlcXVlc3RpbmcgZW5kLXVzZXIgYXV0aG9yaXphdGlvbi4gRm9yCiAgICAgICAg
ICBtb3N0IG5ld2VyIGJyb3dzZXJzLCBhdm9pZGFuY2Ugb2YgaWZyYW1lcyBjYW4gYmUgZW5mb3Jj
ZWQgYnkgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyCiAgICAgICAgICB1c2luZyB0aGUgKG5vbi1z
dGFuZGFyZCkgPHR0PngtZnJhbWUtb3B0aW9uczwvdHQ+IGhlYWRlci4gVGhpcyBoZWFkZXIKICAg
ICAgICAgIGNhbiBoYXZlIHR3byB2YWx1ZXMsIDx0dD5kZW55PC90dD4gYW5kCiAgICAgICAgICA8
dHQ+c2FtZW9yaWdpbjwvdHQ+LCB3aGljaCB3aWxsIGJsb2NrIGFueSBmcmFtaW5nLCBvciBmcmFt
aW5nIGJ5IHNpdGVzCiAgICAgICAgICB3aXRoIGEgZGlmZmVyZW50IG9yaWdpbiwgcmVzcGVjdGl2
ZWx5LiBGb3Igb2xkZXIgYnJvd3NlcnMsIGphdmFzY3JpcHQgZnJhbWVidXN0aW5nCiAgICAgICAg
ICB0ZWNobmlxdWVzIGNhbiBiZSB1c2VkIGJ1dCBtYXkgbm90IGJlIGVmZmVjdGl2ZSBpbiBhbGwg
YnJvd3NlcnMuCiAgICAgICAgCjwvcD4KPGEgbmFtZT0iYW5jaG9yNTQiPjwvYT48YnIgLz48aHIg
Lz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIy
IiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEg
aHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1l
PSJyZmMuc2VjdGlvbi4xMC4xNCI+PC9hPjxoMz4xMC4xNC4mbmJzcDsKQ29kZSBJbmplY3Rpb24g
YW5kIElucHV0IFZhbGlkYXRpb248L2gzPgoKPHA+CiAgICAgICAgICBBIGNvZGUgaW5qZWN0aW9u
IGF0dGFjayBvY2N1cnMgd2hlbiBhbiBpbnB1dCBvciBvdGhlcndpc2UgZXh0ZXJuYWwgdmFyaWFi
bGUgaXMgdXNlZCBieSBhbgogICAgICAgICAgYXBwbGljYXRpb24gdW5zYW5pdGl6ZWQgYW5kIGNh
dXNlcyBtb2RpZmljYXRpb24gdG8gdGhlIGFwcGxpY2F0aW9uIGxvZ2ljLiBUaGlzIG1heSBhbGxv
dwogICAgICAgICAgYW4gYXR0YWNrZXIgdG8gZ2FpbiBhY2Nlc3MgdG8gdGhlIGFwcGxpY2F0aW9u
IGRldmljZSBvciBpdHMgZGF0YSwgY2F1c2UgZGVuaWFsIG9mCiAgICAgICAgICBzZXJ2aWNlLCBv
ciBhIHdpZGUgcmFuZ2Ugb2YgbWFsaWNpb3VzIHNpZGUtZWZmZWN0cy4KICAgICAgICAKPC9wPgo8
cD4KICAgICAgICAgIFRoZSBBdXRob3JpemF0aW9uIHNlcnZlciBhbmQgY2xpZW50IE1VU1Qgc2Fu
aXRpemUgKGFuZCB2YWxpZGF0ZSB3aGVuIHBvc3NpYmxlKSBhbnkgdmFsdWUKICAgICAgICAgIHJl
Y2VpdmVkLCBpbiBwYXJ0aWN1bGFyLCB0aGUgdmFsdWUgb2YgdGhlIDx0dD5zdGF0ZTwvdHQ+IGFu
ZAogICAgICAgICAgPHR0PnJlZGlyZWN0X3VyaTwvdHQ+IHBhcmFtZXRlcnMuCiAgICAgICAgCjwv
cD4KPGEgbmFtZT0ib3Blbi1yZWRpcmVjdCI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFy
eT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWci
IGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJz
cDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjEw
LjE1Ij48L2E+PGgzPjEwLjE1LiZuYnNwOwpPcGVuIFJlZGlyZWN0b3JzPC9oMz4KCjxwPgogICAg
ICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGF1dGhvcml6YXRpb24gZW5kcG9pbnQgYW5k
IHRoZSBjbGllbnQgcmVkaXJlY3Rpb24gZW5kcG9pbnQgY2FuCiAgICAgICAgICBiZSBpbXByb3Bl
cmx5IGNvbmZpZ3VyZWQgYW5kIG9wZXJhdGUgYXMgb3BlbiByZWRpcmVjdG9ycy4gQW4gb3BlbiBy
ZWRpcmVjdG9yIGlzIGFuCiAgICAgICAgICBlbmRwb2ludCB1c2luZyBhIHBhcmFtZXRlciB0byBh
dXRvbWF0aWNhbGx5IHJlZGlyZWN0IGEgdXNlci1hZ2VudCB0byB0aGUgbG9jYXRpb24KICAgICAg
ICAgIHNwZWNpZmllZCBieSB0aGUgcGFyYW1ldGVyIHZhbHVlIHdpdGhvdXQgYW55IHZhbGlkYXRp
b24uCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBPcGVuIHJlZGlyZWN0b3JzIGNhbiBiZSB1
c2VkIGluIHBoaXNoaW5nIGF0dGFja3MsIG9yIGJ5IGFuIGF0dGFja2VyIHRvIGdldCBlbmQtdXNl
cnMgdG8KICAgICAgICAgIHZpc2l0IG1hbGljaW91cyBzaXRlcyBieSBtYWtpbmcgdGhlIFVSSSdz
IGF1dGhvcml0eSBsb29rIGxpa2UgYSBmYW1pbGlhciBhbmQgdHJ1c3RlZAogICAgICAgICAgZGVz
dGluYXRpb24uIEluIGFkZGl0aW9uLCBpZiB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYWxsb3dz
IHRoZSBjbGllbnQgdG8gcmVnaXN0ZXIgb25seQogICAgICAgICAgcGFydCBvZiB0aGUgcmVkaXJl
Y3Rpb24gVVJJLCBhbiBhdHRhY2tlciBjYW4gdXNlIGFuIG9wZW4gcmVkaXJlY3RvciBvcGVyYXRl
ZCBieSB0aGUKICAgICAgICAgIGNsaWVudCB0byBjb25zdHJ1Y3QgYSByZWRpcmVjdGlvbiBVUkkg
dGhhdCB3aWxsIHBhc3MgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHZhbGlkYXRpb24KICAgICAg
ICAgIGJ1dCB3aWxsIHNlbmQgdGhlIGF1dGhvcml6YXRpb24gY29kZSBvciBhY2Nlc3MgdG9rZW4g
dG8gYW4gZW5kcG9pbnQgdW5kZXIgdGhlIGNvbnRyb2wgb2YKICAgICAgICAgIHRoZSBhdHRhY2tl
ci4KICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3I1NSI+PC9hPjxiciAvPjxociAvPgo8dGFi
bGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNz
PSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIj
dG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5z
ZWN0aW9uLjExIj48L2E+PGgzPjExLiZuYnNwOwpJQU5BIENvbnNpZGVyYXRpb25zPC9oMz4KCjxh
IG5hbWU9InR5cGUtcmVnaXN0cnkiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9Imxh
eW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGln
bj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9D
Jm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi4xMS4xIj48
L2E+PGgzPjExLjEuJm5ic3A7ClRoZSBPQXV0aCBBY2Nlc3MgVG9rZW4gVHlwZSBSZWdpc3RyeTwv
aDM+Cgo8cD4KICAgICAgICAgIFRoaXMgc3BlY2lmaWNhdGlvbiBlc3RhYmxpc2hlcyB0aGUgT0F1
dGggYWNjZXNzIHRva2VuIHR5cGUgcmVnaXN0cnkuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAg
ICBBY2Nlc3MgdG9rZW4gdHlwZXMgYXJlIHJlZ2lzdGVyZWQgd2l0aCBhIFNwZWNpZmljYXRpb24g
UmVxdWlyZWQKICAgICAgICAgICg8YSBjbGFzcz0naW5mbycgaHJlZj0nI1JGQzUyMjYnPltSRkM1
MjI2XTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5OYXJ0ZW4sIFQuIGFuZCBILiBB
bHZlc3RyYW5kLCAmbGRxdW87R3VpZGVsaW5lcyBmb3IgV3JpdGluZyBhbiBJQU5BIENvbnNpZGVy
YXRpb25zIFNlY3Rpb24gaW4gUkZDcywmcmRxdW87IE1heSZuYnNwOzIwMDguPC9zcGFuPjxzcGFu
Pik8L3NwYW4+PC9hPikgYWZ0ZXIgYSB0d28gd2Vla3MgcmV2aWV3IHBlcmlvZCBvbiB0aGUgW1RC
RF1AaWV0Zi5vcmcgbWFpbGluZwogICAgICAgICAgbGlzdCwgb24gdGhlIGFkdmljZSBvZiBvbmUg
b3IgbW9yZSBEZXNpZ25hdGVkIEV4cGVydHMuIEhvd2V2ZXIsIHRvIGFsbG93IGZvciB0aGUKICAg
ICAgICAgIGFsbG9jYXRpb24gb2YgdmFsdWVzIHByaW9yIHRvIHB1YmxpY2F0aW9uLCB0aGUgRGVz
aWduYXRlZCBFeHBlcnQocykgbWF5IGFwcHJvdmUKICAgICAgICAgIHJlZ2lzdHJhdGlvbiBvbmNl
IHRoZXkgYXJlIHNhdGlzZmllZCB0aGF0IHN1Y2ggYSBzcGVjaWZpY2F0aW9uIHdpbGwgYmUgcHVi
bGlzaGVkLgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgUmVnaXN0cmF0aW9uIHJlcXVlc3Rz
IG11c3QgYmUgc2VudCB0byB0aGUgW1RCRF1AaWV0Zi5vcmcgbWFpbGluZyBsaXN0IGZvciByZXZp
ZXcgYW5kCiAgICAgICAgICBjb21tZW50LCB3aXRoIGFuIGFwcHJvcHJpYXRlIHN1YmplY3QgKGUu
Zy4sICJSZXF1ZXN0IGZvciBhY2Nlc3MgdG9rZW4gdHlwZTogZXhhbXBsZSIpLgogICAgICAgICAg
W1sgTm90ZSB0byBSRkMtRURJVE9SOiBUaGUgbmFtZSBvZiB0aGUgbWFpbGluZyBsaXN0IHNob3Vs
ZCBiZSBkZXRlcm1pbmVkIGluIGNvbnN1bHRhdGlvbgogICAgICAgICAgd2l0aCB0aGUgSUVTRyBh
bmQgSUFOQS4gU3VnZ2VzdGVkIG5hbWU6IG9hdXRoLWV4dC1yZXZpZXcuIF1dCiAgICAgICAgCjwv
cD4KPHA+CiAgICAgICAgICBXaXRoaW4gdGhlIHJldmlldyBwZXJpb2QsIHRoZSBEZXNpZ25hdGVk
IEV4cGVydChzKSB3aWxsIGVpdGhlciBhcHByb3ZlIG9yCiAgICAgICAgICBkZW55IHRoZSByZWdp
c3RyYXRpb24gcmVxdWVzdCwgY29tbXVuaWNhdGluZyB0aGlzIGRlY2lzaW9uIHRvIHRoZSByZXZp
ZXcgbGlzdCBhbmQgSUFOQS4KICAgICAgICAgIERlbmlhbHMgc2hvdWxkIGluY2x1ZGUgYW4gZXhw
bGFuYXRpb24gYW5kLCBpZiBhcHBsaWNhYmxlLCBzdWdnZXN0aW9ucyBhcyB0byBob3cgdG8gbWFr
ZQogICAgICAgICAgdGhlIHJlcXVlc3Qgc3VjY2Vzc2Z1bC4KICAgICAgICAKPC9wPgo8cD4KICAg
ICAgICAgIElBTkEgbXVzdCBvbmx5IGFjY2VwdCByZWdpc3RyeSB1cGRhdGVzIGZyb20gdGhlIERl
c2lnbmF0ZWQgRXhwZXJ0KHMpLCBhbmQgc2hvdWxkIGRpcmVjdAogICAgICAgICAgYWxsIHJlcXVl
c3RzIGZvciByZWdpc3RyYXRpb24gdG8gdGhlIHJldmlldyBtYWlsaW5nIGxpc3QuCiAgICAgICAg
CjwvcD4KPGEgbmFtZT0iYW5jaG9yNTYiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9
ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBh
bGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7
VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi4xMS4x
LjEiPjwvYT48aDM+MTEuMS4xLiZuYnNwOwpSZWdpc3RyYXRpb24gVGVtcGxhdGU8L2gzPgoKPHA+
CiAgICAgICAgICAgIDwvcD4KPGJsb2NrcXVvdGUgY2xhc3M9InRleHQiPjxkbD4KPGR0PlR5cGUg
bmFtZTo8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgIFRoZSBuYW1l
IHJlcXVlc3RlZCAoZS5nLiwgImV4YW1wbGUiKS4KICAgICAgICAgICAgICAKPC9kZD4KPGR0PkFk
ZGl0aW9uYWwgVG9rZW4gRW5kcG9pbnQgUmVzcG9uc2UgUGFyYW1ldGVyczo8L2R0Pgo8ZGQ+CiAg
ICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgIEFkZGl0aW9uYWwgcmVzcG9uc2UgcGFyYW1l
dGVycyByZXR1cm5lZCB0b2dldGhlciB3aXRoIHRoZQogICAgICAgICAgICAgICAgPHR0PmFjY2Vz
c190b2tlbjwvdHQ+IHBhcmFtZXRlci4gTmV3IHBhcmFtZXRlcnMgTVVTVCBiZQogICAgICAgICAg
ICAgICAgc2VwYXJhdGVseSByZWdpc3RlcmVkIGluIHRoZSBPQXV0aCBwYXJhbWV0ZXJzIHJlZ2lz
dHJ5IGFzIGRlc2NyaWJlZCBieQogICAgICAgICAgICAgICAgPGEgY2xhc3M9J2luZm8nIGhyZWY9
JyNwYXJhbWV0ZXJzLXJlZ2lzdHJ5Jz5TZWN0aW9uJm5ic3A7MTEuMjxzcGFuPiAoPC9zcGFuPjxz
cGFuIGNsYXNzPSdpbmZvJz5UaGUgT0F1dGggUGFyYW1ldGVycyBSZWdpc3RyeTwvc3Bhbj48c3Bh
bj4pPC9zcGFuPjwvYT4uCiAgICAgICAgICAgICAgCjwvZGQ+CjxkdD5IVFRQIEF1dGhlbnRpY2F0
aW9uIFNjaGVtZShzKTo8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAg
IFRoZSBIVFRQIGF1dGhlbnRpY2F0aW9uIHNjaGVtZSBuYW1lKHMpLCBpZiBhbnksIHVzZWQgdG8g
YXV0aGVudGljYXRlIHByb3RlY3RlZAogICAgICAgICAgICAgICAgcmVzb3VyY2VzIHJlcXVlc3Rz
IHVzaW5nIGFjY2VzcyB0b2tlbnMgb2YgdGhpcyB0eXBlLgogICAgICAgICAgICAgIAo8L2RkPgo8
ZHQ+Q2hhbmdlIGNvbnRyb2xsZXI6PC9kdD4KPGRkPgogICAgICAgICAgICAgICAgCiAgICAgICAg
ICAgICAgICBGb3Igc3RhbmRhcmRzLXRyYWNrIFJGQ3MsIHN0YXRlICJJRVRGIi4gRm9yIG90aGVy
cywgZ2l2ZSB0aGUgbmFtZSBvZiB0aGUKICAgICAgICAgICAgICAgIHJlc3BvbnNpYmxlIHBhcnR5
LiBPdGhlciBkZXRhaWxzIChlLmcuLCBwb3N0YWwgYWRkcmVzcywgZS1tYWlsIGFkZHJlc3MsIGhv
bWUgcGFnZQogICAgICAgICAgICAgICAgVVJJKSBtYXkgYWxzbyBiZSBpbmNsdWRlZC4KICAgICAg
ICAgICAgICAKPC9kZD4KPGR0PlNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6PC9kdD4KPGRkPgog
ICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBSZWZlcmVuY2UgdG8gdGhlIGRvY3VtZW50
IHRoYXQgc3BlY2lmaWVzIHRoZSBwYXJhbWV0ZXIsIHByZWZlcmFibHkgaW5jbHVkaW5nIGEgVVJJ
IHRoYXQKICAgICAgICAgICAgICAgIGNhbiBiZSB1c2VkIHRvIHJldHJpZXZlIGEgY29weSBvZiB0
aGUgZG9jdW1lbnQuIEFuIGluZGljYXRpb24gb2YgdGhlIHJlbGV2YW50CiAgICAgICAgICAgICAg
ICBzZWN0aW9ucyBtYXkgYWxzbyBiZSBpbmNsdWRlZCwgYnV0IGlzIG5vdCByZXF1aXJlZC4KICAg
ICAgICAgICAgICAKPC9kZD4KPC9kbD48L2Jsb2NrcXVvdGU+PHA+CiAgICAgICAgICAKPC9wPgo8
YSBuYW1lPSJwYXJhbWV0ZXJzLXJlZ2lzdHJ5Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1t
YXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1
ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZu
YnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24u
MTEuMiI+PC9hPjxoMz4xMS4yLiZuYnNwOwpUaGUgT0F1dGggUGFyYW1ldGVycyBSZWdpc3RyeTwv
aDM+Cgo8cD4KICAgICAgICAgIFRoaXMgc3BlY2lmaWNhdGlvbiBlc3RhYmxpc2hlcyB0aGUgT0F1
dGggcGFyYW1ldGVycyByZWdpc3RyeS4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIEFkZGl0
aW9uYWwgcGFyYW1ldGVycyBmb3IgaW5jbHVzaW9uIGluIHRoZSBhdXRob3JpemF0aW9uIGVuZHBv
aW50IHJlcXVlc3QsIHRoZQogICAgICAgICAgYXV0aG9yaXphdGlvbiBlbmRwb2ludCByZXNwb25z
ZSwgdGhlIHRva2VuIGVuZHBvaW50IHJlcXVlc3QsIG9yIHRoZSB0b2tlbiBlbmRwb2ludAogICAg
ICAgICAgcmVzcG9uc2UgYXJlIHJlZ2lzdGVyZWQgd2l0aCBhIFNwZWNpZmljYXRpb24gUmVxdWly
ZWQKICAgICAgICAgICg8YSBjbGFzcz0naW5mbycgaHJlZj0nI1JGQzUyMjYnPltSRkM1MjI2XTxz
cGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5OYXJ0ZW4sIFQuIGFuZCBILiBBbHZlc3Ry
YW5kLCAmbGRxdW87R3VpZGVsaW5lcyBmb3IgV3JpdGluZyBhbiBJQU5BIENvbnNpZGVyYXRpb25z
IFNlY3Rpb24gaW4gUkZDcywmcmRxdW87IE1heSZuYnNwOzIwMDguPC9zcGFuPjxzcGFuPik8L3Nw
YW4+PC9hPikgYWZ0ZXIgYSB0d28gd2Vla3MgcmV2aWV3IHBlcmlvZCBvbiB0aGUgW1RCRF1AaWV0
Zi5vcmcgbWFpbGluZwogICAgICAgICAgbGlzdCwgb24gdGhlIGFkdmljZSBvZiBvbmUgb3IgbW9y
ZSBEZXNpZ25hdGVkIEV4cGVydHMuIEhvd2V2ZXIsIHRvIGFsbG93IGZvciB0aGUKICAgICAgICAg
IGFsbG9jYXRpb24gb2YgdmFsdWVzIHByaW9yIHRvIHB1YmxpY2F0aW9uLCB0aGUgRGVzaWduYXRl
ZCBFeHBlcnQocykgbWF5IGFwcHJvdmUKICAgICAgICAgIHJlZ2lzdHJhdGlvbiBvbmNlIHRoZXkg
YXJlIHNhdGlzZmllZCB0aGF0IHN1Y2ggYSBzcGVjaWZpY2F0aW9uIHdpbGwgYmUgcHVibGlzaGVk
LgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgUmVnaXN0cmF0aW9uIHJlcXVlc3RzIG11c3Qg
YmUgc2VudCB0byB0aGUgW1RCRF1AaWV0Zi5vcmcgbWFpbGluZyBsaXN0IGZvciByZXZpZXcgYW5k
CiAgICAgICAgICBjb21tZW50LCB3aXRoIGFuIGFwcHJvcHJpYXRlIHN1YmplY3QgKGUuZy4sICJS
ZXF1ZXN0IGZvciBwYXJhbWV0ZXI6IGV4YW1wbGUiKS4KICAgICAgICAgIFtbIE5vdGUgdG8gUkZD
LUVESVRPUjogVGhlIG5hbWUgb2YgdGhlIG1haWxpbmcgbGlzdCBzaG91bGQgYmUgZGV0ZXJtaW5l
ZCBpbiBjb25zdWx0YXRpb24KICAgICAgICAgIHdpdGggdGhlIElFU0cgYW5kIElBTkEuIFN1Z2dl
c3RlZCBuYW1lOiBvYXV0aC1leHQtcmV2aWV3LiBdXQogICAgICAgIAo8L3A+CjxwPgogICAgICAg
ICAgV2l0aGluIHRoZSByZXZpZXcgcGVyaW9kLCB0aGUgRGVzaWduYXRlZCBFeHBlcnQocykgd2ls
bCBlaXRoZXIgYXBwcm92ZSBvcgogICAgICAgICAgZGVueSB0aGUgcmVnaXN0cmF0aW9uIHJlcXVl
c3QsIGNvbW11bmljYXRpbmcgdGhpcyBkZWNpc2lvbiB0byB0aGUgcmV2aWV3IGxpc3QgYW5kIElB
TkEuCiAgICAgICAgICBEZW5pYWxzIHNob3VsZCBpbmNsdWRlIGFuIGV4cGxhbmF0aW9uIGFuZCwg
aWYgYXBwbGljYWJsZSwgc3VnZ2VzdGlvbnMgYXMgdG8gaG93IHRvIG1ha2UKICAgICAgICAgIHRo
ZSByZXF1ZXN0IHN1Y2Nlc3NmdWwuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBJQU5BIG11
c3Qgb25seSBhY2NlcHQgcmVnaXN0cnkgdXBkYXRlcyBmcm9tIHRoZSBEZXNpZ25hdGVkIEV4cGVy
dChzKSwgYW5kIHNob3VsZCBkaXJlY3QKICAgICAgICAgIGFsbCByZXF1ZXN0cyBmb3IgcmVnaXN0
cmF0aW9uIHRvIHRoZSByZXZpZXcgbWFpbGluZyBsaXN0LgogICAgICAgIAo8L3A+CjxhIG5hbWU9
ImFuY2hvcjU3Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxw
YWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48
dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48
L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMTEuMi4xIj48L2E+PGgzPjEx
LjIuMS4mbmJzcDsKUmVnaXN0cmF0aW9uIFRlbXBsYXRlPC9oMz4KCjxwPgogICAgICAgICAgICA8
L3A+CjxibG9ja3F1b3RlIGNsYXNzPSJ0ZXh0Ij48ZGw+CjxkdD5QYXJhbWV0ZXIgbmFtZTo8L2R0
Pgo8ZGQ+CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgIFRoZSBuYW1lIHJlcXVlc3Rl
ZCAoZS5nLiwgImV4YW1wbGUiKS4KICAgICAgICAgICAgICAKPC9kZD4KPGR0PlBhcmFtZXRlciB1
c2FnZSBsb2NhdGlvbjo8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAg
IFRoZSBsb2NhdGlvbihzKSB3aGVyZSBwYXJhbWV0ZXIgY2FuIGJlIHVzZWQuIFRoZSBwb3NzaWJs
ZSBsb2NhdGlvbnMgYXJlOgogICAgICAgICAgICAgICAgYXV0aG9yaXphdGlvbiByZXF1ZXN0LCBh
dXRob3JpemF0aW9uIHJlc3BvbnNlLCB0b2tlbiByZXF1ZXN0LCBvciB0b2tlbiByZXNwb25zZS4K
ICAgICAgICAgICAgICAKPC9kZD4KPGR0PkNoYW5nZSBjb250cm9sbGVyOjwvZHQ+CjxkZD4KICAg
ICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgRm9yIHN0YW5kYXJkcy10cmFjayBSRkNzLCBz
dGF0ZSAiSUVURiIuIEZvciBvdGhlcnMsIGdpdmUgdGhlIG5hbWUgb2YgdGhlCiAgICAgICAgICAg
ICAgICByZXNwb25zaWJsZSBwYXJ0eS4gT3RoZXIgZGV0YWlscyAoZS5nLiwgcG9zdGFsIGFkZHJl
c3MsIGUtbWFpbCBhZGRyZXNzLCBob21lIHBhZ2UKICAgICAgICAgICAgICAgIFVSSSkgbWF5IGFs
c28gYmUgaW5jbHVkZWQuCiAgICAgICAgICAgICAgCjwvZGQ+CjxkdD5TcGVjaWZpY2F0aW9uIGRv
Y3VtZW50KHMpOjwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgUmVm
ZXJlbmNlIHRvIHRoZSBkb2N1bWVudCB0aGF0IHNwZWNpZmllcyB0aGUgcGFyYW1ldGVyLCBwcmVm
ZXJhYmx5IGluY2x1ZGluZyBhIFVSSSB0aGF0CiAgICAgICAgICAgICAgICBjYW4gYmUgdXNlZCB0
byByZXRyaWV2ZSBhIGNvcHkgb2YgdGhlIGRvY3VtZW50LiBBbiBpbmRpY2F0aW9uIG9mIHRoZSBy
ZWxldmFudAogICAgICAgICAgICAgICAgc2VjdGlvbnMgbWF5IGFsc28gYmUgaW5jbHVkZWQsIGJ1
dCBpcyBub3QgcmVxdWlyZWQuCiAgICAgICAgICAgICAgCjwvZGQ+CjwvZGw+PC9ibG9ja3F1b3Rl
PjxwPgogICAgICAgICAgCjwvcD4KPGEgbmFtZT0iYW5jaG9yNTgiPjwvYT48YnIgLz48aHIgLz4K
PHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBj
bGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJl
Zj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJy
ZmMuc2VjdGlvbi4xMS4yLjIiPjwvYT48aDM+MTEuMi4yLiZuYnNwOwpJbml0aWFsIFJlZ2lzdHJ5
IENvbnRlbnRzPC9oMz4KCjxwPgogICAgICAgICAgICBUaGUgT0F1dGggUGFyYW1ldGVycyBSZWdp
c3RyeSdzIGluaXRpYWwgY29udGVudHMgYXJlOgogICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAg
ICAgIDwvcD4KPHVsIGNsYXNzPSJ0ZXh0Ij4KPGxpPgogICAgICAgICAgICAgICAgUGFyYW1ldGVy
IG5hbWU6IGNsaWVudF9pZAogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAg
ICBQYXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb246IGF1dGhvcml6YXRpb24gcmVxdWVzdCwgdG9rZW4g
cmVxdWVzdAogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBDaGFuZ2Ug
Y29udHJvbGxlcjogSUVURgogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAg
ICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOiBbWyB0aGlzIGRvY3VtZW50IF1dCiAgICAgICAg
ICAgICAgCjwvbGk+CjwvdWw+PHA+CiAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgPC9w
Pgo8dWwgY2xhc3M9InRleHQiPgo8bGk+CiAgICAgICAgICAgICAgICBQYXJhbWV0ZXIgbmFtZTog
Y2xpZW50X3NlY3JldAogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBQ
YXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb246IHRva2VuIHJlcXVlc3QKICAgICAgICAgICAgICAKPC9s
aT4KPGxpPgogICAgICAgICAgICAgICAgQ2hhbmdlIGNvbnRyb2xsZXI6IElFVEYKICAgICAgICAg
ICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChz
KTogW1sgdGhpcyBkb2N1bWVudCBdXQogICAgICAgICAgICAgIAo8L2xpPgo8L3VsPjxwPgogICAg
ICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgIDwvcD4KPHVsIGNsYXNzPSJ0ZXh0Ij4KPGxpPgog
ICAgICAgICAgICAgICAgUGFyYW1ldGVyIG5hbWU6IHJlc3BvbnNlX3R5cGUKICAgICAgICAgICAg
ICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAgUGFyYW1ldGVyIHVzYWdlIGxvY2F0aW9uOiBh
dXRob3JpemF0aW9uIHJlcXVlc3QKICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAg
ICAgICAgQ2hhbmdlIGNvbnRyb2xsZXI6IElFVEYKICAgICAgICAgICAgICAKPC9saT4KPGxpPgog
ICAgICAgICAgICAgICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVu
dCBdXQogICAgICAgICAgICAgIAo8L2xpPgo8L3VsPjxwPgogICAgICAgICAgCjwvcD4KPHA+CiAg
ICAgICAgICAgIDwvcD4KPHVsIGNsYXNzPSJ0ZXh0Ij4KPGxpPgogICAgICAgICAgICAgICAgUGFy
YW1ldGVyIG5hbWU6IHJlZGlyZWN0X3VyaQogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAg
ICAgICAgICAgICBQYXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb246IGF1dGhvcml6YXRpb24gcmVxdWVz
dCwgdG9rZW4gcmVxdWVzdAogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAg
ICBDaGFuZ2UgY29udHJvbGxlcjogSUVURgogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAg
ICAgICAgICAgICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOiBbWyB0aGlzIGRvY3VtZW50IF1d
CiAgICAgICAgICAgICAgCjwvbGk+CjwvdWw+PHA+CiAgICAgICAgICAKPC9wPgo8cD4KICAgICAg
ICAgICAgPC9wPgo8dWwgY2xhc3M9InRleHQiPgo8bGk+CiAgICAgICAgICAgICAgICBQYXJhbWV0
ZXIgbmFtZTogc2NvcGUKICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAg
UGFyYW1ldGVyIHVzYWdlIGxvY2F0aW9uOiBhdXRob3JpemF0aW9uIHJlcXVlc3QsIGF1dGhvcml6
YXRpb24gcmVzcG9uc2UsIHRva2VuCiAgICAgICAgICAgICAgICByZXF1ZXN0LCB0b2tlbiByZXNw
b25zZQogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBDaGFuZ2UgY29u
dHJvbGxlcjogSUVURgogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBT
cGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOiBbWyB0aGlzIGRvY3VtZW50IF1dCiAgICAgICAgICAg
ICAgCjwvbGk+CjwvdWw+PHA+CiAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgPC9wPgo8
dWwgY2xhc3M9InRleHQiPgo8bGk+CiAgICAgICAgICAgICAgICBQYXJhbWV0ZXIgbmFtZTogc3Rh
dGUKICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAgUGFyYW1ldGVyIHVz
YWdlIGxvY2F0aW9uOiBhdXRob3JpemF0aW9uIHJlcXVlc3QsIGF1dGhvcml6YXRpb24gcmVzcG9u
c2UKICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAgQ2hhbmdlIGNvbnRy
b2xsZXI6IElFVEYKICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAgU3Bl
Y2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBdXQogICAgICAgICAgICAg
IAo8L2xpPgo8L3VsPjxwPgogICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgIDwvcD4KPHVs
IGNsYXNzPSJ0ZXh0Ij4KPGxpPgogICAgICAgICAgICAgICAgUGFyYW1ldGVyIG5hbWU6IGNvZGUK
ICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAgUGFyYW1ldGVyIHVzYWdl
IGxvY2F0aW9uOiBhdXRob3JpemF0aW9uIHJlc3BvbnNlLCB0b2tlbiByZXF1ZXN0CiAgICAgICAg
ICAgICAgCjwvbGk+CjxsaT4KICAgICAgICAgICAgICAgIENoYW5nZSBjb250cm9sbGVyOiBJRVRG
CiAgICAgICAgICAgICAgCjwvbGk+CjxsaT4KICAgICAgICAgICAgICAgIFNwZWNpZmljYXRpb24g
ZG9jdW1lbnQocyk6IFtbIHRoaXMgZG9jdW1lbnQgXV0KICAgICAgICAgICAgICAKPC9saT4KPC91
bD48cD4KICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICA8L3A+Cjx1bCBjbGFzcz0idGV4
dCI+CjxsaT4KICAgICAgICAgICAgICAgIFBhcmFtZXRlciBuYW1lOiBlcnJvcl9kZXNjcmlwdGlv
bgogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBQYXJhbWV0ZXIgdXNh
Z2UgbG9jYXRpb246IGF1dGhvcml6YXRpb24gcmVzcG9uc2UsIHRva2VuIHJlc3BvbnNlCiAgICAg
ICAgICAgICAgCjwvbGk+CjxsaT4KICAgICAgICAgICAgICAgIENoYW5nZSBjb250cm9sbGVyOiBJ
RVRGCiAgICAgICAgICAgICAgCjwvbGk+CjxsaT4KICAgICAgICAgICAgICAgIFNwZWNpZmljYXRp
b24gZG9jdW1lbnQocyk6IFtbIHRoaXMgZG9jdW1lbnQgXV0KICAgICAgICAgICAgICAKPC9saT4K
PC91bD48cD4KICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICA8L3A+Cjx1bCBjbGFzcz0i
dGV4dCI+CjxsaT4KICAgICAgICAgICAgICAgIFBhcmFtZXRlciBuYW1lOiBlcnJvcl91cmkKICAg
ICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAgUGFyYW1ldGVyIHVzYWdlIGxv
Y2F0aW9uOiBhdXRob3JpemF0aW9uIHJlc3BvbnNlLCB0b2tlbiByZXNwb25zZQogICAgICAgICAg
ICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBDaGFuZ2UgY29udHJvbGxlcjogSUVURgog
ICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBTcGVjaWZpY2F0aW9uIGRv
Y3VtZW50KHMpOiBbWyB0aGlzIGRvY3VtZW50IF1dCiAgICAgICAgICAgICAgCjwvbGk+CjwvdWw+
PHA+CiAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgPC9wPgo8dWwgY2xhc3M9InRleHQi
Pgo8bGk+CiAgICAgICAgICAgICAgICBQYXJhbWV0ZXIgbmFtZTogZ3JhbnRfdHlwZQogICAgICAg
ICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBQYXJhbWV0ZXIgdXNhZ2UgbG9jYXRp
b246IHRva2VuIHJlcXVlc3QKICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAg
ICAgQ2hhbmdlIGNvbnRyb2xsZXI6IElFVEYKICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAg
ICAgICAgICAgICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBd
XQogICAgICAgICAgICAgIAo8L2xpPgo8L3VsPjxwPgogICAgICAgICAgCjwvcD4KPHA+CiAgICAg
ICAgICAgIDwvcD4KPHVsIGNsYXNzPSJ0ZXh0Ij4KPGxpPgogICAgICAgICAgICAgICAgUGFyYW1l
dGVyIG5hbWU6IGFjY2Vzc190b2tlbgogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAg
ICAgICAgICBQYXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb246IGF1dGhvcml6YXRpb24gcmVzcG9uc2Us
IHRva2VuIHJlc3BvbnNlCiAgICAgICAgICAgICAgCjwvbGk+CjxsaT4KICAgICAgICAgICAgICAg
IENoYW5nZSBjb250cm9sbGVyOiBJRVRGCiAgICAgICAgICAgICAgCjwvbGk+CjxsaT4KICAgICAg
ICAgICAgICAgIFNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6IFtbIHRoaXMgZG9jdW1lbnQgXV0K
ICAgICAgICAgICAgICAKPC9saT4KPC91bD48cD4KICAgICAgICAgIAo8L3A+CjxwPgogICAgICAg
ICAgICA8L3A+Cjx1bCBjbGFzcz0idGV4dCI+CjxsaT4KICAgICAgICAgICAgICAgIFBhcmFtZXRl
ciBuYW1lOiB0b2tlbl90eXBlCiAgICAgICAgICAgICAgCjwvbGk+CjxsaT4KICAgICAgICAgICAg
ICAgIFBhcmFtZXRlciB1c2FnZSBsb2NhdGlvbjogYXV0aG9yaXphdGlvbiByZXNwb25zZSwgdG9r
ZW4gcmVzcG9uc2UKICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAgQ2hh
bmdlIGNvbnRyb2xsZXI6IElFVEYKICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAg
ICAgICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBdXQogICAg
ICAgICAgICAgIAo8L2xpPgo8L3VsPjxwPgogICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAg
IDwvcD4KPHVsIGNsYXNzPSJ0ZXh0Ij4KPGxpPgogICAgICAgICAgICAgICAgUGFyYW1ldGVyIG5h
bWU6IGV4cGlyZXNfaW4KICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAg
UGFyYW1ldGVyIHVzYWdlIGxvY2F0aW9uOiBhdXRob3JpemF0aW9uIHJlc3BvbnNlLCB0b2tlbiBy
ZXNwb25zZQogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBDaGFuZ2Ug
Y29udHJvbGxlcjogSUVURgogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAg
ICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOiBbWyB0aGlzIGRvY3VtZW50IF1dCiAgICAgICAg
ICAgICAgCjwvbGk+CjwvdWw+PHA+CiAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgPC9w
Pgo8dWwgY2xhc3M9InRleHQiPgo8bGk+CiAgICAgICAgICAgICAgICBQYXJhbWV0ZXIgbmFtZTog
dXNlcm5hbWUKICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAgUGFyYW1l
dGVyIHVzYWdlIGxvY2F0aW9uOiB0b2tlbiByZXF1ZXN0CiAgICAgICAgICAgICAgCjwvbGk+Cjxs
aT4KICAgICAgICAgICAgICAgIENoYW5nZSBjb250cm9sbGVyOiBJRVRGCiAgICAgICAgICAgICAg
CjwvbGk+CjxsaT4KICAgICAgICAgICAgICAgIFNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6IFtb
IHRoaXMgZG9jdW1lbnQgXV0KICAgICAgICAgICAgICAKPC9saT4KPC91bD48cD4KICAgICAgICAg
IAo8L3A+CjxwPgogICAgICAgICAgICA8L3A+Cjx1bCBjbGFzcz0idGV4dCI+CjxsaT4KICAgICAg
ICAgICAgICAgIFBhcmFtZXRlciBuYW1lOiBwYXNzd29yZAogICAgICAgICAgICAgIAo8L2xpPgo8
bGk+CiAgICAgICAgICAgICAgICBQYXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb246IHRva2VuIHJlcXVl
c3QKICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAgQ2hhbmdlIGNvbnRy
b2xsZXI6IElFVEYKICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAgU3Bl
Y2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBdXQogICAgICAgICAgICAg
IAo8L2xpPgo8L3VsPjxwPgogICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgIDwvcD4KPHVs
IGNsYXNzPSJ0ZXh0Ij4KPGxpPgogICAgICAgICAgICAgICAgUGFyYW1ldGVyIG5hbWU6IHJlZnJl
c2hfdG9rZW4KICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAgUGFyYW1l
dGVyIHVzYWdlIGxvY2F0aW9uOiB0b2tlbiByZXF1ZXN0LCB0b2tlbiByZXNwb25zZQogICAgICAg
ICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBDaGFuZ2UgY29udHJvbGxlcjogSUVU
RgogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBTcGVjaWZpY2F0aW9u
IGRvY3VtZW50KHMpOiBbWyB0aGlzIGRvY3VtZW50IF1dCiAgICAgICAgICAgICAgCjwvbGk+Cjwv
dWw+PHA+CiAgICAgICAgICAKPC9wPgo8YSBuYW1lPSJyZXNwb25zZS10eXBlLXJlZ2lzdHJ5Ij48
L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBj
ZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNz
PSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90
YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMTEuMyI+PC9hPjxoMz4xMS4zLiZuYnNwOwpUaGUg
T0F1dGggQXV0aG9yaXphdGlvbiBFbmRwb2ludCBSZXNwb25zZSBUeXBlIFJlZ2lzdHJ5PC9oMz4K
CjxwPgogICAgICAgICAgVGhpcyBzcGVjaWZpY2F0aW9uIGVzdGFibGlzaGVzIHRoZSBPQXV0aCBh
dXRob3JpemF0aW9uIGVuZHBvaW50IHJlc3BvbnNlIHR5cGUgcmVnaXN0cnkuCiAgICAgICAgCjwv
cD4KPHA+CiAgICAgICAgICAgIEFkZGl0aW9uYWwgcmVzcG9uc2UgdHlwZSBmb3IgdXNlIHdpdGgg
dGhlIGF1dGhvcml6YXRpb24gZW5kcG9pbnQgYXJlIHJlZ2lzdGVyZWQgd2l0aCBhCiAgICAgICAg
ICAgIFNwZWNpZmljYXRpb24gUmVxdWlyZWQgKDxhIGNsYXNzPSdpbmZvJyBocmVmPScjUkZDNTIy
Nic+W1JGQzUyMjZdPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPk5hcnRlbiwgVC4g
YW5kIEguIEFsdmVzdHJhbmQsICZsZHF1bztHdWlkZWxpbmVzIGZvciBXcml0aW5nIGFuIElBTkEg
Q29uc2lkZXJhdGlvbnMgU2VjdGlvbiBpbiBSRkNzLCZyZHF1bzsgTWF5Jm5ic3A7MjAwOC48L3Nw
YW4+PHNwYW4+KTwvc3Bhbj48L2E+KSBhZnRlciBhIHR3byB3ZWVrcyByZXZpZXcgcGVyaW9kIG9u
CiAgICAgICAgICAgIHRoZSBbVEJEXUBpZXRmLm9yZyBtYWlsaW5nIGxpc3QsIG9uIHRoZSBhZHZp
Y2Ugb2Ygb25lIG9yIG1vcmUgRGVzaWduYXRlZCBFeHBlcnRzLgogICAgICAgICAgICBIb3dldmVy
LCB0byBhbGxvdyBmb3IgdGhlIGFsbG9jYXRpb24gb2YgdmFsdWVzIHByaW9yIHRvIHB1YmxpY2F0
aW9uLCB0aGUgRGVzaWduYXRlZAogICAgICAgICAgICBFeHBlcnQocykgbWF5IGFwcHJvdmUgcmVn
aXN0cmF0aW9uIG9uY2UgdGhleSBhcmUgc2F0aXNmaWVkIHRoYXQgc3VjaCBhIHNwZWNpZmljYXRp
b24KICAgICAgICAgICAgd2lsbCBiZSBwdWJsaXNoZWQuCiAgICAgICAgICAKPC9wPgo8cD4KICAg
ICAgICAgICAgUmVnaXN0cmF0aW9uIHJlcXVlc3RzIG11c3QgYmUgc2VudCB0byB0aGUgW1RCRF1A
aWV0Zi5vcmcgbWFpbGluZyBsaXN0IGZvciByZXZpZXcgYW5kCiAgICAgICAgICAgIGNvbW1lbnQs
IHdpdGggYW4gYXBwcm9wcmlhdGUgc3ViamVjdCAoZS5nLiwgIlJlcXVlc3QgZm9yIHJlc3BvbnNl
IHR5cGU6IGV4YW1wbGUiKS4KICAgICAgICAgICAgW1sgTm90ZSB0byBSRkMtRURJVE9SOiBUaGUg
bmFtZSBvZiB0aGUgbWFpbGluZyBsaXN0IHNob3VsZCBiZSBkZXRlcm1pbmVkIGluIGNvbnN1bHRh
dGlvbgogICAgICAgICAgICB3aXRoIHRoZSBJRVNHIGFuZCBJQU5BLiBTdWdnZXN0ZWQgbmFtZTog
b2F1dGgtZXh0LXJldmlldy4gXV0KICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICBXaXRo
aW4gdGhlIHJldmlldyBwZXJpb2QsIHRoZSBEZXNpZ25hdGVkIEV4cGVydChzKSB3aWxsIGVpdGhl
ciBhcHByb3ZlIG9yCiAgICAgICAgICAgIGRlbnkgdGhlIHJlZ2lzdHJhdGlvbiByZXF1ZXN0LCBj
b21tdW5pY2F0aW5nIHRoaXMgZGVjaXNpb24gdG8gdGhlIHJldmlldyBsaXN0IGFuZCBJQU5BLgog
ICAgICAgICAgICBEZW5pYWxzIHNob3VsZCBpbmNsdWRlIGFuIGV4cGxhbmF0aW9uIGFuZCwgaWYg
YXBwbGljYWJsZSwgc3VnZ2VzdGlvbnMgYXMgdG8gaG93IHRvIG1ha2UKICAgICAgICAgICAgdGhl
IHJlcXVlc3Qgc3VjY2Vzc2Z1bC4KICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICBJQU5B
IG11c3Qgb25seSBhY2NlcHQgcmVnaXN0cnkgdXBkYXRlcyBmcm9tIHRoZSBEZXNpZ25hdGVkIEV4
cGVydChzKSwgYW5kIHNob3VsZCBkaXJlY3QKICAgICAgICAgICAgYWxsIHJlcXVlc3RzIGZvciBy
ZWdpc3RyYXRpb24gdG8gdGhlIHJldmlldyBtYWlsaW5nIGxpc3QuCiAgICAgICAgICAKPC9wPgo8
YSBuYW1lPSJhbmNob3I1OSI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0
IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJy
aWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJz
cDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjExLjMuMSI+PC9h
PjxoMz4xMS4zLjEuJm5ic3A7ClJlZ2lzdHJhdGlvbiBUZW1wbGF0ZTwvaDM+Cgo8cD4KICAgICAg
ICAgICAgPC9wPgo8YmxvY2txdW90ZSBjbGFzcz0idGV4dCI+PGRsPgo8ZHQ+UmVzcG9uc2UgdHlw
ZSBuYW1lOjwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgVGhlIG5h
bWUgcmVxdWVzdGVkIChlLmcuLCAiZXhhbXBsZSIpLgogICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+
Q2hhbmdlIGNvbnRyb2xsZXI6PC9kdD4KPGRkPgogICAgICAgICAgICAgICAgCiAgICAgICAgICAg
ICAgICBGb3Igc3RhbmRhcmRzLXRyYWNrIFJGQ3MsIHN0YXRlICJJRVRGIi4gRm9yIG90aGVycywg
Z2l2ZSB0aGUgbmFtZSBvZiB0aGUKICAgICAgICAgICAgICAgIHJlc3BvbnNpYmxlIHBhcnR5LiBP
dGhlciBkZXRhaWxzIChlLmcuLCBwb3N0YWwgYWRkcmVzcywgZS1tYWlsIGFkZHJlc3MsIGhvbWUg
cGFnZQogICAgICAgICAgICAgICAgVVJJKSBtYXkgYWxzbyBiZSBpbmNsdWRlZC4KICAgICAgICAg
ICAgICAKPC9kZD4KPGR0PlNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6PC9kdD4KPGRkPgogICAg
ICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBSZWZlcmVuY2UgdG8gdGhlIGRvY3VtZW50IHRo
YXQgc3BlY2lmaWVzIHRoZSB0eXBlLCBwcmVmZXJhYmx5IGluY2x1ZGluZyBhIFVSSSB0aGF0CiAg
ICAgICAgICAgICAgICBjYW4gYmUgdXNlZCB0byByZXRyaWV2ZSBhIGNvcHkgb2YgdGhlIGRvY3Vt
ZW50LiBBbiBpbmRpY2F0aW9uIG9mIHRoZSByZWxldmFudAogICAgICAgICAgICAgICAgc2VjdGlv
bnMgbWF5IGFsc28gYmUgaW5jbHVkZWQsIGJ1dCBpcyBub3QgcmVxdWlyZWQuCiAgICAgICAgICAg
ICAgCjwvZGQ+CjwvZGw+PC9ibG9ja3F1b3RlPjxwPgogICAgICAgICAgCjwvcD4KPGEgbmFtZT0i
YW5jaG9yNjAiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBh
ZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0
cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwv
dGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi4xMS4zLjIiPjwvYT48aDM+MTEu
My4yLiZuYnNwOwpJbml0aWFsIFJlZ2lzdHJ5IENvbnRlbnRzPC9oMz4KCjxwPgogICAgICAgICAg
ICBUaGUgT0F1dGggQXV0aG9yaXphdGlvbiBFbmRwb2ludCBSZXNwb25zZSBUeXBlIFJlZ2lzdHJ5
J3MgaW5pdGlhbCBjb250ZW50cyBhcmU6CiAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAg
PC9wPgo8dWwgY2xhc3M9InRleHQiPgo8bGk+CiAgICAgICAgICAgICAgICBSZXNwb25zZSB0eXBl
IG5hbWU6IGNvZGUKICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAgQ2hh
bmdlIGNvbnRyb2xsZXI6IElFVEYKICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAg
ICAgICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBdXQogICAg
ICAgICAgICAgIAo8L2xpPgo8L3VsPjxwPgogICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAg
IDwvcD4KPHVsIGNsYXNzPSJ0ZXh0Ij4KPGxpPgogICAgICAgICAgICAgICAgUmVzcG9uc2UgdHlw
ZSBuYW1lOiB0b2tlbgogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBD
aGFuZ2UgY29udHJvbGxlcjogSUVURgogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAg
ICAgICAgICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOiBbWyB0aGlzIGRvY3VtZW50IF1dCiAg
ICAgICAgICAgICAgCjwvbGk+CjwvdWw+PHA+CiAgICAgICAgICAKPC9wPgo8YSBuYW1lPSJlcnJv
ci1yZWdpc3RyeSI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxs
cGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+
PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+
PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjExLjQiPjwvYT48aDM+MTEu
NC4mbmJzcDsKVGhlIE9BdXRoIEV4dGVuc2lvbnMgRXJyb3IgUmVnaXN0cnk8L2gzPgoKPHA+CiAg
ICAgICAgICBUaGlzIHNwZWNpZmljYXRpb24gZXN0YWJsaXNoZXMgdGhlIE9BdXRoIGV4dGVuc2lv
bnMgZXJyb3IgcmVnaXN0cnkuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBBZGRpdGlvbmFs
IGVycm9yIGNvZGVzIHVzZWQgdG9nZXRoZXIgd2l0aCBvdGhlciBwcm90b2NvbCBleHRlbnNpb25z
IChpLmUuIGV4dGVuc2lvbiBncmFudAogICAgICAgICAgdHlwZXMsIGFjY2VzcyB0b2tlbiB0eXBl
cywgb3IgZXh0ZW5zaW9uIHBhcmFtZXRlcnMpIGFyZSByZWdpc3RlcmVkIHdpdGggYSBTcGVjaWZp
Y2F0aW9uCiAgICAgICAgICBSZXF1aXJlZCAoPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNSRkM1MjI2
Jz5bUkZDNTIyNl08c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+TmFydGVuLCBULiBh
bmQgSC4gQWx2ZXN0cmFuZCwgJmxkcXVvO0d1aWRlbGluZXMgZm9yIFdyaXRpbmcgYW4gSUFOQSBD
b25zaWRlcmF0aW9ucyBTZWN0aW9uIGluIFJGQ3MsJnJkcXVvOyBNYXkmbmJzcDsyMDA4Ljwvc3Bh
bj48c3Bhbj4pPC9zcGFuPjwvYT4pIGFmdGVyIGEgdHdvIHdlZWtzIHJldmlldyBwZXJpb2Qgb24g
dGhlCiAgICAgICAgICBbVEJEXUBpZXRmLm9yZyBtYWlsaW5nIGxpc3QsIG9uIHRoZSBhZHZpY2Ug
b2Ygb25lIG9yIG1vcmUgRGVzaWduYXRlZCBFeHBlcnRzLiBIb3dldmVyLCB0bwogICAgICAgICAg
YWxsb3cgZm9yIHRoZSBhbGxvY2F0aW9uIG9mIHZhbHVlcyBwcmlvciB0byBwdWJsaWNhdGlvbiwg
dGhlIERlc2lnbmF0ZWQgRXhwZXJ0KHMpIG1heQogICAgICAgICAgYXBwcm92ZSByZWdpc3RyYXRp
b24gb25jZSB0aGV5IGFyZSBzYXRpc2ZpZWQgdGhhdCBzdWNoIGEgc3BlY2lmaWNhdGlvbiB3aWxs
IGJlIHB1Ymxpc2hlZC4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIFJlZ2lzdHJhdGlvbiBy
ZXF1ZXN0cyBtdXN0IGJlIHNlbnQgdG8gdGhlIFtUQkRdQGlldGYub3JnIG1haWxpbmcgbGlzdCBm
b3IgcmV2aWV3IGFuZAogICAgICAgICAgY29tbWVudCwgd2l0aCBhbiBhcHByb3ByaWF0ZSBzdWJq
ZWN0IChlLmcuLCAiUmVxdWVzdCBmb3IgZXJyb3IgY29kZTogZXhhbXBsZSIpLgogICAgICAgICAg
W1sgTm90ZSB0byBSRkMtRURJVE9SOiBUaGUgbmFtZSBvZiB0aGUgbWFpbGluZyBsaXN0IHNob3Vs
ZCBiZSBkZXRlcm1pbmVkIGluIGNvbnN1bHRhdGlvbgogICAgICAgICAgd2l0aCB0aGUgSUVTRyBh
bmQgSUFOQS4gU3VnZ2VzdGVkIG5hbWU6IG9hdXRoLWV4dC1yZXZpZXcuIF1dCiAgICAgICAgCjwv
cD4KPHA+CiAgICAgICAgICBXaXRoaW4gdGhlIHJldmlldyBwZXJpb2QsIHRoZSBEZXNpZ25hdGVk
IEV4cGVydChzKSB3aWxsIGVpdGhlciBhcHByb3ZlIG9yCiAgICAgICAgICBkZW55IHRoZSByZWdp
c3RyYXRpb24gcmVxdWVzdCwgY29tbXVuaWNhdGluZyB0aGlzIGRlY2lzaW9uIHRvIHRoZSByZXZp
ZXcgbGlzdCBhbmQgSUFOQS4KICAgICAgICAgIERlbmlhbHMgc2hvdWxkIGluY2x1ZGUgYW4gZXhw
bGFuYXRpb24gYW5kLCBpZiBhcHBsaWNhYmxlLCBzdWdnZXN0aW9ucyBhcyB0byBob3cgdG8gbWFr
ZQogICAgICAgICAgdGhlIHJlcXVlc3Qgc3VjY2Vzc2Z1bC4KICAgICAgICAKPC9wPgo8cD4KICAg
ICAgICAgIElBTkEgbXVzdCBvbmx5IGFjY2VwdCByZWdpc3RyeSB1cGRhdGVzIGZyb20gdGhlIERl
c2lnbmF0ZWQgRXhwZXJ0KHMpLCBhbmQgc2hvdWxkIGRpcmVjdAogICAgICAgICAgYWxsIHJlcXVl
c3RzIGZvciByZWdpc3RyYXRpb24gdG8gdGhlIHJldmlldyBtYWlsaW5nIGxpc3QuCiAgICAgICAg
CjwvcD4KPGEgbmFtZT0iYW5jaG9yNjEiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9
ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBh
bGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7
VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi4xMS40
LjEiPjwvYT48aDM+MTEuNC4xLiZuYnNwOwpSZWdpc3RyYXRpb24gVGVtcGxhdGU8L2gzPgoKPHA+
CiAgICAgICAgICAgIDwvcD4KPGJsb2NrcXVvdGUgY2xhc3M9InRleHQiPjxkbD4KPGR0PkVycm9y
IG5hbWU6PC9kdD4KPGRkPgogICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBUaGUgbmFt
ZSByZXF1ZXN0ZWQgKGUuZy4sICJleGFtcGxlIikuCiAgICAgICAgICAgICAgCjwvZGQ+CjxkdD5F
cnJvciB1c2FnZSBsb2NhdGlvbjo8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAKICAgICAgICAg
ICAgICAgIFRoZSBsb2NhdGlvbihzKSB3aGVyZSB0aGUgZXJyb3IgY2FuIGJlIHVzZWQuIFRoZSBw
b3NzaWJsZSBsb2NhdGlvbnMgYXJlOgogICAgICAgICAgICAgICAgYXV0aG9yaXphdGlvbiBjb2Rl
IGdyYW50IGVycm9yIHJlc3BvbnNlICg8YSBjbGFzcz0naW5mbycgaHJlZj0nI2NvZGUtYXV0aHot
ZXJyb3InPlNlY3Rpb24mbmJzcDs0LjEuMi4xPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2lu
Zm8nPkVycm9yIFJlc3BvbnNlPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPiksCiAgICAgICAgICAg
ICAgICBpbXBsaWNpdCBncmFudCBlcnJvciByZXNwb25zZSAoPGEgY2xhc3M9J2luZm8nIGhyZWY9
JyNpbXBsaWNpdC1hdXRoei1lcnJvcic+U2VjdGlvbiZuYnNwOzQuMi4yLjE8c3Bhbj4gKDwvc3Bh
bj48c3BhbiBjbGFzcz0naW5mbyc+RXJyb3IgUmVzcG9uc2U8L3NwYW4+PHNwYW4+KTwvc3Bhbj48
L2E+KSwKCQl0b2tlbiBlcnJvciByZXNwb25zZSAoPGEgY2xhc3M9J2luZm8nIGhyZWY9JyN0b2tl
bi1lcnJvcnMnPlNlY3Rpb24mbmJzcDs1LjI8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5m
byc+RXJyb3IgUmVzcG9uc2U8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+KSwgb3IKCQlyZXNvdXJj
ZSBhY2Nlc3MgZXJyb3IgcmVzcG9uc2UgKDxhIGNsYXNzPSdpbmZvJyBocmVmPScjcmVzb3VyY2Ut
ZXJyb3JzJz5TZWN0aW9uJm5ic3A7Ny4yPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8n
PkVycm9yIFJlc3BvbnNlPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPikuCiAgICAgICAgICAgICAg
CjwvZGQ+CjxkdD5SZWxhdGVkIHByb3RvY29sIGV4dGVuc2lvbjo8L2R0Pgo8ZGQ+CiAgICAgICAg
ICAgICAgICAKICAgICAgICAgICAgICAgIFRoZSBuYW1lIG9mIHRoZSBleHRlbnNpb24gZ3JhbnQg
dHlwZSwgYWNjZXNzIHRva2VuIHR5cGUsIG9yIGV4dGVuc2lvbiBwYXJhbWV0ZXIsCiAgICAgICAg
ICAgICAgICB0aGUgZXJyb3IgY29kZSBpcyB1c2VkIGluIGNvbmp1bmN0aW9uIHdpdGguCiAgICAg
ICAgICAgICAgCjwvZGQ+CjxkdD5DaGFuZ2UgY29udHJvbGxlcjo8L2R0Pgo8ZGQ+CiAgICAgICAg
ICAgICAgICAKICAgICAgICAgICAgICAgIEZvciBzdGFuZGFyZHMtdHJhY2sgUkZDcywgc3RhdGUg
IklFVEYiLiBGb3Igb3RoZXJzLCBnaXZlIHRoZSBuYW1lIG9mIHRoZQogICAgICAgICAgICAgICAg
cmVzcG9uc2libGUgcGFydHkuIE90aGVyIGRldGFpbHMgKGUuZy4sIHBvc3RhbCBhZGRyZXNzLCBl
LW1haWwgYWRkcmVzcywgaG9tZSBwYWdlCiAgICAgICAgICAgICAgICBVUkkpIG1heSBhbHNvIGJl
IGluY2x1ZGVkLgogICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+U3BlY2lmaWNhdGlvbiBkb2N1bWVu
dChzKTo8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgIFJlZmVyZW5j
ZSB0byB0aGUgZG9jdW1lbnQgdGhhdCBzcGVjaWZpZXMgdGhlIGVycm9yIGNvZGUsIHByZWZlcmFi
bHkgaW5jbHVkaW5nIGEgVVJJCiAgICAgICAgICAgICAgICB0aGF0IGNhbiBiZSB1c2VkIHRvIHJl
dHJpZXZlIGEgY29weSBvZiB0aGUgZG9jdW1lbnQuIEFuIGluZGljYXRpb24gb2YgdGhlIHJlbGV2
YW50CiAgICAgICAgICAgICAgICBzZWN0aW9ucyBtYXkgYWxzbyBiZSBpbmNsdWRlZCwgYnV0IGlz
IG5vdCByZXF1aXJlZC4KICAgICAgICAgICAgICAKPC9kZD4KPC9kbD48L2Jsb2NrcXVvdGU+PHA+
CiAgICAgICAgICAKPC9wPgo8YSBuYW1lPSJyZmMucmVmZXJlbmNlcyI+PC9hPjxiciAvPjxociAv
Pgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIi
IGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBo
cmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9
InJmYy5zZWN0aW9uLjEyIj48L2E+PGgzPjEyLiZuYnNwOwpSZWZlcmVuY2VzPC9oMz4KCjxhIG5h
bWU9InJmYy5yZWZlcmVuY2VzMSI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5
b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWdu
PSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0Mm
bmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxoMz4xMi4xLiZuYnNwO05vcm1hdGl2ZSBSZWZl
cmVuY2VzPC9oMz4KPHRhYmxlIHdpZHRoPSI5OSUiIGJvcmRlcj0iMCI+Cjx0cj48dGQgY2xhc3M9
ImF1dGhvci10ZXh0IiB2YWxpZ249InRvcCI+PGEgbmFtZT0iUkZDMjExOSI+W1JGQzIxMTldPC9h
PjwvdGQ+Cjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiPjxhIGhyZWY9Im1haWx0bzpzb2JAaGFydmFy
ZC5lZHUiPkJyYWRuZXIsIFMuPC9hPiwgJmxkcXVvOzxhIGhyZWY9Imh0dHA6Ly90b29scy5pZXRm
Lm9yZy9odG1sL3JmYzIxMTkiPktleSB3b3JkcyBmb3IgdXNlIGluIFJGQ3MgdG8gSW5kaWNhdGUg
UmVxdWlyZW1lbnQgTGV2ZWxzPC9hPiwmcmRxdW87IEJDUCZuYnNwOzE0LCBSRkMmbmJzcDsyMTE5
LCBNYXJjaCZuYnNwOzE5OTcgKDxhIGhyZWY9Imh0dHA6Ly93d3cucmZjLWVkaXRvci5vcmcvcmZj
L3JmYzIxMTkudHh0Ij5UWFQ8L2E+LCA8YSBocmVmPSJodHRwOi8veG1sLnJlc291cmNlLm9yZy9w
dWJsaWMvcmZjL2h0bWwvcmZjMjExOS5odG1sIj5IVE1MPC9hPiwgPGEgaHJlZj0iaHR0cDovL3ht
bC5yZXNvdXJjZS5vcmcvcHVibGljL3JmYy94bWwvcmZjMjExOS54bWwiPlhNTDwvYT4pLjwvdGQ+
PC90cj4KPHRyPjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiIHZhbGlnbj0idG9wIj48YSBuYW1lPSJS
RkMyMjQ2Ij5bUkZDMjI0Nl08L2E+PC90ZD4KPHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+PGEgaHJl
Zj0ibWFpbHRvOnRkaWVya3NAY2VydGljb20uY29tIj5EaWVya3MsIFQuPC9hPiBhbmQgPGEgaHJl
Zj0ibWFpbHRvOmNhbGxlbkBjZXJ0aWNvbS5jb20iPkMuIEFsbGVuPC9hPiwgJmxkcXVvOzxhIGhy
ZWY9Imh0dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL3JmYzIyNDYiPlRoZSBUTFMgUHJvdG9jb2wg
VmVyc2lvbiAxLjA8L2E+LCZyZHF1bzsgUkZDJm5ic3A7MjI0NiwgSmFudWFyeSZuYnNwOzE5OTkg
KDxhIGhyZWY9Imh0dHA6Ly93d3cucmZjLWVkaXRvci5vcmcvcmZjL3JmYzIyNDYudHh0Ij5UWFQ8
L2E+KS48L3RkPjwvdHI+Cjx0cj48dGQgY2xhc3M9ImF1dGhvci10ZXh0IiB2YWxpZ249InRvcCI+
PGEgbmFtZT0iUkZDMjYxNiI+W1JGQzI2MTZdPC9hPjwvdGQ+Cjx0ZCBjbGFzcz0iYXV0aG9yLXRl
eHQiPjxhIGhyZWY9Im1haWx0bzpmaWVsZGluZ0BpY3MudWNpLmVkdSI+RmllbGRpbmcsIFIuPC9h
PiwgPGEgaHJlZj0ibWFpbHRvOmpnQHczLm9yZyI+R2V0dHlzLCBKLjwvYT4sIDxhIGhyZWY9Im1h
aWx0bzptb2d1bEB3cmwuZGVjLmNvbSI+TW9ndWwsIEouPC9hPiwgPGEgaHJlZj0ibWFpbHRvOmZy
eXN0eWtAdzMub3JnIj5GcnlzdHlrLCBILjwvYT4sIDxhIGhyZWY9Im1haWx0bzptYXNpbnRlckBw
YXJjLnhlcm94LmNvbSI+TWFzaW50ZXIsIEwuPC9hPiwgPGEgaHJlZj0ibWFpbHRvOnBhdWxsZUBt
aWNyb3NvZnQuY29tIj5MZWFjaCwgUC48L2E+LCBhbmQgPGEgaHJlZj0ibWFpbHRvOnRpbWJsQHcz
Lm9yZyI+VC4gQmVybmVycy1MZWU8L2E+LCAmbGRxdW87PGEgaHJlZj0iaHR0cDovL3Rvb2xzLmll
dGYub3JnL2h0bWwvcmZjMjYxNiI+SHlwZXJ0ZXh0IFRyYW5zZmVyIFByb3RvY29sIC0tIEhUVFAv
MS4xPC9hPiwmcmRxdW87IFJGQyZuYnNwOzI2MTYsIEp1bmUmbmJzcDsxOTk5ICg8YSBocmVmPSJo
dHRwOi8vd3d3LnJmYy1lZGl0b3Iub3JnL3JmYy9yZmMyNjE2LnR4dCI+VFhUPC9hPiwgPGEgaHJl
Zj0iaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9yZy9yZmMvcmZjMjYxNi5wcyI+UFM8L2E+LCA8YSBo
cmVmPSJodHRwOi8vd3d3LnJmYy1lZGl0b3Iub3JnL3JmYy9yZmMyNjE2LnBkZiI+UERGPC9hPiwg
PGEgaHJlZj0iaHR0cDovL3htbC5yZXNvdXJjZS5vcmcvcHVibGljL3JmYy9odG1sL3JmYzI2MTYu
aHRtbCI+SFRNTDwvYT4sIDxhIGhyZWY9Imh0dHA6Ly94bWwucmVzb3VyY2Uub3JnL3B1YmxpYy9y
ZmMveG1sL3JmYzI2MTYueG1sIj5YTUw8L2E+KS48L3RkPjwvdHI+Cjx0cj48dGQgY2xhc3M9ImF1
dGhvci10ZXh0IiB2YWxpZ249InRvcCI+PGEgbmFtZT0iUkZDMjYxNyI+W1JGQzI2MTddPC9hPjwv
dGQ+Cjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiPjxhIGhyZWY9Im1haWx0bzpqb2huQG1hdGgubnd1
LmVkdSI+RnJhbmtzLCBKLjwvYT4sIDxhIGhyZWY9Im1haWx0bzpwYmFrZXJAdmVyaXNpZ24uY29t
Ij5IYWxsYW0tQmFrZXIsIFAuPC9hPiwgPGEgaHJlZj0ibWFpbHRvOmplZmZAQWJpU291cmNlLmNv
bSI+SG9zdGV0bGVyLCBKLjwvYT4sIDxhIGhyZWY9Im1haWx0bzpsYXdyZW5jZUBhZ3JhbmF0LmNv
bSI+TGF3cmVuY2UsIFMuPC9hPiwgPGEgaHJlZj0ibWFpbHRvOnBhdWxsZUBtaWNyb3NvZnQuY29t
Ij5MZWFjaCwgUC48L2E+LCBMdW90b25lbiwgQS4sIGFuZCA8YSBocmVmPSJtYWlsdG86c3Rld2Fy
dEBPcGVuTWFya2V0LmNvbSI+TC4gU3Rld2FydDwvYT4sICZsZHF1bzs8YSBocmVmPSJodHRwOi8v
dG9vbHMuaWV0Zi5vcmcvaHRtbC9yZmMyNjE3Ij5IVFRQIEF1dGhlbnRpY2F0aW9uOiBCYXNpYyBh
bmQgRGlnZXN0IEFjY2VzcyBBdXRoZW50aWNhdGlvbjwvYT4sJnJkcXVvOyBSRkMmbmJzcDsyNjE3
LCBKdW5lJm5ic3A7MTk5OSAoPGEgaHJlZj0iaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9yZy9yZmMv
cmZjMjYxNy50eHQiPlRYVDwvYT4sIDxhIGhyZWY9Imh0dHA6Ly94bWwucmVzb3VyY2Uub3JnL3B1
YmxpYy9yZmMvaHRtbC9yZmMyNjE3Lmh0bWwiPkhUTUw8L2E+LCA8YSBocmVmPSJodHRwOi8veG1s
LnJlc291cmNlLm9yZy9wdWJsaWMvcmZjL3htbC9yZmMyNjE3LnhtbCI+WE1MPC9hPikuPC90ZD48
L3RyPgo8dHI+PHRkIGNsYXNzPSJhdXRob3ItdGV4dCIgdmFsaWduPSJ0b3AiPjxhIG5hbWU9IlJG
QzI4MTgiPltSRkMyODE4XTwvYT48L3RkPgo8dGQgY2xhc3M9ImF1dGhvci10ZXh0Ij5SZXNjb3Js
YSwgRS4sICZsZHF1bzs8YSBocmVmPSJodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9yZmMyODE4
Ij5IVFRQIE92ZXIgVExTPC9hPiwmcmRxdW87IFJGQyZuYnNwOzI4MTgsIE1heSZuYnNwOzIwMDAg
KDxhIGhyZWY9Imh0dHA6Ly93d3cucmZjLWVkaXRvci5vcmcvcmZjL3JmYzI4MTgudHh0Ij5UWFQ8
L2E+KS48L3RkPjwvdHI+Cjx0cj48dGQgY2xhc3M9ImF1dGhvci10ZXh0IiB2YWxpZ249InRvcCI+
PGEgbmFtZT0iUkZDMzk4NiI+W1JGQzM5ODZdPC9hPjwvdGQ+Cjx0ZCBjbGFzcz0iYXV0aG9yLXRl
eHQiPjxhIGhyZWY9Im1haWx0bzp0aW1ibEB3My5vcmciPkJlcm5lcnMtTGVlLCBULjwvYT4sIDxh
IGhyZWY9Im1haWx0bzpmaWVsZGluZ0BnYml2LmNvbSI+RmllbGRpbmcsIFIuPC9hPiwgYW5kIDxh
IGhyZWY9Im1haWx0bzpMTU1AYWNtLm9yZyI+TC4gTWFzaW50ZXI8L2E+LCAmbGRxdW87PGEgaHJl
Zj0iaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvcmZjMzk4NiI+VW5pZm9ybSBSZXNvdXJjZSBJ
ZGVudGlmaWVyIChVUkkpOiBHZW5lcmljIFN5bnRheDwvYT4sJnJkcXVvOyBTVEQmbmJzcDs2Niwg
UkZDJm5ic3A7Mzk4NiwgSmFudWFyeSZuYnNwOzIwMDUgKDxhIGhyZWY9Imh0dHA6Ly93d3cucmZj
LWVkaXRvci5vcmcvcmZjL3JmYzM5ODYudHh0Ij5UWFQ8L2E+LCA8YSBocmVmPSJodHRwOi8veG1s
LnJlc291cmNlLm9yZy9wdWJsaWMvcmZjL2h0bWwvcmZjMzk4Ni5odG1sIj5IVE1MPC9hPiwgPGEg
aHJlZj0iaHR0cDovL3htbC5yZXNvdXJjZS5vcmcvcHVibGljL3JmYy94bWwvcmZjMzk4Ni54bWwi
PlhNTDwvYT4pLjwvdGQ+PC90cj4KPHRyPjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiIHZhbGlnbj0i
dG9wIj48YSBuYW1lPSJSRkM0NjI3Ij5bUkZDNDYyN108L2E+PC90ZD4KPHRkIGNsYXNzPSJhdXRo
b3ItdGV4dCI+Q3JvY2tmb3JkLCBELiwgJmxkcXVvOzxhIGhyZWY9Imh0dHA6Ly90b29scy5pZXRm
Lm9yZy9odG1sL3JmYzQ2MjciPlRoZSBhcHBsaWNhdGlvbi9qc29uIE1lZGlhIFR5cGUgZm9yIEph
dmFTY3JpcHQgT2JqZWN0IE5vdGF0aW9uIChKU09OKTwvYT4sJnJkcXVvOyBSRkMmbmJzcDs0NjI3
LCBKdWx5Jm5ic3A7MjAwNiAoPGEgaHJlZj0iaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9yZy9yZmMv
cmZjNDYyNy50eHQiPlRYVDwvYT4pLjwvdGQ+PC90cj4KPHRyPjx0ZCBjbGFzcz0iYXV0aG9yLXRl
eHQiIHZhbGlnbj0idG9wIj48YSBuYW1lPSJSRkM0OTQ5Ij5bUkZDNDk0OV08L2E+PC90ZD4KPHRk
IGNsYXNzPSJhdXRob3ItdGV4dCI+U2hpcmV5LCBSLiwgJmxkcXVvOzxhIGhyZWY9Imh0dHA6Ly90
b29scy5pZXRmLm9yZy9odG1sL3JmYzQ5NDkiPkludGVybmV0IFNlY3VyaXR5IEdsb3NzYXJ5LCBW
ZXJzaW9uIDI8L2E+LCZyZHF1bzsgUkZDJm5ic3A7NDk0OSwgQXVndXN0Jm5ic3A7MjAwNyAoPGEg
aHJlZj0iaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9yZy9yZmMvcmZjNDk0OS50eHQiPlRYVDwvYT4p
LjwvdGQ+PC90cj4KPHRyPjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiIHZhbGlnbj0idG9wIj48YSBu
YW1lPSJSRkM1MjI2Ij5bUkZDNTIyNl08L2E+PC90ZD4KPHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+
TmFydGVuLCBULiBhbmQgSC4gQWx2ZXN0cmFuZCwgJmxkcXVvOzxhIGhyZWY9Imh0dHA6Ly90b29s
cy5pZXRmLm9yZy9odG1sL3JmYzUyMjYiPkd1aWRlbGluZXMgZm9yIFdyaXRpbmcgYW4gSUFOQSBD
b25zaWRlcmF0aW9ucyBTZWN0aW9uIGluIFJGQ3M8L2E+LCZyZHF1bzsgQkNQJm5ic3A7MjYsIFJG
QyZuYnNwOzUyMjYsIE1heSZuYnNwOzIwMDggKDxhIGhyZWY9Imh0dHA6Ly93d3cucmZjLWVkaXRv
ci5vcmcvcmZjL3JmYzUyMjYudHh0Ij5UWFQ8L2E+KS48L3RkPjwvdHI+Cjx0cj48dGQgY2xhc3M9
ImF1dGhvci10ZXh0IiB2YWxpZ249InRvcCI+PGEgbmFtZT0iUkZDNTIzNCI+W1JGQzUyMzRdPC9h
PjwvdGQ+Cjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiPkNyb2NrZXIsIEQuIGFuZCBQLiBPdmVyZWxs
LCAmbGRxdW87PGEgaHJlZj0iaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvcmZjNTIzNCI+QXVn
bWVudGVkIEJORiBmb3IgU3ludGF4IFNwZWNpZmljYXRpb25zOiBBQk5GPC9hPiwmcmRxdW87IFNU
RCZuYnNwOzY4LCBSRkMmbmJzcDs1MjM0LCBKYW51YXJ5Jm5ic3A7MjAwOCAoPGEgaHJlZj0iaHR0
cDovL3d3dy5yZmMtZWRpdG9yLm9yZy9yZmMvcmZjNTIzNC50eHQiPlRYVDwvYT4pLjwvdGQ+PC90
cj4KPHRyPjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiIHZhbGlnbj0idG9wIj48YSBuYW1lPSJSRkM1
MjQ2Ij5bUkZDNTI0Nl08L2E+PC90ZD4KPHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+RGllcmtzLCBU
LiBhbmQgRS4gUmVzY29ybGEsICZsZHF1bzs8YSBocmVmPSJodHRwOi8vdG9vbHMuaWV0Zi5vcmcv
aHRtbC9yZmM1MjQ2Ij5UaGUgVHJhbnNwb3J0IExheWVyIFNlY3VyaXR5IChUTFMpIFByb3RvY29s
IFZlcnNpb24gMS4yPC9hPiwmcmRxdW87IFJGQyZuYnNwOzUyNDYsIEF1Z3VzdCZuYnNwOzIwMDgg
KDxhIGhyZWY9Imh0dHA6Ly93d3cucmZjLWVkaXRvci5vcmcvcmZjL3JmYzUyNDYudHh0Ij5UWFQ8
L2E+KS48L3RkPjwvdHI+Cjx0cj48dGQgY2xhc3M9ImF1dGhvci10ZXh0IiB2YWxpZ249InRvcCI+
PGEgbmFtZT0iUkZDNjEyNSI+W1JGQzYxMjVdPC9hPjwvdGQ+Cjx0ZCBjbGFzcz0iYXV0aG9yLXRl
eHQiPlNhaW50LUFuZHJlLCBQLiBhbmQgSi4gSG9kZ2VzLCAmbGRxdW87PGEgaHJlZj0iaHR0cDov
L3Rvb2xzLmlldGYub3JnL2h0bWwvcmZjNjEyNSI+UmVwcmVzZW50YXRpb24gYW5kIFZlcmlmaWNh
dGlvbiBvZiBEb21haW4tQmFzZWQgQXBwbGljYXRpb24gU2VydmljZSBJZGVudGl0eSB3aXRoaW4g
SW50ZXJuZXQgUHVibGljIEtleSBJbmZyYXN0cnVjdHVyZSBVc2luZyBYLjUwOSAoUEtJWCkgQ2Vy
dGlmaWNhdGVzIGluIHRoZSBDb250ZXh0IG9mIFRyYW5zcG9ydCBMYXllciBTZWN1cml0eSAoVExT
KTwvYT4sJnJkcXVvOyBSRkMmbmJzcDs2MTI1LCBNYXJjaCZuYnNwOzIwMTEgKDxhIGhyZWY9Imh0
dHA6Ly93d3cucmZjLWVkaXRvci5vcmcvcmZjL3JmYzYxMjUudHh0Ij5UWFQ8L2E+KS48L3RkPjwv
dHI+Cjx0cj48dGQgY2xhc3M9ImF1dGhvci10ZXh0IiB2YWxpZ249InRvcCI+PGEgbmFtZT0iVVNB
U0NJSSI+W1VTQVNDSUldPC9hPjwvdGQ+Cjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiPkFtZXJpY2Fu
IE5hdGlvbmFsIFN0YW5kYXJkcyBJbnN0aXR1dGUsICZsZHF1bztDb2RlZCBDaGFyYWN0ZXIgU2V0
IC0tIDctYml0IEFtZXJpY2FuIFN0YW5kYXJkIENvZGUgZm9yIEluZm9ybWF0aW9uIEludGVyY2hh
bmdlLCZyZHF1bzsgQU5TSSZuYnNwO1gzLjQsIDE5ODYuPC90ZD48L3RyPgo8dHI+PHRkIGNsYXNz
PSJhdXRob3ItdGV4dCIgdmFsaWduPSJ0b3AiPjxhIG5hbWU9IlczQy5SRUMtaHRtbDQwMS0xOTk5
MTIyNCI+W1czQy5SRUMtaHRtbDQwMS0xOTk5MTIyNF08L2E+PC90ZD4KPHRkIGNsYXNzPSJhdXRo
b3ItdGV4dCI+SG9ycywgQS4sIFJhZ2dldHQsIEQuLCBhbmQgSS4gSmFjb2JzLCAmbGRxdW87PGEg
aHJlZj0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMtaHRtbDQwMS0xOTk5MTIyNCI+SFRN
TCA0LjAxIFNwZWNpZmljYXRpb248L2E+LCZyZHF1bzsgV29ybGQgV2lkZSBXZWIgQ29uc29ydGl1
bSBSZWNvbW1lbmRhdGlvbiZuYnNwO1JFQy1odG1sNDAxLTE5OTkxMjI0LCBEZWNlbWJlciZuYnNw
OzE5OTkgKDxhIGhyZWY9Imh0dHA6Ly93d3cudzMub3JnL1RSLzE5OTkvUkVDLWh0bWw0MDEtMTk5
OTEyMjQiPkhUTUw8L2E+KS48L3RkPjwvdHI+CjwvdGFibGU+Cgo8YSBuYW1lPSJyZmMucmVmZXJl
bmNlczIiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRp
bmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48
dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+
PC90cj48L3RhYmxlPgo8aDM+MTIuMi4mbmJzcDtJbmZvcm1hdGl2ZSBSZWZlcmVuY2VzPC9oMz4K
PHRhYmxlIHdpZHRoPSI5OSUiIGJvcmRlcj0iMCI+Cjx0cj48dGQgY2xhc3M9ImF1dGhvci10ZXh0
IiB2YWxpZ249InRvcCI+PGEgbmFtZT0iSS1ELmRyYWZ0LWhhcmR0LW9hdXRoLTAxIj5bSS1ELmRy
YWZ0LWhhcmR0LW9hdXRoLTAxXTwvYT48L3RkPgo8dGQgY2xhc3M9ImF1dGhvci10ZXh0Ij5IYXJk
dCwgRC4sIEVkLiwgVG9tLCBBLiwgRWF0b24sIEIuLCBhbmQgWS4gR29sYW5kLCAmbGRxdW87PGEg
aHJlZj0iaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaGFyZHQtb2F1dGgtMDEiPk9B
dXRoIFdlYiBSZXNvdXJjZSBBdXRob3JpemF0aW9uIFByb2ZpbGVzPC9hPiwmcmRxdW87IEphbnVh
cnkmbmJzcDsyMDEwLjwvdGQ+PC90cj4KPHRyPjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiIHZhbGln
bj0idG9wIj48YSBuYW1lPSJJLUQuaWV0Zi1vYXV0aC1zYW1sMi1iZWFyZXIiPltJLUQuaWV0Zi1v
YXV0aC1zYW1sMi1iZWFyZXJdPC9hPjwvdGQ+Cjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiPk1vcnRp
bW9yZSwgQy4sICZsZHF1bzs8YSBocmVmPSJodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFm
dC1pZXRmLW9hdXRoLXNhbWwyLWJlYXJlci0xMiI+U0FNTCAyLjAgQmVhcmVyIEFzc2VydGlvbiBQ
cm9maWxlcyBmb3IgT0F1dGggMi4wPC9hPiwmcmRxdW87IGRyYWZ0LWlldGYtb2F1dGgtc2FtbDIt
YmVhcmVyLTEyICh3b3JrIGluIHByb2dyZXNzKSwgTWF5Jm5ic3A7MjAxMiAoPGEgaHJlZj0iaHR0
cDovL3d3dy5pZXRmLm9yZy9pbnRlcm5ldC1kcmFmdHMvZHJhZnQtaWV0Zi1vYXV0aC1zYW1sMi1i
ZWFyZXItMTIudHh0Ij5UWFQ8L2E+KS48L3RkPjwvdHI+Cjx0cj48dGQgY2xhc3M9ImF1dGhvci10
ZXh0IiB2YWxpZ249InRvcCI+PGEgbmFtZT0iSS1ELmlldGYtb2F1dGgtdjItYmVhcmVyIj5bSS1E
LmlldGYtb2F1dGgtdjItYmVhcmVyXTwvYT48L3RkPgo8dGQgY2xhc3M9ImF1dGhvci10ZXh0Ij5K
b25lcywgTS4sIEhhcmR0LCBELiwgYW5kIEQuIFJlY29yZG9uLCAmbGRxdW87PGEgaHJlZj0iaHR0
cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1vYXV0aC12Mi1iZWFyZXItMTkiPlRo
ZSBPQXV0aCAyLjAgQXV0aG9yaXphdGlvbiBQcm90b2NvbDogQmVhcmVyIFRva2VuczwvYT4sJnJk
cXVvOyBkcmFmdC1pZXRmLW9hdXRoLXYyLWJlYXJlci0xOSAod29yayBpbiBwcm9ncmVzcyksIEFw
cmlsJm5ic3A7MjAxMiAoPGEgaHJlZj0iaHR0cDovL3d3dy5pZXRmLm9yZy9pbnRlcm5ldC1kcmFm
dHMvZHJhZnQtaWV0Zi1vYXV0aC12Mi1iZWFyZXItMTkudHh0Ij5UWFQ8L2E+LCA8YSBocmVmPSJo
dHRwOi8vd3d3LmlldGYub3JnL2ludGVybmV0LWRyYWZ0cy9kcmFmdC1pZXRmLW9hdXRoLXYyLWJl
YXJlci0xOS5wZGYiPlBERjwvYT4pLjwvdGQ+PC90cj4KPHRyPjx0ZCBjbGFzcz0iYXV0aG9yLXRl
eHQiIHZhbGlnbj0idG9wIj48YSBuYW1lPSJJLUQuaWV0Zi1vYXV0aC12Mi1odHRwLW1hYyI+W0kt
RC5pZXRmLW9hdXRoLXYyLWh0dHAtbWFjXTwvYT48L3RkPgo8dGQgY2xhc3M9ImF1dGhvci10ZXh0
Ij5IYW1tZXItTGFoYXYsIEUuLCAmbGRxdW87PGEgaHJlZj0iaHR0cDovL3Rvb2xzLmlldGYub3Jn
L2h0bWwvZHJhZnQtaWV0Zi1vYXV0aC12Mi1odHRwLW1hYy0wMSI+SFRUUCBBdXRoZW50aWNhdGlv
bjogTUFDIEFjY2VzcyBBdXRoZW50aWNhdGlvbjwvYT4sJnJkcXVvOyBkcmFmdC1pZXRmLW9hdXRo
LXYyLWh0dHAtbWFjLTAxICh3b3JrIGluIHByb2dyZXNzKSwgRmVicnVhcnkmbmJzcDsyMDEyICg8
YSBocmVmPSJodHRwOi8vd3d3LmlldGYub3JnL2ludGVybmV0LWRyYWZ0cy9kcmFmdC1pZXRmLW9h
dXRoLXYyLWh0dHAtbWFjLTAxLnR4dCI+VFhUPC9hPiwgPGEgaHJlZj0iaHR0cDovL3d3dy5pZXRm
Lm9yZy9pbnRlcm5ldC1kcmFmdHMvZHJhZnQtaWV0Zi1vYXV0aC12Mi1odHRwLW1hYy0wMS5wZGYi
PlBERjwvYT4pLjwvdGQ+PC90cj4KPHRyPjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiIHZhbGlnbj0i
dG9wIj48YSBuYW1lPSJJLUQuaWV0Zi1vYXV0aC12Mi10aHJlYXRtb2RlbCI+W0ktRC5pZXRmLW9h
dXRoLXYyLXRocmVhdG1vZGVsXTwvYT48L3RkPgo8dGQgY2xhc3M9ImF1dGhvci10ZXh0Ij5NY0ds
b2luLCBNLiwgSHVudCwgUC4sIGFuZCBULiBMb2RkZXJzdGVkdCwgJmxkcXVvOzxhIGhyZWY9Imh0
dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWlldGYtb2F1dGgtdjItdGhyZWF0bW9kZWwt
MDIiPk9BdXRoIDIuMCBUaHJlYXQgTW9kZWwgYW5kIFNlY3VyaXR5IENvbnNpZGVyYXRpb25zPC9h
PiwmcmRxdW87IGRyYWZ0LWlldGYtb2F1dGgtdjItdGhyZWF0bW9kZWwtMDIgKHdvcmsgaW4gcHJv
Z3Jlc3MpLCBGZWJydWFyeSZuYnNwOzIwMTIgKDxhIGhyZWY9Imh0dHA6Ly93d3cuaWV0Zi5vcmcv
aW50ZXJuZXQtZHJhZnRzL2RyYWZ0LWlldGYtb2F1dGgtdjItdGhyZWF0bW9kZWwtMDIudHh0Ij5U
WFQ8L2E+KS48L3RkPjwvdHI+Cjx0cj48dGQgY2xhc3M9ImF1dGhvci10ZXh0IiB2YWxpZ249InRv
cCI+PGEgbmFtZT0iT0FTSVMuc2FtbC1jb3JlLTIuMC1vcyI+W09BU0lTLnNhbWwtY29yZS0yLjAt
b3NdPC9hPjwvdGQ+Cjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiPjxhIGhyZWY9Im1haWx0bzpjYW50
b3IuMkBvc3UuZWR1Ij5DYW50b3IsIFMuPC9hPiwgPGEgaHJlZj0ibWFpbHRvOkpvaG4uS2VtcEBu
b2tpYS5jb20iPktlbXAsIEouPC9hPiwgPGEgaHJlZj0ibWFpbHRvOnJwaGlscG90dEByc2FzZWN1
cml0eS5jb20iPlBoaWxwb3R0LCBSLjwvYT4sIGFuZCA8YSBocmVmPSJtYWlsdG86ZXZlLm1hbGVy
QHN1bi5jb20iPkUuIE1hbGVyPC9hPiwgJmxkcXVvOzxhIGhyZWY9Imh0dHA6Ly9kb2NzLm9hc2lz
LW9wZW4ub3JnL3NlY3VyaXR5L3NhbWwvdjIuMC9zYW1sLWNvcmUtMi4wLW9zLnBkZiI+QXNzZXJ0
aW9ucyBhbmQgUHJvdG9jb2wgZm9yIHRoZSBPQVNJUyBTZWN1cml0eSBBc3NlcnRpb24gTWFya3Vw
IExhbmd1YWdlCiAgICAgICAgICAgIChTQU1MKSBWMi4wPC9hPiwmcmRxdW87IE9BU0lTIFN0YW5k
YXJkJm5ic3A7c2FtbC1jb3JlLTIuMC1vcywgTWFyY2gmbmJzcDsyMDA1LjwvdGQ+PC90cj4KPHRy
Pjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiIHZhbGlnbj0idG9wIj48YSBuYW1lPSJSRkM1ODQ5Ij5b
UkZDNTg0OV08L2E+PC90ZD4KPHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+SGFtbWVyLUxhaGF2LCBF
LiwgJmxkcXVvOzxhIGhyZWY9Imh0dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL3JmYzU4NDkiPlRo
ZSBPQXV0aCAxLjAgUHJvdG9jb2w8L2E+LCZyZHF1bzsgUkZDJm5ic3A7NTg0OSwgQXByaWwmbmJz
cDsyMDEwICg8YSBocmVmPSJodHRwOi8vd3d3LnJmYy1lZGl0b3Iub3JnL3JmYy9yZmM1ODQ5LnR4
dCI+VFhUPC9hPikuPC90ZD48L3RyPgo8L3RhYmxlPgoKPGEgbmFtZT0iYW5jaG9yNjQiPjwvYT48
YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxz
cGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRP
Q2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxl
Pgo8YSBuYW1lPSJyZmMuc2VjdGlvbi5BIj48L2E+PGgzPkFwcGVuZGl4IEEuJm5ic3A7CkFja25v
d2xlZGdlbWVudHM8L2gzPgoKPHA+CiAgICAgICAgVGhlIGluaXRpYWwgT0F1dGggMi4wIHByb3Rv
Y29sIHNwZWNpZmljYXRpb24gd2FzIGVkaXRlZCBieSBEYXZpZCBSZWNvcmRvbiwgYmFzZWQgb24g
dHdvCiAgICAgICAgcHJldmlvdXMgcHVibGljYXRpb25zOiB0aGUgT0F1dGggMS4wIGNvbW11bml0
eSBzcGVjaWZpY2F0aW9uIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjUkZDNTg0OSc+W1JGQzU4NDld
PHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkhhbW1lci1MYWhhdiwgRS4sICZsZHF1
bztUaGUgT0F1dGggMS4wIFByb3RvY29sLCZyZHF1bzsgQXByaWwmbmJzcDsyMDEwLjwvc3Bhbj48
c3Bhbj4pPC9zcGFuPjwvYT4sIGFuZAogICAgICAgIE9BdXRoIFdSQVAgKE9BdXRoIFdlYiBSZXNv
dXJjZSBBdXRob3JpemF0aW9uIFByb2ZpbGVzKQogICAgICAgIDxhIGNsYXNzPSdpbmZvJyBocmVm
PScjSS1ELmRyYWZ0LWhhcmR0LW9hdXRoLTAxJz5bSSYjODIwOTtELmRyYWZ0JiM4MjA5O2hhcmR0
JiM4MjA5O29hdXRoJiM4MjA5OzAxXTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5I
YXJkdCwgRC4sIEVkLiwgVG9tLCBBLiwgRWF0b24sIEIuLCBhbmQgWS4gR29sYW5kLCAmbGRxdW87
T0F1dGggV2ViIFJlc291cmNlIEF1dGhvcml6YXRpb24gUHJvZmlsZXMsJnJkcXVvOyBKYW51YXJ5
Jm5ic3A7MjAxMC48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LiBUaGUgU2VjdXJpdHkgQ29uc2lk
ZXJhdGlvbnMgc2VjdGlvbiB3YXMgZHJhZnRlZAogICAgICAgIGJ5IFRvcnN0ZW4gTG9kZGVyc3Rl
ZHQsIE1hcmsgTWNHbG9pbiwgUGhpbCBIdW50LCBhbmQgQW50aG9ueSBOYWRhbGluLgogICAgICAK
PC9wPgo8cD4KICAgICAgICBUaGUgT0F1dGggMS4wIGNvbW11bml0eSBzcGVjaWZpY2F0aW9uIHdh
cyBlZGl0ZWQgYnkgRXJhbiBIYW1tZXIgYW5kIGF1dGhvcmVkIGJ5CiAgICAgICAgTWFyayBBdHdv
b2QsIERpcmsgQmFsZmFueiwgRGFycmVuIEJvdW5kcywgUmljaGFyZCBNLiBDb25sYW4sIEJsYWlu
ZSBDb29rLCBMZWFoIEN1bHZlciwKICAgICAgICBCcmVubyBkZSBNZWRlaXJvcywgQnJpYW4gRWF0
b24sIEtlbGxhbiBFbGxpb3R0LU1jQ3JlYSwgTGFycnkgSGFsZmYsIEVyYW4gSGFtbWVyLAogICAg
ICAgIEJlbiBMYXVyaWUsIENocmlzIE1lc3NpbmEsIEpvaG4gUGFuemVyLCBTYW0gUXVpZ2xleSwg
RGF2aWQgUmVjb3Jkb24sIEVyYW4gU2FuZGxlciwKICAgICAgICBKb25hdGhhbiBTZXJnZW50LCBU
b2RkIFNpZWxpbmcsIEJyaWFuIFNsZXNpbnNreSwgYW5kIEFuZHkgU21pdGguCiAgICAgIAo8L3A+
CjxwPgogICAgICAgIFRoZSBPQXV0aCBXUkFQIHNwZWNpZmljYXRpb24gd2FzIGVkaXRlZCBieSBE
aWNrIEhhcmR0IGFuZCBhdXRob3JlZCBieSBCcmlhbiBFYXRvbiwKICAgICAgICBZYXJvbiBZLiBH
b2xhbmQsIERpY2sgSGFyZHQsIGFuZCBBbGxlbiBUb20uCiAgICAgIAo8L3A+CjxwPgogICAgICAg
IFRoaXMgc3BlY2lmaWNhdGlvbiBpcyB0aGUgd29yayBvZiB0aGUgT0F1dGggV29ya2luZyBHcm91
cCB3aGljaCBpbmNsdWRlcyBkb3plbnMgb2YgYWN0aXZlCiAgICAgICAgYW5kIGRlZGljYXRlZCBw
YXJ0aWNpcGFudHMuIEluIHBhcnRpY3VsYXIsIHRoZSBmb2xsb3dpbmcgaW5kaXZpZHVhbHMgY29u
dHJpYnV0ZWQgaWRlYXMsCiAgICAgICAgZmVlZGJhY2ssIGFuZCB3b3JkaW5nIHdoaWNoIHNoYXBl
ZCBhbmQgZm9ybWVkIHRoZSBmaW5hbCBzcGVjaWZpY2F0aW9uOgogICAgICAKPC9wPgo8cD4KICAg
ICAgICBNaWNoYWVsIEFkYW1zLCBBbWFuZGEgQW5nYW5lcywgQW5kcmV3IEFybm90dCwgRGlyayBC
YWxmYW56LCBBaWRlbiBCZWxsLCBCcmlhbiBDYW1wYmVsbCwKICAgICAgICBTY290dCBDYW50b3Is
IE1hcmNvcyBDYWNlcmVzLCBCbGFpbmUgQ29vaywgUm9nZXIgQ3JldywgQnJpYW4gRWF0b24sIFdl
c2xleSBFZGR5LCBMZWFoIEN1bHZlciwKICAgICAgICBCaWxsIGRlIGhPcmEsIEFuZHJlIERlTWFy
cmUsIEJyaWFuIEVhdG9uLCBXb2x0ZXIgRWxkZXJpbmcsIEJyaWFuIEVsbGluLCBJZ29yIEZheW5i
ZXJnLAogICAgICAgIEdlb3JnZSBGbGV0Y2hlciwgVGltIEZyZWVtYW4sIEx1Y2EgRnJvc2luaSwg
RXZhbiBHaWxiZXJ0LCBZYXJvbiBZLiBHb2xhbmQsIEJyZW50IEdvbGRtYW4sCiAgICAgICAgS3Jp
c3RvZmZlciBHcm9ub3dza2ksIEp1c3RpbiBIYXJ0LCBEaWNrIEhhcmR0LCBDcmFpZyBIZWF0aCwg
UGhpbCBIdW50LCBNaWNoYWVsIEIuIEpvbmVzLAogICAgICAgIFRlcnJ5IEpvbmVzLCBKb2huIEtl
bXAsIE1hcmsgS2VudCwgUmFmZmkgS3Jpa29yaWFuLCBDaGFzZW4gTGUgSGFyYSwgUmFzbXVzIExl
cmRvcmYsCiAgICAgICAgVG9yc3RlbiBMb2RkZXJzdGVkdCwgSHVpLUxhbiBMdSwgQ2FzZXkgTHVj
YXMsIFBhdWwgTWFkc2VuLCBBbGFzdGFpciBNYWlyLCBFdmUgTWFsZXIsCiAgICAgICAgSmFtZXMg
TWFuZ2VyLCBNYXJrIE1jR2xvaW4sIExhdXJlbmNlIE1pYW8sIFdpbGxpYW0gTWlsbHMsIENodWNr
IE1vcnRpbW9yZSwgQW50aG9ueSBOYWRhbGluLAogICAgICAgIEp1bGlhbiBSZXNjaGtlLCBKdXN0
aW4gUmljaGVyLCBQZXRlciBTYWludC1BbmRyZSwgTmF0IFNha2ltdXJhLCBSb2IgU2F5cmUsCiAg
ICAgICAgTWFyaXVzIFNjdXJ0ZXNjdSwgTmFpdGlrIFNoYWgsIEx1a2UgU2hlcGFyZCwgVmxhZCBT
a3ZvcnRzb3YsIEp1c3RpbiBTbWl0aCwgSGFpYmluIFNvbmcsCiAgICAgICAgTml2IFN0ZWluZ2Fy
dGVuLCBDaHJpc3RpYW4gU3R1Ym5lciwgSmVyZW15IFN1cmllbCwgUGF1bCBUYXJqYW4sIENocmlz
dG9waGVyIFRob21hcywKICAgICAgICBIZW5yeSBTLiBUaG9tcHNvbiwgQWxsZW4gVG9tLCBGcmFu
a2xpbiBUc2UsIE5pY2sgV2Fsa2VyLCBTaGFuZSBXZWVkZW4sIGFuZCBTa3lsYXIgV29vZHdhcmQu
CiAgICAgIAo8L3A+CjxwPgogICAgICAgIFRoaXMgZG9jdW1lbnQgd2FzIHByb2R1Y2VkIHVuZGVy
IHRoZSBjaGFpcm1hbnNoaXAgb2YgQmxhaW5lIENvb2ssIFBldGVyIFNhaW50LUFuZHJlLAogICAg
ICAgIEhhbm5lcyBUc2Nob2ZlbmlnLCBCYXJyeSBMZWliYSwgYW5kIERlcmVrIEF0a2lucy4gVGhl
IGFyZWEgZGlyZWN0b3JzIGluY2x1ZGVkIExpc2EgRHVzc2VhdWx0LAogICAgICAgIFBldGVyIFNh
aW50LUFuZHJlLCBhbmQgU3RlcGhlbiBGYXJyZWxsLgogICAgICAKPC9wPgo8YSBuYW1lPSJhbmNo
b3I2NSI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGlu
Zz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0
ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48
L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLkIiPjwvYT48aDM+QXBwZW5kaXggQi4m
bmJzcDsKRWRpdG9yJ3MgTm90ZXM8L2gzPgoKPHA+CiAgICAgICAgV2hpbGUgbWFueSBwZW9wbGUg
Y29udHJpYnV0ZWQgdG8gdGhpcyBzcGVjaWZpY2F0aW9uIHRocm91Z2hvdXQgaXRzIGxvbmcgam91
cm5leSwgdGhlIGVkaXRvcgogICAgICAgIHdvdWxkIGxpa2UgdG8gYWNrbm93bGVkZ2UgYW5kIHRo
YW5rIGEgZmV3IGluZGl2aWR1YWxzIGZvciB0aGVpciBvdXRzdGFuZGluZyBhbmQgaW52YWx1YWJs
ZQogICAgICAgIGVmZm9ydHMgbGVhZGluZyB1cCB0byB0aGUgcHVibGljYXRpb24gb2YgdGhpcyBz
cGVjaWZpY2F0aW9uLgogICAgICAKPC9wPgo8cD4KICAgICAgICBEYXZpZCBSZWNvcmRvbiBmb3Ig
Y29udGludW91c2x5IGJlaW5nIG9uZSBvZiBPQXV0aCdzIG1vc3QgdmFsdWFibGUgYXNzZXRzLCBi
cmluZ2luZwogICAgICAgIHByYWdtYXRpc20gYW5kIHVyZ2VuY3kgdG8gdGhlIHdvcmssIGFuZCBo
ZWxwaW5nIHNoYXBlIGl0IGZyb20gaXRzIHZlcnkgYmVnaW5uaW5nLCBhcyB3ZWxsCiAgICAgICAg
YXMgYmVpbmcgb25lIG9mIHRoZSBiZXN0IGNvbGxhYm9yYXRvcnMgSSBoYWQgdGhlIHBsZWFzdXJl
IG9mIHdvcmtpbmcgd2l0aC4KICAgICAgCjwvcD4KPHA+CiAgICAgICAgSmFtZXMgTWFuZ2VyIGZv
ciBoaXMgY3JlYXRpdmUgaWRlYXMgYW5kIGFsd2F5cyBpbnNpZ2h0ZnVsIGZlZWRiYWNrLiBCcmlh
biBDYW1wYmVsbCwKICAgICAgICBUb3JzdGVuIExvZGRlcnN0ZWR0LCBDaHVjayBNb3J0aW1vcmUs
IEp1c3RpbiBSaWNoZXIsIE1hcml1cyBTY3VydGVzY3UsIGFuZCBMdWtlIFNoZXBhcmQgZm9yCiAg
ICAgICAgdGhlaXIgY29udGludWVkIHBhcnRpY2lwYXRpb24gYW5kIHZhbHVhYmxlIGZlZWRiYWNr
LgogICAgICAKPC9wPgo8cD4KICAgICAgICBTcGVjaWFsIHRoYW5rcyBnb2VzIHRvIE1pa2UgQ3Vy
dGlzIGFuZCBZYWhvbyEgZm9yIHRoZWlyIHVuY29uZGl0aW9uYWwgc3VwcG9ydCBvZiB0aGlzIHdv
cmsKICAgICAgICBmb3Igb3ZlciB0aHJlZSB5ZWFycy4KICAgICAgCjwvcD4KPGEgbmFtZT0icmZj
LmF1dGhvcnMiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBh
ZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0
cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwv
dGQ+PC90cj48L3RhYmxlPgo8aDM+QXV0aG9ycycgQWRkcmVzc2VzPC9oMz4KPHRhYmxlIHdpZHRo
PSI5OSUiIGJvcmRlcj0iMCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIwIj4KPHRyPjx0
ZCBjbGFzcz0iYXV0aG9yLXRleHQiPiZuYnNwOzwvdGQ+Cjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQi
PkVyYW4gSGFtbWVyIChlZGl0b3IpPC90ZD48L3RyPgo8dHI+PHRkIGNsYXNzPSJhdXRob3IiIGFs
aWduPSJyaWdodCI+RW1haWw6Jm5ic3A7PC90ZD4KPHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+PGEg
aHJlZj0ibWFpbHRvOmVyYW5AaHVlbml2ZXJzZS5jb20iPmVyYW5AaHVlbml2ZXJzZS5jb208L2E+
PC90ZD48L3RyPgo8dHI+PHRkIGNsYXNzPSJhdXRob3IiIGFsaWduPSJyaWdodCI+VVJJOiZuYnNw
OzwvdGQ+Cjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiPjxhIGhyZWY9Imh0dHA6Ly9odWVuaXZlcnNl
LmNvbSI+aHR0cDovL2h1ZW5pdmVyc2UuY29tPC9hPjwvdGQ+PC90cj4KPHRyIGNlbGxwYWRkaW5n
PSIzIj48dGQ+Jm5ic3A7PC90ZD48dGQ+Jm5ic3A7PC90ZD48L3RyPgo8dHI+PHRkIGNsYXNzPSJh
dXRob3ItdGV4dCI+Jm5ic3A7PC90ZD4KPHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+RGF2aWQgUmVj
b3Jkb248L3RkPjwvdHI+Cjx0cj48dGQgY2xhc3M9ImF1dGhvci10ZXh0Ij4mbmJzcDs8L3RkPgo8
dGQgY2xhc3M9ImF1dGhvci10ZXh0Ij5GYWNlYm9vazwvdGQ+PC90cj4KPHRyPjx0ZCBjbGFzcz0i
YXV0aG9yIiBhbGlnbj0icmlnaHQiPkVtYWlsOiZuYnNwOzwvdGQ+Cjx0ZCBjbGFzcz0iYXV0aG9y
LXRleHQiPjxhIGhyZWY9Im1haWx0bzpkckBmYi5jb20iPmRyQGZiLmNvbTwvYT48L3RkPjwvdHI+
Cjx0cj48dGQgY2xhc3M9ImF1dGhvciIgYWxpZ249InJpZ2h0Ij5VUkk6Jm5ic3A7PC90ZD4KPHRk
IGNsYXNzPSJhdXRob3ItdGV4dCI+PGEgaHJlZj0iaHR0cDovL3d3dy5kYXZpZHJlY29yZG9uLmNv
bS8iPmh0dHA6Ly93d3cuZGF2aWRyZWNvcmRvbi5jb20vPC9hPjwvdGQ+PC90cj4KPHRyIGNlbGxw
YWRkaW5nPSIzIj48dGQ+Jm5ic3A7PC90ZD48dGQ+Jm5ic3A7PC90ZD48L3RyPgo8dHI+PHRkIGNs
YXNzPSJhdXRob3ItdGV4dCI+Jm5ic3A7PC90ZD4KPHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+RGlj
ayBIYXJkdDwvdGQ+PC90cj4KPHRyPjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiPiZuYnNwOzwvdGQ+
Cjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiPk1pY3Jvc29mdDwvdGQ+PC90cj4KPHRyPjx0ZCBjbGFz
cz0iYXV0aG9yIiBhbGlnbj0icmlnaHQiPkVtYWlsOiZuYnNwOzwvdGQ+Cjx0ZCBjbGFzcz0iYXV0
aG9yLXRleHQiPjxhIGhyZWY9Im1haWx0bzpkaWNrLmhhcmR0QGdtYWlsLmNvbSI+ZGljay5oYXJk
dEBnbWFpbC5jb208L2E+PC90ZD48L3RyPgo8dHI+PHRkIGNsYXNzPSJhdXRob3IiIGFsaWduPSJy
aWdodCI+VVJJOiZuYnNwOzwvdGQ+Cjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiPjxhIGhyZWY9Imh0
dHA6Ly9kaWNraGFyZHQub3JnLyI+aHR0cDovL2RpY2toYXJkdC5vcmcvPC9hPjwvdGQ+PC90cj4K
PC90YWJsZT4KPC9ib2R5PjwvaHRtbD4K

--_006_4E1F6AAD24975D4BA5B168042967394366516960TK5EX14MBXC284r_--

From julian.reschke@gmx.de  Wed May 23 23:35:55 2012
Return-Path: <julian.reschke@gmx.de>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D664D21F8567 for <oauth@ietfa.amsl.com>; Wed, 23 May 2012 23:35:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bkbVykqDGfUI for <oauth@ietfa.amsl.com>; Wed, 23 May 2012 23:35:55 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id CCA7B21F856C for <oauth@ietf.org>; Wed, 23 May 2012 23:35:54 -0700 (PDT)
Received: (qmail invoked by alias); 24 May 2012 06:35:49 -0000
Received: from p5DD97F30.dip.t-dialin.net (EHLO [192.168.178.36]) [93.217.127.48] by mail.gmx.net (mp012) with SMTP; 24 May 2012 08:35:49 +0200
X-Authenticated: #1915285
X-Provags-ID: V01U2FsdGVkX18mVCpKKK0m0Fabkyn6/DsJRaGemVsLcBkXPhygKa qzxfECcLkkZ2GA
Message-ID: <4FBDD6C0.2050502@gmx.de>
Date: Thu, 24 May 2012 08:35:44 +0200
From: Julian Reschke <julian.reschke@gmx.de>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: Mike Jones <Michael.Jones@microsoft.com>
References: <4E1F6AAD24975D4BA5B16804296739436650C7FA@TK5EX14MBXC284.redmond.corp.microsoft.com> <4FB5F703.90907@gmx.de>
In-Reply-To: <4FB5F703.90907@gmx.de>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Cc: Mark Nottingham <mnot@mnot.net>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] FYI - Text resolving DISCUSS issue about Bearer URI Query Parameter method
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 May 2012 06:35:56 -0000

On 2012-05-18 09:15, Julian Reschke wrote:
> ...
> Did you consider to *also* move the whole section into an appendix, so
> that it's status is also reflected by the document structure?
>
> Best regards, Julian

Hi, it would be awesome to see feedback on this (it has been mentioned 
during IETF LC multiple times).

Best regards, Julian

From recordond@gmail.com  Wed May 23 23:38:23 2012
Return-Path: <recordond@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 755D521F8523 for <oauth@ietfa.amsl.com>; Wed, 23 May 2012 23:38:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level: 
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vmmMTP-xvcux for <oauth@ietfa.amsl.com>; Wed, 23 May 2012 23:38:21 -0700 (PDT)
Received: from mail-lpp01m010-f44.google.com (mail-lpp01m010-f44.google.com [209.85.215.44]) by ietfa.amsl.com (Postfix) with ESMTP id D688821F841C for <oauth@ietf.org>; Wed, 23 May 2012 23:38:20 -0700 (PDT)
Received: by lagv3 with SMTP id v3so6549983lag.31 for <oauth@ietf.org>; Wed, 23 May 2012 23:38:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=+9/92vl6/dX/yVqScLMKm2A8rfnP0O0xoHmz8JSjG7w=; b=PbAXTe24rIJW+BEuREepB/G90Hlo4pRENv+c2ZCX3IjeGRb7CwFrU1LHqcaj3LT9yL NU4mKYwf/9N7oSDN8pbf/FL+tgKjp+WVUowz/PF3Lc09PaRwGxP9NMMrh0RgbHERssUP 1PZvR1JsmdBFUcZRqF042CJpbyMMS+MhBMVn0cPQV8VPfna0ii0bCAURAFlUhpLi6FZ1 /3g3mLzel2Vy83F/2Asf2Ez8VHzNUzmKAbSYdX+9M+nQUx46D6gYXt9ADLj15FcPBlTe Z0pudenPzimnjArgkaTpxIbyWUqudhpqZzcD9FK5VfZDBV8fDnl+55sOYdCs5a6jaIL+ bEUg==
MIME-Version: 1.0
Received: by 10.152.102.137 with SMTP id fo9mr16626078lab.35.1337841499716; Wed, 23 May 2012 23:38:19 -0700 (PDT)
Received: by 10.112.104.97 with HTTP; Wed, 23 May 2012 23:38:19 -0700 (PDT)
In-Reply-To: <4E1F6AAD24975D4BA5B168042967394366516960@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <FADC0EB3-75F7-45E8-93B8-A9C3A07E2E88@gmx.net> <4E1F6AAD24975D4BA5B168042967394366516960@TK5EX14MBXC284.redmond.corp.microsoft.com>
Date: Wed, 23 May 2012 23:38:19 -0700
Message-ID: <CAB_mRgMumU5qzEJF0KCWNCx+R4MAzVawiJGKj2YBpJFzrxkomQ@mail.gmail.com>
From: David Recordon <recordond@gmail.com>
To: Mike Jones <Michael.Jones@microsoft.com>,  Hannes Tschofenig <hannes.tschofenig@gmx.net>, Eran Hammer <eran@hueniverse.com>
Content-Type: multipart/alternative; boundary=f46d0407160b5b3c4904c0c27fd4
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Error Encoding: Conclusion
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 May 2012 06:38:23 -0000

--f46d0407160b5b3c4904c0c27fd4
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

Honestly still trying to fully wrap my head around what's going on here
since it seems far more complex than the threads are alluding to. In any
case, does Mike's text address what Eran brought up as needed in the thread
Hannes referenced or is Eran wrong?

The core spec currently provides full guidance and definition for error
extensibility. Extending the registry's scope means the need for
non-trivial new text that:

* explains the process of adding new errors for endpoints not defined by
this specification,
* finds a common ground for value restrictions beyond what is already
listed,
* guide authors of future HTTP authentication schemes meant for use with
OAuth (e.g. MAC) for their requirements for using the error registry, and
* address the very likely scenario of the same error code carrying
different meanings in different endpoints, or an extension that adds a
location to a code already defined elsewhere - something very likely to
happen if you cross the two very different domains (OAuth endpoints,
Protected resource endpoints). This requires changing the entire structure
of the registry to create separate records for each code/location pair.


Thanks,
--David


On Wed, May 23, 2012 at 10:22 PM, Mike Jones <Michael.Jones@microsoft.com>w=
rote:

>  Thanks Hannes.  In the interest of hopefully completing the edits to
> remove the DISCUSS issues for the Bearer and Core specs in the next few
> days so that we can send the docs to the RFC editors, I'd like to propose
> specific language for the Core spec to address both of the consensus call
> issue resolutions.  After there's consensus on the specific text for Core=
,
> it will be easy for us to add a reference in Bearer to the language in Co=
re
> for the error syntax restrictions and to use the OAuth errors registry.
> I'll do that in parallel with the discussions on the proposed core langua=
ge
> changes.****
>
> ** **
>
> A summary of the changes I made in response to the consensus call
> conclusions are:****
>
> **=B7        **Add syntax restrictions for =93error=94, =93error_descript=
ion=94,
> and =93error_uri=94 from Bearer to Core****
>
> **=B7        **Add section 7.2 about error responses from resource access
> requests****
>
> **=B7        **Add =93resource access error response=94 to the category o=
f
> OAuth errors that can be registered****
>
> ** **
>
> Additional editorial changes that I made as I encountered issues in the
> document were:****
>
> **=B7        **Updated out of date references, especially the
> draft-hardt-oauth-01 reference, which contained an invalid link****
>
> **=B7        **Added Derek Atkins to the list of chairs****
>
> **=B7        **Added Yaron Goland=92s middle initial Y. (since he prefers=
 to
> include it in publications)****
>
> **=B7        **Replaced use of the deprecated <appendix> element, which
> prevented the spec from building with strict checking, with a <section>
> element in the <back> section (which creates an appendix)****
>
> ** **
>
> To make it easy to incorporate these changes into the document and so the
> proposed changes are unambiguous, I produced an edited version of Core -2=
6
> containing these changes.  The xml, txt, and html versions are attached t=
o
> facilitate review.  Pertinent diffs from the .txt version follow.****
>
> ** **
>
>                                                             Cheers,****
>
>                                                             -- Mike****
>
> ** **
>
> 683c683,684****
>
> <    notation of [RFC5234].****
>
> ---****
>
> >    notation of [RFC5234].  Additionally, the rule URI-Reference is****
>
> >    included from Uniform Resource Identifier (URI) [RFC3986].****
>
> 1441c1441,1442****
>
> <          REQUIRED.  A single error code from the following:****
>
> ---****
>
> >          REQUIRED.  A single ASCII [USASCII] error code from the****
>
> >          following:****
>
> 1474a1475,1476****
>
> >          Values for the "error" parameter MUST NOT include characters**=
*
> *
>
> >          outside the set %x20-21 / %x23-5B / %x5D-7E.****
>
> 1476c1478****
>
> <          OPTIONAL.  A human-readable UTF-8 encoded text providing****
>
> ---****
>
> >          OPTIONAL.  A human-readable ASCII [USASCII] text providing****
>
> 1478a1481,1482****
>
> >          Values for the "error_description" parameter MUST NOT include*=
*
> **
>
> >          characters outside the set %x20-21 / %x23-5B / %x5D-7E.****
>
> 1482a1487,1489****
>
> >          Values for the "error_uri" parameter MUST conform to the URI-*=
*
> **
>
> >          Reference syntax, and thus MUST NOT include characters outside=
*
> ***
>
> >          the set %x21 / %x23-5B / %x5D-7E.****
>
> 1840c1840,1841****
>
> <          REQUIRED.  A single error code from the following:****
>
> ---****
>
> >          REQUIRED.  A single ASCII [USASCII] error code from the****
>
> >          following:****
>
> 1873a1874,1875****
>
> >          Values for the "error" parameter MUST NOT include characters**=
*
> *
>
> >          outside the set %x20-21 / %x23-5B / %x5D-7E.****
>
> 1875c1877****
>
> <          OPTIONAL.  A human-readable UTF-8 encoded text providing****
>
> ---****
>
> >          OPTIONAL.  A human-readable ASCII [USASCII] text providing****
>
> 1877a1880,1881****
>
> >          Values for the "error_description" parameter MUST NOT include*=
*
> **
>
> >          characters outside the set %x20-21 / %x23-5B / %x5D-7E.****
>
> 1881a1886,1888****
>
> >          Values for the "error_uri" parameter MUST conform to the URI-*=
*
> **
>
> >          Reference syntax, and thus MUST NOT include characters outside=
*
> ***
>
> >          the set %x21 / %x23-5B / %x5D-7E.****
>
> <          REQUIRED.  A single error code from the following:****
>
> ---****
>
> >          REQUIRED.  A single ASCII [USASCII] error code from the****
>
> >          following:****
>
> 2325a2326,2327****
>
> >          Values for the "error" parameter MUST NOT include characters**=
*
> *
>
> >          outside the set %x20-21 / %x23-5B / %x5D-7E.****
>
> 2327c2329****
>
> <          OPTIONAL.  A human-readable UTF-8 encoded text providing****
>
> ---****
>
> >          OPTIONAL.  A human-readable ASCII [USASCII] text providing****
>
> 2329a2332,2333****
>
> >          Values for the "error_description" parameter MUST NOT include*=
*
> **
>
> >          characters outside the set %x20-21 / %x23-5B / %x5D-7E.****
>
> 2333a2338,2340****
>
> >          Values for the "error_uri" parameter MUST conform to the URI-*=
*
> **
>
> >          Reference syntax, and thus MUST NOT include characters outside=
*
> ***
>
> >          the set %x21 / %x23-5B / %x5D-7E.****
>
> 2450c2460,2468****
>
> <    The method in which the client utilized the access token to****
>
> ---****
>
> >    The method in which the client utilizes the access token to****
>
> 2479c2489****
>
> <      Authorization: Bearer 7Fjfp0ZBr1KtDRbnfVdmIw****
>
> ---****
>
> >      Authorization: Bearer mF_9.B5f-4.1JqM****
>
> 2503a2514,2533****
>
> > ****
>
> > 7.2.  Error Response****
>
> > ****
>
> >    If a resource access request fails, the resource server SHOULD infor=
m
> ****
>
> >    the client of the error.  While the specific error responses possibl=
e
> ****
>
> >    and methods for transmitting those errors when using any particular*=
*
> **
>
> >    access token type are beyond the scope of this specification, any***=
*
>
> >    error codes defined for use with OAuth resource access methods MUST*=
*
> **
>
> >    be registered (following the procedures in Section 11.4).****
>
> > ****
>
> > ****
>
> 2602,2603c2624,2626****
>
> <    (Section 4.2.2.1), or the token error response (Section 5.2), such**=
*
> *
>
> <    error codes MAY be defined.****
>
> ---****
>
> >    (Section 4.2.2.1), the token error response (Section 5.2), or the***=
*
>
> >    resource access error response (Section 7.2), such error codes MAY b=
e
> ****
>
> >    defined.****
>
> 3444c3484,3485****
>
> <       (Section 4.2.2.1), or token error response (Section 5.2).****
>
> ---****
>
> >       (Section 4.2.2.1), token error response (Section 5.2), or resourc=
e
> ****
>
> >       access error response (Section 7.2).****
>
> 3596a3554,3557****
>
> >    [USASCII]  American National Standards Institute, "Coded Character**=
*
> *
>
> >               Set -- 7-bit American Standard Code for Information****
>
> >               Interchange", ANSI X3.4, 1986.****
>
> > ****
>
> 3611,3612c3572,3573****
>
> <               OAuth 2.0", draft-ietf-oauth-saml2-bearer-08 (work in****
>
> <               progress), August 2011.****
>
> ---****
>
> >               OAuth 2.0", draft-ietf-oauth-saml2-bearer-12 (work in****
>
> >               progress), May 2012.****
>
> 3616,3617c3577,3579****
>
> <               Protocol: Bearer Tokens", draft-ietf-oauth-v2-bearer-08**=
*
> *
>
> <               (work in progress), July 2011.****
>
> ---****
>
> >               Authorization Protocol: Bearer Tokens",****
>
> >               draft-ietf-oauth-v2-bearer-19 (work in progress),****
>
> >               April 2012.****
>
> 3620,3623c3589,3591****
>
> <               Hammer-Lahav, E., Barth, A., and B. Adida, "HTTP****
>
> <               Authentication: MAC Access Authentication",****
>
> <               draft-ietf-oauth-v2-http-mac-00 (work in progress),****
>
> <               May 2011.****
>
> ---****
>
> >               Hammer-Lahav, E., "HTTP Authentication: MAC Access****
>
> >               Authentication", draft-ietf-oauth-v2-http-mac-01 (work in=
*
> ***
>
> >               progress), February 2012.****
>
> 3626c3594****
>
> <               Lodderstedt, T., McGloin, M., and P. Hunt, "OAuth 2.0****
>
> ---****
>
> >               McGloin, M., Hunt, P., and T. Lodderstedt, "OAuth 2.0****
>
> 3628,3629c3596,3597****
>
> <               draft-ietf-oauth-v2-threatmodel-00 (work in progress),***=
*
>
> <               July 2011.****
>
> ---****
>
> >               draft-ietf-oauth-v2-threatmodel-02 (work in progress),***=
*
>
> >               February 2012.****
>
> 3468,3546d3503****
>
> <    Brian Eaton, Yaron Goland, Dick Hardt, and Allen Tom.****
>
> 3639c3609,3639****
>
> >    Brian Eaton, Yaron Y. Goland, Dick Hardt, and Allen Tom.****
>
> 3468,3546d3503****
>
> <    Yaron Goland, Brent Goldman, Kristoffer Gronowski, Justin Hart,****
>
> 3644,3645c3644,3656****
>
> >    Yaron Y. Goland, Brent Goldman, Kristoffer Gronowski, Justin Hart,**=
*
> *
>
> 3468,3546d3503****
>
> <    This document was produced under the chairmanship of Blaine Cook,***=
*
>
> <    Peter Saint-Andre, Hannes Tschofenig, and Barry Leiba.  The area****
>
> <    directors included Lisa Dusseault, Peter Saint-Andre, and Stephen***=
*
>
> <    Farrell.****
>
> 3646a3658,3661****
>
> >    This document was produced under the chairmanship of Blaine Cook,***=
*
>
> >    Peter Saint-Andre, Hannes Tschofenig, Barry Leiba, and Derek Atkins.=
*
> ***
>
> >    The area directors included Lisa Dusseault, Peter Saint-Andre, and**=
*
> *
>
> >    Stephen Farrell.****
>
> ** **
>
> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of
> Hannes Tschofenig
> Sent: Wednesday, May 23, 2012 11:27 AM
> To: oauth@ietf.org WG
> Subject: [OAUTH-WG] Error Encoding: Conclusion
>
> ** **
>
> Hi all, ****
>
> ** **
>
> on May 10th we called for consensus on an open issue regarding the error
> encoding. Here is the link to the call: ****
>
> http://www.ietf.org/mail-archive/web/oauth/current/msg08994.html****
>
> ** **
>
> Thank you all for the feedback. The conclusion of the consensus call was
> to harmonize the encoding between the two specifications by incorporating
> the restrictions from the bearer specification into the base specificatio=
n.
> The error encoding will go into the core specification and the bearer
> specification will reference it. ****
>
> ** **
>
> Ciao****
>
> Hannes & Derek****
>
> ** **
>
> _______________________________________________****
>
> OAuth mailing list****
>
> OAuth@ietf.org****
>
> https://www.ietf.org/mailman/listinfo/oauth****
>
> ** **
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>

--f46d0407160b5b3c4904c0c27fd4
Content-Type: text/html; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

Honestly still trying to fully wrap my head around what&#39;s going on here=
 since it seems far more complex than the threads are alluding to. In any c=
ase, does Mike&#39;s text address what Eran brought up as needed in the thr=
ead Hannes referenced or is Eran wrong?<div>
<br></div><blockquote style=3D"margin:0 0 0 40px;border:none;padding:0px"><=
div><span style>The core spec currently provides full guidance and definiti=
on for error extensibility. Extending the registry&#39;s scope means the ne=
ed for non-trivial new text that:</span></div>
<div><br style></div><div><span style>* explains the process of adding new =
errors for endpoints not defined by this specification,</span></div><div><s=
pan style>* finds a common ground for value restrictions beyond what is alr=
eady listed,</span></div>
<div><span style>* guide authors of future HTTP authentication schemes mean=
t for use with OAuth (e.g. MAC) for their requirements for using the error =
registry, and</span></div><div><span style>* address the very likely scenar=
io of the same error code carrying different meanings in different endpoint=
s, or an extension that adds a location to a code already defined elsewhere=
 - something very likely to happen if you cross the two very different doma=
ins (OAuth endpoints, Protected resource endpoints). This requires changing=
 the entire structure of the registry to create separate records for each c=
ode/location pair.</span></div>
</blockquote><div><br></div><div>Thanks,<br>--David<br><br><br><div class=
=3D"gmail_quote">On Wed, May 23, 2012 at 10:22 PM, Mike Jones <span dir=3D"=
ltr">&lt;<a href=3D"mailto:Michael.Jones@microsoft.com" target=3D"_blank">M=
ichael.Jones@microsoft.com</a>&gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">





<div lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div>
<p>Thanks Hannes.=A0 In the interest of hopefully completing the edits to r=
emove the DISCUSS issues for the Bearer and Core specs in the next few days=
 so that we can send the docs to the RFC editors, I&#39;d like to propose s=
pecific language
 for the Core spec to address both of the consensus call issue resolutions.=
=A0 After there&#39;s consensus on the specific text for Core, it will be e=
asy for us to add a reference in Bearer to the language in Core for the err=
or syntax restrictions and to use the
 OAuth errors registry.=A0 I&#39;ll do that in parallel with the discussion=
s on the proposed core language changes.<u></u><u></u></p>
<p><u></u>=A0<u></u></p>
<p>A summary of the changes I made in response to the consensus call conclu=
sions are:<u></u><u></u></p>
<p style=3D"margin-left:.5in">
<u></u><span style=3D"font-family:Symbol"><span>=B7<span style=3D"font:7.0p=
t &quot;Times New Roman&quot;">=A0=A0=A0=A0=A0=A0=A0
</span></span></span><u></u>Add syntax restrictions for =93error=94, =93err=
or_description=94, and =93error_uri=94 from Bearer to Core<u></u><u></u></p=
>
<p style=3D"margin-left:.5in">
<u></u><span style=3D"font-family:Symbol"><span>=B7<span style=3D"font:7.0p=
t &quot;Times New Roman&quot;">=A0=A0=A0=A0=A0=A0=A0
</span></span></span><u></u>Add section 7.2 about error responses from reso=
urce access requests<u></u><u></u></p>
<p style=3D"margin-left:.5in">
<u></u><span style=3D"font-family:Symbol"><span>=B7<span style=3D"font:7.0p=
t &quot;Times New Roman&quot;">=A0=A0=A0=A0=A0=A0=A0
</span></span></span><u></u>Add =93resource access error response=94 to the=
 category of OAuth errors that can be registered<u></u><u></u></p>
<p><u></u>=A0<u></u></p>
<p>Additional editorial changes that I made as I encountered issues in the =
document were:<u></u><u></u></p>
<p style=3D"margin-left:.5in">
<u></u><span style=3D"font-family:Symbol"><span>=B7<span style=3D"font:7.0p=
t &quot;Times New Roman&quot;">=A0=A0=A0=A0=A0=A0=A0
</span></span></span><u></u>Updated out of date references, especially the =
draft-hardt-oauth-01 reference, which contained an invalid link<u></u><u></=
u></p>
<p style=3D"margin-left:.5in">
<u></u><span style=3D"font-family:Symbol"><span>=B7<span style=3D"font:7.0p=
t &quot;Times New Roman&quot;">=A0=A0=A0=A0=A0=A0=A0
</span></span></span><u></u>Added Derek Atkins to the list of chairs<u></u>=
<u></u></p>
<p style=3D"margin-left:.5in">
<u></u><span style=3D"font-family:Symbol"><span>=B7<span style=3D"font:7.0p=
t &quot;Times New Roman&quot;">=A0=A0=A0=A0=A0=A0=A0
</span></span></span><u></u>Added Yaron Goland=92s middle initial Y. (since=
 he prefers to include it in publications)<u></u><u></u></p>
<p style=3D"margin-left:.5in">
<u></u><span style=3D"font-family:Symbol"><span>=B7<span style=3D"font:7.0p=
t &quot;Times New Roman&quot;">=A0=A0=A0=A0=A0=A0=A0
</span></span></span><u></u>Replaced use of the deprecated &lt;appendix&gt;=
 element, which prevented the spec from building with strict checking, with=
 a &lt;section&gt; element in the &lt;back&gt; section (which creates an ap=
pendix)<u></u><u></u></p>

<p><u></u>=A0<u></u></p>
<p>To make it easy to incorporate these changes into the document and so th=
e proposed changes are unambiguous, I produced an edited version of Core -2=
6 containing these changes.=A0 The xml, txt, and html versions are attached=
 to facilitate
 review.=A0 Pertinent diffs from the .txt version follow.<u></u><u></u></p>
<p><u></u>=A0<u></u></p>
<p>=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 Cheers,<u></u><u></u></p>
<p>=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 -- Mike<u></u><u></u></p>
<p><u></u>=A0<u></u></p>
<p>683c683,684<u></u><u></u></p>
<p>&lt;=A0=A0=A0 notation of [RFC5234].<u></u><u></u></p>
<p>---<u></u><u></u></p>
<p>&gt;=A0=A0=A0 notation of [RFC5234].=A0 Additionally, the rule URI-Refer=
ence is<u></u><u></u></p>
<p>&gt;=A0=A0=A0 included from Uniform Resource Identifier (URI) [RFC3986].=
<u></u><u></u></p>
<p>1441c1441,1442<u></u><u></u></p>
<p>&lt;=A0=A0=A0=A0=A0 =A0=A0=A0=A0REQUIRED.=A0 A single error code from th=
e following:<u></u><u></u></p>
<p>---<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0 REQUIRED.=A0 A single ASCII [USASCII] er=
ror code from the<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0 following:<u></u><u></u></p>
<p>1474a1475,1476<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0 Values for the &quot;error&quot; paramet=
er MUST NOT include characters<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0 outside the set %x20-21 / %x23-5B / %x5D=
-7E.<u></u><u></u></p>
<p>1476c1478<u></u><u></u></p>
<p>&lt;=A0=A0=A0=A0=A0=A0=A0=A0=A0 OPTIONAL.=A0 A human-readable UTF-8 enco=
ded text providing<u></u><u></u></p>
<p>---<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0 OPTIONAL.=A0 A human-readable ASCII [USA=
SCII] text providing<u></u><u></u></p>
<p>1478a1481,1482<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0 Values for the &quot;error_description&q=
uot; parameter MUST NOT include<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0 characters outside the set %x20-21 / %x2=
3-5B / %x5D-7E.<u></u><u></u></p>
<p>1482a1487,1489<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0 Values for the &quot;error_uri&quot; par=
ameter MUST conform to the URI-<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0 Reference syntax, and thus MUST NOT incl=
ude characters outside<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0 the set %x21 / %x23-5B / %x5D-7E.<u></u>=
<u></u></p>
<p>1840c1840,1841<u></u><u></u></p>
<p>&lt;=A0=A0=A0=A0=A0=A0=A0=A0=A0 REQUIRED.=A0 A single error code from th=
e following:<u></u><u></u></p>
<p>---<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0 REQUIRED.=A0 A single ASCII [USASCII] er=
ror code from the<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0 following:<u></u><u></u></p>
<p>1873a1874,1875<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0 Values for the &quot;error&quot; paramet=
er MUST NOT include characters<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0 outside the set %x20-21 / %x23-5B / %x5D=
-7E.<u></u><u></u></p>
<p>1875c1877<u></u><u></u></p>
<p>&lt;=A0=A0=A0=A0=A0=A0=A0=A0=A0 OPTIONAL.=A0 A human-readable UTF-8 enco=
ded text providing<u></u><u></u></p>
<p>---<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0 OPTIONAL.=A0 A human-readable ASCII [USA=
SCII] text providing<u></u><u></u></p>
<p>1877a1880,1881<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0 Values for the &quot;error_description&q=
uot; parameter MUST NOT include<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0 characters outside the set %x20-21 / %x2=
3-5B / %x5D-7E.<u></u><u></u></p>
<p>1881a1886,1888<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0 Values for the &quot;error_uri&quot; par=
ameter MUST conform to the URI-<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0 Reference syntax, and thus MUST NOT incl=
ude characters outside<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0 the set %x21 / %x23-5B / %x5D-7E.<u></u>=
<u></u></p>
<p>&lt;=A0=A0=A0=A0=A0=A0=A0=A0=A0 REQUIRED.=A0 A single error code from th=
e following:<u></u><u></u></p>
<p>---<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0 REQUIRED.=A0 A single ASCII [USASCII] er=
ror code from the<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0 following:<u></u><u></u></p>
<p>2325a2326,2327<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0 Values for the &quot;error&quot; paramet=
er MUST NOT include characters<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0 outside the set %x20-21 / %x23-5B / %x5D=
-7E.<u></u><u></u></p>
<p>2327c2329<u></u><u></u></p>
<p>&lt;=A0=A0=A0=A0=A0=A0=A0=A0=A0 OPTIONAL.=A0 A human-readable UTF-8 enco=
ded text providing<u></u><u></u></p>
<p>---<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0 OPTIONAL.=A0 A human-readable ASCII [USA=
SCII] text providing<u></u><u></u></p>
<p>2329a2332,2333<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0 Values for the &quot;error_description&q=
uot; parameter MUST NOT include<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0 characters outside the set %x20-21 / %x2=
3-5B / %x5D-7E.<u></u><u></u></p>
<p>2333a2338,2340<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0 Values for the &quot;error_uri&quot; par=
ameter MUST conform to the URI-<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0 Reference syntax, and thus MUST NOT incl=
ude characters outside<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0 the set %x21 / %x23-5B / %x5D-7E.<u></u>=
<u></u></p>
<p>2450c2460,2468<u></u><u></u></p>
<p>&lt;=A0=A0=A0 The method in which the client utilized the access token t=
o<u></u><u></u></p>
<p>---<u></u><u></u></p>
<p>&gt;=A0=A0=A0 The method in which the client utilizes the access token t=
o<u></u><u></u></p>
<p>2479c2489<u></u><u></u></p>
<p>&lt;=A0=A0=A0=A0=A0 Authorization: Bearer 7Fjfp0ZBr1KtDRbnfVdmIw<u></u><=
u></u></p>
<p>---<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0 Authorization: Bearer mF_9.B5f-4.1JqM<u></u><u></u><=
/p>
<p>2503a2514,2533<u></u><u></u></p>
<p>&gt; <u></u><u></u></p>
<p>&gt; 7.2.=A0 Error Response<u></u><u></u></p>
<p>&gt; <u></u><u></u></p>
<p>&gt;=A0=A0=A0 If a resource access request fails, the resource server SH=
OULD inform<u></u><u></u></p>
<p>&gt;=A0=A0=A0 the client of the error.=A0 While the specific error respo=
nses possible<u></u><u></u></p>
<p>&gt;=A0=A0=A0 and methods for transmitting those errors when using any p=
articular<u></u><u></u></p>
<p>&gt;=A0=A0=A0 access token type are beyond the scope of this specificati=
on, any<u></u><u></u></p>
<p>&gt;=A0=A0=A0 error codes defined for use with OAuth resource access met=
hods MUST<u></u><u></u></p>
<p>&gt;=A0=A0=A0 be registered (following the procedures in Section 11.4).<=
u></u><u></u></p>
<p>&gt; <u></u><u></u></p>
<p>&gt; <u></u><u></u></p>
<p>2602,2603c2624,2626<u></u><u></u></p>
<p>&lt;=A0=A0=A0 (Section 4.2.2.1), or the token error response (Section 5.=
2), such<u></u><u></u></p>
<p>&lt;=A0=A0=A0 error codes MAY be defined.<u></u><u></u></p>
<p>---<u></u><u></u></p>
<p>&gt;=A0=A0=A0 (Section 4.2.2.1), the token error response (Section 5.2),=
 or the<u></u><u></u></p>
<p>&gt;=A0=A0=A0 resource access error response (Section 7.2), such error c=
odes MAY be<u></u><u></u></p>
<p>&gt;=A0=A0=A0 defined.<u></u><u></u></p>
<p>3444c3484,3485<u></u><u></u></p>
<p>&lt;=A0=A0=A0=A0=A0=A0 (Section 4.2.2.1), or token error response (Secti=
on 5.2).<u></u><u></u></p>
<p>---<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0 (Section 4.2.2.1), token error response (Section =
5.2), or resource<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0 access error response (Section 7.2).<u></u><u></u=
></p>
<p>3596a3554,3557<u></u><u></u></p>
<p>&gt;=A0=A0=A0 [USASCII]=A0 American National Standards Institute, &quot;=
Coded Character<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 Set -- 7-bit American Sta=
ndard Code for Information<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 Interchange&quot;, ANSI X=
3.4, 1986.<u></u><u></u></p>
<p>&gt; <u></u><u></u></p>
<p>3611,3612c3572,3573<u></u><u></u></p>
<p>&lt;=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 OAuth 2.0&quot;, draft-ie=
tf-oauth-saml2-bearer-08 (work in<u></u><u></u></p>
<p>&lt;=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 progress), August 2011.<u=
></u><u></u></p>
<p>---<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 OAuth 2.0&quot;, draft-ie=
tf-oauth-saml2-bearer-12 (work in<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 progress), May 2012.<u></=
u><u></u></p>
<p>3616,3617c3577,3579<u></u><u></u></p>
<p>&lt;=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 Protocol: Bearer Tokens&q=
uot;, draft-ietf-oauth-v2-bearer-08<u></u><u></u></p>
<p>&lt;=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 (work in progress), July =
2011.<u></u><u></u></p>
<p>---<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 Authorization Protocol: B=
earer Tokens&quot;,<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 draft-ietf-oauth-v2-beare=
r-19 (work in progress),<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 April 2012.<u></u><u></u>=
</p>
<p>3620,3623c3589,3591<u></u><u></u></p>
<p>&lt;=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 Hammer-Lahav, E., Barth, =
A., and B. Adida, &quot;HTTP<u></u><u></u></p>
<p>&lt;=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 Authentication: MAC Acces=
s Authentication&quot;,<u></u><u></u></p>
<p>&lt;=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 draft-ietf-oauth-v2-http-=
mac-00 (work in progress),<u></u><u></u></p>
<p>&lt;=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 May 2011.<u></u><u></u></=
p>
<p>---<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 Hammer-Lahav, E., &quot;H=
TTP Authentication: MAC Access<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 Authentication&quot;, dra=
ft-ietf-oauth-v2-http-mac-01 (work in<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 progress), February 2012.=
<u></u><u></u></p>
<p>3626c3594<u></u><u></u></p>
<p>&lt;=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 Lodderstedt, T., McGloin,=
 M., and P. Hunt, &quot;OAuth 2.0<u></u><u></u></p>
<p>---<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 McGloin, M., Hunt, P., an=
d T. Lodderstedt, &quot;OAuth 2.0<u></u><u></u></p>
<p>3628,3629c3596,3597<u></u><u></u></p>
<p>&lt;=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 draft-ietf-oauth-v2-threa=
tmodel-00 (work in progress),<u></u><u></u></p>
<p>&lt;=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 July 2011.<u></u><u></u><=
/p>
<p>---<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 draft-ietf-oauth-v2-threa=
tmodel-02 (work in progress),<u></u><u></u></p>
<p>&gt;=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 February 2012.<u></u><u><=
/u></p>
<p>3468,3546d3503<u></u><u></u></p>
<p>&lt;=A0=A0 =A0Brian Eaton, Yaron Goland, Dick Hardt, and Allen Tom.<u></=
u><u></u></p>
<p>3639c3609,3639<u></u><u></u></p>
<p>&gt;=A0=A0=A0 Brian Eaton, Yaron Y. Goland, Dick Hardt, and Allen Tom.<u=
></u><u></u></p>
<p>3468,3546d3503<u></u><u></u></p>
<p>&lt;=A0=A0=A0 Yaron Goland, Brent Goldman, Kristoffer Gronowski, Justin =
Hart,<u></u><u></u></p>
<p>3644,3645c3644,3656<u></u><u></u></p>
<p>&gt;=A0=A0=A0 Yaron Y. Goland, Brent Goldman, Kristoffer Gronowski, Just=
in Hart,<u></u><u></u></p>
<p>3468,3546d3503<u></u><u></u></p>
<p>&lt;=A0=A0=A0 This document was produced under the chairmanship of Blain=
e Cook,<u></u><u></u></p>
<p>&lt;=A0=A0=A0 Peter Saint-Andre, Hannes Tschofenig, and Barry Leiba.=A0 =
The area<u></u><u></u></p>
<p>&lt;=A0=A0=A0 directors included Lisa Dusseault, Peter Saint-Andre, and =
Stephen<u></u><u></u></p>
<p>&lt;=A0=A0=A0 Farrell.<u></u><u></u></p>
<p>3646a3658,3661<u></u><u></u></p>
<p>&gt;=A0=A0=A0 This document was produced under the chairmanship of Blain=
e Cook,<u></u><u></u></p>
<p>&gt;=A0=A0=A0 Peter Saint-Andre, Hannes Tschofenig, Barry Leiba, and Der=
ek Atkins.<u></u><u></u></p>
<p>&gt;=A0=A0=A0 The area directors included Lisa Dusseault, Peter Saint-An=
dre, and<u></u><u></u></p>
<p>&gt;=A0=A0=A0 Stephen Farrell.<u></u><u></u></p><div><div class=3D"h5">
<p><u></u>=A0<u></u></p>
<p>-----Original Message-----<br>
From: <a href=3D"mailto:oauth-bounces@ietf.org" target=3D"_blank">oauth-bou=
nces@ietf.org</a> [mailto:<a href=3D"mailto:oauth-bounces@ietf.org" target=
=3D"_blank">oauth-bounces@ietf.org</a>] On Behalf Of Hannes Tschofenig<br>
Sent: Wednesday, May 23, 2012 11:27 AM<br>
To: <a href=3D"mailto:oauth@ietf.org" target=3D"_blank">oauth@ietf.org</a> =
WG<br>
Subject: [OAUTH-WG] Error Encoding: Conclusion</p>
<p><u></u>=A0<u></u></p>
<p>Hi all, <u></u><u></u></p>
<p><u></u>=A0<u></u></p>
<p>on May 10th we called for consensus on an open issue regarding the error=
 encoding. Here is the link to the call:
<u></u><u></u></p>
<p><a href=3D"http://www.ietf.org/mail-archive/web/oauth/current/msg08994.h=
tml" target=3D"_blank"><span style=3D"color:windowtext;text-decoration:none=
">http://www.ietf.org/mail-archive/web/oauth/current/msg08994.html</span></=
a><u></u><u></u></p>

<p><u></u>=A0<u></u></p>
<p>Thank you all for the feedback. The conclusion of the consensus call was=
 to harmonize the encoding between the two specifications by incorporating =
the restrictions from the bearer specification into the base specification.=
 The error
 encoding will go into the core specification and the bearer specification =
will reference it.
<u></u><u></u></p>
<p><u></u>=A0<u></u></p>
<p>Ciao<u></u><u></u></p>
<p>Hannes &amp; Derek<u></u><u></u></p>
<p><u></u>=A0<u></u></p>
<p>_______________________________________________<u></u><u></u></p>
<p>OAuth mailing list<u></u><u></u></p>
<p><a href=3D"mailto:OAuth@ietf.org" target=3D"_blank"><span style=3D"color=
:windowtext;text-decoration:none">OAuth@ietf.org</span></a><u></u><u></u></=
p>
<p><a href=3D"https://www.ietf.org/mailman/listinfo/oauth" target=3D"_blank=
"><span style=3D"color:windowtext;text-decoration:none">https://www.ietf.or=
g/mailman/listinfo/oauth</span></a><u></u><u></u></p>
<p><u></u>=A0<u></u></p>
</div></div></div>
</div>

<br>_______________________________________________<br>
OAuth mailing list<br>
<a href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/oauth" target=3D"_blank">h=
ttps://www.ietf.org/mailman/listinfo/oauth</a><br>
<br></blockquote></div><br></div>

--f46d0407160b5b3c4904c0c27fd4--

From eran@hueniverse.com  Wed May 23 23:44:52 2012
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB12021F84C3 for <oauth@ietfa.amsl.com>; Wed, 23 May 2012 23:44:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level: 
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xxSv1X6L-inV for <oauth@ietfa.amsl.com>; Wed, 23 May 2012 23:44:47 -0700 (PDT)
Received: from p3plex2out04.prod.phx3.secureserver.net (p3plex2out04.prod.phx3.secureserver.net [184.168.131.18]) by ietfa.amsl.com (Postfix) with ESMTP id 0C7E721F843C for <oauth@ietf.org>; Wed, 23 May 2012 23:44:47 -0700 (PDT)
Received: from P3PWEX2HT003.ex2.secureserver.net ([184.168.131.11]) by p3plex2out04.prod.phx3.secureserver.net with bizsmtp id Dikm1j0020EuLVk01ikmxw; Wed, 23 May 2012 23:44:46 -0700
Received: from P3PWEX2MB008.ex2.secureserver.net ([169.254.8.66]) by P3PWEX2HT003.ex2.secureserver.net ([184.168.131.11]) with mapi id 14.02.0247.003; Wed, 23 May 2012 23:44:46 -0700
From: Eran Hammer <eran@hueniverse.com>
To: David Recordon <recordond@gmail.com>, Mike Jones <Michael.Jones@microsoft.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>
Thread-Topic: [OAUTH-WG] Error Encoding: Conclusion
Thread-Index: AQHNORGtuzciwTXPbU2x0B3Abs7zkpbYRq5QgACsJID//4uLsA==
Date: Thu, 24 May 2012 06:44:45 +0000
Message-ID: <0CBAEB56DDB3A140BA8E8C124C04ECA20104B3A1@P3PWEX2MB008.ex2.secureserver.net>
References: <FADC0EB3-75F7-45E8-93B8-A9C3A07E2E88@gmx.net> <4E1F6AAD24975D4BA5B168042967394366516960@TK5EX14MBXC284.redmond.corp.microsoft.com> <CAB_mRgMumU5qzEJF0KCWNCx+R4MAzVawiJGKj2YBpJFzrxkomQ@mail.gmail.com>
In-Reply-To: <CAB_mRgMumU5qzEJF0KCWNCx+R4MAzVawiJGKj2YBpJFzrxkomQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [64.74.213.174]
Content-Type: multipart/alternative; boundary="_000_0CBAEB56DDB3A140BA8E8C124C04ECA20104B3A1P3PWEX2MB008ex2_"
MIME-Version: 1.0
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Error Encoding: Conclusion
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 May 2012 06:44:53 -0000

--_000_0CBAEB56DDB3A140BA8E8C124C04ECA20104B3A1P3PWEX2MB008ex2_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

With the exception of section 7.2, the changes look reasonable and will be =
applied in the next revision.

The new section 7.2 is confusion and does not explain the new registry. The=
 section introduces a new requirement to register 'any error codes defined =
for use with OAuth resource access methods'. This requirement is too vague.

I have no clue how to (for example) apply this text to the MAC draft. Addin=
g to David's list below:

* Should the HTTP status codes used by the MAC spec as currently written be=
 registered (since no guidance is given to the use of an error parameter)?
* Does this introduce a requirement to add an error parameter?
* Does the parameter need to / should be called 'error'?
* What about future methods in which errors are not simply expressed in the=
 form of a fixes string?

EH


From: David Recordon [mailto:recordond@gmail.com]
Sent: Wednesday, May 23, 2012 11:38 PM
To: Mike Jones; Hannes Tschofenig; Eran Hammer
Cc: oauth@ietf.org WG
Subject: Re: [OAUTH-WG] Error Encoding: Conclusion

Honestly still trying to fully wrap my head around what's going on here sin=
ce it seems far more complex than the threads are alluding to. In any case,=
 does Mike's text address what Eran brought up as needed in the thread Hann=
es referenced or is Eran wrong?

The core spec currently provides full guidance and definition for error ext=
ensibility. Extending the registry's scope means the need for non-trivial n=
ew text that:

* explains the process of adding new errors for endpoints not defined by th=
is specification,
* finds a common ground for value restrictions beyond what is already liste=
d,
* guide authors of future HTTP authentication schemes meant for use with OA=
uth (e.g. MAC) for their requirements for using the error registry, and
* address the very likely scenario of the same error code carrying differen=
t meanings in different endpoints, or an extension that adds a location to =
a code already defined elsewhere - something very likely to happen if you c=
ross the two very different domains (OAuth endpoints, Protected resource en=
dpoints). This requires changing the entire structure of the registry to cr=
eate separate records for each code/location pair.

Thanks,
--David

On Wed, May 23, 2012 at 10:22 PM, Mike Jones <Michael.Jones@microsoft.com<m=
ailto:Michael.Jones@microsoft.com>> wrote:

Thanks Hannes.  In the interest of hopefully completing the edits to remove=
 the DISCUSS issues for the Bearer and Core specs in the next few days so t=
hat we can send the docs to the RFC editors, I'd like to propose specific l=
anguage for the Core spec to address both of the consensus call issue resol=
utions.  After there's consensus on the specific text for Core, it will be =
easy for us to add a reference in Bearer to the language in Core for the er=
ror syntax restrictions and to use the OAuth errors registry.  I'll do that=
 in parallel with the discussions on the proposed core language changes.



A summary of the changes I made in response to the consensus call conclusio=
ns are:

*        Add syntax restrictions for "error", "error_description", and "err=
or_uri" from Bearer to Core

*        Add section 7.2 about error responses from resource access request=
s

*        Add "resource access error response" to the category of OAuth erro=
rs that can be registered



Additional editorial changes that I made as I encountered issues in the doc=
ument were:

*        Updated out of date references, especially the draft-hardt-oauth-0=
1 reference, which contained an invalid link

*        Added Derek Atkins to the list of chairs

*        Added Yaron Goland's middle initial Y. (since he prefers to includ=
e it in publications)

*        Replaced use of the deprecated <appendix> element, which prevented=
 the spec from building with strict checking, with a <section> element in t=
he <back> section (which creates an appendix)



To make it easy to incorporate these changes into the document and so the p=
roposed changes are unambiguous, I produced an edited version of Core -26 c=
ontaining these changes.  The xml, txt, and html versions are attached to f=
acilitate review.  Pertinent diffs from the .txt version follow.



                                                            Cheers,

                                                            -- Mike



683c683,684

<    notation of [RFC5234].

---

>    notation of [RFC5234].  Additionally, the rule URI-Reference is

>    included from Uniform Resource Identifier (URI) [RFC3986].

1441c1441,1442

<          REQUIRED.  A single error code from the following:

---

>          REQUIRED.  A single ASCII [USASCII] error code from the

>          following:

1474a1475,1476

>          Values for the "error" parameter MUST NOT include characters

>          outside the set %x20-21 / %x23-5B / %x5D-7E.

1476c1478

<          OPTIONAL.  A human-readable UTF-8 encoded text providing

---

>          OPTIONAL.  A human-readable ASCII [USASCII] text providing

1478a1481,1482

>          Values for the "error_description" parameter MUST NOT include

>          characters outside the set %x20-21 / %x23-5B / %x5D-7E.

1482a1487,1489

>          Values for the "error_uri" parameter MUST conform to the URI-

>          Reference syntax, and thus MUST NOT include characters outside

>          the set %x21 / %x23-5B / %x5D-7E.

1840c1840,1841

<          REQUIRED.  A single error code from the following:

---

>          REQUIRED.  A single ASCII [USASCII] error code from the

>          following:

1873a1874,1875

>          Values for the "error" parameter MUST NOT include characters

>          outside the set %x20-21 / %x23-5B / %x5D-7E.

1875c1877

<          OPTIONAL.  A human-readable UTF-8 encoded text providing

---

>          OPTIONAL.  A human-readable ASCII [USASCII] text providing

1877a1880,1881

>          Values for the "error_description" parameter MUST NOT include

>          characters outside the set %x20-21 / %x23-5B / %x5D-7E.

1881a1886,1888

>          Values for the "error_uri" parameter MUST conform to the URI-

>          Reference syntax, and thus MUST NOT include characters outside

>          the set %x21 / %x23-5B / %x5D-7E.

<          REQUIRED.  A single error code from the following:

---

>          REQUIRED.  A single ASCII [USASCII] error code from the

>          following:

2325a2326,2327

>          Values for the "error" parameter MUST NOT include characters

>          outside the set %x20-21 / %x23-5B / %x5D-7E.

2327c2329

<          OPTIONAL.  A human-readable UTF-8 encoded text providing

---

>          OPTIONAL.  A human-readable ASCII [USASCII] text providing

2329a2332,2333

>          Values for the "error_description" parameter MUST NOT include

>          characters outside the set %x20-21 / %x23-5B / %x5D-7E.

2333a2338,2340

>          Values for the "error_uri" parameter MUST conform to the URI-

>          Reference syntax, and thus MUST NOT include characters outside

>          the set %x21 / %x23-5B / %x5D-7E.

2450c2460,2468

<    The method in which the client utilized the access token to

---

>    The method in which the client utilizes the access token to

2479c2489

<      Authorization: Bearer 7Fjfp0ZBr1KtDRbnfVdmIw

---

>      Authorization: Bearer mF_9.B5f-4.1JqM

2503a2514,2533

>

> 7.2.  Error Response

>

>    If a resource access request fails, the resource server SHOULD inform

>    the client of the error.  While the specific error responses possible

>    and methods for transmitting those errors when using any particular

>    access token type are beyond the scope of this specification, any

>    error codes defined for use with OAuth resource access methods MUST

>    be registered (following the procedures in Section 11.4).

>

>

2602,2603c2624,2626

<    (Section 4.2.2.1), or the token error response (Section 5.2), such

<    error codes MAY be defined.

---

>    (Section 4.2.2.1), the token error response (Section 5.2), or the

>    resource access error response (Section 7.2), such error codes MAY be

>    defined.

3444c3484,3485

<       (Section 4.2.2.1), or token error response (Section 5.2).

---

>       (Section 4.2.2.1), token error response (Section 5.2), or resource

>       access error response (Section 7.2).

3596a3554,3557

>    [USASCII]  American National Standards Institute, "Coded Character

>               Set -- 7-bit American Standard Code for Information

>               Interchange", ANSI X3.4, 1986.

>

3611,3612c3572,3573

<               OAuth 2.0", draft-ietf-oauth-saml2-bearer-08 (work in

<               progress), August 2011.

---

>               OAuth 2.0", draft-ietf-oauth-saml2-bearer-12 (work in

>               progress), May 2012.

3616,3617c3577,3579

<               Protocol: Bearer Tokens", draft-ietf-oauth-v2-bearer-08

<               (work in progress), July 2011.

---

>               Authorization Protocol: Bearer Tokens",

>               draft-ietf-oauth-v2-bearer-19 (work in progress),

>               April 2012.

3620,3623c3589,3591

<               Hammer-Lahav, E., Barth, A., and B. Adida, "HTTP

<               Authentication: MAC Access Authentication",

<               draft-ietf-oauth-v2-http-mac-00 (work in progress),

<               May 2011.

---

>               Hammer-Lahav, E., "HTTP Authentication: MAC Access

>               Authentication", draft-ietf-oauth-v2-http-mac-01 (work in

>               progress), February 2012.

3626c3594

<               Lodderstedt, T., McGloin, M., and P. Hunt, "OAuth 2.0

---

>               McGloin, M., Hunt, P., and T. Lodderstedt, "OAuth 2.0

3628,3629c3596,3597

<               draft-ietf-oauth-v2-threatmodel-00 (work in progress),

<               July 2011.

---

>               draft-ietf-oauth-v2-threatmodel-02 (work in progress),

>               February 2012.

3468,3546d3503

<    Brian Eaton, Yaron Goland, Dick Hardt, and Allen Tom.

3639c3609,3639

>    Brian Eaton, Yaron Y. Goland, Dick Hardt, and Allen Tom.

3468,3546d3503

<    Yaron Goland, Brent Goldman, Kristoffer Gronowski, Justin Hart,

3644,3645c3644,3656

>    Yaron Y. Goland, Brent Goldman, Kristoffer Gronowski, Justin Hart,

3468,3546d3503

<    This document was produced under the chairmanship of Blaine Cook,

<    Peter Saint-Andre, Hannes Tschofenig, and Barry Leiba.  The area

<    directors included Lisa Dusseault, Peter Saint-Andre, and Stephen

<    Farrell.

3646a3658,3661

>    This document was produced under the chairmanship of Blaine Cook,

>    Peter Saint-Andre, Hannes Tschofenig, Barry Leiba, and Derek Atkins.

>    The area directors included Lisa Dusseault, Peter Saint-Andre, and

>    Stephen Farrell.



-----Original Message-----
From: oauth-bounces@ietf.org<mailto:oauth-bounces@ietf.org> [mailto:oauth-b=
ounces@ietf.org<mailto:oauth-bounces@ietf.org>] On Behalf Of Hannes Tschofe=
nig
Sent: Wednesday, May 23, 2012 11:27 AM
To: oauth@ietf.org<mailto:oauth@ietf.org> WG
Subject: [OAUTH-WG] Error Encoding: Conclusion



Hi all,



on May 10th we called for consensus on an open issue regarding the error en=
coding. Here is the link to the call:

http://www.ietf.org/mail-archive/web/oauth/current/msg08994.html



Thank you all for the feedback. The conclusion of the consensus call was to=
 harmonize the encoding between the two specifications by incorporating the=
 restrictions from the bearer specification into the base specification. Th=
e error encoding will go into the core specification and the bearer specifi=
cation will reference it.



Ciao

Hannes & Derek



_______________________________________________

OAuth mailing list

OAuth@ietf.org<mailto:OAuth@ietf.org>

https://www.ietf.org/mailman/listinfo/oauth



_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth


--_000_0CBAEB56DDB3A140BA8E8C124C04ECA20104B3A1P3PWEX2MB008ex2_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
p
	{mso-style-priority:99;
	mso-margin-top-alt:auto;
	margin-right:0in;
	mso-margin-bottom-alt:auto;
	margin-left:0in;
	font-size:12.0pt;
	font-family:"Times New Roman","serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
	{mso-style-priority:99;
	mso-style-link:"Balloon Text Char";
	margin:0in;
	margin-bottom:.0001pt;
	font-size:8.0pt;
	font-family:"Tahoma","sans-serif";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
	{mso-style-priority:34;
	margin-top:0in;
	margin-right:0in;
	margin-bottom:0in;
	margin-left:.5in;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman","serif";}
span.EmailStyle18
	{mso-style-type:personal-reply;
	font-family:"Calibri","sans-serif";
	color:#1F497D;}
span.BalloonTextChar
	{mso-style-name:"Balloon Text Char";
	mso-style-priority:99;
	mso-style-link:"Balloon Text";
	font-family:"Tahoma","sans-serif";}
.MsoChpDefault
	{mso-style-type:export-only;
	font-family:"Calibri","sans-serif";}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal"><span style=3D"font-family:&quot;Calibri&quot;,&quot=
;sans-serif&quot;;color:#1F497D">With the exception of section 7.2, the cha=
nges look reasonable and will be applied in the next revision.<o:p></o:p></=
span></p>
<p class=3D"MsoNormal"><span style=3D"font-family:&quot;Calibri&quot;,&quot=
;sans-serif&quot;;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-family:&quot;Calibri&quot;,&quot=
;sans-serif&quot;;color:#1F497D">The new section 7.2 is confusion and does =
not explain the new registry. The section introduces a new requirement to r=
egister &#8216;any error codes defined for use with OAuth resource
 access methods&#8217;. This requirement is too vague.<o:p></o:p></span></p=
>
<p class=3D"MsoNormal"><span style=3D"font-family:&quot;Calibri&quot;,&quot=
;sans-serif&quot;;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-family:&quot;Calibri&quot;,&quot=
;sans-serif&quot;;color:#1F497D">I have no clue how to (for example) apply =
this text to the MAC draft. Adding to David&#8217;s list below:<o:p></o:p><=
/span></p>
<p class=3D"MsoNormal"><span style=3D"font-family:&quot;Calibri&quot;,&quot=
;sans-serif&quot;;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-family:&quot;Calibri&quot;,&quot=
;sans-serif&quot;;color:#1F497D">* Should the HTTP status codes used by the=
 MAC spec as currently written be registered (since no guidance is given to=
 the use of an error parameter)?<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-family:&quot;Calibri&quot;,&quot=
;sans-serif&quot;;color:#1F497D">* Does this introduce a requirement to add=
 an error parameter?<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-family:&quot;Calibri&quot;,&quot=
;sans-serif&quot;;color:#1F497D">* Does the parameter need to / should be c=
alled &#8216;error&#8217;?<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-family:&quot;Calibri&quot;,&quot=
;sans-serif&quot;;color:#1F497D">* What about future methods in which error=
s are not simply expressed in the form of a fixes string?<o:p></o:p></span>=
</p>
<p class=3D"MsoNormal"><span style=3D"font-family:&quot;Calibri&quot;,&quot=
;sans-serif&quot;;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-family:&quot;Calibri&quot;,&quot=
;sans-serif&quot;;color:#1F497D">EH<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1F497D"><o:p>&nbsp;</o:p></span><=
/p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1F497D"><o:p>&nbsp;</o:p></span><=
/p>
<div style=3D"border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in =
4.0pt">
<div>
<div style=3D"border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in =
0in 0in">
<p class=3D"MsoNormal"><b><span style=3D"font-size:10.0pt;font-family:&quot=
;Tahoma&quot;,&quot;sans-serif&quot;">From:</span></b><span style=3D"font-s=
ize:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;"> David Re=
cordon [mailto:recordond@gmail.com]
<br>
<b>Sent:</b> Wednesday, May 23, 2012 11:38 PM<br>
<b>To:</b> Mike Jones; Hannes Tschofenig; Eran Hammer<br>
<b>Cc:</b> oauth@ietf.org WG<br>
<b>Subject:</b> Re: [OAUTH-WG] Error Encoding: Conclusion<o:p></o:p></span>=
</p>
</div>
</div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Honestly still trying to fully wrap my head around w=
hat's going on here since it seems far more complex than the threads are al=
luding to. In any case, does Mike's text address what Eran brought up as ne=
eded in the thread Hannes referenced
 or is Eran wrong?<o:p></o:p></p>
<div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
<blockquote style=3D"margin-left:30.0pt;margin-right:0in">
<div>
<p class=3D"MsoNormal">The core spec currently provides full guidance and d=
efinition for error extensibility. Extending the registry's scope means the=
 need for non-trivial new text that:<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
<div>
<p class=3D"MsoNormal">* explains the process of adding new errors for endp=
oints not defined by this specification,<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal">* finds a common ground for value restrictions beyon=
d what is already listed,<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal">* guide authors of future HTTP authentication scheme=
s meant for use with OAuth (e.g. MAC) for their requirements for using the =
error registry, and<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal">* address the very likely scenario of the same error=
 code carrying different meanings in different endpoints, or an extension t=
hat adds a location to a code already defined elsewhere - something very li=
kely to happen if you cross the two
 very different domains (OAuth endpoints, Protected resource endpoints). Th=
is requires changing the entire structure of the registry to create separat=
e records for each code/location pair.<o:p></o:p></p>
</div>
</blockquote>
<div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
<div>
<p class=3D"MsoNormal" style=3D"margin-bottom:12.0pt">Thanks,<br>
--David<br>
<br>
<o:p></o:p></p>
<div>
<p class=3D"MsoNormal">On Wed, May 23, 2012 at 10:22 PM, Mike Jones &lt;<a =
href=3D"mailto:Michael.Jones@microsoft.com" target=3D"_blank">Michael.Jones=
@microsoft.com</a>&gt; wrote:<o:p></o:p></p>
<div>
<div>
<p>Thanks Hannes.&nbsp; In the interest of hopefully completing the edits t=
o remove the DISCUSS issues for the Bearer and Core specs in the next few d=
ays so that we can send the docs to the RFC editors, I'd like to propose sp=
ecific language for the Core spec to
 address both of the consensus call issue resolutions.&nbsp; After there's =
consensus on the specific text for Core, it will be easy for us to add a re=
ference in Bearer to the language in Core for the error syntax restrictions=
 and to use the OAuth errors registry.&nbsp;
 I'll do that in parallel with the discussions on the proposed core languag=
e changes.<o:p></o:p></p>
<p>&nbsp;<o:p></o:p></p>
<p>A summary of the changes I made in response to the consensus call conclu=
sions are:<o:p></o:p></p>
<p style=3D"margin-left:.5in"><span style=3D"font-family:Symbol">&middot;</=
span><span style=3D"font-size:7.0pt">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;
</span>Add syntax restrictions for &#8220;error&#8221;, &#8220;error_descri=
ption&#8221;, and &#8220;error_uri&#8221; from Bearer to Core<o:p></o:p></p=
>
<p style=3D"margin-left:.5in"><span style=3D"font-family:Symbol">&middot;</=
span><span style=3D"font-size:7.0pt">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;
</span>Add section 7.2 about error responses from resource access requests<=
o:p></o:p></p>
<p style=3D"margin-left:.5in"><span style=3D"font-family:Symbol">&middot;</=
span><span style=3D"font-size:7.0pt">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;
</span>Add &#8220;resource access error response&#8221; to the category of =
OAuth errors that can be registered<o:p></o:p></p>
<p>&nbsp;<o:p></o:p></p>
<p>Additional editorial changes that I made as I encountered issues in the =
document were:<o:p></o:p></p>
<p style=3D"margin-left:.5in"><span style=3D"font-family:Symbol">&middot;</=
span><span style=3D"font-size:7.0pt">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;
</span>Updated out of date references, especially the draft-hardt-oauth-01 =
reference, which contained an invalid link<o:p></o:p></p>
<p style=3D"margin-left:.5in"><span style=3D"font-family:Symbol">&middot;</=
span><span style=3D"font-size:7.0pt">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;
</span>Added Derek Atkins to the list of chairs<o:p></o:p></p>
<p style=3D"margin-left:.5in"><span style=3D"font-family:Symbol">&middot;</=
span><span style=3D"font-size:7.0pt">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;
</span>Added Yaron Goland&#8217;s middle initial Y. (since he prefers to in=
clude it in publications)<o:p></o:p></p>
<p style=3D"margin-left:.5in"><span style=3D"font-family:Symbol">&middot;</=
span><span style=3D"font-size:7.0pt">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;
</span>Replaced use of the deprecated &lt;appendix&gt; element, which preve=
nted the spec from building with strict checking, with a &lt;section&gt; el=
ement in the &lt;back&gt; section (which creates an appendix)<o:p></o:p></p=
>
<p>&nbsp;<o:p></o:p></p>
<p>To make it easy to incorporate these changes into the document and so th=
e proposed changes are unambiguous, I produced an edited version of Core -2=
6 containing these changes.&nbsp; The xml, txt, and html versions are attac=
hed to facilitate review.&nbsp; Pertinent
 diffs from the .txt version follow.<o:p></o:p></p>
<p>&nbsp;<o:p></o:p></p>
<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Cheers,<o:p></o:p=
></p>
<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- Mike<o:p></o:p=
></p>
<p>&nbsp;<o:p></o:p></p>
<p>683c683,684<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp; notation of [RFC5234].<o:p></o:p></p>
<p>---<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; notation of [RFC5234].&nbsp; Additionally, the ru=
le URI-Reference is<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; included from Uniform Resource Identifier (URI) [=
RFC3986].<o:p></o:p></p>
<p>1441c1441,1442<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;REQUIRED.&nbs=
p; A single error code from the following:<o:p></o:p></p>
<p>---<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; REQUIRED.&nbs=
p; A single ASCII [USASCII] error code from the<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; following:<o:=
p></o:p></p>
<p>1474a1475,1476<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Values for th=
e &quot;error&quot; parameter MUST NOT include characters<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; outside the s=
et %x20-21 / %x23-5B / %x5D-7E.<o:p></o:p></p>
<p>1476c1478<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; OPTIONAL.&nbs=
p; A human-readable UTF-8 encoded text providing<o:p></o:p></p>
<p>---<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; OPTIONAL.&nbs=
p; A human-readable ASCII [USASCII] text providing<o:p></o:p></p>
<p>1478a1481,1482<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Values for th=
e &quot;error_description&quot; parameter MUST NOT include<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; characters ou=
tside the set %x20-21 / %x23-5B / %x5D-7E.<o:p></o:p></p>
<p>1482a1487,1489<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Values for th=
e &quot;error_uri&quot; parameter MUST conform to the URI-<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Reference syn=
tax, and thus MUST NOT include characters outside<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; the set %x21 =
/ %x23-5B / %x5D-7E.<o:p></o:p></p>
<p>1840c1840,1841<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; REQUIRED.&nbs=
p; A single error code from the following:<o:p></o:p></p>
<p>---<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; REQUIRED.&nbs=
p; A single ASCII [USASCII] error code from the<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; following:<o:=
p></o:p></p>
<p>1873a1874,1875<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Values for th=
e &quot;error&quot; parameter MUST NOT include characters<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; outside the s=
et %x20-21 / %x23-5B / %x5D-7E.<o:p></o:p></p>
<p>1875c1877<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; OPTIONAL.&nbs=
p; A human-readable UTF-8 encoded text providing<o:p></o:p></p>
<p>---<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; OPTIONAL.&nbs=
p; A human-readable ASCII [USASCII] text providing<o:p></o:p></p>
<p>1877a1880,1881<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Values for th=
e &quot;error_description&quot; parameter MUST NOT include<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; characters ou=
tside the set %x20-21 / %x23-5B / %x5D-7E.<o:p></o:p></p>
<p>1881a1886,1888<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Values for th=
e &quot;error_uri&quot; parameter MUST conform to the URI-<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Reference syn=
tax, and thus MUST NOT include characters outside<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; the set %x21 =
/ %x23-5B / %x5D-7E.<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; REQUIRED.&nbs=
p; A single error code from the following:<o:p></o:p></p>
<p>---<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; REQUIRED.&nbs=
p; A single ASCII [USASCII] error code from the<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; following:<o:=
p></o:p></p>
<p>2325a2326,2327<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Values for th=
e &quot;error&quot; parameter MUST NOT include characters<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; outside the s=
et %x20-21 / %x23-5B / %x5D-7E.<o:p></o:p></p>
<p>2327c2329<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; OPTIONAL.&nbs=
p; A human-readable UTF-8 encoded text providing<o:p></o:p></p>
<p>---<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; OPTIONAL.&nbs=
p; A human-readable ASCII [USASCII] text providing<o:p></o:p></p>
<p>2329a2332,2333<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Values for th=
e &quot;error_description&quot; parameter MUST NOT include<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; characters ou=
tside the set %x20-21 / %x23-5B / %x5D-7E.<o:p></o:p></p>
<p>2333a2338,2340<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Values for th=
e &quot;error_uri&quot; parameter MUST conform to the URI-<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Reference syn=
tax, and thus MUST NOT include characters outside<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; the set %x21 =
/ %x23-5B / %x5D-7E.<o:p></o:p></p>
<p>2450c2460,2468<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp; The method in which the client utilized the acces=
s token to<o:p></o:p></p>
<p>---<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; The method in which the client utilizes the acces=
s token to<o:p></o:p></p>
<p>2479c2489<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Authorization: Bearer 7Fjfp0ZBr1KtDRb=
nfVdmIw<o:p></o:p></p>
<p>---<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Authorization: Bearer mF_9.B5f-4.1JqM=
<o:p></o:p></p>
<p>2503a2514,2533<o:p></o:p></p>
<p>&gt; <o:p></o:p></p>
<p>&gt; 7.2.&nbsp; Error Response<o:p></o:p></p>
<p>&gt; <o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; If a resource access request fails, the resource =
server SHOULD inform<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; the client of the error.&nbsp; While the specific=
 error responses possible<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; and methods for transmitting those errors when us=
ing any particular<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; access token type are beyond the scope of this sp=
ecification, any<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; error codes defined for use with OAuth resource a=
ccess methods MUST<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; be registered (following the procedures in Sectio=
n 11.4).<o:p></o:p></p>
<p>&gt; <o:p></o:p></p>
<p>&gt; <o:p></o:p></p>
<p>2602,2603c2624,2626<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp; (Section 4.2.2.1), or the token error response (S=
ection 5.2), such<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp; error codes MAY be defined.<o:p></o:p></p>
<p>---<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; (Section 4.2.2.1), the token error response (Sect=
ion 5.2), or the<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; resource access error response (Section 7.2), suc=
h error codes MAY be<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; defined.<o:p></o:p></p>
<p>3444c3484,3485<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (Section 4.2.2.1), or token err=
or response (Section 5.2).<o:p></o:p></p>
<p>---<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (Section 4.2.2.1), token error =
response (Section 5.2), or resource<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; access error response (Section =
7.2).<o:p></o:p></p>
<p>3596a3554,3557<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; [USASCII]&nbsp; American National Standards Insti=
tute, &quot;Coded Character<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; Set -- 7-bit American Standard Code for Information<o:p></=
o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; Interchange&quot;, ANSI X3.4, 1986.<o:p></o:p></p>
<p>&gt; <o:p></o:p></p>
<p>3611,3612c3572,3573<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; OAuth 2.0&quot;, draft-ietf-oauth-saml2-bearer-08 (work in=
<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; progress), August 2011.<o:p></o:p></p>
<p>---<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; OAuth 2.0&quot;, draft-ietf-oauth-saml2-bearer-12 (work in=
<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; progress), May 2012.<o:p></o:p></p>
<p>3616,3617c3577,3579<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; Protocol: Bearer Tokens&quot;, draft-ietf-oauth-v2-bearer-=
08<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; (work in progress), July 2011.<o:p></o:p></p>
<p>---<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; Authorization Protocol: Bearer Tokens&quot;,<o:p></o:p></p=
>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; draft-ietf-oauth-v2-bearer-19 (work in progress),<o:p></o:=
p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; April 2012.<o:p></o:p></p>
<p>3620,3623c3589,3591<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; Hammer-Lahav, E., Barth, A., and B. Adida, &quot;HTTP<o:p>=
</o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; Authentication: MAC Access Authentication&quot;,<o:p></o:p=
></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; draft-ietf-oauth-v2-http-mac-00 (work in progress),<o:p></=
o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; May 2011.<o:p></o:p></p>
<p>---<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; Hammer-Lahav, E., &quot;HTTP Authentication: MAC Access<o:=
p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; Authentication&quot;, draft-ietf-oauth-v2-http-mac-01 (wor=
k in<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; progress), February 2012.<o:p></o:p></p>
<p>3626c3594<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; Lodderstedt, T., McGloin, M., and P. Hunt, &quot;OAuth 2.0=
<o:p></o:p></p>
<p>---<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; McGloin, M., Hunt, P., and T. Lodderstedt, &quot;OAuth 2.0=
<o:p></o:p></p>
<p>3628,3629c3596,3597<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; draft-ietf-oauth-v2-threatmodel-00 (work in progress),<o:p=
></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; July 2011.<o:p></o:p></p>
<p>---<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; draft-ietf-oauth-v2-threatmodel-02 (work in progress),<o:p=
></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; February 2012.<o:p></o:p></p>
<p>3468,3546d3503<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp; &nbsp;Brian Eaton, Yaron Goland, Dick Hardt, and Allen =
Tom.<o:p></o:p></p>
<p>3639c3609,3639<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; Brian Eaton, Yaron Y. Goland, Dick Hardt, and All=
en Tom.<o:p></o:p></p>
<p>3468,3546d3503<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp; Yaron Goland, Brent Goldman, Kristoffer Gronowski=
, Justin Hart,<o:p></o:p></p>
<p>3644,3645c3644,3656<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; Yaron Y. Goland, Brent Goldman, Kristoffer Gronow=
ski, Justin Hart,<o:p></o:p></p>
<p>3468,3546d3503<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp; This document was produced under the chairmanship=
 of Blaine Cook,<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp; Peter Saint-Andre, Hannes Tschofenig, and Barry L=
eiba.&nbsp; The area<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp; directors included Lisa Dusseault, Peter Saint-An=
dre, and Stephen<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp; Farrell.<o:p></o:p></p>
<p>3646a3658,3661<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; This document was produced under the chairmanship=
 of Blaine Cook,<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; Peter Saint-Andre, Hannes Tschofenig, Barry Leiba=
, and Derek Atkins.<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; The area directors included Lisa Dusseault, Peter=
 Saint-Andre, and<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; Stephen Farrell.<o:p></o:p></p>
<div>
<div>
<p>&nbsp;<o:p></o:p></p>
<p>-----Original Message-----<br>
From: <a href=3D"mailto:oauth-bounces@ietf.org" target=3D"_blank">oauth-bou=
nces@ietf.org</a> [mailto:<a href=3D"mailto:oauth-bounces@ietf.org" target=
=3D"_blank">oauth-bounces@ietf.org</a>] On Behalf Of Hannes Tschofenig<br>
Sent: Wednesday, May 23, 2012 11:27 AM<br>
To: <a href=3D"mailto:oauth@ietf.org" target=3D"_blank">oauth@ietf.org</a> =
WG<br>
Subject: [OAUTH-WG] Error Encoding: Conclusion<o:p></o:p></p>
<p>&nbsp;<o:p></o:p></p>
<p>Hi all, <o:p></o:p></p>
<p>&nbsp;<o:p></o:p></p>
<p>on May 10th we called for consensus on an open issue regarding the error=
 encoding. Here is the link to the call:
<o:p></o:p></p>
<p><a href=3D"http://www.ietf.org/mail-archive/web/oauth/current/msg08994.h=
tml" target=3D"_blank"><span style=3D"color:windowtext;text-decoration:none=
">http://www.ietf.org/mail-archive/web/oauth/current/msg08994.html</span></=
a><o:p></o:p></p>
<p>&nbsp;<o:p></o:p></p>
<p>Thank you all for the feedback. The conclusion of the consensus call was=
 to harmonize the encoding between the two specifications by incorporating =
the restrictions from the bearer specification into the base specification.=
 The error encoding will go into
 the core specification and the bearer specification will reference it. <o:=
p></o:p></p>
<p>&nbsp;<o:p></o:p></p>
<p>Ciao<o:p></o:p></p>
<p>Hannes &amp; Derek<o:p></o:p></p>
<p>&nbsp;<o:p></o:p></p>
<p>_______________________________________________<o:p></o:p></p>
<p>OAuth mailing list<o:p></o:p></p>
<p><a href=3D"mailto:OAuth@ietf.org" target=3D"_blank"><span style=3D"color=
:windowtext;text-decoration:none">OAuth@ietf.org</span></a><o:p></o:p></p>
<p><a href=3D"https://www.ietf.org/mailman/listinfo/oauth" target=3D"_blank=
"><span style=3D"color:windowtext;text-decoration:none">https://www.ietf.or=
g/mailman/listinfo/oauth</span></a><o:p></o:p></p>
<p>&nbsp;<o:p></o:p></p>
</div>
</div>
</div>
</div>
<p class=3D"MsoNormal" style=3D"margin-bottom:12.0pt"><br>
_______________________________________________<br>
OAuth mailing list<br>
<a href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/oauth" target=3D"_blank">h=
ttps://www.ietf.org/mailman/listinfo/oauth</a><o:p></o:p></p>
</div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
</div>
</div>
</body>
</html>

--_000_0CBAEB56DDB3A140BA8E8C124C04ECA20104B3A1P3PWEX2MB008ex2_--

From recordond@gmail.com  Wed May 23 23:46:40 2012
Return-Path: <recordond@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B18D021F85A7 for <oauth@ietfa.amsl.com>; Wed, 23 May 2012 23:46:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.765
X-Spam-Level: 
X-Spam-Status: No, score=-2.765 tagged_above=-999 required=5 tests=[AWL=-0.833, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, SARE_HTML_USL_OBFU=1.666]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3KW41XMUU9z9 for <oauth@ietfa.amsl.com>; Wed, 23 May 2012 23:46:40 -0700 (PDT)
Received: from mail-lb0-f172.google.com (mail-lb0-f172.google.com [209.85.217.172]) by ietfa.amsl.com (Postfix) with ESMTP id A757921F8562 for <oauth@ietf.org>; Wed, 23 May 2012 23:46:39 -0700 (PDT)
Received: by lbbgo11 with SMTP id go11so6571699lbb.31 for <oauth@ietf.org>; Wed, 23 May 2012 23:46:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=xAvB3BFqUpA0H3GpA+3pKFdYvBcsJo1Gc1Z1u7jOgc0=; b=RTg6HXNQLFsiwDpMsGebN+q/TDXuj5Hpk53HaaR4YD36Fg4s+QTu9bRq4HU54LEvty 1Eb8ZN/A8FsGMSBuzrwT+5vRoMnIBZHpLQw8fliIPXGXpC5kWCZfB3UiFPyZgyOKWPdB 4gmVrGOm/d3uLlFk3P/ITzF8J81r1aVVkFyT1eY3eqtmybbAUAkKyplTqVEFW68DV//O PCFbI7vg49OkM+h+Gqsi1lmjbPC5W2G3FgBS44vKfDFcyJtpqQllxW5G0RhZCjmJQgsc zJHPJwNKE0frdDVtlcg91fAvH5iKannqkJttsvvqzaPfQ9GuHVynehl7gGd7ET5m0uXZ k2pg==
MIME-Version: 1.0
Received: by 10.112.44.163 with SMTP id f3mr12882455lbm.59.1337841998232; Wed, 23 May 2012 23:46:38 -0700 (PDT)
Received: by 10.112.104.97 with HTTP; Wed, 23 May 2012 23:46:38 -0700 (PDT)
In-Reply-To: <4FBDD6C0.2050502@gmx.de>
References: <4E1F6AAD24975D4BA5B16804296739436650C7FA@TK5EX14MBXC284.redmond.corp.microsoft.com> <4FB5F703.90907@gmx.de> <4FBDD6C0.2050502@gmx.de>
Date: Wed, 23 May 2012 23:46:38 -0700
Message-ID: <CAB_mRgMMEnWFzjO7gTCFzqUq0sb_1ws-pnUN9G=H7f-7ntEB8w@mail.gmail.com>
From: David Recordon <recordond@gmail.com>
To: Mike Jones <Michael.Jones@microsoft.com>, Julian Reschke <julian.reschke@gmx.de>
Content-Type: multipart/alternative; boundary=bcaec554d23e11fb3104c0c29de2
Cc: Mark Nottingham <mnot@mnot.net>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] FYI - Text resolving DISCUSS issue about Bearer URI Query Parameter method
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 May 2012 06:46:40 -0000

--bcaec554d23e11fb3104c0c29de2
Content-Type: text/plain; charset=ISO-8859-1

I'm confused by this change given the access_token (or oauth_token)
parameter being the most widely deployed usage of the protocol over the
past eighteen months:

 * https://developers.facebook.com/docs/reference/api/
 * https://developers.google.com/accounts/docs/OAuth2WebServer#callinganapi
 * http://msdn.microsoft.com/en-us/library/live/hh243647#response
 * http://develop.github.com/p/oauth.html

--David


On Wed, May 23, 2012 at 11:35 PM, Julian Reschke <julian.reschke@gmx.de>wrote:

> On 2012-05-18 09:15, Julian Reschke wrote:
>
>> ...
>> Did you consider to *also* move the whole section into an appendix, so
>> that it's status is also reflected by the document structure?
>>
>> Best regards, Julian
>>
>
> Hi, it would be awesome to see feedback on this (it has been mentioned
> during IETF LC multiple times).
>
>
> Best regards, Julian
> ______________________________**_________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/**listinfo/oauth<https://www.ietf.org/mailman/listinfo/oauth>
>

--bcaec554d23e11fb3104c0c29de2
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

I&#39;m confused by this change given the access_token (or oauth_token) par=
ameter being the most widely deployed usage of the protocol over the past e=
ighteen months:<div><br></div><div>=A0*=A0<a href=3D"https://developers.fac=
ebook.com/docs/reference/api/">https://developers.facebook.com/docs/referen=
ce/api/</a></div>
<div>=A0*=A0<a href=3D"https://developers.google.com/accounts/docs/OAuth2We=
bServer#callinganapi">https://developers.google.com/accounts/docs/OAuth2Web=
Server#callinganapi</a></div><div>=A0*=A0<a href=3D"http://msdn.microsoft.c=
om/en-us/library/live/hh243647#response">http://msdn.microsoft.com/en-us/li=
brary/live/hh243647#response</a></div>
<div>=A0*=A0<a href=3D"http://develop.github.com/p/oauth.html">http://devel=
op.github.com/p/oauth.html</a><br><div><br></div><div>--David</div><div><br=
><br><div class=3D"gmail_quote">On Wed, May 23, 2012 at 11:35 PM, Julian Re=
schke <span dir=3D"ltr">&lt;<a href=3D"mailto:julian.reschke@gmx.de" target=
=3D"_blank">julian.reschke@gmx.de</a>&gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div class=3D"im">On 2012-05-18 09:15, Julia=
n Reschke wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
...<br>
Did you consider to *also* move the whole section into an appendix, so<br>
that it&#39;s status is also reflected by the document structure?<br>
<br>
Best regards, Julian<br>
</blockquote>
<br></div>
Hi, it would be awesome to see feedback on this (it has been mentioned duri=
ng IETF LC multiple times).<div class=3D"HOEnZb"><div class=3D"h5"><br>
<br>
Best regards, Julian<br>
______________________________<u></u>_________________<br>
OAuth mailing list<br>
<a href=3D"mailto:OAuth@ietf.org" target=3D"_blank">OAuth@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/oauth" target=3D"_blank">h=
ttps://www.ietf.org/mailman/<u></u>listinfo/oauth</a><br>
</div></div></blockquote></div><br></div></div>

--bcaec554d23e11fb3104c0c29de2--

From mnot@mnot.net  Wed May 23 23:48:44 2012
Return-Path: <mnot@mnot.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9FDC21F85AC for <oauth@ietfa.amsl.com>; Wed, 23 May 2012 23:48:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.099
X-Spam-Level: 
X-Spam-Status: No, score=-103.099 tagged_above=-999 required=5 tests=[AWL=-0.500, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nH84ZwqXAJOA for <oauth@ietfa.amsl.com>; Wed, 23 May 2012 23:48:44 -0700 (PDT)
Received: from mxout-07.mxes.net (mxout-07.mxes.net [216.86.168.182]) by ietfa.amsl.com (Postfix) with ESMTP id DF65821F85A5 for <oauth@ietf.org>; Wed, 23 May 2012 23:48:43 -0700 (PDT)
Received: from mnot-mini.mnot.net (unknown [118.209.21.48]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 0EF7122E1EB; Thu, 24 May 2012 02:48:35 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset=iso-8859-1
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <CAB_mRgMMEnWFzjO7gTCFzqUq0sb_1ws-pnUN9G=H7f-7ntEB8w@mail.gmail.com>
Date: Thu, 24 May 2012 16:48:32 +1000
Content-Transfer-Encoding: quoted-printable
Message-Id: <3561914A-40B8-4532-93F8-94CC1C04A03C@mnot.net>
References: <4E1F6AAD24975D4BA5B16804296739436650C7FA@TK5EX14MBXC284.redmond.corp.microsoft.com> <4FB5F703.90907@gmx.de> <4FBDD6C0.2050502@gmx.de> <CAB_mRgMMEnWFzjO7gTCFzqUq0sb_1ws-pnUN9G=H7f-7ntEB8w@mail.gmail.com>
To: David Recordon <recordond@gmail.com>
X-Mailer: Apple Mail (2.1278)
Cc: Julian Reschke <julian.reschke@gmx.de>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] FYI - Text resolving DISCUSS issue about Bearer URI Query Parameter method
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 May 2012 06:48:44 -0000

RFCs tend to last longer than 18 months. And many companies.

Thanks,


On 24/05/2012, at 4:46 PM, David Recordon wrote:

> I'm confused by this change given the access_token (or oauth_token) =
parameter being the most widely deployed usage of the protocol over the =
past eighteen months:
>=20
>  * https://developers.facebook.com/docs/reference/api/
>  * =
https://developers.google.com/accounts/docs/OAuth2WebServer#callinganapi
>  * http://msdn.microsoft.com/en-us/library/live/hh243647#response
>  * http://develop.github.com/p/oauth.html
>=20
> --David
>=20
>=20
> On Wed, May 23, 2012 at 11:35 PM, Julian Reschke =
<julian.reschke@gmx.de> wrote:
> On 2012-05-18 09:15, Julian Reschke wrote:
> ...
> Did you consider to *also* move the whole section into an appendix, so
> that it's status is also reflected by the document structure?
>=20
> Best regards, Julian
>=20
> Hi, it would be awesome to see feedback on this (it has been mentioned =
during IETF LC multiple times).
>=20
>=20
> Best regards, Julian
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>=20

--
Mark Nottingham   http://www.mnot.net/




From Michael.Jones@microsoft.com  Wed May 23 23:48:54 2012
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC46A11E80A3 for <oauth@ietfa.amsl.com>; Wed, 23 May 2012 23:48:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level: 
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[AWL=0.000,  BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NQwzXpZPdHHh for <oauth@ietfa.amsl.com>; Wed, 23 May 2012 23:48:54 -0700 (PDT)
Received: from am1outboundpool.messaging.microsoft.com (am1ehsobe004.messaging.microsoft.com [213.199.154.207]) by ietfa.amsl.com (Postfix) with ESMTP id A7B0911E809C for <oauth@ietf.org>; Wed, 23 May 2012 23:48:53 -0700 (PDT)
Received: from mail110-am1-R.bigfish.com (10.3.201.241) by AM1EHSOBE003.bigfish.com (10.3.204.23) with Microsoft SMTP Server id 14.1.225.23; Thu, 24 May 2012 06:48:44 +0000
Received: from mail110-am1 (localhost [127.0.0.1])	by mail110-am1-R.bigfish.com (Postfix) with ESMTP id 2047932028A; Thu, 24 May 2012 06:48:45 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC103.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -43
X-BigFish: VS-43(zz9371I936eK1b0bM542M1432N98dKzz1202hzz1033ILz2fh2a8h668h839h944hd25hf0ah)
Received-SPF: pass (mail110-am1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14MLTC103.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail110-am1 (localhost.localdomain [127.0.0.1]) by mail110-am1 (MessageSwitch) id 1337842123954662_10779; Thu, 24 May 2012 06:48:43 +0000 (UTC)
Received: from AM1EHSMHS014.bigfish.com (unknown [10.3.201.242])	by mail110-am1.bigfish.com (Postfix) with ESMTP id DDA88220048; Thu, 24 May 2012 06:48:43 +0000 (UTC)
Received: from TK5EX14MLTC103.redmond.corp.microsoft.com (131.107.125.8) by AM1EHSMHS014.bigfish.com (10.3.207.152) with Microsoft SMTP Server (TLS) id 14.1.225.23; Thu, 24 May 2012 06:48:44 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.189]) by TK5EX14MLTC103.redmond.corp.microsoft.com ([157.54.79.174]) with mapi id 14.02.0298.005; Thu, 24 May 2012 06:48:48 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Julian Reschke <julian.reschke@gmx.de>
Thread-Topic: [OAUTH-WG] FYI - Text resolving DISCUSS issue about Bearer URI Query Parameter method
Thread-Index: Ac00efYUfRXj86CaR5e2v90Td0g/OQATAKqAASxeUAAAADQxQA==
Date: Thu, 24 May 2012 06:48:47 +0000
Message-ID: <4E1F6AAD24975D4BA5B168042967394366516BA6@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <4E1F6AAD24975D4BA5B16804296739436650C7FA@TK5EX14MBXC284.redmond.corp.microsoft.com> <4FB5F703.90907@gmx.de> <4FBDD6C0.2050502@gmx.de>
In-Reply-To: <4FBDD6C0.2050502@gmx.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.33]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: Mark Nottingham <mnot@mnot.net>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] FYI - Text resolving DISCUSS issue about Bearer URI Query Parameter method
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 May 2012 06:48:54 -0000

Yes, putting the query parameter method into an appendix was considered and=
 explicitly rejected.  Dick Hardt wrote about these issues in the discussio=
ns that led to this decision, and I'll take the liberty of quoting him, as =
I believe he explained it well:

"The reality is that the world is a messy place. Developers hack the archit=
ecture to accomplish goals not envisioned by the architects. The architects=
 can accept the reality of the world, or ignore it and lose their relevance=
. In my opinion, putting the query parameter mechanism into an appendix is =
ignoring the reality of current implementations. Adding language to the spe=
c that use of the query parameter is not architecturally ideal, but accepts=
 the reality of the current web would be far more preferable."

"Many sites with substantial security expertise (Google, Facebook, LinkedIn=
, Foursquare) have chosen to use the query parameter as opposed to the head=
er - both methods have been documented in the drafts since the beginning. C=
learly from a practical point of view the implementers have chosen to use t=
he query parameter. "

"I have read people proposing dropping it from the spec or pushing it to an=
 Appendix. I agree that the security issues need to be documented and the a=
rchitectural issues called out. I think dropping it from the spec or pushin=
g it to an appendix is a disservice to implementers and sends a message tha=
t the IETF is not in touch with the realities of the web."

					-- Mike

-----Original Message-----
From: Julian Reschke [mailto:julian.reschke@gmx.de]=20
Sent: Wednesday, May 23, 2012 11:36 PM
To: Mike Jones
Cc: oauth@ietf.org; Mark Nottingham
Subject: Re: [OAUTH-WG] FYI - Text resolving DISCUSS issue about Bearer URI=
 Query Parameter method

On 2012-05-18 09:15, Julian Reschke wrote:
> ...
> Did you consider to *also* move the whole section into an appendix, so=20
> that it's status is also reflected by the document structure?
>
> Best regards, Julian

Hi, it would be awesome to see feedback on this (it has been mentioned duri=
ng IETF LC multiple times).

Best regards, Julian



From Michael.Jones@microsoft.com  Wed May 23 23:51:42 2012
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D27D021F85D1 for <oauth@ietfa.amsl.com>; Wed, 23 May 2012 23:51:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level: 
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R6NLuHWAfDz0 for <oauth@ietfa.amsl.com>; Wed, 23 May 2012 23:51:41 -0700 (PDT)
Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe004.messaging.microsoft.com [216.32.180.14]) by ietfa.amsl.com (Postfix) with ESMTP id 4539A21F85D3 for <oauth@ietf.org>; Wed, 23 May 2012 23:51:41 -0700 (PDT)
Received: from mail123-va3-R.bigfish.com (10.7.14.250) by VA3EHSOBE001.bigfish.com (10.7.40.21) with Microsoft SMTP Server id 14.1.225.23; Thu, 24 May 2012 06:51:32 +0000
Received: from mail123-va3 (localhost [127.0.0.1])	by mail123-va3-R.bigfish.com (Postfix) with ESMTP id B605B360446; Thu, 24 May 2012 06:51:32 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC102.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -37
X-BigFish: VS-37(zz9371I936eKc85fh1b0bM98dKzz1202hzz1033IL8275bh8275dh186Mz2fh2a8h668h839hd25hf0ah)
Received-SPF: pass (mail123-va3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC102.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail123-va3 (localhost.localdomain [127.0.0.1]) by mail123-va3 (MessageSwitch) id 1337842290972157_19648; Thu, 24 May 2012 06:51:30 +0000 (UTC)
Received: from VA3EHSMHS007.bigfish.com (unknown [10.7.14.239])	by mail123-va3.bigfish.com (Postfix) with ESMTP id DF3EA1A0049; Thu, 24 May 2012 06:51:30 +0000 (UTC)
Received: from TK5EX14HUBC102.redmond.corp.microsoft.com (131.107.125.8) by VA3EHSMHS007.bigfish.com (10.7.99.17) with Microsoft SMTP Server (TLS) id 14.1.225.23; Thu, 24 May 2012 06:51:27 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.189]) by TK5EX14HUBC102.redmond.corp.microsoft.com ([157.54.7.154]) with mapi id 14.02.0298.005; Thu, 24 May 2012 06:51:03 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: David Recordon <recordond@gmail.com>, Julian Reschke <julian.reschke@gmx.de>
Thread-Topic: [OAUTH-WG] FYI - Text resolving DISCUSS issue about Bearer URI Query Parameter method
Thread-Index: Ac00efYUfRXj86CaR5e2v90Td0g/OQATAKqAASxeUAAAAGF0AAAAG3Ew
Date: Thu, 24 May 2012 06:51:02 +0000
Message-ID: <4E1F6AAD24975D4BA5B168042967394366516BD1@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <4E1F6AAD24975D4BA5B16804296739436650C7FA@TK5EX14MBXC284.redmond.corp.microsoft.com> <4FB5F703.90907@gmx.de>	<4FBDD6C0.2050502@gmx.de> <CAB_mRgMMEnWFzjO7gTCFzqUq0sb_1ws-pnUN9G=H7f-7ntEB8w@mail.gmail.com>
In-Reply-To: <CAB_mRgMMEnWFzjO7gTCFzqUq0sb_1ws-pnUN9G=H7f-7ntEB8w@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.33]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B168042967394366516BD1TK5EX14MBXC284r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: Mark Nottingham <mnot@mnot.net>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] FYI - Text resolving DISCUSS issue about Bearer URI Query Parameter method
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 May 2012 06:51:43 -0000

--_000_4E1F6AAD24975D4BA5B168042967394366516BD1TK5EX14MBXC284r_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

The query parameter method was not moved to an appendix, for the reasons th=
at Dick and you stated.  The reality is, that it's the most used method, an=
d it would be a disservice to developers not to describe it in the body of =
the spec (with appropriate caveats, of course).

                                                            Best wishes,
                                                            -- Mike

From: David Recordon [mailto:recordond@gmail.com]
Sent: Wednesday, May 23, 2012 11:47 PM
To: Mike Jones; Julian Reschke
Cc: Mark Nottingham; oauth@ietf.org
Subject: Re: [OAUTH-WG] FYI - Text resolving DISCUSS issue about Bearer URI=
 Query Parameter method

I'm confused by this change given the access_token (or oauth_token) paramet=
er being the most widely deployed usage of the protocol over the past eight=
een months:

 * https://developers.facebook.com/docs/reference/api/
 * https://developers.google.com/accounts/docs/OAuth2WebServer#callinganapi
 * http://msdn.microsoft.com/en-us/library/live/hh243647#response
 * http://develop.github.com/p/oauth.html

--David

On Wed, May 23, 2012 at 11:35 PM, Julian Reschke <julian.reschke@gmx.de<mai=
lto:julian.reschke@gmx.de>> wrote:
On 2012-05-18 09:15, Julian Reschke wrote:
...
Did you consider to *also* move the whole section into an appendix, so
that it's status is also reflected by the document structure?

Best regards, Julian

Hi, it would be awesome to see feedback on this (it has been mentioned duri=
ng IETF LC multiple times).


Best regards, Julian
_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth


--_000_4E1F6AAD24975D4BA5B168042967394366516BD1TK5EX14MBXC284r_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal-reply;
	font-family:"Calibri","sans-serif";
	color:#1F497D;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-family:"Calibri","sans-serif";}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1F497D">The query parameter metho=
d was not moved to an appendix, for the reasons that Dick and you stated.&n=
bsp; The reality is, that it&#8217;s the most used method, and it would
 be a disservice to developers not to describe it in the body of the spec (=
with appropriate caveats, of course).<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1F497D"><o:p>&nbsp;</o:p></span><=
/p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1F497D">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Best wishes,<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1F497D">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- Mike<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1F497D"><o:p>&nbsp;</o:p></span><=
/p>
<p class=3D"MsoNormal"><b><span style=3D"font-size:10.0pt;font-family:&quot=
;Tahoma&quot;,&quot;sans-serif&quot;">From:</span></b><span style=3D"font-s=
ize:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;"> David Re=
cordon [mailto:recordond@gmail.com]
<br>
<b>Sent:</b> Wednesday, May 23, 2012 11:47 PM<br>
<b>To:</b> Mike Jones; Julian Reschke<br>
<b>Cc:</b> Mark Nottingham; oauth@ietf.org<br>
<b>Subject:</b> Re: [OAUTH-WG] FYI - Text resolving DISCUSS issue about Bea=
rer URI Query Parameter method<o:p></o:p></span></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">I'm confused by this change given the access_token (=
or oauth_token) parameter being the most widely deployed usage of the proto=
col over the past eighteen months:<o:p></o:p></p>
<div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
<div>
<p class=3D"MsoNormal">&nbsp;*&nbsp;<a href=3D"https://developers.facebook.=
com/docs/reference/api/">https://developers.facebook.com/docs/reference/api=
/</a><o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal">&nbsp;*&nbsp;<a href=3D"https://developers.google.co=
m/accounts/docs/OAuth2WebServer#callinganapi">https://developers.google.com=
/accounts/docs/OAuth2WebServer#callinganapi</a><o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal">&nbsp;*&nbsp;<a href=3D"http://msdn.microsoft.com/en=
-us/library/live/hh243647#response">http://msdn.microsoft.com/en-us/library=
/live/hh243647#response</a><o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal">&nbsp;*&nbsp;<a href=3D"http://develop.github.com/p/=
oauth.html">http://develop.github.com/p/oauth.html</a><o:p></o:p></p>
<div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
<div>
<p class=3D"MsoNormal">--David<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal" style=3D"margin-bottom:12.0pt"><o:p>&nbsp;</o:p></p>
<div>
<p class=3D"MsoNormal">On Wed, May 23, 2012 at 11:35 PM, Julian Reschke &lt=
;<a href=3D"mailto:julian.reschke@gmx.de" target=3D"_blank">julian.reschke@=
gmx.de</a>&gt; wrote:<o:p></o:p></p>
<div>
<p class=3D"MsoNormal">On 2012-05-18 09:15, Julian Reschke wrote:<o:p></o:p=
></p>
<p class=3D"MsoNormal">...<br>
Did you consider to *also* move the whole section into an appendix, so<br>
that it's status is also reflected by the document structure?<br>
<br>
Best regards, Julian<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
<p class=3D"MsoNormal">Hi, it would be awesome to see feedback on this (it =
has been mentioned during IETF LC multiple times).<o:p></o:p></p>
<div>
<div>
<p class=3D"MsoNormal"><br>
<br>
Best regards, Julian<br>
_______________________________________________<br>
OAuth mailing list<br>
<a href=3D"mailto:OAuth@ietf.org" target=3D"_blank">OAuth@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/oauth" target=3D"_blank">h=
ttps://www.ietf.org/mailman/listinfo/oauth</a><o:p></o:p></p>
</div>
</div>
</div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
</div>
</div>
</body>
</html>

--_000_4E1F6AAD24975D4BA5B168042967394366516BD1TK5EX14MBXC284r_--

From eran@hueniverse.com  Wed May 23 23:53:09 2012
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9312611E809C for <oauth@ietfa.amsl.com>; Wed, 23 May 2012 23:53:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.001,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YLx5WAn9UiCV for <oauth@ietfa.amsl.com>; Wed, 23 May 2012 23:53:09 -0700 (PDT)
Received: from p3plex2out02.prod.phx3.secureserver.net (p3plex2out02.prod.phx3.secureserver.net [184.168.131.14]) by ietfa.amsl.com (Postfix) with ESMTP id 0411A21F847D for <oauth@ietf.org>; Wed, 23 May 2012 23:53:08 -0700 (PDT)
Received: from P3PWEX2HT001.ex2.secureserver.net ([184.168.131.9]) by p3plex2out02.prod.phx3.secureserver.net with bizsmtp id Dit81j0010CJzpC01it8um; Wed, 23 May 2012 23:53:08 -0700
Received: from P3PWEX2MB008.ex2.secureserver.net ([169.254.8.66]) by P3PWEX2HT001.ex2.secureserver.net ([184.168.131.9]) with mapi id 14.02.0247.003; Wed, 23 May 2012 23:53:08 -0700
From: Eran Hammer <eran@hueniverse.com>
To: Mike Jones <Michael.Jones@microsoft.com>, Julian Reschke <julian.reschke@gmx.de>
Thread-Topic: [OAUTH-WG] FYI - Text resolving DISCUSS issue about Bearer URI Query Parameter method
Thread-Index: AQHNOXeCing9mQzgskiQxqV7R13L2ZbY9POA//+LNLA=
Date: Thu, 24 May 2012 06:53:07 +0000
Message-ID: <0CBAEB56DDB3A140BA8E8C124C04ECA20104BC07@P3PWEX2MB008.ex2.secureserver.net>
References: <4E1F6AAD24975D4BA5B16804296739436650C7FA@TK5EX14MBXC284.redmond.corp.microsoft.com> <4FB5F703.90907@gmx.de> <4FBDD6C0.2050502@gmx.de> <4E1F6AAD24975D4BA5B168042967394366516BA6@TK5EX14MBXC284.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B168042967394366516BA6@TK5EX14MBXC284.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [64.74.213.174]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: Mark Nottingham <mnot@mnot.net>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] FYI - Text resolving DISCUSS issue about Bearer URI Query Parameter method
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 May 2012 06:53:09 -0000

I don't care about this either way, but 'explicitly rejected' is an over-re=
ach. I have not seen the chairs make a consensus call about that, or even f=
ormally ask the list.

EH


> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf
> Of Mike Jones
> Sent: Wednesday, May 23, 2012 11:49 PM
> To: Julian Reschke
> Cc: Mark Nottingham; oauth@ietf.org
> Subject: Re: [OAUTH-WG] FYI - Text resolving DISCUSS issue about Bearer
> URI Query Parameter method
>=20
> Yes, putting the query parameter method into an appendix was considered
> and explicitly rejected.  Dick Hardt wrote about these issues in the
> discussions that led to this decision, and I'll take the liberty of quoti=
ng him, as
> I believe he explained it well:
>=20
> "The reality is that the world is a messy place. Developers hack the
> architecture to accomplish goals not envisioned by the architects. The
> architects can accept the reality of the world, or ignore it and lose the=
ir
> relevance. In my opinion, putting the query parameter mechanism into an
> appendix is ignoring the reality of current implementations. Adding langu=
age
> to the spec that use of the query parameter is not architecturally ideal,=
 but
> accepts the reality of the current web would be far more preferable."
>=20
> "Many sites with substantial security expertise (Google, Facebook, Linked=
In,
> Foursquare) have chosen to use the query parameter as opposed to the
> header - both methods have been documented in the drafts since the
> beginning. Clearly from a practical point of view the implementers have
> chosen to use the query parameter. "
>=20
> "I have read people proposing dropping it from the spec or pushing it to =
an
> Appendix. I agree that the security issues need to be documented and the
> architectural issues called out. I think dropping it from the spec or pus=
hing it
> to an appendix is a disservice to implementers and sends a message that t=
he
> IETF is not in touch with the realities of the web."
>=20
> 					-- Mike
>=20
> -----Original Message-----
> From: Julian Reschke [mailto:julian.reschke@gmx.de]
> Sent: Wednesday, May 23, 2012 11:36 PM
> To: Mike Jones
> Cc: oauth@ietf.org; Mark Nottingham
> Subject: Re: [OAUTH-WG] FYI - Text resolving DISCUSS issue about Bearer
> URI Query Parameter method
>=20
> On 2012-05-18 09:15, Julian Reschke wrote:
> > ...
> > Did you consider to *also* move the whole section into an appendix, so
> > that it's status is also reflected by the document structure?
> >
> > Best regards, Julian
>=20
> Hi, it would be awesome to see feedback on this (it has been mentioned
> during IETF LC multiple times).
>=20
> Best regards, Julian
>=20
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

From mnot@mnot.net  Wed May 23 23:53:53 2012
Return-Path: <mnot@mnot.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 249B921F85DB for <oauth@ietfa.amsl.com>; Wed, 23 May 2012 23:53:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.043
X-Spam-Level: 
X-Spam-Status: No, score=-103.043 tagged_above=-999 required=5 tests=[AWL=-0.444, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vbuEq-eFktsi for <oauth@ietfa.amsl.com>; Wed, 23 May 2012 23:53:52 -0700 (PDT)
Received: from mxout-07.mxes.net (mxout-07.mxes.net [216.86.168.182]) by ietfa.amsl.com (Postfix) with ESMTP id E0B2B21F85D8 for <oauth@ietf.org>; Wed, 23 May 2012 23:53:51 -0700 (PDT)
Received: from mnot-mini.mnot.net (unknown [118.209.21.48]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id EB75022E1F4; Thu, 24 May 2012 02:53:47 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset=us-ascii
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <0CBAEB56DDB3A140BA8E8C124C04ECA20104BC07@P3PWEX2MB008.ex2.secureserver.net>
Date: Thu, 24 May 2012 16:53:45 +1000
Content-Transfer-Encoding: quoted-printable
Message-Id: <BBA96889-2AEC-4D32-9C9B-C77BB92825ED@mnot.net>
References: <4E1F6AAD24975D4BA5B16804296739436650C7FA@TK5EX14MBXC284.redmond.corp.microsoft.com> <4FB5F703.90907@gmx.de> <4FBDD6C0.2050502@gmx.de> <4E1F6AAD24975D4BA5B168042967394366516BA6@TK5EX14MBXC284.redmond.corp.microsoft.com> <0CBAEB56DDB3A140BA8E8C124C04ECA20104BC07@P3PWEX2MB008.ex2.secureserver.net>
To: Eran Hammer <eran@hueniverse.com>
X-Mailer: Apple Mail (2.1278)
Cc: Julian Reschke <julian.reschke@gmx.de>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] FYI - Text resolving DISCUSS issue about Bearer URI Query Parameter method
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 May 2012 06:53:53 -0000

Thanks, Eran - I was just about to ask about that.=20


On 24/05/2012, at 4:53 PM, Eran Hammer wrote:

> I don't care about this either way, but 'explicitly rejected' is an =
over-reach. I have not seen the chairs make a consensus call about that, =
or even formally ask the list.
>=20
> EH
>=20
>=20
>> -----Original Message-----
>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On =
Behalf
>> Of Mike Jones
>> Sent: Wednesday, May 23, 2012 11:49 PM
>> To: Julian Reschke
>> Cc: Mark Nottingham; oauth@ietf.org
>> Subject: Re: [OAUTH-WG] FYI - Text resolving DISCUSS issue about =
Bearer
>> URI Query Parameter method
>>=20
>> Yes, putting the query parameter method into an appendix was =
considered
>> and explicitly rejected.  Dick Hardt wrote about these issues in the
>> discussions that led to this decision, and I'll take the liberty of =
quoting him, as
>> I believe he explained it well:
>>=20
>> "The reality is that the world is a messy place. Developers hack the
>> architecture to accomplish goals not envisioned by the architects. =
The
>> architects can accept the reality of the world, or ignore it and lose =
their
>> relevance. In my opinion, putting the query parameter mechanism into =
an
>> appendix is ignoring the reality of current implementations. Adding =
language
>> to the spec that use of the query parameter is not architecturally =
ideal, but
>> accepts the reality of the current web would be far more preferable."
>>=20
>> "Many sites with substantial security expertise (Google, Facebook, =
LinkedIn,
>> Foursquare) have chosen to use the query parameter as opposed to the
>> header - both methods have been documented in the drafts since the
>> beginning. Clearly from a practical point of view the implementers =
have
>> chosen to use the query parameter. "
>>=20
>> "I have read people proposing dropping it from the spec or pushing it =
to an
>> Appendix. I agree that the security issues need to be documented and =
the
>> architectural issues called out. I think dropping it from the spec or =
pushing it
>> to an appendix is a disservice to implementers and sends a message =
that the
>> IETF is not in touch with the realities of the web."
>>=20
>> 					-- Mike
>>=20
>> -----Original Message-----
>> From: Julian Reschke [mailto:julian.reschke@gmx.de]
>> Sent: Wednesday, May 23, 2012 11:36 PM
>> To: Mike Jones
>> Cc: oauth@ietf.org; Mark Nottingham
>> Subject: Re: [OAUTH-WG] FYI - Text resolving DISCUSS issue about =
Bearer
>> URI Query Parameter method
>>=20
>> On 2012-05-18 09:15, Julian Reschke wrote:
>>> ...
>>> Did you consider to *also* move the whole section into an appendix, =
so
>>> that it's status is also reflected by the document structure?
>>>=20
>>> Best regards, Julian
>>=20
>> Hi, it would be awesome to see feedback on this (it has been =
mentioned
>> during IETF LC multiple times).
>>=20
>> Best regards, Julian
>>=20
>>=20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth

--
Mark Nottingham   http://www.mnot.net/




From Michael.Jones@microsoft.com  Thu May 24 00:02:23 2012
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00F0611E80B2 for <oauth@ietfa.amsl.com>; Thu, 24 May 2012 00:02:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.099
X-Spam-Level: 
X-Spam-Status: No, score=-5.099 tagged_above=-999 required=5 tests=[AWL=1.500,  BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7dWDAuyQJKwG for <oauth@ietfa.amsl.com>; Thu, 24 May 2012 00:02:21 -0700 (PDT)
Received: from tx2outboundpool.messaging.microsoft.com (tx2ehsobe004.messaging.microsoft.com [65.55.88.14]) by ietfa.amsl.com (Postfix) with ESMTP id 56F6811E80A6 for <oauth@ietf.org>; Thu, 24 May 2012 00:02:21 -0700 (PDT)
Received: from mail13-tx2-R.bigfish.com (10.9.14.241) by TX2EHSOBE001.bigfish.com (10.9.40.21) with Microsoft SMTP Server id 14.1.225.23; Thu, 24 May 2012 07:02:11 +0000
Received: from mail13-tx2 (localhost [127.0.0.1])	by mail13-tx2-R.bigfish.com (Postfix) with ESMTP id 45ABE6011A; Thu, 24 May 2012 07:02:11 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC102.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -46
X-BigFish: VS-46(zzbb2dI9371I936eK146fI1b0bM542M1432N98dK4015Izz1202hzz8275ch1033IL8275dhz2fh2a8h668h839h944hd25hf0ah)
Received-SPF: pass (mail13-tx2: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14MLTC102.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail13-tx2 (localhost.localdomain [127.0.0.1]) by mail13-tx2 (MessageSwitch) id 1337842928956340_2446; Thu, 24 May 2012 07:02:08 +0000 (UTC)
Received: from TX2EHSMHS014.bigfish.com (unknown [10.9.14.248])	by mail13-tx2.bigfish.com (Postfix) with ESMTP id E4AFF80093; Thu, 24 May 2012 07:02:08 +0000 (UTC)
Received: from TK5EX14MLTC102.redmond.corp.microsoft.com (131.107.125.8) by TX2EHSMHS014.bigfish.com (10.9.99.114) with Microsoft SMTP Server (TLS) id 14.1.225.23; Thu, 24 May 2012 07:02:08 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.189]) by TK5EX14MLTC102.redmond.corp.microsoft.com ([157.54.79.180]) with mapi id 14.02.0298.005; Thu, 24 May 2012 07:02:15 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Mark Nottingham <mnot@mnot.net>, Eran Hammer <eran@hueniverse.com>
Thread-Topic: [OAUTH-WG] FYI - Text resolving DISCUSS issue about Bearer URI Query Parameter method
Thread-Index: Ac00efYUfRXj86CaR5e2v90Td0g/OQATAKqAASxeUAAAADQxQAAAZzqAAAAFqoAAAAZo4A==
Date: Thu, 24 May 2012 07:02:14 +0000
Message-ID: <4E1F6AAD24975D4BA5B168042967394366516C38@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <4E1F6AAD24975D4BA5B16804296739436650C7FA@TK5EX14MBXC284.redmond.corp.microsoft.com> <4FB5F703.90907@gmx.de> <4FBDD6C0.2050502@gmx.de> <4E1F6AAD24975D4BA5B168042967394366516BA6@TK5EX14MBXC284.redmond.corp.microsoft.com> <0CBAEB56DDB3A140BA8E8C124C04ECA20104BC07@P3PWEX2MB008.ex2.secureserver.net> <BBA96889-2AEC-4D32-9C9B-C77BB92825ED@mnot.net>
In-Reply-To: <BBA96889-2AEC-4D32-9C9B-C77BB92825ED@mnot.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.33]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: Julian Reschke <julian.reschke@gmx.de>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] FYI - Text resolving DISCUSS issue about Bearer URI Query Parameter method
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 May 2012 07:02:23 -0000

My recollection is that putting it in an appendix was explicitly rejected i=
n the threads discussing the DISCUSS issues and no one on those threads pus=
hed back afterwards, particularly after Dick's explanations of why it shoul=
d stay.  (Why these DISCUSS discussions don't include the full working grou=
p is a mystery to me, but apparently that's the way it's done at this stage=
 of the IETF spec finalization process.  Can anyone tell me why that's the =
case?)

Anyway, since this feature has been in *every* version of the spec, leaving=
 it in hardly seemed to require a consensus call.  The chairs, of course, c=
an obviously hold one if they believe one is called for.

				Best wishes,
				-- Mike

-----Original Message-----
From: Mark Nottingham [mailto:mnot@mnot.net]=20
Sent: Wednesday, May 23, 2012 11:54 PM
To: Eran Hammer
Cc: Mike Jones; Julian Reschke; oauth@ietf.org
Subject: Re: [OAUTH-WG] FYI - Text resolving DISCUSS issue about Bearer URI=
 Query Parameter method

Thanks, Eran - I was just about to ask about that.=20


On 24/05/2012, at 4:53 PM, Eran Hammer wrote:

> I don't care about this either way, but 'explicitly rejected' is an over-=
reach. I have not seen the chairs make a consensus call about that, or even=
 formally ask the list.
>=20
> EH
>=20
>=20
>> -----Original Message-----
>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On=20
>> Behalf Of Mike Jones
>> Sent: Wednesday, May 23, 2012 11:49 PM
>> To: Julian Reschke
>> Cc: Mark Nottingham; oauth@ietf.org
>> Subject: Re: [OAUTH-WG] FYI - Text resolving DISCUSS issue about=20
>> Bearer URI Query Parameter method
>>=20
>> Yes, putting the query parameter method into an appendix was=20
>> considered and explicitly rejected.  Dick Hardt wrote about these=20
>> issues in the discussions that led to this decision, and I'll take=20
>> the liberty of quoting him, as I believe he explained it well:
>>=20
>> "The reality is that the world is a messy place. Developers hack the=20
>> architecture to accomplish goals not envisioned by the architects.=20
>> The architects can accept the reality of the world, or ignore it and=20
>> lose their relevance. In my opinion, putting the query parameter=20
>> mechanism into an appendix is ignoring the reality of current=20
>> implementations. Adding language to the spec that use of the query=20
>> parameter is not architecturally ideal, but accepts the reality of the c=
urrent web would be far more preferable."
>>=20
>> "Many sites with substantial security expertise (Google, Facebook,=20
>> LinkedIn,
>> Foursquare) have chosen to use the query parameter as opposed to the=20
>> header - both methods have been documented in the drafts since the=20
>> beginning. Clearly from a practical point of view the implementers=20
>> have chosen to use the query parameter. "
>>=20
>> "I have read people proposing dropping it from the spec or pushing it=20
>> to an Appendix. I agree that the security issues need to be=20
>> documented and the architectural issues called out. I think dropping=20
>> it from the spec or pushing it to an appendix is a disservice to=20
>> implementers and sends a message that the IETF is not in touch with the =
realities of the web."
>>=20
>> 					-- Mike
>>=20
>> -----Original Message-----
>> From: Julian Reschke [mailto:julian.reschke@gmx.de]
>> Sent: Wednesday, May 23, 2012 11:36 PM
>> To: Mike Jones
>> Cc: oauth@ietf.org; Mark Nottingham
>> Subject: Re: [OAUTH-WG] FYI - Text resolving DISCUSS issue about=20
>> Bearer URI Query Parameter method
>>=20
>> On 2012-05-18 09:15, Julian Reschke wrote:
>>> ...
>>> Did you consider to *also* move the whole section into an appendix,=20
>>> so that it's status is also reflected by the document structure?
>>>=20
>>> Best regards, Julian
>>=20
>> Hi, it would be awesome to see feedback on this (it has been=20
>> mentioned during IETF LC multiple times).
>>=20
>> Best regards, Julian
>>=20
>>=20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth

--
Mark Nottingham   http://www.mnot.net/






From recordond@gmail.com  Thu May 24 00:11:23 2012
Return-Path: <recordond@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C58F411E80A4 for <oauth@ietfa.amsl.com>; Thu, 24 May 2012 00:11:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.182
X-Spam-Level: 
X-Spam-Status: No, score=-3.182 tagged_above=-999 required=5 tests=[AWL=0.416,  BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id StUPWnucyhF4 for <oauth@ietfa.amsl.com>; Thu, 24 May 2012 00:11:22 -0700 (PDT)
Received: from mail-lpp01m010-f44.google.com (mail-lpp01m010-f44.google.com [209.85.215.44]) by ietfa.amsl.com (Postfix) with ESMTP id D6C3111E8076 for <oauth@ietf.org>; Thu, 24 May 2012 00:11:21 -0700 (PDT)
Received: by lagv3 with SMTP id v3so6569303lag.31 for <oauth@ietf.org>; Thu, 24 May 2012 00:11:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=C+DnEln0LAGKuN9NiCeuE40LZRFzuKcbXVzna+iEbq8=; b=faErKsO99HhcdZ6v/b2uiNxeEEB2DXNX+DblN2sh2AeJsU+NWvlGU7IhApM+ZRGfF7 FsFfrfxR5PW/bL1EE4tffH7dr58Ek0c/nZQwD3VEL3TlOD2qNRPW3lqdp4+znhCisg5Z 2qBLTRpfsLHCcpGTvkPcJkdB/2sp546h5gBwHQBTD9RNCU0t2KHlqvQXPX53GcHXgXz/ Qy0hIbb8c0hETPNosg8jKglX5h9N1sBxWqJPgcB6IPvsvzcH00+teX2TIDDfSKNQna5m 46GJY5XFhk88PkcSd7F0AASeL8sB19iPBOlgBhJSczNwkmm7Sd415RQhcgHht9yDaSto xAWQ==
MIME-Version: 1.0
Received: by 10.152.103.11 with SMTP id fs11mr29572097lab.23.1337843480754; Thu, 24 May 2012 00:11:20 -0700 (PDT)
Received: by 10.112.104.97 with HTTP; Thu, 24 May 2012 00:11:20 -0700 (PDT)
In-Reply-To: <4E1F6AAD24975D4BA5B168042967394366516C38@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <4E1F6AAD24975D4BA5B16804296739436650C7FA@TK5EX14MBXC284.redmond.corp.microsoft.com> <4FB5F703.90907@gmx.de> <4FBDD6C0.2050502@gmx.de> <4E1F6AAD24975D4BA5B168042967394366516BA6@TK5EX14MBXC284.redmond.corp.microsoft.com> <0CBAEB56DDB3A140BA8E8C124C04ECA20104BC07@P3PWEX2MB008.ex2.secureserver.net> <BBA96889-2AEC-4D32-9C9B-C77BB92825ED@mnot.net> <4E1F6AAD24975D4BA5B168042967394366516C38@TK5EX14MBXC284.redmond.corp.microsoft.com>
Date: Thu, 24 May 2012 00:11:20 -0700
Message-ID: <CAB_mRgNLoRaV4AhUmoS0394Gja6c2sD-APW8sS2tka+NxhP=sQ@mail.gmail.com>
From: David Recordon <recordond@gmail.com>
To: Mark Nottingham <mnot@mnot.net>, Eran Hammer <eran@hueniverse.com>,  Mike Jones <Michael.Jones@microsoft.com>
Content-Type: multipart/alternative; boundary=f46d040715c56f78a004c0c2f511
Cc: Julian Reschke <julian.reschke@gmx.de>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] FYI - Text resolving DISCUSS issue about Bearer URI Query Parameter method
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 May 2012 07:11:23 -0000

--f46d040715c56f78a004c0c2f511
Content-Type: text/plain; charset=ISO-8859-1

Regardless of how we got here, just feels strange to have a
strong recommendation against the way the protocol is actually being used.
I completely understand that standards live on for well over eighteen
months (or five years if we start with OAuth 1.0) but this feels like we're
just going to end up with the vast majority of deployments doing what the
standard explicitly recommends against. Query parameters are used because
they're easy and implementor simplicity was always something driving design
decisions. So at least to me this is not the path toward a widely deployed
standard.

--David


On Thu, May 24, 2012 at 12:02 AM, Mike Jones <Michael.Jones@microsoft.com>wrote:

> My recollection is that putting it in an appendix was explicitly rejected
> in the threads discussing the DISCUSS issues and no one on those threads
> pushed back afterwards, particularly after Dick's explanations of why it
> should stay.  (Why these DISCUSS discussions don't include the full working
> group is a mystery to me, but apparently that's the way it's done at this
> stage of the IETF spec finalization process.  Can anyone tell me why that's
> the case?)
>
> Anyway, since this feature has been in *every* version of the spec,
> leaving it in hardly seemed to require a consensus call.  The chairs, of
> course, can obviously hold one if they believe one is called for.
>
>                                Best wishes,
>                                -- Mike
>
> -----Original Message-----
> From: Mark Nottingham [mailto:mnot@mnot.net]
> Sent: Wednesday, May 23, 2012 11:54 PM
> To: Eran Hammer
> Cc: Mike Jones; Julian Reschke; oauth@ietf.org
> Subject: Re: [OAUTH-WG] FYI - Text resolving DISCUSS issue about Bearer
> URI Query Parameter method
>
> Thanks, Eran - I was just about to ask about that.
>
>
> On 24/05/2012, at 4:53 PM, Eran Hammer wrote:
>
> > I don't care about this either way, but 'explicitly rejected' is an
> over-reach. I have not seen the chairs make a consensus call about that, or
> even formally ask the list.
> >
> > EH
> >
> >
> >> -----Original Message-----
> >> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On
> >> Behalf Of Mike Jones
> >> Sent: Wednesday, May 23, 2012 11:49 PM
> >> To: Julian Reschke
> >> Cc: Mark Nottingham; oauth@ietf.org
> >> Subject: Re: [OAUTH-WG] FYI - Text resolving DISCUSS issue about
> >> Bearer URI Query Parameter method
> >>
> >> Yes, putting the query parameter method into an appendix was
> >> considered and explicitly rejected.  Dick Hardt wrote about these
> >> issues in the discussions that led to this decision, and I'll take
> >> the liberty of quoting him, as I believe he explained it well:
> >>
> >> "The reality is that the world is a messy place. Developers hack the
> >> architecture to accomplish goals not envisioned by the architects.
> >> The architects can accept the reality of the world, or ignore it and
> >> lose their relevance. In my opinion, putting the query parameter
> >> mechanism into an appendix is ignoring the reality of current
> >> implementations. Adding language to the spec that use of the query
> >> parameter is not architecturally ideal, but accepts the reality of the
> current web would be far more preferable."
> >>
> >> "Many sites with substantial security expertise (Google, Facebook,
> >> LinkedIn,
> >> Foursquare) have chosen to use the query parameter as opposed to the
> >> header - both methods have been documented in the drafts since the
> >> beginning. Clearly from a practical point of view the implementers
> >> have chosen to use the query parameter. "
> >>
> >> "I have read people proposing dropping it from the spec or pushing it
> >> to an Appendix. I agree that the security issues need to be
> >> documented and the architectural issues called out. I think dropping
> >> it from the spec or pushing it to an appendix is a disservice to
> >> implementers and sends a message that the IETF is not in touch with the
> realities of the web."
> >>
> >>                                      -- Mike
> >>
> >> -----Original Message-----
> >> From: Julian Reschke [mailto:julian.reschke@gmx.de]
> >> Sent: Wednesday, May 23, 2012 11:36 PM
> >> To: Mike Jones
> >> Cc: oauth@ietf.org; Mark Nottingham
> >> Subject: Re: [OAUTH-WG] FYI - Text resolving DISCUSS issue about
> >> Bearer URI Query Parameter method
> >>
> >> On 2012-05-18 09:15, Julian Reschke wrote:
> >>> ...
> >>> Did you consider to *also* move the whole section into an appendix,
> >>> so that it's status is also reflected by the document structure?
> >>>
> >>> Best regards, Julian
> >>
> >> Hi, it would be awesome to see feedback on this (it has been
> >> mentioned during IETF LC multiple times).
> >>
> >> Best regards, Julian
> >>
> >>
> >> _______________________________________________
> >> OAuth mailing list
> >> OAuth@ietf.org
> >> https://www.ietf.org/mailman/listinfo/oauth
>
> --
> Mark Nottingham   http://www.mnot.net/
>
>
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>

--f46d040715c56f78a004c0c2f511
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Regardless of how we got here, just feels strange to have a strong=A0recomm=
endation=A0against the way the protocol is actually being used. I completel=
y understand that standards live on for well over eighteen months (or five =
years if we start with OAuth 1.0) but this feels like we&#39;re just going =
to end up with the vast majority of deployments doing what the standard=A0e=
xplicitly=A0recommends=A0against. Query parameters are used because they&#3=
9;re easy and implementor simplicity was always something driving design de=
cisions. So at least to me this is not the path toward a widely deployed st=
andard.<div>
<br></div><div>--David<br><div><br></div><div><br><div class=3D"gmail_quote=
">On Thu, May 24, 2012 at 12:02 AM, Mike Jones <span dir=3D"ltr">&lt;<a hre=
f=3D"mailto:Michael.Jones@microsoft.com" target=3D"_blank">Michael.Jones@mi=
crosoft.com</a>&gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">My recollection is that putting it in an app=
endix was explicitly rejected in the threads discussing the DISCUSS issues =
and no one on those threads pushed back afterwards, particularly after Dick=
&#39;s explanations of why it should stay. =A0(Why these DISCUSS discussion=
s don&#39;t include the full working group is a mystery to me, but apparent=
ly that&#39;s the way it&#39;s done at this stage of the IETF spec finaliza=
tion process. =A0Can anyone tell me why that&#39;s the case?)<br>

<br>
Anyway, since this feature has been in *every* version of the spec, leaving=
 it in hardly seemed to require a consensus call. =A0The chairs, of course,=
 can obviously hold one if they believe one is called for.<br>
<br>
 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0Best wishes=
,<br>
 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0-- Mike<br>
<div class=3D"HOEnZb"><div class=3D"h5"><br>
-----Original Message-----<br>
From: Mark Nottingham [mailto:<a href=3D"mailto:mnot@mnot.net">mnot@mnot.ne=
t</a>]<br>
Sent: Wednesday, May 23, 2012 11:54 PM<br>
To: Eran Hammer<br>
Cc: Mike Jones; Julian Reschke; <a href=3D"mailto:oauth@ietf.org">oauth@iet=
f.org</a><br>
Subject: Re: [OAUTH-WG] FYI - Text resolving DISCUSS issue about Bearer URI=
 Query Parameter method<br>
<br>
Thanks, Eran - I was just about to ask about that.<br>
<br>
<br>
On 24/05/2012, at 4:53 PM, Eran Hammer wrote:<br>
<br>
&gt; I don&#39;t care about this either way, but &#39;explicitly rejected&#=
39; is an over-reach. I have not seen the chairs make a consensus call abou=
t that, or even formally ask the list.<br>
&gt;<br>
&gt; EH<br>
&gt;<br>
&gt;<br>
&gt;&gt; -----Original Message-----<br>
&gt;&gt; From: <a href=3D"mailto:oauth-bounces@ietf.org">oauth-bounces@ietf=
.org</a> [mailto:<a href=3D"mailto:oauth-bounces@ietf.org">oauth-bounces@ie=
tf.org</a>] On<br>
&gt;&gt; Behalf Of Mike Jones<br>
&gt;&gt; Sent: Wednesday, May 23, 2012 11:49 PM<br>
&gt;&gt; To: Julian Reschke<br>
&gt;&gt; Cc: Mark Nottingham; <a href=3D"mailto:oauth@ietf.org">oauth@ietf.=
org</a><br>
&gt;&gt; Subject: Re: [OAUTH-WG] FYI - Text resolving DISCUSS issue about<b=
r>
&gt;&gt; Bearer URI Query Parameter method<br>
&gt;&gt;<br>
&gt;&gt; Yes, putting the query parameter method into an appendix was<br>
&gt;&gt; considered and explicitly rejected. =A0Dick Hardt wrote about thes=
e<br>
&gt;&gt; issues in the discussions that led to this decision, and I&#39;ll =
take<br>
&gt;&gt; the liberty of quoting him, as I believe he explained it well:<br>
&gt;&gt;<br>
&gt;&gt; &quot;The reality is that the world is a messy place. Developers h=
ack the<br>
&gt;&gt; architecture to accomplish goals not envisioned by the architects.=
<br>
&gt;&gt; The architects can accept the reality of the world, or ignore it a=
nd<br>
&gt;&gt; lose their relevance. In my opinion, putting the query parameter<b=
r>
&gt;&gt; mechanism into an appendix is ignoring the reality of current<br>
&gt;&gt; implementations. Adding language to the spec that use of the query=
<br>
&gt;&gt; parameter is not architecturally ideal, but accepts the reality of=
 the current web would be far more preferable.&quot;<br>
&gt;&gt;<br>
&gt;&gt; &quot;Many sites with substantial security expertise (Google, Face=
book,<br>
&gt;&gt; LinkedIn,<br>
&gt;&gt; Foursquare) have chosen to use the query parameter as opposed to t=
he<br>
&gt;&gt; header - both methods have been documented in the drafts since the=
<br>
&gt;&gt; beginning. Clearly from a practical point of view the implementers=
<br>
&gt;&gt; have chosen to use the query parameter. &quot;<br>
&gt;&gt;<br>
&gt;&gt; &quot;I have read people proposing dropping it from the spec or pu=
shing it<br>
&gt;&gt; to an Appendix. I agree that the security issues need to be<br>
&gt;&gt; documented and the architectural issues called out. I think droppi=
ng<br>
&gt;&gt; it from the spec or pushing it to an appendix is a disservice to<b=
r>
&gt;&gt; implementers and sends a message that the IETF is not in touch wit=
h the realities of the web.&quot;<br>
&gt;&gt;<br>
&gt;&gt; =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0 =A0 =A0-- Mike<br>
&gt;&gt;<br>
&gt;&gt; -----Original Message-----<br>
&gt;&gt; From: Julian Reschke [mailto:<a href=3D"mailto:julian.reschke@gmx.=
de">julian.reschke@gmx.de</a>]<br>
&gt;&gt; Sent: Wednesday, May 23, 2012 11:36 PM<br>
&gt;&gt; To: Mike Jones<br>
&gt;&gt; Cc: <a href=3D"mailto:oauth@ietf.org">oauth@ietf.org</a>; Mark Not=
tingham<br>
&gt;&gt; Subject: Re: [OAUTH-WG] FYI - Text resolving DISCUSS issue about<b=
r>
&gt;&gt; Bearer URI Query Parameter method<br>
&gt;&gt;<br>
&gt;&gt; On 2012-05-18 09:15, Julian Reschke wrote:<br>
&gt;&gt;&gt; ...<br>
&gt;&gt;&gt; Did you consider to *also* move the whole section into an appe=
ndix,<br>
&gt;&gt;&gt; so that it&#39;s status is also reflected by the document stru=
cture?<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; Best regards, Julian<br>
&gt;&gt;<br>
&gt;&gt; Hi, it would be awesome to see feedback on this (it has been<br>
&gt;&gt; mentioned during IETF LC multiple times).<br>
&gt;&gt;<br>
&gt;&gt; Best regards, Julian<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt; _______________________________________________<br>
&gt;&gt; OAuth mailing list<br>
&gt;&gt; <a href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>
&gt;&gt; <a href=3D"https://www.ietf.org/mailman/listinfo/oauth" target=3D"=
_blank">https://www.ietf.org/mailman/listinfo/oauth</a><br>
<br>
--<br>
Mark Nottingham =A0 <a href=3D"http://www.mnot.net/" target=3D"_blank">http=
://www.mnot.net/</a><br>
<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
OAuth mailing list<br>
<a href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/oauth" target=3D"_blank">h=
ttps://www.ietf.org/mailman/listinfo/oauth</a><br>
</div></div></blockquote></div><br></div></div>

--f46d040715c56f78a004c0c2f511--

From julian.reschke@gmx.de  Thu May 24 00:37:09 2012
Return-Path: <julian.reschke@gmx.de>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F59E21F853B for <oauth@ietfa.amsl.com>; Thu, 24 May 2012 00:37:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TyZvQ0+Lv0GH for <oauth@ietfa.amsl.com>; Thu, 24 May 2012 00:37:08 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id 3FE0421F8534 for <oauth@ietf.org>; Thu, 24 May 2012 00:37:08 -0700 (PDT)
Received: (qmail invoked by alias); 24 May 2012 07:37:07 -0000
Received: from p5DD97F30.dip.t-dialin.net (EHLO [192.168.178.36]) [93.217.127.48] by mail.gmx.net (mp028) with SMTP; 24 May 2012 09:37:07 +0200
X-Authenticated: #1915285
X-Provags-ID: V01U2FsdGVkX1+j8to7nt2j3naY/ToVjBuV7LvdlmfxwuPhLur37g mJtOD2VpRDUCmH
Message-ID: <4FBDE522.9010606@gmx.de>
Date: Thu, 24 May 2012 09:37:06 +0200
From: Julian Reschke <julian.reschke@gmx.de>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: Mike Jones <Michael.Jones@microsoft.com>
References: <4E1F6AAD24975D4BA5B16804296739436650C7FA@TK5EX14MBXC284.redmond.corp.microsoft.com> <4FB5F703.90907@gmx.de> <4FBDD6C0.2050502@gmx.de> <4E1F6AAD24975D4BA5B168042967394366516BA6@TK5EX14MBXC284.redmond.corp.microsoft.com> <0CBAEB56DDB3A140BA8E8C124C04ECA20104BC07@P3PWEX2MB008.ex2.secureserver.net> <BBA96889-2AEC-4D32-9C9B-C77BB92825ED@mnot.net> <4E1F6AAD24975D4BA5B168042967394366516C38@TK5EX14MBXC284.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B168042967394366516C38@TK5EX14MBXC284.redmond.corp.microsoft.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Cc: Mark Nottingham <mnot@mnot.net>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] FYI - Text resolving DISCUSS issue about Bearer URI Query Parameter method
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 May 2012 07:37:09 -0000

On 2012-05-24 09:02, Mike Jones wrote:
> My recollection is that putting it in an appendix was explicitly rejected in the threads discussing the DISCUSS issues and no one on those threads pushed back afterwards, particularly after Dick's explanations of why it should stay.  (Why these DISCUSS discussions don't include the full working group is a mystery to me, but apparently that's the way it's done at this stage of the IETF spec finalization process.  Can anyone tell me why that's the case?)
>
> Anyway, since this feature has been in *every* version of the spec, leaving it in hardly seemed to require a consensus call.  The chairs, of course, can obviously hold one if they believe one is called for.
> ...

It is very awkward to have the spec define three ways to do things, and 
have one of them marked as "NOT RECOMMENDED" (== "SHOULD NOT"), but 
leave it in the same place as the two other methods that are actually 
supposed to be used.

The NOT RECOMMENDED is to discourage use. *Keeping* the text is a 
compromise because of wide deployment, but then moving the text into an 
appendix reflecting the normative status should not negatively affect 
deployments, right?

Best regards, Julian

From wmills@yahoo-inc.com  Thu May 24 00:46:10 2012
Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC2D021F85E3 for <oauth@ietfa.amsl.com>; Thu, 24 May 2012 00:46:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.175
X-Spam-Level: 
X-Spam-Status: No, score=-17.175 tagged_above=-999 required=5 tests=[AWL=0.423, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LdZKPBU6utEX for <oauth@ietfa.amsl.com>; Thu, 24 May 2012 00:46:09 -0700 (PDT)
Received: from nm1.bullet.mail.sp2.yahoo.com (nm1.bullet.mail.sp2.yahoo.com [98.139.91.71]) by ietfa.amsl.com (Postfix) with SMTP id 958A521F85E1 for <oauth@ietf.org>; Thu, 24 May 2012 00:46:09 -0700 (PDT)
Received: from [98.139.91.64] by nm1.bullet.mail.sp2.yahoo.com with NNFMP; 24 May 2012 07:46:07 -0000
Received: from [98.139.91.43] by tm4.bullet.mail.sp2.yahoo.com with NNFMP; 24 May 2012 07:46:07 -0000
Received: from [127.0.0.1] by omp1043.mail.sp2.yahoo.com with NNFMP; 24 May 2012 07:46:07 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 43098.83131.bm@omp1043.mail.sp2.yahoo.com
Received: (qmail 94133 invoked by uid 60001); 24 May 2012 07:46:06 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1337845566; bh=CzrVE99vhTucrEFiyei6b3qQBS5uAz1tJd7eEhJ5ZIk=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=Z1d4ykVwXV46932gngjWUcSbOQLjQM9ngqATbTePZN0je4Yg5SzNSE+X//xl12ImEBGuyA8SGP7jslzFYtmKdQggSu2DB3HW5vldgtVma5wm4mAyNKyyCCqoUM7WORGtgSfxJ7UG+sInZoU3bulpx00GZp2y6gdaz0J6K2eI4LM=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=s43YoiKvkbNlbpwIFbnJMk/JDD0VlMGHHIOIwwKHOUjgMc2BA9iUUjfn45sVj7erkbMFd7GoPYlGmmYtd1iIgbM8ZoUndXU/Hs8l7RBMmt2MxJad7d4Y8YzbHJ3FjA8nWRwKiKdnnz+ioxo12al66ZcJ4sHNuSKJhxcQPgPpXJA=;
X-YMail-OSG: IPI2OowVM1llRpVopU6id_MK95Rzooql0IZK4.X6oBLPUSy Y_BbVh35.gAryVsDmym2xHnq5AroebN0bUJh0YEqZg1KrKLP3hZvI_Yr_JXb IoZ2XWgVxgjA03mH5lPlUXOOonmklTSNAgilvRPfve3Tq95fUfPiBkVjBI34 JqsK_RyAL4lcQTU.6TCtfmNC4o92cb2wBwRhrcUQ_8dNIJ2lTuA1XE.NiC5t 09WNkFtzIR9hck3DLBbkzad68GCW.88zrVFXWqilooMqYwjYQUGpqWD.oMVw GTcRFchuYQvHZQgUoAuDCRcS4XExHIxdnSOrcHSEpljRlGWqrHO6ICl8nm4S fwfGGTo_9djMdHFMhZ1wobNPZbdpXEb23TlQNXhoE5L5M2qk7i.m7aoHN6d5 LEhed1kG86_Luj5f096c7Nahv1nnLaUwvbM6bUb5LErmIg3b_JI7ddQ--
Received: from [209.131.62.115] by web31805.mail.mud.yahoo.com via HTTP; Thu, 24 May 2012 00:46:05 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.118.349524
References: <4E1F6AAD24975D4BA5B16804296739436650C7FA@TK5EX14MBXC284.redmond.corp.microsoft.com> <4FB5F703.90907@gmx.de> <4FBDD6C0.2050502@gmx.de> <4E1F6AAD24975D4BA5B168042967394366516BA6@TK5EX14MBXC284.redmond.corp.microsoft.com> <0CBAEB56DDB3A140BA8E8C124C04ECA20104BC07@P3PWEX2MB008.ex2.secureserver.net> <BBA96889-2AEC-4D32-9C9B-C77BB92825ED@mnot.net> <4E1F6AAD24975D4BA5B168042967394366516C38@TK5EX14MBXC284.redmond.corp.microsoft.com> <CAB_mRgNLoRaV4AhUmoS0394Gja6c2sD-APW8sS2tka+NxhP=sQ@mail.gmail.com>
Message-ID: <1337845565.93659.YahooMailNeo@web31805.mail.mud.yahoo.com>
Date: Thu, 24 May 2012 00:46:05 -0700 (PDT)
From: William Mills <wmills@yahoo-inc.com>
To: David Recordon <recordond@gmail.com>, Mark Nottingham <mnot@mnot.net>, Eran Hammer <eran@hueniverse.com>, Mike Jones <Michael.Jones@microsoft.com>
In-Reply-To: <CAB_mRgNLoRaV4AhUmoS0394Gja6c2sD-APW8sS2tka+NxhP=sQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-551393103-714622799-1337845565=:93659"
Cc: Julian Reschke <julian.reschke@gmx.de>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] FYI - Text resolving DISCUSS issue about Bearer URI Query Parameter method
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills@yahoo-inc.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 May 2012 07:46:10 -0000

---551393103-714622799-1337845565=:93659
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

And yet, the security properties of query parameters make them not ideal fo=
r credentials.=A0 From a security perspective it is hard to justify recomme=
nding it.=0A=0A=0A=0A=0A>________________________________=0A> From: David R=
ecordon <recordond@gmail.com>=0A>To: Mark Nottingham <mnot@mnot.net>; Eran =
Hammer <eran@hueniverse.com>; Mike Jones <Michael.Jones@microsoft.com> =0A>=
Cc: Julian Reschke <julian.reschke@gmx.de>; "oauth@ietf.org" <oauth@ietf.or=
g> =0A>Sent: Thursday, May 24, 2012 12:11 AM=0A>Subject: Re: [OAUTH-WG] FYI=
 - Text resolving DISCUSS issue about Bearer URI Query Parameter method=0A>=
 =0A>=0A>Regardless of how we got here, just feels strange to have a strong=
=A0recommendation=A0against the way the protocol is actually being used. I =
completely understand that standards live on for well over eighteen months =
(or five years if we start with OAuth 1.0) but this feels like we're just g=
oing to end up with the vast majority of deployments doing what the standar=
d=A0explicitly=A0recommends=A0against. Query parameters are used because th=
ey're easy and implementor simplicity was always something driving design d=
ecisions. So at least to me this is not the path toward a widely deployed s=
tandard.=0A>=0A>=0A>--David=0A>=0A>=0A>=0A>=0A>=0A>On Thu, May 24, 2012 at =
12:02 AM, Mike Jones <Michael.Jones@microsoft.com> wrote:=0A>=0A>My recolle=
ction is that putting it in an appendix was explicitly rejected in the thre=
ads discussing the DISCUSS issues and no one on those threads pushed back a=
fterwards, particularly after Dick's explanations of why it should stay. =
=A0(Why these DISCUSS discussions don't include the full working group is a=
 mystery to me, but apparently that's the way it's done at this stage of th=
e IETF spec finalization process. =A0Can anyone tell me why that's the case=
?)=0A>>=0A>>Anyway, since this feature has been in *every* version of the s=
pec, leaving it in hardly seemed to require a consensus call. =A0The chairs=
, of course, can obviously hold one if they believe one is called for.=0A>>=
=0A>>=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0Best wi=
shes,=0A>>=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0--=
 Mike=0A>>=0A>>=0A>>-----Original Message-----=0A>>From: Mark Nottingham [m=
ailto:mnot@mnot.net]=0A>>Sent: Wednesday, May 23, 2012 11:54 PM=0A>>To: Era=
n Hammer=0A>>Cc: Mike Jones; Julian Reschke; oauth@ietf.org=0A>>Subject: Re=
: [OAUTH-WG] FYI - Text resolving DISCUSS issue about Bearer URI Query Para=
meter method=0A>>=0A>>Thanks, Eran - I was just about to ask about that.=0A=
>>=0A>>=0A>>On 24/05/2012, at 4:53 PM, Eran Hammer wrote:=0A>>=0A>>> I don'=
t care about this either way, but 'explicitly rejected' is an over-reach. I=
 have not seen the chairs make a consensus call about that, or even formall=
y ask the list.=0A>>>=0A>>> EH=0A>>>=0A>>>=0A>>>> -----Original Message----=
-=0A>>>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On=0A=
>>>> Behalf Of Mike Jones=0A>>>> Sent: Wednesday, May 23, 2012 11:49 PM=0A>=
>>> To: Julian Reschke=0A>>>> Cc: Mark Nottingham; oauth@ietf.org=0A>>>> Su=
bject: Re: [OAUTH-WG] FYI - Text resolving DISCUSS issue about=0A>>>> Beare=
r URI Query Parameter method=0A>>>>=0A>>>> Yes, putting the query parameter=
 method into an appendix was=0A>>>> considered and explicitly rejected. =A0=
Dick Hardt wrote about these=0A>>>> issues in the discussions that led to t=
his decision, and I'll take=0A>>>> the liberty of quoting him, as I believe=
 he explained it well:=0A>>>>=0A>>>> "The reality is that the world is a me=
ssy place. Developers hack the=0A>>>> architecture to accomplish goals not =
envisioned by the architects.=0A>>>> The architects can accept the reality =
of the world, or ignore it and=0A>>>> lose their relevance. In my opinion, =
putting the query parameter=0A>>>> mechanism into an appendix is ignoring t=
he reality of current=0A>>>> implementations. Adding language to the spec t=
hat use of the query=0A>>>> parameter is not architecturally ideal, but acc=
epts the reality of the current web would be far more preferable."=0A>>>>=
=0A>>>> "Many sites with substantial security expertise (Google, Facebook,=
=0A>>>> LinkedIn,=0A>>>> Foursquare) have chosen to use the query parameter=
 as opposed to the=0A>>>> header - both methods have been documented in the=
 drafts since the=0A>>>> beginning. Clearly from a practical point of view =
the implementers=0A>>>> have chosen to use the query parameter. "=0A>>>>=0A=
>>>> "I have read people proposing dropping it from the spec or pushing it=
=0A>>>> to an Appendix. I agree that the security issues need to be=0A>>>> =
documented and the architectural issues called out. I think dropping=0A>>>>=
 it from the spec or pushing it to an appendix is a disservice to=0A>>>> im=
plementers and sends a message that the IETF is not in touch with the reali=
ties of the web."=0A>>>>=0A>>>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0=
 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0-- Mike=0A>>>>=0A>>>> -----Original Message=
-----=0A>>>> From: Julian Reschke [mailto:julian.reschke@gmx.de]=0A>>>> Sen=
t: Wednesday, May 23, 2012 11:36 PM=0A>>>> To: Mike Jones=0A>>>> Cc: oauth@=
ietf.org; Mark Nottingham=0A>>>> Subject: Re: [OAUTH-WG] FYI - Text resolvi=
ng DISCUSS issue about=0A>>>> Bearer URI Query Parameter method=0A>>>>=0A>>=
>> On 2012-05-18 09:15, Julian Reschke wrote:=0A>>>>> ...=0A>>>>> Did you c=
onsider to *also* move the whole section into an appendix,=0A>>>>> so that =
it's status is also reflected by the document structure?=0A>>>>>=0A>>>>> Be=
st regards, Julian=0A>>>>=0A>>>> Hi, it would be awesome to see feedback on=
 this (it has been=0A>>>> mentioned during IETF LC multiple times).=0A>>>>=
=0A>>>> Best regards, Julian=0A>>>>=0A>>>>=0A>>>> _________________________=
______________________=0A>>>> OAuth mailing list=0A>>>> OAuth@ietf.org=0A>>=
>> https://www.ietf.org/mailman/listinfo/oauth=0A>>=0A>>--=0A>>Mark Notting=
ham =A0 http://www.mnot.net/=0A>>=0A>>=0A>>=0A>>=0A>>=0A>>_________________=
______________________________=0A>>OAuth mailing list=0A>>OAuth@ietf.org=0A=
>>https://www.ietf.org/mailman/listinfo/oauth=0A>>=0A>=0A>_________________=
______________________________=0A>OAuth mailing list=0A>OAuth@ietf.org=0A>h=
ttps://www.ietf.org/mailman/listinfo/oauth=0A>=0A>=0A>
---551393103-714622799-1337845565=:93659
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

<html><body><div style=3D"color:#000; background-color:#fff; font-family:Co=
urier New, courier, monaco, monospace, sans-serif;font-size:14pt"><div><spa=
n>And yet, the security properties of query parameters make them not ideal =
for credentials.&nbsp; From a security perspective it is hard to justify re=
commending it.<br></span></div><div><br><blockquote style=3D"border-left: 2=
px solid rgb(16, 16, 255); margin-left: 5px; margin-top: 5px; padding-left:=
 5px;">  <div style=3D"font-family: Courier New, courier, monaco, monospace=
, sans-serif; font-size: 14pt;"> <div style=3D"font-family: times new roman=
, new york, times, serif; font-size: 12pt;"> <div dir=3D"ltr"> <font face=
=3D"Arial" size=3D"2"> <hr size=3D"1">  <b><span style=3D"font-weight:bold;=
">From:</span></b> David Recordon &lt;recordond@gmail.com&gt;<br> <b><span =
style=3D"font-weight: bold;">To:</span></b> Mark Nottingham &lt;mnot@mnot.n=
et&gt;; Eran Hammer &lt;eran@hueniverse.com&gt;; Mike Jones
 &lt;Michael.Jones@microsoft.com&gt; <br><b><span style=3D"font-weight: bol=
d;">Cc:</span></b> Julian Reschke &lt;julian.reschke@gmx.de&gt;; "oauth@iet=
f.org" &lt;oauth@ietf.org&gt; <br> <b><span style=3D"font-weight: bold;">Se=
nt:</span></b> Thursday, May 24, 2012 12:11 AM<br> <b><span style=3D"font-w=
eight: bold;">Subject:</span></b> Re: [OAUTH-WG] FYI - Text resolving DISCU=
SS issue about Bearer URI Query Parameter method<br> </font> </div> <br>=0A=
<div id=3D"yiv878889572">Regardless of how we got here, just feels strange =
to have a strong&nbsp;recommendation&nbsp;against the way the protocol is a=
ctually being used. I completely understand that standards live on for well=
 over eighteen months (or five years if we start with OAuth 1.0) but this f=
eels like we're just going to end up with the vast majority of deployments =
doing what the standard&nbsp;explicitly&nbsp;recommends&nbsp;against. Query=
 parameters are used because they're easy and implementor simplicity was al=
ways something driving design decisions. So at least to me this is not the =
path toward a widely deployed standard.<div>=0A<br></div><div>--David<br><d=
iv><br></div><div><br><div class=3D"yiv878889572gmail_quote">On Thu, May 24=
, 2012 at 12:02 AM, Mike Jones <span dir=3D"ltr">&lt;<a rel=3D"nofollow" ym=
ailto=3D"mailto:Michael.Jones@microsoft.com" target=3D"_blank" href=3D"mail=
to:Michael.Jones@microsoft.com">Michael.Jones@microsoft.com</a>&gt;</span> =
wrote:<br>=0A<blockquote class=3D"yiv878889572gmail_quote" style=3D"margin:=
0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">My recollection is=
 that putting it in an appendix was explicitly rejected in the threads disc=
ussing the DISCUSS issues and no one on those threads pushed back afterward=
s, particularly after Dick's explanations of why it should stay. &nbsp;(Why=
 these DISCUSS discussions don't include the full working group is a myster=
y to me, but apparently that's the way it's done at this stage of the IETF =
spec finalization process. &nbsp;Can anyone tell me why that's the case?)<b=
r>=0A=0A<br>=0AAnyway, since this feature has been in *every* version of th=
e spec, leaving it in hardly seemed to require a consensus call. &nbsp;The =
chairs, of course, can obviously hold one if they believe one is called for=
.<br>=0A<br>=0A &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nb=
sp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Best wishes,<br>=0A &nb=
sp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &=
nbsp; &nbsp; &nbsp; &nbsp; &nbsp;-- Mike<br>=0A<div class=3D"yiv878889572HO=
EnZb"><div class=3D"yiv878889572h5"><br>=0A-----Original Message-----<br>=
=0AFrom: Mark Nottingham [mailto:<a rel=3D"nofollow" ymailto=3D"mailto:mnot=
@mnot.net" target=3D"_blank" href=3D"mailto:mnot@mnot.net">mnot@mnot.net</a=
>]<br>=0ASent: Wednesday, May 23, 2012 11:54 PM<br>=0ATo: Eran Hammer<br>=
=0ACc: Mike Jones; Julian Reschke; <a rel=3D"nofollow" ymailto=3D"mailto:oa=
uth@ietf.org" target=3D"_blank" href=3D"mailto:oauth@ietf.org">oauth@ietf.o=
rg</a><br>=0ASubject: Re: [OAUTH-WG] FYI - Text resolving DISCUSS issue abo=
ut Bearer URI Query Parameter method<br>=0A<br>=0AThanks, Eran - I was just=
 about to ask about that.<br>=0A<br>=0A<br>=0AOn 24/05/2012, at 4:53 PM, Er=
an Hammer wrote:<br>=0A<br>=0A&gt; I don't care about this either way, but =
'explicitly rejected' is an over-reach. I have not seen the chairs make a c=
onsensus call about that, or even formally ask the list.<br>=0A&gt;<br>=0A&=
gt; EH<br>=0A&gt;<br>=0A&gt;<br>=0A&gt;&gt; -----Original Message-----<br>=
=0A&gt;&gt; From: <a rel=3D"nofollow" ymailto=3D"mailto:oauth-bounces@ietf.=
org" target=3D"_blank" href=3D"mailto:oauth-bounces@ietf.org">oauth-bounces=
@ietf.org</a> [mailto:<a rel=3D"nofollow" ymailto=3D"mailto:oauth-bounces@i=
etf.org" target=3D"_blank" href=3D"mailto:oauth-bounces@ietf.org">oauth-bou=
nces@ietf.org</a>] On<br>=0A&gt;&gt; Behalf Of Mike Jones<br>=0A&gt;&gt; Se=
nt: Wednesday, May 23, 2012 11:49 PM<br>=0A&gt;&gt; To: Julian Reschke<br>=
=0A&gt;&gt; Cc: Mark Nottingham; <a rel=3D"nofollow" ymailto=3D"mailto:oaut=
h@ietf.org" target=3D"_blank" href=3D"mailto:oauth@ietf.org">oauth@ietf.org=
</a><br>=0A&gt;&gt; Subject: Re: [OAUTH-WG] FYI - Text resolving DISCUSS is=
sue about<br>=0A&gt;&gt; Bearer URI Query Parameter method<br>=0A&gt;&gt;<b=
r>=0A&gt;&gt; Yes, putting the query parameter method into an appendix was<=
br>=0A&gt;&gt; considered and explicitly rejected. &nbsp;Dick Hardt wrote a=
bout these<br>=0A&gt;&gt; issues in the discussions that led to this decisi=
on, and I'll take<br>=0A&gt;&gt; the liberty of quoting him, as I believe h=
e explained it well:<br>=0A&gt;&gt;<br>=0A&gt;&gt; "The reality is that the=
 world is a messy place. Developers hack the<br>=0A&gt;&gt; architecture to=
 accomplish goals not envisioned by the architects.<br>=0A&gt;&gt; The arch=
itects can accept the reality of the world, or ignore it and<br>=0A&gt;&gt;=
 lose their relevance. In my opinion, putting the query parameter<br>=0A&gt=
;&gt; mechanism into an appendix is ignoring the reality of current<br>=0A&=
gt;&gt; implementations. Adding language to the spec that use of the query<=
br>=0A&gt;&gt; parameter is not architecturally ideal, but accepts the real=
ity of the current web would be far more preferable."<br>=0A&gt;&gt;<br>=0A=
&gt;&gt; "Many sites with substantial security expertise (Google, Facebook,=
<br>=0A&gt;&gt; LinkedIn,<br>=0A&gt;&gt; Foursquare) have chosen to use the=
 query parameter as opposed to the<br>=0A&gt;&gt; header - both methods hav=
e been documented in the drafts since the<br>=0A&gt;&gt; beginning. Clearly=
 from a practical point of view the implementers<br>=0A&gt;&gt; have chosen=
 to use the query parameter. "<br>=0A&gt;&gt;<br>=0A&gt;&gt; "I have read p=
eople proposing dropping it from the spec or pushing it<br>=0A&gt;&gt; to a=
n Appendix. I agree that the security issues need to be<br>=0A&gt;&gt; docu=
mented and the architectural issues called out. I think dropping<br>=0A&gt;=
&gt; it from the spec or pushing it to an appendix is a disservice to<br>=
=0A&gt;&gt; implementers and sends a message that the IETF is not in touch =
with the realities of the web."<br>=0A&gt;&gt;<br>=0A&gt;&gt; &nbsp; &nbsp;=
 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbs=
p; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;-- Mike<br>=0A&gt;&gt;<br>=0A&g=
t;&gt; -----Original Message-----<br>=0A&gt;&gt; From: Julian Reschke [mail=
to:<a rel=3D"nofollow" ymailto=3D"mailto:julian.reschke@gmx.de" target=3D"_=
blank" href=3D"mailto:julian.reschke@gmx.de">julian.reschke@gmx.de</a>]<br>=
=0A&gt;&gt; Sent: Wednesday, May 23, 2012 11:36 PM<br>=0A&gt;&gt; To: Mike =
Jones<br>=0A&gt;&gt; Cc: <a rel=3D"nofollow" ymailto=3D"mailto:oauth@ietf.o=
rg" target=3D"_blank" href=3D"mailto:oauth@ietf.org">oauth@ietf.org</a>; Ma=
rk Nottingham<br>=0A&gt;&gt; Subject: Re: [OAUTH-WG] FYI - Text resolving D=
ISCUSS issue about<br>=0A&gt;&gt; Bearer URI Query Parameter method<br>=0A&=
gt;&gt;<br>=0A&gt;&gt; On 2012-05-18 09:15, Julian Reschke wrote:<br>=0A&gt=
;&gt;&gt; ...<br>=0A&gt;&gt;&gt; Did you consider to *also* move the whole =
section into an appendix,<br>=0A&gt;&gt;&gt; so that it's status is also re=
flected by the document structure?<br>=0A&gt;&gt;&gt;<br>=0A&gt;&gt;&gt; Be=
st regards, Julian<br>=0A&gt;&gt;<br>=0A&gt;&gt; Hi, it would be awesome to=
 see feedback on this (it has been<br>=0A&gt;&gt; mentioned during IETF LC =
multiple times).<br>=0A&gt;&gt;<br>=0A&gt;&gt; Best regards, Julian<br>=0A&=
gt;&gt;<br>=0A&gt;&gt;<br>=0A&gt;&gt; _____________________________________=
__________<br>=0A&gt;&gt; OAuth mailing list<br>=0A&gt;&gt; <a rel=3D"nofol=
low" ymailto=3D"mailto:OAuth@ietf.org" target=3D"_blank" href=3D"mailto:OAu=
th@ietf.org">OAuth@ietf.org</a><br>=0A&gt;&gt; <a rel=3D"nofollow" target=
=3D"_blank" href=3D"https://www.ietf.org/mailman/listinfo/oauth">https://ww=
w.ietf.org/mailman/listinfo/oauth</a><br>=0A<br>=0A--<br>=0AMark Nottingham=
 &nbsp; <a rel=3D"nofollow" target=3D"_blank" href=3D"http://www.mnot.net/"=
>http://www.mnot.net/</a><br>=0A<br>=0A<br>=0A<br>=0A<br>=0A<br>=0A________=
_______________________________________<br>=0AOAuth mailing list<br>=0A<a r=
el=3D"nofollow" ymailto=3D"mailto:OAuth@ietf.org" target=3D"_blank" href=3D=
"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>=0A<a rel=3D"nofollow" target=
=3D"_blank" href=3D"https://www.ietf.org/mailman/listinfo/oauth">https://ww=
w.ietf.org/mailman/listinfo/oauth</a><br>=0A</div></div></blockquote></div>=
<br></div></div>=0A</div><br>______________________________________________=
_<br>OAuth mailing list<br><a ymailto=3D"mailto:OAuth@ietf.org" href=3D"mai=
lto:OAuth@ietf.org">OAuth@ietf.org</a><br><a href=3D"https://www.ietf.org/m=
ailman/listinfo/oauth" target=3D"_blank">https://www.ietf.org/mailman/listi=
nfo/oauth</a><br><br><br> </div> </div> </blockquote></div>   </div></body>=
</html>
---551393103-714622799-1337845565=:93659--

From derek@ihtfp.com  Thu May 24 06:58:49 2012
Return-Path: <derek@ihtfp.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3914621F84A1 for <oauth@ietfa.amsl.com>; Thu, 24 May 2012 06:58:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.988
X-Spam-Level: 
X-Spam-Status: No, score=-101.988 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FUs9-h9Cf0ut for <oauth@ietfa.amsl.com>; Thu, 24 May 2012 06:58:48 -0700 (PDT)
Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) by ietfa.amsl.com (Postfix) with ESMTP id 8EC3521F8643 for <oauth@ietf.org>; Thu, 24 May 2012 06:58:47 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id E5AA326029C; Thu, 24 May 2012 09:58:45 -0400 (EDT)
Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 11198-04; Thu, 24 May 2012 09:58:44 -0400 (EDT)
Received: from mocana.ihtfp.org (IHTFP-DHCP-158.IHTFP.ORG [192.168.248.158]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "cliodev.ihtfp.com", Issuer "IHTFP Consulting Certification Authority" (not verified)) by mail2.ihtfp.org (Postfix) with ESMTPS id 52FA4260084; Thu, 24 May 2012 09:58:44 -0400 (EDT)
Received: (from warlord@localhost) by mocana.ihtfp.org (8.14.5/8.14.5/Submit) id q4ODwcLJ032084; Thu, 24 May 2012 09:58:38 -0400
From: Derek Atkins <derek@ihtfp.com>
To: David Recordon <recordond@gmail.com>
References: <4E1F6AAD24975D4BA5B16804296739436650C7FA@TK5EX14MBXC284.redmond.corp.microsoft.com> <4FB5F703.90907@gmx.de> <4FBDD6C0.2050502@gmx.de> <4E1F6AAD24975D4BA5B168042967394366516BA6@TK5EX14MBXC284.redmond.corp.microsoft.com> <0CBAEB56DDB3A140BA8E8C124C04ECA20104BC07@P3PWEX2MB008.ex2.secureserver.net> <BBA96889-2AEC-4D32-9C9B-C77BB92825ED@mnot.net> <4E1F6AAD24975D4BA5B168042967394366516C38@TK5EX14MBXC284.redmond.corp.microsoft.com> <CAB_mRgNLoRaV4AhUmoS0394Gja6c2sD-APW8sS2tka+NxhP=sQ@mail.gmail.com>
Date: Thu, 24 May 2012 09:58:36 -0400
In-Reply-To: <CAB_mRgNLoRaV4AhUmoS0394Gja6c2sD-APW8sS2tka+NxhP=sQ@mail.gmail.com> (David Recordon's message of "Thu, 24 May 2012 00:11:20 -0700")
Message-ID: <sjmboldy92r.fsf@mocana.ihtfp.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Virus-Scanned: Maia Mailguard 1.0.2a
Cc: Julian Reschke <julian.reschke@gmx.de>, Mark Nottingham <mnot@mnot.net>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] FYI - Text resolving DISCUSS issue about Bearer URI Query Parameter method
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 May 2012 13:58:49 -0000

David,

David Recordon <recordond@gmail.com> writes:

> Regardless of how we got here, just feels strange to have a
> strong=C2=A0recommendation=C2=A0against the way the protocol is actually =
being used. I
> completely understand that standards live on for well over eighteen month=
s (or
> five years if we start with OAuth 1.0) but this feels like we're just goi=
ng to
> end up with the vast majority of deployments doing what the
> standard=C2=A0explicitly=C2=A0recommends=C2=A0against. Query parameters a=
re used because
> they're easy and implementor simplicity was always something driving desi=
gn
> decisions. So at least to me this is not the path toward a widely deployed
> standard.

(speaking as a participant, not the chair)

Just because everyone currently with a gun happens to enjoy shooting
themselves in the foot with it does not imply that we should recommend
that future gun owners shoot themselves in the foot, too.

The applications area, and the HTTP gurus in particular, have strong
opinions about the dangers of standardizing query parameters, with
strong technical arguments about how it is problematic and downright
dangerous.  Historically the query string has been opaque to the
protocol, and now you're asking for it to be less opaque; they object to
that, and rightfully so.

I have no personal preference as to whether we leave this in the main
text or move it into an appendix.  I don't see any harm in leaving it in
the main text with the warning that it's not recommended.  As you point
out, it IS widely deployed.

> --David

-derek

> On Thu, May 24, 2012 at 12:02 AM, Mike Jones <Michael.Jones@microsoft.com>
> wrote:
>
>     My recollection is that putting it in an appendix was explicitly reje=
cted
>     in the threads discussing the DISCUSS issues and no one on those thre=
ads
>     pushed back afterwards, particularly after Dick's explanations of why=
 it
>     should stay. =C2=A0(Why these DISCUSS discussions don't include the f=
ull
>     working group is a mystery to me, but apparently that's the way it's =
done
>     at this stage of the IETF spec finalization process. =C2=A0Can anyone=
 tell me
>     why that's the case?)
>=20=20=20=20
>     Anyway, since this feature has been in *every* version of the spec,
>     leaving it in hardly seemed to require a consensus call. =C2=A0The ch=
airs, of
>     course, can obviously hold one if they believe one is called for.
>=20=20=20=20
>     =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Best wishes,
>     =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0-- Mike
>=20=20=20=20
>     -----Original Message-----
>     From: Mark Nottingham [mailto:mnot@mnot.net]
>     Sent: Wednesday, May 23, 2012 11:54 PM
>     To: Eran Hammer
>     Cc: Mike Jones; Julian Reschke; oauth@ietf.org
>     Subject: Re: [OAUTH-WG] FYI - Text resolving DISCUSS issue about Bear=
er
>     URI Query Parameter method
>=20=20=20=20
>     Thanks, Eran - I was just about to ask about that.
>
>     On 24/05/2012, at 4:53 PM, Eran Hammer wrote:
>=20=20=20=20
>     > I don't care about this either way, but 'explicitly rejected' is an
>     over-reach. I have not seen the chairs make a consensus call about th=
at,
>     or even formally ask the list.
>     >
>     > EH
>     >
>     >
>     >> -----Original Message-----
>     >> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On
>     >> Behalf Of Mike Jones
>     >> Sent: Wednesday, May 23, 2012 11:49 PM
>     >> To: Julian Reschke
>     >> Cc: Mark Nottingham; oauth@ietf.org
>     >> Subject: Re: [OAUTH-WG] FYI - Text resolving DISCUSS issue about
>     >> Bearer URI Query Parameter method
>     >>
>     >> Yes, putting the query parameter method into an appendix was
>     >> considered and explicitly rejected. =C2=A0Dick Hardt wrote about t=
hese
>     >> issues in the discussions that led to this decision, and I'll take
>     >> the liberty of quoting him, as I believe he explained it well:
>     >>
>     >> "The reality is that the world is a messy place. Developers hack t=
he
>     >> architecture to accomplish goals not envisioned by the architects.
>     >> The architects can accept the reality of the world, or ignore it a=
nd
>     >> lose their relevance. In my opinion, putting the query parameter
>     >> mechanism into an appendix is ignoring the reality of current
>     >> implementations. Adding language to the spec that use of the query
>     >> parameter is not architecturally ideal, but accepts the reality of=
 the
>     current web would be far more preferable."
>     >>
>     >> "Many sites with substantial security expertise (Google, Facebook,
>     >> LinkedIn,
>     >> Foursquare) have chosen to use the query parameter as opposed to t=
he
>     >> header - both methods have been documented in the drafts since the
>     >> beginning. Clearly from a practical point of view the implementers
>     >> have chosen to use the query parameter. "
>     >>
>     >> "I have read people proposing dropping it from the spec or pushing=
 it
>     >> to an Appendix. I agree that the security issues need to be
>     >> documented and the architectural issues called out. I think droppi=
ng
>     >> it from the spec or pushing it to an appendix is a disservice to
>     >> implementers and sends a message that the IETF is not in touch wit=
h the
>     realities of the web."
>     >>
>     >> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0-- Mike
>     >>
>     >> -----Original Message-----
>     >> From: Julian Reschke [mailto:julian.reschke@gmx.de]
>     >> Sent: Wednesday, May 23, 2012 11:36 PM
>     >> To: Mike Jones
>     >> Cc: oauth@ietf.org; Mark Nottingham
>     >> Subject: Re: [OAUTH-WG] FYI - Text resolving DISCUSS issue about
>     >> Bearer URI Query Parameter method
>     >>
>     >> On 2012-05-18 09:15, Julian Reschke wrote:
>     >>> ...
>     >>> Did you consider to *also* move the whole section into an appendi=
x,
>     >>> so that it's status is also reflected by the document structure?
>     >>>
>     >>> Best regards, Julian
>     >>
>     >> Hi, it would be awesome to see feedback on this (it has been
>     >> mentioned during IETF LC multiple times).
>     >>
>     >> Best regards, Julian
>     >>

--=20
       Derek Atkins                 617-623-3745
       derek@ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant

From Hannes.Tschofenig@gmx.net  Thu May 24 11:39:12 2012
Return-Path: <Hannes.Tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10E9B11E80C0 for <oauth@ietfa.amsl.com>; Thu, 24 May 2012 11:39:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ir6eVl3iwkDT for <oauth@ietfa.amsl.com>; Thu, 24 May 2012 11:39:11 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id 0F18911E80AF for <oauth@ietf.org>; Thu, 24 May 2012 11:39:10 -0700 (PDT)
Received: (qmail invoked by alias); 24 May 2012 18:39:10 -0000
Received: from a88-115-216-191.elisa-laajakaista.fi (EHLO [192.168.100.101]) [88.115.216.191] by mail.gmx.net (mp039) with SMTP; 24 May 2012 20:39:10 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX18EJY4YBScElSC3g1nt7OI0lcyyzLpEOSQyFa0GBE eJPz3WOFHbTw1O
From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Date: Thu, 24 May 2012 21:39:08 +0300
Message-Id: <699C916A-F8B1-40E8-8C3B-FCC9CBCC2C9F@gmx.net>
To: "oauth@ietf.org WG" <oauth@ietf.org>
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Subject: [OAUTH-WG] Review of draft-ietf-oauth-assertions-03
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 May 2012 18:39:12 -0000

Hi Chuck, Mike, Brian, and Yaron,

I reviewed the document as part of my shepherding role and I believe =
there is still room for improvement with the document. I think the =
document suffers from the problem that you essentially want to cover =
every possible use case in a single document. So, let me start with a =
high-level mail.

You are covering two quite different usage scenarios that are only =
related to each other by the usage of assertions, namely

1. Using Assertions for Client Authentication

2. Using Assertions as Authorization Grants

(Of course these two usages can happen in the same protocol exchange; =
this means that you have two assertions in the same message obtained =
from different entities with potentially very different properties.)
=20
It is OK to have these two cases in a single document but the =
introduction and section 3 need to untangle them and to describe the use =
cases to the reader. In fact, the second part of the document (from =
section 4 onwards) does a better job in separating the two cases. I was =
also wondering what use cases you guys find most interested among all =
the options I list below? What have you implemented and deployed (I need =
that info for the shepherd writeup)? Maybe we should highlight them in =
the intro.

Regarding the security aspects: I assume that the assertions is always =
signed. (I guess you make this assumption as well.)

There are a few considerations:

a) Who creates and signs the assertion?

You sometimes use the term "Security Token Service (STS)" but it is not =
introduced in the terminology. Let us assume that this is a third party =
entity (and not a role the client can take).

So, we have two cases:

 -- Assertions obtained from the STS

 -- Assertions self-generated by the client
=20
Needless to say that the security properties are different between the =
two. In the second case the party receiving the assertion cannot trust =
the content in the assertion since it had been minted by the client, an =
untrusted party.

Also note that the protocol for obtaining the assertion from the STS may =
not have been standardized, which consequently does not necessarily =
increase interoperability when deploying such a solution. Any story for =
this? How did you handle this in your implementations & deployments?=20

Let us focus on the cases where the assertion is obtained from an STS. =
Then, the assertion is signed by the STS (hopefully) and if the client =
presents it then it can do that in two ways:

  -- Conveying the assertion as a Bearer Assertion (i.e., possession is =
the security) and hopefully the exchange runs over TLS. Replay =
protection can be provided via the parameters in the assertion assuming =
the client has a capability to obtain assertions on the fly using some =
protocol to essentially present a refresh assertion with (almost) every =
exchange since otherwise the provided security really suffers.

  -- Using the assertion together with a holder-of-the-key concept. In =
this case the assertion would be signed by the STS and then the client =
in addition needs to show possession of a secret (which is bound to the =
token). This secret (either a shared key or a public/private key pair =
had been obtained somehow).

Furthermore, the document at various places talks about the great =
security properties and I believe that this is a bit misleading. The =
great security properties are only there when you either use

 * a STS obtained assertion with a holder-of-a-key assertion, or

 * let the client sign the assertion (in which case the assertion is =
quite degenerated*).

It may also be worth noting that not all assertions can be signed with =
symmetric as well as asymmetric credentials. A SAML assertion, for =
example, can only be signed with an asymmetric credential (at last to my =
knowledge).

Ciao
Hannes=

From hannes.tschofenig@nsn.com  Fri May 25 00:22:32 2012
Return-Path: <hannes.tschofenig@nsn.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6EAE11E807F for <oauth@ietfa.amsl.com>; Fri, 25 May 2012 00:22:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.538
X-Spam-Level: 
X-Spam-Status: No, score=-106.538 tagged_above=-999 required=5 tests=[AWL=0.059, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IIscKf78oUnW for <oauth@ietfa.amsl.com>; Fri, 25 May 2012 00:22:30 -0700 (PDT)
Received: from demumfd002.nsn-inter.net (demumfd002.nsn-inter.net [93.183.12.31]) by ietfa.amsl.com (Postfix) with ESMTP id 6B11611E8074 for <oauth@ietf.org>; Fri, 25 May 2012 00:22:29 -0700 (PDT)
Received: from demuprx016.emea.nsn-intra.net ([10.150.129.55]) by demumfd002.nsn-inter.net (8.12.11.20060308/8.12.11) with ESMTP id q4P7ML3X025839 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for <oauth@ietf.org>; Fri, 25 May 2012 09:22:21 +0200
Received: from DEMUEXC047.nsn-intra.net ([10.159.32.93]) by demuprx016.emea.nsn-intra.net (8.12.11.20060308/8.12.11) with ESMTP id q4P7MLEZ022580 for <oauth@ietf.org>; Fri, 25 May 2012 09:22:21 +0200
Received: from FIESEXC035.nsn-intra.net ([10.159.0.25]) by DEMUEXC047.nsn-intra.net with Microsoft SMTPSVC(6.0.3790.4675);  Fri, 25 May 2012 09:22:17 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01CD3A47.1D27E637"
Date: Fri, 25 May 2012 10:22:16 +0300
Message-ID: <999913AB42CC9341B05A99BBF358718D017BA762@FIESEXC035.nsn-intra.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: More draft-ietf-oauth-assertions-03 comments
Thread-Index: Ac06Rxzmbo7WvLDeRhmPea9483hHkg==
From: "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com>
To: <oauth@ietf.org>
X-OriginalArrivalTime: 25 May 2012 07:22:17.0689 (UTC) FILETIME=[1D933C90:01CD3A47]
X-purgate-type: clean
X-purgate-Ad: Categorized by eleven eXpurgate (R) http://www.eleven.de
X-purgate: clean
X-purgate: This mail is considered clean (visit http://www.eleven.de for further information)
X-purgate-size: 25203
X-purgate-ID: 151667::1337930543-00005945-83DCA1B9/0-0/0-0
Subject: [OAUTH-WG] More draft-ietf-oauth-assertions-03 comments
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 May 2012 07:22:33 -0000

This is a multi-part message in MIME format.

------_=_NextPart_001_01CD3A47.1D27E637
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Here a few minor comments:

The specification does not provide a lot of hints for the client when an
error occurs. For example, Section 4.1.1 only says "invalid_client" is
something goes wrong with the assertion processing in case of client
authentication. The same is true for the authorization grant error
response in Section 4.2.1.=20

What about errors like?
*	Assertion was not fresh - replay detected (based on the
assertion ID)
*	Issuer unknown or not trusted
*	Assertion couldn't be parsed
*	The assertion format is unknown
*	Signature covering the assertion couldn't be verified
*	Audience does not match
*	Assertion expired (based on 'expired at' element)
*	Missing mandatory elements in the assertion

There are a lot of "SHOULDs" in the specification and I was wondering
why this has to be the case. Typically, there has to be a good reason
why there is a SHOULD rather than a MUST or at least an explanation in
case there are different processing alternatives.=20

For example, Section 5.2 says:=20
"When the client is acting on behalf of itself, the
      Principal SHOULD be the "client_id".
"=20

When the client is acting on his own behalf then it would be good to say
in what cases the principal element does not contain the client_id. In
general, it seems that the client_id and the principal are pretty much
the same thing (the fields just appear twice).=20

The same issue regarding the "SHOULD" shows up in other places as well,
such as with the issuer in the same section: "If an assertion is
self-asserted, the
      Issuer SHOULD be the "client_id"."=20

Again same section: "The Audience SHOULD be the URL of the Authorization
      Server's Token Endpoint."

In case it is not an URL what else should it be? When can this other
case happen?

You also write: "The assertion MUST contain an Issuer."=20
That's great but what is the relationship if the assertion already
contains an issuer as part of the signature that covers the party that
signed the assertion (which is the case in SAML). Do they have to match?

Section 6.3 and Section 6.4 say:

"=20
   o  The grant_type HTTP request parameter MUST indicate the assertion
      format.
"

Is this correct? Shouldn't it be rather=20

"
   o  The "client_assertion_type" HTTP parameter MUST identify the
      assertion format.
"
=20
Difference between Section 6.3 and 6.3: anonymous user or not

These two sections are identical with one exception: the content of the
principal element.=20
Wouldn't it make sense to merge the two cases and then to indicate that
the content of the principal element varies?=20

In Section 6.2 you write:=20

When a client is accessing resources on behalf of itself, it SHOULD
   do so in a manner analogous to the Client Credentials flow defined in
   Section 4.4
<http://tools.ietf.org/html/draft-ietf-oauth-assertions-03>  of OAuth
2.0 [I-D.ietf-oauth-v2
<http://tools.ietf.org/html/draft-ietf-oauth-assertions-03> ].

Use  "Client Credentials Grant flow" instead of "Client Credentials
flow"

In Section 6.3 you write:

"
When a client is accessing resources on behalf of a user, it SHOULD
   be treated as using an assertion as an Authorization Grant according
   to Section 4.2
<http://tools.ietf.org/html/draft-ietf-oauth-assertions-03> .=20
"

This is a confusing sentence. I believe what you are trying to say is
that the description in Section 4.2 MUST be followed.
=20
IANA consideration section: This section is essentially the
communication you have with IANA to request values to be added to
existing registries. It helps them to be specific about what information
you want to get added to what registry.=20

For example, Section 8.1 registers an additional parameter called
"assertion". It would be useful to just say that this is a new entry to
the "OAuth Parameters Registry" established in Section 11.2 of
[I-D.ietf-oauth-v2
<http://tools.ietf.org/html/draft-ietf-oauth-assertions-03> ].=20

As a minor nit here The parameter usage location indicates "client
authentication, token request". Client authentication is not a valid
location per Section 11.2.1.=20

The same comment applies to Section 8.2 and Section 8.3.

Ciao
Hannes


------_=_NextPart_001_01CD3A47.1D27E637
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
6.5.7654.12">
<TITLE>More draft-ietf-oauth-assertions-03 comments</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri">Here a few =
minor comments:</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">The</FONT></SPAN><SPAN LANG=3D"en-us"> <FONT =
FACE=3D"Calibri">specificatio</FONT></SPAN><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">n does not provide a lot of hints for the client when =
an error occurs. For example, Section 4.1.1 only says</FONT></SPAN><SPAN =
LANG=3D"en-us"> <FONT FACE=3D"Calibri">&#8220;</FONT></SPAN><SPAN =
LANG=3D"en-us"><FONT FACE=3D"Calibri">invalid_client</FONT></SPAN><SPAN =
LANG=3D"en-us"><FONT FACE=3D"Calibri">&#8221;</FONT></SPAN><SPAN =
LANG=3D"en-us"><FONT FACE=3D"Calibri"> is something goes wrong with the =
assertion processing in case of client =
authentication.</FONT></SPAN><SPAN LANG=3D"en-us"> <FONT =
FACE=3D"Calibri">The same is true for the authorization grant error =
response in Section 4.2.1. </FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri">What about =
errors like?</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT FACE=3D"Symbol">&#183;<FONT =
FACE=3D"Courier =
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT></FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> =
<FONT FACE=3D"Calibri">Assertion was not fresh</FONT></SPAN><SPAN =
LANG=3D"en-us"> <FONT FACE=3D"Calibri">&#8211;</FONT></SPAN><SPAN =
LANG=3D"en-us"><FONT FACE=3D"Calibri"> replay detected (based on the =
assertion ID)</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT FACE=3D"Symbol">&#183;<FONT =
FACE=3D"Courier =
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT></FONT></SPAN><SPAN =
LANG=3D"en-us"> <FONT FACE=3D"Calibri">Issue</FONT></SPAN><SPAN =
LANG=3D"en-us"><FONT FACE=3D"Calibri">r unknown</FONT></SPAN><SPAN =
LANG=3D"en-us"><FONT FACE=3D"Calibri"> or not trusted</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT FACE=3D"Symbol">&#183;<FONT =
FACE=3D"Courier =
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT></FONT></SPAN><SPAN =
LANG=3D"en-us"> <FONT FACE=3D"Calibri">Assertion =
couldn</FONT></SPAN><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">&#8217;</FONT></SPAN><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">t be parsed</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT FACE=3D"Symbol">&#183;<FONT =
FACE=3D"Courier =
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT></FONT></SPAN><SPAN =
LANG=3D"en-us"> <FONT FACE=3D"Calibri">The assertion format is =
unknown</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT FACE=3D"Symbol">&#183;<FONT =
FACE=3D"Courier =
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT></FONT></SPAN><SPAN =
LANG=3D"en-us"> <FONT FACE=3D"Calibri">Signature covering the assertion =
couldn</FONT></SPAN><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">&#8217;</FONT></SPAN><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">t be verified</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT FACE=3D"Symbol">&#183;<FONT =
FACE=3D"Courier =
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT></FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> <FONT =
FACE=3D"Calibri">Audience does not match</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT FACE=3D"Symbol">&#183;<FONT =
FACE=3D"Courier =
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT></FONT></SPAN><SPAN =
LANG=3D"en-us"> <FONT FACE=3D"Calibri">Assertion expired (based =
on</FONT></SPAN><SPAN LANG=3D"en-us"> <FONT =
FACE=3D"Calibri">&#8216;</FONT></SPAN><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">expired at</FONT></SPAN><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">&#8217;</FONT></SPAN><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri"> element</FONT></SPAN><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">)</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT FACE=3D"Symbol">&#183;<FONT =
FACE=3D"Courier =
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT></FONT></SPAN><SPAN =
LANG=3D"en-us"> <FONT FACE=3D"Calibri">Missing</FONT></SPAN><SPAN =
LANG=3D"en-us"> <FONT FACE=3D"Calibri">mandatory</FONT></SPAN><SPAN =
LANG=3D"en-us"> <FONT FACE=3D"Calibri">elements in the =
assertion</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri">There are a lot =
of</FONT></SPAN><SPAN LANG=3D"en-us"> <FONT =
FACE=3D"Calibri">&#8220;</FONT></SPAN><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">SHOULDs</FONT></SPAN><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">&#8221;</FONT></SPAN><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri"> in the</FONT></SPAN><SPAN LANG=3D"en-us"> <FONT =
FACE=3D"Calibri">specification and I was wondering why this has to be =
the case. Typically, there has to be a good reason why there is a SHOULD =
rather than a MUST or at least an explanation in case there are =
different processing alternatives. </FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri">For example, =
Section 5.2 sa</FONT></SPAN><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">ys: </FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
SIZE=3D2 FACE=3D"Courier New">&#8220;When the client is acting on behalf =
of itself, the</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Courier =
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Principal SHOULD be the =
&quot;client_id&quot;.</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Courier =
New">&#8220;</FONT></SPAN><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Courier New"> </FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri">When =
the client is acting on his own behalf then it would be good to say in =
what cases the principal element does not contain the client_id. In =
general, it seems that the client_id and the principal are pretty much =
the same thing (the</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri"> =
fields just appear twice). </FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri">The same issue =
regarding the</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> <FONT =
FACE=3D"Calibri">&#8220;</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">SHOULD</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">&#8221;</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri"> shows =
up in other places as well, such as with the issuer in the same =
section:</FONT></SPAN><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Courier New"></FONT></SPAN><SPAN LANG=3D"en-us"> <FONT SIZE=3D2 =
FACE=3D"Courier New">&#8220;If an assertion is self-asserted, =
the</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Courier =
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Issuer SHOULD be the =
&quot;client_id&quot;</FONT></SPAN><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Courier New">.</FONT></SPAN><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Courier New">&#8221;</FONT></SPAN><SPAN LANG=3D"en-us"><FONT =
SIZE=3D2 FACE=3D"Courier New"> </FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri">Again =
same section:</FONT></SPAN><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Courier New"></FONT></SPAN><SPAN LANG=3D"en-us"> <FONT SIZE=3D2 =
FACE=3D"Courier New">&#8220;The Audience SHOULD be the URL of the =
Authorization</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Courier =
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Server's Token =
Endpoint.&#8221;</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri">In =
case it is not an URL what else should it be? When can this other case =
happen?</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri">You =
also write:</FONT></SPAN><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Courier New"></FONT></SPAN><SPAN LANG=3D"en-us"> <FONT SIZE=3D2 =
FACE=3D"Courier New">&#8220;The assertion MUST contain an =
Issuer.&#8221;</FONT></SPAN><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Courier New"> </FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">That</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">&#8217;</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri">s =
great but what is the relationship if the assertion already contains an =
issuer as part of the signature that covers the party that =
signe</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri">d the =
assertion (which is the case in SAML). Do they have to =
match?</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri">Section =
6.</FONT></SPAN><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri">3 and =
Section 6.</FONT></SPAN><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri">4 =
say:</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">&#8220;</FONT></SPAN><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri"> </FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp; o&nbsp; The grant_type HTTP =
request parameter MUST indicate the assertion</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Courier =
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; format.</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">&#8220;</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri">Is this =
correct? Shouldn</FONT></SPAN><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">&#8217;</FONT></SPAN><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">t it be rather </FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">&#8220;</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp; o&nbsp; The =
&quot;client_assertion_type&quot; HTTP parameter MUST identify =
the</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Courier =
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; assertion format.</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">&#8220;</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri"></FONT></SPAN><SPAN LANG=3D"en-us">&nbsp;</SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri">Difference =
between Section 6.3 and 6.3: anonymous user or not</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri">These two =
sections are identical with one exception: the content =
of</FONT></SPAN><SPAN LANG=3D"en-us"> <FONT FACE=3D"Calibri">the =
principal element. </FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">Wouldn</FONT></SPAN><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">&#8217;</FONT></SPAN><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">t it make sense to merge the two cases and then to =
indicate that the content of the principal element =
varies?</FONT></SPAN><SPAN LANG=3D"en-us"> </SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri">In Section 6.2 =
you write: </FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
SIZE=3D2 FACE=3D"Courier New">When a client is accessing resources on =
behalf of itself, it SHOULD</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Courier =
New">&nbsp;&nbsp; do so in a manner analogous to the Client Credentials =
flow defined in</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Courier =
New">&nbsp;&nbsp;</FONT></SPAN><SPAN LANG=3D"en-us"> </SPAN><A =
HREF=3D"http://tools.ietf.org/html/draft-ietf-oauth-assertions-03"><SPAN =
LANG=3D"en-us"><U><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier =
New">Section 4.4</FONT></U></SPAN><SPAN LANG=3D"en-us"></SPAN></A><SPAN =
LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Courier New"> of OAuth 2.0 =
[</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><A =
HREF=3D"http://tools.ietf.org/html/draft-ietf-oauth-assertions-03"><SPAN =
LANG=3D"en-us"><U><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier =
New">I-D.ietf-oauth-v2</FONT></U></SPAN><SPAN =
LANG=3D"en-us"></SPAN></A><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Courier New">].</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">Use&nbsp;</FONT></SPAN><SPAN LANG=3D"en-us"> <FONT =
FACE=3D"Calibri">&#8220;</FONT></SPAN><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">Client Credentials Grant flow</FONT></SPAN><SPAN =
LANG=3D"en-us"><FONT FACE=3D"Calibri">&#8221;</FONT></SPAN><SPAN =
LANG=3D"en-us"><FONT FACE=3D"Calibri"> instead of</FONT></SPAN><SPAN =
LANG=3D"en-us"> <FONT FACE=3D"Calibri">&#8220;</FONT></SPAN><SPAN =
LANG=3D"en-us"><FONT FACE=3D"Calibri">Client Credentials =
flow</FONT></SPAN><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">&#8221;</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri">In Section 6.3 =
you write:</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">&#8220;</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
SIZE=3D2 FACE=3D"Courier New">When a client is accessing resources on =
behalf of a user, it SHOULD</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Courier =
New">&nbsp;&nbsp; be treated as using an assertion as an Authorization =
Grant according</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Courier =
New">&nbsp;&nbsp; to</FONT></SPAN><SPAN LANG=3D"en-us"> </SPAN><A =
HREF=3D"http://tools.ietf.org/html/draft-ietf-oauth-assertions-03"><SPAN =
LANG=3D"en-us"><U><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier =
New">Section 4.2</FONT></U></SPAN><SPAN LANG=3D"en-us"></SPAN></A><SPAN =
LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Courier New">. </FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">&#8220;</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri">This is a =
confusing sentence. I believe what you are trying to say is that the =
description in Section 4.2 MUST be followed.</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri"></FONT></SPAN><SPAN LANG=3D"en-us">&nbsp;</SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri">IANA =
consideration section: This section is essentially the communication you =
have with IANA to request values to be added to existing registries. It =
helps t</FONT></SPAN><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri">hem to =
be specific about what information you want to get added to what =
registry. </FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT FACE=3D"Calibri">For example, Section 8.1 registers =
an additional parameter</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri"> =
called</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> <FONT =
FACE=3D"Calibri">&#8220;</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">assertion</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT FACE=3D"Calibri">&#8221;</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT FACE=3D"Calibri">.</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> =
<FONT FACE=3D"Calibri">It would be useful to just say that this is a new =
entry to the</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> <FONT =
FACE=3D"Calibri">&#8220;</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri">OAuth =
Parameters Registry</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">&#8221;</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri"> =
established in Section 11.2 of</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> =
<FONT FACE=3D"Calibri">[</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><A =
HREF=3D"http://tools.ietf.org/html/draft-ietf-oauth-assertions-03"><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT =
FACE=3D"Calibri">I-D.ietf-oauth-v2</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN></A><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">]</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">.</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> </SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri">As a minor nit =
here The parameter usage location indicates</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> =
<FONT FACE=3D"Calibri">&#8220;</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT FACE=3D"Calibri">client authentication, token =
request</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">&#8221;</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri">. =
Client authentication is not a valid location per Section =
11.2.1.</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> </SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri">The same =
comment applies to Section 8.2 and Section 8.3.</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">Ciao</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">Hannes</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN></P>

</BODY>
</HTML>
------_=_NextPart_001_01CD3A47.1D27E637--

From internet-drafts@ietf.org  Fri May 25 10:32:38 2012
Return-Path: <internet-drafts@ietf.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D413A21F871E; Fri, 25 May 2012 10:32:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wIkuBhj+jd9O; Fri, 25 May 2012 10:32:38 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5867921F86B1; Fri, 25 May 2012 10:32:38 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 4.02
Message-ID: <20120525173238.29128.95116.idtracker@ietfa.amsl.com>
Date: Fri, 25 May 2012 10:32:38 -0700
Cc: oauth@ietf.org
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-threatmodel-03.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 May 2012 17:32:39 -0000

A New Internet-Draft is available from the on-line Internet-Drafts director=
ies. This draft is a work item of the Web Authorization Protocol Working Gr=
oup of the IETF.

	Title           : OAuth 2.0 Threat Model and Security Considerations
	Author(s)       : Torsten Lodderstedt
                          Mark McGloin
                          Phil Hunt
	Filename        : draft-ietf-oauth-v2-threatmodel-03.txt
	Pages           : 66
	Date            : 2012-05-25

   This document gives security considerations based on a comprehensive
   threat model for the OAuth 2.0 Protocol.


A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-threatmodel-03.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

This Internet-Draft can be retrieved at:
ftp://ftp.ietf.org/internet-drafts/draft-ietf-oauth-v2-threatmodel-03.txt

The IETF datatracker page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-v2-threatmodel/


From internet-drafts@ietf.org  Fri May 25 10:48:34 2012
Return-Path: <internet-drafts@ietf.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A28D21F8769; Fri, 25 May 2012 10:48:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qc9qjDZyxwJO; Fri, 25 May 2012 10:48:34 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBBC721F873C; Fri, 25 May 2012 10:48:33 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 4.02
Message-ID: <20120525174833.4391.17673.idtracker@ietfa.amsl.com>
Date: Fri, 25 May 2012 10:48:33 -0700
Cc: oauth@ietf.org
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-threatmodel-04.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 May 2012 17:48:34 -0000

A New Internet-Draft is available from the on-line Internet-Drafts director=
ies. This draft is a work item of the Web Authorization Protocol Working Gr=
oup of the IETF.

	Title           : OAuth 2.0 Threat Model and Security Considerations
	Author(s)       : Torsten Lodderstedt
                          Mark McGloin
                          Phil Hunt
	Filename        : draft-ietf-oauth-v2-threatmodel-04.txt
	Pages           : 66
	Date            : 2012-05-25

   This document gives additional security considerations for OAuth,
   beyond those in the OAuth specification, based on a comprehensive
   threat model for the OAuth 2.0 Protocol.


A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-threatmodel-04.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

This Internet-Draft can be retrieved at:
ftp://ftp.ietf.org/internet-drafts/draft-ietf-oauth-v2-threatmodel-04.txt

The IETF datatracker page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-v2-threatmodel/


From Michael.Jones@microsoft.com  Fri May 25 16:10:42 2012
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A39F621F884A; Fri, 25 May 2012 16:10:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.748
X-Spam-Level: 
X-Spam-Status: No, score=-3.748 tagged_above=-999 required=5 tests=[AWL=-0.150, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jetS4vP0O6FI; Fri, 25 May 2012 16:10:38 -0700 (PDT)
Received: from ch1outboundpool.messaging.microsoft.com (ch1ehsobe004.messaging.microsoft.com [216.32.181.184]) by ietfa.amsl.com (Postfix) with ESMTP id CA7D821F8849; Fri, 25 May 2012 16:10:37 -0700 (PDT)
Received: from mail124-ch1-R.bigfish.com (10.43.68.251) by CH1EHSOBE001.bigfish.com (10.43.70.51) with Microsoft SMTP Server id 14.1.225.23; Fri, 25 May 2012 23:10:24 +0000
Received: from mail124-ch1 (localhost [127.0.0.1])	by mail124-ch1-R.bigfish.com (Postfix) with ESMTP id CCFF9202CB; Fri, 25 May 2012 23:10:24 +0000 (UTC)
X-SpamScore: -5
X-BigFish: VS-5(zzc85fh1b0bMzz1202hzz8275bh8275dhz2fh2a8h668h839hd25hf0ah)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC101.redmond.corp.microsoft.com; RD:none; EFVD:NLI
Received-SPF: pass (mail124-ch1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC101.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail124-ch1 (localhost.localdomain [127.0.0.1]) by mail124-ch1 (MessageSwitch) id 1337987423251400_32087; Fri, 25 May 2012 23:10:23 +0000 (UTC)
Received: from CH1EHSMHS008.bigfish.com (snatpool1.int.messaging.microsoft.com [10.43.68.249])	by mail124-ch1.bigfish.com (Postfix) with ESMTP id 2F975100078;	Fri, 25 May 2012 23:10:23 +0000 (UTC)
Received: from TK5EX14HUBC101.redmond.corp.microsoft.com (131.107.125.8) by CH1EHSMHS008.bigfish.com (10.43.70.8) with Microsoft SMTP Server (TLS) id 14.1.225.23; Fri, 25 May 2012 23:10:22 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.189]) by TK5EX14HUBC101.redmond.corp.microsoft.com ([157.54.7.153]) with mapi id 14.02.0298.005; Fri, 25 May 2012 23:10:33 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "oauth@ietf.org" <oauth@ietf.org>, "jose@ietf.org" <jose@ietf.org>
Thread-Topic: Dominick Baier's JWT implementation
Thread-Index: Ac06yQfegSSKbZSrQveyTTB2LcYQgA==
Date: Fri, 25 May 2012 23:10:32 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739436651A42A@TK5EX14MBXC284.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.36]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739436651A42ATK5EX14MBXC284r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Subject: [OAUTH-WG] Dominick Baier's JWT implementation
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 May 2012 23:10:42 -0000

--_000_4E1F6AAD24975D4BA5B16804296739436651A42ATK5EX14MBXC284r_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

FYI - Dominick Baier sent me a note letting me know about his JWT implement=
ation:

http://leastprivilege.com/2012/05/25/json-web-token-jwt-support-in-thinktec=
ture-identitymodel/

Have a good weekend, everyone!

                                                            -- Mike


--_000_4E1F6AAD24975D4BA5B16804296739436651A42ATK5EX14MBXC284r_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-family:"Calibri","sans-serif";}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal"><span lang=3D"DE">FYI - Dominick Baier sent me a not=
e letting me know about his JWT implementation:<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"DE"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"DE"><a href=3D"http://leastprivilege.c=
om/2012/05/25/json-web-token-jwt-support-in-thinktecture-identitymodel/"><s=
pan lang=3D"EN-US">http://leastprivilege.com/2012/05/25/json-web-token-jwt-=
support-in-thinktecture-identitymodel/</span></a><o:p></o:p></span></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Have a good weekend, everyone!<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p; -- Mike<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
</body>
</html>

--_000_4E1F6AAD24975D4BA5B16804296739436651A42ATK5EX14MBXC284r_--

From sakimura@gmail.com  Sat May 26 04:36:09 2012
Return-Path: <sakimura@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92D8621F85A5; Sat, 26 May 2012 04:36:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level: 
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uaEmg5l6+3Hk; Sat, 26 May 2012 04:36:08 -0700 (PDT)
Received: from mail-bk0-f44.google.com (mail-bk0-f44.google.com [209.85.214.44]) by ietfa.amsl.com (Postfix) with ESMTP id 5ABA821F8533; Sat, 26 May 2012 04:36:08 -0700 (PDT)
Received: by bkty8 with SMTP id y8so1600055bkt.31 for <multiple recipients>; Sat, 26 May 2012 04:36:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=S+rashWNgMsvjmRVojFo6oJW/jetoXjbdts+NgtnsJA=; b=x+DFw5xzG0clk3zyotTWitDWbMdrnhZfNZ8NNZa7A3BgnlY/XN1i6yM+bvo2q98jh4 Sz2ZvX01mGoAtp/T+Lp0Ly1D4vIj71cTBpQ3PNtowMAQXWbZgx9yoT8Zpag9V+J9GML9 ztFWkl2kdzlcx9liuD0qkRPuhZ121n5n0Q6PZIG6VxYLImovYp98PHVUewV7DCEWUyPq rXXlIxDnOdrzWxWsstbgQYN7oqNqjCOR9tmEWD0BSuZyiUGx/Z4ro9J+I8DtLzQPb2Kg jPag9FJU9pA/e4OEUSMrMmaK68KQT90GNjGF7I+QioJc+Vxtw8gzC1QIJHWxgNSRiUnH b/Cg==
MIME-Version: 1.0
Received: by 10.204.145.78 with SMTP id c14mr837771bkv.43.1338032167065; Sat, 26 May 2012 04:36:07 -0700 (PDT)
Received: by 10.204.240.143 with HTTP; Sat, 26 May 2012 04:36:07 -0700 (PDT)
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739436651A42A@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <4E1F6AAD24975D4BA5B16804296739436651A42A@TK5EX14MBXC284.redmond.corp.microsoft.com>
Date: Sat, 26 May 2012 20:36:07 +0900
Message-ID: <CABzCy2BucVBz9SwKMrJfatcgww17uSNNBwi3E7JB-QYKUJ6KzA@mail.gmail.com>
From: Nat Sakimura <sakimura@gmail.com>
To: Mike Jones <Michael.Jones@microsoft.com>
Content-Type: multipart/alternative; boundary=00151759338c0418bd04c0eee440
Cc: "oauth@ietf.org" <oauth@ietf.org>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [OAUTH-WG] [jose] Dominick Baier's JWT implementation
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 May 2012 11:36:09 -0000

--00151759338c0418bd04c0eee440
Content-Type: text/plain; charset=ISO-8859-1

So that you know, Edmund Jay has implemented JWS including GCM for PHP.

On Sat, May 26, 2012 at 8:10 AM, Mike Jones <Michael.Jones@microsoft.com>wrote:

>  FYI - Dominick Baier sent me a note letting me know about his JWT
> implementation:****
>
> ** **
>
>
> http://leastprivilege.com/2012/05/25/json-web-token-jwt-support-in-thinktecture-identitymodel/
> ****
>
> ** **
>
> Have a good weekend, everyone!****
>
> ** **
>
>                                                             -- Mike****
>
> ** **
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>
>


-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en

--00151759338c0418bd04c0eee440
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

So that you know, Edmund Jay has implemented JWS including GCM for PHP.=A0<=
br><br><div class=3D"gmail_quote">On Sat, May 26, 2012 at 8:10 AM, Mike Jon=
es <span dir=3D"ltr">&lt;<a href=3D"mailto:Michael.Jones@microsoft.com" tar=
get=3D"_blank">Michael.Jones@microsoft.com</a>&gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">





<div lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div>
<p class=3D"MsoNormal"><span lang=3D"DE">FYI - Dominick Baier sent me a not=
e letting me know about his JWT implementation:<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span lang=3D"DE"><u></u>=A0<u></u></span></p>
<p class=3D"MsoNormal"><span lang=3D"DE"><a href=3D"http://leastprivilege.c=
om/2012/05/25/json-web-token-jwt-support-in-thinktecture-identitymodel/" ta=
rget=3D"_blank"><span lang=3D"EN-US">http://leastprivilege.com/2012/05/25/j=
son-web-token-jwt-support-in-thinktecture-identitymodel/</span></a><u></u><=
u></u></span></p>

<p class=3D"MsoNormal"><u></u>=A0<u></u></p>
<p class=3D"MsoNormal">Have a good weekend, everyone!<span class=3D"HOEnZb"=
><font color=3D"#888888"><u></u><u></u></font></span></p><span class=3D"HOE=
nZb"><font color=3D"#888888">
<p class=3D"MsoNormal"><u></u>=A0<u></u></p>
<p class=3D"MsoNormal">=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 -- Mike<u></u><u></u></=
p>
<p class=3D"MsoNormal"><u></u>=A0<u></u></p>
</font></span></div>
</div>

<br>_______________________________________________<br>
jose mailing list<br>
<a href=3D"mailto:jose@ietf.org">jose@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/jose" target=3D"_blank">ht=
tps://www.ietf.org/mailman/listinfo/jose</a><br>
<br></blockquote></div><br><br clear=3D"all"><div><br></div>-- <br>Nat Saki=
mura (=3Dnat)<div>Chairman, OpenID Foundation<br><a href=3D"http://nat.saki=
mura.org/" target=3D"_blank">http://nat.sakimura.org/</a><br>@_nat_en</div>=
<br>


--00151759338c0418bd04c0eee440--

From internet-drafts@ietf.org  Sun May 27 01:41:51 2012
Return-Path: <internet-drafts@ietf.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2507221F84CD; Sun, 27 May 2012 01:41:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZKSiKUdjyrWU; Sun, 27 May 2012 01:41:50 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26CBD21F8463; Sun, 27 May 2012 01:41:50 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 4.02
Message-ID: <20120527084150.26400.88469.idtracker@ietfa.amsl.com>
Date: Sun, 27 May 2012 01:41:50 -0700
Cc: oauth@ietf.org
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-revocation-00.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 May 2012 08:41:51 -0000

A New Internet-Draft is available from the on-line Internet-Drafts director=
ies. This draft is a work item of the Web Authorization Protocol Working Gr=
oup of the IETF.

	Title           : Token Revocation
	Author(s)       : Torsten Lodderstedt
                          Stefanie Dronia
                          Marius Scurtescu
	Filename        : draft-ietf-oauth-revocation-00.txt
	Pages           : 6
	Date            : 2012-05-26

   This draft proposes an additional endpoint for OAuth authorization
   servers for revoking tokens.



A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-oauth-revocation-00.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

This Internet-Draft can be retrieved at:
ftp://ftp.ietf.org/internet-drafts/draft-ietf-oauth-revocation-00.txt

The IETF datatracker page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-revocation/


From michiel@unhosted.org  Sun May 27 04:20:04 2012
Return-Path: <michiel@unhosted.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C68621F8498 for <oauth@ietfa.amsl.com>; Sun, 27 May 2012 04:20:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.977
X-Spam-Level: 
X-Spam-Status: No, score=-2.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tB12baKjUBEe for <oauth@ietfa.amsl.com>; Sun, 27 May 2012 04:20:03 -0700 (PDT)
Received: from mail-pz0-f44.google.com (mail-pz0-f44.google.com [209.85.210.44]) by ietfa.amsl.com (Postfix) with ESMTP id D1A4221F8450 for <oauth@ietf.org>; Sun, 27 May 2012 04:20:03 -0700 (PDT)
Received: by dacx6 with SMTP id x6so2941715dac.31 for <oauth@ietf.org>; Sun, 27 May 2012 04:20:03 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:content-type:content-transfer-encoding :x-gm-message-state; bh=GDUMAQYBnd8Gs5h7kpQyxfTQxhzMMkczP6shxP1yw+I=; b=pGai5nV7M9qvj3prbxasJgPYMfBGe+XdNqMo6Zb4BQEsfKZlTxyjsO2x6kYr0uojJx nzNO5P5rhOR7w/+/XBXvvaNGXUAI2vOu4iDSOjlYIofWRh0aRMegnkKCBorXqd2GzGIy +0rRJkISvulpBh/SVeTESYULFp52rn2T/3beYLu6cl3MkNsKUJcFfgp6Rz0JubFzgpd4 9OhJYUisxD57rXYyAHC8Ugy+PDmFLPl2+QHfCSKCESD9UG45e2YZBBY2bOIQ2a/6eTFp E7aihG75BsYbO9wMDgEmnO3zE6vr+4j/1dH3EmyYOvHiaeef/CkFcM4L/dYv9gWbqp7d 5PJg==
MIME-Version: 1.0
Received: by 10.68.239.161 with SMTP id vt1mr16470702pbc.15.1338117603481; Sun, 27 May 2012 04:20:03 -0700 (PDT)
Received: by 10.68.57.102 with HTTP; Sun, 27 May 2012 04:20:03 -0700 (PDT)
X-Originating-IP: [141.20.192.219]
In-Reply-To: <20120527084150.26400.88469.idtracker@ietfa.amsl.com>
References: <20120527084150.26400.88469.idtracker@ietfa.amsl.com>
Date: Sun, 27 May 2012 13:20:03 +0200
Message-ID: <CA+aD3u1zukD=S+OuvsK9KBLXYLEeOMvSVvb2QUPd3_ST=Gha7g@mail.gmail.com>
From: Michiel de Jong <michiel@unhosted.org>
To: oauth@ietf.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQkVS/2DoaltWvxVVseeAEzBcWLnvKI27ktq3H8c2uJ5BrOqU7PCE7NigZIvqPK0sphr9J/C
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-revocation-00.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 May 2012 11:20:04 -0000

awesome! just that - first thing that catches the eye right when you
skim the table of contents is:

why did you use JSONP instead of its CORS? You can read more about CORS her=
e:

http://enable-cors.org/
http://en.wikipedia.org/wiki/Cross-origin_resource_sharing#CORS_relationshi=
p_to_JSONP

On Sun, May 27, 2012 at 10:41 AM,  <internet-drafts@ietf.org> wrote:
>
> A New Internet-Draft is available from the on-line Internet-Drafts direct=
ories. This draft is a work item of the Web Authorization Protocol Working =
Group of the IETF.
>
> =A0 =A0 =A0 =A0Title =A0 =A0 =A0 =A0 =A0 : Token Revocation
> =A0 =A0 =A0 =A0Author(s) =A0 =A0 =A0 : Torsten Lodderstedt
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0Stefanie Dronia
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0Marius Scurtescu
> =A0 =A0 =A0 =A0Filename =A0 =A0 =A0 =A0: draft-ietf-oauth-revocation-00.t=
xt
> =A0 =A0 =A0 =A0Pages =A0 =A0 =A0 =A0 =A0 : 6
> =A0 =A0 =A0 =A0Date =A0 =A0 =A0 =A0 =A0 =A0: 2012-05-26
>
> =A0 This draft proposes an additional endpoint for OAuth authorization
> =A0 servers for revoking tokens.
>
>
>
> A URL for this Internet-Draft is:
> http://www.ietf.org/internet-drafts/draft-ietf-oauth-revocation-00.txt
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
> This Internet-Draft can be retrieved at:
> ftp://ftp.ietf.org/internet-drafts/draft-ietf-oauth-revocation-00.txt
>
> The IETF datatracker page for this Internet-Draft is:
> https://datatracker.ietf.org/doc/draft-ietf-oauth-revocation/
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

From torsten@lodderstedt.net  Sun May 27 06:05:51 2012
Return-Path: <torsten@lodderstedt.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C39BA21F852B for <oauth@ietfa.amsl.com>; Sun, 27 May 2012 06:05:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.249
X-Spam-Level: 
X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eRi0-ci1jw3l for <oauth@ietfa.amsl.com>; Sun, 27 May 2012 06:05:51 -0700 (PDT)
Received: from smtprelay03.ispgateway.de (smtprelay03.ispgateway.de [80.67.29.28]) by ietfa.amsl.com (Postfix) with ESMTP id A329121F851C for <oauth@ietf.org>; Sun, 27 May 2012 06:05:50 -0700 (PDT)
Received: from [91.2.91.188] (helo=[192.168.71.36]) by smtprelay03.ispgateway.de with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.68) (envelope-from <torsten@lodderstedt.net>) id 1SYdAK-0007FI-0L; Sun, 27 May 2012 15:05:48 +0200
Message-ID: <4FC226AD.10102@lodderstedt.net>
Date: Sun, 27 May 2012 15:05:49 +0200
From: Torsten Lodderstedt <torsten@lodderstedt.net>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: Michiel de Jong <michiel@unhosted.org>
References: <20120527084150.26400.88469.idtracker@ietfa.amsl.com> <CA+aD3u1zukD=S+OuvsK9KBLXYLEeOMvSVvb2QUPd3_ST=Gha7g@mail.gmail.com>
In-Reply-To: <CA+aD3u1zukD=S+OuvsK9KBLXYLEeOMvSVvb2QUPd3_ST=Gha7g@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Df-Sender: dG9yc3RlbkBsb2RkZXJzdGVkdC1vbmxpbmUuZGU=
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-revocation-00.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 May 2012 13:05:51 -0000

Hi Michiel,

shouldn't the revocation POST request work fine with CORS? Or is there 
something we need to specify in order to make it work?

best regards,
Torsten.

Am 27.05.2012 13:20, schrieb Michiel de Jong:
> awesome! just that - first thing that catches the eye right when you
> skim the table of contents is:
>
> why did you use JSONP instead of its CORS? You can read more about CORS here:
>
> http://enable-cors.org/
> http://en.wikipedia.org/wiki/Cross-origin_resource_sharing#CORS_relationship_to_JSONP
>
> On Sun, May 27, 2012 at 10:41 AM,<internet-drafts@ietf.org>  wrote:
>> A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Web Authorization Protocol Working Group of the IETF.
>>
>>         Title           : Token Revocation
>>         Author(s)       : Torsten Lodderstedt
>>                           Stefanie Dronia
>>                           Marius Scurtescu
>>         Filename        : draft-ietf-oauth-revocation-00.txt
>>         Pages           : 6
>>         Date            : 2012-05-26
>>
>>    This draft proposes an additional endpoint for OAuth authorization
>>    servers for revoking tokens.
>>
>>
>>
>> A URL for this Internet-Draft is:
>> http://www.ietf.org/internet-drafts/draft-ietf-oauth-revocation-00.txt
>>
>> Internet-Drafts are also available by anonymous FTP at:
>> ftp://ftp.ietf.org/internet-drafts/
>>
>> This Internet-Draft can be retrieved at:
>> ftp://ftp.ietf.org/internet-drafts/draft-ietf-oauth-revocation-00.txt
>>
>> The IETF datatracker page for this Internet-Draft is:
>> https://datatracker.ietf.org/doc/draft-ietf-oauth-revocation/
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

From internet-drafts@ietf.org  Sun May 27 06:09:15 2012
Return-Path: <internet-drafts@ietf.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8B8921F853C; Sun, 27 May 2012 06:09:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X8NGV7MiaHBq; Sun, 27 May 2012 06:09:15 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 349B421F851C; Sun, 27 May 2012 06:09:15 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 4.02
Message-ID: <20120527130915.4045.68018.idtracker@ietfa.amsl.com>
Date: Sun, 27 May 2012 06:09:15 -0700
Cc: oauth@ietf.org
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-threatmodel-05.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 May 2012 13:09:15 -0000

A New Internet-Draft is available from the on-line Internet-Drafts director=
ies. This draft is a work item of the Web Authorization Protocol Working Gr=
oup of the IETF.

	Title           : OAuth 2.0 Threat Model and Security Considerations
	Author(s)       : Torsten Lodderstedt
                          Mark McGloin
                          Phil Hunt
	Filename        : draft-ietf-oauth-v2-threatmodel-05.txt
	Pages           : 66
	Date            : 2012-05-27

   This document gives additional security considerations for OAuth,
   beyond those in the OAuth specification, based on a comprehensive
   threat model for the OAuth 2.0 Protocol.


A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-threatmodel-05.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

This Internet-Draft can be retrieved at:
ftp://ftp.ietf.org/internet-drafts/draft-ietf-oauth-v2-threatmodel-05.txt

The IETF datatracker page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-v2-threatmodel/


From leifj@mnt.se  Sun May 27 13:32:49 2012
Return-Path: <leifj@mnt.se>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69A2821F854C for <oauth@ietfa.amsl.com>; Sun, 27 May 2012 13:32:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.202
X-Spam-Level: 
X-Spam-Status: No, score=-2.202 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M6TJiBn2dVbQ for <oauth@ietfa.amsl.com>; Sun, 27 May 2012 13:32:48 -0700 (PDT)
Received: from mail-lb0-f172.google.com (mail-lb0-f172.google.com [209.85.217.172]) by ietfa.amsl.com (Postfix) with ESMTP id 060CC21F8548 for <oauth@ietf.org>; Sun, 27 May 2012 13:32:47 -0700 (PDT)
Received: by lbbgo11 with SMTP id go11so1795336lbb.31 for <oauth@ietf.org>; Sun, 27 May 2012 13:32:46 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=references:in-reply-to:mime-version:content-transfer-encoding :content-type:message-id:cc:x-mailer:from:subject:date:to :x-gm-message-state; bh=FGeTvLIGpjFxQT4TZ5IsleKDnq2FlXNefvFwRSXKvJs=; b=OwDkMuQOH3U/qnwnpxHFxaQjd9XqrGwZ00PjR3hgPhUbHvCB9LvndkLwcqs2cp/OG8 mMyePgyGlzObmjIUwxtnRAr/MMP/Y0Ch6xT2I+o33Loe54wtL0LIsuGqJu9T+AoLbvRH 68YRL0vh+wwRz5cB35e/uiHFCCZvWPk+ycdFGnMn9bSKfxpUkGPrVaD1ozmeOfrB8Bsr 0d695Ga+BDbpa9J+D874G94H0B8TA42FHedp+kMc/ZkesDuy4e9utHG9QSHVOiQZR/nQ 1ELfgOAZkOF1LQWVNHNpxSK9NIwWff5VcVZjA9xwALcDSmrocS3DHX1QwxhGprtv5qmx 9lJw==
Received: by 10.152.125.116 with SMTP id mp20mr5985504lab.19.1338150766542; Sun, 27 May 2012 13:32:46 -0700 (PDT)
Received: from [10.0.0.232] (ua-83-227-179-169.cust.bredbandsbolaget.se. [83.227.179.169]) by mx.google.com with ESMTPS id hz16sm15057554lab.6.2012.05.27.13.32.44 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 27 May 2012 13:32:45 -0700 (PDT)
References: <4E1F6AAD24975D4BA5B16804296739436651A42A@TK5EX14MBXC284.redmond.corp.microsoft.com> <CABzCy2BucVBz9SwKMrJfatcgww17uSNNBwi3E7JB-QYKUJ6KzA@mail.gmail.com>
In-Reply-To: <CABzCy2BucVBz9SwKMrJfatcgww17uSNNBwi3E7JB-QYKUJ6KzA@mail.gmail.com>
Mime-Version: 1.0 (1.0)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/alternative; boundary=Apple-Mail-EFFFCB7F-5E11-48FA-95C6-ABF8839B7C0F
Message-Id: <9146C20B-A06A-4EB7-B515-F008AB136398@mnt.se>
X-Mailer: iPad Mail (9B206)
From: Leif Johansson <leifj@mnt.se>
Date: Sun, 27 May 2012 22:32:40 +0200
To: Nat Sakimura <sakimura@gmail.com>
X-Gm-Message-State: ALoCoQkpILw/SW1ZqlvwrGONUQexdhH5CLAlGttMo9I3V2SfiFkuMRqWhjlme1LbFvoEqlFW+Q5J
Cc: "oauth@ietf.org" <oauth@ietf.org>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [OAUTH-WG] [jose] Dominick Baier's JWT implementation
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 May 2012 20:32:49 -0000

--Apple-Mail-EFFFCB7F-5E11-48FA-95C6-ABF8839B7C0F
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

On that topic: what is the most current/complete implementation for python?



26 maj 2012 kl. 13:36 skrev Nat Sakimura <sakimura@gmail.com>:

> So that you know, Edmund Jay has implemented JWS including GCM for PHP.=20=

>=20
> On Sat, May 26, 2012 at 8:10 AM, Mike Jones <Michael.Jones@microsoft.com> w=
rote:
> FYI - Dominick Baier sent me a note letting me know about his JWT implemen=
tation:
>=20
> =20
>=20
> http://leastprivilege.com/2012/05/25/json-web-token-jwt-support-in-thinkte=
cture-identitymodel/
>=20
> =20
>=20
> Have a good weekend, everyone!
>=20
> =20
>=20
>                                                             -- Mike
>=20
> =20
>=20
>=20
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>=20
>=20
>=20
>=20
> --=20
> Nat Sakimura (=3Dnat)
> Chairman, OpenID Foundation
> http://nat.sakimura.org/
> @_nat_en
>=20
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose

--Apple-Mail-EFFFCB7F-5E11-48FA-95C6-ABF8839B7C0F
Content-Transfer-Encoding: 7bit
Content-Type: text/html;
	charset=utf-8

<html><head></head><body bgcolor="#FFFFFF"><div>On that topic: what is the most current/complete implementation for python?<br><br><br></div><div><br>26 maj 2012 kl. 13:36 skrev Nat Sakimura &lt;<a href="mailto:sakimura@gmail.com">sakimura@gmail.com</a>&gt;:<br><br></div><div></div><blockquote type="cite"><div>So that you know, Edmund Jay has implemented JWS including GCM for PHP.&nbsp;<br><br><div class="gmail_quote">On Sat, May 26, 2012 at 8:10 AM, Mike Jones <span dir="ltr">&lt;<a href="mailto:Michael.Jones@microsoft.com" target="_blank">Michael.Jones@microsoft.com</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">





<div lang="EN-US" link="blue" vlink="purple">
<div>
<p class="MsoNormal"><span lang="DE">FYI - Dominick Baier sent me a note letting me know about his JWT implementation:<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="DE"><u></u>&nbsp;<u></u></span></p>
<p class="MsoNormal"><span lang="DE"><a href="http://leastprivilege.com/2012/05/25/json-web-token-jwt-support-in-thinktecture-identitymodel/" target="_blank"><span lang="EN-US">http://leastprivilege.com/2012/05/25/json-web-token-jwt-support-in-thinktecture-identitymodel/</span></a><u></u><u></u></span></p>

<p class="MsoNormal"><u></u>&nbsp;<u></u></p>
<p class="MsoNormal">Have a good weekend, everyone!<span class="HOEnZb"><font color="#888888"><u></u><u></u></font></span></p><span class="HOEnZb"><font color="#888888">
<p class="MsoNormal"><u></u>&nbsp;<u></u></p>
<p class="MsoNormal">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- Mike<u></u><u></u></p>
<p class="MsoNormal"><u></u>&nbsp;<u></u></p>
</font></span></div>
</div>

<br>_______________________________________________<br>
jose mailing list<br>
<a href="mailto:jose@ietf.org">jose@ietf.org</a><br>
<a href="https://www.ietf.org/mailman/listinfo/jose" target="_blank">https://www.ietf.org/mailman/listinfo/jose</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br>Nat Sakimura (=nat)<div>Chairman, OpenID Foundation<br><a href="http://nat.sakimura.org/" target="_blank">http://nat.sakimura.org/</a><br>@_nat_en</div><br>

</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>jose mailing list</span><br><span><a href="mailto:jose@ietf.org">jose@ietf.org</a></span><br><span><a href="https://www.ietf.org/mailman/listinfo/jose">https://www.ietf.org/mailman/listinfo/jose</a></span><br></div></blockquote></body></html>
--Apple-Mail-EFFFCB7F-5E11-48FA-95C6-ABF8839B7C0F--

From roland.hedberg@adm.umu.se  Sun May 27 23:49:16 2012
Return-Path: <roland.hedberg@adm.umu.se>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 838F521F84FF; Sun, 27 May 2012 23:49:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.76
X-Spam-Level: 
X-Spam-Status: No, score=-4.76 tagged_above=-999 required=5 tests=[BAYES_05=-1.11, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BaNwuJXmiFX1; Sun, 27 May 2012 23:49:16 -0700 (PDT)
Received: from smtp1.umu.se (kaffir.umdc.umu.se [130.239.2.98]) by ietfa.amsl.com (Postfix) with ESMTP id B953221F847C; Sun, 27 May 2012 23:49:15 -0700 (PDT)
Received: by smtp1.umu.se (Postfix, from userid 8) id 18824176; Mon, 28 May 2012 08:49:14 +0200 (CEST)
X-Scanned-By: ClamAV
Received: from lingon.ladok.umu.se (lingon.ladok.umu.se [130.239.200.165]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp1.umu.se (Postfix) with ESMTP id E733E109; Mon, 28 May 2012 08:49:13 +0200 (CEST)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset=iso-8859-1
From: Roland Hedberg <roland.hedberg@adm.umu.se>
In-Reply-To: <9146C20B-A06A-4EB7-B515-F008AB136398@mnt.se>
Date: Mon, 28 May 2012 08:49:25 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <354C79A3-6A11-4B49-86FA-830269B99767@adm.umu.se>
References: <4E1F6AAD24975D4BA5B16804296739436651A42A@TK5EX14MBXC284.redmond.corp.microsoft.com> <CABzCy2BucVBz9SwKMrJfatcgww17uSNNBwi3E7JB-QYKUJ6KzA@mail.gmail.com> <9146C20B-A06A-4EB7-B515-F008AB136398@mnt.se>
To: Leif Johansson <leifj@mnt.se>
X-Mailer: Apple Mail (2.1278)
Cc: "oauth@ietf.org" <oauth@ietf.org>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [OAUTH-WG] [jose] Dominick Baier's JWT implementation
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 May 2012 06:49:16 -0000

27 maj 2012 kl. 22:32 skrev Leif Johansson:

> On that topic: what is the most current/complete implementation for =
python?

I did a search half a year ago for JWT implementations in Python.
Found two: PyJWT by Jeff Lindsay and jwt-python by Andrew Ekstedt.

I used parts from both of them and did my own version.
It's part of my OpenID Connect implementation.

-- Roland
------------------------------------------------------
Roland Hedberg
IT Architect/Senior Researcher
ICT Services and System Development (ITS)=20
Ume=E5 University=20
SE-901 87 Ume=E5, Sweden=09
Phone +46 90 786 68 44
Mobile +46 70 696 68 44=20
www.its.umu.se=20


From stephen.farrell@cs.tcd.ie  Mon May 28 11:34:46 2012
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC94A21F8621 for <oauth@ietfa.amsl.com>; Mon, 28 May 2012 11:34:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.399
X-Spam-Level: 
X-Spam-Status: No, score=-99.399 tagged_above=-999 required=5 tests=[BAYES_50=0.001, J_CHICKENPOX_52=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nytEjl85oivf for <oauth@ietfa.amsl.com>; Mon, 28 May 2012 11:34:44 -0700 (PDT)
Received: from scss.tcd.ie (hermes.scss.tcd.ie [IPv6:2001:770:10:200:889f:cdff:fe8d:ccd2]) by ietfa.amsl.com (Postfix) with ESMTP id 731A721F861E for <oauth@ietf.org>; Mon, 28 May 2012 11:34:43 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id 0B7691543C3 for <oauth@ietf.org>; Mon, 28 May 2012 19:34:41 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:subject:mime-version :user-agent:from:date:message-id:received:received: x-virus-scanned; s=cs; t=1338230078; bh=VEZU2mhZWta1Y1k1K34igqkl xi7kT1zU6wtu1n1j+Io=; b=TGDBqRl/Yfh9yNdZVuieBcJAZvxuPm5inQzdD/Sq qFzHIy6R3jt5Jd5MajYaPPbyDESD0RPDDV41EVrZy1TQ6jhCFuu0ciKQd/4D6ZSs NL+nXUZM3yF6ZfhwqwC4IsyzItgI6bzCbA+0/s1FCFfua/SaMLu2JZf0P+Eafqlb TFqwsXKO4dA6Ddpuxl4XM6c0eQwMph/Ph2uEUjcf6fU1yxZ0cR3sg8xcvvV+dpOh R6G34A0wCKnXKasHvLGdjtxgJ3lUGN9M3rnJnziXvE92CeVMiIojm9yXuYTGvcwc E1T1DX2kEPfFMuzsnjljl2OGA1BSnK2FAQUaqZD9/G+hRw==
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id XH7kb1Atcq4O for <oauth@ietf.org>; Mon, 28 May 2012 19:34:38 +0100 (IST)
Received: from [IPv6:2001:770:10:203:8524:e1ba:bcbc:c18] (unknown [IPv6:2001:770:10:203:8524:e1ba:bcbc:c18]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id 004001543B8 for <oauth@ietf.org>; Mon, 28 May 2012 19:34:37 +0100 (IST)
Message-ID: <4FC3C53E.8020704@cs.tcd.ie>
Date: Mon, 28 May 2012 19:34:38 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120430 Thunderbird/12.0.1
MIME-Version: 1.0
To: "oauth@ietf.org" <oauth@ietf.org>
X-Enigmail-Version: 1.4.1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: [OAUTH-WG] AD review of draft-ietf-oauth-threatmodel-05
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 May 2012 18:34:46 -0000

Hi all,

I've gotten the publication request for oauth-threatmodel
so here's my AD review of -05.

Its quite a read (and a good one) but I've a bunch of
questions. Some of these will need fixing I suspect
but a lot are ok to fix later after IETF LC, depending
on whether the authors want to re-spin it before then
or not. But I'd like to at least see reactions to the
questions before I start IETF LC.

Although there are many many nits and typos, those
don't actually make the document unreadable so
though I'd prefer to see 'em fixed now, I'm ok with
that happening later if its a problem to get it
all done now.

If you want to argue for going ahead with IETF LC
now please do so, but I suspect that this might need
a revised ID to fix at least a couple of the points
raised below. If nobody does argue to go ahead now,
I'll mark it as revised ID needed, but first let's
see what the answers are to the questions.

Cheers,
S.


(1) s/RFC1750/RFC4086/ is needed as noted in the write-up.

(2) You don't say anything about the probability of
occurrence of the various threats. I realise that you
can't be precise but it seems wrong to say nothing.  Would
it be worth at least saying that that's not done here and
that readers of this document need to do their own risk
analysis including that aspect?

(3) Many deployments will use TLS accelerators.  That
means that TLS isn't fully e2e, and that opens up some
(mainly) insider attacks or attacks that can be launched
from within a compromised DMZ, but from outside the server
applications. Does that need a mention somewhere? (I've
seen systems like that deployed and a lot could go wrong
from the inside, so I think this is a real threat.)

(4) Could you use just one of "client identity" or "client
identifier" consistently? I'd much prefer the latter,
which has also been the outcome of various discussions on
this topic elsewhere. For example you say "revocation of
such an identity" at the end of p13, and that's a
potential rathole, better to say "revocation of the rights
associated with a client identifier" or similar I think.
And similar changes throughout.

(5) 4.4.2.2: Here you recommend native applications should
use an embedded browser, but earlier you said that was a
bad idea. I think you need to be consistent or else
provide more about when its ok to embed and when its not.
Did I misread it or does that need a change?

(6) 4.4.3.1: This calls for "obfuscation" of passwords in
logs. I think you ought be stronger there and call for
strong encryption of passwords wherever they are stored,
be that logs or DBs or whatever. Would'nt that be reasonable?

(7) 4.6.4: 1st countermeasure: I don't think you mean
address here (in the sense of an IP address, which is what
that means) but rather the domain name or FQDN or URL.  In
any case, you need to say what is meant clearly.  (Also in
5.1.5.6 and elsewhere when you use the term "address".)

(8) 4.6.6: You say to use Cache-Control, but don't say
how.  Is more needed really? Maybe there's a good document
you could reference for that? (I'm not suggesting you add
a lecture on caching btw:-)

(9) 5.1.1: needs a reference to RFC 5246 (and better to
just say TLS and not say SSL, at least for me :-)

(10) 5.1.1: needs a reference to whatever you mean by
"VPN" since there are many types of VPN. I assume you mean
an IPsec VPN? But even if not, saying more would be good.

(11) 5.1.2: needs a reference to RFC 5280 and/or RFC 6125
and/or RFC 2818. Bascially, you need to say how this is
done (by reference).

(12) 5.1.4.1: Isn't there some good reference you can give
here? (Having said that, I'd have to go look myself, but
I'd maybe start with owasp or sans.)

(13) 5.1.4.2.2: if p(collision) should be <=2^(-160) then
what's the point of saying it ought be <= 2^(-128)? Also
if sha-1 were perfect, then the 160 bits output would
really have a collision probability of about 2^(-80) with
many many tokens, but not 2^(-160). I think you need
to fix something there.  Perhaps you're really saying that
all high-entropy secrets should be >=128 bits long and
constructed with a good (P)RNG? If so, saying so more
clearly would be better. Not everyone will get the
collision probability way of saying that even when its
properly stated. (This text is also repeated, be better if
you just said this once I think.)

(14) 5.1.5.2: what is a "reasonable duration" - I don't
think its ok to say that but nothing else. Can't you give
some "reasonable" examples based on current usage?

(15) 5.1.5.5: needs a reference to SAML assertions with
the current text.

(16) 5.2.2.3: this describes a refresh token rotation
scheme that I don't recall being discussed on the list, so
this is just to check that that rotation scheme, as
described, doesn't ring any alarms bells for the WG. If
not, that's fine. And if it was discussed on the list and
I've forgotten, then sorry about that:-)

(17) 5.2.2.5: Using IMEI's like this has privacy
implications that I think you ought call out. A single
sentence and a reference to something that says "be
careful about privacy here" would be fine I'd say. (And
you need a reference for "IMEI" and to expand the term.)

(18) 5.2.2.6: needs a reference for X-FRAME-OPTION.
There's a websec draft about that I think.

(19) 5.2.3.4: what do you mean when you say "for different
deployments of a client"? That could be one secret per
install or one secret for all customers of a mobile
operator and those are radically different. I think you
need to be clear and hope you mean the former. That's
almost cleared up in the 3rd paragraph of the section but
I wanted to just check. Not sure "deployment" is the best
term there really - what's wrong with "installation"?

(many:-) nits and typos:

2.3.1: maybe explain "handle-based design" or give a
reference? (Or maybe just a forward ref to 3.1?)

2.3.3: It might be worth re-iterating that the term
"client" in oauth is used differently, e.g.  by copying a
bit of text from the base spec. I can see folks being
confused by this otherwise.

3.1: "is digitally signed" - do you mean it has data
integrity and origin authentication?  If MACs are commonly
used (or maybe authenticated encryption), and not
necessarily signatures, then saying that would be better.

3.1.2: typo: s/this mechanisms/this mechanism/

3.1.2: maybe s/Expires_In/expires_in/ to match the case in
the base spec? I think it'd be better not to capitalise
this in case it finds its way into someone's code. You
could also use "Expires In" in the title and then say that
its "expires_in" in the protocol. Might be worth doing
something generic to call out when you're talking about
specific things from the protocol, e.g. use a convention
like ``expires_in'' or "expires_in" consistently and say
that in the intro.

3.4: typo: s/the later/the latter/

3.4: bullet item 1 isn't really a reason for anything but
a downside of doing this, at least as written. Maybe this
needs to be tweaked?

3.6: expand CSRF on 1st use and maybe give a reference
CSRF is expanded in 4.4.1.8 which is a good bit later,
and also in 4.4.2.5 which could presumably be
shortened a bit by removing the repetition.

3.7: typo: s/collage associated request/collate associated
requests/

3.7: Maybe give a pointer to the definition of "native
application" in the base spec (Its section 9 of that.)
2nd last para of p13 would be a good place for that.

section 4: maybe s/Security Threat Model/Threat Model/
in the section title - what other kind of threat
model is there?

section 4: I wondered how we know the threat model
is "comprehensive"? Perhaps "detailed" is better?

4.2.1: typo: s/Users/users/g unless you mean something
special?

4.2.2: typo: s/a understandable/an understandable/

4.2.2: "...based on who the client is." is unclear
and not gramatically nice:-) "...based on the client
identifier." would seem better.

4.3.1: typo? s/on transit/in transit/ Or did you
mean something else? and s/may attempts/may attempt/

4.3.3: maybe s/Revelation/Disclosure/ to be a tad
less biblical:-)

4.3.3: typo? 1st countermeasure reads oddly and
refers to a different place than other references
to TLS - is that correct?

4.3.3: digest auth is nearly the same as sending
credentials over the wire, TLS client auth based
on certificates would be a better example, even
if its not often done.

4.3.4: 4.3.2 points to 5.1.4.1.2 but this doesn't.
Maybe it ought to?

4.3.6: typo s/an authorization servers/an authorization
server/

4.3.6: 4.3.5 refers to 5.1.4.2.2 wrt entropy. Is there
a reason to not do that here too?

4.4: typo? s/tokens endpoint/token endpoint/ ?

4.4.1.1: typo: s/by different ways/in different ways/

4.4.1.1: typo-fix-typo? HTTP has a "Referer" header field,
but you fixed their typo here - might be better to live
with the bad spelling, in which case
s/referrer/referer/g;-)

4.4.1.1: Is there no better way to reference these
OASIS docs? More importantly, is there no better (more
stable) reference than thomasgross.net for the
PDF you reference? Tidying this up would be good.

4.4.1.1 and elsewhere: a few times you say "such as
TLS or SSL," I think it'd be better to just say TLS
there and do it consistently everwhere. In other
places (e.g. 4.4.1.5) you say "HTTPS" - again that'd
be better done consistently.

4.4.1.1: typo: s/redeem a authorization code/redeem
an authorizatio code/

4.4.1.4: "counterfeit a valid client" reads oddly,
do you mean "pretend to be a valid client"? If so,
I think that'd be clearer.

4.4.1.4: "and to prevent unauthorized access to
them" - I think you might add "via the oauth
protocol" there since the AS isn't responsible for
all possible ways of preventing unauthorized access.

4.4.1.4: typo: s/not neccesserily indicates/doesn't
necessarily indicate/

4.4.1.4: typo: s/user should be explained the purpose/
something better/ :-)

4.4.1.4: expand/define CAPTCHA on 1st use. Give a
reference for this too. Especially since you also
have 5.1.4.2.5, which is maybe the best place for
the reference.

4.4.1.4: isn't a PIN code another user authentiation?
Seems like a bad example of automatic authentication,
since it isn't automatic if the user has to enter a
PIN.

4.4.1.6: Is Facebook a trademark? Maybe better to not
use that if so?

4.4.1.7: typo: s/achieve that goal/achieves that goal/

4.4.1.7: typo: s/victims resources/victim's resources/

4.4.1.7: typo: s/The attackers gains/The attacker gains/

4.4.1.7: typo: s/then the target web site/rather than
the target web site/

4.4.1.7: "session fixation" could do with a reference
or definition, and that might be better earlier in
this section and not just in the countermeasures
part.

4.4.1.7: typo: s/kind of attacks/kind of attack/

4.4.1.8: typo: s/not follow untrusted/to not follow
untrusted/

4.4.1.9: maybe add a reference for "iframe"? And
you say "iFrames" later, better to be consistent.

4.4.1.9: 1st countermeasure - do you mean end-user
authorization here or end-user authentication? And
would it be better to say "system browser" or
something rather than "external browser"? (I forget
what phrase you used for that earlier but there
was something bettter:-)

4.4.1.9: "javascript framebusting" really needs
a reference

4.4.1.10: typo: s/the victims resources/the victim's
resources/

4.4.1.10: typo: s/or split the/or splits the/

4.4.1.10: "corresponding form post requests" isn't
clear to me - does that need rephrasing or is it
just me?

4.4.1.10: this is the first mention of cookies, which
I found surprising, but that's all;-)

4.4.1.10: the 2nd "ways to achieve this" bullet is
a bit unclear - which "It" and whose browser? I
think this could be clearer.

4.4.1.10: typo: s/as native app/as a native application/

4.4.1.10: what does "assume" the threat mean?

4.4.1.10: typo: s/an user interaction/a user interaction/

4.4.1.10: typo: s/CAPTCAs, or/CAPTCHAs/ or else get
rid of the "or" from the last bullet

4.4.1.10: typo: s/send out of bound/sent out of band/

4.4.1.10: typo: s/instance message/instant message/

4.4.1.11: typo? s/directing user(s) browser/directing
the user's browser/ ?

4.4.1.11: I don't get the explanation here. Are you
assuming (but not saying) that generating non-trivial
entropy is a slow process? (e.g. /dev/random blocking?)
Its also not clear what "pool" you mean? This probably
needs a bit of tweaking.

4.4.1.12: semicomplete.com may not be a sufficiently
stable reference - can't you find a better one?

4.4.1.12: typo: s/Defenses such rate limiting/Defenses
such as rate limiting/

4.4.1.12: typo: s/an anonymizing systems/an anonymizing
system/

4.4.1.12: nicest typo yet! s/annoying system/anonymizing
system/ :-)

4.4.1.12: typo? maybe s/iframe/iFrame/ again?

4.4.1.12: 1st reference to "the CSRF token" here? That
might warrant a reference of some sort? (Maybe to
a later section?)

4.4.1.12: Facebook again.

4.4.1.12: Signing the code seems like a bit of a hack.  Do
you really want to recommend this here? I suspect it'd end
up different if you actually tried it out aiming for an
interoperable solution. I'd suggest deleting this, or
maybe make it less specific, e.g. saying if origin
authentication for authorization codes could be validated
by clients, then that'd be a countermeasure, but that
there's no current spec for that. (And doing that might
just move the DoS to somewhere else depending how you
did it.)

4.4.2: typo: s/and It cannot/and it cannot/

4.4.2.1: Is the countermeasure here TLS? If so, better to
say so.

4.4.2.2: requests aren't cached are they but rather
responses?

4.4.2.3: typo: s/An malicious/A malicious/

4.4.2.3: The reference back to 4.4.1.4 isn't very
clear since a lot of the countermeasures there
mention authentication. It'd be better to explicitly
list things here or else if you stick with the
backwards reference to be more explicit about whic
exactly apply.

4.4.2.5: Is this entirely identical to 4.4.1.8? That
doesn't seem right. If it is, then say so explicitly.
If not, then say what's different.

4.4.3: 1st mention of username/password anti-pattern,
so you could add a reference

4.4.3: Be good to metion here that passwords are often
used for >1 service, so this anti-pattern risks whatever
else is accessible with that credential or an
algorithmically derivable equivalent (e.g.
joe@example.com/pwd might easily allow someone to guess
that the same pwd is used for joe.user@example.net) and
then another countermeasure is to educate users to
not use the same pwd for multiple services (hard as
that is to really do;-)

4.4.3.4: again digest auth isn't a good example
here, but client certs are.

4.4.3.6: What does "Abandon on grant type..." mean?
If you mean "don't do this" then say that more
clearly.

4.6.2: typo: s/transport security measure/transport
security measures/ or maybe just say TLS

4.6.2: typo: s/nounces/nonces/

4.6.3: 1st countermeasure: maybe s/difficult/infeasible/
I don't see why "difficult" guessing is hard enough?

4.6.4: typo: s/a valid access tokens/a valid access token/

4.6.4: Do you mean the IP address in the 2nd
countermeasure?  I'm not sure, esp. given the above.

4.6.4: typo: s/miss the capabilities/lack the capability/

4.6.6: reference to 2616 is broken

4.6.6: Should you reference httpbis drafts? Just asking, I
can see arguments for referencing just 2616 or just
httpbis or both, given that this'll be read for hopefully
a while after httpbis is done.

4.6.7: referrer vs. referer again

4.6.7: What is an appropriat logging configuration? Can
you give a reference maybe or is it really that well
known?

4.6.7: Reloading the target page again? Are you really
recommending that?

5.1: typo: s/consideratios/considerations/

5.1.3: I think you should note the email notifications
can be a phishing vector so don't make your emails
such that lookalike phish messages can easily be
derived from them.

5.1.3: Don't you need to say something about getting
email notifications delivered and not treated as spam?
Maybe you could recommend dkim here or other ways to
get better delivery. (Not sure myself, probably best
to ask someone who operates like this so see if there's
stuff to be said.)

5.1.4.1.3: typo: s/not store credential/not store
credentials/

5.1.4.1.4: salted hashes don't prevent offline
dictionary attacks, they just increase the workload

5.1.5.1.4: would it be worthwhile recommending that
different client credentials be used in development
or integration mode vs. when operational? I've seen
a bunch of times when programmers were given "live"
API keys when that could've been avoided.

5.1.4.1.5: I don't get this. If it was only that
easy:-) I think you need to say which private keys
are used here and for what for this section to be
useful.

5.1.4.2.1: I think you could note that complex password
policies can also increase the liklihood that users
re-use passwords or write them down or store them
somewhere not so good, if e.g. the entropy required
over all the user's passwords (dozens usually) is
too great for long-term memory.

5.1.5.1: typo: s/Basis of/The basis of/

5.1.5.1: typo: s/sensible service/sensitive service/
(2nd best typo:-)

5.1.5.3: typo: s/preciser/more precise/

5.1.5.3: typo: s/refreshments/refreshes/

5.1.5.4: 2nd bullet is not a threat but a goal

5.1.5.4: typo: s/redeem a/redeem an/

5.1.5.5: what is a "rough" server? Do you mean rogue?

5.5.5.6: I think you need to clarify what "address"
means here too.

5.1.5.9: please clarify if you mean digitally signed
(asymmetric) or also include MACing here

5.1.5.10: typo: s/Self-contained/Self-contained tokens/

5.1.5.10: s/privacy/confidentiality/ ?

5.1.5.10: this (typically, I'd guess) requires sharing
symmetric keys between server nodes, so you should
say that as its a bunch of work.

5.1.5.11: I don't get why you want to repeat this
text (and its error:-) better to refer back to
the earlier section I think.

5.1.5.12: Another place where a SAML reference would
be needed.

5.1.6: 2nd bullet is not a "measure" but a goal. If
you had something in mind, it doesn't come out from
that text.

5.2.2.2: You say the binding should be protected, but
don't say how. I think you ought.

5.2.3: typo: s/sub-sequent/subsequent/ but maybe
better to delete the word

5.2.3: 2nd bullet - "trustworthiness" has gotta
be the wrong word there, what did you mean?

5.2.3: typo: s/statics/statistics/

5.2.3: typo: s/support achieve objectives/achieve these
objectives/ ?

5.2.3: typo: s/by hand of an administrator/something
better/

5.2.3.1: "prevents...overestimating" seems wrong, I think
you mean it reduces the probability of mistakenly treating
a useless authentication as a good one. (The point is
that servers don't "overestimate," only people do that.)

5.2.3.1: "cannot be entirely protected" seems like
understatement - the reality is any such secret will
leak out from anything that's any way successful. It
only protects stuff that *nobody* cares about.

5.2.3.1: typo: s/trust on/trust/ But I'd rephrase it
to not use the terms "trust" nor "identity" and then
it'd be better I think.

5.2.3.2: typo? s/The authorization may/The authrozation
server may/ ? Not sure what "issue a cliend id" means
either. (Same in 5.2.3.3)

5.2.3.4: typo: s/A authorization server/An authorization
server/

5.2.3.5: what are "validated properties"?

5.2.3.5: what is the 1st bullet list on p57? there's
no introductory text?

5.2.3.5: the "it" in "it only works" in the last
paragraph isn't clear - which "it" do you mean?

5.2.3.5: saying discovery "gets involved" seems
wrong - do you mean "is used"? And what is the
"that" in "that's no longer feasible"?

5.2.3.6: typo: s/be unintentionally for/unintentionally
affect/?

5.2.3.7: typo: s/to distribute client_secret/to
distribute a client_secret/

5.2.4.1: Is a "security certificate" a public key
certificate? If so, saying that is better.

5.2.4.1: the references to 5.7.2.x are wrong and
look like you're missing some xref's in the xml
maybe

5.2.4.2: you said "address" again, so the usual
question arises :-)

5.2.4.3: typo: s/in all situation/in situations/
(not sure "all" is right so suggest deleting it)

5.2.4.4: again, be good to say how to protect
the binding

5.2.4.5: as for 5.2.4.4 say how binding is done

5.3.1: typo: s/a associated/an associated/

5.3.1: "entirely protected" is (again:-) understatement
see above for a suggestion

5.3.1: what does "trust on the client's identity" mean?
Its not clear anyway

5.3.3: typo: s/operation systems/operating systems/
(enrire 2nd & 3rd paras could do with re-phrasing)

5.3.4: typo: s/their level/the level/

5.3.5: this is too terse - is it really finished? I'd
say there's a sentence or two missing.

5.4.2: what does it mean to "encourage resource
servers" to do something? I guess you mean to encourage
the people deploying those to pick resource servers
with that capability and to turn that on.

5.4.2: not sure if everyone will know what a
"distinguished name" is, maybe add a reference to
rfc 5280?

5.4.2: token-bound secrets would be used to MAC
the request and not to sign, be better to make that
clear even if you still call that "signing" here
(its not really, if we're being pedantic)

5.4.2: typo: s/This mechanisms/This mechanism/

5.4.2 and 5.4.3: I forget - where are the protocol
mechanisms for this defined? Can you give a reference
or say that its future stuff if there aren't any
good ones?

5.5: typo: s/capable to validate/capable of validating/

8.1: Is the base spec really normative? I'd say you're
fine with that as informative too.

8.2: there are a bunch of references missing as per
the questions above

8.2: is there no better (more stable) reference than
portablecontacts.net?











From andrewarnott@gmail.com  Mon May 28 17:24:49 2012
Return-Path: <andrewarnott@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9D8921F86A4 for <oauth@ietfa.amsl.com>; Mon, 28 May 2012 17:24:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.184
X-Spam-Level: 
X-Spam-Status: No, score=-1.184 tagged_above=-999 required=5 tests=[BAYES_40=-0.185, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WLDpIMYLvzSA for <oauth@ietfa.amsl.com>; Mon, 28 May 2012 17:24:48 -0700 (PDT)
Received: from mail-qc0-f172.google.com (mail-qc0-f172.google.com [209.85.216.172]) by ietfa.amsl.com (Postfix) with ESMTP id C8B1221F85AC for <oauth@ietf.org>; Mon, 28 May 2012 17:24:48 -0700 (PDT)
Received: by qcsq13 with SMTP id q13so2042859qcs.31 for <oauth@ietf.org>; Mon, 28 May 2012 17:24:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=54YpSSJ+zQ+zR6LbdypRoLniuV6/OIgq9Q3j0tTU1nw=; b=bvBmjv7yKQu9pf1q5dT7MgEt2sPJ/Xc938Q9DlNfskKNfUXymcuZrk2jeSK4me1gX5 rLt7o5U7Ng0gWsUNC05ztGzU452sv0MIKi37xYBzj7Ixgoa12CYsY/NMj+amCnDCAiOp jftGhoQ3GEwDlnUljJVg8/rufLT+K98Ghc7B/YZ40WW3FL7Oz2U0RK7Jfcr7Va4SDIGo zrs7sc0SMWf3+SOYj/daJH7hJf5Ho1KT5jiSxf8ChdAzNLyUVhlai28T3V3futlOOvzJ phy6hFUapgMYxbk9W5YiEFUO/WJutbMSwHma4kkLC3SHY87D14Xn7saPsV4QEjtBJEak t+dA==
Received: by 10.224.97.132 with SMTP id l4mr9736579qan.15.1338251088070; Mon, 28 May 2012 17:24:48 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.229.159.10 with HTTP; Mon, 28 May 2012 17:24:27 -0700 (PDT)
From: Andrew Arnott <andrewarnott@gmail.com>
Date: Mon, 28 May 2012 17:24:27 -0700
Message-ID: <CAE358b77U7dN9X4nmr_+q6sDCRe3STY388-LBAmg+9RbvkK_Zg@mail.gmail.com>
To: "OAuth WG (oauth@ietf.org)" <oauth@ietf.org>
Content-Type: multipart/alternative; boundary=20cf3074b350b9880a04c121dce3
Subject: [OAUTH-WG] Where to send typo feedback?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 May 2012 00:24:50 -0000

--20cf3074b350b9880a04c121dce3
Content-Type: text/plain; charset=ISO-8859-1

In reviewing the latest draft I've encountered several small grammatical or
typographical errors.  Is the best way to help get these identified and
fixed by emailing this list?  It seems that the hueniverse github project
that we'd fork from and send pull requests to is no longer there.

Thanks.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre

--20cf3074b350b9880a04c121dce3
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

In reviewing the latest draft I&#39;ve encountered several small grammatica=
l or typographical errors. =A0Is the best way to help get these identified =
and fixed by emailing this list? =A0It seems that the hueniverse github pro=
ject that we&#39;d fork from and send pull requests to is no longer there.<=
div>

<br></div><div>Thanks.<br clear=3D"all">--<br>Andrew Arnott<br>&quot;I [may=
] not agree with what you have to say, but I&#39;ll defend to the death you=
r right to say it.&quot; - S. G. Tallentyre<br>
</div>

--20cf3074b350b9880a04c121dce3--

From ve7jtb@ve7jtb.com  Mon May 28 17:32:42 2012
Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7CFC21F8760 for <oauth@ietfa.amsl.com>; Mon, 28 May 2012 17:32:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level: 
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e0mW6VmIa1It for <oauth@ietfa.amsl.com>; Mon, 28 May 2012 17:32:41 -0700 (PDT)
Received: from mail-ob0-f172.google.com (mail-ob0-f172.google.com [209.85.214.172]) by ietfa.amsl.com (Postfix) with ESMTP id 5189321F875D for <oauth@ietf.org>; Mon, 28 May 2012 17:32:41 -0700 (PDT)
Received: by obbeh20 with SMTP id eh20so7488721obb.31 for <oauth@ietf.org>; Mon, 28 May 2012 17:32:40 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer :x-gm-message-state; bh=BFaAmYlfPoSXMXsFyij23xdV1amK62qaEVBnh8oontY=; b=jTdlsa5Ol+HLEK34jAz/SrETcwE8yd2BCnGQv8Jw76pEJ+1Z+19yUqshr7jl9RAgez MKuZ/XMXkHqHhbNvmfxL0/x2wSH+c3i6c4ku4HZObvHb25Sr0dFI7uRdXc6zw5fXcm3c 0TX+17VcJ6/ueGJPOZ/Z6omluQe7O+qBN9b8Wbojl0KEj+xTXowEVMkt7NjpKDT995co hLxH/N//GEhoz2AEeL9DRP1DDsVtCgIk+rowwn2X5Sfdl4nJyIqNde3UhTdwvKe8y9qI q8ldvPd5P2YKamcdgWJx1fzmYmt5MO3wQhjEWV7HrRawWQpQKB7W41P1Cpv7Jejuj4jJ deOQ==
Received: by 10.182.112.102 with SMTP id ip6mr9415341obb.39.1338251560775; Mon, 28 May 2012 17:32:40 -0700 (PDT)
Received: from [192.168.1.2] ([74.220.36.163]) by mx.google.com with ESMTPS id yw3sm10218875obb.7.2012.05.28.17.32.39 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 28 May 2012 17:32:40 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset=iso-8859-1
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <CAE358b77U7dN9X4nmr_+q6sDCRe3STY388-LBAmg+9RbvkK_Zg@mail.gmail.com>
Date: Mon, 28 May 2012 18:32:38 -0600
Content-Transfer-Encoding: quoted-printable
Message-Id: <CC4D6676-5F11-46A6-B268-094E13B47A0E@ve7jtb.com>
References: <CAE358b77U7dN9X4nmr_+q6sDCRe3STY388-LBAmg+9RbvkK_Zg@mail.gmail.com>
To: Andrew Arnott <andrewarnott@gmail.com>
X-Mailer: Apple Mail (2.1278)
X-Gm-Message-State: ALoCoQku02FJyuyh8pbZMzqKomNl8weOiaWEOF3DlDzNUmv/VVxw83zp6r0bU30hnIIx5Wt5S6Ex
Cc: "OAuth WG \(oauth@ietf.org\)" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Where to send typo feedback?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 May 2012 00:32:43 -0000

On 2012-05-28, at 6:24 PM, Andrew Arnott wrote:

> In reviewing the latest draft I've encountered several small =
grammatical or typographical errors.  Is the best way to help get these =
identified and fixed by emailing this list?  It seems that the =
hueniverse github project that we'd fork from and send pull requests to =
is no longer there.
>=20
> Thanks.
> --
> Andrew Arnott
> "I [may] not agree with what you have to say, but I'll defend to the =
death your right to say it." - S. G. Tallentyre
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


From Michael.Jones@microsoft.com  Mon May 28 21:37:09 2012
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDF4921F8732 for <oauth@ietfa.amsl.com>; Mon, 28 May 2012 21:37:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.705
X-Spam-Level: 
X-Spam-Status: No, score=-3.705 tagged_above=-999 required=5 tests=[AWL=-0.107, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B9rGdoeLY8D9 for <oauth@ietfa.amsl.com>; Mon, 28 May 2012 21:37:07 -0700 (PDT)
Received: from db3outboundpool.messaging.microsoft.com (db3ehsobe002.messaging.microsoft.com [213.199.154.140]) by ietfa.amsl.com (Postfix) with ESMTP id C8E5121F872D for <oauth@ietf.org>; Mon, 28 May 2012 21:37:06 -0700 (PDT)
Received: from mail104-db3-R.bigfish.com (10.3.81.232) by DB3EHSOBE001.bigfish.com (10.3.84.21) with Microsoft SMTP Server id 14.1.225.23; Tue, 29 May 2012 04:36:44 +0000
Received: from mail104-db3 (localhost [127.0.0.1])	by mail104-db3-R.bigfish.com (Postfix) with ESMTP id 6047180081; Tue, 29 May 2012 04:36:44 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC101.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -21
X-BigFish: VS-21(zz9371Ic85fhzz1202hzz1033IL8275bh8275dhz2fh2a8h668h839hd25hf0ah)
Received-SPF: pass (mail104-db3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC101.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail104-db3 (localhost.localdomain [127.0.0.1]) by mail104-db3 (MessageSwitch) id 1338266201851883_25616; Tue, 29 May 2012 04:36:41 +0000 (UTC)
Received: from DB3EHSMHS004.bigfish.com (unknown [10.3.81.249])	by mail104-db3.bigfish.com (Postfix) with ESMTP id C3DA42E0048; Tue, 29 May 2012 04:36:41 +0000 (UTC)
Received: from TK5EX14HUBC101.redmond.corp.microsoft.com (131.107.125.8) by DB3EHSMHS004.bigfish.com (10.3.87.104) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 29 May 2012 04:36:41 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.189]) by TK5EX14HUBC101.redmond.corp.microsoft.com ([157.54.7.153]) with mapi id 14.02.0298.005; Tue, 29 May 2012 04:36:24 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Andrew Arnott <andrewarnott@gmail.com>, "OAuth WG (oauth@ietf.org)" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Where to send typo feedback?
Thread-Index: AQHNPTF9erbKvgo/xkyzJBPXeZZ5EJbgLoqw
Date: Tue, 29 May 2012 04:36:23 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739436651D133@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <CAE358b77U7dN9X4nmr_+q6sDCRe3STY388-LBAmg+9RbvkK_Zg@mail.gmail.com>
In-Reply-To: <CAE358b77U7dN9X4nmr_+q6sDCRe3STY388-LBAmg+9RbvkK_Zg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.36]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739436651D133TK5EX14MBXC284r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Subject: Re: [OAUTH-WG] Where to send typo feedback?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 May 2012 04:37:09 -0000

--_000_4E1F6AAD24975D4BA5B16804296739436651D133TK5EX14MBXC284r_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I'd send them in detail to the list.

                                                            -- Mike

From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of A=
ndrew Arnott
Sent: Monday, May 28, 2012 5:24 PM
To: OAuth WG (oauth@ietf.org)
Subject: [OAUTH-WG] Where to send typo feedback?

In reviewing the latest draft I've encountered several small grammatical or=
 typographical errors.  Is the best way to help get these identified and fi=
xed by emailing this list?  It seems that the hueniverse github project tha=
t we'd fork from and send pull requests to is no longer there.

Thanks.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death =
your right to say it." - S. G. Tallentyre

--_000_4E1F6AAD24975D4BA5B16804296739436651D133TK5EX14MBXC284r_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal-reply;
	font-family:"Calibri","sans-serif";
	color:#1F497D;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-family:"Calibri","sans-serif";}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1F497D">I&#8217;d send them in de=
tail to the list.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1F497D"><o:p>&nbsp;</o:p></span><=
/p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1F497D">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- Mike<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1F497D"><o:p>&nbsp;</o:p></span><=
/p>
<p class=3D"MsoNormal"><b><span style=3D"font-size:10.0pt;font-family:&quot=
;Tahoma&quot;,&quot;sans-serif&quot;">From:</span></b><span style=3D"font-s=
ize:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;"> oauth-bo=
unces@ietf.org [mailto:oauth-bounces@ietf.org]
<b>On Behalf Of </b>Andrew Arnott<br>
<b>Sent:</b> Monday, May 28, 2012 5:24 PM<br>
<b>To:</b> OAuth WG (oauth@ietf.org)<br>
<b>Subject:</b> [OAUTH-WG] Where to send typo feedback?<o:p></o:p></span></=
p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">In reviewing the latest draft I've encountered sever=
al small grammatical or typographical errors. &nbsp;Is the best way to help=
 get these identified and fixed by emailing this list? &nbsp;It seems that =
the hueniverse github project that we'd fork
 from and send pull requests to is no longer there.<o:p></o:p></p>
<div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
<div>
<p class=3D"MsoNormal">Thanks.<br clear=3D"all">
--<br>
Andrew Arnott<br>
&quot;I [may] not agree with what you have to say, but I'll defend to the d=
eath your right to say it.&quot; - S. G. Tallentyre<o:p></o:p></p>
</div>
</div>
</body>
</html>

--_000_4E1F6AAD24975D4BA5B16804296739436651D133TK5EX14MBXC284r_--

From eran@hueniverse.com  Mon May 28 22:29:38 2012
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFBC521F87E7 for <oauth@ietfa.amsl.com>; Mon, 28 May 2012 22:29:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level: 
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Azaq2PHi812V for <oauth@ietfa.amsl.com>; Mon, 28 May 2012 22:29:38 -0700 (PDT)
Received: from p3plex2out01.prod.phx3.secureserver.net (p3plex2out01.prod.phx3.secureserver.net [184.168.131.12]) by ietfa.amsl.com (Postfix) with ESMTP id EC3E721F8766 for <oauth@ietf.org>; Mon, 28 May 2012 22:29:37 -0700 (PDT)
Received: from P3PWEX2HT003.ex2.secureserver.net ([184.168.131.11]) by p3plex2out01.prod.phx3.secureserver.net with bizsmtp id FhVc1j0020EuLVk01hVcF2; Mon, 28 May 2012 22:29:36 -0700
Received: from P3PWEX2MB008.ex2.secureserver.net ([169.254.8.66]) by P3PWEX2HT003.ex2.secureserver.net ([184.168.131.11]) with mapi id 14.02.0247.003; Mon, 28 May 2012 22:29:36 -0700
From: Eran Hammer <eran@hueniverse.com>
To: Andrew Arnott <andrewarnott@gmail.com>, "OAuth WG (oauth@ietf.org)" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Where to send typo feedback?
Thread-Index: AQHNPTF6jz4YBKu/wEWYsrbjLC+dyJbgPVlg
Date: Tue, 29 May 2012 05:29:36 +0000
Message-ID: <0CBAEB56DDB3A140BA8E8C124C04ECA201052A61@P3PWEX2MB008.ex2.secureserver.net>
References: <CAE358b77U7dN9X4nmr_+q6sDCRe3STY388-LBAmg+9RbvkK_Zg@mail.gmail.com>
In-Reply-To: <CAE358b77U7dN9X4nmr_+q6sDCRe3STY388-LBAmg+9RbvkK_Zg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [64.74.213.174]
Content-Type: multipart/alternative; boundary="_000_0CBAEB56DDB3A140BA8E8C124C04ECA201052A61P3PWEX2MB008ex2_"
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] Where to send typo feedback?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 May 2012 05:29:39 -0000

--_000_0CBAEB56DDB3A140BA8E8C124C04ECA201052A61P3PWEX2MB008ex2_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

For the core spec, the list or directly to me. Either way works. I'm no lon=
ger using the github project for this given its final state.

EH

From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of A=
ndrew Arnott
Sent: Monday, May 28, 2012 5:24 PM
To: OAuth WG (oauth@ietf.org)
Subject: [OAUTH-WG] Where to send typo feedback?

In reviewing the latest draft I've encountered several small grammatical or=
 typographical errors.  Is the best way to help get these identified and fi=
xed by emailing this list?  It seems that the hueniverse github project tha=
t we'd fork from and send pull requests to is no longer there.

Thanks.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death =
your right to say it." - S. G. Tallentyre

--_000_0CBAEB56DDB3A140BA8E8C124C04ECA201052A61P3PWEX2MB008ex2_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal-reply;
	font-family:"Calibri","sans-serif";
	color:#1F497D;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-family:"Calibri","sans-serif";}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1F497D">For the core spec, the li=
st or directly to me. Either way works. I&#8217;m no longer using the githu=
b project for this given its final state.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1F497D"><o:p>&nbsp;</o:p></span><=
/p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1F497D">EH<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1F497D"><o:p>&nbsp;</o:p></span><=
/p>
<div style=3D"border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in =
4.0pt">
<div>
<div style=3D"border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in =
0in 0in">
<p class=3D"MsoNormal"><b><span style=3D"font-size:10.0pt;font-family:&quot=
;Tahoma&quot;,&quot;sans-serif&quot;">From:</span></b><span style=3D"font-s=
ize:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;"> oauth-bo=
unces@ietf.org [mailto:oauth-bounces@ietf.org]
<b>On Behalf Of </b>Andrew Arnott<br>
<b>Sent:</b> Monday, May 28, 2012 5:24 PM<br>
<b>To:</b> OAuth WG (oauth@ietf.org)<br>
<b>Subject:</b> [OAUTH-WG] Where to send typo feedback?<o:p></o:p></span></=
p>
</div>
</div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">In reviewing the latest draft I've encountered sever=
al small grammatical or typographical errors. &nbsp;Is the best way to help=
 get these identified and fixed by emailing this list? &nbsp;It seems that =
the hueniverse github project that we'd fork
 from and send pull requests to is no longer there.<o:p></o:p></p>
<div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
<div>
<p class=3D"MsoNormal">Thanks.<br clear=3D"all">
--<br>
Andrew Arnott<br>
&quot;I [may] not agree with what you have to say, but I'll defend to the d=
eath your right to say it.&quot; - S. G. Tallentyre<o:p></o:p></p>
</div>
</div>
</div>
</body>
</html>

--_000_0CBAEB56DDB3A140BA8E8C124C04ECA201052A61P3PWEX2MB008ex2_--

From michiel@unhosted.org  Tue May 29 05:10:36 2012
Return-Path: <michiel@unhosted.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A09E621F8763 for <oauth@ietfa.amsl.com>; Tue, 29 May 2012 05:10:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.977
X-Spam-Level: 
X-Spam-Status: No, score=-2.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7lQHghgpBoyV for <oauth@ietfa.amsl.com>; Tue, 29 May 2012 05:10:35 -0700 (PDT)
Received: from mail-pz0-f44.google.com (mail-pz0-f44.google.com [209.85.210.44]) by ietfa.amsl.com (Postfix) with ESMTP id 899EF21F8668 for <oauth@ietf.org>; Tue, 29 May 2012 05:10:35 -0700 (PDT)
Received: by dacx6 with SMTP id x6so5262895dac.31 for <oauth@ietf.org>; Tue, 29 May 2012 05:10:35 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding:x-gm-message-state; bh=mIsZRgmhF9W4ehBZUwLAj0rYf/BOUhcYuyM828Z3r/E=; b=Cz3GT/2oWSrq8H1zpqQ5d9JMsR6znOzx7yrzb+4Kivq/MqIjRCduxypx93L9k58s5M AreBLOOX2mMTyCej67HmS1+LR0pvtAV64VHBPzkVbqGks0vl4i2wMDvMNcjDZsRxaTEV U01n5XwEhDNJFXKy1iPe8/OSWLJX18vCSAg1w5UR76psTgYfkwy1xiO4+7HNSeGYdgd5 RkFEzAB3+mF3jGnU/kOs5IwFGKIecot/TiMyTbDtdaO//0olgwfKL9Wx0mYS3MvBwwbd rSzjHx+AQorIJYkHH23ZR6D8WGsl3taeXUq/duVBH+ux8wHAEFDTch9JTcQi7O9g8VlV RkTg==
MIME-Version: 1.0
Received: by 10.68.219.162 with SMTP id pp2mr37415578pbc.85.1338293435308; Tue, 29 May 2012 05:10:35 -0700 (PDT)
Received: by 10.68.57.102 with HTTP; Tue, 29 May 2012 05:10:35 -0700 (PDT)
X-Originating-IP: [188.205.40.198]
In-Reply-To: <4FC226AD.10102@lodderstedt.net>
References: <20120527084150.26400.88469.idtracker@ietfa.amsl.com> <CA+aD3u1zukD=S+OuvsK9KBLXYLEeOMvSVvb2QUPd3_ST=Gha7g@mail.gmail.com> <4FC226AD.10102@lodderstedt.net>
Date: Tue, 29 May 2012 14:10:35 +0200
Message-ID: <CA+aD3u2peuY1G0aMPsQV5fVMgapBtxVpTW54Y9MGQ-Q2KvaVeA@mail.gmail.com>
From: Michiel de Jong <michiel@unhosted.org>
To: Torsten Lodderstedt <torsten@lodderstedt.net>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQm4R27K4vP8RHhEjP+qCIOuTBK7niZpqBlF0EoSxq8WorJ48cAwcZbvnWPzpHk73n3cx0fW
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-revocation-00.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 May 2012 12:10:36 -0000

Hi Torsten,

No, it should indeed work fine with CORS. CORS is supported by IE8+,
FF, Chrome, Safari and Opera12+ (with limited error handling and
limited verb support in IE8 and IE9, but with POST you should be safe
afaik).

Note that if you want to support this in combination with implicit
grant flow (unhosted html5 apps), then you need CORS.

Which made me wonder why you are mentioning JSONP at all? Mentioning
JSONP as a 'MAY' but not mentioning CORS could send people in the
wrong direction IMO. So I would rename the section 'JSONP' to 'CORS
and JSONP', or in general, 'Cross-Origin support', and then start with
a sentence like:

"The revokation end-point SHOULD support CORS if it is aimed at use in
combination with the implicit-grant flow. For other flows, it is still
recommended(?) to support CORS. In addition, for interop with legacy
user-agents, it MAY offer JSONP. Clients should be aware that when
relying on JSONP, the revokation end-point MAY ;) inject malicious
code into the client."

You can tell i don't speak spec lingo, but i hope i'm sort of getting
my point across, that IMO, CORS is better here than JSONP.

Or: simply not mention JSONP at all. Would that be an option?


Cheers,
Michiel

On Sun, May 27, 2012 at 3:05 PM, Torsten Lodderstedt
<torsten@lodderstedt.net> wrote:
> Hi Michiel,
>
> shouldn't the revocation POST request work fine with CORS? Or is there
> something we need to specify in order to make it work?
>
> best regards,
> Torsten.
>
> Am 27.05.2012 13:20, schrieb Michiel de Jong:
>
>> awesome! just that - first thing that catches the eye right when you
>> skim the table of contents is:
>>
>> why did you use JSONP instead of its CORS? You can read more about CORS
>> here:
>>
>> http://enable-cors.org/
>>
>> http://en.wikipedia.org/wiki/Cross-origin_resource_sharing#CORS_relation=
ship_to_JSONP
>>
>> On Sun, May 27, 2012 at 10:41 AM,<internet-drafts@ietf.org> =A0wrote:
>>>
>>> A New Internet-Draft is available from the on-line Internet-Drafts
>>> directories. This draft is a work item of the Web Authorization Protoco=
l
>>> Working Group of the IETF.
>>>
>>> =A0 =A0 =A0 =A0Title =A0 =A0 =A0 =A0 =A0 : Token Revocation
>>> =A0 =A0 =A0 =A0Author(s) =A0 =A0 =A0 : Torsten Lodderstedt
>>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0Stefanie Dronia
>>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0Marius Scurtescu
>>> =A0 =A0 =A0 =A0Filename =A0 =A0 =A0 =A0: draft-ietf-oauth-revocation-00=
.txt
>>> =A0 =A0 =A0 =A0Pages =A0 =A0 =A0 =A0 =A0 : 6
>>> =A0 =A0 =A0 =A0Date =A0 =A0 =A0 =A0 =A0 =A0: 2012-05-26
>>>
>>> =A0 This draft proposes an additional endpoint for OAuth authorization
>>> =A0 servers for revoking tokens.
>>>
>>>
>>>
>>> A URL for this Internet-Draft is:
>>> http://www.ietf.org/internet-drafts/draft-ietf-oauth-revocation-00.txt
>>>
>>> Internet-Drafts are also available by anonymous FTP at:
>>> ftp://ftp.ietf.org/internet-drafts/
>>>
>>> This Internet-Draft can be retrieved at:
>>> ftp://ftp.ietf.org/internet-drafts/draft-ietf-oauth-revocation-00.txt
>>>
>>> The IETF datatracker page for this Internet-Draft is:
>>> https://datatracker.ietf.org/doc/draft-ietf-oauth-revocation/
>>>
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth

From Michael.Jones@microsoft.com  Tue May 29 16:10:17 2012
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D4B011E80F2 for <oauth@ietfa.amsl.com>; Tue, 29 May 2012 16:10:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level: 
X-Spam-Status: No, score=x tagged_above=-999 required=5 tests=[]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W195tcgiM8mY for <oauth@ietfa.amsl.com>; Tue, 29 May 2012 16:10:16 -0700 (PDT)
Received: from ch1outboundpool.messaging.microsoft.com (ch1ehsobe002.messaging.microsoft.com [216.32.181.182]) by ietfa.amsl.com (Postfix) with ESMTP id 875F921F865C for <oauth@ietf.org>; Tue, 29 May 2012 16:10:14 -0700 (PDT)
Received: from mail119-ch1-R.bigfish.com (10.43.68.236) by CH1EHSOBE014.bigfish.com (10.43.70.64) with Microsoft SMTP Server id 14.1.225.23; Tue, 29 May 2012 23:09:50 +0000
Received: from mail119-ch1 (localhost [127.0.0.1])	by mail119-ch1-R.bigfish.com (Postfix) with ESMTP id 722732C0357; Tue, 29 May 2012 23:09:50 +0000 (UTC)
X-SpamScore: -42
X-BigFish: VS-42(zz9371Ic85fh179cM14ffI542M1432N98dK4015Izz1202hzz1033IL8275bh8275dhz2fh2a8h668h839hd25hf0ah34h)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC106.redmond.corp.microsoft.com; RD:none; EFVD:NLI
Received-SPF: pass (mail119-ch1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC106.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail119-ch1 (localhost.localdomain [127.0.0.1]) by mail119-ch1 (MessageSwitch) id 1338332987828884_16917; Tue, 29 May 2012 23:09:47 +0000 (UTC)
Received: from CH1EHSMHS019.bigfish.com (snatpool2.int.messaging.microsoft.com [10.43.68.236])	by mail119-ch1.bigfish.com (Postfix) with ESMTP id B31CAC0123;	Tue, 29 May 2012 23:09:47 +0000 (UTC)
Received: from TK5EX14HUBC106.redmond.corp.microsoft.com (131.107.125.8) by CH1EHSMHS019.bigfish.com (10.43.70.19) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 29 May 2012 23:09:45 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.189]) by TK5EX14HUBC106.redmond.corp.microsoft.com ([157.54.80.61]) with mapi id 14.02.0298.005; Tue, 29 May 2012 23:10:00 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Eran Hammer <eran@hueniverse.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>
Thread-Topic: [OAUTH-WG] Error Encoding: Conclusion
Thread-Index: AQHNORGtuzciwTXPbU2x0B3Abs7zkpbYRq5QgAA2y4CAAAHMgIAI6/dg
Date: Tue, 29 May 2012 23:10:00 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739436651E440@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <FADC0EB3-75F7-45E8-93B8-A9C3A07E2E88@gmx.net> <4E1F6AAD24975D4BA5B168042967394366516960@TK5EX14MBXC284.redmond.corp.microsoft.com> <CAB_mRgMumU5qzEJF0KCWNCx+R4MAzVawiJGKj2YBpJFzrxkomQ@mail.gmail.com> <0CBAEB56DDB3A140BA8E8C124C04ECA20104B3A1@P3PWEX2MB008.ex2.secureserver.net>
In-Reply-To: <0CBAEB56DDB3A140BA8E8C124C04ECA20104B3A1@P3PWEX2MB008.ex2.secureserver.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.75]
Content-Type: multipart/mixed; boundary="_006_4E1F6AAD24975D4BA5B16804296739436651E440TK5EX14MBXC284r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Error Encoding: Conclusion
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 May 2012 23:10:17 -0000

--_006_4E1F6AAD24975D4BA5B16804296739436651E440TK5EX14MBXC284r_
Content-Type: multipart/alternative;
	boundary="_000_4E1F6AAD24975D4BA5B16804296739436651E440TK5EX14MBXC284r_"

--_000_4E1F6AAD24975D4BA5B16804296739436651E440TK5EX14MBXC284r_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I've made another set of updates to a copy of Core -26 to address the quest=
ions raised by Eran and David below (attached).

An unrelated change that you should probably pick up, Eran is adding this t=
o the <front> section, so that the heading shows that the draft is a produc=
t of the "OAuth Working Group" rather than the "Network Working Group":
    <area>Security</area>
    <workgroup>OAuth Working Group</workgroup>

One change I didn't make, but that should be considered, is to delete the r=
eference to OASIS.saml-core-2.0-os, since it is used by no <xref> in the do=
cument.

The new proposed text for Section 7.2 follows:

7.2.  Error Response

   If a resource access request fails, the resource server SHOULD inform
   the client of the error.  While the specific error responses possible
   and methods for transmitting those errors when using any particular
   access token type are beyond the scope of this specification, any
   "error" code values defined for use with OAuth resource access
   methods MUST be registered (following the procedures in
   Section 11.4).

   Specifically, when the OAuth resource access method uses an "error"
   result parameter to return an error code value that indicates the
   resource access error encountered, then these error code values MUST
   be registered.  Values for these "error" codes MUST NOT include
   characters outside the set %x20-21 / %x23-5B / %x5D-7E. When an
   "error" code value is registered for use by an OAuth resource access
   method, should that same code already be registered for use by
   another OAuth resource access method or at a different OAuth error
   usage location, then the meaning of that error code value in in the
   new registration MUST be consistent with the its meaning in prior
   registrations.

   The OAuth resource access error registration requirement applies only
   to "error" code values and not to other means of returning error
   indications, including HTTP status codes, or other error-related
   result parameters, such as "error_description", "error_uri", or other
   kinds of error status return methods that may be employed by the
   resource access method.  There is no requirement that OAuth resource
   access methods employ an "error" parameter.

Hopefully incorporating these changes will enable us to close the remaining=
 DISCUSS issues on both the Core and Bearer drafts.

                                                                Thanks all,
                                                                -- Mike


From: Eran Hammer [mailto:eran@hueniverse.com]
Sent: Wednesday, May 23, 2012 11:45 PM
To: David Recordon; Mike Jones; Hannes Tschofenig
Cc: oauth@ietf.org WG
Subject: RE: [OAUTH-WG] Error Encoding: Conclusion

With the exception of section 7.2, the changes look reasonable and will be =
applied in the next revision.

The new section 7.2 is confusion and does not explain the new registry. The=
 section introduces a new requirement to register 'any error codes defined =
for use with OAuth resource access methods'. This requirement is too vague.

I have no clue how to (for example) apply this text to the MAC draft. Addin=
g to David's list below:

* Should the HTTP status codes used by the MAC spec as currently written be=
 registered (since no guidance is given to the use of an error parameter)?
* Does this introduce a requirement to add an error parameter?
* Does the parameter need to / should be called 'error'?
* What about future methods in which errors are not simply expressed in the=
 form of a fixes string?

EH


From: David Recordon [mailto:recordond@gmail.com]<mailto:[mailto:recordond@=
gmail.com]>
Sent: Wednesday, May 23, 2012 11:38 PM
To: Mike Jones; Hannes Tschofenig; Eran Hammer
Cc: oauth@ietf.org<mailto:oauth@ietf.org> WG
Subject: Re: [OAUTH-WG] Error Encoding: Conclusion

Honestly still trying to fully wrap my head around what's going on here sin=
ce it seems far more complex than the threads are alluding to. In any case,=
 does Mike's text address what Eran brought up as needed in the thread Hann=
es referenced or is Eran wrong?

The core spec currently provides full guidance and definition for error ext=
ensibility. Extending the registry's scope means the need for non-trivial n=
ew text that:

* explains the process of adding new errors for endpoints not defined by th=
is specification,
* finds a common ground for value restrictions beyond what is already liste=
d,
* guide authors of future HTTP authentication schemes meant for use with OA=
uth (e.g. MAC) for their requirements for using the error registry, and
* address the very likely scenario of the same error code carrying differen=
t meanings in different endpoints, or an extension that adds a location to =
a code already defined elsewhere - something very likely to happen if you c=
ross the two very different domains (OAuth endpoints, Protected resource en=
dpoints). This requires changing the entire structure of the registry to cr=
eate separate records for each code/location pair.

Thanks,
--David
On Wed, May 23, 2012 at 10:22 PM, Mike Jones <Michael.Jones@microsoft.com<m=
ailto:Michael.Jones@microsoft.com>> wrote:

Thanks Hannes.  In the interest of hopefully completing the edits to remove=
 the DISCUSS issues for the Bearer and Core specs in the next few days so t=
hat we can send the docs to the RFC editors, I'd like to propose specific l=
anguage for the Core spec to address both of the consensus call issue resol=
utions.  After there's consensus on the specific text for Core, it will be =
easy for us to add a reference in Bearer to the language in Core for the er=
ror syntax restrictions and to use the OAuth errors registry.  I'll do that=
 in parallel with the discussions on the proposed core language changes.



A summary of the changes I made in response to the consensus call conclusio=
ns are:

*        Add syntax restrictions for "error", "error_description", and "err=
or_uri" from Bearer to Core

*        Add section 7.2 about error responses from resource access request=
s

*        Add "resource access error response" to the category of OAuth erro=
rs that can be registered



Additional editorial changes that I made as I encountered issues in the doc=
ument were:

*        Updated out of date references, especially the draft-hardt-oauth-0=
1 reference, which contained an invalid link

*        Added Derek Atkins to the list of chairs

*        Added Yaron Goland's middle initial Y. (since he prefers to includ=
e it in publications)

*        Replaced use of the deprecated <appendix> element, which prevented=
 the spec from building with strict checking, with a <section> element in t=
he <back> section (which creates an appendix)



To make it easy to incorporate these changes into the document and so the p=
roposed changes are unambiguous, I produced an edited version of Core -26 c=
ontaining these changes.  The xml, txt, and html versions are attached to f=
acilitate review.  Pertinent diffs from the .txt version follow.



                                                            Cheers,

                                                            -- Mike



683c683,684

<    notation of [RFC5234].

---

>    notation of [RFC5234].  Additionally, the rule URI-Reference is

>    included from Uniform Resource Identifier (URI) [RFC3986].

1441c1441,1442

<          REQUIRED.  A single error code from the following:

---

>          REQUIRED.  A single ASCII [USASCII] error code from the

>          following:

1474a1475,1476

>          Values for the "error" parameter MUST NOT include characters

>          outside the set %x20-21 / %x23-5B / %x5D-7E.

1476c1478

<          OPTIONAL.  A human-readable UTF-8 encoded text providing

---

>          OPTIONAL.  A human-readable ASCII [USASCII] text providing

1478a1481,1482

>          Values for the "error_description" parameter MUST NOT include

>          characters outside the set %x20-21 / %x23-5B / %x5D-7E.

1482a1487,1489

>          Values for the "error_uri" parameter MUST conform to the URI-

>          Reference syntax, and thus MUST NOT include characters outside

>          the set %x21 / %x23-5B / %x5D-7E.

1840c1840,1841

<          REQUIRED.  A single error code from the following:

---

>          REQUIRED.  A single ASCII [USASCII] error code from the

>          following:

1873a1874,1875

>          Values for the "error" parameter MUST NOT include characters

>          outside the set %x20-21 / %x23-5B / %x5D-7E.

1875c1877

<          OPTIONAL.  A human-readable UTF-8 encoded text providing

---

>          OPTIONAL.  A human-readable ASCII [USASCII] text providing

1877a1880,1881

>          Values for the "error_description" parameter MUST NOT include

>          characters outside the set %x20-21 / %x23-5B / %x5D-7E.

1881a1886,1888

>          Values for the "error_uri" parameter MUST conform to the URI-

>          Reference syntax, and thus MUST NOT include characters outside

>          the set %x21 / %x23-5B / %x5D-7E.

<          REQUIRED.  A single error code from the following:

---

>          REQUIRED.  A single ASCII [USASCII] error code from the

>          following:

2325a2326,2327

>          Values for the "error" parameter MUST NOT include characters

>          outside the set %x20-21 / %x23-5B / %x5D-7E.

2327c2329

<          OPTIONAL.  A human-readable UTF-8 encoded text providing

---

>          OPTIONAL.  A human-readable ASCII [USASCII] text providing

2329a2332,2333

>          Values for the "error_description" parameter MUST NOT include

>          characters outside the set %x20-21 / %x23-5B / %x5D-7E.

2333a2338,2340

>          Values for the "error_uri" parameter MUST conform to the URI-

>          Reference syntax, and thus MUST NOT include characters outside

>          the set %x21 / %x23-5B / %x5D-7E.

2450c2460,2468

<    The method in which the client utilized the access token to

---

>    The method in which the client utilizes the access token to

2479c2489

<      Authorization: Bearer 7Fjfp0ZBr1KtDRbnfVdmIw

---

>      Authorization: Bearer mF_9.B5f-4.1JqM

2503a2514,2533

>

> 7.2.  Error Response

>

>    If a resource access request fails, the resource server SHOULD inform

>    the client of the error.  While the specific error responses possible

>    and methods for transmitting those errors when using any particular

>    access token type are beyond the scope of this specification, any

>    error codes defined for use with OAuth resource access methods MUST

>    be registered (following the procedures in Section 11.4).

>

>

2602,2603c2624,2626

<    (Section 4.2.2.1), or the token error response (Section 5.2), such

<    error codes MAY be defined.

---

>    (Section 4.2.2.1), the token error response (Section 5.2), or the

>    resource access error response (Section 7.2), such error codes MAY be

>    defined.

3444c3484,3485

<       (Section 4.2.2.1), or token error response (Section 5.2).

---

>       (Section 4.2.2.1), token error response (Section 5.2), or resource

>       access error response (Section 7.2).

3596a3554,3557

>    [USASCII]  American National Standards Institute, "Coded Character

>               Set -- 7-bit American Standard Code for Information

>               Interchange", ANSI X3.4, 1986.

>

3611,3612c3572,3573

<               OAuth 2.0", draft-ietf-oauth-saml2-bearer-08 (work in

<               progress), August 2011.

---

>               OAuth 2.0", draft-ietf-oauth-saml2-bearer-12 (work in

>               progress), May 2012.

3616,3617c3577,3579

<               Protocol: Bearer Tokens", draft-ietf-oauth-v2-bearer-08

<               (work in progress), July 2011.

---

>               Authorization Protocol: Bearer Tokens",

>               draft-ietf-oauth-v2-bearer-19 (work in progress),

>               April 2012.

3620,3623c3589,3591

<               Hammer-Lahav, E., Barth, A., and B. Adida, "HTTP

<               Authentication: MAC Access Authentication",

<               draft-ietf-oauth-v2-http-mac-00 (work in progress),

<               May 2011.

---

>               Hammer-Lahav, E., "HTTP Authentication: MAC Access

>               Authentication", draft-ietf-oauth-v2-http-mac-01 (work in

>               progress), February 2012.

3626c3594

<               Lodderstedt, T., McGloin, M., and P. Hunt, "OAuth 2.0

---

>               McGloin, M., Hunt, P., and T. Lodderstedt, "OAuth 2.0

3628,3629c3596,3597

<               draft-ietf-oauth-v2-threatmodel-00 (work in progress),

<               July 2011.

---

>               draft-ietf-oauth-v2-threatmodel-02 (work in progress),

>               February 2012.

3468,3546d3503

<    Brian Eaton, Yaron Goland, Dick Hardt, and Allen Tom.

3639c3609,3639

>    Brian Eaton, Yaron Y. Goland, Dick Hardt, and Allen Tom.

3468,3546d3503

<    Yaron Goland, Brent Goldman, Kristoffer Gronowski, Justin Hart,

3644,3645c3644,3656

>    Yaron Y. Goland, Brent Goldman, Kristoffer Gronowski, Justin Hart,

3468,3546d3503

<    This document was produced under the chairmanship of Blaine Cook,

<    Peter Saint-Andre, Hannes Tschofenig, and Barry Leiba.  The area

<    directors included Lisa Dusseault, Peter Saint-Andre, and Stephen

<    Farrell.

3646a3658,3661

>    This document was produced under the chairmanship of Blaine Cook,

>    Peter Saint-Andre, Hannes Tschofenig, Barry Leiba, and Derek Atkins.

>    The area directors included Lisa Dusseault, Peter Saint-Andre, and

>    Stephen Farrell.



-----Original Message-----
From: oauth-bounces@ietf.org<mailto:oauth-bounces@ietf.org> [mailto:oauth-b=
ounces@ietf.org<mailto:oauth-bounces@ietf.org>] On Behalf Of Hannes Tschofe=
nig
Sent: Wednesday, May 23, 2012 11:27 AM
To: oauth@ietf.org<mailto:oauth@ietf.org> WG
Subject: [OAUTH-WG] Error Encoding: Conclusion



Hi all,



on May 10th we called for consensus on an open issue regarding the error en=
coding. Here is the link to the call:

http://www.ietf.org/mail-archive/web/oauth/current/msg08994.html



Thank you all for the feedback. The conclusion of the consensus call was to=
 harmonize the encoding between the two specifications by incorporating the=
 restrictions from the bearer specification into the base specification. Th=
e error encoding will go into the core specification and the bearer specifi=
cation will reference it.



Ciao

Hannes & Derek



_______________________________________________

OAuth mailing list

OAuth@ietf.org<mailto:OAuth@ietf.org>

https://www.ietf.org/mailman/listinfo/oauth



_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth


--_000_4E1F6AAD24975D4BA5B16804296739436651E440TK5EX14MBXC284r_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
p
	{mso-style-priority:99;
	mso-margin-top-alt:auto;
	margin-right:0in;
	mso-margin-bottom-alt:auto;
	margin-left:0in;
	font-size:12.0pt;
	font-family:"Times New Roman","serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
	{mso-style-priority:99;
	mso-style-link:"Balloon Text Char";
	margin:0in;
	margin-bottom:.0001pt;
	font-size:8.0pt;
	font-family:"Tahoma","sans-serif";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
	{mso-style-priority:34;
	margin-top:0in;
	margin-right:0in;
	margin-bottom:0in;
	margin-left:.5in;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman","serif";}
span.BalloonTextChar
	{mso-style-name:"Balloon Text Char";
	mso-style-priority:99;
	mso-style-link:"Balloon Text";
	font-family:"Tahoma","sans-serif";}
span.EmailStyle21
	{mso-style-type:personal;
	font-family:"Calibri","sans-serif";
	color:#1F497D;}
span.EmailStyle22
	{mso-style-type:personal-reply;
	font-family:"Calibri","sans-serif";
	color:#002060;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:10.0pt;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#002060">I&#8217;ve made another s=
et of updates to a copy of Core -26 to address the questions raised by Eran=
 and David below (attached).<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#002060"><o:p>&nbsp;</o:p></span><=
/p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#002060">An unrelated change that =
you should probably pick up, Eran is adding this to the &lt;front&gt; secti=
on, so that the heading shows that the draft is a product of the
 &#8220;OAuth Working Group&#8221; rather than the &#8220;Network Working G=
roup&#8221;:<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#002060">&nbsp;&nbsp;&nbsp; &lt;ar=
ea&gt;Security&lt;/area&gt;<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#002060">&nbsp;&nbsp;&nbsp; &lt;wo=
rkgroup&gt;OAuth Working Group&lt;/workgroup&gt;<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#002060"><o:p>&nbsp;</o:p></span><=
/p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#002060">One change I didn&#8217;t=
 make, but that should be considered, is to delete the reference to OASIS.s=
aml-core-2.0-os, since it is used by no &lt;xref&gt; in the document.<o:p><=
/o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#002060"><o:p>&nbsp;</o:p></span><=
/p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#002060">The new proposed text for=
 Section 7.2 follows:<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#002060"><o:p>&nbsp;</o:p></span><=
/p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;">7.2.&nbsp; Error Response<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;">&nbsp;&nbsp; If a resource access request fails, the resou=
rce server SHOULD inform<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;">&nbsp;&nbsp; the client of the error.&nbsp; While the spec=
ific error responses possible<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;">&nbsp;&nbsp; and methods for transmitting those errors whe=
n using any particular<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;">&nbsp;&nbsp; access token type are beyond the scope of thi=
s specification, any<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;">&nbsp;&nbsp; &quot;error&quot; code values defined for use=
 with OAuth resource access<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;">&nbsp;&nbsp; methods MUST be registered (following the pro=
cedures in<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;">&nbsp;&nbsp; Section 11.4).<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;">&nbsp;&nbsp; Specifically, when the OAuth resource access =
method uses an &quot;error&quot;<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;">&nbsp;&nbsp; result parameter to return an error code valu=
e that indicates the<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;">&nbsp;&nbsp; resource access error encountered, then these=
 error code values MUST<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;">&nbsp;&nbsp; be registered.&nbsp; Values for these &quot;e=
rror&quot; codes MUST NOT include<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;">&nbsp;&nbsp; characters outside the set %x20-21 / %x23-5B =
/ %x5D-7E. When an<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;">&nbsp;&nbsp; &quot;error&quot; code value is registered fo=
r use by an OAuth resource access<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;">&nbsp;&nbsp; method, should that same code already be regi=
stered for use by<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;">&nbsp;&nbsp; another OAuth resource access method or at a =
different OAuth error<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;">&nbsp;&nbsp; usage location, then the meaning of that erro=
r code value in in the<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;">&nbsp;&nbsp; new registration MUST be consistent with the =
its meaning in prior<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;">&nbsp;&nbsp; registrations.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;">&nbsp;&nbsp; The OAuth resource access error registration =
requirement applies only<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;">&nbsp;&nbsp; to &quot;error&quot; code values and not to o=
ther means of returning error<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;">&nbsp;&nbsp; indications, including HTTP status codes, or =
other error-related<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;">&nbsp;&nbsp; result parameters, such as &quot;error_descri=
ption&quot;, &quot;error_uri&quot;, or other<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;">&nbsp;&nbsp; kinds of error status return methods that may=
 be employed by the<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;">&nbsp;&nbsp; resource access method.&nbsp; There is no req=
uirement that OAuth resource<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Co=
urier New&quot;">&nbsp;&nbsp; access methods employ an &quot;error&quot; pa=
rameter.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#002060">Hopefully incorporating t=
hese changes will enable us to close the remaining DISCUSS issues on both t=
he Core and Bearer drafts.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#002060"><o:p>&nbsp;</o:p></span><=
/p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#002060">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Thanks all,<o:p></o:p=
></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#002060">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- Mike<o:p></o:p></s=
pan></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#002060"><o:p>&nbsp;</o:p></span><=
/p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#002060"><o:p>&nbsp;</o:p></span><=
/p>
<div>
<div style=3D"border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in =
0in 0in">
<p class=3D"MsoNormal"><b><span style=3D"font-size:10.0pt;font-family:&quot=
;Tahoma&quot;,&quot;sans-serif&quot;">From:</span></b><span style=3D"font-s=
ize:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;"> Eran Ham=
mer [mailto:eran@hueniverse.com]
<br>
<b>Sent:</b> Wednesday, May 23, 2012 11:45 PM<br>
<b>To:</b> David Recordon; Mike Jones; Hannes Tschofenig<br>
<b>Cc:</b> oauth@ietf.org WG<br>
<b>Subject:</b> RE: [OAUTH-WG] Error Encoding: Conclusion<o:p></o:p></span>=
</p>
</div>
</div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal"><span style=3D"font-family:&quot;Calibri&quot;,&quot=
;sans-serif&quot;;color:#1F497D">With the exception of section 7.2, the cha=
nges look reasonable and will be applied in the next revision.<o:p></o:p></=
span></p>
<p class=3D"MsoNormal"><span style=3D"font-family:&quot;Calibri&quot;,&quot=
;sans-serif&quot;;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-family:&quot;Calibri&quot;,&quot=
;sans-serif&quot;;color:#1F497D">The new section 7.2 is confusion and does =
not explain the new registry. The section introduces a new requirement to r=
egister &#8216;any error codes defined for use with OAuth resource
 access methods&#8217;. This requirement is too vague.<o:p></o:p></span></p=
>
<p class=3D"MsoNormal"><span style=3D"font-family:&quot;Calibri&quot;,&quot=
;sans-serif&quot;;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-family:&quot;Calibri&quot;,&quot=
;sans-serif&quot;;color:#1F497D">I have no clue how to (for example) apply =
this text to the MAC draft. Adding to David&#8217;s list below:<o:p></o:p><=
/span></p>
<p class=3D"MsoNormal"><span style=3D"font-family:&quot;Calibri&quot;,&quot=
;sans-serif&quot;;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-family:&quot;Calibri&quot;,&quot=
;sans-serif&quot;;color:#1F497D">* Should the HTTP status codes used by the=
 MAC spec as currently written be registered (since no guidance is given to=
 the use of an error parameter)?<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-family:&quot;Calibri&quot;,&quot=
;sans-serif&quot;;color:#1F497D">* Does this introduce a requirement to add=
 an error parameter?<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-family:&quot;Calibri&quot;,&quot=
;sans-serif&quot;;color:#1F497D">* Does the parameter need to / should be c=
alled &#8216;error&#8217;?<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-family:&quot;Calibri&quot;,&quot=
;sans-serif&quot;;color:#1F497D">* What about future methods in which error=
s are not simply expressed in the form of a fixes string?<o:p></o:p></span>=
</p>
<p class=3D"MsoNormal"><span style=3D"font-family:&quot;Calibri&quot;,&quot=
;sans-serif&quot;;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-family:&quot;Calibri&quot;,&quot=
;sans-serif&quot;;color:#1F497D">EH<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1F497D"><o:p>&nbsp;</o:p></span><=
/p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1F497D"><o:p>&nbsp;</o:p></span><=
/p>
<div style=3D"border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in =
4.0pt">
<div>
<div style=3D"border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in =
0in 0in">
<p class=3D"MsoNormal"><b><span style=3D"font-size:10.0pt;font-family:&quot=
;Tahoma&quot;,&quot;sans-serif&quot;">From:</span></b><span style=3D"font-s=
ize:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;"> David Re=
cordon
<a href=3D"mailto:[mailto:recordond@gmail.com]">[mailto:recordond@gmail.com=
]</a> <br>
<b>Sent:</b> Wednesday, May 23, 2012 11:38 PM<br>
<b>To:</b> Mike Jones; Hannes Tschofenig; Eran Hammer<br>
<b>Cc:</b> <a href=3D"mailto:oauth@ietf.org">oauth@ietf.org</a> WG<br>
<b>Subject:</b> Re: [OAUTH-WG] Error Encoding: Conclusion<o:p></o:p></span>=
</p>
</div>
</div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Honestly still trying to fully wrap my head around w=
hat's going on here since it seems far more complex than the threads are al=
luding to. In any case, does Mike's text address what Eran brought up as ne=
eded in the thread Hannes referenced
 or is Eran wrong?<o:p></o:p></p>
<div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
<blockquote style=3D"margin-left:30.0pt;margin-top:5.0pt;margin-right:0in;m=
argin-bottom:5.0pt">
<div>
<p class=3D"MsoNormal">The core spec currently provides full guidance and d=
efinition for error extensibility. Extending the registry's scope means the=
 need for non-trivial new text that:<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
<div>
<p class=3D"MsoNormal">* explains the process of adding new errors for endp=
oints not defined by this specification,<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal">* finds a common ground for value restrictions beyon=
d what is already listed,<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal">* guide authors of future HTTP authentication scheme=
s meant for use with OAuth (e.g. MAC) for their requirements for using the =
error registry, and<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal">* address the very likely scenario of the same error=
 code carrying different meanings in different endpoints, or an extension t=
hat adds a location to a code already defined elsewhere - something very li=
kely to happen if you cross the two
 very different domains (OAuth endpoints, Protected resource endpoints). Th=
is requires changing the entire structure of the registry to create separat=
e records for each code/location pair.<o:p></o:p></p>
</div>
</blockquote>
<div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
<div>
<p class=3D"MsoNormal" style=3D"margin-bottom:12.0pt">Thanks,<br>
--David<o:p></o:p></p>
<div>
<p class=3D"MsoNormal">On Wed, May 23, 2012 at 10:22 PM, Mike Jones &lt;<a =
href=3D"mailto:Michael.Jones@microsoft.com" target=3D"_blank">Michael.Jones=
@microsoft.com</a>&gt; wrote:<o:p></o:p></p>
<div>
<div>
<p>Thanks Hannes.&nbsp; In the interest of hopefully completing the edits t=
o remove the DISCUSS issues for the Bearer and Core specs in the next few d=
ays so that we can send the docs to the RFC editors, I'd like to propose sp=
ecific language for the Core spec to
 address both of the consensus call issue resolutions.&nbsp; After there's =
consensus on the specific text for Core, it will be easy for us to add a re=
ference in Bearer to the language in Core for the error syntax restrictions=
 and to use the OAuth errors registry.&nbsp;
 I'll do that in parallel with the discussions on the proposed core languag=
e changes.<o:p></o:p></p>
<p>&nbsp;<o:p></o:p></p>
<p>A summary of the changes I made in response to the consensus call conclu=
sions are:<o:p></o:p></p>
<p style=3D"margin-left:.5in"><span style=3D"font-family:Symbol">&middot;</=
span><span style=3D"font-size:7.0pt">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;
</span>Add syntax restrictions for &#8220;error&#8221;, &#8220;error_descri=
ption&#8221;, and &#8220;error_uri&#8221; from Bearer to Core<o:p></o:p></p=
>
<p style=3D"margin-left:.5in"><span style=3D"font-family:Symbol">&middot;</=
span><span style=3D"font-size:7.0pt">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;
</span>Add section 7.2 about error responses from resource access requests<=
o:p></o:p></p>
<p style=3D"margin-left:.5in"><span style=3D"font-family:Symbol">&middot;</=
span><span style=3D"font-size:7.0pt">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;
</span>Add &#8220;resource access error response&#8221; to the category of =
OAuth errors that can be registered<o:p></o:p></p>
<p>&nbsp;<o:p></o:p></p>
<p>Additional editorial changes that I made as I encountered issues in the =
document were:<o:p></o:p></p>
<p style=3D"margin-left:.5in"><span style=3D"font-family:Symbol">&middot;</=
span><span style=3D"font-size:7.0pt">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;
</span>Updated out of date references, especially the draft-hardt-oauth-01 =
reference, which contained an invalid link<o:p></o:p></p>
<p style=3D"margin-left:.5in"><span style=3D"font-family:Symbol">&middot;</=
span><span style=3D"font-size:7.0pt">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;
</span>Added Derek Atkins to the list of chairs<o:p></o:p></p>
<p style=3D"margin-left:.5in"><span style=3D"font-family:Symbol">&middot;</=
span><span style=3D"font-size:7.0pt">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;
</span>Added Yaron Goland&#8217;s middle initial Y. (since he prefers to in=
clude it in publications)<o:p></o:p></p>
<p style=3D"margin-left:.5in"><span style=3D"font-family:Symbol">&middot;</=
span><span style=3D"font-size:7.0pt">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;
</span>Replaced use of the deprecated &lt;appendix&gt; element, which preve=
nted the spec from building with strict checking, with a &lt;section&gt; el=
ement in the &lt;back&gt; section (which creates an appendix)<o:p></o:p></p=
>
<p>&nbsp;<o:p></o:p></p>
<p>To make it easy to incorporate these changes into the document and so th=
e proposed changes are unambiguous, I produced an edited version of Core -2=
6 containing these changes.&nbsp; The xml, txt, and html versions are attac=
hed to facilitate review.&nbsp; Pertinent
 diffs from the .txt version follow.<o:p></o:p></p>
<p>&nbsp;<o:p></o:p></p>
<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Cheers,<o:p></o:p=
></p>
<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- Mike<o:p></o:p=
></p>
<p>&nbsp;<o:p></o:p></p>
<p>683c683,684<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp; notation of [RFC5234].<o:p></o:p></p>
<p>---<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; notation of [RFC5234].&nbsp; Additionally, the ru=
le URI-Reference is<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; included from Uniform Resource Identifier (URI) [=
RFC3986].<o:p></o:p></p>
<p>1441c1441,1442<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;REQUIRED.&nbs=
p; A single error code from the following:<o:p></o:p></p>
<p>---<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; REQUIRED.&nbs=
p; A single ASCII [USASCII] error code from the<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; following:<o:=
p></o:p></p>
<p>1474a1475,1476<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Values for th=
e &quot;error&quot; parameter MUST NOT include characters<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; outside the s=
et %x20-21 / %x23-5B / %x5D-7E.<o:p></o:p></p>
<p>1476c1478<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; OPTIONAL.&nbs=
p; A human-readable UTF-8 encoded text providing<o:p></o:p></p>
<p>---<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; OPTIONAL.&nbs=
p; A human-readable ASCII [USASCII] text providing<o:p></o:p></p>
<p>1478a1481,1482<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Values for th=
e &quot;error_description&quot; parameter MUST NOT include<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; characters ou=
tside the set %x20-21 / %x23-5B / %x5D-7E.<o:p></o:p></p>
<p>1482a1487,1489<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Values for th=
e &quot;error_uri&quot; parameter MUST conform to the URI-<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Reference syn=
tax, and thus MUST NOT include characters outside<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; the set %x21 =
/ %x23-5B / %x5D-7E.<o:p></o:p></p>
<p>1840c1840,1841<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; REQUIRED.&nbs=
p; A single error code from the following:<o:p></o:p></p>
<p>---<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; REQUIRED.&nbs=
p; A single ASCII [USASCII] error code from the<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; following:<o:=
p></o:p></p>
<p>1873a1874,1875<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Values for th=
e &quot;error&quot; parameter MUST NOT include characters<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; outside the s=
et %x20-21 / %x23-5B / %x5D-7E.<o:p></o:p></p>
<p>1875c1877<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; OPTIONAL.&nbs=
p; A human-readable UTF-8 encoded text providing<o:p></o:p></p>
<p>---<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; OPTIONAL.&nbs=
p; A human-readable ASCII [USASCII] text providing<o:p></o:p></p>
<p>1877a1880,1881<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Values for th=
e &quot;error_description&quot; parameter MUST NOT include<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; characters ou=
tside the set %x20-21 / %x23-5B / %x5D-7E.<o:p></o:p></p>
<p>1881a1886,1888<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Values for th=
e &quot;error_uri&quot; parameter MUST conform to the URI-<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Reference syn=
tax, and thus MUST NOT include characters outside<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; the set %x21 =
/ %x23-5B / %x5D-7E.<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; REQUIRED.&nbs=
p; A single error code from the following:<o:p></o:p></p>
<p>---<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; REQUIRED.&nbs=
p; A single ASCII [USASCII] error code from the<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; following:<o:=
p></o:p></p>
<p>2325a2326,2327<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Values for th=
e &quot;error&quot; parameter MUST NOT include characters<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; outside the s=
et %x20-21 / %x23-5B / %x5D-7E.<o:p></o:p></p>
<p>2327c2329<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; OPTIONAL.&nbs=
p; A human-readable UTF-8 encoded text providing<o:p></o:p></p>
<p>---<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; OPTIONAL.&nbs=
p; A human-readable ASCII [USASCII] text providing<o:p></o:p></p>
<p>2329a2332,2333<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Values for th=
e &quot;error_description&quot; parameter MUST NOT include<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; characters ou=
tside the set %x20-21 / %x23-5B / %x5D-7E.<o:p></o:p></p>
<p>2333a2338,2340<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Values for th=
e &quot;error_uri&quot; parameter MUST conform to the URI-<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Reference syn=
tax, and thus MUST NOT include characters outside<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; the set %x21 =
/ %x23-5B / %x5D-7E.<o:p></o:p></p>
<p>2450c2460,2468<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp; The method in which the client utilized the acces=
s token to<o:p></o:p></p>
<p>---<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; The method in which the client utilizes the acces=
s token to<o:p></o:p></p>
<p>2479c2489<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Authorization: Bearer 7Fjfp0ZBr1KtDRb=
nfVdmIw<o:p></o:p></p>
<p>---<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Authorization: Bearer mF_9.B5f-4.1JqM=
<o:p></o:p></p>
<p>2503a2514,2533<o:p></o:p></p>
<p>&gt; <o:p></o:p></p>
<p>&gt; 7.2.&nbsp; Error Response<o:p></o:p></p>
<p>&gt; <o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; If a resource access request fails, the resource =
server SHOULD inform<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; the client of the error.&nbsp; While the specific=
 error responses possible<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; and methods for transmitting those errors when us=
ing any particular<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; access token type are beyond the scope of this sp=
ecification, any<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; error codes defined for use with OAuth resource a=
ccess methods MUST<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; be registered (following the procedures in Sectio=
n 11.4).<o:p></o:p></p>
<p>&gt; <o:p></o:p></p>
<p>&gt; <o:p></o:p></p>
<p>2602,2603c2624,2626<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp; (Section 4.2.2.1), or the token error response (S=
ection 5.2), such<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp; error codes MAY be defined.<o:p></o:p></p>
<p>---<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; (Section 4.2.2.1), the token error response (Sect=
ion 5.2), or the<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; resource access error response (Section 7.2), suc=
h error codes MAY be<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; defined.<o:p></o:p></p>
<p>3444c3484,3485<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (Section 4.2.2.1), or token err=
or response (Section 5.2).<o:p></o:p></p>
<p>---<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (Section 4.2.2.1), token error =
response (Section 5.2), or resource<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; access error response (Section =
7.2).<o:p></o:p></p>
<p>3596a3554,3557<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; [USASCII]&nbsp; American National Standards Insti=
tute, &quot;Coded Character<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; Set -- 7-bit American Standard Code for Information<o:p></=
o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; Interchange&quot;, ANSI X3.4, 1986.<o:p></o:p></p>
<p>&gt; <o:p></o:p></p>
<p>3611,3612c3572,3573<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; OAuth 2.0&quot;, draft-ietf-oauth-saml2-bearer-08 (work in=
<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; progress), August 2011.<o:p></o:p></p>
<p>---<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; OAuth 2.0&quot;, draft-ietf-oauth-saml2-bearer-12 (work in=
<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; progress), May 2012.<o:p></o:p></p>
<p>3616,3617c3577,3579<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; Protocol: Bearer Tokens&quot;, draft-ietf-oauth-v2-bearer-=
08<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; (work in progress), July 2011.<o:p></o:p></p>
<p>---<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; Authorization Protocol: Bearer Tokens&quot;,<o:p></o:p></p=
>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; draft-ietf-oauth-v2-bearer-19 (work in progress),<o:p></o:=
p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; April 2012.<o:p></o:p></p>
<p>3620,3623c3589,3591<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; Hammer-Lahav, E., Barth, A., and B. Adida, &quot;HTTP<o:p>=
</o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; Authentication: MAC Access Authentication&quot;,<o:p></o:p=
></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; draft-ietf-oauth-v2-http-mac-00 (work in progress),<o:p></=
o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; May 2011.<o:p></o:p></p>
<p>---<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; Hammer-Lahav, E., &quot;HTTP Authentication: MAC Access<o:=
p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; Authentication&quot;, draft-ietf-oauth-v2-http-mac-01 (wor=
k in<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; progress), February 2012.<o:p></o:p></p>
<p>3626c3594<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; Lodderstedt, T., McGloin, M., and P. Hunt, &quot;OAuth 2.0=
<o:p></o:p></p>
<p>---<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; McGloin, M., Hunt, P., and T. Lodderstedt, &quot;OAuth 2.0=
<o:p></o:p></p>
<p>3628,3629c3596,3597<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; draft-ietf-oauth-v2-threatmodel-00 (work in progress),<o:p=
></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; July 2011.<o:p></o:p></p>
<p>---<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; draft-ietf-oauth-v2-threatmodel-02 (work in progress),<o:p=
></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; February 2012.<o:p></o:p></p>
<p>3468,3546d3503<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp; &nbsp;Brian Eaton, Yaron Goland, Dick Hardt, and Allen =
Tom.<o:p></o:p></p>
<p>3639c3609,3639<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; Brian Eaton, Yaron Y. Goland, Dick Hardt, and All=
en Tom.<o:p></o:p></p>
<p>3468,3546d3503<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp; Yaron Goland, Brent Goldman, Kristoffer Gronowski=
, Justin Hart,<o:p></o:p></p>
<p>3644,3645c3644,3656<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; Yaron Y. Goland, Brent Goldman, Kristoffer Gronow=
ski, Justin Hart,<o:p></o:p></p>
<p>3468,3546d3503<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp; This document was produced under the chairmanship=
 of Blaine Cook,<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp; Peter Saint-Andre, Hannes Tschofenig, and Barry L=
eiba.&nbsp; The area<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp; directors included Lisa Dusseault, Peter Saint-An=
dre, and Stephen<o:p></o:p></p>
<p>&lt;&nbsp;&nbsp;&nbsp; Farrell.<o:p></o:p></p>
<p>3646a3658,3661<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; This document was produced under the chairmanship=
 of Blaine Cook,<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; Peter Saint-Andre, Hannes Tschofenig, Barry Leiba=
, and Derek Atkins.<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; The area directors included Lisa Dusseault, Peter=
 Saint-Andre, and<o:p></o:p></p>
<p>&gt;&nbsp;&nbsp;&nbsp; Stephen Farrell.<o:p></o:p></p>
<div>
<div>
<p>&nbsp;<o:p></o:p></p>
<p>-----Original Message-----<br>
From: <a href=3D"mailto:oauth-bounces@ietf.org" target=3D"_blank">oauth-bou=
nces@ietf.org</a> [mailto:<a href=3D"mailto:oauth-bounces@ietf.org" target=
=3D"_blank">oauth-bounces@ietf.org</a>] On Behalf Of Hannes Tschofenig<br>
Sent: Wednesday, May 23, 2012 11:27 AM<br>
To: <a href=3D"mailto:oauth@ietf.org" target=3D"_blank">oauth@ietf.org</a> =
WG<br>
Subject: [OAUTH-WG] Error Encoding: Conclusion<o:p></o:p></p>
<p>&nbsp;<o:p></o:p></p>
<p>Hi all, <o:p></o:p></p>
<p>&nbsp;<o:p></o:p></p>
<p>on May 10th we called for consensus on an open issue regarding the error=
 encoding. Here is the link to the call:
<o:p></o:p></p>
<p><a href=3D"http://www.ietf.org/mail-archive/web/oauth/current/msg08994.h=
tml" target=3D"_blank"><span style=3D"color:windowtext;text-decoration:none=
">http://www.ietf.org/mail-archive/web/oauth/current/msg08994.html</span></=
a><o:p></o:p></p>
<p>&nbsp;<o:p></o:p></p>
<p>Thank you all for the feedback. The conclusion of the consensus call was=
 to harmonize the encoding between the two specifications by incorporating =
the restrictions from the bearer specification into the base specification.=
 The error encoding will go into
 the core specification and the bearer specification will reference it. <o:=
p></o:p></p>
<p>&nbsp;<o:p></o:p></p>
<p>Ciao<o:p></o:p></p>
<p>Hannes &amp; Derek<o:p></o:p></p>
<p>&nbsp;<o:p></o:p></p>
<p>_______________________________________________<o:p></o:p></p>
<p>OAuth mailing list<o:p></o:p></p>
<p><a href=3D"mailto:OAuth@ietf.org" target=3D"_blank"><span style=3D"color=
:windowtext;text-decoration:none">OAuth@ietf.org</span></a><o:p></o:p></p>
<p><a href=3D"https://www.ietf.org/mailman/listinfo/oauth" target=3D"_blank=
"><span style=3D"color:windowtext;text-decoration:none">https://www.ietf.or=
g/mailman/listinfo/oauth</span></a><o:p></o:p></p>
<p>&nbsp;<o:p></o:p></p>
</div>
</div>
</div>
</div>
<p class=3D"MsoNormal" style=3D"margin-bottom:12.0pt"><br>
_______________________________________________<br>
OAuth mailing list<br>
<a href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/oauth" target=3D"_blank">h=
ttps://www.ietf.org/mailman/listinfo/oauth</a><o:p></o:p></p>
</div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
</div>
</div>
</body>
</html>

--_000_4E1F6AAD24975D4BA5B16804296739436651E440TK5EX14MBXC284r_--

--_006_4E1F6AAD24975D4BA5B16804296739436651E440TK5EX14MBXC284r_
Content-Type: text/xml; name="draft-ietf-oauth-v2-26+mbj-2.xml"
Content-Description: draft-ietf-oauth-v2-26+mbj-2.xml
Content-Disposition: attachment;
	filename="draft-ietf-oauth-v2-26+mbj-2.xml"; size=179394;
	creation-date="Tue, 29 May 2012 22:13:40 GMT";
	modification-date="Tue, 29 May 2012 22:53:11 GMT"
Content-Transfer-Encoding: base64

PD94bWwgdmVyc2lvbj0nMS4wJyBlbmNvZGluZz0nVVRGLTgnID8+CjwhRE9DVFlQRSByZmMgU1lT
VEVNICdyZmMyNjI5LmR0ZCc+Cjw/eG1sLXN0eWxlc2hlZXQgdHlwZT0ndGV4dC94c2wnIGhyZWY9
J3JmYzI2MjkueHNsdCcgPz4KCjxyZmMgY2F0ZWdvcnk9J3N0ZCcgaXByPSd0cnVzdDIwMDkwMicg
b2Jzb2xldGVzPSc1ODQ5JyBkb2NOYW1lPSdkcmFmdC1pZXRmLW9hdXRoLXYyLTI3Jz4KICA8P3Jm
YyBzdHJpY3Q9J3llcycgPz4KICA8P3JmYyB0b2M9J3llcycgPz4KICA8P3JmYyB0b2NkZXB0aD0n
MycgPz4KICA8P3JmYyBzeW1yZWZzPSd5ZXMnID8+CiAgPD9yZmMgc29ydHJlZnM9J3llcycgPz4K
ICA8P3JmYyBjb21wYWN0PSd5ZXMnID8+CiAgPD9yZmMgc3ViY29tcGFjdD0neWVzJyA/PgoKICAK
ICA8ZnJvbnQ+CiAgICA8dGl0bGUgYWJicmV2PSdPQXV0aCAyLjAnPlRoZSBPQXV0aCAyLjAgQXV0
aG9yaXphdGlvbiBGcmFtZXdvcms8L3RpdGxlPgoKICAgIDxhdXRob3IgZnVsbG5hbWU9J0VyYW4g
SGFtbWVyJyBzdXJuYW1lPSdIYW1tZXInIGluaXRpYWxzPSdFJyByb2xlPSdlZGl0b3InPgogICAg
ICA8b3JnYW5pemF0aW9uPjwvb3JnYW5pemF0aW9uPgogICAgICA8YWRkcmVzcz4KICAgICAgICA8
ZW1haWw+ZXJhbkBodWVuaXZlcnNlLmNvbTwvZW1haWw+CiAgICAgICAgPHVyaT5odHRwOi8vaHVl
bml2ZXJzZS5jb208L3VyaT4KICAgICAgPC9hZGRyZXNzPgogICAgPC9hdXRob3I+CiAgICA8YXV0
aG9yIGZ1bGxuYW1lPSdEYXZpZCBSZWNvcmRvbicgc3VybmFtZT0nUmVjb3Jkb24nIGluaXRpYWxz
PSdEJz4KICAgICAgPG9yZ2FuaXphdGlvbj5GYWNlYm9vazwvb3JnYW5pemF0aW9uPgogICAgICA8
YWRkcmVzcz4KICAgICAgICA8ZW1haWw+ZHJAZmIuY29tPC9lbWFpbD4KICAgICAgICA8dXJpPmh0
dHA6Ly93d3cuZGF2aWRyZWNvcmRvbi5jb20vPC91cmk+CiAgICAgIDwvYWRkcmVzcz4KICAgIDwv
YXV0aG9yPgogICAgPGF1dGhvciBmdWxsbmFtZT0nRGljayBIYXJkdCcgc3VybmFtZT0nSGFyZHQn
IGluaXRpYWxzPSdEJz4KICAgICAgPG9yZ2FuaXphdGlvbj5NaWNyb3NvZnQ8L29yZ2FuaXphdGlv
bj4KICAgICAgPGFkZHJlc3M+CiAgICAgICAgPGVtYWlsPmRpY2suaGFyZHRAZ21haWwuY29tPC9l
bWFpbD4KICAgICAgICA8dXJpPmh0dHA6Ly9kaWNraGFyZHQub3JnLzwvdXJpPgogICAgICA8L2Fk
ZHJlc3M+CiAgICA8L2F1dGhvcj4KCiAgICA8ZGF0ZSB5ZWFyPScyMDEyJyAvPgoKICAgIDxhcmVh
PlNlY3VyaXR5PC9hcmVhPgogICAgPHdvcmtncm91cD5PQXV0aCBXb3JraW5nIEdyb3VwPC93b3Jr
Z3JvdXA+CgogICAgPGFic3RyYWN0PgogICAgICA8dD4KICAgICAgICBUaGUgT0F1dGggMi4wIGF1
dGhvcml6YXRpb24gZnJhbWV3b3JrIGVuYWJsZXMgYSB0aGlyZC1wYXJ0eSBhcHBsaWNhdGlvbiB0
byBvYnRhaW4gbGltaXRlZAogICAgICAgIGFjY2VzcyB0byBhbiBIVFRQIHNlcnZpY2UsIGVpdGhl
ciBvbiBiZWhhbGYgb2YgYSByZXNvdXJjZSBvd25lciBieSBvcmNoZXN0cmF0aW5nIGFuIGFwcHJv
dmFsCiAgICAgICAgaW50ZXJhY3Rpb24gYmV0d2VlbiB0aGUgcmVzb3VyY2Ugb3duZXIgYW5kIHRo
ZSBIVFRQIHNlcnZpY2UsIG9yIGJ5IGFsbG93aW5nIHRoZSB0aGlyZC1wYXJ0eQogICAgICAgIGFw
cGxpY2F0aW9uIHRvIG9idGFpbiBhY2Nlc3Mgb24gaXRzIG93biBiZWhhbGYuIFRoaXMgc3BlY2lm
aWNhdGlvbiByZXBsYWNlcyBhbmQgb2Jzb2xldGVzCiAgICAgICAgdGhlIE9BdXRoIDEuMCBwcm90
b2NvbCBkZXNjcmliZWQgaW4gUkZDIDU4NDkuCiAgICAgIDwvdD4KICAgIDwvYWJzdHJhY3Q+CiAg
PC9mcm9udD4KCiAgPG1pZGRsZT4KCiAgICA8c2VjdGlvbiB0aXRsZT0nSW50cm9kdWN0aW9uJz4K
ICAgICAgPHQ+CiAgICAgICAgSW4gdGhlIHRyYWRpdGlvbmFsIGNsaWVudC1zZXJ2ZXIgYXV0aGVu
dGljYXRpb24gbW9kZWwsIHRoZSBjbGllbnQgcmVxdWVzdHMgYW4gYWNjZXNzCiAgICAgICAgcmVz
dHJpY3RlZCByZXNvdXJjZSAocHJvdGVjdGVkIHJlc291cmNlKSBvbiB0aGUgc2VydmVyIGJ5IGF1
dGhlbnRpY2F0aW5nIHdpdGggdGhlIHNlcnZlcgogICAgICAgIHVzaW5nIHRoZSByZXNvdXJjZSBv
d25lcidzIGNyZWRlbnRpYWxzLiBJbiBvcmRlciB0byBwcm92aWRlIHRoaXJkLXBhcnR5IGFwcGxp
Y2F0aW9ucyBhY2Nlc3MKICAgICAgICB0byByZXN0cmljdGVkIHJlc291cmNlcywgdGhlIHJlc291
cmNlIG93bmVyIHNoYXJlcyBpdHMgY3JlZGVudGlhbHMgd2l0aCB0aGUgdGhpcmQtcGFydHkuCiAg
ICAgICAgVGhpcyBjcmVhdGVzIHNldmVyYWwgcHJvYmxlbXMgYW5kIGxpbWl0YXRpb25zOgogICAg
ICA8L3Q+CiAgICAgIDx0PgogICAgICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4KICAgICAgICAg
IDx0PgogICAgICAgICAgICBUaGlyZC1wYXJ0eSBhcHBsaWNhdGlvbnMgYXJlIHJlcXVpcmVkIHRv
IHN0b3JlIHRoZSByZXNvdXJjZSBvd25lcidzIGNyZWRlbnRpYWxzCiAgICAgICAgICAgIGZvciBm
dXR1cmUgdXNlLCB0eXBpY2FsbHkgYSBwYXNzd29yZCBpbiBjbGVhci10ZXh0LgogICAgICAgICAg
PC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIFNlcnZlcnMgYXJlIHJlcXVpcmVkIHRvIHN1
cHBvcnQgcGFzc3dvcmQgYXV0aGVudGljYXRpb24sIGRlc3BpdGUgdGhlIHNlY3VyaXR5CiAgICAg
ICAgICAgIHdlYWtuZXNzZXMgaW5oZXJlbnQgaW4gcGFzc3dvcmRzLgogICAgICAgICAgPC90Pgog
ICAgICAgICAgPHQ+CiAgICAgICAgICAgIFRoaXJkLXBhcnR5IGFwcGxpY2F0aW9ucyBnYWluIG92
ZXJseSBicm9hZCBhY2Nlc3MgdG8gdGhlIHJlc291cmNlIG93bmVyJ3MgcHJvdGVjdGVkCiAgICAg
ICAgICAgIHJlc291cmNlcywgbGVhdmluZyByZXNvdXJjZSBvd25lcnMgd2l0aG91dCBhbnkgYWJp
bGl0eSB0byByZXN0cmljdCBkdXJhdGlvbiBvciBhY2Nlc3MKICAgICAgICAgICAgdG8gYSBsaW1p
dGVkIHN1YnNldCBvZiByZXNvdXJjZXMuCiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAg
ICAgICAgICAgUmVzb3VyY2Ugb3duZXJzIGNhbm5vdCByZXZva2UgYWNjZXNzIHRvIGFuIGluZGl2
aWR1YWwgdGhpcmQtcGFydHkgd2l0aG91dCByZXZva2luZwogICAgICAgICAgICBhY2Nlc3MgdG8g
YWxsIHRoaXJkLXBhcnRpZXMsIGFuZCBtdXN0IGRvIHNvIGJ5IGNoYW5naW5nIHRoZWlyIHBhc3N3
b3JkLgogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIENvbXByb21pc2Ug
b2YgYW55IHRoaXJkLXBhcnR5IGFwcGxpY2F0aW9uIHJlc3VsdHMgaW4gY29tcHJvbWlzZSBvZiB0
aGUgZW5kLXVzZXIncwogICAgICAgICAgICBwYXNzd29yZCBhbmQgYWxsIG9mIHRoZSBkYXRhIHBy
b3RlY3RlZCBieSB0aGF0IHBhc3N3b3JkLgogICAgICAgICAgPC90PgogICAgICAgIDwvbGlzdD4K
ICAgICAgPC90PgogICAgICA8dD4KICAgICAgICBPQXV0aCBhZGRyZXNzZXMgdGhlc2UgaXNzdWVz
IGJ5IGludHJvZHVjaW5nIGFuIGF1dGhvcml6YXRpb24gbGF5ZXIgYW5kIHNlcGFyYXRpbmcgdGhl
IHJvbGUKICAgICAgICBvZiB0aGUgY2xpZW50IGZyb20gdGhhdCBvZiB0aGUgcmVzb3VyY2Ugb3du
ZXIuIEluIE9BdXRoLCB0aGUgY2xpZW50IHJlcXVlc3RzIGFjY2VzcyB0bwogICAgICAgIHJlc291
cmNlcyBjb250cm9sbGVkIGJ5IHRoZSByZXNvdXJjZSBvd25lciBhbmQgaG9zdGVkIGJ5IHRoZSBy
ZXNvdXJjZSBzZXJ2ZXIsIGFuZCBpcyBpc3N1ZWQKICAgICAgICBhIGRpZmZlcmVudCBzZXQgb2Yg
Y3JlZGVudGlhbHMgdGhhbiB0aG9zZSBvZiB0aGUgcmVzb3VyY2Ugb3duZXIuCiAgICAgIDwvdD4K
ICAgICAgPHQ+CiAgICAgICAgSW5zdGVhZCBvZiB1c2luZyB0aGUgcmVzb3VyY2Ugb3duZXIncyBj
cmVkZW50aWFscyB0byBhY2Nlc3MgcHJvdGVjdGVkIHJlc291cmNlcywgdGhlIGNsaWVudAogICAg
ICAgIG9idGFpbnMgYW4gYWNjZXNzIHRva2VuIC0gYSBzdHJpbmcgZGVub3RpbmcgYSBzcGVjaWZp
YyBzY29wZSwgbGlmZXRpbWUsIGFuZCBvdGhlciBhY2Nlc3MKICAgICAgICBhdHRyaWJ1dGVzLiBB
Y2Nlc3MgdG9rZW5zIGFyZSBpc3N1ZWQgdG8gdGhpcmQtcGFydHkgY2xpZW50cyBieSBhbiBhdXRo
b3JpemF0aW9uIHNlcnZlciB3aXRoCiAgICAgICAgdGhlIGFwcHJvdmFsIG9mIHRoZSByZXNvdXJj
ZSBvd25lci4gVGhlIGNsaWVudCB1c2VzIHRoZSBhY2Nlc3MgdG9rZW4gdG8gYWNjZXNzIHRoZQog
ICAgICAgIHByb3RlY3RlZCByZXNvdXJjZXMgaG9zdGVkIGJ5IHRoZSByZXNvdXJjZSBzZXJ2ZXIu
CiAgICAgIDwvdD4KICAgICAgPHQ+CiAgICAgICAgRm9yIGV4YW1wbGUsIGFuIGVuZC11c2VyIChy
ZXNvdXJjZSBvd25lcikgY2FuIGdyYW50IGEgcHJpbnRpbmcgc2VydmljZSAoY2xpZW50KSBhY2Nl
c3MKICAgICAgICB0byBoZXIgcHJvdGVjdGVkIHBob3RvcyBzdG9yZWQgYXQgYSBwaG90byBzaGFy
aW5nIHNlcnZpY2UgKHJlc291cmNlIHNlcnZlciksIHdpdGhvdXQKICAgICAgICBzaGFyaW5nIGhl
ciB1c2VybmFtZSBhbmQgcGFzc3dvcmQgd2l0aCB0aGUgcHJpbnRpbmcgc2VydmljZS4gSW5zdGVh
ZCwgc2hlIGF1dGhlbnRpY2F0ZXMKICAgICAgICBkaXJlY3RseSB3aXRoIGEgc2VydmVyIHRydXN0
ZWQgYnkgdGhlIHBob3RvIHNoYXJpbmcgc2VydmljZSAoYXV0aG9yaXphdGlvbiBzZXJ2ZXIpIHdo
aWNoCiAgICAgICAgaXNzdWVzIHRoZSBwcmludGluZyBzZXJ2aWNlIGRlbGVnYXRpb24tc3BlY2lm
aWMgY3JlZGVudGlhbHMgKGFjY2VzcyB0b2tlbikuCiAgICAgIDwvdD4KICAgICAgPHQ+CiAgICAg
ICAgVGhpcyBzcGVjaWZpY2F0aW9uIGlzIGRlc2lnbmVkIGZvciB1c2Ugd2l0aCBIVFRQICg8eHJl
ZiB0YXJnZXQ9J1JGQzI2MTYnIC8+KS4gVGhlIHVzZSBvZgogICAgICAgIE9BdXRoIG92ZXIgYW55
IG90aGVyIHByb3RvY29sIHRoYW4gSFRUUCBpcyBvdXQgb2Ygc2NvcGUuCiAgICAgIDwvdD4KICAg
ICAgPHQ+CiAgICAgICAgVGhlIE9BdXRoIDEuMCBwcm90b2NvbCAoPHhyZWYgdGFyZ2V0PSdSRkM1
ODQ5JyAvPiksIHB1Ymxpc2hlZCBhcyBhbiBpbmZvcm1hdGlvbmFsIGRvY3VtZW50LAogICAgICAg
IHdhcyB0aGUgcmVzdWx0IG9mIGEgc21hbGwgYWQtaG9jIGNvbW11bml0eSBlZmZvcnQuIFRoaXMg
c3RhbmRhcmRzLXRyYWNrIHNwZWNpZmljYXRpb24gYnVpbGRzCiAgICAgICAgb24gdGhlIE9BdXRo
IDEuMCBkZXBsb3ltZW50IGV4cGVyaWVuY2UsIGFzIHdlbGwgYXMgYWRkaXRpb25hbCB1c2UgY2Fz
ZXMgYW5kIGV4dGVuc2liaWxpdHkKICAgICAgICByZXF1aXJlbWVudHMgZ2F0aGVyZWQgZnJvbSB0
aGUgd2lkZXIgSUVURiBjb21tdW5pdHkuIFRoZSBPQXV0aCAyLjAgcHJvdG9jb2wgaXMgbm90IGJh
Y2t3YXJkCiAgICAgICAgY29tcGF0aWJsZSB3aXRoIE9BdXRoIDEuMC4gVGhlIHR3byB2ZXJzaW9u
cyBtYXkgY28tZXhpc3Qgb24gdGhlIG5ldHdvcmsgYW5kIGltcGxlbWVudGF0aW9ucwogICAgICAg
IG1heSBjaG9vc2UgdG8gc3VwcG9ydCBib3RoLiBIb3dldmVyLCBpdCBpcyB0aGUgaW50ZW50aW9u
IG9mIHRoaXMgc3BlY2lmaWNhdGlvbiB0aGF0IG5ldwogICAgICAgIGltcGxlbWVudGF0aW9uIHN1
cHBvcnQgT0F1dGggMi4wIGFzIHNwZWNpZmllZCBpbiB0aGlzIGRvY3VtZW50LCBhbmQgdGhhdCBP
QXV0aCAxLjAgaXMgdXNlZAogICAgICAgIG9ubHkgdG8gc3VwcG9ydCBleGlzdGluZyBkZXBsb3lt
ZW50cy4gVGhlIE9BdXRoIDIuMCBwcm90b2NvbCBzaGFyZXMgdmVyeSBmZXcgaW1wbGVtZW50YXRp
b24KICAgICAgICBkZXRhaWxzIHdpdGggdGhlIE9BdXRoIDEuMCBwcm90b2NvbC4gSW1wbGVtZW50
ZXJzIGZhbWlsaWFyIHdpdGggT0F1dGggMS4wIHNob3VsZCBhcHByb2FjaAogICAgICAgIHRoaXMg
ZG9jdW1lbnQgd2l0aG91dCBhbnkgYXNzdW1wdGlvbnMgYXMgdG8gaXRzIHN0cnVjdHVyZSBhbmQg
ZGV0YWlscy4KICAgICAgPC90PgoKICAgICAgPHNlY3Rpb24gdGl0bGU9J1JvbGVzJz4KICAgICAg
ICA8dD4KICAgICAgICAgIE9BdXRoIGRlZmluZXMgZm91ciByb2xlczoKICAgICAgICA8L3Q+CiAg
ICAgICAgPHQ+CiAgICAgICAgICA8bGlzdCBzdHlsZT0naGFuZ2luZyc+CiAgICAgICAgICAgIDx0
IGhhbmdUZXh0PSdyZXNvdXJjZSBvd25lcic+CiAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAg
ICAgICAgICAgIEFuIGVudGl0eSBjYXBhYmxlIG9mIGdyYW50aW5nIGFjY2VzcyB0byBhIHByb3Rl
Y3RlZCByZXNvdXJjZS4gV2hlbiB0aGUgcmVzb3VyY2Ugb3duZXIKICAgICAgICAgICAgICBpcyBh
IHBlcnNvbiwgaXQgaXMgcmVmZXJyZWQgdG8gYXMgYW4gZW5kLXVzZXIuCiAgICAgICAgICAgIDwv
dD4KICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J3Jlc291cmNlIHNlcnZlcic+CiAgICAgICAgICAg
ICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgIFRoZSBzZXJ2ZXIgaG9zdGluZyB0aGUgcHJvdGVj
dGVkIHJlc291cmNlcywgY2FwYWJsZSBvZiBhY2NlcHRpbmcgYW5kIHJlc3BvbmRpbmcgdG8KICAg
ICAgICAgICAgICBwcm90ZWN0ZWQgcmVzb3VyY2UgcmVxdWVzdHMgdXNpbmcgYWNjZXNzIHRva2Vu
cy4KICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8dCBoYW5nVGV4dD0nY2xpZW50Jz4KICAg
ICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgQW4gYXBwbGljYXRpb24gbWFraW5n
IHByb3RlY3RlZCByZXNvdXJjZSByZXF1ZXN0cyBvbiBiZWhhbGYgb2YgdGhlIHJlc291cmNlIG93
bmVyIGFuZAogICAgICAgICAgICAgIHdpdGggaXRzIGF1dGhvcml6YXRpb24uIFRoZSB0ZXJtIGNs
aWVudCBkb2VzIG5vdCBpbXBseSBhbnkgcGFydGljdWxhciBpbXBsZW1lbnRhdGlvbgogICAgICAg
ICAgICAgIGNoYXJhY3RlcmlzdGljcyAoZS5nLiB3aGV0aGVyIHRoZSBhcHBsaWNhdGlvbiBleGVj
dXRlcyBvbiBhIHNlcnZlciwgYSBkZXNrdG9wLCBvcgogICAgICAgICAgICAgIG90aGVyIGRldmlj
ZXMpLgogICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdhdXRob3JpemF0
aW9uIHNlcnZlcic+CiAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgIFRoZSBz
ZXJ2ZXIgaXNzdWluZyBhY2Nlc3MgdG9rZW5zIHRvIHRoZSBjbGllbnQgYWZ0ZXIgc3VjY2Vzc2Z1
bGx5IGF1dGhlbnRpY2F0aW5nIHRoZQogICAgICAgICAgICAgIHJlc291cmNlIG93bmVyIGFuZCBv
YnRhaW5pbmcgYXV0aG9yaXphdGlvbi4KICAgICAgICAgICAgPC90PgogICAgICAgICAgPC9saXN0
PgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIFRoZSBpbnRlcmFjdGlvbiBiZXR3
ZWVuIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhbmQgcmVzb3VyY2Ugc2VydmVyIGlzIGJleW9u
ZCB0aGUgc2NvcGUKICAgICAgICAgIG9mIHRoaXMgc3BlY2lmaWNhdGlvbi4gVGhlIGF1dGhvcml6
YXRpb24gc2VydmVyIG1heSBiZSB0aGUgc2FtZSBzZXJ2ZXIgYXMgdGhlIHJlc291cmNlCiAgICAg
ICAgICBzZXJ2ZXIgb3IgYSBzZXBhcmF0ZSBlbnRpdHkuIEEgc2luZ2xlIGF1dGhvcml6YXRpb24g
c2VydmVyIG1heSBpc3N1ZSBhY2Nlc3MgdG9rZW5zCiAgICAgICAgICBhY2NlcHRlZCBieSBtdWx0
aXBsZSByZXNvdXJjZSBzZXJ2ZXJzLgogICAgICAgIDwvdD4KICAgICAgPC9zZWN0aW9uPgoKICAg
ICAgPHNlY3Rpb24gdGl0bGU9J1Byb3RvY29sIEZsb3cnPgogICAgICAgIDxmaWd1cmUgdGl0bGU9
J0Fic3RyYWN0IFByb3RvY29sIEZsb3cnIGFuY2hvcj0nRmlndXJlLTEnPgogICAgICAgICAgPGFy
dHdvcms+CiAgICAgICAgICAgIDwhW0NEQVRBWwogICstLS0tLS0tLSsgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgKy0tLS0tLS0tLS0tLS0tLSsKICB8ICAgICAgICB8LS0oQSktIEF1dGhv
cml6YXRpb24gUmVxdWVzdCAtPnwgICBSZXNvdXJjZSAgICB8CiAgfCAgICAgICAgfCAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICB8ICAgICBPd25lciAgICAgfAogIHwgICAgICAgIHw8LShC
KS0tIEF1dGhvcml6YXRpb24gR3JhbnQgLS0tfCAgICAgICAgICAgICAgIHwKICB8ICAgICAgICB8
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICstLS0tLS0tLS0tLS0tLS0rCiAgfCAgICAg
ICAgfAogIHwgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKy0tLS0tLS0t
LS0tLS0tLSsKICB8ICAgICAgICB8LS0oQyktLSBBdXRob3JpemF0aW9uIEdyYW50IC0tPnwgQXV0
aG9yaXphdGlvbiB8CiAgfCBDbGllbnQgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8
ICAgICBTZXJ2ZXIgICAgfAogIHwgICAgICAgIHw8LShEKS0tLS0tIEFjY2VzcyBUb2tlbiAtLS0t
LS0tfCAgICAgICAgICAgICAgIHwKICB8ICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICstLS0tLS0tLS0tLS0tLS0rCiAgfCAgICAgICAgfAogIHwgICAgICAgIHwgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgKy0tLS0tLS0tLS0tLS0tLSsKICB8ICAgICAgICB8LS0o
RSktLS0tLSBBY2Nlc3MgVG9rZW4gLS0tLS0tPnwgICAgUmVzb3VyY2UgICB8CiAgfCAgICAgICAg
fCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8ICAgICBTZXJ2ZXIgICAgfAogIHwgICAg
ICAgIHw8LShGKS0tLSBQcm90ZWN0ZWQgUmVzb3VyY2UgLS0tfCAgICAgICAgICAgICAgIHwKICAr
LS0tLS0tLS0rICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICstLS0tLS0tLS0tLS0tLS0r
Cl1dPgogICAgICAgICAgPC9hcnR3b3JrPgogICAgICAgIDwvZmlndXJlPgogICAgICAgIDx0Pgog
ICAgICAgICAgVGhlIGFic3RyYWN0IGZsb3cgaWxsdXN0cmF0ZWQgaW4gPHhyZWYgdGFyZ2V0PSdG
aWd1cmUtMScgLz4gZGVzY3JpYmVzIHRoZSBpbnRlcmFjdGlvbgogICAgICAgICAgYmV0d2VlbiB0
aGUgZm91ciByb2xlcyBhbmQgaW5jbHVkZXMgdGhlIGZvbGxvd2luZyBzdGVwczoKICAgICAgICA8
L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICA8bGlzdCBzdHlsZT0nZm9ybWF0ICglQyknPgogICAg
ICAgICAgICA8dD4KICAgICAgICAgICAgICBUaGUgY2xpZW50IHJlcXVlc3RzIGF1dGhvcml6YXRp
b24gZnJvbSB0aGUgcmVzb3VyY2Ugb3duZXIuIFRoZSBhdXRob3JpemF0aW9uIHJlcXVlc3QKICAg
ICAgICAgICAgICBjYW4gYmUgbWFkZSBkaXJlY3RseSB0byB0aGUgcmVzb3VyY2Ugb3duZXIgKGFz
IHNob3duKSwgb3IgcHJlZmVyYWJseSBpbmRpcmVjdGx5IHZpYQogICAgICAgICAgICAgIHRoZSBh
dXRob3JpemF0aW9uIHNlcnZlciBhcyBhbiBpbnRlcm1lZGlhcnkuCiAgICAgICAgICAgIDwvdD4K
ICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgVGhlIGNsaWVudCByZWNlaXZlcyBhbiBhdXRo
b3JpemF0aW9uIGdyYW50IHdoaWNoIGlzIGEgY3JlZGVudGlhbCByZXByZXNlbnRpbmcKICAgICAg
ICAgICAgICB0aGUgcmVzb3VyY2Ugb3duZXIncyBhdXRob3JpemF0aW9uLCBleHByZXNzZWQgdXNp
bmcgb25lIG9mIGZvdXIgZ3JhbnQgdHlwZXMgZGVmaW5lZAogICAgICAgICAgICAgIGluIHRoaXMg
c3BlY2lmaWNhdGlvbiBvciB1c2luZyBhbiBleHRlbnNpb24gZ3JhbnQgdHlwZS4gVGhlIGF1dGhv
cml6YXRpb24gZ3JhbnQgdHlwZQogICAgICAgICAgICAgIGRlcGVuZHMgb24gdGhlIG1ldGhvZCB1
c2VkIGJ5IHRoZSBjbGllbnQgdG8gcmVxdWVzdCBhdXRob3JpemF0aW9uIGFuZCB0aGUgdHlwZXMK
ICAgICAgICAgICAgICBzdXBwb3J0ZWQgYnkgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLgogICAg
ICAgICAgICA8L3Q+CiAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgIFRoZSBjbGllbnQgcmVx
dWVzdHMgYW4gYWNjZXNzIHRva2VuIGJ5IGF1dGhlbnRpY2F0aW5nIHdpdGggdGhlIGF1dGhvcml6
YXRpb24gc2VydmVyCiAgICAgICAgICAgICAgYW5kIHByZXNlbnRpbmcgdGhlIGF1dGhvcml6YXRp
b24gZ3JhbnQuCiAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAg
VGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGF1dGhlbnRpY2F0ZXMgdGhlIGNsaWVudCBhbmQgdmFs
aWRhdGVzIHRoZSBhdXRob3JpemF0aW9uCiAgICAgICAgICAgICAgZ3JhbnQsIGFuZCBpZiB2YWxp
ZCBpc3N1ZXMgYW4gYWNjZXNzIHRva2VuLgogICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDx0
PgogICAgICAgICAgICAgIFRoZSBjbGllbnQgcmVxdWVzdHMgdGhlIHByb3RlY3RlZCByZXNvdXJj
ZSBmcm9tIHRoZSByZXNvdXJjZSBzZXJ2ZXIgYW5kIGF1dGhlbnRpY2F0ZXMKICAgICAgICAgICAg
ICBieSBwcmVzZW50aW5nIHRoZSBhY2Nlc3MgdG9rZW4uCiAgICAgICAgICAgIDwvdD4KICAgICAg
ICAgICAgPHQ+CiAgICAgICAgICAgICAgVGhlIHJlc291cmNlIHNlcnZlciB2YWxpZGF0ZXMgdGhl
IGFjY2VzcyB0b2tlbiwgYW5kIGlmIHZhbGlkLCBzZXJ2ZXMgdGhlIHJlcXVlc3QuCiAgICAgICAg
ICAgIDwvdD4KICAgICAgICAgIDwvbGlzdD4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAg
ICAgICBUaGUgcHJlZmVycmVkIG1ldGhvZCBmb3IgdGhlIGNsaWVudCB0byBvYnRhaW4gYW4gYXV0
aG9yaXphdGlvbiBncmFudCBmcm9tIHRoZSByZXNvdXJjZQogICAgICAgICAgb3duZXIgKGRlcGlj
dGVkIGluIHN0ZXBzIChBKSBhbmQgKEIpKSBpcyB0byB1c2UgdGhlIGF1dGhvcml6YXRpb24gc2Vy
dmVyIGFzIGFuIGludGVybWVkaWFyeQogICAgICAgICAgd2hpY2ggaXMgaWxsdXN0cmF0ZWQgaW4g
PHhyZWYgdGFyZ2V0PSdGaWd1cmUtMycgLz4uCiAgICAgICAgPC90PgogICAgICA8L3NlY3Rpb24+
CgogICAgICA8c2VjdGlvbiB0aXRsZT0nQXV0aG9yaXphdGlvbiBHcmFudCc+CiAgICAgICAgPHQ+
CiAgICAgICAgICBBbiBhdXRob3JpemF0aW9uIGdyYW50IGlzIGEgY3JlZGVudGlhbCByZXByZXNl
bnRpbmcgdGhlIHJlc291cmNlIG93bmVyJ3MgYXV0aG9yaXphdGlvbgogICAgICAgICAgKHRvIGFj
Y2VzcyBpdHMgcHJvdGVjdGVkIHJlc291cmNlcykgdXNlZCBieSB0aGUgY2xpZW50IHRvIG9idGFp
biBhbiBhY2Nlc3MgdG9rZW4uIFRoaXMKICAgICAgICAgIHNwZWNpZmljYXRpb24gZGVmaW5lcyBm
b3VyIGdyYW50IHR5cGVzOiBhdXRob3JpemF0aW9uIGNvZGUsIGltcGxpY2l0LCByZXNvdXJjZSBv
d25lcgogICAgICAgICAgcGFzc3dvcmQgY3JlZGVudGlhbHMsIGFuZCBjbGllbnQgY3JlZGVudGlh
bHMsIGFzIHdlbGwgYXMgYW4gZXh0ZW5zaWJpbGl0eSBtZWNoYW5pc20gZm9yCiAgICAgICAgICBk
ZWZpbmluZyBhZGRpdGlvbmFsIHR5cGVzLgogICAgICAgIDwvdD4KCiAgICAgICAgPHNlY3Rpb24g
dGl0bGU9J0F1dGhvcml6YXRpb24gQ29kZSc+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgVGhl
IGF1dGhvcml6YXRpb24gY29kZSBpcyBvYnRhaW5lZCBieSB1c2luZyBhbiBhdXRob3JpemF0aW9u
IHNlcnZlciBhcyBhbiBpbnRlcm1lZGlhcnkKICAgICAgICAgICAgYmV0d2VlbiB0aGUgY2xpZW50
IGFuZCByZXNvdXJjZSBvd25lci4gSW5zdGVhZCBvZiByZXF1ZXN0aW5nIGF1dGhvcml6YXRpb24g
ZGlyZWN0bHkKICAgICAgICAgICAgZnJvbSB0aGUgcmVzb3VyY2Ugb3duZXIsIHRoZSBjbGllbnQg
ZGlyZWN0cyB0aGUgcmVzb3VyY2Ugb3duZXIgdG8gYW4gYXV0aG9yaXphdGlvbgogICAgICAgICAg
ICBzZXJ2ZXIgKHZpYSBpdHMgdXNlci1hZ2VudCBhcyBkZWZpbmVkIGluIDx4cmVmIHRhcmdldD0n
UkZDMjYxNicgLz4pLCB3aGljaCBpbiB0dXJuCiAgICAgICAgICAgIGRpcmVjdHMgdGhlIHJlc291
cmNlIG93bmVyIGJhY2sgdG8gdGhlIGNsaWVudCB3aXRoIHRoZSBhdXRob3JpemF0aW9uIGNvZGUu
CiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgQmVmb3JlIGRpcmVjdGlu
ZyB0aGUgcmVzb3VyY2Ugb3duZXIgYmFjayB0byB0aGUgY2xpZW50IHdpdGggdGhlIGF1dGhvcml6
YXRpb24gY29kZSwgdGhlCiAgICAgICAgICAgIGF1dGhvcml6YXRpb24gc2VydmVyIGF1dGhlbnRp
Y2F0ZXMgdGhlIHJlc291cmNlIG93bmVyIGFuZCBvYnRhaW5zIGF1dGhvcml6YXRpb24uCiAgICAg
ICAgICAgIEJlY2F1c2UgdGhlIHJlc291cmNlIG93bmVyIG9ubHkgYXV0aGVudGljYXRlcyB3aXRo
IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciwgdGhlCiAgICAgICAgICAgIHJlc291cmNlIG93bmVy
J3MgY3JlZGVudGlhbHMgYXJlIG5ldmVyIHNoYXJlZCB3aXRoIHRoZSBjbGllbnQuCiAgICAgICAg
ICA8L3Q+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gY29kZSBw
cm92aWRlcyBhIGZldyBpbXBvcnRhbnQgc2VjdXJpdHkgYmVuZWZpdHMgc3VjaCBhcyB0aGUgYWJp
bGl0eQogICAgICAgICAgICB0byBhdXRoZW50aWNhdGUgdGhlIGNsaWVudCwgYW5kIHRoZSB0cmFu
c21pc3Npb24gb2YgdGhlIGFjY2VzcyB0b2tlbiBkaXJlY3RseSB0bwogICAgICAgICAgICB0aGUg
Y2xpZW50IHdpdGhvdXQgcGFzc2luZyBpdCB0aHJvdWdoIHRoZSByZXNvdXJjZSBvd25lcidzIHVz
ZXItYWdlbnQsIHBvdGVudGlhbGx5CiAgICAgICAgICAgIGV4cG9zaW5nIGl0IHRvIG90aGVycywg
aW5jbHVkaW5nIHRoZSByZXNvdXJjZSBvd25lci4KICAgICAgICAgIDwvdD4KICAgICAgICA8L3Nl
Y3Rpb24+CgogICAgICAgIDxzZWN0aW9uIHRpdGxlPSdJbXBsaWNpdCc+CiAgICAgICAgICA8dD4K
ICAgICAgICAgICAgVGhlIGltcGxpY2l0IGdyYW50IGlzIGEgc2ltcGxpZmllZCBhdXRob3JpemF0
aW9uIGNvZGUgZmxvdyBvcHRpbWl6ZWQgZm9yIGNsaWVudHMKICAgICAgICAgICAgaW1wbGVtZW50
ZWQgaW4gYSBicm93c2VyIHVzaW5nIGEgc2NyaXB0aW5nIGxhbmd1YWdlIHN1Y2ggYXMgSmF2YVNj
cmlwdC4gSW4gdGhlIGltcGxpY2l0CiAgICAgICAgICAgIGZsb3csIGluc3RlYWQgb2YgaXNzdWlu
ZyB0aGUgY2xpZW50IGFuIGF1dGhvcml6YXRpb24gY29kZSwgdGhlIGNsaWVudCBpcyBpc3N1ZWQg
YW4KICAgICAgICAgICAgYWNjZXNzIHRva2VuIGRpcmVjdGx5IChhcyB0aGUgcmVzdWx0IG9mIHRo
ZSByZXNvdXJjZSBvd25lciBhdXRob3JpemF0aW9uKS4gVGhlIGdyYW50CiAgICAgICAgICAgIHR5
cGUgaXMgaW1wbGljaXQgYXMgbm8gaW50ZXJtZWRpYXRlIGNyZWRlbnRpYWxzIChzdWNoIGFzIGFu
IGF1dGhvcml6YXRpb24gY29kZSkgYXJlCiAgICAgICAgICAgIGlzc3VlZCAoYW5kIGxhdGVyIHVz
ZWQgdG8gb2J0YWluIGFuIGFjY2VzcyB0b2tlbikuCiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8
dD4KICAgICAgICAgICAgV2hlbiBpc3N1aW5nIGFuIGFjY2VzcyB0b2tlbiBkdXJpbmcgdGhlIGlt
cGxpY2l0IGdyYW50IGZsb3csIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcgogICAgICAgICAgICBk
b2VzIG5vdCBhdXRoZW50aWNhdGUgdGhlIGNsaWVudC4gSW4gc29tZSBjYXNlcywgdGhlIGNsaWVu
dCBpZGVudGl0eSBjYW4gYmUgdmVyaWZpZWQKICAgICAgICAgICAgdmlhIHRoZSByZWRpcmVjdGlv
biBVUkkgdXNlZCB0byBkZWxpdmVyIHRoZSBhY2Nlc3MgdG9rZW4gdG8gdGhlIGNsaWVudC4gVGhl
IGFjY2VzcwogICAgICAgICAgICB0b2tlbiBtYXkgYmUgZXhwb3NlZCB0byB0aGUgcmVzb3VyY2Ug
b3duZXIgb3Igb3RoZXIgYXBwbGljYXRpb25zIHdpdGggYWNjZXNzIHRvIHRoZQogICAgICAgICAg
ICByZXNvdXJjZSBvd25lcidzIHVzZXItYWdlbnQuCiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8
dD4KICAgICAgICAgICAgSW1wbGljaXQgZ3JhbnRzIGltcHJvdmUgdGhlIHJlc3BvbnNpdmVuZXNz
IGFuZCBlZmZpY2llbmN5IG9mIHNvbWUgY2xpZW50cyAoc3VjaCBhcyBhCiAgICAgICAgICAgIGNs
aWVudCBpbXBsZW1lbnRlZCBhcyBhbiBpbi1icm93c2VyIGFwcGxpY2F0aW9uKSBzaW5jZSBpdCBy
ZWR1Y2VzIHRoZSBudW1iZXIgb2Ygcm91bmQKICAgICAgICAgICAgdHJpcHMgcmVxdWlyZWQgdG8g
b2J0YWluIGFuIGFjY2VzcyB0b2tlbi4gSG93ZXZlciwgdGhpcyBjb252ZW5pZW5jZSBzaG91bGQg
YmUgd2VpZ2hlZAogICAgICAgICAgICBhZ2FpbnN0IHRoZSBzZWN1cml0eSBpbXBsaWNhdGlvbnMg
b2YgdXNpbmcgaW1wbGljaXQgZ3JhbnRzLCBlc3BlY2lhbGx5IHdoZW4gdGhlCiAgICAgICAgICAg
IGF1dGhvcml6YXRpb24gY29kZSBncmFudCB0eXBlIGlzIGF2YWlsYWJsZS4KICAgICAgICAgIDwv
dD4KICAgICAgICA8L3NlY3Rpb24+CgogICAgICAgIDxzZWN0aW9uIHRpdGxlPSJSZXNvdXJjZSBP
d25lciBQYXNzd29yZCBDcmVkZW50aWFscyI+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgVGhl
IHJlc291cmNlIG93bmVyIHBhc3N3b3JkIGNyZWRlbnRpYWxzIChpLmUuIHVzZXJuYW1lIGFuZCBw
YXNzd29yZCkgY2FuIGJlIHVzZWQKICAgICAgICAgICAgZGlyZWN0bHkgYXMgYW4gYXV0aG9yaXph
dGlvbiBncmFudCB0byBvYnRhaW4gYW4gYWNjZXNzIHRva2VuLiBUaGUgY3JlZGVudGlhbHMgc2hv
dWxkCiAgICAgICAgICAgIG9ubHkgYmUgdXNlZCB3aGVuIHRoZXJlIGlzIGEgaGlnaCBkZWdyZWUg
b2YgdHJ1c3QgYmV0d2VlbiB0aGUgcmVzb3VyY2Ugb3duZXIgYW5kIHRoZQogICAgICAgICAgICBj
bGllbnQgKGUuZy4gdGhlIGNsaWVudCBpcyBwYXJ0IG9mIHRoZSBkZXZpY2Ugb3BlcmF0aW5nIHN5
c3RlbSBvciBhIGhpZ2hseSBwcml2aWxlZ2VkCiAgICAgICAgICAgIGFwcGxpY2F0aW9uKSwgYW5k
IHdoZW4gb3RoZXIgYXV0aG9yaXphdGlvbiBncmFudCB0eXBlcyBhcmUgbm90IGF2YWlsYWJsZSAo
c3VjaCBhcyBhbgogICAgICAgICAgICBhdXRob3JpemF0aW9uIGNvZGUpLgogICAgICAgICAgPC90
PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIEV2ZW4gdGhvdWdoIHRoaXMgZ3JhbnQgdHlwZSBy
ZXF1aXJlcyBkaXJlY3QgY2xpZW50IGFjY2VzcyB0byB0aGUgcmVzb3VyY2Ugb3duZXIKICAgICAg
ICAgICAgY3JlZGVudGlhbHMsIHRoZSByZXNvdXJjZSBvd25lciBjcmVkZW50aWFscyBhcmUgdXNl
ZCBmb3IgYSBzaW5nbGUgcmVxdWVzdCBhbmQgYXJlCiAgICAgICAgICAgIGV4Y2hhbmdlZCBmb3Ig
YW4gYWNjZXNzIHRva2VuLiBUaGlzIGdyYW50IHR5cGUgY2FuIGVsaW1pbmF0ZSB0aGUgbmVlZCBm
b3IgdGhlIGNsaWVudAogICAgICAgICAgICB0byBzdG9yZSB0aGUgcmVzb3VyY2Ugb3duZXIgY3Jl
ZGVudGlhbHMgZm9yIGZ1dHVyZSB1c2UsIGJ5IGV4Y2hhbmdpbmcgdGhlIGNyZWRlbnRpYWxzCiAg
ICAgICAgICAgIHdpdGggYSBsb25nLWxpdmVkIGFjY2VzcyB0b2tlbiBvciByZWZyZXNoIHRva2Vu
LgogICAgICAgICAgPC90PgogICAgICAgIDwvc2VjdGlvbj4KCiAgICAgICAgPHNlY3Rpb24gdGl0
bGU9J0NsaWVudCBDcmVkZW50aWFscyc+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgVGhlIGNs
aWVudCBjcmVkZW50aWFscyAob3Igb3RoZXIgZm9ybXMgb2YgY2xpZW50IGF1dGhlbnRpY2F0aW9u
KSBjYW4gYmUgdXNlZCBhcyBhbgogICAgICAgICAgICBhdXRob3JpemF0aW9uIGdyYW50IHdoZW4g
dGhlIGF1dGhvcml6YXRpb24gc2NvcGUgaXMgbGltaXRlZCB0byB0aGUgcHJvdGVjdGVkIHJlc291
cmNlcwogICAgICAgICAgICB1bmRlciB0aGUgY29udHJvbCBvZiB0aGUgY2xpZW50LCBvciB0byBw
cm90ZWN0ZWQgcmVzb3VyY2VzIHByZXZpb3VzbHkgYXJyYW5nZWQgd2l0aCB0aGUKICAgICAgICAg
ICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuIENsaWVudCBjcmVkZW50aWFscyBhcmUgdXNlZCBhcyBh
biBhdXRob3JpemF0aW9uIGdyYW50IHR5cGljYWxseQogICAgICAgICAgICB3aGVuIHRoZSBjbGll
bnQgaXMgYWN0aW5nIG9uIGl0cyBvd24gYmVoYWxmICh0aGUgY2xpZW50IGlzIGFsc28gdGhlIHJl
c291cmNlIG93bmVyKSwgb3IKICAgICAgICAgICAgaXMgcmVxdWVzdGluZyBhY2Nlc3MgdG8gcHJv
dGVjdGVkIHJlc291cmNlcyBiYXNlZCBvbiBhbiBhdXRob3JpemF0aW9uIHByZXZpb3VzbHkKICAg
ICAgICAgICAgYXJyYW5nZWQgd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuCiAgICAgICAg
ICA8L3Q+CiAgICAgICAgPC9zZWN0aW9uPgoKICAgICAgPC9zZWN0aW9uPgoKICAgICAgPHNlY3Rp
b24gdGl0bGU9J0FjY2VzcyBUb2tlbic+CiAgICAgICAgPHQ+CiAgICAgICAgICBBY2Nlc3MgdG9r
ZW5zIGFyZSBjcmVkZW50aWFscyB1c2VkIHRvIGFjY2VzcyBwcm90ZWN0ZWQgcmVzb3VyY2VzLiBB
biBhY2Nlc3MgdG9rZW4gaXMgYQogICAgICAgICAgc3RyaW5nIHJlcHJlc2VudGluZyBhbiBhdXRo
b3JpemF0aW9uIGlzc3VlZCB0byB0aGUgY2xpZW50LiBUaGUgc3RyaW5nIGlzIHVzdWFsbHkgb3Bh
cXVlCiAgICAgICAgICB0byB0aGUgY2xpZW50LiBUb2tlbnMgcmVwcmVzZW50IHNwZWNpZmljIHNj
b3BlcyBhbmQgZHVyYXRpb25zIG9mIGFjY2VzcywgZ3JhbnRlZCBieSB0aGUKICAgICAgICAgIHJl
c291cmNlIG93bmVyLCBhbmQgZW5mb3JjZWQgYnkgdGhlIHJlc291cmNlIHNlcnZlciBhbmQgYXV0
aG9yaXphdGlvbiBzZXJ2ZXIuCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgVGhl
IHRva2VuIG1heSBkZW5vdGUgYW4gaWRlbnRpZmllciB1c2VkIHRvIHJldHJpZXZlIHRoZSBhdXRo
b3JpemF0aW9uIGluZm9ybWF0aW9uLCBvcgogICAgICAgICAgc2VsZi1jb250YWluIHRoZSBhdXRo
b3JpemF0aW9uIGluZm9ybWF0aW9uIGluIGEgdmVyaWZpYWJsZSBtYW5uZXIgKGkuZS4gYSB0b2tl
biBzdHJpbmcKICAgICAgICAgIGNvbnNpc3Rpbmcgb2Ygc29tZSBkYXRhIGFuZCBhIHNpZ25hdHVy
ZSkuIEFkZGl0aW9uYWwgYXV0aGVudGljYXRpb24gY3JlZGVudGlhbHMsIHdoaWNoCiAgICAgICAg
ICBhcmUgYmV5b25kIHRoZSBzY29wZSBvZiB0aGlzIHNwZWNpZmljYXRpb24sIG1heSBiZSByZXF1
aXJlZCBpbiBvcmRlciBmb3IgdGhlIGNsaWVudCB0bwogICAgICAgICAgdXNlIGEgdG9rZW4uCiAg
ICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgVGhlIGFjY2VzcyB0b2tlbiBwcm92aWRl
cyBhbiBhYnN0cmFjdGlvbiBsYXllciwgcmVwbGFjaW5nIGRpZmZlcmVudCBhdXRob3JpemF0aW9u
CiAgICAgICAgICBjb25zdHJ1Y3RzIChlLmcuIHVzZXJuYW1lIGFuZCBwYXNzd29yZCkgd2l0aCBh
IHNpbmdsZSB0b2tlbiB1bmRlcnN0b29kIGJ5IHRoZSByZXNvdXJjZQogICAgICAgICAgc2VydmVy
LiBUaGlzIGFic3RyYWN0aW9uIGVuYWJsZXMgaXNzdWluZyBhY2Nlc3MgdG9rZW5zIG1vcmUgcmVz
dHJpY3RpdmUgdGhhbiB0aGUKICAgICAgICAgIGF1dGhvcml6YXRpb24gZ3JhbnQgdXNlZCB0byBv
YnRhaW4gdGhlbSwgYXMgd2VsbCBhcyByZW1vdmluZyB0aGUgcmVzb3VyY2Ugc2VydmVyJ3MgbmVl
ZCB0bwogICAgICAgICAgdW5kZXJzdGFuZCBhIHdpZGUgcmFuZ2Ugb2YgYXV0aGVudGljYXRpb24g
bWV0aG9kcy4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBBY2Nlc3MgdG9rZW5z
IGNhbiBoYXZlIGRpZmZlcmVudCBmb3JtYXRzLCBzdHJ1Y3R1cmVzLCBhbmQgbWV0aG9kcyBvZiB1
dGlsaXphdGlvbiAoZS5nLgogICAgICAgICAgY3J5cHRvZ3JhcGhpYyBwcm9wZXJ0aWVzKSBiYXNl
ZCBvbiB0aGUgcmVzb3VyY2Ugc2VydmVyIHNlY3VyaXR5IHJlcXVpcmVtZW50cy4gQWNjZXNzIHRv
a2VuCiAgICAgICAgICBhdHRyaWJ1dGVzIGFuZCB0aGUgbWV0aG9kcyB1c2VkIHRvIGFjY2VzcyBw
cm90ZWN0ZWQgcmVzb3VyY2VzIGFyZSBiZXlvbmQgdGhlIHNjb3BlIG9mIHRoaXMKICAgICAgICAg
IHNwZWNpZmljYXRpb24gYW5kIGFyZSBkZWZpbmVkIGJ5IGNvbXBhbmlvbiBzcGVjaWZpY2F0aW9u
cy4KICAgICAgICA8L3Q+CiAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSdS
ZWZyZXNoIFRva2VuJz4KICAgICAgICA8dD4KICAgICAgICAgIFJlZnJlc2ggdG9rZW5zIGFyZSBj
cmVkZW50aWFscyB1c2VkIHRvIG9idGFpbiBhY2Nlc3MgdG9rZW5zLiBSZWZyZXNoIHRva2VucyBh
cmUgaXNzdWVkIHRvCiAgICAgICAgICB0aGUgY2xpZW50IGJ5IHRoZSBhdXRob3JpemF0aW9uIHNl
cnZlciBhbmQgYXJlIHVzZWQgdG8gb2J0YWluIGEgbmV3IGFjY2VzcyB0b2tlbiB3aGVuIHRoZQog
ICAgICAgICAgY3VycmVudCBhY2Nlc3MgdG9rZW4gYmVjb21lcyBpbnZhbGlkIG9yIGV4cGlyZXMs
IG9yIHRvIG9idGFpbiBhZGRpdGlvbmFsIGFjY2VzcyB0b2tlbnMKICAgICAgICAgIHdpdGggaWRl
bnRpY2FsIG9yIG5hcnJvd2VyIHNjb3BlIChhY2Nlc3MgdG9rZW5zIG1heSBoYXZlIGEgc2hvcnRl
ciBsaWZldGltZSBhbmQgZmV3ZXIKICAgICAgICAgIHBlcm1pc3Npb25zIHRoYW4gYXV0aG9yaXpl
ZCBieSB0aGUgcmVzb3VyY2Ugb3duZXIpLiBJc3N1aW5nIGEgcmVmcmVzaCB0b2tlbiBpcyBvcHRp
b25hbAogICAgICAgICAgYXQgdGhlIGRpc2NyZXRpb24gb2YgdGhlIGF1dGhvcml6YXRpb24gc2Vy
dmVyLiBJZiB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgaXNzdWVzIGEKICAgICAgICAgIHJlZnJl
c2ggdG9rZW4sIGl0IGlzIGluY2x1ZGVkIHdoZW4gaXNzdWluZyBhbiBhY2Nlc3MgdG9rZW4gKGku
ZS4gc3RlcCAoRCkgaW4KICAgICAgICAgIDx4cmVmIHRhcmdldD0nRmlndXJlLTEnIC8+KS4KICAg
ICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBBIHJlZnJlc2ggdG9rZW4gaXMgYSBzdHJp
bmcgcmVwcmVzZW50aW5nIHRoZSBhdXRob3JpemF0aW9uIGdyYW50ZWQgdG8gdGhlIGNsaWVudCBi
eSB0aGUKICAgICAgICAgIHJlc291cmNlIG93bmVyLiBUaGUgc3RyaW5nIGlzIHVzdWFsbHkgb3Bh
cXVlIHRvIHRoZSBjbGllbnQuIFRoZSB0b2tlbiBkZW5vdGVzIGFuCiAgICAgICAgICBpZGVudGlm
aWVyIHVzZWQgdG8gcmV0cmlldmUgdGhlIGF1dGhvcml6YXRpb24gaW5mb3JtYXRpb24uIFVubGlr
ZSBhY2Nlc3MgdG9rZW5zLCByZWZyZXNoCiAgICAgICAgICB0b2tlbnMgYXJlIGludGVuZGVkIGZv
ciB1c2Ugb25seSB3aXRoIGF1dGhvcml6YXRpb24gc2VydmVycyBhbmQgYXJlIG5ldmVyIHNlbnQg
dG8KICAgICAgICAgIHJlc291cmNlIHNlcnZlcnMuCiAgICAgICAgPC90PgogICAgICAgIDxmaWd1
cmUgdGl0bGU9J1JlZnJlc2hpbmcgYW4gRXhwaXJlZCBBY2Nlc3MgVG9rZW4nIGFuY2hvcj0nRmln
dXJlLTInPgogICAgICAgICAgPGFydHdvcms+CiAgICAgICAgICAgIDwhW0NEQVRBWwogICstLS0t
LS0tLSsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKy0tLS0tLS0t
LS0tLS0tLSsKICB8ICAgICAgICB8LS0oQSktLS0tLS0tIEF1dGhvcml6YXRpb24gR3JhbnQgLS0t
LS0tLS0tPnwgICAgICAgICAgICAgICB8CiAgfCAgICAgICAgfCAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICB8ICAgICAgICAgICAgICAgfAogIHwgICAgICAgIHw8LShC
KS0tLS0tLS0tLS0tIEFjY2VzcyBUb2tlbiAtLS0tLS0tLS0tLS0tfCAgICAgICAgICAgICAgIHwK
ICB8ICAgICAgICB8ICAgICAgICAgICAgICAgJiBSZWZyZXNoIFRva2VuICAgICAgICAgICAgIHwg
ICAgICAgICAgICAgICB8CiAgfCAgICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICB8ICAgICAgICAgICAgICAgfAogIHwgICAgICAgIHwgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgKy0tLS0tLS0tLS0rICAgfCAgICAgICAgICAgICAgIHwKICB8ICAgICAg
ICB8LS0oQyktLS0tIEFjY2VzcyBUb2tlbiAtLS0tPnwgICAgICAgICAgfCAgIHwgICAgICAgICAg
ICAgICB8CiAgfCAgICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICB8ICAgICAgICAg
IHwgICB8ICAgICAgICAgICAgICAgfAogIHwgICAgICAgIHw8LShEKS0gUHJvdGVjdGVkIFJlc291
cmNlIC0tfCBSZXNvdXJjZSB8ICAgfCBBdXRob3JpemF0aW9uIHwKICB8IENsaWVudCB8ICAgICAg
ICAgICAgICAgICAgICAgICAgICAgIHwgIFNlcnZlciAgfCAgIHwgICAgIFNlcnZlciAgICB8CiAg
fCAgICAgICAgfC0tKEUpLS0tLSBBY2Nlc3MgVG9rZW4gLS0tLT58ICAgICAgICAgIHwgICB8ICAg
ICAgICAgICAgICAgfAogIHwgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAg
ICAgICAgICB8ICAgfCAgICAgICAgICAgICAgIHwKICB8ICAgICAgICB8PC0oRiktIEludmFsaWQg
VG9rZW4gRXJyb3IgLXwgICAgICAgICAgfCAgIHwgICAgICAgICAgICAgICB8CiAgfCAgICAgICAg
fCAgICAgICAgICAgICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLSsgICB8ICAgICAgICAgICAg
ICAgfAogIHwgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgfCAgICAgICAgICAgICAgIHwKICB8ICAgICAgICB8LS0oRyktLS0tLS0tLS0tLSBSZWZyZXNo
IFRva2VuIC0tLS0tLS0tLS0tPnwgICAgICAgICAgICAgICB8CiAgfCAgICAgICAgfCAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8ICAgICAgICAgICAgICAgfAogIHwg
ICAgICAgIHw8LShIKS0tLS0tLS0tLS0tIEFjY2VzcyBUb2tlbiAtLS0tLS0tLS0tLS0tfCAgICAg
ICAgICAgICAgIHwKICArLS0tLS0tLS0rICAgICAgICAgICAmIE9wdGlvbmFsIFJlZnJlc2ggVG9r
ZW4gICAgICAgICstLS0tLS0tLS0tLS0tLS0rCl1dPgogICAgICAgICAgPC9hcnR3b3JrPgogICAg
ICAgIDwvZmlndXJlPgogICAgICAgIDx0PgogICAgICAgICAgVGhlIGZsb3cgaWxsdXN0cmF0ZWQg
aW4gPHhyZWYgdGFyZ2V0PSdGaWd1cmUtMicgLz4gaW5jbHVkZXMgdGhlIGZvbGxvd2luZyBzdGVw
czoKICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICA8bGlzdCBzdHlsZT0nZm9ybWF0
ICglQyknPgogICAgICAgICAgICA8dD4KICAgICAgICAgICAgICBUaGUgY2xpZW50IHJlcXVlc3Rz
IGFuIGFjY2VzcyB0b2tlbiBieSBhdXRoZW50aWNhdGluZyB3aXRoIHRoZSBhdXRob3JpemF0aW9u
IHNlcnZlciwKICAgICAgICAgICAgICBhbmQgcHJlc2VudGluZyBhbiBhdXRob3JpemF0aW9uIGdy
YW50LgogICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgIFRoZSBh
dXRob3JpemF0aW9uIHNlcnZlciBhdXRoZW50aWNhdGVzIHRoZSBjbGllbnQgYW5kIHZhbGlkYXRl
cyB0aGUgYXV0aG9yaXphdGlvbgogICAgICAgICAgICAgIGdyYW50LCBhbmQgaWYgdmFsaWQgaXNz
dWVzIGFuIGFjY2VzcyB0b2tlbiBhbmQgYSByZWZyZXNoIHRva2VuLgogICAgICAgICAgICA8L3Q+
CiAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgIFRoZSBjbGllbnQgbWFrZXMgYSBwcm90ZWN0
ZWQgcmVzb3VyY2UgcmVxdWVzdCB0byB0aGUgcmVzb3VyY2Ugc2VydmVyIGJ5IHByZXNlbnRpbmcK
ICAgICAgICAgICAgICB0aGUgYWNjZXNzIHRva2VuLgogICAgICAgICAgICA8L3Q+CiAgICAgICAg
ICAgIDx0PgogICAgICAgICAgICAgIFRoZSByZXNvdXJjZSBzZXJ2ZXIgdmFsaWRhdGVzIHRoZSBh
Y2Nlc3MgdG9rZW4sIGFuZCBpZiB2YWxpZCwgc2VydmVzIHRoZSByZXF1ZXN0LgogICAgICAgICAg
ICA8L3Q+CiAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgIFN0ZXBzIChDKSBhbmQgKEQpIHJl
cGVhdCB1bnRpbCB0aGUgYWNjZXNzIHRva2VuIGV4cGlyZXMuIElmIHRoZSBjbGllbnQga25vd3Mg
dGhlCiAgICAgICAgICAgICAgYWNjZXNzIHRva2VuIGV4cGlyZWQsIGl0IHNraXBzIHRvIHN0ZXAg
KEcpLCBvdGhlcndpc2UgaXQgbWFrZXMgYW5vdGhlciBwcm90ZWN0ZWQKICAgICAgICAgICAgICBy
ZXNvdXJjZSByZXF1ZXN0LgogICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDx0PgogICAgICAg
ICAgICAgIFNpbmNlIHRoZSBhY2Nlc3MgdG9rZW4gaXMgaW52YWxpZCwgdGhlIHJlc291cmNlIHNl
cnZlciByZXR1cm5zIGFuIGludmFsaWQgdG9rZW4KICAgICAgICAgICAgICBlcnJvci4KICAgICAg
ICAgICAgPC90PgogICAgICAgICAgICA8dD4KICAgICAgICAgICAgICBUaGUgY2xpZW50IHJlcXVl
c3RzIGEgbmV3IGFjY2VzcyB0b2tlbiBieSBhdXRoZW50aWNhdGluZyB3aXRoIHRoZSBhdXRob3Jp
emF0aW9uCiAgICAgICAgICAgICAgc2VydmVyIGFuZCBwcmVzZW50aW5nIHRoZSByZWZyZXNoIHRv
a2VuLiBUaGUgY2xpZW50IGF1dGhlbnRpY2F0aW9uIHJlcXVpcmVtZW50cyBhcmUKICAgICAgICAg
ICAgICBiYXNlZCBvbiB0aGUgY2xpZW50IHR5cGUgYW5kIG9uIHRoZSBhdXRob3JpemF0aW9uIHNl
cnZlciBwb2xpY2llcy4KICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8dD4KICAgICAgICAg
ICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXV0aGVudGljYXRlcyB0aGUgY2xpZW50IGFu
ZCB2YWxpZGF0ZXMgdGhlIHJlZnJlc2ggdG9rZW4sCiAgICAgICAgICAgICAgYW5kIGlmIHZhbGlk
IGlzc3VlcyBhIG5ldyBhY2Nlc3MgdG9rZW4gKGFuZCBvcHRpb25hbGx5LCBhIG5ldyByZWZyZXNo
IHRva2VuKS4KICAgICAgICAgICAgPC90PgogICAgICAgICAgPC9saXN0PgogICAgICAgIDwvdD4K
ICAgICAgICA8dD4KICAgICAgICAgIFN0ZXBzIEMsIEQsIEUsIGFuZCBGIGFyZSBvdXRzaWRlIHRo
ZSBzY29wZSBvZiB0aGlzIHNwZWNpZmljYXRpb24gYXMgZGVzY3JpYmVkIGluCiAgICAgICAgICA8
eHJlZiB0YXJnZXQ9J2FjY2Vzcy1yZXNvdXJjZScgLz4uCiAgICAgICAgPC90PgogICAgICA8L3Nl
Y3Rpb24+CgogICAgICA8c2VjdGlvbiB0aXRsZT0nVExTIFZlcnNpb24nIGFuY2hvcj0ndGxzJz4K
ICAgICAgICA8dD4KICAgICAgICAgIFdoZW5ldmVyIFRMUyBpcyB1c2VkIGJ5IHRoaXMgc3BlY2lm
aWNhdGlvbiwgdGhlIGFwcHJvcHJpYXRlIHZlcnNpb24gKG9yIHZlcnNpb25zKSBvZgogICAgICAg
ICAgVExTIHdpbGwgdmFyeSBvdmVyIHRpbWUsIGJhc2VkIG9uIHRoZSB3aWRlc3ByZWFkIGRlcGxv
eW1lbnQgYW5kIGtub3duIHNlY3VyaXR5CiAgICAgICAgICB2dWxuZXJhYmlsaXRpZXMuIEF0IHRo
ZSB0aW1lIG9mIHRoaXMgd3JpdGluZywgVExTIHZlcnNpb24gMS4yIDx4cmVmIHRhcmdldD0nUkZD
NTI0NicgLz4KICAgICAgICAgIGlzIHRoZSBtb3N0IHJlY2VudCB2ZXJzaW9uLCBidXQgaGFzIGEg
dmVyeSBsaW1pdGVkIGRlcGxveW1lbnQgYmFzZSBhbmQgbWlnaHQgbm90IGJlCiAgICAgICAgICBy
ZWFkaWx5IGF2YWlsYWJsZSBmb3IgaW1wbGVtZW50YXRpb24uIFRMUyB2ZXJzaW9uIDEuMCA8eHJl
ZiB0YXJnZXQ9J1JGQzIyNDYnIC8+IGlzIHRoZQogICAgICAgICAgbW9zdCB3aWRlbHkgZGVwbG95
ZWQgdmVyc2lvbiwgYW5kIHdpbGwgcHJvdmlkZSB0aGUgYnJvYWRlc3QgaW50ZXJvcGVyYWJpbGl0
eS4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBJbXBsZW1lbnRhdGlvbnMgTUFZ
IGFsc28gc3VwcG9ydCBhZGRpdGlvbmFsIHRyYW5zcG9ydC1sYXllciBzZWN1cml0eSBtZWNoYW5p
c21zCiAgICAgICAgICB0aGF0IG1lZXQgdGhlaXIgc2VjdXJpdHkgcmVxdWlyZW1lbnRzLgogICAg
ICAgIDwvdD4KICAgICAgPC9zZWN0aW9uPgoKICAgICAgPHNlY3Rpb24gdGl0bGU9J0hUVFAgUmVk
aXJlY3Rpb25zJz4KICAgICAgICA8dD4KICAgICAgICAgIFRoaXMgc3BlY2lmaWNhdGlvbiBtYWtl
cyBleHRlbnNpdmUgdXNlIG9mIEhUVFAgcmVkaXJlY3Rpb25zLCBpbiB3aGljaCB0aGUgY2xpZW50
IG9yIHRoZQogICAgICAgICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgZGlyZWN0IHRoZSByZXNvdXJj
ZSBvd25lcidzIHVzZXItYWdlbnQgdG8gYW5vdGhlciBkZXN0aW5hdGlvbi4gV2hpbGUKICAgICAg
ICAgIHRoZSBleGFtcGxlcyBpbiB0aGlzIHNwZWNpZmljYXRpb24gc2hvdyB0aGUgdXNlIG9mIHRo
ZSBIVFRQIDMwMiBzdGF0dXMgY29kZSwgYW55IG90aGVyCiAgICAgICAgICBtZXRob2QgYXZhaWxh
YmxlIHZpYSB0aGUgdXNlci1hZ2VudCB0byBhY2NvbXBsaXNoIHRoaXMgcmVkaXJlY3Rpb24gaXMg
YWxsb3dlZCBhbmQgaXMKICAgICAgICAgIGNvbnNpZGVyZWQgdG8gYmUgYW4gaW1wbGVtZW50YXRp
b24gZGV0YWlsLgogICAgICAgIDwvdD4KICAgICAgPC9zZWN0aW9uPgoKICAgICAgPHNlY3Rpb24g
dGl0bGU9J0ludGVyb3BlcmFiaWxpdHknPgogICAgICAgIDx0PgogICAgICAgICAgT0F1dGggMi4w
IHByb3ZpZGVzIGEgcmljaCBhdXRob3JpemF0aW9uIGZyYW1ld29yayB3aXRoIHdlbGwtZGVmaW5l
ZCBzZWN1cml0eSBwcm9wZXJ0aWVzLgogICAgICAgICAgSG93ZXZlciwgYXMgYSByaWNoIGFuZCBo
aWdobHkgZXh0ZW5zaWJsZSBmcmFtZXdvcmsgd2l0aCBtYW55IG9wdGlvbmFsIGNvbXBvbmVudHMs
IG9uIGl0cwogICAgICAgICAgb3duLCB0aGlzIHNwZWNpZmljYXRpb24gaXMgbGlrZWx5IHRvIHBy
b2R1Y2UgYSB3aWRlIHJhbmdlIG9mIG5vbi1pbnRlcm9wZXJhYmxlCiAgICAgICAgICBpbXBsZW1l
bnRhdGlvbnMuCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgSW4gYWRkaXRpb24s
IHRoaXMgc3BlY2lmaWNhdGlvbiBsZWF2ZXMgYSBmZXcgcmVxdWlyZWQgY29tcG9uZW50cyBwYXJ0
aWFsbHkgb3IgZnVsbHkKICAgICAgICAgIHVuZGVmaW5lZCAoZS5nLiBjbGllbnQgcmVnaXN0cmF0
aW9uLCBhdXRob3JpemF0aW9uIHNlcnZlciBjYXBhYmlsaXRpZXMsIGVuZHBvaW50CiAgICAgICAg
ICBkaXNjb3ZlcnkpLiBXaXRob3V0IHRoZXNlIGNvbXBvbmVudHMsIGNsaWVudHMgbXVzdCBiZSBt
YW51YWxseSBhbmQgc3BlY2lmaWNhbGx5CiAgICAgICAgICBjb25maWd1cmVkIGFnYWluc3QgYSBz
cGVjaWZpYyBhdXRob3JpemF0aW9uIHNlcnZlciBhbmQgcmVzb3VyY2Ugc2VydmVyIGluIG9yZGVy
IHRvCiAgICAgICAgICBpbnRlcm9wZXJhdGUuCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAg
ICAgICAgVGhpcyBmcmFtZXdvcmsgd2FzIGRlc2lnbmVkIHdpdGggdGhlIGNsZWFyIGV4cGVjdGF0
aW9uIHRoYXQgZnV0dXJlIHdvcmsgd2lsbCBkZWZpbmUKICAgICAgICAgIHByZXNjcmlwdGl2ZSBw
cm9maWxlcyBhbmQgZXh0ZW5zaW9ucyBuZWNlc3NhcnkgdG8gYWNoaWV2ZSBmdWxsIHdlYi1zY2Fs
ZQogICAgICAgICAgaW50ZXJvcGVyYWJpbGl0eS4KICAgICAgICA8L3Q+CiAgICAgIDwvc2VjdGlv
bj4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSdOb3RhdGlvbmFsIENvbnZlbnRpb25zJz4KICAgICAg
ICA8dD4KICAgICAgICAgIFRoZSBrZXkgd29yZHMgIk1VU1QiLCAiTVVTVCBOT1QiLCAiUkVRVUlS
RUQiLCAiU0hBTEwiLCAiU0hBTEwgTk9UIiwgIlNIT1VMRCIsICJTSE9VTEQKICAgICAgICAgIE5P
VCIsICJSRUNPTU1FTkRFRCIsICJNQVkiLCBhbmQgIk9QVElPTkFMIiBpbiB0aGlzIHNwZWNpZmlj
YXRpb24gYXJlIHRvIGJlIGludGVycHJldGVkIGFzCiAgICAgICAgICBkZXNjcmliZWQgaW4gPHhy
ZWYgdGFyZ2V0PSdSRkMyMTE5JyAvPi4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAg
ICBUaGlzIHNwZWNpZmljYXRpb24gdXNlcyB0aGUgQXVnbWVudGVkIEJhY2t1cy1OYXVyIEZvcm0g
KEFCTkYpIG5vdGF0aW9uIG9mCiAgICAgICAgICA8eHJlZiB0YXJnZXQ9J1JGQzUyMzQnIC8+LgoJ
ICBBZGRpdGlvbmFsbHksIHRoZSBydWxlIFVSSS1SZWZlcmVuY2UgaXMgaW5jbHVkZWQgZnJvbQoJ
ICBVbmlmb3JtIFJlc291cmNlIElkZW50aWZpZXIgKFVSSSkgPHhyZWYgdGFyZ2V0PSdSRkMzOTg2
JyAvPi4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBDZXJ0YWluIHNlY3VyaXR5
LXJlbGF0ZWQgdGVybXMgYXJlIHRvIGJlIHVuZGVyc3Rvb2QgaW4gdGhlIHNlbnNlIGRlZmluZWQg
aW4KICAgICAgICAgIDx4cmVmIHRhcmdldD0nUkZDNDk0OScgLz4uIFRoZXNlIHRlcm1zIGluY2x1
ZGUsIGJ1dCBhcmUgbm90IGxpbWl0ZWQgdG8sICJhdHRhY2siLAogICAgICAgICAgImF1dGhlbnRp
Y2F0aW9uIiwgImF1dGhvcml6YXRpb24iLCAiY2VydGlmaWNhdGUiLCAiY29uZmlkZW50aWFsaXR5
IiwgImNyZWRlbnRpYWwiLAogICAgICAgICAgImVuY3J5cHRpb24iLCAiaWRlbnRpdHkiLCAic2ln
biIsICJzaWduYXR1cmUiLCAidHJ1c3QiLCAidmFsaWRhdGUiLCBhbmQgInZlcmlmeSIuCiAgICAg
ICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgVW5sZXNzIG90aGVyd2lzZSBub3RlZCwgYWxs
IHRoZSBwcm90b2NvbCBwYXJhbWV0ZXIgbmFtZXMgYW5kIHZhbHVlcyBhcmUgY2FzZSBzZW5zaXRp
dmUuCiAgICAgICAgPC90PgogICAgICA8L3NlY3Rpb24+CgogICAgPC9zZWN0aW9uPgoKICAgIDxz
ZWN0aW9uIHRpdGxlPSdDbGllbnQgUmVnaXN0cmF0aW9uJz4KICAgICAgPHQ+CiAgICAgICAgQmVm
b3JlIGluaXRpYXRpbmcgdGhlIHByb3RvY29sLCB0aGUgY2xpZW50IHJlZ2lzdGVycyB3aXRoIHRo
ZSBhdXRob3JpemF0aW9uIHNlcnZlci4gVGhlCiAgICAgICAgbWVhbnMgdGhyb3VnaCB3aGljaCB0
aGUgY2xpZW50IHJlZ2lzdGVycyB3aXRoIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhcmUgYmV5
b25kIHRoZQogICAgICAgIHNjb3BlIG9mIHRoaXMgc3BlY2lmaWNhdGlvbiwgYnV0IHR5cGljYWxs
eSBpbnZvbHZlIGVuZC11c2VyIGludGVyYWN0aW9uIHdpdGggYW4gSFRNTAogICAgICAgIHJlZ2lz
dHJhdGlvbiBmb3JtLgogICAgICA8L3Q+CiAgICAgIDx0PgogICAgICAgIENsaWVudCByZWdpc3Ry
YXRpb24gZG9lcyBub3QgcmVxdWlyZSBhIGRpcmVjdCBpbnRlcmFjdGlvbiBiZXR3ZWVuIHRoZSBj
bGllbnQgYW5kIHRoZQogICAgICAgIGF1dGhvcml6YXRpb24gc2VydmVyLiBXaGVuIHN1cHBvcnRl
ZCBieSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIsIHJlZ2lzdHJhdGlvbiBjYW4gcmVseQogICAg
ICAgIG9uIG90aGVyIG1lYW5zIGZvciBlc3RhYmxpc2hpbmcgdHJ1c3QgYW5kIG9idGFpbmluZyB0
aGUgcmVxdWlyZWQgY2xpZW50IHByb3BlcnRpZXMgKGUuZy4KICAgICAgICByZWRpcmVjdGlvbiBV
UkksIGNsaWVudCB0eXBlKS4gRm9yIGV4YW1wbGUsIHJlZ2lzdHJhdGlvbiBjYW4gYmUgYWNjb21w
bGlzaGVkIHVzaW5nIGEKICAgICAgICBzZWxmLWlzc3VlZCBvciB0aGlyZC1wYXJ0eS1pc3N1ZWQg
YXNzZXJ0aW9uLCBvciBieSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgcGVyZm9ybWluZwogICAg
ICAgIGNsaWVudCBkaXNjb3ZlcnkgdXNpbmcgYSB0cnVzdGVkIGNoYW5uZWwuCiAgICAgIDwvdD4K
ICAgICAgPHQ+CiAgICAgICAgV2hlbiByZWdpc3RlcmluZyBhIGNsaWVudCwgdGhlIGNsaWVudCBk
ZXZlbG9wZXIgU0hBTEw6CiAgICAgIDwvdD4KICAgICAgPHQ+CiAgICAgICAgPGxpc3Qgc3R5bGU9
J3N5bWJvbHMnPgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIHNwZWNpZmllcyB0aGUgY2xpZW50
IHR5cGUgYXMgZGVzY3JpYmVkIGluIDx4cmVmIHRhcmdldD0nY2xpZW50LXR5cGVzJyAvPiwKICAg
ICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAgICBwcm92aWRlcyBpdHMgY2xpZW50
IHJlZGlyZWN0aW9uIFVSSXMgYXMgZGVzY3JpYmVkIGluCiAgICAgICAgICAgIDx4cmVmIHRhcmdl
dD0ncmVkaXJlY3QtdXJpJyAvPiwgYW5kCiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAg
ICAgICAgICAgaW5jbHVkZXMgYW55IG90aGVyIGluZm9ybWF0aW9uIHJlcXVpcmVkIGJ5IHRoZSBh
dXRob3JpemF0aW9uIHNlcnZlciAoZS5nLiBhcHBsaWNhdGlvbgogICAgICAgICAgICBuYW1lLCB3
ZWJzaXRlLCBkZXNjcmlwdGlvbiwgbG9nbyBpbWFnZSwgdGhlIGFjY2VwdGFuY2Ugb2YgbGVnYWwg
dGVybXMpLgogICAgICAgICAgPC90PgogICAgICAgIDwvbGlzdD4KICAgICAgPC90PgoKICAgICAg
PHNlY3Rpb24gdGl0bGU9J0NsaWVudCBUeXBlcycgYW5jaG9yPSdjbGllbnQtdHlwZXMnPgogICAg
ICAgIDx0PgogICAgICAgICAgT0F1dGggZGVmaW5lcyB0d28gY2xpZW50IHR5cGVzLCBiYXNlZCBv
biB0aGVpciBhYmlsaXR5IHRvIGF1dGhlbnRpY2F0ZSBzZWN1cmVseSB3aXRoIHRoZQogICAgICAg
ICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgKGkuZS4gYWJpbGl0eSB0byBtYWludGFpbiB0aGUgY29u
ZmlkZW50aWFsaXR5IG9mIHRoZWlyIGNsaWVudAogICAgICAgICAgY3JlZGVudGlhbHMpOgogICAg
ICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIDxsaXN0IHN0eWxlPSdoYW5naW5nJz4KICAg
ICAgICAgICAgPHQgaGFuZ1RleHQ9J2NvbmZpZGVudGlhbCc+CiAgICAgICAgICAgICAgPHZzcGFj
ZSAvPgogICAgICAgICAgICAgIENsaWVudHMgY2FwYWJsZSBvZiBtYWludGFpbmluZyB0aGUgY29u
ZmlkZW50aWFsaXR5IG9mIHRoZWlyIGNyZWRlbnRpYWxzIChlLmcuCiAgICAgICAgICAgICAgY2xp
ZW50IGltcGxlbWVudGVkIG9uIGEgc2VjdXJlIHNlcnZlciB3aXRoIHJlc3RyaWN0ZWQgYWNjZXNz
IHRvIHRoZSBjbGllbnQKICAgICAgICAgICAgICBjcmVkZW50aWFscyksIG9yIGNhcGFibGUgb2Yg
c2VjdXJlIGNsaWVudCBhdXRoZW50aWNhdGlvbiB1c2luZyBvdGhlciBtZWFucy4KICAgICAgICAg
ICAgPC90PgogICAgICAgICAgICA8dCBoYW5nVGV4dD0ncHVibGljJz4KICAgICAgICAgICAgICA8
dnNwYWNlIC8+CiAgICAgICAgICAgICAgQ2xpZW50cyBpbmNhcGFibGUgb2YgbWFpbnRhaW5pbmcg
dGhlIGNvbmZpZGVudGlhbGl0eSBvZiB0aGVpciBjcmVkZW50aWFscyAoZS5nLgogICAgICAgICAg
ICAgIGNsaWVudHMgZXhlY3V0aW5nIG9uIHRoZSBkZXZpY2UgdXNlZCBieSB0aGUgcmVzb3VyY2Ug
b3duZXIgc3VjaCBhcyBhbiBpbnN0YWxsZWQKICAgICAgICAgICAgICBuYXRpdmUgYXBwbGljYXRp
b24gb3IgYSB3ZWIgYnJvd3Nlci1iYXNlZCBhcHBsaWNhdGlvbiksIGFuZCBpbmNhcGFibGUgb2Yg
c2VjdXJlCiAgICAgICAgICAgICAgY2xpZW50IGF1dGhlbnRpY2F0aW9uIHZpYSBhbnkgb3RoZXIg
bWVhbnMuCiAgICAgICAgICAgIDwvdD4KICAgICAgICAgIDwvbGlzdD4KICAgICAgICA8L3Q+CiAg
ICAgICAgPHQ+CiAgICAgICAgICBUaGUgY2xpZW50IHR5cGUgZGVzaWduYXRpb24gaXMgYmFzZWQg
b24gdGhlIGF1dGhvcml6YXRpb24gc2VydmVyJ3MgZGVmaW5pdGlvbiBvZiBzZWN1cmUKICAgICAg
ICAgIGF1dGhlbnRpY2F0aW9uIGFuZCBpdHMgYWNjZXB0YWJsZSBleHBvc3VyZSBsZXZlbHMgb2Yg
Y2xpZW50IGNyZWRlbnRpYWxzLiBUaGUKICAgICAgICAgIGF1dGhvcml6YXRpb24gc2VydmVyIFNI
T1VMRCBOT1QgbWFrZSBhc3N1bXB0aW9ucyBhYm91dCB0aGUgY2xpZW50IHR5cGUuCiAgICAgICAg
PC90PgogICAgICAgIDx0PgogICAgICAgICAgQSBjbGllbnQgbWF5IGJlIGltcGxlbWVudGVkIGFz
IGEgZGlzdHJpYnV0ZWQgc2V0IG9mIGNvbXBvbmVudHMsIGVhY2ggd2l0aCBhIGRpZmZlcmVudAog
ICAgICAgICAgY2xpZW50IHR5cGUgYW5kIHNlY3VyaXR5IGNvbnRleHQgKGUuZy4gYSBkaXN0cmli
dXRlZCBjbGllbnQgd2l0aCBib3RoIGEgY29uZmlkZW50aWFsCiAgICAgICAgICBzZXJ2ZXItYmFz
ZWQgY29tcG9uZW50IGFuZCBhIHB1YmxpYyBicm93c2VyLWJhc2VkIGNvbXBvbmVudCkuIElmIHRo
ZSBhdXRob3JpemF0aW9uIHNlcnZlcgogICAgICAgICAgZG9lcyBub3QgcHJvdmlkZSBzdXBwb3J0
IGZvciBzdWNoIGNsaWVudHMsIG9yIGRvZXMgbm90IHByb3ZpZGUgZ3VpZGFuY2Ugd2l0aCByZWdh
cmQgdG8KICAgICAgICAgIHRoZWlyIHJlZ2lzdHJhdGlvbiwgdGhlIGNsaWVudCBTSE9VTEQgcmVn
aXN0ZXIgZWFjaCBjb21wb25lbnQgYXMgYSBzZXBhcmF0ZSBjbGllbnQuCiAgICAgICAgPC90Pgog
ICAgICAgIDx0PgogICAgICAgICAgVGhpcyBzcGVjaWZpY2F0aW9uIGhhcyBiZWVuIGRlc2lnbmVk
IGFyb3VuZCB0aGUgZm9sbG93aW5nIGNsaWVudCBwcm9maWxlczoKICAgICAgICA8L3Q+CiAgICAg
ICAgPHQ+CiAgICAgICAgICA8bGlzdCBzdHlsZT0naGFuZ2luZyc+CiAgICAgICAgICAgIDx0IGhh
bmdUZXh0PSd3ZWIgYXBwbGljYXRpb24nPgogICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAg
ICAgICAgICBBIHdlYiBhcHBsaWNhdGlvbiBpcyBhIGNvbmZpZGVudGlhbCBjbGllbnQgcnVubmlu
ZyBvbiBhIHdlYiBzZXJ2ZXIuIFJlc291cmNlIG93bmVycwogICAgICAgICAgICAgIGFjY2VzcyB0
aGUgY2xpZW50IHZpYSBhbiBIVE1MIHVzZXIgaW50ZXJmYWNlIHJlbmRlcmVkIGluIGEgdXNlci1h
Z2VudCBvbiB0aGUgZGV2aWNlCiAgICAgICAgICAgICAgdXNlZCBieSB0aGUgcmVzb3VyY2Ugb3du
ZXIuIFRoZSBjbGllbnQgY3JlZGVudGlhbHMgYXMgd2VsbCBhcyBhbnkgYWNjZXNzIHRva2VuIGlz
c3VlZAogICAgICAgICAgICAgIHRvIHRoZSBjbGllbnQgYXJlIHN0b3JlZCBvbiB0aGUgd2ViIHNl
cnZlciBhbmQgYXJlIG5vdCBleHBvc2VkIHRvIG9yIGFjY2Vzc2libGUgYnkKICAgICAgICAgICAg
ICB0aGUgcmVzb3VyY2Ugb3duZXIuCiAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPHQgaGFu
Z1RleHQ9J3VzZXItYWdlbnQtYmFzZWQgYXBwbGljYXRpb24nPgogICAgICAgICAgICAgIDx2c3Bh
Y2UgLz4KICAgICAgICAgICAgICBBIHVzZXItYWdlbnQtYmFzZWQgYXBwbGljYXRpb24gaXMgYSBw
dWJsaWMgY2xpZW50IGluIHdoaWNoIHRoZSBjbGllbnQgY29kZSBpcwogICAgICAgICAgICAgIGRv
d25sb2FkZWQgZnJvbSBhIHdlYiBzZXJ2ZXIgYW5kIGV4ZWN1dGVzIHdpdGhpbiBhIHVzZXItYWdl
bnQgKGUuZy4gd2ViIGJyb3dzZXIpIG9uCiAgICAgICAgICAgICAgdGhlIGRldmljZSB1c2VkIGJ5
IHRoZSByZXNvdXJjZSBvd25lci4gUHJvdG9jb2wgZGF0YSBhbmQgY3JlZGVudGlhbHMgYXJlIGVh
c2lseQogICAgICAgICAgICAgIGFjY2Vzc2libGUgKGFuZCBvZnRlbiB2aXNpYmxlKSB0byB0aGUg
cmVzb3VyY2Ugb3duZXIuIFNpbmNlIHN1Y2ggYXBwbGljYXRpb25zIHJlc2lkZQogICAgICAgICAg
ICAgIHdpdGhpbiB0aGUgdXNlci1hZ2VudCwgdGhleSBjYW4gbWFrZSBzZWFtbGVzcyB1c2Ugb2Yg
dGhlIHVzZXItYWdlbnQgY2FwYWJpbGl0aWVzIHdoZW4KICAgICAgICAgICAgICByZXF1ZXN0aW5n
IGF1dGhvcml6YXRpb24uCiAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPHQgaGFuZ1RleHQ9
J25hdGl2ZSBhcHBsaWNhdGlvbic+CiAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAg
ICAgIEEgbmF0aXZlIGFwcGxpY2F0aW9uIGlzIGEgcHVibGljIGNsaWVudCBpbnN0YWxsZWQgYW5k
IGV4ZWN1dGVkIG9uIHRoZSBkZXZpY2UgdXNlZCBieQogICAgICAgICAgICAgIHRoZSByZXNvdXJj
ZSBvd25lci4gUHJvdG9jb2wgZGF0YSBhbmQgY3JlZGVudGlhbHMgYXJlIGFjY2Vzc2libGUgdG8g
dGhlIHJlc291cmNlCiAgICAgICAgICAgICAgb3duZXIuIEl0IGlzIGFzc3VtZWQgdGhhdCBhbnkg
Y2xpZW50IGF1dGhlbnRpY2F0aW9uIGNyZWRlbnRpYWxzIGluY2x1ZGVkIGluIHRoZQogICAgICAg
ICAgICAgIGFwcGxpY2F0aW9uIGNhbiBiZSBleHRyYWN0ZWQuIE9uIHRoZSBvdGhlciBoYW5kLCBk
eW5hbWljYWxseSBpc3N1ZWQgY3JlZGVudGlhbHMgc3VjaAogICAgICAgICAgICAgIGFzIGFjY2Vz
cyB0b2tlbnMgb3IgcmVmcmVzaCB0b2tlbnMgY2FuIHJlY2VpdmUgYW4gYWNjZXB0YWJsZSBsZXZl
bCBvZiBwcm90ZWN0aW9uLiBBdCBhCiAgICAgICAgICAgICAgbWluaW11bSwgdGhlc2UgY3JlZGVu
dGlhbHMgYXJlIHByb3RlY3RlZCBmcm9tIGhvc3RpbGUgc2VydmVycyB3aXRoIHdoaWNoIHRoZQog
ICAgICAgICAgICAgIGFwcGxpY2F0aW9uIG1heSBpbnRlcmFjdCB3aXRoLiBPbiBzb21lIHBsYXRm
b3JtcyB0aGVzZSBjcmVkZW50aWFscyBtaWdodCBiZSBwcm90ZWN0ZWQKICAgICAgICAgICAgICBm
cm9tIG90aGVyIGFwcGxpY2F0aW9ucyByZXNpZGluZyBvbiB0aGUgc2FtZSBkZXZpY2UuCiAgICAg
ICAgICAgIDwvdD4KICAgICAgICAgIDwvbGlzdD4KICAgICAgICA8L3Q+CiAgICAgIDwvc2VjdGlv
bj4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSdDbGllbnQgSWRlbnRpZmllcicgYW5jaG9yPSdjbGll
bnQtaWRlbnRpZmllcic+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBz
ZXJ2ZXIgaXNzdWVzIHRoZSByZWdpc3RlcmVkIGNsaWVudCBhIGNsaWVudCBpZGVudGlmaWVyIC0g
YSB1bmlxdWUKICAgICAgICAgIHN0cmluZyByZXByZXNlbnRpbmcgdGhlIHJlZ2lzdHJhdGlvbiBp
bmZvcm1hdGlvbiBwcm92aWRlZCBieSB0aGUgY2xpZW50LiBUaGUgY2xpZW50CiAgICAgICAgICBp
ZGVudGlmaWVyIGlzIG5vdCBhIHNlY3JldCwgaXQgaXMgZXhwb3NlZCB0byB0aGUgcmVzb3VyY2Ug
b3duZXIsIGFuZCBNVVNUIE5PVCBiZSB1c2VkCiAgICAgICAgICBhbG9uZSBmb3IgY2xpZW50IGF1
dGhlbnRpY2F0aW9uLiBUaGUgY2xpZW50IGlkZW50aWZpZXIgaXMgdW5pcXVlIHRvIHRoZSBhdXRo
b3JpemF0aW9uCiAgICAgICAgICBzZXJ2ZXIuCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAg
ICAgICAgVGhlIGNsaWVudCBpZGVudGlmaWVyIHN0cmluZyBzaXplIGlzIGxlZnQgdW5kZWZpbmVk
IGJ5IHRoaXMgc3BlY2lmaWNhdGlvbi4gVGhlIGNsaWVudAogICAgICAgICAgc2hvdWxkIGF2b2lk
IG1ha2luZyBhc3N1bXB0aW9ucyBhYm91dCB0aGUgaWRlbnRpZmllciBzaXplLiAgVGhlIGF1dGhv
cml6YXRpb24gc2VydmVyCiAgICAgICAgICBTSE9VTEQgZG9jdW1lbnQgdGhlIHNpemUgb2YgYW55
IGlkZW50aWZpZXIgaXQgaXNzdWVzLgogICAgICAgIDwvdD4KICAgICAgPC9zZWN0aW9uPgoKICAg
ICAgPHNlY3Rpb24gdGl0bGU9J0NsaWVudCBBdXRoZW50aWNhdGlvbicgYW5jaG9yPSdjbGllbnQt
YXV0aGVudGljYXRpb24nPgogICAgICAgIDx0PgogICAgICAgICAgSWYgdGhlIGNsaWVudCB0eXBl
IGlzIGNvbmZpZGVudGlhbCwgdGhlIGNsaWVudCBhbmQgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgZXN0
YWJsaXNoIGEgY2xpZW50CiAgICAgICAgICBhdXRoZW50aWNhdGlvbiBtZXRob2Qgc3VpdGFibGUg
Zm9yIHRoZSBzZWN1cml0eSByZXF1aXJlbWVudHMgb2YgdGhlIGF1dGhvcml6YXRpb24gc2VydmVy
LgogICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1BWSBhY2NlcHQgYW55IGZvcm0g
b2YgY2xpZW50IGF1dGhlbnRpY2F0aW9uIG1lZXRpbmcgaXRzCiAgICAgICAgICBzZWN1cml0eSBy
ZXF1aXJlbWVudHMuCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgQ29uZmlkZW50
aWFsIGNsaWVudHMgYXJlIHR5cGljYWxseSBpc3N1ZWQgKG9yIGVzdGFibGlzaCkgYSBzZXQgb2Yg
Y2xpZW50IGNyZWRlbnRpYWxzIHVzZWQgZm9yCiAgICAgICAgICBhdXRoZW50aWNhdGluZyB3aXRo
IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciAoZS5nLiBwYXNzd29yZCwgcHVibGljL3ByaXZhdGUg
a2V5IHBhaXIpLgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIFRoZSBhdXRob3Jp
emF0aW9uIHNlcnZlciBNQVkgZXN0YWJsaXNoIGEgY2xpZW50IGF1dGhlbnRpY2F0aW9uIG1ldGhv
ZCB3aXRoIHB1YmxpYyBjbGllbnRzLgogICAgICAgICAgSG93ZXZlciwgdGhlIGF1dGhvcml6YXRp
b24gc2VydmVyIE1VU1QgTk9UIHJlbHkgb24gcHVibGljIGNsaWVudCBhdXRoZW50aWNhdGlvbiBm
b3IgdGhlCiAgICAgICAgICBwdXJwb3NlIG9mIGlkZW50aWZ5aW5nIHRoZSBjbGllbnQuCiAgICAg
ICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgVGhlIGNsaWVudCBNVVNUIE5PVCB1c2UgbW9y
ZSB0aGFuIG9uZSBhdXRoZW50aWNhdGlvbiBtZXRob2QgaW4gZWFjaCByZXF1ZXN0LgogICAgICAg
IDwvdD4KCiAgICAgICAgPHNlY3Rpb24gdGl0bGU9J0NsaWVudCBQYXNzd29yZCc+CiAgICAgICAg
ICA8dD4KICAgICAgICAgICAgQ2xpZW50cyBpbiBwb3NzZXNzaW9uIG9mIGEgY2xpZW50IHBhc3N3
b3JkIE1BWSB1c2UgdGhlIEhUVFAgQmFzaWMgYXV0aGVudGljYXRpb24gc2NoZW1lCiAgICAgICAg
ICAgIGFzIGRlZmluZWQgaW4gPHhyZWYgdGFyZ2V0PSdSRkMyNjE3JyAvPiB0byBhdXRoZW50aWNh
dGUgd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuCiAgICAgICAgICAgIFRoZSBjbGllbnQg
aWRlbnRpZmllciBpcyB1c2VkIGFzIHRoZSB1c2VybmFtZSwgYW5kIHRoZSBjbGllbnQgcGFzc3dv
cmQgaXMgdXNlZCBhcyB0aGUKICAgICAgICAgICAgcGFzc3dvcmQuIFRoZSBhdXRob3JpemF0aW9u
IHNlcnZlciBNVVNUIHN1cHBvcnQgdGhlIEhUVFAgQmFzaWMgYXV0aGVudGljYXRpb24gc2NoZW1l
CiAgICAgICAgICAgIGZvciBhdXRoZW50aWNhdGluZyBjbGllbnRzIHdoaWNoIHdlcmUgaXNzdWVk
IGEgY2xpZW50IHBhc3N3b3JkLgogICAgICAgICAgPC90PgogICAgICAgICAgPGZpZ3VyZT4KICAg
ICAgICAgICAgPHByZWFtYmxlPgogICAgICAgICAgICAgIEZvciBleGFtcGxlIChleHRyYSBsaW5l
IGJyZWFrcyBhcmUgZm9yIGRpc3BsYXkgcHVycG9zZXMgb25seSk6CiAgICAgICAgICAgIDwvcHJl
YW1ibGU+CiAgICAgICAgICAgIDxhcnR3b3JrPgogICAgICAgICAgICAgIDwhW0NEQVRBWwogIEF1
dGhvcml6YXRpb246IEJhc2ljIGN6WkNhR1JTYTNGME16bzNSbXBtY0RCYVFuSXhTM1JFVW1KdVps
WmtiVWwzCl1dPgogICAgICAgICAgICA8L2FydHdvcms+CiAgICAgICAgICA8L2ZpZ3VyZT4KICAg
ICAgICAgIDx0PgogICAgICAgICAgICBBbHRlcm5hdGl2ZWx5LCB0aGUgYXV0aG9yaXphdGlvbiBz
ZXJ2ZXIgTUFZIHN1cHBvcnQgaW5jbHVkaW5nIHRoZSBjbGllbnQgY3JlZGVudGlhbHMgaW4KICAg
ICAgICAgICAgdGhlIHJlcXVlc3QgYm9keSB1c2luZyB0aGUgZm9sbG93aW5nIHBhcmFtZXRlcnM6
CiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgPGxpc3Qgc3R5bGU9J2hh
bmdpbmcnIGhhbmdJbmRlbnQ9JzYnPgogICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdjbGllbnRf
aWQnPgogICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAgUkVRVUlSRUQu
IFRoZSBjbGllbnQgaWRlbnRpZmllciBpc3N1ZWQgdG8gdGhlIGNsaWVudCBkdXJpbmcgdGhlIHJl
Z2lzdHJhdGlvbiBwcm9jZXNzCiAgICAgICAgICAgICAgICBkZXNjcmliZWQgYnkgPHhyZWYgdGFy
Z2V0PSdjbGllbnQtaWRlbnRpZmllcicgLz4uCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAg
ICAgIDx0IGhhbmdUZXh0PSdjbGllbnRfc2VjcmV0Jz4KICAgICAgICAgICAgICAgIDx2c3BhY2Ug
Lz4KICAgICAgICAgICAgICAgIFJFUVVJUkVELiBUaGUgY2xpZW50IHNlY3JldC4gVGhlIGNsaWVu
dCBNQVkgb21pdCB0aGUgcGFyYW1ldGVyIGlmIHRoZSBjbGllbnQgc2VjcmV0CiAgICAgICAgICAg
ICAgICBpcyBhbiBlbXB0eSBzdHJpbmcuCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8
L2xpc3Q+CiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgSW5jbHVkaW5n
IHRoZSBjbGllbnQgY3JlZGVudGlhbHMgaW4gdGhlIHJlcXVlc3QgYm9keSB1c2luZyB0aGUgdHdv
IHBhcmFtZXRlcnMgaXMgTk9UCiAgICAgICAgICAgIFJFQ09NTUVOREVELCBhbmQgU0hPVUxEIGJl
IGxpbWl0ZWQgdG8gY2xpZW50cyB1bmFibGUgdG8gZGlyZWN0bHkgdXRpbGl6ZSB0aGUgSFRUUCBC
YXNpYwogICAgICAgICAgICBhdXRoZW50aWNhdGlvbiBzY2hlbWUgKG9yIG90aGVyIHBhc3N3b3Jk
LWJhc2VkIEhUVFAgYXV0aGVudGljYXRpb24gc2NoZW1lcykuIFRoZQogICAgICAgICAgICBwYXJh
bWV0ZXJzIGNhbiBvbmx5IGJlIHRyYW5zbWl0dGVkIGluIHRoZSByZXF1ZXN0IGJvZHkgYW5kIE1V
U1QgTk9UIGJlIGluY2x1ZGVkIGluIHRoZQogICAgICAgICAgICByZXF1ZXN0IFVSSS4KICAgICAg
ICAgIDwvdD4KICAgICAgICAgIDxmaWd1cmU+CiAgICAgICAgICAgIDxwcmVhbWJsZT4KICAgICAg
ICAgICAgICBGb3IgZXhhbXBsZSwgcmVxdWVzdGluZyB0byByZWZyZXNoIGFuIGFjY2VzcyB0b2tl
biAoPHhyZWYgdGFyZ2V0PSd0b2tlbi1yZWZyZXNoJyAvPikKICAgICAgICAgICAgICB1c2luZyB0
aGUgYm9keSBwYXJhbWV0ZXJzIChleHRyYSBsaW5lIGJyZWFrcyBhcmUgZm9yIGRpc3BsYXkgcHVy
cG9zZXMgb25seSk6CiAgICAgICAgICAgIDwvcHJlYW1ibGU+CiAgICAgICAgICAgIDxhcnR3b3Jr
PgogICAgICAgICAgICAgIDwhW0NEQVRBWwogIFBPU1QgL3Rva2VuIEhUVFAvMS4xCiAgSG9zdDog
c2VydmVyLmV4YW1wbGUuY29tCiAgQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3Jt
LXVybGVuY29kZWQ7Y2hhcnNldD1VVEYtOAoKICBncmFudF90eXBlPXJlZnJlc2hfdG9rZW4mcmVm
cmVzaF90b2tlbj10R3p2M0pPa0YwWEc1UXgyVGxLV0lBCiAgJmNsaWVudF9pZD1zNkJoZFJrcXQz
JmNsaWVudF9zZWNyZXQ9N0ZqZnAwWkJyMUt0RFJibmZWZG1JdwpdXT4KICAgICAgICAgICAgPC9h
cnR3b3JrPgogICAgICAgICAgPC9maWd1cmU+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgVGhl
IGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgcmVxdWlyZSB0aGUgdXNlIG9mIFRMUyBhcyBkZXNj
cmliZWQgaW4KICAgICAgICAgICAgPHhyZWYgdGFyZ2V0PSd0bHMnIC8+IHdoZW4gc2VuZGluZyBy
ZXF1ZXN0cyB1c2luZyBwYXNzd29yZCBhdXRoZW50aWNhdGlvbi4KICAgICAgICAgIDwvdD4KICAg
ICAgICAgIDx0PgogICAgICAgICAgICBTaW5jZSB0aGlzIGNsaWVudCBhdXRoZW50aWNhdGlvbiBt
ZXRob2QgaW52b2x2ZXMgYSBwYXNzd29yZCwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyCiAgICAg
ICAgICAgIE1VU1QgcHJvdGVjdCBhbnkgZW5kcG9pbnQgdXRpbGl6aW5nIGl0IGFnYWluc3QgYnJ1
dGUgZm9yY2UgYXR0YWNrcy4KICAgICAgICAgIDwvdD4KICAgICAgICA8L3NlY3Rpb24+CgogICAg
ICAgIDxzZWN0aW9uIHRpdGxlPSdPdGhlciBBdXRoZW50aWNhdGlvbiBNZXRob2RzJz4KICAgICAg
ICAgIDx0PgogICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTUFZIHN1cHBvcnQg
YW55IHN1aXRhYmxlIEhUVFAgYXV0aGVudGljYXRpb24gc2NoZW1lIG1hdGNoaW5nCiAgICAgICAg
ICAgIGl0cyBzZWN1cml0eSByZXF1aXJlbWVudHMuIFdoZW4gdXNpbmcgb3RoZXIgYXV0aGVudGlj
YXRpb24gbWV0aG9kcywgdGhlIGF1dGhvcml6YXRpb24KICAgICAgICAgICAgc2VydmVyIE1VU1Qg
ZGVmaW5lIGEgbWFwcGluZyBiZXR3ZWVuIHRoZSBjbGllbnQgaWRlbnRpZmllciAocmVnaXN0cmF0
aW9uIHJlY29yZCkgYW5kCiAgICAgICAgICAgIGF1dGhlbnRpY2F0aW9uIHNjaGVtZS4KICAgICAg
ICAgIDwvdD4KICAgICAgICA8L3NlY3Rpb24+CgogICAgICA8L3NlY3Rpb24+CgogICAgICA8c2Vj
dGlvbiB0aXRsZT0nVW5yZWdpc3RlcmVkIENsaWVudHMnPgogICAgICAgIDx0PgogICAgICAgICAg
VGhpcyBzcGVjaWZpY2F0aW9uIGRvZXMgbm90IGV4Y2x1ZGUgdGhlIHVzZSBvZiB1bnJlZ2lzdGVy
ZWQgY2xpZW50cy4gSG93ZXZlciwgdGhlIHVzZQogICAgICAgICAgd2l0aCBzdWNoIGNsaWVudHMg
aXMgYmV5b25kIHRoZSBzY29wZSBvZiB0aGlzIHNwZWNpZmljYXRpb24sIGFuZCByZXF1aXJlcyBh
ZGRpdGlvbmFsCiAgICAgICAgICBzZWN1cml0eSBhbmFseXNpcyBhbmQgcmV2aWV3IG9mIGl0cyBp
bnRlcm9wZXJhYmlsaXR5IGltcGFjdC4KICAgICAgICA8L3Q+CiAgICAgIDwvc2VjdGlvbj4KICAg
ICAgCiAgICA8L3NlY3Rpb24+CgogICAgPHNlY3Rpb24gdGl0bGU9J1Byb3RvY29sIEVuZHBvaW50
cyc+CiAgICAgIDx0PgogICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHByb2Nlc3MgdXRpbGl6ZXMg
dHdvIGF1dGhvcml6YXRpb24gc2VydmVyIGVuZHBvaW50cyAoSFRUUCByZXNvdXJjZXMpOgogICAg
ICA8L3Q+CiAgICAgIDx0PgogICAgICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4KICAgICAgICAg
IDx0PgogICAgICAgICAgICBBdXRob3JpemF0aW9uIGVuZHBvaW50IC0gdXNlZCBieSB0aGUgY2xp
ZW50IHRvIG9idGFpbiBhdXRob3JpemF0aW9uIGZyb20gdGhlIHJlc291cmNlCiAgICAgICAgICAg
IG93bmVyIHZpYSB1c2VyLWFnZW50IHJlZGlyZWN0aW9uLgogICAgICAgICAgPC90PgogICAgICAg
ICAgPHQ+CiAgICAgICAgICAgIFRva2VuIGVuZHBvaW50IC0gdXNlZCBieSB0aGUgY2xpZW50IHRv
IGV4Y2hhbmdlIGFuIGF1dGhvcml6YXRpb24gZ3JhbnQgZm9yIGFuIGFjY2VzcwogICAgICAgICAg
ICB0b2tlbiwgdHlwaWNhbGx5IHdpdGggY2xpZW50IGF1dGhlbnRpY2F0aW9uLgogICAgICAgICAg
PC90PgogICAgICAgIDwvbGlzdD4KICAgICAgPC90PgogICAgICA8dD4KICAgICAgICBBcyB3ZWxs
IGFzIG9uZSBjbGllbnQgZW5kcG9pbnQ6CiAgICAgIDwvdD4KICAgICAgPHQ+CiAgICAgICAgPGxp
c3Qgc3R5bGU9J3N5bWJvbHMnPgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIFJlZGlyZWN0aW9u
IGVuZHBvaW50IC0gdXNlZCBieSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgdG8gcmV0dXJuIGF1
dGhvcml6YXRpb24KICAgICAgICAgICAgY3JlZGVudGlhbHMgcmVzcG9uc2VzIHRvIHRoZSBjbGll
bnQgdmlhIHRoZSByZXNvdXJjZSBvd25lciB1c2VyLWFnZW50LgogICAgICAgICAgPC90PgogICAg
ICAgIDwvbGlzdD4KICAgICAgPC90PgogICAgICA8dD4KICAgICAgICBOb3QgZXZlcnkgYXV0aG9y
aXphdGlvbiBncmFudCB0eXBlIHV0aWxpemVzIGJvdGggZW5kcG9pbnRzLiBFeHRlbnNpb24gZ3Jh
bnQgdHlwZXMgTUFZCiAgICAgICAgZGVmaW5lIGFkZGl0aW9uYWwgZW5kcG9pbnRzIGFzIG5lZWRl
ZC4KICAgICAgPC90PgoKICAgICAgPHNlY3Rpb24gdGl0bGU9J0F1dGhvcml6YXRpb24gRW5kcG9p
bnQnPgogICAgICAgIDx0PgogICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gZW5kcG9pbnQgaXMg
dXNlZCB0byBpbnRlcmFjdCB3aXRoIHRoZSByZXNvdXJjZSBvd25lciBhbmQgb2J0YWluCiAgICAg
ICAgICBhbiBhdXRob3JpemF0aW9uIGdyYW50LiBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVT
VCBmaXJzdCB2ZXJpZnkgdGhlIGlkZW50aXR5IG9mIHRoZQogICAgICAgICAgcmVzb3VyY2Ugb3du
ZXIuIFRoZSB3YXkgaW4gd2hpY2ggdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGF1dGhlbnRpY2F0
ZXMgdGhlIHJlc291cmNlCiAgICAgICAgICBvd25lciAoZS5nLiB1c2VybmFtZSBhbmQgcGFzc3dv
cmQgbG9naW4sIHNlc3Npb24gY29va2llcykgaXMgYmV5b25kIHRoZSBzY29wZSBvZiB0aGlzCiAg
ICAgICAgICBzcGVjaWZpY2F0aW9uLgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAg
IFRoZSBtZWFucyB0aHJvdWdoIHdoaWNoIHRoZSBjbGllbnQgb2J0YWlucyB0aGUgbG9jYXRpb24g
b2YgdGhlIGF1dGhvcml6YXRpb24gZW5kcG9pbnQgYXJlCiAgICAgICAgICBiZXlvbmQgdGhlIHNj
b3BlIG9mIHRoaXMgc3BlY2lmaWNhdGlvbiwgYnV0IHRoZSBsb2NhdGlvbiBpcyB0eXBpY2FsbHkg
cHJvdmlkZWQgaW4gdGhlCiAgICAgICAgICBzZXJ2aWNlIGRvY3VtZW50YXRpb24uCiAgICAgICAg
PC90PgogICAgICAgIDx0PgogICAgICAgICAgVGhlIGVuZHBvaW50IFVSSSBNQVkgaW5jbHVkZSBh
bgogICAgICAgICAgPHNwYW54IHN0eWxlPSd2ZXJiJz5hcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVy
bGVuY29kZWQ8L3NwYW54PiBmb3JtYXR0ZWQKICAgICAgICAgICg8eHJlZiB0YXJnZXQ9J1czQy5S
RUMtaHRtbDQwMS0xOTk5MTIyNCcgLz4pIHF1ZXJ5IGNvbXBvbmVudCAoPHhyZWYgdGFyZ2V0PSdS
RkMzOTg2JyAvPgogICAgICAgICAgc2VjdGlvbiAzLjQpLCB3aGljaCBNVVNUIGJlIHJldGFpbmVk
IHdoZW4gYWRkaW5nIGFkZGl0aW9uYWwgcXVlcnkgcGFyYW1ldGVycy4gVGhlCiAgICAgICAgICBl
bmRwb2ludCBVUkkgTVVTVCBOT1QgaW5jbHVkZSBhIGZyYWdtZW50IGNvbXBvbmVudC4KICAgICAg
ICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBTaW5jZSByZXF1ZXN0cyB0byB0aGUgYXV0aG9y
aXphdGlvbiBlbmRwb2ludCByZXN1bHQgaW4gdXNlciBhdXRoZW50aWNhdGlvbiBhbmQgdGhlCiAg
ICAgICAgICB0cmFuc21pc3Npb24gb2YgY2xlYXItdGV4dCBjcmVkZW50aWFscyAoaW4gdGhlIEhU
VFAgcmVzcG9uc2UpLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIKICAgICAgICAgIE1VU1QgcmVx
dWlyZSB0aGUgdXNlIG9mIFRMUyBhcyBkZXNjcmliZWQgaW4gPHhyZWYgdGFyZ2V0PSd0bHMnIC8+
IHdoZW4gc2VuZGluZyByZXF1ZXN0cwogICAgICAgICAgdG8gdGhlIGF1dGhvcml6YXRpb24gZW5k
cG9pbnQuCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgVGhlIGF1dGhvcml6YXRp
b24gc2VydmVyIE1VU1Qgc3VwcG9ydCB0aGUgdXNlIG9mIHRoZSBIVFRQIDxzcGFueCBzdHlsZT0n
dmVyYic+R0VUPC9zcGFueD4KICAgICAgICAgIG1ldGhvZCA8eHJlZiB0YXJnZXQ9J1JGQzI2MTYn
IC8+IGZvciB0aGUgYXV0aG9yaXphdGlvbiBlbmRwb2ludCwgYW5kIE1BWSBzdXBwb3J0IHRoZSB1
c2UKICAgICAgICAgIG9mIHRoZSA8c3Bhbnggc3R5bGU9J3ZlcmInPlBPU1Q8L3NwYW54PiBtZXRo
b2QgYXMgd2VsbC4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBQYXJhbWV0ZXJz
IHNlbnQgd2l0aG91dCBhIHZhbHVlIE1VU1QgYmUgdHJlYXRlZCBhcyBpZiB0aGV5IHdlcmUgb21p
dHRlZCBmcm9tIHRoZSByZXF1ZXN0LgogICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVy
IE1VU1QgaWdub3JlIHVucmVjb2duaXplZCByZXF1ZXN0IHBhcmFtZXRlcnMuIFJlcXVlc3QgYW5k
CiAgICAgICAgICByZXNwb25zZSBwYXJhbWV0ZXJzIE1VU1QgTk9UIGJlIGluY2x1ZGVkIG1vcmUg
dGhhbiBvbmNlLgogICAgICAgIDwvdD4KCiAgICAgICAgPHNlY3Rpb24gdGl0bGU9J1Jlc3BvbnNl
IFR5cGUnPgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIGVuZHBv
aW50IGlzIHVzZWQgYnkgdGhlIGF1dGhvcml6YXRpb24gY29kZSBncmFudCB0eXBlIGFuZCBpbXBs
aWNpdAogICAgICAgICAgICBncmFudCB0eXBlIGZsb3dzLiBUaGUgY2xpZW50IGluZm9ybXMgdGhl
IGF1dGhvcml6YXRpb24gc2VydmVyIG9mIHRoZSBkZXNpcmVkIGdyYW50CiAgICAgICAgICAgIHR5
cGUgdXNpbmcgdGhlIGZvbGxvd2luZyBwYXJhbWV0ZXI6CiAgICAgICAgICA8L3Q+CiAgICAgICAg
ICA8dD4KICAgICAgICAgICAgPGxpc3Qgc3R5bGU9J2hhbmdpbmcnIGhhbmdJbmRlbnQ9JzYnPgog
ICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdyZXNwb25zZV90eXBlJz4KICAgICAgICAgICAgICAg
IDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgIFJFUVVJUkVELiBUaGUgdmFsdWUgTVVTVCBiZSBv
bmUgb2YgPHNwYW54IHN0eWxlPSd2ZXJiJz5jb2RlPC9zcGFueD4gZm9yIHJlcXVlc3RpbmcKICAg
ICAgICAgICAgICAgIGFuIGF1dGhvcml6YXRpb24gY29kZSBhcyBkZXNjcmliZWQgYnkgPHhyZWYg
dGFyZ2V0PSdjb2RlLWF1dGh6LXJlcScgLz4sCiAgICAgICAgICAgICAgICA8c3Bhbnggc3R5bGU9
J3ZlcmInPnRva2VuPC9zcGFueD4gZm9yIHJlcXVlc3RpbmcgYW4gYWNjZXNzIHRva2VuIChpbXBs
aWNpdCBncmFudCkKICAgICAgICAgICAgICAgIGFzIGRlc2NyaWJlZCBieSA8eHJlZiB0YXJnZXQ9
J2ltcGxpY2l0LWF1dGh6LXJlcScgLz4sIG9yIGEgcmVnaXN0ZXJlZCBleHRlbnNpb24KICAgICAg
ICAgICAgICAgIHZhbHVlIGFzIGRlc2NyaWJlZCBieSA8eHJlZiB0YXJnZXQ9J3Jlc3BvbnNlLXR5
cGUtZXh0JyAvPi4KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDwvbGlzdD4KICAgICAg
ICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAgICBFeHRlbnNpb24gcmVzcG9uc2UgdHlw
ZXMgTUFZIGNvbnRhaW4gYSBzcGFjZS1kZWxpbWl0ZWQgKCV4MjApIGxpc3Qgb2YgdmFsdWVzLCB3
aGVyZSB0aGUKICAgICAgICAgICAgb3JkZXIgb2YgdmFsdWVzIGRvZXMgbm90IG1hdHRlciAoZS5n
LiByZXNwb25zZSB0eXBlIDxzcGFueCBzdHlsZT0ndmVyYic+YSBiPC9zcGFueD4gaXMKICAgICAg
ICAgICAgdGhlIHNhbWUgYXMgPHNwYW54IHN0eWxlPSd2ZXJiJz5iIGE8L3NwYW54PikuIFRoZSBt
ZWFuaW5nIG9mIHN1Y2ggY29tcG9zaXRlIHJlc3BvbnNlCiAgICAgICAgICAgIHR5cGVzIGlzIGRl
ZmluZWQgYnkgdGhlaXIgcmVzcGVjdGl2ZSBzcGVjaWZpY2F0aW9ucy4KICAgICAgICAgIDwvdD4K
ICAgICAgICAgIDx0PgogICAgICAgICAgICBJZiBhbiBhdXRob3JpemF0aW9uIHJlcXVlc3QgaXMg
bWlzc2luZyB0aGUgPHNwYW54IHN0eWxlPSd2ZXJiJz5yZXNwb25zZV90eXBlPC9zcGFueD4KICAg
ICAgICAgICAgcGFyYW1ldGVyLCBvciBpZiB0aGUgcmVzcG9uc2UgdHlwZSBpcyBub3QgdW5kZXJz
dG9vZCwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QKICAgICAgICAgICAgcmV0dXJuIGFu
IGVycm9yIHJlc3BvbnNlIGFzIGRlc2NyaWJlZCBpbiA8eHJlZiB0YXJnZXQ9J2NvZGUtYXV0aHot
ZXJyb3InIC8+LgogICAgICAgICAgPC90PgogICAgICAgIDwvc2VjdGlvbj4KCiAgICAgICAgPHNl
Y3Rpb24gdGl0bGU9J1JlZGlyZWN0aW9uIEVuZHBvaW50JyBhbmNob3I9J3JlZGlyZWN0LXVyaSc+
CiAgICAgICAgICA8dD4KICAgICAgICAgICAgQWZ0ZXIgY29tcGxldGluZyBpdHMgaW50ZXJhY3Rp
b24gd2l0aCB0aGUgcmVzb3VyY2Ugb3duZXIsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcgogICAg
ICAgICAgICBkaXJlY3RzIHRoZSByZXNvdXJjZSBvd25lcidzIHVzZXItYWdlbnQgYmFjayB0byB0
aGUgY2xpZW50LiBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIKICAgICAgICAgICAgcmVkaXJlY3Rz
IHRoZSB1c2VyLWFnZW50IHRvIHRoZSBjbGllbnQncyByZWRpcmVjdGlvbiBlbmRwb2ludCBwcmV2
aW91c2x5IGVzdGFibGlzaGVkCiAgICAgICAgICAgIHdpdGggdGhlIGF1dGhvcml6YXRpb24gc2Vy
dmVyIGR1cmluZyB0aGUgY2xpZW50IHJlZ2lzdHJhdGlvbiBwcm9jZXNzIG9yIHdoZW4gbWFraW5n
CiAgICAgICAgICAgIHRoZSBhdXRob3JpemF0aW9uIHJlcXVlc3QuCiAgICAgICAgICA8L3Q+CiAg
ICAgICAgICA8dD4KICAgICAgICAgICAgVGhlIHJlZGlyZWN0aW9uIGVuZHBvaW50IFVSSSBNVVNU
IGJlIGFuIGFic29sdXRlIFVSSSBhcyBkZWZpbmVkIGJ5CiAgICAgICAgICAgIDx4cmVmIHRhcmdl
dD0nUkZDMzk4NicgLz4gc2VjdGlvbiA0LjMuIFRoZSBlbmRwb2ludCBVUkkgTUFZIGluY2x1ZGUg
YW4KICAgICAgICAgICAgPHNwYW54IHN0eWxlPSd2ZXJiJz5hcHBsaWNhdGlvbi94LXd3dy1mb3Jt
LXVybGVuY29kZWQ8L3NwYW54PiBmb3JtYXR0ZWQKICAgICAgICAgICAgKDx4cmVmIHRhcmdldD0n
VzNDLlJFQy1odG1sNDAxLTE5OTkxMjI0JyAvPikgcXVlcnkgY29tcG9uZW50ICg8eHJlZiB0YXJn
ZXQ9J1JGQzM5ODYnIC8+CiAgICAgICAgICAgIHNlY3Rpb24gMy40KSwgd2hpY2ggTVVTVCBiZSBy
ZXRhaW5lZCB3aGVuIGFkZGluZyBhZGRpdGlvbmFsIHF1ZXJ5IHBhcmFtZXRlcnMuIFRoZQogICAg
ICAgICAgICBlbmRwb2ludCBVUkkgTVVTVCBOT1QgaW5jbHVkZSBhIGZyYWdtZW50IGNvbXBvbmVu
dC4KICAgICAgICAgIDwvdD4KCiAgICAgICAgICA8c2VjdGlvbiB0aXRsZT0nRW5kcG9pbnQgUmVx
dWVzdCBDb25maWRlbnRpYWxpdHknPgogICAgICAgICAgICA8dD4KICAgICAgICAgICAgICBUaGUg
cmVkaXJlY3Rpb24gZW5kcG9pbnQgU0hPVUxEIHJlcXVpcmUgdGhlIHVzZSBvZiBUTFMgYXMgZGVz
Y3JpYmVkIGluCiAgICAgICAgICAgICAgPHhyZWYgdGFyZ2V0PSd0bHMnIC8+IHdoZW4gdGhlIHJl
cXVlc3RlZCByZXNwb25zZSB0eXBlIGlzCiAgICAgICAgICAgICAgPHNwYW54IHN0eWxlPSd2ZXJi
Jz5jb2RlPC9zcGFueD4gb3IgPHNwYW54IHN0eWxlPSd2ZXJiJz50b2tlbjwvc3Bhbng+LCBvcgog
ICAgICAgICAgICAgIHdoZW4gdGhlIHJlZGlyZWN0aW9uIHJlcXVlc3Qgd2lsbCByZXN1bHQgaW4g
dGhlIHRyYW5zbWlzc2lvbiBvZiBzZW5zaXRpdmUgY3JlZGVudGlhbHMKICAgICAgICAgICAgICBv
dmVyIGFuIG9wZW4gbmV0d29yay4gVGhpcyBzcGVjaWZpY2F0aW9uIGRvZXMgbm90IG1hbmRhdGUg
dGhlIHVzZSBvZiBUTFMgYmVjYXVzZSBhdAogICAgICAgICAgICAgIHRoZSB0aW1lIG9mIHRoaXMg
d3JpdGluZywgcmVxdWlyaW5nIGNsaWVudHMgdG8gZGVwbG95IFRMUyBpcyBhIHNpZ25pZmljYW50
IGh1cmRsZSBmb3IKICAgICAgICAgICAgICBtYW55IGNsaWVudCBkZXZlbG9wZXJzLiBJZiBUTFMg
aXMgbm90IGF2YWlsYWJsZSwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCB3YXJuCiAg
ICAgICAgICAgICAgdGhlIHJlc291cmNlIG93bmVyIGFib3V0IHRoZSBpbnNlY3VyZSBlbmRwb2lu
dCBwcmlvciB0byByZWRpcmVjdGlvbiAoZS5nLiBkaXNwbGF5IGEKICAgICAgICAgICAgICBtZXNz
YWdlIGR1cmluZyB0aGUgYXV0aG9yaXphdGlvbiByZXF1ZXN0KS4KICAgICAgICAgICAgPC90Pgog
ICAgICAgICAgICA8dD4KICAgICAgICAgICAgICBMYWNrIG9mIHRyYW5zcG9ydC1sYXllciBzZWN1
cml0eSBjYW4gaGF2ZSBhIHNldmVyZSBpbXBhY3Qgb24gdGhlIHNlY3VyaXR5IG9mIHRoZQogICAg
ICAgICAgICAgIGNsaWVudCBhbmQgdGhlIHByb3RlY3RlZCByZXNvdXJjZXMgaXQgaXMgYXV0aG9y
aXplZCB0byBhY2Nlc3MuIFRoZSB1c2Ugb2YKICAgICAgICAgICAgICB0cmFuc3BvcnQtbGF5ZXIg
c2VjdXJpdHkgaXMgcGFydGljdWxhcmx5IGNyaXRpY2FsIHdoZW4gdGhlIGF1dGhvcml6YXRpb24g
cHJvY2VzcyBpcwogICAgICAgICAgICAgIHVzZWQgYXMgYSBmb3JtIG9mIGRlbGVnYXRlZCBlbmQt
dXNlciBhdXRoZW50aWNhdGlvbiBieSB0aGUgY2xpZW50IChlLmcuIHRoaXJkLXBhcnR5CiAgICAg
ICAgICAgICAgc2lnbi1pbiBzZXJ2aWNlKS4KICAgICAgICAgICAgPC90PgogICAgICAgICAgPC9z
ZWN0aW9uPgoKICAgICAgICAgIDxzZWN0aW9uIHRpdGxlPSdSZWdpc3RyYXRpb24gUmVxdWlyZW1l
bnRzJz4KICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2Vy
dmVyIE1VU1QgcmVxdWlyZSB0aGUgZm9sbG93aW5nIGNsaWVudHMgdG8gcmVnaXN0ZXIgdGhlaXIK
ICAgICAgICAgICAgICByZWRpcmVjdGlvbiBlbmRwb2ludDoKICAgICAgICAgICAgPC90PgogICAg
ICAgICAgICA8dD4KICAgICAgICAgICAgICA8bGlzdCBzdHlsZT0nc3ltYm9scyc+CiAgICAgICAg
ICAgICAgICA8dD4KICAgICAgICAgICAgICAgICAgUHVibGljIGNsaWVudHMuCiAgICAgICAgICAg
ICAgICA8L3Q+CiAgICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgICAgQ29uZmlkZW50
aWFsIGNsaWVudHMgdXRpbGl6aW5nIHRoZSBpbXBsaWNpdCBncmFudCB0eXBlLgogICAgICAgICAg
ICAgICAgPC90PgogICAgICAgICAgICAgIDwvbGlzdD4KICAgICAgICAgICAgPC90PgogICAgICAg
ICAgICA8dD4KICAgICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgU0hPVUxEIHJl
cXVpcmUgYWxsIGNsaWVudHMgdG8gcmVnaXN0ZXIgdGhlaXIgcmVkaXJlY3Rpb24KICAgICAgICAg
ICAgICBlbmRwb2ludCBwcmlvciB0byB1dGlsaXppbmcgdGhlIGF1dGhvcml6YXRpb24gZW5kcG9p
bnQuCiAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgVGhlIGF1
dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCByZXF1aXJlIHRoZSBjbGllbnQgdG8gcHJvdmlkZSB0
aGUgY29tcGxldGUKICAgICAgICAgICAgICByZWRpcmVjdGlvbiBVUkkgKHRoZSBjbGllbnQgTUFZ
IHVzZSB0aGUgPHNwYW54IHN0eWxlPSd2ZXJiJz5zdGF0ZTwvc3Bhbng+IHJlcXVlc3QKICAgICAg
ICAgICAgICBwYXJhbWV0ZXIgdG8gYWNoaWV2ZSBwZXItcmVxdWVzdCBjdXN0b21pemF0aW9uKS4g
SWYgcmVxdWlyaW5nIHRoZSByZWdpc3RyYXRpb24gb2YKICAgICAgICAgICAgICB0aGUgY29tcGxl
dGUgcmVkaXJlY3Rpb24gVVJJIGlzIG5vdCBwb3NzaWJsZSwgdGhlIGF1dGhvcml6YXRpb24gc2Vy
dmVyIFNIT1VMRCByZXF1aXJlCiAgICAgICAgICAgICAgdGhlIHJlZ2lzdHJhdGlvbiBvZiB0aGUg
VVJJIHNjaGVtZSwgYXV0aG9yaXR5LCBhbmQgcGF0aCAoYWxsb3dpbmcgdGhlIGNsaWVudCB0bwog
ICAgICAgICAgICAgIGR5bmFtaWNhbGx5IHZhcnkgb25seSB0aGUgcXVlcnkgY29tcG9uZW50IG9m
IHRoZSByZWRpcmVjdGlvbiBVUkkgd2hlbiByZXF1ZXN0aW5nCiAgICAgICAgICAgICAgYXV0aG9y
aXphdGlvbikuCiAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAg
VGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1BWSBhbGxvdyB0aGUgY2xpZW50IHRvIHJlZ2lzdGVy
IG11bHRpcGxlIHJlZGlyZWN0aW9uCiAgICAgICAgICAgICAgZW5kcG9pbnRzLgogICAgICAgICAg
ICA8L3Q+CiAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgIExhY2sgb2YgYSByZWRpcmVjdGlv
biBVUkkgcmVnaXN0cmF0aW9uIHJlcXVpcmVtZW50IGNhbiBlbmFibGUgYW4gYXR0YWNrZXIgdG8g
dXNlCiAgICAgICAgICAgICAgdGhlIGF1dGhvcml6YXRpb24gZW5kcG9pbnQgYXMgb3BlbiByZWRp
cmVjdG9yIGFzIGRlc2NyaWJlZCBpbgogICAgICAgICAgICAgIDx4cmVmIHRhcmdldD0nb3Blbi1y
ZWRpcmVjdCcgLz4uCiAgICAgICAgICAgIDwvdD4KICAgICAgICAgIDwvc2VjdGlvbj4KCiAgICAg
ICAgICA8c2VjdGlvbiB0aXRsZT0nRHluYW1pYyBDb25maWd1cmF0aW9uJz4KICAgICAgICAgICAg
PHQ+CiAgICAgICAgICAgICAgSWYgbXVsdGlwbGUgcmVkaXJlY3Rpb24gVVJJcyBoYXZlIGJlZW4g
cmVnaXN0ZXJlZCwgaWYgb25seSBwYXJ0IG9mIHRoZSByZWRpcmVjdGlvbgogICAgICAgICAgICAg
IFVSSSBoYXMgYmVlbiByZWdpc3RlcmVkLCBvciBpZiBubyByZWRpcmVjdGlvbiBVUkkgaGFzIGJl
ZW4gcmVnaXN0ZXJlZCwgdGhlIGNsaWVudAogICAgICAgICAgICAgIE1VU1QgaW5jbHVkZSBhIHJl
ZGlyZWN0aW9uIFVSSSB3aXRoIHRoZSBhdXRob3JpemF0aW9uIHJlcXVlc3QgdXNpbmcgdGhlCiAg
ICAgICAgICAgICAgPHNwYW54IHN0eWxlPSd2ZXJiJz5yZWRpcmVjdF91cmk8L3NwYW54PiByZXF1
ZXN0IHBhcmFtZXRlci4KICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8dD4KICAgICAgICAg
ICAgICBXaGVuIGEgcmVkaXJlY3Rpb24gVVJJIGlzIGluY2x1ZGVkIGluIGFuIGF1dGhvcml6YXRp
b24gcmVxdWVzdCwgdGhlIGF1dGhvcml6YXRpb24KICAgICAgICAgICAgICBzZXJ2ZXIgTVVTVCBj
b21wYXJlIGFuZCBtYXRjaCB0aGUgdmFsdWUgcmVjZWl2ZWQgYWdhaW5zdCBhdCBsZWFzdCBvbmUg
b2YgdGhlCiAgICAgICAgICAgICAgcmVnaXN0ZXJlZCByZWRpcmVjdGlvbiBVUklzIChvciBVUkkg
Y29tcG9uZW50cykgYXMgZGVmaW5lZCBpbgogICAgICAgICAgICAgIDx4cmVmIHRhcmdldD0nUkZD
Mzk4NicgLz4gc2VjdGlvbiA2LCBpZiBhbnkgcmVkaXJlY3Rpb24gVVJJcyB3ZXJlIHJlZ2lzdGVy
ZWQuCiAgICAgICAgICAgICAgSWYgdGhlIGNsaWVudCByZWdpc3RyYXRpb24gaW5jbHVkZWQgdGhl
IGZ1bGwgcmVkaXJlY3Rpb24gVVJJLCB0aGUgYXV0aG9yaXphdGlvbgogICAgICAgICAgICAgIHNl
cnZlciBNVVNUIGNvbXBhcmUgdGhlIHR3byBVUklzIHVzaW5nIHNpbXBsZSBzdHJpbmcgY29tcGFy
aXNvbiBhcyBkZWZpbmVkCiAgICAgICAgICAgICAgaW4gPHhyZWYgdGFyZ2V0PSdSRkMzOTg2JyAv
PiBzZWN0aW9uIDYuMi4xLgogICAgICAgICAgICA8L3Q+CiAgICAgICAgIDwvc2VjdGlvbj4KCiAg
ICAgICAgICA8c2VjdGlvbiB0aXRsZT0nSW52YWxpZCBFbmRwb2ludCc+CiAgICAgICAgICAgIDx0
PgogICAgICAgICAgICAgIElmIGFuIGF1dGhvcml6YXRpb24gcmVxdWVzdCBmYWlscyB2YWxpZGF0
aW9uIGR1ZSB0byBhIG1pc3NpbmcsIGludmFsaWQsIG9yCiAgICAgICAgICAgICAgbWlzbWF0Y2hp
bmcgcmVkaXJlY3Rpb24gVVJJLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgU0hPVUxEIGluZm9y
bSB0aGUgcmVzb3VyY2UKICAgICAgICAgICAgICBvd25lciBvZiB0aGUgZXJyb3IsIGFuZCBNVVNU
IE5PVCBhdXRvbWF0aWNhbGx5IHJlZGlyZWN0IHRoZSB1c2VyLWFnZW50IHRvIHRoZSBpbnZhbGlk
CiAgICAgICAgICAgICAgcmVkaXJlY3Rpb24gVVJJLgogICAgICAgICAgICA8L3Q+CiAgICAgICAg
ICA8L3NlY3Rpb24+CgogICAgICAgICAgPHNlY3Rpb24gdGl0bGU9J0VuZHBvaW50IENvbnRlbnQn
PgogICAgICAgICAgICA8dD4KICAgICAgICAgICAgICBUaGUgcmVkaXJlY3Rpb24gcmVxdWVzdCB0
byB0aGUgY2xpZW50J3MgZW5kcG9pbnQgdHlwaWNhbGx5IHJlc3VsdHMgaW4gYW4gSFRNTAogICAg
ICAgICAgICAgIGRvY3VtZW50IHJlc3BvbnNlLCBwcm9jZXNzZWQgYnkgdGhlIHVzZXItYWdlbnQu
IElmIHRoZSBIVE1MIHJlc3BvbnNlIGlzIHNlcnZlZAogICAgICAgICAgICAgIGRpcmVjdGx5IGFz
IHRoZSByZXN1bHQgb2YgdGhlIHJlZGlyZWN0aW9uIHJlcXVlc3QsIGFueSBzY3JpcHQgaW5jbHVk
ZWQgaW4gdGhlIEhUTUwKICAgICAgICAgICAgICBkb2N1bWVudCB3aWxsIGV4ZWN1dGUgd2l0aCBm
dWxsIGFjY2VzcyB0byB0aGUgcmVkaXJlY3Rpb24gVVJJIGFuZCB0aGUgY3JlZGVudGlhbHMgaXQK
ICAgICAgICAgICAgICBjb250YWlucy4KICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8dD4K
ICAgICAgICAgICAgICBUaGUgY2xpZW50IFNIT1VMRCBOT1QgaW5jbHVkZSBhbnkgdGhpcmQtcGFy
dHkgc2NyaXB0cyAoZS5nLiB0aGlyZC1wYXJ0eSBhbmFseXRpY3MsCiAgICAgICAgICAgICAgc29j
aWFsIHBsdWctaW5zLCBhZCBuZXR3b3JrcykgaW4gdGhlIHJlZGlyZWN0aW9uIGVuZHBvaW50IHJl
c3BvbnNlLiBJbnN0ZWFkLCBpdAogICAgICAgICAgICAgIFNIT1VMRCBleHRyYWN0IHRoZSBjcmVk
ZW50aWFscyBmcm9tIHRoZSBVUkkgYW5kIHJlZGlyZWN0IHRoZSB1c2VyLWFnZW50IGFnYWluIHRv
CiAgICAgICAgICAgICAgYW5vdGhlciBlbmRwb2ludCB3aXRob3V0IGV4cG9zaW5nIHRoZSBjcmVk
ZW50aWFscyAoaW4gdGhlIFVSSSBvciBlbHNld2hlcmUpLiBJZgogICAgICAgICAgICAgIHRoaXJk
LXBhcnR5IHNjcmlwdHMgYXJlIGluY2x1ZGVkLCB0aGUgY2xpZW50IE1VU1QgZW5zdXJlIHRoYXQg
aXRzIG93biBzY3JpcHRzCiAgICAgICAgICAgICAgKHVzZWQgdG8gZXh0cmFjdCBhbmQgcmVtb3Zl
IHRoZSBjcmVkZW50aWFscyBmcm9tIHRoZSBVUkkpIHdpbGwgZXhlY3V0ZSBmaXJzdC4KICAgICAg
ICAgICAgPC90PgogICAgICAgICAgPC9zZWN0aW9uPgogICAgICAgICAgCiAgICAgICAgPC9zZWN0
aW9uPgoKICAgICAgPC9zZWN0aW9uPgoKICAgICAgPHNlY3Rpb24gdGl0bGU9J1Rva2VuIEVuZHBv
aW50Jz4KICAgICAgICA8dD4KICAgICAgICAgIFRoZSB0b2tlbiBlbmRwb2ludCBpcyB1c2VkIGJ5
IHRoZSBjbGllbnQgdG8gb2J0YWluIGFuIGFjY2VzcyB0b2tlbiBieSBwcmVzZW50aW5nIGl0cwog
ICAgICAgICAgYXV0aG9yaXphdGlvbiBncmFudCBvciByZWZyZXNoIHRva2VuLiBUaGUgdG9rZW4g
ZW5kcG9pbnQgaXMgdXNlZCB3aXRoIGV2ZXJ5IGF1dGhvcml6YXRpb24KICAgICAgICAgIGdyYW50
IGV4Y2VwdCBmb3IgdGhlIGltcGxpY2l0IGdyYW50IHR5cGUgKHNpbmNlIGFuIGFjY2VzcyB0b2tl
biBpcyBpc3N1ZWQgZGlyZWN0bHkpLgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAg
IFRoZSBtZWFucyB0aHJvdWdoIHdoaWNoIHRoZSBjbGllbnQgb2J0YWlucyB0aGUgbG9jYXRpb24g
b2YgdGhlIHRva2VuIGVuZHBvaW50IGFyZQogICAgICAgICAgYmV5b25kIHRoZSBzY29wZSBvZiB0
aGlzIHNwZWNpZmljYXRpb24gYnV0IGlzIHR5cGljYWxseSBwcm92aWRlZCBpbiB0aGUgc2Vydmlj
ZQogICAgICAgICAgZG9jdW1lbnRhdGlvbi4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAg
ICAgICBUaGUgZW5kcG9pbnQgVVJJIE1BWSBpbmNsdWRlIGFuCiAgICAgICAgICA8c3Bhbnggc3R5
bGU9J3ZlcmInPmFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZDwvc3Bhbng+IGZvcm1h
dHRlZAogICAgICAgICAgKDx4cmVmIHRhcmdldD0nVzNDLlJFQy1odG1sNDAxLTE5OTkxMjI0JyAv
PikgcXVlcnkgY29tcG9uZW50ICg8eHJlZiB0YXJnZXQ9J1JGQzM5ODYnIC8+CiAgICAgICAgICBz
ZWN0aW9uIDMuNCksIHdoaWNoIE1VU1QgYmUgcmV0YWluZWQgd2hlbiBhZGRpbmcgYWRkaXRpb25h
bCBxdWVyeSBwYXJhbWV0ZXJzLiBUaGUKICAgICAgICAgIGVuZHBvaW50IFVSSSBNVVNUIE5PVCBp
bmNsdWRlIGEgZnJhZ21lbnQgY29tcG9uZW50LgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAg
ICAgICAgIFNpbmNlIHJlcXVlc3RzIHRvIHRoZSB0b2tlbiBlbmRwb2ludCByZXN1bHQgaW4gdGhl
IHRyYW5zbWlzc2lvbiBvZiBjbGVhci10ZXh0IGNyZWRlbnRpYWxzCiAgICAgICAgICAoaW4gdGhl
IEhUVFAgcmVxdWVzdCBhbmQgcmVzcG9uc2UpLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVT
VCByZXF1aXJlIHRoZSB1c2Ugb2YgVExTCiAgICAgICAgICBhcyBkZXNjcmliZWQgaW4gPHhyZWYg
dGFyZ2V0PSd0bHMnIC8+IHdoZW4gc2VuZGluZyByZXF1ZXN0cyB0byB0aGUgdG9rZW4gZW5kcG9p
bnQuCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgVGhlIGNsaWVudCBNVVNUIHVz
ZSB0aGUgSFRUUCA8c3Bhbnggc3R5bGU9J3ZlcmInPlBPU1Q8L3NwYW54PiBtZXRob2Qgd2hlbiBt
YWtpbmcgYWNjZXNzCiAgICAgICAgICB0b2tlbiByZXF1ZXN0cy4KICAgICAgICA8L3Q+CiAgICAg
ICAgPHQ+CiAgICAgICAgICBQYXJhbWV0ZXJzIHNlbnQgd2l0aG91dCBhIHZhbHVlIE1VU1QgYmUg
dHJlYXRlZCBhcyBpZiB0aGV5IHdlcmUgb21pdHRlZCBmcm9tIHRoZSByZXF1ZXN0LgogICAgICAg
ICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgaWdub3JlIHVucmVjb2duaXplZCByZXF1
ZXN0IHBhcmFtZXRlcnMuIFJlcXVlc3QgYW5kCiAgICAgICAgICByZXNwb25zZSBwYXJhbWV0ZXJz
IE1VU1QgTk9UIGJlIGluY2x1ZGVkIG1vcmUgdGhhbiBvbmNlLgogICAgICAgIDwvdD4KCiAgICAg
ICAgPHNlY3Rpb24gdGl0bGU9J0NsaWVudCBBdXRoZW50aWNhdGlvbicgYW5jaG9yPSd0b2tlbi1l
bmRwb2ludC1hdXRoJz4KICAgICAgICAgIDx0PgogICAgICAgICAgICBDb25maWRlbnRpYWwgY2xp
ZW50cyBvciBvdGhlciBjbGllbnRzIGlzc3VlZCBjbGllbnQgY3JlZGVudGlhbHMgTVVTVCBhdXRo
ZW50aWNhdGUgd2l0aAogICAgICAgICAgICB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXMgZGVz
Y3JpYmVkIGluIDx4cmVmIHRhcmdldD0nY2xpZW50LWF1dGhlbnRpY2F0aW9uJyAvPiB3aGVuCiAg
ICAgICAgICAgIG1ha2luZyByZXF1ZXN0cyB0byB0aGUgdG9rZW4gZW5kcG9pbnQuIENsaWVudCBh
dXRoZW50aWNhdGlvbiBpcyB1c2VkIGZvcjoKICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0Pgog
ICAgICAgICAgICA8bGlzdCBzdHlsZT0nc3ltYm9scyc+CiAgICAgICAgICAgICAgPHQ+CiAgICAg
ICAgICAgICAgICBFbmZvcmNpbmcgdGhlIGJpbmRpbmcgb2YgcmVmcmVzaCB0b2tlbnMgYW5kIGF1
dGhvcml6YXRpb24gY29kZXMgdG8gdGhlIGNsaWVudCB0aGV5CiAgICAgICAgICAgICAgICB3ZXJl
IGlzc3VlZCB0by4gQ2xpZW50IGF1dGhlbnRpY2F0aW9uIGlzIGNyaXRpY2FsIHdoZW4gYW4gYXV0
aG9yaXphdGlvbiBjb2RlIGlzCiAgICAgICAgICAgICAgICB0cmFuc21pdHRlZCB0byB0aGUgcmVk
aXJlY3Rpb24gZW5kcG9pbnQgb3ZlciBhbiBpbnNlY3VyZSBjaGFubmVsLCBvciB3aGVuIHRoZQog
ICAgICAgICAgICAgICAgcmVkaXJlY3Rpb24gVVJJIGhhcyBub3QgYmVlbiByZWdpc3RlcmVkIGlu
IGZ1bGwuCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAg
ICAgUmVjb3ZlcmluZyBmcm9tIGEgY29tcHJvbWlzZWQgY2xpZW50IGJ5IGRpc2FibGluZyB0aGUg
Y2xpZW50IG9yIGNoYW5naW5nIGl0cwogICAgICAgICAgICAgICAgY3JlZGVudGlhbHMsIHRodXMg
cHJldmVudGluZyBhbiBhdHRhY2tlciBmcm9tIGFidXNpbmcgc3RvbGVuIHJlZnJlc2ggdG9rZW5z
LiBDaGFuZ2luZwogICAgICAgICAgICAgICAgYSBzaW5nbGUgc2V0IG9mIGNsaWVudCBjcmVkZW50
aWFscyBpcyBzaWduaWZpY2FudGx5IGZhc3RlciB0aGFuIHJldm9raW5nIGFuIGVudGlyZQogICAg
ICAgICAgICAgICAgc2V0IG9mIHJlZnJlc2ggdG9rZW5zLgogICAgICAgICAgICAgIDwvdD4KICAg
ICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIEltcGxlbWVudGluZyBhdXRoZW50aWNhdGlv
biBtYW5hZ2VtZW50IGJlc3QgcHJhY3RpY2VzIHdoaWNoIHJlcXVpcmUgcGVyaW9kaWMKICAgICAg
ICAgICAgICAgIGNyZWRlbnRpYWwgcm90YXRpb24uIFJvdGF0aW9uIG9mIGFuIGVudGlyZSBzZXQg
b2YgcmVmcmVzaCB0b2tlbnMgY2FuIGJlCiAgICAgICAgICAgICAgICBjaGFsbGVuZ2luZywgd2hp
bGUgcm90YXRpb24gb2YgYSBzaW5nbGUgc2V0IG9mIGNsaWVudCBjcmVkZW50aWFscyBpcyBzaWdu
aWZpY2FudGx5CiAgICAgICAgICAgICAgICBlYXNpZXIuCiAgICAgICAgICAgICAgPC90PgogICAg
ICAgICAgICA8L2xpc3Q+CiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAgICAgICAgICAg
QSBwdWJsaWMgY2xpZW50IHRoYXQgd2FzIG5vdCBpc3N1ZWQgYSBjbGllbnQgcGFzc3dvcmQgTUFZ
IHVzZSB0aGUKICAgICAgICAgICAgPHNwYW54IHN0eWxlPSd2ZXJiJz5jbGllbnRfaWQ8L3NwYW54
PiByZXF1ZXN0IHBhcmFtZXRlciB0byBpZGVudGlmeSBpdHNlbGYgd2hlbiBzZW5kaW5nCiAgICAg
ICAgICAgIHJlcXVlc3RzIHRvIHRoZSB0b2tlbiBlbmRwb2ludCAoZS5nLiBmb3IgdGhlIHB1cnBv
c2Ugb2YgcHJvdmlkaW5nIGVuZC11c2VyIGNvbnRleHQsCiAgICAgICAgICAgIGNsaWVudCB1c2Fn
ZSBzdGF0aXN0aWNzKS4KICAgICAgICAgIDwvdD4KICAgICAgICA8L3NlY3Rpb24+CgogICAgICA8
L3NlY3Rpb24+CgogICAgICA8c2VjdGlvbiB0aXRsZT0nQWNjZXNzIFRva2VuIFNjb3BlJyBhbmNo
b3I9J3Njb3BlJz4KICAgICAgICA8dD4KICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIGFuZCB0
b2tlbiBlbmRwb2ludHMgYWxsb3cgdGhlIGNsaWVudCB0byBzcGVjaWZ5IHRoZSBzY29wZSBvZiB0
aGUgYWNjZXNzCiAgICAgICAgICByZXF1ZXN0IHVzaW5nIHRoZSA8c3Bhbnggc3R5bGU9J3ZlcmIn
PnNjb3BlPC9zcGFueD4gcmVxdWVzdCBwYXJhbWV0ZXIuIEluIHR1cm4sIHRoZQogICAgICAgICAg
YXV0aG9yaXphdGlvbiBzZXJ2ZXIgdXNlcyB0aGUgPHNwYW54IHN0eWxlPSd2ZXJiJz5zY29wZTwv
c3Bhbng+IHJlc3BvbnNlIHBhcmFtZXRlciB0bwogICAgICAgICAgaW5mb3JtIHRoZSBjbGllbnQg
b2YgdGhlIHNjb3BlIG9mIHRoZSBhY2Nlc3MgdG9rZW4gaXNzdWVkLgogICAgICAgIDwvdD4KICAg
ICAgICA8dD4KICAgICAgICAgIFRoZSB2YWx1ZSBvZiB0aGUgc2NvcGUgcGFyYW1ldGVyIGlzIGV4
cHJlc3NlZCBhcyBhIGxpc3Qgb2Ygc3BhY2UtZGVsaW1pdGVkLCBjYXNlCiAgICAgICAgICBzZW5z
aXRpdmUgc3RyaW5ncy4gVGhlIHN0cmluZ3MgYXJlIGRlZmluZWQgYnkgdGhlIGF1dGhvcml6YXRp
b24gc2VydmVyLiBJZiB0aGUgdmFsdWUKICAgICAgICAgIGNvbnRhaW5zIG11bHRpcGxlIHNwYWNl
LWRlbGltaXRlZCBzdHJpbmdzLCB0aGVpciBvcmRlciBkb2VzIG5vdCBtYXR0ZXIsIGFuZCBlYWNo
IHN0cmluZwogICAgICAgICAgYWRkcyBhbiBhZGRpdGlvbmFsIGFjY2VzcyByYW5nZSB0byB0aGUg
cmVxdWVzdGVkIHNjb3BlLgogICAgICAgIDwvdD4KICAgICAgICA8ZmlndXJlPgogICAgICAgICAg
PGFydHdvcms+CiAgICAgICAgICAgIDwhW0NEQVRBWwogIHNjb3BlICAgICAgID0gc2NvcGUtdG9r
ZW4gKiggU1Agc2NvcGUtdG9rZW4gKQogIHNjb3BlLXRva2VuID0gMSooICV4MjEgLyAleDIzLTVC
IC8gJXg1RC03RSApCl1dPgogICAgICAgICAgPC9hcnR3b3JrPgogICAgICAgIDwvZmlndXJlPgog
ICAgICAgIDx0PgogICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1BWSBmdWxseSBv
ciBwYXJ0aWFsbHkgaWdub3JlIHRoZSBzY29wZSByZXF1ZXN0ZWQgYnkgdGhlIGNsaWVudAogICAg
ICAgICAgYmFzZWQgb24gdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHBvbGljeSBvciB0aGUgcmVz
b3VyY2Ugb3duZXIncyBpbnN0cnVjdGlvbnMuIElmIHRoZQogICAgICAgICAgaXNzdWVkIGFjY2Vz
cyB0b2tlbiBzY29wZSBpcyBkaWZmZXJlbnQgZnJvbSB0aGUgb25lIHJlcXVlc3RlZCBieSB0aGUg
Y2xpZW50LCB0aGUKICAgICAgICAgIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgaW5jbHVkZSB0
aGUgPHNwYW54IHN0eWxlPSd2ZXJiJz5zY29wZTwvc3Bhbng+IHJlc3BvbnNlCiAgICAgICAgICBw
YXJhbWV0ZXIgdG8gaW5mb3JtIHRoZSBjbGllbnQgb2YgdGhlIGFjdHVhbCBzY29wZSBncmFudGVk
LgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIElmIHRoZSBjbGllbnQgb21pdHMg
dGhlIHNjb3BlIHBhcmFtZXRlciB3aGVuIHJlcXVlc3RpbmcgYXV0aG9yaXphdGlvbiwgdGhlIGF1
dGhvcml6YXRpb24KICAgICAgICAgIHNlcnZlciBNVVNUIGVpdGhlciBwcm9jZXNzIHRoZSByZXF1
ZXN0IHVzaW5nIGEgcHJlLWRlZmluZWQgZGVmYXVsdCB2YWx1ZSwgb3IgZmFpbCB0aGUKICAgICAg
ICAgIHJlcXVlc3QgaW5kaWNhdGluZyBhbiBpbnZhbGlkIHNjb3BlLiBUaGUgYXV0aG9yaXphdGlv
biBzZXJ2ZXIgU0hPVUxEIGRvY3VtZW50IGl0cyBzY29wZQogICAgICAgICAgcmVxdWlyZW1lbnRz
IGFuZCBkZWZhdWx0IHZhbHVlIChpZiBkZWZpbmVkKS4KICAgICAgICA8L3Q+CiAgICAgIDwvc2Vj
dGlvbj4KCiAgICA8L3NlY3Rpb24+CgogICAgPHNlY3Rpb24gdGl0bGU9J09idGFpbmluZyBBdXRo
b3JpemF0aW9uJz4KICAgICAgPHQ+CiAgICAgICAgVG8gcmVxdWVzdCBhbiBhY2Nlc3MgdG9rZW4s
IHRoZSBjbGllbnQgb2J0YWlucyBhdXRob3JpemF0aW9uIGZyb20gdGhlIHJlc291cmNlIG93bmVy
LiBUaGUKICAgICAgICBhdXRob3JpemF0aW9uIGlzIGV4cHJlc3NlZCBpbiB0aGUgZm9ybSBvZiBh
biBhdXRob3JpemF0aW9uIGdyYW50IHdoaWNoIHRoZSBjbGllbnQgdXNlcyB0bwogICAgICAgIHJl
cXVlc3QgdGhlIGFjY2VzcyB0b2tlbi4gT0F1dGggZGVmaW5lcyBmb3VyIGdyYW50IHR5cGVzOiBh
dXRob3JpemF0aW9uIGNvZGUsIGltcGxpY2l0LAogICAgICAgIHJlc291cmNlIG93bmVyIHBhc3N3
b3JkIGNyZWRlbnRpYWxzLCBhbmQgY2xpZW50IGNyZWRlbnRpYWxzLiBJdCBhbHNvIHByb3ZpZGVz
IGFuIGV4dGVuc2lvbgogICAgICAgIG1lY2hhbmlzbSBmb3IgZGVmaW5pbmcgYWRkaXRpb25hbCBn
cmFudCB0eXBlcy4KICAgICAgPC90PgoKICAgICAgPHNlY3Rpb24gdGl0bGU9J0F1dGhvcml6YXRp
b24gQ29kZSBHcmFudCcgYW5jaG9yPSdncmFudC1jb2RlJz4KICAgICAgICA8dD4KICAgICAgICAg
IFRoZSBhdXRob3JpemF0aW9uIGNvZGUgZ3JhbnQgdHlwZSBpcyB1c2VkIHRvIG9idGFpbiBib3Ro
IGFjY2VzcyB0b2tlbnMgYW5kIHJlZnJlc2gKICAgICAgICAgIHRva2VucyBhbmQgaXMgb3B0aW1p
emVkIGZvciBjb25maWRlbnRpYWwgY2xpZW50cy4gQXMgYSByZWRpcmVjdGlvbi1iYXNlZCBmbG93
LCB0aGUgY2xpZW50CiAgICAgICAgICBtdXN0IGJlIGNhcGFibGUgb2YgaW50ZXJhY3Rpbmcgd2l0
aCB0aGUgcmVzb3VyY2Ugb3duZXIncyB1c2VyLWFnZW50ICh0eXBpY2FsbHkgYSB3ZWIKICAgICAg
ICAgIGJyb3dzZXIpIGFuZCBjYXBhYmxlIG9mIHJlY2VpdmluZyBpbmNvbWluZyByZXF1ZXN0cyAo
dmlhIHJlZGlyZWN0aW9uKSBmcm9tIHRoZQogICAgICAgICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIu
CiAgICAgICAgPC90PgogICAgICAgIDxmaWd1cmUgdGl0bGU9J0F1dGhvcml6YXRpb24gQ29kZSBG
bG93JyBhbmNob3I9J0ZpZ3VyZS0zJz4KICAgICAgICAgIDxhcnR3b3JrPgogICAgICAgICAgICA8
IVtDREFUQVsKICArLS0tLS0tLS0tLSsKICB8IHJlc291cmNlIHwKICB8ICAgb3duZXIgIHwKICB8
ICAgICAgICAgIHwKICArLS0tLS0tLS0tLSsKICAgICAgIF4KICAgICAgIHwKICAgICAgKEIpICAg
ICAgCiAgKy0tLS18LS0tLS0rICAgICAgICAgIENsaWVudCBJZGVudGlmaWVyICAgICAgKy0tLS0t
LS0tLS0tLS0tLSsKICB8ICAgICAgICAgLSstLS0tKEEpLS0gJiBSZWRpcmVjdGlvbiBVUkkgLS0t
LT58ICAgICAgICAgICAgICAgfAogIHwgIFVzZXItICAgfCAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgIHwgQXV0aG9yaXphdGlvbiB8CiAgfCAgQWdlbnQgIC0rLS0tLShCKS0tIFVzZXIg
YXV0aGVudGljYXRlcyAtLS0+fCAgICAgU2VydmVyICAgIHwKICB8ICAgICAgICAgIHwgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICB8ICAgICAgICAgICAgICAgfAogIHwgICAgICAgICAt
Ky0tLS0oQyktLSBBdXRob3JpemF0aW9uIENvZGUgLS0tPHwgICAgICAgICAgICAgICB8CiAgKy18
LS0tLXwtLS0rICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKy0tLS0tLS0tLS0tLS0t
LSsKICAgIHwgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXiAg
ICAgIHYKICAgKEEpICAoQykgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
fCAgICAgIHwKICAgIHwgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgfCAgICAgIHwKICAgIF4gICAgdiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgfCAgICAgIHwKICArLS0tLS0tLS0tKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgfCAgICAgIHwKICB8ICAgICAgICAgfD4tLS0oRCktLSBBdXRob3JpemF0aW9uIENv
ZGUgLS0tLS0tLS0tJyAgICAgIHwKICB8ICBDbGllbnQgfCAgICAgICAgICAmIFJlZGlyZWN0aW9u
IFVSSSAgICAgICAgICAgICAgICAgIHwKICB8ICAgICAgICAgfCAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgIHwKICB8ICAgICAgICAgfDwtLS0oRSktLS0tLSBBY2Nl
c3MgVG9rZW4gLS0tLS0tLS0tLS0tLS0tLS0tLScKICArLS0tLS0tLS0tKyAgICAgICAody8gT3B0
aW9uYWwgUmVmcmVzaCBUb2tlbikKXV0+CiAgICAgICAgICA8L2FydHdvcms+CiAgICAgICAgICA8
cG9zdGFtYmxlPgogICAgICAgICAgICBOb3RlOiBUaGUgbGluZXMgaWxsdXN0cmF0aW5nIHN0ZXBz
IEEsIEIsIGFuZCBDIGFyZSBicm9rZW4gaW50byB0d28gcGFydHMgYXMgdGhleSBwYXNzCiAgICAg
ICAgICAgIHRocm91Z2ggdGhlIHVzZXItYWdlbnQuCiAgICAgICAgICA8L3Bvc3RhbWJsZT4KICAg
ICAgICA8L2ZpZ3VyZT4KICAgICAgICA8dD4KICAgICAgICAgIFRoZSBmbG93IGlsbHVzdHJhdGVk
IGluIDx4cmVmIHRhcmdldD0nRmlndXJlLTMnIC8+IGluY2x1ZGVzIHRoZSBmb2xsb3dpbmcgc3Rl
cHM6CiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgPGxpc3Qgc3R5bGU9J2Zvcm1h
dCAoJUMpJz4KICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgVGhlIGNsaWVudCBpbml0aWF0
ZXMgdGhlIGZsb3cgYnkgZGlyZWN0aW5nIHRoZSByZXNvdXJjZSBvd25lcidzIHVzZXItYWdlbnQg
dG8gdGhlCiAgICAgICAgICAgICAgYXV0aG9yaXphdGlvbiBlbmRwb2ludC4gVGhlIGNsaWVudCBp
bmNsdWRlcyBpdHMgY2xpZW50IGlkZW50aWZpZXIsIHJlcXVlc3RlZAogICAgICAgICAgICAgIHNj
b3BlLCBsb2NhbCBzdGF0ZSwgYW5kIGEgcmVkaXJlY3Rpb24gVVJJIHRvIHdoaWNoIHRoZSBhdXRo
b3JpemF0aW9uIHNlcnZlciB3aWxsIHNlbmQKICAgICAgICAgICAgICB0aGUgdXNlci1hZ2VudCBi
YWNrIG9uY2UgYWNjZXNzIGlzIGdyYW50ZWQgKG9yIGRlbmllZCkuCiAgICAgICAgICAgIDwvdD4K
ICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGF1
dGhlbnRpY2F0ZXMgdGhlIHJlc291cmNlIG93bmVyICh2aWEgdGhlIHVzZXItYWdlbnQpIGFuZAog
ICAgICAgICAgICAgIGVzdGFibGlzaGVzIHdoZXRoZXIgdGhlIHJlc291cmNlIG93bmVyIGdyYW50
cyBvciBkZW5pZXMgdGhlIGNsaWVudCdzIGFjY2VzcyByZXF1ZXN0LgogICAgICAgICAgICA8L3Q+
CiAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgIEFzc3VtaW5nIHRoZSByZXNvdXJjZSBvd25l
ciBncmFudHMgYWNjZXNzLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgcmVkaXJlY3RzIHRoZQog
ICAgICAgICAgICAgIHVzZXItYWdlbnQgYmFjayB0byB0aGUgY2xpZW50IHVzaW5nIHRoZSByZWRp
cmVjdGlvbiBVUkkgcHJvdmlkZWQgZWFybGllciAoaW4gdGhlCiAgICAgICAgICAgICAgcmVxdWVz
dCBvciBkdXJpbmcgY2xpZW50IHJlZ2lzdHJhdGlvbikuIFRoZSByZWRpcmVjdGlvbiBVUkkgaW5j
bHVkZXMgYW4gYXV0aG9yaXphdGlvbgogICAgICAgICAgICAgIGNvZGUgYW5kIGFueSBsb2NhbCBz
dGF0ZSBwcm92aWRlZCBieSB0aGUgY2xpZW50IGVhcmxpZXIuCiAgICAgICAgICAgIDwvdD4KICAg
ICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgVGhlIGNsaWVudCByZXF1ZXN0cyBhbiBhY2Nlc3Mg
dG9rZW4gZnJvbSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIncyB0b2tlbiBlbmRwb2ludAogICAg
ICAgICAgICAgIGJ5IGluY2x1ZGluZyB0aGUgYXV0aG9yaXphdGlvbiBjb2RlIHJlY2VpdmVkIGlu
IHRoZSBwcmV2aW91cyBzdGVwLiBXaGVuIG1ha2luZyB0aGUKICAgICAgICAgICAgICByZXF1ZXN0
LCB0aGUgY2xpZW50IGF1dGhlbnRpY2F0ZXMgd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIu
IFRoZSBjbGllbnQgaW5jbHVkZXMKICAgICAgICAgICAgICB0aGUgcmVkaXJlY3Rpb24gVVJJIHVz
ZWQgdG8gb2J0YWluIHRoZSBhdXRob3JpemF0aW9uIGNvZGUgZm9yIHZlcmlmaWNhdGlvbi4KICAg
ICAgICAgICAgPC90PgogICAgICAgICAgICA8dD4KICAgICAgICAgICAgICBUaGUgYXV0aG9yaXph
dGlvbiBzZXJ2ZXIgYXV0aGVudGljYXRlcyB0aGUgY2xpZW50LCB2YWxpZGF0ZXMgdGhlIGF1dGhv
cml6YXRpb24gY29kZSwKICAgICAgICAgICAgICBhbmQgZW5zdXJlcyB0aGUgcmVkaXJlY3Rpb24g
VVJJIHJlY2VpdmVkIG1hdGNoZXMgdGhlIFVSSSB1c2VkIHRvIHJlZGlyZWN0IHRoZSBjbGllbnQK
ICAgICAgICAgICAgICBpbiBzdGVwIChDKS4gSWYgdmFsaWQsIHRoZSBhdXRob3JpemF0aW9uIHNl
cnZlciByZXNwb25kcyBiYWNrIHdpdGggYW4gYWNjZXNzIHRva2VuCiAgICAgICAgICAgICAgYW5k
IG9wdGlvbmFsbHksIGEgcmVmcmVzaCB0b2tlbi4KICAgICAgICAgICAgPC90PgogICAgICAgICAg
PC9saXN0PgogICAgICAgIDwvdD4KCiAgICAgICAgPHNlY3Rpb24gdGl0bGU9J0F1dGhvcml6YXRp
b24gUmVxdWVzdCcgYW5jaG9yPSdjb2RlLWF1dGh6LXJlcSc+CiAgICAgICAgICA8dD4KICAgICAg
ICAgICAgVGhlIGNsaWVudCBjb25zdHJ1Y3RzIHRoZSByZXF1ZXN0IFVSSSBieSBhZGRpbmcgdGhl
IGZvbGxvd2luZyBwYXJhbWV0ZXJzIHRvIHRoZQogICAgICAgICAgICBxdWVyeSBjb21wb25lbnQg
b2YgdGhlIGF1dGhvcml6YXRpb24gZW5kcG9pbnQgVVJJIHVzaW5nIHRoZQogICAgICAgICAgICA8
c3Bhbnggc3R5bGU9J3ZlcmInPmFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZDwvc3Bh
bng+IGZvcm1hdCBhcyBkZWZpbmVkIGJ5CiAgICAgICAgICAgIDx4cmVmIHRhcmdldD0nVzNDLlJF
Qy1odG1sNDAxLTE5OTkxMjI0JyAvPjoKICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAg
ICAgICAgICA8bGlzdCBzdHlsZT0naGFuZ2luZycgaGFuZ0luZGVudD0nNic+CiAgICAgICAgICAg
ICAgPHQgaGFuZ1RleHQ9J3Jlc3BvbnNlX3R5cGUnPgogICAgICAgICAgICAgICAgPHZzcGFjZSAv
PgogICAgICAgICAgICAgICAgUkVRVUlSRUQuIFZhbHVlIE1VU1QgYmUgc2V0IHRvIDxzcGFueCBz
dHlsZT0ndmVyYic+Y29kZTwvc3Bhbng+LgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAg
ICA8dCBoYW5nVGV4dD0nY2xpZW50X2lkJz4KICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAg
ICAgICAgICAgICAgIFJFUVVJUkVELiBUaGUgY2xpZW50IGlkZW50aWZpZXIgYXMgZGVzY3JpYmVk
IGluCiAgICAgICAgICAgICAgICA8eHJlZiB0YXJnZXQ9J2NsaWVudC1pZGVudGlmaWVyJyAvPi4K
ICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J3JlZGlyZWN0X3Vy
aSc+CiAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICBPUFRJT05BTC4g
QXMgZGVzY3JpYmVkIGluIDx4cmVmIHRhcmdldD0ncmVkaXJlY3QtdXJpJyAvPi4KICAgICAgICAg
ICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J3Njb3BlJz4KICAgICAgICAgICAg
ICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgIE9QVElPTkFMLiBUaGUgc2NvcGUgb2YgdGhl
IGFjY2VzcyByZXF1ZXN0IGFzIGRlc2NyaWJlZCBieSA8eHJlZiB0YXJnZXQ9J3Njb3BlJyAvPi4K
ICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J3N0YXRlJz4KICAg
ICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgIFJFQ09NTUVOREVELiBBbiBv
cGFxdWUgdmFsdWUgdXNlZCBieSB0aGUgY2xpZW50IHRvIG1haW50YWluIHN0YXRlIGJldHdlZW4g
dGhlIHJlcXVlc3QKICAgICAgICAgICAgICAgIGFuZCBjYWxsYmFjay4gVGhlIGF1dGhvcml6YXRp
b24gc2VydmVyIGluY2x1ZGVzIHRoaXMgdmFsdWUgd2hlbiByZWRpcmVjdGluZyB0aGUKICAgICAg
ICAgICAgICAgIHVzZXItYWdlbnQgYmFjayB0byB0aGUgY2xpZW50LiBUaGUgcGFyYW1ldGVyIFNI
T1VMRCBiZSB1c2VkIGZvciBwcmV2ZW50aW5nCiAgICAgICAgICAgICAgICBjcm9zcy1zaXRlIHJl
cXVlc3QgZm9yZ2VyeSBhcyBkZXNjcmliZWQgaW4gPHhyZWYgdGFyZ2V0PSdDU1JGJyAvPi4KICAg
ICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDwvbGlzdD4KICAgICAgICAgIDwvdD4KICAgICAg
ICAgIDx0PgogICAgICAgICAgICBUaGUgY2xpZW50IGRpcmVjdHMgdGhlIHJlc291cmNlIG93bmVy
IHRvIHRoZSBjb25zdHJ1Y3RlZCBVUkkgdXNpbmcgYW4gSFRUUCByZWRpcmVjdGlvbgogICAgICAg
ICAgICByZXNwb25zZSwgb3IgYnkgb3RoZXIgbWVhbnMgYXZhaWxhYmxlIHRvIGl0IHZpYSB0aGUg
dXNlci1hZ2VudC4KICAgICAgICAgIDwvdD4KICAgICAgICAgIDxmaWd1cmU+CiAgICAgICAgICAg
IDxwcmVhbWJsZT4KICAgICAgICAgICAgICBGb3IgZXhhbXBsZSwgdGhlIGNsaWVudCBkaXJlY3Rz
IHRoZSB1c2VyLWFnZW50IHRvIG1ha2UgdGhlIGZvbGxvd2luZyBIVFRQIHJlcXVlc3QKICAgICAg
ICAgICAgICB1c2luZyBUTFMgKGV4dHJhIGxpbmUgYnJlYWtzIGFyZSBmb3IgZGlzcGxheSBwdXJw
b3NlcyBvbmx5KToKICAgICAgICAgICAgPC9wcmVhbWJsZT4KICAgICAgICAgICAgPGFydHdvcms+
CiAgICAgICAgICAgICAgPCFbQ0RBVEFbCiAgR0VUIC9hdXRob3JpemU/cmVzcG9uc2VfdHlwZT1j
b2RlJmNsaWVudF9pZD1zNkJoZFJrcXQzJnN0YXRlPXh5egogICAgICAmcmVkaXJlY3RfdXJpPWh0
dHBzJTNBJTJGJTJGY2xpZW50JTJFZXhhbXBsZSUyRWNvbSUyRmNiIEhUVFAvMS4xCiAgSG9zdDog
c2VydmVyLmV4YW1wbGUuY29tCl1dPgogICAgICAgICAgICA8L2FydHdvcms+CiAgICAgICAgICA8
L2ZpZ3VyZT4KICAgICAgICAgIDx0PgogICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2
ZXIgdmFsaWRhdGVzIHRoZSByZXF1ZXN0IHRvIGVuc3VyZSBhbGwgcmVxdWlyZWQgcGFyYW1ldGVy
cyBhcmUKICAgICAgICAgICAgcHJlc2VudCBhbmQgdmFsaWQuIElmIHRoZSByZXF1ZXN0IGlzIHZh
bGlkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXV0aGVudGljYXRlcyB0aGUKICAgICAgICAg
ICAgcmVzb3VyY2Ugb3duZXIgYW5kIG9idGFpbnMgYW4gYXV0aG9yaXphdGlvbiBkZWNpc2lvbiAo
YnkgYXNraW5nIHRoZSByZXNvdXJjZSBvd25lciBvcgogICAgICAgICAgICBieSBlc3RhYmxpc2hp
bmcgYXBwcm92YWwgdmlhIG90aGVyIG1lYW5zKS4KICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0
PgogICAgICAgICAgICBXaGVuIGEgZGVjaXNpb24gaXMgZXN0YWJsaXNoZWQsIHRoZSBhdXRob3Jp
emF0aW9uIHNlcnZlciBkaXJlY3RzIHRoZSB1c2VyLWFnZW50IHRvIHRoZQogICAgICAgICAgICBw
cm92aWRlZCBjbGllbnQgcmVkaXJlY3Rpb24gVVJJIHVzaW5nIGFuIEhUVFAgcmVkaXJlY3Rpb24g
cmVzcG9uc2UsIG9yIGJ5IG90aGVyIG1lYW5zCiAgICAgICAgICAgIGF2YWlsYWJsZSB0byBpdCB2
aWEgdGhlIHVzZXItYWdlbnQuCiAgICAgICAgICA8L3Q+CiAgICAgICAgPC9zZWN0aW9uPgoKICAg
ICAgICA8c2VjdGlvbiB0aXRsZT0nQXV0aG9yaXphdGlvbiBSZXNwb25zZSc+CiAgICAgICAgICA8
dD4KICAgICAgICAgICAgSWYgdGhlIHJlc291cmNlIG93bmVyIGdyYW50cyB0aGUgYWNjZXNzIHJl
cXVlc3QsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBpc3N1ZXMgYW4KICAgICAgICAgICAgYXV0
aG9yaXphdGlvbiBjb2RlIGFuZCBkZWxpdmVycyBpdCB0byB0aGUgY2xpZW50IGJ5IGFkZGluZyB0
aGUgZm9sbG93aW5nIHBhcmFtZXRlcnMgdG8KICAgICAgICAgICAgdGhlIHF1ZXJ5IGNvbXBvbmVu
dCBvZiB0aGUgcmVkaXJlY3Rpb24gVVJJIHVzaW5nIHRoZQogICAgICAgICAgICA8c3Bhbnggc3R5
bGU9J3ZlcmInPmFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZDwvc3Bhbng+IGZvcm1h
dDoKICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAgICA8bGlzdCBzdHlsZT0n
aGFuZ2luZycgaGFuZ0luZGVudD0nNic+CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J2NvZGUn
PgogICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAgUkVRVUlSRUQuIFRo
ZSBhdXRob3JpemF0aW9uIGNvZGUgZ2VuZXJhdGVkIGJ5IHRoZSBhdXRob3JpemF0aW9uIHNlcnZl
ci4gVGhlCiAgICAgICAgICAgICAgICBhdXRob3JpemF0aW9uIGNvZGUgTVVTVCBleHBpcmUgc2hv
cnRseSBhZnRlciBpdCBpcyBpc3N1ZWQgdG8gbWl0aWdhdGUgdGhlIHJpc2sgb2YKICAgICAgICAg
ICAgICAgIGxlYWtzLiBBIG1heGltdW0gYXV0aG9yaXphdGlvbiBjb2RlIGxpZmV0aW1lIG9mIDEw
IG1pbnV0ZXMgaXMgUkVDT01NRU5ERUQuIFRoZQogICAgICAgICAgICAgICAgY2xpZW50IE1VU1Qg
Tk9UIHVzZSB0aGUgYXV0aG9yaXphdGlvbiBjb2RlIG1vcmUgdGhhbiBvbmNlLiBJZiBhbiBhdXRo
b3JpemF0aW9uIGNvZGUKICAgICAgICAgICAgICAgIGlzIHVzZWQgbW9yZSB0aGFuIG9uY2UsIHRo
ZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIGRlbnkgdGhlIHJlcXVlc3QgYW5kIFNIT1VMRAog
ICAgICAgICAgICAgICAgcmV2b2tlICh3aGVuIHBvc3NpYmxlKSBhbGwgdG9rZW5zIHByZXZpb3Vz
bHkgaXNzdWVkIGJhc2VkIG9uIHRoYXQgYXV0aG9yaXphdGlvbgogICAgICAgICAgICAgICAgY29k
ZS4gVGhlIGF1dGhvcml6YXRpb24gY29kZSBpcyBib3VuZCB0byB0aGUgY2xpZW50IGlkZW50aWZp
ZXIgYW5kIHJlZGlyZWN0aW9uIFVSSS4KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAg
PHQgaGFuZ1RleHQ9J3N0YXRlJz4KICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAg
ICAgICAgIFJFUVVJUkVEIGlmIHRoZSA8c3Bhbnggc3R5bGU9J3ZlcmInPnN0YXRlPC9zcGFueD4g
cGFyYW1ldGVyIHdhcyBwcmVzZW50IGluIHRoZQogICAgICAgICAgICAgICAgY2xpZW50IGF1dGhv
cml6YXRpb24gcmVxdWVzdC4gVGhlIGV4YWN0IHZhbHVlIHJlY2VpdmVkIGZyb20gdGhlIGNsaWVu
dC4KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDwvbGlzdD4KICAgICAgICAgIDwvdD4K
ICAgICAgICAgIDxmaWd1cmU+CiAgICAgICAgICAgIDxwcmVhbWJsZT4KICAgICAgICAgICAgICBG
b3IgZXhhbXBsZSwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHJlZGlyZWN0cyB0aGUgdXNlci1h
Z2VudCBieSBzZW5kaW5nIHRoZQogICAgICAgICAgICAgIGZvbGxvd2luZyBIVFRQIHJlc3BvbnNl
OgogICAgICAgICAgICA8L3ByZWFtYmxlPgogICAgICAgICAgICA8YXJ0d29yaz4KICAgICAgICAg
ICAgICA8IVtDREFUQVsKICBIVFRQLzEuMSAzMDIgRm91bmQKICBMb2NhdGlvbjogaHR0cHM6Ly9j
bGllbnQuZXhhbXBsZS5jb20vY2I/Y29kZT1TcGx4bE9CZVpRUVliWVM2V3hTYklBCiAgICAgICAg
ICAgICZzdGF0ZT14eXoKXV0+CiAgICAgICAgICAgIDwvYXJ0d29yaz4KICAgICAgICAgIDwvZmln
dXJlPgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIFRoZSBjbGllbnQgTVVTVCBpZ25vcmUgdW5y
ZWNvZ25pemVkIHJlc3BvbnNlIHBhcmFtZXRlcnMuIFRoZSBhdXRob3JpemF0aW9uIGNvZGUKICAg
ICAgICAgICAgc3RyaW5nIHNpemUgaXMgbGVmdCB1bmRlZmluZWQgYnkgdGhpcyBzcGVjaWZpY2F0
aW9uLiBUaGUgY2xpZW50IHNob3VsZCBhdm9pZCBtYWtpbmcKICAgICAgICAgICAgYXNzdW1wdGlv
bnMgYWJvdXQgY29kZSB2YWx1ZSBzaXplcy4gVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VM
RCBkb2N1bWVudCB0aGUgc2l6ZQogICAgICAgICAgICBvZiBhbnkgdmFsdWUgaXQgaXNzdWVzLgog
ICAgICAgICAgPC90PgoKICAgICAgICAgIDxzZWN0aW9uIHRpdGxlPSdFcnJvciBSZXNwb25zZScg
YW5jaG9yPSdjb2RlLWF1dGh6LWVycm9yJz4KICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAg
SWYgdGhlIHJlcXVlc3QgZmFpbHMgZHVlIHRvIGEgbWlzc2luZywgaW52YWxpZCwgb3IgbWlzbWF0
Y2hpbmcgcmVkaXJlY3Rpb24gVVJJLCBvciBpZgogICAgICAgICAgICAgIHRoZSBjbGllbnQgaWRl
bnRpZmllciBpcyBtaXNzaW5nIG9yIGludmFsaWQsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBT
SE9VTEQgaW5mb3JtCiAgICAgICAgICAgICAgdGhlIHJlc291cmNlIG93bmVyIG9mIHRoZSBlcnJv
ciwgYW5kIE1VU1QgTk9UIGF1dG9tYXRpY2FsbHkgcmVkaXJlY3QgdGhlIHVzZXItYWdlbnQKICAg
ICAgICAgICAgICB0byB0aGUgaW52YWxpZCByZWRpcmVjdGlvbiBVUkkuCiAgICAgICAgICAgIDwv
dD4KICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgSWYgdGhlIHJlc291cmNlIG93bmVyIGRl
bmllcyB0aGUgYWNjZXNzIHJlcXVlc3Qgb3IgaWYgdGhlIHJlcXVlc3QgZmFpbHMgZm9yIHJlYXNv
bnMKICAgICAgICAgICAgICBvdGhlciB0aGFuIGEgbWlzc2luZyBvciBpbnZhbGlkIHJlZGlyZWN0
aW9uIFVSSSwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGluZm9ybXMgdGhlCiAgICAgICAgICAg
ICAgY2xpZW50IGJ5IGFkZGluZyB0aGUgZm9sbG93aW5nIHBhcmFtZXRlcnMgdG8gdGhlIHF1ZXJ5
IGNvbXBvbmVudCBvZiB0aGUgcmVkaXJlY3Rpb24KICAgICAgICAgICAgICBVUkkgdXNpbmcgdGhl
IDxzcGFueCBzdHlsZT0ndmVyYic+YXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkPC9z
cGFueD4gZm9ybWF0OgogICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDx0PgogICAgICAgICAg
ICAgIDxsaXN0IHN0eWxlPSdoYW5naW5nJyBoYW5nSW5kZW50PSc2Jz4KICAgICAgICAgICAgICAg
IDx0IGhhbmdUZXh0PSdlcnJvcic+CiAgICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAg
ICAgICAgICAgICAgUkVRVUlSRUQuIEEgc2luZ2xlIEFTQ0lJIDx4cmVmIHRhcmdldD0iVVNBU0NJ
SSIgLz4gZXJyb3IgY29kZSBmcm9tIHRoZSBmb2xsb3dpbmc6CgogICAgICAgICAgICAgICAgICA8
bGlzdCBzdHlsZT0naGFuZ2luZycgaGFuZ0luZGVudD0nNic+CiAgICAgICAgICAgICAgICAgICAg
PHQgaGFuZ1RleHQ9J2ludmFsaWRfcmVxdWVzdCc+CiAgICAgICAgICAgICAgICAgICAgICA8dnNw
YWNlIC8+CiAgICAgICAgICAgICAgICAgICAgICBUaGUgcmVxdWVzdCBpcyBtaXNzaW5nIGEgcmVx
dWlyZWQgcGFyYW1ldGVyLCBpbmNsdWRlcyBhbiBpbnZhbGlkCiAgICAgICAgICAgICAgICAgICAg
ICBwYXJhbWV0ZXIgdmFsdWUsIGluY2x1ZGVzIGEgcGFyYW1ldGVyIG1vcmUgdGhhbiBvbmNlLCBv
ciBpcyBvdGhlcndpc2UKICAgICAgICAgICAgICAgICAgICAgIG1hbGZvcm1lZC4KICAgICAgICAg
ICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J3VuYXV0aG9y
aXplZF9jbGllbnQnPgogICAgICAgICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAg
ICAgICAgICAgICAgVGhlIGNsaWVudCBpcyBub3QgYXV0aG9yaXplZCB0byByZXF1ZXN0IGFuIGF1
dGhvcml6YXRpb24gY29kZSB1c2luZyB0aGlzCiAgICAgICAgICAgICAgICAgICAgICBtZXRob2Qu
CiAgICAgICAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgICAgICAgIDx0IGhhbmdUZXh0
PSdhY2Nlc3NfZGVuaWVkJz4KICAgICAgICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAg
ICAgICAgICAgICAgICAgIFRoZSByZXNvdXJjZSBvd25lciBvciBhdXRob3JpemF0aW9uIHNlcnZl
ciBkZW5pZWQgdGhlIHJlcXVlc3QuCiAgICAgICAgICAgICAgICAgICAgPC90PgogICAgICAgICAg
ICAgICAgICAgIDx0IGhhbmdUZXh0PSd1bnN1cHBvcnRlZF9yZXNwb25zZV90eXBlJz4KICAgICAg
ICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgICAgICAgIFRoZSBhdXRo
b3JpemF0aW9uIHNlcnZlciBkb2VzIG5vdCBzdXBwb3J0IG9idGFpbmluZyBhbiBhdXRob3JpemF0
aW9uIGNvZGUKICAgICAgICAgICAgICAgICAgICAgIHVzaW5nIHRoaXMgbWV0aG9kLgogICAgICAg
ICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0naW52YWxp
ZF9zY29wZSc+CiAgICAgICAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAg
ICAgICAgICBUaGUgcmVxdWVzdGVkIHNjb3BlIGlzIGludmFsaWQsIHVua25vd24sIG9yIG1hbGZv
cm1lZC4KICAgICAgICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgICAgICAgPHQgaGFu
Z1RleHQ9J3NlcnZlcl9lcnJvcic+CiAgICAgICAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAg
ICAgICAgICAgICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgZW5jb3VudGVyZWQg
YW4gdW5leHBlY3RlZCBjb25kaXRpb24gd2hpY2ggcHJldmVudGVkCiAgICAgICAgICAgICAgICAg
ICAgICBpdCBmcm9tIGZ1bGZpbGxpbmcgdGhlIHJlcXVlc3QuCiAgICAgICAgICAgICAgICAgICAg
PC90PgogICAgICAgICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSd0ZW1wb3JhcmlseV91bmF2YWls
YWJsZSc+CiAgICAgICAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICAg
ICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgaXMgY3VycmVudGx5IHVuYWJsZSB0byBoYW5k
bGUgdGhlIHJlcXVlc3QgZHVlIHRvIGEKICAgICAgICAgICAgICAgICAgICAgIHRlbXBvcmFyeSBv
dmVybG9hZGluZyBvciBtYWludGVuYW5jZSBvZiB0aGUgc2VydmVyLgogICAgICAgICAgICAgICAg
ICAgIDwvdD4KICAgICAgICAgICAgICAgICAgPC9saXN0PgoKCQkgIFZhbHVlcyBmb3IgdGhlIDxz
cGFueCBzdHlsZT0ndmVyYic+ZXJyb3I8L3NwYW54PiBwYXJhbWV0ZXIgTVVTVCBOT1QgaW5jbHVk
ZQoJCSAgY2hhcmFjdGVycyBvdXRzaWRlIHRoZSBzZXQgJXgyMC0yMSAvICV4MjMtNUIgLyAleDVE
LTdFLgogICAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J2Vy
cm9yX2Rlc2NyaXB0aW9uJz4KICAgICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAg
ICAgICAgICBPUFRJT05BTC4gQSBodW1hbi1yZWFkYWJsZSBBU0NJSSA8eHJlZiB0YXJnZXQ9IlVT
QVNDSUkiIC8+IHRleHQgcHJvdmlkaW5nIGFkZGl0aW9uYWwgaW5mb3JtYXRpb24sCiAgICAgICAg
ICAgICAgICAgIHVzZWQgdG8gYXNzaXN0IHRoZSBjbGllbnQgZGV2ZWxvcGVyIGluIHVuZGVyc3Rh
bmRpbmcgdGhlIGVycm9yIHRoYXQgb2NjdXJyZWQuCgkJICA8dnNwYWNlLz4KCQkgIFZhbHVlcyBm
b3IgdGhlIDxzcGFueCBzdHlsZT0ndmVyYic+ZXJyb3JfZGVzY3JpcHRpb248L3NwYW54PiBwYXJh
bWV0ZXIgTVVTVCBOT1QgaW5jbHVkZQoJCSAgY2hhcmFjdGVycyBvdXRzaWRlIHRoZSBzZXQgJXgy
MC0yMSAvICV4MjMtNUIgLyAleDVELTdFLgogICAgICAgICAgICAgICAgPC90PgogICAgICAgICAg
ICAgICAgPHQgaGFuZ1RleHQ9J2Vycm9yX3VyaSc+CiAgICAgICAgICAgICAgICAgIDx2c3BhY2Ug
Lz4KICAgICAgICAgICAgICAgICAgT1BUSU9OQUwuIEEgVVJJIGlkZW50aWZ5aW5nIGEgaHVtYW4t
cmVhZGFibGUgd2ViIHBhZ2Ugd2l0aCBpbmZvcm1hdGlvbiBhYm91dCB0aGUKICAgICAgICAgICAg
ICAgICAgZXJyb3IsIHVzZWQgdG8gcHJvdmlkZSB0aGUgY2xpZW50IGRldmVsb3BlciB3aXRoIGFk
ZGl0aW9uYWwgaW5mb3JtYXRpb24gYWJvdXQgdGhlCiAgICAgICAgICAgICAgICAgIGVycm9yLgoJ
CSAgPHZzcGFjZS8+CgkJICBWYWx1ZXMgZm9yIHRoZSA8c3Bhbnggc3R5bGU9J3ZlcmInPmVycm9y
X3VyaTwvc3Bhbng+IHBhcmFtZXRlcgoJCSAgTVVTVCBjb25mb3JtIHRvIHRoZSBVUkktUmVmZXJl
bmNlIHN5bnRheCwgYW5kIHRodXMgTVVTVCBOT1QgaW5jbHVkZQoJCSAgY2hhcmFjdGVycyBvdXRz
aWRlIHRoZSBzZXQgJXgyMSAvICV4MjMtNUIgLyAleDVELTdFLgogICAgICAgICAgICAgICAgPC90
PgogICAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J3N0YXRlJz4KICAgICAgICAgICAgICAgICAg
PHZzcGFjZSAvPgogICAgICAgICAgICAgICAgICBSRVFVSVJFRCBpZiBhIDxzcGFueCBzdHlsZT0n
dmVyYic+c3RhdGU8L3NwYW54PiBwYXJhbWV0ZXIgd2FzIHByZXNlbnQgaW4gdGhlCiAgICAgICAg
ICAgICAgICAgIGNsaWVudCBhdXRob3JpemF0aW9uIHJlcXVlc3QuIFRoZSBleGFjdCB2YWx1ZSBy
ZWNlaXZlZCBmcm9tIHRoZSBjbGllbnQuCiAgICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAg
ICAgPC9saXN0PgogICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDxmaWd1cmU+CiAgICAgICAg
ICAgICAgPHByZWFtYmxlPgogICAgICAgICAgICAgICAgRm9yIGV4YW1wbGUsIHRoZSBhdXRob3Jp
emF0aW9uIHNlcnZlciByZWRpcmVjdHMgdGhlIHVzZXItYWdlbnQgYnkgc2VuZGluZyB0aGUKICAg
ICAgICAgICAgICAgIGZvbGxvd2luZyBIVFRQIHJlc3BvbnNlOgogICAgICAgICAgICAgIDwvcHJl
YW1ibGU+CiAgICAgICAgICAgICAgPGFydHdvcms+CiAgICAgICAgICAgICAgICA8IVtDREFUQVsK
ICBIVFRQLzEuMSAzMDIgRm91bmQKICBMb2NhdGlvbjogaHR0cHM6Ly9jbGllbnQuZXhhbXBsZS5j
b20vY2I/ZXJyb3I9YWNjZXNzX2RlbmllZCZzdGF0ZT14eXoKXV0+CiAgICAgICAgICAgICAgPC9h
cnR3b3JrPgogICAgICAgICAgICA8L2ZpZ3VyZT4KICAgICAgICAgIDwvc2VjdGlvbj4KCiAgICAg
ICAgPC9zZWN0aW9uPgoKICAgICAgICA8c2VjdGlvbiB0aXRsZT0nQWNjZXNzIFRva2VuIFJlcXVl
c3QnPgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIFRoZSBjbGllbnQgbWFrZXMgYSByZXF1ZXN0
IHRvIHRoZSB0b2tlbiBlbmRwb2ludCBieSBhZGRpbmcgdGhlIGZvbGxvd2luZyBwYXJhbWV0ZXJz
CiAgICAgICAgICAgIHVzaW5nIHRoZSA8c3Bhbnggc3R5bGU9J3ZlcmInPmFwcGxpY2F0aW9uL3gt
d3d3LWZvcm0tdXJsZW5jb2RlZDwvc3Bhbng+IGZvcm1hdCBpbiB0aGUKICAgICAgICAgICAgSFRU
UCByZXF1ZXN0IGVudGl0eS1ib2R5OgogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAg
ICAgICAgIDxsaXN0IHN0eWxlPSdoYW5naW5nJyBoYW5nSW5kZW50PSc2Jz4KICAgICAgICAgICAg
ICA8dCBoYW5nVGV4dD0nZ3JhbnRfdHlwZSc+CiAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAg
ICAgICAgICAgICAgICBSRVFVSVJFRC4gVmFsdWUgTVVTVCBiZSBzZXQgdG8gPHNwYW54IHN0eWxl
PSd2ZXJiJz5hdXRob3JpemF0aW9uX2NvZGU8L3NwYW54Pi4KICAgICAgICAgICAgICA8L3Q+CiAg
ICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J2NvZGUnPgogICAgICAgICAgICAgICAgPHZzcGFjZSAv
PgogICAgICAgICAgICAgICAgUkVRVUlSRUQuIFRoZSBhdXRob3JpemF0aW9uIGNvZGUgcmVjZWl2
ZWQgZnJvbSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuCiAgICAgICAgICAgICAgPC90PgogICAg
ICAgICAgICAgIDx0IGhhbmdUZXh0PSdyZWRpcmVjdF91cmknPgogICAgICAgICAgICAgICAgPHZz
cGFjZSAvPgogICAgICAgICAgICAgICAgUkVRVUlSRUQsIGlmIHRoZSA8c3Bhbnggc3R5bGU9J3Zl
cmInPnJlZGlyZWN0X3VyaTwvc3Bhbng+IHBhcmFtZXRlciB3YXMgaW5jbHVkZWQgaW4KICAgICAg
ICAgICAgICAgIHRoZSBhdXRob3JpemF0aW9uIHJlcXVlc3QgYXMgZGVzY3JpYmVkIGluIDx4cmVm
IHRhcmdldD0nY29kZS1hdXRoei1yZXEnIC8+LCBhbmQKICAgICAgICAgICAgICAgIHRoZWlyIHZh
bHVlcyBNVVNUIGJlIGlkZW50aWNhbC4KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDwv
bGlzdD4KICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAgICBJZiB0aGUgY2xp
ZW50IHR5cGUgaXMgY29uZmlkZW50aWFsIG9yIHRoZSBjbGllbnQgd2FzIGlzc3VlZCBjbGllbnQg
Y3JlZGVudGlhbHMgKG9yCiAgICAgICAgICAgIGFzc2lnbmVkIG90aGVyIGF1dGhlbnRpY2F0aW9u
IHJlcXVpcmVtZW50cyksIHRoZSBjbGllbnQgTVVTVCBhdXRoZW50aWNhdGUgd2l0aCB0aGUKICAg
ICAgICAgICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXMgZGVzY3JpYmVkIGluIDx4cmVmIHRhcmdl
dD0ndG9rZW4tZW5kcG9pbnQtYXV0aCcgLz4uCiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8Zmln
dXJlPgogICAgICAgICAgICA8cHJlYW1ibGU+CiAgICAgICAgICAgICAgRm9yIGV4YW1wbGUsIHRo
ZSBjbGllbnQgbWFrZXMgdGhlIGZvbGxvd2luZyBIVFRQIHJlcXVlc3QgdXNpbmcgVExTIChleHRy
YSBsaW5lIGJyZWFrcwogICAgICAgICAgICAgIGFyZSBmb3IgZGlzcGxheSBwdXJwb3NlcyBvbmx5
KToKICAgICAgICAgICAgPC9wcmVhbWJsZT4KICAgICAgICAgICAgPGFydHdvcms+CiAgICAgICAg
ICAgICAgPCFbQ0RBVEFbCiAgUE9TVCAvdG9rZW4gSFRUUC8xLjEKICBIb3N0OiBzZXJ2ZXIuZXhh
bXBsZS5jb20KICBBdXRob3JpemF0aW9uOiBCYXNpYyBjelpDYUdSU2EzRjBNenBuV0RGbVFtRjBN
MkpXCiAgQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ7Y2hh
cnNldD1VVEYtOAoKICBncmFudF90eXBlPWF1dGhvcml6YXRpb25fY29kZSZjb2RlPVNwbHhsT0Jl
WlFRWWJZUzZXeFNiSUEKICAmcmVkaXJlY3RfdXJpPWh0dHBzJTNBJTJGJTJGY2xpZW50JTJFZXhh
bXBsZSUyRWNvbSUyRmNiCl1dPgogICAgICAgICAgICA8L2FydHdvcms+CiAgICAgICAgICA8L2Zp
Z3VyZT4KICAgICAgICAgIDx0PgogICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIg
TVVTVDoKICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAgICA8bGlzdCBzdHls
ZT0nc3ltYm9scyc+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICByZXF1aXJlIGNs
aWVudCBhdXRoZW50aWNhdGlvbiBmb3IgY29uZmlkZW50aWFsIGNsaWVudHMgb3IgZm9yIGFueSBj
bGllbnQgdGhhdCB3YXMKICAgICAgICAgICAgICAgIGlzc3VlZCBjbGllbnQgY3JlZGVudGlhbHMg
KG9yIHdpdGggb3RoZXIgYXV0aGVudGljYXRpb24gcmVxdWlyZW1lbnRzKSwKICAgICAgICAgICAg
ICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBhdXRoZW50aWNhdGUgdGhl
IGNsaWVudCBpZiBjbGllbnQgYXV0aGVudGljYXRpb24gaXMgaW5jbHVkZWQgYW5kIGVuc3VyZSB0
aGUKICAgICAgICAgICAgICAgIGF1dGhvcml6YXRpb24gY29kZSB3YXMgaXNzdWVkIHRvIHRoZSBh
dXRoZW50aWNhdGVkIGNsaWVudCwKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+
CiAgICAgICAgICAgICAgICB2ZXJpZnkgdGhhdCB0aGUgYXV0aG9yaXphdGlvbiBjb2RlIGlzIHZh
bGlkLCBhbmQKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAg
ICAgICBlbnN1cmUgdGhhdCB0aGUgPHNwYW54IHN0eWxlPSd2ZXJiJz5yZWRpcmVjdF91cmk8L3Nw
YW54PiBwYXJhbWV0ZXIgaXMgcHJlc2VudCBpZgogICAgICAgICAgICAgICAgdGhlIDxzcGFueCBz
dHlsZT0ndmVyYic+cmVkaXJlY3RfdXJpPC9zcGFueD4gcGFyYW1ldGVyIHdhcyBpbmNsdWRlZCBp
biB0aGUgaW5pdGlhbAogICAgICAgICAgICAgICAgYXV0aG9yaXphdGlvbiByZXF1ZXN0IGFzIGRl
c2NyaWJlZCBpbiA8eHJlZiB0YXJnZXQ9J2NvZGUtYXV0aHotcmVxJyAvPiwgYW5kIGlmCiAgICAg
ICAgICAgICAgICBpbmNsdWRlZCBlbnN1cmUgdGhlaXIgdmFsdWVzIGFyZSBpZGVudGljYWwuCiAg
ICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8L2xpc3Q+CiAgICAgICAgICA8L3Q+CiAgICAg
ICAgPC9zZWN0aW9uPgoKICAgICAgICA8c2VjdGlvbiB0aXRsZT0nQWNjZXNzIFRva2VuIFJlc3Bv
bnNlJz4KICAgICAgICAgIDx0PgogICAgICAgICAgICBJZiB0aGUgYWNjZXNzIHRva2VuIHJlcXVl
c3QgaXMgdmFsaWQgYW5kIGF1dGhvcml6ZWQsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBpc3N1
ZXMgYW4KICAgICAgICAgICAgYWNjZXNzIHRva2VuIGFuZCBvcHRpb25hbCByZWZyZXNoIHRva2Vu
IGFzIGRlc2NyaWJlZCBpbiA8eHJlZiB0YXJnZXQ9J3Rva2VuLXJlc3BvbnNlJyAvPi4KICAgICAg
ICAgICAgSWYgdGhlIHJlcXVlc3QgY2xpZW50IGF1dGhlbnRpY2F0aW9uIGZhaWxlZCBvciBpcyBp
bnZhbGlkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgcmV0dXJucwogICAgICAgICAgICBhbiBl
cnJvciByZXNwb25zZSBhcyBkZXNjcmliZWQgaW4gPHhyZWYgdGFyZ2V0PSd0b2tlbi1lcnJvcnMn
IC8+LgogICAgICAgICAgPC90PgogICAgICAgICAgPGZpZ3VyZT4KICAgICAgICAgICAgPHByZWFt
YmxlPgogICAgICAgICAgICAgIEFuIGV4YW1wbGUgc3VjY2Vzc2Z1bCByZXNwb25zZToKICAgICAg
ICAgICAgPC9wcmVhbWJsZT4KICAgICAgICAgICAgPGFydHdvcms+CiAgICAgICAgICAgICAgPCFb
Q0RBVEFbCiAgSFRUUC8xLjEgMjAwIE9LCiAgQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9qc29u
O2NoYXJzZXQ9VVRGLTgKICBDYWNoZS1Db250cm9sOiBuby1zdG9yZQogIFByYWdtYTogbm8tY2Fj
aGUKCiAgewogICAgImFjY2Vzc190b2tlbiI6IjJZb3RuRlpGRWpyMXpDc2ljTVdwQUEiLAogICAg
InRva2VuX3R5cGUiOiJleGFtcGxlIiwKICAgICJleHBpcmVzX2luIjozNjAwLAogICAgInJlZnJl
c2hfdG9rZW4iOiJ0R3p2M0pPa0YwWEc1UXgyVGxLV0lBIiwKICAgICJleGFtcGxlX3BhcmFtZXRl
ciI6ImV4YW1wbGVfdmFsdWUiCiAgfQpdXT4KICAgICAgICAgICAgPC9hcnR3b3JrPgogICAgICAg
ICAgPC9maWd1cmU+CiAgICAgICAgPC9zZWN0aW9uPgoKICAgICAgPC9zZWN0aW9uPgoKICAgICAg
PHNlY3Rpb24gdGl0bGU9J0ltcGxpY2l0IEdyYW50JyBhbmNob3I9J2dyYW50LWltcGxpY2l0Jz4K
ICAgICAgICA8dD4KICAgICAgICAgIFRoZSBpbXBsaWNpdCBncmFudCB0eXBlIGlzIHVzZWQgdG8g
b2J0YWluIGFjY2VzcyB0b2tlbnMgKGl0IGRvZXMgbm90IHN1cHBvcnQgdGhlIGlzc3VhbmNlCiAg
ICAgICAgICBvZiByZWZyZXNoIHRva2VucykgYW5kIGlzIG9wdGltaXplZCBmb3IgcHVibGljIGNs
aWVudHMga25vd24gdG8gb3BlcmF0ZSBhIHBhcnRpY3VsYXIKICAgICAgICAgIHJlZGlyZWN0aW9u
IFVSSS4gVGhlc2UgY2xpZW50cyBhcmUgdHlwaWNhbGx5IGltcGxlbWVudGVkIGluIGEgYnJvd3Nl
ciB1c2luZyBhIHNjcmlwdGluZwogICAgICAgICAgbGFuZ3VhZ2Ugc3VjaCBhcyBKYXZhU2NyaXB0
LgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIEFzIGEgcmVkaXJlY3Rpb24tYmFz
ZWQgZmxvdywgdGhlIGNsaWVudCBtdXN0IGJlIGNhcGFibGUgb2YgaW50ZXJhY3Rpbmcgd2l0aCB0
aGUKICAgICAgICAgIHJlc291cmNlIG93bmVyJ3MgdXNlci1hZ2VudCAodHlwaWNhbGx5IGEgd2Vi
IGJyb3dzZXIpIGFuZCBjYXBhYmxlIG9mIHJlY2VpdmluZyBpbmNvbWluZwogICAgICAgICAgcmVx
dWVzdHMgKHZpYSByZWRpcmVjdGlvbikgZnJvbSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuCiAg
ICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgVW5saWtlIHRoZSBhdXRob3JpemF0aW9u
IGNvZGUgZ3JhbnQgdHlwZSBpbiB3aGljaCB0aGUgY2xpZW50IG1ha2VzIHNlcGFyYXRlIHJlcXVl
c3RzIGZvcgogICAgICAgICAgYXV0aG9yaXphdGlvbiBhbmQgYWNjZXNzIHRva2VuLCB0aGUgY2xp
ZW50IHJlY2VpdmVzIHRoZSBhY2Nlc3MgdG9rZW4gYXMgdGhlIHJlc3VsdCBvZiB0aGUKICAgICAg
ICAgIGF1dGhvcml6YXRpb24gcmVxdWVzdC4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAg
ICAgICBUaGUgaW1wbGljaXQgZ3JhbnQgdHlwZSBkb2VzIG5vdCBpbmNsdWRlIGNsaWVudCBhdXRo
ZW50aWNhdGlvbiwgYW5kIHJlbGllcyBvbiB0aGUKICAgICAgICAgIHByZXNlbmNlIG9mIHRoZSBy
ZXNvdXJjZSBvd25lciBhbmQgdGhlIHJlZ2lzdHJhdGlvbiBvZiB0aGUgcmVkaXJlY3Rpb24gVVJJ
LiBCZWNhdXNlIHRoZQogICAgICAgICAgYWNjZXNzIHRva2VuIGlzIGVuY29kZWQgaW50byB0aGUg
cmVkaXJlY3Rpb24gVVJJLCBpdCBtYXkgYmUgZXhwb3NlZCB0byB0aGUgcmVzb3VyY2Ugb3duZXIK
ICAgICAgICAgIGFuZCBvdGhlciBhcHBsaWNhdGlvbnMgcmVzaWRpbmcgb24gdGhlIHNhbWUgZGV2
aWNlLgogICAgICAgIDwvdD4KICAgICAgICA8ZmlndXJlIHRpdGxlPSdJbXBsaWNpdCBHcmFudCBG
bG93JyBhbmNob3I9J0ZpZ3VyZS00Jz4KICAgICAgICAgIDxhcnR3b3JrPgogICAgICAgICAgICA8
IVtDREFUQVsKICArLS0tLS0tLS0tLSsKICB8IFJlc291cmNlIHwKICB8ICBPd25lciAgIHwKICB8
ICAgICAgICAgIHwKICArLS0tLS0tLS0tLSsKICAgICAgIF4KICAgICAgIHwKICAgICAgKEIpICAg
ICAgCiAgKy0tLS18LS0tLS0rICAgICAgICAgIENsaWVudCBJZGVudGlmaWVyICAgICArLS0tLS0t
LS0tLS0tLS0tKwogIHwgICAgICAgICAtKy0tLS0oQSktLSAmIFJlZGlyZWN0aW9uIFVSSSAtLS0+
fCAgICAgICAgICAgICAgIHwKICB8ICBVc2VyLSAgIHwgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgIHwgQXV0aG9yaXphdGlvbiB8CiAgfCAgQWdlbnQgIC18LS0tLShCKS0tIFVzZXIgYXV0
aGVudGljYXRlcyAtLT58ICAgICBTZXJ2ZXIgICAgfAogIHwgICAgICAgICAgfCAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgfCAgICAgICAgICAgICAgIHwKICB8ICAgICAgICAgIHw8LS0t
KEMpLS0tIFJlZGlyZWN0aW9uIFVSSSAtLS0tPHwgICAgICAgICAgICAgICB8CiAgfCAgICAgICAg
ICB8ICAgICAgICAgIHdpdGggQWNjZXNzIFRva2VuICAgICArLS0tLS0tLS0tLS0tLS0tKwogIHwg
ICAgICAgICAgfCAgICAgICAgICAgIGluIEZyYWdtZW50CiAgfCAgICAgICAgICB8ICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tKwogIHwgICAgICAgICAgfC0t
LS0oRCktLS0gUmVkaXJlY3Rpb24gVVJJIC0tLS0+fCAgIFdlYi1Ib3N0ZWQgIHwKICB8ICAgICAg
ICAgIHwgICAgICAgICAgd2l0aG91dCBGcmFnbWVudCAgICAgIHwgICAgIENsaWVudCAgICB8CiAg
fCAgICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8ICAgIFJlc291cmNl
ICAgfAogIHwgICAgIChGKSAgfDwtLS0oRSktLS0tLS0tIFNjcmlwdCAtLS0tLS0tLS08fCAgICAg
ICAgICAgICAgIHwKICB8ICAgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICstLS0tLS0tLS0tLS0tLS0rCiAgKy18LS0tLS0tLS0rCiAgICB8ICAgIHwgICAgCiAgIChBKSAg
KEcpIEFjY2VzcyBUb2tlbgogICAgfCAgICB8CiAgICBeICAgIHYKICArLS0tLS0tLS0tKwogIHwg
ICAgICAgICB8CiAgfCAgQ2xpZW50IHwKICB8ICAgICAgICAgfAogICstLS0tLS0tLS0rCl1dPgog
ICAgICAgICAgPC9hcnR3b3JrPgogICAgICAgICAgPHBvc3RhbWJsZT4KICAgICAgICAgICAgTm90
ZTogVGhlIGxpbmVzIGlsbHVzdHJhdGluZyBzdGVwcyBBIGFuZCBCIGFyZSBicm9rZW4gaW50byB0
d28gcGFydHMgYXMgdGhleSBwYXNzCiAgICAgICAgICAgIHRocm91Z2ggdGhlIHVzZXItYWdlbnQu
CiAgICAgICAgICA8L3Bvc3RhbWJsZT4KICAgICAgICA8L2ZpZ3VyZT4KICAgICAgICA8dD4KICAg
ICAgICAgIFRoZSBmbG93IGlsbHVzdHJhdGVkIGluIDx4cmVmIHRhcmdldD0nRmlndXJlLTQnIC8+
IGluY2x1ZGVzIHRoZSBmb2xsb3dpbmcgc3RlcHM6CiAgICAgICAgPC90PgogICAgICAgIDx0Pgog
ICAgICAgICAgPGxpc3Qgc3R5bGU9J2Zvcm1hdCAoJUMpJz4KICAgICAgICAgICAgPHQ+CiAgICAg
ICAgICAgICAgVGhlIGNsaWVudCBpbml0aWF0ZXMgdGhlIGZsb3cgYnkgZGlyZWN0aW5nIHRoZSBy
ZXNvdXJjZSBvd25lcidzIHVzZXItYWdlbnQgdG8gdGhlCiAgICAgICAgICAgICAgYXV0aG9yaXph
dGlvbiBlbmRwb2ludC4gVGhlIGNsaWVudCBpbmNsdWRlcyBpdHMgY2xpZW50IGlkZW50aWZpZXIs
IHJlcXVlc3RlZAogICAgICAgICAgICAgIHNjb3BlLCBsb2NhbCBzdGF0ZSwgYW5kIGEgcmVkaXJl
Y3Rpb24gVVJJIHRvIHdoaWNoIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciB3aWxsIHNlbmQKICAg
ICAgICAgICAgICB0aGUgdXNlci1hZ2VudCBiYWNrIG9uY2UgYWNjZXNzIGlzIGdyYW50ZWQgKG9y
IGRlbmllZCkuCiAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAg
VGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGF1dGhlbnRpY2F0ZXMgdGhlIHJlc291cmNlIG93bmVy
ICh2aWEgdGhlIHVzZXItYWdlbnQpIGFuZAogICAgICAgICAgICAgIGVzdGFibGlzaGVzIHdoZXRo
ZXIgdGhlIHJlc291cmNlIG93bmVyIGdyYW50cyBvciBkZW5pZXMgdGhlIGNsaWVudCdzIGFjY2Vz
cyByZXF1ZXN0LgogICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDx0PgogICAgICAgICAgICAg
IEFzc3VtaW5nIHRoZSByZXNvdXJjZSBvd25lciBncmFudHMgYWNjZXNzLCB0aGUgYXV0aG9yaXph
dGlvbiBzZXJ2ZXIgcmVkaXJlY3RzIHRoZQogICAgICAgICAgICAgIHVzZXItYWdlbnQgYmFjayB0
byB0aGUgY2xpZW50IHVzaW5nIHRoZSByZWRpcmVjdGlvbiBVUkkgcHJvdmlkZWQgZWFybGllci4g
VGhlCiAgICAgICAgICAgICAgcmVkaXJlY3Rpb24gVVJJIGluY2x1ZGVzIHRoZSBhY2Nlc3MgdG9r
ZW4gaW4gdGhlIFVSSSBmcmFnbWVudC4KICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8dD4K
ICAgICAgICAgICAgICBUaGUgdXNlci1hZ2VudCBmb2xsb3dzIHRoZSByZWRpcmVjdGlvbiBpbnN0
cnVjdGlvbnMgYnkgbWFraW5nIGEgcmVxdWVzdCB0byB0aGUKICAgICAgICAgICAgICB3ZWItaG9z
dGVkIGNsaWVudCByZXNvdXJjZSAod2hpY2ggZG9lcyBub3QgaW5jbHVkZSB0aGUgZnJhZ21lbnQg
cGVyCiAgICAgICAgICAgICAgPHhyZWYgdGFyZ2V0PSdSRkMyNjE2JyAvPikuIFRoZSB1c2VyLWFn
ZW50IHJldGFpbnMgdGhlIGZyYWdtZW50IGluZm9ybWF0aW9uIGxvY2FsbHkuCiAgICAgICAgICAg
IDwvdD4KICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgVGhlIHdlYi1ob3N0ZWQgY2xpZW50
IHJlc291cmNlIHJldHVybnMgYSB3ZWIgcGFnZSAodHlwaWNhbGx5IGFuIEhUTUwgZG9jdW1lbnQg
d2l0aCBhbgogICAgICAgICAgICAgIGVtYmVkZGVkIHNjcmlwdCkgY2FwYWJsZSBvZiBhY2Nlc3Np
bmcgdGhlIGZ1bGwgcmVkaXJlY3Rpb24gVVJJIGluY2x1ZGluZyB0aGUgZnJhZ21lbnQKICAgICAg
ICAgICAgICByZXRhaW5lZCBieSB0aGUgdXNlci1hZ2VudCwgYW5kIGV4dHJhY3RpbmcgdGhlIGFj
Y2VzcyB0b2tlbiAoYW5kIG90aGVyIHBhcmFtZXRlcnMpCiAgICAgICAgICAgICAgY29udGFpbmVk
IGluIHRoZSBmcmFnbWVudC4KICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8dD4KICAgICAg
ICAgICAgICBUaGUgdXNlci1hZ2VudCBleGVjdXRlcyB0aGUgc2NyaXB0IHByb3ZpZGVkIGJ5IHRo
ZSB3ZWItaG9zdGVkIGNsaWVudCByZXNvdXJjZQogICAgICAgICAgICAgIGxvY2FsbHksIHdoaWNo
IGV4dHJhY3RzIHRoZSBhY2Nlc3MgdG9rZW4gYW5kIHBhc3NlcyBpdCB0byB0aGUgY2xpZW50Lgog
ICAgICAgICAgICA8L3Q+CiAgICAgICAgICA8L2xpc3Q+CiAgICAgICAgPC90PgoKICAgICAgICA8
c2VjdGlvbiB0aXRsZT0nQXV0aG9yaXphdGlvbiBSZXF1ZXN0JyBhbmNob3I9J2ltcGxpY2l0LWF1
dGh6LXJlcSc+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgVGhlIGNsaWVudCBjb25zdHJ1Y3Rz
IHRoZSByZXF1ZXN0IFVSSSBieSBhZGRpbmcgdGhlIGZvbGxvd2luZyBwYXJhbWV0ZXJzIHRvIHRo
ZQogICAgICAgICAgICBxdWVyeSBjb21wb25lbnQgb2YgdGhlIGF1dGhvcml6YXRpb24gZW5kcG9p
bnQgVVJJIHVzaW5nIHRoZQogICAgICAgICAgICA8c3Bhbnggc3R5bGU9J3ZlcmInPmFwcGxpY2F0
aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZDwvc3Bhbng+IGZvcm1hdDoKICAgICAgICAgIDwvdD4K
ICAgICAgICAgIDx0PgogICAgICAgICAgICA8bGlzdCBzdHlsZT0naGFuZ2luZycgaGFuZ0luZGVu
dD0nNic+CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J3Jlc3BvbnNlX3R5cGUnPgogICAgICAg
ICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAgUkVRVUlSRUQuIFZhbHVlIE1VU1Qg
YmUgc2V0IHRvIDxzcGFueCBzdHlsZT0ndmVyYic+dG9rZW48L3NwYW54Pi4KICAgICAgICAgICAg
ICA8L3Q+CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J2NsaWVudF9pZCc+CiAgICAgICAgICAg
ICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICBSRVFVSVJFRC4gVGhlIGNsaWVudCBpZGVu
dGlmaWVyIGFzIGRlc2NyaWJlZCBpbgogICAgICAgICAgICAgICAgPHhyZWYgdGFyZ2V0PSdjbGll
bnQtaWRlbnRpZmllcicgLz4uCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0IGhh
bmdUZXh0PSdyZWRpcmVjdF91cmknPgogICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAg
ICAgICAgICAgT1BUSU9OQUwuIEFzIGRlc2NyaWJlZCBpbiA8eHJlZiB0YXJnZXQ9J3JlZGlyZWN0
LXVyaScgLz4uCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdz
Y29wZSc+CiAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICBPUFRJT05B
TC4gVGhlIHNjb3BlIG9mIHRoZSBhY2Nlc3MgcmVxdWVzdCBhcyBkZXNjcmliZWQgYnkgPHhyZWYg
dGFyZ2V0PSdzY29wZScgLz4uCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0IGhh
bmdUZXh0PSdzdGF0ZSc+CiAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAg
ICBSRUNPTU1FTkRFRC4gQW4gb3BhcXVlIHZhbHVlIHVzZWQgYnkgdGhlIGNsaWVudCB0byBtYWlu
dGFpbiBzdGF0ZSBiZXR3ZWVuIHRoZSByZXF1ZXN0CiAgICAgICAgICAgICAgICBhbmQgY2FsbGJh
Y2suIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBpbmNsdWRlcyB0aGlzIHZhbHVlIHdoZW4gcmVk
aXJlY3RpbmcgdGhlCiAgICAgICAgICAgICAgICB1c2VyLWFnZW50IGJhY2sgdG8gdGhlIGNsaWVu
dC4gVGhlIHBhcmFtZXRlciBTSE9VTEQgYmUgdXNlZCBmb3IgcHJldmVudGluZwogICAgICAgICAg
ICAgICAgY3Jvc3Mtc2l0ZSByZXF1ZXN0IGZvcmdlcnkgYXMgZGVzY3JpYmVkIGluIDx4cmVmIHRh
cmdldD0nQ1NSRicgLz4uCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8L2xpc3Q+CiAg
ICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgVGhlIGNsaWVudCBkaXJlY3Rz
IHRoZSByZXNvdXJjZSBvd25lciB0byB0aGUgY29uc3RydWN0ZWQgVVJJIHVzaW5nIGFuIEhUVFAg
cmVkaXJlY3Rpb24KICAgICAgICAgICAgcmVzcG9uc2UsIG9yIGJ5IG90aGVyIG1lYW5zIGF2YWls
YWJsZSB0byBpdCB2aWEgdGhlIHVzZXItYWdlbnQuCiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8
ZmlndXJlPgogICAgICAgICAgICA8cHJlYW1ibGU+CiAgICAgICAgICAgICAgRm9yIGV4YW1wbGUs
IHRoZSBjbGllbnQgZGlyZWN0cyB0aGUgdXNlci1hZ2VudCB0byBtYWtlIHRoZSBmb2xsb3dpbmcg
SFRUUCByZXF1ZXN0CiAgICAgICAgICAgICAgdXNpbmcgVExTIChleHRyYSBsaW5lIGJyZWFrcyBh
cmUgZm9yIGRpc3BsYXkgcHVycG9zZXMgb25seSk6CiAgICAgICAgICAgIDwvcHJlYW1ibGU+CiAg
ICAgICAgICAgIDxhcnR3b3JrPgogICAgICAgICAgICAgIDwhW0NEQVRBWwogIEdFVCAvYXV0aG9y
aXplP3Jlc3BvbnNlX3R5cGU9dG9rZW4mY2xpZW50X2lkPXM2QmhkUmtxdDMmc3RhdGU9eHl6CiAg
ICAgICZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZjbGllbnQlMkVleGFtcGxlJTJFY29tJTJG
Y2IgSFRUUC8xLjEKICBIb3N0OiBzZXJ2ZXIuZXhhbXBsZS5jb20KXV0+CiAgICAgICAgICAgIDwv
YXJ0d29yaz4KICAgICAgICAgIDwvZmlndXJlPgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIFRo
ZSBhdXRob3JpemF0aW9uIHNlcnZlciB2YWxpZGF0ZXMgdGhlIHJlcXVlc3QgdG8gZW5zdXJlIGFs
bCByZXF1aXJlZCBwYXJhbWV0ZXJzIGFyZQogICAgICAgICAgICBwcmVzZW50IGFuZCB2YWxpZC4g
VGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgdmVyaWZ5IHRoYXQgdGhlIHJlZGlyZWN0aW9u
IFVSSSB0byB3aGljaAogICAgICAgICAgICBpdCB3aWxsIHJlZGlyZWN0IHRoZSBhY2Nlc3MgdG9r
ZW4gbWF0Y2hlcyBhIHJlZGlyZWN0aW9uIFVSSSByZWdpc3RlcmVkIGJ5IHRoZSBjbGllbnQgYXMK
ICAgICAgICAgICAgZGVzY3JpYmVkIGluIDx4cmVmIHRhcmdldD0ncmVkaXJlY3QtdXJpJyAvPi4K
ICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAgICBJZiB0aGUgcmVxdWVzdCBp
cyB2YWxpZCwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGF1dGhlbnRpY2F0ZXMgdGhlIHJlc291
cmNlIG93bmVyIGFuZAogICAgICAgICAgICBvYnRhaW5zIGFuIGF1dGhvcml6YXRpb24gZGVjaXNp
b24gKGJ5IGFza2luZyB0aGUgcmVzb3VyY2Ugb3duZXIgb3IgYnkgZXN0YWJsaXNoaW5nCiAgICAg
ICAgICAgIGFwcHJvdmFsIHZpYSBvdGhlciBtZWFucykuCiAgICAgICAgICA8L3Q+CiAgICAgICAg
ICA8dD4KICAgICAgICAgICAgV2hlbiBhIGRlY2lzaW9uIGlzIGVzdGFibGlzaGVkLCB0aGUgYXV0
aG9yaXphdGlvbiBzZXJ2ZXIgZGlyZWN0cyB0aGUgdXNlci1hZ2VudCB0byB0aGUKICAgICAgICAg
ICAgcHJvdmlkZWQgY2xpZW50IHJlZGlyZWN0aW9uIFVSSSB1c2luZyBhbiBIVFRQIHJlZGlyZWN0
aW9uIHJlc3BvbnNlLCBvciBieSBvdGhlciBtZWFucwogICAgICAgICAgICBhdmFpbGFibGUgdG8g
aXQgdmlhIHRoZSB1c2VyLWFnZW50LgogICAgICAgICAgPC90PgogICAgICAgIDwvc2VjdGlvbj4K
CiAgICAgICAgPHNlY3Rpb24gdGl0bGU9J0FjY2VzcyBUb2tlbiBSZXNwb25zZSc+CiAgICAgICAg
ICA8dD4KICAgICAgICAgICAgSWYgdGhlIHJlc291cmNlIG93bmVyIGdyYW50cyB0aGUgYWNjZXNz
IHJlcXVlc3QsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBpc3N1ZXMgYW4KICAgICAgICAgICAg
YWNjZXNzIHRva2VuIGFuZCBkZWxpdmVycyBpdCB0byB0aGUgY2xpZW50IGJ5IGFkZGluZyB0aGUg
Zm9sbG93aW5nIHBhcmFtZXRlcnMgdG8KICAgICAgICAgICAgdGhlIGZyYWdtZW50IGNvbXBvbmVu
dCBvZiB0aGUgcmVkaXJlY3Rpb24gVVJJIHVzaW5nIHRoZQogICAgICAgICAgICA8c3Bhbnggc3R5
bGU9J3ZlcmInPmFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZDwvc3Bhbng+IGZvcm1h
dDoKICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAgICA8bGlzdCBzdHlsZT0n
aGFuZ2luZycgaGFuZ0luZGVudD0nNic+CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J2FjY2Vz
c190b2tlbic+CiAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICBSRVFV
SVJFRC4gVGhlIGFjY2VzcyB0b2tlbiBpc3N1ZWQgYnkgdGhlIGF1dGhvcml6YXRpb24gc2VydmVy
LgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0ndG9rZW5fdHlw
ZSc+CiAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICBSRVFVSVJFRC4g
VGhlIHR5cGUgb2YgdGhlIHRva2VuIGlzc3VlZCBhcyBkZXNjcmliZWQgaW4KICAgICAgICAgICAg
ICAgIDx4cmVmIHRhcmdldD0ndG9rZW4tdHlwZXMnIC8+LiBWYWx1ZSBpcyBjYXNlIGluc2Vuc2l0
aXZlLgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0nZXhwaXJl
c19pbic+CiAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICBSRUNPTU1F
TkRFRC4gVGhlIGxpZmV0aW1lIGluIHNlY29uZHMgb2YgdGhlIGFjY2VzcyB0b2tlbi4gRm9yIGV4
YW1wbGUsIHRoZSB2YWx1ZQogICAgICAgICAgICAgICAgPHNwYW54IHN0eWxlPSd2ZXJiJz4zNjAw
PC9zcGFueD4gZGVub3RlcyB0aGF0IHRoZSBhY2Nlc3MgdG9rZW4gd2lsbCBleHBpcmUgaW4gb25l
CiAgICAgICAgICAgICAgICBob3VyIGZyb20gdGhlIHRpbWUgdGhlIHJlc3BvbnNlIHdhcyBnZW5l
cmF0ZWQuIElmIG9taXR0ZWQsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcgogICAgICAgICAgICAg
ICAgU0hPVUxEIHByb3ZpZGUgdGhlIGV4cGlyYXRpb24gdGltZSB2aWEgb3RoZXIgbWVhbnMgb3Ig
ZG9jdW1lbnQgdGhlIGRlZmF1bHQgdmFsdWUuCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAg
ICAgIDx0IGhhbmdUZXh0PSdzY29wZSc+CiAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAg
ICAgICAgICAgICBPUFRJT05BTCwgaWYgaWRlbnRpY2FsIHRvIHRoZSBzY29wZSByZXF1ZXN0ZWQg
YnkgdGhlIGNsaWVudCwgb3RoZXJ3aXNlIFJFUVVJUkVELiBUaGUKICAgICAgICAgICAgICAgIHNj
b3BlIG9mIHRoZSBhY2Nlc3MgdG9rZW4gYXMgZGVzY3JpYmVkIGJ5IDx4cmVmIHRhcmdldD0nc2Nv
cGUnIC8+LgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0nc3Rh
dGUnPgogICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAgUkVRVUlSRUQg
aWYgdGhlIDxzcGFueCBzdHlsZT0ndmVyYic+c3RhdGU8L3NwYW54PiBwYXJhbWV0ZXIgd2FzIHBy
ZXNlbnQgaW4gdGhlCiAgICAgICAgICAgICAgICBjbGllbnQgYXV0aG9yaXphdGlvbiByZXF1ZXN0
LiBUaGUgZXhhY3QgdmFsdWUgcmVjZWl2ZWQgZnJvbSB0aGUgY2xpZW50LgogICAgICAgICAgICAg
IDwvdD4KICAgICAgICAgICAgPC9saXN0PgogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAg
ICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIE5PVCBpc3N1ZSBhIHJlZnJl
c2ggdG9rZW4uCiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8ZmlndXJlPgogICAgICAgICAgICA8
cHJlYW1ibGU+CiAgICAgICAgICAgICAgRm9yIGV4YW1wbGUsIHRoZSBhdXRob3JpemF0aW9uIHNl
cnZlciByZWRpcmVjdHMgdGhlIHVzZXItYWdlbnQgYnkgc2VuZGluZyB0aGUKICAgICAgICAgICAg
ICBmb2xsb3dpbmcgSFRUUCByZXNwb25zZSAoVVJJIGV4dHJhIGxpbmUgYnJlYWtzIGFyZSBmb3Ig
ZGlzcGxheSBwdXJwb3NlcyBvbmx5KToKICAgICAgICAgICAgPC9wcmVhbWJsZT4KICAgICAgICAg
ICAgPGFydHdvcms+CiAgICAgICAgICAgICAgPCFbQ0RBVEFbCiAgSFRUUC8xLjEgMzAyIEZvdW5k
CiAgTG9jYXRpb246IGh0dHA6Ly9leGFtcGxlLmNvbS9jYiNhY2Nlc3NfdG9rZW49MllvdG5GWkZF
anIxekNzaWNNV3BBQQogICAgICAgICAgICAmc3RhdGU9eHl6JnRva2VuX3R5cGU9ZXhhbXBsZSZl
eHBpcmVzX2luPTM2MDAKXV0+CiAgICAgICAgICAgIDwvYXJ0d29yaz4KICAgICAgICAgICAgPHBv
c3RhbWJsZT4KICAgICAgICAgICAgICBEZXZlbG9wZXJzIHNob3VsZCBub3RlIHRoYXQgc29tZSB1
c2VyLWFnZW50cyBkbyBub3Qgc3VwcG9ydCB0aGUgaW5jbHVzaW9uIG9mIGEKICAgICAgICAgICAg
ICBmcmFnbWVudCBjb21wb25lbnQgaW4gdGhlIEhUVFAgPHNwYW54IHN0eWxlPSd2ZXJiJz5Mb2Nh
dGlvbjwvc3Bhbng+IHJlc3BvbnNlIGhlYWRlcgogICAgICAgICAgICAgIGZpZWxkLiBTdWNoIGNs
aWVudHMgd2lsbCByZXF1aXJlIHVzaW5nIG90aGVyIG1ldGhvZHMgZm9yIHJlZGlyZWN0aW5nIHRo
ZSBjbGllbnQgdGhhbgogICAgICAgICAgICAgIGEgM3h4IHJlZGlyZWN0aW9uIHJlc3BvbnNlLiBG
b3IgZXhhbXBsZSwgcmV0dXJuaW5nIGFuIEhUTUwgcGFnZSB3aGljaCBpbmNsdWRlcyBhCiAgICAg
ICAgICAgICAgJ2NvbnRpbnVlJyBidXR0b24gd2l0aCBhbiBhY3Rpb24gbGlua2VkIHRvIHRoZSBy
ZWRpcmVjdGlvbiBVUkkuCiAgICAgICAgICAgIDwvcG9zdGFtYmxlPgogICAgICAgICAgPC9maWd1
cmU+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgVGhlIGNsaWVudCBNVVNUIGlnbm9yZSB1bnJl
Y29nbml6ZWQgcmVzcG9uc2UgcGFyYW1ldGVycy4gVGhlIGFjY2VzcyB0b2tlbiBzdHJpbmcgc2l6
ZQogICAgICAgICAgICBpcyBsZWZ0IHVuZGVmaW5lZCBieSB0aGlzIHNwZWNpZmljYXRpb24uIFRo
ZSBjbGllbnQgc2hvdWxkIGF2b2lkIG1ha2luZyBhc3N1bXB0aW9ucwogICAgICAgICAgICBhYm91
dCB2YWx1ZSBzaXplcy4gVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCBkb2N1bWVudCB0
aGUgc2l6ZSBvZiBhbnkgdmFsdWUgaXQKICAgICAgICAgICAgaXNzdWVzLgogICAgICAgICAgPC90
PgoKICAgICAgICAgIDxzZWN0aW9uIHRpdGxlPSdFcnJvciBSZXNwb25zZScgYW5jaG9yPSdpbXBs
aWNpdC1hdXRoei1lcnJvcic+CiAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgIElmIHRoZSBy
ZXF1ZXN0IGZhaWxzIGR1ZSB0byBhIG1pc3NpbmcsIGludmFsaWQsIG9yIG1pc21hdGNoaW5nIHJl
ZGlyZWN0aW9uIFVSSSwgb3IgaWYKICAgICAgICAgICAgICB0aGUgY2xpZW50IGlkZW50aWZpZXIg
aXMgbWlzc2luZyBvciBpbnZhbGlkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgU0hPVUxEIGlu
Zm9ybQogICAgICAgICAgICAgIHRoZSByZXNvdXJjZSBvd25lciBvZiB0aGUgZXJyb3IsIGFuZCBN
VVNUIE5PVCBhdXRvbWF0aWNhbGx5IHJlZGlyZWN0IHRoZSB1c2VyLWFnZW50CiAgICAgICAgICAg
ICAgdG8gdGhlIGludmFsaWQgcmVkaXJlY3Rpb24gVVJJLgogICAgICAgICAgICA8L3Q+CiAgICAg
ICAgICAgIDx0PgogICAgICAgICAgICAgIElmIHRoZSByZXNvdXJjZSBvd25lciBkZW5pZXMgdGhl
IGFjY2VzcyByZXF1ZXN0IG9yIGlmIHRoZSByZXF1ZXN0IGZhaWxzIGZvciByZWFzb25zCiAgICAg
ICAgICAgICAgb3RoZXIgdGhhbiBhIG1pc3Npbmcgb3IgaW52YWxpZCByZWRpcmVjdGlvbiBVUkks
IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBpbmZvcm1zIHRoZQogICAgICAgICAgICAgIGNsaWVu
dCBieSBhZGRpbmcgdGhlIGZvbGxvd2luZyBwYXJhbWV0ZXJzIHRvIHRoZSBmcmFnbWVudCBjb21w
b25lbnQgb2YgdGhlCiAgICAgICAgICAgICAgcmVkaXJlY3Rpb24gVVJJIHVzaW5nIHRoZQogICAg
ICAgICAgICAgIDxzcGFueCBzdHlsZT0ndmVyYic+YXBwbGljYXRpb24veC13d3ctZm9ybS11cmxl
bmNvZGVkPC9zcGFueD4gZm9ybWF0OgogICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDx0Pgog
ICAgICAgICAgICAgIDxsaXN0IHN0eWxlPSdoYW5naW5nJyBoYW5nSW5kZW50PSc2Jz4KICAgICAg
ICAgICAgICAgIDx0IGhhbmdUZXh0PSdlcnJvcic+CiAgICAgICAgICAgICAgICAgIDx2c3BhY2Ug
Lz4KICAgICAgICAgICAgICAgICAgUkVRVUlSRUQuIEEgc2luZ2xlIEFTQ0lJIDx4cmVmIHRhcmdl
dD0iVVNBU0NJSSIgLz4gZXJyb3IgY29kZSBmcm9tIHRoZSBmb2xsb3dpbmc6CgogICAgICAgICAg
ICAgICAgICA8bGlzdCBzdHlsZT0naGFuZ2luZycgaGFuZ0luZGVudD0nNic+CiAgICAgICAgICAg
ICAgICAgICAgPHQgaGFuZ1RleHQ9J2ludmFsaWRfcmVxdWVzdCc+CiAgICAgICAgICAgICAgICAg
ICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICAgICAgICBUaGUgcmVxdWVzdCBpcyBtaXNz
aW5nIGEgcmVxdWlyZWQgcGFyYW1ldGVyLCBpbmNsdWRlcyBhbiBpbnZhbGlkCiAgICAgICAgICAg
ICAgICAgICAgICBwYXJhbWV0ZXIgdmFsdWUsIGluY2x1ZGVzIGEgcGFyYW1ldGVyIG1vcmUgdGhh
biBvbmNlLCBvciBpcyBvdGhlcndpc2UgbWFsZm9ybWVkLgogICAgICAgICAgICAgICAgICAgIDwv
dD4KICAgICAgICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0ndW5hdXRob3JpemVkX2NsaWVudCc+
CiAgICAgICAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICAgICAgICBU
aGUgY2xpZW50IGlzIG5vdCBhdXRob3JpemVkIHRvIHJlcXVlc3QgYW4gYWNjZXNzIHRva2VuIHVz
aW5nIHRoaXMgbWV0aG9kLgogICAgICAgICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICAg
ICAgICA8dCBoYW5nVGV4dD0nYWNjZXNzX2RlbmllZCc+CiAgICAgICAgICAgICAgICAgICAgICA8
dnNwYWNlIC8+CiAgICAgICAgICAgICAgICAgICAgICBUaGUgcmVzb3VyY2Ugb3duZXIgb3IgYXV0
aG9yaXphdGlvbiBzZXJ2ZXIgZGVuaWVkIHRoZSByZXF1ZXN0LgogICAgICAgICAgICAgICAgICAg
IDwvdD4KICAgICAgICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0ndW5zdXBwb3J0ZWRfcmVzcG9u
c2VfdHlwZSc+CiAgICAgICAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAg
ICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgZG9lcyBub3Qgc3VwcG9ydCBvYnRhaW5p
bmcgYW4gYWNjZXNzIHRva2VuIHVzaW5nCiAgICAgICAgICAgICAgICAgICAgICB0aGlzIG1ldGhv
ZC4KICAgICAgICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgICAgICAgPHQgaGFuZ1Rl
eHQ9J2ludmFsaWRfc2NvcGUnPgogICAgICAgICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAg
ICAgICAgICAgICAgICAgICAgVGhlIHJlcXVlc3RlZCBzY29wZSBpcyBpbnZhbGlkLCB1bmtub3du
LCBvciBtYWxmb3JtZWQuCiAgICAgICAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgICAg
ICAgIDx0IGhhbmdUZXh0PSdzZXJ2ZXJfZXJyb3InPgogICAgICAgICAgICAgICAgICAgICAgPHZz
cGFjZSAvPgogICAgICAgICAgICAgICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGVu
Y291bnRlcmVkIGFuIHVuZXhwZWN0ZWQgY29uZGl0aW9uIHdoaWNoIHByZXZlbnRlZAogICAgICAg
ICAgICAgICAgICAgICAgaXQgZnJvbSBmdWxmaWxsaW5nIHRoZSByZXF1ZXN0LgogICAgICAgICAg
ICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0ndGVtcG9yYXJp
bHlfdW5hdmFpbGFibGUnPgogICAgICAgICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAg
ICAgICAgICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGlzIGN1cnJlbnRseSB1bmFi
bGUgdG8gaGFuZGxlIHRoZSByZXF1ZXN0IGR1ZSB0byBhCiAgICAgICAgICAgICAgICAgICAgICB0
ZW1wb3Jhcnkgb3ZlcmxvYWRpbmcgb3IgbWFpbnRlbmFuY2Ugb2YgdGhlIHNlcnZlci4KICAgICAg
ICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgICAgIDwvbGlzdD4KCgkJICBWYWx1ZXMg
Zm9yIHRoZSA8c3Bhbnggc3R5bGU9J3ZlcmInPmVycm9yPC9zcGFueD4gcGFyYW1ldGVyIE1VU1Qg
Tk9UIGluY2x1ZGUKCQkgIGNoYXJhY3RlcnMgb3V0c2lkZSB0aGUgc2V0ICV4MjAtMjEgLyAleDIz
LTVCIC8gJXg1RC03RS4KICAgICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICAgIDx0IGhh
bmdUZXh0PSdlcnJvcl9kZXNjcmlwdGlvbic+CiAgICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4K
ICAgICAgICAgICAgICAgICAgT1BUSU9OQUwuIEEgaHVtYW4tcmVhZGFibGUgQVNDSUkgPHhyZWYg
dGFyZ2V0PSJVU0FTQ0lJIiAvPiB0ZXh0IHByb3ZpZGluZyBhZGRpdGlvbmFsIGluZm9ybWF0aW9u
LAogICAgICAgICAgICAgICAgICB1c2VkIHRvIGFzc2lzdCB0aGUgY2xpZW50IGRldmVsb3BlciBp
biB1bmRlcnN0YW5kaW5nIHRoZSBlcnJvciB0aGF0IG9jY3VycmVkLgoJCSAgPHZzcGFjZS8+CgkJ
ICBWYWx1ZXMgZm9yIHRoZSA8c3Bhbnggc3R5bGU9J3ZlcmInPmVycm9yX2Rlc2NyaXB0aW9uPC9z
cGFueD4gcGFyYW1ldGVyIE1VU1QgTk9UIGluY2x1ZGUKCQkgIGNoYXJhY3RlcnMgb3V0c2lkZSB0
aGUgc2V0ICV4MjAtMjEgLyAleDIzLTVCIC8gJXg1RC03RS4KICAgICAgICAgICAgICAgIDwvdD4K
ICAgICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdlcnJvcl91cmknPgogICAgICAgICAgICAgICAg
ICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICAgIE9QVElPTkFMLiBBIFVSSSBpZGVudGlmeWlu
ZyBhIGh1bWFuLXJlYWRhYmxlIHdlYiBwYWdlIHdpdGggaW5mb3JtYXRpb24gYWJvdXQgdGhlCiAg
ICAgICAgICAgICAgICAgIGVycm9yLCB1c2VkIHRvIHByb3ZpZGUgdGhlIGNsaWVudCBkZXZlbG9w
ZXIgd2l0aCBhZGRpdGlvbmFsIGluZm9ybWF0aW9uIGFib3V0IHRoZQogICAgICAgICAgICAgICAg
ICBlcnJvci4KCQkgIDx2c3BhY2UvPgoJCSAgVmFsdWVzIGZvciB0aGUgPHNwYW54IHN0eWxlPSd2
ZXJiJz5lcnJvcl91cmk8L3NwYW54PiBwYXJhbWV0ZXIKCQkgIE1VU1QgY29uZm9ybSB0byB0aGUg
VVJJLVJlZmVyZW5jZSBzeW50YXgsIGFuZCB0aHVzIE1VU1QgTk9UIGluY2x1ZGUKCQkgIGNoYXJh
Y3RlcnMgb3V0c2lkZSB0aGUgc2V0ICV4MjEgLyAleDIzLTVCIC8gJXg1RC03RS4KICAgICAgICAg
ICAgICAgIDwvdD4KICAgICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdzdGF0ZSc+CiAgICAgICAg
ICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgICAgUkVRVUlSRUQgaWYgYSA8c3Bh
bnggc3R5bGU9J3ZlcmInPnN0YXRlPC9zcGFueD4gcGFyYW1ldGVyIHdhcyBwcmVzZW50IGluIHRo
ZQogICAgICAgICAgICAgICAgICBjbGllbnQgYXV0aG9yaXphdGlvbiByZXF1ZXN0LiBUaGUgZXhh
Y3QgdmFsdWUgcmVjZWl2ZWQgZnJvbSB0aGUgY2xpZW50LgogICAgICAgICAgICAgICAgPC90Pgog
ICAgICAgICAgICAgIDwvbGlzdD4KICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8ZmlndXJl
PgogICAgICAgICAgICAgIDxwcmVhbWJsZT4KICAgICAgICAgICAgICAgIEZvciBleGFtcGxlLCB0
aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgcmVkaXJlY3RzIHRoZSB1c2VyLWFnZW50IGJ5IHNlbmRp
bmcgdGhlCiAgICAgICAgICAgICAgICBmb2xsb3dpbmcgSFRUUCByZXNwb25zZToKICAgICAgICAg
ICAgICA8L3ByZWFtYmxlPgogICAgICAgICAgICAgIDxhcnR3b3JrPgogICAgICAgICAgICAgICAg
PCFbQ0RBVEFbCiAgSFRUUC8xLjEgMzAyIEZvdW5kCiAgTG9jYXRpb246IGh0dHBzOi8vY2xpZW50
LmV4YW1wbGUuY29tL2NiI2Vycm9yPWFjY2Vzc19kZW5pZWQmc3RhdGU9eHl6Cl1dPgogICAgICAg
ICAgICAgIDwvYXJ0d29yaz4KICAgICAgICAgICAgPC9maWd1cmU+CiAgICAgICAgICA8L3NlY3Rp
b24+CgogICAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDxzZWN0aW9u
IHRpdGxlPSdSZXNvdXJjZSBPd25lciBQYXNzd29yZCBDcmVkZW50aWFscyBHcmFudCcgYW5jaG9y
PSdncmFudC1wYXNzd29yZCc+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUgcmVzb3VyY2Ugb3du
ZXIgcGFzc3dvcmQgY3JlZGVudGlhbHMgZ3JhbnQgdHlwZSBpcyBzdWl0YWJsZSBpbiBjYXNlcyB3
aGVyZSB0aGUKICAgICAgICAgIHJlc291cmNlIG93bmVyIGhhcyBhIHRydXN0IHJlbGF0aW9uc2hp
cCB3aXRoIHRoZSBjbGllbnQsIHN1Y2ggYXMgdGhlIGRldmljZSBvcGVyYXRpbmcKICAgICAgICAg
IHN5c3RlbSBvciBhIGhpZ2hseSBwcml2aWxlZ2VkIGFwcGxpY2F0aW9uLiBUaGUgYXV0aG9yaXph
dGlvbiBzZXJ2ZXIgc2hvdWxkIHRha2Ugc3BlY2lhbAogICAgICAgICAgY2FyZSB3aGVuIGVuYWJs
aW5nIHRoaXMgZ3JhbnQgdHlwZSwgYW5kIG9ubHkgYWxsb3cgaXQgd2hlbiBvdGhlciBmbG93cyBh
cmUgbm90IHZpYWJsZS4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUgZ3Jh
bnQgdHlwZSBpcyBzdWl0YWJsZSBmb3IgY2xpZW50cyBjYXBhYmxlIG9mIG9idGFpbmluZyB0aGUg
cmVzb3VyY2Ugb3duZXIncwogICAgICAgICAgY3JlZGVudGlhbHMgKHVzZXJuYW1lIGFuZCBwYXNz
d29yZCwgdHlwaWNhbGx5IHVzaW5nIGFuIGludGVyYWN0aXZlIGZvcm0pLiBJdCBpcyBhbHNvIHVz
ZWQKICAgICAgICAgIHRvIG1pZ3JhdGUgZXhpc3RpbmcgY2xpZW50cyB1c2luZyBkaXJlY3QgYXV0
aGVudGljYXRpb24gc2NoZW1lcyBzdWNoIGFzIEhUVFAgQmFzaWMgb3IKICAgICAgICAgIERpZ2Vz
dCBhdXRoZW50aWNhdGlvbiB0byBPQXV0aCBieSBjb252ZXJ0aW5nIHRoZSBzdG9yZWQgY3JlZGVu
dGlhbHMgdG8gYW4gYWNjZXNzIHRva2VuLgogICAgICAgIDwvdD4KICAgICAgICA8ZmlndXJlIHRp
dGxlPSdSZXNvdXJjZSBPd25lciBQYXNzd29yZCBDcmVkZW50aWFscyBGbG93JyBhbmNob3I9J0Zp
Z3VyZS01Jz4KICAgICAgICAgIDxhcnR3b3JrPgogICAgICAgICAgICA8IVtDREFUQVsKICArLS0t
LS0tLS0tLSsKICB8IFJlc291cmNlIHwKICB8ICBPd25lciAgIHwKICB8ICAgICAgICAgIHwKICAr
LS0tLS0tLS0tLSsKICAgICAgIHYKICAgICAgIHwgICAgUmVzb3VyY2UgT3duZXIKICAgICAgKEEp
IFBhc3N3b3JkIENyZWRlbnRpYWxzCiAgICAgICB8CiAgICAgICB2CiAgKy0tLS0tLS0tLSsgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKy0tLS0tLS0tLS0tLS0tLSsKICB8ICAgICAg
ICAgfD4tLShCKS0tLS0gUmVzb3VyY2UgT3duZXIgLS0tLS0tLT58ICAgICAgICAgICAgICAgfAog
IHwgICAgICAgICB8ICAgICAgICAgUGFzc3dvcmQgQ3JlZGVudGlhbHMgICAgIHwgQXV0aG9yaXph
dGlvbiB8CiAgfCBDbGllbnQgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAg
ICAgU2VydmVyICAgIHwKICB8ICAgICAgICAgfDwtLShDKS0tLS0gQWNjZXNzIFRva2VuIC0tLS0t
LS0tLTx8ICAgICAgICAgICAgICAgfAogIHwgICAgICAgICB8ICAgICh3LyBPcHRpb25hbCBSZWZy
ZXNoIFRva2VuKSAgIHwgICAgICAgICAgICAgICB8CiAgKy0tLS0tLS0tLSsgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgKy0tLS0tLS0tLS0tLS0tLSsKXV0+CiAgICAgICAgICA8L2Fy
dHdvcms+CiAgICAgICAgPC9maWd1cmU+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUgZmxvdyBp
bGx1c3RyYXRlZCBpbiA8eHJlZiB0YXJnZXQ9J0ZpZ3VyZS01JyAvPiBpbmNsdWRlcyB0aGUgZm9s
bG93aW5nIHN0ZXBzOgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIDxsaXN0IHN0
eWxlPSdmb3JtYXQgKCVDKSc+CiAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgIFRoZSByZXNv
dXJjZSBvd25lciBwcm92aWRlcyB0aGUgY2xpZW50IHdpdGggaXRzIHVzZXJuYW1lIGFuZCBwYXNz
d29yZC4KICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8dD4KICAgICAgICAgICAgICBUaGUg
Y2xpZW50IHJlcXVlc3RzIGFuIGFjY2VzcyB0b2tlbiBmcm9tIHRoZSBhdXRob3JpemF0aW9uIHNl
cnZlcidzIHRva2VuIGVuZHBvaW50IGJ5CiAgICAgICAgICAgICAgaW5jbHVkaW5nIHRoZSBjcmVk
ZW50aWFscyByZWNlaXZlZCBmcm9tIHRoZSByZXNvdXJjZSBvd25lci4gV2hlbiBtYWtpbmcgdGhl
IHJlcXVlc3QsCiAgICAgICAgICAgICAgdGhlIGNsaWVudCBhdXRoZW50aWNhdGVzIHdpdGggdGhl
IGF1dGhvcml6YXRpb24gc2VydmVyLgogICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDx0Pgog
ICAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhdXRoZW50aWNhdGVzIHRoZSBj
bGllbnQgYW5kIHZhbGlkYXRlcyB0aGUgcmVzb3VyY2Ugb3duZXIKICAgICAgICAgICAgICBjcmVk
ZW50aWFscywgYW5kIGlmIHZhbGlkIGlzc3VlcyBhbiBhY2Nlc3MgdG9rZW4uCiAgICAgICAgICAg
IDwvdD4KICAgICAgICAgIDwvbGlzdD4KICAgICAgICA8L3Q+CgogICAgICAgIDxzZWN0aW9uIHRp
dGxlPSdBdXRob3JpemF0aW9uIFJlcXVlc3QgYW5kIFJlc3BvbnNlJz4KICAgICAgICAgIDx0Pgog
ICAgICAgICAgICBUaGUgbWV0aG9kIHRocm91Z2ggd2hpY2ggdGhlIGNsaWVudCBvYnRhaW5zIHRo
ZSByZXNvdXJjZSBvd25lciBjcmVkZW50aWFscyBpcyBiZXlvbmQKICAgICAgICAgICAgdGhlIHNj
b3BlIG9mIHRoaXMgc3BlY2lmaWNhdGlvbi4gVGhlIGNsaWVudCBNVVNUIGRpc2NhcmQgdGhlIGNy
ZWRlbnRpYWxzIG9uY2UgYW4gYWNjZXNzCiAgICAgICAgICAgIHRva2VuIGhhcyBiZWVuIG9idGFp
bmVkLgogICAgICAgICAgPC90PgogICAgICAgIDwvc2VjdGlvbj4KCiAgICAgICAgPHNlY3Rpb24g
dGl0bGU9J0FjY2VzcyBUb2tlbiBSZXF1ZXN0Jz4KICAgICAgICAgIDx0PgogICAgICAgICAgICBU
aGUgY2xpZW50IG1ha2VzIGEgcmVxdWVzdCB0byB0aGUgdG9rZW4gZW5kcG9pbnQgYnkgYWRkaW5n
IHRoZSBmb2xsb3dpbmcgcGFyYW1ldGVycwogICAgICAgICAgICB1c2luZyB0aGUgPHNwYW54IHN0
eWxlPSd2ZXJiJz5hcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ8L3NwYW54PiBmb3Jt
YXQgaW4gdGhlCiAgICAgICAgICAgIEhUVFAgcmVxdWVzdCBlbnRpdHktYm9keToKICAgICAgICAg
IDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAgICA8bGlzdCBzdHlsZT0naGFuZ2luZycgaGFu
Z0luZGVudD0nNic+CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J2dyYW50X3R5cGUnPgogICAg
ICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAgUkVRVUlSRUQuIFZhbHVlIE1V
U1QgYmUgc2V0IHRvIDxzcGFueCBzdHlsZT0ndmVyYic+cGFzc3dvcmQ8L3NwYW54Pi4KICAgICAg
ICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J3VzZXJuYW1lJz4KICAgICAg
ICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgIFJFUVVJUkVELiBUaGUgcmVzb3Vy
Y2Ugb3duZXIgdXNlcm5hbWUsIGVuY29kZWQgYXMgVVRGLTguCiAgICAgICAgICAgICAgPC90Pgog
ICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdwYXNzd29yZCc+CiAgICAgICAgICAgICAgICA8dnNw
YWNlIC8+CiAgICAgICAgICAgICAgICBSRVFVSVJFRC4gVGhlIHJlc291cmNlIG93bmVyIHBhc3N3
b3JkLCBlbmNvZGVkIGFzIFVURi04LgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8
dCBoYW5nVGV4dD0nc2NvcGUnPgogICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAg
ICAgICAgT1BUSU9OQUwuIFRoZSBzY29wZSBvZiB0aGUgYWNjZXNzIHJlcXVlc3QgYXMgZGVzY3Jp
YmVkIGJ5IDx4cmVmIHRhcmdldD0nc2NvcGUnIC8+LgogICAgICAgICAgICAgIDwvdD4KICAgICAg
ICAgICAgPC9saXN0PgogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIElm
IHRoZSBjbGllbnQgdHlwZSBpcyBjb25maWRlbnRpYWwgb3IgdGhlIGNsaWVudCB3YXMgaXNzdWVk
IGNsaWVudCBjcmVkZW50aWFscyAob3IKICAgICAgICAgICAgYXNzaWduZWQgb3RoZXIgYXV0aGVu
dGljYXRpb24gcmVxdWlyZW1lbnRzKSwgdGhlIGNsaWVudCBNVVNUIGF1dGhlbnRpY2F0ZSB3aXRo
IHRoZQogICAgICAgICAgICBhdXRob3JpemF0aW9uIHNlcnZlciBhcyBkZXNjcmliZWQgaW4gPHhy
ZWYgdGFyZ2V0PSd0b2tlbi1lbmRwb2ludC1hdXRoJyAvPi4KICAgICAgICAgIDwvdD4KICAgICAg
ICAgIDxmaWd1cmU+CiAgICAgICAgICAgIDxwcmVhbWJsZT4KICAgICAgICAgICAgICBGb3IgZXhh
bXBsZSwgdGhlIGNsaWVudCBtYWtlcyB0aGUgZm9sbG93aW5nIEhUVFAgcmVxdWVzdCB1c2luZyB0
cmFuc3BvcnQtbGF5ZXIKICAgICAgICAgICAgICBzZWN1cml0eSAoZXh0cmEgbGluZSBicmVha3Mg
YXJlIGZvciBkaXNwbGF5IHB1cnBvc2VzIG9ubHkpOgogICAgICAgICAgICA8L3ByZWFtYmxlPgog
ICAgICAgICAgICA8YXJ0d29yaz4KICAgICAgICAgICAgICA8IVtDREFUQVsKICBQT1NUIC90b2tl
biBIVFRQLzEuMQogIEhvc3Q6IHNlcnZlci5leGFtcGxlLmNvbQogIEF1dGhvcml6YXRpb246IEJh
c2ljIGN6WkNhR1JTYTNGME16cG5XREZtUW1GME0ySlcKICBDb250ZW50LVR5cGU6IGFwcGxpY2F0
aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZDtjaGFyc2V0PVVURi04CiAgCiAgZ3JhbnRfdHlwZT1w
YXNzd29yZCZ1c2VybmFtZT1qb2huZG9lJnBhc3N3b3JkPUEzZGRqM3cKXV0+CiAgICAgICAgICAg
IDwvYXJ0d29yaz4KICAgICAgICAgIDwvZmlndXJlPgogICAgICAgICAgPHQ+CiAgICAgICAgICAg
IFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUOgogICAgICAgICAgPC90PgogICAgICAgICAg
PHQ+CiAgICAgICAgICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4KICAgICAgICAgICAgICA8dD4K
ICAgICAgICAgICAgICAgIHJlcXVpcmUgY2xpZW50IGF1dGhlbnRpY2F0aW9uIGZvciBjb25maWRl
bnRpYWwgY2xpZW50cyBvciBmb3IgYW55IGNsaWVudCB0aGF0IHdhcwogICAgICAgICAgICAgICAg
aXNzdWVkIGNsaWVudCBjcmVkZW50aWFscyAob3Igd2l0aCBvdGhlciBhdXRoZW50aWNhdGlvbiBy
ZXF1aXJlbWVudHMpLAogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAg
ICAgICAgICAgIGF1dGhlbnRpY2F0ZSB0aGUgY2xpZW50IGlmIGNsaWVudCBhdXRoZW50aWNhdGlv
biBpcyBpbmNsdWRlZCwgYW5kCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0Pgog
ICAgICAgICAgICAgICAgdmFsaWRhdGUgdGhlIHJlc291cmNlIG93bmVyIHBhc3N3b3JkIGNyZWRl
bnRpYWxzIHVzaW5nIGl0cyBleGlzdGluZyBwYXNzd29yZAogICAgICAgICAgICAgICAgdmFsaWRh
dGlvbiBhbGdvcml0aG0uCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8L2xpc3Q+CiAg
ICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgU2luY2UgdGhpcyBhY2Nlc3Mg
dG9rZW4gcmVxdWVzdCB1dGlsaXplcyB0aGUgcmVzb3VyY2Ugb3duZXIncyBwYXNzd29yZCwgdGhl
CiAgICAgICAgICAgIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgcHJvdGVjdCB0aGUgZW5kcG9p
bnQgYWdhaW5zdCBicnV0ZSBmb3JjZSBhdHRhY2tzIChlLmcuIHVzaW5nCiAgICAgICAgICAgIHJh
dGUtbGltaXRhdGlvbiBvciBnZW5lcmF0aW5nIGFsZXJ0cykuCiAgICAgICAgICA8L3Q+CiAgICAg
ICAgPC9zZWN0aW9uPgoKICAgICAgICA8c2VjdGlvbiB0aXRsZT0nQWNjZXNzIFRva2VuIFJlc3Bv
bnNlJz4KICAgICAgICAgIDx0PgogICAgICAgICAgICBJZiB0aGUgYWNjZXNzIHRva2VuIHJlcXVl
c3QgaXMgdmFsaWQgYW5kIGF1dGhvcml6ZWQsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBpc3N1
ZXMgYW4KICAgICAgICAgICAgYWNjZXNzIHRva2VuIGFuZCBvcHRpb25hbCByZWZyZXNoIHRva2Vu
IGFzIGRlc2NyaWJlZCBpbiA8eHJlZiB0YXJnZXQ9J3Rva2VuLXJlc3BvbnNlJyAvPi4KICAgICAg
ICAgICAgSWYgdGhlIHJlcXVlc3QgZmFpbGVkIGNsaWVudCBhdXRoZW50aWNhdGlvbiBvciBpcyBp
bnZhbGlkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgcmV0dXJucwogICAgICAgICAgICBhbiBl
cnJvciByZXNwb25zZSBhcyBkZXNjcmliZWQgaW4gPHhyZWYgdGFyZ2V0PSd0b2tlbi1lcnJvcnMn
IC8+LgogICAgICAgICAgPC90PgogICAgICAgICAgPGZpZ3VyZT4KICAgICAgICAgICAgPHByZWFt
YmxlPgogICAgICAgICAgICAgIEFuIGV4YW1wbGUgc3VjY2Vzc2Z1bCByZXNwb25zZToKICAgICAg
ICAgICAgPC9wcmVhbWJsZT4KICAgICAgICAgICAgPGFydHdvcms+CiAgICAgICAgICAgICAgPCFb
Q0RBVEFbCiAgSFRUUC8xLjEgMjAwIE9LCiAgQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9qc29u
O2NoYXJzZXQ9VVRGLTgKICBDYWNoZS1Db250cm9sOiBuby1zdG9yZQogIFByYWdtYTogbm8tY2Fj
aGUKCiAgewogICAgImFjY2Vzc190b2tlbiI6IjJZb3RuRlpGRWpyMXpDc2ljTVdwQUEiLAogICAg
InRva2VuX3R5cGUiOiJleGFtcGxlIiwKICAgICJleHBpcmVzX2luIjozNjAwLAogICAgInJlZnJl
c2hfdG9rZW4iOiJ0R3p2M0pPa0YwWEc1UXgyVGxLV0lBIiwKICAgICJleGFtcGxlX3BhcmFtZXRl
ciI6ImV4YW1wbGVfdmFsdWUiCiAgfQpdXT4KICAgICAgICAgICAgPC9hcnR3b3JrPgogICAgICAg
ICAgPC9maWd1cmU+CiAgICAgICAgPC9zZWN0aW9uPgoKICAgICAgPC9zZWN0aW9uPgoKICAgICAg
PHNlY3Rpb24gdGl0bGU9J0NsaWVudCBDcmVkZW50aWFscyBHcmFudCcgYW5jaG9yPSdncmFudC1j
bGllbnQnPgogICAgICAgIDx0PgogICAgICAgICAgVGhlIGNsaWVudCBjYW4gcmVxdWVzdCBhbiBh
Y2Nlc3MgdG9rZW4gdXNpbmcgb25seSBpdHMgY2xpZW50IGNyZWRlbnRpYWxzIChvciBvdGhlcgog
ICAgICAgICAgc3VwcG9ydGVkIG1lYW5zIG9mIGF1dGhlbnRpY2F0aW9uKSB3aGVuIHRoZSBjbGll
bnQgaXMgcmVxdWVzdGluZyBhY2Nlc3MgdG8gdGhlCiAgICAgICAgICBwcm90ZWN0ZWQgcmVzb3Vy
Y2VzIHVuZGVyIGl0cyBjb250cm9sLCBvciB0aG9zZSBvZiBhbm90aGVyIHJlc291cmNlIG93bmVy
IHdoaWNoIGhhcyBiZWVuCiAgICAgICAgICBwcmV2aW91c2x5IGFycmFuZ2VkIHdpdGggdGhlIGF1
dGhvcml6YXRpb24gc2VydmVyICh0aGUgbWV0aG9kIG9mIHdoaWNoIGlzIGJleW9uZCB0aGUKICAg
ICAgICAgIHNjb3BlIG9mIHRoaXMgc3BlY2lmaWNhdGlvbikuCiAgICAgICAgPC90PgogICAgICAg
IDx0PgogICAgICAgICAgVGhlIGNsaWVudCBjcmVkZW50aWFscyBncmFudCB0eXBlIE1VU1Qgb25s
eSBiZSB1c2VkIGJ5IGNvbmZpZGVudGlhbCBjbGllbnRzLgogICAgICAgIDwvdD4KICAgICAgICA8
ZmlndXJlIHRpdGxlPSdDbGllbnQgQ3JlZGVudGlhbHMgRmxvdycgYW5jaG9yPSdGaWd1cmUtNic+
CiAgICAgICAgICA8YXJ0d29yaz4KICAgICAgICAgICAgPCFbQ0RBVEFbCiAgKy0tLS0tLS0tLSsg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKy0tLS0tLS0tLS0tLS0tLSsKICB8ICAg
ICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8ICAgICAgICAgICAgICAg
fAogIHwgICAgICAgICB8Pi0tKEEpLSBDbGllbnQgQXV0aGVudGljYXRpb24gLS0tPnwgQXV0aG9y
aXphdGlvbiB8CiAgfCBDbGllbnQgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
fCAgICAgU2VydmVyICAgIHwKICB8ICAgICAgICAgfDwtLShCKS0tLS0gQWNjZXNzIFRva2VuIC0t
LS0tLS0tLTx8ICAgICAgICAgICAgICAgfAogIHwgICAgICAgICB8ICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgIHwgICAgICAgICAgICAgICB8CiAgKy0tLS0tLS0tLSsgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgKy0tLS0tLS0tLS0tLS0tLSsKXV0+CiAgICAgICAgICA8
L2FydHdvcms+CiAgICAgICAgPC9maWd1cmU+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUgZmxv
dyBpbGx1c3RyYXRlZCBpbiA8eHJlZiB0YXJnZXQ9J0ZpZ3VyZS02JyAvPiBpbmNsdWRlcyB0aGUg
Zm9sbG93aW5nIHN0ZXBzOgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIDxsaXN0
IHN0eWxlPSdmb3JtYXQgKCVDKSc+CiAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgIFRoZSBj
bGllbnQgYXV0aGVudGljYXRlcyB3aXRoIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhbmQgcmVx
dWVzdHMgYW4gYWNjZXNzIHRva2VuCiAgICAgICAgICAgICAgZnJvbSB0aGUgdG9rZW4gZW5kcG9p
bnQuCiAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgVGhlIGF1
dGhvcml6YXRpb24gc2VydmVyIGF1dGhlbnRpY2F0ZXMgdGhlIGNsaWVudCwgYW5kIGlmIHZhbGlk
IGlzc3VlcyBhbiBhY2Nlc3MKICAgICAgICAgICAgICB0b2tlbi4KICAgICAgICAgICAgPC90Pgog
ICAgICAgICAgPC9saXN0PgogICAgICAgIDwvdD4KCiAgICAgICAgPHNlY3Rpb24gdGl0bGU9J0F1
dGhvcml6YXRpb24gUmVxdWVzdCBhbmQgUmVzcG9uc2UnPgogICAgICAgICAgPHQ+CiAgICAgICAg
ICAgIFNpbmNlIHRoZSBjbGllbnQgYXV0aGVudGljYXRpb24gaXMgdXNlZCBhcyB0aGUgYXV0aG9y
aXphdGlvbiBncmFudCwgbm8gYWRkaXRpb25hbAogICAgICAgICAgICBhdXRob3JpemF0aW9uIHJl
cXVlc3QgaXMgbmVlZGVkLgogICAgICAgICAgPC90PgogICAgICAgIDwvc2VjdGlvbj4KCiAgICAg
ICAgPHNlY3Rpb24gdGl0bGU9J0FjY2VzcyBUb2tlbiBSZXF1ZXN0Jz4KICAgICAgICAgIDx0Pgog
ICAgICAgICAgICBUaGUgY2xpZW50IG1ha2VzIGEgcmVxdWVzdCB0byB0aGUgdG9rZW4gZW5kcG9p
bnQgYnkgYWRkaW5nIHRoZSBmb2xsb3dpbmcgcGFyYW1ldGVycwogICAgICAgICAgICB1c2luZyB0
aGUgPHNwYW54IHN0eWxlPSd2ZXJiJz5hcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ8
L3NwYW54PiBmb3JtYXQgaW4gdGhlCiAgICAgICAgICAgIEhUVFAgcmVxdWVzdCBlbnRpdHktYm9k
eToKICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAgICA8bGlzdCBzdHlsZT0n
aGFuZ2luZycgaGFuZ0luZGVudD0nNic+CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J2dyYW50
X3R5cGUnPgogICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAgUkVRVUlS
RUQuIFZhbHVlIE1VU1QgYmUgc2V0IHRvIDxzcGFueCBzdHlsZT0ndmVyYic+Y2xpZW50X2NyZWRl
bnRpYWxzPC9zcGFueD4uCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0IGhhbmdU
ZXh0PSdzY29wZSc+CiAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICBP
UFRJT05BTC4gVGhlIHNjb3BlIG9mIHRoZSBhY2Nlc3MgcmVxdWVzdCBhcyBkZXNjcmliZWQgYnkg
PHhyZWYgdGFyZ2V0PSdzY29wZScgLz4uCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8
L2xpc3Q+CiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgVGhlIGNsaWVu
dCBNVVNUIGF1dGhlbnRpY2F0ZSB3aXRoIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhcyBkZXNj
cmliZWQgaW4KICAgICAgICAgICAgPHhyZWYgdGFyZ2V0PSd0b2tlbi1lbmRwb2ludC1hdXRoJyAv
Pi4KICAgICAgICAgIDwvdD4KICAgICAgICAgIDxmaWd1cmU+CiAgICAgICAgICAgIDxwcmVhbWJs
ZT4KICAgICAgICAgICAgICBGb3IgZXhhbXBsZSwgdGhlIGNsaWVudCBtYWtlcyB0aGUgZm9sbG93
aW5nIEhUVFAgcmVxdWVzdCB1c2luZyB0cmFuc3BvcnQtbGF5ZXIKICAgICAgICAgICAgICBzZWN1
cml0eSAoZXh0cmEgbGluZSBicmVha3MgYXJlIGZvciBkaXNwbGF5IHB1cnBvc2VzIG9ubHkpOgog
ICAgICAgICAgICA8L3ByZWFtYmxlPgogICAgICAgICAgICA8YXJ0d29yaz4KICAgICAgICAgICAg
ICA8IVtDREFUQVsKICBQT1NUIC90b2tlbiBIVFRQLzEuMQogIEhvc3Q6IHNlcnZlci5leGFtcGxl
LmNvbQogIEF1dGhvcml6YXRpb246IEJhc2ljIGN6WkNhR1JTYTNGME16cG5XREZtUW1GME0ySlcK
ICBDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZDtjaGFyc2V0
PVVURi04CiAgCiAgZ3JhbnRfdHlwZT1jbGllbnRfY3JlZGVudGlhbHMKXV0+CiAgICAgICAgICAg
IDwvYXJ0d29yaz4KICAgICAgICAgIDwvZmlndXJlPgogICAgICAgICAgPHQ+CiAgICAgICAgICAg
IFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIGF1dGhlbnRpY2F0ZSB0aGUgY2xpZW50Lgog
ICAgICAgICAgPC90PgogICAgICAgIDwvc2VjdGlvbj4KCiAgICAgICAgPHNlY3Rpb24gdGl0bGU9
J0FjY2VzcyBUb2tlbiBSZXNwb25zZSc+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgSWYgdGhl
IGFjY2VzcyB0b2tlbiByZXF1ZXN0IGlzIHZhbGlkIGFuZCBhdXRob3JpemVkLCB0aGUgYXV0aG9y
aXphdGlvbiBzZXJ2ZXIgaXNzdWVzIGFuCiAgICAgICAgICAgIGFjY2VzcyB0b2tlbiBhcyBkZXNj
cmliZWQgaW4gPHhyZWYgdGFyZ2V0PSd0b2tlbi1yZXNwb25zZScgLz4uIEEgcmVmcmVzaCB0b2tl
biBTSE9VTEQKICAgICAgICAgICAgTk9UIGJlIGluY2x1ZGVkLiBJZiB0aGUgcmVxdWVzdCBmYWls
ZWQgY2xpZW50IGF1dGhlbnRpY2F0aW9uIG9yIGlzIGludmFsaWQsIHRoZQogICAgICAgICAgICBh
dXRob3JpemF0aW9uIHNlcnZlciByZXR1cm5zIGFuIGVycm9yIHJlc3BvbnNlIGFzIGRlc2NyaWJl
ZCBpbgogICAgICAgICAgICA8eHJlZiB0YXJnZXQ9J3Rva2VuLWVycm9ycycgLz4uCiAgICAgICAg
ICA8L3Q+CiAgICAgICAgICA8ZmlndXJlPgogICAgICAgICAgICA8cHJlYW1ibGU+CiAgICAgICAg
ICAgICAgQW4gZXhhbXBsZSBzdWNjZXNzZnVsIHJlc3BvbnNlOgogICAgICAgICAgICA8L3ByZWFt
YmxlPgogICAgICAgICAgICA8YXJ0d29yaz4KICAgICAgICAgICAgICA8IVtDREFUQVsKICBIVFRQ
LzEuMSAyMDAgT0sKICBDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb247Y2hhcnNldD1VVEYt
OAogIENhY2hlLUNvbnRyb2w6IG5vLXN0b3JlCiAgUHJhZ21hOiBuby1jYWNoZQogIAogIHsKICAg
ICJhY2Nlc3NfdG9rZW4iOiIyWW90bkZaRkVqcjF6Q3NpY01XcEFBIiwKICAgICJ0b2tlbl90eXBl
IjoiZXhhbXBsZSIsCiAgICAiZXhwaXJlc19pbiI6MzYwMCwKICAgICJleGFtcGxlX3BhcmFtZXRl
ciI6ImV4YW1wbGVfdmFsdWUiCiAgfQpdXT4KICAgICAgICAgICAgPC9hcnR3b3JrPgogICAgICAg
ICAgPC9maWd1cmU+CiAgICAgICAgPC9zZWN0aW9uPgoKICAgICAgPC9zZWN0aW9uPgoKICAgICAg
PHNlY3Rpb24gdGl0bGU9J0V4dGVuc2lvbiBHcmFudHMnPgogICAgICAgIDx0PgogICAgICAgICAg
VGhlIGNsaWVudCB1c2VzIGFuIGV4dGVuc2lvbiBncmFudCB0eXBlIGJ5IHNwZWNpZnlpbmcgdGhl
IGdyYW50IHR5cGUgdXNpbmcgYW4KICAgICAgICAgIGFic29sdXRlIFVSSSAoZGVmaW5lZCBieSB0
aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIpIGFzIHRoZSB2YWx1ZSBvZiB0aGUKICAgICAgICAgIDxz
cGFueCBzdHlsZT0ndmVyYic+Z3JhbnRfdHlwZTwvc3Bhbng+IHBhcmFtZXRlciBvZiB0aGUgdG9r
ZW4gZW5kcG9pbnQsIGFuZCBieQogICAgICAgICAgYWRkaW5nIGFueSBhZGRpdGlvbmFsIHBhcmFt
ZXRlcnMgbmVjZXNzYXJ5LgogICAgICAgIDwvdD4KICAgICAgICA8ZmlndXJlPgogICAgICAgICAg
PHByZWFtYmxlPgogICAgICAgICAgICBGb3IgZXhhbXBsZSwgdG8gcmVxdWVzdCBhbiBhY2Nlc3Mg
dG9rZW4gdXNpbmcgYSBTQU1MIDIuMCBhc3NlcnRpb24gZ3JhbnQgdHlwZSBhcwogICAgICAgICAg
ICBkZWZpbmVkIGJ5IDx4cmVmIHRhcmdldD0nSS1ELmlldGYtb2F1dGgtc2FtbDItYmVhcmVyJyAv
PiwgdGhlIGNsaWVudCBtYWtlcyB0aGUKICAgICAgICAgICAgZm9sbG93aW5nIEhUVFAgcmVxdWVz
dCB1c2luZyBUTFMgKGxpbmUgYnJlYWtzIGFyZSBmb3IgZGlzcGxheSBwdXJwb3NlcyBvbmx5KToK
ICAgICAgICAgIDwvcHJlYW1ibGU+CiAgICAgICAgICA8YXJ0d29yaz4KICAgICAgICAgICAgPCFb
Q0RBVEFbCiAgUE9TVCAvdG9rZW4gSFRUUC8xLjEKICBIb3N0OiBzZXJ2ZXIuZXhhbXBsZS5jb20K
ICBDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZDtjaGFyc2V0
PVVURi04CgogIGdyYW50X3R5cGU9dXJuJTNBaWV0ZiUzQXBhcmFtcyUzQW9hdXRoJTNBZ3JhbnQt
dHlwZSUzQXNhbWwyLQogIGJlYXJlciZhc3NlcnRpb249UEVGemMyVnlkR2x2YmlCSmMzTjFaVWx1
YzNSaGJuUTlJakl3TVRFdE1EVQogIFsuLi5vbWl0dGVkIGZvciBicmV2aXR5Li4uXWFHNVRkR0Yw
WlcxbGJuUS1QQzlCYzNObGNuUnBiMjQtCl1dPgogICAgICAgICAgPC9hcnR3b3JrPgogICAgICAg
IDwvZmlndXJlPgogICAgICAgIDx0PgogICAgICAgICAgSWYgdGhlIGFjY2VzcyB0b2tlbiByZXF1
ZXN0IGlzIHZhbGlkIGFuZCBhdXRob3JpemVkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgaXNz
dWVzIGFuCiAgICAgICAgICBhY2Nlc3MgdG9rZW4gYW5kIG9wdGlvbmFsIHJlZnJlc2ggdG9rZW4g
YXMgZGVzY3JpYmVkIGluIDx4cmVmIHRhcmdldD0ndG9rZW4tcmVzcG9uc2UnIC8+LgogICAgICAg
ICAgSWYgdGhlIHJlcXVlc3QgZmFpbGVkIGNsaWVudCBhdXRoZW50aWNhdGlvbiBvciBpcyBpbnZh
bGlkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgcmV0dXJucwogICAgICAgICAgYW4gZXJyb3Ig
cmVzcG9uc2UgYXMgZGVzY3JpYmVkIGluIDx4cmVmIHRhcmdldD0ndG9rZW4tZXJyb3JzJyAvPi4K
ICAgICAgICA8L3Q+CiAgICAgIDwvc2VjdGlvbj4KCiAgICA8L3NlY3Rpb24+CgogICAgPHNlY3Rp
b24gdGl0bGU9J0lzc3VpbmcgYW4gQWNjZXNzIFRva2VuJyBhbmNob3I9J3Rva2VuLWlzc3VlJz4K
ICAgICAgPHQ+CiAgICAgICAgSWYgdGhlIGFjY2VzcyB0b2tlbiByZXF1ZXN0IGlzIHZhbGlkIGFu
ZCBhdXRob3JpemVkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgaXNzdWVzIGFuCiAgICAgICAg
YWNjZXNzIHRva2VuIGFuZCBvcHRpb25hbCByZWZyZXNoIHRva2VuIGFzIGRlc2NyaWJlZCBpbiA8
eHJlZiB0YXJnZXQ9J3Rva2VuLXJlc3BvbnNlJyAvPi4KICAgICAgICBJZiB0aGUgcmVxdWVzdCBm
YWlsZWQgY2xpZW50IGF1dGhlbnRpY2F0aW9uIG9yIGlzIGludmFsaWQsIHRoZSBhdXRob3JpemF0
aW9uIHNlcnZlciByZXR1cm5zCiAgICAgICAgYW4gZXJyb3IgcmVzcG9uc2UgYXMgZGVzY3JpYmVk
IGluIDx4cmVmIHRhcmdldD0ndG9rZW4tZXJyb3JzJyAvPi4KICAgICAgPC90PgoKICAgICAgPHNl
Y3Rpb24gdGl0bGU9J1N1Y2Nlc3NmdWwgUmVzcG9uc2UnIGFuY2hvcj0ndG9rZW4tcmVzcG9uc2Un
PgogICAgICAgIDx0PgogICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGlzc3VlcyBh
biBhY2Nlc3MgdG9rZW4gYW5kIG9wdGlvbmFsIHJlZnJlc2ggdG9rZW4sIGFuZAogICAgICAgICAg
Y29uc3RydWN0cyB0aGUgcmVzcG9uc2UgYnkgYWRkaW5nIHRoZSBmb2xsb3dpbmcgcGFyYW1ldGVy
cyB0byB0aGUgZW50aXR5IGJvZHkgb2YgdGhlIEhUVFAKICAgICAgICAgIHJlc3BvbnNlIHdpdGgg
YSAyMDAgKE9LKSBzdGF0dXMgY29kZToKICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAg
ICA8bGlzdCBzdHlsZT0naGFuZ2luZycgaGFuZ0luZGVudD0nNic+CiAgICAgICAgICAgIDx0IGhh
bmdUZXh0PSdhY2Nlc3NfdG9rZW4nPgogICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAg
ICAgICBSRVFVSVJFRC4gVGhlIGFjY2VzcyB0b2tlbiBpc3N1ZWQgYnkgdGhlIGF1dGhvcml6YXRp
b24gc2VydmVyLgogICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDx0IGhhbmdUZXh0PSd0b2tl
bl90eXBlJz4KICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgUkVRVUlSRUQu
IFRoZSB0eXBlIG9mIHRoZSB0b2tlbiBpc3N1ZWQgYXMgZGVzY3JpYmVkIGluIDx4cmVmIHRhcmdl
dD0ndG9rZW4tdHlwZXMnIC8+LgogICAgICAgICAgICAgIFZhbHVlIGlzIGNhc2UgaW5zZW5zaXRp
dmUuCiAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J2V4cGlyZXNfaW4n
PgogICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICBSRUNPTU1FTkRFRC4gVGhl
IGxpZmV0aW1lIGluIHNlY29uZHMgb2YgdGhlIGFjY2VzcyB0b2tlbi4gRm9yIGV4YW1wbGUsIHRo
ZSB2YWx1ZQogICAgICAgICAgICAgIDxzcGFueCBzdHlsZT0ndmVyYic+MzYwMDwvc3Bhbng+IGRl
bm90ZXMgdGhhdCB0aGUgYWNjZXNzIHRva2VuIHdpbGwgZXhwaXJlIGluIG9uZQogICAgICAgICAg
ICAgIGhvdXIgZnJvbSB0aGUgdGltZSB0aGUgcmVzcG9uc2Ugd2FzIGdlbmVyYXRlZC4gSWYgb21p
dHRlZCwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyCiAgICAgICAgICAgICAgU0hPVUxEIHByb3Zp
ZGUgdGhlIGV4cGlyYXRpb24gdGltZSB2aWEgb3RoZXIgbWVhbnMgb3IgZG9jdW1lbnQgdGhlIGRl
ZmF1bHQgdmFsdWUuCiAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J3Jl
ZnJlc2hfdG9rZW4nPgogICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICBPUFRJ
T05BTC4gVGhlIHJlZnJlc2ggdG9rZW4gd2hpY2ggY2FuIGJlIHVzZWQgdG8gb2J0YWluIG5ldyBh
Y2Nlc3MgdG9rZW5zIHVzaW5nIHRoZQogICAgICAgICAgICAgIHNhbWUgYXV0aG9yaXphdGlvbiBn
cmFudCBhcyBkZXNjcmliZWQgaW4gPHhyZWYgdGFyZ2V0PSd0b2tlbi1yZWZyZXNoJyAvPi4KICAg
ICAgICAgICAgPC90PgogICAgICAgICAgICA8dCBoYW5nVGV4dD0nc2NvcGUnPgogICAgICAgICAg
ICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICBPUFRJT05BTCwgaWYgaWRlbnRpY2FsIHRvIHRo
ZSBzY29wZSByZXF1ZXN0ZWQgYnkgdGhlIGNsaWVudCwgb3RoZXJ3aXNlIFJFUVVJUkVELiBUaGUK
ICAgICAgICAgICAgICBzY29wZSBvZiB0aGUgYWNjZXNzIHRva2VuIGFzIGRlc2NyaWJlZCBieSA8
eHJlZiB0YXJnZXQ9J3Njb3BlJyAvPi4KICAgICAgICAgICAgPC90PgogICAgICAgICAgPC9saXN0
PgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIFRoZSBwYXJhbWV0ZXJzIGFyZSBp
bmNsdWRlZCBpbiB0aGUgZW50aXR5IGJvZHkgb2YgdGhlIEhUVFAgcmVzcG9uc2UgdXNpbmcgdGhl
CiAgICAgICAgICA8c3Bhbnggc3R5bGU9J3ZlcmInPmFwcGxpY2F0aW9uL2pzb248L3NwYW54PiBt
ZWRpYSB0eXBlIGFzIGRlZmluZWQgYnkKICAgICAgICAgIDx4cmVmIHRhcmdldD0nUkZDNDYyNycg
Lz4uIFRoZSBwYXJhbWV0ZXJzIGFyZSBzZXJpYWxpemVkIGludG8gYSBKU09OIHN0cnVjdHVyZSBi
eQogICAgICAgICAgYWRkaW5nIGVhY2ggcGFyYW1ldGVyIGF0IHRoZSBoaWdoZXN0IHN0cnVjdHVy
ZSBsZXZlbC4gUGFyYW1ldGVyIG5hbWVzIGFuZCBzdHJpbmcgdmFsdWVzCiAgICAgICAgICBhcmUg
aW5jbHVkZWQgYXMgSlNPTiBzdHJpbmdzLiBOdW1lcmljYWwgdmFsdWVzIGFyZSBpbmNsdWRlZCBh
cyBKU09OIG51bWJlcnMuIFRoZSBvcmRlciBvZgogICAgICAgICAgcGFyYW1ldGVycyBkb2VzIG5v
dCBtYXR0ZXIgYW5kIGNhbiB2YXJ5LgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAg
IFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIGluY2x1ZGUgdGhlIEhUVFAKICAgICAgICAg
IDxzcGFueCBzdHlsZT0ndmVyYic+Q2FjaGUtQ29udHJvbDwvc3Bhbng+IHJlc3BvbnNlIGhlYWRl
ciBmaWVsZCA8eHJlZiB0YXJnZXQ9J1JGQzI2MTYnIC8+CiAgICAgICAgICB3aXRoIGEgdmFsdWUg
b2YgPHNwYW54IHN0eWxlPSd2ZXJiJz5uby1zdG9yZTwvc3Bhbng+IGluIGFueSByZXNwb25zZSBj
b250YWluaW5nIHRva2VucywKICAgICAgICAgIGNyZWRlbnRpYWxzLCBvciBvdGhlciBzZW5zaXRp
dmUgaW5mb3JtYXRpb24sIGFzIHdlbGwgYXMgdGhlCiAgICAgICAgICA8c3Bhbnggc3R5bGU9J3Zl
cmInPlByYWdtYTwvc3Bhbng+IHJlc3BvbnNlIGhlYWRlciBmaWVsZCA8eHJlZiB0YXJnZXQ9J1JG
QzI2MTYnIC8+IHdpdGggYQogICAgICAgICAgdmFsdWUgb2YgPHNwYW54IHN0eWxlPSd2ZXJiJz5u
by1jYWNoZTwvc3Bhbng+LgogICAgICAgIDwvdD4KICAgICAgICA8ZmlndXJlPgogICAgICAgICAg
PHByZWFtYmxlPgogICAgICAgICAgICBGb3IgZXhhbXBsZToKICAgICAgICAgIDwvcHJlYW1ibGU+
CiAgICAgICAgICA8YXJ0d29yaz4KICAgICAgICAgICAgPCFbQ0RBVEFbCiAgSFRUUC8xLjEgMjAw
IE9LCiAgQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9qc29uO2NoYXJzZXQ9VVRGLTgKICBDYWNo
ZS1Db250cm9sOiBuby1zdG9yZQogIFByYWdtYTogbm8tY2FjaGUKCiAgewogICAgImFjY2Vzc190
b2tlbiI6IjJZb3RuRlpGRWpyMXpDc2ljTVdwQUEiLAogICAgInRva2VuX3R5cGUiOiJleGFtcGxl
IiwKICAgICJleHBpcmVzX2luIjozNjAwLAogICAgInJlZnJlc2hfdG9rZW4iOiJ0R3p2M0pPa0Yw
WEc1UXgyVGxLV0lBIiwKICAgICJleGFtcGxlX3BhcmFtZXRlciI6ImV4YW1wbGVfdmFsdWUiCiAg
fQpdXT4KICAgICAgICAgIDwvYXJ0d29yaz4KICAgICAgICA8L2ZpZ3VyZT4KICAgICAgICA8dD4K
ICAgICAgICAgIFRoZSBjbGllbnQgTVVTVCBpZ25vcmUgdW5yZWNvZ25pemVkIHZhbHVlIG5hbWVz
IGluIHRoZSByZXNwb25zZS4gVGhlIHNpemVzIG9mIHRva2VucyBhbmQKICAgICAgICAgIG90aGVy
IHZhbHVlcyByZWNlaXZlZCBmcm9tIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhcmUgbGVmdCB1
bmRlZmluZWQuIFRoZSBjbGllbnQgc2hvdWxkCiAgICAgICAgICBhdm9pZCBtYWtpbmcgYXNzdW1w
dGlvbnMgYWJvdXQgdmFsdWUgc2l6ZXMuIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBTSE9VTEQg
ZG9jdW1lbnQgdGhlCiAgICAgICAgICBzaXplIG9mIGFueSB2YWx1ZSBpdCBpc3N1ZXMuCiAgICAg
ICAgPC90PgogICAgICA8L3NlY3Rpb24+CgogICAgICA8c2VjdGlvbiB0aXRsZT0nRXJyb3IgUmVz
cG9uc2UnIGFuY2hvcj0ndG9rZW4tZXJyb3JzJz4KICAgICAgICA8dD4KICAgICAgICAgIFRoZSBh
dXRob3JpemF0aW9uIHNlcnZlciByZXNwb25kcyB3aXRoIGFuIEhUVFAgNDAwIChCYWQgUmVxdWVz
dCkgc3RhdHVzIGNvZGUgKHVubGVzcwogICAgICAgICAgc3BlY2lmaWVkIG90aGVyd2lzZSkgYW5k
IGluY2x1ZGVzIHRoZSBmb2xsb3dpbmcgcGFyYW1ldGVycyB3aXRoIHRoZSByZXNwb25zZToKICAg
ICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICA8bGlzdCBzdHlsZT0naGFuZ2luZycgaGFu
Z0luZGVudD0nNic+CiAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdlcnJvcic+CiAgICAgICAgICAg
ICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgIFJFUVVJUkVELiBBIHNpbmdsZSBBU0NJSSA8eHJl
ZiB0YXJnZXQ9IlVTQVNDSUkiIC8+IGVycm9yIGNvZGUgZnJvbSB0aGUgZm9sbG93aW5nOgoKICAg
ICAgICAgICAgICA8bGlzdCBzdHlsZT0naGFuZ2luZycgaGFuZ0luZGVudD0nNic+CiAgICAgICAg
ICAgICAgICA8dCBoYW5nVGV4dD0naW52YWxpZF9yZXF1ZXN0Jz4KICAgICAgICAgICAgICAgICAg
PHZzcGFjZSAvPgogICAgICAgICAgICAgICAgICBUaGUgcmVxdWVzdCBpcyBtaXNzaW5nIGEgcmVx
dWlyZWQgcGFyYW1ldGVyLCBpbmNsdWRlcyBhbiB1bnN1cHBvcnRlZAogICAgICAgICAgICAgICAg
ICBwYXJhbWV0ZXIgdmFsdWUgKG90aGVyIHRoYW4gZ3JhbnQgdHlwZSksIHJlcGVhdHMgYSBwYXJh
bWV0ZXIsIGluY2x1ZGVzIG11bHRpcGxlCiAgICAgICAgICAgICAgICAgIGNyZWRlbnRpYWxzLCB1
dGlsaXplcyBtb3JlIHRoYW4gb25lIG1lY2hhbmlzbSBmb3IgYXV0aGVudGljYXRpbmcgdGhlIGNs
aWVudCwKICAgICAgICAgICAgICAgICAgb3IgaXMgb3RoZXJ3aXNlIG1hbGZvcm1lZC4KICAgICAg
ICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdpbnZhbGlkX2NsaWVu
dCc+CiAgICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgICAgQ2xpZW50
IGF1dGhlbnRpY2F0aW9uIGZhaWxlZCAoZS5nLiB1bmtub3duIGNsaWVudCwgbm8gY2xpZW50IGF1
dGhlbnRpY2F0aW9uCiAgICAgICAgICAgICAgICAgIGluY2x1ZGVkLCBvciB1bnN1cHBvcnRlZCBh
dXRoZW50aWNhdGlvbiBtZXRob2QpLiBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTUFZCiAgICAg
ICAgICAgICAgICAgIHJldHVybiBhbiBIVFRQIDQwMSAoVW5hdXRob3JpemVkKSBzdGF0dXMgY29k
ZSB0byBpbmRpY2F0ZSB3aGljaCBIVFRQCiAgICAgICAgICAgICAgICAgIGF1dGhlbnRpY2F0aW9u
IHNjaGVtZXMgYXJlIHN1cHBvcnRlZC4gSWYgdGhlIGNsaWVudCBhdHRlbXB0ZWQgdG8gYXV0aGVu
dGljYXRlIHZpYQogICAgICAgICAgICAgICAgICB0aGUgPHNwYW54IHN0eWxlPSd2ZXJiJz5BdXRo
b3JpemF0aW9uPC9zcGFueD4gcmVxdWVzdCBoZWFkZXIgZmllbGQsCiAgICAgICAgICAgICAgICAg
IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIHJlc3BvbmQgd2l0aCBhbiBIVFRQIDQwMSAo
VW5hdXRob3JpemVkKSBzdGF0dXMKICAgICAgICAgICAgICAgICAgY29kZSwgYW5kIGluY2x1ZGUg
dGhlIDxzcGFueCBzdHlsZT0ndmVyYic+V1dXLUF1dGhlbnRpY2F0ZTwvc3Bhbng+IHJlc3BvbnNl
CiAgICAgICAgICAgICAgICAgIGhlYWRlciBmaWVsZCBtYXRjaGluZyB0aGUgYXV0aGVudGljYXRp
b24gc2NoZW1lIHVzZWQgYnkgdGhlIGNsaWVudC4KICAgICAgICAgICAgICAgIDwvdD4KICAgICAg
ICAgICAgICAgIDx0IGhhbmdUZXh0PSdpbnZhbGlkX2dyYW50Jz4KICAgICAgICAgICAgICAgICAg
PHZzcGFjZSAvPgogICAgICAgICAgICAgICAgICBUaGUgcHJvdmlkZWQgYXV0aG9yaXphdGlvbiBn
cmFudCAoZS5nLiBhdXRob3JpemF0aW9uIGNvZGUsIHJlc291cmNlIG93bmVyCiAgICAgICAgICAg
ICAgICAgIGNyZWRlbnRpYWxzKSBvciByZWZyZXNoIHRva2VuIGlzIGludmFsaWQsIGV4cGlyZWQs
IHJldm9rZWQsIGRvZXMgbm90IG1hdGNoIHRoZQogICAgICAgICAgICAgICAgICByZWRpcmVjdGlv
biBVUkkgdXNlZCBpbiB0aGUgYXV0aG9yaXphdGlvbiByZXF1ZXN0LCBvciB3YXMgaXNzdWVkIHRv
IGFub3RoZXIKICAgICAgICAgICAgICAgICAgY2xpZW50LgogICAgICAgICAgICAgICAgPC90Pgog
ICAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J3VuYXV0aG9yaXplZF9jbGllbnQnPgogICAgICAg
ICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICAgIFRoZSBhdXRoZW50aWNhdGVk
IGNsaWVudCBpcyBub3QgYXV0aG9yaXplZCB0byB1c2UgdGhpcyBhdXRob3JpemF0aW9uIGdyYW50
IHR5cGUuCiAgICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0n
dW5zdXBwb3J0ZWRfZ3JhbnRfdHlwZSc+CiAgICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAg
ICAgICAgICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gZ3JhbnQgdHlwZSBpcyBub3Qgc3VwcG9y
dGVkIGJ5IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4KICAgICAgICAgICAgICAgIDwvdD4KICAg
ICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdpbnZhbGlkX3Njb3BlJz4KICAgICAgICAgICAgICAg
ICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAgICBUaGUgcmVxdWVzdGVkIHNjb3BlIGlzIGlu
dmFsaWQsIHVua25vd24sIG1hbGZvcm1lZCwgb3IgZXhjZWVkcyB0aGUgc2NvcGUgZ3JhbnRlZAog
ICAgICAgICAgICAgICAgICBieSB0aGUgcmVzb3VyY2Ugb3duZXIuCiAgICAgICAgICAgICAgICA8
L3Q+CiAgICAgICAgICAgICAgPC9saXN0PgoKCSAgICAgIFZhbHVlcyBmb3IgdGhlIDxzcGFueCBz
dHlsZT0ndmVyYic+ZXJyb3I8L3NwYW54PiBwYXJhbWV0ZXIgTVVTVCBOT1QgaW5jbHVkZQoJICAg
ICAgY2hhcmFjdGVycyBvdXRzaWRlIHRoZSBzZXQgJXgyMC0yMSAvICV4MjMtNUIgLyAleDVELTdF
LgogICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdlcnJvcl9kZXNjcmlw
dGlvbic+CiAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgIE9QVElPTkFMLiBB
IGh1bWFuLXJlYWRhYmxlIEFTQ0lJIDx4cmVmIHRhcmdldD0iVVNBU0NJSSIgLz4gdGV4dCBwcm92
aWRpbmcgYWRkaXRpb25hbCBpbmZvcm1hdGlvbiwKICAgICAgICAgICAgICB1c2VkIHRvIGFzc2lz
dCB0aGUgY2xpZW50IGRldmVsb3BlciBpbiB1bmRlcnN0YW5kaW5nIHRoZSBlcnJvciB0aGF0IG9j
Y3VycmVkLgoJICAgICAgPHZzcGFjZS8+CgkgICAgICBWYWx1ZXMgZm9yIHRoZSA8c3Bhbnggc3R5
bGU9J3ZlcmInPmVycm9yX2Rlc2NyaXB0aW9uPC9zcGFueD4gcGFyYW1ldGVyIE1VU1QgTk9UIGlu
Y2x1ZGUKCSAgICAgIGNoYXJhY3RlcnMgb3V0c2lkZSB0aGUgc2V0ICV4MjAtMjEgLyAleDIzLTVC
IC8gJXg1RC03RS4KICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8dCBoYW5nVGV4dD0nZXJy
b3JfdXJpJz4KICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgT1BUSU9OQUwu
IEEgVVJJIGlkZW50aWZ5aW5nIGEgaHVtYW4tcmVhZGFibGUgd2ViIHBhZ2Ugd2l0aCBpbmZvcm1h
dGlvbiBhYm91dCB0aGUKICAgICAgICAgICAgICBlcnJvciwgdXNlZCB0byBwcm92aWRlIHRoZSBj
bGllbnQgZGV2ZWxvcGVyIHdpdGggYWRkaXRpb25hbCBpbmZvcm1hdGlvbiBhYm91dCB0aGUKICAg
ICAgICAgICAgICBlcnJvci4KCSAgICAgIDx2c3BhY2UvPgoJICAgICAgVmFsdWVzIGZvciB0aGUg
PHNwYW54IHN0eWxlPSd2ZXJiJz5lcnJvcl91cmk8L3NwYW54PiBwYXJhbWV0ZXIKCSAgICAgIE1V
U1QgY29uZm9ybSB0byB0aGUgVVJJLVJlZmVyZW5jZSBzeW50YXgsIGFuZCB0aHVzIE1VU1QgTk9U
IGluY2x1ZGUKCSAgICAgIGNoYXJhY3RlcnMgb3V0c2lkZSB0aGUgc2V0ICV4MjEgLyAleDIzLTVC
IC8gJXg1RC03RS4KICAgICAgICAgICAgPC90PgogICAgICAgICAgPC9saXN0PgogICAgICAgIDwv
dD4KICAgICAgICA8dD4KICAgICAgICAgIFRoZSBwYXJhbWV0ZXJzIGFyZSBpbmNsdWRlZCBpbiB0
aGUgZW50aXR5IGJvZHkgb2YgdGhlIEhUVFAgcmVzcG9uc2UgdXNpbmcgdGhlCiAgICAgICAgICA8
c3Bhbnggc3R5bGU9J3ZlcmInPmFwcGxpY2F0aW9uL2pzb248L3NwYW54PiBtZWRpYSB0eXBlIGFz
IGRlZmluZWQgYnkKICAgICAgICAgIDx4cmVmIHRhcmdldD0nUkZDNDYyNycgLz4uIFRoZSBwYXJh
bWV0ZXJzIGFyZSBzZXJpYWxpemVkIGludG8gYSBKU09OIHN0cnVjdHVyZSBieQogICAgICAgICAg
YWRkaW5nIGVhY2ggcGFyYW1ldGVyIGF0IHRoZSBoaWdoZXN0IHN0cnVjdHVyZSBsZXZlbC4gUGFy
YW1ldGVyIG5hbWVzIGFuZCBzdHJpbmcgdmFsdWVzCiAgICAgICAgICBhcmUgaW5jbHVkZWQgYXMg
SlNPTiBzdHJpbmdzLiBOdW1lcmljYWwgdmFsdWVzIGFyZSBpbmNsdWRlZCBhcyBKU09OIG51bWJl
cnMuIFRoZSBvcmRlciBvZgogICAgICAgICAgcGFyYW1ldGVycyBkb2VzIG5vdCBtYXR0ZXIgYW5k
IGNhbiB2YXJ5LgogICAgICAgIDwvdD4KICAgICAgICA8ZmlndXJlPgogICAgICAgICAgPHByZWFt
YmxlPgogICAgICAgICAgICBGb3IgZXhhbXBsZToKICAgICAgICAgIDwvcHJlYW1ibGU+CiAgICAg
ICAgICA8YXJ0d29yaz4KICAgICAgICAgICAgPCFbQ0RBVEFbCiAgSFRUUC8xLjEgNDAwIEJhZCBS
ZXF1ZXN0CiAgQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9qc29uO2NoYXJzZXQ9VVRGLTgKICBD
YWNoZS1Db250cm9sOiBuby1zdG9yZQogIFByYWdtYTogbm8tY2FjaGUKCiAgewogICAgImVycm9y
IjoiaW52YWxpZF9yZXF1ZXN0IgogIH0KXV0+CiAgICAgICAgICA8L2FydHdvcms+CiAgICAgICAg
PC9maWd1cmU+CiAgICAgIDwvc2VjdGlvbj4KCiAgICA8L3NlY3Rpb24+CgogICAgPHNlY3Rpb24g
dGl0bGU9J1JlZnJlc2hpbmcgYW4gQWNjZXNzIFRva2VuJyBhbmNob3I9J3Rva2VuLXJlZnJlc2gn
PgogICAgICA8dD4KICAgICAgICBJZiB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgaXNzdWVkIGEg
cmVmcmVzaCB0b2tlbiB0byB0aGUgY2xpZW50LCB0aGUgY2xpZW50IG1ha2VzIGEKICAgICAgICBy
ZWZyZXNoIHJlcXVlc3QgdG8gdGhlIHRva2VuIGVuZHBvaW50IGJ5IGFkZGluZyB0aGUgZm9sbG93
aW5nIHBhcmFtZXRlcnMgdXNpbmcgdGhlCiAgICAgICAgPHNwYW54IHN0eWxlPSd2ZXJiJz5hcHBs
aWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ8L3NwYW54PiBmb3JtYXQgaW4gdGhlIEhUVFAg
cmVxdWVzdAogICAgICAgIGVudGl0eS1ib2R5OgogICAgICA8L3Q+CiAgICAgIDx0PgogICAgICAg
IDxsaXN0IHN0eWxlPSdoYW5naW5nJyBoYW5nSW5kZW50PSc2Jz4KICAgICAgICAgIDx0IGhhbmdU
ZXh0PSdncmFudF90eXBlJz4KICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICBSRVFV
SVJFRC4gVmFsdWUgTVVTVCBiZSBzZXQgdG8gPHNwYW54IHN0eWxlPSd2ZXJiJz5yZWZyZXNoX3Rv
a2VuPC9zcGFueD4uCiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8dCBoYW5nVGV4dD0ncmVmcmVz
aF90b2tlbic+CiAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgUkVRVUlSRUQuIFRo
ZSByZWZyZXNoIHRva2VuIGlzc3VlZCB0byB0aGUgY2xpZW50LgogICAgICAgICAgPC90PgogICAg
ICAgICAgPHQgaGFuZ1RleHQ9J3Njb3BlJz4KICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAg
ICAgICBPUFRJT05BTC4gVGhlIHNjb3BlIG9mIHRoZSBhY2Nlc3MgcmVxdWVzdCBhcyBkZXNjcmli
ZWQgYnkgPHhyZWYgdGFyZ2V0PSdzY29wZScgLz4uCiAgICAgICAgICAgIFRoZSByZXF1ZXN0ZWQg
c2NvcGUgTVVTVCBOT1QgaW5jbHVkZSBhbnkgc2NvcGUgbm90IG9yaWdpbmFsbHkgZ3JhbnRlZCBi
eSB0aGUgcmVzb3VyY2UKICAgICAgICAgICAgb3duZXIsIGFuZCBpZiBvbWl0dGVkIGlzIHRyZWF0
ZWQgYXMgZXF1YWwgdG8gdGhlIHNjb3BlIG9yaWdpbmFsbHkgZ3JhbnRlZCBieSB0aGUKICAgICAg
ICAgICAgcmVzb3VyY2Ugb3duZXIuCiAgICAgICAgICA8L3Q+CiAgICAgICAgPC9saXN0PgogICAg
ICA8L3Q+CiAgICAgIDx0PgogICAgICAgIEJlY2F1c2UgcmVmcmVzaCB0b2tlbnMgYXJlIHR5cGlj
YWxseSBsb25nLWxhc3RpbmcgY3JlZGVudGlhbHMgdXNlZCB0byByZXF1ZXN0IGFkZGl0aW9uYWwK
ICAgICAgICBhY2Nlc3MgdG9rZW5zLCB0aGUgcmVmcmVzaCB0b2tlbiBpcyBib3VuZCB0byB0aGUg
Y2xpZW50IHdoaWNoIGl0IHdhcyBpc3N1ZWQuIElmIHRoZSBjbGllbnQgdHlwZQogICAgICAgIGlz
IGNvbmZpZGVudGlhbCBvciB0aGUgY2xpZW50IHdhcyBpc3N1ZWQgY2xpZW50IGNyZWRlbnRpYWxz
IChvciBhc3NpZ25lZCBvdGhlcgogICAgICAgIGF1dGhlbnRpY2F0aW9uIHJlcXVpcmVtZW50cyks
IHRoZSBjbGllbnQgTVVTVCBhdXRoZW50aWNhdGUgd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2
ZXIgYXMKICAgICAgICBkZXNjcmliZWQgaW4gPHhyZWYgdGFyZ2V0PSd0b2tlbi1lbmRwb2ludC1h
dXRoJyAvPi4KICAgICAgPC90PgogICAgICA8ZmlndXJlPgogICAgICAgIDxwcmVhbWJsZT4KICAg
ICAgICAgIEZvciBleGFtcGxlLCB0aGUgY2xpZW50IG1ha2VzIHRoZSBmb2xsb3dpbmcgSFRUUCBy
ZXF1ZXN0IHVzaW5nIHRyYW5zcG9ydC1sYXllcgogICAgICAgICAgc2VjdXJpdHkgKGV4dHJhIGxp
bmUgYnJlYWtzIGFyZSBmb3IgZGlzcGxheSBwdXJwb3NlcyBvbmx5KToKICAgICAgICA8L3ByZWFt
YmxlPgogICAgICAgIDxhcnR3b3JrPgogICAgICAgICAgPCFbQ0RBVEFbCiAgUE9TVCAvdG9rZW4g
SFRUUC8xLjEKICBIb3N0OiBzZXJ2ZXIuZXhhbXBsZS5jb20KICBBdXRob3JpemF0aW9uOiBCYXNp
YyBjelpDYUdSU2EzRjBNenBuV0RGbVFtRjBNMkpXCiAgQ29udGVudC1UeXBlOiBhcHBsaWNhdGlv
bi94LXd3dy1mb3JtLXVybGVuY29kZWQ7Y2hhcnNldD1VVEYtOAogIAogIGdyYW50X3R5cGU9cmVm
cmVzaF90b2tlbiZyZWZyZXNoX3Rva2VuPXRHenYzSk9rRjBYRzVReDJUbEtXSUEKXV0+CiAgICAg
ICAgPC9hcnR3b3JrPgogICAgICA8L2ZpZ3VyZT4KICAgICAgPHQ+CiAgICAgICAgVGhlIGF1dGhv
cml6YXRpb24gc2VydmVyIE1VU1Q6CiAgICAgIDwvdD4KICAgICAgPHQ+CiAgICAgICAgPGxpc3Qg
c3R5bGU9J3N5bWJvbHMnPgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIHJlcXVpcmUgY2xpZW50
IGF1dGhlbnRpY2F0aW9uIGZvciBjb25maWRlbnRpYWwgY2xpZW50cyBvciBmb3IgYW55IGNsaWVu
dCB0aGF0IHdhcwogICAgICAgICAgICBpc3N1ZWQgY2xpZW50IGNyZWRlbnRpYWxzIChvciB3aXRo
IG90aGVyIGF1dGhlbnRpY2F0aW9uIHJlcXVpcmVtZW50cyksCiAgICAgICAgICA8L3Q+CiAgICAg
ICAgICA8dD4KICAgICAgICAgICAgYXV0aGVudGljYXRlIHRoZSBjbGllbnQgaWYgY2xpZW50IGF1
dGhlbnRpY2F0aW9uIGlzIGluY2x1ZGVkIGFuZCBlbnN1cmUgdGhlCiAgICAgICAgICAgIHJlZnJl
c2ggdG9rZW4gd2FzIGlzc3VlZCB0byB0aGUgYXV0aGVudGljYXRlZCBjbGllbnQsIGFuZAogICAg
ICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIHZhbGlkYXRlIHRoZSByZWZyZXNo
IHRva2VuLgogICAgICAgICAgPC90PgogICAgICAgIDwvbGlzdD4KICAgICAgPC90PgogICAgICA8
dD4KICAgICAgICBJZiB2YWxpZCBhbmQgYXV0aG9yaXplZCwgdGhlIGF1dGhvcml6YXRpb24gc2Vy
dmVyIGlzc3VlcyBhbiBhY2Nlc3MgdG9rZW4gYXMgZGVzY3JpYmVkIGluCiAgICAgICAgPHhyZWYg
dGFyZ2V0PSd0b2tlbi1yZXNwb25zZScgLz4uIElmIHRoZSByZXF1ZXN0IGZhaWxlZCB2ZXJpZmlj
YXRpb24gb3IgaXMgaW52YWxpZCwgdGhlCiAgICAgICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgcmV0
dXJucyBhbiBlcnJvciByZXNwb25zZSBhcyBkZXNjcmliZWQgaW4KICAgICAgICA8eHJlZiB0YXJn
ZXQ9J3Rva2VuLWVycm9ycycgLz4uCiAgICAgIDwvdD4KICAgICAgPHQ+CiAgICAgICAgVGhlIGF1
dGhvcml6YXRpb24gc2VydmVyIE1BWSBpc3N1ZSBhIG5ldyByZWZyZXNoIHRva2VuLCBpbiB3aGlj
aCBjYXNlIHRoZSBjbGllbnQgTVVTVAogICAgICAgIGRpc2NhcmQgdGhlIG9sZCByZWZyZXNoIHRv
a2VuIGFuZCByZXBsYWNlIGl0IHdpdGggdGhlIG5ldyByZWZyZXNoIHRva2VuLiBUaGUgYXV0aG9y
aXphdGlvbgogICAgICAgIHNlcnZlciBNQVkgcmV2b2tlIHRoZSBvbGQgcmVmcmVzaCB0b2tlbiBh
ZnRlciBpc3N1aW5nIGEgbmV3IHJlZnJlc2ggdG9rZW4gdG8gdGhlIGNsaWVudC4gSWYKICAgICAg
ICBhIG5ldyByZWZyZXNoIHRva2VuIGlzIGlzc3VlZCwgdGhlIHJlZnJlc2ggdG9rZW4gc2NvcGUg
TVVTVCBiZSBpZGVudGljYWwgdG8gdGhhdCBvZiB0aGUKICAgICAgICByZWZyZXNoIHRva2VuIGlu
Y2x1ZGVkIGJ5IHRoZSBjbGllbnQgaW4gdGhlIHJlcXVlc3QuCiAgICAgIDwvdD4KICAgIDwvc2Vj
dGlvbj4KCiAgICA8c2VjdGlvbiB0aXRsZT0nQWNjZXNzaW5nIFByb3RlY3RlZCBSZXNvdXJjZXMn
IGFuY2hvcj0nYWNjZXNzLXJlc291cmNlJz4KICAgICAgPHQ+CiAgICAgICAgVGhlIGNsaWVudCBh
Y2Nlc3NlcyBwcm90ZWN0ZWQgcmVzb3VyY2VzIGJ5IHByZXNlbnRpbmcgdGhlIGFjY2VzcyB0b2tl
biB0byB0aGUgcmVzb3VyY2UKICAgICAgICBzZXJ2ZXIuIFRoZSByZXNvdXJjZSBzZXJ2ZXIgTVVT
VCB2YWxpZGF0ZSB0aGUgYWNjZXNzIHRva2VuIGFuZCBlbnN1cmUgaXQgaGFzIG5vdCBleHBpcmVk
CiAgICAgICAgYW5kIHRoYXQgaXRzIHNjb3BlIGNvdmVycyB0aGUgcmVxdWVzdGVkIHJlc291cmNl
LiBUaGUgbWV0aG9kcyB1c2VkIGJ5IHRoZSByZXNvdXJjZSBzZXJ2ZXIKICAgICAgICB0byB2YWxp
ZGF0ZSB0aGUgYWNjZXNzIHRva2VuIChhcyB3ZWxsIGFzIGFueSBlcnJvciByZXNwb25zZXMpIGFy
ZSBiZXlvbmQgdGhlIHNjb3BlIG9mIHRoaXMKICAgICAgICBzcGVjaWZpY2F0aW9uLCBidXQgZ2Vu
ZXJhbGx5IGludm9sdmUgYW4gaW50ZXJhY3Rpb24gb3IgY29vcmRpbmF0aW9uIGJldHdlZW4gdGhl
IHJlc291cmNlCiAgICAgICAgc2VydmVyIGFuZCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuCiAg
ICAgIDwvdD4KICAgICAgPHQ+CiAgICAgICAgVGhlIG1ldGhvZCBpbiB3aGljaCB0aGUgY2xpZW50
IHV0aWxpemVzIHRoZSBhY2Nlc3MgdG9rZW4gdG8gYXV0aGVudGljYXRlIHdpdGggdGhlIHJlc291
cmNlCiAgICAgICAgc2VydmVyIGRlcGVuZHMgb24gdGhlIHR5cGUgb2YgYWNjZXNzIHRva2VuIGlz
c3VlZCBieSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuIFR5cGljYWxseSwKICAgICAgICBpdCBp
bnZvbHZlcyB1c2luZyB0aGUgSFRUUCA8c3Bhbnggc3R5bGU9J3ZlcmInPkF1dGhvcml6YXRpb248
L3NwYW54PiByZXF1ZXN0IGhlYWRlciBmaWVsZAogICAgICAgIDx4cmVmIHRhcmdldD0nUkZDMjYx
NycgLz4gd2l0aCBhbiBhdXRoZW50aWNhdGlvbiBzY2hlbWUgZGVmaW5lZCBieSB0aGUgYWNjZXNz
IHRva2VuIHR5cGUKICAgICAgICBzcGVjaWZpY2F0aW9uLgogICAgICA8L3Q+CgogICAgICA8c2Vj
dGlvbiB0aXRsZT0nQWNjZXNzIFRva2VuIFR5cGVzJyBhbmNob3I9J3Rva2VuLXR5cGVzJz4KICAg
ICAgICA8dD4KICAgICAgICAgIFRoZSBhY2Nlc3MgdG9rZW4gdHlwZSBwcm92aWRlcyB0aGUgY2xp
ZW50IHdpdGggdGhlIGluZm9ybWF0aW9uIHJlcXVpcmVkIHRvIHN1Y2Nlc3NmdWxseQogICAgICAg
ICAgdXRpbGl6ZSB0aGUgYWNjZXNzIHRva2VuIHRvIG1ha2UgYSBwcm90ZWN0ZWQgcmVzb3VyY2Ug
cmVxdWVzdCAoYWxvbmcgd2l0aCB0eXBlLXNwZWNpZmljCiAgICAgICAgICBhdHRyaWJ1dGVzKS4g
VGhlIGNsaWVudCBNVVNUIE5PVCB1c2UgYW4gYWNjZXNzIHRva2VuIGlmIGl0IGRvZXMgbm90IHVu
ZGVyc3RhbmQgdGhlIHRva2VuCiAgICAgICAgICB0eXBlLgogICAgICAgIDwvdD4KICAgICAgICA8
ZmlndXJlPgogICAgICAgICAgPHByZWFtYmxlPgogICAgICAgICAgICBGb3IgZXhhbXBsZSwgdGhl
IDxzcGFueCBzdHlsZT0ndmVyYic+YmVhcmVyPC9zcGFueD4gdG9rZW4gdHlwZSBkZWZpbmVkIGlu
CiAgICAgICAgICAgIDx4cmVmIHRhcmdldD0nSS1ELmlldGYtb2F1dGgtdjItYmVhcmVyJyAvPiBp
cyB1dGlsaXplZCBieSBzaW1wbHkgaW5jbHVkaW5nIHRoZSBhY2Nlc3MKICAgICAgICAgICAgdG9r
ZW4gc3RyaW5nIGluIHRoZSByZXF1ZXN0OgogICAgICAgICAgPC9wcmVhbWJsZT4KICAgICAgICAg
IDxhcnR3b3JrPgogICAgICAgICAgICA8IVtDREFUQVsKICBHRVQgL3Jlc291cmNlLzEgSFRUUC8x
LjEKICBIb3N0OiBleGFtcGxlLmNvbQogIEF1dGhvcml6YXRpb246IEJlYXJlciBtRl85LkI1Zi00
LjFKcU0KXV0+CiAgICAgICAgICA8L2FydHdvcms+CiAgICAgICAgPC9maWd1cmU+CiAgICAgICAg
PGZpZ3VyZT4KICAgICAgICAgIDxwcmVhbWJsZT4KICAgICAgICAgICAgd2hpbGUgdGhlIDxzcGFu
eCBzdHlsZT0ndmVyYic+bWFjPC9zcGFueD4gdG9rZW4gdHlwZSBkZWZpbmVkIGluCiAgICAgICAg
ICAgIDx4cmVmIHRhcmdldD0nSS1ELmlldGYtb2F1dGgtdjItaHR0cC1tYWMnIC8+IGlzIHV0aWxp
emVkIGJ5IGlzc3VpbmcgYSBNQUMga2V5CiAgICAgICAgICAgIHRvZ2V0aGVyIHdpdGggdGhlIGFj
Y2VzcyB0b2tlbiB3aGljaCBpcyB1c2VkIHRvIHNpZ24gY2VydGFpbiBjb21wb25lbnRzIG9mIHRo
ZSBIVFRQCiAgICAgICAgICAgIHJlcXVlc3RzOgogICAgICAgICAgPC9wcmVhbWJsZT4KICAgICAg
ICAgIDxhcnR3b3JrPgogICAgICAgICAgICA8IVtDREFUQVsKICBHRVQgL3Jlc291cmNlLzEgSFRU
UC8xLjEKICBIb3N0OiBleGFtcGxlLmNvbQogIEF1dGhvcml6YXRpb246IE1BQyBpZD0iaDQ4MGRq
czkzaGQ4IiwKICAgICAgICAgICAgICAgICAgICAgbm9uY2U9IjI3NDMxMjpkajgzaHM5cyIsCiAg
ICAgICAgICAgICAgICAgICAgIG1hYz0ia0RadmRka25keHZoR1JYWmh2dURqRVdoR2VFPSIKXV0+
CiAgICAgICAgICA8L2FydHdvcms+CiAgICAgICAgPC9maWd1cmU+CiAgICAgICAgPHQ+CiAgICAg
ICAgICBUaGUgYWJvdmUgZXhhbXBsZXMgYXJlIHByb3ZpZGVkIGZvciBpbGx1c3RyYXRpb24gcHVy
cG9zZXMgb25seS4gRGV2ZWxvcGVycyBhcmUgYWR2aXNlZCB0bwogICAgICAgICAgY29uc3VsdCB0
aGUgPHhyZWYgdGFyZ2V0PSdJLUQuaWV0Zi1vYXV0aC12Mi1iZWFyZXInIC8+IGFuZAogICAgICAg
ICAgPHhyZWYgdGFyZ2V0PSdJLUQuaWV0Zi1vYXV0aC12Mi1odHRwLW1hYycgLz4gc3BlY2lmaWNh
dGlvbnMgYmVmb3JlIHVzZS4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBFYWNo
IGFjY2VzcyB0b2tlbiB0eXBlIGRlZmluaXRpb24gc3BlY2lmaWVzIHRoZSBhZGRpdGlvbmFsIGF0
dHJpYnV0ZXMgKGlmIGFueSkgc2VudCB0bwogICAgICAgICAgdGhlIGNsaWVudCB0b2dldGhlciB3
aXRoIHRoZSA8c3Bhbnggc3R5bGU9J3ZlcmInPmFjY2Vzc190b2tlbjwvc3Bhbng+IHJlc3BvbnNl
IHBhcmFtZXRlci4KICAgICAgICAgIEl0IGFsc28gZGVmaW5lcyB0aGUgSFRUUCBhdXRoZW50aWNh
dGlvbiBtZXRob2QgdXNlZCB0byBpbmNsdWRlIHRoZSBhY2Nlc3MgdG9rZW4gd2hlbgogICAgICAg
ICAgbWFraW5nIGEgcHJvdGVjdGVkIHJlc291cmNlIHJlcXVlc3QuCiAgICAgICAgPC90PgogICAg
ICA8L3NlY3Rpb24+CgogICAgICA8c2VjdGlvbiB0aXRsZT0nRXJyb3IgUmVzcG9uc2UnIGFuY2hv
cj0ncmVzb3VyY2UtZXJyb3JzJz4KCTx0PgoJICBJZiBhIHJlc291cmNlIGFjY2VzcyByZXF1ZXN0
IGZhaWxzLCB0aGUgcmVzb3VyY2Ugc2VydmVyIFNIT1VMRCBpbmZvcm0KCSAgdGhlIGNsaWVudCBv
ZiB0aGUgZXJyb3IuICBXaGlsZSB0aGUgc3BlY2lmaWMgZXJyb3IgcmVzcG9uc2VzIHBvc3NpYmxl
CgkgIGFuZCBtZXRob2RzIGZvciB0cmFuc21pdHRpbmcgdGhvc2UgZXJyb3JzIHdoZW4gdXNpbmcg
YW55IHBhcnRpY3VsYXIKCSAgYWNjZXNzIHRva2VuIHR5cGUgYXJlIGJleW9uZCB0aGUgc2NvcGUg
b2YgdGhpcyBzcGVjaWZpY2F0aW9uLAoJICBhbnkgPHNwYW54IHN0eWxlPSd2ZXJiJz5lcnJvcjwv
c3Bhbng+IGNvZGUgdmFsdWVzIGRlZmluZWQgZm9yIHVzZSB3aXRoCgkgIE9BdXRoIHJlc291cmNl
IGFjY2VzcyBtZXRob2RzIE1VU1QgYmUgcmVnaXN0ZXJlZAoJICAoZm9sbG93aW5nIHRoZSBwcm9j
ZWR1cmVzIGluIDx4cmVmIHRhcmdldD0nZXJyb3ItcmVnaXN0cnknIC8+KS4KCTwvdD4KCTx0PgoJ
ICBTcGVjaWZpY2FsbHksIHdoZW4gdGhlIE9BdXRoIHJlc291cmNlIGFjY2VzcyBtZXRob2QgdXNl
cyBhbgoJICA8c3Bhbnggc3R5bGU9J3ZlcmInPmVycm9yPC9zcGFueD4gcmVzdWx0IHBhcmFtZXRl
ciB0byByZXR1cm4KCSAgYW4gZXJyb3IgY29kZSB2YWx1ZSB0aGF0IGluZGljYXRlcyB0aGUgcmVz
b3VyY2UgYWNjZXNzIGVycm9yCgkgIGVuY291bnRlcmVkLCB0aGVuIHRoZXNlIGVycm9yIGNvZGUg
dmFsdWVzIE1VU1QgYmUgcmVnaXN0ZXJlZC4KCSAgVmFsdWVzIGZvciB0aGVzZSA8c3Bhbnggc3R5
bGU9J3ZlcmInPmVycm9yPC9zcGFueD4gY29kZXMgTVVTVCBOT1QgaW5jbHVkZQoJICBjaGFyYWN0
ZXJzIG91dHNpZGUgdGhlIHNldCAleDIwLTIxIC8gJXgyMy01QiAvICV4NUQtN0UuCgkgIFdoZW4g
YW4gIDxzcGFueCBzdHlsZT0ndmVyYic+ZXJyb3I8L3NwYW54PiBjb2RlIHZhbHVlIGlzIHJlZ2lz
dGVyZWQKCSAgZm9yIHVzZSBieSBhbiBPQXV0aCByZXNvdXJjZSBhY2Nlc3MgbWV0aG9kLCBzaG91
bGQgdGhhdCBzYW1lIGNvZGUgYWxyZWFkeQoJICBiZSByZWdpc3RlcmVkIGZvciB1c2UgYnkgYW5v
dGhlciBPQXV0aCByZXNvdXJjZSBhY2Nlc3MgbWV0aG9kIG9yIGF0CgkgIGEgZGlmZmVyZW50IE9B
dXRoIGVycm9yIHVzYWdlIGxvY2F0aW9uLCB0aGVuIHRoZSBtZWFuaW5nIG9mIHRoYXQgZXJyb3Ig
Y29kZQoJICB2YWx1ZSBpbiBpbiB0aGUgbmV3IHJlZ2lzdHJhdGlvbiBNVVNUIGJlIGNvbnNpc3Rl
bnQgd2l0aCB0aGUgaXRzIG1lYW5pbmcKCSAgaW4gcHJpb3IgcmVnaXN0cmF0aW9ucy4KCTwvdD4K
CTx0PgoJICBUaGUgT0F1dGggcmVzb3VyY2UgYWNjZXNzIGVycm9yIHJlZ2lzdHJhdGlvbiByZXF1
aXJlbWVudCBhcHBsaWVzIG9ubHkgdG8KCSAgPHNwYW54IHN0eWxlPSd2ZXJiJz5lcnJvcjwvc3Bh
bng+IGNvZGUgdmFsdWVzIGFuZCBub3QgdG8gb3RoZXIKCSAgbWVhbnMgb2YgcmV0dXJuaW5nIGVy
cm9yIGluZGljYXRpb25zLCBpbmNsdWRpbmcgSFRUUCBzdGF0dXMgY29kZXMsCgkgIG9yIG90aGVy
IGVycm9yLXJlbGF0ZWQgcmVzdWx0IHBhcmFtZXRlcnMsIHN1Y2ggYXMKCSAgPHNwYW54IHN0eWxl
PSd2ZXJiJz5lcnJvcl9kZXNjcmlwdGlvbjwvc3Bhbng+LAoJICA8c3Bhbnggc3R5bGU9J3ZlcmIn
PmVycm9yX3VyaTwvc3Bhbng+LCBvciBvdGhlciBraW5kcyBvZiBlcnJvcgoJICBzdGF0dXMgcmV0
dXJuIG1ldGhvZHMgdGhhdCBtYXkgYmUgZW1wbG95ZWQgYnkgdGhlIHJlc291cmNlIGFjY2VzcyBt
ZXRob2QuCgkgIFRoZXJlIGlzIG5vIHJlcXVpcmVtZW50IHRoYXQgT0F1dGggcmVzb3VyY2UgYWNj
ZXNzIG1ldGhvZHMKCSAgZW1wbG95IGFuIDxzcGFueCBzdHlsZT0ndmVyYic+ZXJyb3I8L3NwYW54
PiBwYXJhbWV0ZXIuCgk8L3Q+CiAgICAgIDwvc2VjdGlvbj4KCiAgICA8L3NlY3Rpb24+CgogICAg
PHNlY3Rpb24gdGl0bGU9J0V4dGVuc2liaWxpdHknIGFuY2hvcj0nZXh0ZW5zaW9ucyc+CgogICAg
ICA8c2VjdGlvbiB0aXRsZT0nRGVmaW5pbmcgQWNjZXNzIFRva2VuIFR5cGVzJyBhbmNob3I9J25l
dy10eXBlcyc+CiAgICAgICAgPHQ+CiAgICAgICAgICBBY2Nlc3MgdG9rZW4gdHlwZXMgY2FuIGJl
IGRlZmluZWQgaW4gb25lIG9mIHR3byB3YXlzOiByZWdpc3RlcmVkIGluIHRoZSBhY2Nlc3MgdG9r
ZW4gdHlwZQogICAgICAgICAgcmVnaXN0cnkgKGZvbGxvd2luZyB0aGUgcHJvY2VkdXJlcyBpbiA8
eHJlZiB0YXJnZXQ9J3R5cGUtcmVnaXN0cnknIC8+KSwgb3IgYnkgdXNpbmcgYQogICAgICAgICAg
dW5pcXVlIGFic29sdXRlIFVSSSBhcyBpdHMgbmFtZS4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+
CiAgICAgICAgICBUeXBlcyB1dGlsaXppbmcgYSBVUkkgbmFtZSBTSE9VTEQgYmUgbGltaXRlZCB0
byB2ZW5kb3Itc3BlY2lmaWMgaW1wbGVtZW50YXRpb25zIHRoYXQgYXJlCiAgICAgICAgICBub3Qg
Y29tbW9ubHkgYXBwbGljYWJsZSwgYW5kIGFyZSBzcGVjaWZpYyB0byB0aGUgaW1wbGVtZW50YXRp
b24gZGV0YWlscyBvZiB0aGUgcmVzb3VyY2UKICAgICAgICAgIHNlcnZlciB3aGVyZSB0aGV5IGFy
ZSB1c2VkLgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIEFsbCBvdGhlciB0eXBl
cyBNVVNUIGJlIHJlZ2lzdGVyZWQuIFR5cGUgbmFtZXMgTVVTVCBjb25mb3JtIHRvIHRoZSB0eXBl
LW5hbWUgQUJORi4gSWYgdGhlCiAgICAgICAgICB0eXBlIGRlZmluaXRpb24gaW5jbHVkZXMgYSBu
ZXcgSFRUUCBhdXRoZW50aWNhdGlvbiBzY2hlbWUsIHRoZSB0eXBlIG5hbWUgU0hPVUxEIGJlCiAg
ICAgICAgICBpZGVudGljYWwgdG8gdGhlIEhUVFAgYXV0aGVudGljYXRpb24gc2NoZW1lIG5hbWUg
KGFzIGRlZmluZWQgYnkgPHhyZWYgdGFyZ2V0PSdSRkMyNjE3JyAvPikuCiAgICAgICAgICBUaGUg
dG9rZW4gdHlwZSA8c3Bhbnggc3R5bGU9J3ZlcmInPmV4YW1wbGU8L3NwYW54PiBpcyByZXNlcnZl
ZCBmb3IgdXNlIGluIGV4YW1wbGVzLgogICAgICAgIDwvdD4KICAgICAgICA8ZmlndXJlPgogICAg
ICAgICAgPGFydHdvcms+CiAgICAgICAgICAgIDwhW0NEQVRBWwogIHR5cGUtbmFtZSAgPSAxKm5h
bWUtY2hhcgogIG5hbWUtY2hhciAgID0gIi0iIC8gIi4iIC8gIl8iIC8gRElHSVQgLyBBTFBIQQpd
XT4KICAgICAgICAgIDwvYXJ0d29yaz4KICAgICAgICA8L2ZpZ3VyZT4KICAgICAgPC9zZWN0aW9u
PgoKICAgICAgPHNlY3Rpb24gdGl0bGU9J0RlZmluaW5nIE5ldyBFbmRwb2ludCBQYXJhbWV0ZXJz
Jz4KICAgICAgICA8dD4KICAgICAgICAgIE5ldyByZXF1ZXN0IG9yIHJlc3BvbnNlIHBhcmFtZXRl
cnMgZm9yIHVzZSB3aXRoIHRoZSBhdXRob3JpemF0aW9uIGVuZHBvaW50IG9yIHRoZSB0b2tlbgog
ICAgICAgICAgZW5kcG9pbnQgYXJlIGRlZmluZWQgYW5kIHJlZ2lzdGVyZWQgaW4gdGhlIHBhcmFt
ZXRlcnMgcmVnaXN0cnkgZm9sbG93aW5nIHRoZSBwcm9jZWR1cmUgaW4KICAgICAgICAgIDx4cmVm
IHRhcmdldD0ncGFyYW1ldGVycy1yZWdpc3RyeScgLz4uCiAgICAgICAgPC90PgogICAgICAgIDx0
PgogICAgICAgICAgUGFyYW1ldGVyIG5hbWVzIE1VU1QgY29uZm9ybSB0byB0aGUgcGFyYW0tbmFt
ZSBBQk5GIGFuZCBwYXJhbWV0ZXIgdmFsdWVzIHN5bnRheCBNVVNUIGJlCiAgICAgICAgICB3ZWxs
LWRlZmluZWQgKGUuZy4sIHVzaW5nIEFCTkYsIG9yIGEgcmVmZXJlbmNlIHRvIHRoZSBzeW50YXgg
b2YgYW4gZXhpc3RpbmcgcGFyYW1ldGVyKS4KICAgICAgICA8L3Q+CiAgICAgICAgPGZpZ3VyZT4K
ICAgICAgICAgIDxhcnR3b3JrPgogICAgICAgICAgICA8IVtDREFUQVsKICBwYXJhbS1uYW1lICA9
IDEqbmFtZS1jaGFyCiAgbmFtZS1jaGFyICAgPSAiLSIgLyAiLiIgLyAiXyIgLyBESUdJVCAvIEFM
UEhBCl1dPgogICAgICAgICAgPC9hcnR3b3JrPgogICAgICAgIDwvZmlndXJlPgogICAgICAgIDx0
PgogICAgICAgICAgVW5yZWdpc3RlcmVkIHZlbmRvci1zcGVjaWZpYyBwYXJhbWV0ZXIgZXh0ZW5z
aW9ucyB0aGF0IGFyZSBub3QgY29tbW9ubHkgYXBwbGljYWJsZSwgYW5kCiAgICAgICAgICBhcmUg
c3BlY2lmaWMgdG8gdGhlIGltcGxlbWVudGF0aW9uIGRldGFpbHMgb2YgdGhlIGF1dGhvcml6YXRp
b24gc2VydmVyIHdoZXJlIHRoZXkgYXJlCiAgICAgICAgICB1c2VkIFNIT1VMRCB1dGlsaXplIGEg
dmVuZG9yLXNwZWNpZmljIHByZWZpeCB0aGF0IGlzIG5vdCBsaWtlbHkgdG8gY29uZmxpY3Qgd2l0
aCBvdGhlcgogICAgICAgICAgcmVnaXN0ZXJlZCB2YWx1ZXMgKGUuZy4gYmVnaW4gd2l0aCAnY29t
cGFueW5hbWVfJykuCiAgICAgICAgPC90PgogICAgICA8L3NlY3Rpb24+CgogICAgICA8c2VjdGlv
biB0aXRsZT0nRGVmaW5pbmcgTmV3IEF1dGhvcml6YXRpb24gR3JhbnQgVHlwZXMnPgogICAgICAg
IDx0PgogICAgICAgICAgTmV3IGF1dGhvcml6YXRpb24gZ3JhbnQgdHlwZXMgY2FuIGJlIGRlZmlu
ZWQgYnkgYXNzaWduaW5nIHRoZW0gYSB1bmlxdWUgYWJzb2x1dGUgVVJJIGZvcgogICAgICAgICAg
dXNlIHdpdGggdGhlIDxzcGFueCBzdHlsZT0ndmVyYic+Z3JhbnRfdHlwZTwvc3Bhbng+IHBhcmFt
ZXRlci4gSWYgdGhlIGV4dGVuc2lvbiBncmFudAogICAgICAgICAgdHlwZSByZXF1aXJlcyBhZGRp
dGlvbmFsIHRva2VuIGVuZHBvaW50IHBhcmFtZXRlcnMsIHRoZXkgTVVTVCBiZSByZWdpc3RlcmVk
IGluIHRoZSBPQXV0aAogICAgICAgICAgcGFyYW1ldGVycyByZWdpc3RyeSBhcyBkZXNjcmliZWQg
YnkgPHhyZWYgdGFyZ2V0PSdwYXJhbWV0ZXJzLXJlZ2lzdHJ5JyAvPi4KICAgICAgICA8L3Q+CiAg
ICAgIDwvc2VjdGlvbj4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSdEZWZpbmluZyBOZXcgQXV0aG9y
aXphdGlvbiBFbmRwb2ludCBSZXNwb25zZSBUeXBlcycgYW5jaG9yPSdyZXNwb25zZS10eXBlLWV4
dCc+CiAgICAgICAgPHQ+CiAgICAgICAgICBOZXcgcmVzcG9uc2UgdHlwZXMgZm9yIHVzZSB3aXRo
IHRoZSBhdXRob3JpemF0aW9uIGVuZHBvaW50IGFyZSBkZWZpbmVkIGFuZCByZWdpc3RlcmVkIGlu
CiAgICAgICAgICB0aGUgYXV0aG9yaXphdGlvbiBlbmRwb2ludCByZXNwb25zZSB0eXBlIHJlZ2lz
dHJ5IGZvbGxvd2luZyB0aGUgcHJvY2VkdXJlIGluCiAgICAgICAgICA8eHJlZiB0YXJnZXQ9J3Jl
c3BvbnNlLXR5cGUtcmVnaXN0cnknIC8+LiBSZXNwb25zZSB0eXBlIG5hbWVzIE1VU1QgY29uZm9y
bSB0byB0aGUKICAgICAgICAgIHJlc3BvbnNlLXR5cGUgQUJORi4KICAgICAgICA8L3Q+CiAgICAg
ICAgPGZpZ3VyZT4KICAgICAgICAgIDxhcnR3b3JrPgogICAgICAgICAgICA8IVtDREFUQVsKICBy
ZXNwb25zZS10eXBlICA9IHJlc3BvbnNlLW5hbWUgKiggU1AgcmVzcG9uc2UtbmFtZSApCiAgcmVz
cG9uc2UtbmFtZSAgPSAxKnJlc3BvbnNlLWNoYXIKICByZXNwb25zZS1jaGFyICA9ICJfIiAvIERJ
R0lUIC8gQUxQSEEKXV0+CiAgICAgICAgICA8L2FydHdvcms+CiAgICAgICAgPC9maWd1cmU+CiAg
ICAgICAgPHQ+CiAgICAgICAgICBJZiBhIHJlc3BvbnNlIHR5cGUgY29udGFpbnMgb25lIG9yIG1v
cmUgc3BhY2UgY2hhcmFjdGVycyAoJXgyMCksIGl0IGlzIGNvbXBhcmVkIGFzIGEKICAgICAgICAg
IHNwYWNlLWRlbGltaXRlZCBsaXN0IG9mIHZhbHVlcyBpbiB3aGljaCB0aGUgb3JkZXIgb2YgdmFs
dWVzIGRvZXMgbm90IG1hdHRlci4gT25seSBvbmUKICAgICAgICAgIG9yZGVyIG9mIHZhbHVlcyBj
YW4gYmUgcmVnaXN0ZXJlZCwgd2hpY2ggY292ZXJzIGFsbCBvdGhlciBhcnJhbmdlbWVudHMgb2Yg
dGhlIHNhbWUgc2V0IG9mCiAgICAgICAgICB2YWx1ZXMuCiAgICAgICAgPC90PgogICAgICAgIDx0
PgogICAgICAgICAgRm9yIGV4YW1wbGUsIHRoZSByZXNwb25zZSB0eXBlIDxzcGFueCBzdHlsZT0n
dmVyYic+dG9rZW4gY29kZTwvc3Bhbng+IGlzIGxlZnQgdW5kZWZpbmVkCiAgICAgICAgICBieSB0
aGlzIHNwZWNpZmljYXRpb24uIEhvd2V2ZXIsIGFuIGV4dGVuc2lvbiBjYW4gZGVmaW5lIGFuZCBy
ZWdpc3RlciB0aGUKICAgICAgICAgIDxzcGFueCBzdHlsZT0ndmVyYic+dG9rZW4gY29kZTwvc3Bh
bng+IHJlc3BvbnNlIHR5cGUuIE9uY2UgcmVnaXN0ZXJlZCwgdGhlIHNhbWUKICAgICAgICAgIGNv
bWJpbmF0aW9uIGNhbm5vdCBiZSByZWdpc3RlcmVkIGFzIDxzcGFueCBzdHlsZT0ndmVyYic+Y29k
ZSB0b2tlbjwvc3Bhbng+LCBidXQgYm90aAogICAgICAgICAgdmFsdWVzIGNhbiBiZSB1c2VkIHRv
IGRlbm90ZSB0aGUgc2FtZSByZXNwb25zZSB0eXBlLgogICAgICAgIDwvdD4KICAgICAgPC9zZWN0
aW9uPgoKICAgICAgPHNlY3Rpb24gdGl0bGU9J0RlZmluaW5nIEFkZGl0aW9uYWwgRXJyb3IgQ29k
ZXMnIGFuY2hvcj0nbmV3LWVycm9ycyc+CiAgICAgICAgPHQ+CiAgICAgICAgICBJbiBjYXNlcyB3
aGVyZSBwcm90b2NvbCBleHRlbnNpb25zIChpLmUuIGFjY2VzcyB0b2tlbiB0eXBlcywgZXh0ZW5z
aW9uIHBhcmFtZXRlcnMsIG9yCiAgICAgICAgICBleHRlbnNpb24gZ3JhbnQgdHlwZXMpIHJlcXVp
cmUgYWRkaXRpb25hbCBlcnJvciBjb2RlcyB0byBiZSB1c2VkIHdpdGggdGhlIGF1dGhvcml6YXRp
b24KICAgICAgICAgIGNvZGUgZ3JhbnQgZXJyb3IgcmVzcG9uc2UgKDx4cmVmIHRhcmdldD0nY29k
ZS1hdXRoei1lcnJvcicgLz4pLCB0aGUgaW1wbGljaXQgZ3JhbnQgZXJyb3IKICAgICAgICAgIHJl
c3BvbnNlICg8eHJlZiB0YXJnZXQ9J2ltcGxpY2l0LWF1dGh6LWVycm9yJyAvPiksIHRoZSB0b2tl
biBlcnJvciByZXNwb25zZQogICAgICAgICAgKDx4cmVmIHRhcmdldD0ndG9rZW4tZXJyb3JzJyAv
PiksCgkgIG9yIHRoZSByZXNvdXJjZSBhY2Nlc3MgZXJyb3IgcmVzcG9uc2UgKDx4cmVmIHRhcmdl
dD0ncmVzb3VyY2UtZXJyb3JzJyAvPiksCgkgIHN1Y2ggZXJyb3IgY29kZXMgTUFZIGJlIGRlZmlu
ZWQuCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgRXh0ZW5zaW9uIGVycm9yIGNv
ZGVzIE1VU1QgYmUgcmVnaXN0ZXJlZCAoZm9sbG93aW5nIHRoZSBwcm9jZWR1cmVzIGluCiAgICAg
ICAgICA8eHJlZiB0YXJnZXQ9J2Vycm9yLXJlZ2lzdHJ5JyAvPikgaWYgdGhlIGV4dGVuc2lvbiB0
aGV5IGFyZSB1c2VkIGluIGNvbmp1bmN0aW9uIHdpdGggaXMKICAgICAgICAgIGEgcmVnaXN0ZXJl
ZCBhY2Nlc3MgdG9rZW4gdHlwZSwgYSByZWdpc3RlcmVkIGVuZHBvaW50IHBhcmFtZXRlciwgb3Ig
YW4gZXh0ZW5zaW9uIGdyYW50CiAgICAgICAgICB0eXBlLiBFcnJvciBjb2RlcyB1c2VkIHdpdGgg
dW5yZWdpc3RlcmVkIGV4dGVuc2lvbnMgTUFZIGJlIHJlZ2lzdGVyZWQuCiAgICAgICAgPC90Pgog
ICAgICAgIDx0PgogICAgICAgICAgRXJyb3IgY29kZXMgTVVTVCBjb25mb3JtIHRvIHRoZSBlcnJv
ci1jb2RlIEFCTkYsIGFuZCBTSE9VTEQgYmUgcHJlZml4ZWQgYnkgYW4gaWRlbnRpZnlpbmcKICAg
ICAgICAgIG5hbWUgd2hlbiBwb3NzaWJsZS4gRm9yIGV4YW1wbGUsIGFuIGVycm9yIGlkZW50aWZ5
aW5nIGFuIGludmFsaWQgdmFsdWUgc2V0IHRvIHRoZQogICAgICAgICAgZXh0ZW5zaW9uIHBhcmFt
ZXRlciA8c3Bhbnggc3R5bGU9J3ZlcmInPmV4YW1wbGU8L3NwYW54PiBTSE9VTEQgYmUgbmFtZWQK
ICAgICAgICAgIDxzcGFueCBzdHlsZT0ndmVyYic+ZXhhbXBsZV9pbnZhbGlkPC9zcGFueD4uCiAg
ICAgICAgPC90PgogICAgICAgIDxmaWd1cmU+CiAgICAgICAgICA8YXJ0d29yaz4KICAgICAgICAg
ICAgPCFbQ0RBVEFbCiAgZXJyb3ItY29kZSAgID0gQUxQSEEgKmVycm9yLWNoYXIKICBlcnJvci1j
aGFyICAgPSAiLSIgLyAiLiIgLyAiXyIgLyBESUdJVCAvIEFMUEhBCl1dPgogICAgICAgICAgPC9h
cnR3b3JrPgogICAgICAgIDwvZmlndXJlPgogICAgICA8L3NlY3Rpb24+CgogICAgPC9zZWN0aW9u
PgoKICAgIDxzZWN0aW9uIHRpdGxlPSdOYXRpdmUgQXBwbGljYXRpb25zJz4KICAgICAgPHQ+CiAg
ICAgICAgTmF0aXZlIGFwcGxpY2F0aW9ucyBhcmUgY2xpZW50cyBpbnN0YWxsZWQgYW5kIGV4ZWN1
dGVkIG9uIHRoZSBkZXZpY2UgdXNlZCBieSB0aGUgcmVzb3VyY2UKICAgICAgICBvd25lciAoaS5l
LiBkZXNrdG9wIGFwcGxpY2F0aW9uLCBuYXRpdmUgbW9iaWxlIGFwcGxpY2F0aW9uKS4gTmF0aXZl
IGFwcGxpY2F0aW9ucyByZXF1aXJlCiAgICAgICAgc3BlY2lhbCBjb25zaWRlcmF0aW9uIHJlbGF0
ZWQgdG8gc2VjdXJpdHksIHBsYXRmb3JtIGNhcGFiaWxpdGllcywgYW5kIG92ZXJhbGwgZW5kLXVz
ZXIKICAgICAgICBleHBlcmllbmNlLgogICAgICA8L3Q+CiAgICAgIDx0PgogICAgICAgIFRoZSBh
dXRob3JpemF0aW9uIGVuZHBvaW50IHJlcXVpcmVzIGludGVyYWN0aW9uIGJldHdlZW4gdGhlIGNs
aWVudCBhbmQgdGhlIHJlc291cmNlCiAgICAgICAgb3duZXIncyB1c2VyLWFnZW50LiBOYXRpdmUg
YXBwbGljYXRpb25zIGNhbiBpbnZva2UgYW4gZXh0ZXJuYWwgdXNlci1hZ2VudCBvciBlbWJlZCBh
CiAgICAgICAgdXNlci1hZ2VudCB3aXRoaW4gdGhlIGFwcGxpY2F0aW9uLiBGb3IgZXhhbXBsZToK
ICAgICAgPC90PgogICAgICA8dD4KICAgICAgICA8bGlzdCBzdHlsZT0nc3ltYm9scyc+CiAgICAg
ICAgICA8dD4KICAgICAgICAgICAgRXh0ZXJuYWwgdXNlci1hZ2VudCAtIHRoZSBuYXRpdmUgYXBw
bGljYXRpb24gY2FuIGNhcHR1cmUgdGhlIHJlc3BvbnNlIGZyb20gdGhlCiAgICAgICAgICAgIGF1
dGhvcml6YXRpb24gc2VydmVyIHVzaW5nIGEgcmVkaXJlY3Rpb24gVVJJIHdpdGggYSBzY2hlbWUg
cmVnaXN0ZXJlZCB3aXRoIHRoZQogICAgICAgICAgICBvcGVyYXRpbmcgc3lzdGVtIHRvIGludm9r
ZSB0aGUgY2xpZW50IGFzIHRoZSBoYW5kbGVyLCBtYW51YWwgY29weS1hbmQtcGFzdGUgb2YgdGhl
CiAgICAgICAgICAgIGNyZWRlbnRpYWxzLCBydW5uaW5nIGEgbG9jYWwgd2ViIHNlcnZlciwgaW5z
dGFsbGluZyBhIHVzZXItYWdlbnQgZXh0ZW5zaW9uLCBvciBieQogICAgICAgICAgICBwcm92aWRp
bmcgYSByZWRpcmVjdGlvbiBVUkkgaWRlbnRpZnlpbmcgYSBzZXJ2ZXItaG9zdGVkIHJlc291cmNl
IHVuZGVyIHRoZSBjbGllbnQncwogICAgICAgICAgICBjb250cm9sLCB3aGljaCBpbiB0dXJuIG1h
a2VzIHRoZSByZXNwb25zZSBhdmFpbGFibGUgdG8gdGhlIG5hdGl2ZSBhcHBsaWNhdGlvbi4KICAg
ICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAgICBFbWJlZGRlZCB1c2VyLWFnZW50
IC0gdGhlIG5hdGl2ZSBhcHBsaWNhdGlvbiBvYnRhaW5zIHRoZSByZXNwb25zZSBieSBkaXJlY3Rs
eQogICAgICAgICAgICBjb21tdW5pY2F0aW5nIHdpdGggdGhlIGVtYmVkZGVkIHVzZXItYWdlbnQg
YnkgbW9uaXRvcmluZyBzdGF0ZSBjaGFuZ2VzIGVtaXR0ZWQgZHVyaW5nCiAgICAgICAgICAgIHRo
ZSByZXNvdXJjZSBsb2FkLCBvciBhY2Nlc3NpbmcgdGhlIHVzZXItYWdlbnQncyBjb29raWVzIHN0
b3JhZ2UuCiAgICAgICAgICA8L3Q+CiAgICAgICAgPC9saXN0PgogICAgICA8L3Q+CiAgICAgIDx0
PgogICAgICAgIFdoZW4gY2hvb3NpbmcgYmV0d2VlbiBhbiBleHRlcm5hbCBvciBlbWJlZGRlZCB1
c2VyLWFnZW50LCBkZXZlbG9wZXJzIHNob3VsZCBjb25zaWRlcjoKICAgICAgPC90PgogICAgICA8
dD4KICAgICAgICA8bGlzdCBzdHlsZT0nc3ltYm9scyc+CiAgICAgICAgICA8dD4KICAgICAgICAg
ICAgQW4gRXh0ZXJuYWwgdXNlci1hZ2VudCBtYXkgaW1wcm92ZSBjb21wbGV0aW9uIHJhdGUgYXMg
dGhlIHJlc291cmNlIG93bmVyIG1heSBhbHJlYWR5IGhhdmUKICAgICAgICAgICAgYW4gYWN0aXZl
IHNlc3Npb24gd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgcmVtb3ZpbmcgdGhlIG5lZWQg
dG8gcmUtYXV0aGVudGljYXRlLiBJdAogICAgICAgICAgICBwcm92aWRlcyBhIGZhbWlsaWFyIGVu
ZC11c2VyIGV4cGVyaWVuY2UgYW5kIGZ1bmN0aW9uYWxpdHkuIFRoZSByZXNvdXJjZSBvd25lciBt
YXkgYWxzbwogICAgICAgICAgICByZWx5IG9uIHVzZXItYWdlbnQgZmVhdHVyZXMgb3IgZXh0ZW5z
aW9ucyB0byBhc3Npc3Qgd2l0aCBhdXRoZW50aWNhdGlvbiAoZS5nLiBwYXNzd29yZAogICAgICAg
ICAgICBtYW5hZ2VyLCAyLWZhY3RvciBkZXZpY2UgcmVhZGVyKS4KICAgICAgICAgIDwvdD4KICAg
ICAgICAgIDx0PgogICAgICAgICAgICBBbiBlbWJlZGRlZCB1c2VyLWFnZW50IG1heSBvZmZlciBp
bXByb3ZlZCB1c2FiaWxpdHksIGFzIGl0IHJlbW92ZXMgdGhlIG5lZWQgdG8gc3dpdGNoCiAgICAg
ICAgICAgIGNvbnRleHQgYW5kIG9wZW4gbmV3IHdpbmRvd3MuCiAgICAgICAgICA8L3Q+CiAgICAg
ICAgICA8dD4KICAgICAgICAgICAgQW4gZW1iZWRkZWQgdXNlci1hZ2VudCBwb3NlcyBhIHNlY3Vy
aXR5IGNoYWxsZW5nZSBiZWNhdXNlIHJlc291cmNlIG93bmVycyBhcmUKICAgICAgICAgICAgYXV0
aGVudGljYXRpbmcgaW4gYW4gdW5pZGVudGlmaWVkIHdpbmRvdyB3aXRob3V0IGFjY2VzcyB0byB0
aGUgdmlzdWFsIHByb3RlY3Rpb25zIGZvdW5kCiAgICAgICAgICAgIGluIG1vc3QgZXh0ZXJuYWwg
dXNlci1hZ2VudHMuIEFuIGVtYmVkZGVkIHVzZXItYWdlbnQgZWR1Y2F0ZXMgZW5kLXVzZXJzIHRv
IHRydXN0CiAgICAgICAgICAgIHVuaWRlbnRpZmllZCByZXF1ZXN0cyBmb3IgYXV0aGVudGljYXRp
b24gKG1ha2luZyBwaGlzaGluZyBhdHRhY2tzIGVhc2llciB0byBleGVjdXRlKS4KICAgICAgICAg
IDwvdD4KICAgICAgICA8L2xpc3Q+CiAgICAgIDwvdD4KICAgICAgPHQ+CiAgICAgICAgV2hlbiBj
aG9vc2luZyBiZXR3ZWVuIHRoZSBpbXBsaWNpdCBncmFudCB0eXBlIGFuZCB0aGUgYXV0aG9yaXph
dGlvbiBjb2RlIGdyYW50IHR5cGUsIHRoZQogICAgICAgIGZvbGxvd2luZyBzaG91bGQgYmUgY29u
c2lkZXJlZDoKICAgICAgPC90PgogICAgICA8dD4KICAgICAgICA8bGlzdCBzdHlsZT0nc3ltYm9s
cyc+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgTmF0aXZlIGFwcGxpY2F0aW9ucyB0aGF0IHVz
ZSB0aGUgYXV0aG9yaXphdGlvbiBjb2RlIGdyYW50IHR5cGUgU0hPVUxEIGRvIHNvIHdpdGhvdXQK
ICAgICAgICAgICAgdXNpbmcgY2xpZW50IGNyZWRlbnRpYWxzLCBkdWUgdG8gdGhlIG5hdGl2ZSBh
cHBsaWNhdGlvbidzIGluYWJpbGl0eSB0byBrZWVwIGNsaWVudAogICAgICAgICAgICBjcmVkZW50
aWFscyBjb25maWRlbnRpYWwuCiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAgICAgICAg
ICAgV2hlbiB1c2luZyB0aGUgaW1wbGljaXQgZ3JhbnQgdHlwZSBmbG93IGEgcmVmcmVzaCB0b2tl
biBpcyBub3QgcmV0dXJuZWQgd2hpY2ggcmVxdWlyZXMKICAgICAgICAgICAgcmVwZWF0aW5nIHRo
ZSBhdXRob3JpemF0aW9uIHByb2Nlc3Mgb25jZSB0aGUgYWNjZXNzIHRva2VuIGV4cGlyZXMuCiAg
ICAgICAgICA8L3Q+CiAgICAgICAgPC9saXN0PgogICAgICA8L3Q+CiAgICA8L3NlY3Rpb24+Cgog
ICAgPHNlY3Rpb24gdGl0bGU9J1NlY3VyaXR5IENvbnNpZGVyYXRpb25zJz4KICAgICAgPHQ+CiAg
ICAgICAgQXMgYSBmbGV4aWJsZSBhbmQgZXh0ZW5zaWJsZSBmcmFtZXdvcmssIE9BdXRoJ3Mgc2Vj
dXJpdHkgY29uc2lkZXJhdGlvbnMgZGVwZW5kIG9uIG1hbnkKICAgICAgICBmYWN0b3JzLiBUaGUg
Zm9sbG93aW5nIHNlY3Rpb25zIHByb3ZpZGUgaW1wbGVtZW50ZXJzIHdpdGggc2VjdXJpdHkgZ3Vp
ZGVsaW5lcyBmb2N1c2VkIG9uCiAgICAgICAgdGhlIHRocmVlIGNsaWVudCBwcm9maWxlcyBkZXNj
cmliZWQgaW4gPHhyZWYgdGFyZ2V0PSdjbGllbnQtdHlwZXMnIC8+OiB3ZWIgYXBwbGljYXRpb24s
CiAgICAgICAgdXNlci1hZ2VudC1iYXNlZCBhcHBsaWNhdGlvbiwgYW5kIG5hdGl2ZSBhcHBsaWNh
dGlvbi4KICAgICAgPC90PgogICAgICA8dD4KICAgICAgICBBIGNvbXByZWhlbnNpdmUgT0F1dGgg
c2VjdXJpdHkgbW9kZWwgYW5kIGFuYWx5c2lzLCBhcyB3ZWxsIGFzIGJhY2tncm91bmQgZm9yIHRo
ZSBwcm90b2NvbAogICAgICAgIGRlc2lnbiBpcyBwcm92aWRlZCBieSA8eHJlZiB0YXJnZXQ9J0kt
RC5pZXRmLW9hdXRoLXYyLXRocmVhdG1vZGVsJyAvPi4KICAgICAgPC90PgoKICAgICAgPHNlY3Rp
b24gdGl0bGU9J0NsaWVudCBBdXRoZW50aWNhdGlvbic+CiAgICAgICAgPHQ+CiAgICAgICAgICBU
aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgZXN0YWJsaXNoZXMgY2xpZW50IGNyZWRlbnRpYWxzIHdp
dGggd2ViIGFwcGxpY2F0aW9uIGNsaWVudHMgZm9yCiAgICAgICAgICB0aGUgcHVycG9zZSBvZiBj
bGllbnQgYXV0aGVudGljYXRpb24uIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBpcyBlbmNvdXJh
Z2VkIHRvIGNvbnNpZGVyCiAgICAgICAgICBzdHJvbmdlciBjbGllbnQgYXV0aGVudGljYXRpb24g
bWVhbnMgdGhhbiBhIGNsaWVudCBwYXNzd29yZC4gV2ViIGFwcGxpY2F0aW9uIGNsaWVudHMgTVVT
VAogICAgICAgICAgZW5zdXJlIGNvbmZpZGVudGlhbGl0eSBvZiBjbGllbnQgcGFzc3dvcmRzIGFu
ZCBvdGhlciBjbGllbnQgY3JlZGVudGlhbHMuCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAg
ICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgTk9UIGlzc3VlIGNsaWVudCBwYXNz
d29yZHMgb3Igb3RoZXIgY2xpZW50IGNyZWRlbnRpYWxzIHRvCiAgICAgICAgICBuYXRpdmUgYXBw
bGljYXRpb24gb3IgdXNlci1hZ2VudC1iYXNlZCBhcHBsaWNhdGlvbiBjbGllbnRzIGZvciB0aGUg
cHVycG9zZSBvZiBjbGllbnQKICAgICAgICAgIGF1dGhlbnRpY2F0aW9uLiBUaGUgYXV0aG9yaXph
dGlvbiBzZXJ2ZXIgTUFZIGlzc3VlIGEgY2xpZW50IHBhc3N3b3JkIG9yIG90aGVyIGNyZWRlbnRp
YWxzCiAgICAgICAgICBmb3IgYSBzcGVjaWZpYyBpbnN0YWxsYXRpb24gb2YgYSBuYXRpdmUgYXBw
bGljYXRpb24gY2xpZW50IG9uIGEgc3BlY2lmaWMgZGV2aWNlLgogICAgICAgIDwvdD4KICAgICAg
ICA8dD4KICAgICAgICAgIFdoZW4gY2xpZW50IGF1dGhlbnRpY2F0aW9uIGlzIG5vdCBwb3NzaWJs
ZSwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCBlbXBsb3kgb3RoZXIKICAgICAgICAg
IG1lYW5zIHRvIHZhbGlkYXRlIHRoZSBjbGllbnQncyBpZGVudGl0eS4gRm9yIGV4YW1wbGUsIGJ5
IHJlcXVpcmluZyB0aGUgcmVnaXN0cmF0aW9uIG9mCiAgICAgICAgICB0aGUgY2xpZW50IHJlZGly
ZWN0aW9uIFVSSSBvciBlbmxpc3RpbmcgdGhlIHJlc291cmNlIG93bmVyIHRvIGNvbmZpcm0gaWRl
bnRpdHkuIEEgdmFsaWQKICAgICAgICAgIHJlZGlyZWN0aW9uIFVSSSBpcyBub3Qgc3VmZmljaWVu
dCB0byB2ZXJpZnkgdGhlIGNsaWVudCdzIGlkZW50aXR5IHdoZW4gYXNraW5nIGZvcgogICAgICAg
ICAgcmVzb3VyY2Ugb3duZXIgYXV0aG9yaXphdGlvbiwgYnV0IGNhbiBiZSB1c2VkIHRvIHByZXZl
bnQgZGVsaXZlcmluZyBjcmVkZW50aWFscyB0byBhCiAgICAgICAgICBjb3VudGVyZmVpdCBjbGll
bnQgYWZ0ZXIgb2J0YWluaW5nIHJlc291cmNlIG93bmVyIGF1dGhvcml6YXRpb24uCiAgICAgICAg
PC90PgogICAgICAgIDx0PgogICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIG11c3Qg
Y29uc2lkZXIgdGhlIHNlY3VyaXR5IGltcGxpY2F0aW9ucyBvZiBpbnRlcmFjdGluZyB3aXRoCiAg
ICAgICAgICB1bmF1dGhlbnRpY2F0ZWQgY2xpZW50cyBhbmQgdGFrZSBtZWFzdXJlcyB0byBsaW1p
dCB0aGUgcG90ZW50aWFsIGV4cG9zdXJlIG9mIG90aGVyCiAgICAgICAgICBjcmVkZW50aWFscyAo
ZS5nLiByZWZyZXNoIHRva2VucykgaXNzdWVkIHRvIHN1Y2ggY2xpZW50cy4KICAgICAgICA8L3Q+
CiAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSdDbGllbnQgSW1wZXJzb25h
dGlvbic+CiAgICAgICAgPHQ+CiAgICAgICAgICBBIG1hbGljaW91cyBjbGllbnQgY2FuIGltcGVy
c29uYXRlIGFub3RoZXIgY2xpZW50IGFuZCBvYnRhaW4gYWNjZXNzIHRvIHByb3RlY3RlZAogICAg
ICAgICAgcmVzb3VyY2VzLCBpZiB0aGUgaW1wZXJzb25hdGVkIGNsaWVudCBmYWlscyB0bywgb3Ig
aXMgdW5hYmxlIHRvLCBrZWVwIGl0cyBjbGllbnQKICAgICAgICAgIGNyZWRlbnRpYWxzIGNvbmZp
ZGVudGlhbC4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUgYXV0aG9yaXph
dGlvbiBzZXJ2ZXIgTVVTVCBhdXRoZW50aWNhdGUgdGhlIGNsaWVudCB3aGVuZXZlciBwb3NzaWJs
ZS4gSWYgdGhlCiAgICAgICAgICBhdXRob3JpemF0aW9uIHNlcnZlciBjYW5ub3QgYXV0aGVudGlj
YXRlIHRoZSBjbGllbnQgZHVlIHRvIHRoZSBjbGllbnQncyBuYXR1cmUsIHRoZQogICAgICAgICAg
YXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCByZXF1aXJlIHRoZSByZWdpc3RyYXRpb24gb2YgYW55
IHJlZGlyZWN0aW9uIFVSSSB1c2VkIGZvcgogICAgICAgICAgcmVjZWl2aW5nIGF1dGhvcml6YXRp
b24gcmVzcG9uc2VzLCBhbmQgU0hPVUxEIHV0aWxpemUgb3RoZXIgbWVhbnMgdG8gcHJvdGVjdCBy
ZXNvdXJjZQogICAgICAgICAgb3duZXJzIGZyb20gc3VjaCBwb3RlbnRpYWxseSBtYWxpY2lvdXMg
Y2xpZW50cy4gRm9yIGV4YW1wbGUsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcgogICAgICAgICAg
Y2FuIGVuZ2FnZSB0aGUgcmVzb3VyY2Ugb3duZXIgdG8gYXNzaXN0IGluIGlkZW50aWZ5aW5nIHRo
ZSBjbGllbnQgYW5kIGl0cyBvcmlnaW4uCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAg
ICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCBlbmZvcmNlIGV4cGxpY2l0IHJlc291
cmNlIG93bmVyIGF1dGhlbnRpY2F0aW9uIGFuZAogICAgICAgICAgcHJvdmlkZSB0aGUgcmVzb3Vy
Y2Ugb3duZXIgd2l0aCBpbmZvcm1hdGlvbiBhYm91dCB0aGUgY2xpZW50IGFuZCB0aGUgcmVxdWVz
dGVkCiAgICAgICAgICBhdXRob3JpemF0aW9uIHNjb3BlIGFuZCBsaWZldGltZS4gSXQgaXMgdXAg
dG8gdGhlIHJlc291cmNlIG93bmVyIHRvIHJldmlldyB0aGUKICAgICAgICAgIGluZm9ybWF0aW9u
IGluIHRoZSBjb250ZXh0IG9mIHRoZSBjdXJyZW50IGNsaWVudCwgYW5kIGF1dGhvcml6ZSBvciBk
ZW55IHRoZSByZXF1ZXN0LgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIFRoZSBh
dXRob3JpemF0aW9uIHNlcnZlciBTSE9VTEQgTk9UIHByb2Nlc3MgcmVwZWF0ZWQgYXV0aG9yaXph
dGlvbiByZXF1ZXN0cwogICAgICAgICAgYXV0b21hdGljYWxseSAod2l0aG91dCBhY3RpdmUgcmVz
b3VyY2Ugb3duZXIgaW50ZXJhY3Rpb24pIHdpdGhvdXQgYXV0aGVudGljYXRpbmcgdGhlCiAgICAg
ICAgICBjbGllbnQgb3IgcmVseWluZyBvbiBvdGhlciBtZWFzdXJlcyB0byBlbnN1cmUgdGhlIHJl
cGVhdGVkIHJlcXVlc3QgY29tZXMgZnJvbSB0aGUKICAgICAgICAgIG9yaWdpbmFsIGNsaWVudCBh
bmQgbm90IGFuIGltcGVyc29uYXRvci4KICAgICAgICA8L3Q+CiAgICAgIDwvc2VjdGlvbj4KCiAg
ICAgIDxzZWN0aW9uIHRpdGxlPSdBY2Nlc3MgVG9rZW5zJz4KICAgICAgICA8dD4KICAgICAgICAg
IEFjY2VzcyB0b2tlbiBjcmVkZW50aWFscyAoYXMgd2VsbCBhcyBhbnkgY29uZmlkZW50aWFsIGFj
Y2VzcyB0b2tlbiBhdHRyaWJ1dGVzKSBNVVNUIGJlCiAgICAgICAgICBrZXB0IGNvbmZpZGVudGlh
bCBpbiB0cmFuc2l0IGFuZCBzdG9yYWdlLCBhbmQgb25seSBzaGFyZWQgYW1vbmcgdGhlIGF1dGhv
cml6YXRpb24gc2VydmVyLAogICAgICAgICAgdGhlIHJlc291cmNlIHNlcnZlcnMgdGhlIGFjY2Vz
cyB0b2tlbiBpcyB2YWxpZCBmb3IsIGFuZCB0aGUgY2xpZW50IHRvIHdob20gdGhlIGFjY2Vzcwog
ICAgICAgICAgdG9rZW4gaXMgaXNzdWVkLiBBY2Nlc3MgdG9rZW4gY3JlZGVudGlhbHMgTVVTVCBv
bmx5IGJlIHRyYW5zbWl0dGVkIHVzaW5nIFRMUyBhcyBkZXNjcmliZWQKICAgICAgICAgIGluIDx4
cmVmIHRhcmdldD0ndGxzJyAvPiB3aXRoIHNlcnZlciBhdXRoZW50aWNhdGlvbiBhcyBkZWZpbmVk
IGJ5CiAgICAgICAgICA8eHJlZiB0YXJnZXQ9J1JGQzI4MTgnIC8+LgogICAgICAgIDwvdD4KICAg
ICAgICA8dD4KICAgICAgICAgIFdoZW4gdXNpbmcgdGhlIGltcGxpY2l0IGdyYW50IHR5cGUsIHRo
ZSBhY2Nlc3MgdG9rZW4gaXMgdHJhbnNtaXR0ZWQgaW4gdGhlIFVSSSBmcmFnbWVudCwKICAgICAg
ICAgIHdoaWNoIGNhbiBleHBvc2UgaXQgdG8gdW5hdXRob3JpemVkIHBhcnRpZXMuCiAgICAgICAg
PC90PgogICAgICAgIDx0PgogICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1Qg
ZW5zdXJlIHRoYXQgYWNjZXNzIHRva2VucyBjYW5ub3QgYmUgZ2VuZXJhdGVkLCBtb2RpZmllZCwg
b3IKICAgICAgICAgIGd1ZXNzZWQgdG8gcHJvZHVjZSB2YWxpZCBhY2Nlc3MgdG9rZW5zIGJ5IHVu
YXV0aG9yaXplZCBwYXJ0aWVzLgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIFRo
ZSBjbGllbnQgU0hPVUxEIHJlcXVlc3QgYWNjZXNzIHRva2VucyB3aXRoIHRoZSBtaW5pbWFsIHNj
b3BlIG5lY2Vzc2FyeS4gVGhlCiAgICAgICAgICBhdXRob3JpemF0aW9uIHNlcnZlciBTSE9VTEQg
dGFrZSB0aGUgY2xpZW50IGlkZW50aXR5IGludG8gYWNjb3VudCB3aGVuIGNob29zaW5nIGhvdwog
ICAgICAgICAgdG8gaG9ub3IgdGhlIHJlcXVlc3RlZCBzY29wZSwgYW5kIE1BWSBpc3N1ZSBhbiBh
Y2Nlc3MgdG9rZW4gd2l0aCBhIGxlc3MgcmlnaHRzIHRoYW4KICAgICAgICAgIHJlcXVlc3RlZC4K
ICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGlzIHNwZWNpZmljYXRpb24gZG9l
cyBub3QgcHJvdmlkZSBhbnkgbWV0aG9kcyBmb3IgdGhlIHJlc291cmNlIHNlcnZlciB0byBlbnN1
cmUgdGhhdCBhbgogICAgICAgICAgYWNjZXNzIHRva2VuIHByZXNlbnRlZCB0byBpdCBieSBhIGdp
dmVuIGNsaWVudCwgd2FzIGlzc3VlZCB0byB0aGUgdGhhdCBjbGllbnQgYnkgdGhlCiAgICAgICAg
ICBhdXRob3JpemF0aW9uIHNlcnZlci4KICAgICAgICA8L3Q+CiAgICAgIDwvc2VjdGlvbj4KCiAg
ICAgIDxzZWN0aW9uIHRpdGxlPSdSZWZyZXNoIFRva2Vucyc+CiAgICAgICAgPHQ+CiAgICAgICAg
ICBBdXRob3JpemF0aW9uIHNlcnZlcnMgTUFZIGlzc3VlIHJlZnJlc2ggdG9rZW5zIHRvIHdlYiBh
cHBsaWNhdGlvbiBjbGllbnRzIGFuZCBuYXRpdmUKICAgICAgICAgIGFwcGxpY2F0aW9uIGNsaWVu
dHMuCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgUmVmcmVzaCB0b2tlbnMgTVVT
VCBiZSBrZXB0IGNvbmZpZGVudGlhbCBpbiB0cmFuc2l0IGFuZCBzdG9yYWdlLCBhbmQgc2hhcmVk
IG9ubHkgYW1vbmcKICAgICAgICAgIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhbmQgdGhlIGNs
aWVudCB0byB3aG9tIHRoZSByZWZyZXNoIHRva2VucyB3ZXJlIGlzc3VlZC4gVGhlCiAgICAgICAg
ICBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIG1haW50YWluIHRoZSBiaW5kaW5nIGJldHdlZW4g
YSByZWZyZXNoIHRva2VuIGFuZCB0aGUgY2xpZW50IHRvCiAgICAgICAgICB3aG9tIGl0IHdhcyBp
c3N1ZWQuIFJlZnJlc2ggdG9rZW5zIE1VU1Qgb25seSBiZSB0cmFuc21pdHRlZCB1c2luZyBUTFMg
YXMgZGVzY3JpYmVkIGluCiAgICAgICAgICA8eHJlZiB0YXJnZXQ9J3RscycgLz4gd2l0aCBzZXJ2
ZXIgYXV0aGVudGljYXRpb24gYXMgZGVmaW5lZCBieSA8eHJlZiB0YXJnZXQ9J1JGQzI4MTgnIC8+
LgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNl
cnZlciBNVVNUIHZlcmlmeSB0aGUgYmluZGluZyBiZXR3ZWVuIHRoZSByZWZyZXNoIHRva2VuIGFu
ZCBjbGllbnQKICAgICAgICAgIGlkZW50aXR5IHdoZW5ldmVyIHRoZSBjbGllbnQgaWRlbnRpdHkg
Y2FuIGJlIGF1dGhlbnRpY2F0ZWQuIFdoZW4gY2xpZW50IGF1dGhlbnRpY2F0aW9uIGlzCiAgICAg
ICAgICBub3QgcG9zc2libGUsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBTSE9VTEQgZGVwbG95
IG90aGVyIG1lYW5zIHRvIGRldGVjdCByZWZyZXNoIHRva2VuCiAgICAgICAgICBhYnVzZS4KICAg
ICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBGb3IgZXhhbXBsZSwgdGhlIGF1dGhvcml6
YXRpb24gc2VydmVyIGNvdWxkIGVtcGxveSByZWZyZXNoIHRva2VuIHJvdGF0aW9uIGluIHdoaWNo
IGEgbmV3CiAgICAgICAgICByZWZyZXNoIHRva2VuIGlzIGlzc3VlZCB3aXRoIGV2ZXJ5IGFjY2Vz
cyB0b2tlbiByZWZyZXNoIHJlc3BvbnNlLiBUaGUgcHJldmlvdXMgcmVmcmVzaAogICAgICAgICAg
dG9rZW4gaXMgaW52YWxpZGF0ZWQgYnV0IHJldGFpbmVkIGJ5IHRoZSBhdXRob3JpemF0aW9uIHNl
cnZlci4gSWYgYSByZWZyZXNoIHRva2VuIGlzCiAgICAgICAgICBjb21wcm9taXNlZCBhbmQgc3Vi
c2VxdWVudGx5IHVzZWQgYnkgYm90aCB0aGUgYXR0YWNrZXIgYW5kIHRoZSBsZWdpdGltYXRlIGNs
aWVudCwgb25lIG9mCiAgICAgICAgICB0aGVtIHdpbGwgcHJlc2VudCBhbiBpbnZhbGlkYXRlZCBy
ZWZyZXNoIHRva2VuIHdoaWNoIHdpbGwgaW5mb3JtIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcgog
ICAgICAgICAgb2YgdGhlIGJyZWFjaC4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAg
ICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBlbnN1cmUgdGhhdCByZWZyZXNoIHRva2Vu
cyBjYW5ub3QgYmUgZ2VuZXJhdGVkLCBtb2RpZmllZCwKICAgICAgICAgIG9yIGd1ZXNzZWQgdG8g
cHJvZHVjZSB2YWxpZCByZWZyZXNoIHRva2VucyBieSB1bmF1dGhvcml6ZWQgcGFydGllcy4KICAg
ICAgICA8L3Q+CiAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSdBdXRob3Jp
emF0aW9uIENvZGVzJz4KICAgICAgICA8dD4KICAgICAgICAgIFRoZSB0cmFuc21pc3Npb24gb2Yg
YXV0aG9yaXphdGlvbiBjb2RlcyBTSE9VTEQgYmUgbWFkZSBvdmVyIGEgc2VjdXJlIGNoYW5uZWws
IGFuZCB0aGUKICAgICAgICAgIGNsaWVudCBTSE9VTEQgcmVxdWlyZSB0aGUgdXNlIG9mIFRMUyB3
aXRoIGl0cyByZWRpcmVjdGlvbiBVUkkgaWYgdGhlIFVSSSBpZGVudGlmaWVzIGEKICAgICAgICAg
IG5ldHdvcmsgcmVzb3VyY2UuIFNpbmNlIGF1dGhvcml6YXRpb24gY29kZXMgYXJlIHRyYW5zbWl0
dGVkIHZpYSB1c2VyLWFnZW50IHJlZGlyZWN0aW9ucywKICAgICAgICAgIHRoZXkgY291bGQgcG90
ZW50aWFsbHkgYmUgZGlzY2xvc2VkIHRocm91Z2ggdXNlci1hZ2VudCBoaXN0b3J5IGFuZCBIVFRQ
IHJlZmVycmVyIGhlYWRlcnMuCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgQXV0
aG9yaXphdGlvbiBjb2RlcyBvcGVyYXRlIGFzIHBsYWludGV4dCBiZWFyZXIgY3JlZGVudGlhbHMs
IHVzZWQgdG8gdmVyaWZ5IHRoYXQgdGhlCiAgICAgICAgICByZXNvdXJjZSBvd25lciB3aG8gZ3Jh
bnRlZCBhdXRob3JpemF0aW9uIGF0IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBpcyB0aGUgc2Ft
ZQogICAgICAgICAgcmVzb3VyY2Ugb3duZXIgcmV0dXJuaW5nIHRvIHRoZSBjbGllbnQgdG8gY29t
cGxldGUgdGhlIHByb2Nlc3MuIFRoZXJlZm9yZSwgaWYgdGhlIGNsaWVudAogICAgICAgICAgcmVs
aWVzIG9uIHRoZSBhdXRob3JpemF0aW9uIGNvZGUgZm9yIGl0cyBvd24gcmVzb3VyY2Ugb3duZXIg
YXV0aGVudGljYXRpb24sIHRoZSBjbGllbnQKICAgICAgICAgIHJlZGlyZWN0aW9uIGVuZHBvaW50
IE1VU1QgcmVxdWlyZSB0aGUgdXNlIG9mIFRMUy4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAg
ICAgICAgICBBdXRob3JpemF0aW9uIGNvZGVzIE1VU1QgYmUgc2hvcnQgbGl2ZWQgYW5kIHNpbmds
ZSB1c2UuIElmIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcgogICAgICAgICAgb2JzZXJ2ZXMgbXVs
dGlwbGUgYXR0ZW1wdHMgdG8gZXhjaGFuZ2UgYW4gYXV0aG9yaXphdGlvbiBjb2RlIGZvciBhbiBh
Y2Nlc3MgdG9rZW4sIHRoZQogICAgICAgICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgU0hPVUxEIGF0
dGVtcHQgdG8gcmV2b2tlIGFsbCBhY2Nlc3MgdG9rZW5zIGFscmVhZHkgZ3JhbnRlZCBiYXNlZCBv
bgogICAgICAgICAgdGhlIGNvbXByb21pc2VkIGF1dGhvcml6YXRpb24gY29kZS4KICAgICAgICA8
L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBJZiB0aGUgY2xpZW50IGNhbiBiZSBhdXRoZW50aWNh
dGVkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXJzIE1VU1QgYXV0aGVudGljYXRlIHRoZQogICAg
ICAgICAgY2xpZW50IGFuZCBlbnN1cmUgdGhhdCB0aGUgYXV0aG9yaXphdGlvbiBjb2RlIHdhcyBp
c3N1ZWQgdG8gdGhlIHNhbWUgY2xpZW50LgogICAgICAgIDwvdD4KICAgICAgPC9zZWN0aW9uPgoK
ICAgICAgPHNlY3Rpb24gdGl0bGU9J0F1dGhvcml6YXRpb24gQ29kZSBSZWRpcmVjdGlvbiBVUkkg
TWFuaXB1bGF0aW9uJz4KICAgICAgICA8dD4KICAgICAgICAgIFdoZW4gcmVxdWVzdGluZyBhdXRo
b3JpemF0aW9uIHVzaW5nIHRoZSBhdXRob3JpemF0aW9uIGNvZGUgZ3JhbnQgdHlwZSwgdGhlIGNs
aWVudCBjYW4KICAgICAgICAgIHNwZWNpZnkgYSByZWRpcmVjdGlvbiBVUkkgdmlhIHRoZSA8c3Bh
bnggc3R5bGU9J3ZlcmInPnJlZGlyZWN0X3VyaTwvc3Bhbng+IHBhcmFtZXRlci4KICAgICAgICAg
IElmIGFuIGF0dGFja2VyIGNhbiBtYW5pcHVsYXRlIHRoZSB2YWx1ZSBvZiB0aGUgcmVkaXJlY3Rp
b24gVVJJLCBpdCBjYW4gY2F1c2UgdGhlCiAgICAgICAgICBhdXRob3JpemF0aW9uIHNlcnZlciB0
byByZWRpcmVjdCB0aGUgcmVzb3VyY2Ugb3duZXIgdXNlci1hZ2VudCB0byBhIFVSSSB1bmRlciB0
aGUgY29udHJvbAogICAgICAgICAgb2YgdGhlIGF0dGFja2VyIHdpdGggdGhlIGF1dGhvcml6YXRp
b24gY29kZS4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBBbiBhdHRhY2tlciBj
YW4gY3JlYXRlIGFuIGFjY291bnQgYXQgYSBsZWdpdGltYXRlIGNsaWVudCBhbmQgaW5pdGlhdGUg
dGhlIGF1dGhvcml6YXRpb24KICAgICAgICAgIGZsb3cuIFdoZW4gdGhlIGF0dGFja2VyJ3MgdXNl
ci1hZ2VudCBpcyBzZW50IHRvIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciB0byBncmFudCBhY2Nl
c3MsCiAgICAgICAgICB0aGUgYXR0YWNrZXIgZ3JhYnMgdGhlIGF1dGhvcml6YXRpb24gVVJJIHBy
b3ZpZGVkIGJ5IHRoZSBsZWdpdGltYXRlIGNsaWVudCwgYW5kIHJlcGxhY2VzCiAgICAgICAgICB0
aGUgY2xpZW50J3MgcmVkaXJlY3Rpb24gVVJJIHdpdGggYSBVUkkgdW5kZXIgdGhlIGNvbnRyb2wg
b2YgdGhlIGF0dGFja2VyLiBUaGUgYXR0YWNrZXIKICAgICAgICAgIHRoZW4gdHJpY2tzIHRoZSB2
aWN0aW0gaW50byBmb2xsb3dpbmcgdGhlIG1hbmlwdWxhdGVkIGxpbmsgdG8gYXV0aG9yaXplIGFj
Y2VzcyB0byB0aGUKICAgICAgICAgIGxlZ2l0aW1hdGUgY2xpZW50LgogICAgICAgIDwvdD4KICAg
ICAgICA8dD4KICAgICAgICAgIE9uY2UgYXQgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLCB0aGUg
dmljdGltIGlzIHByb21wdGVkIHdpdGggYSBub3JtYWwsIHZhbGlkIHJlcXVlc3Qgb24KICAgICAg
ICAgIGJlaGFsZiBvZiBhIGxlZ2l0aW1hdGUgYW5kIHRydXN0ZWQgY2xpZW50LCBhbmQgYXV0aG9y
aXplcyB0aGUgcmVxdWVzdC4gVGhlIHZpY3RpbSBpcwogICAgICAgICAgdGhlbiByZWRpcmVjdGVk
IHRvIGFuIGVuZHBvaW50IHVuZGVyIHRoZSBjb250cm9sIG9mIHRoZSBhdHRhY2tlciB3aXRoIHRo
ZSBhdXRob3JpemF0aW9uCiAgICAgICAgICBjb2RlLiBUaGUgYXR0YWNrZXIgY29tcGxldGVzIHRo
ZSBhdXRob3JpemF0aW9uIGZsb3cgYnkgc2VuZGluZyB0aGUgYXV0aG9yaXphdGlvbiBjb2RlIHRv
CiAgICAgICAgICB0aGUgY2xpZW50IHVzaW5nIHRoZSBvcmlnaW5hbCByZWRpcmVjdGlvbiBVUkkg
cHJvdmlkZWQgYnkgdGhlIGNsaWVudC4gVGhlIGNsaWVudAogICAgICAgICAgZXhjaGFuZ2VzIHRo
ZSBhdXRob3JpemF0aW9uIGNvZGUgd2l0aCBhbiBhY2Nlc3MgdG9rZW4gYW5kIGxpbmtzIGl0IHRv
IHRoZSBhdHRhY2tlcidzCiAgICAgICAgICBjbGllbnQgYWNjb3VudCB3aGljaCBjYW4gbm93IGdh
aW4gYWNjZXNzIHRvIHRoZSBwcm90ZWN0ZWQgcmVzb3VyY2VzIGF1dGhvcml6ZWQgYnkgdGhlCiAg
ICAgICAgICB2aWN0aW0gKHZpYSB0aGUgY2xpZW50KS4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+
CiAgICAgICAgICBJbiBvcmRlciB0byBwcmV2ZW50IHN1Y2ggYW4gYXR0YWNrLCB0aGUgYXV0aG9y
aXphdGlvbiBzZXJ2ZXIgTVVTVCBlbnN1cmUgdGhhdCB0aGUKICAgICAgICAgIHJlZGlyZWN0aW9u
IFVSSSB1c2VkIHRvIG9idGFpbiB0aGUgYXV0aG9yaXphdGlvbiBjb2RlIGlzIGlkZW50aWNhbCB0
byB0aGUgcmVkaXJlY3Rpb24gVVJJCiAgICAgICAgICBwcm92aWRlZCB3aGVuIGV4Y2hhbmdpbmcg
dGhlIGF1dGhvcml6YXRpb24gY29kZSBmb3IgYW4gYWNjZXNzIHRva2VuLiBUaGUgYXV0aG9yaXph
dGlvbgogICAgICAgICAgc2VydmVyIE1VU1QgcmVxdWlyZSBwdWJsaWMgY2xpZW50cyBhbmQgU0hP
VUxEIHJlcXVpcmUgY29uZmlkZW50aWFsIGNsaWVudHMgdG8gcmVnaXN0ZXIKICAgICAgICAgIHRo
ZWlyIHJlZGlyZWN0aW9uIFVSSXMuIElmIGEgcmVkaXJlY3Rpb24gVVJJIGlzIHByb3ZpZGVkIGlu
IHRoZSByZXF1ZXN0LCB0aGUKICAgICAgICAgIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgdmFs
aWRhdGUgaXQgYWdhaW5zdCB0aGUgcmVnaXN0ZXJlZCB2YWx1ZS4KICAgICAgICA8L3Q+CiAgICAg
IDwvc2VjdGlvbj4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSdSZXNvdXJjZSBPd25lciBQYXNzd29y
ZCBDcmVkZW50aWFscyc+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUgcmVzb3VyY2Ugb3duZXIg
cGFzc3dvcmQgY3JlZGVudGlhbHMgZ3JhbnQgdHlwZSBpcyBvZnRlbiB1c2VkIGZvciBsZWdhY3kg
b3IgbWlncmF0aW9uCiAgICAgICAgICByZWFzb25zLiBJdCByZWR1Y2VzIHRoZSBvdmVyYWxsIHJp
c2sgb2Ygc3RvcmluZyB1c2VybmFtZSBhbmQgcGFzc3dvcmQgYnkgdGhlIGNsaWVudCwgYnV0CiAg
ICAgICAgICBkb2VzIG5vdCBlbGltaW5hdGUgdGhlIG5lZWQgdG8gZXhwb3NlIGhpZ2hseSBwcml2
aWxlZ2VkIGNyZWRlbnRpYWxzIHRvIHRoZSBjbGllbnQuCiAgICAgICAgPC90PgogICAgICAgIDx0
PgogICAgICAgICAgVGhpcyBncmFudCB0eXBlIGNhcnJpZXMgYSBoaWdoZXIgcmlzayB0aGFuIG90
aGVyIGdyYW50IHR5cGVzIGJlY2F1c2UgaXQgbWFpbnRhaW5zIHRoZQogICAgICAgICAgcGFzc3dv
cmQgYW50aS1wYXR0ZXJuIHRoaXMgcHJvdG9jb2wgc2Vla3MgdG8gYXZvaWQuIFRoZSBjbGllbnQg
Y291bGQgYWJ1c2UgdGhlIHBhc3N3b3JkCiAgICAgICAgICBvciB0aGUgcGFzc3dvcmQgY291bGQg
dW5pbnRlbnRpb25hbGx5IGJlIGRpc2Nsb3NlZCB0byBhbiBhdHRhY2tlciAoZS5nLiB2aWEgbG9n
IGZpbGVzIG9yCiAgICAgICAgICBvdGhlciByZWNvcmRzIGtlcHQgYnkgdGhlIGNsaWVudCkuCiAg
ICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgQWRkaXRpb25hbGx5LCBiZWNhdXNlIHRo
ZSByZXNvdXJjZSBvd25lciBkb2VzIG5vdCBoYXZlIGNvbnRyb2wgb3ZlciB0aGUgYXV0aG9yaXph
dGlvbgogICAgICAgICAgcHJvY2VzcyAodGhlIHJlc291cmNlIG93bmVyIGludm9sdmVtZW50IGVu
ZHMgd2hlbiBpdCBoYW5kcyBvdmVyIGl0cyBjcmVkZW50aWFscyB0byB0aGUKICAgICAgICAgIGNs
aWVudCksIHRoZSBjbGllbnQgY2FuIG9idGFpbiBhY2Nlc3MgdG9rZW5zIHdpdGggYSBicm9hZGVy
IHNjb3BlIHRoYW4gZGVzaXJlZCBieSB0aGUKICAgICAgICAgIHJlc291cmNlIG93bmVyLiBUaGUg
YXV0aG9yaXphdGlvbiBzZXJ2ZXIgc2hvdWxkIGNvbnNpZGVyIHRoZSBzY29wZSBhbmQgbGlmZXRp
bWUgb2YKICAgICAgICAgIGFjY2VzcyB0b2tlbnMgaXNzdWVkIHZpYSB0aGlzIGdyYW50IHR5cGUu
CiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2Vy
dmVyIGFuZCBjbGllbnQgU0hPVUxEIG1pbmltaXplIHVzZSBvZiB0aGlzIGdyYW50IHR5cGUgYW5k
IHV0aWxpemUKICAgICAgICAgIG90aGVyIGdyYW50IHR5cGVzIHdoZW5ldmVyIHBvc3NpYmxlLgog
ICAgICAgIDwvdD4KICAgICAgPC9zZWN0aW9uPgoKICAgICAgPHNlY3Rpb24gdGl0bGU9J1JlcXVl
c3QgQ29uZmlkZW50aWFsaXR5Jz4KICAgICAgICA8dD4KICAgICAgICAgIEFjY2VzcyB0b2tlbnMs
IHJlZnJlc2ggdG9rZW5zLCByZXNvdXJjZSBvd25lciBwYXNzd29yZHMsIGFuZCBjbGllbnQgY3Jl
ZGVudGlhbHMgTVVTVCBOT1QKICAgICAgICAgIGJlIHRyYW5zbWl0dGVkIGluIHRoZSBjbGVhci4g
QXV0aG9yaXphdGlvbiBjb2RlcyBTSE9VTEQgTk9UIGJlIHRyYW5zbWl0dGVkIGluIHRoZSBjbGVh
ci4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUgPHNwYW54IHN0eWxlPSd2
ZXJiJz5zdGF0ZTwvc3Bhbng+IGFuZCA8c3Bhbnggc3R5bGU9J3ZlcmInPnNjb3BlPC9zcGFueD4g
cGFyYW1ldGVycwogICAgICAgICAgU0hPVUxEIE5PVCBpbmNsdWRlIHNlbnNpdGl2ZSBjbGllbnQg
b3IgcmVzb3VyY2Ugb3duZXIgaW5mb3JtYXRpb24gaW4gcGxhaW4gdGV4dCBhcyB0aGV5CiAgICAg
ICAgICBjYW4gYmUgdHJhbnNtaXR0ZWQgb3ZlciBpbnNlY3VyZSBjaGFubmVscyBvciBzdG9yZWQg
aW5zZWN1cmVseS4KICAgICAgICA8L3Q+CiAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDxzZWN0aW9u
IHRpdGxlPSdFbmRwb2ludHMgQXV0aGVudGljaXR5Jz4KICAgICAgICA8dD4KICAgICAgICAgIElu
IG9yZGVyIHRvIHByZXZlbnQgbWFuLWluLXRoZS1taWRkbGUgYXR0YWNrcywgdGhlIGF1dGhvcml6
YXRpb24gc2VydmVyIE1VU1QgcmVxdWlyZSB0aGUKICAgICAgICAgIHVzZSBvZiBUTFMgd2l0aCBz
ZXJ2ZXIgYXV0aGVudGljYXRpb24gYXMgZGVmaW5lZCBieSA8eHJlZiB0YXJnZXQ9J1JGQzI4MTgn
IC8+IGZvcgogICAgICAgICAgYW55IHJlcXVlc3Qgc2VudCB0byB0aGUgYXV0aG9yaXphdGlvbiBh
bmQgdG9rZW4gZW5kcG9pbnRzLiBUaGUgY2xpZW50IE1VU1QgdmFsaWRhdGUgdGhlCiAgICAgICAg
ICBhdXRob3JpemF0aW9uIHNlcnZlcidzIFRMUyBjZXJ0aWZpY2F0ZSBhcyBkZWZpbmVkIGJ5IDx4
cmVmIHRhcmdldD0nUkZDNjEyNScgLz4sIGFuZCBpbgogICAgICAgICAgYWNjb3JkYW5jZSB3aXRo
IGl0cyByZXF1aXJlbWVudHMgZm9yIHNlcnZlciBpZGVudGl0eSBhdXRoZW50aWNhdGlvbi4KICAg
ICAgICA8L3Q+CiAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDxzZWN0aW9uIHRpdGxlPSdDcmVkZW50
aWFscyBHdWVzc2luZyBBdHRhY2tzJyBhbmNob3I9J2FudGhyb3B5Jz4KICAgICAgICA8dD4KICAg
ICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIHByZXZlbnQgYXR0YWNrZXJzIGZy
b20gZ3Vlc3NpbmcgYWNjZXNzIHRva2VucywKICAgICAgICAgIGF1dGhvcml6YXRpb24gY29kZXMs
IHJlZnJlc2ggdG9rZW5zLCByZXNvdXJjZSBvd25lciBwYXNzd29yZHMsIGFuZCBjbGllbnQgY3Jl
ZGVudGlhbHMuCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgVGhlIHByb2JhYmls
aXR5IG9mIGFuIGF0dGFja2VyIGd1ZXNzaW5nIGdlbmVyYXRlZCB0b2tlbnMgKGFuZCBvdGhlciBj
cmVkZW50aWFscyBub3QKICAgICAgICAgIGludGVuZGVkIGZvciBoYW5kbGluZyBieSBlbmQtdXNl
cnMpIE1VU1QgYmUgbGVzcyB0aGFuIG9yIGVxdWFsIHRvIDJeKC0xMjgpIGFuZCBTSE9VTEQgYmUK
ICAgICAgICAgIGxlc3MgdGhhbiBvciBlcXVhbCB0byAyXigtMTYwKS4KICAgICAgICA8L3Q+CiAg
ICAgICAgPHQ+CiAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCB1dGlsaXpl
IG90aGVyIG1lYW5zIHRvIHByb3RlY3QgY3JlZGVudGlhbHMgaW50ZW5kZWQgZm9yCiAgICAgICAg
ICBlbmQtdXNlciB1c2FnZS4KICAgICAgICA8L3Q+CiAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDxz
ZWN0aW9uIHRpdGxlPSdQaGlzaGluZyBBdHRhY2tzJz4KICAgICAgICA8dD4KICAgICAgICAgIFdp
ZGUgZGVwbG95bWVudCBvZiB0aGlzIGFuZCBzaW1pbGFyIHByb3RvY29scyBtYXkgY2F1c2UgZW5k
LXVzZXJzIHRvIGJlY29tZSBpbnVyZWQKICAgICAgICAgIHRvIHRoZSBwcmFjdGljZSBvZiBiZWlu
ZyByZWRpcmVjdGVkIHRvIHdlYnNpdGVzIHdoZXJlIHRoZXkgYXJlIGFza2VkIHRvIGVudGVyIHRo
ZWlyCiAgICAgICAgICBwYXNzd29yZHMuIElmIGVuZC11c2VycyBhcmUgbm90IGNhcmVmdWwgdG8g
dmVyaWZ5IHRoZSBhdXRoZW50aWNpdHkgb2YgdGhlc2Ugd2Vic2l0ZXMKICAgICAgICAgIGJlZm9y
ZSBlbnRlcmluZyB0aGVpciBjcmVkZW50aWFscywgaXQgd2lsbCBiZSBwb3NzaWJsZSBmb3IgYXR0
YWNrZXJzIHRvIGV4cGxvaXQgdGhpcwogICAgICAgICAgcHJhY3RpY2UgdG8gc3RlYWwgcmVzb3Vy
Y2Ugb3duZXJzJyBwYXNzd29yZHMuCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAg
U2VydmljZSBwcm92aWRlcnMgc2hvdWxkIGF0dGVtcHQgdG8gZWR1Y2F0ZSBlbmQtdXNlcnMgYWJv
dXQgdGhlIHJpc2tzIHBoaXNoaW5nIGF0dGFja3MKICAgICAgICAgIHBvc2UsIGFuZCBzaG91bGQg
cHJvdmlkZSBtZWNoYW5pc21zIHRoYXQgbWFrZSBpdCBlYXN5IGZvciBlbmQtdXNlcnMgdG8gY29u
ZmlybSB0aGUKICAgICAgICAgIGF1dGhlbnRpY2l0eSBvZiB0aGVpciBzaXRlcy4gQ2xpZW50IGRl
dmVsb3BlcnMgc2hvdWxkIGNvbnNpZGVyIHRoZSBzZWN1cml0eSBpbXBsaWNhdGlvbnMKICAgICAg
ICAgIG9mIGhvdyB0aGV5IGludGVyYWN0IHdpdGggdGhlIHVzZXItYWdlbnQgKGUuZy4sIGV4dGVy
bmFsLCBlbWJlZGRlZCksIGFuZCB0aGUgYWJpbGl0eSBvZgogICAgICAgICAgdGhlIGVuZC11c2Vy
IHRvIHZlcmlmeSB0aGUgYXV0aGVudGljaXR5IG9mIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4K
ICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBUbyByZWR1Y2UgdGhlIHJpc2sgb2Yg
cGhpc2hpbmcgYXR0YWNrcywgdGhlIGF1dGhvcml6YXRpb24gc2VydmVycyBNVVNUIHJlcXVpcmUg
dGhlIHVzZSBvZgogICAgICAgICAgVExTIG9uIGV2ZXJ5IGVuZHBvaW50IHVzZWQgZm9yIGVuZC11
c2VyIGludGVyYWN0aW9uLgogICAgICAgIDwvdD4KICAgICAgPC9zZWN0aW9uPgoKICAgICAgPHNl
Y3Rpb24gdGl0bGU9J0Nyb3NzLVNpdGUgUmVxdWVzdCBGb3JnZXJ5JyBhbmNob3I9J0NTUkYnPgog
ICAgICAgIDx0PgogICAgICAgICAgQ3Jvc3Mtc2l0ZSByZXF1ZXN0IGZvcmdlcnkgKENTUkYpIGlz
IGFuIGV4cGxvaXQgaW4gd2hpY2ggYW4gYXR0YWNrZXIgY2F1c2VzIHRoZQogICAgICAgICAgdXNl
ci1hZ2VudCBvZiBhIHZpY3RpbSBlbmQtdXNlciB0byBmb2xsb3cgYSBtYWxpY2lvdXMgVVJJIChl
LmcuIHByb3ZpZGVkIHRvIHRoZQogICAgICAgICAgdXNlci1hZ2VudCBhcyBhIG1pc2xlYWRpbmcg
bGluaywgaW1hZ2UsIG9yIHJlZGlyZWN0aW9uKSB0byBhIHRydXN0aW5nIHNlcnZlciAodXN1YWxs
eQogICAgICAgICAgZXN0YWJsaXNoZWQgdmlhIHRoZSBwcmVzZW5jZSBvZiBhIHZhbGlkIHNlc3Np
b24gY29va2llKS4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBBIENTUkYgYXR0
YWNrIGFnYWluc3QgdGhlIGNsaWVudCdzIHJlZGlyZWN0aW9uIFVSSSBhbGxvd3MgYW4gYXR0YWNr
ZXIgdG8gaW5qZWN0IHRoZWlyIG93bgogICAgICAgICAgYXV0aG9yaXphdGlvbiBjb2RlIG9yIGFj
Y2VzcyB0b2tlbiwgd2hpY2ggY2FuIHJlc3VsdCBpbiB0aGUgY2xpZW50IHVzaW5nIGFuIGFjY2Vz
cyB0b2tlbgogICAgICAgICAgYXNzb2NpYXRlZCB3aXRoIHRoZSBhdHRhY2tlcidzIHByb3RlY3Rl
ZCByZXNvdXJjZXMgcmF0aGVyIHRoYW4gdGhlIHZpY3RpbSdzIChlLmcuIHNhdmUKICAgICAgICAg
IHRoZSB2aWN0aW0ncyBiYW5rIGFjY291bnQgaW5mb3JtYXRpb24gdG8gYSBwcm90ZWN0ZWQgcmVz
b3VyY2UgY29udHJvbGxlZCBieSB0aGUKICAgICAgICAgIGF0dGFja2VyKS4KICAgICAgICA8L3Q+
CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUgY2xpZW50IE1VU1QgaW1wbGVtZW50IENTUkYgcHJv
dGVjdGlvbiBmb3IgaXRzIHJlZGlyZWN0aW9uIFVSSS4gVGhpcyBpcyB0eXBpY2FsbHkKICAgICAg
ICAgIGFjY29tcGxpc2hlZCBieSByZXF1aXJpbmcgYW55IHJlcXVlc3Qgc2VudCB0byB0aGUgcmVk
aXJlY3Rpb24gVVJJIGVuZHBvaW50IHRvIGluY2x1ZGUgYQogICAgICAgICAgdmFsdWUgdGhhdCBi
aW5kcyB0aGUgcmVxdWVzdCB0byB0aGUgdXNlci1hZ2VudCdzIGF1dGhlbnRpY2F0ZWQgc3RhdGUg
KGUuZy4gYSBoYXNoIG9mIHRoZQogICAgICAgICAgc2Vzc2lvbiBjb29raWUgdXNlZCB0byBhdXRo
ZW50aWNhdGUgdGhlIHVzZXItYWdlbnQpLiBUaGUgY2xpZW50IFNIT1VMRCB1dGlsaXplIHRoZQog
ICAgICAgICAgPHNwYW54IHN0eWxlPSd2ZXJiJz5zdGF0ZTwvc3Bhbng+IHJlcXVlc3QgcGFyYW1l
dGVyIHRvIGRlbGl2ZXIgdGhpcyB2YWx1ZSB0byB0aGUKICAgICAgICAgIGF1dGhvcml6YXRpb24g
c2VydmVyIHdoZW4gbWFraW5nIGFuIGF1dGhvcml6YXRpb24gcmVxdWVzdC4KICAgICAgICA8L3Q+
CiAgICAgICAgPHQ+CiAgICAgICAgICBPbmNlIGF1dGhvcml6YXRpb24gaGFzIGJlZW4gb2J0YWlu
ZWQgZnJvbSB0aGUgZW5kLXVzZXIsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcgogICAgICAgICAg
cmVkaXJlY3RzIHRoZSBlbmQtdXNlcidzIHVzZXItYWdlbnQgYmFjayB0byB0aGUgY2xpZW50IHdp
dGggdGhlIHJlcXVpcmVkIGJpbmRpbmcgdmFsdWUKICAgICAgICAgIGNvbnRhaW5lZCBpbiB0aGUg
PHNwYW54IHN0eWxlPSd2ZXJiJz5zdGF0ZTwvc3Bhbng+IHBhcmFtZXRlci4gVGhlIGJpbmRpbmcg
dmFsdWUgZW5hYmxlcwogICAgICAgICAgdGhlIGNsaWVudCB0byB2ZXJpZnkgdGhlIHZhbGlkaXR5
IG9mIHRoZSByZXF1ZXN0IGJ5IG1hdGNoaW5nIHRoZSBiaW5kaW5nIHZhbHVlIHRvIHRoZQogICAg
ICAgICAgdXNlci1hZ2VudCdzIGF1dGhlbnRpY2F0ZWQgc3RhdGUuIFRoZSBiaW5kaW5nIHZhbHVl
IHVzZWQgZm9yIENTUkYgcHJvdGVjdGlvbiBNVVNUIGNvbnRhaW4KICAgICAgICAgIGEgbm9uLWd1
ZXNzYWJsZSB2YWx1ZSAoYXMgZGVzY3JpYmVkIGluIDx4cmVmIHRhcmdldD0nYW50aHJvcHknIC8+
KSwgYW5kIHRoZSB1c2VyLWFnZW50J3MKICAgICAgICAgIGF1dGhlbnRpY2F0ZWQgc3RhdGUgKGUu
Zy4gc2Vzc2lvbiBjb29raWUsIEhUTUw1IGxvY2FsIHN0b3JhZ2UpIE1VU1QgYmUga2VwdCBpbiBh
IGxvY2F0aW9uCiAgICAgICAgICBhY2Nlc3NpYmxlIG9ubHkgdG8gdGhlIGNsaWVudCBhbmQgdGhl
IHVzZXItYWdlbnQgKGkuZS4sIHByb3RlY3RlZCBieSBzYW1lLW9yaWdpbiBwb2xpY3kpLgogICAg
ICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIEEgQ1NSRiBhdHRhY2sgYWdhaW5zdCB0aGUg
YXV0aG9yaXphdGlvbiBzZXJ2ZXIncyBhdXRob3JpemF0aW9uIGVuZHBvaW50IGNhbiByZXN1bHQg
aW4gYW4KICAgICAgICAgIGF0dGFja2VyIG9idGFpbmluZyBlbmQtdXNlciBhdXRob3JpemF0aW9u
IGZvciBhIG1hbGljaW91cyBjbGllbnQgd2l0aG91dCBpbnZvbHZpbmcgb3IKICAgICAgICAgIGFs
ZXJ0aW5nIHRoZSBlbmQtdXNlci4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBU
aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBpbXBsZW1lbnQgQ1NSRiBwcm90ZWN0aW9uIGZv
ciBpdHMgYXV0aG9yaXphdGlvbiBlbmRwb2ludCwKICAgICAgICAgIGFuZCBlbnN1cmUgdGhhdCBh
IG1hbGljaW91cyBjbGllbnQgY2Fubm90IG9idGFpbiBhdXRob3JpemF0aW9uIHdpdGhvdXQgdGhl
IGF3YXJlbmVzcyBhbmQKICAgICAgICAgIGV4cGxpY2l0IGNvbnNlbnQgb2YgdGhlIHJlc291cmNl
IG93bmVyLgogICAgICAgIDwvdD4KICAgICAgPC9zZWN0aW9uPgoKICAgICAgPHNlY3Rpb24gdGl0
bGU9J0NsaWNramFja2luZyc+CiAgICAgICAgPHQ+CiAgICAgICAgICBJbiBhIGNsaWNramFja2lu
ZyBhdHRhY2ssIGFuIGF0dGFja2VyIHJlZ2lzdGVycyBhIGxlZ2l0aW1hdGUgY2xpZW50IGFuZCB0
aGVuIGNvbnN0cnVjdHMgYQogICAgICAgICAgbWFsaWNpb3VzIHNpdGUgaW4gd2hpY2ggaXQgbG9h
ZHMgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyJ3MgYXV0aG9yaXphdGlvbiBlbmRwb2ludCB3ZWIK
ICAgICAgICAgIHBhZ2UgaW4gYSB0cmFuc3BhcmVudCBpZnJhbWUgb3ZlcmxhaWQgb24gdG9wIG9m
IGEgc2V0IG9mIGR1bW15IGJ1dHRvbnMgd2hpY2ggYXJlCiAgICAgICAgICBjYXJlZnVsbHkgY29u
c3RydWN0ZWQgdG8gYmUgcGxhY2VkIGRpcmVjdGx5IHVuZGVyIGltcG9ydGFudCBidXR0b25zIG9u
IHRoZSBhdXRob3JpemF0aW9uCiAgICAgICAgICBwYWdlLiBXaGVuIGFuIGVuZC11c2VyIGNsaWNr
cyBhIG1pc2xlYWRpbmcgdmlzaWJsZSBidXR0b24sIHRoZSBlbmQtdXNlciBpcyBhY3R1YWxseQog
ICAgICAgICAgY2xpY2tpbmcgYW4gaW52aXNpYmxlIGJ1dHRvbiBvbiB0aGUgYXV0aG9yaXphdGlv
biBwYWdlIChzdWNoIGFzIGFuICJBdXRob3JpemUiIGJ1dHRvbikuCiAgICAgICAgICBUaGlzIGFs
bG93cyBhbiBhdHRhY2tlciB0byB0cmljayBhIHJlc291cmNlIG93bmVyIGludG8gZ3JhbnRpbmcg
aXRzIGNsaWVudCBhY2Nlc3Mgd2l0aG91dAogICAgICAgICAgdGhlaXIga25vd2xlZGdlLgogICAg
ICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIFRvIHByZXZlbnQgdGhpcyBmb3JtIG9mIGF0
dGFjaywgbmF0aXZlIGFwcGxpY2F0aW9ucyBTSE9VTEQgdXNlIGV4dGVybmFsIGJyb3dzZXJzIGlu
c3RlYWQKICAgICAgICAgIG9mIGVtYmVkZGluZyBicm93c2VycyB3aXRoaW4gdGhlIGFwcGxpY2F0
aW9uIHdoZW4gcmVxdWVzdGluZyBlbmQtdXNlciBhdXRob3JpemF0aW9uLiBGb3IKICAgICAgICAg
IG1vc3QgbmV3ZXIgYnJvd3NlcnMsIGF2b2lkYW5jZSBvZiBpZnJhbWVzIGNhbiBiZSBlbmZvcmNl
ZCBieSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIKICAgICAgICAgIHVzaW5nIHRoZSAobm9uLXN0
YW5kYXJkKSA8c3Bhbnggc3R5bGU9J3ZlcmInPngtZnJhbWUtb3B0aW9uczwvc3Bhbng+IGhlYWRl
ci4gVGhpcyBoZWFkZXIKICAgICAgICAgIGNhbiBoYXZlIHR3byB2YWx1ZXMsIDxzcGFueCBzdHls
ZT0ndmVyYic+ZGVueTwvc3Bhbng+IGFuZAogICAgICAgICAgPHNwYW54IHN0eWxlPSd2ZXJiJz5z
YW1lb3JpZ2luPC9zcGFueD4sIHdoaWNoIHdpbGwgYmxvY2sgYW55IGZyYW1pbmcsIG9yIGZyYW1p
bmcgYnkgc2l0ZXMKICAgICAgICAgIHdpdGggYSBkaWZmZXJlbnQgb3JpZ2luLCByZXNwZWN0aXZl
bHkuIEZvciBvbGRlciBicm93c2VycywgamF2YXNjcmlwdCBmcmFtZWJ1c3RpbmcKICAgICAgICAg
IHRlY2huaXF1ZXMgY2FuIGJlIHVzZWQgYnV0IG1heSBub3QgYmUgZWZmZWN0aXZlIGluIGFsbCBi
cm93c2Vycy4KICAgICAgICA8L3Q+CiAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDxzZWN0aW9uIHRp
dGxlPSdDb2RlIEluamVjdGlvbiBhbmQgSW5wdXQgVmFsaWRhdGlvbic+CiAgICAgICAgPHQ+CiAg
ICAgICAgICBBIGNvZGUgaW5qZWN0aW9uIGF0dGFjayBvY2N1cnMgd2hlbiBhbiBpbnB1dCBvciBv
dGhlcndpc2UgZXh0ZXJuYWwgdmFyaWFibGUgaXMgdXNlZCBieSBhbgogICAgICAgICAgYXBwbGlj
YXRpb24gdW5zYW5pdGl6ZWQgYW5kIGNhdXNlcyBtb2RpZmljYXRpb24gdG8gdGhlIGFwcGxpY2F0
aW9uIGxvZ2ljLiBUaGlzIG1heSBhbGxvdwogICAgICAgICAgYW4gYXR0YWNrZXIgdG8gZ2FpbiBh
Y2Nlc3MgdG8gdGhlIGFwcGxpY2F0aW9uIGRldmljZSBvciBpdHMgZGF0YSwgY2F1c2UgZGVuaWFs
IG9mCiAgICAgICAgICBzZXJ2aWNlLCBvciBhIHdpZGUgcmFuZ2Ugb2YgbWFsaWNpb3VzIHNpZGUt
ZWZmZWN0cy4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBUaGUgQXV0aG9yaXph
dGlvbiBzZXJ2ZXIgYW5kIGNsaWVudCBNVVNUIHNhbml0aXplIChhbmQgdmFsaWRhdGUgd2hlbiBw
b3NzaWJsZSkgYW55IHZhbHVlCiAgICAgICAgICByZWNlaXZlZCwgaW4gcGFydGljdWxhciwgdGhl
IHZhbHVlIG9mIHRoZSA8c3Bhbnggc3R5bGU9J3ZlcmInPnN0YXRlPC9zcGFueD4gYW5kCiAgICAg
ICAgICA8c3Bhbnggc3R5bGU9J3ZlcmInPnJlZGlyZWN0X3VyaTwvc3Bhbng+IHBhcmFtZXRlcnMu
CiAgICAgICAgPC90PgogICAgICA8L3NlY3Rpb24+CgogICAgICA8c2VjdGlvbiB0aXRsZT0nT3Bl
biBSZWRpcmVjdG9ycycgYW5jaG9yPSdvcGVuLXJlZGlyZWN0Jz4KICAgICAgICA8dD4KICAgICAg
ICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhdXRob3JpemF0aW9uIGVuZHBvaW50IGFuZCB0
aGUgY2xpZW50IHJlZGlyZWN0aW9uIGVuZHBvaW50IGNhbgogICAgICAgICAgYmUgaW1wcm9wZXJs
eSBjb25maWd1cmVkIGFuZCBvcGVyYXRlIGFzIG9wZW4gcmVkaXJlY3RvcnMuIEFuIG9wZW4gcmVk
aXJlY3RvciBpcyBhbgogICAgICAgICAgZW5kcG9pbnQgdXNpbmcgYSBwYXJhbWV0ZXIgdG8gYXV0
b21hdGljYWxseSByZWRpcmVjdCBhIHVzZXItYWdlbnQgdG8gdGhlIGxvY2F0aW9uCiAgICAgICAg
ICBzcGVjaWZpZWQgYnkgdGhlIHBhcmFtZXRlciB2YWx1ZSB3aXRob3V0IGFueSB2YWxpZGF0aW9u
LgogICAgICAgIDwvdD4KICAgICAgICA8dD4KICAgICAgICAgIE9wZW4gcmVkaXJlY3RvcnMgY2Fu
IGJlIHVzZWQgaW4gcGhpc2hpbmcgYXR0YWNrcywgb3IgYnkgYW4gYXR0YWNrZXIgdG8gZ2V0IGVu
ZC11c2VycyB0bwogICAgICAgICAgdmlzaXQgbWFsaWNpb3VzIHNpdGVzIGJ5IG1ha2luZyB0aGUg
VVJJJ3MgYXV0aG9yaXR5IGxvb2sgbGlrZSBhIGZhbWlsaWFyIGFuZCB0cnVzdGVkCiAgICAgICAg
ICBkZXN0aW5hdGlvbi4gSW4gYWRkaXRpb24sIGlmIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBh
bGxvd3MgdGhlIGNsaWVudCB0byByZWdpc3RlciBvbmx5CiAgICAgICAgICBwYXJ0IG9mIHRoZSBy
ZWRpcmVjdGlvbiBVUkksIGFuIGF0dGFja2VyIGNhbiB1c2UgYW4gb3BlbiByZWRpcmVjdG9yIG9w
ZXJhdGVkIGJ5IHRoZQogICAgICAgICAgY2xpZW50IHRvIGNvbnN0cnVjdCBhIHJlZGlyZWN0aW9u
IFVSSSB0aGF0IHdpbGwgcGFzcyB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgdmFsaWRhdGlvbgog
ICAgICAgICAgYnV0IHdpbGwgc2VuZCB0aGUgYXV0aG9yaXphdGlvbiBjb2RlIG9yIGFjY2VzcyB0
b2tlbiB0byBhbiBlbmRwb2ludCB1bmRlciB0aGUgY29udHJvbCBvZgogICAgICAgICAgdGhlIGF0
dGFja2VyLgogICAgICAgIDwvdD4KICAgICAgPC9zZWN0aW9uPgoKICAgIDwvc2VjdGlvbj4KCiAg
ICA8c2VjdGlvbiB0aXRsZT0nSUFOQSBDb25zaWRlcmF0aW9ucyc+CgogICAgICA8c2VjdGlvbiB0
aXRsZT0nVGhlIE9BdXRoIEFjY2VzcyBUb2tlbiBUeXBlIFJlZ2lzdHJ5JyBhbmNob3I9J3R5cGUt
cmVnaXN0cnknPgogICAgICAgIDx0PgogICAgICAgICAgVGhpcyBzcGVjaWZpY2F0aW9uIGVzdGFi
bGlzaGVzIHRoZSBPQXV0aCBhY2Nlc3MgdG9rZW4gdHlwZSByZWdpc3RyeS4KICAgICAgICA8L3Q+
CiAgICAgICAgPHQ+CiAgICAgICAgICBBY2Nlc3MgdG9rZW4gdHlwZXMgYXJlIHJlZ2lzdGVyZWQg
d2l0aCBhIFNwZWNpZmljYXRpb24gUmVxdWlyZWQKICAgICAgICAgICg8eHJlZiB0YXJnZXQ9J1JG
QzUyMjYnIC8+KSBhZnRlciBhIHR3byB3ZWVrcyByZXZpZXcgcGVyaW9kIG9uIHRoZSBbVEJEXUBp
ZXRmLm9yZyBtYWlsaW5nCiAgICAgICAgICBsaXN0LCBvbiB0aGUgYWR2aWNlIG9mIG9uZSBvciBt
b3JlIERlc2lnbmF0ZWQgRXhwZXJ0cy4gSG93ZXZlciwgdG8gYWxsb3cgZm9yIHRoZQogICAgICAg
ICAgYWxsb2NhdGlvbiBvZiB2YWx1ZXMgcHJpb3IgdG8gcHVibGljYXRpb24sIHRoZSBEZXNpZ25h
dGVkIEV4cGVydChzKSBtYXkgYXBwcm92ZQogICAgICAgICAgcmVnaXN0cmF0aW9uIG9uY2UgdGhl
eSBhcmUgc2F0aXNmaWVkIHRoYXQgc3VjaCBhIHNwZWNpZmljYXRpb24gd2lsbCBiZSBwdWJsaXNo
ZWQuCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgUmVnaXN0cmF0aW9uIHJlcXVl
c3RzIG11c3QgYmUgc2VudCB0byB0aGUgW1RCRF1AaWV0Zi5vcmcgbWFpbGluZyBsaXN0IGZvciBy
ZXZpZXcgYW5kCiAgICAgICAgICBjb21tZW50LCB3aXRoIGFuIGFwcHJvcHJpYXRlIHN1YmplY3Qg
KGUuZy4sICJSZXF1ZXN0IGZvciBhY2Nlc3MgdG9rZW4gdHlwZTogZXhhbXBsZSIpLgogICAgICAg
ICAgW1sgTm90ZSB0byBSRkMtRURJVE9SOiBUaGUgbmFtZSBvZiB0aGUgbWFpbGluZyBsaXN0IHNo
b3VsZCBiZSBkZXRlcm1pbmVkIGluIGNvbnN1bHRhdGlvbgogICAgICAgICAgd2l0aCB0aGUgSUVT
RyBhbmQgSUFOQS4gU3VnZ2VzdGVkIG5hbWU6IG9hdXRoLWV4dC1yZXZpZXcuIF1dCiAgICAgICAg
PC90PgogICAgICAgIDx0PgogICAgICAgICAgV2l0aGluIHRoZSByZXZpZXcgcGVyaW9kLCB0aGUg
RGVzaWduYXRlZCBFeHBlcnQocykgd2lsbCBlaXRoZXIgYXBwcm92ZSBvcgogICAgICAgICAgZGVu
eSB0aGUgcmVnaXN0cmF0aW9uIHJlcXVlc3QsIGNvbW11bmljYXRpbmcgdGhpcyBkZWNpc2lvbiB0
byB0aGUgcmV2aWV3IGxpc3QgYW5kIElBTkEuCiAgICAgICAgICBEZW5pYWxzIHNob3VsZCBpbmNs
dWRlIGFuIGV4cGxhbmF0aW9uIGFuZCwgaWYgYXBwbGljYWJsZSwgc3VnZ2VzdGlvbnMgYXMgdG8g
aG93IHRvIG1ha2UKICAgICAgICAgIHRoZSByZXF1ZXN0IHN1Y2Nlc3NmdWwuCiAgICAgICAgPC90
PgogICAgICAgIDx0PgogICAgICAgICAgSUFOQSBtdXN0IG9ubHkgYWNjZXB0IHJlZ2lzdHJ5IHVw
ZGF0ZXMgZnJvbSB0aGUgRGVzaWduYXRlZCBFeHBlcnQocyksIGFuZCBzaG91bGQgZGlyZWN0CiAg
ICAgICAgICBhbGwgcmVxdWVzdHMgZm9yIHJlZ2lzdHJhdGlvbiB0byB0aGUgcmV2aWV3IG1haWxp
bmcgbGlzdC4KICAgICAgICA8L3Q+CgogICAgICAgIDxzZWN0aW9uIHRpdGxlPSdSZWdpc3RyYXRp
b24gVGVtcGxhdGUnPgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIDxsaXN0IHN0eWxlPSdoYW5n
aW5nJz4KICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0nVHlwZSBuYW1lOic+CiAgICAgICAgICAg
ICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICBUaGUgbmFtZSByZXF1ZXN0ZWQgKGUuZy4s
ICJleGFtcGxlIikuCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0IGhhbmdUZXh0
PSdBZGRpdGlvbmFsIFRva2VuIEVuZHBvaW50IFJlc3BvbnNlIFBhcmFtZXRlcnM6Jz4KICAgICAg
ICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgIEFkZGl0aW9uYWwgcmVzcG9uc2Ug
cGFyYW1ldGVycyByZXR1cm5lZCB0b2dldGhlciB3aXRoIHRoZQogICAgICAgICAgICAgICAgPHNw
YW54IHN0eWxlPSd2ZXJiJz5hY2Nlc3NfdG9rZW48L3NwYW54PiBwYXJhbWV0ZXIuIE5ldyBwYXJh
bWV0ZXJzIE1VU1QgYmUKICAgICAgICAgICAgICAgIHNlcGFyYXRlbHkgcmVnaXN0ZXJlZCBpbiB0
aGUgT0F1dGggcGFyYW1ldGVycyByZWdpc3RyeSBhcyBkZXNjcmliZWQgYnkKICAgICAgICAgICAg
ICAgIDx4cmVmIHRhcmdldD0ncGFyYW1ldGVycy1yZWdpc3RyeScgLz4uCiAgICAgICAgICAgICAg
PC90PgogICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdIVFRQIEF1dGhlbnRpY2F0aW9uIFNjaGVt
ZShzKTonPgogICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAgVGhlIEhU
VFAgYXV0aGVudGljYXRpb24gc2NoZW1lIG5hbWUocyksIGlmIGFueSwgdXNlZCB0byBhdXRoZW50
aWNhdGUgcHJvdGVjdGVkCiAgICAgICAgICAgICAgICByZXNvdXJjZXMgcmVxdWVzdHMgdXNpbmcg
YWNjZXNzIHRva2VucyBvZiB0aGlzIHR5cGUuCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAg
ICAgIDx0IGhhbmdUZXh0PSdDaGFuZ2UgY29udHJvbGxlcjonPgogICAgICAgICAgICAgICAgPHZz
cGFjZSAvPgogICAgICAgICAgICAgICAgRm9yIHN0YW5kYXJkcy10cmFjayBSRkNzLCBzdGF0ZSAi
SUVURiIuIEZvciBvdGhlcnMsIGdpdmUgdGhlIG5hbWUgb2YgdGhlCiAgICAgICAgICAgICAgICBy
ZXNwb25zaWJsZSBwYXJ0eS4gT3RoZXIgZGV0YWlscyAoZS5nLiwgcG9zdGFsIGFkZHJlc3MsIGUt
bWFpbCBhZGRyZXNzLCBob21lIHBhZ2UKICAgICAgICAgICAgICAgIFVSSSkgbWF5IGFsc28gYmUg
aW5jbHVkZWQuCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0IGhhbmdUZXh0PSdT
cGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOic+CiAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAg
ICAgICAgICAgICAgICBSZWZlcmVuY2UgdG8gdGhlIGRvY3VtZW50IHRoYXQgc3BlY2lmaWVzIHRo
ZSBwYXJhbWV0ZXIsIHByZWZlcmFibHkgaW5jbHVkaW5nIGEgVVJJIHRoYXQKICAgICAgICAgICAg
ICAgIGNhbiBiZSB1c2VkIHRvIHJldHJpZXZlIGEgY29weSBvZiB0aGUgZG9jdW1lbnQuIEFuIGlu
ZGljYXRpb24gb2YgdGhlIHJlbGV2YW50CiAgICAgICAgICAgICAgICBzZWN0aW9ucyBtYXkgYWxz
byBiZSBpbmNsdWRlZCwgYnV0IGlzIG5vdCByZXF1aXJlZC4KICAgICAgICAgICAgICA8L3Q+CiAg
ICAgICAgICAgIDwvbGlzdD4KICAgICAgICAgIDwvdD4KICAgICAgICA8L3NlY3Rpb24+CgogICAg
ICA8L3NlY3Rpb24+CgogICAgICA8c2VjdGlvbiB0aXRsZT0nVGhlIE9BdXRoIFBhcmFtZXRlcnMg
UmVnaXN0cnknIGFuY2hvcj0ncGFyYW1ldGVycy1yZWdpc3RyeSc+CiAgICAgICAgPHQ+CiAgICAg
ICAgICBUaGlzIHNwZWNpZmljYXRpb24gZXN0YWJsaXNoZXMgdGhlIE9BdXRoIHBhcmFtZXRlcnMg
cmVnaXN0cnkuCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgQWRkaXRpb25hbCBw
YXJhbWV0ZXJzIGZvciBpbmNsdXNpb24gaW4gdGhlIGF1dGhvcml6YXRpb24gZW5kcG9pbnQgcmVx
dWVzdCwgdGhlCiAgICAgICAgICBhdXRob3JpemF0aW9uIGVuZHBvaW50IHJlc3BvbnNlLCB0aGUg
dG9rZW4gZW5kcG9pbnQgcmVxdWVzdCwgb3IgdGhlIHRva2VuIGVuZHBvaW50CiAgICAgICAgICBy
ZXNwb25zZSBhcmUgcmVnaXN0ZXJlZCB3aXRoIGEgU3BlY2lmaWNhdGlvbiBSZXF1aXJlZAogICAg
ICAgICAgKDx4cmVmIHRhcmdldD0nUkZDNTIyNicgLz4pIGFmdGVyIGEgdHdvIHdlZWtzIHJldmll
dyBwZXJpb2Qgb24gdGhlIFtUQkRdQGlldGYub3JnIG1haWxpbmcKICAgICAgICAgIGxpc3QsIG9u
IHRoZSBhZHZpY2Ugb2Ygb25lIG9yIG1vcmUgRGVzaWduYXRlZCBFeHBlcnRzLiBIb3dldmVyLCB0
byBhbGxvdyBmb3IgdGhlCiAgICAgICAgICBhbGxvY2F0aW9uIG9mIHZhbHVlcyBwcmlvciB0byBw
dWJsaWNhdGlvbiwgdGhlIERlc2lnbmF0ZWQgRXhwZXJ0KHMpIG1heSBhcHByb3ZlCiAgICAgICAg
ICByZWdpc3RyYXRpb24gb25jZSB0aGV5IGFyZSBzYXRpc2ZpZWQgdGhhdCBzdWNoIGEgc3BlY2lm
aWNhdGlvbiB3aWxsIGJlIHB1Ymxpc2hlZC4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAg
ICAgICBSZWdpc3RyYXRpb24gcmVxdWVzdHMgbXVzdCBiZSBzZW50IHRvIHRoZSBbVEJEXUBpZXRm
Lm9yZyBtYWlsaW5nIGxpc3QgZm9yIHJldmlldyBhbmQKICAgICAgICAgIGNvbW1lbnQsIHdpdGgg
YW4gYXBwcm9wcmlhdGUgc3ViamVjdCAoZS5nLiwgIlJlcXVlc3QgZm9yIHBhcmFtZXRlcjogZXhh
bXBsZSIpLgogICAgICAgICAgW1sgTm90ZSB0byBSRkMtRURJVE9SOiBUaGUgbmFtZSBvZiB0aGUg
bWFpbGluZyBsaXN0IHNob3VsZCBiZSBkZXRlcm1pbmVkIGluIGNvbnN1bHRhdGlvbgogICAgICAg
ICAgd2l0aCB0aGUgSUVTRyBhbmQgSUFOQS4gU3VnZ2VzdGVkIG5hbWU6IG9hdXRoLWV4dC1yZXZp
ZXcuIF1dCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgV2l0aGluIHRoZSByZXZp
ZXcgcGVyaW9kLCB0aGUgRGVzaWduYXRlZCBFeHBlcnQocykgd2lsbCBlaXRoZXIgYXBwcm92ZSBv
cgogICAgICAgICAgZGVueSB0aGUgcmVnaXN0cmF0aW9uIHJlcXVlc3QsIGNvbW11bmljYXRpbmcg
dGhpcyBkZWNpc2lvbiB0byB0aGUgcmV2aWV3IGxpc3QgYW5kIElBTkEuCiAgICAgICAgICBEZW5p
YWxzIHNob3VsZCBpbmNsdWRlIGFuIGV4cGxhbmF0aW9uIGFuZCwgaWYgYXBwbGljYWJsZSwgc3Vn
Z2VzdGlvbnMgYXMgdG8gaG93IHRvIG1ha2UKICAgICAgICAgIHRoZSByZXF1ZXN0IHN1Y2Nlc3Nm
dWwuCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAgSUFOQSBtdXN0IG9ubHkgYWNj
ZXB0IHJlZ2lzdHJ5IHVwZGF0ZXMgZnJvbSB0aGUgRGVzaWduYXRlZCBFeHBlcnQocyksIGFuZCBz
aG91bGQgZGlyZWN0CiAgICAgICAgICBhbGwgcmVxdWVzdHMgZm9yIHJlZ2lzdHJhdGlvbiB0byB0
aGUgcmV2aWV3IG1haWxpbmcgbGlzdC4KICAgICAgICA8L3Q+CgogICAgICAgIDxzZWN0aW9uIHRp
dGxlPSdSZWdpc3RyYXRpb24gVGVtcGxhdGUnPgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIDxs
aXN0IHN0eWxlPSdoYW5naW5nJz4KICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0nUGFyYW1ldGVy
IG5hbWU6Jz4KICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgIFRoZSBu
YW1lIHJlcXVlc3RlZCAoZS5nLiwgImV4YW1wbGUiKS4KICAgICAgICAgICAgICA8L3Q+CiAgICAg
ICAgICAgICAgPHQgaGFuZ1RleHQ9J1BhcmFtZXRlciB1c2FnZSBsb2NhdGlvbjonPgogICAgICAg
ICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAgVGhlIGxvY2F0aW9uKHMpIHdoZXJl
IHBhcmFtZXRlciBjYW4gYmUgdXNlZC4gVGhlIHBvc3NpYmxlIGxvY2F0aW9ucyBhcmU6CiAgICAg
ICAgICAgICAgICBhdXRob3JpemF0aW9uIHJlcXVlc3QsIGF1dGhvcml6YXRpb24gcmVzcG9uc2Us
IHRva2VuIHJlcXVlc3QsIG9yIHRva2VuIHJlc3BvbnNlLgogICAgICAgICAgICAgIDwvdD4KICAg
ICAgICAgICAgICA8dCBoYW5nVGV4dD0nQ2hhbmdlIGNvbnRyb2xsZXI6Jz4KICAgICAgICAgICAg
ICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAgICAgIEZvciBzdGFuZGFyZHMtdHJhY2sgUkZDcywg
c3RhdGUgIklFVEYiLiBGb3Igb3RoZXJzLCBnaXZlIHRoZSBuYW1lIG9mIHRoZQogICAgICAgICAg
ICAgICAgcmVzcG9uc2libGUgcGFydHkuIE90aGVyIGRldGFpbHMgKGUuZy4sIHBvc3RhbCBhZGRy
ZXNzLCBlLW1haWwgYWRkcmVzcywgaG9tZSBwYWdlCiAgICAgICAgICAgICAgICBVUkkpIG1heSBh
bHNvIGJlIGluY2x1ZGVkLgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dCBoYW5n
VGV4dD0nU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTonPgogICAgICAgICAgICAgICAgPHZzcGFj
ZSAvPgogICAgICAgICAgICAgICAgUmVmZXJlbmNlIHRvIHRoZSBkb2N1bWVudCB0aGF0IHNwZWNp
ZmllcyB0aGUgcGFyYW1ldGVyLCBwcmVmZXJhYmx5IGluY2x1ZGluZyBhIFVSSSB0aGF0CiAgICAg
ICAgICAgICAgICBjYW4gYmUgdXNlZCB0byByZXRyaWV2ZSBhIGNvcHkgb2YgdGhlIGRvY3VtZW50
LiBBbiBpbmRpY2F0aW9uIG9mIHRoZSByZWxldmFudAogICAgICAgICAgICAgICAgc2VjdGlvbnMg
bWF5IGFsc28gYmUgaW5jbHVkZWQsIGJ1dCBpcyBub3QgcmVxdWlyZWQuCiAgICAgICAgICAgICAg
PC90PgogICAgICAgICAgICA8L2xpc3Q+CiAgICAgICAgICA8L3Q+CiAgICAgICAgPC9zZWN0aW9u
PgoKICAgICAgICA8c2VjdGlvbiB0aXRsZT0nSW5pdGlhbCBSZWdpc3RyeSBDb250ZW50cyc+CiAg
ICAgICAgICA8dD4KICAgICAgICAgICAgVGhlIE9BdXRoIFBhcmFtZXRlcnMgUmVnaXN0cnkncyBp
bml0aWFsIGNvbnRlbnRzIGFyZToKICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAg
ICAgICA8bGlzdCBzdHlsZT0nc3ltYm9scyc+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAg
ICAgICBQYXJhbWV0ZXIgbmFtZTogY2xpZW50X2lkCiAgICAgICAgICAgICAgPC90PgogICAgICAg
ICAgICAgIDx0PgogICAgICAgICAgICAgICAgUGFyYW1ldGVyIHVzYWdlIGxvY2F0aW9uOiBhdXRo
b3JpemF0aW9uIHJlcXVlc3QsIHRva2VuIHJlcXVlc3QKICAgICAgICAgICAgICA8L3Q+CiAgICAg
ICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBDaGFuZ2UgY29udHJvbGxlcjogSUVURgogICAg
ICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFNwZWNpZmlj
YXRpb24gZG9jdW1lbnQocyk6IFtbIHRoaXMgZG9jdW1lbnQgXV0KICAgICAgICAgICAgICA8L3Q+
CiAgICAgICAgICAgIDwvbGlzdD4KICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAg
ICAgICA8bGlzdCBzdHlsZT0nc3ltYm9scyc+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAg
ICAgICBQYXJhbWV0ZXIgbmFtZTogY2xpZW50X3NlY3JldAogICAgICAgICAgICAgIDwvdD4KICAg
ICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFBhcmFtZXRlciB1c2FnZSBsb2NhdGlvbjog
dG9rZW4gcmVxdWVzdAogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAg
ICAgICAgICAgIENoYW5nZSBjb250cm9sbGVyOiBJRVRGCiAgICAgICAgICAgICAgPC90PgogICAg
ICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTog
W1sgdGhpcyBkb2N1bWVudCBdXQogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPC9saXN0
PgogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIDxsaXN0IHN0eWxlPSdz
eW1ib2xzJz4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFBhcmFtZXRlciBuYW1l
OiByZXNwb25zZV90eXBlCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAg
ICAgICAgICAgICAgUGFyYW1ldGVyIHVzYWdlIGxvY2F0aW9uOiBhdXRob3JpemF0aW9uIHJlcXVl
c3QKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBD
aGFuZ2UgY29udHJvbGxlcjogSUVURgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8
dD4KICAgICAgICAgICAgICAgIFNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6IFtbIHRoaXMgZG9j
dW1lbnQgXV0KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDwvbGlzdD4KICAgICAgICAg
IDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAgICA8bGlzdCBzdHlsZT0nc3ltYm9scyc+CiAg
ICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBQYXJhbWV0ZXIgbmFtZTogcmVkaXJlY3Rf
dXJpCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAg
UGFyYW1ldGVyIHVzYWdlIGxvY2F0aW9uOiBhdXRob3JpemF0aW9uIHJlcXVlc3QsIHRva2VuIHJl
cXVlc3QKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAg
ICBDaGFuZ2UgY29udHJvbGxlcjogSUVURgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAg
ICA8dD4KICAgICAgICAgICAgICAgIFNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6IFtbIHRoaXMg
ZG9jdW1lbnQgXV0KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDwvbGlzdD4KICAgICAg
ICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAgICA8bGlzdCBzdHlsZT0nc3ltYm9scyc+
CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBQYXJhbWV0ZXIgbmFtZTogc2NvcGUK
ICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBQYXJh
bWV0ZXIgdXNhZ2UgbG9jYXRpb246IGF1dGhvcml6YXRpb24gcmVxdWVzdCwgYXV0aG9yaXphdGlv
biByZXNwb25zZSwgdG9rZW4KICAgICAgICAgICAgICAgIHJlcXVlc3QsIHRva2VuIHJlc3BvbnNl
CiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgQ2hh
bmdlIGNvbnRyb2xsZXI6IElFVEYKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+
CiAgICAgICAgICAgICAgICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOiBbWyB0aGlzIGRvY3Vt
ZW50IF1dCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8L2xpc3Q+CiAgICAgICAgICA8
L3Q+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgPGxpc3Qgc3R5bGU9J3N5bWJvbHMnPgogICAg
ICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgUGFyYW1ldGVyIG5hbWU6IHN0YXRlCiAgICAg
ICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgUGFyYW1ldGVy
IHVzYWdlIGxvY2F0aW9uOiBhdXRob3JpemF0aW9uIHJlcXVlc3QsIGF1dGhvcml6YXRpb24gcmVz
cG9uc2UKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAg
ICBDaGFuZ2UgY29udHJvbGxlcjogSUVURgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAg
ICA8dD4KICAgICAgICAgICAgICAgIFNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6IFtbIHRoaXMg
ZG9jdW1lbnQgXV0KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDwvbGlzdD4KICAgICAg
ICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAgICA8bGlzdCBzdHlsZT0nc3ltYm9scyc+
CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBQYXJhbWV0ZXIgbmFtZTogY29kZQog
ICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFBhcmFt
ZXRlciB1c2FnZSBsb2NhdGlvbjogYXV0aG9yaXphdGlvbiByZXNwb25zZSwgdG9rZW4gcmVxdWVz
dAogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIENo
YW5nZSBjb250cm9sbGVyOiBJRVRGCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0
PgogICAgICAgICAgICAgICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1
bWVudCBdXQogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPC9saXN0PgogICAgICAgICAg
PC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIDxsaXN0IHN0eWxlPSdzeW1ib2xzJz4KICAg
ICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFBhcmFtZXRlciBuYW1lOiBlcnJvcl9kZXNj
cmlwdGlvbgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAg
ICAgIFBhcmFtZXRlciB1c2FnZSBsb2NhdGlvbjogYXV0aG9yaXphdGlvbiByZXNwb25zZSwgdG9r
ZW4gcmVzcG9uc2UKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAg
ICAgICAgICBDaGFuZ2UgY29udHJvbGxlcjogSUVURgogICAgICAgICAgICAgIDwvdD4KICAgICAg
ICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6IFtb
IHRoaXMgZG9jdW1lbnQgXV0KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDwvbGlzdD4K
ICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAgICA8bGlzdCBzdHlsZT0nc3lt
Ym9scyc+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBQYXJhbWV0ZXIgbmFtZTog
ZXJyb3JfdXJpCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAg
ICAgICAgUGFyYW1ldGVyIHVzYWdlIGxvY2F0aW9uOiBhdXRob3JpemF0aW9uIHJlc3BvbnNlLCB0
b2tlbiByZXNwb25zZQogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAg
ICAgICAgICAgIENoYW5nZSBjb250cm9sbGVyOiBJRVRGCiAgICAgICAgICAgICAgPC90PgogICAg
ICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTog
W1sgdGhpcyBkb2N1bWVudCBdXQogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPC9saXN0
PgogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIDxsaXN0IHN0eWxlPSdz
eW1ib2xzJz4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFBhcmFtZXRlciBuYW1l
OiBncmFudF90eXBlCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAg
ICAgICAgICAgUGFyYW1ldGVyIHVzYWdlIGxvY2F0aW9uOiB0b2tlbiByZXF1ZXN0CiAgICAgICAg
ICAgICAgPC90PgogICAgICAgICAgICAgIDx0PgogICAgICAgICAgICAgICAgQ2hhbmdlIGNvbnRy
b2xsZXI6IElFVEYKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAg
ICAgICAgICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOiBbWyB0aGlzIGRvY3VtZW50IF1dCiAg
ICAgICAgICAgICAgPC90PgogICAgICAgICAgICA8L2xpc3Q+CiAgICAgICAgICA8L3Q+CiAgICAg
ICAgICA8dD4KICAgICAgICAgICAgPGxpc3Qgc3R5bGU9J3N5bWJvbHMnPgogICAgICAgICAgICAg
IDx0PgogICAgICAgICAgICAgICAgUGFyYW1ldGVyIG5hbWU6IGFjY2Vzc190b2tlbgogICAgICAg
ICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFBhcmFtZXRlciB1
c2FnZSBsb2NhdGlvbjogYXV0aG9yaXphdGlvbiByZXNwb25zZSwgdG9rZW4gcmVzcG9uc2UKICAg
ICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBDaGFuZ2Ug
Y29udHJvbGxlcjogSUVURgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAg
ICAgICAgICAgICAgIFNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6IFtbIHRoaXMgZG9jdW1lbnQg
XV0KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDwvbGlzdD4KICAgICAgICAgIDwvdD4K
ICAgICAgICAgIDx0PgogICAgICAgICAgICA8bGlzdCBzdHlsZT0nc3ltYm9scyc+CiAgICAgICAg
ICAgICAgPHQ+CiAgICAgICAgICAgICAgICBQYXJhbWV0ZXIgbmFtZTogdG9rZW5fdHlwZQogICAg
ICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFBhcmFtZXRl
ciB1c2FnZSBsb2NhdGlvbjogYXV0aG9yaXphdGlvbiByZXNwb25zZSwgdG9rZW4gcmVzcG9uc2UK
ICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBDaGFu
Z2UgY29udHJvbGxlcjogSUVURgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4K
ICAgICAgICAgICAgICAgIFNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6IFtbIHRoaXMgZG9jdW1l
bnQgXV0KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDwvbGlzdD4KICAgICAgICAgIDwv
dD4KICAgICAgICAgIDx0PgogICAgICAgICAgICA8bGlzdCBzdHlsZT0nc3ltYm9scyc+CiAgICAg
ICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBQYXJhbWV0ZXIgbmFtZTogZXhwaXJlc19pbgog
ICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFBhcmFt
ZXRlciB1c2FnZSBsb2NhdGlvbjogYXV0aG9yaXphdGlvbiByZXNwb25zZSwgdG9rZW4gcmVzcG9u
c2UKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBD
aGFuZ2UgY29udHJvbGxlcjogSUVURgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8
dD4KICAgICAgICAgICAgICAgIFNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6IFtbIHRoaXMgZG9j
dW1lbnQgXV0KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDwvbGlzdD4KICAgICAgICAg
IDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAgICA8bGlzdCBzdHlsZT0nc3ltYm9scyc+CiAg
ICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBQYXJhbWV0ZXIgbmFtZTogdXNlcm5hbWUK
ICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBQYXJh
bWV0ZXIgdXNhZ2UgbG9jYXRpb246IHRva2VuIHJlcXVlc3QKICAgICAgICAgICAgICA8L3Q+CiAg
ICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBDaGFuZ2UgY29udHJvbGxlcjogSUVURgog
ICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFNwZWNp
ZmljYXRpb24gZG9jdW1lbnQocyk6IFtbIHRoaXMgZG9jdW1lbnQgXV0KICAgICAgICAgICAgICA8
L3Q+CiAgICAgICAgICAgIDwvbGlzdD4KICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAg
ICAgICAgICA8bGlzdCBzdHlsZT0nc3ltYm9scyc+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAg
ICAgICAgICBQYXJhbWV0ZXIgbmFtZTogcGFzc3dvcmQKICAgICAgICAgICAgICA8L3Q+CiAgICAg
ICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBQYXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb246IHRv
a2VuIHJlcXVlc3QKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAg
ICAgICAgICBDaGFuZ2UgY29udHJvbGxlcjogSUVURgogICAgICAgICAgICAgIDwvdD4KICAgICAg
ICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6IFtb
IHRoaXMgZG9jdW1lbnQgXV0KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDwvbGlzdD4K
ICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAgICA8bGlzdCBzdHlsZT0nc3lt
Ym9scyc+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBQYXJhbWV0ZXIgbmFtZTog
cmVmcmVzaF90b2tlbgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAg
ICAgICAgICAgIFBhcmFtZXRlciB1c2FnZSBsb2NhdGlvbjogdG9rZW4gcmVxdWVzdCwgdG9rZW4g
cmVzcG9uc2UKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAg
ICAgICBDaGFuZ2UgY29udHJvbGxlcjogSUVURgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAg
ICAgICA8dD4KICAgICAgICAgICAgICAgIFNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6IFtbIHRo
aXMgZG9jdW1lbnQgXV0KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgIDwvbGlzdD4KICAg
ICAgICAgIDwvdD4KICAgICAgICA8L3NlY3Rpb24+CgogICAgICA8L3NlY3Rpb24+CgogICAgICA8
c2VjdGlvbiB0aXRsZT0nVGhlIE9BdXRoIEF1dGhvcml6YXRpb24gRW5kcG9pbnQgUmVzcG9uc2Ug
VHlwZSBSZWdpc3RyeScgYW5jaG9yPSdyZXNwb25zZS10eXBlLXJlZ2lzdHJ5Jz4KICAgICAgICA8
dD4KICAgICAgICAgIFRoaXMgc3BlY2lmaWNhdGlvbiBlc3RhYmxpc2hlcyB0aGUgT0F1dGggYXV0
aG9yaXphdGlvbiBlbmRwb2ludCByZXNwb25zZSB0eXBlIHJlZ2lzdHJ5LgogICAgICAgIDwvdD4K
ICAgICAgICA8dD4KICAgICAgICAgICAgQWRkaXRpb25hbCByZXNwb25zZSB0eXBlIGZvciB1c2Ug
d2l0aCB0aGUgYXV0aG9yaXphdGlvbiBlbmRwb2ludCBhcmUgcmVnaXN0ZXJlZCB3aXRoIGEKICAg
ICAgICAgICAgU3BlY2lmaWNhdGlvbiBSZXF1aXJlZCAoPHhyZWYgdGFyZ2V0PSdSRkM1MjI2JyAv
PikgYWZ0ZXIgYSB0d28gd2Vla3MgcmV2aWV3IHBlcmlvZCBvbgogICAgICAgICAgICB0aGUgW1RC
RF1AaWV0Zi5vcmcgbWFpbGluZyBsaXN0LCBvbiB0aGUgYWR2aWNlIG9mIG9uZSBvciBtb3JlIERl
c2lnbmF0ZWQgRXhwZXJ0cy4KICAgICAgICAgICAgSG93ZXZlciwgdG8gYWxsb3cgZm9yIHRoZSBh
bGxvY2F0aW9uIG9mIHZhbHVlcyBwcmlvciB0byBwdWJsaWNhdGlvbiwgdGhlIERlc2lnbmF0ZWQK
ICAgICAgICAgICAgRXhwZXJ0KHMpIG1heSBhcHByb3ZlIHJlZ2lzdHJhdGlvbiBvbmNlIHRoZXkg
YXJlIHNhdGlzZmllZCB0aGF0IHN1Y2ggYSBzcGVjaWZpY2F0aW9uCiAgICAgICAgICAgIHdpbGwg
YmUgcHVibGlzaGVkLgogICAgICAgICAgPC90PgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIFJl
Z2lzdHJhdGlvbiByZXF1ZXN0cyBtdXN0IGJlIHNlbnQgdG8gdGhlIFtUQkRdQGlldGYub3JnIG1h
aWxpbmcgbGlzdCBmb3IgcmV2aWV3IGFuZAogICAgICAgICAgICBjb21tZW50LCB3aXRoIGFuIGFw
cHJvcHJpYXRlIHN1YmplY3QgKGUuZy4sICJSZXF1ZXN0IGZvciByZXNwb25zZSB0eXBlOiBleGFt
cGxlIikuCiAgICAgICAgICAgIFtbIE5vdGUgdG8gUkZDLUVESVRPUjogVGhlIG5hbWUgb2YgdGhl
IG1haWxpbmcgbGlzdCBzaG91bGQgYmUgZGV0ZXJtaW5lZCBpbiBjb25zdWx0YXRpb24KICAgICAg
ICAgICAgd2l0aCB0aGUgSUVTRyBhbmQgSUFOQS4gU3VnZ2VzdGVkIG5hbWU6IG9hdXRoLWV4dC1y
ZXZpZXcuIF1dCiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAgICAgICAgICAgV2l0aGlu
IHRoZSByZXZpZXcgcGVyaW9kLCB0aGUgRGVzaWduYXRlZCBFeHBlcnQocykgd2lsbCBlaXRoZXIg
YXBwcm92ZSBvcgogICAgICAgICAgICBkZW55IHRoZSByZWdpc3RyYXRpb24gcmVxdWVzdCwgY29t
bXVuaWNhdGluZyB0aGlzIGRlY2lzaW9uIHRvIHRoZSByZXZpZXcgbGlzdCBhbmQgSUFOQS4KICAg
ICAgICAgICAgRGVuaWFscyBzaG91bGQgaW5jbHVkZSBhbiBleHBsYW5hdGlvbiBhbmQsIGlmIGFw
cGxpY2FibGUsIHN1Z2dlc3Rpb25zIGFzIHRvIGhvdyB0byBtYWtlCiAgICAgICAgICAgIHRoZSBy
ZXF1ZXN0IHN1Y2Nlc3NmdWwuCiAgICAgICAgICA8L3Q+CiAgICAgICAgICA8dD4KICAgICAgICAg
ICAgSUFOQSBtdXN0IG9ubHkgYWNjZXB0IHJlZ2lzdHJ5IHVwZGF0ZXMgZnJvbSB0aGUgRGVzaWdu
YXRlZCBFeHBlcnQocyksIGFuZCBzaG91bGQgZGlyZWN0CiAgICAgICAgICAgIGFsbCByZXF1ZXN0
cyBmb3IgcmVnaXN0cmF0aW9uIHRvIHRoZSByZXZpZXcgbWFpbGluZyBsaXN0LgogICAgICAgICAg
PC90PgoKCiAgICAgICAgICA8c2VjdGlvbiB0aXRsZT0nUmVnaXN0cmF0aW9uIFRlbXBsYXRlJz4K
ICAgICAgICAgIDx0PgogICAgICAgICAgICA8bGlzdCBzdHlsZT0naGFuZ2luZyc+CiAgICAgICAg
ICAgICAgPHQgaGFuZ1RleHQ9J1Jlc3BvbnNlIHR5cGUgbmFtZTonPgogICAgICAgICAgICAgICAg
PHZzcGFjZSAvPgogICAgICAgICAgICAgICAgVGhlIG5hbWUgcmVxdWVzdGVkIChlLmcuLCAiZXhh
bXBsZSIpLgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0nQ2hh
bmdlIGNvbnRyb2xsZXI6Jz4KICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAg
ICAgIEZvciBzdGFuZGFyZHMtdHJhY2sgUkZDcywgc3RhdGUgIklFVEYiLiBGb3Igb3RoZXJzLCBn
aXZlIHRoZSBuYW1lIG9mIHRoZQogICAgICAgICAgICAgICAgcmVzcG9uc2libGUgcGFydHkuIE90
aGVyIGRldGFpbHMgKGUuZy4sIHBvc3RhbCBhZGRyZXNzLCBlLW1haWwgYWRkcmVzcywgaG9tZSBw
YWdlCiAgICAgICAgICAgICAgICBVUkkpIG1heSBhbHNvIGJlIGluY2x1ZGVkLgogICAgICAgICAg
ICAgIDwvdD4KICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0nU3BlY2lmaWNhdGlvbiBkb2N1bWVu
dChzKTonPgogICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAgUmVmZXJl
bmNlIHRvIHRoZSBkb2N1bWVudCB0aGF0IHNwZWNpZmllcyB0aGUgdHlwZSwgcHJlZmVyYWJseSBp
bmNsdWRpbmcgYSBVUkkgdGhhdAogICAgICAgICAgICAgICAgY2FuIGJlIHVzZWQgdG8gcmV0cmll
dmUgYSBjb3B5IG9mIHRoZSBkb2N1bWVudC4gQW4gaW5kaWNhdGlvbiBvZiB0aGUgcmVsZXZhbnQK
ICAgICAgICAgICAgICAgIHNlY3Rpb25zIG1heSBhbHNvIGJlIGluY2x1ZGVkLCBidXQgaXMgbm90
IHJlcXVpcmVkLgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPC9saXN0PgogICAgICAg
ICAgPC90PgogICAgICAgIDwvc2VjdGlvbj4KCiAgICAgICAgPHNlY3Rpb24gdGl0bGU9J0luaXRp
YWwgUmVnaXN0cnkgQ29udGVudHMnPgogICAgICAgICAgPHQ+CiAgICAgICAgICAgIFRoZSBPQXV0
aCBBdXRob3JpemF0aW9uIEVuZHBvaW50IFJlc3BvbnNlIFR5cGUgUmVnaXN0cnkncyBpbml0aWFs
IGNvbnRlbnRzIGFyZToKICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAgICA8
bGlzdCBzdHlsZT0nc3ltYm9scyc+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBS
ZXNwb25zZSB0eXBlIG5hbWU6IGNvZGUKICAgICAgICAgICAgICA8L3Q+CiAgICAgICAgICAgICAg
PHQ+CiAgICAgICAgICAgICAgICBDaGFuZ2UgY29udHJvbGxlcjogSUVURgogICAgICAgICAgICAg
IDwvdD4KICAgICAgICAgICAgICA8dD4KICAgICAgICAgICAgICAgIFNwZWNpZmljYXRpb24gZG9j
dW1lbnQocyk6IFtbIHRoaXMgZG9jdW1lbnQgXV0KICAgICAgICAgICAgICA8L3Q+CiAgICAgICAg
ICAgIDwvbGlzdD4KICAgICAgICAgIDwvdD4KICAgICAgICAgIDx0PgogICAgICAgICAgICA8bGlz
dCBzdHlsZT0nc3ltYm9scyc+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBSZXNw
b25zZSB0eXBlIG5hbWU6IHRva2VuCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAgICAgIDx0
PgogICAgICAgICAgICAgICAgQ2hhbmdlIGNvbnRyb2xsZXI6IElFVEYKICAgICAgICAgICAgICA8
L3Q+CiAgICAgICAgICAgICAgPHQ+CiAgICAgICAgICAgICAgICBTcGVjaWZpY2F0aW9uIGRvY3Vt
ZW50KHMpOiBbWyB0aGlzIGRvY3VtZW50IF1dCiAgICAgICAgICAgICAgPC90PgogICAgICAgICAg
ICA8L2xpc3Q+CiAgICAgICAgICA8L3Q+CiAgICAgICAgPC9zZWN0aW9uPgoKICAgICAgPC9zZWN0
aW9uPgoKICAgICAgPHNlY3Rpb24gdGl0bGU9J1RoZSBPQXV0aCBFeHRlbnNpb25zIEVycm9yIFJl
Z2lzdHJ5JyBhbmNob3I9J2Vycm9yLXJlZ2lzdHJ5Jz4KICAgICAgICA8dD4KICAgICAgICAgIFRo
aXMgc3BlY2lmaWNhdGlvbiBlc3RhYmxpc2hlcyB0aGUgT0F1dGggZXh0ZW5zaW9ucyBlcnJvciBy
ZWdpc3RyeS4KICAgICAgICA8L3Q+CiAgICAgICAgPHQ+CiAgICAgICAgICBBZGRpdGlvbmFsIGVy
cm9yIGNvZGVzIHVzZWQgdG9nZXRoZXIgd2l0aCBvdGhlciBwcm90b2NvbCBleHRlbnNpb25zIChp
LmUuIGV4dGVuc2lvbiBncmFudAogICAgICAgICAgdHlwZXMsIGFjY2VzcyB0b2tlbiB0eXBlcywg
b3IgZXh0ZW5zaW9uIHBhcmFtZXRlcnMpIGFyZSByZWdpc3RlcmVkIHdpdGggYSBTcGVjaWZpY2F0
aW9uCiAgICAgICAgICBSZXF1aXJlZCAoPHhyZWYgdGFyZ2V0PSdSRkM1MjI2JyAvPikgYWZ0ZXIg
YSB0d28gd2Vla3MgcmV2aWV3IHBlcmlvZCBvbiB0aGUKICAgICAgICAgIFtUQkRdQGlldGYub3Jn
IG1haWxpbmcgbGlzdCwgb24gdGhlIGFkdmljZSBvZiBvbmUgb3IgbW9yZSBEZXNpZ25hdGVkIEV4
cGVydHMuIEhvd2V2ZXIsIHRvCiAgICAgICAgICBhbGxvdyBmb3IgdGhlIGFsbG9jYXRpb24gb2Yg
dmFsdWVzIHByaW9yIHRvIHB1YmxpY2F0aW9uLCB0aGUgRGVzaWduYXRlZCBFeHBlcnQocykgbWF5
CiAgICAgICAgICBhcHByb3ZlIHJlZ2lzdHJhdGlvbiBvbmNlIHRoZXkgYXJlIHNhdGlzZmllZCB0
aGF0IHN1Y2ggYSBzcGVjaWZpY2F0aW9uIHdpbGwgYmUgcHVibGlzaGVkLgogICAgICAgIDwvdD4K
ICAgICAgICA8dD4KICAgICAgICAgIFJlZ2lzdHJhdGlvbiByZXF1ZXN0cyBtdXN0IGJlIHNlbnQg
dG8gdGhlIFtUQkRdQGlldGYub3JnIG1haWxpbmcgbGlzdCBmb3IgcmV2aWV3IGFuZAogICAgICAg
ICAgY29tbWVudCwgd2l0aCBhbiBhcHByb3ByaWF0ZSBzdWJqZWN0IChlLmcuLCAiUmVxdWVzdCBm
b3IgZXJyb3IgY29kZTogZXhhbXBsZSIpLgogICAgICAgICAgW1sgTm90ZSB0byBSRkMtRURJVE9S
OiBUaGUgbmFtZSBvZiB0aGUgbWFpbGluZyBsaXN0IHNob3VsZCBiZSBkZXRlcm1pbmVkIGluIGNv
bnN1bHRhdGlvbgogICAgICAgICAgd2l0aCB0aGUgSUVTRyBhbmQgSUFOQS4gU3VnZ2VzdGVkIG5h
bWU6IG9hdXRoLWV4dC1yZXZpZXcuIF1dCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAg
ICAgV2l0aGluIHRoZSByZXZpZXcgcGVyaW9kLCB0aGUgRGVzaWduYXRlZCBFeHBlcnQocykgd2ls
bCBlaXRoZXIgYXBwcm92ZSBvcgogICAgICAgICAgZGVueSB0aGUgcmVnaXN0cmF0aW9uIHJlcXVl
c3QsIGNvbW11bmljYXRpbmcgdGhpcyBkZWNpc2lvbiB0byB0aGUgcmV2aWV3IGxpc3QgYW5kIElB
TkEuCiAgICAgICAgICBEZW5pYWxzIHNob3VsZCBpbmNsdWRlIGFuIGV4cGxhbmF0aW9uIGFuZCwg
aWYgYXBwbGljYWJsZSwgc3VnZ2VzdGlvbnMgYXMgdG8gaG93IHRvIG1ha2UKICAgICAgICAgIHRo
ZSByZXF1ZXN0IHN1Y2Nlc3NmdWwuCiAgICAgICAgPC90PgogICAgICAgIDx0PgogICAgICAgICAg
SUFOQSBtdXN0IG9ubHkgYWNjZXB0IHJlZ2lzdHJ5IHVwZGF0ZXMgZnJvbSB0aGUgRGVzaWduYXRl
ZCBFeHBlcnQocyksIGFuZCBzaG91bGQgZGlyZWN0CiAgICAgICAgICBhbGwgcmVxdWVzdHMgZm9y
IHJlZ2lzdHJhdGlvbiB0byB0aGUgcmV2aWV3IG1haWxpbmcgbGlzdC4KICAgICAgICA8L3Q+CgoK
ICAgICAgICA8c2VjdGlvbiB0aXRsZT0nUmVnaXN0cmF0aW9uIFRlbXBsYXRlJz4KICAgICAgICAg
IDx0PgogICAgICAgICAgICA8bGlzdCBzdHlsZT0naGFuZ2luZyc+CiAgICAgICAgICAgICAgPHQg
aGFuZ1RleHQ9J0Vycm9yIG5hbWU6Jz4KICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAg
ICAgICAgICAgIFRoZSBuYW1lIHJlcXVlc3RlZCAoZS5nLiwgImV4YW1wbGUiKS4KICAgICAgICAg
ICAgICA8L3Q+CiAgICAgICAgICAgICAgPHQgaGFuZ1RleHQ9J0Vycm9yIHVzYWdlIGxvY2F0aW9u
Oic+CiAgICAgICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICBUaGUgbG9jYXRp
b24ocykgd2hlcmUgdGhlIGVycm9yIGNhbiBiZSB1c2VkLiBUaGUgcG9zc2libGUgbG9jYXRpb25z
IGFyZToKICAgICAgICAgICAgICAgIGF1dGhvcml6YXRpb24gY29kZSBncmFudCBlcnJvciByZXNw
b25zZSAoPHhyZWYgdGFyZ2V0PSdjb2RlLWF1dGh6LWVycm9yJyAvPiksCiAgICAgICAgICAgICAg
ICBpbXBsaWNpdCBncmFudCBlcnJvciByZXNwb25zZSAoPHhyZWYgdGFyZ2V0PSdpbXBsaWNpdC1h
dXRoei1lcnJvcicgLz4pLAoJCXRva2VuIGVycm9yIHJlc3BvbnNlICg8eHJlZiB0YXJnZXQ9J3Rv
a2VuLWVycm9ycycgLz4pLCBvcgoJCXJlc291cmNlIGFjY2VzcyBlcnJvciByZXNwb25zZSAoPHhy
ZWYgdGFyZ2V0PSdyZXNvdXJjZS1lcnJvcnMnIC8+KS4KICAgICAgICAgICAgICA8L3Q+CiAgICAg
ICAgICAgICAgPHQgaGFuZ1RleHQ9J1JlbGF0ZWQgcHJvdG9jb2wgZXh0ZW5zaW9uOic+CiAgICAg
ICAgICAgICAgICA8dnNwYWNlIC8+CiAgICAgICAgICAgICAgICBUaGUgbmFtZSBvZiB0aGUgZXh0
ZW5zaW9uIGdyYW50IHR5cGUsIGFjY2VzcyB0b2tlbiB0eXBlLCBvciBleHRlbnNpb24gcGFyYW1l
dGVyLAogICAgICAgICAgICAgICAgdGhlIGVycm9yIGNvZGUgaXMgdXNlZCBpbiBjb25qdW5jdGlv
biB3aXRoLgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0nQ2hh
bmdlIGNvbnRyb2xsZXI6Jz4KICAgICAgICAgICAgICAgIDx2c3BhY2UgLz4KICAgICAgICAgICAg
ICAgIEZvciBzdGFuZGFyZHMtdHJhY2sgUkZDcywgc3RhdGUgIklFVEYiLiBGb3Igb3RoZXJzLCBn
aXZlIHRoZSBuYW1lIG9mIHRoZQogICAgICAgICAgICAgICAgcmVzcG9uc2libGUgcGFydHkuIE90
aGVyIGRldGFpbHMgKGUuZy4sIHBvc3RhbCBhZGRyZXNzLCBlLW1haWwgYWRkcmVzcywgaG9tZSBw
YWdlCiAgICAgICAgICAgICAgICBVUkkpIG1heSBhbHNvIGJlIGluY2x1ZGVkLgogICAgICAgICAg
ICAgIDwvdD4KICAgICAgICAgICAgICA8dCBoYW5nVGV4dD0nU3BlY2lmaWNhdGlvbiBkb2N1bWVu
dChzKTonPgogICAgICAgICAgICAgICAgPHZzcGFjZSAvPgogICAgICAgICAgICAgICAgUmVmZXJl
bmNlIHRvIHRoZSBkb2N1bWVudCB0aGF0IHNwZWNpZmllcyB0aGUgZXJyb3IgY29kZSwgcHJlZmVy
YWJseSBpbmNsdWRpbmcgYSBVUkkKICAgICAgICAgICAgICAgIHRoYXQgY2FuIGJlIHVzZWQgdG8g
cmV0cmlldmUgYSBjb3B5IG9mIHRoZSBkb2N1bWVudC4gQW4gaW5kaWNhdGlvbiBvZiB0aGUgcmVs
ZXZhbnQKICAgICAgICAgICAgICAgIHNlY3Rpb25zIG1heSBhbHNvIGJlIGluY2x1ZGVkLCBidXQg
aXMgbm90IHJlcXVpcmVkLgogICAgICAgICAgICAgIDwvdD4KICAgICAgICAgICAgPC9saXN0Pgog
ICAgICAgICAgPC90PgogICAgICAgIDwvc2VjdGlvbj4KCiAgICAgIDwvc2VjdGlvbj4KCiAgICA8
L3NlY3Rpb24+CgogIDwvbWlkZGxlPgoKICA8YmFjaz4KCiAgICA8cmVmZXJlbmNlcyB0aXRsZT0n
Tm9ybWF0aXZlIFJlZmVyZW5jZXMnPgoKICAgICAgPD9yZmMgaW5jbHVkZT0naHR0cDovL3htbC5y
ZXNvdXJjZS5vcmcvcHVibGljL3JmYy9iaWJ4bWwvcmVmZXJlbmNlLlJGQy4yMTE5LnhtbCcgPz4K
ICAgICAgPD9yZmMgaW5jbHVkZT0naHR0cDovL3htbC5yZXNvdXJjZS5vcmcvcHVibGljL3JmYy9i
aWJ4bWwvcmVmZXJlbmNlLlJGQy4yMjQ2LnhtbCcgPz4KICAgICAgPD9yZmMgaW5jbHVkZT0naHR0
cDovL3htbC5yZXNvdXJjZS5vcmcvcHVibGljL3JmYy9iaWJ4bWwvcmVmZXJlbmNlLlJGQy4yNjE2
LnhtbCcgPz4KICAgICAgPD9yZmMgaW5jbHVkZT0naHR0cDovL3htbC5yZXNvdXJjZS5vcmcvcHVi
bGljL3JmYy9iaWJ4bWwvcmVmZXJlbmNlLlJGQy4yNjE3LnhtbCcgPz4KICAgICAgPD9yZmMgaW5j
bHVkZT0naHR0cDovL3htbC5yZXNvdXJjZS5vcmcvcHVibGljL3JmYy9iaWJ4bWwvcmVmZXJlbmNl
LlJGQy4yODE4LnhtbCcgPz4KICAgICAgPD9yZmMgaW5jbHVkZT0naHR0cDovL3htbC5yZXNvdXJj
ZS5vcmcvcHVibGljL3JmYy9iaWJ4bWwvcmVmZXJlbmNlLlJGQy4zOTg2LnhtbCcgPz4KICAgICAg
PD9yZmMgaW5jbHVkZT0naHR0cDovL3htbC5yZXNvdXJjZS5vcmcvcHVibGljL3JmYy9iaWJ4bWwv
cmVmZXJlbmNlLlJGQy40NjI3LnhtbCcgPz4KICAgICAgPD9yZmMgaW5jbHVkZT0naHR0cDovL3ht
bC5yZXNvdXJjZS5vcmcvcHVibGljL3JmYy9iaWJ4bWwvcmVmZXJlbmNlLlJGQy40OTQ5LnhtbCcg
Pz4KICAgICAgPD9yZmMgaW5jbHVkZT0naHR0cDovL3htbC5yZXNvdXJjZS5vcmcvcHVibGljL3Jm
Yy9iaWJ4bWwvcmVmZXJlbmNlLlJGQy41MjI2LnhtbCcgPz4KICAgICAgPD9yZmMgaW5jbHVkZT0n
aHR0cDovL3htbC5yZXNvdXJjZS5vcmcvcHVibGljL3JmYy9iaWJ4bWwvcmVmZXJlbmNlLlJGQy41
MjM0LnhtbCcgPz4KICAgICAgPD9yZmMgaW5jbHVkZT0naHR0cDovL3htbC5yZXNvdXJjZS5vcmcv
cHVibGljL3JmYy9iaWJ4bWwvcmVmZXJlbmNlLlJGQy41MjQ2LnhtbCcgPz4KICAgICAgPD9yZmMg
aW5jbHVkZT0naHR0cDovL3htbC5yZXNvdXJjZS5vcmcvcHVibGljL3JmYy9iaWJ4bWwvcmVmZXJl
bmNlLlJGQy42MTI1LnhtbCcgPz4KICAgICAgPD9yZmMgaW5jbHVkZT0naHR0cDovL3htbC5yZXNv
dXJjZS5vcmcvcHVibGljL3JmYy9iaWJ4bWw0L3JlZmVyZW5jZS5XM0MuUkVDLWh0bWw0MDEtMTk5
OTEyMjQueG1sJyA/PgoKICAgICAgPHJlZmVyZW5jZSBhbmNob3I9IlVTQVNDSUkiPgoJPGZyb250
PgoJICA8dGl0bGU+Q29kZWQgQ2hhcmFjdGVyIFNldCAtLSA3LWJpdCBBbWVyaWNhbiBTdGFuZGFy
ZCBDb2RlIGZvciBJbmZvcm1hdGlvbiBJbnRlcmNoYW5nZTwvdGl0bGU+CgkgIDxhdXRob3I+Cgkg
ICAgPG9yZ2FuaXphdGlvbj5BbWVyaWNhbiBOYXRpb25hbCBTdGFuZGFyZHMgSW5zdGl0dXRlPC9v
cmdhbml6YXRpb24+CgkgIDwvYXV0aG9yPgoJICA8ZGF0ZSB5ZWFyPSIxOTg2Ii8+Cgk8L2Zyb250
PgoJPHNlcmllc0luZm8gbmFtZT0iQU5TSSIgdmFsdWU9IlgzLjQiLz4KICAgICAgPC9yZWZlcmVu
Y2U+CgogICAgPC9yZWZlcmVuY2VzPgoKICAgIDxyZWZlcmVuY2VzIHRpdGxlPSdJbmZvcm1hdGl2
ZSBSZWZlcmVuY2VzJz4KCiAgICAgIDw/cmZjIGluY2x1ZGU9J2h0dHA6Ly94bWwucmVzb3VyY2Uu
b3JnL3B1YmxpYy9yZmMvYmlieG1sL3JlZmVyZW5jZS5SRkMuNTg0OS54bWwnID8+CiAgICAgIDw/
cmZjIGluY2x1ZGU9J2h0dHA6Ly94bWwucmVzb3VyY2Uub3JnL3B1YmxpYy9yZmMvYmlieG1sMy9y
ZWZlcmVuY2UuSS1ELmRyYWZ0LWlldGYtb2F1dGgtdjItYmVhcmVyLTE5LnhtbCcgPz4KICAgICAg
PD9yZmMgaW5jbHVkZT0naHR0cDovL3htbC5yZXNvdXJjZS5vcmcvcHVibGljL3JmYy9iaWJ4bWwz
L3JlZmVyZW5jZS5JLUQuZHJhZnQtaWV0Zi1vYXV0aC1zYW1sMi1iZWFyZXItMTIueG1sJyA/Pgog
ICAgICA8P3JmYyBpbmNsdWRlPSdodHRwOi8veG1sLnJlc291cmNlLm9yZy9wdWJsaWMvcmZjL2Jp
YnhtbDMvcmVmZXJlbmNlLkktRC5kcmFmdC1pZXRmLW9hdXRoLXYyLWh0dHAtbWFjLTAxLnhtbCcg
Pz4KICAgICAgPD9yZmMgaW5jbHVkZT0naHR0cDovL3htbC5yZXNvdXJjZS5vcmcvcHVibGljL3Jm
Yy9iaWJ4bWwzL3JlZmVyZW5jZS5JLUQuZHJhZnQtaWV0Zi1vYXV0aC12Mi10aHJlYXRtb2RlbC0w
Mi54bWwnID8+CiAgICAgIDw/cmZjIGluY2x1ZGU9J2h0dHA6Ly94bWwucmVzb3VyY2Uub3JnL3B1
YmxpYy9yZmMvYmlieG1sMi9yZWZlcmVuY2UuT0FTSVMuc2FtbC1jb3JlLTIuMC1vcy54bWwnID8+
CgogICAgICA8cmVmZXJlbmNlIGFuY2hvcj0iSS1ELmRyYWZ0LWhhcmR0LW9hdXRoLTAxIj4KICAg
ICAgICA8ZnJvbnQ+CiAgICAgICAgICA8dGl0bGU+T0F1dGggV2ViIFJlc291cmNlIEF1dGhvcml6
YXRpb24gUHJvZmlsZXM8L3RpdGxlPgogICAgICAgICAgPGF1dGhvciBpbml0aWFscz0iRCIgc3Vy
bmFtZT0iSGFyZHQiIGZ1bGxuYW1lPSJEaWNrIEhhcmR0IiByb2xlPSJlZGl0b3IiIC8+CiAgICAg
ICAgICA8YXV0aG9yIGluaXRpYWxzPSJBIiBzdXJuYW1lPSJUb20iIGZ1bGxuYW1lPSJBbGxlbiBU
b20iIC8+CiAgICAgICAgICA8YXV0aG9yIGluaXRpYWxzPSJCIiBzdXJuYW1lPSJFYXRvbiIgZnVs
bG5hbWU9IkJyaWFuIEVhdG9uIiAvPgogICAgICAgICAgPGF1dGhvciBpbml0aWFscz0iWSIgc3Vy
bmFtZT0iR29sYW5kIiBmdWxsbmFtZT0iWWFyb24gR29sYW5kIiAvPgogICAgICAgICAgPGRhdGUg
bW9udGg9IkphbnVhcnkiIGRheT0iMTUiIHllYXI9IjIwMTAiIC8+CiAgICAgICAgPC9mcm9udD4K
ICAgICAgICA8Zm9ybWF0IHRhcmdldD0iaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQt
aGFyZHQtb2F1dGgtMDEiIHR5cGU9IkhUTUwiIC8+CiAgICAgIDwvcmVmZXJlbmNlPgoKICAgIDwv
cmVmZXJlbmNlcz4KCiAgICA8c2VjdGlvbiB0aXRsZT0nQWNrbm93bGVkZ2VtZW50cyc+CiAgICAg
IDx0PgogICAgICAgIFRoZSBpbml0aWFsIE9BdXRoIDIuMCBwcm90b2NvbCBzcGVjaWZpY2F0aW9u
IHdhcyBlZGl0ZWQgYnkgRGF2aWQgUmVjb3Jkb24sIGJhc2VkIG9uIHR3bwogICAgICAgIHByZXZp
b3VzIHB1YmxpY2F0aW9uczogdGhlIE9BdXRoIDEuMCBjb21tdW5pdHkgc3BlY2lmaWNhdGlvbiA8
eHJlZiB0YXJnZXQ9J1JGQzU4NDknIC8+LCBhbmQKICAgICAgICBPQXV0aCBXUkFQIChPQXV0aCBX
ZWIgUmVzb3VyY2UgQXV0aG9yaXphdGlvbiBQcm9maWxlcykKICAgICAgICA8eHJlZiB0YXJnZXQ9
J0ktRC5kcmFmdC1oYXJkdC1vYXV0aC0wMScgLz4uIFRoZSBTZWN1cml0eSBDb25zaWRlcmF0aW9u
cyBzZWN0aW9uIHdhcyBkcmFmdGVkCiAgICAgICAgYnkgVG9yc3RlbiBMb2RkZXJzdGVkdCwgTWFy
ayBNY0dsb2luLCBQaGlsIEh1bnQsIGFuZCBBbnRob255IE5hZGFsaW4uCiAgICAgIDwvdD4KICAg
ICAgPHQ+CiAgICAgICAgVGhlIE9BdXRoIDEuMCBjb21tdW5pdHkgc3BlY2lmaWNhdGlvbiB3YXMg
ZWRpdGVkIGJ5IEVyYW4gSGFtbWVyIGFuZCBhdXRob3JlZCBieQogICAgICAgIE1hcmsgQXR3b29k
LCBEaXJrIEJhbGZhbnosIERhcnJlbiBCb3VuZHMsIFJpY2hhcmQgTS4gQ29ubGFuLCBCbGFpbmUg
Q29vaywgTGVhaCBDdWx2ZXIsCiAgICAgICAgQnJlbm8gZGUgTWVkZWlyb3MsIEJyaWFuIEVhdG9u
LCBLZWxsYW4gRWxsaW90dC1NY0NyZWEsIExhcnJ5IEhhbGZmLCBFcmFuIEhhbW1lciwKICAgICAg
ICBCZW4gTGF1cmllLCBDaHJpcyBNZXNzaW5hLCBKb2huIFBhbnplciwgU2FtIFF1aWdsZXksIERh
dmlkIFJlY29yZG9uLCBFcmFuIFNhbmRsZXIsCiAgICAgICAgSm9uYXRoYW4gU2VyZ2VudCwgVG9k
ZCBTaWVsaW5nLCBCcmlhbiBTbGVzaW5za3ksIGFuZCBBbmR5IFNtaXRoLgogICAgICA8L3Q+CiAg
ICAgIDx0PgogICAgICAgIFRoZSBPQXV0aCBXUkFQIHNwZWNpZmljYXRpb24gd2FzIGVkaXRlZCBi
eSBEaWNrIEhhcmR0IGFuZCBhdXRob3JlZCBieSBCcmlhbiBFYXRvbiwKICAgICAgICBZYXJvbiBZ
LiBHb2xhbmQsIERpY2sgSGFyZHQsIGFuZCBBbGxlbiBUb20uCiAgICAgIDwvdD4KICAgICAgPHQ+
CiAgICAgICAgVGhpcyBzcGVjaWZpY2F0aW9uIGlzIHRoZSB3b3JrIG9mIHRoZSBPQXV0aCBXb3Jr
aW5nIEdyb3VwIHdoaWNoIGluY2x1ZGVzIGRvemVucyBvZiBhY3RpdmUKICAgICAgICBhbmQgZGVk
aWNhdGVkIHBhcnRpY2lwYW50cy4gSW4gcGFydGljdWxhciwgdGhlIGZvbGxvd2luZyBpbmRpdmlk
dWFscyBjb250cmlidXRlZCBpZGVhcywKICAgICAgICBmZWVkYmFjaywgYW5kIHdvcmRpbmcgd2hp
Y2ggc2hhcGVkIGFuZCBmb3JtZWQgdGhlIGZpbmFsIHNwZWNpZmljYXRpb246CiAgICAgIDwvdD4K
ICAgICAgPHQ+CiAgICAgICAgTWljaGFlbCBBZGFtcywgQW1hbmRhIEFuZ2FuZXMsIEFuZHJldyBB
cm5vdHQsIERpcmsgQmFsZmFueiwgQWlkZW4gQmVsbCwgQnJpYW4gQ2FtcGJlbGwsCiAgICAgICAg
U2NvdHQgQ2FudG9yLCBNYXJjb3MgQ2FjZXJlcywgQmxhaW5lIENvb2ssIFJvZ2VyIENyZXcsIEJy
aWFuIEVhdG9uLCBXZXNsZXkgRWRkeSwgTGVhaCBDdWx2ZXIsCiAgICAgICAgQmlsbCBkZSBoT3Jh
LCBBbmRyZSBEZU1hcnJlLCBCcmlhbiBFYXRvbiwgV29sdGVyIEVsZGVyaW5nLCBCcmlhbiBFbGxp
biwgSWdvciBGYXluYmVyZywKICAgICAgICBHZW9yZ2UgRmxldGNoZXIsIFRpbSBGcmVlbWFuLCBM
dWNhIEZyb3NpbmksIEV2YW4gR2lsYmVydCwgWWFyb24gWS4gR29sYW5kLCBCcmVudCBHb2xkbWFu
LAogICAgICAgIEtyaXN0b2ZmZXIgR3Jvbm93c2tpLCBKdXN0aW4gSGFydCwgRGljayBIYXJkdCwg
Q3JhaWcgSGVhdGgsIFBoaWwgSHVudCwgTWljaGFlbCBCLiBKb25lcywKICAgICAgICBUZXJyeSBK
b25lcywgSm9obiBLZW1wLCBNYXJrIEtlbnQsIFJhZmZpIEtyaWtvcmlhbiwgQ2hhc2VuIExlIEhh
cmEsIFJhc211cyBMZXJkb3JmLAogICAgICAgIFRvcnN0ZW4gTG9kZGVyc3RlZHQsIEh1aS1MYW4g
THUsIENhc2V5IEx1Y2FzLCBQYXVsIE1hZHNlbiwgQWxhc3RhaXIgTWFpciwgRXZlIE1hbGVyLAog
ICAgICAgIEphbWVzIE1hbmdlciwgTWFyayBNY0dsb2luLCBMYXVyZW5jZSBNaWFvLCBXaWxsaWFt
IE1pbGxzLCBDaHVjayBNb3J0aW1vcmUsIEFudGhvbnkgTmFkYWxpbiwKICAgICAgICBKdWxpYW4g
UmVzY2hrZSwgSnVzdGluIFJpY2hlciwgUGV0ZXIgU2FpbnQtQW5kcmUsIE5hdCBTYWtpbXVyYSwg
Um9iIFNheXJlLAogICAgICAgIE1hcml1cyBTY3VydGVzY3UsIE5haXRpayBTaGFoLCBMdWtlIFNo
ZXBhcmQsIFZsYWQgU2t2b3J0c292LCBKdXN0aW4gU21pdGgsIEhhaWJpbiBTb25nLAogICAgICAg
IE5pdiBTdGVpbmdhcnRlbiwgQ2hyaXN0aWFuIFN0dWJuZXIsIEplcmVteSBTdXJpZWwsIFBhdWwg
VGFyamFuLCBDaHJpc3RvcGhlciBUaG9tYXMsCiAgICAgICAgSGVucnkgUy4gVGhvbXBzb24sIEFs
bGVuIFRvbSwgRnJhbmtsaW4gVHNlLCBOaWNrIFdhbGtlciwgU2hhbmUgV2VlZGVuLCBhbmQgU2t5
bGFyIFdvb2R3YXJkLgogICAgICA8L3Q+CiAgICAgIDx0PgogICAgICAgIFRoaXMgZG9jdW1lbnQg
d2FzIHByb2R1Y2VkIHVuZGVyIHRoZSBjaGFpcm1hbnNoaXAgb2YgQmxhaW5lIENvb2ssIFBldGVy
IFNhaW50LUFuZHJlLAogICAgICAgIEhhbm5lcyBUc2Nob2ZlbmlnLCBCYXJyeSBMZWliYSwgYW5k
IERlcmVrIEF0a2lucy4gVGhlIGFyZWEgZGlyZWN0b3JzIGluY2x1ZGVkIExpc2EgRHVzc2VhdWx0
LAogICAgICAgIFBldGVyIFNhaW50LUFuZHJlLCBhbmQgU3RlcGhlbiBGYXJyZWxsLgogICAgICA8
L3Q+CiAgICA8L3NlY3Rpb24+CgogICAgPHNlY3Rpb24gdGl0bGU9IkVkaXRvcidzIE5vdGVzIj4K
ICAgICAgPHQ+CiAgICAgICAgV2hpbGUgbWFueSBwZW9wbGUgY29udHJpYnV0ZWQgdG8gdGhpcyBz
cGVjaWZpY2F0aW9uIHRocm91Z2hvdXQgaXRzIGxvbmcgam91cm5leSwgdGhlIGVkaXRvcgogICAg
ICAgIHdvdWxkIGxpa2UgdG8gYWNrbm93bGVkZ2UgYW5kIHRoYW5rIGEgZmV3IGluZGl2aWR1YWxz
IGZvciB0aGVpciBvdXRzdGFuZGluZyBhbmQgaW52YWx1YWJsZQogICAgICAgIGVmZm9ydHMgbGVh
ZGluZyB1cCB0byB0aGUgcHVibGljYXRpb24gb2YgdGhpcyBzcGVjaWZpY2F0aW9uLgogICAgICA8
L3Q+CiAgICAgIDx0PgogICAgICAgIERhdmlkIFJlY29yZG9uIGZvciBjb250aW51b3VzbHkgYmVp
bmcgb25lIG9mIE9BdXRoJ3MgbW9zdCB2YWx1YWJsZSBhc3NldHMsIGJyaW5naW5nCiAgICAgICAg
cHJhZ21hdGlzbSBhbmQgdXJnZW5jeSB0byB0aGUgd29yaywgYW5kIGhlbHBpbmcgc2hhcGUgaXQg
ZnJvbSBpdHMgdmVyeSBiZWdpbm5pbmcsIGFzIHdlbGwKICAgICAgICBhcyBiZWluZyBvbmUgb2Yg
dGhlIGJlc3QgY29sbGFib3JhdG9ycyBJIGhhZCB0aGUgcGxlYXN1cmUgb2Ygd29ya2luZyB3aXRo
LgogICAgICA8L3Q+CiAgICAgIDx0PgogICAgICAgIEphbWVzIE1hbmdlciBmb3IgaGlzIGNyZWF0
aXZlIGlkZWFzIGFuZCBhbHdheXMgaW5zaWdodGZ1bCBmZWVkYmFjay4gQnJpYW4gQ2FtcGJlbGws
CiAgICAgICAgVG9yc3RlbiBMb2RkZXJzdGVkdCwgQ2h1Y2sgTW9ydGltb3JlLCBKdXN0aW4gUmlj
aGVyLCBNYXJpdXMgU2N1cnRlc2N1LCBhbmQgTHVrZSBTaGVwYXJkIGZvcgogICAgICAgIHRoZWly
IGNvbnRpbnVlZCBwYXJ0aWNpcGF0aW9uIGFuZCB2YWx1YWJsZSBmZWVkYmFjay4KICAgICAgPC90
PgogICAgICA8dD4KICAgICAgICBTcGVjaWFsIHRoYW5rcyBnb2VzIHRvIE1pa2UgQ3VydGlzIGFu
ZCBZYWhvbyEgZm9yIHRoZWlyIHVuY29uZGl0aW9uYWwgc3VwcG9ydCBvZiB0aGlzIHdvcmsKICAg
ICAgICBmb3Igb3ZlciB0aHJlZSB5ZWFycy4KICAgICAgPC90PgogICAgPC9zZWN0aW9uPgoKICA8
L2JhY2s+Cgo8L3JmYz4K

--_006_4E1F6AAD24975D4BA5B16804296739436651E440TK5EX14MBXC284r_
Content-Type: text/plain; name="draft-ietf-oauth-v2-26+mbj-2.txt"
Content-Description: draft-ietf-oauth-v2-26+mbj-2.txt
Content-Disposition: attachment;
	filename="draft-ietf-oauth-v2-26+mbj-2.txt"; size=153443;
	creation-date="Tue, 29 May 2012 23:01:54 GMT";
	modification-date="Tue, 29 May 2012 23:01:54 GMT"
Content-Transfer-Encoding: base64

CgoKT0F1dGggV29ya2luZyBHcm91cCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgIEUuIEhhbW1lciwgRWQuCkludGVybmV0LURyYWZ0Ck9ic29sZXRlczogNTg0OSAoaWYgYXBw
cm92ZWQpICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBELiBSZWNvcmRvbgpJbnRlbmRl
ZCBzdGF0dXM6IFN0YW5kYXJkcyBUcmFjayAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
RmFjZWJvb2sKRXhwaXJlczogRGVjZW1iZXIgMSwgMjAxMiAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgIEQuIEhhcmR0CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE1pY3Jvc29mdAogICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBNYXkgMzAsIDIwMTIK
CgogICAgICAgICAgICAgICAgIFRoZSBPQXV0aCAyLjAgQXV0aG9yaXphdGlvbiBGcmFtZXdvcmsK
ICAgICAgICAgICAgICAgICAgICAgICAgIGRyYWZ0LWlldGYtb2F1dGgtdjItMjcKCkFic3RyYWN0
CgogICBUaGUgT0F1dGggMi4wIGF1dGhvcml6YXRpb24gZnJhbWV3b3JrIGVuYWJsZXMgYSB0aGly
ZC1wYXJ0eQogICBhcHBsaWNhdGlvbiB0byBvYnRhaW4gbGltaXRlZCBhY2Nlc3MgdG8gYW4gSFRU
UCBzZXJ2aWNlLCBlaXRoZXIgb24KICAgYmVoYWxmIG9mIGEgcmVzb3VyY2Ugb3duZXIgYnkgb3Jj
aGVzdHJhdGluZyBhbiBhcHByb3ZhbCBpbnRlcmFjdGlvbgogICBiZXR3ZWVuIHRoZSByZXNvdXJj
ZSBvd25lciBhbmQgdGhlIEhUVFAgc2VydmljZSwgb3IgYnkgYWxsb3dpbmcgdGhlCiAgIHRoaXJk
LXBhcnR5IGFwcGxpY2F0aW9uIHRvIG9idGFpbiBhY2Nlc3Mgb24gaXRzIG93biBiZWhhbGYuICBU
aGlzCiAgIHNwZWNpZmljYXRpb24gcmVwbGFjZXMgYW5kIG9ic29sZXRlcyB0aGUgT0F1dGggMS4w
IHByb3RvY29sIGRlc2NyaWJlZAogICBpbiBSRkMgNTg0OS4KClN0YXR1cyBvZiB0aGlzIE1lbW8K
CiAgIFRoaXMgSW50ZXJuZXQtRHJhZnQgaXMgc3VibWl0dGVkIGluIGZ1bGwgY29uZm9ybWFuY2Ug
d2l0aCB0aGUKICAgcHJvdmlzaW9ucyBvZiBCQ1AgNzggYW5kIEJDUCA3OS4KCiAgIEludGVybmV0
LURyYWZ0cyBhcmUgd29ya2luZyBkb2N1bWVudHMgb2YgdGhlIEludGVybmV0IEVuZ2luZWVyaW5n
CiAgIFRhc2sgRm9yY2UgKElFVEYpLiAgTm90ZSB0aGF0IG90aGVyIGdyb3VwcyBtYXkgYWxzbyBk
aXN0cmlidXRlCiAgIHdvcmtpbmcgZG9jdW1lbnRzIGFzIEludGVybmV0LURyYWZ0cy4gIFRoZSBs
aXN0IG9mIGN1cnJlbnQgSW50ZXJuZXQtCiAgIERyYWZ0cyBpcyBhdCBodHRwOi8vZGF0YXRyYWNr
ZXIuaWV0Zi5vcmcvZHJhZnRzL2N1cnJlbnQvLgoKICAgSW50ZXJuZXQtRHJhZnRzIGFyZSBkcmFm
dCBkb2N1bWVudHMgdmFsaWQgZm9yIGEgbWF4aW11bSBvZiBzaXggbW9udGhzCiAgIGFuZCBtYXkg
YmUgdXBkYXRlZCwgcmVwbGFjZWQsIG9yIG9ic29sZXRlZCBieSBvdGhlciBkb2N1bWVudHMgYXQg
YW55CiAgIHRpbWUuICBJdCBpcyBpbmFwcHJvcHJpYXRlIHRvIHVzZSBJbnRlcm5ldC1EcmFmdHMg
YXMgcmVmZXJlbmNlCiAgIG1hdGVyaWFsIG9yIHRvIGNpdGUgdGhlbSBvdGhlciB0aGFuIGFzICJ3
b3JrIGluIHByb2dyZXNzLiIKCiAgIFRoaXMgSW50ZXJuZXQtRHJhZnQgd2lsbCBleHBpcmUgb24g
RGVjZW1iZXIgMSwgMjAxMi4KCkNvcHlyaWdodCBOb3RpY2UKCiAgIENvcHlyaWdodCAoYykgMjAx
MiBJRVRGIFRydXN0IGFuZCB0aGUgcGVyc29ucyBpZGVudGlmaWVkIGFzIHRoZQogICBkb2N1bWVu
dCBhdXRob3JzLiAgQWxsIHJpZ2h0cyByZXNlcnZlZC4KCiAgIFRoaXMgZG9jdW1lbnQgaXMgc3Vi
amVjdCB0byBCQ1AgNzggYW5kIHRoZSBJRVRGIFRydXN0J3MgTGVnYWwKICAgUHJvdmlzaW9ucyBS
ZWxhdGluZyB0byBJRVRGIERvY3VtZW50cwogICAoaHR0cDovL3RydXN0ZWUuaWV0Zi5vcmcvbGlj
ZW5zZS1pbmZvKSBpbiBlZmZlY3Qgb24gdGhlIGRhdGUgb2YKICAgcHVibGljYXRpb24gb2YgdGhp
cyBkb2N1bWVudC4gIFBsZWFzZSByZXZpZXcgdGhlc2UgZG9jdW1lbnRzCgoKCkhhbW1lciwgZXQg
YWwuICAgICAgICAgIEV4cGlyZXMgRGVjZW1iZXIgMSwgMjAxMiAgICAgICAgICAgICAgICBbUGFn
ZSAxXQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAgICAg
ICAgICAgICAgICAgICBNYXkgMjAxMgoKCiAgIGNhcmVmdWxseSwgYXMgdGhleSBkZXNjcmliZSB5
b3VyIHJpZ2h0cyBhbmQgcmVzdHJpY3Rpb25zIHdpdGggcmVzcGVjdAogICB0byB0aGlzIGRvY3Vt
ZW50LiAgQ29kZSBDb21wb25lbnRzIGV4dHJhY3RlZCBmcm9tIHRoaXMgZG9jdW1lbnQgbXVzdAog
ICBpbmNsdWRlIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgdGV4dCBhcyBkZXNjcmliZWQgaW4gU2Vj
dGlvbiA0LmUgb2YKICAgdGhlIFRydXN0IExlZ2FsIFByb3Zpc2lvbnMgYW5kIGFyZSBwcm92aWRl
ZCB3aXRob3V0IHdhcnJhbnR5IGFzCiAgIGRlc2NyaWJlZCBpbiB0aGUgU2ltcGxpZmllZCBCU0Qg
TGljZW5zZS4KCgpUYWJsZSBvZiBDb250ZW50cwoKICAgMS4gIEludHJvZHVjdGlvbiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICA1CiAgICAgMS4xLiAg
IFJvbGVzIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAgNgogICAgIDEuMi4gICBQcm90b2NvbCBGbG93IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gIDcKICAgICAxLjMuICAgQXV0aG9yaXphdGlvbiBHcmFudCAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICA4CiAgICAgICAxLjMuMS4gIEF1dGhv
cml6YXRpb24gQ29kZSAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgOAogICAg
ICAgMS4zLjIuICBJbXBsaWNpdCAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gIDgKICAgICAgIDEuMy4zLiAgUmVzb3VyY2UgT3duZXIgUGFzc3dvcmQgQ3JlZGVu
dGlhbHMgIC4gLiAuIC4gLiAuIC4gLiAuICA5CiAgICAgICAxLjMuNC4gIENsaWVudCBDcmVkZW50
aWFscyAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgOQogICAgIDEuNC4gICBB
Y2Nlc3MgVG9rZW4gIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
IDkKICAgICAxLjUuICAgUmVmcmVzaCBUb2tlbiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIDEwCiAgICAgMS42LiAgIFRMUyBWZXJzaW9uIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAxMgogICAgIDEuNy4gICBIVFRQIFJlZGly
ZWN0aW9ucyAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMTIKICAgICAx
LjguICAgSW50ZXJvcGVyYWJpbGl0eSAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIDEyCiAgICAgMS45LiAgIE5vdGF0aW9uYWwgQ29udmVudGlvbnMgIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAxMwogICAyLiAgQ2xpZW50IFJlZ2lzdHJhdGlvbiAgLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMTMKICAgICAyLjEuICAgQ2xp
ZW50IFR5cGVzICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDE0
CiAgICAgMi4yLiAgIENsaWVudCBJZGVudGlmaWVyIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAxNQogICAgIDIuMy4gICBDbGllbnQgQXV0aGVudGljYXRpb24gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMTUKICAgICAgIDIuMy4xLiAgQ2xpZW50IFBh
c3N3b3JkICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDE2CiAgICAgICAy
LjMuMi4gIE90aGVyIEF1dGhlbnRpY2F0aW9uIE1ldGhvZHMgLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAxNwogICAgIDIuNC4gICBVbnJlZ2lzdGVyZWQgQ2xpZW50cyAgLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gMTcKICAgMy4gIFByb3RvY29sIEVuZHBvaW50cyAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDE3CiAgICAgMy4xLiAgIEF1dGhv
cml6YXRpb24gRW5kcG9pbnQgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAxNwog
ICAgICAgMy4xLjEuICBSZXNwb25zZSBUeXBlICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gMTgKICAgICAgIDMuMS4yLiAgUmVkaXJlY3Rpb24gRW5kcG9pbnQgLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDE5CiAgICAgMy4yLiAgIFRva2VuIEVuZHBvaW50
ICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAyMQogICAgICAgMy4y
LjEuICBDbGllbnQgQXV0aGVudGljYXRpb24gIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gMjEKICAgICAzLjMuICAgQWNjZXNzIFRva2VuIFNjb3BlICAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIDIyCiAgIDQuICBPYnRhaW5pbmcgQXV0aG9yaXphdGlvbiAgLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAyMwogICAgIDQuMS4gICBBdXRob3Jp
emF0aW9uIENvZGUgR3JhbnQgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMjMKICAg
ICAgIDQuMS4xLiAgQXV0aG9yaXphdGlvbiBSZXF1ZXN0ICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIDI0CiAgICAgICA0LjEuMi4gIEF1dGhvcml6YXRpb24gUmVzcG9uc2UgLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAyNQogICAgICAgNC4xLjMuICBBY2Nlc3MgVG9rZW4g
UmVxdWVzdCAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMjcKICAgICAgIDQuMS40
LiAgQWNjZXNzIFRva2VuIFJlc3BvbnNlICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IDI4CiAgICAgNC4yLiAgIEltcGxpY2l0IEdyYW50ICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAyOQogICAgICAgNC4yLjEuICBBdXRob3JpemF0aW9uIFJlcXVlc3Qg
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMzEKICAgICAgIDQuMi4yLiAgQWNjZXNz
IFRva2VuIFJlc3BvbnNlICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDMyCiAgICAg
NC4zLiAgIFJlc291cmNlIE93bmVyIFBhc3N3b3JkIENyZWRlbnRpYWxzIEdyYW50IC4gLiAuIC4g
LiAuIC4gLiAzNQogICAgICAgNC4zLjEuICBBdXRob3JpemF0aW9uIFJlcXVlc3QgYW5kIFJlc3Bv
bnNlIC4gLiAuIC4gLiAuIC4gLiAuIC4gMzYKCgoKSGFtbWVyLCBldCBhbC4gICAgICAgICAgRXhw
aXJlcyBEZWNlbWJlciAxLCAyMDEyICAgICAgICAgICAgICAgIFtQYWdlIDJdCgwKSW50ZXJuZXQt
RHJhZnQgICAgICAgICAgICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAgICAgICAgIE1h
eSAyMDEyCgoKICAgICAgIDQuMy4yLiAgQWNjZXNzIFRva2VuIFJlcXVlc3QgLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIDM2CiAgICAgICA0LjMuMy4gIEFjY2VzcyBUb2tlbiBSZXNw
b25zZSAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAzNwogICAgIDQuNC4gICBDbGll
bnQgQ3JlZGVudGlhbHMgR3JhbnQgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMzcK
ICAgICAgIDQuNC4xLiAgQXV0aG9yaXphdGlvbiBSZXF1ZXN0IGFuZCBSZXNwb25zZSAuIC4gLiAu
IC4gLiAuIC4gLiAuIDM4CiAgICAgICA0LjQuMi4gIEFjY2VzcyBUb2tlbiBSZXF1ZXN0IC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAzOAogICAgICAgNC40LjMuICBBY2Nlc3MgVG9r
ZW4gUmVzcG9uc2UgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMzkKICAgICA0LjUu
ICAgRXh0ZW5zaW9uIEdyYW50cyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIDM5CiAgIDUuICBJc3N1aW5nIGFuIEFjY2VzcyBUb2tlbiAgLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiA0MAogICAgIDUuMS4gICBTdWNjZXNzZnVsIFJlc3BvbnNlIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gNDAKICAgICA1LjIuICAgRXJyb3Ig
UmVzcG9uc2UgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDQxCiAg
IDYuICBSZWZyZXNoaW5nIGFuIEFjY2VzcyBUb2tlbiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiA0MwogICA3LiAgQWNjZXNzaW5nIFByb3RlY3RlZCBSZXNvdXJjZXMgIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gNDQKICAgICA3LjEuICAgQWNjZXNzIFRva2VuIFR5
cGVzICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDQ1CiAgICAgNy4yLiAg
IEVycm9yIFJlc3BvbnNlICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiA0NgogICA4LiAgRXh0ZW5zaWJpbGl0eSAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gNDYKICAgICA4LjEuICAgRGVmaW5pbmcgQWNjZXNzIFRva2VuIFR5
cGVzIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDQ2CiAgICAgOC4yLiAgIERlZmluaW5n
IE5ldyBFbmRwb2ludCBQYXJhbWV0ZXJzICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiA0NwogICAg
IDguMy4gICBEZWZpbmluZyBOZXcgQXV0aG9yaXphdGlvbiBHcmFudCBUeXBlcyAgLiAuIC4gLiAu
IC4gLiAuIC4gNDcKICAgICA4LjQuICAgRGVmaW5pbmcgTmV3IEF1dGhvcml6YXRpb24gRW5kcG9p
bnQgUmVzcG9uc2UgVHlwZXMgIC4gLiAuIDQ3CiAgICAgOC41LiAgIERlZmluaW5nIEFkZGl0aW9u
YWwgRXJyb3IgQ29kZXMgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiA0OAogICA5LiAgTmF0aXZl
IEFwcGxpY2F0aW9ucyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
NDgKICAgMTAuIFNlY3VyaXR5IENvbnNpZGVyYXRpb25zICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIDUwCiAgICAgMTAuMS4gIENsaWVudCBBdXRoZW50aWNhdGlvbiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiA1MAogICAgIDEwLjIuICBDbGllbnQgSW1w
ZXJzb25hdGlvbiAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gNTAKICAgICAx
MC4zLiAgQWNjZXNzIFRva2VucyAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIDUxCiAgICAgMTAuNC4gIFJlZnJlc2ggVG9rZW5zICAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiA1MgogICAgIDEwLjUuICBBdXRob3JpemF0aW9uIENvZGVz
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gNTIKICAgICAxMC42LiAgQXV0
aG9yaXphdGlvbiBDb2RlIFJlZGlyZWN0aW9uIFVSSSBNYW5pcHVsYXRpb24gLiAuIC4gLiAuIDUz
CiAgICAgMTAuNy4gIFJlc291cmNlIE93bmVyIFBhc3N3b3JkIENyZWRlbnRpYWxzIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiA1NAogICAgIDEwLjguICBSZXF1ZXN0IENvbmZpZGVudGlhbGl0eSAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gNTQKICAgICAxMC45LiAgRW5kcG9pbnRzIEF1
dGhlbnRpY2l0eSAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDU0CiAgICAgMTAu
MTAuIENyZWRlbnRpYWxzIEd1ZXNzaW5nIEF0dGFja3MgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiA1NAogICAgIDEwLjExLiBQaGlzaGluZyBBdHRhY2tzICAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gNTUKICAgICAxMC4xMi4gQ3Jvc3MtU2l0ZSBSZXF1ZXN0IEZv
cmdlcnkgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDU1CiAgICAgMTAuMTMuIENsaWNr
amFja2luZyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiA1Ngog
ICAgIDEwLjE0LiBDb2RlIEluamVjdGlvbiBhbmQgSW5wdXQgVmFsaWRhdGlvbiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gNTcKICAgICAxMC4xNS4gT3BlbiBSZWRpcmVjdG9ycyAgLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDU3CiAgIDExLiBJQU5BIENvbnNpZGVyYXRpb25z
ICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiA1NwogICAgIDExLjEu
ICBUaGUgT0F1dGggQWNjZXNzIFRva2VuIFR5cGUgUmVnaXN0cnkgIC4gLiAuIC4gLiAuIC4gLiAu
IC4gNTcKICAgICAgIDExLjEuMS4gUmVnaXN0cmF0aW9uIFRlbXBsYXRlICAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIDU4CiAgICAgMTEuMi4gIFRoZSBPQXV0aCBQYXJhbWV0ZXJzIFJl
Z2lzdHJ5IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiA1OAogICAgICAgMTEuMi4xLiBSZWdp
c3RyYXRpb24gVGVtcGxhdGUgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gNTkKICAg
ICAgIDExLjIuMi4gSW5pdGlhbCBSZWdpc3RyeSBDb250ZW50cyAgLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIDU5CiAgICAgMTEuMy4gIFRoZSBPQXV0aCBBdXRob3JpemF0aW9uIEVuZHBvaW50
IFJlc3BvbnNlIFR5cGUKICAgICAgICAgICAgUmVnaXN0cnkgIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDYxCiAgICAgICAxMS4zLjEuIFJlZ2lzdHJhdGlv
biBUZW1wbGF0ZSAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiA2MgogICAgICAgMTEu
My4yLiBJbml0aWFsIFJlZ2lzdHJ5IENvbnRlbnRzICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gNjIKICAgICAxMS40LiAgVGhlIE9BdXRoIEV4dGVuc2lvbnMgRXJyb3IgUmVnaXN0cnkgLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIDYyCgoKCkhhbW1lciwgZXQgYWwuICAgICAgICAgIEV4cGlyZXMg
RGVjZW1iZXIgMSwgMjAxMiAgICAgICAgICAgICAgICBbUGFnZSAzXQoMCkludGVybmV0LURyYWZ0
ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAgICAgICAgICAgICAgICAgICBNYXkgMjAx
MgoKCiAgICAgICAxMS40LjEuIFJlZ2lzdHJhdGlvbiBUZW1wbGF0ZSAgLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiA2MwogICAxMi4gUmVmZXJlbmNlcyAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gNjMKICAgICAxMi4xLiAgTm9ybWF0aXZl
IFJlZmVyZW5jZXMgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDYzCiAgICAg
MTIuMi4gIEluZm9ybWF0aXZlIFJlZmVyZW5jZXMgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiA2NQogICBBcHBlbmRpeCBBLiAgQWNrbm93bGVkZ2VtZW50cyAgLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gNjUKICAgQXBwZW5kaXggQi4gIEVkaXRvcidzIE5vdGVz
ICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIDY2CiAgIEF1dGhvcnMnIEFk
ZHJlc3NlcyAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiA2
NwoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCkhhbW1lciwgZXQg
YWwuICAgICAgICAgIEV4cGlyZXMgRGVjZW1iZXIgMSwgMjAxMiAgICAgICAgICAgICAgICBbUGFn
ZSA0XQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAgICAg
ICAgICAgICAgICAgICBNYXkgMjAxMgoKCjEuICBJbnRyb2R1Y3Rpb24KCiAgIEluIHRoZSB0cmFk
aXRpb25hbCBjbGllbnQtc2VydmVyIGF1dGhlbnRpY2F0aW9uIG1vZGVsLCB0aGUgY2xpZW50CiAg
IHJlcXVlc3RzIGFuIGFjY2VzcyByZXN0cmljdGVkIHJlc291cmNlIChwcm90ZWN0ZWQgcmVzb3Vy
Y2UpIG9uIHRoZQogICBzZXJ2ZXIgYnkgYXV0aGVudGljYXRpbmcgd2l0aCB0aGUgc2VydmVyIHVz
aW5nIHRoZSByZXNvdXJjZSBvd25lcidzCiAgIGNyZWRlbnRpYWxzLiAgSW4gb3JkZXIgdG8gcHJv
dmlkZSB0aGlyZC1wYXJ0eSBhcHBsaWNhdGlvbnMgYWNjZXNzIHRvCiAgIHJlc3RyaWN0ZWQgcmVz
b3VyY2VzLCB0aGUgcmVzb3VyY2Ugb3duZXIgc2hhcmVzIGl0cyBjcmVkZW50aWFscyB3aXRoCiAg
IHRoZSB0aGlyZC1wYXJ0eS4gIFRoaXMgY3JlYXRlcyBzZXZlcmFsIHByb2JsZW1zIGFuZCBsaW1p
dGF0aW9uczoKCiAgIG8gIFRoaXJkLXBhcnR5IGFwcGxpY2F0aW9ucyBhcmUgcmVxdWlyZWQgdG8g
c3RvcmUgdGhlIHJlc291cmNlCiAgICAgIG93bmVyJ3MgY3JlZGVudGlhbHMgZm9yIGZ1dHVyZSB1
c2UsIHR5cGljYWxseSBhIHBhc3N3b3JkIGluIGNsZWFyLQogICAgICB0ZXh0LgogICBvICBTZXJ2
ZXJzIGFyZSByZXF1aXJlZCB0byBzdXBwb3J0IHBhc3N3b3JkIGF1dGhlbnRpY2F0aW9uLCBkZXNw
aXRlCiAgICAgIHRoZSBzZWN1cml0eSB3ZWFrbmVzc2VzIGluaGVyZW50IGluIHBhc3N3b3Jkcy4K
ICAgbyAgVGhpcmQtcGFydHkgYXBwbGljYXRpb25zIGdhaW4gb3Zlcmx5IGJyb2FkIGFjY2VzcyB0
byB0aGUgcmVzb3VyY2UKICAgICAgb3duZXIncyBwcm90ZWN0ZWQgcmVzb3VyY2VzLCBsZWF2aW5n
IHJlc291cmNlIG93bmVycyB3aXRob3V0IGFueQogICAgICBhYmlsaXR5IHRvIHJlc3RyaWN0IGR1
cmF0aW9uIG9yIGFjY2VzcyB0byBhIGxpbWl0ZWQgc3Vic2V0IG9mCiAgICAgIHJlc291cmNlcy4K
ICAgbyAgUmVzb3VyY2Ugb3duZXJzIGNhbm5vdCByZXZva2UgYWNjZXNzIHRvIGFuIGluZGl2aWR1
YWwgdGhpcmQtcGFydHkKICAgICAgd2l0aG91dCByZXZva2luZyBhY2Nlc3MgdG8gYWxsIHRoaXJk
LXBhcnRpZXMsIGFuZCBtdXN0IGRvIHNvIGJ5CiAgICAgIGNoYW5naW5nIHRoZWlyIHBhc3N3b3Jk
LgogICBvICBDb21wcm9taXNlIG9mIGFueSB0aGlyZC1wYXJ0eSBhcHBsaWNhdGlvbiByZXN1bHRz
IGluIGNvbXByb21pc2Ugb2YKICAgICAgdGhlIGVuZC11c2VyJ3MgcGFzc3dvcmQgYW5kIGFsbCBv
ZiB0aGUgZGF0YSBwcm90ZWN0ZWQgYnkgdGhhdAogICAgICBwYXNzd29yZC4KCiAgIE9BdXRoIGFk
ZHJlc3NlcyB0aGVzZSBpc3N1ZXMgYnkgaW50cm9kdWNpbmcgYW4gYXV0aG9yaXphdGlvbiBsYXll
cgogICBhbmQgc2VwYXJhdGluZyB0aGUgcm9sZSBvZiB0aGUgY2xpZW50IGZyb20gdGhhdCBvZiB0
aGUgcmVzb3VyY2UKICAgb3duZXIuICBJbiBPQXV0aCwgdGhlIGNsaWVudCByZXF1ZXN0cyBhY2Nl
c3MgdG8gcmVzb3VyY2VzIGNvbnRyb2xsZWQKICAgYnkgdGhlIHJlc291cmNlIG93bmVyIGFuZCBo
b3N0ZWQgYnkgdGhlIHJlc291cmNlIHNlcnZlciwgYW5kIGlzCiAgIGlzc3VlZCBhIGRpZmZlcmVu
dCBzZXQgb2YgY3JlZGVudGlhbHMgdGhhbiB0aG9zZSBvZiB0aGUgcmVzb3VyY2UKICAgb3duZXIu
CgogICBJbnN0ZWFkIG9mIHVzaW5nIHRoZSByZXNvdXJjZSBvd25lcidzIGNyZWRlbnRpYWxzIHRv
IGFjY2VzcyBwcm90ZWN0ZWQKICAgcmVzb3VyY2VzLCB0aGUgY2xpZW50IG9idGFpbnMgYW4gYWNj
ZXNzIHRva2VuIC0gYSBzdHJpbmcgZGVub3RpbmcgYQogICBzcGVjaWZpYyBzY29wZSwgbGlmZXRp
bWUsIGFuZCBvdGhlciBhY2Nlc3MgYXR0cmlidXRlcy4gIEFjY2VzcyB0b2tlbnMKICAgYXJlIGlz
c3VlZCB0byB0aGlyZC1wYXJ0eSBjbGllbnRzIGJ5IGFuIGF1dGhvcml6YXRpb24gc2VydmVyIHdp
dGggdGhlCiAgIGFwcHJvdmFsIG9mIHRoZSByZXNvdXJjZSBvd25lci4gIFRoZSBjbGllbnQgdXNl
cyB0aGUgYWNjZXNzIHRva2VuIHRvCiAgIGFjY2VzcyB0aGUgcHJvdGVjdGVkIHJlc291cmNlcyBo
b3N0ZWQgYnkgdGhlIHJlc291cmNlIHNlcnZlci4KCiAgIEZvciBleGFtcGxlLCBhbiBlbmQtdXNl
ciAocmVzb3VyY2Ugb3duZXIpIGNhbiBncmFudCBhIHByaW50aW5nCiAgIHNlcnZpY2UgKGNsaWVu
dCkgYWNjZXNzIHRvIGhlciBwcm90ZWN0ZWQgcGhvdG9zIHN0b3JlZCBhdCBhIHBob3RvCiAgIHNo
YXJpbmcgc2VydmljZSAocmVzb3VyY2Ugc2VydmVyKSwgd2l0aG91dCBzaGFyaW5nIGhlciB1c2Vy
bmFtZSBhbmQKICAgcGFzc3dvcmQgd2l0aCB0aGUgcHJpbnRpbmcgc2VydmljZS4gIEluc3RlYWQs
IHNoZSBhdXRoZW50aWNhdGVzCiAgIGRpcmVjdGx5IHdpdGggYSBzZXJ2ZXIgdHJ1c3RlZCBieSB0
aGUgcGhvdG8gc2hhcmluZyBzZXJ2aWNlCiAgIChhdXRob3JpemF0aW9uIHNlcnZlcikgd2hpY2gg
aXNzdWVzIHRoZSBwcmludGluZyBzZXJ2aWNlIGRlbGVnYXRpb24tCiAgIHNwZWNpZmljIGNyZWRl
bnRpYWxzIChhY2Nlc3MgdG9rZW4pLgoKICAgVGhpcyBzcGVjaWZpY2F0aW9uIGlzIGRlc2lnbmVk
IGZvciB1c2Ugd2l0aCBIVFRQIChbUkZDMjYxNl0pLiAgVGhlCgoKCkhhbW1lciwgZXQgYWwuICAg
ICAgICAgIEV4cGlyZXMgRGVjZW1iZXIgMSwgMjAxMiAgICAgICAgICAgICAgICBbUGFnZSA1XQoM
CkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAgICAgICAgICAg
ICAgICAgICBNYXkgMjAxMgoKCiAgIHVzZSBvZiBPQXV0aCBvdmVyIGFueSBvdGhlciBwcm90b2Nv
bCB0aGFuIEhUVFAgaXMgb3V0IG9mIHNjb3BlLgoKICAgVGhlIE9BdXRoIDEuMCBwcm90b2NvbCAo
W1JGQzU4NDldKSwgcHVibGlzaGVkIGFzIGFuIGluZm9ybWF0aW9uYWwKICAgZG9jdW1lbnQsIHdh
cyB0aGUgcmVzdWx0IG9mIGEgc21hbGwgYWQtaG9jIGNvbW11bml0eSBlZmZvcnQuICBUaGlzCiAg
IHN0YW5kYXJkcy10cmFjayBzcGVjaWZpY2F0aW9uIGJ1aWxkcyBvbiB0aGUgT0F1dGggMS4wIGRl
cGxveW1lbnQKICAgZXhwZXJpZW5jZSwgYXMgd2VsbCBhcyBhZGRpdGlvbmFsIHVzZSBjYXNlcyBh
bmQgZXh0ZW5zaWJpbGl0eQogICByZXF1aXJlbWVudHMgZ2F0aGVyZWQgZnJvbSB0aGUgd2lkZXIg
SUVURiBjb21tdW5pdHkuICBUaGUgT0F1dGggMi4wCiAgIHByb3RvY29sIGlzIG5vdCBiYWNrd2Fy
ZCBjb21wYXRpYmxlIHdpdGggT0F1dGggMS4wLiAgVGhlIHR3byB2ZXJzaW9ucwogICBtYXkgY28t
ZXhpc3Qgb24gdGhlIG5ldHdvcmsgYW5kIGltcGxlbWVudGF0aW9ucyBtYXkgY2hvb3NlIHRvIHN1
cHBvcnQKICAgYm90aC4gIEhvd2V2ZXIsIGl0IGlzIHRoZSBpbnRlbnRpb24gb2YgdGhpcyBzcGVj
aWZpY2F0aW9uIHRoYXQgbmV3CiAgIGltcGxlbWVudGF0aW9uIHN1cHBvcnQgT0F1dGggMi4wIGFz
IHNwZWNpZmllZCBpbiB0aGlzIGRvY3VtZW50LCBhbmQKICAgdGhhdCBPQXV0aCAxLjAgaXMgdXNl
ZCBvbmx5IHRvIHN1cHBvcnQgZXhpc3RpbmcgZGVwbG95bWVudHMuICBUaGUKICAgT0F1dGggMi4w
IHByb3RvY29sIHNoYXJlcyB2ZXJ5IGZldyBpbXBsZW1lbnRhdGlvbiBkZXRhaWxzIHdpdGggdGhl
CiAgIE9BdXRoIDEuMCBwcm90b2NvbC4gIEltcGxlbWVudGVycyBmYW1pbGlhciB3aXRoIE9BdXRo
IDEuMCBzaG91bGQKICAgYXBwcm9hY2ggdGhpcyBkb2N1bWVudCB3aXRob3V0IGFueSBhc3N1bXB0
aW9ucyBhcyB0byBpdHMgc3RydWN0dXJlCiAgIGFuZCBkZXRhaWxzLgoKMS4xLiAgUm9sZXMKCiAg
IE9BdXRoIGRlZmluZXMgZm91ciByb2xlczoKCiAgIHJlc291cmNlIG93bmVyCiAgICAgIEFuIGVu
dGl0eSBjYXBhYmxlIG9mIGdyYW50aW5nIGFjY2VzcyB0byBhIHByb3RlY3RlZCByZXNvdXJjZS4K
ICAgICAgV2hlbiB0aGUgcmVzb3VyY2Ugb3duZXIgaXMgYSBwZXJzb24sIGl0IGlzIHJlZmVycmVk
IHRvIGFzIGFuIGVuZC0KICAgICAgdXNlci4KICAgcmVzb3VyY2Ugc2VydmVyCiAgICAgIFRoZSBz
ZXJ2ZXIgaG9zdGluZyB0aGUgcHJvdGVjdGVkIHJlc291cmNlcywgY2FwYWJsZSBvZiBhY2NlcHRp
bmcKICAgICAgYW5kIHJlc3BvbmRpbmcgdG8gcHJvdGVjdGVkIHJlc291cmNlIHJlcXVlc3RzIHVz
aW5nIGFjY2VzcyB0b2tlbnMuCiAgIGNsaWVudAogICAgICBBbiBhcHBsaWNhdGlvbiBtYWtpbmcg
cHJvdGVjdGVkIHJlc291cmNlIHJlcXVlc3RzIG9uIGJlaGFsZiBvZiB0aGUKICAgICAgcmVzb3Vy
Y2Ugb3duZXIgYW5kIHdpdGggaXRzIGF1dGhvcml6YXRpb24uICBUaGUgdGVybSBjbGllbnQgZG9l
cwogICAgICBub3QgaW1wbHkgYW55IHBhcnRpY3VsYXIgaW1wbGVtZW50YXRpb24gY2hhcmFjdGVy
aXN0aWNzIChlLmcuCiAgICAgIHdoZXRoZXIgdGhlIGFwcGxpY2F0aW9uIGV4ZWN1dGVzIG9uIGEg
c2VydmVyLCBhIGRlc2t0b3AsIG9yIG90aGVyCiAgICAgIGRldmljZXMpLgogICBhdXRob3JpemF0
aW9uIHNlcnZlcgogICAgICBUaGUgc2VydmVyIGlzc3VpbmcgYWNjZXNzIHRva2VucyB0byB0aGUg
Y2xpZW50IGFmdGVyIHN1Y2Nlc3NmdWxseQogICAgICBhdXRoZW50aWNhdGluZyB0aGUgcmVzb3Vy
Y2Ugb3duZXIgYW5kIG9idGFpbmluZyBhdXRob3JpemF0aW9uLgoKICAgVGhlIGludGVyYWN0aW9u
IGJldHdlZW4gdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGFuZCByZXNvdXJjZSBzZXJ2ZXIKICAg
aXMgYmV5b25kIHRoZSBzY29wZSBvZiB0aGlzIHNwZWNpZmljYXRpb24uICBUaGUgYXV0aG9yaXph
dGlvbiBzZXJ2ZXIKICAgbWF5IGJlIHRoZSBzYW1lIHNlcnZlciBhcyB0aGUgcmVzb3VyY2Ugc2Vy
dmVyIG9yIGEgc2VwYXJhdGUgZW50aXR5LgogICBBIHNpbmdsZSBhdXRob3JpemF0aW9uIHNlcnZl
ciBtYXkgaXNzdWUgYWNjZXNzIHRva2VucyBhY2NlcHRlZCBieQogICBtdWx0aXBsZSByZXNvdXJj
ZSBzZXJ2ZXJzLgoKCgoKCgoKCkhhbW1lciwgZXQgYWwuICAgICAgICAgIEV4cGlyZXMgRGVjZW1i
ZXIgMSwgMjAxMiAgICAgICAgICAgICAgICBbUGFnZSA2XQoMCkludGVybmV0LURyYWZ0ICAgICAg
ICAgICAgICAgICAgT0F1dGggMi4wICAgICAgICAgICAgICAgICAgICAgICBNYXkgMjAxMgoKCjEu
Mi4gIFByb3RvY29sIEZsb3cKCgogICAgICstLS0tLS0tLSsgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgKy0tLS0tLS0tLS0tLS0tLSsKICAgICB8ICAgICAgICB8LS0oQSktIEF1dGhvcml6
YXRpb24gUmVxdWVzdCAtPnwgICBSZXNvdXJjZSAgICB8CiAgICAgfCAgICAgICAgfCAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICB8ICAgICBPd25lciAgICAgfAogICAgIHwgICAgICAgIHw8
LShCKS0tIEF1dGhvcml6YXRpb24gR3JhbnQgLS0tfCAgICAgICAgICAgICAgIHwKICAgICB8ICAg
ICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICstLS0tLS0tLS0tLS0tLS0rCiAg
ICAgfCAgICAgICAgfAogICAgIHwgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgKy0tLS0tLS0tLS0tLS0tLSsKICAgICB8ICAgICAgICB8LS0oQyktLSBBdXRob3JpemF0aW9u
IEdyYW50IC0tPnwgQXV0aG9yaXphdGlvbiB8CiAgICAgfCBDbGllbnQgfCAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICB8ICAgICBTZXJ2ZXIgICAgfAogICAgIHwgICAgICAgIHw8LShEKS0t
LS0tIEFjY2VzcyBUb2tlbiAtLS0tLS0tfCAgICAgICAgICAgICAgIHwKICAgICB8ICAgICAgICB8
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICstLS0tLS0tLS0tLS0tLS0rCiAgICAgfCAg
ICAgICAgfAogICAgIHwgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKy0t
LS0tLS0tLS0tLS0tLSsKICAgICB8ICAgICAgICB8LS0oRSktLS0tLSBBY2Nlc3MgVG9rZW4gLS0t
LS0tPnwgICAgUmVzb3VyY2UgICB8CiAgICAgfCAgICAgICAgfCAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICB8ICAgICBTZXJ2ZXIgICAgfAogICAgIHwgICAgICAgIHw8LShGKS0tLSBQcm90
ZWN0ZWQgUmVzb3VyY2UgLS0tfCAgICAgICAgICAgICAgIHwKICAgICArLS0tLS0tLS0rICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICstLS0tLS0tLS0tLS0tLS0rCgoKICAgICAgICAgICAg
ICAgICAgICAgRmlndXJlIDE6IEFic3RyYWN0IFByb3RvY29sIEZsb3cKCiAgIFRoZSBhYnN0cmFj
dCBmbG93IGlsbHVzdHJhdGVkIGluIEZpZ3VyZSAxIGRlc2NyaWJlcyB0aGUgaW50ZXJhY3Rpb24K
ICAgYmV0d2VlbiB0aGUgZm91ciByb2xlcyBhbmQgaW5jbHVkZXMgdGhlIGZvbGxvd2luZyBzdGVw
czoKCiAgIChBKSAgVGhlIGNsaWVudCByZXF1ZXN0cyBhdXRob3JpemF0aW9uIGZyb20gdGhlIHJl
c291cmNlIG93bmVyLiAgVGhlCiAgICAgICAgYXV0aG9yaXphdGlvbiByZXF1ZXN0IGNhbiBiZSBt
YWRlIGRpcmVjdGx5IHRvIHRoZSByZXNvdXJjZSBvd25lcgogICAgICAgIChhcyBzaG93biksIG9y
IHByZWZlcmFibHkgaW5kaXJlY3RseSB2aWEgdGhlIGF1dGhvcml6YXRpb24KICAgICAgICBzZXJ2
ZXIgYXMgYW4gaW50ZXJtZWRpYXJ5LgogICAoQikgIFRoZSBjbGllbnQgcmVjZWl2ZXMgYW4gYXV0
aG9yaXphdGlvbiBncmFudCB3aGljaCBpcyBhIGNyZWRlbnRpYWwKICAgICAgICByZXByZXNlbnRp
bmcgdGhlIHJlc291cmNlIG93bmVyJ3MgYXV0aG9yaXphdGlvbiwgZXhwcmVzc2VkIHVzaW5nCiAg
ICAgICAgb25lIG9mIGZvdXIgZ3JhbnQgdHlwZXMgZGVmaW5lZCBpbiB0aGlzIHNwZWNpZmljYXRp
b24gb3IgdXNpbmcKICAgICAgICBhbiBleHRlbnNpb24gZ3JhbnQgdHlwZS4gIFRoZSBhdXRob3Jp
emF0aW9uIGdyYW50IHR5cGUgZGVwZW5kcwogICAgICAgIG9uIHRoZSBtZXRob2QgdXNlZCBieSB0
aGUgY2xpZW50IHRvIHJlcXVlc3QgYXV0aG9yaXphdGlvbiBhbmQKICAgICAgICB0aGUgdHlwZXMg
c3VwcG9ydGVkIGJ5IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4KICAgKEMpICBUaGUgY2xpZW50
IHJlcXVlc3RzIGFuIGFjY2VzcyB0b2tlbiBieSBhdXRoZW50aWNhdGluZyB3aXRoIHRoZQogICAg
ICAgIGF1dGhvcml6YXRpb24gc2VydmVyIGFuZCBwcmVzZW50aW5nIHRoZSBhdXRob3JpemF0aW9u
IGdyYW50LgogICAoRCkgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhdXRoZW50aWNhdGVzIHRo
ZSBjbGllbnQgYW5kIHZhbGlkYXRlcwogICAgICAgIHRoZSBhdXRob3JpemF0aW9uIGdyYW50LCBh
bmQgaWYgdmFsaWQgaXNzdWVzIGFuIGFjY2VzcyB0b2tlbi4KICAgKEUpICBUaGUgY2xpZW50IHJl
cXVlc3RzIHRoZSBwcm90ZWN0ZWQgcmVzb3VyY2UgZnJvbSB0aGUgcmVzb3VyY2UKICAgICAgICBz
ZXJ2ZXIgYW5kIGF1dGhlbnRpY2F0ZXMgYnkgcHJlc2VudGluZyB0aGUgYWNjZXNzIHRva2VuLgog
ICAoRikgIFRoZSByZXNvdXJjZSBzZXJ2ZXIgdmFsaWRhdGVzIHRoZSBhY2Nlc3MgdG9rZW4sIGFu
ZCBpZiB2YWxpZCwKICAgICAgICBzZXJ2ZXMgdGhlIHJlcXVlc3QuCgogICBUaGUgcHJlZmVycmVk
IG1ldGhvZCBmb3IgdGhlIGNsaWVudCB0byBvYnRhaW4gYW4gYXV0aG9yaXphdGlvbiBncmFudAog
ICBmcm9tIHRoZSByZXNvdXJjZSBvd25lciAoZGVwaWN0ZWQgaW4gc3RlcHMgKEEpIGFuZCAoQikp
IGlzIHRvIHVzZSB0aGUKCgoKSGFtbWVyLCBldCBhbC4gICAgICAgICAgRXhwaXJlcyBEZWNlbWJl
ciAxLCAyMDEyICAgICAgICAgICAgICAgIFtQYWdlIDddCgwKSW50ZXJuZXQtRHJhZnQgICAgICAg
ICAgICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAgICAgICAgIE1heSAyMDEyCgoKICAg
YXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXMgYW4gaW50ZXJtZWRpYXJ5IHdoaWNoIGlzIGlsbHVzdHJh
dGVkIGluCiAgIEZpZ3VyZSAzLgoKMS4zLiAgQXV0aG9yaXphdGlvbiBHcmFudAoKICAgQW4gYXV0
aG9yaXphdGlvbiBncmFudCBpcyBhIGNyZWRlbnRpYWwgcmVwcmVzZW50aW5nIHRoZSByZXNvdXJj
ZQogICBvd25lcidzIGF1dGhvcml6YXRpb24gKHRvIGFjY2VzcyBpdHMgcHJvdGVjdGVkIHJlc291
cmNlcykgdXNlZCBieSB0aGUKICAgY2xpZW50IHRvIG9idGFpbiBhbiBhY2Nlc3MgdG9rZW4uICBU
aGlzIHNwZWNpZmljYXRpb24gZGVmaW5lcyBmb3VyCiAgIGdyYW50IHR5cGVzOiBhdXRob3JpemF0
aW9uIGNvZGUsIGltcGxpY2l0LCByZXNvdXJjZSBvd25lciBwYXNzd29yZAogICBjcmVkZW50aWFs
cywgYW5kIGNsaWVudCBjcmVkZW50aWFscywgYXMgd2VsbCBhcyBhbiBleHRlbnNpYmlsaXR5CiAg
IG1lY2hhbmlzbSBmb3IgZGVmaW5pbmcgYWRkaXRpb25hbCB0eXBlcy4KCjEuMy4xLiAgQXV0aG9y
aXphdGlvbiBDb2RlCgogICBUaGUgYXV0aG9yaXphdGlvbiBjb2RlIGlzIG9idGFpbmVkIGJ5IHVz
aW5nIGFuIGF1dGhvcml6YXRpb24gc2VydmVyCiAgIGFzIGFuIGludGVybWVkaWFyeSBiZXR3ZWVu
IHRoZSBjbGllbnQgYW5kIHJlc291cmNlIG93bmVyLiAgSW5zdGVhZCBvZgogICByZXF1ZXN0aW5n
IGF1dGhvcml6YXRpb24gZGlyZWN0bHkgZnJvbSB0aGUgcmVzb3VyY2Ugb3duZXIsIHRoZSBjbGll
bnQKICAgZGlyZWN0cyB0aGUgcmVzb3VyY2Ugb3duZXIgdG8gYW4gYXV0aG9yaXphdGlvbiBzZXJ2
ZXIgKHZpYSBpdHMgdXNlci0KICAgYWdlbnQgYXMgZGVmaW5lZCBpbiBbUkZDMjYxNl0pLCB3aGlj
aCBpbiB0dXJuIGRpcmVjdHMgdGhlIHJlc291cmNlCiAgIG93bmVyIGJhY2sgdG8gdGhlIGNsaWVu
dCB3aXRoIHRoZSBhdXRob3JpemF0aW9uIGNvZGUuCgogICBCZWZvcmUgZGlyZWN0aW5nIHRoZSBy
ZXNvdXJjZSBvd25lciBiYWNrIHRvIHRoZSBjbGllbnQgd2l0aCB0aGUKICAgYXV0aG9yaXphdGlv
biBjb2RlLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXV0aGVudGljYXRlcyB0aGUKICAgcmVz
b3VyY2Ugb3duZXIgYW5kIG9idGFpbnMgYXV0aG9yaXphdGlvbi4gIEJlY2F1c2UgdGhlIHJlc291
cmNlIG93bmVyCiAgIG9ubHkgYXV0aGVudGljYXRlcyB3aXRoIHRoZSBhdXRob3JpemF0aW9uIHNl
cnZlciwgdGhlIHJlc291cmNlCiAgIG93bmVyJ3MgY3JlZGVudGlhbHMgYXJlIG5ldmVyIHNoYXJl
ZCB3aXRoIHRoZSBjbGllbnQuCgogICBUaGUgYXV0aG9yaXphdGlvbiBjb2RlIHByb3ZpZGVzIGEg
ZmV3IGltcG9ydGFudCBzZWN1cml0eSBiZW5lZml0cwogICBzdWNoIGFzIHRoZSBhYmlsaXR5IHRv
IGF1dGhlbnRpY2F0ZSB0aGUgY2xpZW50LCBhbmQgdGhlIHRyYW5zbWlzc2lvbgogICBvZiB0aGUg
YWNjZXNzIHRva2VuIGRpcmVjdGx5IHRvIHRoZSBjbGllbnQgd2l0aG91dCBwYXNzaW5nIGl0IHRo
cm91Z2gKICAgdGhlIHJlc291cmNlIG93bmVyJ3MgdXNlci1hZ2VudCwgcG90ZW50aWFsbHkgZXhw
b3NpbmcgaXQgdG8gb3RoZXJzLAogICBpbmNsdWRpbmcgdGhlIHJlc291cmNlIG93bmVyLgoKMS4z
LjIuICBJbXBsaWNpdAoKICAgVGhlIGltcGxpY2l0IGdyYW50IGlzIGEgc2ltcGxpZmllZCBhdXRo
b3JpemF0aW9uIGNvZGUgZmxvdyBvcHRpbWl6ZWQKICAgZm9yIGNsaWVudHMgaW1wbGVtZW50ZWQg
aW4gYSBicm93c2VyIHVzaW5nIGEgc2NyaXB0aW5nIGxhbmd1YWdlIHN1Y2gKICAgYXMgSmF2YVNj
cmlwdC4gIEluIHRoZSBpbXBsaWNpdCBmbG93LCBpbnN0ZWFkIG9mIGlzc3VpbmcgdGhlIGNsaWVu
dAogICBhbiBhdXRob3JpemF0aW9uIGNvZGUsIHRoZSBjbGllbnQgaXMgaXNzdWVkIGFuIGFjY2Vz
cyB0b2tlbiBkaXJlY3RseQogICAoYXMgdGhlIHJlc3VsdCBvZiB0aGUgcmVzb3VyY2Ugb3duZXIg
YXV0aG9yaXphdGlvbikuICBUaGUgZ3JhbnQgdHlwZQogICBpcyBpbXBsaWNpdCBhcyBubyBpbnRl
cm1lZGlhdGUgY3JlZGVudGlhbHMgKHN1Y2ggYXMgYW4gYXV0aG9yaXphdGlvbgogICBjb2RlKSBh
cmUgaXNzdWVkIChhbmQgbGF0ZXIgdXNlZCB0byBvYnRhaW4gYW4gYWNjZXNzIHRva2VuKS4KCiAg
IFdoZW4gaXNzdWluZyBhbiBhY2Nlc3MgdG9rZW4gZHVyaW5nIHRoZSBpbXBsaWNpdCBncmFudCBm
bG93LCB0aGUKICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgZG9lcyBub3QgYXV0aGVudGljYXRlIHRo
ZSBjbGllbnQuICBJbiBzb21lCiAgIGNhc2VzLCB0aGUgY2xpZW50IGlkZW50aXR5IGNhbiBiZSB2
ZXJpZmllZCB2aWEgdGhlIHJlZGlyZWN0aW9uIFVSSQogICB1c2VkIHRvIGRlbGl2ZXIgdGhlIGFj
Y2VzcyB0b2tlbiB0byB0aGUgY2xpZW50LiAgVGhlIGFjY2VzcyB0b2tlbiBtYXkKICAgYmUgZXhw
b3NlZCB0byB0aGUgcmVzb3VyY2Ugb3duZXIgb3Igb3RoZXIgYXBwbGljYXRpb25zIHdpdGggYWNj
ZXNzIHRvCgoKCkhhbW1lciwgZXQgYWwuICAgICAgICAgIEV4cGlyZXMgRGVjZW1iZXIgMSwgMjAx
MiAgICAgICAgICAgICAgICBbUGFnZSA4XQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAg
ICAgT0F1dGggMi4wICAgICAgICAgICAgICAgICAgICAgICBNYXkgMjAxMgoKCiAgIHRoZSByZXNv
dXJjZSBvd25lcidzIHVzZXItYWdlbnQuCgogICBJbXBsaWNpdCBncmFudHMgaW1wcm92ZSB0aGUg
cmVzcG9uc2l2ZW5lc3MgYW5kIGVmZmljaWVuY3kgb2Ygc29tZQogICBjbGllbnRzIChzdWNoIGFz
IGEgY2xpZW50IGltcGxlbWVudGVkIGFzIGFuIGluLWJyb3dzZXIgYXBwbGljYXRpb24pCiAgIHNp
bmNlIGl0IHJlZHVjZXMgdGhlIG51bWJlciBvZiByb3VuZCB0cmlwcyByZXF1aXJlZCB0byBvYnRh
aW4gYW4KICAgYWNjZXNzIHRva2VuLiAgSG93ZXZlciwgdGhpcyBjb252ZW5pZW5jZSBzaG91bGQg
YmUgd2VpZ2hlZCBhZ2FpbnN0CiAgIHRoZSBzZWN1cml0eSBpbXBsaWNhdGlvbnMgb2YgdXNpbmcg
aW1wbGljaXQgZ3JhbnRzLCBlc3BlY2lhbGx5IHdoZW4KICAgdGhlIGF1dGhvcml6YXRpb24gY29k
ZSBncmFudCB0eXBlIGlzIGF2YWlsYWJsZS4KCjEuMy4zLiAgUmVzb3VyY2UgT3duZXIgUGFzc3dv
cmQgQ3JlZGVudGlhbHMKCiAgIFRoZSByZXNvdXJjZSBvd25lciBwYXNzd29yZCBjcmVkZW50aWFs
cyAoaS5lLiB1c2VybmFtZSBhbmQgcGFzc3dvcmQpCiAgIGNhbiBiZSB1c2VkIGRpcmVjdGx5IGFz
IGFuIGF1dGhvcml6YXRpb24gZ3JhbnQgdG8gb2J0YWluIGFuIGFjY2VzcwogICB0b2tlbi4gIFRo
ZSBjcmVkZW50aWFscyBzaG91bGQgb25seSBiZSB1c2VkIHdoZW4gdGhlcmUgaXMgYSBoaWdoCiAg
IGRlZ3JlZSBvZiB0cnVzdCBiZXR3ZWVuIHRoZSByZXNvdXJjZSBvd25lciBhbmQgdGhlIGNsaWVu
dCAoZS5nLiB0aGUKICAgY2xpZW50IGlzIHBhcnQgb2YgdGhlIGRldmljZSBvcGVyYXRpbmcgc3lz
dGVtIG9yIGEgaGlnaGx5IHByaXZpbGVnZWQKICAgYXBwbGljYXRpb24pLCBhbmQgd2hlbiBvdGhl
ciBhdXRob3JpemF0aW9uIGdyYW50IHR5cGVzIGFyZSBub3QKICAgYXZhaWxhYmxlIChzdWNoIGFz
IGFuIGF1dGhvcml6YXRpb24gY29kZSkuCgogICBFdmVuIHRob3VnaCB0aGlzIGdyYW50IHR5cGUg
cmVxdWlyZXMgZGlyZWN0IGNsaWVudCBhY2Nlc3MgdG8gdGhlCiAgIHJlc291cmNlIG93bmVyIGNy
ZWRlbnRpYWxzLCB0aGUgcmVzb3VyY2Ugb3duZXIgY3JlZGVudGlhbHMgYXJlIHVzZWQKICAgZm9y
IGEgc2luZ2xlIHJlcXVlc3QgYW5kIGFyZSBleGNoYW5nZWQgZm9yIGFuIGFjY2VzcyB0b2tlbi4g
IFRoaXMKICAgZ3JhbnQgdHlwZSBjYW4gZWxpbWluYXRlIHRoZSBuZWVkIGZvciB0aGUgY2xpZW50
IHRvIHN0b3JlIHRoZQogICByZXNvdXJjZSBvd25lciBjcmVkZW50aWFscyBmb3IgZnV0dXJlIHVz
ZSwgYnkgZXhjaGFuZ2luZyB0aGUKICAgY3JlZGVudGlhbHMgd2l0aCBhIGxvbmctbGl2ZWQgYWNj
ZXNzIHRva2VuIG9yIHJlZnJlc2ggdG9rZW4uCgoxLjMuNC4gIENsaWVudCBDcmVkZW50aWFscwoK
ICAgVGhlIGNsaWVudCBjcmVkZW50aWFscyAob3Igb3RoZXIgZm9ybXMgb2YgY2xpZW50IGF1dGhl
bnRpY2F0aW9uKSBjYW4KICAgYmUgdXNlZCBhcyBhbiBhdXRob3JpemF0aW9uIGdyYW50IHdoZW4g
dGhlIGF1dGhvcml6YXRpb24gc2NvcGUgaXMKICAgbGltaXRlZCB0byB0aGUgcHJvdGVjdGVkIHJl
c291cmNlcyB1bmRlciB0aGUgY29udHJvbCBvZiB0aGUgY2xpZW50LAogICBvciB0byBwcm90ZWN0
ZWQgcmVzb3VyY2VzIHByZXZpb3VzbHkgYXJyYW5nZWQgd2l0aCB0aGUgYXV0aG9yaXphdGlvbgog
ICBzZXJ2ZXIuICBDbGllbnQgY3JlZGVudGlhbHMgYXJlIHVzZWQgYXMgYW4gYXV0aG9yaXphdGlv
biBncmFudAogICB0eXBpY2FsbHkgd2hlbiB0aGUgY2xpZW50IGlzIGFjdGluZyBvbiBpdHMgb3du
IGJlaGFsZiAodGhlIGNsaWVudCBpcwogICBhbHNvIHRoZSByZXNvdXJjZSBvd25lciksIG9yIGlz
IHJlcXVlc3RpbmcgYWNjZXNzIHRvIHByb3RlY3RlZAogICByZXNvdXJjZXMgYmFzZWQgb24gYW4g
YXV0aG9yaXphdGlvbiBwcmV2aW91c2x5IGFycmFuZ2VkIHdpdGggdGhlCiAgIGF1dGhvcml6YXRp
b24gc2VydmVyLgoKMS40LiAgQWNjZXNzIFRva2VuCgogICBBY2Nlc3MgdG9rZW5zIGFyZSBjcmVk
ZW50aWFscyB1c2VkIHRvIGFjY2VzcyBwcm90ZWN0ZWQgcmVzb3VyY2VzLiAgQW4KICAgYWNjZXNz
IHRva2VuIGlzIGEgc3RyaW5nIHJlcHJlc2VudGluZyBhbiBhdXRob3JpemF0aW9uIGlzc3VlZCB0
byB0aGUKICAgY2xpZW50LiAgVGhlIHN0cmluZyBpcyB1c3VhbGx5IG9wYXF1ZSB0byB0aGUgY2xp
ZW50LiAgVG9rZW5zCiAgIHJlcHJlc2VudCBzcGVjaWZpYyBzY29wZXMgYW5kIGR1cmF0aW9ucyBv
ZiBhY2Nlc3MsIGdyYW50ZWQgYnkgdGhlCiAgIHJlc291cmNlIG93bmVyLCBhbmQgZW5mb3JjZWQg
YnkgdGhlIHJlc291cmNlIHNlcnZlciBhbmQgYXV0aG9yaXphdGlvbgogICBzZXJ2ZXIuCgogICBU
aGUgdG9rZW4gbWF5IGRlbm90ZSBhbiBpZGVudGlmaWVyIHVzZWQgdG8gcmV0cmlldmUgdGhlIGF1
dGhvcml6YXRpb24KCgoKSGFtbWVyLCBldCBhbC4gICAgICAgICAgRXhwaXJlcyBEZWNlbWJlciAx
LCAyMDEyICAgICAgICAgICAgICAgIFtQYWdlIDldCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAg
ICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAgICAgICAgIE1heSAyMDEyCgoKICAgaW5m
b3JtYXRpb24sIG9yIHNlbGYtY29udGFpbiB0aGUgYXV0aG9yaXphdGlvbiBpbmZvcm1hdGlvbiBp
biBhCiAgIHZlcmlmaWFibGUgbWFubmVyIChpLmUuIGEgdG9rZW4gc3RyaW5nIGNvbnNpc3Rpbmcg
b2Ygc29tZSBkYXRhIGFuZCBhCiAgIHNpZ25hdHVyZSkuICBBZGRpdGlvbmFsIGF1dGhlbnRpY2F0
aW9uIGNyZWRlbnRpYWxzLCB3aGljaCBhcmUgYmV5b25kCiAgIHRoZSBzY29wZSBvZiB0aGlzIHNw
ZWNpZmljYXRpb24sIG1heSBiZSByZXF1aXJlZCBpbiBvcmRlciBmb3IgdGhlCiAgIGNsaWVudCB0
byB1c2UgYSB0b2tlbi4KCiAgIFRoZSBhY2Nlc3MgdG9rZW4gcHJvdmlkZXMgYW4gYWJzdHJhY3Rp
b24gbGF5ZXIsIHJlcGxhY2luZyBkaWZmZXJlbnQKICAgYXV0aG9yaXphdGlvbiBjb25zdHJ1Y3Rz
IChlLmcuIHVzZXJuYW1lIGFuZCBwYXNzd29yZCkgd2l0aCBhIHNpbmdsZQogICB0b2tlbiB1bmRl
cnN0b29kIGJ5IHRoZSByZXNvdXJjZSBzZXJ2ZXIuICBUaGlzIGFic3RyYWN0aW9uIGVuYWJsZXMK
ICAgaXNzdWluZyBhY2Nlc3MgdG9rZW5zIG1vcmUgcmVzdHJpY3RpdmUgdGhhbiB0aGUgYXV0aG9y
aXphdGlvbiBncmFudAogICB1c2VkIHRvIG9idGFpbiB0aGVtLCBhcyB3ZWxsIGFzIHJlbW92aW5n
IHRoZSByZXNvdXJjZSBzZXJ2ZXIncyBuZWVkCiAgIHRvIHVuZGVyc3RhbmQgYSB3aWRlIHJhbmdl
IG9mIGF1dGhlbnRpY2F0aW9uIG1ldGhvZHMuCgogICBBY2Nlc3MgdG9rZW5zIGNhbiBoYXZlIGRp
ZmZlcmVudCBmb3JtYXRzLCBzdHJ1Y3R1cmVzLCBhbmQgbWV0aG9kcyBvZgogICB1dGlsaXphdGlv
biAoZS5nLiBjcnlwdG9ncmFwaGljIHByb3BlcnRpZXMpIGJhc2VkIG9uIHRoZSByZXNvdXJjZQog
ICBzZXJ2ZXIgc2VjdXJpdHkgcmVxdWlyZW1lbnRzLiAgQWNjZXNzIHRva2VuIGF0dHJpYnV0ZXMg
YW5kIHRoZQogICBtZXRob2RzIHVzZWQgdG8gYWNjZXNzIHByb3RlY3RlZCByZXNvdXJjZXMgYXJl
IGJleW9uZCB0aGUgc2NvcGUgb2YKICAgdGhpcyBzcGVjaWZpY2F0aW9uIGFuZCBhcmUgZGVmaW5l
ZCBieSBjb21wYW5pb24gc3BlY2lmaWNhdGlvbnMuCgoxLjUuICBSZWZyZXNoIFRva2VuCgogICBS
ZWZyZXNoIHRva2VucyBhcmUgY3JlZGVudGlhbHMgdXNlZCB0byBvYnRhaW4gYWNjZXNzIHRva2Vu
cy4gIFJlZnJlc2gKICAgdG9rZW5zIGFyZSBpc3N1ZWQgdG8gdGhlIGNsaWVudCBieSB0aGUgYXV0
aG9yaXphdGlvbiBzZXJ2ZXIgYW5kIGFyZQogICB1c2VkIHRvIG9idGFpbiBhIG5ldyBhY2Nlc3Mg
dG9rZW4gd2hlbiB0aGUgY3VycmVudCBhY2Nlc3MgdG9rZW4KICAgYmVjb21lcyBpbnZhbGlkIG9y
IGV4cGlyZXMsIG9yIHRvIG9idGFpbiBhZGRpdGlvbmFsIGFjY2VzcyB0b2tlbnMKICAgd2l0aCBp
ZGVudGljYWwgb3IgbmFycm93ZXIgc2NvcGUgKGFjY2VzcyB0b2tlbnMgbWF5IGhhdmUgYSBzaG9y
dGVyCiAgIGxpZmV0aW1lIGFuZCBmZXdlciBwZXJtaXNzaW9ucyB0aGFuIGF1dGhvcml6ZWQgYnkg
dGhlIHJlc291cmNlCiAgIG93bmVyKS4gIElzc3VpbmcgYSByZWZyZXNoIHRva2VuIGlzIG9wdGlv
bmFsIGF0IHRoZSBkaXNjcmV0aW9uIG9mIHRoZQogICBhdXRob3JpemF0aW9uIHNlcnZlci4gIElm
IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBpc3N1ZXMgYSByZWZyZXNoCiAgIHRva2VuLCBpdCBp
cyBpbmNsdWRlZCB3aGVuIGlzc3VpbmcgYW4gYWNjZXNzIHRva2VuIChpLmUuIHN0ZXAgKEQpIGlu
CiAgIEZpZ3VyZSAxKS4KCiAgIEEgcmVmcmVzaCB0b2tlbiBpcyBhIHN0cmluZyByZXByZXNlbnRp
bmcgdGhlIGF1dGhvcml6YXRpb24gZ3JhbnRlZCB0bwogICB0aGUgY2xpZW50IGJ5IHRoZSByZXNv
dXJjZSBvd25lci4gIFRoZSBzdHJpbmcgaXMgdXN1YWxseSBvcGFxdWUgdG8KICAgdGhlIGNsaWVu
dC4gIFRoZSB0b2tlbiBkZW5vdGVzIGFuIGlkZW50aWZpZXIgdXNlZCB0byByZXRyaWV2ZSB0aGUK
ICAgYXV0aG9yaXphdGlvbiBpbmZvcm1hdGlvbi4gIFVubGlrZSBhY2Nlc3MgdG9rZW5zLCByZWZy
ZXNoIHRva2VucyBhcmUKICAgaW50ZW5kZWQgZm9yIHVzZSBvbmx5IHdpdGggYXV0aG9yaXphdGlv
biBzZXJ2ZXJzIGFuZCBhcmUgbmV2ZXIgc2VudAogICB0byByZXNvdXJjZSBzZXJ2ZXJzLgoKCgoK
CgoKCgoKCgoKSGFtbWVyLCBldCBhbC4gICAgICAgICAgRXhwaXJlcyBEZWNlbWJlciAxLCAyMDEy
ICAgICAgICAgICAgICAgW1BhZ2UgMTBdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAg
ICBPQXV0aCAyLjAgICAgICAgICAgICAgICAgICAgICAgIE1heSAyMDEyCgoKICArLS0tLS0tLS0r
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICstLS0tLS0tLS0tLS0t
LS0rCiAgfCAgICAgICAgfC0tKEEpLS0tLS0tLSBBdXRob3JpemF0aW9uIEdyYW50IC0tLS0tLS0t
LT58ICAgICAgICAgICAgICAgfAogIHwgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgfCAgICAgICAgICAgICAgIHwKICB8ICAgICAgICB8PC0oQiktLS0t
LS0tLS0tLSBBY2Nlc3MgVG9rZW4gLS0tLS0tLS0tLS0tLXwgICAgICAgICAgICAgICB8CiAgfCAg
ICAgICAgfCAgICAgICAgICAgICAgICYgUmVmcmVzaCBUb2tlbiAgICAgICAgICAgICB8ICAgICAg
ICAgICAgICAgfAogIHwgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgfCAgICAgICAgICAgICAgIHwKICB8ICAgICAgICB8ICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICstLS0tLS0tLS0tKyAgIHwgICAgICAgICAgICAgICB8CiAgfCAgICAgICAgfC0t
KEMpLS0tLSBBY2Nlc3MgVG9rZW4gLS0tLT58ICAgICAgICAgIHwgICB8ICAgICAgICAgICAgICAg
fAogIHwgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgICAgICAgICB8ICAg
fCAgICAgICAgICAgICAgIHwKICB8ICAgICAgICB8PC0oRCktIFByb3RlY3RlZCBSZXNvdXJjZSAt
LXwgUmVzb3VyY2UgfCAgIHwgQXV0aG9yaXphdGlvbiB8CiAgfCBDbGllbnQgfCAgICAgICAgICAg
ICAgICAgICAgICAgICAgICB8ICBTZXJ2ZXIgIHwgICB8ICAgICBTZXJ2ZXIgICAgfAogIHwgICAg
ICAgIHwtLShFKS0tLS0gQWNjZXNzIFRva2VuIC0tLS0+fCAgICAgICAgICB8ICAgfCAgICAgICAg
ICAgICAgIHwKICB8ICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgICAg
ICAgfCAgIHwgICAgICAgICAgICAgICB8CiAgfCAgICAgICAgfDwtKEYpLSBJbnZhbGlkIFRva2Vu
IEVycm9yIC18ICAgICAgICAgIHwgICB8ICAgICAgICAgICAgICAgfAogIHwgICAgICAgIHwgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgKy0tLS0tLS0tLS0rICAgfCAgICAgICAgICAgICAgIHwK
ICB8ICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwg
ICAgICAgICAgICAgICB8CiAgfCAgICAgICAgfC0tKEcpLS0tLS0tLS0tLS0gUmVmcmVzaCBUb2tl
biAtLS0tLS0tLS0tLT58ICAgICAgICAgICAgICAgfAogIHwgICAgICAgIHwgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgICAgICAgICAgICAgIHwKICB8ICAgICAg
ICB8PC0oSCktLS0tLS0tLS0tLSBBY2Nlc3MgVG9rZW4gLS0tLS0tLS0tLS0tLXwgICAgICAgICAg
ICAgICB8CiAgKy0tLS0tLS0tKyAgICAgICAgICAgJiBPcHRpb25hbCBSZWZyZXNoIFRva2VuICAg
ICAgICArLS0tLS0tLS0tLS0tLS0tKwoKCiAgICAgICAgICAgICAgIEZpZ3VyZSAyOiBSZWZyZXNo
aW5nIGFuIEV4cGlyZWQgQWNjZXNzIFRva2VuCgogICBUaGUgZmxvdyBpbGx1c3RyYXRlZCBpbiBG
aWd1cmUgMiBpbmNsdWRlcyB0aGUgZm9sbG93aW5nIHN0ZXBzOgoKICAgKEEpICBUaGUgY2xpZW50
IHJlcXVlc3RzIGFuIGFjY2VzcyB0b2tlbiBieSBhdXRoZW50aWNhdGluZyB3aXRoIHRoZQogICAg
ICAgIGF1dGhvcml6YXRpb24gc2VydmVyLCBhbmQgcHJlc2VudGluZyBhbiBhdXRob3JpemF0aW9u
IGdyYW50LgogICAoQikgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhdXRoZW50aWNhdGVzIHRo
ZSBjbGllbnQgYW5kIHZhbGlkYXRlcwogICAgICAgIHRoZSBhdXRob3JpemF0aW9uIGdyYW50LCBh
bmQgaWYgdmFsaWQgaXNzdWVzIGFuIGFjY2VzcyB0b2tlbiBhbmQKICAgICAgICBhIHJlZnJlc2gg
dG9rZW4uCiAgIChDKSAgVGhlIGNsaWVudCBtYWtlcyBhIHByb3RlY3RlZCByZXNvdXJjZSByZXF1
ZXN0IHRvIHRoZSByZXNvdXJjZQogICAgICAgIHNlcnZlciBieSBwcmVzZW50aW5nIHRoZSBhY2Nl
c3MgdG9rZW4uCiAgIChEKSAgVGhlIHJlc291cmNlIHNlcnZlciB2YWxpZGF0ZXMgdGhlIGFjY2Vz
cyB0b2tlbiwgYW5kIGlmIHZhbGlkLAogICAgICAgIHNlcnZlcyB0aGUgcmVxdWVzdC4KICAgKEUp
ICBTdGVwcyAoQykgYW5kIChEKSByZXBlYXQgdW50aWwgdGhlIGFjY2VzcyB0b2tlbiBleHBpcmVz
LiAgSWYgdGhlCiAgICAgICAgY2xpZW50IGtub3dzIHRoZSBhY2Nlc3MgdG9rZW4gZXhwaXJlZCwg
aXQgc2tpcHMgdG8gc3RlcCAoRyksCiAgICAgICAgb3RoZXJ3aXNlIGl0IG1ha2VzIGFub3RoZXIg
cHJvdGVjdGVkIHJlc291cmNlIHJlcXVlc3QuCiAgIChGKSAgU2luY2UgdGhlIGFjY2VzcyB0b2tl
biBpcyBpbnZhbGlkLCB0aGUgcmVzb3VyY2Ugc2VydmVyIHJldHVybnMKICAgICAgICBhbiBpbnZh
bGlkIHRva2VuIGVycm9yLgogICAoRykgIFRoZSBjbGllbnQgcmVxdWVzdHMgYSBuZXcgYWNjZXNz
IHRva2VuIGJ5IGF1dGhlbnRpY2F0aW5nIHdpdGgKICAgICAgICB0aGUgYXV0aG9yaXphdGlvbiBz
ZXJ2ZXIgYW5kIHByZXNlbnRpbmcgdGhlIHJlZnJlc2ggdG9rZW4uICBUaGUKICAgICAgICBjbGll
bnQgYXV0aGVudGljYXRpb24gcmVxdWlyZW1lbnRzIGFyZSBiYXNlZCBvbiB0aGUgY2xpZW50IHR5
cGUKICAgICAgICBhbmQgb24gdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHBvbGljaWVzLgoKCgoK
CgoKSGFtbWVyLCBldCBhbC4gICAgICAgICAgRXhwaXJlcyBEZWNlbWJlciAxLCAyMDEyICAgICAg
ICAgICAgICAgW1BhZ2UgMTFdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBPQXV0
aCAyLjAgICAgICAgICAgICAgICAgICAgICAgIE1heSAyMDEyCgoKICAgKEgpICBUaGUgYXV0aG9y
aXphdGlvbiBzZXJ2ZXIgYXV0aGVudGljYXRlcyB0aGUgY2xpZW50IGFuZCB2YWxpZGF0ZXMKICAg
ICAgICB0aGUgcmVmcmVzaCB0b2tlbiwgYW5kIGlmIHZhbGlkIGlzc3VlcyBhIG5ldyBhY2Nlc3Mg
dG9rZW4gKGFuZAogICAgICAgIG9wdGlvbmFsbHksIGEgbmV3IHJlZnJlc2ggdG9rZW4pLgoKICAg
U3RlcHMgQywgRCwgRSwgYW5kIEYgYXJlIG91dHNpZGUgdGhlIHNjb3BlIG9mIHRoaXMgc3BlY2lm
aWNhdGlvbiBhcwogICBkZXNjcmliZWQgaW4gU2VjdGlvbiA3LgoKMS42LiAgVExTIFZlcnNpb24K
CiAgIFdoZW5ldmVyIFRMUyBpcyB1c2VkIGJ5IHRoaXMgc3BlY2lmaWNhdGlvbiwgdGhlIGFwcHJv
cHJpYXRlIHZlcnNpb24KICAgKG9yIHZlcnNpb25zKSBvZiBUTFMgd2lsbCB2YXJ5IG92ZXIgdGlt
ZSwgYmFzZWQgb24gdGhlIHdpZGVzcHJlYWQKICAgZGVwbG95bWVudCBhbmQga25vd24gc2VjdXJp
dHkgdnVsbmVyYWJpbGl0aWVzLiAgQXQgdGhlIHRpbWUgb2YgdGhpcwogICB3cml0aW5nLCBUTFMg
dmVyc2lvbiAxLjIgW1JGQzUyNDZdIGlzIHRoZSBtb3N0IHJlY2VudCB2ZXJzaW9uLCBidXQKICAg
aGFzIGEgdmVyeSBsaW1pdGVkIGRlcGxveW1lbnQgYmFzZSBhbmQgbWlnaHQgbm90IGJlIHJlYWRp
bHkgYXZhaWxhYmxlCiAgIGZvciBpbXBsZW1lbnRhdGlvbi4gIFRMUyB2ZXJzaW9uIDEuMCBbUkZD
MjI0Nl0gaXMgdGhlIG1vc3Qgd2lkZWx5CiAgIGRlcGxveWVkIHZlcnNpb24sIGFuZCB3aWxsIHBy
b3ZpZGUgdGhlIGJyb2FkZXN0IGludGVyb3BlcmFiaWxpdHkuCgogICBJbXBsZW1lbnRhdGlvbnMg
TUFZIGFsc28gc3VwcG9ydCBhZGRpdGlvbmFsIHRyYW5zcG9ydC1sYXllciBzZWN1cml0eQogICBt
ZWNoYW5pc21zIHRoYXQgbWVldCB0aGVpciBzZWN1cml0eSByZXF1aXJlbWVudHMuCgoxLjcuICBI
VFRQIFJlZGlyZWN0aW9ucwoKICAgVGhpcyBzcGVjaWZpY2F0aW9uIG1ha2VzIGV4dGVuc2l2ZSB1
c2Ugb2YgSFRUUCByZWRpcmVjdGlvbnMsIGluIHdoaWNoCiAgIHRoZSBjbGllbnQgb3IgdGhlIGF1
dGhvcml6YXRpb24gc2VydmVyIGRpcmVjdCB0aGUgcmVzb3VyY2Ugb3duZXIncwogICB1c2VyLWFn
ZW50IHRvIGFub3RoZXIgZGVzdGluYXRpb24uICBXaGlsZSB0aGUgZXhhbXBsZXMgaW4gdGhpcwog
ICBzcGVjaWZpY2F0aW9uIHNob3cgdGhlIHVzZSBvZiB0aGUgSFRUUCAzMDIgc3RhdHVzIGNvZGUs
IGFueSBvdGhlcgogICBtZXRob2QgYXZhaWxhYmxlIHZpYSB0aGUgdXNlci1hZ2VudCB0byBhY2Nv
bXBsaXNoIHRoaXMgcmVkaXJlY3Rpb24gaXMKICAgYWxsb3dlZCBhbmQgaXMgY29uc2lkZXJlZCB0
byBiZSBhbiBpbXBsZW1lbnRhdGlvbiBkZXRhaWwuCgoxLjguICBJbnRlcm9wZXJhYmlsaXR5Cgog
ICBPQXV0aCAyLjAgcHJvdmlkZXMgYSByaWNoIGF1dGhvcml6YXRpb24gZnJhbWV3b3JrIHdpdGgg
d2VsbC1kZWZpbmVkCiAgIHNlY3VyaXR5IHByb3BlcnRpZXMuICBIb3dldmVyLCBhcyBhIHJpY2gg
YW5kIGhpZ2hseSBleHRlbnNpYmxlCiAgIGZyYW1ld29yayB3aXRoIG1hbnkgb3B0aW9uYWwgY29t
cG9uZW50cywgb24gaXRzIG93biwgdGhpcwogICBzcGVjaWZpY2F0aW9uIGlzIGxpa2VseSB0byBw
cm9kdWNlIGEgd2lkZSByYW5nZSBvZiBub24taW50ZXJvcGVyYWJsZQogICBpbXBsZW1lbnRhdGlv
bnMuCgogICBJbiBhZGRpdGlvbiwgdGhpcyBzcGVjaWZpY2F0aW9uIGxlYXZlcyBhIGZldyByZXF1
aXJlZCBjb21wb25lbnRzCiAgIHBhcnRpYWxseSBvciBmdWxseSB1bmRlZmluZWQgKGUuZy4gY2xp
ZW50IHJlZ2lzdHJhdGlvbiwgYXV0aG9yaXphdGlvbgogICBzZXJ2ZXIgY2FwYWJpbGl0aWVzLCBl
bmRwb2ludCBkaXNjb3ZlcnkpLiAgV2l0aG91dCB0aGVzZSBjb21wb25lbnRzLAogICBjbGllbnRz
IG11c3QgYmUgbWFudWFsbHkgYW5kIHNwZWNpZmljYWxseSBjb25maWd1cmVkIGFnYWluc3QgYQog
ICBzcGVjaWZpYyBhdXRob3JpemF0aW9uIHNlcnZlciBhbmQgcmVzb3VyY2Ugc2VydmVyIGluIG9y
ZGVyIHRvCiAgIGludGVyb3BlcmF0ZS4KCiAgIFRoaXMgZnJhbWV3b3JrIHdhcyBkZXNpZ25lZCB3
aXRoIHRoZSBjbGVhciBleHBlY3RhdGlvbiB0aGF0IGZ1dHVyZQogICB3b3JrIHdpbGwgZGVmaW5l
IHByZXNjcmlwdGl2ZSBwcm9maWxlcyBhbmQgZXh0ZW5zaW9ucyBuZWNlc3NhcnkgdG8KICAgYWNo
aWV2ZSBmdWxsIHdlYi1zY2FsZSBpbnRlcm9wZXJhYmlsaXR5LgoKCgoKSGFtbWVyLCBldCBhbC4g
ICAgICAgICAgRXhwaXJlcyBEZWNlbWJlciAxLCAyMDEyICAgICAgICAgICAgICAgW1BhZ2UgMTJd
CgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAg
ICAgICAgICAgIE1heSAyMDEyCgoKMS45LiAgTm90YXRpb25hbCBDb252ZW50aW9ucwoKICAgVGhl
IGtleSB3b3JkcyAiTVVTVCIsICJNVVNUIE5PVCIsICJSRVFVSVJFRCIsICJTSEFMTCIsICJTSEFM
TCBOT1QiLAogICAiU0hPVUxEIiwgIlNIT1VMRCBOT1QiLCAiUkVDT01NRU5ERUQiLCAiTUFZIiwg
YW5kICJPUFRJT05BTCIgaW4gdGhpcwogICBzcGVjaWZpY2F0aW9uIGFyZSB0byBiZSBpbnRlcnBy
ZXRlZCBhcyBkZXNjcmliZWQgaW4gW1JGQzIxMTldLgoKICAgVGhpcyBzcGVjaWZpY2F0aW9uIHVz
ZXMgdGhlIEF1Z21lbnRlZCBCYWNrdXMtTmF1ciBGb3JtIChBQk5GKQogICBub3RhdGlvbiBvZiBb
UkZDNTIzNF0uICBBZGRpdGlvbmFsbHksIHRoZSBydWxlIFVSSS1SZWZlcmVuY2UgaXMKICAgaW5j
bHVkZWQgZnJvbSBVbmlmb3JtIFJlc291cmNlIElkZW50aWZpZXIgKFVSSSkgW1JGQzM5ODZdLgoK
ICAgQ2VydGFpbiBzZWN1cml0eS1yZWxhdGVkIHRlcm1zIGFyZSB0byBiZSB1bmRlcnN0b29kIGlu
IHRoZSBzZW5zZQogICBkZWZpbmVkIGluIFtSRkM0OTQ5XS4gIFRoZXNlIHRlcm1zIGluY2x1ZGUs
IGJ1dCBhcmUgbm90IGxpbWl0ZWQgdG8sCiAgICJhdHRhY2siLCAiYXV0aGVudGljYXRpb24iLCAi
YXV0aG9yaXphdGlvbiIsICJjZXJ0aWZpY2F0ZSIsCiAgICJjb25maWRlbnRpYWxpdHkiLCAiY3Jl
ZGVudGlhbCIsICJlbmNyeXB0aW9uIiwgImlkZW50aXR5IiwgInNpZ24iLAogICAic2lnbmF0dXJl
IiwgInRydXN0IiwgInZhbGlkYXRlIiwgYW5kICJ2ZXJpZnkiLgoKICAgVW5sZXNzIG90aGVyd2lz
ZSBub3RlZCwgYWxsIHRoZSBwcm90b2NvbCBwYXJhbWV0ZXIgbmFtZXMgYW5kIHZhbHVlcwogICBh
cmUgY2FzZSBzZW5zaXRpdmUuCgoKMi4gIENsaWVudCBSZWdpc3RyYXRpb24KCiAgIEJlZm9yZSBp
bml0aWF0aW5nIHRoZSBwcm90b2NvbCwgdGhlIGNsaWVudCByZWdpc3RlcnMgd2l0aCB0aGUKICAg
YXV0aG9yaXphdGlvbiBzZXJ2ZXIuICBUaGUgbWVhbnMgdGhyb3VnaCB3aGljaCB0aGUgY2xpZW50
IHJlZ2lzdGVycwogICB3aXRoIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhcmUgYmV5b25kIHRo
ZSBzY29wZSBvZiB0aGlzCiAgIHNwZWNpZmljYXRpb24sIGJ1dCB0eXBpY2FsbHkgaW52b2x2ZSBl
bmQtdXNlciBpbnRlcmFjdGlvbiB3aXRoIGFuCiAgIEhUTUwgcmVnaXN0cmF0aW9uIGZvcm0uCgog
ICBDbGllbnQgcmVnaXN0cmF0aW9uIGRvZXMgbm90IHJlcXVpcmUgYSBkaXJlY3QgaW50ZXJhY3Rp
b24gYmV0d2VlbiB0aGUKICAgY2xpZW50IGFuZCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuICBX
aGVuIHN1cHBvcnRlZCBieSB0aGUKICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIsIHJlZ2lzdHJhdGlv
biBjYW4gcmVseSBvbiBvdGhlciBtZWFucyBmb3IKICAgZXN0YWJsaXNoaW5nIHRydXN0IGFuZCBv
YnRhaW5pbmcgdGhlIHJlcXVpcmVkIGNsaWVudCBwcm9wZXJ0aWVzIChlLmcuCiAgIHJlZGlyZWN0
aW9uIFVSSSwgY2xpZW50IHR5cGUpLiAgRm9yIGV4YW1wbGUsIHJlZ2lzdHJhdGlvbiBjYW4gYmUK
ICAgYWNjb21wbGlzaGVkIHVzaW5nIGEgc2VsZi1pc3N1ZWQgb3IgdGhpcmQtcGFydHktaXNzdWVk
IGFzc2VydGlvbiwgb3IKICAgYnkgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHBlcmZvcm1pbmcg
Y2xpZW50IGRpc2NvdmVyeSB1c2luZyBhCiAgIHRydXN0ZWQgY2hhbm5lbC4KCiAgIFdoZW4gcmVn
aXN0ZXJpbmcgYSBjbGllbnQsIHRoZSBjbGllbnQgZGV2ZWxvcGVyIFNIQUxMOgoKICAgbyAgc3Bl
Y2lmaWVzIHRoZSBjbGllbnQgdHlwZSBhcyBkZXNjcmliZWQgaW4gU2VjdGlvbiAyLjEsCiAgIG8g
IHByb3ZpZGVzIGl0cyBjbGllbnQgcmVkaXJlY3Rpb24gVVJJcyBhcyBkZXNjcmliZWQgaW4KICAg
ICAgU2VjdGlvbiAzLjEuMiwgYW5kCiAgIG8gIGluY2x1ZGVzIGFueSBvdGhlciBpbmZvcm1hdGlv
biByZXF1aXJlZCBieSB0aGUgYXV0aG9yaXphdGlvbgogICAgICBzZXJ2ZXIgKGUuZy4gYXBwbGlj
YXRpb24gbmFtZSwgd2Vic2l0ZSwgZGVzY3JpcHRpb24sIGxvZ28gaW1hZ2UsCiAgICAgIHRoZSBh
Y2NlcHRhbmNlIG9mIGxlZ2FsIHRlcm1zKS4KCgoKCgoKSGFtbWVyLCBldCBhbC4gICAgICAgICAg
RXhwaXJlcyBEZWNlbWJlciAxLCAyMDEyICAgICAgICAgICAgICAgW1BhZ2UgMTNdCgwKSW50ZXJu
ZXQtRHJhZnQgICAgICAgICAgICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAgICAgICAg
IE1heSAyMDEyCgoKMi4xLiAgQ2xpZW50IFR5cGVzCgogICBPQXV0aCBkZWZpbmVzIHR3byBjbGll
bnQgdHlwZXMsIGJhc2VkIG9uIHRoZWlyIGFiaWxpdHkgdG8KICAgYXV0aGVudGljYXRlIHNlY3Vy
ZWx5IHdpdGggdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIChpLmUuIGFiaWxpdHkgdG8KICAgbWFp
bnRhaW4gdGhlIGNvbmZpZGVudGlhbGl0eSBvZiB0aGVpciBjbGllbnQgY3JlZGVudGlhbHMpOgoK
ICAgY29uZmlkZW50aWFsCiAgICAgIENsaWVudHMgY2FwYWJsZSBvZiBtYWludGFpbmluZyB0aGUg
Y29uZmlkZW50aWFsaXR5IG9mIHRoZWlyCiAgICAgIGNyZWRlbnRpYWxzIChlLmcuIGNsaWVudCBp
bXBsZW1lbnRlZCBvbiBhIHNlY3VyZSBzZXJ2ZXIgd2l0aAogICAgICByZXN0cmljdGVkIGFjY2Vz
cyB0byB0aGUgY2xpZW50IGNyZWRlbnRpYWxzKSwgb3IgY2FwYWJsZSBvZiBzZWN1cmUKICAgICAg
Y2xpZW50IGF1dGhlbnRpY2F0aW9uIHVzaW5nIG90aGVyIG1lYW5zLgogICBwdWJsaWMKICAgICAg
Q2xpZW50cyBpbmNhcGFibGUgb2YgbWFpbnRhaW5pbmcgdGhlIGNvbmZpZGVudGlhbGl0eSBvZiB0
aGVpcgogICAgICBjcmVkZW50aWFscyAoZS5nLiBjbGllbnRzIGV4ZWN1dGluZyBvbiB0aGUgZGV2
aWNlIHVzZWQgYnkgdGhlCiAgICAgIHJlc291cmNlIG93bmVyIHN1Y2ggYXMgYW4gaW5zdGFsbGVk
IG5hdGl2ZSBhcHBsaWNhdGlvbiBvciBhIHdlYgogICAgICBicm93c2VyLWJhc2VkIGFwcGxpY2F0
aW9uKSwgYW5kIGluY2FwYWJsZSBvZiBzZWN1cmUgY2xpZW50CiAgICAgIGF1dGhlbnRpY2F0aW9u
IHZpYSBhbnkgb3RoZXIgbWVhbnMuCgogICBUaGUgY2xpZW50IHR5cGUgZGVzaWduYXRpb24gaXMg
YmFzZWQgb24gdGhlIGF1dGhvcml6YXRpb24gc2VydmVyJ3MKICAgZGVmaW5pdGlvbiBvZiBzZWN1
cmUgYXV0aGVudGljYXRpb24gYW5kIGl0cyBhY2NlcHRhYmxlIGV4cG9zdXJlCiAgIGxldmVscyBv
ZiBjbGllbnQgY3JlZGVudGlhbHMuICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgU0hPVUxEIE5P
VAogICBtYWtlIGFzc3VtcHRpb25zIGFib3V0IHRoZSBjbGllbnQgdHlwZS4KCiAgIEEgY2xpZW50
IG1heSBiZSBpbXBsZW1lbnRlZCBhcyBhIGRpc3RyaWJ1dGVkIHNldCBvZiBjb21wb25lbnRzLCBl
YWNoCiAgIHdpdGggYSBkaWZmZXJlbnQgY2xpZW50IHR5cGUgYW5kIHNlY3VyaXR5IGNvbnRleHQg
KGUuZy4gYSBkaXN0cmlidXRlZAogICBjbGllbnQgd2l0aCBib3RoIGEgY29uZmlkZW50aWFsIHNl
cnZlci1iYXNlZCBjb21wb25lbnQgYW5kIGEgcHVibGljCiAgIGJyb3dzZXItYmFzZWQgY29tcG9u
ZW50KS4gIElmIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBkb2VzIG5vdAogICBwcm92aWRlIHN1
cHBvcnQgZm9yIHN1Y2ggY2xpZW50cywgb3IgZG9lcyBub3QgcHJvdmlkZSBndWlkYW5jZSB3aXRo
CiAgIHJlZ2FyZCB0byB0aGVpciByZWdpc3RyYXRpb24sIHRoZSBjbGllbnQgU0hPVUxEIHJlZ2lz
dGVyIGVhY2gKICAgY29tcG9uZW50IGFzIGEgc2VwYXJhdGUgY2xpZW50LgoKICAgVGhpcyBzcGVj
aWZpY2F0aW9uIGhhcyBiZWVuIGRlc2lnbmVkIGFyb3VuZCB0aGUgZm9sbG93aW5nIGNsaWVudAog
ICBwcm9maWxlczoKCiAgIHdlYiBhcHBsaWNhdGlvbgogICAgICBBIHdlYiBhcHBsaWNhdGlvbiBp
cyBhIGNvbmZpZGVudGlhbCBjbGllbnQgcnVubmluZyBvbiBhIHdlYgogICAgICBzZXJ2ZXIuICBS
ZXNvdXJjZSBvd25lcnMgYWNjZXNzIHRoZSBjbGllbnQgdmlhIGFuIEhUTUwgdXNlcgogICAgICBp
bnRlcmZhY2UgcmVuZGVyZWQgaW4gYSB1c2VyLWFnZW50IG9uIHRoZSBkZXZpY2UgdXNlZCBieSB0
aGUKICAgICAgcmVzb3VyY2Ugb3duZXIuICBUaGUgY2xpZW50IGNyZWRlbnRpYWxzIGFzIHdlbGwg
YXMgYW55IGFjY2VzcwogICAgICB0b2tlbiBpc3N1ZWQgdG8gdGhlIGNsaWVudCBhcmUgc3RvcmVk
IG9uIHRoZSB3ZWIgc2VydmVyIGFuZCBhcmUKICAgICAgbm90IGV4cG9zZWQgdG8gb3IgYWNjZXNz
aWJsZSBieSB0aGUgcmVzb3VyY2Ugb3duZXIuCiAgIHVzZXItYWdlbnQtYmFzZWQgYXBwbGljYXRp
b24KICAgICAgQSB1c2VyLWFnZW50LWJhc2VkIGFwcGxpY2F0aW9uIGlzIGEgcHVibGljIGNsaWVu
dCBpbiB3aGljaCB0aGUKICAgICAgY2xpZW50IGNvZGUgaXMgZG93bmxvYWRlZCBmcm9tIGEgd2Vi
IHNlcnZlciBhbmQgZXhlY3V0ZXMgd2l0aGluIGEKICAgICAgdXNlci1hZ2VudCAoZS5nLiB3ZWIg
YnJvd3Nlcikgb24gdGhlIGRldmljZSB1c2VkIGJ5IHRoZSByZXNvdXJjZQogICAgICBvd25lci4g
IFByb3RvY29sIGRhdGEgYW5kIGNyZWRlbnRpYWxzIGFyZSBlYXNpbHkgYWNjZXNzaWJsZSAoYW5k
CiAgICAgIG9mdGVuIHZpc2libGUpIHRvIHRoZSByZXNvdXJjZSBvd25lci4gIFNpbmNlIHN1Y2gg
YXBwbGljYXRpb25zCiAgICAgIHJlc2lkZSB3aXRoaW4gdGhlIHVzZXItYWdlbnQsIHRoZXkgY2Fu
IG1ha2Ugc2VhbWxlc3MgdXNlIG9mIHRoZQoKCgpIYW1tZXIsIGV0IGFsLiAgICAgICAgICBFeHBp
cmVzIERlY2VtYmVyIDEsIDIwMTIgICAgICAgICAgICAgICBbUGFnZSAxNF0KDApJbnRlcm5ldC1E
cmFmdCAgICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICAgTWF5
IDIwMTIKCgogICAgICB1c2VyLWFnZW50IGNhcGFiaWxpdGllcyB3aGVuIHJlcXVlc3RpbmcgYXV0
aG9yaXphdGlvbi4KICAgbmF0aXZlIGFwcGxpY2F0aW9uCiAgICAgIEEgbmF0aXZlIGFwcGxpY2F0
aW9uIGlzIGEgcHVibGljIGNsaWVudCBpbnN0YWxsZWQgYW5kIGV4ZWN1dGVkIG9uCiAgICAgIHRo
ZSBkZXZpY2UgdXNlZCBieSB0aGUgcmVzb3VyY2Ugb3duZXIuICBQcm90b2NvbCBkYXRhIGFuZAog
ICAgICBjcmVkZW50aWFscyBhcmUgYWNjZXNzaWJsZSB0byB0aGUgcmVzb3VyY2Ugb3duZXIuICBJ
dCBpcyBhc3N1bWVkCiAgICAgIHRoYXQgYW55IGNsaWVudCBhdXRoZW50aWNhdGlvbiBjcmVkZW50
aWFscyBpbmNsdWRlZCBpbiB0aGUKICAgICAgYXBwbGljYXRpb24gY2FuIGJlIGV4dHJhY3RlZC4g
IE9uIHRoZSBvdGhlciBoYW5kLCBkeW5hbWljYWxseQogICAgICBpc3N1ZWQgY3JlZGVudGlhbHMg
c3VjaCBhcyBhY2Nlc3MgdG9rZW5zIG9yIHJlZnJlc2ggdG9rZW5zIGNhbgogICAgICByZWNlaXZl
IGFuIGFjY2VwdGFibGUgbGV2ZWwgb2YgcHJvdGVjdGlvbi4gIEF0IGEgbWluaW11bSwgdGhlc2UK
ICAgICAgY3JlZGVudGlhbHMgYXJlIHByb3RlY3RlZCBmcm9tIGhvc3RpbGUgc2VydmVycyB3aXRo
IHdoaWNoIHRoZQogICAgICBhcHBsaWNhdGlvbiBtYXkgaW50ZXJhY3Qgd2l0aC4gIE9uIHNvbWUg
cGxhdGZvcm1zIHRoZXNlCiAgICAgIGNyZWRlbnRpYWxzIG1pZ2h0IGJlIHByb3RlY3RlZCBmcm9t
IG90aGVyIGFwcGxpY2F0aW9ucyByZXNpZGluZyBvbgogICAgICB0aGUgc2FtZSBkZXZpY2UuCgoy
LjIuICBDbGllbnQgSWRlbnRpZmllcgoKICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGlzc3Vl
cyB0aGUgcmVnaXN0ZXJlZCBjbGllbnQgYSBjbGllbnQKICAgaWRlbnRpZmllciAtIGEgdW5pcXVl
IHN0cmluZyByZXByZXNlbnRpbmcgdGhlIHJlZ2lzdHJhdGlvbgogICBpbmZvcm1hdGlvbiBwcm92
aWRlZCBieSB0aGUgY2xpZW50LiAgVGhlIGNsaWVudCBpZGVudGlmaWVyIGlzIG5vdCBhCiAgIHNl
Y3JldCwgaXQgaXMgZXhwb3NlZCB0byB0aGUgcmVzb3VyY2Ugb3duZXIsIGFuZCBNVVNUIE5PVCBi
ZSB1c2VkCiAgIGFsb25lIGZvciBjbGllbnQgYXV0aGVudGljYXRpb24uICBUaGUgY2xpZW50IGlk
ZW50aWZpZXIgaXMgdW5pcXVlIHRvCiAgIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4KCiAgIFRo
ZSBjbGllbnQgaWRlbnRpZmllciBzdHJpbmcgc2l6ZSBpcyBsZWZ0IHVuZGVmaW5lZCBieSB0aGlz
CiAgIHNwZWNpZmljYXRpb24uICBUaGUgY2xpZW50IHNob3VsZCBhdm9pZCBtYWtpbmcgYXNzdW1w
dGlvbnMgYWJvdXQgdGhlCiAgIGlkZW50aWZpZXIgc2l6ZS4gIFRoZSBhdXRob3JpemF0aW9uIHNl
cnZlciBTSE9VTEQgZG9jdW1lbnQgdGhlIHNpemUKICAgb2YgYW55IGlkZW50aWZpZXIgaXQgaXNz
dWVzLgoKMi4zLiAgQ2xpZW50IEF1dGhlbnRpY2F0aW9uCgogICBJZiB0aGUgY2xpZW50IHR5cGUg
aXMgY29uZmlkZW50aWFsLCB0aGUgY2xpZW50IGFuZCBhdXRob3JpemF0aW9uCiAgIHNlcnZlciBl
c3RhYmxpc2ggYSBjbGllbnQgYXV0aGVudGljYXRpb24gbWV0aG9kIHN1aXRhYmxlIGZvciB0aGUK
ICAgc2VjdXJpdHkgcmVxdWlyZW1lbnRzIG9mIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4gIFRo
ZSBhdXRob3JpemF0aW9uCiAgIHNlcnZlciBNQVkgYWNjZXB0IGFueSBmb3JtIG9mIGNsaWVudCBh
dXRoZW50aWNhdGlvbiBtZWV0aW5nIGl0cwogICBzZWN1cml0eSByZXF1aXJlbWVudHMuCgogICBD
b25maWRlbnRpYWwgY2xpZW50cyBhcmUgdHlwaWNhbGx5IGlzc3VlZCAob3IgZXN0YWJsaXNoKSBh
IHNldCBvZgogICBjbGllbnQgY3JlZGVudGlhbHMgdXNlZCBmb3IgYXV0aGVudGljYXRpbmcgd2l0
aCB0aGUgYXV0aG9yaXphdGlvbgogICBzZXJ2ZXIgKGUuZy4gcGFzc3dvcmQsIHB1YmxpYy9wcml2
YXRlIGtleSBwYWlyKS4KCiAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNQVkgZXN0YWJsaXNo
IGEgY2xpZW50IGF1dGhlbnRpY2F0aW9uIG1ldGhvZAogICB3aXRoIHB1YmxpYyBjbGllbnRzLiAg
SG93ZXZlciwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgTk9UIHJlbHkKICAgb24gcHVi
bGljIGNsaWVudCBhdXRoZW50aWNhdGlvbiBmb3IgdGhlIHB1cnBvc2Ugb2YgaWRlbnRpZnlpbmcg
dGhlCiAgIGNsaWVudC4KCiAgIFRoZSBjbGllbnQgTVVTVCBOT1QgdXNlIG1vcmUgdGhhbiBvbmUg
YXV0aGVudGljYXRpb24gbWV0aG9kIGluIGVhY2gKICAgcmVxdWVzdC4KCgoKCkhhbW1lciwgZXQg
YWwuICAgICAgICAgIEV4cGlyZXMgRGVjZW1iZXIgMSwgMjAxMiAgICAgICAgICAgICAgIFtQYWdl
IDE1XQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAgICAg
ICAgICAgICAgICAgICBNYXkgMjAxMgoKCjIuMy4xLiAgQ2xpZW50IFBhc3N3b3JkCgogICBDbGll
bnRzIGluIHBvc3Nlc3Npb24gb2YgYSBjbGllbnQgcGFzc3dvcmQgTUFZIHVzZSB0aGUgSFRUUCBC
YXNpYwogICBhdXRoZW50aWNhdGlvbiBzY2hlbWUgYXMgZGVmaW5lZCBpbiBbUkZDMjYxN10gdG8g
YXV0aGVudGljYXRlIHdpdGgKICAgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLiAgVGhlIGNsaWVu
dCBpZGVudGlmaWVyIGlzIHVzZWQgYXMgdGhlCiAgIHVzZXJuYW1lLCBhbmQgdGhlIGNsaWVudCBw
YXNzd29yZCBpcyB1c2VkIGFzIHRoZSBwYXNzd29yZC4gIFRoZQogICBhdXRob3JpemF0aW9uIHNl
cnZlciBNVVNUIHN1cHBvcnQgdGhlIEhUVFAgQmFzaWMgYXV0aGVudGljYXRpb24KICAgc2NoZW1l
IGZvciBhdXRoZW50aWNhdGluZyBjbGllbnRzIHdoaWNoIHdlcmUgaXNzdWVkIGEgY2xpZW50CiAg
IHBhc3N3b3JkLgoKICAgRm9yIGV4YW1wbGUgKGV4dHJhIGxpbmUgYnJlYWtzIGFyZSBmb3IgZGlz
cGxheSBwdXJwb3NlcyBvbmx5KToKCgogICAgIEF1dGhvcml6YXRpb246IEJhc2ljIGN6WkNhR1JT
YTNGME16bzNSbXBtY0RCYVFuSXhTM1JFVW1KdVpsWmtiVWwzCgoKICAgQWx0ZXJuYXRpdmVseSwg
dGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1BWSBzdXBwb3J0IGluY2x1ZGluZyB0aGUKICAgY2xp
ZW50IGNyZWRlbnRpYWxzIGluIHRoZSByZXF1ZXN0IGJvZHkgdXNpbmcgdGhlIGZvbGxvd2luZwog
ICBwYXJhbWV0ZXJzOgoKICAgY2xpZW50X2lkCiAgICAgICAgIFJFUVVJUkVELiAgVGhlIGNsaWVu
dCBpZGVudGlmaWVyIGlzc3VlZCB0byB0aGUgY2xpZW50IGR1cmluZwogICAgICAgICB0aGUgcmVn
aXN0cmF0aW9uIHByb2Nlc3MgZGVzY3JpYmVkIGJ5IFNlY3Rpb24gMi4yLgogICBjbGllbnRfc2Vj
cmV0CiAgICAgICAgIFJFUVVJUkVELiAgVGhlIGNsaWVudCBzZWNyZXQuICBUaGUgY2xpZW50IE1B
WSBvbWl0IHRoZQogICAgICAgICBwYXJhbWV0ZXIgaWYgdGhlIGNsaWVudCBzZWNyZXQgaXMgYW4g
ZW1wdHkgc3RyaW5nLgoKICAgSW5jbHVkaW5nIHRoZSBjbGllbnQgY3JlZGVudGlhbHMgaW4gdGhl
IHJlcXVlc3QgYm9keSB1c2luZyB0aGUgdHdvCiAgIHBhcmFtZXRlcnMgaXMgTk9UIFJFQ09NTUVO
REVELCBhbmQgU0hPVUxEIGJlIGxpbWl0ZWQgdG8gY2xpZW50cwogICB1bmFibGUgdG8gZGlyZWN0
bHkgdXRpbGl6ZSB0aGUgSFRUUCBCYXNpYyBhdXRoZW50aWNhdGlvbiBzY2hlbWUgKG9yCiAgIG90
aGVyIHBhc3N3b3JkLWJhc2VkIEhUVFAgYXV0aGVudGljYXRpb24gc2NoZW1lcykuICBUaGUgcGFy
YW1ldGVycwogICBjYW4gb25seSBiZSB0cmFuc21pdHRlZCBpbiB0aGUgcmVxdWVzdCBib2R5IGFu
ZCBNVVNUIE5PVCBiZSBpbmNsdWRlZAogICBpbiB0aGUgcmVxdWVzdCBVUkkuCgogICBGb3IgZXhh
bXBsZSwgcmVxdWVzdGluZyB0byByZWZyZXNoIGFuIGFjY2VzcyB0b2tlbiAoU2VjdGlvbiA2KSB1
c2luZwogICB0aGUgYm9keSBwYXJhbWV0ZXJzIChleHRyYSBsaW5lIGJyZWFrcyBhcmUgZm9yIGRp
c3BsYXkgcHVycG9zZXMKICAgb25seSk6CgoKICAgICBQT1NUIC90b2tlbiBIVFRQLzEuMQogICAg
IEhvc3Q6IHNlcnZlci5leGFtcGxlLmNvbQogICAgIENvbnRlbnQtVHlwZTogYXBwbGljYXRpb24v
eC13d3ctZm9ybS11cmxlbmNvZGVkO2NoYXJzZXQ9VVRGLTgKCiAgICAgZ3JhbnRfdHlwZT1yZWZy
ZXNoX3Rva2VuJnJlZnJlc2hfdG9rZW49dEd6djNKT2tGMFhHNVF4MlRsS1dJQQogICAgICZjbGll
bnRfaWQ9czZCaGRSa3F0MyZjbGllbnRfc2VjcmV0PTdGamZwMFpCcjFLdERSYm5mVmRtSXcKCgog
ICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCByZXF1aXJlIHRoZSB1c2Ugb2YgVExTIGFz
IGRlc2NyaWJlZCBpbgoKCgpIYW1tZXIsIGV0IGFsLiAgICAgICAgICBFeHBpcmVzIERlY2VtYmVy
IDEsIDIwMTIgICAgICAgICAgICAgICBbUGFnZSAxNl0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAg
ICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICAgTWF5IDIwMTIKCgogICBT
ZWN0aW9uIDEuNiB3aGVuIHNlbmRpbmcgcmVxdWVzdHMgdXNpbmcgcGFzc3dvcmQgYXV0aGVudGlj
YXRpb24uCgogICBTaW5jZSB0aGlzIGNsaWVudCBhdXRoZW50aWNhdGlvbiBtZXRob2QgaW52b2x2
ZXMgYSBwYXNzd29yZCwgdGhlCiAgIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgcHJvdGVjdCBh
bnkgZW5kcG9pbnQgdXRpbGl6aW5nIGl0IGFnYWluc3QKICAgYnJ1dGUgZm9yY2UgYXR0YWNrcy4K
CjIuMy4yLiAgT3RoZXIgQXV0aGVudGljYXRpb24gTWV0aG9kcwoKICAgVGhlIGF1dGhvcml6YXRp
b24gc2VydmVyIE1BWSBzdXBwb3J0IGFueSBzdWl0YWJsZSBIVFRQIGF1dGhlbnRpY2F0aW9uCiAg
IHNjaGVtZSBtYXRjaGluZyBpdHMgc2VjdXJpdHkgcmVxdWlyZW1lbnRzLiAgV2hlbiB1c2luZyBv
dGhlcgogICBhdXRoZW50aWNhdGlvbiBtZXRob2RzLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIg
TVVTVCBkZWZpbmUgYQogICBtYXBwaW5nIGJldHdlZW4gdGhlIGNsaWVudCBpZGVudGlmaWVyIChy
ZWdpc3RyYXRpb24gcmVjb3JkKSBhbmQKICAgYXV0aGVudGljYXRpb24gc2NoZW1lLgoKMi40LiAg
VW5yZWdpc3RlcmVkIENsaWVudHMKCiAgIFRoaXMgc3BlY2lmaWNhdGlvbiBkb2VzIG5vdCBleGNs
dWRlIHRoZSB1c2Ugb2YgdW5yZWdpc3RlcmVkIGNsaWVudHMuCiAgIEhvd2V2ZXIsIHRoZSB1c2Ug
d2l0aCBzdWNoIGNsaWVudHMgaXMgYmV5b25kIHRoZSBzY29wZSBvZiB0aGlzCiAgIHNwZWNpZmlj
YXRpb24sIGFuZCByZXF1aXJlcyBhZGRpdGlvbmFsIHNlY3VyaXR5IGFuYWx5c2lzIGFuZCByZXZp
ZXcKICAgb2YgaXRzIGludGVyb3BlcmFiaWxpdHkgaW1wYWN0LgoKCjMuICBQcm90b2NvbCBFbmRw
b2ludHMKCiAgIFRoZSBhdXRob3JpemF0aW9uIHByb2Nlc3MgdXRpbGl6ZXMgdHdvIGF1dGhvcml6
YXRpb24gc2VydmVyIGVuZHBvaW50cwogICAoSFRUUCByZXNvdXJjZXMpOgoKICAgbyAgQXV0aG9y
aXphdGlvbiBlbmRwb2ludCAtIHVzZWQgYnkgdGhlIGNsaWVudCB0byBvYnRhaW4KICAgICAgYXV0
aG9yaXphdGlvbiBmcm9tIHRoZSByZXNvdXJjZSBvd25lciB2aWEgdXNlci1hZ2VudCByZWRpcmVj
dGlvbi4KICAgbyAgVG9rZW4gZW5kcG9pbnQgLSB1c2VkIGJ5IHRoZSBjbGllbnQgdG8gZXhjaGFu
Z2UgYW4gYXV0aG9yaXphdGlvbgogICAgICBncmFudCBmb3IgYW4gYWNjZXNzIHRva2VuLCB0eXBp
Y2FsbHkgd2l0aCBjbGllbnQgYXV0aGVudGljYXRpb24uCgogICBBcyB3ZWxsIGFzIG9uZSBjbGll
bnQgZW5kcG9pbnQ6CgogICBvICBSZWRpcmVjdGlvbiBlbmRwb2ludCAtIHVzZWQgYnkgdGhlIGF1
dGhvcml6YXRpb24gc2VydmVyIHRvIHJldHVybgogICAgICBhdXRob3JpemF0aW9uIGNyZWRlbnRp
YWxzIHJlc3BvbnNlcyB0byB0aGUgY2xpZW50IHZpYSB0aGUgcmVzb3VyY2UKICAgICAgb3duZXIg
dXNlci1hZ2VudC4KCiAgIE5vdCBldmVyeSBhdXRob3JpemF0aW9uIGdyYW50IHR5cGUgdXRpbGl6
ZXMgYm90aCBlbmRwb2ludHMuCiAgIEV4dGVuc2lvbiBncmFudCB0eXBlcyBNQVkgZGVmaW5lIGFk
ZGl0aW9uYWwgZW5kcG9pbnRzIGFzIG5lZWRlZC4KCjMuMS4gIEF1dGhvcml6YXRpb24gRW5kcG9p
bnQKCiAgIFRoZSBhdXRob3JpemF0aW9uIGVuZHBvaW50IGlzIHVzZWQgdG8gaW50ZXJhY3Qgd2l0
aCB0aGUgcmVzb3VyY2UKICAgb3duZXIgYW5kIG9idGFpbiBhbiBhdXRob3JpemF0aW9uIGdyYW50
LiAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyCiAgIE1VU1QgZmlyc3QgdmVyaWZ5IHRoZSBpZGVu
dGl0eSBvZiB0aGUgcmVzb3VyY2Ugb3duZXIuICBUaGUgd2F5IGluCiAgIHdoaWNoIHRoZSBhdXRo
b3JpemF0aW9uIHNlcnZlciBhdXRoZW50aWNhdGVzIHRoZSByZXNvdXJjZSBvd25lciAoZS5nLgog
ICB1c2VybmFtZSBhbmQgcGFzc3dvcmQgbG9naW4sIHNlc3Npb24gY29va2llcykgaXMgYmV5b25k
IHRoZSBzY29wZSBvZgoKCgpIYW1tZXIsIGV0IGFsLiAgICAgICAgICBFeHBpcmVzIERlY2VtYmVy
IDEsIDIwMTIgICAgICAgICAgICAgICBbUGFnZSAxN10KDApJbnRlcm5ldC1EcmFmdCAgICAgICAg
ICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICAgTWF5IDIwMTIKCgogICB0
aGlzIHNwZWNpZmljYXRpb24uCgogICBUaGUgbWVhbnMgdGhyb3VnaCB3aGljaCB0aGUgY2xpZW50
IG9idGFpbnMgdGhlIGxvY2F0aW9uIG9mIHRoZQogICBhdXRob3JpemF0aW9uIGVuZHBvaW50IGFy
ZSBiZXlvbmQgdGhlIHNjb3BlIG9mIHRoaXMgc3BlY2lmaWNhdGlvbiwKICAgYnV0IHRoZSBsb2Nh
dGlvbiBpcyB0eXBpY2FsbHkgcHJvdmlkZWQgaW4gdGhlIHNlcnZpY2UgZG9jdW1lbnRhdGlvbi4K
CiAgIFRoZSBlbmRwb2ludCBVUkkgTUFZIGluY2x1ZGUgYW4gImFwcGxpY2F0aW9uL3gtd3d3LWZv
cm0tdXJsZW5jb2RlZCIKICAgZm9ybWF0dGVkIChbVzNDLlJFQy1odG1sNDAxLTE5OTkxMjI0XSkg
cXVlcnkgY29tcG9uZW50IChbUkZDMzk4Nl0KICAgc2VjdGlvbiAzLjQpLCB3aGljaCBNVVNUIGJl
IHJldGFpbmVkIHdoZW4gYWRkaW5nIGFkZGl0aW9uYWwgcXVlcnkKICAgcGFyYW1ldGVycy4gIFRo
ZSBlbmRwb2ludCBVUkkgTVVTVCBOT1QgaW5jbHVkZSBhIGZyYWdtZW50IGNvbXBvbmVudC4KCiAg
IFNpbmNlIHJlcXVlc3RzIHRvIHRoZSBhdXRob3JpemF0aW9uIGVuZHBvaW50IHJlc3VsdCBpbiB1
c2VyCiAgIGF1dGhlbnRpY2F0aW9uIGFuZCB0aGUgdHJhbnNtaXNzaW9uIG9mIGNsZWFyLXRleHQg
Y3JlZGVudGlhbHMgKGluIHRoZQogICBIVFRQIHJlc3BvbnNlKSwgdGhlIGF1dGhvcml6YXRpb24g
c2VydmVyIE1VU1QgcmVxdWlyZSB0aGUgdXNlIG9mIFRMUwogICBhcyBkZXNjcmliZWQgaW4gU2Vj
dGlvbiAxLjYgd2hlbiBzZW5kaW5nIHJlcXVlc3RzIHRvIHRoZQogICBhdXRob3JpemF0aW9uIGVu
ZHBvaW50LgoKICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1Qgc3VwcG9ydCB0aGUgdXNl
IG9mIHRoZSBIVFRQICJHRVQiCiAgIG1ldGhvZCBbUkZDMjYxNl0gZm9yIHRoZSBhdXRob3JpemF0
aW9uIGVuZHBvaW50LCBhbmQgTUFZIHN1cHBvcnQgdGhlCiAgIHVzZSBvZiB0aGUgIlBPU1QiIG1l
dGhvZCBhcyB3ZWxsLgoKICAgUGFyYW1ldGVycyBzZW50IHdpdGhvdXQgYSB2YWx1ZSBNVVNUIGJl
IHRyZWF0ZWQgYXMgaWYgdGhleSB3ZXJlCiAgIG9taXR0ZWQgZnJvbSB0aGUgcmVxdWVzdC4gIFRo
ZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIGlnbm9yZQogICB1bnJlY29nbml6ZWQgcmVxdWVz
dCBwYXJhbWV0ZXJzLiAgUmVxdWVzdCBhbmQgcmVzcG9uc2UgcGFyYW1ldGVycwogICBNVVNUIE5P
VCBiZSBpbmNsdWRlZCBtb3JlIHRoYW4gb25jZS4KCjMuMS4xLiAgUmVzcG9uc2UgVHlwZQoKICAg
VGhlIGF1dGhvcml6YXRpb24gZW5kcG9pbnQgaXMgdXNlZCBieSB0aGUgYXV0aG9yaXphdGlvbiBj
b2RlIGdyYW50CiAgIHR5cGUgYW5kIGltcGxpY2l0IGdyYW50IHR5cGUgZmxvd3MuICBUaGUgY2xp
ZW50IGluZm9ybXMgdGhlCiAgIGF1dGhvcml6YXRpb24gc2VydmVyIG9mIHRoZSBkZXNpcmVkIGdy
YW50IHR5cGUgdXNpbmcgdGhlIGZvbGxvd2luZwogICBwYXJhbWV0ZXI6CgogICByZXNwb25zZV90
eXBlCiAgICAgICAgIFJFUVVJUkVELiAgVGhlIHZhbHVlIE1VU1QgYmUgb25lIG9mICJjb2RlIiBm
b3IgcmVxdWVzdGluZyBhbgogICAgICAgICBhdXRob3JpemF0aW9uIGNvZGUgYXMgZGVzY3JpYmVk
IGJ5IFNlY3Rpb24gNC4xLjEsICJ0b2tlbiIgZm9yCiAgICAgICAgIHJlcXVlc3RpbmcgYW4gYWNj
ZXNzIHRva2VuIChpbXBsaWNpdCBncmFudCkgYXMgZGVzY3JpYmVkIGJ5CiAgICAgICAgIFNlY3Rp
b24gNC4yLjEsIG9yIGEgcmVnaXN0ZXJlZCBleHRlbnNpb24gdmFsdWUgYXMgZGVzY3JpYmVkIGJ5
CiAgICAgICAgIFNlY3Rpb24gOC40LgoKICAgRXh0ZW5zaW9uIHJlc3BvbnNlIHR5cGVzIE1BWSBj
b250YWluIGEgc3BhY2UtZGVsaW1pdGVkICgleDIwKSBsaXN0IG9mCiAgIHZhbHVlcywgd2hlcmUg
dGhlIG9yZGVyIG9mIHZhbHVlcyBkb2VzIG5vdCBtYXR0ZXIgKGUuZy4gcmVzcG9uc2UgdHlwZQog
ICAiYSBiIiBpcyB0aGUgc2FtZSBhcyAiYiBhIikuICBUaGUgbWVhbmluZyBvZiBzdWNoIGNvbXBv
c2l0ZSByZXNwb25zZQogICB0eXBlcyBpcyBkZWZpbmVkIGJ5IHRoZWlyIHJlc3BlY3RpdmUgc3Bl
Y2lmaWNhdGlvbnMuCgogICBJZiBhbiBhdXRob3JpemF0aW9uIHJlcXVlc3QgaXMgbWlzc2luZyB0
aGUgInJlc3BvbnNlX3R5cGUiIHBhcmFtZXRlciwKICAgb3IgaWYgdGhlIHJlc3BvbnNlIHR5cGUg
aXMgbm90IHVuZGVyc3Rvb2QsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcgogICBNVVNUIHJldHVy
biBhbiBlcnJvciByZXNwb25zZSBhcyBkZXNjcmliZWQgaW4gU2VjdGlvbiA0LjEuMi4xLgoKCgpI
YW1tZXIsIGV0IGFsLiAgICAgICAgICBFeHBpcmVzIERlY2VtYmVyIDEsIDIwMTIgICAgICAgICAg
ICAgICBbUGFnZSAxOF0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIE9BdXRoIDIu
MCAgICAgICAgICAgICAgICAgICAgICAgTWF5IDIwMTIKCgozLjEuMi4gIFJlZGlyZWN0aW9uIEVu
ZHBvaW50CgogICBBZnRlciBjb21wbGV0aW5nIGl0cyBpbnRlcmFjdGlvbiB3aXRoIHRoZSByZXNv
dXJjZSBvd25lciwgdGhlCiAgIGF1dGhvcml6YXRpb24gc2VydmVyIGRpcmVjdHMgdGhlIHJlc291
cmNlIG93bmVyJ3MgdXNlci1hZ2VudCBiYWNrIHRvCiAgIHRoZSBjbGllbnQuICBUaGUgYXV0aG9y
aXphdGlvbiBzZXJ2ZXIgcmVkaXJlY3RzIHRoZSB1c2VyLWFnZW50IHRvIHRoZQogICBjbGllbnQn
cyByZWRpcmVjdGlvbiBlbmRwb2ludCBwcmV2aW91c2x5IGVzdGFibGlzaGVkIHdpdGggdGhlCiAg
IGF1dGhvcml6YXRpb24gc2VydmVyIGR1cmluZyB0aGUgY2xpZW50IHJlZ2lzdHJhdGlvbiBwcm9j
ZXNzIG9yIHdoZW4KICAgbWFraW5nIHRoZSBhdXRob3JpemF0aW9uIHJlcXVlc3QuCgogICBUaGUg
cmVkaXJlY3Rpb24gZW5kcG9pbnQgVVJJIE1VU1QgYmUgYW4gYWJzb2x1dGUgVVJJIGFzIGRlZmlu
ZWQgYnkKICAgW1JGQzM5ODZdIHNlY3Rpb24gNC4zLiAgVGhlIGVuZHBvaW50IFVSSSBNQVkgaW5j
bHVkZSBhbgogICAiYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkIiBmb3JtYXR0ZWQK
ICAgKFtXM0MuUkVDLWh0bWw0MDEtMTk5OTEyMjRdKSBxdWVyeSBjb21wb25lbnQgKFtSRkMzOTg2
XSBzZWN0aW9uIDMuNCksCiAgIHdoaWNoIE1VU1QgYmUgcmV0YWluZWQgd2hlbiBhZGRpbmcgYWRk
aXRpb25hbCBxdWVyeSBwYXJhbWV0ZXJzLiAgVGhlCiAgIGVuZHBvaW50IFVSSSBNVVNUIE5PVCBp
bmNsdWRlIGEgZnJhZ21lbnQgY29tcG9uZW50LgoKMy4xLjIuMS4gIEVuZHBvaW50IFJlcXVlc3Qg
Q29uZmlkZW50aWFsaXR5CgogICBUaGUgcmVkaXJlY3Rpb24gZW5kcG9pbnQgU0hPVUxEIHJlcXVp
cmUgdGhlIHVzZSBvZiBUTFMgYXMgZGVzY3JpYmVkCiAgIGluIFNlY3Rpb24gMS42IHdoZW4gdGhl
IHJlcXVlc3RlZCByZXNwb25zZSB0eXBlIGlzICJjb2RlIiBvciAidG9rZW4iLAogICBvciB3aGVu
IHRoZSByZWRpcmVjdGlvbiByZXF1ZXN0IHdpbGwgcmVzdWx0IGluIHRoZSB0cmFuc21pc3Npb24g
b2YKICAgc2Vuc2l0aXZlIGNyZWRlbnRpYWxzIG92ZXIgYW4gb3BlbiBuZXR3b3JrLiAgVGhpcyBz
cGVjaWZpY2F0aW9uIGRvZXMKICAgbm90IG1hbmRhdGUgdGhlIHVzZSBvZiBUTFMgYmVjYXVzZSBh
dCB0aGUgdGltZSBvZiB0aGlzIHdyaXRpbmcsCiAgIHJlcXVpcmluZyBjbGllbnRzIHRvIGRlcGxv
eSBUTFMgaXMgYSBzaWduaWZpY2FudCBodXJkbGUgZm9yIG1hbnkKICAgY2xpZW50IGRldmVsb3Bl
cnMuICBJZiBUTFMgaXMgbm90IGF2YWlsYWJsZSwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyCiAg
IFNIT1VMRCB3YXJuIHRoZSByZXNvdXJjZSBvd25lciBhYm91dCB0aGUgaW5zZWN1cmUgZW5kcG9p
bnQgcHJpb3IgdG8KICAgcmVkaXJlY3Rpb24gKGUuZy4gZGlzcGxheSBhIG1lc3NhZ2UgZHVyaW5n
IHRoZSBhdXRob3JpemF0aW9uCiAgIHJlcXVlc3QpLgoKICAgTGFjayBvZiB0cmFuc3BvcnQtbGF5
ZXIgc2VjdXJpdHkgY2FuIGhhdmUgYSBzZXZlcmUgaW1wYWN0IG9uIHRoZQogICBzZWN1cml0eSBv
ZiB0aGUgY2xpZW50IGFuZCB0aGUgcHJvdGVjdGVkIHJlc291cmNlcyBpdCBpcyBhdXRob3JpemVk
CiAgIHRvIGFjY2Vzcy4gIFRoZSB1c2Ugb2YgdHJhbnNwb3J0LWxheWVyIHNlY3VyaXR5IGlzIHBh
cnRpY3VsYXJseQogICBjcml0aWNhbCB3aGVuIHRoZSBhdXRob3JpemF0aW9uIHByb2Nlc3MgaXMg
dXNlZCBhcyBhIGZvcm0gb2YKICAgZGVsZWdhdGVkIGVuZC11c2VyIGF1dGhlbnRpY2F0aW9uIGJ5
IHRoZSBjbGllbnQgKGUuZy4gdGhpcmQtcGFydHkKICAgc2lnbi1pbiBzZXJ2aWNlKS4KCjMuMS4y
LjIuICBSZWdpc3RyYXRpb24gUmVxdWlyZW1lbnRzCgogICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2
ZXIgTVVTVCByZXF1aXJlIHRoZSBmb2xsb3dpbmcgY2xpZW50cyB0bwogICByZWdpc3RlciB0aGVp
ciByZWRpcmVjdGlvbiBlbmRwb2ludDoKCiAgIG8gIFB1YmxpYyBjbGllbnRzLgogICBvICBDb25m
aWRlbnRpYWwgY2xpZW50cyB1dGlsaXppbmcgdGhlIGltcGxpY2l0IGdyYW50IHR5cGUuCgogICBU
aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgU0hPVUxEIHJlcXVpcmUgYWxsIGNsaWVudHMgdG8gcmVn
aXN0ZXIgdGhlaXIKICAgcmVkaXJlY3Rpb24gZW5kcG9pbnQgcHJpb3IgdG8gdXRpbGl6aW5nIHRo
ZSBhdXRob3JpemF0aW9uIGVuZHBvaW50LgoKICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIFNI
T1VMRCByZXF1aXJlIHRoZSBjbGllbnQgdG8gcHJvdmlkZSB0aGUKCgoKSGFtbWVyLCBldCBhbC4g
ICAgICAgICAgRXhwaXJlcyBEZWNlbWJlciAxLCAyMDEyICAgICAgICAgICAgICAgW1BhZ2UgMTld
CgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAg
ICAgICAgICAgIE1heSAyMDEyCgoKICAgY29tcGxldGUgcmVkaXJlY3Rpb24gVVJJICh0aGUgY2xp
ZW50IE1BWSB1c2UgdGhlICJzdGF0ZSIgcmVxdWVzdAogICBwYXJhbWV0ZXIgdG8gYWNoaWV2ZSBw
ZXItcmVxdWVzdCBjdXN0b21pemF0aW9uKS4gIElmIHJlcXVpcmluZyB0aGUKICAgcmVnaXN0cmF0
aW9uIG9mIHRoZSBjb21wbGV0ZSByZWRpcmVjdGlvbiBVUkkgaXMgbm90IHBvc3NpYmxlLCB0aGUK
ICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgU0hPVUxEIHJlcXVpcmUgdGhlIHJlZ2lzdHJhdGlvbiBv
ZiB0aGUgVVJJCiAgIHNjaGVtZSwgYXV0aG9yaXR5LCBhbmQgcGF0aCAoYWxsb3dpbmcgdGhlIGNs
aWVudCB0byBkeW5hbWljYWxseSB2YXJ5CiAgIG9ubHkgdGhlIHF1ZXJ5IGNvbXBvbmVudCBvZiB0
aGUgcmVkaXJlY3Rpb24gVVJJIHdoZW4gcmVxdWVzdGluZwogICBhdXRob3JpemF0aW9uKS4KCiAg
IFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNQVkgYWxsb3cgdGhlIGNsaWVudCB0byByZWdpc3Rl
ciBtdWx0aXBsZQogICByZWRpcmVjdGlvbiBlbmRwb2ludHMuCgogICBMYWNrIG9mIGEgcmVkaXJl
Y3Rpb24gVVJJIHJlZ2lzdHJhdGlvbiByZXF1aXJlbWVudCBjYW4gZW5hYmxlIGFuCiAgIGF0dGFj
a2VyIHRvIHVzZSB0aGUgYXV0aG9yaXphdGlvbiBlbmRwb2ludCBhcyBvcGVuIHJlZGlyZWN0b3Ig
YXMKICAgZGVzY3JpYmVkIGluIFNlY3Rpb24gMTAuMTUuCgozLjEuMi4zLiAgRHluYW1pYyBDb25m
aWd1cmF0aW9uCgogICBJZiBtdWx0aXBsZSByZWRpcmVjdGlvbiBVUklzIGhhdmUgYmVlbiByZWdp
c3RlcmVkLCBpZiBvbmx5IHBhcnQgb2YKICAgdGhlIHJlZGlyZWN0aW9uIFVSSSBoYXMgYmVlbiBy
ZWdpc3RlcmVkLCBvciBpZiBubyByZWRpcmVjdGlvbiBVUkkgaGFzCiAgIGJlZW4gcmVnaXN0ZXJl
ZCwgdGhlIGNsaWVudCBNVVNUIGluY2x1ZGUgYSByZWRpcmVjdGlvbiBVUkkgd2l0aCB0aGUKICAg
YXV0aG9yaXphdGlvbiByZXF1ZXN0IHVzaW5nIHRoZSAicmVkaXJlY3RfdXJpIiByZXF1ZXN0IHBh
cmFtZXRlci4KCiAgIFdoZW4gYSByZWRpcmVjdGlvbiBVUkkgaXMgaW5jbHVkZWQgaW4gYW4gYXV0
aG9yaXphdGlvbiByZXF1ZXN0LCB0aGUKICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBjb21w
YXJlIGFuZCBtYXRjaCB0aGUgdmFsdWUgcmVjZWl2ZWQKICAgYWdhaW5zdCBhdCBsZWFzdCBvbmUg
b2YgdGhlIHJlZ2lzdGVyZWQgcmVkaXJlY3Rpb24gVVJJcyAob3IgVVJJCiAgIGNvbXBvbmVudHMp
IGFzIGRlZmluZWQgaW4gW1JGQzM5ODZdIHNlY3Rpb24gNiwgaWYgYW55IHJlZGlyZWN0aW9uCiAg
IFVSSXMgd2VyZSByZWdpc3RlcmVkLiAgSWYgdGhlIGNsaWVudCByZWdpc3RyYXRpb24gaW5jbHVk
ZWQgdGhlIGZ1bGwKICAgcmVkaXJlY3Rpb24gVVJJLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIg
TVVTVCBjb21wYXJlIHRoZSB0d28gVVJJcwogICB1c2luZyBzaW1wbGUgc3RyaW5nIGNvbXBhcmlz
b24gYXMgZGVmaW5lZCBpbiBbUkZDMzk4Nl0gc2VjdGlvbiA2LjIuMS4KCjMuMS4yLjQuICBJbnZh
bGlkIEVuZHBvaW50CgogICBJZiBhbiBhdXRob3JpemF0aW9uIHJlcXVlc3QgZmFpbHMgdmFsaWRh
dGlvbiBkdWUgdG8gYSBtaXNzaW5nLAogICBpbnZhbGlkLCBvciBtaXNtYXRjaGluZyByZWRpcmVj
dGlvbiBVUkksIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcgogICBTSE9VTEQgaW5mb3JtIHRoZSBy
ZXNvdXJjZSBvd25lciBvZiB0aGUgZXJyb3IsIGFuZCBNVVNUIE5PVAogICBhdXRvbWF0aWNhbGx5
IHJlZGlyZWN0IHRoZSB1c2VyLWFnZW50IHRvIHRoZSBpbnZhbGlkIHJlZGlyZWN0aW9uIFVSSS4K
CjMuMS4yLjUuICBFbmRwb2ludCBDb250ZW50CgogICBUaGUgcmVkaXJlY3Rpb24gcmVxdWVzdCB0
byB0aGUgY2xpZW50J3MgZW5kcG9pbnQgdHlwaWNhbGx5IHJlc3VsdHMgaW4KICAgYW4gSFRNTCBk
b2N1bWVudCByZXNwb25zZSwgcHJvY2Vzc2VkIGJ5IHRoZSB1c2VyLWFnZW50LiAgSWYgdGhlIEhU
TUwKICAgcmVzcG9uc2UgaXMgc2VydmVkIGRpcmVjdGx5IGFzIHRoZSByZXN1bHQgb2YgdGhlIHJl
ZGlyZWN0aW9uIHJlcXVlc3QsCiAgIGFueSBzY3JpcHQgaW5jbHVkZWQgaW4gdGhlIEhUTUwgZG9j
dW1lbnQgd2lsbCBleGVjdXRlIHdpdGggZnVsbAogICBhY2Nlc3MgdG8gdGhlIHJlZGlyZWN0aW9u
IFVSSSBhbmQgdGhlIGNyZWRlbnRpYWxzIGl0IGNvbnRhaW5zLgoKICAgVGhlIGNsaWVudCBTSE9V
TEQgTk9UIGluY2x1ZGUgYW55IHRoaXJkLXBhcnR5IHNjcmlwdHMgKGUuZy4gdGhpcmQtCiAgIHBh
cnR5IGFuYWx5dGljcywgc29jaWFsIHBsdWctaW5zLCBhZCBuZXR3b3JrcykgaW4gdGhlIHJlZGly
ZWN0aW9uCiAgIGVuZHBvaW50IHJlc3BvbnNlLiAgSW5zdGVhZCwgaXQgU0hPVUxEIGV4dHJhY3Qg
dGhlIGNyZWRlbnRpYWxzIGZyb20KCgoKSGFtbWVyLCBldCBhbC4gICAgICAgICAgRXhwaXJlcyBE
ZWNlbWJlciAxLCAyMDEyICAgICAgICAgICAgICAgW1BhZ2UgMjBdCgwKSW50ZXJuZXQtRHJhZnQg
ICAgICAgICAgICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAgICAgICAgIE1heSAyMDEy
CgoKICAgdGhlIFVSSSBhbmQgcmVkaXJlY3QgdGhlIHVzZXItYWdlbnQgYWdhaW4gdG8gYW5vdGhl
ciBlbmRwb2ludCB3aXRob3V0CiAgIGV4cG9zaW5nIHRoZSBjcmVkZW50aWFscyAoaW4gdGhlIFVS
SSBvciBlbHNld2hlcmUpLiAgSWYgdGhpcmQtcGFydHkKICAgc2NyaXB0cyBhcmUgaW5jbHVkZWQs
IHRoZSBjbGllbnQgTVVTVCBlbnN1cmUgdGhhdCBpdHMgb3duIHNjcmlwdHMKICAgKHVzZWQgdG8g
ZXh0cmFjdCBhbmQgcmVtb3ZlIHRoZSBjcmVkZW50aWFscyBmcm9tIHRoZSBVUkkpIHdpbGwKICAg
ZXhlY3V0ZSBmaXJzdC4KCjMuMi4gIFRva2VuIEVuZHBvaW50CgogICBUaGUgdG9rZW4gZW5kcG9p
bnQgaXMgdXNlZCBieSB0aGUgY2xpZW50IHRvIG9idGFpbiBhbiBhY2Nlc3MgdG9rZW4gYnkKICAg
cHJlc2VudGluZyBpdHMgYXV0aG9yaXphdGlvbiBncmFudCBvciByZWZyZXNoIHRva2VuLiAgVGhl
IHRva2VuCiAgIGVuZHBvaW50IGlzIHVzZWQgd2l0aCBldmVyeSBhdXRob3JpemF0aW9uIGdyYW50
IGV4Y2VwdCBmb3IgdGhlCiAgIGltcGxpY2l0IGdyYW50IHR5cGUgKHNpbmNlIGFuIGFjY2VzcyB0
b2tlbiBpcyBpc3N1ZWQgZGlyZWN0bHkpLgoKICAgVGhlIG1lYW5zIHRocm91Z2ggd2hpY2ggdGhl
IGNsaWVudCBvYnRhaW5zIHRoZSBsb2NhdGlvbiBvZiB0aGUgdG9rZW4KICAgZW5kcG9pbnQgYXJl
IGJleW9uZCB0aGUgc2NvcGUgb2YgdGhpcyBzcGVjaWZpY2F0aW9uIGJ1dCBpcyB0eXBpY2FsbHkK
ICAgcHJvdmlkZWQgaW4gdGhlIHNlcnZpY2UgZG9jdW1lbnRhdGlvbi4KCiAgIFRoZSBlbmRwb2lu
dCBVUkkgTUFZIGluY2x1ZGUgYW4gImFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZCIK
ICAgZm9ybWF0dGVkIChbVzNDLlJFQy1odG1sNDAxLTE5OTkxMjI0XSkgcXVlcnkgY29tcG9uZW50
IChbUkZDMzk4Nl0KICAgc2VjdGlvbiAzLjQpLCB3aGljaCBNVVNUIGJlIHJldGFpbmVkIHdoZW4g
YWRkaW5nIGFkZGl0aW9uYWwgcXVlcnkKICAgcGFyYW1ldGVycy4gIFRoZSBlbmRwb2ludCBVUkkg
TVVTVCBOT1QgaW5jbHVkZSBhIGZyYWdtZW50IGNvbXBvbmVudC4KCiAgIFNpbmNlIHJlcXVlc3Rz
IHRvIHRoZSB0b2tlbiBlbmRwb2ludCByZXN1bHQgaW4gdGhlIHRyYW5zbWlzc2lvbiBvZgogICBj
bGVhci10ZXh0IGNyZWRlbnRpYWxzIChpbiB0aGUgSFRUUCByZXF1ZXN0IGFuZCByZXNwb25zZSks
IHRoZQogICBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIHJlcXVpcmUgdGhlIHVzZSBvZiBUTFMg
YXMgZGVzY3JpYmVkIGluCiAgIFNlY3Rpb24gMS42IHdoZW4gc2VuZGluZyByZXF1ZXN0cyB0byB0
aGUgdG9rZW4gZW5kcG9pbnQuCgogICBUaGUgY2xpZW50IE1VU1QgdXNlIHRoZSBIVFRQICJQT1NU
IiBtZXRob2Qgd2hlbiBtYWtpbmcgYWNjZXNzIHRva2VuCiAgIHJlcXVlc3RzLgoKICAgUGFyYW1l
dGVycyBzZW50IHdpdGhvdXQgYSB2YWx1ZSBNVVNUIGJlIHRyZWF0ZWQgYXMgaWYgdGhleSB3ZXJl
CiAgIG9taXR0ZWQgZnJvbSB0aGUgcmVxdWVzdC4gIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBN
VVNUIGlnbm9yZQogICB1bnJlY29nbml6ZWQgcmVxdWVzdCBwYXJhbWV0ZXJzLiAgUmVxdWVzdCBh
bmQgcmVzcG9uc2UgcGFyYW1ldGVycwogICBNVVNUIE5PVCBiZSBpbmNsdWRlZCBtb3JlIHRoYW4g
b25jZS4KCjMuMi4xLiAgQ2xpZW50IEF1dGhlbnRpY2F0aW9uCgogICBDb25maWRlbnRpYWwgY2xp
ZW50cyBvciBvdGhlciBjbGllbnRzIGlzc3VlZCBjbGllbnQgY3JlZGVudGlhbHMgTVVTVAogICBh
dXRoZW50aWNhdGUgd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXMgZGVzY3JpYmVkIGlu
CiAgIFNlY3Rpb24gMi4zIHdoZW4gbWFraW5nIHJlcXVlc3RzIHRvIHRoZSB0b2tlbiBlbmRwb2lu
dC4gIENsaWVudAogICBhdXRoZW50aWNhdGlvbiBpcyB1c2VkIGZvcjoKCiAgIG8gIEVuZm9yY2lu
ZyB0aGUgYmluZGluZyBvZiByZWZyZXNoIHRva2VucyBhbmQgYXV0aG9yaXphdGlvbiBjb2RlcyB0
bwogICAgICB0aGUgY2xpZW50IHRoZXkgd2VyZSBpc3N1ZWQgdG8uICBDbGllbnQgYXV0aGVudGlj
YXRpb24gaXMgY3JpdGljYWwKICAgICAgd2hlbiBhbiBhdXRob3JpemF0aW9uIGNvZGUgaXMgdHJh
bnNtaXR0ZWQgdG8gdGhlIHJlZGlyZWN0aW9uCiAgICAgIGVuZHBvaW50IG92ZXIgYW4gaW5zZWN1
cmUgY2hhbm5lbCwgb3Igd2hlbiB0aGUgcmVkaXJlY3Rpb24gVVJJIGhhcwogICAgICBub3QgYmVl
biByZWdpc3RlcmVkIGluIGZ1bGwuCgoKCgpIYW1tZXIsIGV0IGFsLiAgICAgICAgICBFeHBpcmVz
IERlY2VtYmVyIDEsIDIwMTIgICAgICAgICAgICAgICBbUGFnZSAyMV0KDApJbnRlcm5ldC1EcmFm
dCAgICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICAgTWF5IDIw
MTIKCgogICBvICBSZWNvdmVyaW5nIGZyb20gYSBjb21wcm9taXNlZCBjbGllbnQgYnkgZGlzYWJs
aW5nIHRoZSBjbGllbnQgb3IKICAgICAgY2hhbmdpbmcgaXRzIGNyZWRlbnRpYWxzLCB0aHVzIHBy
ZXZlbnRpbmcgYW4gYXR0YWNrZXIgZnJvbSBhYnVzaW5nCiAgICAgIHN0b2xlbiByZWZyZXNoIHRv
a2Vucy4gIENoYW5naW5nIGEgc2luZ2xlIHNldCBvZiBjbGllbnQKICAgICAgY3JlZGVudGlhbHMg
aXMgc2lnbmlmaWNhbnRseSBmYXN0ZXIgdGhhbiByZXZva2luZyBhbiBlbnRpcmUgc2V0IG9mCiAg
ICAgIHJlZnJlc2ggdG9rZW5zLgogICBvICBJbXBsZW1lbnRpbmcgYXV0aGVudGljYXRpb24gbWFu
YWdlbWVudCBiZXN0IHByYWN0aWNlcyB3aGljaAogICAgICByZXF1aXJlIHBlcmlvZGljIGNyZWRl
bnRpYWwgcm90YXRpb24uICBSb3RhdGlvbiBvZiBhbiBlbnRpcmUgc2V0CiAgICAgIG9mIHJlZnJl
c2ggdG9rZW5zIGNhbiBiZSBjaGFsbGVuZ2luZywgd2hpbGUgcm90YXRpb24gb2YgYSBzaW5nbGUK
ICAgICAgc2V0IG9mIGNsaWVudCBjcmVkZW50aWFscyBpcyBzaWduaWZpY2FudGx5IGVhc2llci4K
CiAgIEEgcHVibGljIGNsaWVudCB0aGF0IHdhcyBub3QgaXNzdWVkIGEgY2xpZW50IHBhc3N3b3Jk
IE1BWSB1c2UgdGhlCiAgICJjbGllbnRfaWQiIHJlcXVlc3QgcGFyYW1ldGVyIHRvIGlkZW50aWZ5
IGl0c2VsZiB3aGVuIHNlbmRpbmcKICAgcmVxdWVzdHMgdG8gdGhlIHRva2VuIGVuZHBvaW50IChl
LmcuIGZvciB0aGUgcHVycG9zZSBvZiBwcm92aWRpbmcKICAgZW5kLXVzZXIgY29udGV4dCwgY2xp
ZW50IHVzYWdlIHN0YXRpc3RpY3MpLgoKMy4zLiAgQWNjZXNzIFRva2VuIFNjb3BlCgogICBUaGUg
YXV0aG9yaXphdGlvbiBhbmQgdG9rZW4gZW5kcG9pbnRzIGFsbG93IHRoZSBjbGllbnQgdG8gc3Bl
Y2lmeSB0aGUKICAgc2NvcGUgb2YgdGhlIGFjY2VzcyByZXF1ZXN0IHVzaW5nIHRoZSAic2NvcGUi
IHJlcXVlc3QgcGFyYW1ldGVyLiAgSW4KICAgdHVybiwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVy
IHVzZXMgdGhlICJzY29wZSIgcmVzcG9uc2UgcGFyYW1ldGVyIHRvCiAgIGluZm9ybSB0aGUgY2xp
ZW50IG9mIHRoZSBzY29wZSBvZiB0aGUgYWNjZXNzIHRva2VuIGlzc3VlZC4KCiAgIFRoZSB2YWx1
ZSBvZiB0aGUgc2NvcGUgcGFyYW1ldGVyIGlzIGV4cHJlc3NlZCBhcyBhIGxpc3Qgb2Ygc3BhY2Ut
CiAgIGRlbGltaXRlZCwgY2FzZSBzZW5zaXRpdmUgc3RyaW5ncy4gIFRoZSBzdHJpbmdzIGFyZSBk
ZWZpbmVkIGJ5IHRoZQogICBhdXRob3JpemF0aW9uIHNlcnZlci4gIElmIHRoZSB2YWx1ZSBjb250
YWlucyBtdWx0aXBsZSBzcGFjZS1kZWxpbWl0ZWQKICAgc3RyaW5ncywgdGhlaXIgb3JkZXIgZG9l
cyBub3QgbWF0dGVyLCBhbmQgZWFjaCBzdHJpbmcgYWRkcyBhbgogICBhZGRpdGlvbmFsIGFjY2Vz
cyByYW5nZSB0byB0aGUgcmVxdWVzdGVkIHNjb3BlLgoKCiAgICAgc2NvcGUgICAgICAgPSBzY29w
ZS10b2tlbiAqKCBTUCBzY29wZS10b2tlbiApCiAgICAgc2NvcGUtdG9rZW4gPSAxKiggJXgyMSAv
ICV4MjMtNUIgLyAleDVELTdFICkKCgogICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTUFZIGZ1
bGx5IG9yIHBhcnRpYWxseSBpZ25vcmUgdGhlIHNjb3BlCiAgIHJlcXVlc3RlZCBieSB0aGUgY2xp
ZW50IGJhc2VkIG9uIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBwb2xpY3kgb3IKICAgdGhlIHJl
c291cmNlIG93bmVyJ3MgaW5zdHJ1Y3Rpb25zLiAgSWYgdGhlIGlzc3VlZCBhY2Nlc3MgdG9rZW4g
c2NvcGUKICAgaXMgZGlmZmVyZW50IGZyb20gdGhlIG9uZSByZXF1ZXN0ZWQgYnkgdGhlIGNsaWVu
dCwgdGhlIGF1dGhvcml6YXRpb24KICAgc2VydmVyIE1VU1QgaW5jbHVkZSB0aGUgInNjb3BlIiBy
ZXNwb25zZSBwYXJhbWV0ZXIgdG8gaW5mb3JtIHRoZQogICBjbGllbnQgb2YgdGhlIGFjdHVhbCBz
Y29wZSBncmFudGVkLgoKICAgSWYgdGhlIGNsaWVudCBvbWl0cyB0aGUgc2NvcGUgcGFyYW1ldGVy
IHdoZW4gcmVxdWVzdGluZwogICBhdXRob3JpemF0aW9uLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2
ZXIgTVVTVCBlaXRoZXIgcHJvY2VzcyB0aGUKICAgcmVxdWVzdCB1c2luZyBhIHByZS1kZWZpbmVk
IGRlZmF1bHQgdmFsdWUsIG9yIGZhaWwgdGhlIHJlcXVlc3QKICAgaW5kaWNhdGluZyBhbiBpbnZh
bGlkIHNjb3BlLiAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRAogICBkb2N1bWVudCBp
dHMgc2NvcGUgcmVxdWlyZW1lbnRzIGFuZCBkZWZhdWx0IHZhbHVlIChpZiBkZWZpbmVkKS4KCgoK
CgoKSGFtbWVyLCBldCBhbC4gICAgICAgICAgRXhwaXJlcyBEZWNlbWJlciAxLCAyMDEyICAgICAg
ICAgICAgICAgW1BhZ2UgMjJdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBPQXV0
aCAyLjAgICAgICAgICAgICAgICAgICAgICAgIE1heSAyMDEyCgoKNC4gIE9idGFpbmluZyBBdXRo
b3JpemF0aW9uCgogICBUbyByZXF1ZXN0IGFuIGFjY2VzcyB0b2tlbiwgdGhlIGNsaWVudCBvYnRh
aW5zIGF1dGhvcml6YXRpb24gZnJvbSB0aGUKICAgcmVzb3VyY2Ugb3duZXIuICBUaGUgYXV0aG9y
aXphdGlvbiBpcyBleHByZXNzZWQgaW4gdGhlIGZvcm0gb2YgYW4KICAgYXV0aG9yaXphdGlvbiBn
cmFudCB3aGljaCB0aGUgY2xpZW50IHVzZXMgdG8gcmVxdWVzdCB0aGUgYWNjZXNzCiAgIHRva2Vu
LiAgT0F1dGggZGVmaW5lcyBmb3VyIGdyYW50IHR5cGVzOiBhdXRob3JpemF0aW9uIGNvZGUsIGlt
cGxpY2l0LAogICByZXNvdXJjZSBvd25lciBwYXNzd29yZCBjcmVkZW50aWFscywgYW5kIGNsaWVu
dCBjcmVkZW50aWFscy4gIEl0IGFsc28KICAgcHJvdmlkZXMgYW4gZXh0ZW5zaW9uIG1lY2hhbmlz
bSBmb3IgZGVmaW5pbmcgYWRkaXRpb25hbCBncmFudCB0eXBlcy4KCjQuMS4gIEF1dGhvcml6YXRp
b24gQ29kZSBHcmFudAoKICAgVGhlIGF1dGhvcml6YXRpb24gY29kZSBncmFudCB0eXBlIGlzIHVz
ZWQgdG8gb2J0YWluIGJvdGggYWNjZXNzCiAgIHRva2VucyBhbmQgcmVmcmVzaCB0b2tlbnMgYW5k
IGlzIG9wdGltaXplZCBmb3IgY29uZmlkZW50aWFsIGNsaWVudHMuCiAgIEFzIGEgcmVkaXJlY3Rp
b24tYmFzZWQgZmxvdywgdGhlIGNsaWVudCBtdXN0IGJlIGNhcGFibGUgb2YKICAgaW50ZXJhY3Rp
bmcgd2l0aCB0aGUgcmVzb3VyY2Ugb3duZXIncyB1c2VyLWFnZW50ICh0eXBpY2FsbHkgYSB3ZWIK
ICAgYnJvd3NlcikgYW5kIGNhcGFibGUgb2YgcmVjZWl2aW5nIGluY29taW5nIHJlcXVlc3RzICh2
aWEgcmVkaXJlY3Rpb24pCiAgIGZyb20gdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLgoKCiAgICAg
Ky0tLS0tLS0tLS0rCiAgICAgfCByZXNvdXJjZSB8CiAgICAgfCAgIG93bmVyICB8CiAgICAgfCAg
ICAgICAgICB8CiAgICAgKy0tLS0tLS0tLS0rCiAgICAgICAgICBeCiAgICAgICAgICB8CiAgICAg
ICAgIChCKQogICAgICstLS0tfC0tLS0tKyAgICAgICAgICBDbGllbnQgSWRlbnRpZmllciAgICAg
ICstLS0tLS0tLS0tLS0tLS0rCiAgICAgfCAgICAgICAgIC0rLS0tLShBKS0tICYgUmVkaXJlY3Rp
b24gVVJJIC0tLS0+fCAgICAgICAgICAgICAgIHwKICAgICB8ICBVc2VyLSAgIHwgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICB8IEF1dGhvcml6YXRpb24gfAogICAgIHwgIEFnZW50ICAt
Ky0tLS0oQiktLSBVc2VyIGF1dGhlbnRpY2F0ZXMgLS0tPnwgICAgIFNlcnZlciAgICB8CiAgICAg
fCAgICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgICAgICAgICAg
ICAgIHwKICAgICB8ICAgICAgICAgLSstLS0tKEMpLS0gQXV0aG9yaXphdGlvbiBDb2RlIC0tLTx8
ICAgICAgICAgICAgICAgfAogICAgICstfC0tLS18LS0tKyAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICstLS0tLS0tLS0tLS0tLS0rCiAgICAgICB8ICAgIHwgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgIF4gICAgICB2CiAgICAgIChBKSAgKEMpICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgICB8CiAgICAgICB8ICAgIHwgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgICB8CiAgICAgICBeICAg
IHYgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgICB8CiAgICAg
Ky0tLS0tLS0tLSsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgICB8
CiAgICAgfCAgICAgICAgIHw+LS0tKEQpLS0gQXV0aG9yaXphdGlvbiBDb2RlIC0tLS0tLS0tLScg
ICAgICB8CiAgICAgfCAgQ2xpZW50IHwgICAgICAgICAgJiBSZWRpcmVjdGlvbiBVUkkgICAgICAg
ICAgICAgICAgICB8CiAgICAgfCAgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICB8CiAgICAgfCAgICAgICAgIHw8LS0tKEUpLS0tLS0gQWNjZXNzIFRv
a2VuIC0tLS0tLS0tLS0tLS0tLS0tLS0nCiAgICAgKy0tLS0tLS0tLSsgICAgICAgKHcvIE9wdGlv
bmFsIFJlZnJlc2ggVG9rZW4pCgoKICAgTm90ZTogVGhlIGxpbmVzIGlsbHVzdHJhdGluZyBzdGVw
cyBBLCBCLCBhbmQgQyBhcmUgYnJva2VuIGludG8gdHdvCiAgIHBhcnRzIGFzIHRoZXkgcGFzcyB0
aHJvdWdoIHRoZSB1c2VyLWFnZW50LgoKCgpIYW1tZXIsIGV0IGFsLiAgICAgICAgICBFeHBpcmVz
IERlY2VtYmVyIDEsIDIwMTIgICAgICAgICAgICAgICBbUGFnZSAyM10KDApJbnRlcm5ldC1EcmFm
dCAgICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICAgTWF5IDIw
MTIKCgogICAgICAgICAgICAgICAgICAgICBGaWd1cmUgMzogQXV0aG9yaXphdGlvbiBDb2RlIEZs
b3cKCiAgIFRoZSBmbG93IGlsbHVzdHJhdGVkIGluIEZpZ3VyZSAzIGluY2x1ZGVzIHRoZSBmb2xs
b3dpbmcgc3RlcHM6CgogICAoQSkgIFRoZSBjbGllbnQgaW5pdGlhdGVzIHRoZSBmbG93IGJ5IGRp
cmVjdGluZyB0aGUgcmVzb3VyY2Ugb3duZXIncwogICAgICAgIHVzZXItYWdlbnQgdG8gdGhlIGF1
dGhvcml6YXRpb24gZW5kcG9pbnQuICBUaGUgY2xpZW50IGluY2x1ZGVzCiAgICAgICAgaXRzIGNs
aWVudCBpZGVudGlmaWVyLCByZXF1ZXN0ZWQgc2NvcGUsIGxvY2FsIHN0YXRlLCBhbmQgYQogICAg
ICAgIHJlZGlyZWN0aW9uIFVSSSB0byB3aGljaCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgd2ls
bCBzZW5kIHRoZQogICAgICAgIHVzZXItYWdlbnQgYmFjayBvbmNlIGFjY2VzcyBpcyBncmFudGVk
IChvciBkZW5pZWQpLgogICAoQikgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhdXRoZW50aWNh
dGVzIHRoZSByZXNvdXJjZSBvd25lciAodmlhCiAgICAgICAgdGhlIHVzZXItYWdlbnQpIGFuZCBl
c3RhYmxpc2hlcyB3aGV0aGVyIHRoZSByZXNvdXJjZSBvd25lcgogICAgICAgIGdyYW50cyBvciBk
ZW5pZXMgdGhlIGNsaWVudCdzIGFjY2VzcyByZXF1ZXN0LgogICAoQykgIEFzc3VtaW5nIHRoZSBy
ZXNvdXJjZSBvd25lciBncmFudHMgYWNjZXNzLCB0aGUgYXV0aG9yaXphdGlvbgogICAgICAgIHNl
cnZlciByZWRpcmVjdHMgdGhlIHVzZXItYWdlbnQgYmFjayB0byB0aGUgY2xpZW50IHVzaW5nIHRo
ZQogICAgICAgIHJlZGlyZWN0aW9uIFVSSSBwcm92aWRlZCBlYXJsaWVyIChpbiB0aGUgcmVxdWVz
dCBvciBkdXJpbmcKICAgICAgICBjbGllbnQgcmVnaXN0cmF0aW9uKS4gIFRoZSByZWRpcmVjdGlv
biBVUkkgaW5jbHVkZXMgYW4KICAgICAgICBhdXRob3JpemF0aW9uIGNvZGUgYW5kIGFueSBsb2Nh
bCBzdGF0ZSBwcm92aWRlZCBieSB0aGUgY2xpZW50CiAgICAgICAgZWFybGllci4KICAgKEQpICBU
aGUgY2xpZW50IHJlcXVlc3RzIGFuIGFjY2VzcyB0b2tlbiBmcm9tIHRoZSBhdXRob3JpemF0aW9u
CiAgICAgICAgc2VydmVyJ3MgdG9rZW4gZW5kcG9pbnQgYnkgaW5jbHVkaW5nIHRoZSBhdXRob3Jp
emF0aW9uIGNvZGUKICAgICAgICByZWNlaXZlZCBpbiB0aGUgcHJldmlvdXMgc3RlcC4gIFdoZW4g
bWFraW5nIHRoZSByZXF1ZXN0LCB0aGUKICAgICAgICBjbGllbnQgYXV0aGVudGljYXRlcyB3aXRo
IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4gIFRoZSBjbGllbnQKICAgICAgICBpbmNsdWRlcyB0
aGUgcmVkaXJlY3Rpb24gVVJJIHVzZWQgdG8gb2J0YWluIHRoZSBhdXRob3JpemF0aW9uCiAgICAg
ICAgY29kZSBmb3IgdmVyaWZpY2F0aW9uLgogICAoRSkgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZl
ciBhdXRoZW50aWNhdGVzIHRoZSBjbGllbnQsIHZhbGlkYXRlcyB0aGUKICAgICAgICBhdXRob3Jp
emF0aW9uIGNvZGUsIGFuZCBlbnN1cmVzIHRoZSByZWRpcmVjdGlvbiBVUkkgcmVjZWl2ZWQKICAg
ICAgICBtYXRjaGVzIHRoZSBVUkkgdXNlZCB0byByZWRpcmVjdCB0aGUgY2xpZW50IGluIHN0ZXAg
KEMpLiAgSWYKICAgICAgICB2YWxpZCwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHJlc3BvbmRz
IGJhY2sgd2l0aCBhbiBhY2Nlc3MKICAgICAgICB0b2tlbiBhbmQgb3B0aW9uYWxseSwgYSByZWZy
ZXNoIHRva2VuLgoKNC4xLjEuICBBdXRob3JpemF0aW9uIFJlcXVlc3QKCiAgIFRoZSBjbGllbnQg
Y29uc3RydWN0cyB0aGUgcmVxdWVzdCBVUkkgYnkgYWRkaW5nIHRoZSBmb2xsb3dpbmcKICAgcGFy
YW1ldGVycyB0byB0aGUgcXVlcnkgY29tcG9uZW50IG9mIHRoZSBhdXRob3JpemF0aW9uIGVuZHBv
aW50IFVSSQogICB1c2luZyB0aGUgImFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZCIg
Zm9ybWF0IGFzIGRlZmluZWQgYnkKICAgW1czQy5SRUMtaHRtbDQwMS0xOTk5MTIyNF06CgogICBy
ZXNwb25zZV90eXBlCiAgICAgICAgIFJFUVVJUkVELiAgVmFsdWUgTVVTVCBiZSBzZXQgdG8gImNv
ZGUiLgogICBjbGllbnRfaWQKICAgICAgICAgUkVRVUlSRUQuICBUaGUgY2xpZW50IGlkZW50aWZp
ZXIgYXMgZGVzY3JpYmVkIGluIFNlY3Rpb24gMi4yLgogICByZWRpcmVjdF91cmkKICAgICAgICAg
T1BUSU9OQUwuICBBcyBkZXNjcmliZWQgaW4gU2VjdGlvbiAzLjEuMi4KICAgc2NvcGUKICAgICAg
ICAgT1BUSU9OQUwuICBUaGUgc2NvcGUgb2YgdGhlIGFjY2VzcyByZXF1ZXN0IGFzIGRlc2NyaWJl
ZCBieQogICAgICAgICBTZWN0aW9uIDMuMy4KCgoKCgpIYW1tZXIsIGV0IGFsLiAgICAgICAgICBF
eHBpcmVzIERlY2VtYmVyIDEsIDIwMTIgICAgICAgICAgICAgICBbUGFnZSAyNF0KDApJbnRlcm5l
dC1EcmFmdCAgICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICAg
TWF5IDIwMTIKCgogICBzdGF0ZQogICAgICAgICBSRUNPTU1FTkRFRC4gIEFuIG9wYXF1ZSB2YWx1
ZSB1c2VkIGJ5IHRoZSBjbGllbnQgdG8gbWFpbnRhaW4KICAgICAgICAgc3RhdGUgYmV0d2VlbiB0
aGUgcmVxdWVzdCBhbmQgY2FsbGJhY2suICBUaGUgYXV0aG9yaXphdGlvbgogICAgICAgICBzZXJ2
ZXIgaW5jbHVkZXMgdGhpcyB2YWx1ZSB3aGVuIHJlZGlyZWN0aW5nIHRoZSB1c2VyLWFnZW50IGJh
Y2sKICAgICAgICAgdG8gdGhlIGNsaWVudC4gIFRoZSBwYXJhbWV0ZXIgU0hPVUxEIGJlIHVzZWQg
Zm9yIHByZXZlbnRpbmcKICAgICAgICAgY3Jvc3Mtc2l0ZSByZXF1ZXN0IGZvcmdlcnkgYXMgZGVz
Y3JpYmVkIGluIFNlY3Rpb24gMTAuMTIuCgogICBUaGUgY2xpZW50IGRpcmVjdHMgdGhlIHJlc291
cmNlIG93bmVyIHRvIHRoZSBjb25zdHJ1Y3RlZCBVUkkgdXNpbmcgYW4KICAgSFRUUCByZWRpcmVj
dGlvbiByZXNwb25zZSwgb3IgYnkgb3RoZXIgbWVhbnMgYXZhaWxhYmxlIHRvIGl0IHZpYSB0aGUK
ICAgdXNlci1hZ2VudC4KCiAgIEZvciBleGFtcGxlLCB0aGUgY2xpZW50IGRpcmVjdHMgdGhlIHVz
ZXItYWdlbnQgdG8gbWFrZSB0aGUgZm9sbG93aW5nCiAgIEhUVFAgcmVxdWVzdCB1c2luZyBUTFMg
KGV4dHJhIGxpbmUgYnJlYWtzIGFyZSBmb3IgZGlzcGxheSBwdXJwb3NlcwogICBvbmx5KToKCgog
ICAgR0VUIC9hdXRob3JpemU/cmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD1zNkJoZFJrcXQz
JnN0YXRlPXh5egogICAgICAgICZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZjbGllbnQlMkVl
eGFtcGxlJTJFY29tJTJGY2IgSFRUUC8xLjEKICAgIEhvc3Q6IHNlcnZlci5leGFtcGxlLmNvbQoK
CiAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciB2YWxpZGF0ZXMgdGhlIHJlcXVlc3QgdG8gZW5z
dXJlIGFsbCByZXF1aXJlZAogICBwYXJhbWV0ZXJzIGFyZSBwcmVzZW50IGFuZCB2YWxpZC4gIElm
IHRoZSByZXF1ZXN0IGlzIHZhbGlkLCB0aGUKICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXV0aGVu
dGljYXRlcyB0aGUgcmVzb3VyY2Ugb3duZXIgYW5kIG9idGFpbnMgYW4KICAgYXV0aG9yaXphdGlv
biBkZWNpc2lvbiAoYnkgYXNraW5nIHRoZSByZXNvdXJjZSBvd25lciBvciBieQogICBlc3RhYmxp
c2hpbmcgYXBwcm92YWwgdmlhIG90aGVyIG1lYW5zKS4KCiAgIFdoZW4gYSBkZWNpc2lvbiBpcyBl
c3RhYmxpc2hlZCwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGRpcmVjdHMgdGhlCiAgIHVzZXIt
YWdlbnQgdG8gdGhlIHByb3ZpZGVkIGNsaWVudCByZWRpcmVjdGlvbiBVUkkgdXNpbmcgYW4gSFRU
UAogICByZWRpcmVjdGlvbiByZXNwb25zZSwgb3IgYnkgb3RoZXIgbWVhbnMgYXZhaWxhYmxlIHRv
IGl0IHZpYSB0aGUgdXNlci0KICAgYWdlbnQuCgo0LjEuMi4gIEF1dGhvcml6YXRpb24gUmVzcG9u
c2UKCiAgIElmIHRoZSByZXNvdXJjZSBvd25lciBncmFudHMgdGhlIGFjY2VzcyByZXF1ZXN0LCB0
aGUgYXV0aG9yaXphdGlvbgogICBzZXJ2ZXIgaXNzdWVzIGFuIGF1dGhvcml6YXRpb24gY29kZSBh
bmQgZGVsaXZlcnMgaXQgdG8gdGhlIGNsaWVudCBieQogICBhZGRpbmcgdGhlIGZvbGxvd2luZyBw
YXJhbWV0ZXJzIHRvIHRoZSBxdWVyeSBjb21wb25lbnQgb2YgdGhlCiAgIHJlZGlyZWN0aW9uIFVS
SSB1c2luZyB0aGUgImFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZCIgZm9ybWF0OgoK
ICAgY29kZQogICAgICAgICBSRVFVSVJFRC4gIFRoZSBhdXRob3JpemF0aW9uIGNvZGUgZ2VuZXJh
dGVkIGJ5IHRoZQogICAgICAgICBhdXRob3JpemF0aW9uIHNlcnZlci4gIFRoZSBhdXRob3JpemF0
aW9uIGNvZGUgTVVTVCBleHBpcmUKICAgICAgICAgc2hvcnRseSBhZnRlciBpdCBpcyBpc3N1ZWQg
dG8gbWl0aWdhdGUgdGhlIHJpc2sgb2YgbGVha3MuICBBCiAgICAgICAgIG1heGltdW0gYXV0aG9y
aXphdGlvbiBjb2RlIGxpZmV0aW1lIG9mIDEwIG1pbnV0ZXMgaXMKICAgICAgICAgUkVDT01NRU5E
RUQuICBUaGUgY2xpZW50IE1VU1QgTk9UIHVzZSB0aGUgYXV0aG9yaXphdGlvbiBjb2RlCiAgICAg
ICAgIG1vcmUgdGhhbiBvbmNlLiAgSWYgYW4gYXV0aG9yaXphdGlvbiBjb2RlIGlzIHVzZWQgbW9y
ZSB0aGFuCiAgICAgICAgIG9uY2UsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIGRlbnkg
dGhlIHJlcXVlc3QgYW5kIFNIT1VMRAogICAgICAgICByZXZva2UgKHdoZW4gcG9zc2libGUpIGFs
bCB0b2tlbnMgcHJldmlvdXNseSBpc3N1ZWQgYmFzZWQgb24KCgoKSGFtbWVyLCBldCBhbC4gICAg
ICAgICAgRXhwaXJlcyBEZWNlbWJlciAxLCAyMDEyICAgICAgICAgICAgICAgW1BhZ2UgMjVdCgwK
SW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAg
ICAgICAgIE1heSAyMDEyCgoKICAgICAgICAgdGhhdCBhdXRob3JpemF0aW9uIGNvZGUuICBUaGUg
YXV0aG9yaXphdGlvbiBjb2RlIGlzIGJvdW5kIHRvCiAgICAgICAgIHRoZSBjbGllbnQgaWRlbnRp
ZmllciBhbmQgcmVkaXJlY3Rpb24gVVJJLgogICBzdGF0ZQogICAgICAgICBSRVFVSVJFRCBpZiB0
aGUgInN0YXRlIiBwYXJhbWV0ZXIgd2FzIHByZXNlbnQgaW4gdGhlIGNsaWVudAogICAgICAgICBh
dXRob3JpemF0aW9uIHJlcXVlc3QuICBUaGUgZXhhY3QgdmFsdWUgcmVjZWl2ZWQgZnJvbSB0aGUK
ICAgICAgICAgY2xpZW50LgoKICAgRm9yIGV4YW1wbGUsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZl
ciByZWRpcmVjdHMgdGhlIHVzZXItYWdlbnQgYnkKICAgc2VuZGluZyB0aGUgZm9sbG93aW5nIEhU
VFAgcmVzcG9uc2U6CgoKICAgICBIVFRQLzEuMSAzMDIgRm91bmQKICAgICBMb2NhdGlvbjogaHR0
cHM6Ly9jbGllbnQuZXhhbXBsZS5jb20vY2I/Y29kZT1TcGx4bE9CZVpRUVliWVM2V3hTYklBCiAg
ICAgICAgICAgICAgICZzdGF0ZT14eXoKCgogICBUaGUgY2xpZW50IE1VU1QgaWdub3JlIHVucmVj
b2duaXplZCByZXNwb25zZSBwYXJhbWV0ZXJzLiAgVGhlCiAgIGF1dGhvcml6YXRpb24gY29kZSBz
dHJpbmcgc2l6ZSBpcyBsZWZ0IHVuZGVmaW5lZCBieSB0aGlzCiAgIHNwZWNpZmljYXRpb24uICBU
aGUgY2xpZW50IHNob3VsZCBhdm9pZCBtYWtpbmcgYXNzdW1wdGlvbnMgYWJvdXQgY29kZQogICB2
YWx1ZSBzaXplcy4gIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBTSE9VTEQgZG9jdW1lbnQgdGhl
IHNpemUgb2YKICAgYW55IHZhbHVlIGl0IGlzc3Vlcy4KCjQuMS4yLjEuICBFcnJvciBSZXNwb25z
ZQoKICAgSWYgdGhlIHJlcXVlc3QgZmFpbHMgZHVlIHRvIGEgbWlzc2luZywgaW52YWxpZCwgb3Ig
bWlzbWF0Y2hpbmcKICAgcmVkaXJlY3Rpb24gVVJJLCBvciBpZiB0aGUgY2xpZW50IGlkZW50aWZp
ZXIgaXMgbWlzc2luZyBvciBpbnZhbGlkLAogICB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgU0hP
VUxEIGluZm9ybSB0aGUgcmVzb3VyY2Ugb3duZXIgb2YgdGhlCiAgIGVycm9yLCBhbmQgTVVTVCBO
T1QgYXV0b21hdGljYWxseSByZWRpcmVjdCB0aGUgdXNlci1hZ2VudCB0byB0aGUKICAgaW52YWxp
ZCByZWRpcmVjdGlvbiBVUkkuCgogICBJZiB0aGUgcmVzb3VyY2Ugb3duZXIgZGVuaWVzIHRoZSBh
Y2Nlc3MgcmVxdWVzdCBvciBpZiB0aGUgcmVxdWVzdAogICBmYWlscyBmb3IgcmVhc29ucyBvdGhl
ciB0aGFuIGEgbWlzc2luZyBvciBpbnZhbGlkIHJlZGlyZWN0aW9uIFVSSSwKICAgdGhlIGF1dGhv
cml6YXRpb24gc2VydmVyIGluZm9ybXMgdGhlIGNsaWVudCBieSBhZGRpbmcgdGhlIGZvbGxvd2lu
ZwogICBwYXJhbWV0ZXJzIHRvIHRoZSBxdWVyeSBjb21wb25lbnQgb2YgdGhlIHJlZGlyZWN0aW9u
IFVSSSB1c2luZyB0aGUKICAgImFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZCIgZm9y
bWF0OgoKICAgZXJyb3IKICAgICAgICAgUkVRVUlSRUQuICBBIHNpbmdsZSBBU0NJSSBbVVNBU0NJ
SV0gZXJyb3IgY29kZSBmcm9tIHRoZQogICAgICAgICBmb2xsb3dpbmc6CiAgICAgICAgIGludmFs
aWRfcmVxdWVzdAogICAgICAgICAgICAgICBUaGUgcmVxdWVzdCBpcyBtaXNzaW5nIGEgcmVxdWly
ZWQgcGFyYW1ldGVyLCBpbmNsdWRlcyBhbgogICAgICAgICAgICAgICBpbnZhbGlkIHBhcmFtZXRl
ciB2YWx1ZSwgaW5jbHVkZXMgYSBwYXJhbWV0ZXIgbW9yZSB0aGFuCiAgICAgICAgICAgICAgIG9u
Y2UsIG9yIGlzIG90aGVyd2lzZSBtYWxmb3JtZWQuCiAgICAgICAgIHVuYXV0aG9yaXplZF9jbGll
bnQKICAgICAgICAgICAgICAgVGhlIGNsaWVudCBpcyBub3QgYXV0aG9yaXplZCB0byByZXF1ZXN0
IGFuIGF1dGhvcml6YXRpb24KICAgICAgICAgICAgICAgY29kZSB1c2luZyB0aGlzIG1ldGhvZC4K
CgoKCgpIYW1tZXIsIGV0IGFsLiAgICAgICAgICBFeHBpcmVzIERlY2VtYmVyIDEsIDIwMTIgICAg
ICAgICAgICAgICBbUGFnZSAyNl0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIE9B
dXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICAgTWF5IDIwMTIKCgogICAgICAgICBhY2Nlc3Nf
ZGVuaWVkCiAgICAgICAgICAgICAgIFRoZSByZXNvdXJjZSBvd25lciBvciBhdXRob3JpemF0aW9u
IHNlcnZlciBkZW5pZWQgdGhlCiAgICAgICAgICAgICAgIHJlcXVlc3QuCiAgICAgICAgIHVuc3Vw
cG9ydGVkX3Jlc3BvbnNlX3R5cGUKICAgICAgICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2Vy
dmVyIGRvZXMgbm90IHN1cHBvcnQgb2J0YWluaW5nIGFuCiAgICAgICAgICAgICAgIGF1dGhvcml6
YXRpb24gY29kZSB1c2luZyB0aGlzIG1ldGhvZC4KICAgICAgICAgaW52YWxpZF9zY29wZQogICAg
ICAgICAgICAgICBUaGUgcmVxdWVzdGVkIHNjb3BlIGlzIGludmFsaWQsIHVua25vd24sIG9yIG1h
bGZvcm1lZC4KICAgICAgICAgc2VydmVyX2Vycm9yCiAgICAgICAgICAgICAgIFRoZSBhdXRob3Jp
emF0aW9uIHNlcnZlciBlbmNvdW50ZXJlZCBhbiB1bmV4cGVjdGVkCiAgICAgICAgICAgICAgIGNv
bmRpdGlvbiB3aGljaCBwcmV2ZW50ZWQgaXQgZnJvbSBmdWxmaWxsaW5nIHRoZSByZXF1ZXN0Lgog
ICAgICAgICB0ZW1wb3JhcmlseV91bmF2YWlsYWJsZQogICAgICAgICAgICAgICBUaGUgYXV0aG9y
aXphdGlvbiBzZXJ2ZXIgaXMgY3VycmVudGx5IHVuYWJsZSB0byBoYW5kbGUKICAgICAgICAgICAg
ICAgdGhlIHJlcXVlc3QgZHVlIHRvIGEgdGVtcG9yYXJ5IG92ZXJsb2FkaW5nIG9yIG1haW50ZW5h
bmNlCiAgICAgICAgICAgICAgIG9mIHRoZSBzZXJ2ZXIuCiAgICAgICAgIFZhbHVlcyBmb3IgdGhl
ICJlcnJvciIgcGFyYW1ldGVyIE1VU1QgTk9UIGluY2x1ZGUgY2hhcmFjdGVycwogICAgICAgICBv
dXRzaWRlIHRoZSBzZXQgJXgyMC0yMSAvICV4MjMtNUIgLyAleDVELTdFLgogICBlcnJvcl9kZXNj
cmlwdGlvbgogICAgICAgICBPUFRJT05BTC4gIEEgaHVtYW4tcmVhZGFibGUgQVNDSUkgW1VTQVND
SUldIHRleHQgcHJvdmlkaW5nCiAgICAgICAgIGFkZGl0aW9uYWwgaW5mb3JtYXRpb24sIHVzZWQg
dG8gYXNzaXN0IHRoZSBjbGllbnQgZGV2ZWxvcGVyIGluCiAgICAgICAgIHVuZGVyc3RhbmRpbmcg
dGhlIGVycm9yIHRoYXQgb2NjdXJyZWQuCiAgICAgICAgIFZhbHVlcyBmb3IgdGhlICJlcnJvcl9k
ZXNjcmlwdGlvbiIgcGFyYW1ldGVyIE1VU1QgTk9UIGluY2x1ZGUKICAgICAgICAgY2hhcmFjdGVy
cyBvdXRzaWRlIHRoZSBzZXQgJXgyMC0yMSAvICV4MjMtNUIgLyAleDVELTdFLgogICBlcnJvcl91
cmkKICAgICAgICAgT1BUSU9OQUwuICBBIFVSSSBpZGVudGlmeWluZyBhIGh1bWFuLXJlYWRhYmxl
IHdlYiBwYWdlIHdpdGgKICAgICAgICAgaW5mb3JtYXRpb24gYWJvdXQgdGhlIGVycm9yLCB1c2Vk
IHRvIHByb3ZpZGUgdGhlIGNsaWVudAogICAgICAgICBkZXZlbG9wZXIgd2l0aCBhZGRpdGlvbmFs
IGluZm9ybWF0aW9uIGFib3V0IHRoZSBlcnJvci4KICAgICAgICAgVmFsdWVzIGZvciB0aGUgImVy
cm9yX3VyaSIgcGFyYW1ldGVyIE1VU1QgY29uZm9ybSB0byB0aGUgVVJJLQogICAgICAgICBSZWZl
cmVuY2Ugc3ludGF4LCBhbmQgdGh1cyBNVVNUIE5PVCBpbmNsdWRlIGNoYXJhY3RlcnMgb3V0c2lk
ZQogICAgICAgICB0aGUgc2V0ICV4MjEgLyAleDIzLTVCIC8gJXg1RC03RS4KICAgc3RhdGUKICAg
ICAgICAgUkVRVUlSRUQgaWYgYSAic3RhdGUiIHBhcmFtZXRlciB3YXMgcHJlc2VudCBpbiB0aGUg
Y2xpZW50CiAgICAgICAgIGF1dGhvcml6YXRpb24gcmVxdWVzdC4gIFRoZSBleGFjdCB2YWx1ZSBy
ZWNlaXZlZCBmcm9tIHRoZQogICAgICAgICBjbGllbnQuCgogICBGb3IgZXhhbXBsZSwgdGhlIGF1
dGhvcml6YXRpb24gc2VydmVyIHJlZGlyZWN0cyB0aGUgdXNlci1hZ2VudCBieQogICBzZW5kaW5n
IHRoZSBmb2xsb3dpbmcgSFRUUCByZXNwb25zZToKCgogICBIVFRQLzEuMSAzMDIgRm91bmQKICAg
TG9jYXRpb246IGh0dHBzOi8vY2xpZW50LmV4YW1wbGUuY29tL2NiP2Vycm9yPWFjY2Vzc19kZW5p
ZWQmc3RhdGU9eHl6CgoKNC4xLjMuICBBY2Nlc3MgVG9rZW4gUmVxdWVzdAoKICAgVGhlIGNsaWVu
dCBtYWtlcyBhIHJlcXVlc3QgdG8gdGhlIHRva2VuIGVuZHBvaW50IGJ5IGFkZGluZyB0aGUKICAg
Zm9sbG93aW5nIHBhcmFtZXRlcnMgdXNpbmcgdGhlICJhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVy
bGVuY29kZWQiCiAgIGZvcm1hdCBpbiB0aGUgSFRUUCByZXF1ZXN0IGVudGl0eS1ib2R5OgoKCgpI
YW1tZXIsIGV0IGFsLiAgICAgICAgICBFeHBpcmVzIERlY2VtYmVyIDEsIDIwMTIgICAgICAgICAg
ICAgICBbUGFnZSAyN10KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIE9BdXRoIDIu
MCAgICAgICAgICAgICAgICAgICAgICAgTWF5IDIwMTIKCgogICBncmFudF90eXBlCiAgICAgICAg
IFJFUVVJUkVELiAgVmFsdWUgTVVTVCBiZSBzZXQgdG8gImF1dGhvcml6YXRpb25fY29kZSIuCiAg
IGNvZGUKICAgICAgICAgUkVRVUlSRUQuICBUaGUgYXV0aG9yaXphdGlvbiBjb2RlIHJlY2VpdmVk
IGZyb20gdGhlCiAgICAgICAgIGF1dGhvcml6YXRpb24gc2VydmVyLgogICByZWRpcmVjdF91cmkK
ICAgICAgICAgUkVRVUlSRUQsIGlmIHRoZSAicmVkaXJlY3RfdXJpIiBwYXJhbWV0ZXIgd2FzIGlu
Y2x1ZGVkIGluIHRoZQogICAgICAgICBhdXRob3JpemF0aW9uIHJlcXVlc3QgYXMgZGVzY3JpYmVk
IGluIFNlY3Rpb24gNC4xLjEsIGFuZCB0aGVpcgogICAgICAgICB2YWx1ZXMgTVVTVCBiZSBpZGVu
dGljYWwuCgogICBJZiB0aGUgY2xpZW50IHR5cGUgaXMgY29uZmlkZW50aWFsIG9yIHRoZSBjbGll
bnQgd2FzIGlzc3VlZCBjbGllbnQKICAgY3JlZGVudGlhbHMgKG9yIGFzc2lnbmVkIG90aGVyIGF1
dGhlbnRpY2F0aW9uIHJlcXVpcmVtZW50cyksIHRoZQogICBjbGllbnQgTVVTVCBhdXRoZW50aWNh
dGUgd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXMgZGVzY3JpYmVkCiAgIGluIFNlY3Rp
b24gMy4yLjEuCgogICBGb3IgZXhhbXBsZSwgdGhlIGNsaWVudCBtYWtlcyB0aGUgZm9sbG93aW5n
IEhUVFAgcmVxdWVzdCB1c2luZyBUTFMKICAgKGV4dHJhIGxpbmUgYnJlYWtzIGFyZSBmb3IgZGlz
cGxheSBwdXJwb3NlcyBvbmx5KToKCgogICAgIFBPU1QgL3Rva2VuIEhUVFAvMS4xCiAgICAgSG9z
dDogc2VydmVyLmV4YW1wbGUuY29tCiAgICAgQXV0aG9yaXphdGlvbjogQmFzaWMgY3paQ2FHUlNh
M0YwTXpwbldERm1RbUYwTTJKVwogICAgIENvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ct
Zm9ybS11cmxlbmNvZGVkO2NoYXJzZXQ9VVRGLTgKCiAgICAgZ3JhbnRfdHlwZT1hdXRob3JpemF0
aW9uX2NvZGUmY29kZT1TcGx4bE9CZVpRUVliWVM2V3hTYklBCiAgICAgJnJlZGlyZWN0X3VyaT1o
dHRwcyUzQSUyRiUyRmNsaWVudCUyRWV4YW1wbGUlMkVjb20lMkZjYgoKCiAgIFRoZSBhdXRob3Jp
emF0aW9uIHNlcnZlciBNVVNUOgoKICAgbyAgcmVxdWlyZSBjbGllbnQgYXV0aGVudGljYXRpb24g
Zm9yIGNvbmZpZGVudGlhbCBjbGllbnRzIG9yIGZvciBhbnkKICAgICAgY2xpZW50IHRoYXQgd2Fz
IGlzc3VlZCBjbGllbnQgY3JlZGVudGlhbHMgKG9yIHdpdGggb3RoZXIKICAgICAgYXV0aGVudGlj
YXRpb24gcmVxdWlyZW1lbnRzKSwKICAgbyAgYXV0aGVudGljYXRlIHRoZSBjbGllbnQgaWYgY2xp
ZW50IGF1dGhlbnRpY2F0aW9uIGlzIGluY2x1ZGVkIGFuZAogICAgICBlbnN1cmUgdGhlIGF1dGhv
cml6YXRpb24gY29kZSB3YXMgaXNzdWVkIHRvIHRoZSBhdXRoZW50aWNhdGVkCiAgICAgIGNsaWVu
dCwKICAgbyAgdmVyaWZ5IHRoYXQgdGhlIGF1dGhvcml6YXRpb24gY29kZSBpcyB2YWxpZCwgYW5k
CiAgIG8gIGVuc3VyZSB0aGF0IHRoZSAicmVkaXJlY3RfdXJpIiBwYXJhbWV0ZXIgaXMgcHJlc2Vu
dCBpZiB0aGUKICAgICAgInJlZGlyZWN0X3VyaSIgcGFyYW1ldGVyIHdhcyBpbmNsdWRlZCBpbiB0
aGUgaW5pdGlhbCBhdXRob3JpemF0aW9uCiAgICAgIHJlcXVlc3QgYXMgZGVzY3JpYmVkIGluIFNl
Y3Rpb24gNC4xLjEsIGFuZCBpZiBpbmNsdWRlZCBlbnN1cmUKICAgICAgdGhlaXIgdmFsdWVzIGFy
ZSBpZGVudGljYWwuCgo0LjEuNC4gIEFjY2VzcyBUb2tlbiBSZXNwb25zZQoKICAgSWYgdGhlIGFj
Y2VzcyB0b2tlbiByZXF1ZXN0IGlzIHZhbGlkIGFuZCBhdXRob3JpemVkLCB0aGUKICAgYXV0aG9y
aXphdGlvbiBzZXJ2ZXIgaXNzdWVzIGFuIGFjY2VzcyB0b2tlbiBhbmQgb3B0aW9uYWwgcmVmcmVz
aAogICB0b2tlbiBhcyBkZXNjcmliZWQgaW4gU2VjdGlvbiA1LjEuICBJZiB0aGUgcmVxdWVzdCBj
bGllbnQKICAgYXV0aGVudGljYXRpb24gZmFpbGVkIG9yIGlzIGludmFsaWQsIHRoZSBhdXRob3Jp
emF0aW9uIHNlcnZlciByZXR1cm5zCgoKCkhhbW1lciwgZXQgYWwuICAgICAgICAgIEV4cGlyZXMg
RGVjZW1iZXIgMSwgMjAxMiAgICAgICAgICAgICAgIFtQYWdlIDI4XQoMCkludGVybmV0LURyYWZ0
ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAgICAgICAgICAgICAgICAgICBNYXkgMjAx
MgoKCiAgIGFuIGVycm9yIHJlc3BvbnNlIGFzIGRlc2NyaWJlZCBpbiBTZWN0aW9uIDUuMi4KCiAg
IEFuIGV4YW1wbGUgc3VjY2Vzc2Z1bCByZXNwb25zZToKCgogICAgIEhUVFAvMS4xIDIwMCBPSwog
ICAgIENvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vanNvbjtjaGFyc2V0PVVURi04CiAgICAgQ2Fj
aGUtQ29udHJvbDogbm8tc3RvcmUKICAgICBQcmFnbWE6IG5vLWNhY2hlCgogICAgIHsKICAgICAg
ICJhY2Nlc3NfdG9rZW4iOiIyWW90bkZaRkVqcjF6Q3NpY01XcEFBIiwKICAgICAgICJ0b2tlbl90
eXBlIjoiZXhhbXBsZSIsCiAgICAgICAiZXhwaXJlc19pbiI6MzYwMCwKICAgICAgICJyZWZyZXNo
X3Rva2VuIjoidEd6djNKT2tGMFhHNVF4MlRsS1dJQSIsCiAgICAgICAiZXhhbXBsZV9wYXJhbWV0
ZXIiOiJleGFtcGxlX3ZhbHVlIgogICAgIH0KCgo0LjIuICBJbXBsaWNpdCBHcmFudAoKICAgVGhl
IGltcGxpY2l0IGdyYW50IHR5cGUgaXMgdXNlZCB0byBvYnRhaW4gYWNjZXNzIHRva2VucyAoaXQg
ZG9lcyBub3QKICAgc3VwcG9ydCB0aGUgaXNzdWFuY2Ugb2YgcmVmcmVzaCB0b2tlbnMpIGFuZCBp
cyBvcHRpbWl6ZWQgZm9yIHB1YmxpYwogICBjbGllbnRzIGtub3duIHRvIG9wZXJhdGUgYSBwYXJ0
aWN1bGFyIHJlZGlyZWN0aW9uIFVSSS4gIFRoZXNlIGNsaWVudHMKICAgYXJlIHR5cGljYWxseSBp
bXBsZW1lbnRlZCBpbiBhIGJyb3dzZXIgdXNpbmcgYSBzY3JpcHRpbmcgbGFuZ3VhZ2UKICAgc3Vj
aCBhcyBKYXZhU2NyaXB0LgoKICAgQXMgYSByZWRpcmVjdGlvbi1iYXNlZCBmbG93LCB0aGUgY2xp
ZW50IG11c3QgYmUgY2FwYWJsZSBvZgogICBpbnRlcmFjdGluZyB3aXRoIHRoZSByZXNvdXJjZSBv
d25lcidzIHVzZXItYWdlbnQgKHR5cGljYWxseSBhIHdlYgogICBicm93c2VyKSBhbmQgY2FwYWJs
ZSBvZiByZWNlaXZpbmcgaW5jb21pbmcgcmVxdWVzdHMgKHZpYSByZWRpcmVjdGlvbikKICAgZnJv
bSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuCgogICBVbmxpa2UgdGhlIGF1dGhvcml6YXRpb24g
Y29kZSBncmFudCB0eXBlIGluIHdoaWNoIHRoZSBjbGllbnQgbWFrZXMKICAgc2VwYXJhdGUgcmVx
dWVzdHMgZm9yIGF1dGhvcml6YXRpb24gYW5kIGFjY2VzcyB0b2tlbiwgdGhlIGNsaWVudAogICBy
ZWNlaXZlcyB0aGUgYWNjZXNzIHRva2VuIGFzIHRoZSByZXN1bHQgb2YgdGhlIGF1dGhvcml6YXRp
b24gcmVxdWVzdC4KCiAgIFRoZSBpbXBsaWNpdCBncmFudCB0eXBlIGRvZXMgbm90IGluY2x1ZGUg
Y2xpZW50IGF1dGhlbnRpY2F0aW9uLCBhbmQKICAgcmVsaWVzIG9uIHRoZSBwcmVzZW5jZSBvZiB0
aGUgcmVzb3VyY2Ugb3duZXIgYW5kIHRoZSByZWdpc3RyYXRpb24gb2YKICAgdGhlIHJlZGlyZWN0
aW9uIFVSSS4gIEJlY2F1c2UgdGhlIGFjY2VzcyB0b2tlbiBpcyBlbmNvZGVkIGludG8gdGhlCiAg
IHJlZGlyZWN0aW9uIFVSSSwgaXQgbWF5IGJlIGV4cG9zZWQgdG8gdGhlIHJlc291cmNlIG93bmVy
IGFuZCBvdGhlcgogICBhcHBsaWNhdGlvbnMgcmVzaWRpbmcgb24gdGhlIHNhbWUgZGV2aWNlLgoK
CgoKCgoKCgoKSGFtbWVyLCBldCBhbC4gICAgICAgICAgRXhwaXJlcyBEZWNlbWJlciAxLCAyMDEy
ICAgICAgICAgICAgICAgW1BhZ2UgMjldCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAg
ICBPQXV0aCAyLjAgICAgICAgICAgICAgICAgICAgICAgIE1heSAyMDEyCgoKICAgICArLS0tLS0t
LS0tLSsKICAgICB8IFJlc291cmNlIHwKICAgICB8ICBPd25lciAgIHwKICAgICB8ICAgICAgICAg
IHwKICAgICArLS0tLS0tLS0tLSsKICAgICAgICAgIF4KICAgICAgICAgIHwKICAgICAgICAgKEIp
CiAgICAgKy0tLS18LS0tLS0rICAgICAgICAgIENsaWVudCBJZGVudGlmaWVyICAgICArLS0tLS0t
LS0tLS0tLS0tKwogICAgIHwgICAgICAgICAtKy0tLS0oQSktLSAmIFJlZGlyZWN0aW9uIFVSSSAt
LS0+fCAgICAgICAgICAgICAgIHwKICAgICB8ICBVc2VyLSAgIHwgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgIHwgQXV0aG9yaXphdGlvbiB8CiAgICAgfCAgQWdlbnQgIC18LS0tLShCKS0t
IFVzZXIgYXV0aGVudGljYXRlcyAtLT58ICAgICBTZXJ2ZXIgICAgfAogICAgIHwgICAgICAgICAg
fCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgICAgICAgICAgICAgIHwKICAgICB8
ICAgICAgICAgIHw8LS0tKEMpLS0tIFJlZGlyZWN0aW9uIFVSSSAtLS0tPHwgICAgICAgICAgICAg
ICB8CiAgICAgfCAgICAgICAgICB8ICAgICAgICAgIHdpdGggQWNjZXNzIFRva2VuICAgICArLS0t
LS0tLS0tLS0tLS0tKwogICAgIHwgICAgICAgICAgfCAgICAgICAgICAgIGluIEZyYWdtZW50CiAg
ICAgfCAgICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICArLS0tLS0tLS0t
LS0tLS0tKwogICAgIHwgICAgICAgICAgfC0tLS0oRCktLS0gUmVkaXJlY3Rpb24gVVJJIC0tLS0+
fCAgIFdlYi1Ib3N0ZWQgIHwKICAgICB8ICAgICAgICAgIHwgICAgICAgICAgd2l0aG91dCBGcmFn
bWVudCAgICAgIHwgICAgIENsaWVudCAgICB8CiAgICAgfCAgICAgICAgICB8ICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICB8ICAgIFJlc291cmNlICAgfAogICAgIHwgICAgIChGKSAgfDwt
LS0oRSktLS0tLS0tIFNjcmlwdCAtLS0tLS0tLS08fCAgICAgICAgICAgICAgIHwKICAgICB8ICAg
ICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICstLS0tLS0tLS0tLS0tLS0r
CiAgICAgKy18LS0tLS0tLS0rCiAgICAgICB8ICAgIHwKICAgICAgKEEpICAoRykgQWNjZXNzIFRv
a2VuCiAgICAgICB8ICAgIHwKICAgICAgIF4gICAgdgogICAgICstLS0tLS0tLS0rCiAgICAgfCAg
ICAgICAgIHwKICAgICB8ICBDbGllbnQgfAogICAgIHwgICAgICAgICB8CiAgICAgKy0tLS0tLS0t
LSsKCgogICBOb3RlOiBUaGUgbGluZXMgaWxsdXN0cmF0aW5nIHN0ZXBzIEEgYW5kIEIgYXJlIGJy
b2tlbiBpbnRvIHR3byBwYXJ0cwogICBhcyB0aGV5IHBhc3MgdGhyb3VnaCB0aGUgdXNlci1hZ2Vu
dC4KCiAgICAgICAgICAgICAgICAgICAgICAgRmlndXJlIDQ6IEltcGxpY2l0IEdyYW50IEZsb3cK
CiAgIFRoZSBmbG93IGlsbHVzdHJhdGVkIGluIEZpZ3VyZSA0IGluY2x1ZGVzIHRoZSBmb2xsb3dp
bmcgc3RlcHM6CgogICAoQSkgIFRoZSBjbGllbnQgaW5pdGlhdGVzIHRoZSBmbG93IGJ5IGRpcmVj
dGluZyB0aGUgcmVzb3VyY2Ugb3duZXIncwogICAgICAgIHVzZXItYWdlbnQgdG8gdGhlIGF1dGhv
cml6YXRpb24gZW5kcG9pbnQuICBUaGUgY2xpZW50IGluY2x1ZGVzCiAgICAgICAgaXRzIGNsaWVu
dCBpZGVudGlmaWVyLCByZXF1ZXN0ZWQgc2NvcGUsIGxvY2FsIHN0YXRlLCBhbmQgYQogICAgICAg
IHJlZGlyZWN0aW9uIFVSSSB0byB3aGljaCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgd2lsbCBz
ZW5kIHRoZQogICAgICAgIHVzZXItYWdlbnQgYmFjayBvbmNlIGFjY2VzcyBpcyBncmFudGVkIChv
ciBkZW5pZWQpLgoKCgoKCkhhbW1lciwgZXQgYWwuICAgICAgICAgIEV4cGlyZXMgRGVjZW1iZXIg
MSwgMjAxMiAgICAgICAgICAgICAgIFtQYWdlIDMwXQoMCkludGVybmV0LURyYWZ0ICAgICAgICAg
ICAgICAgICAgT0F1dGggMi4wICAgICAgICAgICAgICAgICAgICAgICBNYXkgMjAxMgoKCiAgIChC
KSAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGF1dGhlbnRpY2F0ZXMgdGhlIHJlc291cmNlIG93
bmVyICh2aWEKICAgICAgICB0aGUgdXNlci1hZ2VudCkgYW5kIGVzdGFibGlzaGVzIHdoZXRoZXIg
dGhlIHJlc291cmNlIG93bmVyCiAgICAgICAgZ3JhbnRzIG9yIGRlbmllcyB0aGUgY2xpZW50J3Mg
YWNjZXNzIHJlcXVlc3QuCiAgIChDKSAgQXNzdW1pbmcgdGhlIHJlc291cmNlIG93bmVyIGdyYW50
cyBhY2Nlc3MsIHRoZSBhdXRob3JpemF0aW9uCiAgICAgICAgc2VydmVyIHJlZGlyZWN0cyB0aGUg
dXNlci1hZ2VudCBiYWNrIHRvIHRoZSBjbGllbnQgdXNpbmcgdGhlCiAgICAgICAgcmVkaXJlY3Rp
b24gVVJJIHByb3ZpZGVkIGVhcmxpZXIuICBUaGUgcmVkaXJlY3Rpb24gVVJJIGluY2x1ZGVzCiAg
ICAgICAgdGhlIGFjY2VzcyB0b2tlbiBpbiB0aGUgVVJJIGZyYWdtZW50LgogICAoRCkgIFRoZSB1
c2VyLWFnZW50IGZvbGxvd3MgdGhlIHJlZGlyZWN0aW9uIGluc3RydWN0aW9ucyBieSBtYWtpbmcg
YQogICAgICAgIHJlcXVlc3QgdG8gdGhlIHdlYi1ob3N0ZWQgY2xpZW50IHJlc291cmNlICh3aGlj
aCBkb2VzIG5vdAogICAgICAgIGluY2x1ZGUgdGhlIGZyYWdtZW50IHBlciBbUkZDMjYxNl0pLiAg
VGhlIHVzZXItYWdlbnQgcmV0YWlucyB0aGUKICAgICAgICBmcmFnbWVudCBpbmZvcm1hdGlvbiBs
b2NhbGx5LgogICAoRSkgIFRoZSB3ZWItaG9zdGVkIGNsaWVudCByZXNvdXJjZSByZXR1cm5zIGEg
d2ViIHBhZ2UgKHR5cGljYWxseSBhbgogICAgICAgIEhUTUwgZG9jdW1lbnQgd2l0aCBhbiBlbWJl
ZGRlZCBzY3JpcHQpIGNhcGFibGUgb2YgYWNjZXNzaW5nIHRoZQogICAgICAgIGZ1bGwgcmVkaXJl
Y3Rpb24gVVJJIGluY2x1ZGluZyB0aGUgZnJhZ21lbnQgcmV0YWluZWQgYnkgdGhlCiAgICAgICAg
dXNlci1hZ2VudCwgYW5kIGV4dHJhY3RpbmcgdGhlIGFjY2VzcyB0b2tlbiAoYW5kIG90aGVyCiAg
ICAgICAgcGFyYW1ldGVycykgY29udGFpbmVkIGluIHRoZSBmcmFnbWVudC4KICAgKEYpICBUaGUg
dXNlci1hZ2VudCBleGVjdXRlcyB0aGUgc2NyaXB0IHByb3ZpZGVkIGJ5IHRoZSB3ZWItaG9zdGVk
CiAgICAgICAgY2xpZW50IHJlc291cmNlIGxvY2FsbHksIHdoaWNoIGV4dHJhY3RzIHRoZSBhY2Nl
c3MgdG9rZW4gYW5kCiAgICAgICAgcGFzc2VzIGl0IHRvIHRoZSBjbGllbnQuCgo0LjIuMS4gIEF1
dGhvcml6YXRpb24gUmVxdWVzdAoKICAgVGhlIGNsaWVudCBjb25zdHJ1Y3RzIHRoZSByZXF1ZXN0
IFVSSSBieSBhZGRpbmcgdGhlIGZvbGxvd2luZwogICBwYXJhbWV0ZXJzIHRvIHRoZSBxdWVyeSBj
b21wb25lbnQgb2YgdGhlIGF1dGhvcml6YXRpb24gZW5kcG9pbnQgVVJJCiAgIHVzaW5nIHRoZSAi
YXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkIiBmb3JtYXQ6CgogICByZXNwb25zZV90
eXBlCiAgICAgICAgIFJFUVVJUkVELiAgVmFsdWUgTVVTVCBiZSBzZXQgdG8gInRva2VuIi4KICAg
Y2xpZW50X2lkCiAgICAgICAgIFJFUVVJUkVELiAgVGhlIGNsaWVudCBpZGVudGlmaWVyIGFzIGRl
c2NyaWJlZCBpbiBTZWN0aW9uIDIuMi4KICAgcmVkaXJlY3RfdXJpCiAgICAgICAgIE9QVElPTkFM
LiAgQXMgZGVzY3JpYmVkIGluIFNlY3Rpb24gMy4xLjIuCiAgIHNjb3BlCiAgICAgICAgIE9QVElP
TkFMLiAgVGhlIHNjb3BlIG9mIHRoZSBhY2Nlc3MgcmVxdWVzdCBhcyBkZXNjcmliZWQgYnkKICAg
ICAgICAgU2VjdGlvbiAzLjMuCiAgIHN0YXRlCiAgICAgICAgIFJFQ09NTUVOREVELiAgQW4gb3Bh
cXVlIHZhbHVlIHVzZWQgYnkgdGhlIGNsaWVudCB0byBtYWludGFpbgogICAgICAgICBzdGF0ZSBi
ZXR3ZWVuIHRoZSByZXF1ZXN0IGFuZCBjYWxsYmFjay4gIFRoZSBhdXRob3JpemF0aW9uCiAgICAg
ICAgIHNlcnZlciBpbmNsdWRlcyB0aGlzIHZhbHVlIHdoZW4gcmVkaXJlY3RpbmcgdGhlIHVzZXIt
YWdlbnQgYmFjawogICAgICAgICB0byB0aGUgY2xpZW50LiAgVGhlIHBhcmFtZXRlciBTSE9VTEQg
YmUgdXNlZCBmb3IgcHJldmVudGluZwogICAgICAgICBjcm9zcy1zaXRlIHJlcXVlc3QgZm9yZ2Vy
eSBhcyBkZXNjcmliZWQgaW4gU2VjdGlvbiAxMC4xMi4KCiAgIFRoZSBjbGllbnQgZGlyZWN0cyB0
aGUgcmVzb3VyY2Ugb3duZXIgdG8gdGhlIGNvbnN0cnVjdGVkIFVSSSB1c2luZyBhbgogICBIVFRQ
IHJlZGlyZWN0aW9uIHJlc3BvbnNlLCBvciBieSBvdGhlciBtZWFucyBhdmFpbGFibGUgdG8gaXQg
dmlhIHRoZQogICB1c2VyLWFnZW50LgoKCgoKCgpIYW1tZXIsIGV0IGFsLiAgICAgICAgICBFeHBp
cmVzIERlY2VtYmVyIDEsIDIwMTIgICAgICAgICAgICAgICBbUGFnZSAzMV0KDApJbnRlcm5ldC1E
cmFmdCAgICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICAgTWF5
IDIwMTIKCgogICBGb3IgZXhhbXBsZSwgdGhlIGNsaWVudCBkaXJlY3RzIHRoZSB1c2VyLWFnZW50
IHRvIG1ha2UgdGhlIGZvbGxvd2luZwogICBIVFRQIHJlcXVlc3QgdXNpbmcgVExTIChleHRyYSBs
aW5lIGJyZWFrcyBhcmUgZm9yIGRpc3BsYXkgcHVycG9zZXMKICAgb25seSk6CgoKICAgIEdFVCAv
YXV0aG9yaXplP3Jlc3BvbnNlX3R5cGU9dG9rZW4mY2xpZW50X2lkPXM2QmhkUmtxdDMmc3RhdGU9
eHl6CiAgICAgICAgJnJlZGlyZWN0X3VyaT1odHRwcyUzQSUyRiUyRmNsaWVudCUyRWV4YW1wbGUl
MkVjb20lMkZjYiBIVFRQLzEuMQogICAgSG9zdDogc2VydmVyLmV4YW1wbGUuY29tCgoKICAgVGhl
IGF1dGhvcml6YXRpb24gc2VydmVyIHZhbGlkYXRlcyB0aGUgcmVxdWVzdCB0byBlbnN1cmUgYWxs
IHJlcXVpcmVkCiAgIHBhcmFtZXRlcnMgYXJlIHByZXNlbnQgYW5kIHZhbGlkLiAgVGhlIGF1dGhv
cml6YXRpb24gc2VydmVyIE1VU1QKICAgdmVyaWZ5IHRoYXQgdGhlIHJlZGlyZWN0aW9uIFVSSSB0
byB3aGljaCBpdCB3aWxsIHJlZGlyZWN0IHRoZSBhY2Nlc3MKICAgdG9rZW4gbWF0Y2hlcyBhIHJl
ZGlyZWN0aW9uIFVSSSByZWdpc3RlcmVkIGJ5IHRoZSBjbGllbnQgYXMgZGVzY3JpYmVkCiAgIGlu
IFNlY3Rpb24gMy4xLjIuCgogICBJZiB0aGUgcmVxdWVzdCBpcyB2YWxpZCwgdGhlIGF1dGhvcml6
YXRpb24gc2VydmVyIGF1dGhlbnRpY2F0ZXMgdGhlCiAgIHJlc291cmNlIG93bmVyIGFuZCBvYnRh
aW5zIGFuIGF1dGhvcml6YXRpb24gZGVjaXNpb24gKGJ5IGFza2luZyB0aGUKICAgcmVzb3VyY2Ug
b3duZXIgb3IgYnkgZXN0YWJsaXNoaW5nIGFwcHJvdmFsIHZpYSBvdGhlciBtZWFucykuCgogICBX
aGVuIGEgZGVjaXNpb24gaXMgZXN0YWJsaXNoZWQsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBk
aXJlY3RzIHRoZQogICB1c2VyLWFnZW50IHRvIHRoZSBwcm92aWRlZCBjbGllbnQgcmVkaXJlY3Rp
b24gVVJJIHVzaW5nIGFuIEhUVFAKICAgcmVkaXJlY3Rpb24gcmVzcG9uc2UsIG9yIGJ5IG90aGVy
IG1lYW5zIGF2YWlsYWJsZSB0byBpdCB2aWEgdGhlIHVzZXItCiAgIGFnZW50LgoKNC4yLjIuICBB
Y2Nlc3MgVG9rZW4gUmVzcG9uc2UKCiAgIElmIHRoZSByZXNvdXJjZSBvd25lciBncmFudHMgdGhl
IGFjY2VzcyByZXF1ZXN0LCB0aGUgYXV0aG9yaXphdGlvbgogICBzZXJ2ZXIgaXNzdWVzIGFuIGFj
Y2VzcyB0b2tlbiBhbmQgZGVsaXZlcnMgaXQgdG8gdGhlIGNsaWVudCBieSBhZGRpbmcKICAgdGhl
IGZvbGxvd2luZyBwYXJhbWV0ZXJzIHRvIHRoZSBmcmFnbWVudCBjb21wb25lbnQgb2YgdGhlIHJl
ZGlyZWN0aW9uCiAgIFVSSSB1c2luZyB0aGUgImFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5j
b2RlZCIgZm9ybWF0OgoKICAgYWNjZXNzX3Rva2VuCiAgICAgICAgIFJFUVVJUkVELiAgVGhlIGFj
Y2VzcyB0b2tlbiBpc3N1ZWQgYnkgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLgogICB0b2tlbl90
eXBlCiAgICAgICAgIFJFUVVJUkVELiAgVGhlIHR5cGUgb2YgdGhlIHRva2VuIGlzc3VlZCBhcyBk
ZXNjcmliZWQgaW4KICAgICAgICAgU2VjdGlvbiA3LjEuICBWYWx1ZSBpcyBjYXNlIGluc2Vuc2l0
aXZlLgogICBleHBpcmVzX2luCiAgICAgICAgIFJFQ09NTUVOREVELiAgVGhlIGxpZmV0aW1lIGlu
IHNlY29uZHMgb2YgdGhlIGFjY2VzcyB0b2tlbi4gIEZvcgogICAgICAgICBleGFtcGxlLCB0aGUg
dmFsdWUgIjM2MDAiIGRlbm90ZXMgdGhhdCB0aGUgYWNjZXNzIHRva2VuIHdpbGwKICAgICAgICAg
ZXhwaXJlIGluIG9uZSBob3VyIGZyb20gdGhlIHRpbWUgdGhlIHJlc3BvbnNlIHdhcyBnZW5lcmF0
ZWQuCiAgICAgICAgIElmIG9taXR0ZWQsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBTSE9VTEQg
cHJvdmlkZSB0aGUKICAgICAgICAgZXhwaXJhdGlvbiB0aW1lIHZpYSBvdGhlciBtZWFucyBvciBk
b2N1bWVudCB0aGUgZGVmYXVsdCB2YWx1ZS4KICAgc2NvcGUKICAgICAgICAgT1BUSU9OQUwsIGlm
IGlkZW50aWNhbCB0byB0aGUgc2NvcGUgcmVxdWVzdGVkIGJ5IHRoZSBjbGllbnQsCiAgICAgICAg
IG90aGVyd2lzZSBSRVFVSVJFRC4gIFRoZSBzY29wZSBvZiB0aGUgYWNjZXNzIHRva2VuIGFzIGRl
c2NyaWJlZAogICAgICAgICBieSBTZWN0aW9uIDMuMy4KCgoKCkhhbW1lciwgZXQgYWwuICAgICAg
ICAgIEV4cGlyZXMgRGVjZW1iZXIgMSwgMjAxMiAgICAgICAgICAgICAgIFtQYWdlIDMyXQoMCklu
dGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAgICAgICAgICAgICAg
ICAgICBNYXkgMjAxMgoKCiAgIHN0YXRlCiAgICAgICAgIFJFUVVJUkVEIGlmIHRoZSAic3RhdGUi
IHBhcmFtZXRlciB3YXMgcHJlc2VudCBpbiB0aGUgY2xpZW50CiAgICAgICAgIGF1dGhvcml6YXRp
b24gcmVxdWVzdC4gIFRoZSBleGFjdCB2YWx1ZSByZWNlaXZlZCBmcm9tIHRoZQogICAgICAgICBj
bGllbnQuCgogICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBOT1QgaXNzdWUgYSByZWZy
ZXNoIHRva2VuLgoKICAgRm9yIGV4YW1wbGUsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciByZWRp
cmVjdHMgdGhlIHVzZXItYWdlbnQgYnkKICAgc2VuZGluZyB0aGUgZm9sbG93aW5nIEhUVFAgcmVz
cG9uc2UgKFVSSSBleHRyYSBsaW5lIGJyZWFrcyBhcmUgZm9yCiAgIGRpc3BsYXkgcHVycG9zZXMg
b25seSk6CgoKICAgICBIVFRQLzEuMSAzMDIgRm91bmQKICAgICBMb2NhdGlvbjogaHR0cDovL2V4
YW1wbGUuY29tL2NiI2FjY2Vzc190b2tlbj0yWW90bkZaRkVqcjF6Q3NpY01XcEFBCiAgICAgICAg
ICAgICAgICZzdGF0ZT14eXomdG9rZW5fdHlwZT1leGFtcGxlJmV4cGlyZXNfaW49MzYwMAoKCiAg
IERldmVsb3BlcnMgc2hvdWxkIG5vdGUgdGhhdCBzb21lIHVzZXItYWdlbnRzIGRvIG5vdCBzdXBw
b3J0IHRoZQogICBpbmNsdXNpb24gb2YgYSBmcmFnbWVudCBjb21wb25lbnQgaW4gdGhlIEhUVFAg
IkxvY2F0aW9uIiByZXNwb25zZQogICBoZWFkZXIgZmllbGQuICBTdWNoIGNsaWVudHMgd2lsbCBy
ZXF1aXJlIHVzaW5nIG90aGVyIG1ldGhvZHMgZm9yCiAgIHJlZGlyZWN0aW5nIHRoZSBjbGllbnQg
dGhhbiBhIDN4eCByZWRpcmVjdGlvbiByZXNwb25zZS4gIEZvciBleGFtcGxlLAogICByZXR1cm5p
bmcgYW4gSFRNTCBwYWdlIHdoaWNoIGluY2x1ZGVzIGEgJ2NvbnRpbnVlJyBidXR0b24gd2l0aCBh
bgogICBhY3Rpb24gbGlua2VkIHRvIHRoZSByZWRpcmVjdGlvbiBVUkkuCgogICBUaGUgY2xpZW50
IE1VU1QgaWdub3JlIHVucmVjb2duaXplZCByZXNwb25zZSBwYXJhbWV0ZXJzLiAgVGhlIGFjY2Vz
cwogICB0b2tlbiBzdHJpbmcgc2l6ZSBpcyBsZWZ0IHVuZGVmaW5lZCBieSB0aGlzIHNwZWNpZmlj
YXRpb24uICBUaGUKICAgY2xpZW50IHNob3VsZCBhdm9pZCBtYWtpbmcgYXNzdW1wdGlvbnMgYWJv
dXQgdmFsdWUgc2l6ZXMuICBUaGUKICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgU0hPVUxEIGRvY3Vt
ZW50IHRoZSBzaXplIG9mIGFueSB2YWx1ZSBpdCBpc3N1ZXMuCgo0LjIuMi4xLiAgRXJyb3IgUmVz
cG9uc2UKCiAgIElmIHRoZSByZXF1ZXN0IGZhaWxzIGR1ZSB0byBhIG1pc3NpbmcsIGludmFsaWQs
IG9yIG1pc21hdGNoaW5nCiAgIHJlZGlyZWN0aW9uIFVSSSwgb3IgaWYgdGhlIGNsaWVudCBpZGVu
dGlmaWVyIGlzIG1pc3Npbmcgb3IgaW52YWxpZCwKICAgdGhlIGF1dGhvcml6YXRpb24gc2VydmVy
IFNIT1VMRCBpbmZvcm0gdGhlIHJlc291cmNlIG93bmVyIG9mIHRoZQogICBlcnJvciwgYW5kIE1V
U1QgTk9UIGF1dG9tYXRpY2FsbHkgcmVkaXJlY3QgdGhlIHVzZXItYWdlbnQgdG8gdGhlCiAgIGlu
dmFsaWQgcmVkaXJlY3Rpb24gVVJJLgoKICAgSWYgdGhlIHJlc291cmNlIG93bmVyIGRlbmllcyB0
aGUgYWNjZXNzIHJlcXVlc3Qgb3IgaWYgdGhlIHJlcXVlc3QKICAgZmFpbHMgZm9yIHJlYXNvbnMg
b3RoZXIgdGhhbiBhIG1pc3Npbmcgb3IgaW52YWxpZCByZWRpcmVjdGlvbiBVUkksCiAgIHRoZSBh
dXRob3JpemF0aW9uIHNlcnZlciBpbmZvcm1zIHRoZSBjbGllbnQgYnkgYWRkaW5nIHRoZSBmb2xs
b3dpbmcKICAgcGFyYW1ldGVycyB0byB0aGUgZnJhZ21lbnQgY29tcG9uZW50IG9mIHRoZSByZWRp
cmVjdGlvbiBVUkkgdXNpbmcgdGhlCiAgICJhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29k
ZWQiIGZvcm1hdDoKCiAgIGVycm9yCiAgICAgICAgIFJFUVVJUkVELiAgQSBzaW5nbGUgQVNDSUkg
W1VTQVNDSUldIGVycm9yIGNvZGUgZnJvbSB0aGUKICAgICAgICAgZm9sbG93aW5nOgoKCgoKCkhh
bW1lciwgZXQgYWwuICAgICAgICAgIEV4cGlyZXMgRGVjZW1iZXIgMSwgMjAxMiAgICAgICAgICAg
ICAgIFtQYWdlIDMzXQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4w
ICAgICAgICAgICAgICAgICAgICAgICBNYXkgMjAxMgoKCiAgICAgICAgIGludmFsaWRfcmVxdWVz
dAogICAgICAgICAgICAgICBUaGUgcmVxdWVzdCBpcyBtaXNzaW5nIGEgcmVxdWlyZWQgcGFyYW1l
dGVyLCBpbmNsdWRlcyBhbgogICAgICAgICAgICAgICBpbnZhbGlkIHBhcmFtZXRlciB2YWx1ZSwg
aW5jbHVkZXMgYSBwYXJhbWV0ZXIgbW9yZSB0aGFuCiAgICAgICAgICAgICAgIG9uY2UsIG9yIGlz
IG90aGVyd2lzZSBtYWxmb3JtZWQuCiAgICAgICAgIHVuYXV0aG9yaXplZF9jbGllbnQKICAgICAg
ICAgICAgICAgVGhlIGNsaWVudCBpcyBub3QgYXV0aG9yaXplZCB0byByZXF1ZXN0IGFuIGFjY2Vz
cyB0b2tlbgogICAgICAgICAgICAgICB1c2luZyB0aGlzIG1ldGhvZC4KICAgICAgICAgYWNjZXNz
X2RlbmllZAogICAgICAgICAgICAgICBUaGUgcmVzb3VyY2Ugb3duZXIgb3IgYXV0aG9yaXphdGlv
biBzZXJ2ZXIgZGVuaWVkIHRoZQogICAgICAgICAgICAgICByZXF1ZXN0LgogICAgICAgICB1bnN1
cHBvcnRlZF9yZXNwb25zZV90eXBlCiAgICAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNl
cnZlciBkb2VzIG5vdCBzdXBwb3J0IG9idGFpbmluZyBhbgogICAgICAgICAgICAgICBhY2Nlc3Mg
dG9rZW4gdXNpbmcgdGhpcyBtZXRob2QuCiAgICAgICAgIGludmFsaWRfc2NvcGUKICAgICAgICAg
ICAgICAgVGhlIHJlcXVlc3RlZCBzY29wZSBpcyBpbnZhbGlkLCB1bmtub3duLCBvciBtYWxmb3Jt
ZWQuCiAgICAgICAgIHNlcnZlcl9lcnJvcgogICAgICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlv
biBzZXJ2ZXIgZW5jb3VudGVyZWQgYW4gdW5leHBlY3RlZAogICAgICAgICAgICAgICBjb25kaXRp
b24gd2hpY2ggcHJldmVudGVkIGl0IGZyb20gZnVsZmlsbGluZyB0aGUgcmVxdWVzdC4KICAgICAg
ICAgdGVtcG9yYXJpbHlfdW5hdmFpbGFibGUKICAgICAgICAgICAgICAgVGhlIGF1dGhvcml6YXRp
b24gc2VydmVyIGlzIGN1cnJlbnRseSB1bmFibGUgdG8gaGFuZGxlCiAgICAgICAgICAgICAgIHRo
ZSByZXF1ZXN0IGR1ZSB0byBhIHRlbXBvcmFyeSBvdmVybG9hZGluZyBvciBtYWludGVuYW5jZQog
ICAgICAgICAgICAgICBvZiB0aGUgc2VydmVyLgogICAgICAgICBWYWx1ZXMgZm9yIHRoZSAiZXJy
b3IiIHBhcmFtZXRlciBNVVNUIE5PVCBpbmNsdWRlIGNoYXJhY3RlcnMKICAgICAgICAgb3V0c2lk
ZSB0aGUgc2V0ICV4MjAtMjEgLyAleDIzLTVCIC8gJXg1RC03RS4KICAgZXJyb3JfZGVzY3JpcHRp
b24KICAgICAgICAgT1BUSU9OQUwuICBBIGh1bWFuLXJlYWRhYmxlIEFTQ0lJIFtVU0FTQ0lJXSB0
ZXh0IHByb3ZpZGluZwogICAgICAgICBhZGRpdGlvbmFsIGluZm9ybWF0aW9uLCB1c2VkIHRvIGFz
c2lzdCB0aGUgY2xpZW50IGRldmVsb3BlciBpbgogICAgICAgICB1bmRlcnN0YW5kaW5nIHRoZSBl
cnJvciB0aGF0IG9jY3VycmVkLgogICAgICAgICBWYWx1ZXMgZm9yIHRoZSAiZXJyb3JfZGVzY3Jp
cHRpb24iIHBhcmFtZXRlciBNVVNUIE5PVCBpbmNsdWRlCiAgICAgICAgIGNoYXJhY3RlcnMgb3V0
c2lkZSB0aGUgc2V0ICV4MjAtMjEgLyAleDIzLTVCIC8gJXg1RC03RS4KICAgZXJyb3JfdXJpCiAg
ICAgICAgIE9QVElPTkFMLiAgQSBVUkkgaWRlbnRpZnlpbmcgYSBodW1hbi1yZWFkYWJsZSB3ZWIg
cGFnZSB3aXRoCiAgICAgICAgIGluZm9ybWF0aW9uIGFib3V0IHRoZSBlcnJvciwgdXNlZCB0byBw
cm92aWRlIHRoZSBjbGllbnQKICAgICAgICAgZGV2ZWxvcGVyIHdpdGggYWRkaXRpb25hbCBpbmZv
cm1hdGlvbiBhYm91dCB0aGUgZXJyb3IuCiAgICAgICAgIFZhbHVlcyBmb3IgdGhlICJlcnJvcl91
cmkiIHBhcmFtZXRlciBNVVNUIGNvbmZvcm0gdG8gdGhlIFVSSS0KICAgICAgICAgUmVmZXJlbmNl
IHN5bnRheCwgYW5kIHRodXMgTVVTVCBOT1QgaW5jbHVkZSBjaGFyYWN0ZXJzIG91dHNpZGUKICAg
ICAgICAgdGhlIHNldCAleDIxIC8gJXgyMy01QiAvICV4NUQtN0UuCiAgIHN0YXRlCiAgICAgICAg
IFJFUVVJUkVEIGlmIGEgInN0YXRlIiBwYXJhbWV0ZXIgd2FzIHByZXNlbnQgaW4gdGhlIGNsaWVu
dAogICAgICAgICBhdXRob3JpemF0aW9uIHJlcXVlc3QuICBUaGUgZXhhY3QgdmFsdWUgcmVjZWl2
ZWQgZnJvbSB0aGUKICAgICAgICAgY2xpZW50LgoKICAgRm9yIGV4YW1wbGUsIHRoZSBhdXRob3Jp
emF0aW9uIHNlcnZlciByZWRpcmVjdHMgdGhlIHVzZXItYWdlbnQgYnkKICAgc2VuZGluZyB0aGUg
Zm9sbG93aW5nIEhUVFAgcmVzcG9uc2U6CgoKICAgSFRUUC8xLjEgMzAyIEZvdW5kCiAgIExvY2F0
aW9uOiBodHRwczovL2NsaWVudC5leGFtcGxlLmNvbS9jYiNlcnJvcj1hY2Nlc3NfZGVuaWVkJnN0
YXRlPXh5egoKCgpIYW1tZXIsIGV0IGFsLiAgICAgICAgICBFeHBpcmVzIERlY2VtYmVyIDEsIDIw
MTIgICAgICAgICAgICAgICBbUGFnZSAzNF0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAg
ICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICAgTWF5IDIwMTIKCgo0LjMuICBSZXNv
dXJjZSBPd25lciBQYXNzd29yZCBDcmVkZW50aWFscyBHcmFudAoKICAgVGhlIHJlc291cmNlIG93
bmVyIHBhc3N3b3JkIGNyZWRlbnRpYWxzIGdyYW50IHR5cGUgaXMgc3VpdGFibGUgaW4KICAgY2Fz
ZXMgd2hlcmUgdGhlIHJlc291cmNlIG93bmVyIGhhcyBhIHRydXN0IHJlbGF0aW9uc2hpcCB3aXRo
IHRoZQogICBjbGllbnQsIHN1Y2ggYXMgdGhlIGRldmljZSBvcGVyYXRpbmcgc3lzdGVtIG9yIGEg
aGlnaGx5IHByaXZpbGVnZWQKICAgYXBwbGljYXRpb24uICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2
ZXIgc2hvdWxkIHRha2Ugc3BlY2lhbCBjYXJlIHdoZW4KICAgZW5hYmxpbmcgdGhpcyBncmFudCB0
eXBlLCBhbmQgb25seSBhbGxvdyBpdCB3aGVuIG90aGVyIGZsb3dzIGFyZSBub3QKICAgdmlhYmxl
LgoKICAgVGhlIGdyYW50IHR5cGUgaXMgc3VpdGFibGUgZm9yIGNsaWVudHMgY2FwYWJsZSBvZiBv
YnRhaW5pbmcgdGhlCiAgIHJlc291cmNlIG93bmVyJ3MgY3JlZGVudGlhbHMgKHVzZXJuYW1lIGFu
ZCBwYXNzd29yZCwgdHlwaWNhbGx5IHVzaW5nCiAgIGFuIGludGVyYWN0aXZlIGZvcm0pLiAgSXQg
aXMgYWxzbyB1c2VkIHRvIG1pZ3JhdGUgZXhpc3RpbmcgY2xpZW50cwogICB1c2luZyBkaXJlY3Qg
YXV0aGVudGljYXRpb24gc2NoZW1lcyBzdWNoIGFzIEhUVFAgQmFzaWMgb3IgRGlnZXN0CiAgIGF1
dGhlbnRpY2F0aW9uIHRvIE9BdXRoIGJ5IGNvbnZlcnRpbmcgdGhlIHN0b3JlZCBjcmVkZW50aWFs
cyB0byBhbgogICBhY2Nlc3MgdG9rZW4uCgoKICAgICArLS0tLS0tLS0tLSsKICAgICB8IFJlc291
cmNlIHwKICAgICB8ICBPd25lciAgIHwKICAgICB8ICAgICAgICAgIHwKICAgICArLS0tLS0tLS0t
LSsKICAgICAgICAgIHYKICAgICAgICAgIHwgICAgUmVzb3VyY2UgT3duZXIKICAgICAgICAgKEEp
IFBhc3N3b3JkIENyZWRlbnRpYWxzCiAgICAgICAgICB8CiAgICAgICAgICB2CiAgICAgKy0tLS0t
LS0tLSsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKy0tLS0tLS0tLS0tLS0tLSsK
ICAgICB8ICAgICAgICAgfD4tLShCKS0tLS0gUmVzb3VyY2UgT3duZXIgLS0tLS0tLT58ICAgICAg
ICAgICAgICAgfAogICAgIHwgICAgICAgICB8ICAgICAgICAgUGFzc3dvcmQgQ3JlZGVudGlhbHMg
ICAgIHwgQXV0aG9yaXphdGlvbiB8CiAgICAgfCBDbGllbnQgIHwgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgfCAgICAgU2VydmVyICAgIHwKICAgICB8ICAgICAgICAgfDwtLShDKS0t
LS0gQWNjZXNzIFRva2VuIC0tLS0tLS0tLTx8ICAgICAgICAgICAgICAgfAogICAgIHwgICAgICAg
ICB8ICAgICh3LyBPcHRpb25hbCBSZWZyZXNoIFRva2VuKSAgIHwgICAgICAgICAgICAgICB8CiAg
ICAgKy0tLS0tLS0tLSsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKy0tLS0tLS0t
LS0tLS0tLSsKCgogICAgICAgICAgICBGaWd1cmUgNTogUmVzb3VyY2UgT3duZXIgUGFzc3dvcmQg
Q3JlZGVudGlhbHMgRmxvdwoKICAgVGhlIGZsb3cgaWxsdXN0cmF0ZWQgaW4gRmlndXJlIDUgaW5j
bHVkZXMgdGhlIGZvbGxvd2luZyBzdGVwczoKCiAgIChBKSAgVGhlIHJlc291cmNlIG93bmVyIHBy
b3ZpZGVzIHRoZSBjbGllbnQgd2l0aCBpdHMgdXNlcm5hbWUgYW5kCiAgICAgICAgcGFzc3dvcmQu
CiAgIChCKSAgVGhlIGNsaWVudCByZXF1ZXN0cyBhbiBhY2Nlc3MgdG9rZW4gZnJvbSB0aGUgYXV0
aG9yaXphdGlvbgogICAgICAgIHNlcnZlcidzIHRva2VuIGVuZHBvaW50IGJ5IGluY2x1ZGluZyB0
aGUgY3JlZGVudGlhbHMgcmVjZWl2ZWQKICAgICAgICBmcm9tIHRoZSByZXNvdXJjZSBvd25lci4g
IFdoZW4gbWFraW5nIHRoZSByZXF1ZXN0LCB0aGUgY2xpZW50CiAgICAgICAgYXV0aGVudGljYXRl
cyB3aXRoIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4KCgoKCgpIYW1tZXIsIGV0IGFsLiAgICAg
ICAgICBFeHBpcmVzIERlY2VtYmVyIDEsIDIwMTIgICAgICAgICAgICAgICBbUGFnZSAzNV0KDApJ
bnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAg
ICAgICAgTWF5IDIwMTIKCgogICAoQykgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhdXRoZW50
aWNhdGVzIHRoZSBjbGllbnQgYW5kIHZhbGlkYXRlcwogICAgICAgIHRoZSByZXNvdXJjZSBvd25l
ciBjcmVkZW50aWFscywgYW5kIGlmIHZhbGlkIGlzc3VlcyBhbiBhY2Nlc3MKICAgICAgICB0b2tl
bi4KCjQuMy4xLiAgQXV0aG9yaXphdGlvbiBSZXF1ZXN0IGFuZCBSZXNwb25zZQoKICAgVGhlIG1l
dGhvZCB0aHJvdWdoIHdoaWNoIHRoZSBjbGllbnQgb2J0YWlucyB0aGUgcmVzb3VyY2Ugb3duZXIK
ICAgY3JlZGVudGlhbHMgaXMgYmV5b25kIHRoZSBzY29wZSBvZiB0aGlzIHNwZWNpZmljYXRpb24u
ICBUaGUgY2xpZW50CiAgIE1VU1QgZGlzY2FyZCB0aGUgY3JlZGVudGlhbHMgb25jZSBhbiBhY2Nl
c3MgdG9rZW4gaGFzIGJlZW4gb2J0YWluZWQuCgo0LjMuMi4gIEFjY2VzcyBUb2tlbiBSZXF1ZXN0
CgogICBUaGUgY2xpZW50IG1ha2VzIGEgcmVxdWVzdCB0byB0aGUgdG9rZW4gZW5kcG9pbnQgYnkg
YWRkaW5nIHRoZQogICBmb2xsb3dpbmcgcGFyYW1ldGVycyB1c2luZyB0aGUgImFwcGxpY2F0aW9u
L3gtd3d3LWZvcm0tdXJsZW5jb2RlZCIKICAgZm9ybWF0IGluIHRoZSBIVFRQIHJlcXVlc3QgZW50
aXR5LWJvZHk6CgogICBncmFudF90eXBlCiAgICAgICAgIFJFUVVJUkVELiAgVmFsdWUgTVVTVCBi
ZSBzZXQgdG8gInBhc3N3b3JkIi4KICAgdXNlcm5hbWUKICAgICAgICAgUkVRVUlSRUQuICBUaGUg
cmVzb3VyY2Ugb3duZXIgdXNlcm5hbWUsIGVuY29kZWQgYXMgVVRGLTguCiAgIHBhc3N3b3JkCiAg
ICAgICAgIFJFUVVJUkVELiAgVGhlIHJlc291cmNlIG93bmVyIHBhc3N3b3JkLCBlbmNvZGVkIGFz
IFVURi04LgogICBzY29wZQogICAgICAgICBPUFRJT05BTC4gIFRoZSBzY29wZSBvZiB0aGUgYWNj
ZXNzIHJlcXVlc3QgYXMgZGVzY3JpYmVkIGJ5CiAgICAgICAgIFNlY3Rpb24gMy4zLgoKICAgSWYg
dGhlIGNsaWVudCB0eXBlIGlzIGNvbmZpZGVudGlhbCBvciB0aGUgY2xpZW50IHdhcyBpc3N1ZWQg
Y2xpZW50CiAgIGNyZWRlbnRpYWxzIChvciBhc3NpZ25lZCBvdGhlciBhdXRoZW50aWNhdGlvbiBy
ZXF1aXJlbWVudHMpLCB0aGUKICAgY2xpZW50IE1VU1QgYXV0aGVudGljYXRlIHdpdGggdGhlIGF1
dGhvcml6YXRpb24gc2VydmVyIGFzIGRlc2NyaWJlZAogICBpbiBTZWN0aW9uIDMuMi4xLgoKICAg
Rm9yIGV4YW1wbGUsIHRoZSBjbGllbnQgbWFrZXMgdGhlIGZvbGxvd2luZyBIVFRQIHJlcXVlc3Qg
dXNpbmcKICAgdHJhbnNwb3J0LWxheWVyIHNlY3VyaXR5IChleHRyYSBsaW5lIGJyZWFrcyBhcmUg
Zm9yIGRpc3BsYXkgcHVycG9zZXMKICAgb25seSk6CgoKICAgICBQT1NUIC90b2tlbiBIVFRQLzEu
MQogICAgIEhvc3Q6IHNlcnZlci5leGFtcGxlLmNvbQogICAgIEF1dGhvcml6YXRpb246IEJhc2lj
IGN6WkNhR1JTYTNGME16cG5XREZtUW1GME0ySlcKICAgICBDb250ZW50LVR5cGU6IGFwcGxpY2F0
aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZDtjaGFyc2V0PVVURi04CgogICAgIGdyYW50X3R5cGU9
cGFzc3dvcmQmdXNlcm5hbWU9am9obmRvZSZwYXNzd29yZD1BM2RkajN3CgoKICAgVGhlIGF1dGhv
cml6YXRpb24gc2VydmVyIE1VU1Q6CgoKCgoKCkhhbW1lciwgZXQgYWwuICAgICAgICAgIEV4cGly
ZXMgRGVjZW1iZXIgMSwgMjAxMiAgICAgICAgICAgICAgIFtQYWdlIDM2XQoMCkludGVybmV0LURy
YWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAgICAgICAgICAgICAgICAgICBNYXkg
MjAxMgoKCiAgIG8gIHJlcXVpcmUgY2xpZW50IGF1dGhlbnRpY2F0aW9uIGZvciBjb25maWRlbnRp
YWwgY2xpZW50cyBvciBmb3IgYW55CiAgICAgIGNsaWVudCB0aGF0IHdhcyBpc3N1ZWQgY2xpZW50
IGNyZWRlbnRpYWxzIChvciB3aXRoIG90aGVyCiAgICAgIGF1dGhlbnRpY2F0aW9uIHJlcXVpcmVt
ZW50cyksCiAgIG8gIGF1dGhlbnRpY2F0ZSB0aGUgY2xpZW50IGlmIGNsaWVudCBhdXRoZW50aWNh
dGlvbiBpcyBpbmNsdWRlZCwgYW5kCiAgIG8gIHZhbGlkYXRlIHRoZSByZXNvdXJjZSBvd25lciBw
YXNzd29yZCBjcmVkZW50aWFscyB1c2luZyBpdHMKICAgICAgZXhpc3RpbmcgcGFzc3dvcmQgdmFs
aWRhdGlvbiBhbGdvcml0aG0uCgogICBTaW5jZSB0aGlzIGFjY2VzcyB0b2tlbiByZXF1ZXN0IHV0
aWxpemVzIHRoZSByZXNvdXJjZSBvd25lcidzCiAgIHBhc3N3b3JkLCB0aGUgYXV0aG9yaXphdGlv
biBzZXJ2ZXIgTVVTVCBwcm90ZWN0IHRoZSBlbmRwb2ludCBhZ2FpbnN0CiAgIGJydXRlIGZvcmNl
IGF0dGFja3MgKGUuZy4gdXNpbmcgcmF0ZS1saW1pdGF0aW9uIG9yIGdlbmVyYXRpbmcKICAgYWxl
cnRzKS4KCjQuMy4zLiAgQWNjZXNzIFRva2VuIFJlc3BvbnNlCgogICBJZiB0aGUgYWNjZXNzIHRv
a2VuIHJlcXVlc3QgaXMgdmFsaWQgYW5kIGF1dGhvcml6ZWQsIHRoZQogICBhdXRob3JpemF0aW9u
IHNlcnZlciBpc3N1ZXMgYW4gYWNjZXNzIHRva2VuIGFuZCBvcHRpb25hbCByZWZyZXNoCiAgIHRv
a2VuIGFzIGRlc2NyaWJlZCBpbiBTZWN0aW9uIDUuMS4gIElmIHRoZSByZXF1ZXN0IGZhaWxlZCBj
bGllbnQKICAgYXV0aGVudGljYXRpb24gb3IgaXMgaW52YWxpZCwgdGhlIGF1dGhvcml6YXRpb24g
c2VydmVyIHJldHVybnMgYW4KICAgZXJyb3IgcmVzcG9uc2UgYXMgZGVzY3JpYmVkIGluIFNlY3Rp
b24gNS4yLgoKICAgQW4gZXhhbXBsZSBzdWNjZXNzZnVsIHJlc3BvbnNlOgoKCiAgICAgSFRUUC8x
LjEgMjAwIE9LCiAgICAgQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9qc29uO2NoYXJzZXQ9VVRG
LTgKICAgICBDYWNoZS1Db250cm9sOiBuby1zdG9yZQogICAgIFByYWdtYTogbm8tY2FjaGUKCiAg
ICAgewogICAgICAgImFjY2Vzc190b2tlbiI6IjJZb3RuRlpGRWpyMXpDc2ljTVdwQUEiLAogICAg
ICAgInRva2VuX3R5cGUiOiJleGFtcGxlIiwKICAgICAgICJleHBpcmVzX2luIjozNjAwLAogICAg
ICAgInJlZnJlc2hfdG9rZW4iOiJ0R3p2M0pPa0YwWEc1UXgyVGxLV0lBIiwKICAgICAgICJleGFt
cGxlX3BhcmFtZXRlciI6ImV4YW1wbGVfdmFsdWUiCiAgICAgfQoKCjQuNC4gIENsaWVudCBDcmVk
ZW50aWFscyBHcmFudAoKICAgVGhlIGNsaWVudCBjYW4gcmVxdWVzdCBhbiBhY2Nlc3MgdG9rZW4g
dXNpbmcgb25seSBpdHMgY2xpZW50CiAgIGNyZWRlbnRpYWxzIChvciBvdGhlciBzdXBwb3J0ZWQg
bWVhbnMgb2YgYXV0aGVudGljYXRpb24pIHdoZW4gdGhlCiAgIGNsaWVudCBpcyByZXF1ZXN0aW5n
IGFjY2VzcyB0byB0aGUgcHJvdGVjdGVkIHJlc291cmNlcyB1bmRlciBpdHMKICAgY29udHJvbCwg
b3IgdGhvc2Ugb2YgYW5vdGhlciByZXNvdXJjZSBvd25lciB3aGljaCBoYXMgYmVlbiBwcmV2aW91
c2x5CiAgIGFycmFuZ2VkIHdpdGggdGhlIGF1dGhvcml6YXRpb24gc2VydmVyICh0aGUgbWV0aG9k
IG9mIHdoaWNoIGlzIGJleW9uZAogICB0aGUgc2NvcGUgb2YgdGhpcyBzcGVjaWZpY2F0aW9uKS4K
CiAgIFRoZSBjbGllbnQgY3JlZGVudGlhbHMgZ3JhbnQgdHlwZSBNVVNUIG9ubHkgYmUgdXNlZCBi
eSBjb25maWRlbnRpYWwKICAgY2xpZW50cy4KCgoKSGFtbWVyLCBldCBhbC4gICAgICAgICAgRXhw
aXJlcyBEZWNlbWJlciAxLCAyMDEyICAgICAgICAgICAgICAgW1BhZ2UgMzddCgwKSW50ZXJuZXQt
RHJhZnQgICAgICAgICAgICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAgICAgICAgIE1h
eSAyMDEyCgoKICAgICArLS0tLS0tLS0tKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICArLS0tLS0tLS0tLS0tLS0tKwogICAgIHwgICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgIHwgICAgICAgICAgICAgICB8CiAgICAgfCAgICAgICAgIHw+LS0oQSktIENs
aWVudCBBdXRoZW50aWNhdGlvbiAtLS0+fCBBdXRob3JpemF0aW9uIHwKICAgICB8IENsaWVudCAg
fCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8ICAgICBTZXJ2ZXIgICAgfAogICAg
IHwgICAgICAgICB8PC0tKEIpLS0tLSBBY2Nlc3MgVG9rZW4gLS0tLS0tLS0tPHwgICAgICAgICAg
ICAgICB8CiAgICAgfCAgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
fCAgICAgICAgICAgICAgIHwKICAgICArLS0tLS0tLS0tKyAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tKwoKCiAgICAgICAgICAgICAgICAgICAgIEZpZ3Vy
ZSA2OiBDbGllbnQgQ3JlZGVudGlhbHMgRmxvdwoKICAgVGhlIGZsb3cgaWxsdXN0cmF0ZWQgaW4g
RmlndXJlIDYgaW5jbHVkZXMgdGhlIGZvbGxvd2luZyBzdGVwczoKCiAgIChBKSAgVGhlIGNsaWVu
dCBhdXRoZW50aWNhdGVzIHdpdGggdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGFuZAogICAgICAg
IHJlcXVlc3RzIGFuIGFjY2VzcyB0b2tlbiBmcm9tIHRoZSB0b2tlbiBlbmRwb2ludC4KICAgKEIp
ICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXV0aGVudGljYXRlcyB0aGUgY2xpZW50LCBhbmQg
aWYgdmFsaWQKICAgICAgICBpc3N1ZXMgYW4gYWNjZXNzIHRva2VuLgoKNC40LjEuICBBdXRob3Jp
emF0aW9uIFJlcXVlc3QgYW5kIFJlc3BvbnNlCgogICBTaW5jZSB0aGUgY2xpZW50IGF1dGhlbnRp
Y2F0aW9uIGlzIHVzZWQgYXMgdGhlIGF1dGhvcml6YXRpb24gZ3JhbnQsCiAgIG5vIGFkZGl0aW9u
YWwgYXV0aG9yaXphdGlvbiByZXF1ZXN0IGlzIG5lZWRlZC4KCjQuNC4yLiAgQWNjZXNzIFRva2Vu
IFJlcXVlc3QKCiAgIFRoZSBjbGllbnQgbWFrZXMgYSByZXF1ZXN0IHRvIHRoZSB0b2tlbiBlbmRw
b2ludCBieSBhZGRpbmcgdGhlCiAgIGZvbGxvd2luZyBwYXJhbWV0ZXJzIHVzaW5nIHRoZSAiYXBw
bGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkIgogICBmb3JtYXQgaW4gdGhlIEhUVFAgcmVx
dWVzdCBlbnRpdHktYm9keToKCiAgIGdyYW50X3R5cGUKICAgICAgICAgUkVRVUlSRUQuICBWYWx1
ZSBNVVNUIGJlIHNldCB0byAiY2xpZW50X2NyZWRlbnRpYWxzIi4KICAgc2NvcGUKICAgICAgICAg
T1BUSU9OQUwuICBUaGUgc2NvcGUgb2YgdGhlIGFjY2VzcyByZXF1ZXN0IGFzIGRlc2NyaWJlZCBi
eQogICAgICAgICBTZWN0aW9uIDMuMy4KCiAgIFRoZSBjbGllbnQgTVVTVCBhdXRoZW50aWNhdGUg
d2l0aCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXMKICAgZGVzY3JpYmVkIGluIFNlY3Rpb24g
My4yLjEuCgogICBGb3IgZXhhbXBsZSwgdGhlIGNsaWVudCBtYWtlcyB0aGUgZm9sbG93aW5nIEhU
VFAgcmVxdWVzdCB1c2luZwogICB0cmFuc3BvcnQtbGF5ZXIgc2VjdXJpdHkgKGV4dHJhIGxpbmUg
YnJlYWtzIGFyZSBmb3IgZGlzcGxheSBwdXJwb3NlcwogICBvbmx5KToKCgogICAgIFBPU1QgL3Rv
a2VuIEhUVFAvMS4xCiAgICAgSG9zdDogc2VydmVyLmV4YW1wbGUuY29tCiAgICAgQXV0aG9yaXph
dGlvbjogQmFzaWMgY3paQ2FHUlNhM0YwTXpwbldERm1RbUYwTTJKVwogICAgIENvbnRlbnQtVHlw
ZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkO2NoYXJzZXQ9VVRGLTgKCgoKCkhh
bW1lciwgZXQgYWwuICAgICAgICAgIEV4cGlyZXMgRGVjZW1iZXIgMSwgMjAxMiAgICAgICAgICAg
ICAgIFtQYWdlIDM4XQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4w
ICAgICAgICAgICAgICAgICAgICAgICBNYXkgMjAxMgoKCiAgICAgZ3JhbnRfdHlwZT1jbGllbnRf
Y3JlZGVudGlhbHMKCgogICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBhdXRoZW50aWNh
dGUgdGhlIGNsaWVudC4KCjQuNC4zLiAgQWNjZXNzIFRva2VuIFJlc3BvbnNlCgogICBJZiB0aGUg
YWNjZXNzIHRva2VuIHJlcXVlc3QgaXMgdmFsaWQgYW5kIGF1dGhvcml6ZWQsIHRoZQogICBhdXRo
b3JpemF0aW9uIHNlcnZlciBpc3N1ZXMgYW4gYWNjZXNzIHRva2VuIGFzIGRlc2NyaWJlZCBpbgog
ICBTZWN0aW9uIDUuMS4gIEEgcmVmcmVzaCB0b2tlbiBTSE9VTEQgTk9UIGJlIGluY2x1ZGVkLiAg
SWYgdGhlIHJlcXVlc3QKICAgZmFpbGVkIGNsaWVudCBhdXRoZW50aWNhdGlvbiBvciBpcyBpbnZh
bGlkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIKICAgcmV0dXJucyBhbiBlcnJvciByZXNwb25z
ZSBhcyBkZXNjcmliZWQgaW4gU2VjdGlvbiA1LjIuCgogICBBbiBleGFtcGxlIHN1Y2Nlc3NmdWwg
cmVzcG9uc2U6CgoKICAgICBIVFRQLzEuMSAyMDAgT0sKICAgICBDb250ZW50LVR5cGU6IGFwcGxp
Y2F0aW9uL2pzb247Y2hhcnNldD1VVEYtOAogICAgIENhY2hlLUNvbnRyb2w6IG5vLXN0b3JlCiAg
ICAgUHJhZ21hOiBuby1jYWNoZQoKICAgICB7CiAgICAgICAiYWNjZXNzX3Rva2VuIjoiMllvdG5G
WkZFanIxekNzaWNNV3BBQSIsCiAgICAgICAidG9rZW5fdHlwZSI6ImV4YW1wbGUiLAogICAgICAg
ImV4cGlyZXNfaW4iOjM2MDAsCiAgICAgICAiZXhhbXBsZV9wYXJhbWV0ZXIiOiJleGFtcGxlX3Zh
bHVlIgogICAgIH0KCgo0LjUuICBFeHRlbnNpb24gR3JhbnRzCgogICBUaGUgY2xpZW50IHVzZXMg
YW4gZXh0ZW5zaW9uIGdyYW50IHR5cGUgYnkgc3BlY2lmeWluZyB0aGUgZ3JhbnQgdHlwZQogICB1
c2luZyBhbiBhYnNvbHV0ZSBVUkkgKGRlZmluZWQgYnkgdGhlIGF1dGhvcml6YXRpb24gc2VydmVy
KSBhcyB0aGUKICAgdmFsdWUgb2YgdGhlICJncmFudF90eXBlIiBwYXJhbWV0ZXIgb2YgdGhlIHRv
a2VuIGVuZHBvaW50LCBhbmQgYnkKICAgYWRkaW5nIGFueSBhZGRpdGlvbmFsIHBhcmFtZXRlcnMg
bmVjZXNzYXJ5LgoKICAgRm9yIGV4YW1wbGUsIHRvIHJlcXVlc3QgYW4gYWNjZXNzIHRva2VuIHVz
aW5nIGEgU0FNTCAyLjAgYXNzZXJ0aW9uCiAgIGdyYW50IHR5cGUgYXMgZGVmaW5lZCBieSBbSS1E
LmlldGYtb2F1dGgtc2FtbDItYmVhcmVyXSwgdGhlIGNsaWVudAogICBtYWtlcyB0aGUgZm9sbG93
aW5nIEhUVFAgcmVxdWVzdCB1c2luZyBUTFMgKGxpbmUgYnJlYWtzIGFyZSBmb3IKICAgZGlzcGxh
eSBwdXJwb3NlcyBvbmx5KToKCgogICAgIFBPU1QgL3Rva2VuIEhUVFAvMS4xCiAgICAgSG9zdDog
c2VydmVyLmV4YW1wbGUuY29tCiAgICAgQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1m
b3JtLXVybGVuY29kZWQ7Y2hhcnNldD1VVEYtOAoKICAgICBncmFudF90eXBlPXVybiUzQWlldGYl
M0FwYXJhbXMlM0FvYXV0aCUzQWdyYW50LXR5cGUlM0FzYW1sMi0KICAgICBiZWFyZXImYXNzZXJ0
aW9uPVBFRnpjMlZ5ZEdsdmJpQkpjM04xWlVsdWMzUmhiblE5SWpJd01URXRNRFUKCgoKSGFtbWVy
LCBldCBhbC4gICAgICAgICAgRXhwaXJlcyBEZWNlbWJlciAxLCAyMDEyICAgICAgICAgICAgICAg
W1BhZ2UgMzldCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBPQXV0aCAyLjAgICAg
ICAgICAgICAgICAgICAgICAgIE1heSAyMDEyCgoKICAgICBbLi4ub21pdHRlZCBmb3IgYnJldml0
eS4uLl1hRzVUZEdGMFpXMWxiblEtUEM5QmMzTmxjblJwYjI0LQoKCiAgIElmIHRoZSBhY2Nlc3Mg
dG9rZW4gcmVxdWVzdCBpcyB2YWxpZCBhbmQgYXV0aG9yaXplZCwgdGhlCiAgIGF1dGhvcml6YXRp
b24gc2VydmVyIGlzc3VlcyBhbiBhY2Nlc3MgdG9rZW4gYW5kIG9wdGlvbmFsIHJlZnJlc2gKICAg
dG9rZW4gYXMgZGVzY3JpYmVkIGluIFNlY3Rpb24gNS4xLiAgSWYgdGhlIHJlcXVlc3QgZmFpbGVk
IGNsaWVudAogICBhdXRoZW50aWNhdGlvbiBvciBpcyBpbnZhbGlkLCB0aGUgYXV0aG9yaXphdGlv
biBzZXJ2ZXIgcmV0dXJucyBhbgogICBlcnJvciByZXNwb25zZSBhcyBkZXNjcmliZWQgaW4gU2Vj
dGlvbiA1LjIuCgoKNS4gIElzc3VpbmcgYW4gQWNjZXNzIFRva2VuCgogICBJZiB0aGUgYWNjZXNz
IHRva2VuIHJlcXVlc3QgaXMgdmFsaWQgYW5kIGF1dGhvcml6ZWQsIHRoZQogICBhdXRob3JpemF0
aW9uIHNlcnZlciBpc3N1ZXMgYW4gYWNjZXNzIHRva2VuIGFuZCBvcHRpb25hbCByZWZyZXNoCiAg
IHRva2VuIGFzIGRlc2NyaWJlZCBpbiBTZWN0aW9uIDUuMS4gIElmIHRoZSByZXF1ZXN0IGZhaWxl
ZCBjbGllbnQKICAgYXV0aGVudGljYXRpb24gb3IgaXMgaW52YWxpZCwgdGhlIGF1dGhvcml6YXRp
b24gc2VydmVyIHJldHVybnMgYW4KICAgZXJyb3IgcmVzcG9uc2UgYXMgZGVzY3JpYmVkIGluIFNl
Y3Rpb24gNS4yLgoKNS4xLiAgU3VjY2Vzc2Z1bCBSZXNwb25zZQoKICAgVGhlIGF1dGhvcml6YXRp
b24gc2VydmVyIGlzc3VlcyBhbiBhY2Nlc3MgdG9rZW4gYW5kIG9wdGlvbmFsIHJlZnJlc2gKICAg
dG9rZW4sIGFuZCBjb25zdHJ1Y3RzIHRoZSByZXNwb25zZSBieSBhZGRpbmcgdGhlIGZvbGxvd2lu
ZyBwYXJhbWV0ZXJzCiAgIHRvIHRoZSBlbnRpdHkgYm9keSBvZiB0aGUgSFRUUCByZXNwb25zZSB3
aXRoIGEgMjAwIChPSykgc3RhdHVzIGNvZGU6CgogICBhY2Nlc3NfdG9rZW4KICAgICAgICAgUkVR
VUlSRUQuICBUaGUgYWNjZXNzIHRva2VuIGlzc3VlZCBieSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2
ZXIuCiAgIHRva2VuX3R5cGUKICAgICAgICAgUkVRVUlSRUQuICBUaGUgdHlwZSBvZiB0aGUgdG9r
ZW4gaXNzdWVkIGFzIGRlc2NyaWJlZCBpbgogICAgICAgICBTZWN0aW9uIDcuMS4gIFZhbHVlIGlz
IGNhc2UgaW5zZW5zaXRpdmUuCiAgIGV4cGlyZXNfaW4KICAgICAgICAgUkVDT01NRU5ERUQuICBU
aGUgbGlmZXRpbWUgaW4gc2Vjb25kcyBvZiB0aGUgYWNjZXNzIHRva2VuLiAgRm9yCiAgICAgICAg
IGV4YW1wbGUsIHRoZSB2YWx1ZSAiMzYwMCIgZGVub3RlcyB0aGF0IHRoZSBhY2Nlc3MgdG9rZW4g
d2lsbAogICAgICAgICBleHBpcmUgaW4gb25lIGhvdXIgZnJvbSB0aGUgdGltZSB0aGUgcmVzcG9u
c2Ugd2FzIGdlbmVyYXRlZC4KICAgICAgICAgSWYgb21pdHRlZCwgdGhlIGF1dGhvcml6YXRpb24g
c2VydmVyIFNIT1VMRCBwcm92aWRlIHRoZQogICAgICAgICBleHBpcmF0aW9uIHRpbWUgdmlhIG90
aGVyIG1lYW5zIG9yIGRvY3VtZW50IHRoZSBkZWZhdWx0IHZhbHVlLgogICByZWZyZXNoX3Rva2Vu
CiAgICAgICAgIE9QVElPTkFMLiAgVGhlIHJlZnJlc2ggdG9rZW4gd2hpY2ggY2FuIGJlIHVzZWQg
dG8gb2J0YWluIG5ldwogICAgICAgICBhY2Nlc3MgdG9rZW5zIHVzaW5nIHRoZSBzYW1lIGF1dGhv
cml6YXRpb24gZ3JhbnQgYXMgZGVzY3JpYmVkCiAgICAgICAgIGluIFNlY3Rpb24gNi4KICAgc2Nv
cGUKICAgICAgICAgT1BUSU9OQUwsIGlmIGlkZW50aWNhbCB0byB0aGUgc2NvcGUgcmVxdWVzdGVk
IGJ5IHRoZSBjbGllbnQsCiAgICAgICAgIG90aGVyd2lzZSBSRVFVSVJFRC4gIFRoZSBzY29wZSBv
ZiB0aGUgYWNjZXNzIHRva2VuIGFzIGRlc2NyaWJlZAogICAgICAgICBieSBTZWN0aW9uIDMuMy4K
CiAgIFRoZSBwYXJhbWV0ZXJzIGFyZSBpbmNsdWRlZCBpbiB0aGUgZW50aXR5IGJvZHkgb2YgdGhl
IEhUVFAgcmVzcG9uc2UKICAgdXNpbmcgdGhlICJhcHBsaWNhdGlvbi9qc29uIiBtZWRpYSB0eXBl
IGFzIGRlZmluZWQgYnkgW1JGQzQ2MjddLiAgVGhlCiAgIHBhcmFtZXRlcnMgYXJlIHNlcmlhbGl6
ZWQgaW50byBhIEpTT04gc3RydWN0dXJlIGJ5IGFkZGluZyBlYWNoCiAgIHBhcmFtZXRlciBhdCB0
aGUgaGlnaGVzdCBzdHJ1Y3R1cmUgbGV2ZWwuICBQYXJhbWV0ZXIgbmFtZXMgYW5kIHN0cmluZwoK
CgpIYW1tZXIsIGV0IGFsLiAgICAgICAgICBFeHBpcmVzIERlY2VtYmVyIDEsIDIwMTIgICAgICAg
ICAgICAgICBbUGFnZSA0MF0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIE9BdXRo
IDIuMCAgICAgICAgICAgICAgICAgICAgICAgTWF5IDIwMTIKCgogICB2YWx1ZXMgYXJlIGluY2x1
ZGVkIGFzIEpTT04gc3RyaW5ncy4gIE51bWVyaWNhbCB2YWx1ZXMgYXJlIGluY2x1ZGVkCiAgIGFz
IEpTT04gbnVtYmVycy4gIFRoZSBvcmRlciBvZiBwYXJhbWV0ZXJzIGRvZXMgbm90IG1hdHRlciBh
bmQgY2FuCiAgIHZhcnkuCgogICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBpbmNsdWRl
IHRoZSBIVFRQICJDYWNoZS1Db250cm9sIgogICByZXNwb25zZSBoZWFkZXIgZmllbGQgW1JGQzI2
MTZdIHdpdGggYSB2YWx1ZSBvZiAibm8tc3RvcmUiIGluIGFueQogICByZXNwb25zZSBjb250YWlu
aW5nIHRva2VucywgY3JlZGVudGlhbHMsIG9yIG90aGVyIHNlbnNpdGl2ZQogICBpbmZvcm1hdGlv
biwgYXMgd2VsbCBhcyB0aGUgIlByYWdtYSIgcmVzcG9uc2UgaGVhZGVyIGZpZWxkIFtSRkMyNjE2
XQogICB3aXRoIGEgdmFsdWUgb2YgIm5vLWNhY2hlIi4KCiAgIEZvciBleGFtcGxlOgoKCiAgICAg
SFRUUC8xLjEgMjAwIE9LCiAgICAgQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9qc29uO2NoYXJz
ZXQ9VVRGLTgKICAgICBDYWNoZS1Db250cm9sOiBuby1zdG9yZQogICAgIFByYWdtYTogbm8tY2Fj
aGUKCiAgICAgewogICAgICAgImFjY2Vzc190b2tlbiI6IjJZb3RuRlpGRWpyMXpDc2ljTVdwQUEi
LAogICAgICAgInRva2VuX3R5cGUiOiJleGFtcGxlIiwKICAgICAgICJleHBpcmVzX2luIjozNjAw
LAogICAgICAgInJlZnJlc2hfdG9rZW4iOiJ0R3p2M0pPa0YwWEc1UXgyVGxLV0lBIiwKICAgICAg
ICJleGFtcGxlX3BhcmFtZXRlciI6ImV4YW1wbGVfdmFsdWUiCiAgICAgfQoKCiAgIFRoZSBjbGll
bnQgTVVTVCBpZ25vcmUgdW5yZWNvZ25pemVkIHZhbHVlIG5hbWVzIGluIHRoZSByZXNwb25zZS4g
IFRoZQogICBzaXplcyBvZiB0b2tlbnMgYW5kIG90aGVyIHZhbHVlcyByZWNlaXZlZCBmcm9tIHRo
ZSBhdXRob3JpemF0aW9uCiAgIHNlcnZlciBhcmUgbGVmdCB1bmRlZmluZWQuICBUaGUgY2xpZW50
IHNob3VsZCBhdm9pZCBtYWtpbmcKICAgYXNzdW1wdGlvbnMgYWJvdXQgdmFsdWUgc2l6ZXMuICBU
aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgU0hPVUxECiAgIGRvY3VtZW50IHRoZSBzaXplIG9mIGFu
eSB2YWx1ZSBpdCBpc3N1ZXMuCgo1LjIuICBFcnJvciBSZXNwb25zZQoKICAgVGhlIGF1dGhvcml6
YXRpb24gc2VydmVyIHJlc3BvbmRzIHdpdGggYW4gSFRUUCA0MDAgKEJhZCBSZXF1ZXN0KQogICBz
dGF0dXMgY29kZSAodW5sZXNzIHNwZWNpZmllZCBvdGhlcndpc2UpIGFuZCBpbmNsdWRlcyB0aGUg
Zm9sbG93aW5nCiAgIHBhcmFtZXRlcnMgd2l0aCB0aGUgcmVzcG9uc2U6CgogICBlcnJvcgogICAg
ICAgICBSRVFVSVJFRC4gIEEgc2luZ2xlIEFTQ0lJIFtVU0FTQ0lJXSBlcnJvciBjb2RlIGZyb20g
dGhlCiAgICAgICAgIGZvbGxvd2luZzoKICAgICAgICAgaW52YWxpZF9yZXF1ZXN0CiAgICAgICAg
ICAgICAgIFRoZSByZXF1ZXN0IGlzIG1pc3NpbmcgYSByZXF1aXJlZCBwYXJhbWV0ZXIsIGluY2x1
ZGVzIGFuCiAgICAgICAgICAgICAgIHVuc3VwcG9ydGVkIHBhcmFtZXRlciB2YWx1ZSAob3RoZXIg
dGhhbiBncmFudCB0eXBlKSwKICAgICAgICAgICAgICAgcmVwZWF0cyBhIHBhcmFtZXRlciwgaW5j
bHVkZXMgbXVsdGlwbGUgY3JlZGVudGlhbHMsCiAgICAgICAgICAgICAgIHV0aWxpemVzIG1vcmUg
dGhhbiBvbmUgbWVjaGFuaXNtIGZvciBhdXRoZW50aWNhdGluZyB0aGUKICAgICAgICAgICAgICAg
Y2xpZW50LCBvciBpcyBvdGhlcndpc2UgbWFsZm9ybWVkLgoKCgpIYW1tZXIsIGV0IGFsLiAgICAg
ICAgICBFeHBpcmVzIERlY2VtYmVyIDEsIDIwMTIgICAgICAgICAgICAgICBbUGFnZSA0MV0KDApJ
bnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAg
ICAgICAgTWF5IDIwMTIKCgogICAgICAgICBpbnZhbGlkX2NsaWVudAogICAgICAgICAgICAgICBD
bGllbnQgYXV0aGVudGljYXRpb24gZmFpbGVkIChlLmcuIHVua25vd24gY2xpZW50LCBubwogICAg
ICAgICAgICAgICBjbGllbnQgYXV0aGVudGljYXRpb24gaW5jbHVkZWQsIG9yIHVuc3VwcG9ydGVk
CiAgICAgICAgICAgICAgIGF1dGhlbnRpY2F0aW9uIG1ldGhvZCkuICBUaGUgYXV0aG9yaXphdGlv
biBzZXJ2ZXIgTUFZCiAgICAgICAgICAgICAgIHJldHVybiBhbiBIVFRQIDQwMSAoVW5hdXRob3Jp
emVkKSBzdGF0dXMgY29kZSB0byBpbmRpY2F0ZQogICAgICAgICAgICAgICB3aGljaCBIVFRQIGF1
dGhlbnRpY2F0aW9uIHNjaGVtZXMgYXJlIHN1cHBvcnRlZC4gIElmIHRoZQogICAgICAgICAgICAg
ICBjbGllbnQgYXR0ZW1wdGVkIHRvIGF1dGhlbnRpY2F0ZSB2aWEgdGhlICJBdXRob3JpemF0aW9u
IgogICAgICAgICAgICAgICByZXF1ZXN0IGhlYWRlciBmaWVsZCwgdGhlIGF1dGhvcml6YXRpb24g
c2VydmVyIE1VU1QKICAgICAgICAgICAgICAgcmVzcG9uZCB3aXRoIGFuIEhUVFAgNDAxIChVbmF1
dGhvcml6ZWQpIHN0YXR1cyBjb2RlLCBhbmQKICAgICAgICAgICAgICAgaW5jbHVkZSB0aGUgIldX
Vy1BdXRoZW50aWNhdGUiIHJlc3BvbnNlIGhlYWRlciBmaWVsZAogICAgICAgICAgICAgICBtYXRj
aGluZyB0aGUgYXV0aGVudGljYXRpb24gc2NoZW1lIHVzZWQgYnkgdGhlIGNsaWVudC4KICAgICAg
ICAgaW52YWxpZF9ncmFudAogICAgICAgICAgICAgICBUaGUgcHJvdmlkZWQgYXV0aG9yaXphdGlv
biBncmFudCAoZS5nLiBhdXRob3JpemF0aW9uCiAgICAgICAgICAgICAgIGNvZGUsIHJlc291cmNl
IG93bmVyIGNyZWRlbnRpYWxzKSBvciByZWZyZXNoIHRva2VuIGlzCiAgICAgICAgICAgICAgIGlu
dmFsaWQsIGV4cGlyZWQsIHJldm9rZWQsIGRvZXMgbm90IG1hdGNoIHRoZSByZWRpcmVjdGlvbgog
ICAgICAgICAgICAgICBVUkkgdXNlZCBpbiB0aGUgYXV0aG9yaXphdGlvbiByZXF1ZXN0LCBvciB3
YXMgaXNzdWVkIHRvCiAgICAgICAgICAgICAgIGFub3RoZXIgY2xpZW50LgogICAgICAgICB1bmF1
dGhvcml6ZWRfY2xpZW50CiAgICAgICAgICAgICAgIFRoZSBhdXRoZW50aWNhdGVkIGNsaWVudCBp
cyBub3QgYXV0aG9yaXplZCB0byB1c2UgdGhpcwogICAgICAgICAgICAgICBhdXRob3JpemF0aW9u
IGdyYW50IHR5cGUuCiAgICAgICAgIHVuc3VwcG9ydGVkX2dyYW50X3R5cGUKICAgICAgICAgICAg
ICAgVGhlIGF1dGhvcml6YXRpb24gZ3JhbnQgdHlwZSBpcyBub3Qgc3VwcG9ydGVkIGJ5IHRoZQog
ICAgICAgICAgICAgICBhdXRob3JpemF0aW9uIHNlcnZlci4KICAgICAgICAgaW52YWxpZF9zY29w
ZQogICAgICAgICAgICAgICBUaGUgcmVxdWVzdGVkIHNjb3BlIGlzIGludmFsaWQsIHVua25vd24s
IG1hbGZvcm1lZCwgb3IKICAgICAgICAgICAgICAgZXhjZWVkcyB0aGUgc2NvcGUgZ3JhbnRlZCBi
eSB0aGUgcmVzb3VyY2Ugb3duZXIuCiAgICAgICAgIFZhbHVlcyBmb3IgdGhlICJlcnJvciIgcGFy
YW1ldGVyIE1VU1QgTk9UIGluY2x1ZGUgY2hhcmFjdGVycwogICAgICAgICBvdXRzaWRlIHRoZSBz
ZXQgJXgyMC0yMSAvICV4MjMtNUIgLyAleDVELTdFLgogICBlcnJvcl9kZXNjcmlwdGlvbgogICAg
ICAgICBPUFRJT05BTC4gIEEgaHVtYW4tcmVhZGFibGUgQVNDSUkgW1VTQVNDSUldIHRleHQgcHJv
dmlkaW5nCiAgICAgICAgIGFkZGl0aW9uYWwgaW5mb3JtYXRpb24sIHVzZWQgdG8gYXNzaXN0IHRo
ZSBjbGllbnQgZGV2ZWxvcGVyIGluCiAgICAgICAgIHVuZGVyc3RhbmRpbmcgdGhlIGVycm9yIHRo
YXQgb2NjdXJyZWQuCiAgICAgICAgIFZhbHVlcyBmb3IgdGhlICJlcnJvcl9kZXNjcmlwdGlvbiIg
cGFyYW1ldGVyIE1VU1QgTk9UIGluY2x1ZGUKICAgICAgICAgY2hhcmFjdGVycyBvdXRzaWRlIHRo
ZSBzZXQgJXgyMC0yMSAvICV4MjMtNUIgLyAleDVELTdFLgogICBlcnJvcl91cmkKICAgICAgICAg
T1BUSU9OQUwuICBBIFVSSSBpZGVudGlmeWluZyBhIGh1bWFuLXJlYWRhYmxlIHdlYiBwYWdlIHdp
dGgKICAgICAgICAgaW5mb3JtYXRpb24gYWJvdXQgdGhlIGVycm9yLCB1c2VkIHRvIHByb3ZpZGUg
dGhlIGNsaWVudAogICAgICAgICBkZXZlbG9wZXIgd2l0aCBhZGRpdGlvbmFsIGluZm9ybWF0aW9u
IGFib3V0IHRoZSBlcnJvci4KICAgICAgICAgVmFsdWVzIGZvciB0aGUgImVycm9yX3VyaSIgcGFy
YW1ldGVyIE1VU1QgY29uZm9ybSB0byB0aGUgVVJJLQogICAgICAgICBSZWZlcmVuY2Ugc3ludGF4
LCBhbmQgdGh1cyBNVVNUIE5PVCBpbmNsdWRlIGNoYXJhY3RlcnMgb3V0c2lkZQogICAgICAgICB0
aGUgc2V0ICV4MjEgLyAleDIzLTVCIC8gJXg1RC03RS4KCiAgIFRoZSBwYXJhbWV0ZXJzIGFyZSBp
bmNsdWRlZCBpbiB0aGUgZW50aXR5IGJvZHkgb2YgdGhlIEhUVFAgcmVzcG9uc2UKICAgdXNpbmcg
dGhlICJhcHBsaWNhdGlvbi9qc29uIiBtZWRpYSB0eXBlIGFzIGRlZmluZWQgYnkgW1JGQzQ2Mjdd
LiAgVGhlCiAgIHBhcmFtZXRlcnMgYXJlIHNlcmlhbGl6ZWQgaW50byBhIEpTT04gc3RydWN0dXJl
IGJ5IGFkZGluZyBlYWNoCiAgIHBhcmFtZXRlciBhdCB0aGUgaGlnaGVzdCBzdHJ1Y3R1cmUgbGV2
ZWwuICBQYXJhbWV0ZXIgbmFtZXMgYW5kIHN0cmluZwogICB2YWx1ZXMgYXJlIGluY2x1ZGVkIGFz
IEpTT04gc3RyaW5ncy4gIE51bWVyaWNhbCB2YWx1ZXMgYXJlIGluY2x1ZGVkCiAgIGFzIEpTT04g
bnVtYmVycy4gIFRoZSBvcmRlciBvZiBwYXJhbWV0ZXJzIGRvZXMgbm90IG1hdHRlciBhbmQgY2Fu
CgoKCkhhbW1lciwgZXQgYWwuICAgICAgICAgIEV4cGlyZXMgRGVjZW1iZXIgMSwgMjAxMiAgICAg
ICAgICAgICAgIFtQYWdlIDQyXQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1
dGggMi4wICAgICAgICAgICAgICAgICAgICAgICBNYXkgMjAxMgoKCiAgIHZhcnkuCgogICBGb3Ig
ZXhhbXBsZToKCgogICAgIEhUVFAvMS4xIDQwMCBCYWQgUmVxdWVzdAogICAgIENvbnRlbnQtVHlw
ZTogYXBwbGljYXRpb24vanNvbjtjaGFyc2V0PVVURi04CiAgICAgQ2FjaGUtQ29udHJvbDogbm8t
c3RvcmUKICAgICBQcmFnbWE6IG5vLWNhY2hlCgogICAgIHsKICAgICAgICJlcnJvciI6ImludmFs
aWRfcmVxdWVzdCIKICAgICB9CgoKCjYuICBSZWZyZXNoaW5nIGFuIEFjY2VzcyBUb2tlbgoKICAg
SWYgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGlzc3VlZCBhIHJlZnJlc2ggdG9rZW4gdG8gdGhl
IGNsaWVudCwgdGhlCiAgIGNsaWVudCBtYWtlcyBhIHJlZnJlc2ggcmVxdWVzdCB0byB0aGUgdG9r
ZW4gZW5kcG9pbnQgYnkgYWRkaW5nIHRoZQogICBmb2xsb3dpbmcgcGFyYW1ldGVycyB1c2luZyB0
aGUgImFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZCIKICAgZm9ybWF0IGluIHRoZSBI
VFRQIHJlcXVlc3QgZW50aXR5LWJvZHk6CgogICBncmFudF90eXBlCiAgICAgICAgIFJFUVVJUkVE
LiAgVmFsdWUgTVVTVCBiZSBzZXQgdG8gInJlZnJlc2hfdG9rZW4iLgogICByZWZyZXNoX3Rva2Vu
CiAgICAgICAgIFJFUVVJUkVELiAgVGhlIHJlZnJlc2ggdG9rZW4gaXNzdWVkIHRvIHRoZSBjbGll
bnQuCiAgIHNjb3BlCiAgICAgICAgIE9QVElPTkFMLiAgVGhlIHNjb3BlIG9mIHRoZSBhY2Nlc3Mg
cmVxdWVzdCBhcyBkZXNjcmliZWQgYnkKICAgICAgICAgU2VjdGlvbiAzLjMuICBUaGUgcmVxdWVz
dGVkIHNjb3BlIE1VU1QgTk9UIGluY2x1ZGUgYW55IHNjb3BlCiAgICAgICAgIG5vdCBvcmlnaW5h
bGx5IGdyYW50ZWQgYnkgdGhlIHJlc291cmNlIG93bmVyLCBhbmQgaWYgb21pdHRlZCBpcwogICAg
ICAgICB0cmVhdGVkIGFzIGVxdWFsIHRvIHRoZSBzY29wZSBvcmlnaW5hbGx5IGdyYW50ZWQgYnkg
dGhlCiAgICAgICAgIHJlc291cmNlIG93bmVyLgoKICAgQmVjYXVzZSByZWZyZXNoIHRva2VucyBh
cmUgdHlwaWNhbGx5IGxvbmctbGFzdGluZyBjcmVkZW50aWFscyB1c2VkIHRvCiAgIHJlcXVlc3Qg
YWRkaXRpb25hbCBhY2Nlc3MgdG9rZW5zLCB0aGUgcmVmcmVzaCB0b2tlbiBpcyBib3VuZCB0byB0
aGUKICAgY2xpZW50IHdoaWNoIGl0IHdhcyBpc3N1ZWQuICBJZiB0aGUgY2xpZW50IHR5cGUgaXMg
Y29uZmlkZW50aWFsIG9yCiAgIHRoZSBjbGllbnQgd2FzIGlzc3VlZCBjbGllbnQgY3JlZGVudGlh
bHMgKG9yIGFzc2lnbmVkIG90aGVyCiAgIGF1dGhlbnRpY2F0aW9uIHJlcXVpcmVtZW50cyksIHRo
ZSBjbGllbnQgTVVTVCBhdXRoZW50aWNhdGUgd2l0aCB0aGUKICAgYXV0aG9yaXphdGlvbiBzZXJ2
ZXIgYXMgZGVzY3JpYmVkIGluIFNlY3Rpb24gMy4yLjEuCgoKCgoKCgoKCgoKSGFtbWVyLCBldCBh
bC4gICAgICAgICAgRXhwaXJlcyBEZWNlbWJlciAxLCAyMDEyICAgICAgICAgICAgICAgW1BhZ2Ug
NDNdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBPQXV0aCAyLjAgICAgICAgICAg
ICAgICAgICAgICAgIE1heSAyMDEyCgoKICAgRm9yIGV4YW1wbGUsIHRoZSBjbGllbnQgbWFrZXMg
dGhlIGZvbGxvd2luZyBIVFRQIHJlcXVlc3QgdXNpbmcKICAgdHJhbnNwb3J0LWxheWVyIHNlY3Vy
aXR5IChleHRyYSBsaW5lIGJyZWFrcyBhcmUgZm9yIGRpc3BsYXkgcHVycG9zZXMKICAgb25seSk6
CgoKICAgICBQT1NUIC90b2tlbiBIVFRQLzEuMQogICAgIEhvc3Q6IHNlcnZlci5leGFtcGxlLmNv
bQogICAgIEF1dGhvcml6YXRpb246IEJhc2ljIGN6WkNhR1JTYTNGME16cG5XREZtUW1GME0ySlcK
ICAgICBDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZDtjaGFy
c2V0PVVURi04CgogICAgIGdyYW50X3R5cGU9cmVmcmVzaF90b2tlbiZyZWZyZXNoX3Rva2VuPXRH
enYzSk9rRjBYRzVReDJUbEtXSUEKCgogICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVDoK
CiAgIG8gIHJlcXVpcmUgY2xpZW50IGF1dGhlbnRpY2F0aW9uIGZvciBjb25maWRlbnRpYWwgY2xp
ZW50cyBvciBmb3IgYW55CiAgICAgIGNsaWVudCB0aGF0IHdhcyBpc3N1ZWQgY2xpZW50IGNyZWRl
bnRpYWxzIChvciB3aXRoIG90aGVyCiAgICAgIGF1dGhlbnRpY2F0aW9uIHJlcXVpcmVtZW50cyks
CiAgIG8gIGF1dGhlbnRpY2F0ZSB0aGUgY2xpZW50IGlmIGNsaWVudCBhdXRoZW50aWNhdGlvbiBp
cyBpbmNsdWRlZCBhbmQKICAgICAgZW5zdXJlIHRoZSByZWZyZXNoIHRva2VuIHdhcyBpc3N1ZWQg
dG8gdGhlIGF1dGhlbnRpY2F0ZWQgY2xpZW50LAogICAgICBhbmQKICAgbyAgdmFsaWRhdGUgdGhl
IHJlZnJlc2ggdG9rZW4uCgogICBJZiB2YWxpZCBhbmQgYXV0aG9yaXplZCwgdGhlIGF1dGhvcml6
YXRpb24gc2VydmVyIGlzc3VlcyBhbiBhY2Nlc3MKICAgdG9rZW4gYXMgZGVzY3JpYmVkIGluIFNl
Y3Rpb24gNS4xLiAgSWYgdGhlIHJlcXVlc3QgZmFpbGVkCiAgIHZlcmlmaWNhdGlvbiBvciBpcyBp
bnZhbGlkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgcmV0dXJucyBhbiBlcnJvcgogICByZXNw
b25zZSBhcyBkZXNjcmliZWQgaW4gU2VjdGlvbiA1LjIuCgogICBUaGUgYXV0aG9yaXphdGlvbiBz
ZXJ2ZXIgTUFZIGlzc3VlIGEgbmV3IHJlZnJlc2ggdG9rZW4sIGluIHdoaWNoIGNhc2UKICAgdGhl
IGNsaWVudCBNVVNUIGRpc2NhcmQgdGhlIG9sZCByZWZyZXNoIHRva2VuIGFuZCByZXBsYWNlIGl0
IHdpdGggdGhlCiAgIG5ldyByZWZyZXNoIHRva2VuLiAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVy
IE1BWSByZXZva2UgdGhlIG9sZAogICByZWZyZXNoIHRva2VuIGFmdGVyIGlzc3VpbmcgYSBuZXcg
cmVmcmVzaCB0b2tlbiB0byB0aGUgY2xpZW50LiAgSWYgYQogICBuZXcgcmVmcmVzaCB0b2tlbiBp
cyBpc3N1ZWQsIHRoZSByZWZyZXNoIHRva2VuIHNjb3BlIE1VU1QgYmUKICAgaWRlbnRpY2FsIHRv
IHRoYXQgb2YgdGhlIHJlZnJlc2ggdG9rZW4gaW5jbHVkZWQgYnkgdGhlIGNsaWVudCBpbiB0aGUK
ICAgcmVxdWVzdC4KCgo3LiAgQWNjZXNzaW5nIFByb3RlY3RlZCBSZXNvdXJjZXMKCiAgIFRoZSBj
bGllbnQgYWNjZXNzZXMgcHJvdGVjdGVkIHJlc291cmNlcyBieSBwcmVzZW50aW5nIHRoZSBhY2Nl
c3MKICAgdG9rZW4gdG8gdGhlIHJlc291cmNlIHNlcnZlci4gIFRoZSByZXNvdXJjZSBzZXJ2ZXIg
TVVTVCB2YWxpZGF0ZSB0aGUKICAgYWNjZXNzIHRva2VuIGFuZCBlbnN1cmUgaXQgaGFzIG5vdCBl
eHBpcmVkIGFuZCB0aGF0IGl0cyBzY29wZSBjb3ZlcnMKICAgdGhlIHJlcXVlc3RlZCByZXNvdXJj
ZS4gIFRoZSBtZXRob2RzIHVzZWQgYnkgdGhlIHJlc291cmNlIHNlcnZlciB0bwogICB2YWxpZGF0
ZSB0aGUgYWNjZXNzIHRva2VuIChhcyB3ZWxsIGFzIGFueSBlcnJvciByZXNwb25zZXMpIGFyZSBi
ZXlvbmQKICAgdGhlIHNjb3BlIG9mIHRoaXMgc3BlY2lmaWNhdGlvbiwgYnV0IGdlbmVyYWxseSBp
bnZvbHZlIGFuIGludGVyYWN0aW9uCiAgIG9yIGNvb3JkaW5hdGlvbiBiZXR3ZWVuIHRoZSByZXNv
dXJjZSBzZXJ2ZXIgYW5kIHRoZSBhdXRob3JpemF0aW9uCiAgIHNlcnZlci4KCgoKCkhhbW1lciwg
ZXQgYWwuICAgICAgICAgIEV4cGlyZXMgRGVjZW1iZXIgMSwgMjAxMiAgICAgICAgICAgICAgIFtQ
YWdlIDQ0XQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAg
ICAgICAgICAgICAgICAgICBNYXkgMjAxMgoKCiAgIFRoZSBtZXRob2QgaW4gd2hpY2ggdGhlIGNs
aWVudCB1dGlsaXplcyB0aGUgYWNjZXNzIHRva2VuIHRvCiAgIGF1dGhlbnRpY2F0ZSB3aXRoIHRo
ZSByZXNvdXJjZSBzZXJ2ZXIgZGVwZW5kcyBvbiB0aGUgdHlwZSBvZiBhY2Nlc3MKICAgdG9rZW4g
aXNzdWVkIGJ5IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4gIFR5cGljYWxseSwgaXQgaW52b2x2
ZXMKICAgdXNpbmcgdGhlIEhUVFAgIkF1dGhvcml6YXRpb24iIHJlcXVlc3QgaGVhZGVyIGZpZWxk
IFtSRkMyNjE3XSB3aXRoIGFuCiAgIGF1dGhlbnRpY2F0aW9uIHNjaGVtZSBkZWZpbmVkIGJ5IHRo
ZSBhY2Nlc3MgdG9rZW4gdHlwZSBzcGVjaWZpY2F0aW9uLgoKNy4xLiAgQWNjZXNzIFRva2VuIFR5
cGVzCgogICBUaGUgYWNjZXNzIHRva2VuIHR5cGUgcHJvdmlkZXMgdGhlIGNsaWVudCB3aXRoIHRo
ZSBpbmZvcm1hdGlvbgogICByZXF1aXJlZCB0byBzdWNjZXNzZnVsbHkgdXRpbGl6ZSB0aGUgYWNj
ZXNzIHRva2VuIHRvIG1ha2UgYSBwcm90ZWN0ZWQKICAgcmVzb3VyY2UgcmVxdWVzdCAoYWxvbmcg
d2l0aCB0eXBlLXNwZWNpZmljIGF0dHJpYnV0ZXMpLiAgVGhlIGNsaWVudAogICBNVVNUIE5PVCB1
c2UgYW4gYWNjZXNzIHRva2VuIGlmIGl0IGRvZXMgbm90IHVuZGVyc3RhbmQgdGhlIHRva2VuCiAg
IHR5cGUuCgogICBGb3IgZXhhbXBsZSwgdGhlICJiZWFyZXIiIHRva2VuIHR5cGUgZGVmaW5lZCBp
bgogICBbSS1ELmlldGYtb2F1dGgtdjItYmVhcmVyXSBpcyB1dGlsaXplZCBieSBzaW1wbHkgaW5j
bHVkaW5nIHRoZSBhY2Nlc3MKICAgdG9rZW4gc3RyaW5nIGluIHRoZSByZXF1ZXN0OgoKCiAgICAg
R0VUIC9yZXNvdXJjZS8xIEhUVFAvMS4xCiAgICAgSG9zdDogZXhhbXBsZS5jb20KICAgICBBdXRo
b3JpemF0aW9uOiBCZWFyZXIgbUZfOS5CNWYtNC4xSnFNCgoKICAgd2hpbGUgdGhlICJtYWMiIHRv
a2VuIHR5cGUgZGVmaW5lZCBpbiBbSS1ELmlldGYtb2F1dGgtdjItaHR0cC1tYWNdIGlzCiAgIHV0
aWxpemVkIGJ5IGlzc3VpbmcgYSBNQUMga2V5IHRvZ2V0aGVyIHdpdGggdGhlIGFjY2VzcyB0b2tl
biB3aGljaCBpcwogICB1c2VkIHRvIHNpZ24gY2VydGFpbiBjb21wb25lbnRzIG9mIHRoZSBIVFRQ
IHJlcXVlc3RzOgoKCiAgICAgR0VUIC9yZXNvdXJjZS8xIEhUVFAvMS4xCiAgICAgSG9zdDogZXhh
bXBsZS5jb20KICAgICBBdXRob3JpemF0aW9uOiBNQUMgaWQ9Img0ODBkanM5M2hkOCIsCiAgICAg
ICAgICAgICAgICAgICAgICAgIG5vbmNlPSIyNzQzMTI6ZGo4M2hzOXMiLAogICAgICAgICAgICAg
ICAgICAgICAgICBtYWM9ImtEWnZkZGtuZHh2aEdSWFpodnVEakVXaEdlRT0iCgoKICAgVGhlIGFi
b3ZlIGV4YW1wbGVzIGFyZSBwcm92aWRlZCBmb3IgaWxsdXN0cmF0aW9uIHB1cnBvc2VzIG9ubHku
CiAgIERldmVsb3BlcnMgYXJlIGFkdmlzZWQgdG8gY29uc3VsdCB0aGUgW0ktRC5pZXRmLW9hdXRo
LXYyLWJlYXJlcl0gYW5kCiAgIFtJLUQuaWV0Zi1vYXV0aC12Mi1odHRwLW1hY10gc3BlY2lmaWNh
dGlvbnMgYmVmb3JlIHVzZS4KCiAgIEVhY2ggYWNjZXNzIHRva2VuIHR5cGUgZGVmaW5pdGlvbiBz
cGVjaWZpZXMgdGhlIGFkZGl0aW9uYWwgYXR0cmlidXRlcwogICAoaWYgYW55KSBzZW50IHRvIHRo
ZSBjbGllbnQgdG9nZXRoZXIgd2l0aCB0aGUgImFjY2Vzc190b2tlbiIgcmVzcG9uc2UKICAgcGFy
YW1ldGVyLiAgSXQgYWxzbyBkZWZpbmVzIHRoZSBIVFRQIGF1dGhlbnRpY2F0aW9uIG1ldGhvZCB1
c2VkIHRvCiAgIGluY2x1ZGUgdGhlIGFjY2VzcyB0b2tlbiB3aGVuIG1ha2luZyBhIHByb3RlY3Rl
ZCByZXNvdXJjZSByZXF1ZXN0LgoKCgoKCgoKSGFtbWVyLCBldCBhbC4gICAgICAgICAgRXhwaXJl
cyBEZWNlbWJlciAxLCAyMDEyICAgICAgICAgICAgICAgW1BhZ2UgNDVdCgwKSW50ZXJuZXQtRHJh
ZnQgICAgICAgICAgICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAgICAgICAgIE1heSAy
MDEyCgoKNy4yLiAgRXJyb3IgUmVzcG9uc2UKCiAgIElmIGEgcmVzb3VyY2UgYWNjZXNzIHJlcXVl
c3QgZmFpbHMsIHRoZSByZXNvdXJjZSBzZXJ2ZXIgU0hPVUxEIGluZm9ybQogICB0aGUgY2xpZW50
IG9mIHRoZSBlcnJvci4gIFdoaWxlIHRoZSBzcGVjaWZpYyBlcnJvciByZXNwb25zZXMgcG9zc2li
bGUKICAgYW5kIG1ldGhvZHMgZm9yIHRyYW5zbWl0dGluZyB0aG9zZSBlcnJvcnMgd2hlbiB1c2lu
ZyBhbnkgcGFydGljdWxhcgogICBhY2Nlc3MgdG9rZW4gdHlwZSBhcmUgYmV5b25kIHRoZSBzY29w
ZSBvZiB0aGlzIHNwZWNpZmljYXRpb24sIGFueQogICAiZXJyb3IiIGNvZGUgdmFsdWVzIGRlZmlu
ZWQgZm9yIHVzZSB3aXRoIE9BdXRoIHJlc291cmNlIGFjY2VzcwogICBtZXRob2RzIE1VU1QgYmUg
cmVnaXN0ZXJlZCAoZm9sbG93aW5nIHRoZSBwcm9jZWR1cmVzIGluCiAgIFNlY3Rpb24gMTEuNCku
CgogICBTcGVjaWZpY2FsbHksIHdoZW4gdGhlIE9BdXRoIHJlc291cmNlIGFjY2VzcyBtZXRob2Qg
dXNlcyBhbiAiZXJyb3IiCiAgIHJlc3VsdCBwYXJhbWV0ZXIgdG8gcmV0dXJuIGFuIGVycm9yIGNv
ZGUgdmFsdWUgdGhhdCBpbmRpY2F0ZXMgdGhlCiAgIHJlc291cmNlIGFjY2VzcyBlcnJvciBlbmNv
dW50ZXJlZCwgdGhlbiB0aGVzZSBlcnJvciBjb2RlIHZhbHVlcyBNVVNUCiAgIGJlIHJlZ2lzdGVy
ZWQuICBWYWx1ZXMgZm9yIHRoZXNlICJlcnJvciIgY29kZXMgTVVTVCBOT1QgaW5jbHVkZQogICBj
aGFyYWN0ZXJzIG91dHNpZGUgdGhlIHNldCAleDIwLTIxIC8gJXgyMy01QiAvICV4NUQtN0UuIFdo
ZW4gYW4KICAgImVycm9yIiBjb2RlIHZhbHVlIGlzIHJlZ2lzdGVyZWQgZm9yIHVzZSBieSBhbiBP
QXV0aCByZXNvdXJjZSBhY2Nlc3MKICAgbWV0aG9kLCBzaG91bGQgdGhhdCBzYW1lIGNvZGUgYWxy
ZWFkeSBiZSByZWdpc3RlcmVkIGZvciB1c2UgYnkKICAgYW5vdGhlciBPQXV0aCByZXNvdXJjZSBh
Y2Nlc3MgbWV0aG9kIG9yIGF0IGEgZGlmZmVyZW50IE9BdXRoIGVycm9yCiAgIHVzYWdlIGxvY2F0
aW9uLCB0aGVuIHRoZSBtZWFuaW5nIG9mIHRoYXQgZXJyb3IgY29kZSB2YWx1ZSBpbiBpbiB0aGUK
ICAgbmV3IHJlZ2lzdHJhdGlvbiBNVVNUIGJlIGNvbnNpc3RlbnQgd2l0aCB0aGUgaXRzIG1lYW5p
bmcgaW4gcHJpb3IKICAgcmVnaXN0cmF0aW9ucy4KCiAgIFRoZSBPQXV0aCByZXNvdXJjZSBhY2Nl
c3MgZXJyb3IgcmVnaXN0cmF0aW9uIHJlcXVpcmVtZW50IGFwcGxpZXMgb25seQogICB0byAiZXJy
b3IiIGNvZGUgdmFsdWVzIGFuZCBub3QgdG8gb3RoZXIgbWVhbnMgb2YgcmV0dXJuaW5nIGVycm9y
CiAgIGluZGljYXRpb25zLCBpbmNsdWRpbmcgSFRUUCBzdGF0dXMgY29kZXMsIG9yIG90aGVyIGVy
cm9yLXJlbGF0ZWQKICAgcmVzdWx0IHBhcmFtZXRlcnMsIHN1Y2ggYXMgImVycm9yX2Rlc2NyaXB0
aW9uIiwgImVycm9yX3VyaSIsIG9yIG90aGVyCiAgIGtpbmRzIG9mIGVycm9yIHN0YXR1cyByZXR1
cm4gbWV0aG9kcyB0aGF0IG1heSBiZSBlbXBsb3llZCBieSB0aGUKICAgcmVzb3VyY2UgYWNjZXNz
IG1ldGhvZC4gIFRoZXJlIGlzIG5vIHJlcXVpcmVtZW50IHRoYXQgT0F1dGggcmVzb3VyY2UKICAg
YWNjZXNzIG1ldGhvZHMgZW1wbG95IGFuICJlcnJvciIgcGFyYW1ldGVyLgoKCjguICBFeHRlbnNp
YmlsaXR5Cgo4LjEuICBEZWZpbmluZyBBY2Nlc3MgVG9rZW4gVHlwZXMKCiAgIEFjY2VzcyB0b2tl
biB0eXBlcyBjYW4gYmUgZGVmaW5lZCBpbiBvbmUgb2YgdHdvIHdheXM6IHJlZ2lzdGVyZWQgaW4K
ICAgdGhlIGFjY2VzcyB0b2tlbiB0eXBlIHJlZ2lzdHJ5IChmb2xsb3dpbmcgdGhlIHByb2NlZHVy
ZXMgaW4KICAgU2VjdGlvbiAxMS4xKSwgb3IgYnkgdXNpbmcgYSB1bmlxdWUgYWJzb2x1dGUgVVJJ
IGFzIGl0cyBuYW1lLgoKICAgVHlwZXMgdXRpbGl6aW5nIGEgVVJJIG5hbWUgU0hPVUxEIGJlIGxp
bWl0ZWQgdG8gdmVuZG9yLXNwZWNpZmljCiAgIGltcGxlbWVudGF0aW9ucyB0aGF0IGFyZSBub3Qg
Y29tbW9ubHkgYXBwbGljYWJsZSwgYW5kIGFyZSBzcGVjaWZpYyB0bwogICB0aGUgaW1wbGVtZW50
YXRpb24gZGV0YWlscyBvZiB0aGUgcmVzb3VyY2Ugc2VydmVyIHdoZXJlIHRoZXkgYXJlCiAgIHVz
ZWQuCgogICBBbGwgb3RoZXIgdHlwZXMgTVVTVCBiZSByZWdpc3RlcmVkLiAgVHlwZSBuYW1lcyBN
VVNUIGNvbmZvcm0gdG8gdGhlCiAgIHR5cGUtbmFtZSBBQk5GLiAgSWYgdGhlIHR5cGUgZGVmaW5p
dGlvbiBpbmNsdWRlcyBhIG5ldyBIVFRQCiAgIGF1dGhlbnRpY2F0aW9uIHNjaGVtZSwgdGhlIHR5
cGUgbmFtZSBTSE9VTEQgYmUgaWRlbnRpY2FsIHRvIHRoZSBIVFRQCiAgIGF1dGhlbnRpY2F0aW9u
IHNjaGVtZSBuYW1lIChhcyBkZWZpbmVkIGJ5IFtSRkMyNjE3XSkuICBUaGUgdG9rZW4gdHlwZQoK
CgpIYW1tZXIsIGV0IGFsLiAgICAgICAgICBFeHBpcmVzIERlY2VtYmVyIDEsIDIwMTIgICAgICAg
ICAgICAgICBbUGFnZSA0Nl0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIE9BdXRo
IDIuMCAgICAgICAgICAgICAgICAgICAgICAgTWF5IDIwMTIKCgogICAiZXhhbXBsZSIgaXMgcmVz
ZXJ2ZWQgZm9yIHVzZSBpbiBleGFtcGxlcy4KCgogICAgIHR5cGUtbmFtZSAgPSAxKm5hbWUtY2hh
cgogICAgIG5hbWUtY2hhciAgID0gIi0iIC8gIi4iIC8gIl8iIC8gRElHSVQgLyBBTFBIQQoKCjgu
Mi4gIERlZmluaW5nIE5ldyBFbmRwb2ludCBQYXJhbWV0ZXJzCgogICBOZXcgcmVxdWVzdCBvciBy
ZXNwb25zZSBwYXJhbWV0ZXJzIGZvciB1c2Ugd2l0aCB0aGUgYXV0aG9yaXphdGlvbgogICBlbmRw
b2ludCBvciB0aGUgdG9rZW4gZW5kcG9pbnQgYXJlIGRlZmluZWQgYW5kIHJlZ2lzdGVyZWQgaW4g
dGhlCiAgIHBhcmFtZXRlcnMgcmVnaXN0cnkgZm9sbG93aW5nIHRoZSBwcm9jZWR1cmUgaW4gU2Vj
dGlvbiAxMS4yLgoKICAgUGFyYW1ldGVyIG5hbWVzIE1VU1QgY29uZm9ybSB0byB0aGUgcGFyYW0t
bmFtZSBBQk5GIGFuZCBwYXJhbWV0ZXIKICAgdmFsdWVzIHN5bnRheCBNVVNUIGJlIHdlbGwtZGVm
aW5lZCAoZS5nLiwgdXNpbmcgQUJORiwgb3IgYSByZWZlcmVuY2UKICAgdG8gdGhlIHN5bnRheCBv
ZiBhbiBleGlzdGluZyBwYXJhbWV0ZXIpLgoKCiAgICAgcGFyYW0tbmFtZSAgPSAxKm5hbWUtY2hh
cgogICAgIG5hbWUtY2hhciAgID0gIi0iIC8gIi4iIC8gIl8iIC8gRElHSVQgLyBBTFBIQQoKCiAg
IFVucmVnaXN0ZXJlZCB2ZW5kb3Itc3BlY2lmaWMgcGFyYW1ldGVyIGV4dGVuc2lvbnMgdGhhdCBh
cmUgbm90CiAgIGNvbW1vbmx5IGFwcGxpY2FibGUsIGFuZCBhcmUgc3BlY2lmaWMgdG8gdGhlIGlt
cGxlbWVudGF0aW9uIGRldGFpbHMKICAgb2YgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHdoZXJl
IHRoZXkgYXJlIHVzZWQgU0hPVUxEIHV0aWxpemUgYQogICB2ZW5kb3Itc3BlY2lmaWMgcHJlZml4
IHRoYXQgaXMgbm90IGxpa2VseSB0byBjb25mbGljdCB3aXRoIG90aGVyCiAgIHJlZ2lzdGVyZWQg
dmFsdWVzIChlLmcuIGJlZ2luIHdpdGggJ2NvbXBhbnluYW1lXycpLgoKOC4zLiAgRGVmaW5pbmcg
TmV3IEF1dGhvcml6YXRpb24gR3JhbnQgVHlwZXMKCiAgIE5ldyBhdXRob3JpemF0aW9uIGdyYW50
IHR5cGVzIGNhbiBiZSBkZWZpbmVkIGJ5IGFzc2lnbmluZyB0aGVtIGEKICAgdW5pcXVlIGFic29s
dXRlIFVSSSBmb3IgdXNlIHdpdGggdGhlICJncmFudF90eXBlIiBwYXJhbWV0ZXIuICBJZiB0aGUK
ICAgZXh0ZW5zaW9uIGdyYW50IHR5cGUgcmVxdWlyZXMgYWRkaXRpb25hbCB0b2tlbiBlbmRwb2lu
dCBwYXJhbWV0ZXJzLAogICB0aGV5IE1VU1QgYmUgcmVnaXN0ZXJlZCBpbiB0aGUgT0F1dGggcGFy
YW1ldGVycyByZWdpc3RyeSBhcyBkZXNjcmliZWQKICAgYnkgU2VjdGlvbiAxMS4yLgoKOC40LiAg
RGVmaW5pbmcgTmV3IEF1dGhvcml6YXRpb24gRW5kcG9pbnQgUmVzcG9uc2UgVHlwZXMKCiAgIE5l
dyByZXNwb25zZSB0eXBlcyBmb3IgdXNlIHdpdGggdGhlIGF1dGhvcml6YXRpb24gZW5kcG9pbnQg
YXJlCiAgIGRlZmluZWQgYW5kIHJlZ2lzdGVyZWQgaW4gdGhlIGF1dGhvcml6YXRpb24gZW5kcG9p
bnQgcmVzcG9uc2UgdHlwZQogICByZWdpc3RyeSBmb2xsb3dpbmcgdGhlIHByb2NlZHVyZSBpbiBT
ZWN0aW9uIDExLjMuICBSZXNwb25zZSB0eXBlCiAgIG5hbWVzIE1VU1QgY29uZm9ybSB0byB0aGUg
cmVzcG9uc2UtdHlwZSBBQk5GLgoKCiAgICAgcmVzcG9uc2UtdHlwZSAgPSByZXNwb25zZS1uYW1l
ICooIFNQIHJlc3BvbnNlLW5hbWUgKQogICAgIHJlc3BvbnNlLW5hbWUgID0gMSpyZXNwb25zZS1j
aGFyCiAgICAgcmVzcG9uc2UtY2hhciAgPSAiXyIgLyBESUdJVCAvIEFMUEhBCgoKCgpIYW1tZXIs
IGV0IGFsLiAgICAgICAgICBFeHBpcmVzIERlY2VtYmVyIDEsIDIwMTIgICAgICAgICAgICAgICBb
UGFnZSA0N10KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAg
ICAgICAgICAgICAgICAgICAgTWF5IDIwMTIKCgogICBJZiBhIHJlc3BvbnNlIHR5cGUgY29udGFp
bnMgb25lIG9yIG1vcmUgc3BhY2UgY2hhcmFjdGVycyAoJXgyMCksIGl0CiAgIGlzIGNvbXBhcmVk
IGFzIGEgc3BhY2UtZGVsaW1pdGVkIGxpc3Qgb2YgdmFsdWVzIGluIHdoaWNoIHRoZSBvcmRlciBv
ZgogICB2YWx1ZXMgZG9lcyBub3QgbWF0dGVyLiAgT25seSBvbmUgb3JkZXIgb2YgdmFsdWVzIGNh
biBiZSByZWdpc3RlcmVkLAogICB3aGljaCBjb3ZlcnMgYWxsIG90aGVyIGFycmFuZ2VtZW50cyBv
ZiB0aGUgc2FtZSBzZXQgb2YgdmFsdWVzLgoKICAgRm9yIGV4YW1wbGUsIHRoZSByZXNwb25zZSB0
eXBlICJ0b2tlbiBjb2RlIiBpcyBsZWZ0IHVuZGVmaW5lZCBieSB0aGlzCiAgIHNwZWNpZmljYXRp
b24uICBIb3dldmVyLCBhbiBleHRlbnNpb24gY2FuIGRlZmluZSBhbmQgcmVnaXN0ZXIgdGhlCiAg
ICJ0b2tlbiBjb2RlIiByZXNwb25zZSB0eXBlLiAgT25jZSByZWdpc3RlcmVkLCB0aGUgc2FtZSBj
b21iaW5hdGlvbgogICBjYW5ub3QgYmUgcmVnaXN0ZXJlZCBhcyAiY29kZSB0b2tlbiIsIGJ1dCBi
b3RoIHZhbHVlcyBjYW4gYmUgdXNlZCB0bwogICBkZW5vdGUgdGhlIHNhbWUgcmVzcG9uc2UgdHlw
ZS4KCjguNS4gIERlZmluaW5nIEFkZGl0aW9uYWwgRXJyb3IgQ29kZXMKCiAgIEluIGNhc2VzIHdo
ZXJlIHByb3RvY29sIGV4dGVuc2lvbnMgKGkuZS4gYWNjZXNzIHRva2VuIHR5cGVzLAogICBleHRl
bnNpb24gcGFyYW1ldGVycywgb3IgZXh0ZW5zaW9uIGdyYW50IHR5cGVzKSByZXF1aXJlIGFkZGl0
aW9uYWwKICAgZXJyb3IgY29kZXMgdG8gYmUgdXNlZCB3aXRoIHRoZSBhdXRob3JpemF0aW9uIGNv
ZGUgZ3JhbnQgZXJyb3IKICAgcmVzcG9uc2UgKFNlY3Rpb24gNC4xLjIuMSksIHRoZSBpbXBsaWNp
dCBncmFudCBlcnJvciByZXNwb25zZQogICAoU2VjdGlvbiA0LjIuMi4xKSwgdGhlIHRva2VuIGVy
cm9yIHJlc3BvbnNlIChTZWN0aW9uIDUuMiksIG9yIHRoZQogICByZXNvdXJjZSBhY2Nlc3MgZXJy
b3IgcmVzcG9uc2UgKFNlY3Rpb24gNy4yKSwgc3VjaCBlcnJvciBjb2RlcyBNQVkgYmUKICAgZGVm
aW5lZC4KCiAgIEV4dGVuc2lvbiBlcnJvciBjb2RlcyBNVVNUIGJlIHJlZ2lzdGVyZWQgKGZvbGxv
d2luZyB0aGUgcHJvY2VkdXJlcyBpbgogICBTZWN0aW9uIDExLjQpIGlmIHRoZSBleHRlbnNpb24g
dGhleSBhcmUgdXNlZCBpbiBjb25qdW5jdGlvbiB3aXRoIGlzIGEKICAgcmVnaXN0ZXJlZCBhY2Nl
c3MgdG9rZW4gdHlwZSwgYSByZWdpc3RlcmVkIGVuZHBvaW50IHBhcmFtZXRlciwgb3IgYW4KICAg
ZXh0ZW5zaW9uIGdyYW50IHR5cGUuICBFcnJvciBjb2RlcyB1c2VkIHdpdGggdW5yZWdpc3RlcmVk
IGV4dGVuc2lvbnMKICAgTUFZIGJlIHJlZ2lzdGVyZWQuCgogICBFcnJvciBjb2RlcyBNVVNUIGNv
bmZvcm0gdG8gdGhlIGVycm9yLWNvZGUgQUJORiwgYW5kIFNIT1VMRCBiZQogICBwcmVmaXhlZCBi
eSBhbiBpZGVudGlmeWluZyBuYW1lIHdoZW4gcG9zc2libGUuICBGb3IgZXhhbXBsZSwgYW4gZXJy
b3IKICAgaWRlbnRpZnlpbmcgYW4gaW52YWxpZCB2YWx1ZSBzZXQgdG8gdGhlIGV4dGVuc2lvbiBw
YXJhbWV0ZXIgImV4YW1wbGUiCiAgIFNIT1VMRCBiZSBuYW1lZCAiZXhhbXBsZV9pbnZhbGlkIi4K
CgogICAgIGVycm9yLWNvZGUgICA9IEFMUEhBICplcnJvci1jaGFyCiAgICAgZXJyb3ItY2hhciAg
ID0gIi0iIC8gIi4iIC8gIl8iIC8gRElHSVQgLyBBTFBIQQoKCgo5LiAgTmF0aXZlIEFwcGxpY2F0
aW9ucwoKICAgTmF0aXZlIGFwcGxpY2F0aW9ucyBhcmUgY2xpZW50cyBpbnN0YWxsZWQgYW5kIGV4
ZWN1dGVkIG9uIHRoZSBkZXZpY2UKICAgdXNlZCBieSB0aGUgcmVzb3VyY2Ugb3duZXIgKGkuZS4g
ZGVza3RvcCBhcHBsaWNhdGlvbiwgbmF0aXZlIG1vYmlsZQogICBhcHBsaWNhdGlvbikuICBOYXRp
dmUgYXBwbGljYXRpb25zIHJlcXVpcmUgc3BlY2lhbCBjb25zaWRlcmF0aW9uCiAgIHJlbGF0ZWQg
dG8gc2VjdXJpdHksIHBsYXRmb3JtIGNhcGFiaWxpdGllcywgYW5kIG92ZXJhbGwgZW5kLXVzZXIK
ICAgZXhwZXJpZW5jZS4KCiAgIFRoZSBhdXRob3JpemF0aW9uIGVuZHBvaW50IHJlcXVpcmVzIGlu
dGVyYWN0aW9uIGJldHdlZW4gdGhlIGNsaWVudAogICBhbmQgdGhlIHJlc291cmNlIG93bmVyJ3Mg
dXNlci1hZ2VudC4gIE5hdGl2ZSBhcHBsaWNhdGlvbnMgY2FuIGludm9rZQoKCgpIYW1tZXIsIGV0
IGFsLiAgICAgICAgICBFeHBpcmVzIERlY2VtYmVyIDEsIDIwMTIgICAgICAgICAgICAgICBbUGFn
ZSA0OF0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAg
ICAgICAgICAgICAgICAgTWF5IDIwMTIKCgogICBhbiBleHRlcm5hbCB1c2VyLWFnZW50IG9yIGVt
YmVkIGEgdXNlci1hZ2VudCB3aXRoaW4gdGhlIGFwcGxpY2F0aW9uLgogICBGb3IgZXhhbXBsZToK
CiAgIG8gIEV4dGVybmFsIHVzZXItYWdlbnQgLSB0aGUgbmF0aXZlIGFwcGxpY2F0aW9uIGNhbiBj
YXB0dXJlIHRoZQogICAgICByZXNwb25zZSBmcm9tIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciB1
c2luZyBhIHJlZGlyZWN0aW9uIFVSSQogICAgICB3aXRoIGEgc2NoZW1lIHJlZ2lzdGVyZWQgd2l0
aCB0aGUgb3BlcmF0aW5nIHN5c3RlbSB0byBpbnZva2UgdGhlCiAgICAgIGNsaWVudCBhcyB0aGUg
aGFuZGxlciwgbWFudWFsIGNvcHktYW5kLXBhc3RlIG9mIHRoZSBjcmVkZW50aWFscywKICAgICAg
cnVubmluZyBhIGxvY2FsIHdlYiBzZXJ2ZXIsIGluc3RhbGxpbmcgYSB1c2VyLWFnZW50IGV4dGVu
c2lvbiwgb3IKICAgICAgYnkgcHJvdmlkaW5nIGEgcmVkaXJlY3Rpb24gVVJJIGlkZW50aWZ5aW5n
IGEgc2VydmVyLWhvc3RlZAogICAgICByZXNvdXJjZSB1bmRlciB0aGUgY2xpZW50J3MgY29udHJv
bCwgd2hpY2ggaW4gdHVybiBtYWtlcyB0aGUKICAgICAgcmVzcG9uc2UgYXZhaWxhYmxlIHRvIHRo
ZSBuYXRpdmUgYXBwbGljYXRpb24uCiAgIG8gIEVtYmVkZGVkIHVzZXItYWdlbnQgLSB0aGUgbmF0
aXZlIGFwcGxpY2F0aW9uIG9idGFpbnMgdGhlIHJlc3BvbnNlCiAgICAgIGJ5IGRpcmVjdGx5IGNv
bW11bmljYXRpbmcgd2l0aCB0aGUgZW1iZWRkZWQgdXNlci1hZ2VudCBieQogICAgICBtb25pdG9y
aW5nIHN0YXRlIGNoYW5nZXMgZW1pdHRlZCBkdXJpbmcgdGhlIHJlc291cmNlIGxvYWQsIG9yCiAg
ICAgIGFjY2Vzc2luZyB0aGUgdXNlci1hZ2VudCdzIGNvb2tpZXMgc3RvcmFnZS4KCiAgIFdoZW4g
Y2hvb3NpbmcgYmV0d2VlbiBhbiBleHRlcm5hbCBvciBlbWJlZGRlZCB1c2VyLWFnZW50LCBkZXZl
bG9wZXJzCiAgIHNob3VsZCBjb25zaWRlcjoKCiAgIG8gIEFuIEV4dGVybmFsIHVzZXItYWdlbnQg
bWF5IGltcHJvdmUgY29tcGxldGlvbiByYXRlIGFzIHRoZSByZXNvdXJjZQogICAgICBvd25lciBt
YXkgYWxyZWFkeSBoYXZlIGFuIGFjdGl2ZSBzZXNzaW9uIHdpdGggdGhlIGF1dGhvcml6YXRpb24K
ICAgICAgc2VydmVyIHJlbW92aW5nIHRoZSBuZWVkIHRvIHJlLWF1dGhlbnRpY2F0ZS4gIEl0IHBy
b3ZpZGVzIGEKICAgICAgZmFtaWxpYXIgZW5kLXVzZXIgZXhwZXJpZW5jZSBhbmQgZnVuY3Rpb25h
bGl0eS4gIFRoZSByZXNvdXJjZQogICAgICBvd25lciBtYXkgYWxzbyByZWx5IG9uIHVzZXItYWdl
bnQgZmVhdHVyZXMgb3IgZXh0ZW5zaW9ucyB0byBhc3Npc3QKICAgICAgd2l0aCBhdXRoZW50aWNh
dGlvbiAoZS5nLiBwYXNzd29yZCBtYW5hZ2VyLCAyLWZhY3RvciBkZXZpY2UKICAgICAgcmVhZGVy
KS4KICAgbyAgQW4gZW1iZWRkZWQgdXNlci1hZ2VudCBtYXkgb2ZmZXIgaW1wcm92ZWQgdXNhYmls
aXR5LCBhcyBpdCByZW1vdmVzCiAgICAgIHRoZSBuZWVkIHRvIHN3aXRjaCBjb250ZXh0IGFuZCBv
cGVuIG5ldyB3aW5kb3dzLgogICBvICBBbiBlbWJlZGRlZCB1c2VyLWFnZW50IHBvc2VzIGEgc2Vj
dXJpdHkgY2hhbGxlbmdlIGJlY2F1c2UgcmVzb3VyY2UKICAgICAgb3duZXJzIGFyZSBhdXRoZW50
aWNhdGluZyBpbiBhbiB1bmlkZW50aWZpZWQgd2luZG93IHdpdGhvdXQgYWNjZXNzCiAgICAgIHRv
IHRoZSB2aXN1YWwgcHJvdGVjdGlvbnMgZm91bmQgaW4gbW9zdCBleHRlcm5hbCB1c2VyLWFnZW50
cy4gIEFuCiAgICAgIGVtYmVkZGVkIHVzZXItYWdlbnQgZWR1Y2F0ZXMgZW5kLXVzZXJzIHRvIHRy
dXN0IHVuaWRlbnRpZmllZAogICAgICByZXF1ZXN0cyBmb3IgYXV0aGVudGljYXRpb24gKG1ha2lu
ZyBwaGlzaGluZyBhdHRhY2tzIGVhc2llciB0bwogICAgICBleGVjdXRlKS4KCiAgIFdoZW4gY2hv
b3NpbmcgYmV0d2VlbiB0aGUgaW1wbGljaXQgZ3JhbnQgdHlwZSBhbmQgdGhlIGF1dGhvcml6YXRp
b24KICAgY29kZSBncmFudCB0eXBlLCB0aGUgZm9sbG93aW5nIHNob3VsZCBiZSBjb25zaWRlcmVk
OgoKICAgbyAgTmF0aXZlIGFwcGxpY2F0aW9ucyB0aGF0IHVzZSB0aGUgYXV0aG9yaXphdGlvbiBj
b2RlIGdyYW50IHR5cGUKICAgICAgU0hPVUxEIGRvIHNvIHdpdGhvdXQgdXNpbmcgY2xpZW50IGNy
ZWRlbnRpYWxzLCBkdWUgdG8gdGhlIG5hdGl2ZQogICAgICBhcHBsaWNhdGlvbidzIGluYWJpbGl0
eSB0byBrZWVwIGNsaWVudCBjcmVkZW50aWFscyBjb25maWRlbnRpYWwuCiAgIG8gIFdoZW4gdXNp
bmcgdGhlIGltcGxpY2l0IGdyYW50IHR5cGUgZmxvdyBhIHJlZnJlc2ggdG9rZW4gaXMgbm90CiAg
ICAgIHJldHVybmVkIHdoaWNoIHJlcXVpcmVzIHJlcGVhdGluZyB0aGUgYXV0aG9yaXphdGlvbiBw
cm9jZXNzIG9uY2UKICAgICAgdGhlIGFjY2VzcyB0b2tlbiBleHBpcmVzLgoKCgoKCgoKSGFtbWVy
LCBldCBhbC4gICAgICAgICAgRXhwaXJlcyBEZWNlbWJlciAxLCAyMDEyICAgICAgICAgICAgICAg
W1BhZ2UgNDldCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBPQXV0aCAyLjAgICAg
ICAgICAgICAgICAgICAgICAgIE1heSAyMDEyCgoKMTAuICBTZWN1cml0eSBDb25zaWRlcmF0aW9u
cwoKICAgQXMgYSBmbGV4aWJsZSBhbmQgZXh0ZW5zaWJsZSBmcmFtZXdvcmssIE9BdXRoJ3Mgc2Vj
dXJpdHkKICAgY29uc2lkZXJhdGlvbnMgZGVwZW5kIG9uIG1hbnkgZmFjdG9ycy4gIFRoZSBmb2xs
b3dpbmcgc2VjdGlvbnMKICAgcHJvdmlkZSBpbXBsZW1lbnRlcnMgd2l0aCBzZWN1cml0eSBndWlk
ZWxpbmVzIGZvY3VzZWQgb24gdGhlIHRocmVlCiAgIGNsaWVudCBwcm9maWxlcyBkZXNjcmliZWQg
aW4gU2VjdGlvbiAyLjE6IHdlYiBhcHBsaWNhdGlvbiwgdXNlci0KICAgYWdlbnQtYmFzZWQgYXBw
bGljYXRpb24sIGFuZCBuYXRpdmUgYXBwbGljYXRpb24uCgogICBBIGNvbXByZWhlbnNpdmUgT0F1
dGggc2VjdXJpdHkgbW9kZWwgYW5kIGFuYWx5c2lzLCBhcyB3ZWxsIGFzCiAgIGJhY2tncm91bmQg
Zm9yIHRoZSBwcm90b2NvbCBkZXNpZ24gaXMgcHJvdmlkZWQgYnkKICAgW0ktRC5pZXRmLW9hdXRo
LXYyLXRocmVhdG1vZGVsXS4KCjEwLjEuICBDbGllbnQgQXV0aGVudGljYXRpb24KCiAgIFRoZSBh
dXRob3JpemF0aW9uIHNlcnZlciBlc3RhYmxpc2hlcyBjbGllbnQgY3JlZGVudGlhbHMgd2l0aCB3
ZWIKICAgYXBwbGljYXRpb24gY2xpZW50cyBmb3IgdGhlIHB1cnBvc2Ugb2YgY2xpZW50IGF1dGhl
bnRpY2F0aW9uLiAgVGhlCiAgIGF1dGhvcml6YXRpb24gc2VydmVyIGlzIGVuY291cmFnZWQgdG8g
Y29uc2lkZXIgc3Ryb25nZXIgY2xpZW50CiAgIGF1dGhlbnRpY2F0aW9uIG1lYW5zIHRoYW4gYSBj
bGllbnQgcGFzc3dvcmQuICBXZWIgYXBwbGljYXRpb24gY2xpZW50cwogICBNVVNUIGVuc3VyZSBj
b25maWRlbnRpYWxpdHkgb2YgY2xpZW50IHBhc3N3b3JkcyBhbmQgb3RoZXIgY2xpZW50CiAgIGNy
ZWRlbnRpYWxzLgoKICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgTk9UIGlzc3VlIGNs
aWVudCBwYXNzd29yZHMgb3Igb3RoZXIKICAgY2xpZW50IGNyZWRlbnRpYWxzIHRvIG5hdGl2ZSBh
cHBsaWNhdGlvbiBvciB1c2VyLWFnZW50LWJhc2VkCiAgIGFwcGxpY2F0aW9uIGNsaWVudHMgZm9y
IHRoZSBwdXJwb3NlIG9mIGNsaWVudCBhdXRoZW50aWNhdGlvbi4gIFRoZQogICBhdXRob3JpemF0
aW9uIHNlcnZlciBNQVkgaXNzdWUgYSBjbGllbnQgcGFzc3dvcmQgb3Igb3RoZXIgY3JlZGVudGlh
bHMKICAgZm9yIGEgc3BlY2lmaWMgaW5zdGFsbGF0aW9uIG9mIGEgbmF0aXZlIGFwcGxpY2F0aW9u
IGNsaWVudCBvbiBhCiAgIHNwZWNpZmljIGRldmljZS4KCiAgIFdoZW4gY2xpZW50IGF1dGhlbnRp
Y2F0aW9uIGlzIG5vdCBwb3NzaWJsZSwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyCiAgIFNIT1VM
RCBlbXBsb3kgb3RoZXIgbWVhbnMgdG8gdmFsaWRhdGUgdGhlIGNsaWVudCdzIGlkZW50aXR5LiAg
Rm9yCiAgIGV4YW1wbGUsIGJ5IHJlcXVpcmluZyB0aGUgcmVnaXN0cmF0aW9uIG9mIHRoZSBjbGll
bnQgcmVkaXJlY3Rpb24gVVJJCiAgIG9yIGVubGlzdGluZyB0aGUgcmVzb3VyY2Ugb3duZXIgdG8g
Y29uZmlybSBpZGVudGl0eS4gIEEgdmFsaWQKICAgcmVkaXJlY3Rpb24gVVJJIGlzIG5vdCBzdWZm
aWNpZW50IHRvIHZlcmlmeSB0aGUgY2xpZW50J3MgaWRlbnRpdHkKICAgd2hlbiBhc2tpbmcgZm9y
IHJlc291cmNlIG93bmVyIGF1dGhvcml6YXRpb24sIGJ1dCBjYW4gYmUgdXNlZCB0bwogICBwcmV2
ZW50IGRlbGl2ZXJpbmcgY3JlZGVudGlhbHMgdG8gYSBjb3VudGVyZmVpdCBjbGllbnQgYWZ0ZXIK
ICAgb2J0YWluaW5nIHJlc291cmNlIG93bmVyIGF1dGhvcml6YXRpb24uCgogICBUaGUgYXV0aG9y
aXphdGlvbiBzZXJ2ZXIgbXVzdCBjb25zaWRlciB0aGUgc2VjdXJpdHkgaW1wbGljYXRpb25zIG9m
CiAgIGludGVyYWN0aW5nIHdpdGggdW5hdXRoZW50aWNhdGVkIGNsaWVudHMgYW5kIHRha2UgbWVh
c3VyZXMgdG8gbGltaXQKICAgdGhlIHBvdGVudGlhbCBleHBvc3VyZSBvZiBvdGhlciBjcmVkZW50
aWFscyAoZS5nLiByZWZyZXNoIHRva2VucykKICAgaXNzdWVkIHRvIHN1Y2ggY2xpZW50cy4KCjEw
LjIuICBDbGllbnQgSW1wZXJzb25hdGlvbgoKICAgQSBtYWxpY2lvdXMgY2xpZW50IGNhbiBpbXBl
cnNvbmF0ZSBhbm90aGVyIGNsaWVudCBhbmQgb2J0YWluIGFjY2VzcwogICB0byBwcm90ZWN0ZWQg
cmVzb3VyY2VzLCBpZiB0aGUgaW1wZXJzb25hdGVkIGNsaWVudCBmYWlscyB0bywgb3IgaXMKICAg
dW5hYmxlIHRvLCBrZWVwIGl0cyBjbGllbnQgY3JlZGVudGlhbHMgY29uZmlkZW50aWFsLgoKCgoK
SGFtbWVyLCBldCBhbC4gICAgICAgICAgRXhwaXJlcyBEZWNlbWJlciAxLCAyMDEyICAgICAgICAg
ICAgICAgW1BhZ2UgNTBdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBPQXV0aCAy
LjAgICAgICAgICAgICAgICAgICAgICAgIE1heSAyMDEyCgoKICAgVGhlIGF1dGhvcml6YXRpb24g
c2VydmVyIE1VU1QgYXV0aGVudGljYXRlIHRoZSBjbGllbnQgd2hlbmV2ZXIKICAgcG9zc2libGUu
ICBJZiB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgY2Fubm90IGF1dGhlbnRpY2F0ZSB0aGUgY2xp
ZW50CiAgIGR1ZSB0byB0aGUgY2xpZW50J3MgbmF0dXJlLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2
ZXIgTVVTVCByZXF1aXJlIHRoZQogICByZWdpc3RyYXRpb24gb2YgYW55IHJlZGlyZWN0aW9uIFVS
SSB1c2VkIGZvciByZWNlaXZpbmcgYXV0aG9yaXphdGlvbgogICByZXNwb25zZXMsIGFuZCBTSE9V
TEQgdXRpbGl6ZSBvdGhlciBtZWFucyB0byBwcm90ZWN0IHJlc291cmNlIG93bmVycwogICBmcm9t
IHN1Y2ggcG90ZW50aWFsbHkgbWFsaWNpb3VzIGNsaWVudHMuICBGb3IgZXhhbXBsZSwgdGhlCiAg
IGF1dGhvcml6YXRpb24gc2VydmVyIGNhbiBlbmdhZ2UgdGhlIHJlc291cmNlIG93bmVyIHRvIGFz
c2lzdCBpbgogICBpZGVudGlmeWluZyB0aGUgY2xpZW50IGFuZCBpdHMgb3JpZ2luLgoKICAgVGhl
IGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCBlbmZvcmNlIGV4cGxpY2l0IHJlc291cmNlIG93
bmVyCiAgIGF1dGhlbnRpY2F0aW9uIGFuZCBwcm92aWRlIHRoZSByZXNvdXJjZSBvd25lciB3aXRo
IGluZm9ybWF0aW9uIGFib3V0CiAgIHRoZSBjbGllbnQgYW5kIHRoZSByZXF1ZXN0ZWQgYXV0aG9y
aXphdGlvbiBzY29wZSBhbmQgbGlmZXRpbWUuICBJdCBpcwogICB1cCB0byB0aGUgcmVzb3VyY2Ug
b3duZXIgdG8gcmV2aWV3IHRoZSBpbmZvcm1hdGlvbiBpbiB0aGUgY29udGV4dCBvZgogICB0aGUg
Y3VycmVudCBjbGllbnQsIGFuZCBhdXRob3JpemUgb3IgZGVueSB0aGUgcmVxdWVzdC4KCiAgIFRo
ZSBhdXRob3JpemF0aW9uIHNlcnZlciBTSE9VTEQgTk9UIHByb2Nlc3MgcmVwZWF0ZWQgYXV0aG9y
aXphdGlvbgogICByZXF1ZXN0cyBhdXRvbWF0aWNhbGx5ICh3aXRob3V0IGFjdGl2ZSByZXNvdXJj
ZSBvd25lciBpbnRlcmFjdGlvbikKICAgd2l0aG91dCBhdXRoZW50aWNhdGluZyB0aGUgY2xpZW50
IG9yIHJlbHlpbmcgb24gb3RoZXIgbWVhc3VyZXMgdG8KICAgZW5zdXJlIHRoZSByZXBlYXRlZCBy
ZXF1ZXN0IGNvbWVzIGZyb20gdGhlIG9yaWdpbmFsIGNsaWVudCBhbmQgbm90IGFuCiAgIGltcGVy
c29uYXRvci4KCjEwLjMuICBBY2Nlc3MgVG9rZW5zCgogICBBY2Nlc3MgdG9rZW4gY3JlZGVudGlh
bHMgKGFzIHdlbGwgYXMgYW55IGNvbmZpZGVudGlhbCBhY2Nlc3MgdG9rZW4KICAgYXR0cmlidXRl
cykgTVVTVCBiZSBrZXB0IGNvbmZpZGVudGlhbCBpbiB0cmFuc2l0IGFuZCBzdG9yYWdlLCBhbmQK
ICAgb25seSBzaGFyZWQgYW1vbmcgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLCB0aGUgcmVzb3Vy
Y2Ugc2VydmVycyB0aGUKICAgYWNjZXNzIHRva2VuIGlzIHZhbGlkIGZvciwgYW5kIHRoZSBjbGll
bnQgdG8gd2hvbSB0aGUgYWNjZXNzIHRva2VuIGlzCiAgIGlzc3VlZC4gIEFjY2VzcyB0b2tlbiBj
cmVkZW50aWFscyBNVVNUIG9ubHkgYmUgdHJhbnNtaXR0ZWQgdXNpbmcgVExTCiAgIGFzIGRlc2Ny
aWJlZCBpbiBTZWN0aW9uIDEuNiB3aXRoIHNlcnZlciBhdXRoZW50aWNhdGlvbiBhcyBkZWZpbmVk
IGJ5CiAgIFtSRkMyODE4XS4KCiAgIFdoZW4gdXNpbmcgdGhlIGltcGxpY2l0IGdyYW50IHR5cGUs
IHRoZSBhY2Nlc3MgdG9rZW4gaXMgdHJhbnNtaXR0ZWQKICAgaW4gdGhlIFVSSSBmcmFnbWVudCwg
d2hpY2ggY2FuIGV4cG9zZSBpdCB0byB1bmF1dGhvcml6ZWQgcGFydGllcy4KCiAgIFRoZSBhdXRo
b3JpemF0aW9uIHNlcnZlciBNVVNUIGVuc3VyZSB0aGF0IGFjY2VzcyB0b2tlbnMgY2Fubm90IGJl
CiAgIGdlbmVyYXRlZCwgbW9kaWZpZWQsIG9yIGd1ZXNzZWQgdG8gcHJvZHVjZSB2YWxpZCBhY2Nl
c3MgdG9rZW5zIGJ5CiAgIHVuYXV0aG9yaXplZCBwYXJ0aWVzLgoKICAgVGhlIGNsaWVudCBTSE9V
TEQgcmVxdWVzdCBhY2Nlc3MgdG9rZW5zIHdpdGggdGhlIG1pbmltYWwgc2NvcGUKICAgbmVjZXNz
YXJ5LiAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCB0YWtlIHRoZSBjbGllbnQgaWRl
bnRpdHkKICAgaW50byBhY2NvdW50IHdoZW4gY2hvb3NpbmcgaG93IHRvIGhvbm9yIHRoZSByZXF1
ZXN0ZWQgc2NvcGUsIGFuZCBNQVkKICAgaXNzdWUgYW4gYWNjZXNzIHRva2VuIHdpdGggYSBsZXNz
IHJpZ2h0cyB0aGFuIHJlcXVlc3RlZC4KCiAgIFRoaXMgc3BlY2lmaWNhdGlvbiBkb2VzIG5vdCBw
cm92aWRlIGFueSBtZXRob2RzIGZvciB0aGUgcmVzb3VyY2UKICAgc2VydmVyIHRvIGVuc3VyZSB0
aGF0IGFuIGFjY2VzcyB0b2tlbiBwcmVzZW50ZWQgdG8gaXQgYnkgYSBnaXZlbgogICBjbGllbnQs
IHdhcyBpc3N1ZWQgdG8gdGhlIHRoYXQgY2xpZW50IGJ5IHRoZSBhdXRob3JpemF0aW9uIHNlcnZl
ci4KCgoKCgpIYW1tZXIsIGV0IGFsLiAgICAgICAgICBFeHBpcmVzIERlY2VtYmVyIDEsIDIwMTIg
ICAgICAgICAgICAgICBbUGFnZSA1MV0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAg
IE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICAgTWF5IDIwMTIKCgoxMC40LiAgUmVmcmVz
aCBUb2tlbnMKCiAgIEF1dGhvcml6YXRpb24gc2VydmVycyBNQVkgaXNzdWUgcmVmcmVzaCB0b2tl
bnMgdG8gd2ViIGFwcGxpY2F0aW9uCiAgIGNsaWVudHMgYW5kIG5hdGl2ZSBhcHBsaWNhdGlvbiBj
bGllbnRzLgoKICAgUmVmcmVzaCB0b2tlbnMgTVVTVCBiZSBrZXB0IGNvbmZpZGVudGlhbCBpbiB0
cmFuc2l0IGFuZCBzdG9yYWdlLCBhbmQKICAgc2hhcmVkIG9ubHkgYW1vbmcgdGhlIGF1dGhvcml6
YXRpb24gc2VydmVyIGFuZCB0aGUgY2xpZW50IHRvIHdob20gdGhlCiAgIHJlZnJlc2ggdG9rZW5z
IHdlcmUgaXNzdWVkLiAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgbWFpbnRhaW4KICAg
dGhlIGJpbmRpbmcgYmV0d2VlbiBhIHJlZnJlc2ggdG9rZW4gYW5kIHRoZSBjbGllbnQgdG8gd2hv
bSBpdCB3YXMKICAgaXNzdWVkLiAgUmVmcmVzaCB0b2tlbnMgTVVTVCBvbmx5IGJlIHRyYW5zbWl0
dGVkIHVzaW5nIFRMUyBhcwogICBkZXNjcmliZWQgaW4gU2VjdGlvbiAxLjYgd2l0aCBzZXJ2ZXIg
YXV0aGVudGljYXRpb24gYXMgZGVmaW5lZCBieQogICBbUkZDMjgxOF0uCgogICBUaGUgYXV0aG9y
aXphdGlvbiBzZXJ2ZXIgTVVTVCB2ZXJpZnkgdGhlIGJpbmRpbmcgYmV0d2VlbiB0aGUgcmVmcmVz
aAogICB0b2tlbiBhbmQgY2xpZW50IGlkZW50aXR5IHdoZW5ldmVyIHRoZSBjbGllbnQgaWRlbnRp
dHkgY2FuIGJlCiAgIGF1dGhlbnRpY2F0ZWQuICBXaGVuIGNsaWVudCBhdXRoZW50aWNhdGlvbiBp
cyBub3QgcG9zc2libGUsIHRoZQogICBhdXRob3JpemF0aW9uIHNlcnZlciBTSE9VTEQgZGVwbG95
IG90aGVyIG1lYW5zIHRvIGRldGVjdCByZWZyZXNoCiAgIHRva2VuIGFidXNlLgoKICAgRm9yIGV4
YW1wbGUsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBjb3VsZCBlbXBsb3kgcmVmcmVzaCB0b2tl
bgogICByb3RhdGlvbiBpbiB3aGljaCBhIG5ldyByZWZyZXNoIHRva2VuIGlzIGlzc3VlZCB3aXRo
IGV2ZXJ5IGFjY2VzcwogICB0b2tlbiByZWZyZXNoIHJlc3BvbnNlLiAgVGhlIHByZXZpb3VzIHJl
ZnJlc2ggdG9rZW4gaXMgaW52YWxpZGF0ZWQKICAgYnV0IHJldGFpbmVkIGJ5IHRoZSBhdXRob3Jp
emF0aW9uIHNlcnZlci4gIElmIGEgcmVmcmVzaCB0b2tlbiBpcwogICBjb21wcm9taXNlZCBhbmQg
c3Vic2VxdWVudGx5IHVzZWQgYnkgYm90aCB0aGUgYXR0YWNrZXIgYW5kIHRoZQogICBsZWdpdGlt
YXRlIGNsaWVudCwgb25lIG9mIHRoZW0gd2lsbCBwcmVzZW50IGFuIGludmFsaWRhdGVkIHJlZnJl
c2gKICAgdG9rZW4gd2hpY2ggd2lsbCBpbmZvcm0gdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIG9m
IHRoZSBicmVhY2guCgogICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBlbnN1cmUgdGhh
dCByZWZyZXNoIHRva2VucyBjYW5ub3QgYmUKICAgZ2VuZXJhdGVkLCBtb2RpZmllZCwgb3IgZ3Vl
c3NlZCB0byBwcm9kdWNlIHZhbGlkIHJlZnJlc2ggdG9rZW5zIGJ5CiAgIHVuYXV0aG9yaXplZCBw
YXJ0aWVzLgoKMTAuNS4gIEF1dGhvcml6YXRpb24gQ29kZXMKCiAgIFRoZSB0cmFuc21pc3Npb24g
b2YgYXV0aG9yaXphdGlvbiBjb2RlcyBTSE9VTEQgYmUgbWFkZSBvdmVyIGEgc2VjdXJlCiAgIGNo
YW5uZWwsIGFuZCB0aGUgY2xpZW50IFNIT1VMRCByZXF1aXJlIHRoZSB1c2Ugb2YgVExTIHdpdGgg
aXRzCiAgIHJlZGlyZWN0aW9uIFVSSSBpZiB0aGUgVVJJIGlkZW50aWZpZXMgYSBuZXR3b3JrIHJl
c291cmNlLiAgU2luY2UKICAgYXV0aG9yaXphdGlvbiBjb2RlcyBhcmUgdHJhbnNtaXR0ZWQgdmlh
IHVzZXItYWdlbnQgcmVkaXJlY3Rpb25zLCB0aGV5CiAgIGNvdWxkIHBvdGVudGlhbGx5IGJlIGRp
c2Nsb3NlZCB0aHJvdWdoIHVzZXItYWdlbnQgaGlzdG9yeSBhbmQgSFRUUAogICByZWZlcnJlciBo
ZWFkZXJzLgoKICAgQXV0aG9yaXphdGlvbiBjb2RlcyBvcGVyYXRlIGFzIHBsYWludGV4dCBiZWFy
ZXIgY3JlZGVudGlhbHMsIHVzZWQgdG8KICAgdmVyaWZ5IHRoYXQgdGhlIHJlc291cmNlIG93bmVy
IHdobyBncmFudGVkIGF1dGhvcml6YXRpb24gYXQgdGhlCiAgIGF1dGhvcml6YXRpb24gc2VydmVy
IGlzIHRoZSBzYW1lIHJlc291cmNlIG93bmVyIHJldHVybmluZyB0byB0aGUKICAgY2xpZW50IHRv
IGNvbXBsZXRlIHRoZSBwcm9jZXNzLiAgVGhlcmVmb3JlLCBpZiB0aGUgY2xpZW50IHJlbGllcyBv
bgogICB0aGUgYXV0aG9yaXphdGlvbiBjb2RlIGZvciBpdHMgb3duIHJlc291cmNlIG93bmVyIGF1
dGhlbnRpY2F0aW9uLCB0aGUKICAgY2xpZW50IHJlZGlyZWN0aW9uIGVuZHBvaW50IE1VU1QgcmVx
dWlyZSB0aGUgdXNlIG9mIFRMUy4KCiAgIEF1dGhvcml6YXRpb24gY29kZXMgTVVTVCBiZSBzaG9y
dCBsaXZlZCBhbmQgc2luZ2xlIHVzZS4gIElmIHRoZQoKCgpIYW1tZXIsIGV0IGFsLiAgICAgICAg
ICBFeHBpcmVzIERlY2VtYmVyIDEsIDIwMTIgICAgICAgICAgICAgICBbUGFnZSA1Ml0KDApJbnRl
cm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAg
ICAgTWF5IDIwMTIKCgogICBhdXRob3JpemF0aW9uIHNlcnZlciBvYnNlcnZlcyBtdWx0aXBsZSBh
dHRlbXB0cyB0byBleGNoYW5nZSBhbgogICBhdXRob3JpemF0aW9uIGNvZGUgZm9yIGFuIGFjY2Vz
cyB0b2tlbiwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyCiAgIFNIT1VMRCBhdHRlbXB0IHRvIHJl
dm9rZSBhbGwgYWNjZXNzIHRva2VucyBhbHJlYWR5IGdyYW50ZWQgYmFzZWQgb24KICAgdGhlIGNv
bXByb21pc2VkIGF1dGhvcml6YXRpb24gY29kZS4KCiAgIElmIHRoZSBjbGllbnQgY2FuIGJlIGF1
dGhlbnRpY2F0ZWQsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcnMgTVVTVAogICBhdXRoZW50aWNh
dGUgdGhlIGNsaWVudCBhbmQgZW5zdXJlIHRoYXQgdGhlIGF1dGhvcml6YXRpb24gY29kZSB3YXMK
ICAgaXNzdWVkIHRvIHRoZSBzYW1lIGNsaWVudC4KCjEwLjYuICBBdXRob3JpemF0aW9uIENvZGUg
UmVkaXJlY3Rpb24gVVJJIE1hbmlwdWxhdGlvbgoKICAgV2hlbiByZXF1ZXN0aW5nIGF1dGhvcml6
YXRpb24gdXNpbmcgdGhlIGF1dGhvcml6YXRpb24gY29kZSBncmFudAogICB0eXBlLCB0aGUgY2xp
ZW50IGNhbiBzcGVjaWZ5IGEgcmVkaXJlY3Rpb24gVVJJIHZpYSB0aGUgInJlZGlyZWN0X3VyaSIK
ICAgcGFyYW1ldGVyLiAgSWYgYW4gYXR0YWNrZXIgY2FuIG1hbmlwdWxhdGUgdGhlIHZhbHVlIG9m
IHRoZQogICByZWRpcmVjdGlvbiBVUkksIGl0IGNhbiBjYXVzZSB0aGUgYXV0aG9yaXphdGlvbiBz
ZXJ2ZXIgdG8gcmVkaXJlY3QKICAgdGhlIHJlc291cmNlIG93bmVyIHVzZXItYWdlbnQgdG8gYSBV
UkkgdW5kZXIgdGhlIGNvbnRyb2wgb2YgdGhlCiAgIGF0dGFja2VyIHdpdGggdGhlIGF1dGhvcml6
YXRpb24gY29kZS4KCiAgIEFuIGF0dGFja2VyIGNhbiBjcmVhdGUgYW4gYWNjb3VudCBhdCBhIGxl
Z2l0aW1hdGUgY2xpZW50IGFuZCBpbml0aWF0ZQogICB0aGUgYXV0aG9yaXphdGlvbiBmbG93LiAg
V2hlbiB0aGUgYXR0YWNrZXIncyB1c2VyLWFnZW50IGlzIHNlbnQgdG8KICAgdGhlIGF1dGhvcml6
YXRpb24gc2VydmVyIHRvIGdyYW50IGFjY2VzcywgdGhlIGF0dGFja2VyIGdyYWJzIHRoZQogICBh
dXRob3JpemF0aW9uIFVSSSBwcm92aWRlZCBieSB0aGUgbGVnaXRpbWF0ZSBjbGllbnQsIGFuZCBy
ZXBsYWNlcyB0aGUKICAgY2xpZW50J3MgcmVkaXJlY3Rpb24gVVJJIHdpdGggYSBVUkkgdW5kZXIg
dGhlIGNvbnRyb2wgb2YgdGhlCiAgIGF0dGFja2VyLiAgVGhlIGF0dGFja2VyIHRoZW4gdHJpY2tz
IHRoZSB2aWN0aW0gaW50byBmb2xsb3dpbmcgdGhlCiAgIG1hbmlwdWxhdGVkIGxpbmsgdG8gYXV0
aG9yaXplIGFjY2VzcyB0byB0aGUgbGVnaXRpbWF0ZSBjbGllbnQuCgogICBPbmNlIGF0IHRoZSBh
dXRob3JpemF0aW9uIHNlcnZlciwgdGhlIHZpY3RpbSBpcyBwcm9tcHRlZCB3aXRoIGEKICAgbm9y
bWFsLCB2YWxpZCByZXF1ZXN0IG9uIGJlaGFsZiBvZiBhIGxlZ2l0aW1hdGUgYW5kIHRydXN0ZWQg
Y2xpZW50LAogICBhbmQgYXV0aG9yaXplcyB0aGUgcmVxdWVzdC4gIFRoZSB2aWN0aW0gaXMgdGhl
biByZWRpcmVjdGVkIHRvIGFuCiAgIGVuZHBvaW50IHVuZGVyIHRoZSBjb250cm9sIG9mIHRoZSBh
dHRhY2tlciB3aXRoIHRoZSBhdXRob3JpemF0aW9uCiAgIGNvZGUuICBUaGUgYXR0YWNrZXIgY29t
cGxldGVzIHRoZSBhdXRob3JpemF0aW9uIGZsb3cgYnkgc2VuZGluZyB0aGUKICAgYXV0aG9yaXph
dGlvbiBjb2RlIHRvIHRoZSBjbGllbnQgdXNpbmcgdGhlIG9yaWdpbmFsIHJlZGlyZWN0aW9uIFVS
SQogICBwcm92aWRlZCBieSB0aGUgY2xpZW50LiAgVGhlIGNsaWVudCBleGNoYW5nZXMgdGhlIGF1
dGhvcml6YXRpb24gY29kZQogICB3aXRoIGFuIGFjY2VzcyB0b2tlbiBhbmQgbGlua3MgaXQgdG8g
dGhlIGF0dGFja2VyJ3MgY2xpZW50IGFjY291bnQKICAgd2hpY2ggY2FuIG5vdyBnYWluIGFjY2Vz
cyB0byB0aGUgcHJvdGVjdGVkIHJlc291cmNlcyBhdXRob3JpemVkIGJ5CiAgIHRoZSB2aWN0aW0g
KHZpYSB0aGUgY2xpZW50KS4KCiAgIEluIG9yZGVyIHRvIHByZXZlbnQgc3VjaCBhbiBhdHRhY2ss
IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUCiAgIGVuc3VyZSB0aGF0IHRoZSByZWRpcmVj
dGlvbiBVUkkgdXNlZCB0byBvYnRhaW4gdGhlIGF1dGhvcml6YXRpb24gY29kZQogICBpcyBpZGVu
dGljYWwgdG8gdGhlIHJlZGlyZWN0aW9uIFVSSSBwcm92aWRlZCB3aGVuIGV4Y2hhbmdpbmcgdGhl
CiAgIGF1dGhvcml6YXRpb24gY29kZSBmb3IgYW4gYWNjZXNzIHRva2VuLiAgVGhlIGF1dGhvcml6
YXRpb24gc2VydmVyCiAgIE1VU1QgcmVxdWlyZSBwdWJsaWMgY2xpZW50cyBhbmQgU0hPVUxEIHJl
cXVpcmUgY29uZmlkZW50aWFsIGNsaWVudHMKICAgdG8gcmVnaXN0ZXIgdGhlaXIgcmVkaXJlY3Rp
b24gVVJJcy4gIElmIGEgcmVkaXJlY3Rpb24gVVJJIGlzIHByb3ZpZGVkCiAgIGluIHRoZSByZXF1
ZXN0LCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCB2YWxpZGF0ZSBpdCBhZ2FpbnN0IHRo
ZQogICByZWdpc3RlcmVkIHZhbHVlLgoKCgoKCgpIYW1tZXIsIGV0IGFsLiAgICAgICAgICBFeHBp
cmVzIERlY2VtYmVyIDEsIDIwMTIgICAgICAgICAgICAgICBbUGFnZSA1M10KDApJbnRlcm5ldC1E
cmFmdCAgICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICAgTWF5
IDIwMTIKCgoxMC43LiAgUmVzb3VyY2UgT3duZXIgUGFzc3dvcmQgQ3JlZGVudGlhbHMKCiAgIFRo
ZSByZXNvdXJjZSBvd25lciBwYXNzd29yZCBjcmVkZW50aWFscyBncmFudCB0eXBlIGlzIG9mdGVu
IHVzZWQgZm9yCiAgIGxlZ2FjeSBvciBtaWdyYXRpb24gcmVhc29ucy4gIEl0IHJlZHVjZXMgdGhl
IG92ZXJhbGwgcmlzayBvZiBzdG9yaW5nCiAgIHVzZXJuYW1lIGFuZCBwYXNzd29yZCBieSB0aGUg
Y2xpZW50LCBidXQgZG9lcyBub3QgZWxpbWluYXRlIHRoZSBuZWVkCiAgIHRvIGV4cG9zZSBoaWdo
bHkgcHJpdmlsZWdlZCBjcmVkZW50aWFscyB0byB0aGUgY2xpZW50LgoKICAgVGhpcyBncmFudCB0
eXBlIGNhcnJpZXMgYSBoaWdoZXIgcmlzayB0aGFuIG90aGVyIGdyYW50IHR5cGVzIGJlY2F1c2UK
ICAgaXQgbWFpbnRhaW5zIHRoZSBwYXNzd29yZCBhbnRpLXBhdHRlcm4gdGhpcyBwcm90b2NvbCBz
ZWVrcyB0byBhdm9pZC4KICAgVGhlIGNsaWVudCBjb3VsZCBhYnVzZSB0aGUgcGFzc3dvcmQgb3Ig
dGhlIHBhc3N3b3JkIGNvdWxkCiAgIHVuaW50ZW50aW9uYWxseSBiZSBkaXNjbG9zZWQgdG8gYW4g
YXR0YWNrZXIgKGUuZy4gdmlhIGxvZyBmaWxlcyBvcgogICBvdGhlciByZWNvcmRzIGtlcHQgYnkg
dGhlIGNsaWVudCkuCgogICBBZGRpdGlvbmFsbHksIGJlY2F1c2UgdGhlIHJlc291cmNlIG93bmVy
IGRvZXMgbm90IGhhdmUgY29udHJvbCBvdmVyCiAgIHRoZSBhdXRob3JpemF0aW9uIHByb2Nlc3Mg
KHRoZSByZXNvdXJjZSBvd25lciBpbnZvbHZlbWVudCBlbmRzIHdoZW4KICAgaXQgaGFuZHMgb3Zl
ciBpdHMgY3JlZGVudGlhbHMgdG8gdGhlIGNsaWVudCksIHRoZSBjbGllbnQgY2FuIG9idGFpbgog
ICBhY2Nlc3MgdG9rZW5zIHdpdGggYSBicm9hZGVyIHNjb3BlIHRoYW4gZGVzaXJlZCBieSB0aGUg
cmVzb3VyY2UKICAgb3duZXIuICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgc2hvdWxkIGNvbnNp
ZGVyIHRoZSBzY29wZSBhbmQKICAgbGlmZXRpbWUgb2YgYWNjZXNzIHRva2VucyBpc3N1ZWQgdmlh
IHRoaXMgZ3JhbnQgdHlwZS4KCiAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhbmQgY2xpZW50
IFNIT1VMRCBtaW5pbWl6ZSB1c2Ugb2YgdGhpcyBncmFudAogICB0eXBlIGFuZCB1dGlsaXplIG90
aGVyIGdyYW50IHR5cGVzIHdoZW5ldmVyIHBvc3NpYmxlLgoKMTAuOC4gIFJlcXVlc3QgQ29uZmlk
ZW50aWFsaXR5CgogICBBY2Nlc3MgdG9rZW5zLCByZWZyZXNoIHRva2VucywgcmVzb3VyY2Ugb3du
ZXIgcGFzc3dvcmRzLCBhbmQgY2xpZW50CiAgIGNyZWRlbnRpYWxzIE1VU1QgTk9UIGJlIHRyYW5z
bWl0dGVkIGluIHRoZSBjbGVhci4gIEF1dGhvcml6YXRpb24KICAgY29kZXMgU0hPVUxEIE5PVCBi
ZSB0cmFuc21pdHRlZCBpbiB0aGUgY2xlYXIuCgogICBUaGUgInN0YXRlIiBhbmQgInNjb3BlIiBw
YXJhbWV0ZXJzIFNIT1VMRCBOT1QgaW5jbHVkZSBzZW5zaXRpdmUKICAgY2xpZW50IG9yIHJlc291
cmNlIG93bmVyIGluZm9ybWF0aW9uIGluIHBsYWluIHRleHQgYXMgdGhleSBjYW4gYmUKICAgdHJh
bnNtaXR0ZWQgb3ZlciBpbnNlY3VyZSBjaGFubmVscyBvciBzdG9yZWQgaW5zZWN1cmVseS4KCjEw
LjkuICBFbmRwb2ludHMgQXV0aGVudGljaXR5CgogICBJbiBvcmRlciB0byBwcmV2ZW50IG1hbi1p
bi10aGUtbWlkZGxlIGF0dGFja3MsIHRoZSBhdXRob3JpemF0aW9uCiAgIHNlcnZlciBNVVNUIHJl
cXVpcmUgdGhlIHVzZSBvZiBUTFMgd2l0aCBzZXJ2ZXIgYXV0aGVudGljYXRpb24gYXMKICAgZGVm
aW5lZCBieSBbUkZDMjgxOF0gZm9yIGFueSByZXF1ZXN0IHNlbnQgdG8gdGhlIGF1dGhvcml6YXRp
b24gYW5kCiAgIHRva2VuIGVuZHBvaW50cy4gIFRoZSBjbGllbnQgTVVTVCB2YWxpZGF0ZSB0aGUg
YXV0aG9yaXphdGlvbiBzZXJ2ZXIncwogICBUTFMgY2VydGlmaWNhdGUgYXMgZGVmaW5lZCBieSBb
UkZDNjEyNV0sIGFuZCBpbiBhY2NvcmRhbmNlIHdpdGggaXRzCiAgIHJlcXVpcmVtZW50cyBmb3Ig
c2VydmVyIGlkZW50aXR5IGF1dGhlbnRpY2F0aW9uLgoKMTAuMTAuICBDcmVkZW50aWFscyBHdWVz
c2luZyBBdHRhY2tzCgogICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBwcmV2ZW50IGF0
dGFja2VycyBmcm9tIGd1ZXNzaW5nIGFjY2VzcwogICB0b2tlbnMsIGF1dGhvcml6YXRpb24gY29k
ZXMsIHJlZnJlc2ggdG9rZW5zLCByZXNvdXJjZSBvd25lcgogICBwYXNzd29yZHMsIGFuZCBjbGll
bnQgY3JlZGVudGlhbHMuCgoKCgpIYW1tZXIsIGV0IGFsLiAgICAgICAgICBFeHBpcmVzIERlY2Vt
YmVyIDEsIDIwMTIgICAgICAgICAgICAgICBbUGFnZSA1NF0KDApJbnRlcm5ldC1EcmFmdCAgICAg
ICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICAgTWF5IDIwMTIKCgog
ICBUaGUgcHJvYmFiaWxpdHkgb2YgYW4gYXR0YWNrZXIgZ3Vlc3NpbmcgZ2VuZXJhdGVkIHRva2Vu
cyAoYW5kIG90aGVyCiAgIGNyZWRlbnRpYWxzIG5vdCBpbnRlbmRlZCBmb3IgaGFuZGxpbmcgYnkg
ZW5kLXVzZXJzKSBNVVNUIGJlIGxlc3MgdGhhbgogICBvciBlcXVhbCB0byAyXigtMTI4KSBhbmQg
U0hPVUxEIGJlIGxlc3MgdGhhbiBvciBlcXVhbCB0byAyXigtMTYwKS4KCiAgIFRoZSBhdXRob3Jp
emF0aW9uIHNlcnZlciBNVVNUIHV0aWxpemUgb3RoZXIgbWVhbnMgdG8gcHJvdGVjdAogICBjcmVk
ZW50aWFscyBpbnRlbmRlZCBmb3IgZW5kLXVzZXIgdXNhZ2UuCgoxMC4xMS4gIFBoaXNoaW5nIEF0
dGFja3MKCiAgIFdpZGUgZGVwbG95bWVudCBvZiB0aGlzIGFuZCBzaW1pbGFyIHByb3RvY29scyBt
YXkgY2F1c2UgZW5kLXVzZXJzIHRvCiAgIGJlY29tZSBpbnVyZWQgdG8gdGhlIHByYWN0aWNlIG9m
IGJlaW5nIHJlZGlyZWN0ZWQgdG8gd2Vic2l0ZXMgd2hlcmUKICAgdGhleSBhcmUgYXNrZWQgdG8g
ZW50ZXIgdGhlaXIgcGFzc3dvcmRzLiAgSWYgZW5kLXVzZXJzIGFyZSBub3QKICAgY2FyZWZ1bCB0
byB2ZXJpZnkgdGhlIGF1dGhlbnRpY2l0eSBvZiB0aGVzZSB3ZWJzaXRlcyBiZWZvcmUgZW50ZXJp
bmcKICAgdGhlaXIgY3JlZGVudGlhbHMsIGl0IHdpbGwgYmUgcG9zc2libGUgZm9yIGF0dGFja2Vy
cyB0byBleHBsb2l0IHRoaXMKICAgcHJhY3RpY2UgdG8gc3RlYWwgcmVzb3VyY2Ugb3duZXJzJyBw
YXNzd29yZHMuCgogICBTZXJ2aWNlIHByb3ZpZGVycyBzaG91bGQgYXR0ZW1wdCB0byBlZHVjYXRl
IGVuZC11c2VycyBhYm91dCB0aGUgcmlza3MKICAgcGhpc2hpbmcgYXR0YWNrcyBwb3NlLCBhbmQg
c2hvdWxkIHByb3ZpZGUgbWVjaGFuaXNtcyB0aGF0IG1ha2UgaXQKICAgZWFzeSBmb3IgZW5kLXVz
ZXJzIHRvIGNvbmZpcm0gdGhlIGF1dGhlbnRpY2l0eSBvZiB0aGVpciBzaXRlcy4KICAgQ2xpZW50
IGRldmVsb3BlcnMgc2hvdWxkIGNvbnNpZGVyIHRoZSBzZWN1cml0eSBpbXBsaWNhdGlvbnMgb2Yg
aG93CiAgIHRoZXkgaW50ZXJhY3Qgd2l0aCB0aGUgdXNlci1hZ2VudCAoZS5nLiwgZXh0ZXJuYWws
IGVtYmVkZGVkKSwgYW5kIHRoZQogICBhYmlsaXR5IG9mIHRoZSBlbmQtdXNlciB0byB2ZXJpZnkg
dGhlIGF1dGhlbnRpY2l0eSBvZiB0aGUKICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuCgogICBUbyBy
ZWR1Y2UgdGhlIHJpc2sgb2YgcGhpc2hpbmcgYXR0YWNrcywgdGhlIGF1dGhvcml6YXRpb24gc2Vy
dmVycwogICBNVVNUIHJlcXVpcmUgdGhlIHVzZSBvZiBUTFMgb24gZXZlcnkgZW5kcG9pbnQgdXNl
ZCBmb3IgZW5kLXVzZXIKICAgaW50ZXJhY3Rpb24uCgoxMC4xMi4gIENyb3NzLVNpdGUgUmVxdWVz
dCBGb3JnZXJ5CgogICBDcm9zcy1zaXRlIHJlcXVlc3QgZm9yZ2VyeSAoQ1NSRikgaXMgYW4gZXhw
bG9pdCBpbiB3aGljaCBhbiBhdHRhY2tlcgogICBjYXVzZXMgdGhlIHVzZXItYWdlbnQgb2YgYSB2
aWN0aW0gZW5kLXVzZXIgdG8gZm9sbG93IGEgbWFsaWNpb3VzIFVSSQogICAoZS5nLiBwcm92aWRl
ZCB0byB0aGUgdXNlci1hZ2VudCBhcyBhIG1pc2xlYWRpbmcgbGluaywgaW1hZ2UsIG9yCiAgIHJl
ZGlyZWN0aW9uKSB0byBhIHRydXN0aW5nIHNlcnZlciAodXN1YWxseSBlc3RhYmxpc2hlZCB2aWEg
dGhlCiAgIHByZXNlbmNlIG9mIGEgdmFsaWQgc2Vzc2lvbiBjb29raWUpLgoKICAgQSBDU1JGIGF0
dGFjayBhZ2FpbnN0IHRoZSBjbGllbnQncyByZWRpcmVjdGlvbiBVUkkgYWxsb3dzIGFuIGF0dGFj
a2VyCiAgIHRvIGluamVjdCB0aGVpciBvd24gYXV0aG9yaXphdGlvbiBjb2RlIG9yIGFjY2VzcyB0
b2tlbiwgd2hpY2ggY2FuCiAgIHJlc3VsdCBpbiB0aGUgY2xpZW50IHVzaW5nIGFuIGFjY2VzcyB0
b2tlbiBhc3NvY2lhdGVkIHdpdGggdGhlCiAgIGF0dGFja2VyJ3MgcHJvdGVjdGVkIHJlc291cmNl
cyByYXRoZXIgdGhhbiB0aGUgdmljdGltJ3MgKGUuZy4gc2F2ZQogICB0aGUgdmljdGltJ3MgYmFu
ayBhY2NvdW50IGluZm9ybWF0aW9uIHRvIGEgcHJvdGVjdGVkIHJlc291cmNlCiAgIGNvbnRyb2xs
ZWQgYnkgdGhlIGF0dGFja2VyKS4KCiAgIFRoZSBjbGllbnQgTVVTVCBpbXBsZW1lbnQgQ1NSRiBw
cm90ZWN0aW9uIGZvciBpdHMgcmVkaXJlY3Rpb24gVVJJLgogICBUaGlzIGlzIHR5cGljYWxseSBh
Y2NvbXBsaXNoZWQgYnkgcmVxdWlyaW5nIGFueSByZXF1ZXN0IHNlbnQgdG8gdGhlCiAgIHJlZGly
ZWN0aW9uIFVSSSBlbmRwb2ludCB0byBpbmNsdWRlIGEgdmFsdWUgdGhhdCBiaW5kcyB0aGUgcmVx
dWVzdCB0bwogICB0aGUgdXNlci1hZ2VudCdzIGF1dGhlbnRpY2F0ZWQgc3RhdGUgKGUuZy4gYSBo
YXNoIG9mIHRoZSBzZXNzaW9uCiAgIGNvb2tpZSB1c2VkIHRvIGF1dGhlbnRpY2F0ZSB0aGUgdXNl
ci1hZ2VudCkuICBUaGUgY2xpZW50IFNIT1VMRAoKCgpIYW1tZXIsIGV0IGFsLiAgICAgICAgICBF
eHBpcmVzIERlY2VtYmVyIDEsIDIwMTIgICAgICAgICAgICAgICBbUGFnZSA1NV0KDApJbnRlcm5l
dC1EcmFmdCAgICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICAg
TWF5IDIwMTIKCgogICB1dGlsaXplIHRoZSAic3RhdGUiIHJlcXVlc3QgcGFyYW1ldGVyIHRvIGRl
bGl2ZXIgdGhpcyB2YWx1ZSB0byB0aGUKICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgd2hlbiBtYWtp
bmcgYW4gYXV0aG9yaXphdGlvbiByZXF1ZXN0LgoKICAgT25jZSBhdXRob3JpemF0aW9uIGhhcyBi
ZWVuIG9idGFpbmVkIGZyb20gdGhlIGVuZC11c2VyLCB0aGUKICAgYXV0aG9yaXphdGlvbiBzZXJ2
ZXIgcmVkaXJlY3RzIHRoZSBlbmQtdXNlcidzIHVzZXItYWdlbnQgYmFjayB0byB0aGUKICAgY2xp
ZW50IHdpdGggdGhlIHJlcXVpcmVkIGJpbmRpbmcgdmFsdWUgY29udGFpbmVkIGluIHRoZSAic3Rh
dGUiCiAgIHBhcmFtZXRlci4gIFRoZSBiaW5kaW5nIHZhbHVlIGVuYWJsZXMgdGhlIGNsaWVudCB0
byB2ZXJpZnkgdGhlCiAgIHZhbGlkaXR5IG9mIHRoZSByZXF1ZXN0IGJ5IG1hdGNoaW5nIHRoZSBi
aW5kaW5nIHZhbHVlIHRvIHRoZSB1c2VyLQogICBhZ2VudCdzIGF1dGhlbnRpY2F0ZWQgc3RhdGUu
ICBUaGUgYmluZGluZyB2YWx1ZSB1c2VkIGZvciBDU1JGCiAgIHByb3RlY3Rpb24gTVVTVCBjb250
YWluIGEgbm9uLWd1ZXNzYWJsZSB2YWx1ZSAoYXMgZGVzY3JpYmVkIGluCiAgIFNlY3Rpb24gMTAu
MTApLCBhbmQgdGhlIHVzZXItYWdlbnQncyBhdXRoZW50aWNhdGVkIHN0YXRlIChlLmcuCiAgIHNl
c3Npb24gY29va2llLCBIVE1MNSBsb2NhbCBzdG9yYWdlKSBNVVNUIGJlIGtlcHQgaW4gYSBsb2Nh
dGlvbgogICBhY2Nlc3NpYmxlIG9ubHkgdG8gdGhlIGNsaWVudCBhbmQgdGhlIHVzZXItYWdlbnQg
KGkuZS4sIHByb3RlY3RlZCBieQogICBzYW1lLW9yaWdpbiBwb2xpY3kpLgoKICAgQSBDU1JGIGF0
dGFjayBhZ2FpbnN0IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcidzIGF1dGhvcml6YXRpb24KICAg
ZW5kcG9pbnQgY2FuIHJlc3VsdCBpbiBhbiBhdHRhY2tlciBvYnRhaW5pbmcgZW5kLXVzZXIgYXV0
aG9yaXphdGlvbgogICBmb3IgYSBtYWxpY2lvdXMgY2xpZW50IHdpdGhvdXQgaW52b2x2aW5nIG9y
IGFsZXJ0aW5nIHRoZSBlbmQtdXNlci4KCiAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNU
IGltcGxlbWVudCBDU1JGIHByb3RlY3Rpb24gZm9yIGl0cwogICBhdXRob3JpemF0aW9uIGVuZHBv
aW50LCBhbmQgZW5zdXJlIHRoYXQgYSBtYWxpY2lvdXMgY2xpZW50IGNhbm5vdAogICBvYnRhaW4g
YXV0aG9yaXphdGlvbiB3aXRob3V0IHRoZSBhd2FyZW5lc3MgYW5kIGV4cGxpY2l0IGNvbnNlbnQg
b2YKICAgdGhlIHJlc291cmNlIG93bmVyLgoKMTAuMTMuICBDbGlja2phY2tpbmcKCiAgIEluIGEg
Y2xpY2tqYWNraW5nIGF0dGFjaywgYW4gYXR0YWNrZXIgcmVnaXN0ZXJzIGEgbGVnaXRpbWF0ZSBj
bGllbnQKICAgYW5kIHRoZW4gY29uc3RydWN0cyBhIG1hbGljaW91cyBzaXRlIGluIHdoaWNoIGl0
IGxvYWRzIHRoZQogICBhdXRob3JpemF0aW9uIHNlcnZlcidzIGF1dGhvcml6YXRpb24gZW5kcG9p
bnQgd2ViIHBhZ2UgaW4gYQogICB0cmFuc3BhcmVudCBpZnJhbWUgb3ZlcmxhaWQgb24gdG9wIG9m
IGEgc2V0IG9mIGR1bW15IGJ1dHRvbnMgd2hpY2gKICAgYXJlIGNhcmVmdWxseSBjb25zdHJ1Y3Rl
ZCB0byBiZSBwbGFjZWQgZGlyZWN0bHkgdW5kZXIgaW1wb3J0YW50CiAgIGJ1dHRvbnMgb24gdGhl
IGF1dGhvcml6YXRpb24gcGFnZS4gIFdoZW4gYW4gZW5kLXVzZXIgY2xpY2tzIGEKICAgbWlzbGVh
ZGluZyB2aXNpYmxlIGJ1dHRvbiwgdGhlIGVuZC11c2VyIGlzIGFjdHVhbGx5IGNsaWNraW5nIGFu
CiAgIGludmlzaWJsZSBidXR0b24gb24gdGhlIGF1dGhvcml6YXRpb24gcGFnZSAoc3VjaCBhcyBh
biAiQXV0aG9yaXplIgogICBidXR0b24pLiAgVGhpcyBhbGxvd3MgYW4gYXR0YWNrZXIgdG8gdHJp
Y2sgYSByZXNvdXJjZSBvd25lciBpbnRvCiAgIGdyYW50aW5nIGl0cyBjbGllbnQgYWNjZXNzIHdp
dGhvdXQgdGhlaXIga25vd2xlZGdlLgoKICAgVG8gcHJldmVudCB0aGlzIGZvcm0gb2YgYXR0YWNr
LCBuYXRpdmUgYXBwbGljYXRpb25zIFNIT1VMRCB1c2UKICAgZXh0ZXJuYWwgYnJvd3NlcnMgaW5z
dGVhZCBvZiBlbWJlZGRpbmcgYnJvd3NlcnMgd2l0aGluIHRoZQogICBhcHBsaWNhdGlvbiB3aGVu
IHJlcXVlc3RpbmcgZW5kLXVzZXIgYXV0aG9yaXphdGlvbi4gIEZvciBtb3N0IG5ld2VyCiAgIGJy
b3dzZXJzLCBhdm9pZGFuY2Ugb2YgaWZyYW1lcyBjYW4gYmUgZW5mb3JjZWQgYnkgdGhlIGF1dGhv
cml6YXRpb24KICAgc2VydmVyIHVzaW5nIHRoZSAobm9uLXN0YW5kYXJkKSAieC1mcmFtZS1vcHRp
b25zIiBoZWFkZXIuICBUaGlzCiAgIGhlYWRlciBjYW4gaGF2ZSB0d28gdmFsdWVzLCAiZGVueSIg
YW5kICJzYW1lb3JpZ2luIiwgd2hpY2ggd2lsbCBibG9jawogICBhbnkgZnJhbWluZywgb3IgZnJh
bWluZyBieSBzaXRlcyB3aXRoIGEgZGlmZmVyZW50IG9yaWdpbiwKICAgcmVzcGVjdGl2ZWx5LiAg
Rm9yIG9sZGVyIGJyb3dzZXJzLCBqYXZhc2NyaXB0IGZyYW1lYnVzdGluZyB0ZWNobmlxdWVzCiAg
IGNhbiBiZSB1c2VkIGJ1dCBtYXkgbm90IGJlIGVmZmVjdGl2ZSBpbiBhbGwgYnJvd3NlcnMuCgoK
CgoKSGFtbWVyLCBldCBhbC4gICAgICAgICAgRXhwaXJlcyBEZWNlbWJlciAxLCAyMDEyICAgICAg
ICAgICAgICAgW1BhZ2UgNTZdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBPQXV0
aCAyLjAgICAgICAgICAgICAgICAgICAgICAgIE1heSAyMDEyCgoKMTAuMTQuICBDb2RlIEluamVj
dGlvbiBhbmQgSW5wdXQgVmFsaWRhdGlvbgoKICAgQSBjb2RlIGluamVjdGlvbiBhdHRhY2sgb2Nj
dXJzIHdoZW4gYW4gaW5wdXQgb3Igb3RoZXJ3aXNlIGV4dGVybmFsCiAgIHZhcmlhYmxlIGlzIHVz
ZWQgYnkgYW4gYXBwbGljYXRpb24gdW5zYW5pdGl6ZWQgYW5kIGNhdXNlcwogICBtb2RpZmljYXRp
b24gdG8gdGhlIGFwcGxpY2F0aW9uIGxvZ2ljLiAgVGhpcyBtYXkgYWxsb3cgYW4gYXR0YWNrZXIg
dG8KICAgZ2FpbiBhY2Nlc3MgdG8gdGhlIGFwcGxpY2F0aW9uIGRldmljZSBvciBpdHMgZGF0YSwg
Y2F1c2UgZGVuaWFsIG9mCiAgIHNlcnZpY2UsIG9yIGEgd2lkZSByYW5nZSBvZiBtYWxpY2lvdXMg
c2lkZS1lZmZlY3RzLgoKICAgVGhlIEF1dGhvcml6YXRpb24gc2VydmVyIGFuZCBjbGllbnQgTVVT
VCBzYW5pdGl6ZSAoYW5kIHZhbGlkYXRlIHdoZW4KICAgcG9zc2libGUpIGFueSB2YWx1ZSByZWNl
aXZlZCwgaW4gcGFydGljdWxhciwgdGhlIHZhbHVlIG9mIHRoZSAic3RhdGUiCiAgIGFuZCAicmVk
aXJlY3RfdXJpIiBwYXJhbWV0ZXJzLgoKMTAuMTUuICBPcGVuIFJlZGlyZWN0b3JzCgogICBUaGUg
YXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXV0aG9yaXphdGlvbiBlbmRwb2ludCBhbmQgdGhlIGNsaWVu
dAogICByZWRpcmVjdGlvbiBlbmRwb2ludCBjYW4gYmUgaW1wcm9wZXJseSBjb25maWd1cmVkIGFu
ZCBvcGVyYXRlIGFzIG9wZW4KICAgcmVkaXJlY3RvcnMuICBBbiBvcGVuIHJlZGlyZWN0b3IgaXMg
YW4gZW5kcG9pbnQgdXNpbmcgYSBwYXJhbWV0ZXIgdG8KICAgYXV0b21hdGljYWxseSByZWRpcmVj
dCBhIHVzZXItYWdlbnQgdG8gdGhlIGxvY2F0aW9uIHNwZWNpZmllZCBieSB0aGUKICAgcGFyYW1l
dGVyIHZhbHVlIHdpdGhvdXQgYW55IHZhbGlkYXRpb24uCgogICBPcGVuIHJlZGlyZWN0b3JzIGNh
biBiZSB1c2VkIGluIHBoaXNoaW5nIGF0dGFja3MsIG9yIGJ5IGFuIGF0dGFja2VyCiAgIHRvIGdl
dCBlbmQtdXNlcnMgdG8gdmlzaXQgbWFsaWNpb3VzIHNpdGVzIGJ5IG1ha2luZyB0aGUgVVJJJ3MK
ICAgYXV0aG9yaXR5IGxvb2sgbGlrZSBhIGZhbWlsaWFyIGFuZCB0cnVzdGVkIGRlc3RpbmF0aW9u
LiAgSW4gYWRkaXRpb24sCiAgIGlmIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhbGxvd3MgdGhl
IGNsaWVudCB0byByZWdpc3RlciBvbmx5IHBhcnQKICAgb2YgdGhlIHJlZGlyZWN0aW9uIFVSSSwg
YW4gYXR0YWNrZXIgY2FuIHVzZSBhbiBvcGVuIHJlZGlyZWN0b3IKICAgb3BlcmF0ZWQgYnkgdGhl
IGNsaWVudCB0byBjb25zdHJ1Y3QgYSByZWRpcmVjdGlvbiBVUkkgdGhhdCB3aWxsIHBhc3MKICAg
dGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHZhbGlkYXRpb24gYnV0IHdpbGwgc2VuZCB0aGUgYXV0
aG9yaXphdGlvbgogICBjb2RlIG9yIGFjY2VzcyB0b2tlbiB0byBhbiBlbmRwb2ludCB1bmRlciB0
aGUgY29udHJvbCBvZiB0aGUKICAgYXR0YWNrZXIuCgoKMTEuICBJQU5BIENvbnNpZGVyYXRpb25z
CgoxMS4xLiAgVGhlIE9BdXRoIEFjY2VzcyBUb2tlbiBUeXBlIFJlZ2lzdHJ5CgogICBUaGlzIHNw
ZWNpZmljYXRpb24gZXN0YWJsaXNoZXMgdGhlIE9BdXRoIGFjY2VzcyB0b2tlbiB0eXBlIHJlZ2lz
dHJ5LgoKICAgQWNjZXNzIHRva2VuIHR5cGVzIGFyZSByZWdpc3RlcmVkIHdpdGggYSBTcGVjaWZp
Y2F0aW9uIFJlcXVpcmVkCiAgIChbUkZDNTIyNl0pIGFmdGVyIGEgdHdvIHdlZWtzIHJldmlldyBw
ZXJpb2Qgb24gdGhlIFtUQkRdQGlldGYub3JnCiAgIG1haWxpbmcgbGlzdCwgb24gdGhlIGFkdmlj
ZSBvZiBvbmUgb3IgbW9yZSBEZXNpZ25hdGVkIEV4cGVydHMuCiAgIEhvd2V2ZXIsIHRvIGFsbG93
IGZvciB0aGUgYWxsb2NhdGlvbiBvZiB2YWx1ZXMgcHJpb3IgdG8gcHVibGljYXRpb24sCiAgIHRo
ZSBEZXNpZ25hdGVkIEV4cGVydChzKSBtYXkgYXBwcm92ZSByZWdpc3RyYXRpb24gb25jZSB0aGV5
IGFyZQogICBzYXRpc2ZpZWQgdGhhdCBzdWNoIGEgc3BlY2lmaWNhdGlvbiB3aWxsIGJlIHB1Ymxp
c2hlZC4KCiAgIFJlZ2lzdHJhdGlvbiByZXF1ZXN0cyBtdXN0IGJlIHNlbnQgdG8gdGhlIFtUQkRd
QGlldGYub3JnIG1haWxpbmcgbGlzdAogICBmb3IgcmV2aWV3IGFuZCBjb21tZW50LCB3aXRoIGFu
IGFwcHJvcHJpYXRlIHN1YmplY3QgKGUuZy4sICJSZXF1ZXN0CiAgIGZvciBhY2Nlc3MgdG9rZW4g
dHlwZTogZXhhbXBsZSIpLiBbWyBOb3RlIHRvIFJGQy1FRElUT1I6IFRoZSBuYW1lIG9mCiAgIHRo
ZSBtYWlsaW5nIGxpc3Qgc2hvdWxkIGJlIGRldGVybWluZWQgaW4gY29uc3VsdGF0aW9uIHdpdGgg
dGhlIElFU0cKCgoKSGFtbWVyLCBldCBhbC4gICAgICAgICAgRXhwaXJlcyBEZWNlbWJlciAxLCAy
MDEyICAgICAgICAgICAgICAgW1BhZ2UgNTddCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAg
ICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAgICAgICAgIE1heSAyMDEyCgoKICAgYW5kIElB
TkEuICBTdWdnZXN0ZWQgbmFtZTogb2F1dGgtZXh0LXJldmlldy4gXV0KCiAgIFdpdGhpbiB0aGUg
cmV2aWV3IHBlcmlvZCwgdGhlIERlc2lnbmF0ZWQgRXhwZXJ0KHMpIHdpbGwgZWl0aGVyCiAgIGFw
cHJvdmUgb3IgZGVueSB0aGUgcmVnaXN0cmF0aW9uIHJlcXVlc3QsIGNvbW11bmljYXRpbmcgdGhp
cyBkZWNpc2lvbgogICB0byB0aGUgcmV2aWV3IGxpc3QgYW5kIElBTkEuICBEZW5pYWxzIHNob3Vs
ZCBpbmNsdWRlIGFuIGV4cGxhbmF0aW9uCiAgIGFuZCwgaWYgYXBwbGljYWJsZSwgc3VnZ2VzdGlv
bnMgYXMgdG8gaG93IHRvIG1ha2UgdGhlIHJlcXVlc3QKICAgc3VjY2Vzc2Z1bC4KCiAgIElBTkEg
bXVzdCBvbmx5IGFjY2VwdCByZWdpc3RyeSB1cGRhdGVzIGZyb20gdGhlIERlc2lnbmF0ZWQgRXhw
ZXJ0KHMpLAogICBhbmQgc2hvdWxkIGRpcmVjdCBhbGwgcmVxdWVzdHMgZm9yIHJlZ2lzdHJhdGlv
biB0byB0aGUgcmV2aWV3IG1haWxpbmcKICAgbGlzdC4KCjExLjEuMS4gIFJlZ2lzdHJhdGlvbiBU
ZW1wbGF0ZQoKICAgVHlwZSBuYW1lOgogICAgICBUaGUgbmFtZSByZXF1ZXN0ZWQgKGUuZy4sICJl
eGFtcGxlIikuCiAgIEFkZGl0aW9uYWwgVG9rZW4gRW5kcG9pbnQgUmVzcG9uc2UgUGFyYW1ldGVy
czoKICAgICAgQWRkaXRpb25hbCByZXNwb25zZSBwYXJhbWV0ZXJzIHJldHVybmVkIHRvZ2V0aGVy
IHdpdGggdGhlCiAgICAgICJhY2Nlc3NfdG9rZW4iIHBhcmFtZXRlci4gIE5ldyBwYXJhbWV0ZXJz
IE1VU1QgYmUgc2VwYXJhdGVseQogICAgICByZWdpc3RlcmVkIGluIHRoZSBPQXV0aCBwYXJhbWV0
ZXJzIHJlZ2lzdHJ5IGFzIGRlc2NyaWJlZCBieQogICAgICBTZWN0aW9uIDExLjIuCiAgIEhUVFAg
QXV0aGVudGljYXRpb24gU2NoZW1lKHMpOgogICAgICBUaGUgSFRUUCBhdXRoZW50aWNhdGlvbiBz
Y2hlbWUgbmFtZShzKSwgaWYgYW55LCB1c2VkIHRvCiAgICAgIGF1dGhlbnRpY2F0ZSBwcm90ZWN0
ZWQgcmVzb3VyY2VzIHJlcXVlc3RzIHVzaW5nIGFjY2VzcyB0b2tlbnMgb2YKICAgICAgdGhpcyB0
eXBlLgogICBDaGFuZ2UgY29udHJvbGxlcjoKICAgICAgRm9yIHN0YW5kYXJkcy10cmFjayBSRkNz
LCBzdGF0ZSAiSUVURiIuICBGb3Igb3RoZXJzLCBnaXZlIHRoZSBuYW1lCiAgICAgIG9mIHRoZSBy
ZXNwb25zaWJsZSBwYXJ0eS4gIE90aGVyIGRldGFpbHMgKGUuZy4sIHBvc3RhbCBhZGRyZXNzLAog
ICAgICBlLW1haWwgYWRkcmVzcywgaG9tZSBwYWdlIFVSSSkgbWF5IGFsc28gYmUgaW5jbHVkZWQu
CiAgIFNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6CiAgICAgIFJlZmVyZW5jZSB0byB0aGUgZG9j
dW1lbnQgdGhhdCBzcGVjaWZpZXMgdGhlIHBhcmFtZXRlciwgcHJlZmVyYWJseQogICAgICBpbmNs
dWRpbmcgYSBVUkkgdGhhdCBjYW4gYmUgdXNlZCB0byByZXRyaWV2ZSBhIGNvcHkgb2YgdGhlCiAg
ICAgIGRvY3VtZW50LiAgQW4gaW5kaWNhdGlvbiBvZiB0aGUgcmVsZXZhbnQgc2VjdGlvbnMgbWF5
IGFsc28gYmUKICAgICAgaW5jbHVkZWQsIGJ1dCBpcyBub3QgcmVxdWlyZWQuCgoxMS4yLiAgVGhl
IE9BdXRoIFBhcmFtZXRlcnMgUmVnaXN0cnkKCiAgIFRoaXMgc3BlY2lmaWNhdGlvbiBlc3RhYmxp
c2hlcyB0aGUgT0F1dGggcGFyYW1ldGVycyByZWdpc3RyeS4KCiAgIEFkZGl0aW9uYWwgcGFyYW1l
dGVycyBmb3IgaW5jbHVzaW9uIGluIHRoZSBhdXRob3JpemF0aW9uIGVuZHBvaW50CiAgIHJlcXVl
c3QsIHRoZSBhdXRob3JpemF0aW9uIGVuZHBvaW50IHJlc3BvbnNlLCB0aGUgdG9rZW4gZW5kcG9p
bnQKICAgcmVxdWVzdCwgb3IgdGhlIHRva2VuIGVuZHBvaW50IHJlc3BvbnNlIGFyZSByZWdpc3Rl
cmVkIHdpdGggYQogICBTcGVjaWZpY2F0aW9uIFJlcXVpcmVkIChbUkZDNTIyNl0pIGFmdGVyIGEg
dHdvIHdlZWtzIHJldmlldyBwZXJpb2Qgb24KICAgdGhlIFtUQkRdQGlldGYub3JnIG1haWxpbmcg
bGlzdCwgb24gdGhlIGFkdmljZSBvZiBvbmUgb3IgbW9yZQogICBEZXNpZ25hdGVkIEV4cGVydHMu
ICBIb3dldmVyLCB0byBhbGxvdyBmb3IgdGhlIGFsbG9jYXRpb24gb2YgdmFsdWVzCiAgIHByaW9y
IHRvIHB1YmxpY2F0aW9uLCB0aGUgRGVzaWduYXRlZCBFeHBlcnQocykgbWF5IGFwcHJvdmUKICAg
cmVnaXN0cmF0aW9uIG9uY2UgdGhleSBhcmUgc2F0aXNmaWVkIHRoYXQgc3VjaCBhIHNwZWNpZmlj
YXRpb24gd2lsbAogICBiZSBwdWJsaXNoZWQuCgoKCkhhbW1lciwgZXQgYWwuICAgICAgICAgIEV4
cGlyZXMgRGVjZW1iZXIgMSwgMjAxMiAgICAgICAgICAgICAgIFtQYWdlIDU4XQoMCkludGVybmV0
LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAgICAgICAgICAgICAgICAgICBN
YXkgMjAxMgoKCiAgIFJlZ2lzdHJhdGlvbiByZXF1ZXN0cyBtdXN0IGJlIHNlbnQgdG8gdGhlIFtU
QkRdQGlldGYub3JnIG1haWxpbmcgbGlzdAogICBmb3IgcmV2aWV3IGFuZCBjb21tZW50LCB3aXRo
IGFuIGFwcHJvcHJpYXRlIHN1YmplY3QgKGUuZy4sICJSZXF1ZXN0CiAgIGZvciBwYXJhbWV0ZXI6
IGV4YW1wbGUiKS4gW1sgTm90ZSB0byBSRkMtRURJVE9SOiBUaGUgbmFtZSBvZiB0aGUKICAgbWFp
bGluZyBsaXN0IHNob3VsZCBiZSBkZXRlcm1pbmVkIGluIGNvbnN1bHRhdGlvbiB3aXRoIHRoZSBJ
RVNHIGFuZAogICBJQU5BLiAgU3VnZ2VzdGVkIG5hbWU6IG9hdXRoLWV4dC1yZXZpZXcuIF1dCgog
ICBXaXRoaW4gdGhlIHJldmlldyBwZXJpb2QsIHRoZSBEZXNpZ25hdGVkIEV4cGVydChzKSB3aWxs
IGVpdGhlcgogICBhcHByb3ZlIG9yIGRlbnkgdGhlIHJlZ2lzdHJhdGlvbiByZXF1ZXN0LCBjb21t
dW5pY2F0aW5nIHRoaXMgZGVjaXNpb24KICAgdG8gdGhlIHJldmlldyBsaXN0IGFuZCBJQU5BLiAg
RGVuaWFscyBzaG91bGQgaW5jbHVkZSBhbiBleHBsYW5hdGlvbgogICBhbmQsIGlmIGFwcGxpY2Fi
bGUsIHN1Z2dlc3Rpb25zIGFzIHRvIGhvdyB0byBtYWtlIHRoZSByZXF1ZXN0CiAgIHN1Y2Nlc3Nm
dWwuCgogICBJQU5BIG11c3Qgb25seSBhY2NlcHQgcmVnaXN0cnkgdXBkYXRlcyBmcm9tIHRoZSBE
ZXNpZ25hdGVkIEV4cGVydChzKSwKICAgYW5kIHNob3VsZCBkaXJlY3QgYWxsIHJlcXVlc3RzIGZv
ciByZWdpc3RyYXRpb24gdG8gdGhlIHJldmlldyBtYWlsaW5nCiAgIGxpc3QuCgoxMS4yLjEuICBS
ZWdpc3RyYXRpb24gVGVtcGxhdGUKCiAgIFBhcmFtZXRlciBuYW1lOgogICAgICBUaGUgbmFtZSBy
ZXF1ZXN0ZWQgKGUuZy4sICJleGFtcGxlIikuCiAgIFBhcmFtZXRlciB1c2FnZSBsb2NhdGlvbjoK
ICAgICAgVGhlIGxvY2F0aW9uKHMpIHdoZXJlIHBhcmFtZXRlciBjYW4gYmUgdXNlZC4gIFRoZSBw
b3NzaWJsZQogICAgICBsb2NhdGlvbnMgYXJlOiBhdXRob3JpemF0aW9uIHJlcXVlc3QsIGF1dGhv
cml6YXRpb24gcmVzcG9uc2UsCiAgICAgIHRva2VuIHJlcXVlc3QsIG9yIHRva2VuIHJlc3BvbnNl
LgogICBDaGFuZ2UgY29udHJvbGxlcjoKICAgICAgRm9yIHN0YW5kYXJkcy10cmFjayBSRkNzLCBz
dGF0ZSAiSUVURiIuICBGb3Igb3RoZXJzLCBnaXZlIHRoZSBuYW1lCiAgICAgIG9mIHRoZSByZXNw
b25zaWJsZSBwYXJ0eS4gIE90aGVyIGRldGFpbHMgKGUuZy4sIHBvc3RhbCBhZGRyZXNzLAogICAg
ICBlLW1haWwgYWRkcmVzcywgaG9tZSBwYWdlIFVSSSkgbWF5IGFsc28gYmUgaW5jbHVkZWQuCiAg
IFNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6CiAgICAgIFJlZmVyZW5jZSB0byB0aGUgZG9jdW1l
bnQgdGhhdCBzcGVjaWZpZXMgdGhlIHBhcmFtZXRlciwgcHJlZmVyYWJseQogICAgICBpbmNsdWRp
bmcgYSBVUkkgdGhhdCBjYW4gYmUgdXNlZCB0byByZXRyaWV2ZSBhIGNvcHkgb2YgdGhlCiAgICAg
IGRvY3VtZW50LiAgQW4gaW5kaWNhdGlvbiBvZiB0aGUgcmVsZXZhbnQgc2VjdGlvbnMgbWF5IGFs
c28gYmUKICAgICAgaW5jbHVkZWQsIGJ1dCBpcyBub3QgcmVxdWlyZWQuCgoxMS4yLjIuICBJbml0
aWFsIFJlZ2lzdHJ5IENvbnRlbnRzCgogICBUaGUgT0F1dGggUGFyYW1ldGVycyBSZWdpc3RyeSdz
IGluaXRpYWwgY29udGVudHMgYXJlOgoKICAgbyAgUGFyYW1ldGVyIG5hbWU6IGNsaWVudF9pZAog
ICBvICBQYXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb246IGF1dGhvcml6YXRpb24gcmVxdWVzdCwgdG9r
ZW4gcmVxdWVzdAogICBvICBDaGFuZ2UgY29udHJvbGxlcjogSUVURgogICBvICBTcGVjaWZpY2F0
aW9uIGRvY3VtZW50KHMpOiBbWyB0aGlzIGRvY3VtZW50IF1dCgogICBvICBQYXJhbWV0ZXIgbmFt
ZTogY2xpZW50X3NlY3JldAogICBvICBQYXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb246IHRva2VuIHJl
cXVlc3QKICAgbyAgQ2hhbmdlIGNvbnRyb2xsZXI6IElFVEYKCgoKCgpIYW1tZXIsIGV0IGFsLiAg
ICAgICAgICBFeHBpcmVzIERlY2VtYmVyIDEsIDIwMTIgICAgICAgICAgICAgICBbUGFnZSA1OV0K
DApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAg
ICAgICAgICAgTWF5IDIwMTIKCgogICBvICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOiBbWyB0
aGlzIGRvY3VtZW50IF1dCgogICBvICBQYXJhbWV0ZXIgbmFtZTogcmVzcG9uc2VfdHlwZQogICBv
ICBQYXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb246IGF1dGhvcml6YXRpb24gcmVxdWVzdAogICBvICBD
aGFuZ2UgY29udHJvbGxlcjogSUVURgogICBvICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOiBb
WyB0aGlzIGRvY3VtZW50IF1dCgogICBvICBQYXJhbWV0ZXIgbmFtZTogcmVkaXJlY3RfdXJpCiAg
IG8gIFBhcmFtZXRlciB1c2FnZSBsb2NhdGlvbjogYXV0aG9yaXphdGlvbiByZXF1ZXN0LCB0b2tl
biByZXF1ZXN0CiAgIG8gIENoYW5nZSBjb250cm9sbGVyOiBJRVRGCiAgIG8gIFNwZWNpZmljYXRp
b24gZG9jdW1lbnQocyk6IFtbIHRoaXMgZG9jdW1lbnQgXV0KCiAgIG8gIFBhcmFtZXRlciBuYW1l
OiBzY29wZQogICBvICBQYXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb246IGF1dGhvcml6YXRpb24gcmVx
dWVzdCwgYXV0aG9yaXphdGlvbgogICAgICByZXNwb25zZSwgdG9rZW4gcmVxdWVzdCwgdG9rZW4g
cmVzcG9uc2UKICAgbyAgQ2hhbmdlIGNvbnRyb2xsZXI6IElFVEYKICAgbyAgU3BlY2lmaWNhdGlv
biBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBdXQoKICAgbyAgUGFyYW1ldGVyIG5hbWU6
IHN0YXRlCiAgIG8gIFBhcmFtZXRlciB1c2FnZSBsb2NhdGlvbjogYXV0aG9yaXphdGlvbiByZXF1
ZXN0LCBhdXRob3JpemF0aW9uCiAgICAgIHJlc3BvbnNlCiAgIG8gIENoYW5nZSBjb250cm9sbGVy
OiBJRVRGCiAgIG8gIFNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6IFtbIHRoaXMgZG9jdW1lbnQg
XV0KCiAgIG8gIFBhcmFtZXRlciBuYW1lOiBjb2RlCiAgIG8gIFBhcmFtZXRlciB1c2FnZSBsb2Nh
dGlvbjogYXV0aG9yaXphdGlvbiByZXNwb25zZSwgdG9rZW4gcmVxdWVzdAogICBvICBDaGFuZ2Ug
Y29udHJvbGxlcjogSUVURgogICBvICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOiBbWyB0aGlz
IGRvY3VtZW50IF1dCgogICBvICBQYXJhbWV0ZXIgbmFtZTogZXJyb3JfZGVzY3JpcHRpb24KICAg
byAgUGFyYW1ldGVyIHVzYWdlIGxvY2F0aW9uOiBhdXRob3JpemF0aW9uIHJlc3BvbnNlLCB0b2tl
biByZXNwb25zZQogICBvICBDaGFuZ2UgY29udHJvbGxlcjogSUVURgogICBvICBTcGVjaWZpY2F0
aW9uIGRvY3VtZW50KHMpOiBbWyB0aGlzIGRvY3VtZW50IF1dCgogICBvICBQYXJhbWV0ZXIgbmFt
ZTogZXJyb3JfdXJpCiAgIG8gIFBhcmFtZXRlciB1c2FnZSBsb2NhdGlvbjogYXV0aG9yaXphdGlv
biByZXNwb25zZSwgdG9rZW4gcmVzcG9uc2UKICAgbyAgQ2hhbmdlIGNvbnRyb2xsZXI6IElFVEYK
ICAgbyAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBdXQoKICAg
byAgUGFyYW1ldGVyIG5hbWU6IGdyYW50X3R5cGUKICAgbyAgUGFyYW1ldGVyIHVzYWdlIGxvY2F0
aW9uOiB0b2tlbiByZXF1ZXN0CiAgIG8gIENoYW5nZSBjb250cm9sbGVyOiBJRVRGCiAgIG8gIFNw
ZWNpZmljYXRpb24gZG9jdW1lbnQocyk6IFtbIHRoaXMgZG9jdW1lbnQgXV0KCiAgIG8gIFBhcmFt
ZXRlciBuYW1lOiBhY2Nlc3NfdG9rZW4KICAgbyAgUGFyYW1ldGVyIHVzYWdlIGxvY2F0aW9uOiBh
dXRob3JpemF0aW9uIHJlc3BvbnNlLCB0b2tlbiByZXNwb25zZQoKCgoKCkhhbW1lciwgZXQgYWwu
ICAgICAgICAgIEV4cGlyZXMgRGVjZW1iZXIgMSwgMjAxMiAgICAgICAgICAgICAgIFtQYWdlIDYw
XQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1dGggMi4wICAgICAgICAgICAg
ICAgICAgICAgICBNYXkgMjAxMgoKCiAgIG8gIENoYW5nZSBjb250cm9sbGVyOiBJRVRGCiAgIG8g
IFNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6IFtbIHRoaXMgZG9jdW1lbnQgXV0KCiAgIG8gIFBh
cmFtZXRlciBuYW1lOiB0b2tlbl90eXBlCiAgIG8gIFBhcmFtZXRlciB1c2FnZSBsb2NhdGlvbjog
YXV0aG9yaXphdGlvbiByZXNwb25zZSwgdG9rZW4gcmVzcG9uc2UKICAgbyAgQ2hhbmdlIGNvbnRy
b2xsZXI6IElFVEYKICAgbyAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1
bWVudCBdXQoKICAgbyAgUGFyYW1ldGVyIG5hbWU6IGV4cGlyZXNfaW4KICAgbyAgUGFyYW1ldGVy
IHVzYWdlIGxvY2F0aW9uOiBhdXRob3JpemF0aW9uIHJlc3BvbnNlLCB0b2tlbiByZXNwb25zZQog
ICBvICBDaGFuZ2UgY29udHJvbGxlcjogSUVURgogICBvICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50
KHMpOiBbWyB0aGlzIGRvY3VtZW50IF1dCgogICBvICBQYXJhbWV0ZXIgbmFtZTogdXNlcm5hbWUK
ICAgbyAgUGFyYW1ldGVyIHVzYWdlIGxvY2F0aW9uOiB0b2tlbiByZXF1ZXN0CiAgIG8gIENoYW5n
ZSBjb250cm9sbGVyOiBJRVRGCiAgIG8gIFNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6IFtbIHRo
aXMgZG9jdW1lbnQgXV0KCiAgIG8gIFBhcmFtZXRlciBuYW1lOiBwYXNzd29yZAogICBvICBQYXJh
bWV0ZXIgdXNhZ2UgbG9jYXRpb246IHRva2VuIHJlcXVlc3QKICAgbyAgQ2hhbmdlIGNvbnRyb2xs
ZXI6IElFVEYKICAgbyAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVu
dCBdXQoKICAgbyAgUGFyYW1ldGVyIG5hbWU6IHJlZnJlc2hfdG9rZW4KICAgbyAgUGFyYW1ldGVy
IHVzYWdlIGxvY2F0aW9uOiB0b2tlbiByZXF1ZXN0LCB0b2tlbiByZXNwb25zZQogICBvICBDaGFu
Z2UgY29udHJvbGxlcjogSUVURgogICBvICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOiBbWyB0
aGlzIGRvY3VtZW50IF1dCgoxMS4zLiAgVGhlIE9BdXRoIEF1dGhvcml6YXRpb24gRW5kcG9pbnQg
UmVzcG9uc2UgVHlwZSBSZWdpc3RyeQoKICAgVGhpcyBzcGVjaWZpY2F0aW9uIGVzdGFibGlzaGVz
IHRoZSBPQXV0aCBhdXRob3JpemF0aW9uIGVuZHBvaW50CiAgIHJlc3BvbnNlIHR5cGUgcmVnaXN0
cnkuCgogICBBZGRpdGlvbmFsIHJlc3BvbnNlIHR5cGUgZm9yIHVzZSB3aXRoIHRoZSBhdXRob3Jp
emF0aW9uIGVuZHBvaW50IGFyZQogICByZWdpc3RlcmVkIHdpdGggYSBTcGVjaWZpY2F0aW9uIFJl
cXVpcmVkIChbUkZDNTIyNl0pIGFmdGVyIGEgdHdvCiAgIHdlZWtzIHJldmlldyBwZXJpb2Qgb24g
dGhlIFtUQkRdQGlldGYub3JnIG1haWxpbmcgbGlzdCwgb24gdGhlIGFkdmljZQogICBvZiBvbmUg
b3IgbW9yZSBEZXNpZ25hdGVkIEV4cGVydHMuICBIb3dldmVyLCB0byBhbGxvdyBmb3IgdGhlCiAg
IGFsbG9jYXRpb24gb2YgdmFsdWVzIHByaW9yIHRvIHB1YmxpY2F0aW9uLCB0aGUgRGVzaWduYXRl
ZCBFeHBlcnQocykKICAgbWF5IGFwcHJvdmUgcmVnaXN0cmF0aW9uIG9uY2UgdGhleSBhcmUgc2F0
aXNmaWVkIHRoYXQgc3VjaCBhCiAgIHNwZWNpZmljYXRpb24gd2lsbCBiZSBwdWJsaXNoZWQuCgog
ICBSZWdpc3RyYXRpb24gcmVxdWVzdHMgbXVzdCBiZSBzZW50IHRvIHRoZSBbVEJEXUBpZXRmLm9y
ZyBtYWlsaW5nIGxpc3QKICAgZm9yIHJldmlldyBhbmQgY29tbWVudCwgd2l0aCBhbiBhcHByb3By
aWF0ZSBzdWJqZWN0IChlLmcuLCAiUmVxdWVzdAogICBmb3IgcmVzcG9uc2UgdHlwZTogZXhhbXBs
ZSIpLiBbWyBOb3RlIHRvIFJGQy1FRElUT1I6IFRoZSBuYW1lIG9mIHRoZQogICBtYWlsaW5nIGxp
c3Qgc2hvdWxkIGJlIGRldGVybWluZWQgaW4gY29uc3VsdGF0aW9uIHdpdGggdGhlIElFU0cgYW5k
CiAgIElBTkEuICBTdWdnZXN0ZWQgbmFtZTogb2F1dGgtZXh0LXJldmlldy4gXV0KCiAgIFdpdGhp
biB0aGUgcmV2aWV3IHBlcmlvZCwgdGhlIERlc2lnbmF0ZWQgRXhwZXJ0KHMpIHdpbGwgZWl0aGVy
CgoKCkhhbW1lciwgZXQgYWwuICAgICAgICAgIEV4cGlyZXMgRGVjZW1iZXIgMSwgMjAxMiAgICAg
ICAgICAgICAgIFtQYWdlIDYxXQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgT0F1
dGggMi4wICAgICAgICAgICAgICAgICAgICAgICBNYXkgMjAxMgoKCiAgIGFwcHJvdmUgb3IgZGVu
eSB0aGUgcmVnaXN0cmF0aW9uIHJlcXVlc3QsIGNvbW11bmljYXRpbmcgdGhpcyBkZWNpc2lvbgog
ICB0byB0aGUgcmV2aWV3IGxpc3QgYW5kIElBTkEuICBEZW5pYWxzIHNob3VsZCBpbmNsdWRlIGFu
IGV4cGxhbmF0aW9uCiAgIGFuZCwgaWYgYXBwbGljYWJsZSwgc3VnZ2VzdGlvbnMgYXMgdG8gaG93
IHRvIG1ha2UgdGhlIHJlcXVlc3QKICAgc3VjY2Vzc2Z1bC4KCiAgIElBTkEgbXVzdCBvbmx5IGFj
Y2VwdCByZWdpc3RyeSB1cGRhdGVzIGZyb20gdGhlIERlc2lnbmF0ZWQgRXhwZXJ0KHMpLAogICBh
bmQgc2hvdWxkIGRpcmVjdCBhbGwgcmVxdWVzdHMgZm9yIHJlZ2lzdHJhdGlvbiB0byB0aGUgcmV2
aWV3IG1haWxpbmcKICAgbGlzdC4KCjExLjMuMS4gIFJlZ2lzdHJhdGlvbiBUZW1wbGF0ZQoKICAg
UmVzcG9uc2UgdHlwZSBuYW1lOgogICAgICBUaGUgbmFtZSByZXF1ZXN0ZWQgKGUuZy4sICJleGFt
cGxlIikuCiAgIENoYW5nZSBjb250cm9sbGVyOgogICAgICBGb3Igc3RhbmRhcmRzLXRyYWNrIFJG
Q3MsIHN0YXRlICJJRVRGIi4gIEZvciBvdGhlcnMsIGdpdmUgdGhlIG5hbWUKICAgICAgb2YgdGhl
IHJlc3BvbnNpYmxlIHBhcnR5LiAgT3RoZXIgZGV0YWlscyAoZS5nLiwgcG9zdGFsIGFkZHJlc3Ms
CiAgICAgIGUtbWFpbCBhZGRyZXNzLCBob21lIHBhZ2UgVVJJKSBtYXkgYWxzbyBiZSBpbmNsdWRl
ZC4KICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKToKICAgICAgUmVmZXJlbmNlIHRvIHRoZSBk
b2N1bWVudCB0aGF0IHNwZWNpZmllcyB0aGUgdHlwZSwgcHJlZmVyYWJseQogICAgICBpbmNsdWRp
bmcgYSBVUkkgdGhhdCBjYW4gYmUgdXNlZCB0byByZXRyaWV2ZSBhIGNvcHkgb2YgdGhlCiAgICAg
IGRvY3VtZW50LiAgQW4gaW5kaWNhdGlvbiBvZiB0aGUgcmVsZXZhbnQgc2VjdGlvbnMgbWF5IGFs
c28gYmUKICAgICAgaW5jbHVkZWQsIGJ1dCBpcyBub3QgcmVxdWlyZWQuCgoxMS4zLjIuICBJbml0
aWFsIFJlZ2lzdHJ5IENvbnRlbnRzCgogICBUaGUgT0F1dGggQXV0aG9yaXphdGlvbiBFbmRwb2lu
dCBSZXNwb25zZSBUeXBlIFJlZ2lzdHJ5J3MgaW5pdGlhbAogICBjb250ZW50cyBhcmU6CgogICBv
ICBSZXNwb25zZSB0eXBlIG5hbWU6IGNvZGUKICAgbyAgQ2hhbmdlIGNvbnRyb2xsZXI6IElFVEYK
ICAgbyAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBdXQoKICAg
byAgUmVzcG9uc2UgdHlwZSBuYW1lOiB0b2tlbgogICBvICBDaGFuZ2UgY29udHJvbGxlcjogSUVU
RgogICBvICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOiBbWyB0aGlzIGRvY3VtZW50IF1dCgox
MS40LiAgVGhlIE9BdXRoIEV4dGVuc2lvbnMgRXJyb3IgUmVnaXN0cnkKCiAgIFRoaXMgc3BlY2lm
aWNhdGlvbiBlc3RhYmxpc2hlcyB0aGUgT0F1dGggZXh0ZW5zaW9ucyBlcnJvciByZWdpc3RyeS4K
CiAgIEFkZGl0aW9uYWwgZXJyb3IgY29kZXMgdXNlZCB0b2dldGhlciB3aXRoIG90aGVyIHByb3Rv
Y29sIGV4dGVuc2lvbnMKICAgKGkuZS4gZXh0ZW5zaW9uIGdyYW50IHR5cGVzLCBhY2Nlc3MgdG9r
ZW4gdHlwZXMsIG9yIGV4dGVuc2lvbgogICBwYXJhbWV0ZXJzKSBhcmUgcmVnaXN0ZXJlZCB3aXRo
IGEgU3BlY2lmaWNhdGlvbiBSZXF1aXJlZCAoW1JGQzUyMjZdKQogICBhZnRlciBhIHR3byB3ZWVr
cyByZXZpZXcgcGVyaW9kIG9uIHRoZSBbVEJEXUBpZXRmLm9yZyBtYWlsaW5nIGxpc3QsCiAgIG9u
IHRoZSBhZHZpY2Ugb2Ygb25lIG9yIG1vcmUgRGVzaWduYXRlZCBFeHBlcnRzLiAgSG93ZXZlciwg
dG8gYWxsb3cKICAgZm9yIHRoZSBhbGxvY2F0aW9uIG9mIHZhbHVlcyBwcmlvciB0byBwdWJsaWNh
dGlvbiwgdGhlIERlc2lnbmF0ZWQKICAgRXhwZXJ0KHMpIG1heSBhcHByb3ZlIHJlZ2lzdHJhdGlv
biBvbmNlIHRoZXkgYXJlIHNhdGlzZmllZCB0aGF0IHN1Y2gKICAgYSBzcGVjaWZpY2F0aW9uIHdp
bGwgYmUgcHVibGlzaGVkLgoKCgpIYW1tZXIsIGV0IGFsLiAgICAgICAgICBFeHBpcmVzIERlY2Vt
YmVyIDEsIDIwMTIgICAgICAgICAgICAgICBbUGFnZSA2Ml0KDApJbnRlcm5ldC1EcmFmdCAgICAg
ICAgICAgICAgICAgIE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICAgTWF5IDIwMTIKCgog
ICBSZWdpc3RyYXRpb24gcmVxdWVzdHMgbXVzdCBiZSBzZW50IHRvIHRoZSBbVEJEXUBpZXRmLm9y
ZyBtYWlsaW5nIGxpc3QKICAgZm9yIHJldmlldyBhbmQgY29tbWVudCwgd2l0aCBhbiBhcHByb3By
aWF0ZSBzdWJqZWN0IChlLmcuLCAiUmVxdWVzdAogICBmb3IgZXJyb3IgY29kZTogZXhhbXBsZSIp
LiBbWyBOb3RlIHRvIFJGQy1FRElUT1I6IFRoZSBuYW1lIG9mIHRoZQogICBtYWlsaW5nIGxpc3Qg
c2hvdWxkIGJlIGRldGVybWluZWQgaW4gY29uc3VsdGF0aW9uIHdpdGggdGhlIElFU0cgYW5kCiAg
IElBTkEuICBTdWdnZXN0ZWQgbmFtZTogb2F1dGgtZXh0LXJldmlldy4gXV0KCiAgIFdpdGhpbiB0
aGUgcmV2aWV3IHBlcmlvZCwgdGhlIERlc2lnbmF0ZWQgRXhwZXJ0KHMpIHdpbGwgZWl0aGVyCiAg
IGFwcHJvdmUgb3IgZGVueSB0aGUgcmVnaXN0cmF0aW9uIHJlcXVlc3QsIGNvbW11bmljYXRpbmcg
dGhpcyBkZWNpc2lvbgogICB0byB0aGUgcmV2aWV3IGxpc3QgYW5kIElBTkEuICBEZW5pYWxzIHNo
b3VsZCBpbmNsdWRlIGFuIGV4cGxhbmF0aW9uCiAgIGFuZCwgaWYgYXBwbGljYWJsZSwgc3VnZ2Vz
dGlvbnMgYXMgdG8gaG93IHRvIG1ha2UgdGhlIHJlcXVlc3QKICAgc3VjY2Vzc2Z1bC4KCiAgIElB
TkEgbXVzdCBvbmx5IGFjY2VwdCByZWdpc3RyeSB1cGRhdGVzIGZyb20gdGhlIERlc2lnbmF0ZWQg
RXhwZXJ0KHMpLAogICBhbmQgc2hvdWxkIGRpcmVjdCBhbGwgcmVxdWVzdHMgZm9yIHJlZ2lzdHJh
dGlvbiB0byB0aGUgcmV2aWV3IG1haWxpbmcKICAgbGlzdC4KCjExLjQuMS4gIFJlZ2lzdHJhdGlv
biBUZW1wbGF0ZQoKICAgRXJyb3IgbmFtZToKICAgICAgVGhlIG5hbWUgcmVxdWVzdGVkIChlLmcu
LCAiZXhhbXBsZSIpLgogICBFcnJvciB1c2FnZSBsb2NhdGlvbjoKICAgICAgVGhlIGxvY2F0aW9u
KHMpIHdoZXJlIHRoZSBlcnJvciBjYW4gYmUgdXNlZC4gIFRoZSBwb3NzaWJsZQogICAgICBsb2Nh
dGlvbnMgYXJlOiBhdXRob3JpemF0aW9uIGNvZGUgZ3JhbnQgZXJyb3IgcmVzcG9uc2UKICAgICAg
KFNlY3Rpb24gNC4xLjIuMSksIGltcGxpY2l0IGdyYW50IGVycm9yIHJlc3BvbnNlCiAgICAgIChT
ZWN0aW9uIDQuMi4yLjEpLCB0b2tlbiBlcnJvciByZXNwb25zZSAoU2VjdGlvbiA1LjIpLCBvciBy
ZXNvdXJjZQogICAgICBhY2Nlc3MgZXJyb3IgcmVzcG9uc2UgKFNlY3Rpb24gNy4yKS4KICAgUmVs
YXRlZCBwcm90b2NvbCBleHRlbnNpb246CiAgICAgIFRoZSBuYW1lIG9mIHRoZSBleHRlbnNpb24g
Z3JhbnQgdHlwZSwgYWNjZXNzIHRva2VuIHR5cGUsIG9yCiAgICAgIGV4dGVuc2lvbiBwYXJhbWV0
ZXIsIHRoZSBlcnJvciBjb2RlIGlzIHVzZWQgaW4gY29uanVuY3Rpb24gd2l0aC4KICAgQ2hhbmdl
IGNvbnRyb2xsZXI6CiAgICAgIEZvciBzdGFuZGFyZHMtdHJhY2sgUkZDcywgc3RhdGUgIklFVEYi
LiAgRm9yIG90aGVycywgZ2l2ZSB0aGUgbmFtZQogICAgICBvZiB0aGUgcmVzcG9uc2libGUgcGFy
dHkuICBPdGhlciBkZXRhaWxzIChlLmcuLCBwb3N0YWwgYWRkcmVzcywKICAgICAgZS1tYWlsIGFk
ZHJlc3MsIGhvbWUgcGFnZSBVUkkpIG1heSBhbHNvIGJlIGluY2x1ZGVkLgogICBTcGVjaWZpY2F0
aW9uIGRvY3VtZW50KHMpOgogICAgICBSZWZlcmVuY2UgdG8gdGhlIGRvY3VtZW50IHRoYXQgc3Bl
Y2lmaWVzIHRoZSBlcnJvciBjb2RlLAogICAgICBwcmVmZXJhYmx5IGluY2x1ZGluZyBhIFVSSSB0
aGF0IGNhbiBiZSB1c2VkIHRvIHJldHJpZXZlIGEgY29weSBvZgogICAgICB0aGUgZG9jdW1lbnQu
ICBBbiBpbmRpY2F0aW9uIG9mIHRoZSByZWxldmFudCBzZWN0aW9ucyBtYXkgYWxzbyBiZQogICAg
ICBpbmNsdWRlZCwgYnV0IGlzIG5vdCByZXF1aXJlZC4KCgoxMi4gIFJlZmVyZW5jZXMKCjEyLjEu
ICBOb3JtYXRpdmUgUmVmZXJlbmNlcwoKICAgW1JGQzIxMTldICBCcmFkbmVyLCBTLiwgIktleSB3
b3JkcyBmb3IgdXNlIGluIFJGQ3MgdG8gSW5kaWNhdGUKICAgICAgICAgICAgICBSZXF1aXJlbWVu
dCBMZXZlbHMiLCBCQ1AgMTQsIFJGQyAyMTE5LCBNYXJjaCAxOTk3LgoKICAgW1JGQzIyNDZdICBE
aWVya3MsIFQuIGFuZCBDLiBBbGxlbiwgIlRoZSBUTFMgUHJvdG9jb2wgVmVyc2lvbiAxLjAiLAoK
CgpIYW1tZXIsIGV0IGFsLiAgICAgICAgICBFeHBpcmVzIERlY2VtYmVyIDEsIDIwMTIgICAgICAg
ICAgICAgICBbUGFnZSA2M10KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIE9BdXRo
IDIuMCAgICAgICAgICAgICAgICAgICAgICAgTWF5IDIwMTIKCgogICAgICAgICAgICAgIFJGQyAy
MjQ2LCBKYW51YXJ5IDE5OTkuCgogICBbUkZDMjYxNl0gIEZpZWxkaW5nLCBSLiwgR2V0dHlzLCBK
LiwgTW9ndWwsIEouLCBGcnlzdHlrLCBILiwKICAgICAgICAgICAgICBNYXNpbnRlciwgTC4sIExl
YWNoLCBQLiwgYW5kIFQuIEJlcm5lcnMtTGVlLCAiSHlwZXJ0ZXh0CiAgICAgICAgICAgICAgVHJh
bnNmZXIgUHJvdG9jb2wgLS0gSFRUUC8xLjEiLCBSRkMgMjYxNiwgSnVuZSAxOTk5LgoKICAgW1JG
QzI2MTddICBGcmFua3MsIEouLCBIYWxsYW0tQmFrZXIsIFAuLCBIb3N0ZXRsZXIsIEouLCBMYXdy
ZW5jZSwgUy4sCiAgICAgICAgICAgICAgTGVhY2gsIFAuLCBMdW90b25lbiwgQS4sIGFuZCBMLiBT
dGV3YXJ0LCAiSFRUUAogICAgICAgICAgICAgIEF1dGhlbnRpY2F0aW9uOiBCYXNpYyBhbmQgRGln
ZXN0IEFjY2VzcyBBdXRoZW50aWNhdGlvbiIsCiAgICAgICAgICAgICAgUkZDIDI2MTcsIEp1bmUg
MTk5OS4KCiAgIFtSRkMyODE4XSAgUmVzY29ybGEsIEUuLCAiSFRUUCBPdmVyIFRMUyIsIFJGQyAy
ODE4LCBNYXkgMjAwMC4KCiAgIFtSRkMzOTg2XSAgQmVybmVycy1MZWUsIFQuLCBGaWVsZGluZywg
Ui4sIGFuZCBMLiBNYXNpbnRlciwgIlVuaWZvcm0KICAgICAgICAgICAgICBSZXNvdXJjZSBJZGVu
dGlmaWVyIChVUkkpOiBHZW5lcmljIFN5bnRheCIsIFNURCA2NiwKICAgICAgICAgICAgICBSRkMg
Mzk4NiwgSmFudWFyeSAyMDA1LgoKICAgW1JGQzQ2MjddICBDcm9ja2ZvcmQsIEQuLCAiVGhlIGFw
cGxpY2F0aW9uL2pzb24gTWVkaWEgVHlwZSBmb3IKICAgICAgICAgICAgICBKYXZhU2NyaXB0IE9i
amVjdCBOb3RhdGlvbiAoSlNPTikiLCBSRkMgNDYyNywgSnVseSAyMDA2LgoKICAgW1JGQzQ5NDld
ICBTaGlyZXksIFIuLCAiSW50ZXJuZXQgU2VjdXJpdHkgR2xvc3NhcnksIFZlcnNpb24gMiIsCiAg
ICAgICAgICAgICAgUkZDIDQ5NDksIEF1Z3VzdCAyMDA3LgoKICAgW1JGQzUyMjZdICBOYXJ0ZW4s
IFQuIGFuZCBILiBBbHZlc3RyYW5kLCAiR3VpZGVsaW5lcyBmb3IgV3JpdGluZyBhbgogICAgICAg
ICAgICAgIElBTkEgQ29uc2lkZXJhdGlvbnMgU2VjdGlvbiBpbiBSRkNzIiwgQkNQIDI2LCBSRkMg
NTIyNiwKICAgICAgICAgICAgICBNYXkgMjAwOC4KCiAgIFtSRkM1MjM0XSAgQ3JvY2tlciwgRC4g
YW5kIFAuIE92ZXJlbGwsICJBdWdtZW50ZWQgQk5GIGZvciBTeW50YXgKICAgICAgICAgICAgICBT
cGVjaWZpY2F0aW9uczogQUJORiIsIFNURCA2OCwgUkZDIDUyMzQsIEphbnVhcnkgMjAwOC4KCiAg
IFtSRkM1MjQ2XSAgRGllcmtzLCBULiBhbmQgRS4gUmVzY29ybGEsICJUaGUgVHJhbnNwb3J0IExh
eWVyIFNlY3VyaXR5CiAgICAgICAgICAgICAgKFRMUykgUHJvdG9jb2wgVmVyc2lvbiAxLjIiLCBS
RkMgNTI0NiwgQXVndXN0IDIwMDguCgogICBbUkZDNjEyNV0gIFNhaW50LUFuZHJlLCBQLiBhbmQg
Si4gSG9kZ2VzLCAiUmVwcmVzZW50YXRpb24gYW5kCiAgICAgICAgICAgICAgVmVyaWZpY2F0aW9u
IG9mIERvbWFpbi1CYXNlZCBBcHBsaWNhdGlvbiBTZXJ2aWNlIElkZW50aXR5CiAgICAgICAgICAg
ICAgd2l0aGluIEludGVybmV0IFB1YmxpYyBLZXkgSW5mcmFzdHJ1Y3R1cmUgVXNpbmcgWC41MDkK
ICAgICAgICAgICAgICAoUEtJWCkgQ2VydGlmaWNhdGVzIGluIHRoZSBDb250ZXh0IG9mIFRyYW5z
cG9ydCBMYXllcgogICAgICAgICAgICAgIFNlY3VyaXR5IChUTFMpIiwgUkZDIDYxMjUsIE1hcmNo
IDIwMTEuCgogICBbVVNBU0NJSV0gIEFtZXJpY2FuIE5hdGlvbmFsIFN0YW5kYXJkcyBJbnN0aXR1
dGUsICJDb2RlZCBDaGFyYWN0ZXIKICAgICAgICAgICAgICBTZXQgLS0gNy1iaXQgQW1lcmljYW4g
U3RhbmRhcmQgQ29kZSBmb3IgSW5mb3JtYXRpb24KICAgICAgICAgICAgICBJbnRlcmNoYW5nZSIs
IEFOU0kgWDMuNCwgMTk4Ni4KCiAgIFtXM0MuUkVDLWh0bWw0MDEtMTk5OTEyMjRdCiAgICAgICAg
ICAgICAgSG9ycywgQS4sIFJhZ2dldHQsIEQuLCBhbmQgSS4gSmFjb2JzLCAiSFRNTCA0LjAxCiAg
ICAgICAgICAgICAgU3BlY2lmaWNhdGlvbiIsIFdvcmxkIFdpZGUgV2ViIENvbnNvcnRpdW0KICAg
ICAgICAgICAgICBSZWNvbW1lbmRhdGlvbiBSRUMtaHRtbDQwMS0xOTk5MTIyNCwgRGVjZW1iZXIg
MTk5OSwKICAgICAgICAgICAgICA8aHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMtaHRtbDQw
MS0xOTk5MTIyND4uCgoKCkhhbW1lciwgZXQgYWwuICAgICAgICAgIEV4cGlyZXMgRGVjZW1iZXIg
MSwgMjAxMiAgICAgICAgICAgICAgIFtQYWdlIDY0XQoMCkludGVybmV0LURyYWZ0ICAgICAgICAg
ICAgICAgICAgT0F1dGggMi4wICAgICAgICAgICAgICAgICAgICAgICBNYXkgMjAxMgoKCjEyLjIu
ICBJbmZvcm1hdGl2ZSBSZWZlcmVuY2VzCgogICBbSS1ELmRyYWZ0LWhhcmR0LW9hdXRoLTAxXQog
ICAgICAgICAgICAgIEhhcmR0LCBELiwgRWQuLCBUb20sIEEuLCBFYXRvbiwgQi4sIGFuZCBZLiBH
b2xhbmQsICJPQXV0aAogICAgICAgICAgICAgIFdlYiBSZXNvdXJjZSBBdXRob3JpemF0aW9uIFBy
b2ZpbGVzIiwgSmFudWFyeSAyMDEwLgoKICAgW0ktRC5pZXRmLW9hdXRoLXNhbWwyLWJlYXJlcl0K
ICAgICAgICAgICAgICBNb3J0aW1vcmUsIEMuLCAiU0FNTCAyLjAgQmVhcmVyIEFzc2VydGlvbiBQ
cm9maWxlcyBmb3IKICAgICAgICAgICAgICBPQXV0aCAyLjAiLCBkcmFmdC1pZXRmLW9hdXRoLXNh
bWwyLWJlYXJlci0xMiAod29yayBpbgogICAgICAgICAgICAgIHByb2dyZXNzKSwgTWF5IDIwMTIu
CgogICBbSS1ELmlldGYtb2F1dGgtdjItYmVhcmVyXQogICAgICAgICAgICAgIEpvbmVzLCBNLiwg
SGFyZHQsIEQuLCBhbmQgRC4gUmVjb3Jkb24sICJUaGUgT0F1dGggMi4wCiAgICAgICAgICAgICAg
QXV0aG9yaXphdGlvbiBQcm90b2NvbDogQmVhcmVyIFRva2VucyIsCiAgICAgICAgICAgICAgZHJh
ZnQtaWV0Zi1vYXV0aC12Mi1iZWFyZXItMTkgKHdvcmsgaW4gcHJvZ3Jlc3MpLAogICAgICAgICAg
ICAgIEFwcmlsIDIwMTIuCgogICBbSS1ELmlldGYtb2F1dGgtdjItaHR0cC1tYWNdCiAgICAgICAg
ICAgICAgSGFtbWVyLUxhaGF2LCBFLiwgIkhUVFAgQXV0aGVudGljYXRpb246IE1BQyBBY2Nlc3MK
ICAgICAgICAgICAgICBBdXRoZW50aWNhdGlvbiIsIGRyYWZ0LWlldGYtb2F1dGgtdjItaHR0cC1t
YWMtMDEgKHdvcmsgaW4KICAgICAgICAgICAgICBwcm9ncmVzcyksIEZlYnJ1YXJ5IDIwMTIuCgog
ICBbSS1ELmlldGYtb2F1dGgtdjItdGhyZWF0bW9kZWxdCiAgICAgICAgICAgICAgTWNHbG9pbiwg
TS4sIEh1bnQsIFAuLCBhbmQgVC4gTG9kZGVyc3RlZHQsICJPQXV0aCAyLjAKICAgICAgICAgICAg
ICBUaHJlYXQgTW9kZWwgYW5kIFNlY3VyaXR5IENvbnNpZGVyYXRpb25zIiwKICAgICAgICAgICAg
ICBkcmFmdC1pZXRmLW9hdXRoLXYyLXRocmVhdG1vZGVsLTAyICh3b3JrIGluIHByb2dyZXNzKSwK
ICAgICAgICAgICAgICBGZWJydWFyeSAyMDEyLgoKICAgW09BU0lTLnNhbWwtY29yZS0yLjAtb3Nd
CiAgICAgICAgICAgICAgQ2FudG9yLCBTLiwgS2VtcCwgSi4sIFBoaWxwb3R0LCBSLiwgYW5kIEUu
IE1hbGVyLAogICAgICAgICAgICAgICJBc3NlcnRpb25zIGFuZCBQcm90b2NvbCBmb3IgdGhlIE9B
U0lTIFNlY3VyaXR5IEFzc2VydGlvbgogICAgICAgICAgICAgIE1hcmt1cCBMYW5ndWFnZSAoU0FN
TCkgVjIuMCIsIE9BU0lTIFN0YW5kYXJkIHNhbWwtY29yZS0KICAgICAgICAgICAgICAyLjAtb3Ms
IE1hcmNoIDIwMDUuCgogICBbUkZDNTg0OV0gIEhhbW1lci1MYWhhdiwgRS4sICJUaGUgT0F1dGgg
MS4wIFByb3RvY29sIiwgUkZDIDU4NDksCiAgICAgICAgICAgICAgQXByaWwgMjAxMC4KCgpBcHBl
bmRpeCBBLiAgQWNrbm93bGVkZ2VtZW50cwoKICAgVGhlIGluaXRpYWwgT0F1dGggMi4wIHByb3Rv
Y29sIHNwZWNpZmljYXRpb24gd2FzIGVkaXRlZCBieSBEYXZpZAogICBSZWNvcmRvbiwgYmFzZWQg
b24gdHdvIHByZXZpb3VzIHB1YmxpY2F0aW9uczogdGhlIE9BdXRoIDEuMCBjb21tdW5pdHkKICAg
c3BlY2lmaWNhdGlvbiBbUkZDNTg0OV0sIGFuZCBPQXV0aCBXUkFQIChPQXV0aCBXZWIgUmVzb3Vy
Y2UKICAgQXV0aG9yaXphdGlvbiBQcm9maWxlcykgW0ktRC5kcmFmdC1oYXJkdC1vYXV0aC0wMV0u
ICBUaGUgU2VjdXJpdHkKICAgQ29uc2lkZXJhdGlvbnMgc2VjdGlvbiB3YXMgZHJhZnRlZCBieSBU
b3JzdGVuIExvZGRlcnN0ZWR0LCBNYXJrCiAgIE1jR2xvaW4sIFBoaWwgSHVudCwgYW5kIEFudGhv
bnkgTmFkYWxpbi4KCiAgIFRoZSBPQXV0aCAxLjAgY29tbXVuaXR5IHNwZWNpZmljYXRpb24gd2Fz
IGVkaXRlZCBieSBFcmFuIEhhbW1lciBhbmQKCgoKSGFtbWVyLCBldCBhbC4gICAgICAgICAgRXhw
aXJlcyBEZWNlbWJlciAxLCAyMDEyICAgICAgICAgICAgICAgW1BhZ2UgNjVdCgwKSW50ZXJuZXQt
RHJhZnQgICAgICAgICAgICAgICAgICBPQXV0aCAyLjAgICAgICAgICAgICAgICAgICAgICAgIE1h
eSAyMDEyCgoKICAgYXV0aG9yZWQgYnkgTWFyayBBdHdvb2QsIERpcmsgQmFsZmFueiwgRGFycmVu
IEJvdW5kcywgUmljaGFyZCBNLgogICBDb25sYW4sIEJsYWluZSBDb29rLCBMZWFoIEN1bHZlciwg
QnJlbm8gZGUgTWVkZWlyb3MsIEJyaWFuIEVhdG9uLAogICBLZWxsYW4gRWxsaW90dC1NY0NyZWEs
IExhcnJ5IEhhbGZmLCBFcmFuIEhhbW1lciwgQmVuIExhdXJpZSwgQ2hyaXMKICAgTWVzc2luYSwg
Sm9obiBQYW56ZXIsIFNhbSBRdWlnbGV5LCBEYXZpZCBSZWNvcmRvbiwgRXJhbiBTYW5kbGVyLAog
ICBKb25hdGhhbiBTZXJnZW50LCBUb2RkIFNpZWxpbmcsIEJyaWFuIFNsZXNpbnNreSwgYW5kIEFu
ZHkgU21pdGguCgogICBUaGUgT0F1dGggV1JBUCBzcGVjaWZpY2F0aW9uIHdhcyBlZGl0ZWQgYnkg
RGljayBIYXJkdCBhbmQgYXV0aG9yZWQgYnkKICAgQnJpYW4gRWF0b24sIFlhcm9uIFkuIEdvbGFu
ZCwgRGljayBIYXJkdCwgYW5kIEFsbGVuIFRvbS4KCiAgIFRoaXMgc3BlY2lmaWNhdGlvbiBpcyB0
aGUgd29yayBvZiB0aGUgT0F1dGggV29ya2luZyBHcm91cCB3aGljaAogICBpbmNsdWRlcyBkb3pl
bnMgb2YgYWN0aXZlIGFuZCBkZWRpY2F0ZWQgcGFydGljaXBhbnRzLiAgSW4gcGFydGljdWxhciwK
ICAgdGhlIGZvbGxvd2luZyBpbmRpdmlkdWFscyBjb250cmlidXRlZCBpZGVhcywgZmVlZGJhY2ss
IGFuZCB3b3JkaW5nCiAgIHdoaWNoIHNoYXBlZCBhbmQgZm9ybWVkIHRoZSBmaW5hbCBzcGVjaWZp
Y2F0aW9uOgoKICAgTWljaGFlbCBBZGFtcywgQW1hbmRhIEFuZ2FuZXMsIEFuZHJldyBBcm5vdHQs
IERpcmsgQmFsZmFueiwgQWlkZW4KICAgQmVsbCwgQnJpYW4gQ2FtcGJlbGwsIFNjb3R0IENhbnRv
ciwgTWFyY29zIENhY2VyZXMsIEJsYWluZSBDb29rLAogICBSb2dlciBDcmV3LCBCcmlhbiBFYXRv
biwgV2VzbGV5IEVkZHksIExlYWggQ3VsdmVyLCBCaWxsIGRlIGhPcmEsCiAgIEFuZHJlIERlTWFy
cmUsIEJyaWFuIEVhdG9uLCBXb2x0ZXIgRWxkZXJpbmcsIEJyaWFuIEVsbGluLCBJZ29yCiAgIEZh
eW5iZXJnLCBHZW9yZ2UgRmxldGNoZXIsIFRpbSBGcmVlbWFuLCBMdWNhIEZyb3NpbmksIEV2YW4g
R2lsYmVydCwKICAgWWFyb24gWS4gR29sYW5kLCBCcmVudCBHb2xkbWFuLCBLcmlzdG9mZmVyIEdy
b25vd3NraSwgSnVzdGluIEhhcnQsCiAgIERpY2sgSGFyZHQsIENyYWlnIEhlYXRoLCBQaGlsIEh1
bnQsIE1pY2hhZWwgQi4gSm9uZXMsIFRlcnJ5IEpvbmVzLAogICBKb2huIEtlbXAsIE1hcmsgS2Vu
dCwgUmFmZmkgS3Jpa29yaWFuLCBDaGFzZW4gTGUgSGFyYSwgUmFzbXVzCiAgIExlcmRvcmYsIFRv
cnN0ZW4gTG9kZGVyc3RlZHQsIEh1aS1MYW4gTHUsIENhc2V5IEx1Y2FzLCBQYXVsIE1hZHNlbiwK
ICAgQWxhc3RhaXIgTWFpciwgRXZlIE1hbGVyLCBKYW1lcyBNYW5nZXIsIE1hcmsgTWNHbG9pbiwg
TGF1cmVuY2UgTWlhbywKICAgV2lsbGlhbSBNaWxscywgQ2h1Y2sgTW9ydGltb3JlLCBBbnRob255
IE5hZGFsaW4sIEp1bGlhbiBSZXNjaGtlLAogICBKdXN0aW4gUmljaGVyLCBQZXRlciBTYWludC1B
bmRyZSwgTmF0IFNha2ltdXJhLCBSb2IgU2F5cmUsIE1hcml1cwogICBTY3VydGVzY3UsIE5haXRp
ayBTaGFoLCBMdWtlIFNoZXBhcmQsIFZsYWQgU2t2b3J0c292LCBKdXN0aW4gU21pdGgsCiAgIEhh
aWJpbiBTb25nLCBOaXYgU3RlaW5nYXJ0ZW4sIENocmlzdGlhbiBTdHVibmVyLCBKZXJlbXkgU3Vy
aWVsLCBQYXVsCiAgIFRhcmphbiwgQ2hyaXN0b3BoZXIgVGhvbWFzLCBIZW5yeSBTLiBUaG9tcHNv
biwgQWxsZW4gVG9tLCBGcmFua2xpbgogICBUc2UsIE5pY2sgV2Fsa2VyLCBTaGFuZSBXZWVkZW4s
IGFuZCBTa3lsYXIgV29vZHdhcmQuCgogICBUaGlzIGRvY3VtZW50IHdhcyBwcm9kdWNlZCB1bmRl
ciB0aGUgY2hhaXJtYW5zaGlwIG9mIEJsYWluZSBDb29rLAogICBQZXRlciBTYWludC1BbmRyZSwg
SGFubmVzIFRzY2hvZmVuaWcsIEJhcnJ5IExlaWJhLCBhbmQgRGVyZWsgQXRraW5zLgogICBUaGUg
YXJlYSBkaXJlY3RvcnMgaW5jbHVkZWQgTGlzYSBEdXNzZWF1bHQsIFBldGVyIFNhaW50LUFuZHJl
LCBhbmQKICAgU3RlcGhlbiBGYXJyZWxsLgoKCkFwcGVuZGl4IEIuICBFZGl0b3IncyBOb3RlcwoK
ICAgV2hpbGUgbWFueSBwZW9wbGUgY29udHJpYnV0ZWQgdG8gdGhpcyBzcGVjaWZpY2F0aW9uIHRo
cm91Z2hvdXQgaXRzCiAgIGxvbmcgam91cm5leSwgdGhlIGVkaXRvciB3b3VsZCBsaWtlIHRvIGFj
a25vd2xlZGdlIGFuZCB0aGFuayBhIGZldwogICBpbmRpdmlkdWFscyBmb3IgdGhlaXIgb3V0c3Rh
bmRpbmcgYW5kIGludmFsdWFibGUgZWZmb3J0cyBsZWFkaW5nIHVwCiAgIHRvIHRoZSBwdWJsaWNh
dGlvbiBvZiB0aGlzIHNwZWNpZmljYXRpb24uCgogICBEYXZpZCBSZWNvcmRvbiBmb3IgY29udGlu
dW91c2x5IGJlaW5nIG9uZSBvZiBPQXV0aCdzIG1vc3QgdmFsdWFibGUKICAgYXNzZXRzLCBicmlu
Z2luZyBwcmFnbWF0aXNtIGFuZCB1cmdlbmN5IHRvIHRoZSB3b3JrLCBhbmQgaGVscGluZwogICBz
aGFwZSBpdCBmcm9tIGl0cyB2ZXJ5IGJlZ2lubmluZywgYXMgd2VsbCBhcyBiZWluZyBvbmUgb2Yg
dGhlIGJlc3QKICAgY29sbGFib3JhdG9ycyBJIGhhZCB0aGUgcGxlYXN1cmUgb2Ygd29ya2luZyB3
aXRoLgoKCgpIYW1tZXIsIGV0IGFsLiAgICAgICAgICBFeHBpcmVzIERlY2VtYmVyIDEsIDIwMTIg
ICAgICAgICAgICAgICBbUGFnZSA2Nl0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAg
IE9BdXRoIDIuMCAgICAgICAgICAgICAgICAgICAgICAgTWF5IDIwMTIKCgogICBKYW1lcyBNYW5n
ZXIgZm9yIGhpcyBjcmVhdGl2ZSBpZGVhcyBhbmQgYWx3YXlzIGluc2lnaHRmdWwgZmVlZGJhY2su
CiAgIEJyaWFuIENhbXBiZWxsLCBUb3JzdGVuIExvZGRlcnN0ZWR0LCBDaHVjayBNb3J0aW1vcmUs
IEp1c3RpbiBSaWNoZXIsCiAgIE1hcml1cyBTY3VydGVzY3UsIGFuZCBMdWtlIFNoZXBhcmQgZm9y
IHRoZWlyIGNvbnRpbnVlZCBwYXJ0aWNpcGF0aW9uCiAgIGFuZCB2YWx1YWJsZSBmZWVkYmFjay4K
CiAgIFNwZWNpYWwgdGhhbmtzIGdvZXMgdG8gTWlrZSBDdXJ0aXMgYW5kIFlhaG9vISBmb3IgdGhl
aXIgdW5jb25kaXRpb25hbAogICBzdXBwb3J0IG9mIHRoaXMgd29yayBmb3Igb3ZlciB0aHJlZSB5
ZWFycy4KCgpBdXRob3JzJyBBZGRyZXNzZXMKCiAgIEVyYW4gSGFtbWVyIChlZGl0b3IpCgogICBF
bWFpbDogZXJhbkBodWVuaXZlcnNlLmNvbQogICBVUkk6ICAgaHR0cDovL2h1ZW5pdmVyc2UuY29t
CgoKICAgRGF2aWQgUmVjb3Jkb24KICAgRmFjZWJvb2sKCiAgIEVtYWlsOiBkckBmYi5jb20KICAg
VVJJOiAgIGh0dHA6Ly93d3cuZGF2aWRyZWNvcmRvbi5jb20vCgoKICAgRGljayBIYXJkdAogICBN
aWNyb3NvZnQKCiAgIEVtYWlsOiBkaWNrLmhhcmR0QGdtYWlsLmNvbQogICBVUkk6ICAgaHR0cDov
L2RpY2toYXJkdC5vcmcvCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgpIYW1tZXIsIGV0IGFsLiAgICAg
ICAgICBFeHBpcmVzIERlY2VtYmVyIDEsIDIwMTIgICAgICAgICAgICAgICBbUGFnZSA2N10KDAo=

--_006_4E1F6AAD24975D4BA5B16804296739436651E440TK5EX14MBXC284r_
Content-Type: text/html; name="draft-ietf-oauth-v2-26+mbj-2.html"
Content-Description: draft-ietf-oauth-v2-26+mbj-2.html
Content-Disposition: attachment;
	filename="draft-ietf-oauth-v2-26+mbj-2.html"; size=235736;
	creation-date="Tue, 29 May 2012 23:02:15 GMT";
	modification-date="Tue, 29 May 2012 23:02:15 GMT"
Content-Transfer-Encoding: base64

PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMDEgVHJhbnNpdGlvbmFs
Ly9FTiIgImh0dHA6Ly93d3cudzMub3JnL1RSL2h0bWw0L2xvb3NlLmR0ZCI+CjxodG1sIGxhbmc9
ImVuIj48aGVhZD48dGl0bGU+VGhlIE9BdXRoIDIuMCBBdXRob3JpemF0aW9uIEZyYW1ld29yazwv
dGl0bGU+CjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0idGV4dC9odG1s
OyBjaGFyc2V0PXV0Zi04Ij4KPG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlRoZSBP
QXV0aCAyLjAgQXV0aG9yaXphdGlvbiBGcmFtZXdvcmsiPgo8bWV0YSBuYW1lPSJnZW5lcmF0b3Ii
IGNvbnRlbnQ9InhtbDJyZmMgdjEuMzYgKGh0dHA6Ly94bWwucmVzb3VyY2Uub3JnLykiPgo8c3R5
bGUgdHlwZT0ndGV4dC9jc3MnPjwhLS0KICAgICAgICBib2R5IHsKICAgICAgICAgICAgICAgIGZv
bnQtZmFtaWx5OiB2ZXJkYW5hLCBjaGFyY29hbCwgaGVsdmV0aWNhLCBhcmlhbCwgc2Fucy1zZXJp
ZjsKICAgICAgICAgICAgICAgIGZvbnQtc2l6ZTogc21hbGw7IGNvbG9yOiAjMDAwOyBiYWNrZ3Jv
dW5kLWNvbG9yOiAjRkZGOwogICAgICAgICAgICAgICAgbWFyZ2luOiAyZW07CiAgICAgICAgfQog
ICAgICAgIGgxLCBoMiwgaDMsIGg0LCBoNSwgaDYgewogICAgICAgICAgICAgICAgZm9udC1mYW1p
bHk6IGhlbHZldGljYSwgbW9uYWNvLCAiTVMgU2FucyBTZXJpZiIsIGFyaWFsLCBzYW5zLXNlcmlm
OwogICAgICAgICAgICAgICAgZm9udC13ZWlnaHQ6IGJvbGQ7IGZvbnQtc3R5bGU6IG5vcm1hbDsK
ICAgICAgICB9CiAgICAgICAgaDEgeyBjb2xvcjogIzkwMDsgYmFja2dyb3VuZC1jb2xvcjogdHJh
bnNwYXJlbnQ7IHRleHQtYWxpZ246IHJpZ2h0OyB9CiAgICAgICAgaDMgeyBjb2xvcjogIzMzMzsg
YmFja2dyb3VuZC1jb2xvcjogdHJhbnNwYXJlbnQ7IH0KCiAgICAgICAgdGQuUkZDYnVnIHsKICAg
ICAgICAgICAgICAgIGZvbnQtc2l6ZTogeC1zbWFsbDsgdGV4dC1kZWNvcmF0aW9uOiBub25lOwog
ICAgICAgICAgICAgICAgd2lkdGg6IDMwcHg7IGhlaWdodDogMzBweDsgcGFkZGluZy10b3A6IDJw
eDsKICAgICAgICAgICAgICAgIHRleHQtYWxpZ246IGp1c3RpZnk7IHZlcnRpY2FsLWFsaWduOiBt
aWRkbGU7CiAgICAgICAgICAgICAgICBiYWNrZ3JvdW5kLWNvbG9yOiAjMDAwOwogICAgICAgIH0K
ICAgICAgICB0ZC5SRkNidWcgc3Bhbi5SRkMgewogICAgICAgICAgICAgICAgZm9udC1mYW1pbHk6
IG1vbmFjbywgY2hhcmNvYWwsIGdlbmV2YSwgIk1TIFNhbnMgU2VyaWYiLCBoZWx2ZXRpY2EsIHZl
cmRhbmEsIHNhbnMtc2VyaWY7CiAgICAgICAgICAgICAgICBmb250LXdlaWdodDogYm9sZDsgY29s
b3I6ICM2NjY7CiAgICAgICAgfQogICAgICAgIHRkLlJGQ2J1ZyBzcGFuLmhvdFRleHQgewogICAg
ICAgICAgICAgICAgZm9udC1mYW1pbHk6IGNoYXJjb2FsLCBtb25hY28sIGdlbmV2YSwgIk1TIFNh
bnMgU2VyaWYiLCBoZWx2ZXRpY2EsIHZlcmRhbmEsIHNhbnMtc2VyaWY7CiAgICAgICAgICAgICAg
ICBmb250LXdlaWdodDogbm9ybWFsOyB0ZXh0LWFsaWduOiBjZW50ZXI7IGNvbG9yOiAjRkZGOwog
ICAgICAgIH0KCiAgICAgICAgdGFibGUuVE9DYnVnIHsgd2lkdGg6IDMwcHg7IGhlaWdodDogMTVw
eDsgfQogICAgICAgIHRkLlRPQ2J1ZyB7CiAgICAgICAgICAgICAgICB0ZXh0LWFsaWduOiBjZW50
ZXI7IHdpZHRoOiAzMHB4OyBoZWlnaHQ6IDE1cHg7CiAgICAgICAgICAgICAgICBjb2xvcjogI0ZG
RjsgYmFja2dyb3VuZC1jb2xvcjogIzkwMDsKICAgICAgICB9CiAgICAgICAgdGQuVE9DYnVnIGEg
ewogICAgICAgICAgICAgICAgZm9udC1mYW1pbHk6IG1vbmFjbywgY2hhcmNvYWwsIGdlbmV2YSwg
Ik1TIFNhbnMgU2VyaWYiLCBoZWx2ZXRpY2EsIHNhbnMtc2VyaWY7CiAgICAgICAgICAgICAgICBm
b250LXdlaWdodDogYm9sZDsgZm9udC1zaXplOiB4LXNtYWxsOyB0ZXh0LWRlY29yYXRpb246IG5v
bmU7CiAgICAgICAgICAgICAgICBjb2xvcjogI0ZGRjsgYmFja2dyb3VuZC1jb2xvcjogdHJhbnNw
YXJlbnQ7CiAgICAgICAgfQoKICAgICAgICB0ZC5oZWFkZXIgewogICAgICAgICAgICAgICAgZm9u
dC1mYW1pbHk6IGFyaWFsLCBoZWx2ZXRpY2EsIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogeC1zbWFs
bDsKICAgICAgICAgICAgICAgIHZlcnRpY2FsLWFsaWduOiB0b3A7IHdpZHRoOiAzMyU7CiAgICAg
ICAgICAgICAgICBjb2xvcjogI0ZGRjsgYmFja2dyb3VuZC1jb2xvcjogIzY2NjsKICAgICAgICB9
CiAgICAgICAgdGQuYXV0aG9yIHsgZm9udC13ZWlnaHQ6IGJvbGQ7IGZvbnQtc2l6ZTogeC1zbWFs
bDsgbWFyZ2luLWxlZnQ6IDRlbTsgfQogICAgICAgIHRkLmF1dGhvci10ZXh0IHsgZm9udC1zaXpl
OiB4LXNtYWxsOyB9CgogICAgICAgIC8qIGluZm8gY29kZSBmcm9tIFNhbnRhS2xhdXNzIGF0IGh0
dHA6Ly93d3cubWFkYWJvdXRzdHlsZS5jb20vdG9vbHRpcDIuaHRtbCAqLwogICAgICAgIGEuaW5m
byB7CiAgICAgICAgICAgICAgICAvKiBUaGlzIGlzIHRoZSBrZXkuICovCiAgICAgICAgICAgICAg
ICBwb3NpdGlvbjogcmVsYXRpdmU7CiAgICAgICAgICAgICAgICB6LWluZGV4OiAyNDsKICAgICAg
ICAgICAgICAgIHRleHQtZGVjb3JhdGlvbjogbm9uZTsKICAgICAgICB9CiAgICAgICAgYS5pbmZv
OmhvdmVyIHsKICAgICAgICAgICAgICAgIHotaW5kZXg6IDI1OwogICAgICAgICAgICAgICAgY29s
b3I6ICNGRkY7IGJhY2tncm91bmQtY29sb3I6ICM5MDA7CiAgICAgICAgfQogICAgICAgIGEuaW5m
byBzcGFuIHsgZGlzcGxheTogbm9uZTsgfQogICAgICAgIGEuaW5mbzpob3ZlciBzcGFuLmluZm8g
ewogICAgICAgICAgICAgICAgLyogVGhlIHNwYW4gd2lsbCBkaXNwbGF5IGp1c3Qgb24gOmhvdmVy
IHN0YXRlLiAqLwogICAgICAgICAgICAgICAgZGlzcGxheTogYmxvY2s7CiAgICAgICAgICAgICAg
ICBwb3NpdGlvbjogYWJzb2x1dGU7CiAgICAgICAgICAgICAgICBmb250LXNpemU6IHNtYWxsZXI7
CiAgICAgICAgICAgICAgICB0b3A6IDJlbTsgbGVmdDogLTVlbTsgd2lkdGg6IDE1ZW07CiAgICAg
ICAgICAgICAgICBwYWRkaW5nOiAycHg7IGJvcmRlcjogMXB4IHNvbGlkICMzMzM7CiAgICAgICAg
ICAgICAgICBjb2xvcjogIzkwMDsgYmFja2dyb3VuZC1jb2xvcjogI0VFRTsKICAgICAgICAgICAg
ICAgIHRleHQtYWxpZ246IGxlZnQ7CiAgICAgICAgfQoKICAgICAgICBhIHsgZm9udC13ZWlnaHQ6
IGJvbGQ7IH0KICAgICAgICBhOmxpbmsgICAgeyBjb2xvcjogIzkwMDsgYmFja2dyb3VuZC1jb2xv
cjogdHJhbnNwYXJlbnQ7IH0KICAgICAgICBhOnZpc2l0ZWQgeyBjb2xvcjogIzYzMzsgYmFja2dy
b3VuZC1jb2xvcjogdHJhbnNwYXJlbnQ7IH0KICAgICAgICBhOmFjdGl2ZSAgeyBjb2xvcjogIzYz
MzsgYmFja2dyb3VuZC1jb2xvcjogdHJhbnNwYXJlbnQ7IH0KCiAgICAgICAgcCB7IG1hcmdpbi1s
ZWZ0OiAyZW07IG1hcmdpbi1yaWdodDogMmVtOyB9CiAgICAgICAgcC5jb3B5cmlnaHQgeyBmb250
LXNpemU6IHgtc21hbGw7IH0KICAgICAgICBwLnRvYyB7IGZvbnQtc2l6ZTogc21hbGw7IGZvbnQt
d2VpZ2h0OiBib2xkOyBtYXJnaW4tbGVmdDogM2VtOyB9CiAgICAgICAgdGFibGUudG9jIHsgbWFy
Z2luOiAwIDAgMCAzZW07IHBhZGRpbmc6IDA7IGJvcmRlcjogMDsgdmVydGljYWwtYWxpZ246IHRl
eHQtdG9wOyB9CiAgICAgICAgdGQudG9jIHsgZm9udC1zaXplOiBzbWFsbDsgZm9udC13ZWlnaHQ6
IGJvbGQ7IHZlcnRpY2FsLWFsaWduOiB0ZXh0LXRvcDsgfQoKICAgICAgICBvbC50ZXh0IHsgbWFy
Z2luLWxlZnQ6IDJlbTsgbWFyZ2luLXJpZ2h0OiAyZW07IH0KICAgICAgICB1bC50ZXh0IHsgbWFy
Z2luLWxlZnQ6IDJlbTsgbWFyZ2luLXJpZ2h0OiAyZW07IH0KICAgICAgICBsaSAgICAgIHsgbWFy
Z2luLWxlZnQ6IDNlbTsgfQoKICAgICAgICAvKiBSRkMtMjYyOSA8c3Bhbng+cyBhbmQgPGFydHdv
cms+cy4gKi8KICAgICAgICBlbSAgICAgeyBmb250LXN0eWxlOiBpdGFsaWM7IH0KICAgICAgICBz
dHJvbmcgeyBmb250LXdlaWdodDogYm9sZDsgfQogICAgICAgIGRmbiAgICB7IGZvbnQtd2VpZ2h0
OiBib2xkOyBmb250LXN0eWxlOiBub3JtYWw7IH0KICAgICAgICBjaXRlICAgeyBmb250LXdlaWdo
dDogbm9ybWFsOyBmb250LXN0eWxlOiBub3JtYWw7IH0KICAgICAgICB0dCAgICAgeyBjb2xvcjog
IzAzNjsgfQogICAgICAgIHR0LCBwcmUsIHByZSBkZm4sIHByZSBlbSwgcHJlIGNpdGUsIHByZSBz
cGFuIHsKICAgICAgICAgICAgICAgIGZvbnQtZmFtaWx5OiAiQ291cmllciBOZXciLCBDb3VyaWVy
LCBtb25vc3BhY2U7IGZvbnQtc2l6ZTogc21hbGw7CiAgICAgICAgfQogICAgICAgIHByZSB7CiAg
ICAgICAgICAgICAgICB0ZXh0LWFsaWduOiBsZWZ0OyBwYWRkaW5nOiA0cHg7CiAgICAgICAgICAg
ICAgICBjb2xvcjogIzAwMDsgYmFja2dyb3VuZC1jb2xvcjogI0NDQzsKICAgICAgICB9CiAgICAg
ICAgcHJlIGRmbiAgeyBjb2xvcjogIzkwMDsgfQogICAgICAgIHByZSBlbSAgIHsgY29sb3I6ICM2
NkY7IGJhY2tncm91bmQtY29sb3I6ICNGRkM7IGZvbnQtd2VpZ2h0OiBub3JtYWw7IH0KICAgICAg
ICBwcmUgLmtleSB7IGNvbG9yOiAjMzNDOyBmb250LXdlaWdodDogYm9sZDsgfQogICAgICAgIHBy
ZSAuaWQgIHsgY29sb3I6ICM5MDA7IH0KICAgICAgICBwcmUgLnN0ciB7IGNvbG9yOiAjMDAwOyBi
YWNrZ3JvdW5kLWNvbG9yOiAjQ0ZGOyB9CiAgICAgICAgcHJlIC52YWwgeyBjb2xvcjogIzA2Njsg
fQogICAgICAgIHByZSAucmVwIHsgY29sb3I6ICM5MDk7IH0KICAgICAgICBwcmUgLm90aCB7IGNv
bG9yOiAjMDAwOyBiYWNrZ3JvdW5kLWNvbG9yOiAjRkNGOyB9CiAgICAgICAgcHJlIC5lcnIgeyBi
YWNrZ3JvdW5kLWNvbG9yOiAjRkNDOyB9CgogICAgICAgIC8qIFJGQy0yNjI5IDx0ZXh0dGFibGU+
cy4gKi8KICAgICAgICB0YWJsZS5hbGwsIHRhYmxlLmZ1bGwsIHRhYmxlLmhlYWRlcnMsIHRhYmxl
Lm5vbmUgewogICAgICAgICAgICAgICAgZm9udC1zaXplOiBzbWFsbDsgdGV4dC1hbGlnbjogY2Vu
dGVyOyBib3JkZXItd2lkdGg6IDJweDsKICAgICAgICAgICAgICAgIHZlcnRpY2FsLWFsaWduOiB0
b3A7IGJvcmRlci1jb2xsYXBzZTogY29sbGFwc2U7CiAgICAgICAgfQogICAgICAgIHRhYmxlLmFs
bCwgdGFibGUuZnVsbCB7IGJvcmRlci1zdHlsZTogc29saWQ7IGJvcmRlci1jb2xvcjogYmxhY2s7
IH0KICAgICAgICB0YWJsZS5oZWFkZXJzLCB0YWJsZS5ub25lIHsgYm9yZGVyLXN0eWxlOiBub25l
OyB9CiAgICAgICAgdGggewogICAgICAgICAgICAgICAgZm9udC13ZWlnaHQ6IGJvbGQ7IGJvcmRl
ci1jb2xvcjogYmxhY2s7CiAgICAgICAgICAgICAgICBib3JkZXItd2lkdGg6IDJweCAycHggM3B4
IDJweDsKICAgICAgICB9CiAgICAgICAgdGFibGUuYWxsIHRoLCB0YWJsZS5mdWxsIHRoIHsgYm9y
ZGVyLXN0eWxlOiBzb2xpZDsgfQogICAgICAgIHRhYmxlLmhlYWRlcnMgdGggeyBib3JkZXItc3R5
bGU6IG5vbmUgbm9uZSBzb2xpZCBub25lOyB9CiAgICAgICAgdGFibGUubm9uZSB0aCB7IGJvcmRl
ci1zdHlsZTogbm9uZTsgfQogICAgICAgIHRhYmxlLmFsbCB0ZCB7CiAgICAgICAgICAgICAgICBi
b3JkZXItc3R5bGU6IHNvbGlkOyBib3JkZXItY29sb3I6ICMzMzM7CiAgICAgICAgICAgICAgICBi
b3JkZXItd2lkdGg6IDFweCAycHg7CiAgICAgICAgfQogICAgICAgIHRhYmxlLmZ1bGwgdGQsIHRh
YmxlLmhlYWRlcnMgdGQsIHRhYmxlLm5vbmUgdGQgeyBib3JkZXItc3R5bGU6IG5vbmU7IH0KCiAg
ICAgICAgaHIgeyBoZWlnaHQ6IDFweDsgfQogICAgICAgIGhyLmluc2VydCB7CiAgICAgICAgICAg
ICAgICB3aWR0aDogODAlOyBib3JkZXItc3R5bGU6IG5vbmU7IGJvcmRlci13aWR0aDogMDsKICAg
ICAgICAgICAgICAgIGNvbG9yOiAjQ0NDOyBiYWNrZ3JvdW5kLWNvbG9yOiAjQ0NDOwogICAgICAg
IH0KLS0+PC9zdHlsZT4KPC9oZWFkPgo8Ym9keT4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2Vs
bHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQi
Pjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9h
PjwvdGQ+PC90cj48L3RhYmxlPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiB3aWR0aD0iNjYlIiBi
b3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCI+PHRyPjx0ZD48dGFibGUg
c3VtbWFyeT0ibGF5b3V0IiB3aWR0aD0iMTAwJSIgYm9yZGVyPSIwIiBjZWxscGFkZGluZz0iMiIg
Y2VsbHNwYWNpbmc9IjEiPgo8dHI+PHRkIGNsYXNzPSJoZWFkZXIiPk9BdXRoIFdvcmtpbmcgR3Jv
dXA8L3RkPjx0ZCBjbGFzcz0iaGVhZGVyIj5FLiBIYW1tZXIsIEVkLjwvdGQ+PC90cj4KPHRyPjx0
ZCBjbGFzcz0iaGVhZGVyIj5JbnRlcm5ldC1EcmFmdDwvdGQ+PHRkIGNsYXNzPSJoZWFkZXIiPiZu
YnNwOzwvdGQ+PC90cj4KPHRyPjx0ZCBjbGFzcz0iaGVhZGVyIj5PYnNvbGV0ZXM6IDxhIGhyZWY9
J2h0dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL3JmYzU4NDknPjU4NDk8L2E+IChpZiZuYnNwO2Fw
cHJvdmVkKTwvdGQ+PHRkIGNsYXNzPSJoZWFkZXIiPkQuIFJlY29yZG9uPC90ZD48L3RyPgo8dHI+
PHRkIGNsYXNzPSJoZWFkZXIiPkludGVuZGVkIHN0YXR1czogU3RhbmRhcmRzIFRyYWNrPC90ZD48
dGQgY2xhc3M9ImhlYWRlciI+RmFjZWJvb2s8L3RkPjwvdHI+Cjx0cj48dGQgY2xhc3M9ImhlYWRl
ciI+RXhwaXJlczogRGVjZW1iZXIgMSwgMjAxMjwvdGQ+PHRkIGNsYXNzPSJoZWFkZXIiPkQuIEhh
cmR0PC90ZD48L3RyPgo8dHI+PHRkIGNsYXNzPSJoZWFkZXIiPiZuYnNwOzwvdGQ+PHRkIGNsYXNz
PSJoZWFkZXIiPk1pY3Jvc29mdDwvdGQ+PC90cj4KPHRyPjx0ZCBjbGFzcz0iaGVhZGVyIj4mbmJz
cDs8L3RkPjx0ZCBjbGFzcz0iaGVhZGVyIj5NYXkgMzAsIDIwMTI8L3RkPjwvdHI+CjwvdGFibGU+
PC90ZD48L3RyPjwvdGFibGU+CjxoMT48YnIgLz5UaGUgT0F1dGggMi4wIEF1dGhvcml6YXRpb24g
RnJhbWV3b3JrPGJyIC8+ZHJhZnQtaWV0Zi1vYXV0aC12Mi0yNzwvaDE+Cgo8aDM+QWJzdHJhY3Q8
L2gzPgoKPHA+CiAgICAgICAgVGhlIE9BdXRoIDIuMCBhdXRob3JpemF0aW9uIGZyYW1ld29yayBl
bmFibGVzIGEgdGhpcmQtcGFydHkgYXBwbGljYXRpb24gdG8gb2J0YWluIGxpbWl0ZWQKICAgICAg
ICBhY2Nlc3MgdG8gYW4gSFRUUCBzZXJ2aWNlLCBlaXRoZXIgb24gYmVoYWxmIG9mIGEgcmVzb3Vy
Y2Ugb3duZXIgYnkgb3JjaGVzdHJhdGluZyBhbiBhcHByb3ZhbAogICAgICAgIGludGVyYWN0aW9u
IGJldHdlZW4gdGhlIHJlc291cmNlIG93bmVyIGFuZCB0aGUgSFRUUCBzZXJ2aWNlLCBvciBieSBh
bGxvd2luZyB0aGUgdGhpcmQtcGFydHkKICAgICAgICBhcHBsaWNhdGlvbiB0byBvYnRhaW4gYWNj
ZXNzIG9uIGl0cyBvd24gYmVoYWxmLiBUaGlzIHNwZWNpZmljYXRpb24gcmVwbGFjZXMgYW5kIG9i
c29sZXRlcwogICAgICAgIHRoZSBPQXV0aCAxLjAgcHJvdG9jb2wgZGVzY3JpYmVkIGluIFJGQyA1
ODQ5LgogICAgICAKPC9wPgo8aDM+U3RhdHVzIG9mIHRoaXMgTWVtbzwvaDM+CjxwPgpUaGlzIElu
dGVybmV0LURyYWZ0IGlzIHN1Ym1pdHRlZCAgaW4gZnVsbApjb25mb3JtYW5jZSB3aXRoIHRoZSBw
cm92aXNpb25zIG9mIEJDUCZuYnNwOzc4IGFuZCBCQ1AmbmJzcDs3OS48L3A+CjxwPgpJbnRlcm5l
dC1EcmFmdHMgYXJlIHdvcmtpbmcgZG9jdW1lbnRzIG9mIHRoZSBJbnRlcm5ldCBFbmdpbmVlcmlu
ZwpUYXNrIEZvcmNlIChJRVRGKS4gIE5vdGUgdGhhdCBvdGhlciBncm91cHMgbWF5IGFsc28gZGlz
dHJpYnV0ZQp3b3JraW5nIGRvY3VtZW50cyBhcyBJbnRlcm5ldC1EcmFmdHMuICBUaGUgbGlzdCBv
ZiBjdXJyZW50CkludGVybmV0LURyYWZ0cyBpcyBhdCBodHRwOi8vZGF0YXRyYWNrZXIuaWV0Zi5v
cmcvZHJhZnRzL2N1cnJlbnQvLjwvcD4KPHA+CkludGVybmV0LURyYWZ0cyBhcmUgZHJhZnQgZG9j
dW1lbnRzIHZhbGlkIGZvciBhIG1heGltdW0gb2Ygc2l4IG1vbnRocwphbmQgbWF5IGJlIHVwZGF0
ZWQsIHJlcGxhY2VkLCBvciBvYnNvbGV0ZWQgYnkgb3RoZXIgZG9jdW1lbnRzIGF0IGFueSB0aW1l
LgpJdCBpcyBpbmFwcHJvcHJpYXRlIHRvIHVzZSBJbnRlcm5ldC1EcmFmdHMgYXMgcmVmZXJlbmNl
IG1hdGVyaWFsIG9yIHRvIGNpdGUKdGhlbSBvdGhlciB0aGFuIGFzICZsZHF1bzt3b3JrIGluIHBy
b2dyZXNzLiZyZHF1bzs8L3A+CjxwPgpUaGlzIEludGVybmV0LURyYWZ0IHdpbGwgZXhwaXJlIG9u
IERlY2VtYmVyIDEsIDIwMTIuPC9wPgoKPGgzPkNvcHlyaWdodCBOb3RpY2U8L2gzPgo8cD4KQ29w
eXJpZ2h0IChjKSAyMDEyIElFVEYgVHJ1c3QgYW5kIHRoZSBwZXJzb25zIGlkZW50aWZpZWQgYXMg
dGhlCmRvY3VtZW50IGF1dGhvcnMuICBBbGwgcmlnaHRzIHJlc2VydmVkLjwvcD4KPHA+ClRoaXMg
ZG9jdW1lbnQgaXMgc3ViamVjdCB0byBCQ1AgNzggYW5kIHRoZSBJRVRGIFRydXN0J3MgTGVnYWwK
UHJvdmlzaW9ucyBSZWxhdGluZyB0byBJRVRGIERvY3VtZW50cwooaHR0cDovL3RydXN0ZWUuaWV0
Zi5vcmcvbGljZW5zZS1pbmZvKSBpbiBlZmZlY3Qgb24gdGhlIGRhdGUgb2YKcHVibGljYXRpb24g
b2YgdGhpcyBkb2N1bWVudC4gIFBsZWFzZSByZXZpZXcgdGhlc2UgZG9jdW1lbnRzCmNhcmVmdWxs
eSwgYXMgdGhleSBkZXNjcmliZSB5b3VyIHJpZ2h0cyBhbmQgcmVzdHJpY3Rpb25zIHdpdGggcmVz
cGVjdAp0byB0aGlzIGRvY3VtZW50LiBDb2RlIENvbXBvbmVudHMgZXh0cmFjdGVkIGZyb20gdGhp
cyBkb2N1bWVudCBtdXN0CmluY2x1ZGUgU2ltcGxpZmllZCBCU0QgTGljZW5zZSB0ZXh0IGFzIGRl
c2NyaWJlZCBpbiBTZWN0aW9uIDQuZSBvZgp0aGUgVHJ1c3QgTGVnYWwgUHJvdmlzaW9ucyBhbmQg
YXJlIHByb3ZpZGVkIHdpdGhvdXQgd2FycmFudHkgYXMKZGVzY3JpYmVkIGluIHRoZSBTaW1wbGlm
aWVkIEJTRCBMaWNlbnNlLjwvcD4KPGEgbmFtZT0idG9jIj48L2E+PGJyIC8+PGhyIC8+CjxoMz5U
YWJsZSBvZiBDb250ZW50czwvaDM+CjxwIGNsYXNzPSJ0b2MiPgo8YSBocmVmPSIjYW5jaG9yMSI+
MS48L2E+Jm5ic3A7CkludHJvZHVjdGlvbjxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8
YSBocmVmPSIjYW5jaG9yMiI+MS4xLjwvYT4mbmJzcDsKUm9sZXM8YnIgLz4KJm5ic3A7Jm5ic3A7
Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2FuY2hvcjMiPjEuMi48L2E+Jm5ic3A7ClByb3RvY29sIEZs
b3c8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2FuY2hvcjQiPjEuMy48
L2E+Jm5ic3A7CkF1dGhvcml6YXRpb24gR3JhbnQ8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2FuY2hvcjUiPjEuMy4xLjwvYT4m
bmJzcDsKQXV0aG9yaXphdGlvbiBDb2RlPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu
YnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNhbmNob3I2Ij4xLjMuMi48L2E+Jm5ic3A7
CkltcGxpY2l0PGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOzxhIGhyZWY9IiNhbmNob3I3Ij4xLjMuMy48L2E+Jm5ic3A7ClJlc291cmNlIE93bmVy
IFBhc3N3b3JkIENyZWRlbnRpYWxzPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNhbmNob3I4Ij4xLjMuNC48L2E+Jm5ic3A7CkNs
aWVudCBDcmVkZW50aWFsczxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIj
YW5jaG9yOSI+MS40LjwvYT4mbmJzcDsKQWNjZXNzIFRva2VuPGJyIC8+CiZuYnNwOyZuYnNwOyZu
YnNwOyZuYnNwOzxhIGhyZWY9IiNhbmNob3IxMCI+MS41LjwvYT4mbmJzcDsKUmVmcmVzaCBUb2tl
bjxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjdGxzIj4xLjYuPC9hPiZu
YnNwOwpUTFMgVmVyc2lvbjxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIj
YW5jaG9yMTEiPjEuNy48L2E+Jm5ic3A7CkhUVFAgUmVkaXJlY3Rpb25zPGJyIC8+CiZuYnNwOyZu
YnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNhbmNob3IxMiI+MS44LjwvYT4mbmJzcDsKSW50ZXJv
cGVyYWJpbGl0eTxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjYW5jaG9y
MTMiPjEuOS48L2E+Jm5ic3A7Ck5vdGF0aW9uYWwgQ29udmVudGlvbnM8YnIgLz4KPGEgaHJlZj0i
I2FuY2hvcjE0Ij4yLjwvYT4mbmJzcDsKQ2xpZW50IFJlZ2lzdHJhdGlvbjxiciAvPgombmJzcDsm
bmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjY2xpZW50LXR5cGVzIj4yLjEuPC9hPiZuYnNwOwpD
bGllbnQgVHlwZXM8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2NsaWVu
dC1pZGVudGlmaWVyIj4yLjIuPC9hPiZuYnNwOwpDbGllbnQgSWRlbnRpZmllcjxiciAvPgombmJz
cDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjY2xpZW50LWF1dGhlbnRpY2F0aW9uIj4yLjMu
PC9hPiZuYnNwOwpDbGllbnQgQXV0aGVudGljYXRpb248YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7
Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2FuY2hvcjE1Ij4yLjMuMS48
L2E+Jm5ic3A7CkNsaWVudCBQYXNzd29yZDxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm
bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjYW5jaG9yMTYiPjIuMy4yLjwvYT4mbmJz
cDsKT3RoZXIgQXV0aGVudGljYXRpb24gTWV0aG9kczxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsm
bmJzcDs8YSBocmVmPSIjYW5jaG9yMTciPjIuNC48L2E+Jm5ic3A7ClVucmVnaXN0ZXJlZCBDbGll
bnRzPGJyIC8+CjxhIGhyZWY9IiNhbmNob3IxOCI+My48L2E+Jm5ic3A7ClByb3RvY29sIEVuZHBv
aW50czxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjYW5jaG9yMTkiPjMu
MS48L2E+Jm5ic3A7CkF1dGhvcml6YXRpb24gRW5kcG9pbnQ8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2FuY2hvcjIwIj4zLjEu
MS48L2E+Jm5ic3A7ClJlc3BvbnNlIFR5cGU8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7
Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI3JlZGlyZWN0LXVyaSI+My4xLjIuPC9h
PiZuYnNwOwpSZWRpcmVjdGlvbiBFbmRwb2ludDxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJz
cDs8YSBocmVmPSIjYW5jaG9yMjYiPjMuMi48L2E+Jm5ic3A7ClRva2VuIEVuZHBvaW50PGJyIC8+
CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9
IiN0b2tlbi1lbmRwb2ludC1hdXRoIj4zLjIuMS48L2E+Jm5ic3A7CkNsaWVudCBBdXRoZW50aWNh
dGlvbjxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjc2NvcGUiPjMuMy48
L2E+Jm5ic3A7CkFjY2VzcyBUb2tlbiBTY29wZTxiciAvPgo8YSBocmVmPSIjYW5jaG9yMjciPjQu
PC9hPiZuYnNwOwpPYnRhaW5pbmcgQXV0aG9yaXphdGlvbjxiciAvPgombmJzcDsmbmJzcDsmbmJz
cDsmbmJzcDs8YSBocmVmPSIjZ3JhbnQtY29kZSI+NC4xLjwvYT4mbmJzcDsKQXV0aG9yaXphdGlv
biBDb2RlIEdyYW50PGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu
YnNwOyZuYnNwOzxhIGhyZWY9IiNjb2RlLWF1dGh6LXJlcSI+NC4xLjEuPC9hPiZuYnNwOwpBdXRo
b3JpemF0aW9uIFJlcXVlc3Q8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2FuY2hvcjI4Ij40LjEuMi48L2E+Jm5ic3A7CkF1dGhv
cml6YXRpb24gUmVzcG9uc2U8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2FuY2hvcjI5Ij40LjEuMy48L2E+Jm5ic3A7CkFjY2Vz
cyBUb2tlbiBSZXF1ZXN0PGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNhbmNob3IzMCI+NC4xLjQuPC9hPiZuYnNwOwpBY2Nlc3Mg
VG9rZW4gUmVzcG9uc2U8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2dy
YW50LWltcGxpY2l0Ij40LjIuPC9hPiZuYnNwOwpJbXBsaWNpdCBHcmFudDxiciAvPgombmJzcDsm
bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjaW1wbGlj
aXQtYXV0aHotcmVxIj40LjIuMS48L2E+Jm5ic3A7CkF1dGhvcml6YXRpb24gUmVxdWVzdDxiciAv
PgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVm
PSIjYW5jaG9yMzEiPjQuMi4yLjwvYT4mbmJzcDsKQWNjZXNzIFRva2VuIFJlc3BvbnNlPGJyIC8+
CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNncmFudC1wYXNzd29yZCI+NC4zLjwv
YT4mbmJzcDsKUmVzb3VyY2UgT3duZXIgUGFzc3dvcmQgQ3JlZGVudGlhbHMgR3JhbnQ8YnIgLz4K
Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0i
I2FuY2hvcjMyIj40LjMuMS48L2E+Jm5ic3A7CkF1dGhvcml6YXRpb24gUmVxdWVzdCBhbmQgUmVz
cG9uc2U8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i
c3A7PGEgaHJlZj0iI2FuY2hvcjMzIj40LjMuMi48L2E+Jm5ic3A7CkFjY2VzcyBUb2tlbiBSZXF1
ZXN0PGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OzxhIGhyZWY9IiNhbmNob3IzNCI+NC4zLjMuPC9hPiZuYnNwOwpBY2Nlc3MgVG9rZW4gUmVzcG9u
c2U8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2dyYW50LWNsaWVudCI+
NC40LjwvYT4mbmJzcDsKQ2xpZW50IENyZWRlbnRpYWxzIEdyYW50PGJyIC8+CiZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNhbmNob3IzNSI+
NC40LjEuPC9hPiZuYnNwOwpBdXRob3JpemF0aW9uIFJlcXVlc3QgYW5kIFJlc3BvbnNlPGJyIC8+
CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9
IiNhbmNob3IzNiI+NC40LjIuPC9hPiZuYnNwOwpBY2Nlc3MgVG9rZW4gUmVxdWVzdDxiciAvPgom
bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIj
YW5jaG9yMzciPjQuNC4zLjwvYT4mbmJzcDsKQWNjZXNzIFRva2VuIFJlc3BvbnNlPGJyIC8+CiZu
YnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNhbmNob3IzOCI+NC41LjwvYT4mbmJzcDsK
RXh0ZW5zaW9uIEdyYW50czxiciAvPgo8YSBocmVmPSIjdG9rZW4taXNzdWUiPjUuPC9hPiZuYnNw
OwpJc3N1aW5nIGFuIEFjY2VzcyBUb2tlbjxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8
YSBocmVmPSIjdG9rZW4tcmVzcG9uc2UiPjUuMS48L2E+Jm5ic3A7ClN1Y2Nlc3NmdWwgUmVzcG9u
c2U8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI3Rva2VuLWVycm9ycyI+
NS4yLjwvYT4mbmJzcDsKRXJyb3IgUmVzcG9uc2U8YnIgLz4KPGEgaHJlZj0iI3Rva2VuLXJlZnJl
c2giPjYuPC9hPiZuYnNwOwpSZWZyZXNoaW5nIGFuIEFjY2VzcyBUb2tlbjxiciAvPgo8YSBocmVm
PSIjYWNjZXNzLXJlc291cmNlIj43LjwvYT4mbmJzcDsKQWNjZXNzaW5nIFByb3RlY3RlZCBSZXNv
dXJjZXM8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI3Rva2VuLXR5cGVz
Ij43LjEuPC9hPiZuYnNwOwpBY2Nlc3MgVG9rZW4gVHlwZXM8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7PGEgaHJlZj0iI3Jlc291cmNlLWVycm9ycyI+Ny4yLjwvYT4mbmJzcDsKRXJyb3Ig
UmVzcG9uc2U8YnIgLz4KPGEgaHJlZj0iI2V4dGVuc2lvbnMiPjguPC9hPiZuYnNwOwpFeHRlbnNp
YmlsaXR5PGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNuZXctdHlwZXMi
PjguMS48L2E+Jm5ic3A7CkRlZmluaW5nIEFjY2VzcyBUb2tlbiBUeXBlczxiciAvPgombmJzcDsm
bmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjYW5jaG9yMzkiPjguMi48L2E+Jm5ic3A7CkRlZmlu
aW5nIE5ldyBFbmRwb2ludCBQYXJhbWV0ZXJzPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OzxhIGhyZWY9IiNhbmNob3I0MCI+OC4zLjwvYT4mbmJzcDsKRGVmaW5pbmcgTmV3IEF1dGhvcml6
YXRpb24gR3JhbnQgVHlwZXM8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0i
I3Jlc3BvbnNlLXR5cGUtZXh0Ij44LjQuPC9hPiZuYnNwOwpEZWZpbmluZyBOZXcgQXV0aG9yaXph
dGlvbiBFbmRwb2ludCBSZXNwb25zZSBUeXBlczxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJz
cDs8YSBocmVmPSIjbmV3LWVycm9ycyI+OC41LjwvYT4mbmJzcDsKRGVmaW5pbmcgQWRkaXRpb25h
bCBFcnJvciBDb2RlczxiciAvPgo8YSBocmVmPSIjYW5jaG9yNDEiPjkuPC9hPiZuYnNwOwpOYXRp
dmUgQXBwbGljYXRpb25zPGJyIC8+CjxhIGhyZWY9IiNhbmNob3I0MiI+MTAuPC9hPiZuYnNwOwpT
ZWN1cml0eSBDb25zaWRlcmF0aW9uczxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBo
cmVmPSIjYW5jaG9yNDMiPjEwLjEuPC9hPiZuYnNwOwpDbGllbnQgQXV0aGVudGljYXRpb248YnIg
Lz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2FuY2hvcjQ0Ij4xMC4yLjwvYT4m
bmJzcDsKQ2xpZW50IEltcGVyc29uYXRpb248YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7
PGEgaHJlZj0iI2FuY2hvcjQ1Ij4xMC4zLjwvYT4mbmJzcDsKQWNjZXNzIFRva2VuczxiciAvPgom
bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjYW5jaG9yNDYiPjEwLjQuPC9hPiZuYnNw
OwpSZWZyZXNoIFRva2VuczxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIj
YW5jaG9yNDciPjEwLjUuPC9hPiZuYnNwOwpBdXRob3JpemF0aW9uIENvZGVzPGJyIC8+CiZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNhbmNob3I0OCI+MTAuNi48L2E+Jm5ic3A7CkF1
dGhvcml6YXRpb24gQ29kZSBSZWRpcmVjdGlvbiBVUkkgTWFuaXB1bGF0aW9uPGJyIC8+CiZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNhbmNob3I0OSI+MTAuNy48L2E+Jm5ic3A7ClJl
c291cmNlIE93bmVyIFBhc3N3b3JkIENyZWRlbnRpYWxzPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOzxhIGhyZWY9IiNhbmNob3I1MCI+MTAuOC48L2E+Jm5ic3A7ClJlcXVlc3QgQ29uZmlk
ZW50aWFsaXR5PGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNhbmNob3I1
MSI+MTAuOS48L2E+Jm5ic3A7CkVuZHBvaW50cyBBdXRoZW50aWNpdHk8YnIgLz4KJm5ic3A7Jm5i
c3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2FudGhyb3B5Ij4xMC4xMC48L2E+Jm5ic3A7CkNyZWRl
bnRpYWxzIEd1ZXNzaW5nIEF0dGFja3M8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEg
aHJlZj0iI2FuY2hvcjUyIj4xMC4xMS48L2E+Jm5ic3A7ClBoaXNoaW5nIEF0dGFja3M8YnIgLz4K
Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI0NTUkYiPjEwLjEyLjwvYT4mbmJzcDsK
Q3Jvc3MtU2l0ZSBSZXF1ZXN0IEZvcmdlcnk8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7
PGEgaHJlZj0iI2FuY2hvcjUzIj4xMC4xMy48L2E+Jm5ic3A7CkNsaWNramFja2luZzxiciAvPgom
bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjYW5jaG9yNTQiPjEwLjE0LjwvYT4mbmJz
cDsKQ29kZSBJbmplY3Rpb24gYW5kIElucHV0IFZhbGlkYXRpb248YnIgLz4KJm5ic3A7Jm5ic3A7
Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI29wZW4tcmVkaXJlY3QiPjEwLjE1LjwvYT4mbmJzcDsKT3Bl
biBSZWRpcmVjdG9yczxiciAvPgo8YSBocmVmPSIjYW5jaG9yNTUiPjExLjwvYT4mbmJzcDsKSUFO
QSBDb25zaWRlcmF0aW9uczxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIj
dHlwZS1yZWdpc3RyeSI+MTEuMS48L2E+Jm5ic3A7ClRoZSBPQXV0aCBBY2Nlc3MgVG9rZW4gVHlw
ZSBSZWdpc3RyeTxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz
cDsmbmJzcDs8YSBocmVmPSIjYW5jaG9yNTYiPjExLjEuMS48L2E+Jm5ic3A7ClJlZ2lzdHJhdGlv
biBUZW1wbGF0ZTxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjcGFyYW1l
dGVycy1yZWdpc3RyeSI+MTEuMi48L2E+Jm5ic3A7ClRoZSBPQXV0aCBQYXJhbWV0ZXJzIFJlZ2lz
dHJ5PGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OzxhIGhyZWY9IiNhbmNob3I1NyI+MTEuMi4xLjwvYT4mbmJzcDsKUmVnaXN0cmF0aW9uIFRlbXBs
YXRlPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OzxhIGhyZWY9IiNhbmNob3I1OCI+MTEuMi4yLjwvYT4mbmJzcDsKSW5pdGlhbCBSZWdpc3RyeSBD
b250ZW50czxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSIjcmVzcG9uc2Ut
dHlwZS1yZWdpc3RyeSI+MTEuMy48L2E+Jm5ic3A7ClRoZSBPQXV0aCBBdXRob3JpemF0aW9uIEVu
ZHBvaW50IFJlc3BvbnNlIFR5cGUgUmVnaXN0cnk8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2FuY2hvcjU5Ij4xMS4zLjEuPC9h
PiZuYnNwOwpSZWdpc3RyYXRpb24gVGVtcGxhdGU8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI2FuY2hvcjYwIj4xMS4zLjIuPC9h
PiZuYnNwOwpJbml0aWFsIFJlZ2lzdHJ5IENvbnRlbnRzPGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOzxhIGhyZWY9IiNlcnJvci1yZWdpc3RyeSI+MTEuNC48L2E+Jm5ic3A7ClRoZSBPQXV0
aCBFeHRlbnNpb25zIEVycm9yIFJlZ2lzdHJ5PGJyIC8+CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxhIGhyZWY9IiNhbmNob3I2MSI+MTEuNC4xLjwvYT4m
bmJzcDsKUmVnaXN0cmF0aW9uIFRlbXBsYXRlPGJyIC8+CjxhIGhyZWY9IiNyZmMucmVmZXJlbmNl
czEiPjEyLjwvYT4mbmJzcDsKUmVmZXJlbmNlczxiciAvPgombmJzcDsmbmJzcDsmbmJzcDsmbmJz
cDs8YSBocmVmPSIjcmZjLnJlZmVyZW5jZXMxIj4xMi4xLjwvYT4mbmJzcDsKTm9ybWF0aXZlIFJl
ZmVyZW5jZXM8YnIgLz4KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iI3JmYy5yZWZl
cmVuY2VzMiI+MTIuMi48L2E+Jm5ic3A7CkluZm9ybWF0aXZlIFJlZmVyZW5jZXM8YnIgLz4KPGEg
aHJlZj0iI2FuY2hvcjY0Ij5BcHBlbmRpeCZuYnNwO0EuPC9hPiZuYnNwOwpBY2tub3dsZWRnZW1l
bnRzPGJyIC8+CjxhIGhyZWY9IiNhbmNob3I2NSI+QXBwZW5kaXgmbmJzcDtCLjwvYT4mbmJzcDsK
RWRpdG9yJ3MgTm90ZXM8YnIgLz4KPGEgaHJlZj0iI3JmYy5hdXRob3JzIj4mIzE2Nzs8L2E+Jm5i
c3A7CkF1dGhvcnMnIEFkZHJlc3NlczxiciAvPgo8L3A+CjxiciBjbGVhcj0iYWxsIiAvPgoKPGEg
bmFtZT0iYW5jaG9yMSI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBj
ZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdo
dCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8
L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjEiPjwvYT48aDM+MS4m
bmJzcDsKSW50cm9kdWN0aW9uPC9oMz4KCjxwPgogICAgICAgIEluIHRoZSB0cmFkaXRpb25hbCBj
bGllbnQtc2VydmVyIGF1dGhlbnRpY2F0aW9uIG1vZGVsLCB0aGUgY2xpZW50IHJlcXVlc3RzIGFu
IGFjY2VzcwogICAgICAgIHJlc3RyaWN0ZWQgcmVzb3VyY2UgKHByb3RlY3RlZCByZXNvdXJjZSkg
b24gdGhlIHNlcnZlciBieSBhdXRoZW50aWNhdGluZyB3aXRoIHRoZSBzZXJ2ZXIKICAgICAgICB1
c2luZyB0aGUgcmVzb3VyY2Ugb3duZXIncyBjcmVkZW50aWFscy4gSW4gb3JkZXIgdG8gcHJvdmlk
ZSB0aGlyZC1wYXJ0eSBhcHBsaWNhdGlvbnMgYWNjZXNzCiAgICAgICAgdG8gcmVzdHJpY3RlZCBy
ZXNvdXJjZXMsIHRoZSByZXNvdXJjZSBvd25lciBzaGFyZXMgaXRzIGNyZWRlbnRpYWxzIHdpdGgg
dGhlIHRoaXJkLXBhcnR5LgogICAgICAgIFRoaXMgY3JlYXRlcyBzZXZlcmFsIHByb2JsZW1zIGFu
ZCBsaW1pdGF0aW9uczoKICAgICAgCjwvcD4KPHA+CiAgICAgICAgPC9wPgo8dWwgY2xhc3M9InRl
eHQiPgo8bGk+CiAgICAgICAgICAgIFRoaXJkLXBhcnR5IGFwcGxpY2F0aW9ucyBhcmUgcmVxdWly
ZWQgdG8gc3RvcmUgdGhlIHJlc291cmNlIG93bmVyJ3MgY3JlZGVudGlhbHMKICAgICAgICAgICAg
Zm9yIGZ1dHVyZSB1c2UsIHR5cGljYWxseSBhIHBhc3N3b3JkIGluIGNsZWFyLXRleHQuCiAgICAg
ICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICBTZXJ2ZXJzIGFyZSByZXF1aXJlZCB0byBzdXBw
b3J0IHBhc3N3b3JkIGF1dGhlbnRpY2F0aW9uLCBkZXNwaXRlIHRoZSBzZWN1cml0eQogICAgICAg
ICAgICB3ZWFrbmVzc2VzIGluaGVyZW50IGluIHBhc3N3b3Jkcy4KICAgICAgICAgIAo8L2xpPgo8
bGk+CiAgICAgICAgICAgIFRoaXJkLXBhcnR5IGFwcGxpY2F0aW9ucyBnYWluIG92ZXJseSBicm9h
ZCBhY2Nlc3MgdG8gdGhlIHJlc291cmNlIG93bmVyJ3MgcHJvdGVjdGVkCiAgICAgICAgICAgIHJl
c291cmNlcywgbGVhdmluZyByZXNvdXJjZSBvd25lcnMgd2l0aG91dCBhbnkgYWJpbGl0eSB0byBy
ZXN0cmljdCBkdXJhdGlvbiBvciBhY2Nlc3MKICAgICAgICAgICAgdG8gYSBsaW1pdGVkIHN1YnNl
dCBvZiByZXNvdXJjZXMuCiAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICBSZXNvdXJj
ZSBvd25lcnMgY2Fubm90IHJldm9rZSBhY2Nlc3MgdG8gYW4gaW5kaXZpZHVhbCB0aGlyZC1wYXJ0
eSB3aXRob3V0IHJldm9raW5nCiAgICAgICAgICAgIGFjY2VzcyB0byBhbGwgdGhpcmQtcGFydGll
cywgYW5kIG11c3QgZG8gc28gYnkgY2hhbmdpbmcgdGhlaXIgcGFzc3dvcmQuCiAgICAgICAgICAK
PC9saT4KPGxpPgogICAgICAgICAgICBDb21wcm9taXNlIG9mIGFueSB0aGlyZC1wYXJ0eSBhcHBs
aWNhdGlvbiByZXN1bHRzIGluIGNvbXByb21pc2Ugb2YgdGhlIGVuZC11c2VyJ3MKICAgICAgICAg
ICAgcGFzc3dvcmQgYW5kIGFsbCBvZiB0aGUgZGF0YSBwcm90ZWN0ZWQgYnkgdGhhdCBwYXNzd29y
ZC4KICAgICAgICAgIAo8L2xpPgo8L3VsPjxwPgogICAgICAKPC9wPgo8cD4KICAgICAgICBPQXV0
aCBhZGRyZXNzZXMgdGhlc2UgaXNzdWVzIGJ5IGludHJvZHVjaW5nIGFuIGF1dGhvcml6YXRpb24g
bGF5ZXIgYW5kIHNlcGFyYXRpbmcgdGhlIHJvbGUKICAgICAgICBvZiB0aGUgY2xpZW50IGZyb20g
dGhhdCBvZiB0aGUgcmVzb3VyY2Ugb3duZXIuIEluIE9BdXRoLCB0aGUgY2xpZW50IHJlcXVlc3Rz
IGFjY2VzcyB0bwogICAgICAgIHJlc291cmNlcyBjb250cm9sbGVkIGJ5IHRoZSByZXNvdXJjZSBv
d25lciBhbmQgaG9zdGVkIGJ5IHRoZSByZXNvdXJjZSBzZXJ2ZXIsIGFuZCBpcyBpc3N1ZWQKICAg
ICAgICBhIGRpZmZlcmVudCBzZXQgb2YgY3JlZGVudGlhbHMgdGhhbiB0aG9zZSBvZiB0aGUgcmVz
b3VyY2Ugb3duZXIuCiAgICAgIAo8L3A+CjxwPgogICAgICAgIEluc3RlYWQgb2YgdXNpbmcgdGhl
IHJlc291cmNlIG93bmVyJ3MgY3JlZGVudGlhbHMgdG8gYWNjZXNzIHByb3RlY3RlZCByZXNvdXJj
ZXMsIHRoZSBjbGllbnQKICAgICAgICBvYnRhaW5zIGFuIGFjY2VzcyB0b2tlbiAtIGEgc3RyaW5n
IGRlbm90aW5nIGEgc3BlY2lmaWMgc2NvcGUsIGxpZmV0aW1lLCBhbmQgb3RoZXIgYWNjZXNzCiAg
ICAgICAgYXR0cmlidXRlcy4gQWNjZXNzIHRva2VucyBhcmUgaXNzdWVkIHRvIHRoaXJkLXBhcnR5
IGNsaWVudHMgYnkgYW4gYXV0aG9yaXphdGlvbiBzZXJ2ZXIgd2l0aAogICAgICAgIHRoZSBhcHBy
b3ZhbCBvZiB0aGUgcmVzb3VyY2Ugb3duZXIuIFRoZSBjbGllbnQgdXNlcyB0aGUgYWNjZXNzIHRv
a2VuIHRvIGFjY2VzcyB0aGUKICAgICAgICBwcm90ZWN0ZWQgcmVzb3VyY2VzIGhvc3RlZCBieSB0
aGUgcmVzb3VyY2Ugc2VydmVyLgogICAgICAKPC9wPgo8cD4KICAgICAgICBGb3IgZXhhbXBsZSwg
YW4gZW5kLXVzZXIgKHJlc291cmNlIG93bmVyKSBjYW4gZ3JhbnQgYSBwcmludGluZyBzZXJ2aWNl
IChjbGllbnQpIGFjY2VzcwogICAgICAgIHRvIGhlciBwcm90ZWN0ZWQgcGhvdG9zIHN0b3JlZCBh
dCBhIHBob3RvIHNoYXJpbmcgc2VydmljZSAocmVzb3VyY2Ugc2VydmVyKSwgd2l0aG91dAogICAg
ICAgIHNoYXJpbmcgaGVyIHVzZXJuYW1lIGFuZCBwYXNzd29yZCB3aXRoIHRoZSBwcmludGluZyBz
ZXJ2aWNlLiBJbnN0ZWFkLCBzaGUgYXV0aGVudGljYXRlcwogICAgICAgIGRpcmVjdGx5IHdpdGgg
YSBzZXJ2ZXIgdHJ1c3RlZCBieSB0aGUgcGhvdG8gc2hhcmluZyBzZXJ2aWNlIChhdXRob3JpemF0
aW9uIHNlcnZlcikgd2hpY2gKICAgICAgICBpc3N1ZXMgdGhlIHByaW50aW5nIHNlcnZpY2UgZGVs
ZWdhdGlvbi1zcGVjaWZpYyBjcmVkZW50aWFscyAoYWNjZXNzIHRva2VuKS4KICAgICAgCjwvcD4K
PHA+CiAgICAgICAgVGhpcyBzcGVjaWZpY2F0aW9uIGlzIGRlc2lnbmVkIGZvciB1c2Ugd2l0aCBI
VFRQICg8YSBjbGFzcz0naW5mbycgaHJlZj0nI1JGQzI2MTYnPltSRkMyNjE2XTxzcGFuPiAoPC9z
cGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5GaWVsZGluZywgUi4sIEdldHR5cywgSi4sIE1vZ3VsLCBK
LiwgRnJ5c3R5aywgSC4sIE1hc2ludGVyLCBMLiwgTGVhY2gsIFAuLCBhbmQgVC4gQmVybmVycy1M
ZWUsICZsZHF1bztIeXBlcnRleHQgVHJhbnNmZXIgUHJvdG9jb2wgLS0gSFRUUC8xLjEsJnJkcXVv
OyBKdW5lJm5ic3A7MTk5OS48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+KS4gVGhlIHVzZSBvZgog
ICAgICAgIE9BdXRoIG92ZXIgYW55IG90aGVyIHByb3RvY29sIHRoYW4gSFRUUCBpcyBvdXQgb2Yg
c2NvcGUuCiAgICAgIAo8L3A+CjxwPgogICAgICAgIFRoZSBPQXV0aCAxLjAgcHJvdG9jb2wgKDxh
IGNsYXNzPSdpbmZvJyBocmVmPScjUkZDNTg0OSc+W1JGQzU4NDldPHNwYW4+ICg8L3NwYW4+PHNw
YW4gY2xhc3M9J2luZm8nPkhhbW1lci1MYWhhdiwgRS4sICZsZHF1bztUaGUgT0F1dGggMS4wIFBy
b3RvY29sLCZyZHF1bzsgQXByaWwmbmJzcDsyMDEwLjwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4p
LCBwdWJsaXNoZWQgYXMgYW4gaW5mb3JtYXRpb25hbCBkb2N1bWVudCwKICAgICAgICB3YXMgdGhl
IHJlc3VsdCBvZiBhIHNtYWxsIGFkLWhvYyBjb21tdW5pdHkgZWZmb3J0LiBUaGlzIHN0YW5kYXJk
cy10cmFjayBzcGVjaWZpY2F0aW9uIGJ1aWxkcwogICAgICAgIG9uIHRoZSBPQXV0aCAxLjAgZGVw
bG95bWVudCBleHBlcmllbmNlLCBhcyB3ZWxsIGFzIGFkZGl0aW9uYWwgdXNlIGNhc2VzIGFuZCBl
eHRlbnNpYmlsaXR5CiAgICAgICAgcmVxdWlyZW1lbnRzIGdhdGhlcmVkIGZyb20gdGhlIHdpZGVy
IElFVEYgY29tbXVuaXR5LiBUaGUgT0F1dGggMi4wIHByb3RvY29sIGlzIG5vdCBiYWNrd2FyZAog
ICAgICAgIGNvbXBhdGlibGUgd2l0aCBPQXV0aCAxLjAuIFRoZSB0d28gdmVyc2lvbnMgbWF5IGNv
LWV4aXN0IG9uIHRoZSBuZXR3b3JrIGFuZCBpbXBsZW1lbnRhdGlvbnMKICAgICAgICBtYXkgY2hv
b3NlIHRvIHN1cHBvcnQgYm90aC4gSG93ZXZlciwgaXQgaXMgdGhlIGludGVudGlvbiBvZiB0aGlz
IHNwZWNpZmljYXRpb24gdGhhdCBuZXcKICAgICAgICBpbXBsZW1lbnRhdGlvbiBzdXBwb3J0IE9B
dXRoIDIuMCBhcyBzcGVjaWZpZWQgaW4gdGhpcyBkb2N1bWVudCwgYW5kIHRoYXQgT0F1dGggMS4w
IGlzIHVzZWQKICAgICAgICBvbmx5IHRvIHN1cHBvcnQgZXhpc3RpbmcgZGVwbG95bWVudHMuIFRo
ZSBPQXV0aCAyLjAgcHJvdG9jb2wgc2hhcmVzIHZlcnkgZmV3IGltcGxlbWVudGF0aW9uCiAgICAg
ICAgZGV0YWlscyB3aXRoIHRoZSBPQXV0aCAxLjAgcHJvdG9jb2wuIEltcGxlbWVudGVycyBmYW1p
bGlhciB3aXRoIE9BdXRoIDEuMCBzaG91bGQgYXBwcm9hY2gKICAgICAgICB0aGlzIGRvY3VtZW50
IHdpdGhvdXQgYW55IGFzc3VtcHRpb25zIGFzIHRvIGl0cyBzdHJ1Y3R1cmUgYW5kIGRldGFpbHMu
CiAgICAgIAo8L3A+CjxhIG5hbWU9ImFuY2hvcjIiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1
bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9D
YnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+
Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlv
bi4xLjEiPjwvYT48aDM+MS4xLiZuYnNwOwpSb2xlczwvaDM+Cgo8cD4KICAgICAgICAgIE9BdXRo
IGRlZmluZXMgZm91ciByb2xlczoKICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIDwvcD4KPGJs
b2NrcXVvdGUgY2xhc3M9InRleHQiPjxkbD4KPGR0PnJlc291cmNlIG93bmVyPC9kdD4KPGRkPgog
ICAgICAgICAgICAgIAogICAgICAgICAgICAgIEFuIGVudGl0eSBjYXBhYmxlIG9mIGdyYW50aW5n
IGFjY2VzcyB0byBhIHByb3RlY3RlZCByZXNvdXJjZS4gV2hlbiB0aGUgcmVzb3VyY2Ugb3duZXIK
ICAgICAgICAgICAgICBpcyBhIHBlcnNvbiwgaXQgaXMgcmVmZXJyZWQgdG8gYXMgYW4gZW5kLXVz
ZXIuCiAgICAgICAgICAgIAo8L2RkPgo8ZHQ+cmVzb3VyY2Ugc2VydmVyPC9kdD4KPGRkPgogICAg
ICAgICAgICAgIAogICAgICAgICAgICAgIFRoZSBzZXJ2ZXIgaG9zdGluZyB0aGUgcHJvdGVjdGVk
IHJlc291cmNlcywgY2FwYWJsZSBvZiBhY2NlcHRpbmcgYW5kIHJlc3BvbmRpbmcgdG8KICAgICAg
ICAgICAgICBwcm90ZWN0ZWQgcmVzb3VyY2UgcmVxdWVzdHMgdXNpbmcgYWNjZXNzIHRva2Vucy4K
ICAgICAgICAgICAgCjwvZGQ+CjxkdD5jbGllbnQ8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgCiAg
ICAgICAgICAgICAgQW4gYXBwbGljYXRpb24gbWFraW5nIHByb3RlY3RlZCByZXNvdXJjZSByZXF1
ZXN0cyBvbiBiZWhhbGYgb2YgdGhlIHJlc291cmNlIG93bmVyIGFuZAogICAgICAgICAgICAgIHdp
dGggaXRzIGF1dGhvcml6YXRpb24uIFRoZSB0ZXJtIGNsaWVudCBkb2VzIG5vdCBpbXBseSBhbnkg
cGFydGljdWxhciBpbXBsZW1lbnRhdGlvbgogICAgICAgICAgICAgIGNoYXJhY3RlcmlzdGljcyAo
ZS5nLiB3aGV0aGVyIHRoZSBhcHBsaWNhdGlvbiBleGVjdXRlcyBvbiBhIHNlcnZlciwgYSBkZXNr
dG9wLCBvcgogICAgICAgICAgICAgIG90aGVyIGRldmljZXMpLgogICAgICAgICAgICAKPC9kZD4K
PGR0PmF1dGhvcml6YXRpb24gc2VydmVyPC9kdD4KPGRkPgogICAgICAgICAgICAgIAogICAgICAg
ICAgICAgIFRoZSBzZXJ2ZXIgaXNzdWluZyBhY2Nlc3MgdG9rZW5zIHRvIHRoZSBjbGllbnQgYWZ0
ZXIgc3VjY2Vzc2Z1bGx5IGF1dGhlbnRpY2F0aW5nIHRoZQogICAgICAgICAgICAgIHJlc291cmNl
IG93bmVyIGFuZCBvYnRhaW5pbmcgYXV0aG9yaXphdGlvbi4KICAgICAgICAgICAgCjwvZGQ+Cjwv
ZGw+PC9ibG9ja3F1b3RlPjxwPgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgVGhlIGludGVy
YWN0aW9uIGJldHdlZW4gdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGFuZCByZXNvdXJjZSBzZXJ2
ZXIgaXMgYmV5b25kIHRoZSBzY29wZQogICAgICAgICAgb2YgdGhpcyBzcGVjaWZpY2F0aW9uLiBU
aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgbWF5IGJlIHRoZSBzYW1lIHNlcnZlciBhcyB0aGUgcmVz
b3VyY2UKICAgICAgICAgIHNlcnZlciBvciBhIHNlcGFyYXRlIGVudGl0eS4gQSBzaW5nbGUgYXV0
aG9yaXphdGlvbiBzZXJ2ZXIgbWF5IGlzc3VlIGFjY2VzcyB0b2tlbnMKICAgICAgICAgIGFjY2Vw
dGVkIGJ5IG11bHRpcGxlIHJlc291cmNlIHNlcnZlcnMuCiAgICAgICAgCjwvcD4KPGEgbmFtZT0i
YW5jaG9yMyI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFk
ZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRy
Pjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90
ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjEuMiI+PC9hPjxoMz4xLjIuJm5i
c3A7ClByb3RvY29sIEZsb3c8L2gzPgo8YnIgLz48aHIgY2xhc3M9Imluc2VydCIgLz4KPGEgbmFt
ZT0iRmlndXJlLTEiPjwvYT4KPGRpdiBzdHlsZT0nZGlzcGxheTogdGFibGU7IHdpZHRoOiAwOyBt
YXJnaW4tbGVmdDogM2VtOyBtYXJnaW4tcmlnaHQ6IGF1dG8nPjxwcmU+CgogICstLS0tLS0tLSsg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKy0tLS0tLS0tLS0tLS0tLSsKICB8ICAgICAg
ICB8LS0oQSktIEF1dGhvcml6YXRpb24gUmVxdWVzdCAtJmd0O3wgICBSZXNvdXJjZSAgICB8CiAg
fCAgICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8ICAgICBPd25lciAgICAg
fAogIHwgICAgICAgIHwmbHQ7LShCKS0tIEF1dGhvcml6YXRpb24gR3JhbnQgLS0tfCAgICAgICAg
ICAgICAgIHwKICB8ICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICstLS0t
LS0tLS0tLS0tLS0rCiAgfCAgICAgICAgfAogIHwgICAgICAgIHwgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgKy0tLS0tLS0tLS0tLS0tLSsKICB8ICAgICAgICB8LS0oQyktLSBBdXRob3Jp
emF0aW9uIEdyYW50IC0tJmd0O3wgQXV0aG9yaXphdGlvbiB8CiAgfCBDbGllbnQgfCAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICB8ICAgICBTZXJ2ZXIgICAgfAogIHwgICAgICAgIHwmbHQ7
LShEKS0tLS0tIEFjY2VzcyBUb2tlbiAtLS0tLS0tfCAgICAgICAgICAgICAgIHwKICB8ICAgICAg
ICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICstLS0tLS0tLS0tLS0tLS0rCiAgfCAg
ICAgICAgfAogIHwgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKy0tLS0t
LS0tLS0tLS0tLSsKICB8ICAgICAgICB8LS0oRSktLS0tLSBBY2Nlc3MgVG9rZW4gLS0tLS0tJmd0
O3wgICAgUmVzb3VyY2UgICB8CiAgfCAgICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICB8ICAgICBTZXJ2ZXIgICAgfAogIHwgICAgICAgIHwmbHQ7LShGKS0tLSBQcm90ZWN0ZWQg
UmVzb3VyY2UgLS0tfCAgICAgICAgICAgICAgIHwKICArLS0tLS0tLS0rICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICstLS0tLS0tLS0tLS0tLS0rCgo8L3ByZT48L2Rpdj48dGFibGUgYm9y
ZGVyPSIwIiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGFsaWduPSJjZW50ZXIiPjx0
cj48dGQgYWxpZ249ImNlbnRlciI+PGZvbnQgZmFjZT0ibW9uYWNvLCBNUyBTYW5zIFNlcmlmIiBz
aXplPSIxIj48Yj4mbmJzcDtGaWd1cmUmbmJzcDsxOiBBYnN0cmFjdCBQcm90b2NvbCBGbG93Jm5i
c3A7PC9iPjwvZm9udD48YnIgLz48L3RkPjwvdHI+PC90YWJsZT48aHIgY2xhc3M9Imluc2VydCIg
Lz4KCjxwPgogICAgICAgICAgVGhlIGFic3RyYWN0IGZsb3cgaWxsdXN0cmF0ZWQgaW4gPGEgY2xh
c3M9J2luZm8nIGhyZWY9JyNGaWd1cmUtMSc+RmlndXJlJm5ic3A7MTxzcGFuPiAoPC9zcGFuPjxz
cGFuIGNsYXNzPSdpbmZvJz5BYnN0cmFjdCBQcm90b2NvbCBGbG93PC9zcGFuPjxzcGFuPik8L3Nw
YW4+PC9hPiBkZXNjcmliZXMgdGhlIGludGVyYWN0aW9uCiAgICAgICAgICBiZXR3ZWVuIHRoZSBm
b3VyIHJvbGVzIGFuZCBpbmNsdWRlcyB0aGUgZm9sbG93aW5nIHN0ZXBzOgogICAgICAgIAo8L3A+
CjxwPgogICAgICAgICAgPC9wPgo8YmxvY2txdW90ZSBjbGFzcz0idGV4dCI+PGRsPgo8ZHQ+KEEp
PC9kdD4KPGRkPgogICAgICAgICAgICAgIFRoZSBjbGllbnQgcmVxdWVzdHMgYXV0aG9yaXphdGlv
biBmcm9tIHRoZSByZXNvdXJjZSBvd25lci4gVGhlIGF1dGhvcml6YXRpb24gcmVxdWVzdAogICAg
ICAgICAgICAgIGNhbiBiZSBtYWRlIGRpcmVjdGx5IHRvIHRoZSByZXNvdXJjZSBvd25lciAoYXMg
c2hvd24pLCBvciBwcmVmZXJhYmx5IGluZGlyZWN0bHkgdmlhCiAgICAgICAgICAgICAgdGhlIGF1
dGhvcml6YXRpb24gc2VydmVyIGFzIGFuIGludGVybWVkaWFyeS4KICAgICAgICAgICAgCjwvZGQ+
CjxkdD4oQik8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgVGhlIGNsaWVudCByZWNlaXZlcyBhbiBh
dXRob3JpemF0aW9uIGdyYW50IHdoaWNoIGlzIGEgY3JlZGVudGlhbCByZXByZXNlbnRpbmcKICAg
ICAgICAgICAgICB0aGUgcmVzb3VyY2Ugb3duZXIncyBhdXRob3JpemF0aW9uLCBleHByZXNzZWQg
dXNpbmcgb25lIG9mIGZvdXIgZ3JhbnQgdHlwZXMgZGVmaW5lZAogICAgICAgICAgICAgIGluIHRo
aXMgc3BlY2lmaWNhdGlvbiBvciB1c2luZyBhbiBleHRlbnNpb24gZ3JhbnQgdHlwZS4gVGhlIGF1
dGhvcml6YXRpb24gZ3JhbnQgdHlwZQogICAgICAgICAgICAgIGRlcGVuZHMgb24gdGhlIG1ldGhv
ZCB1c2VkIGJ5IHRoZSBjbGllbnQgdG8gcmVxdWVzdCBhdXRob3JpemF0aW9uIGFuZCB0aGUgdHlw
ZXMKICAgICAgICAgICAgICBzdXBwb3J0ZWQgYnkgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLgog
ICAgICAgICAgICAKPC9kZD4KPGR0PihDKTwvZHQ+CjxkZD4KICAgICAgICAgICAgICBUaGUgY2xp
ZW50IHJlcXVlc3RzIGFuIGFjY2VzcyB0b2tlbiBieSBhdXRoZW50aWNhdGluZyB3aXRoIHRoZSBh
dXRob3JpemF0aW9uIHNlcnZlcgogICAgICAgICAgICAgIGFuZCBwcmVzZW50aW5nIHRoZSBhdXRo
b3JpemF0aW9uIGdyYW50LgogICAgICAgICAgICAKPC9kZD4KPGR0PihEKTwvZHQ+CjxkZD4KICAg
ICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXV0aGVudGljYXRlcyB0aGUgY2xp
ZW50IGFuZCB2YWxpZGF0ZXMgdGhlIGF1dGhvcml6YXRpb24KICAgICAgICAgICAgICBncmFudCwg
YW5kIGlmIHZhbGlkIGlzc3VlcyBhbiBhY2Nlc3MgdG9rZW4uCiAgICAgICAgICAgIAo8L2RkPgo8
ZHQ+KEUpPC9kdD4KPGRkPgogICAgICAgICAgICAgIFRoZSBjbGllbnQgcmVxdWVzdHMgdGhlIHBy
b3RlY3RlZCByZXNvdXJjZSBmcm9tIHRoZSByZXNvdXJjZSBzZXJ2ZXIgYW5kIGF1dGhlbnRpY2F0
ZXMKICAgICAgICAgICAgICBieSBwcmVzZW50aW5nIHRoZSBhY2Nlc3MgdG9rZW4uCiAgICAgICAg
ICAgIAo8L2RkPgo8ZHQ+KEYpPC9kdD4KPGRkPgogICAgICAgICAgICAgIFRoZSByZXNvdXJjZSBz
ZXJ2ZXIgdmFsaWRhdGVzIHRoZSBhY2Nlc3MgdG9rZW4sIGFuZCBpZiB2YWxpZCwgc2VydmVzIHRo
ZSByZXF1ZXN0LgogICAgICAgICAgICAKPC9kZD4KPC9kbD48L2Jsb2NrcXVvdGU+PHA+CiAgICAg
ICAgCjwvcD4KPHA+CiAgICAgICAgICBUaGUgcHJlZmVycmVkIG1ldGhvZCBmb3IgdGhlIGNsaWVu
dCB0byBvYnRhaW4gYW4gYXV0aG9yaXphdGlvbiBncmFudCBmcm9tIHRoZSByZXNvdXJjZQogICAg
ICAgICAgb3duZXIgKGRlcGljdGVkIGluIHN0ZXBzIChBKSBhbmQgKEIpKSBpcyB0byB1c2UgdGhl
IGF1dGhvcml6YXRpb24gc2VydmVyIGFzIGFuIGludGVybWVkaWFyeQogICAgICAgICAgd2hpY2gg
aXMgaWxsdXN0cmF0ZWQgaW4gPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNGaWd1cmUtMyc+RmlndXJl
Jm5ic3A7MzxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5BdXRob3JpemF0aW9uIENv
ZGUgRmxvdzwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4uCiAgICAgICAgCjwvcD4KPGEgbmFtZT0i
YW5jaG9yNCI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFk
ZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRy
Pjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90
ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjEuMyI+PC9hPjxoMz4xLjMuJm5i
c3A7CkF1dGhvcml6YXRpb24gR3JhbnQ8L2gzPgoKPHA+CiAgICAgICAgICBBbiBhdXRob3JpemF0
aW9uIGdyYW50IGlzIGEgY3JlZGVudGlhbCByZXByZXNlbnRpbmcgdGhlIHJlc291cmNlIG93bmVy
J3MgYXV0aG9yaXphdGlvbgogICAgICAgICAgKHRvIGFjY2VzcyBpdHMgcHJvdGVjdGVkIHJlc291
cmNlcykgdXNlZCBieSB0aGUgY2xpZW50IHRvIG9idGFpbiBhbiBhY2Nlc3MgdG9rZW4uIFRoaXMK
ICAgICAgICAgIHNwZWNpZmljYXRpb24gZGVmaW5lcyBmb3VyIGdyYW50IHR5cGVzOiBhdXRob3Jp
emF0aW9uIGNvZGUsIGltcGxpY2l0LCByZXNvdXJjZSBvd25lcgogICAgICAgICAgcGFzc3dvcmQg
Y3JlZGVudGlhbHMsIGFuZCBjbGllbnQgY3JlZGVudGlhbHMsIGFzIHdlbGwgYXMgYW4gZXh0ZW5z
aWJpbGl0eSBtZWNoYW5pc20gZm9yCiAgICAgICAgICBkZWZpbmluZyBhZGRpdGlvbmFsIHR5cGVz
LgogICAgICAgIAo8L3A+CjxhIG5hbWU9ImFuY2hvcjUiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxl
IHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0i
VE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3Rv
YyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2Vj
dGlvbi4xLjMuMSI+PC9hPjxoMz4xLjMuMS4mbmJzcDsKQXV0aG9yaXphdGlvbiBDb2RlPC9oMz4K
CjxwPgogICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBjb2RlIGlzIG9idGFpbmVkIGJ5IHVz
aW5nIGFuIGF1dGhvcml6YXRpb24gc2VydmVyIGFzIGFuIGludGVybWVkaWFyeQogICAgICAgICAg
ICBiZXR3ZWVuIHRoZSBjbGllbnQgYW5kIHJlc291cmNlIG93bmVyLiBJbnN0ZWFkIG9mIHJlcXVl
c3RpbmcgYXV0aG9yaXphdGlvbiBkaXJlY3RseQogICAgICAgICAgICBmcm9tIHRoZSByZXNvdXJj
ZSBvd25lciwgdGhlIGNsaWVudCBkaXJlY3RzIHRoZSByZXNvdXJjZSBvd25lciB0byBhbiBhdXRo
b3JpemF0aW9uCiAgICAgICAgICAgIHNlcnZlciAodmlhIGl0cyB1c2VyLWFnZW50IGFzIGRlZmlu
ZWQgaW4gPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNSRkMyNjE2Jz5bUkZDMjYxNl08c3Bhbj4gKDwv
c3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+RmllbGRpbmcsIFIuLCBHZXR0eXMsIEouLCBNb2d1bCwg
Si4sIEZyeXN0eWssIEguLCBNYXNpbnRlciwgTC4sIExlYWNoLCBQLiwgYW5kIFQuIEJlcm5lcnMt
TGVlLCAmbGRxdW87SHlwZXJ0ZXh0IFRyYW5zZmVyIFByb3RvY29sIC0tIEhUVFAvMS4xLCZyZHF1
bzsgSnVuZSZuYnNwOzE5OTkuPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPiksIHdoaWNoIGluIHR1
cm4KICAgICAgICAgICAgZGlyZWN0cyB0aGUgcmVzb3VyY2Ugb3duZXIgYmFjayB0byB0aGUgY2xp
ZW50IHdpdGggdGhlIGF1dGhvcml6YXRpb24gY29kZS4KICAgICAgICAgIAo8L3A+CjxwPgogICAg
ICAgICAgICBCZWZvcmUgZGlyZWN0aW5nIHRoZSByZXNvdXJjZSBvd25lciBiYWNrIHRvIHRoZSBj
bGllbnQgd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBjb2RlLCB0aGUKICAgICAgICAgICAgYXV0aG9y
aXphdGlvbiBzZXJ2ZXIgYXV0aGVudGljYXRlcyB0aGUgcmVzb3VyY2Ugb3duZXIgYW5kIG9idGFp
bnMgYXV0aG9yaXphdGlvbi4KICAgICAgICAgICAgQmVjYXVzZSB0aGUgcmVzb3VyY2Ugb3duZXIg
b25seSBhdXRoZW50aWNhdGVzIHdpdGggdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLCB0aGUKICAg
ICAgICAgICAgcmVzb3VyY2Ugb3duZXIncyBjcmVkZW50aWFscyBhcmUgbmV2ZXIgc2hhcmVkIHdp
dGggdGhlIGNsaWVudC4KICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICBUaGUgYXV0aG9y
aXphdGlvbiBjb2RlIHByb3ZpZGVzIGEgZmV3IGltcG9ydGFudCBzZWN1cml0eSBiZW5lZml0cyBz
dWNoIGFzIHRoZSBhYmlsaXR5CiAgICAgICAgICAgIHRvIGF1dGhlbnRpY2F0ZSB0aGUgY2xpZW50
LCBhbmQgdGhlIHRyYW5zbWlzc2lvbiBvZiB0aGUgYWNjZXNzIHRva2VuIGRpcmVjdGx5IHRvCiAg
ICAgICAgICAgIHRoZSBjbGllbnQgd2l0aG91dCBwYXNzaW5nIGl0IHRocm91Z2ggdGhlIHJlc291
cmNlIG93bmVyJ3MgdXNlci1hZ2VudCwgcG90ZW50aWFsbHkKICAgICAgICAgICAgZXhwb3Npbmcg
aXQgdG8gb3RoZXJzLCBpbmNsdWRpbmcgdGhlIHJlc291cmNlIG93bmVyLgogICAgICAgICAgCjwv
cD4KPGEgbmFtZT0iYW5jaG9yNiI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5
b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWdu
PSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0Mm
bmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjEuMy4yIj48
L2E+PGgzPjEuMy4yLiZuYnNwOwpJbXBsaWNpdDwvaDM+Cgo8cD4KICAgICAgICAgICAgVGhlIGlt
cGxpY2l0IGdyYW50IGlzIGEgc2ltcGxpZmllZCBhdXRob3JpemF0aW9uIGNvZGUgZmxvdyBvcHRp
bWl6ZWQgZm9yIGNsaWVudHMKICAgICAgICAgICAgaW1wbGVtZW50ZWQgaW4gYSBicm93c2VyIHVz
aW5nIGEgc2NyaXB0aW5nIGxhbmd1YWdlIHN1Y2ggYXMgSmF2YVNjcmlwdC4gSW4gdGhlIGltcGxp
Y2l0CiAgICAgICAgICAgIGZsb3csIGluc3RlYWQgb2YgaXNzdWluZyB0aGUgY2xpZW50IGFuIGF1
dGhvcml6YXRpb24gY29kZSwgdGhlIGNsaWVudCBpcyBpc3N1ZWQgYW4KICAgICAgICAgICAgYWNj
ZXNzIHRva2VuIGRpcmVjdGx5IChhcyB0aGUgcmVzdWx0IG9mIHRoZSByZXNvdXJjZSBvd25lciBh
dXRob3JpemF0aW9uKS4gVGhlIGdyYW50CiAgICAgICAgICAgIHR5cGUgaXMgaW1wbGljaXQgYXMg
bm8gaW50ZXJtZWRpYXRlIGNyZWRlbnRpYWxzIChzdWNoIGFzIGFuIGF1dGhvcml6YXRpb24gY29k
ZSkgYXJlCiAgICAgICAgICAgIGlzc3VlZCAoYW5kIGxhdGVyIHVzZWQgdG8gb2J0YWluIGFuIGFj
Y2VzcyB0b2tlbikuCiAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgV2hlbiBpc3N1aW5n
IGFuIGFjY2VzcyB0b2tlbiBkdXJpbmcgdGhlIGltcGxpY2l0IGdyYW50IGZsb3csIHRoZSBhdXRo
b3JpemF0aW9uIHNlcnZlcgogICAgICAgICAgICBkb2VzIG5vdCBhdXRoZW50aWNhdGUgdGhlIGNs
aWVudC4gSW4gc29tZSBjYXNlcywgdGhlIGNsaWVudCBpZGVudGl0eSBjYW4gYmUgdmVyaWZpZWQK
ICAgICAgICAgICAgdmlhIHRoZSByZWRpcmVjdGlvbiBVUkkgdXNlZCB0byBkZWxpdmVyIHRoZSBh
Y2Nlc3MgdG9rZW4gdG8gdGhlIGNsaWVudC4gVGhlIGFjY2VzcwogICAgICAgICAgICB0b2tlbiBt
YXkgYmUgZXhwb3NlZCB0byB0aGUgcmVzb3VyY2Ugb3duZXIgb3Igb3RoZXIgYXBwbGljYXRpb25z
IHdpdGggYWNjZXNzIHRvIHRoZQogICAgICAgICAgICByZXNvdXJjZSBvd25lcidzIHVzZXItYWdl
bnQuCiAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgSW1wbGljaXQgZ3JhbnRzIGltcHJv
dmUgdGhlIHJlc3BvbnNpdmVuZXNzIGFuZCBlZmZpY2llbmN5IG9mIHNvbWUgY2xpZW50cyAoc3Vj
aCBhcyBhCiAgICAgICAgICAgIGNsaWVudCBpbXBsZW1lbnRlZCBhcyBhbiBpbi1icm93c2VyIGFw
cGxpY2F0aW9uKSBzaW5jZSBpdCByZWR1Y2VzIHRoZSBudW1iZXIgb2Ygcm91bmQKICAgICAgICAg
ICAgdHJpcHMgcmVxdWlyZWQgdG8gb2J0YWluIGFuIGFjY2VzcyB0b2tlbi4gSG93ZXZlciwgdGhp
cyBjb252ZW5pZW5jZSBzaG91bGQgYmUgd2VpZ2hlZAogICAgICAgICAgICBhZ2FpbnN0IHRoZSBz
ZWN1cml0eSBpbXBsaWNhdGlvbnMgb2YgdXNpbmcgaW1wbGljaXQgZ3JhbnRzLCBlc3BlY2lhbGx5
IHdoZW4gdGhlCiAgICAgICAgICAgIGF1dGhvcml6YXRpb24gY29kZSBncmFudCB0eXBlIGlzIGF2
YWlsYWJsZS4KICAgICAgICAgIAo8L3A+CjxhIG5hbWU9ImFuY2hvcjciPjwvYT48YnIgLz48aHIg
Lz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIy
IiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEg
aHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1l
PSJyZmMuc2VjdGlvbi4xLjMuMyI+PC9hPjxoMz4xLjMuMy4mbmJzcDsKUmVzb3VyY2UgT3duZXIg
UGFzc3dvcmQgQ3JlZGVudGlhbHM8L2gzPgoKPHA+CiAgICAgICAgICAgIFRoZSByZXNvdXJjZSBv
d25lciBwYXNzd29yZCBjcmVkZW50aWFscyAoaS5lLiB1c2VybmFtZSBhbmQgcGFzc3dvcmQpIGNh
biBiZSB1c2VkCiAgICAgICAgICAgIGRpcmVjdGx5IGFzIGFuIGF1dGhvcml6YXRpb24gZ3JhbnQg
dG8gb2J0YWluIGFuIGFjY2VzcyB0b2tlbi4gVGhlIGNyZWRlbnRpYWxzIHNob3VsZAogICAgICAg
ICAgICBvbmx5IGJlIHVzZWQgd2hlbiB0aGVyZSBpcyBhIGhpZ2ggZGVncmVlIG9mIHRydXN0IGJl
dHdlZW4gdGhlIHJlc291cmNlIG93bmVyIGFuZCB0aGUKICAgICAgICAgICAgY2xpZW50IChlLmcu
IHRoZSBjbGllbnQgaXMgcGFydCBvZiB0aGUgZGV2aWNlIG9wZXJhdGluZyBzeXN0ZW0gb3IgYSBo
aWdobHkgcHJpdmlsZWdlZAogICAgICAgICAgICBhcHBsaWNhdGlvbiksIGFuZCB3aGVuIG90aGVy
IGF1dGhvcml6YXRpb24gZ3JhbnQgdHlwZXMgYXJlIG5vdCBhdmFpbGFibGUgKHN1Y2ggYXMgYW4K
ICAgICAgICAgICAgYXV0aG9yaXphdGlvbiBjb2RlKS4KICAgICAgICAgIAo8L3A+CjxwPgogICAg
ICAgICAgICBFdmVuIHRob3VnaCB0aGlzIGdyYW50IHR5cGUgcmVxdWlyZXMgZGlyZWN0IGNsaWVu
dCBhY2Nlc3MgdG8gdGhlIHJlc291cmNlIG93bmVyCiAgICAgICAgICAgIGNyZWRlbnRpYWxzLCB0
aGUgcmVzb3VyY2Ugb3duZXIgY3JlZGVudGlhbHMgYXJlIHVzZWQgZm9yIGEgc2luZ2xlIHJlcXVl
c3QgYW5kIGFyZQogICAgICAgICAgICBleGNoYW5nZWQgZm9yIGFuIGFjY2VzcyB0b2tlbi4gVGhp
cyBncmFudCB0eXBlIGNhbiBlbGltaW5hdGUgdGhlIG5lZWQgZm9yIHRoZSBjbGllbnQKICAgICAg
ICAgICAgdG8gc3RvcmUgdGhlIHJlc291cmNlIG93bmVyIGNyZWRlbnRpYWxzIGZvciBmdXR1cmUg
dXNlLCBieSBleGNoYW5naW5nIHRoZSBjcmVkZW50aWFscwogICAgICAgICAgICB3aXRoIGEgbG9u
Zy1saXZlZCBhY2Nlc3MgdG9rZW4gb3IgcmVmcmVzaCB0b2tlbi4KICAgICAgICAgIAo8L3A+Cjxh
IG5hbWU9ImFuY2hvcjgiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIg
Y2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmln
aHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7
PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi4xLjMuNCI+PC9hPjxo
Mz4xLjMuNC4mbmJzcDsKQ2xpZW50IENyZWRlbnRpYWxzPC9oMz4KCjxwPgogICAgICAgICAgICBU
aGUgY2xpZW50IGNyZWRlbnRpYWxzIChvciBvdGhlciBmb3JtcyBvZiBjbGllbnQgYXV0aGVudGlj
YXRpb24pIGNhbiBiZSB1c2VkIGFzIGFuCiAgICAgICAgICAgIGF1dGhvcml6YXRpb24gZ3JhbnQg
d2hlbiB0aGUgYXV0aG9yaXphdGlvbiBzY29wZSBpcyBsaW1pdGVkIHRvIHRoZSBwcm90ZWN0ZWQg
cmVzb3VyY2VzCiAgICAgICAgICAgIHVuZGVyIHRoZSBjb250cm9sIG9mIHRoZSBjbGllbnQsIG9y
IHRvIHByb3RlY3RlZCByZXNvdXJjZXMgcHJldmlvdXNseSBhcnJhbmdlZCB3aXRoIHRoZQogICAg
ICAgICAgICBhdXRob3JpemF0aW9uIHNlcnZlci4gQ2xpZW50IGNyZWRlbnRpYWxzIGFyZSB1c2Vk
IGFzIGFuIGF1dGhvcml6YXRpb24gZ3JhbnQgdHlwaWNhbGx5CiAgICAgICAgICAgIHdoZW4gdGhl
IGNsaWVudCBpcyBhY3Rpbmcgb24gaXRzIG93biBiZWhhbGYgKHRoZSBjbGllbnQgaXMgYWxzbyB0
aGUgcmVzb3VyY2Ugb3duZXIpLCBvcgogICAgICAgICAgICBpcyByZXF1ZXN0aW5nIGFjY2VzcyB0
byBwcm90ZWN0ZWQgcmVzb3VyY2VzIGJhc2VkIG9uIGFuIGF1dGhvcml6YXRpb24gcHJldmlvdXNs
eQogICAgICAgICAgICBhcnJhbmdlZCB3aXRoIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4KICAg
ICAgICAgIAo8L3A+CjxhIG5hbWU9ImFuY2hvcjkiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1
bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9D
YnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+
Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlv
bi4xLjQiPjwvYT48aDM+MS40LiZuYnNwOwpBY2Nlc3MgVG9rZW48L2gzPgoKPHA+CiAgICAgICAg
ICBBY2Nlc3MgdG9rZW5zIGFyZSBjcmVkZW50aWFscyB1c2VkIHRvIGFjY2VzcyBwcm90ZWN0ZWQg
cmVzb3VyY2VzLiBBbiBhY2Nlc3MgdG9rZW4gaXMgYQogICAgICAgICAgc3RyaW5nIHJlcHJlc2Vu
dGluZyBhbiBhdXRob3JpemF0aW9uIGlzc3VlZCB0byB0aGUgY2xpZW50LiBUaGUgc3RyaW5nIGlz
IHVzdWFsbHkgb3BhcXVlCiAgICAgICAgICB0byB0aGUgY2xpZW50LiBUb2tlbnMgcmVwcmVzZW50
IHNwZWNpZmljIHNjb3BlcyBhbmQgZHVyYXRpb25zIG9mIGFjY2VzcywgZ3JhbnRlZCBieSB0aGUK
ICAgICAgICAgIHJlc291cmNlIG93bmVyLCBhbmQgZW5mb3JjZWQgYnkgdGhlIHJlc291cmNlIHNl
cnZlciBhbmQgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAg
ICBUaGUgdG9rZW4gbWF5IGRlbm90ZSBhbiBpZGVudGlmaWVyIHVzZWQgdG8gcmV0cmlldmUgdGhl
IGF1dGhvcml6YXRpb24gaW5mb3JtYXRpb24sIG9yCiAgICAgICAgICBzZWxmLWNvbnRhaW4gdGhl
IGF1dGhvcml6YXRpb24gaW5mb3JtYXRpb24gaW4gYSB2ZXJpZmlhYmxlIG1hbm5lciAoaS5lLiBh
IHRva2VuIHN0cmluZwogICAgICAgICAgY29uc2lzdGluZyBvZiBzb21lIGRhdGEgYW5kIGEgc2ln
bmF0dXJlKS4gQWRkaXRpb25hbCBhdXRoZW50aWNhdGlvbiBjcmVkZW50aWFscywgd2hpY2gKICAg
ICAgICAgIGFyZSBiZXlvbmQgdGhlIHNjb3BlIG9mIHRoaXMgc3BlY2lmaWNhdGlvbiwgbWF5IGJl
IHJlcXVpcmVkIGluIG9yZGVyIGZvciB0aGUgY2xpZW50IHRvCiAgICAgICAgICB1c2UgYSB0b2tl
bi4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIFRoZSBhY2Nlc3MgdG9rZW4gcHJvdmlkZXMg
YW4gYWJzdHJhY3Rpb24gbGF5ZXIsIHJlcGxhY2luZyBkaWZmZXJlbnQgYXV0aG9yaXphdGlvbgog
ICAgICAgICAgY29uc3RydWN0cyAoZS5nLiB1c2VybmFtZSBhbmQgcGFzc3dvcmQpIHdpdGggYSBz
aW5nbGUgdG9rZW4gdW5kZXJzdG9vZCBieSB0aGUgcmVzb3VyY2UKICAgICAgICAgIHNlcnZlci4g
VGhpcyBhYnN0cmFjdGlvbiBlbmFibGVzIGlzc3VpbmcgYWNjZXNzIHRva2VucyBtb3JlIHJlc3Ry
aWN0aXZlIHRoYW4gdGhlCiAgICAgICAgICBhdXRob3JpemF0aW9uIGdyYW50IHVzZWQgdG8gb2J0
YWluIHRoZW0sIGFzIHdlbGwgYXMgcmVtb3ZpbmcgdGhlIHJlc291cmNlIHNlcnZlcidzIG5lZWQg
dG8KICAgICAgICAgIHVuZGVyc3RhbmQgYSB3aWRlIHJhbmdlIG9mIGF1dGhlbnRpY2F0aW9uIG1l
dGhvZHMuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBBY2Nlc3MgdG9rZW5zIGNhbiBoYXZl
IGRpZmZlcmVudCBmb3JtYXRzLCBzdHJ1Y3R1cmVzLCBhbmQgbWV0aG9kcyBvZiB1dGlsaXphdGlv
biAoZS5nLgogICAgICAgICAgY3J5cHRvZ3JhcGhpYyBwcm9wZXJ0aWVzKSBiYXNlZCBvbiB0aGUg
cmVzb3VyY2Ugc2VydmVyIHNlY3VyaXR5IHJlcXVpcmVtZW50cy4gQWNjZXNzIHRva2VuCiAgICAg
ICAgICBhdHRyaWJ1dGVzIGFuZCB0aGUgbWV0aG9kcyB1c2VkIHRvIGFjY2VzcyBwcm90ZWN0ZWQg
cmVzb3VyY2VzIGFyZSBiZXlvbmQgdGhlIHNjb3BlIG9mIHRoaXMKICAgICAgICAgIHNwZWNpZmlj
YXRpb24gYW5kIGFyZSBkZWZpbmVkIGJ5IGNvbXBhbmlvbiBzcGVjaWZpY2F0aW9ucy4KICAgICAg
ICAKPC9wPgo8YSBuYW1lPSJhbmNob3IxMCI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFy
eT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWci
IGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJz
cDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjEu
NSI+PC9hPjxoMz4xLjUuJm5ic3A7ClJlZnJlc2ggVG9rZW48L2gzPgoKPHA+CiAgICAgICAgICBS
ZWZyZXNoIHRva2VucyBhcmUgY3JlZGVudGlhbHMgdXNlZCB0byBvYnRhaW4gYWNjZXNzIHRva2Vu
cy4gUmVmcmVzaCB0b2tlbnMgYXJlIGlzc3VlZCB0bwogICAgICAgICAgdGhlIGNsaWVudCBieSB0
aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYW5kIGFyZSB1c2VkIHRvIG9idGFpbiBhIG5ldyBhY2Nl
c3MgdG9rZW4gd2hlbiB0aGUKICAgICAgICAgIGN1cnJlbnQgYWNjZXNzIHRva2VuIGJlY29tZXMg
aW52YWxpZCBvciBleHBpcmVzLCBvciB0byBvYnRhaW4gYWRkaXRpb25hbCBhY2Nlc3MgdG9rZW5z
CiAgICAgICAgICB3aXRoIGlkZW50aWNhbCBvciBuYXJyb3dlciBzY29wZSAoYWNjZXNzIHRva2Vu
cyBtYXkgaGF2ZSBhIHNob3J0ZXIgbGlmZXRpbWUgYW5kIGZld2VyCiAgICAgICAgICBwZXJtaXNz
aW9ucyB0aGFuIGF1dGhvcml6ZWQgYnkgdGhlIHJlc291cmNlIG93bmVyKS4gSXNzdWluZyBhIHJl
ZnJlc2ggdG9rZW4gaXMgb3B0aW9uYWwKICAgICAgICAgIGF0IHRoZSBkaXNjcmV0aW9uIG9mIHRo
ZSBhdXRob3JpemF0aW9uIHNlcnZlci4gSWYgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGlzc3Vl
cyBhCiAgICAgICAgICByZWZyZXNoIHRva2VuLCBpdCBpcyBpbmNsdWRlZCB3aGVuIGlzc3Vpbmcg
YW4gYWNjZXNzIHRva2VuIChpLmUuIHN0ZXAgKEQpIGluCiAgICAgICAgICA8YSBjbGFzcz0naW5m
bycgaHJlZj0nI0ZpZ3VyZS0xJz5GaWd1cmUmbmJzcDsxPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xh
c3M9J2luZm8nPkFic3RyYWN0IFByb3RvY29sIEZsb3c8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+
KS4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIEEgcmVmcmVzaCB0b2tlbiBpcyBhIHN0cmlu
ZyByZXByZXNlbnRpbmcgdGhlIGF1dGhvcml6YXRpb24gZ3JhbnRlZCB0byB0aGUgY2xpZW50IGJ5
IHRoZQogICAgICAgICAgcmVzb3VyY2Ugb3duZXIuIFRoZSBzdHJpbmcgaXMgdXN1YWxseSBvcGFx
dWUgdG8gdGhlIGNsaWVudC4gVGhlIHRva2VuIGRlbm90ZXMgYW4KICAgICAgICAgIGlkZW50aWZp
ZXIgdXNlZCB0byByZXRyaWV2ZSB0aGUgYXV0aG9yaXphdGlvbiBpbmZvcm1hdGlvbi4gVW5saWtl
IGFjY2VzcyB0b2tlbnMsIHJlZnJlc2gKICAgICAgICAgIHRva2VucyBhcmUgaW50ZW5kZWQgZm9y
IHVzZSBvbmx5IHdpdGggYXV0aG9yaXphdGlvbiBzZXJ2ZXJzIGFuZCBhcmUgbmV2ZXIgc2VudCB0
bwogICAgICAgICAgcmVzb3VyY2Ugc2VydmVycy4KICAgICAgICAKPC9wPjxiciAvPjxociBjbGFz
cz0iaW5zZXJ0IiAvPgo8YSBuYW1lPSJGaWd1cmUtMiI+PC9hPgo8ZGl2IHN0eWxlPSdkaXNwbGF5
OiB0YWJsZTsgd2lkdGg6IDA7IG1hcmdpbi1sZWZ0OiAzZW07IG1hcmdpbi1yaWdodDogYXV0byc+
PHByZT4KCiAgKy0tLS0tLS0tKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICArLS0tLS0tLS0tLS0tLS0tKwogIHwgICAgICAgIHwtLShBKS0tLS0tLS0gQXV0aG9yaXph
dGlvbiBHcmFudCAtLS0tLS0tLS0mZ3Q7fCAgICAgICAgICAgICAgIHwKICB8ICAgICAgICB8ICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgICAgICAgICAgICB8
CiAgfCAgICAgICAgfCZsdDstKEIpLS0tLS0tLS0tLS0gQWNjZXNzIFRva2VuIC0tLS0tLS0tLS0t
LS18ICAgICAgICAgICAgICAgfAogIHwgICAgICAgIHwgICAgICAgICAgICAgICAmYW1wOyBSZWZy
ZXNoIFRva2VuICAgICAgICAgICAgIHwgICAgICAgICAgICAgICB8CiAgfCAgICAgICAgfCAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8ICAgICAgICAgICAgICAgfAog
IHwgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgKy0tLS0tLS0tLS0rICAgfCAg
ICAgICAgICAgICAgIHwKICB8ICAgICAgICB8LS0oQyktLS0tIEFjY2VzcyBUb2tlbiAtLS0tJmd0
O3wgICAgICAgICAgfCAgIHwgICAgICAgICAgICAgICB8CiAgfCAgICAgICAgfCAgICAgICAgICAg
ICAgICAgICAgICAgICAgICB8ICAgICAgICAgIHwgICB8ICAgICAgICAgICAgICAgfAogIHwgICAg
ICAgIHwmbHQ7LShEKS0gUHJvdGVjdGVkIFJlc291cmNlIC0tfCBSZXNvdXJjZSB8ICAgfCBBdXRo
b3JpemF0aW9uIHwKICB8IENsaWVudCB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgIFNl
cnZlciAgfCAgIHwgICAgIFNlcnZlciAgICB8CiAgfCAgICAgICAgfC0tKEUpLS0tLSBBY2Nlc3Mg
VG9rZW4gLS0tLSZndDt8ICAgICAgICAgIHwgICB8ICAgICAgICAgICAgICAgfAogIHwgICAgICAg
IHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgICAgICAgICB8ICAgfCAgICAgICAgICAg
ICAgIHwKICB8ICAgICAgICB8Jmx0Oy0oRiktIEludmFsaWQgVG9rZW4gRXJyb3IgLXwgICAgICAg
ICAgfCAgIHwgICAgICAgICAgICAgICB8CiAgfCAgICAgICAgfCAgICAgICAgICAgICAgICAgICAg
ICAgICAgICArLS0tLS0tLS0tLSsgICB8ICAgICAgICAgICAgICAgfAogIHwgICAgICAgIHwgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgICAgICAgICAgICAgIHwK
ICB8ICAgICAgICB8LS0oRyktLS0tLS0tLS0tLSBSZWZyZXNoIFRva2VuIC0tLS0tLS0tLS0tJmd0
O3wgICAgICAgICAgICAgICB8CiAgfCAgICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICB8ICAgICAgICAgICAgICAgfAogIHwgICAgICAgIHwmbHQ7LShIKS0t
LS0tLS0tLS0tIEFjY2VzcyBUb2tlbiAtLS0tLS0tLS0tLS0tfCAgICAgICAgICAgICAgIHwKICAr
LS0tLS0tLS0rICAgICAgICAgICAmYW1wOyBPcHRpb25hbCBSZWZyZXNoIFRva2VuICAgICAgICAr
LS0tLS0tLS0tLS0tLS0tKwoKPC9wcmU+PC9kaXY+PHRhYmxlIGJvcmRlcj0iMCIgY2VsbHBhZGRp
bmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBhbGlnbj0iY2VudGVyIj48dHI+PHRkIGFsaWduPSJjZW50
ZXIiPjxmb250IGZhY2U9Im1vbmFjbywgTVMgU2FucyBTZXJpZiIgc2l6ZT0iMSI+PGI+Jm5ic3A7
RmlndXJlJm5ic3A7MjogUmVmcmVzaGluZyBhbiBFeHBpcmVkIEFjY2VzcyBUb2tlbiZuYnNwOzwv
Yj48L2ZvbnQ+PGJyIC8+PC90ZD48L3RyPjwvdGFibGU+PGhyIGNsYXNzPSJpbnNlcnQiIC8+Cgo8
cD4KICAgICAgICAgIFRoZSBmbG93IGlsbHVzdHJhdGVkIGluIDxhIGNsYXNzPSdpbmZvJyBocmVm
PScjRmlndXJlLTInPkZpZ3VyZSZuYnNwOzI8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5m
byc+UmVmcmVzaGluZyBhbiBFeHBpcmVkIEFjY2VzcyBUb2tlbjwvc3Bhbj48c3Bhbj4pPC9zcGFu
PjwvYT4gaW5jbHVkZXMgdGhlIGZvbGxvd2luZyBzdGVwczoKICAgICAgICAKPC9wPgo8cD4KICAg
ICAgICAgIDwvcD4KPGJsb2NrcXVvdGUgY2xhc3M9InRleHQiPjxkbD4KPGR0PihBKTwvZHQ+Cjxk
ZD4KICAgICAgICAgICAgICBUaGUgY2xpZW50IHJlcXVlc3RzIGFuIGFjY2VzcyB0b2tlbiBieSBh
dXRoZW50aWNhdGluZyB3aXRoIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciwKICAgICAgICAgICAg
ICBhbmQgcHJlc2VudGluZyBhbiBhdXRob3JpemF0aW9uIGdyYW50LgogICAgICAgICAgICAKPC9k
ZD4KPGR0PihCKTwvZHQ+CjxkZD4KICAgICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2
ZXIgYXV0aGVudGljYXRlcyB0aGUgY2xpZW50IGFuZCB2YWxpZGF0ZXMgdGhlIGF1dGhvcml6YXRp
b24KICAgICAgICAgICAgICBncmFudCwgYW5kIGlmIHZhbGlkIGlzc3VlcyBhbiBhY2Nlc3MgdG9r
ZW4gYW5kIGEgcmVmcmVzaCB0b2tlbi4KICAgICAgICAgICAgCjwvZGQ+CjxkdD4oQyk8L2R0Pgo8
ZGQ+CiAgICAgICAgICAgICAgVGhlIGNsaWVudCBtYWtlcyBhIHByb3RlY3RlZCByZXNvdXJjZSBy
ZXF1ZXN0IHRvIHRoZSByZXNvdXJjZSBzZXJ2ZXIgYnkgcHJlc2VudGluZwogICAgICAgICAgICAg
IHRoZSBhY2Nlc3MgdG9rZW4uCiAgICAgICAgICAgIAo8L2RkPgo8ZHQ+KEQpPC9kdD4KPGRkPgog
ICAgICAgICAgICAgIFRoZSByZXNvdXJjZSBzZXJ2ZXIgdmFsaWRhdGVzIHRoZSBhY2Nlc3MgdG9r
ZW4sIGFuZCBpZiB2YWxpZCwgc2VydmVzIHRoZSByZXF1ZXN0LgogICAgICAgICAgICAKPC9kZD4K
PGR0PihFKTwvZHQ+CjxkZD4KICAgICAgICAgICAgICBTdGVwcyAoQykgYW5kIChEKSByZXBlYXQg
dW50aWwgdGhlIGFjY2VzcyB0b2tlbiBleHBpcmVzLiBJZiB0aGUgY2xpZW50IGtub3dzIHRoZQog
ICAgICAgICAgICAgIGFjY2VzcyB0b2tlbiBleHBpcmVkLCBpdCBza2lwcyB0byBzdGVwIChHKSwg
b3RoZXJ3aXNlIGl0IG1ha2VzIGFub3RoZXIgcHJvdGVjdGVkCiAgICAgICAgICAgICAgcmVzb3Vy
Y2UgcmVxdWVzdC4KICAgICAgICAgICAgCjwvZGQ+CjxkdD4oRik8L2R0Pgo8ZGQ+CiAgICAgICAg
ICAgICAgU2luY2UgdGhlIGFjY2VzcyB0b2tlbiBpcyBpbnZhbGlkLCB0aGUgcmVzb3VyY2Ugc2Vy
dmVyIHJldHVybnMgYW4gaW52YWxpZCB0b2tlbgogICAgICAgICAgICAgIGVycm9yLgogICAgICAg
ICAgICAKPC9kZD4KPGR0PihHKTwvZHQ+CjxkZD4KICAgICAgICAgICAgICBUaGUgY2xpZW50IHJl
cXVlc3RzIGEgbmV3IGFjY2VzcyB0b2tlbiBieSBhdXRoZW50aWNhdGluZyB3aXRoIHRoZSBhdXRo
b3JpemF0aW9uCiAgICAgICAgICAgICAgc2VydmVyIGFuZCBwcmVzZW50aW5nIHRoZSByZWZyZXNo
IHRva2VuLiBUaGUgY2xpZW50IGF1dGhlbnRpY2F0aW9uIHJlcXVpcmVtZW50cyBhcmUKICAgICAg
ICAgICAgICBiYXNlZCBvbiB0aGUgY2xpZW50IHR5cGUgYW5kIG9uIHRoZSBhdXRob3JpemF0aW9u
IHNlcnZlciBwb2xpY2llcy4KICAgICAgICAgICAgCjwvZGQ+CjxkdD4oSCk8L2R0Pgo8ZGQ+CiAg
ICAgICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGF1dGhlbnRpY2F0ZXMgdGhlIGNs
aWVudCBhbmQgdmFsaWRhdGVzIHRoZSByZWZyZXNoIHRva2VuLAogICAgICAgICAgICAgIGFuZCBp
ZiB2YWxpZCBpc3N1ZXMgYSBuZXcgYWNjZXNzIHRva2VuIChhbmQgb3B0aW9uYWxseSwgYSBuZXcg
cmVmcmVzaCB0b2tlbikuCiAgICAgICAgICAgIAo8L2RkPgo8L2RsPjwvYmxvY2txdW90ZT48cD4K
ICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIFN0ZXBzIEMsIEQsIEUsIGFuZCBGIGFyZSBvdXRz
aWRlIHRoZSBzY29wZSBvZiB0aGlzIHNwZWNpZmljYXRpb24gYXMgZGVzY3JpYmVkIGluCiAgICAg
ICAgICA8YSBjbGFzcz0naW5mbycgaHJlZj0nI2FjY2Vzcy1yZXNvdXJjZSc+U2VjdGlvbiZuYnNw
Ozc8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+QWNjZXNzaW5nIFByb3RlY3RlZCBS
ZXNvdXJjZXM8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LgogICAgICAgIAo8L3A+CjxhIG5hbWU9
InRscyI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGlu
Zz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0
ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48
L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjEuNiI+PC9hPjxoMz4xLjYuJm5ic3A7
ClRMUyBWZXJzaW9uPC9oMz4KCjxwPgogICAgICAgICAgV2hlbmV2ZXIgVExTIGlzIHVzZWQgYnkg
dGhpcyBzcGVjaWZpY2F0aW9uLCB0aGUgYXBwcm9wcmlhdGUgdmVyc2lvbiAob3IgdmVyc2lvbnMp
IG9mCiAgICAgICAgICBUTFMgd2lsbCB2YXJ5IG92ZXIgdGltZSwgYmFzZWQgb24gdGhlIHdpZGVz
cHJlYWQgZGVwbG95bWVudCBhbmQga25vd24gc2VjdXJpdHkKICAgICAgICAgIHZ1bG5lcmFiaWxp
dGllcy4gQXQgdGhlIHRpbWUgb2YgdGhpcyB3cml0aW5nLCBUTFMgdmVyc2lvbiAxLjIgPGEgY2xh
c3M9J2luZm8nIGhyZWY9JyNSRkM1MjQ2Jz5bUkZDNTI0Nl08c3Bhbj4gKDwvc3Bhbj48c3BhbiBj
bGFzcz0naW5mbyc+RGllcmtzLCBULiBhbmQgRS4gUmVzY29ybGEsICZsZHF1bztUaGUgVHJhbnNw
b3J0IExheWVyIFNlY3VyaXR5IChUTFMpIFByb3RvY29sIFZlcnNpb24gMS4yLCZyZHF1bzsgQXVn
dXN0Jm5ic3A7MjAwOC48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+CiAgICAgICAgICBpcyB0aGUg
bW9zdCByZWNlbnQgdmVyc2lvbiwgYnV0IGhhcyBhIHZlcnkgbGltaXRlZCBkZXBsb3ltZW50IGJh
c2UgYW5kIG1pZ2h0IG5vdCBiZQogICAgICAgICAgcmVhZGlseSBhdmFpbGFibGUgZm9yIGltcGxl
bWVudGF0aW9uLiBUTFMgdmVyc2lvbiAxLjAgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNSRkMyMjQ2
Jz5bUkZDMjI0Nl08c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+RGllcmtzLCBULiBh
bmQgQy4gQWxsZW4sICZsZHF1bztUaGUgVExTIFByb3RvY29sIFZlcnNpb24gMS4wLCZyZHF1bzsg
SmFudWFyeSZuYnNwOzE5OTkuPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPiBpcyB0aGUKICAgICAg
ICAgIG1vc3Qgd2lkZWx5IGRlcGxveWVkIHZlcnNpb24sIGFuZCB3aWxsIHByb3ZpZGUgdGhlIGJy
b2FkZXN0IGludGVyb3BlcmFiaWxpdHkuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBJbXBs
ZW1lbnRhdGlvbnMgTUFZIGFsc28gc3VwcG9ydCBhZGRpdGlvbmFsIHRyYW5zcG9ydC1sYXllciBz
ZWN1cml0eSBtZWNoYW5pc21zCiAgICAgICAgICB0aGF0IG1lZXQgdGhlaXIgc2VjdXJpdHkgcmVx
dWlyZW1lbnRzLgogICAgICAgIAo8L3A+CjxhIG5hbWU9ImFuY2hvcjExIj48L2E+PGJyIC8+PGhy
IC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0i
MiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxh
IGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFt
ZT0icmZjLnNlY3Rpb24uMS43Ij48L2E+PGgzPjEuNy4mbmJzcDsKSFRUUCBSZWRpcmVjdGlvbnM8
L2gzPgoKPHA+CiAgICAgICAgICBUaGlzIHNwZWNpZmljYXRpb24gbWFrZXMgZXh0ZW5zaXZlIHVz
ZSBvZiBIVFRQIHJlZGlyZWN0aW9ucywgaW4gd2hpY2ggdGhlIGNsaWVudCBvciB0aGUKICAgICAg
ICAgIGF1dGhvcml6YXRpb24gc2VydmVyIGRpcmVjdCB0aGUgcmVzb3VyY2Ugb3duZXIncyB1c2Vy
LWFnZW50IHRvIGFub3RoZXIgZGVzdGluYXRpb24uIFdoaWxlCiAgICAgICAgICB0aGUgZXhhbXBs
ZXMgaW4gdGhpcyBzcGVjaWZpY2F0aW9uIHNob3cgdGhlIHVzZSBvZiB0aGUgSFRUUCAzMDIgc3Rh
dHVzIGNvZGUsIGFueSBvdGhlcgogICAgICAgICAgbWV0aG9kIGF2YWlsYWJsZSB2aWEgdGhlIHVz
ZXItYWdlbnQgdG8gYWNjb21wbGlzaCB0aGlzIHJlZGlyZWN0aW9uIGlzIGFsbG93ZWQgYW5kIGlz
CiAgICAgICAgICBjb25zaWRlcmVkIHRvIGJlIGFuIGltcGxlbWVudGF0aW9uIGRldGFpbC4KICAg
ICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3IxMiI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3Vt
bWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0Ni
dWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4m
bmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9u
LjEuOCI+PC9hPjxoMz4xLjguJm5ic3A7CkludGVyb3BlcmFiaWxpdHk8L2gzPgoKPHA+CiAgICAg
ICAgICBPQXV0aCAyLjAgcHJvdmlkZXMgYSByaWNoIGF1dGhvcml6YXRpb24gZnJhbWV3b3JrIHdp
dGggd2VsbC1kZWZpbmVkIHNlY3VyaXR5IHByb3BlcnRpZXMuCiAgICAgICAgICBIb3dldmVyLCBh
cyBhIHJpY2ggYW5kIGhpZ2hseSBleHRlbnNpYmxlIGZyYW1ld29yayB3aXRoIG1hbnkgb3B0aW9u
YWwgY29tcG9uZW50cywgb24gaXRzCiAgICAgICAgICBvd24sIHRoaXMgc3BlY2lmaWNhdGlvbiBp
cyBsaWtlbHkgdG8gcHJvZHVjZSBhIHdpZGUgcmFuZ2Ugb2Ygbm9uLWludGVyb3BlcmFibGUKICAg
ICAgICAgIGltcGxlbWVudGF0aW9ucy4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIEluIGFk
ZGl0aW9uLCB0aGlzIHNwZWNpZmljYXRpb24gbGVhdmVzIGEgZmV3IHJlcXVpcmVkIGNvbXBvbmVu
dHMgcGFydGlhbGx5IG9yIGZ1bGx5CiAgICAgICAgICB1bmRlZmluZWQgKGUuZy4gY2xpZW50IHJl
Z2lzdHJhdGlvbiwgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgY2FwYWJpbGl0aWVzLCBlbmRwb2ludAog
ICAgICAgICAgZGlzY292ZXJ5KS4gV2l0aG91dCB0aGVzZSBjb21wb25lbnRzLCBjbGllbnRzIG11
c3QgYmUgbWFudWFsbHkgYW5kIHNwZWNpZmljYWxseQogICAgICAgICAgY29uZmlndXJlZCBhZ2Fp
bnN0IGEgc3BlY2lmaWMgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYW5kIHJlc291cmNlIHNlcnZlciBp
biBvcmRlciB0bwogICAgICAgICAgaW50ZXJvcGVyYXRlLgogICAgICAgIAo8L3A+CjxwPgogICAg
ICAgICAgVGhpcyBmcmFtZXdvcmsgd2FzIGRlc2lnbmVkIHdpdGggdGhlIGNsZWFyIGV4cGVjdGF0
aW9uIHRoYXQgZnV0dXJlIHdvcmsgd2lsbCBkZWZpbmUKICAgICAgICAgIHByZXNjcmlwdGl2ZSBw
cm9maWxlcyBhbmQgZXh0ZW5zaW9ucyBuZWNlc3NhcnkgdG8gYWNoaWV2ZSBmdWxsIHdlYi1zY2Fs
ZQogICAgICAgICAgaW50ZXJvcGVyYWJpbGl0eS4KICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNo
b3IxMyI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGlu
Zz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0
ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48
L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjEuOSI+PC9hPjxoMz4xLjkuJm5ic3A7
Ck5vdGF0aW9uYWwgQ29udmVudGlvbnM8L2gzPgoKPHA+CiAgICAgICAgICBUaGUga2V5IHdvcmRz
ICJNVVNUIiwgIk1VU1QgTk9UIiwgIlJFUVVJUkVEIiwgIlNIQUxMIiwgIlNIQUxMIE5PVCIsICJT
SE9VTEQiLCAiU0hPVUxECiAgICAgICAgICBOT1QiLCAiUkVDT01NRU5ERUQiLCAiTUFZIiwgYW5k
ICJPUFRJT05BTCIgaW4gdGhpcyBzcGVjaWZpY2F0aW9uIGFyZSB0byBiZSBpbnRlcnByZXRlZCBh
cwogICAgICAgICAgZGVzY3JpYmVkIGluIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjUkZDMjExOSc+
W1JGQzIxMTldPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkJyYWRuZXIsIFMuLCAm
bGRxdW87S2V5IHdvcmRzIGZvciB1c2UgaW4gUkZDcyB0byBJbmRpY2F0ZSBSZXF1aXJlbWVudCBM
ZXZlbHMsJnJkcXVvOyBNYXJjaCZuYnNwOzE5OTcuPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4K
ICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIFRoaXMgc3BlY2lmaWNhdGlvbiB1c2VzIHRoZSBB
dWdtZW50ZWQgQmFja3VzLU5hdXIgRm9ybSAoQUJORikgbm90YXRpb24gb2YKICAgICAgICAgIDxh
IGNsYXNzPSdpbmZvJyBocmVmPScjUkZDNTIzNCc+W1JGQzUyMzRdPHNwYW4+ICg8L3NwYW4+PHNw
YW4gY2xhc3M9J2luZm8nPkNyb2NrZXIsIEQuIGFuZCBQLiBPdmVyZWxsLCAmbGRxdW87QXVnbWVu
dGVkIEJORiBmb3IgU3ludGF4IFNwZWNpZmljYXRpb25zOiBBQk5GLCZyZHF1bzsgSmFudWFyeSZu
YnNwOzIwMDguPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4KCSAgQWRkaXRpb25hbGx5LCB0aGUg
cnVsZSBVUkktUmVmZXJlbmNlIGlzIGluY2x1ZGVkIGZyb20KCSAgVW5pZm9ybSBSZXNvdXJjZSBJ
ZGVudGlmaWVyIChVUkkpIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjUkZDMzk4Nic+W1JGQzM5ODZd
PHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkJlcm5lcnMtTGVlLCBULiwgRmllbGRp
bmcsIFIuLCBhbmQgTC4gTWFzaW50ZXIsICZsZHF1bztVbmlmb3JtIFJlc291cmNlIElkZW50aWZp
ZXIgKFVSSSk6IEdlbmVyaWMgU3ludGF4LCZyZHF1bzsgSmFudWFyeSZuYnNwOzIwMDUuPC9zcGFu
PjxzcGFuPik8L3NwYW4+PC9hPi4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIENlcnRhaW4g
c2VjdXJpdHktcmVsYXRlZCB0ZXJtcyBhcmUgdG8gYmUgdW5kZXJzdG9vZCBpbiB0aGUgc2Vuc2Ug
ZGVmaW5lZCBpbgogICAgICAgICAgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNSRkM0OTQ5Jz5bUkZD
NDk0OV08c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+U2hpcmV5LCBSLiwgJmxkcXVv
O0ludGVybmV0IFNlY3VyaXR5IEdsb3NzYXJ5LCBWZXJzaW9uIDIsJnJkcXVvOyBBdWd1c3QmbmJz
cDsyMDA3Ljwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4uIFRoZXNlIHRlcm1zIGluY2x1ZGUsIGJ1
dCBhcmUgbm90IGxpbWl0ZWQgdG8sICJhdHRhY2siLAogICAgICAgICAgImF1dGhlbnRpY2F0aW9u
IiwgImF1dGhvcml6YXRpb24iLCAiY2VydGlmaWNhdGUiLCAiY29uZmlkZW50aWFsaXR5IiwgImNy
ZWRlbnRpYWwiLAogICAgICAgICAgImVuY3J5cHRpb24iLCAiaWRlbnRpdHkiLCAic2lnbiIsICJz
aWduYXR1cmUiLCAidHJ1c3QiLCAidmFsaWRhdGUiLCBhbmQgInZlcmlmeSIuCiAgICAgICAgCjwv
cD4KPHA+CiAgICAgICAgICBVbmxlc3Mgb3RoZXJ3aXNlIG5vdGVkLCBhbGwgdGhlIHByb3RvY29s
IHBhcmFtZXRlciBuYW1lcyBhbmQgdmFsdWVzIGFyZSBjYXNlIHNlbnNpdGl2ZS4KICAgICAgICAK
PC9wPgo8YSBuYW1lPSJhbmNob3IxNCI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0i
bGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFs
aWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtU
T0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjIiPjwv
YT48aDM+Mi4mbmJzcDsKQ2xpZW50IFJlZ2lzdHJhdGlvbjwvaDM+Cgo8cD4KICAgICAgICBCZWZv
cmUgaW5pdGlhdGluZyB0aGUgcHJvdG9jb2wsIHRoZSBjbGllbnQgcmVnaXN0ZXJzIHdpdGggdGhl
IGF1dGhvcml6YXRpb24gc2VydmVyLiBUaGUKICAgICAgICBtZWFucyB0aHJvdWdoIHdoaWNoIHRo
ZSBjbGllbnQgcmVnaXN0ZXJzIHdpdGggdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGFyZSBiZXlv
bmQgdGhlCiAgICAgICAgc2NvcGUgb2YgdGhpcyBzcGVjaWZpY2F0aW9uLCBidXQgdHlwaWNhbGx5
IGludm9sdmUgZW5kLXVzZXIgaW50ZXJhY3Rpb24gd2l0aCBhbiBIVE1MCiAgICAgICAgcmVnaXN0
cmF0aW9uIGZvcm0uCiAgICAgIAo8L3A+CjxwPgogICAgICAgIENsaWVudCByZWdpc3RyYXRpb24g
ZG9lcyBub3QgcmVxdWlyZSBhIGRpcmVjdCBpbnRlcmFjdGlvbiBiZXR3ZWVuIHRoZSBjbGllbnQg
YW5kIHRoZQogICAgICAgIGF1dGhvcml6YXRpb24gc2VydmVyLiBXaGVuIHN1cHBvcnRlZCBieSB0
aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIsIHJlZ2lzdHJhdGlvbiBjYW4gcmVseQogICAgICAgIG9u
IG90aGVyIG1lYW5zIGZvciBlc3RhYmxpc2hpbmcgdHJ1c3QgYW5kIG9idGFpbmluZyB0aGUgcmVx
dWlyZWQgY2xpZW50IHByb3BlcnRpZXMgKGUuZy4KICAgICAgICByZWRpcmVjdGlvbiBVUkksIGNs
aWVudCB0eXBlKS4gRm9yIGV4YW1wbGUsIHJlZ2lzdHJhdGlvbiBjYW4gYmUgYWNjb21wbGlzaGVk
IHVzaW5nIGEKICAgICAgICBzZWxmLWlzc3VlZCBvciB0aGlyZC1wYXJ0eS1pc3N1ZWQgYXNzZXJ0
aW9uLCBvciBieSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgcGVyZm9ybWluZwogICAgICAgIGNs
aWVudCBkaXNjb3ZlcnkgdXNpbmcgYSB0cnVzdGVkIGNoYW5uZWwuCiAgICAgIAo8L3A+CjxwPgog
ICAgICAgIFdoZW4gcmVnaXN0ZXJpbmcgYSBjbGllbnQsIHRoZSBjbGllbnQgZGV2ZWxvcGVyIFNI
QUxMOgogICAgICAKPC9wPgo8cD4KICAgICAgICA8L3A+Cjx1bCBjbGFzcz0idGV4dCI+CjxsaT4K
ICAgICAgICAgICAgc3BlY2lmaWVzIHRoZSBjbGllbnQgdHlwZSBhcyBkZXNjcmliZWQgaW4gPGEg
Y2xhc3M9J2luZm8nIGhyZWY9JyNjbGllbnQtdHlwZXMnPlNlY3Rpb24mbmJzcDsyLjE8c3Bhbj4g
KDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+Q2xpZW50IFR5cGVzPC9zcGFuPjxzcGFuPik8L3Nw
YW4+PC9hPiwKICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgIHByb3ZpZGVzIGl0cyBj
bGllbnQgcmVkaXJlY3Rpb24gVVJJcyBhcyBkZXNjcmliZWQgaW4KICAgICAgICAgICAgPGEgY2xh
c3M9J2luZm8nIGhyZWY9JyNyZWRpcmVjdC11cmknPlNlY3Rpb24mbmJzcDszLjEuMjxzcGFuPiAo
PC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5SZWRpcmVjdGlvbiBFbmRwb2ludDwvc3Bhbj48c3Bh
bj4pPC9zcGFuPjwvYT4sIGFuZAogICAgICAgICAgCjwvbGk+CjxsaT4KICAgICAgICAgICAgaW5j
bHVkZXMgYW55IG90aGVyIGluZm9ybWF0aW9uIHJlcXVpcmVkIGJ5IHRoZSBhdXRob3JpemF0aW9u
IHNlcnZlciAoZS5nLiBhcHBsaWNhdGlvbgogICAgICAgICAgICBuYW1lLCB3ZWJzaXRlLCBkZXNj
cmlwdGlvbiwgbG9nbyBpbWFnZSwgdGhlIGFjY2VwdGFuY2Ugb2YgbGVnYWwgdGVybXMpLgogICAg
ICAgICAgCjwvbGk+CjwvdWw+PHA+CiAgICAgIAo8L3A+CjxhIG5hbWU9ImNsaWVudC10eXBlcyI+
PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIg
Y2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFz
cz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwv
dGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjIuMSI+PC9hPjxoMz4yLjEuJm5ic3A7CkNsaWVu
dCBUeXBlczwvaDM+Cgo8cD4KICAgICAgICAgIE9BdXRoIGRlZmluZXMgdHdvIGNsaWVudCB0eXBl
cywgYmFzZWQgb24gdGhlaXIgYWJpbGl0eSB0byBhdXRoZW50aWNhdGUgc2VjdXJlbHkgd2l0aCB0
aGUKICAgICAgICAgIGF1dGhvcml6YXRpb24gc2VydmVyIChpLmUuIGFiaWxpdHkgdG8gbWFpbnRh
aW4gdGhlIGNvbmZpZGVudGlhbGl0eSBvZiB0aGVpciBjbGllbnQKICAgICAgICAgIGNyZWRlbnRp
YWxzKToKICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIDwvcD4KPGJsb2NrcXVvdGUgY2xhc3M9
InRleHQiPjxkbD4KPGR0PmNvbmZpZGVudGlhbDwvZHQ+CjxkZD4KICAgICAgICAgICAgICAKICAg
ICAgICAgICAgICBDbGllbnRzIGNhcGFibGUgb2YgbWFpbnRhaW5pbmcgdGhlIGNvbmZpZGVudGlh
bGl0eSBvZiB0aGVpciBjcmVkZW50aWFscyAoZS5nLgogICAgICAgICAgICAgIGNsaWVudCBpbXBs
ZW1lbnRlZCBvbiBhIHNlY3VyZSBzZXJ2ZXIgd2l0aCByZXN0cmljdGVkIGFjY2VzcyB0byB0aGUg
Y2xpZW50CiAgICAgICAgICAgICAgY3JlZGVudGlhbHMpLCBvciBjYXBhYmxlIG9mIHNlY3VyZSBj
bGllbnQgYXV0aGVudGljYXRpb24gdXNpbmcgb3RoZXIgbWVhbnMuCiAgICAgICAgICAgIAo8L2Rk
Pgo8ZHQ+cHVibGljPC9kdD4KPGRkPgogICAgICAgICAgICAgIAogICAgICAgICAgICAgIENsaWVu
dHMgaW5jYXBhYmxlIG9mIG1haW50YWluaW5nIHRoZSBjb25maWRlbnRpYWxpdHkgb2YgdGhlaXIg
Y3JlZGVudGlhbHMgKGUuZy4KICAgICAgICAgICAgICBjbGllbnRzIGV4ZWN1dGluZyBvbiB0aGUg
ZGV2aWNlIHVzZWQgYnkgdGhlIHJlc291cmNlIG93bmVyIHN1Y2ggYXMgYW4gaW5zdGFsbGVkCiAg
ICAgICAgICAgICAgbmF0aXZlIGFwcGxpY2F0aW9uIG9yIGEgd2ViIGJyb3dzZXItYmFzZWQgYXBw
bGljYXRpb24pLCBhbmQgaW5jYXBhYmxlIG9mIHNlY3VyZQogICAgICAgICAgICAgIGNsaWVudCBh
dXRoZW50aWNhdGlvbiB2aWEgYW55IG90aGVyIG1lYW5zLgogICAgICAgICAgICAKPC9kZD4KPC9k
bD48L2Jsb2NrcXVvdGU+PHA+CiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBUaGUgY2xpZW50
IHR5cGUgZGVzaWduYXRpb24gaXMgYmFzZWQgb24gdGhlIGF1dGhvcml6YXRpb24gc2VydmVyJ3Mg
ZGVmaW5pdGlvbiBvZiBzZWN1cmUKICAgICAgICAgIGF1dGhlbnRpY2F0aW9uIGFuZCBpdHMgYWNj
ZXB0YWJsZSBleHBvc3VyZSBsZXZlbHMgb2YgY2xpZW50IGNyZWRlbnRpYWxzLiBUaGUKICAgICAg
ICAgIGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCBOT1QgbWFrZSBhc3N1bXB0aW9ucyBhYm91
dCB0aGUgY2xpZW50IHR5cGUuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBBIGNsaWVudCBt
YXkgYmUgaW1wbGVtZW50ZWQgYXMgYSBkaXN0cmlidXRlZCBzZXQgb2YgY29tcG9uZW50cywgZWFj
aCB3aXRoIGEgZGlmZmVyZW50CiAgICAgICAgICBjbGllbnQgdHlwZSBhbmQgc2VjdXJpdHkgY29u
dGV4dCAoZS5nLiBhIGRpc3RyaWJ1dGVkIGNsaWVudCB3aXRoIGJvdGggYSBjb25maWRlbnRpYWwK
ICAgICAgICAgIHNlcnZlci1iYXNlZCBjb21wb25lbnQgYW5kIGEgcHVibGljIGJyb3dzZXItYmFz
ZWQgY29tcG9uZW50KS4gSWYgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyCiAgICAgICAgICBkb2Vz
IG5vdCBwcm92aWRlIHN1cHBvcnQgZm9yIHN1Y2ggY2xpZW50cywgb3IgZG9lcyBub3QgcHJvdmlk
ZSBndWlkYW5jZSB3aXRoIHJlZ2FyZCB0bwogICAgICAgICAgdGhlaXIgcmVnaXN0cmF0aW9uLCB0
aGUgY2xpZW50IFNIT1VMRCByZWdpc3RlciBlYWNoIGNvbXBvbmVudCBhcyBhIHNlcGFyYXRlIGNs
aWVudC4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIFRoaXMgc3BlY2lmaWNhdGlvbiBoYXMg
YmVlbiBkZXNpZ25lZCBhcm91bmQgdGhlIGZvbGxvd2luZyBjbGllbnQgcHJvZmlsZXM6CiAgICAg
ICAgCjwvcD4KPHA+CiAgICAgICAgICA8L3A+CjxibG9ja3F1b3RlIGNsYXNzPSJ0ZXh0Ij48ZGw+
CjxkdD53ZWIgYXBwbGljYXRpb248L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgCiAgICAgICAgICAg
ICAgQSB3ZWIgYXBwbGljYXRpb24gaXMgYSBjb25maWRlbnRpYWwgY2xpZW50IHJ1bm5pbmcgb24g
YSB3ZWIgc2VydmVyLiBSZXNvdXJjZSBvd25lcnMKICAgICAgICAgICAgICBhY2Nlc3MgdGhlIGNs
aWVudCB2aWEgYW4gSFRNTCB1c2VyIGludGVyZmFjZSByZW5kZXJlZCBpbiBhIHVzZXItYWdlbnQg
b24gdGhlIGRldmljZQogICAgICAgICAgICAgIHVzZWQgYnkgdGhlIHJlc291cmNlIG93bmVyLiBU
aGUgY2xpZW50IGNyZWRlbnRpYWxzIGFzIHdlbGwgYXMgYW55IGFjY2VzcyB0b2tlbiBpc3N1ZWQK
ICAgICAgICAgICAgICB0byB0aGUgY2xpZW50IGFyZSBzdG9yZWQgb24gdGhlIHdlYiBzZXJ2ZXIg
YW5kIGFyZSBub3QgZXhwb3NlZCB0byBvciBhY2Nlc3NpYmxlIGJ5CiAgICAgICAgICAgICAgdGhl
IHJlc291cmNlIG93bmVyLgogICAgICAgICAgICAKPC9kZD4KPGR0PnVzZXItYWdlbnQtYmFzZWQg
YXBwbGljYXRpb248L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgQSB1c2Vy
LWFnZW50LWJhc2VkIGFwcGxpY2F0aW9uIGlzIGEgcHVibGljIGNsaWVudCBpbiB3aGljaCB0aGUg
Y2xpZW50IGNvZGUgaXMKICAgICAgICAgICAgICBkb3dubG9hZGVkIGZyb20gYSB3ZWIgc2VydmVy
IGFuZCBleGVjdXRlcyB3aXRoaW4gYSB1c2VyLWFnZW50IChlLmcuIHdlYiBicm93c2VyKSBvbgog
ICAgICAgICAgICAgIHRoZSBkZXZpY2UgdXNlZCBieSB0aGUgcmVzb3VyY2Ugb3duZXIuIFByb3Rv
Y29sIGRhdGEgYW5kIGNyZWRlbnRpYWxzIGFyZSBlYXNpbHkKICAgICAgICAgICAgICBhY2Nlc3Np
YmxlIChhbmQgb2Z0ZW4gdmlzaWJsZSkgdG8gdGhlIHJlc291cmNlIG93bmVyLiBTaW5jZSBzdWNo
IGFwcGxpY2F0aW9ucyByZXNpZGUKICAgICAgICAgICAgICB3aXRoaW4gdGhlIHVzZXItYWdlbnQs
IHRoZXkgY2FuIG1ha2Ugc2VhbWxlc3MgdXNlIG9mIHRoZSB1c2VyLWFnZW50IGNhcGFiaWxpdGll
cyB3aGVuCiAgICAgICAgICAgICAgcmVxdWVzdGluZyBhdXRob3JpemF0aW9uLgogICAgICAgICAg
ICAKPC9kZD4KPGR0Pm5hdGl2ZSBhcHBsaWNhdGlvbjwvZHQ+CjxkZD4KICAgICAgICAgICAgICAK
ICAgICAgICAgICAgICBBIG5hdGl2ZSBhcHBsaWNhdGlvbiBpcyBhIHB1YmxpYyBjbGllbnQgaW5z
dGFsbGVkIGFuZCBleGVjdXRlZCBvbiB0aGUgZGV2aWNlIHVzZWQgYnkKICAgICAgICAgICAgICB0
aGUgcmVzb3VyY2Ugb3duZXIuIFByb3RvY29sIGRhdGEgYW5kIGNyZWRlbnRpYWxzIGFyZSBhY2Nl
c3NpYmxlIHRvIHRoZSByZXNvdXJjZQogICAgICAgICAgICAgIG93bmVyLiBJdCBpcyBhc3N1bWVk
IHRoYXQgYW55IGNsaWVudCBhdXRoZW50aWNhdGlvbiBjcmVkZW50aWFscyBpbmNsdWRlZCBpbiB0
aGUKICAgICAgICAgICAgICBhcHBsaWNhdGlvbiBjYW4gYmUgZXh0cmFjdGVkLiBPbiB0aGUgb3Ro
ZXIgaGFuZCwgZHluYW1pY2FsbHkgaXNzdWVkIGNyZWRlbnRpYWxzIHN1Y2gKICAgICAgICAgICAg
ICBhcyBhY2Nlc3MgdG9rZW5zIG9yIHJlZnJlc2ggdG9rZW5zIGNhbiByZWNlaXZlIGFuIGFjY2Vw
dGFibGUgbGV2ZWwgb2YgcHJvdGVjdGlvbi4gQXQgYQogICAgICAgICAgICAgIG1pbmltdW0sIHRo
ZXNlIGNyZWRlbnRpYWxzIGFyZSBwcm90ZWN0ZWQgZnJvbSBob3N0aWxlIHNlcnZlcnMgd2l0aCB3
aGljaCB0aGUKICAgICAgICAgICAgICBhcHBsaWNhdGlvbiBtYXkgaW50ZXJhY3Qgd2l0aC4gT24g
c29tZSBwbGF0Zm9ybXMgdGhlc2UgY3JlZGVudGlhbHMgbWlnaHQgYmUgcHJvdGVjdGVkCiAgICAg
ICAgICAgICAgZnJvbSBvdGhlciBhcHBsaWNhdGlvbnMgcmVzaWRpbmcgb24gdGhlIHNhbWUgZGV2
aWNlLgogICAgICAgICAgICAKPC9kZD4KPC9kbD48L2Jsb2NrcXVvdGU+PHA+CiAgICAgICAgCjwv
cD4KPGEgbmFtZT0iY2xpZW50LWlkZW50aWZpZXIiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1
bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9D
YnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+
Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlv
bi4yLjIiPjwvYT48aDM+Mi4yLiZuYnNwOwpDbGllbnQgSWRlbnRpZmllcjwvaDM+Cgo8cD4KICAg
ICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBpc3N1ZXMgdGhlIHJlZ2lzdGVyZWQgY2xp
ZW50IGEgY2xpZW50IGlkZW50aWZpZXIgLSBhIHVuaXF1ZQogICAgICAgICAgc3RyaW5nIHJlcHJl
c2VudGluZyB0aGUgcmVnaXN0cmF0aW9uIGluZm9ybWF0aW9uIHByb3ZpZGVkIGJ5IHRoZSBjbGll
bnQuIFRoZSBjbGllbnQKICAgICAgICAgIGlkZW50aWZpZXIgaXMgbm90IGEgc2VjcmV0LCBpdCBp
cyBleHBvc2VkIHRvIHRoZSByZXNvdXJjZSBvd25lciwgYW5kIE1VU1QgTk9UIGJlIHVzZWQKICAg
ICAgICAgIGFsb25lIGZvciBjbGllbnQgYXV0aGVudGljYXRpb24uIFRoZSBjbGllbnQgaWRlbnRp
ZmllciBpcyB1bmlxdWUgdG8gdGhlIGF1dGhvcml6YXRpb24KICAgICAgICAgIHNlcnZlci4KICAg
ICAgICAKPC9wPgo8cD4KICAgICAgICAgIFRoZSBjbGllbnQgaWRlbnRpZmllciBzdHJpbmcgc2l6
ZSBpcyBsZWZ0IHVuZGVmaW5lZCBieSB0aGlzIHNwZWNpZmljYXRpb24uIFRoZSBjbGllbnQKICAg
ICAgICAgIHNob3VsZCBhdm9pZCBtYWtpbmcgYXNzdW1wdGlvbnMgYWJvdXQgdGhlIGlkZW50aWZp
ZXIgc2l6ZS4gIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlcgogICAgICAgICAgU0hPVUxEIGRvY3Vt
ZW50IHRoZSBzaXplIG9mIGFueSBpZGVudGlmaWVyIGl0IGlzc3Vlcy4KICAgICAgICAKPC9wPgo8
YSBuYW1lPSJjbGllbnQtYXV0aGVudGljYXRpb24iPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1
bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9D
YnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+
Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlv
bi4yLjMiPjwvYT48aDM+Mi4zLiZuYnNwOwpDbGllbnQgQXV0aGVudGljYXRpb248L2gzPgoKPHA+
CiAgICAgICAgICBJZiB0aGUgY2xpZW50IHR5cGUgaXMgY29uZmlkZW50aWFsLCB0aGUgY2xpZW50
IGFuZCBhdXRob3JpemF0aW9uIHNlcnZlciBlc3RhYmxpc2ggYSBjbGllbnQKICAgICAgICAgIGF1
dGhlbnRpY2F0aW9uIG1ldGhvZCBzdWl0YWJsZSBmb3IgdGhlIHNlY3VyaXR5IHJlcXVpcmVtZW50
cyBvZiB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuCiAgICAgICAgICBUaGUgYXV0aG9yaXphdGlv
biBzZXJ2ZXIgTUFZIGFjY2VwdCBhbnkgZm9ybSBvZiBjbGllbnQgYXV0aGVudGljYXRpb24gbWVl
dGluZyBpdHMKICAgICAgICAgIHNlY3VyaXR5IHJlcXVpcmVtZW50cy4KICAgICAgICAKPC9wPgo8
cD4KICAgICAgICAgIENvbmZpZGVudGlhbCBjbGllbnRzIGFyZSB0eXBpY2FsbHkgaXNzdWVkIChv
ciBlc3RhYmxpc2gpIGEgc2V0IG9mIGNsaWVudCBjcmVkZW50aWFscyB1c2VkIGZvcgogICAgICAg
ICAgYXV0aGVudGljYXRpbmcgd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgKGUuZy4gcGFz
c3dvcmQsIHB1YmxpYy9wcml2YXRlIGtleSBwYWlyKS4KICAgICAgICAKPC9wPgo8cD4KICAgICAg
ICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNQVkgZXN0YWJsaXNoIGEgY2xpZW50IGF1dGhl
bnRpY2F0aW9uIG1ldGhvZCB3aXRoIHB1YmxpYyBjbGllbnRzLgogICAgICAgICAgSG93ZXZlciwg
dGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgTk9UIHJlbHkgb24gcHVibGljIGNsaWVudCBh
dXRoZW50aWNhdGlvbiBmb3IgdGhlCiAgICAgICAgICBwdXJwb3NlIG9mIGlkZW50aWZ5aW5nIHRo
ZSBjbGllbnQuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBUaGUgY2xpZW50IE1VU1QgTk9U
IHVzZSBtb3JlIHRoYW4gb25lIGF1dGhlbnRpY2F0aW9uIG1ldGhvZCBpbiBlYWNoIHJlcXVlc3Qu
CiAgICAgICAgCjwvcD4KPGEgbmFtZT0iYW5jaG9yMTUiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxl
IHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0i
VE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3Rv
YyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2Vj
dGlvbi4yLjMuMSI+PC9hPjxoMz4yLjMuMS4mbmJzcDsKQ2xpZW50IFBhc3N3b3JkPC9oMz4KCjxw
PgogICAgICAgICAgICBDbGllbnRzIGluIHBvc3Nlc3Npb24gb2YgYSBjbGllbnQgcGFzc3dvcmQg
TUFZIHVzZSB0aGUgSFRUUCBCYXNpYyBhdXRoZW50aWNhdGlvbiBzY2hlbWUKICAgICAgICAgICAg
YXMgZGVmaW5lZCBpbiA8YSBjbGFzcz0naW5mbycgaHJlZj0nI1JGQzI2MTcnPltSRkMyNjE3XTxz
cGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5GcmFua3MsIEouLCBIYWxsYW0tQmFrZXIs
IFAuLCBIb3N0ZXRsZXIsIEouLCBMYXdyZW5jZSwgUy4sIExlYWNoLCBQLiwgTHVvdG9uZW4sIEEu
LCBhbmQgTC4gU3Rld2FydCwgJmxkcXVvO0hUVFAgQXV0aGVudGljYXRpb246IEJhc2ljIGFuZCBE
aWdlc3QgQWNjZXNzIEF1dGhlbnRpY2F0aW9uLCZyZHF1bzsgSnVuZSZuYnNwOzE5OTkuPC9zcGFu
PjxzcGFuPik8L3NwYW4+PC9hPiB0byBhdXRoZW50aWNhdGUgd2l0aCB0aGUgYXV0aG9yaXphdGlv
biBzZXJ2ZXIuCiAgICAgICAgICAgIFRoZSBjbGllbnQgaWRlbnRpZmllciBpcyB1c2VkIGFzIHRo
ZSB1c2VybmFtZSwgYW5kIHRoZSBjbGllbnQgcGFzc3dvcmQgaXMgdXNlZCBhcyB0aGUKICAgICAg
ICAgICAgcGFzc3dvcmQuIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIHN1cHBvcnQgdGhl
IEhUVFAgQmFzaWMgYXV0aGVudGljYXRpb24gc2NoZW1lCiAgICAgICAgICAgIGZvciBhdXRoZW50
aWNhdGluZyBjbGllbnRzIHdoaWNoIHdlcmUgaXNzdWVkIGEgY2xpZW50IHBhc3N3b3JkLgogICAg
ICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgICAgRm9yIGV4YW1wbGUgKGV4dHJhIGxpbmUgYnJl
YWtzIGFyZSBmb3IgZGlzcGxheSBwdXJwb3NlcyBvbmx5KToKICAgICAgICAgICAgCjwvcD48ZGl2
IHN0eWxlPSdkaXNwbGF5OiB0YWJsZTsgd2lkdGg6IDA7IG1hcmdpbi1sZWZ0OiAzZW07IG1hcmdp
bi1yaWdodDogYXV0byc+PHByZT4KCiAgQXV0aG9yaXphdGlvbjogQmFzaWMgY3paQ2FHUlNhM0Yw
TXpvM1JtcG1jREJhUW5JeFMzUkVVbUp1Wmxaa2JVbDMKCjwvcHJlPjwvZGl2Pgo8cD4KICAgICAg
ICAgICAgQWx0ZXJuYXRpdmVseSwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1BWSBzdXBwb3J0
IGluY2x1ZGluZyB0aGUgY2xpZW50IGNyZWRlbnRpYWxzIGluCiAgICAgICAgICAgIHRoZSByZXF1
ZXN0IGJvZHkgdXNpbmcgdGhlIGZvbGxvd2luZyBwYXJhbWV0ZXJzOgogICAgICAgICAgCjwvcD4K
PHA+CiAgICAgICAgICAgIDwvcD4KPGJsb2NrcXVvdGUgY2xhc3M9InRleHQiPjxkbD4KPGR0PmNs
aWVudF9pZDwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgUkVRVUlS
RUQuIFRoZSBjbGllbnQgaWRlbnRpZmllciBpc3N1ZWQgdG8gdGhlIGNsaWVudCBkdXJpbmcgdGhl
IHJlZ2lzdHJhdGlvbiBwcm9jZXNzCiAgICAgICAgICAgICAgICBkZXNjcmliZWQgYnkgPGEgY2xh
c3M9J2luZm8nIGhyZWY9JyNjbGllbnQtaWRlbnRpZmllcic+U2VjdGlvbiZuYnNwOzIuMjxzcGFu
PiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5DbGllbnQgSWRlbnRpZmllcjwvc3Bhbj48c3Bh
bj4pPC9zcGFuPjwvYT4uCiAgICAgICAgICAgICAgCjwvZGQ+CjxkdD5jbGllbnRfc2VjcmV0PC9k
dD4KPGRkPgogICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBSRVFVSVJFRC4gVGhlIGNs
aWVudCBzZWNyZXQuIFRoZSBjbGllbnQgTUFZIG9taXQgdGhlIHBhcmFtZXRlciBpZiB0aGUgY2xp
ZW50IHNlY3JldAogICAgICAgICAgICAgICAgaXMgYW4gZW1wdHkgc3RyaW5nLgogICAgICAgICAg
ICAgIAo8L2RkPgo8L2RsPjwvYmxvY2txdW90ZT48cD4KICAgICAgICAgIAo8L3A+CjxwPgogICAg
ICAgICAgICBJbmNsdWRpbmcgdGhlIGNsaWVudCBjcmVkZW50aWFscyBpbiB0aGUgcmVxdWVzdCBi
b2R5IHVzaW5nIHRoZSB0d28gcGFyYW1ldGVycyBpcyBOT1QKICAgICAgICAgICAgUkVDT01NRU5E
RUQsIGFuZCBTSE9VTEQgYmUgbGltaXRlZCB0byBjbGllbnRzIHVuYWJsZSB0byBkaXJlY3RseSB1
dGlsaXplIHRoZSBIVFRQIEJhc2ljCiAgICAgICAgICAgIGF1dGhlbnRpY2F0aW9uIHNjaGVtZSAo
b3Igb3RoZXIgcGFzc3dvcmQtYmFzZWQgSFRUUCBhdXRoZW50aWNhdGlvbiBzY2hlbWVzKS4gVGhl
CiAgICAgICAgICAgIHBhcmFtZXRlcnMgY2FuIG9ubHkgYmUgdHJhbnNtaXR0ZWQgaW4gdGhlIHJl
cXVlc3QgYm9keSBhbmQgTVVTVCBOT1QgYmUgaW5jbHVkZWQgaW4gdGhlCiAgICAgICAgICAgIHJl
cXVlc3QgVVJJLgogICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgICAgRm9yIGV4YW1wbGUs
IHJlcXVlc3RpbmcgdG8gcmVmcmVzaCBhbiBhY2Nlc3MgdG9rZW4gKDxhIGNsYXNzPSdpbmZvJyBo
cmVmPScjdG9rZW4tcmVmcmVzaCc+U2VjdGlvbiZuYnNwOzY8c3Bhbj4gKDwvc3Bhbj48c3BhbiBj
bGFzcz0naW5mbyc+UmVmcmVzaGluZyBhbiBBY2Nlc3MgVG9rZW48L3NwYW4+PHNwYW4+KTwvc3Bh
bj48L2E+KQogICAgICAgICAgICAgIHVzaW5nIHRoZSBib2R5IHBhcmFtZXRlcnMgKGV4dHJhIGxp
bmUgYnJlYWtzIGFyZSBmb3IgZGlzcGxheSBwdXJwb3NlcyBvbmx5KToKICAgICAgICAgICAgCjwv
cD48ZGl2IHN0eWxlPSdkaXNwbGF5OiB0YWJsZTsgd2lkdGg6IDA7IG1hcmdpbi1sZWZ0OiAzZW07
IG1hcmdpbi1yaWdodDogYXV0byc+PHByZT4KCiAgUE9TVCAvdG9rZW4gSFRUUC8xLjEKICBIb3N0
OiBzZXJ2ZXIuZXhhbXBsZS5jb20KICBDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZv
cm0tdXJsZW5jb2RlZDtjaGFyc2V0PVVURi04CgogIGdyYW50X3R5cGU9cmVmcmVzaF90b2tlbiZh
bXA7cmVmcmVzaF90b2tlbj10R3p2M0pPa0YwWEc1UXgyVGxLV0lBCiAgJmFtcDtjbGllbnRfaWQ9
czZCaGRSa3F0MyZhbXA7Y2xpZW50X3NlY3JldD03RmpmcDBaQnIxS3REUmJuZlZkbUl3Cgo8L3By
ZT48L2Rpdj4KPHA+CiAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIHJl
cXVpcmUgdGhlIHVzZSBvZiBUTFMgYXMgZGVzY3JpYmVkIGluCiAgICAgICAgICAgIDxhIGNsYXNz
PSdpbmZvJyBocmVmPScjdGxzJz5TZWN0aW9uJm5ic3A7MS42PHNwYW4+ICg8L3NwYW4+PHNwYW4g
Y2xhc3M9J2luZm8nPlRMUyBWZXJzaW9uPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPiB3aGVuIHNl
bmRpbmcgcmVxdWVzdHMgdXNpbmcgcGFzc3dvcmQgYXV0aGVudGljYXRpb24uCiAgICAgICAgICAK
PC9wPgo8cD4KICAgICAgICAgICAgU2luY2UgdGhpcyBjbGllbnQgYXV0aGVudGljYXRpb24gbWV0
aG9kIGludm9sdmVzIGEgcGFzc3dvcmQsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcgogICAgICAg
ICAgICBNVVNUIHByb3RlY3QgYW55IGVuZHBvaW50IHV0aWxpemluZyBpdCBhZ2FpbnN0IGJydXRl
IGZvcmNlIGF0dGFja3MuCiAgICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3IxNiI+PC9hPjxi
ciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNw
YWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9D
YnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+
CjxhIG5hbWU9InJmYy5zZWN0aW9uLjIuMy4yIj48L2E+PGgzPjIuMy4yLiZuYnNwOwpPdGhlciBB
dXRoZW50aWNhdGlvbiBNZXRob2RzPC9oMz4KCjxwPgogICAgICAgICAgICBUaGUgYXV0aG9yaXph
dGlvbiBzZXJ2ZXIgTUFZIHN1cHBvcnQgYW55IHN1aXRhYmxlIEhUVFAgYXV0aGVudGljYXRpb24g
c2NoZW1lIG1hdGNoaW5nCiAgICAgICAgICAgIGl0cyBzZWN1cml0eSByZXF1aXJlbWVudHMuIFdo
ZW4gdXNpbmcgb3RoZXIgYXV0aGVudGljYXRpb24gbWV0aG9kcywgdGhlIGF1dGhvcml6YXRpb24K
ICAgICAgICAgICAgc2VydmVyIE1VU1QgZGVmaW5lIGEgbWFwcGluZyBiZXR3ZWVuIHRoZSBjbGll
bnQgaWRlbnRpZmllciAocmVnaXN0cmF0aW9uIHJlY29yZCkgYW5kCiAgICAgICAgICAgIGF1dGhl
bnRpY2F0aW9uIHNjaGVtZS4KICAgICAgICAgIAo8L3A+CjxhIG5hbWU9ImFuY2hvcjE3Ij48L2E+
PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxs
c3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJU
T0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJs
ZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMi40Ij48L2E+PGgzPjIuNC4mbmJzcDsKVW5yZWdpc3Rl
cmVkIENsaWVudHM8L2gzPgoKPHA+CiAgICAgICAgICBUaGlzIHNwZWNpZmljYXRpb24gZG9lcyBu
b3QgZXhjbHVkZSB0aGUgdXNlIG9mIHVucmVnaXN0ZXJlZCBjbGllbnRzLiBIb3dldmVyLCB0aGUg
dXNlCiAgICAgICAgICB3aXRoIHN1Y2ggY2xpZW50cyBpcyBiZXlvbmQgdGhlIHNjb3BlIG9mIHRo
aXMgc3BlY2lmaWNhdGlvbiwgYW5kIHJlcXVpcmVzIGFkZGl0aW9uYWwKICAgICAgICAgIHNlY3Vy
aXR5IGFuYWx5c2lzIGFuZCByZXZpZXcgb2YgaXRzIGludGVyb3BlcmFiaWxpdHkgaW1wYWN0Lgog
ICAgICAgIAo8L3A+CjxhIG5hbWU9ImFuY2hvcjE4Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBz
dW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRP
Q2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2Mi
PiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rp
b24uMyI+PC9hPjxoMz4zLiZuYnNwOwpQcm90b2NvbCBFbmRwb2ludHM8L2gzPgoKPHA+CiAgICAg
ICAgVGhlIGF1dGhvcml6YXRpb24gcHJvY2VzcyB1dGlsaXplcyB0d28gYXV0aG9yaXphdGlvbiBz
ZXJ2ZXIgZW5kcG9pbnRzIChIVFRQIHJlc291cmNlcyk6CiAgICAgIAo8L3A+CjxwPgogICAgICAg
IDwvcD4KPHVsIGNsYXNzPSJ0ZXh0Ij4KPGxpPgogICAgICAgICAgICBBdXRob3JpemF0aW9uIGVu
ZHBvaW50IC0gdXNlZCBieSB0aGUgY2xpZW50IHRvIG9idGFpbiBhdXRob3JpemF0aW9uIGZyb20g
dGhlIHJlc291cmNlCiAgICAgICAgICAgIG93bmVyIHZpYSB1c2VyLWFnZW50IHJlZGlyZWN0aW9u
LgogICAgICAgICAgCjwvbGk+CjxsaT4KICAgICAgICAgICAgVG9rZW4gZW5kcG9pbnQgLSB1c2Vk
IGJ5IHRoZSBjbGllbnQgdG8gZXhjaGFuZ2UgYW4gYXV0aG9yaXphdGlvbiBncmFudCBmb3IgYW4g
YWNjZXNzCiAgICAgICAgICAgIHRva2VuLCB0eXBpY2FsbHkgd2l0aCBjbGllbnQgYXV0aGVudGlj
YXRpb24uCiAgICAgICAgICAKPC9saT4KPC91bD48cD4KICAgICAgCjwvcD4KPHA+CiAgICAgICAg
QXMgd2VsbCBhcyBvbmUgY2xpZW50IGVuZHBvaW50OgogICAgICAKPC9wPgo8cD4KICAgICAgICA8
L3A+Cjx1bCBjbGFzcz0idGV4dCI+CjxsaT4KICAgICAgICAgICAgUmVkaXJlY3Rpb24gZW5kcG9p
bnQgLSB1c2VkIGJ5IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciB0byByZXR1cm4gYXV0aG9yaXph
dGlvbgogICAgICAgICAgICBjcmVkZW50aWFscyByZXNwb25zZXMgdG8gdGhlIGNsaWVudCB2aWEg
dGhlIHJlc291cmNlIG93bmVyIHVzZXItYWdlbnQuCiAgICAgICAgICAKPC9saT4KPC91bD48cD4K
ICAgICAgCjwvcD4KPHA+CiAgICAgICAgTm90IGV2ZXJ5IGF1dGhvcml6YXRpb24gZ3JhbnQgdHlw
ZSB1dGlsaXplcyBib3RoIGVuZHBvaW50cy4gRXh0ZW5zaW9uIGdyYW50IHR5cGVzIE1BWQogICAg
ICAgIGRlZmluZSBhZGRpdGlvbmFsIGVuZHBvaW50cyBhcyBuZWVkZWQuCiAgICAgIAo8L3A+Cjxh
IG5hbWU9ImFuY2hvcjE5Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQi
IGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJp
Z2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNw
OzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMy4xIj48L2E+PGgz
PjMuMS4mbmJzcDsKQXV0aG9yaXphdGlvbiBFbmRwb2ludDwvaDM+Cgo8cD4KICAgICAgICAgIFRo
ZSBhdXRob3JpemF0aW9uIGVuZHBvaW50IGlzIHVzZWQgdG8gaW50ZXJhY3Qgd2l0aCB0aGUgcmVz
b3VyY2Ugb3duZXIgYW5kIG9idGFpbgogICAgICAgICAgYW4gYXV0aG9yaXphdGlvbiBncmFudC4g
VGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgZmlyc3QgdmVyaWZ5IHRoZSBpZGVudGl0eSBv
ZiB0aGUKICAgICAgICAgIHJlc291cmNlIG93bmVyLiBUaGUgd2F5IGluIHdoaWNoIHRoZSBhdXRo
b3JpemF0aW9uIHNlcnZlciBhdXRoZW50aWNhdGVzIHRoZSByZXNvdXJjZQogICAgICAgICAgb3du
ZXIgKGUuZy4gdXNlcm5hbWUgYW5kIHBhc3N3b3JkIGxvZ2luLCBzZXNzaW9uIGNvb2tpZXMpIGlz
IGJleW9uZCB0aGUgc2NvcGUgb2YgdGhpcwogICAgICAgICAgc3BlY2lmaWNhdGlvbi4KICAgICAg
ICAKPC9wPgo8cD4KICAgICAgICAgIFRoZSBtZWFucyB0aHJvdWdoIHdoaWNoIHRoZSBjbGllbnQg
b2J0YWlucyB0aGUgbG9jYXRpb24gb2YgdGhlIGF1dGhvcml6YXRpb24gZW5kcG9pbnQgYXJlCiAg
ICAgICAgICBiZXlvbmQgdGhlIHNjb3BlIG9mIHRoaXMgc3BlY2lmaWNhdGlvbiwgYnV0IHRoZSBs
b2NhdGlvbiBpcyB0eXBpY2FsbHkgcHJvdmlkZWQgaW4gdGhlCiAgICAgICAgICBzZXJ2aWNlIGRv
Y3VtZW50YXRpb24uCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBUaGUgZW5kcG9pbnQgVVJJ
IE1BWSBpbmNsdWRlIGFuCiAgICAgICAgICA8dHQ+YXBwbGljYXRpb24veC13d3ctZm9ybS11cmxl
bmNvZGVkPC90dD4gZm9ybWF0dGVkCiAgICAgICAgICAoPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNX
M0MuUkVDLWh0bWw0MDEtMTk5OTEyMjQnPltXM0MuUkVDJiM4MjA5O2h0bWw0MDEmIzgyMDk7MTk5
OTEyMjRdPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkhvcnMsIEEuLCBSYWdnZXR0
LCBELiwgYW5kIEkuIEphY29icywgJmxkcXVvO0hUTUwgNC4wMSBTcGVjaWZpY2F0aW9uLCZyZHF1
bzsgRGVjZW1iZXImbmJzcDsxOTk5Ljwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4pIHF1ZXJ5IGNv
bXBvbmVudCAoPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNSRkMzOTg2Jz5bUkZDMzk4Nl08c3Bhbj4g
KDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+QmVybmVycy1MZWUsIFQuLCBGaWVsZGluZywgUi4s
IGFuZCBMLiBNYXNpbnRlciwgJmxkcXVvO1VuaWZvcm0gUmVzb3VyY2UgSWRlbnRpZmllciAoVVJJ
KTogR2VuZXJpYyBTeW50YXgsJnJkcXVvOyBKYW51YXJ5Jm5ic3A7MjAwNS48L3NwYW4+PHNwYW4+
KTwvc3Bhbj48L2E+CiAgICAgICAgICBzZWN0aW9uIDMuNCksIHdoaWNoIE1VU1QgYmUgcmV0YWlu
ZWQgd2hlbiBhZGRpbmcgYWRkaXRpb25hbCBxdWVyeSBwYXJhbWV0ZXJzLiBUaGUKICAgICAgICAg
IGVuZHBvaW50IFVSSSBNVVNUIE5PVCBpbmNsdWRlIGEgZnJhZ21lbnQgY29tcG9uZW50LgogICAg
ICAgIAo8L3A+CjxwPgogICAgICAgICAgU2luY2UgcmVxdWVzdHMgdG8gdGhlIGF1dGhvcml6YXRp
b24gZW5kcG9pbnQgcmVzdWx0IGluIHVzZXIgYXV0aGVudGljYXRpb24gYW5kIHRoZQogICAgICAg
ICAgdHJhbnNtaXNzaW9uIG9mIGNsZWFyLXRleHQgY3JlZGVudGlhbHMgKGluIHRoZSBIVFRQIHJl
c3BvbnNlKSwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyCiAgICAgICAgICBNVVNUIHJlcXVpcmUg
dGhlIHVzZSBvZiBUTFMgYXMgZGVzY3JpYmVkIGluIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjdGxz
Jz5TZWN0aW9uJm5ic3A7MS42PHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPlRMUyBW
ZXJzaW9uPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPiB3aGVuIHNlbmRpbmcgcmVxdWVzdHMKICAg
ICAgICAgIHRvIHRoZSBhdXRob3JpemF0aW9uIGVuZHBvaW50LgogICAgICAgIAo8L3A+CjxwPgog
ICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1Qgc3VwcG9ydCB0aGUgdXNlIG9m
IHRoZSBIVFRQIDx0dD5HRVQ8L3R0PgogICAgICAgICAgbWV0aG9kIDxhIGNsYXNzPSdpbmZvJyBo
cmVmPScjUkZDMjYxNic+W1JGQzI2MTZdPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8n
PkZpZWxkaW5nLCBSLiwgR2V0dHlzLCBKLiwgTW9ndWwsIEouLCBGcnlzdHlrLCBILiwgTWFzaW50
ZXIsIEwuLCBMZWFjaCwgUC4sIGFuZCBULiBCZXJuZXJzLUxlZSwgJmxkcXVvO0h5cGVydGV4dCBU
cmFuc2ZlciBQcm90b2NvbCAtLSBIVFRQLzEuMSwmcmRxdW87IEp1bmUmbmJzcDsxOTk5Ljwvc3Bh
bj48c3Bhbj4pPC9zcGFuPjwvYT4gZm9yIHRoZSBhdXRob3JpemF0aW9uIGVuZHBvaW50LCBhbmQg
TUFZIHN1cHBvcnQgdGhlIHVzZQogICAgICAgICAgb2YgdGhlIDx0dD5QT1NUPC90dD4gbWV0aG9k
IGFzIHdlbGwuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBQYXJhbWV0ZXJzIHNlbnQgd2l0
aG91dCBhIHZhbHVlIE1VU1QgYmUgdHJlYXRlZCBhcyBpZiB0aGV5IHdlcmUgb21pdHRlZCBmcm9t
IHRoZSByZXF1ZXN0LgogICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgaWdu
b3JlIHVucmVjb2duaXplZCByZXF1ZXN0IHBhcmFtZXRlcnMuIFJlcXVlc3QgYW5kCiAgICAgICAg
ICByZXNwb25zZSBwYXJhbWV0ZXJzIE1VU1QgTk9UIGJlIGluY2x1ZGVkIG1vcmUgdGhhbiBvbmNl
LgogICAgICAgIAo8L3A+CjxhIG5hbWU9ImFuY2hvcjIwIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJs
ZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9
IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0
b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNl
Y3Rpb24uMy4xLjEiPjwvYT48aDM+My4xLjEuJm5ic3A7ClJlc3BvbnNlIFR5cGU8L2gzPgoKPHA+
CiAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIGVuZHBvaW50IGlzIHVzZWQgYnkgdGhlIGF1
dGhvcml6YXRpb24gY29kZSBncmFudCB0eXBlIGFuZCBpbXBsaWNpdAogICAgICAgICAgICBncmFu
dCB0eXBlIGZsb3dzLiBUaGUgY2xpZW50IGluZm9ybXMgdGhlIGF1dGhvcml6YXRpb24gc2VydmVy
IG9mIHRoZSBkZXNpcmVkIGdyYW50CiAgICAgICAgICAgIHR5cGUgdXNpbmcgdGhlIGZvbGxvd2lu
ZyBwYXJhbWV0ZXI6CiAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgPC9wPgo8YmxvY2tx
dW90ZSBjbGFzcz0idGV4dCI+PGRsPgo8ZHQ+cmVzcG9uc2VfdHlwZTwvZHQ+CjxkZD4KICAgICAg
ICAgICAgICAgIAogICAgICAgICAgICAgICAgUkVRVUlSRUQuIFRoZSB2YWx1ZSBNVVNUIGJlIG9u
ZSBvZiA8dHQ+Y29kZTwvdHQ+IGZvciByZXF1ZXN0aW5nCiAgICAgICAgICAgICAgICBhbiBhdXRo
b3JpemF0aW9uIGNvZGUgYXMgZGVzY3JpYmVkIGJ5IDxhIGNsYXNzPSdpbmZvJyBocmVmPScjY29k
ZS1hdXRoei1yZXEnPlNlY3Rpb24mbmJzcDs0LjEuMTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNz
PSdpbmZvJz5BdXRob3JpemF0aW9uIFJlcXVlc3Q8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LAog
ICAgICAgICAgICAgICAgPHR0PnRva2VuPC90dD4gZm9yIHJlcXVlc3RpbmcgYW4gYWNjZXNzIHRv
a2VuIChpbXBsaWNpdCBncmFudCkKICAgICAgICAgICAgICAgIGFzIGRlc2NyaWJlZCBieSA8YSBj
bGFzcz0naW5mbycgaHJlZj0nI2ltcGxpY2l0LWF1dGh6LXJlcSc+U2VjdGlvbiZuYnNwOzQuMi4x
PHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkF1dGhvcml6YXRpb24gUmVxdWVzdDwv
c3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4sIG9yIGEgcmVnaXN0ZXJlZCBleHRlbnNpb24KICAgICAg
ICAgICAgICAgIHZhbHVlIGFzIGRlc2NyaWJlZCBieSA8YSBjbGFzcz0naW5mbycgaHJlZj0nI3Jl
c3BvbnNlLXR5cGUtZXh0Jz5TZWN0aW9uJm5ic3A7OC40PHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xh
c3M9J2luZm8nPkRlZmluaW5nIE5ldyBBdXRob3JpemF0aW9uIEVuZHBvaW50IFJlc3BvbnNlIFR5
cGVzPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4KICAgICAgICAgICAgICAKPC9kZD4KPC9kbD48
L2Jsb2NrcXVvdGU+PHA+CiAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgRXh0ZW5zaW9u
IHJlc3BvbnNlIHR5cGVzIE1BWSBjb250YWluIGEgc3BhY2UtZGVsaW1pdGVkICgleDIwKSBsaXN0
IG9mIHZhbHVlcywgd2hlcmUgdGhlCiAgICAgICAgICAgIG9yZGVyIG9mIHZhbHVlcyBkb2VzIG5v
dCBtYXR0ZXIgKGUuZy4gcmVzcG9uc2UgdHlwZSA8dHQ+YSBiPC90dD4gaXMKICAgICAgICAgICAg
dGhlIHNhbWUgYXMgPHR0PmIgYTwvdHQ+KS4gVGhlIG1lYW5pbmcgb2Ygc3VjaCBjb21wb3NpdGUg
cmVzcG9uc2UKICAgICAgICAgICAgdHlwZXMgaXMgZGVmaW5lZCBieSB0aGVpciByZXNwZWN0aXZl
IHNwZWNpZmljYXRpb25zLgogICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgIElmIGFuIGF1
dGhvcml6YXRpb24gcmVxdWVzdCBpcyBtaXNzaW5nIHRoZSA8dHQ+cmVzcG9uc2VfdHlwZTwvdHQ+
CiAgICAgICAgICAgIHBhcmFtZXRlciwgb3IgaWYgdGhlIHJlc3BvbnNlIHR5cGUgaXMgbm90IHVu
ZGVyc3Rvb2QsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUCiAgICAgICAgICAgIHJldHVy
biBhbiBlcnJvciByZXNwb25zZSBhcyBkZXNjcmliZWQgaW4gPGEgY2xhc3M9J2luZm8nIGhyZWY9
JyNjb2RlLWF1dGh6LWVycm9yJz5TZWN0aW9uJm5ic3A7NC4xLjIuMTxzcGFuPiAoPC9zcGFuPjxz
cGFuIGNsYXNzPSdpbmZvJz5FcnJvciBSZXNwb25zZTwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4u
CiAgICAgICAgICAKPC9wPgo8YSBuYW1lPSJyZWRpcmVjdC11cmkiPjwvYT48YnIgLz48aHIgLz4K
PHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBj
bGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJl
Zj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJy
ZmMuc2VjdGlvbi4zLjEuMiI+PC9hPjxoMz4zLjEuMi4mbmJzcDsKUmVkaXJlY3Rpb24gRW5kcG9p
bnQ8L2gzPgoKPHA+CiAgICAgICAgICAgIEFmdGVyIGNvbXBsZXRpbmcgaXRzIGludGVyYWN0aW9u
IHdpdGggdGhlIHJlc291cmNlIG93bmVyLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIKICAgICAg
ICAgICAgZGlyZWN0cyB0aGUgcmVzb3VyY2Ugb3duZXIncyB1c2VyLWFnZW50IGJhY2sgdG8gdGhl
IGNsaWVudC4gVGhlIGF1dGhvcml6YXRpb24gc2VydmVyCiAgICAgICAgICAgIHJlZGlyZWN0cyB0
aGUgdXNlci1hZ2VudCB0byB0aGUgY2xpZW50J3MgcmVkaXJlY3Rpb24gZW5kcG9pbnQgcHJldmlv
dXNseSBlc3RhYmxpc2hlZAogICAgICAgICAgICB3aXRoIHRoZSBhdXRob3JpemF0aW9uIHNlcnZl
ciBkdXJpbmcgdGhlIGNsaWVudCByZWdpc3RyYXRpb24gcHJvY2VzcyBvciB3aGVuIG1ha2luZwog
ICAgICAgICAgICB0aGUgYXV0aG9yaXphdGlvbiByZXF1ZXN0LgogICAgICAgICAgCjwvcD4KPHA+
CiAgICAgICAgICAgIFRoZSByZWRpcmVjdGlvbiBlbmRwb2ludCBVUkkgTVVTVCBiZSBhbiBhYnNv
bHV0ZSBVUkkgYXMgZGVmaW5lZCBieQogICAgICAgICAgICA8YSBjbGFzcz0naW5mbycgaHJlZj0n
I1JGQzM5ODYnPltSRkMzOTg2XTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5CZXJu
ZXJzLUxlZSwgVC4sIEZpZWxkaW5nLCBSLiwgYW5kIEwuIE1hc2ludGVyLCAmbGRxdW87VW5pZm9y
bSBSZXNvdXJjZSBJZGVudGlmaWVyIChVUkkpOiBHZW5lcmljIFN5bnRheCwmcmRxdW87IEphbnVh
cnkmbmJzcDsyMDA1Ljwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4gc2VjdGlvbiA0LjMuIFRoZSBl
bmRwb2ludCBVUkkgTUFZIGluY2x1ZGUgYW4KICAgICAgICAgICAgPHR0PmFwcGxpY2F0aW9uL3gt
d3d3LWZvcm0tdXJsZW5jb2RlZDwvdHQ+IGZvcm1hdHRlZAogICAgICAgICAgICAoPGEgY2xhc3M9
J2luZm8nIGhyZWY9JyNXM0MuUkVDLWh0bWw0MDEtMTk5OTEyMjQnPltXM0MuUkVDJiM4MjA5O2h0
bWw0MDEmIzgyMDk7MTk5OTEyMjRdPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkhv
cnMsIEEuLCBSYWdnZXR0LCBELiwgYW5kIEkuIEphY29icywgJmxkcXVvO0hUTUwgNC4wMSBTcGVj
aWZpY2F0aW9uLCZyZHF1bzsgRGVjZW1iZXImbmJzcDsxOTk5Ljwvc3Bhbj48c3Bhbj4pPC9zcGFu
PjwvYT4pIHF1ZXJ5IGNvbXBvbmVudCAoPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNSRkMzOTg2Jz5b
UkZDMzk4Nl08c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+QmVybmVycy1MZWUsIFQu
LCBGaWVsZGluZywgUi4sIGFuZCBMLiBNYXNpbnRlciwgJmxkcXVvO1VuaWZvcm0gUmVzb3VyY2Ug
SWRlbnRpZmllciAoVVJJKTogR2VuZXJpYyBTeW50YXgsJnJkcXVvOyBKYW51YXJ5Jm5ic3A7MjAw
NS48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+CiAgICAgICAgICAgIHNlY3Rpb24gMy40KSwgd2hp
Y2ggTVVTVCBiZSByZXRhaW5lZCB3aGVuIGFkZGluZyBhZGRpdGlvbmFsIHF1ZXJ5IHBhcmFtZXRl
cnMuIFRoZQogICAgICAgICAgICBlbmRwb2ludCBVUkkgTVVTVCBOT1QgaW5jbHVkZSBhIGZyYWdt
ZW50IGNvbXBvbmVudC4KICAgICAgICAgIAo8L3A+CjxhIG5hbWU9ImFuY2hvcjIxIj48L2E+PGJy
IC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3Bh
Y2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0Ni
dWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4K
PGEgbmFtZT0icmZjLnNlY3Rpb24uMy4xLjIuMSI+PC9hPjxoMz4zLjEuMi4xLiZuYnNwOwpFbmRw
b2ludCBSZXF1ZXN0IENvbmZpZGVudGlhbGl0eTwvaDM+Cgo8cD4KICAgICAgICAgICAgICBUaGUg
cmVkaXJlY3Rpb24gZW5kcG9pbnQgU0hPVUxEIHJlcXVpcmUgdGhlIHVzZSBvZiBUTFMgYXMgZGVz
Y3JpYmVkIGluCiAgICAgICAgICAgICAgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyN0bHMnPlNlY3Rp
b24mbmJzcDsxLjY8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+VExTIFZlcnNpb248
L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+IHdoZW4gdGhlIHJlcXVlc3RlZCByZXNwb25zZSB0eXBl
IGlzCiAgICAgICAgICAgICAgPHR0PmNvZGU8L3R0PiBvciA8dHQ+dG9rZW48L3R0Piwgb3IKICAg
ICAgICAgICAgICB3aGVuIHRoZSByZWRpcmVjdGlvbiByZXF1ZXN0IHdpbGwgcmVzdWx0IGluIHRo
ZSB0cmFuc21pc3Npb24gb2Ygc2Vuc2l0aXZlIGNyZWRlbnRpYWxzCiAgICAgICAgICAgICAgb3Zl
ciBhbiBvcGVuIG5ldHdvcmsuIFRoaXMgc3BlY2lmaWNhdGlvbiBkb2VzIG5vdCBtYW5kYXRlIHRo
ZSB1c2Ugb2YgVExTIGJlY2F1c2UgYXQKICAgICAgICAgICAgICB0aGUgdGltZSBvZiB0aGlzIHdy
aXRpbmcsIHJlcXVpcmluZyBjbGllbnRzIHRvIGRlcGxveSBUTFMgaXMgYSBzaWduaWZpY2FudCBo
dXJkbGUgZm9yCiAgICAgICAgICAgICAgbWFueSBjbGllbnQgZGV2ZWxvcGVycy4gSWYgVExTIGlz
IG5vdCBhdmFpbGFibGUsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBTSE9VTEQgd2FybgogICAg
ICAgICAgICAgIHRoZSByZXNvdXJjZSBvd25lciBhYm91dCB0aGUgaW5zZWN1cmUgZW5kcG9pbnQg
cHJpb3IgdG8gcmVkaXJlY3Rpb24gKGUuZy4gZGlzcGxheSBhCiAgICAgICAgICAgICAgbWVzc2Fn
ZSBkdXJpbmcgdGhlIGF1dGhvcml6YXRpb24gcmVxdWVzdCkuCiAgICAgICAgICAgIAo8L3A+Cjxw
PgogICAgICAgICAgICAgIExhY2sgb2YgdHJhbnNwb3J0LWxheWVyIHNlY3VyaXR5IGNhbiBoYXZl
IGEgc2V2ZXJlIGltcGFjdCBvbiB0aGUgc2VjdXJpdHkgb2YgdGhlCiAgICAgICAgICAgICAgY2xp
ZW50IGFuZCB0aGUgcHJvdGVjdGVkIHJlc291cmNlcyBpdCBpcyBhdXRob3JpemVkIHRvIGFjY2Vz
cy4gVGhlIHVzZSBvZgogICAgICAgICAgICAgIHRyYW5zcG9ydC1sYXllciBzZWN1cml0eSBpcyBw
YXJ0aWN1bGFybHkgY3JpdGljYWwgd2hlbiB0aGUgYXV0aG9yaXphdGlvbiBwcm9jZXNzIGlzCiAg
ICAgICAgICAgICAgdXNlZCBhcyBhIGZvcm0gb2YgZGVsZWdhdGVkIGVuZC11c2VyIGF1dGhlbnRp
Y2F0aW9uIGJ5IHRoZSBjbGllbnQgKGUuZy4gdGhpcmQtcGFydHkKICAgICAgICAgICAgICBzaWdu
LWluIHNlcnZpY2UpLgogICAgICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3IyMiI+PC9hPjxi
ciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNw
YWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9D
YnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+
CjxhIG5hbWU9InJmYy5zZWN0aW9uLjMuMS4yLjIiPjwvYT48aDM+My4xLjIuMi4mbmJzcDsKUmVn
aXN0cmF0aW9uIFJlcXVpcmVtZW50czwvaDM+Cgo8cD4KICAgICAgICAgICAgICBUaGUgYXV0aG9y
aXphdGlvbiBzZXJ2ZXIgTVVTVCByZXF1aXJlIHRoZSBmb2xsb3dpbmcgY2xpZW50cyB0byByZWdp
c3RlciB0aGVpcgogICAgICAgICAgICAgIHJlZGlyZWN0aW9uIGVuZHBvaW50OgogICAgICAgICAg
ICAKPC9wPgo8cD4KICAgICAgICAgICAgICA8L3A+Cjx1bCBjbGFzcz0idGV4dCI+CjxsaT4KICAg
ICAgICAgICAgICAgICAgUHVibGljIGNsaWVudHMuCiAgICAgICAgICAgICAgICAKPC9saT4KPGxp
PgogICAgICAgICAgICAgICAgICBDb25maWRlbnRpYWwgY2xpZW50cyB1dGlsaXppbmcgdGhlIGlt
cGxpY2l0IGdyYW50IHR5cGUuCiAgICAgICAgICAgICAgICAKPC9saT4KPC91bD48cD4KICAgICAg
ICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIFNI
T1VMRCByZXF1aXJlIGFsbCBjbGllbnRzIHRvIHJlZ2lzdGVyIHRoZWlyIHJlZGlyZWN0aW9uCiAg
ICAgICAgICAgICAgZW5kcG9pbnQgcHJpb3IgdG8gdXRpbGl6aW5nIHRoZSBhdXRob3JpemF0aW9u
IGVuZHBvaW50LgogICAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgICBUaGUgYXV0aG9y
aXphdGlvbiBzZXJ2ZXIgU0hPVUxEIHJlcXVpcmUgdGhlIGNsaWVudCB0byBwcm92aWRlIHRoZSBj
b21wbGV0ZQogICAgICAgICAgICAgIHJlZGlyZWN0aW9uIFVSSSAodGhlIGNsaWVudCBNQVkgdXNl
IHRoZSA8dHQ+c3RhdGU8L3R0PiByZXF1ZXN0CiAgICAgICAgICAgICAgcGFyYW1ldGVyIHRvIGFj
aGlldmUgcGVyLXJlcXVlc3QgY3VzdG9taXphdGlvbikuIElmIHJlcXVpcmluZyB0aGUgcmVnaXN0
cmF0aW9uIG9mCiAgICAgICAgICAgICAgdGhlIGNvbXBsZXRlIHJlZGlyZWN0aW9uIFVSSSBpcyBu
b3QgcG9zc2libGUsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBTSE9VTEQgcmVxdWlyZQogICAg
ICAgICAgICAgIHRoZSByZWdpc3RyYXRpb24gb2YgdGhlIFVSSSBzY2hlbWUsIGF1dGhvcml0eSwg
YW5kIHBhdGggKGFsbG93aW5nIHRoZSBjbGllbnQgdG8KICAgICAgICAgICAgICBkeW5hbWljYWxs
eSB2YXJ5IG9ubHkgdGhlIHF1ZXJ5IGNvbXBvbmVudCBvZiB0aGUgcmVkaXJlY3Rpb24gVVJJIHdo
ZW4gcmVxdWVzdGluZwogICAgICAgICAgICAgIGF1dGhvcml6YXRpb24pLgogICAgICAgICAgICAK
PC9wPgo8cD4KICAgICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTUFZIGFsbG93
IHRoZSBjbGllbnQgdG8gcmVnaXN0ZXIgbXVsdGlwbGUgcmVkaXJlY3Rpb24KICAgICAgICAgICAg
ICBlbmRwb2ludHMuCiAgICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICAgIExhY2sgb2Yg
YSByZWRpcmVjdGlvbiBVUkkgcmVnaXN0cmF0aW9uIHJlcXVpcmVtZW50IGNhbiBlbmFibGUgYW4g
YXR0YWNrZXIgdG8gdXNlCiAgICAgICAgICAgICAgdGhlIGF1dGhvcml6YXRpb24gZW5kcG9pbnQg
YXMgb3BlbiByZWRpcmVjdG9yIGFzIGRlc2NyaWJlZCBpbgogICAgICAgICAgICAgIDxhIGNsYXNz
PSdpbmZvJyBocmVmPScjb3Blbi1yZWRpcmVjdCc+U2VjdGlvbiZuYnNwOzEwLjE1PHNwYW4+ICg8
L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPk9wZW4gUmVkaXJlY3RvcnM8L3NwYW4+PHNwYW4+KTwv
c3Bhbj48L2E+LgogICAgICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3IyMyI+PC9hPjxiciAv
PjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNp
bmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVn
Ij48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+Cjxh
IG5hbWU9InJmYy5zZWN0aW9uLjMuMS4yLjMiPjwvYT48aDM+My4xLjIuMy4mbmJzcDsKRHluYW1p
YyBDb25maWd1cmF0aW9uPC9oMz4KCjxwPgogICAgICAgICAgICAgIElmIG11bHRpcGxlIHJlZGly
ZWN0aW9uIFVSSXMgaGF2ZSBiZWVuIHJlZ2lzdGVyZWQsIGlmIG9ubHkgcGFydCBvZiB0aGUgcmVk
aXJlY3Rpb24KICAgICAgICAgICAgICBVUkkgaGFzIGJlZW4gcmVnaXN0ZXJlZCwgb3IgaWYgbm8g
cmVkaXJlY3Rpb24gVVJJIGhhcyBiZWVuIHJlZ2lzdGVyZWQsIHRoZSBjbGllbnQKICAgICAgICAg
ICAgICBNVVNUIGluY2x1ZGUgYSByZWRpcmVjdGlvbiBVUkkgd2l0aCB0aGUgYXV0aG9yaXphdGlv
biByZXF1ZXN0IHVzaW5nIHRoZQogICAgICAgICAgICAgIDx0dD5yZWRpcmVjdF91cmk8L3R0PiBy
ZXF1ZXN0IHBhcmFtZXRlci4KICAgICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgICAgV2hl
biBhIHJlZGlyZWN0aW9uIFVSSSBpcyBpbmNsdWRlZCBpbiBhbiBhdXRob3JpemF0aW9uIHJlcXVl
c3QsIHRoZSBhdXRob3JpemF0aW9uCiAgICAgICAgICAgICAgc2VydmVyIE1VU1QgY29tcGFyZSBh
bmQgbWF0Y2ggdGhlIHZhbHVlIHJlY2VpdmVkIGFnYWluc3QgYXQgbGVhc3Qgb25lIG9mIHRoZQog
ICAgICAgICAgICAgIHJlZ2lzdGVyZWQgcmVkaXJlY3Rpb24gVVJJcyAob3IgVVJJIGNvbXBvbmVu
dHMpIGFzIGRlZmluZWQgaW4KICAgICAgICAgICAgICA8YSBjbGFzcz0naW5mbycgaHJlZj0nI1JG
QzM5ODYnPltSRkMzOTg2XTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5CZXJuZXJz
LUxlZSwgVC4sIEZpZWxkaW5nLCBSLiwgYW5kIEwuIE1hc2ludGVyLCAmbGRxdW87VW5pZm9ybSBS
ZXNvdXJjZSBJZGVudGlmaWVyIChVUkkpOiBHZW5lcmljIFN5bnRheCwmcmRxdW87IEphbnVhcnkm
bmJzcDsyMDA1Ljwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4gc2VjdGlvbiA2LCBpZiBhbnkgcmVk
aXJlY3Rpb24gVVJJcyB3ZXJlIHJlZ2lzdGVyZWQuCiAgICAgICAgICAgICAgSWYgdGhlIGNsaWVu
dCByZWdpc3RyYXRpb24gaW5jbHVkZWQgdGhlIGZ1bGwgcmVkaXJlY3Rpb24gVVJJLCB0aGUgYXV0
aG9yaXphdGlvbgogICAgICAgICAgICAgIHNlcnZlciBNVVNUIGNvbXBhcmUgdGhlIHR3byBVUklz
IHVzaW5nIHNpbXBsZSBzdHJpbmcgY29tcGFyaXNvbiBhcyBkZWZpbmVkCiAgICAgICAgICAgICAg
aW4gPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNSRkMzOTg2Jz5bUkZDMzk4Nl08c3Bhbj4gKDwvc3Bh
bj48c3BhbiBjbGFzcz0naW5mbyc+QmVybmVycy1MZWUsIFQuLCBGaWVsZGluZywgUi4sIGFuZCBM
LiBNYXNpbnRlciwgJmxkcXVvO1VuaWZvcm0gUmVzb3VyY2UgSWRlbnRpZmllciAoVVJJKTogR2Vu
ZXJpYyBTeW50YXgsJnJkcXVvOyBKYW51YXJ5Jm5ic3A7MjAwNS48L3NwYW4+PHNwYW4+KTwvc3Bh
bj48L2E+IHNlY3Rpb24gNi4yLjEuCiAgICAgICAgICAgIAo8L3A+CjxhIG5hbWU9ImFuY2hvcjI0
Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIw
IiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNs
YXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+
PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMy4xLjIuNCI+PC9hPjxoMz4zLjEuMi40LiZu
YnNwOwpJbnZhbGlkIEVuZHBvaW50PC9oMz4KCjxwPgogICAgICAgICAgICAgIElmIGFuIGF1dGhv
cml6YXRpb24gcmVxdWVzdCBmYWlscyB2YWxpZGF0aW9uIGR1ZSB0byBhIG1pc3NpbmcsIGludmFs
aWQsIG9yCiAgICAgICAgICAgICAgbWlzbWF0Y2hpbmcgcmVkaXJlY3Rpb24gVVJJLCB0aGUgYXV0
aG9yaXphdGlvbiBzZXJ2ZXIgU0hPVUxEIGluZm9ybSB0aGUgcmVzb3VyY2UKICAgICAgICAgICAg
ICBvd25lciBvZiB0aGUgZXJyb3IsIGFuZCBNVVNUIE5PVCBhdXRvbWF0aWNhbGx5IHJlZGlyZWN0
IHRoZSB1c2VyLWFnZW50IHRvIHRoZSBpbnZhbGlkCiAgICAgICAgICAgICAgcmVkaXJlY3Rpb24g
VVJJLgogICAgICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3IyNSI+PC9hPjxiciAvPjxociAv
Pgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIi
IGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBo
cmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9
InJmYy5zZWN0aW9uLjMuMS4yLjUiPjwvYT48aDM+My4xLjIuNS4mbmJzcDsKRW5kcG9pbnQgQ29u
dGVudDwvaDM+Cgo8cD4KICAgICAgICAgICAgICBUaGUgcmVkaXJlY3Rpb24gcmVxdWVzdCB0byB0
aGUgY2xpZW50J3MgZW5kcG9pbnQgdHlwaWNhbGx5IHJlc3VsdHMgaW4gYW4gSFRNTAogICAgICAg
ICAgICAgIGRvY3VtZW50IHJlc3BvbnNlLCBwcm9jZXNzZWQgYnkgdGhlIHVzZXItYWdlbnQuIElm
IHRoZSBIVE1MIHJlc3BvbnNlIGlzIHNlcnZlZAogICAgICAgICAgICAgIGRpcmVjdGx5IGFzIHRo
ZSByZXN1bHQgb2YgdGhlIHJlZGlyZWN0aW9uIHJlcXVlc3QsIGFueSBzY3JpcHQgaW5jbHVkZWQg
aW4gdGhlIEhUTUwKICAgICAgICAgICAgICBkb2N1bWVudCB3aWxsIGV4ZWN1dGUgd2l0aCBmdWxs
IGFjY2VzcyB0byB0aGUgcmVkaXJlY3Rpb24gVVJJIGFuZCB0aGUgY3JlZGVudGlhbHMgaXQKICAg
ICAgICAgICAgICBjb250YWlucy4KICAgICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgICAg
VGhlIGNsaWVudCBTSE9VTEQgTk9UIGluY2x1ZGUgYW55IHRoaXJkLXBhcnR5IHNjcmlwdHMgKGUu
Zy4gdGhpcmQtcGFydHkgYW5hbHl0aWNzLAogICAgICAgICAgICAgIHNvY2lhbCBwbHVnLWlucywg
YWQgbmV0d29ya3MpIGluIHRoZSByZWRpcmVjdGlvbiBlbmRwb2ludCByZXNwb25zZS4gSW5zdGVh
ZCwgaXQKICAgICAgICAgICAgICBTSE9VTEQgZXh0cmFjdCB0aGUgY3JlZGVudGlhbHMgZnJvbSB0
aGUgVVJJIGFuZCByZWRpcmVjdCB0aGUgdXNlci1hZ2VudCBhZ2FpbiB0bwogICAgICAgICAgICAg
IGFub3RoZXIgZW5kcG9pbnQgd2l0aG91dCBleHBvc2luZyB0aGUgY3JlZGVudGlhbHMgKGluIHRo
ZSBVUkkgb3IgZWxzZXdoZXJlKS4gSWYKICAgICAgICAgICAgICB0aGlyZC1wYXJ0eSBzY3JpcHRz
IGFyZSBpbmNsdWRlZCwgdGhlIGNsaWVudCBNVVNUIGVuc3VyZSB0aGF0IGl0cyBvd24gc2NyaXB0
cwogICAgICAgICAgICAgICh1c2VkIHRvIGV4dHJhY3QgYW5kIHJlbW92ZSB0aGUgY3JlZGVudGlh
bHMgZnJvbSB0aGUgVVJJKSB3aWxsIGV4ZWN1dGUgZmlyc3QuCiAgICAgICAgICAgIAo8L3A+Cjxh
IG5hbWU9ImFuY2hvcjI2Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQi
IGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJp
Z2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNw
OzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMy4yIj48L2E+PGgz
PjMuMi4mbmJzcDsKVG9rZW4gRW5kcG9pbnQ8L2gzPgoKPHA+CiAgICAgICAgICBUaGUgdG9rZW4g
ZW5kcG9pbnQgaXMgdXNlZCBieSB0aGUgY2xpZW50IHRvIG9idGFpbiBhbiBhY2Nlc3MgdG9rZW4g
YnkgcHJlc2VudGluZyBpdHMKICAgICAgICAgIGF1dGhvcml6YXRpb24gZ3JhbnQgb3IgcmVmcmVz
aCB0b2tlbi4gVGhlIHRva2VuIGVuZHBvaW50IGlzIHVzZWQgd2l0aCBldmVyeSBhdXRob3JpemF0
aW9uCiAgICAgICAgICBncmFudCBleGNlcHQgZm9yIHRoZSBpbXBsaWNpdCBncmFudCB0eXBlIChz
aW5jZSBhbiBhY2Nlc3MgdG9rZW4gaXMgaXNzdWVkIGRpcmVjdGx5KS4KICAgICAgICAKPC9wPgo8
cD4KICAgICAgICAgIFRoZSBtZWFucyB0aHJvdWdoIHdoaWNoIHRoZSBjbGllbnQgb2J0YWlucyB0
aGUgbG9jYXRpb24gb2YgdGhlIHRva2VuIGVuZHBvaW50IGFyZQogICAgICAgICAgYmV5b25kIHRo
ZSBzY29wZSBvZiB0aGlzIHNwZWNpZmljYXRpb24gYnV0IGlzIHR5cGljYWxseSBwcm92aWRlZCBp
biB0aGUgc2VydmljZQogICAgICAgICAgZG9jdW1lbnRhdGlvbi4KICAgICAgICAKPC9wPgo8cD4K
ICAgICAgICAgIFRoZSBlbmRwb2ludCBVUkkgTUFZIGluY2x1ZGUgYW4KICAgICAgICAgIDx0dD5h
cHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ8L3R0PiBmb3JtYXR0ZWQKICAgICAgICAg
ICg8YSBjbGFzcz0naW5mbycgaHJlZj0nI1czQy5SRUMtaHRtbDQwMS0xOTk5MTIyNCc+W1czQy5S
RUMmIzgyMDk7aHRtbDQwMSYjODIwOTsxOTk5MTIyNF08c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFz
cz0naW5mbyc+SG9ycywgQS4sIFJhZ2dldHQsIEQuLCBhbmQgSS4gSmFjb2JzLCAmbGRxdW87SFRN
TCA0LjAxIFNwZWNpZmljYXRpb24sJnJkcXVvOyBEZWNlbWJlciZuYnNwOzE5OTkuPC9zcGFuPjxz
cGFuPik8L3NwYW4+PC9hPikgcXVlcnkgY29tcG9uZW50ICg8YSBjbGFzcz0naW5mbycgaHJlZj0n
I1JGQzM5ODYnPltSRkMzOTg2XTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5CZXJu
ZXJzLUxlZSwgVC4sIEZpZWxkaW5nLCBSLiwgYW5kIEwuIE1hc2ludGVyLCAmbGRxdW87VW5pZm9y
bSBSZXNvdXJjZSBJZGVudGlmaWVyIChVUkkpOiBHZW5lcmljIFN5bnRheCwmcmRxdW87IEphbnVh
cnkmbmJzcDsyMDA1Ljwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4KICAgICAgICAgIHNlY3Rpb24g
My40KSwgd2hpY2ggTVVTVCBiZSByZXRhaW5lZCB3aGVuIGFkZGluZyBhZGRpdGlvbmFsIHF1ZXJ5
IHBhcmFtZXRlcnMuIFRoZQogICAgICAgICAgZW5kcG9pbnQgVVJJIE1VU1QgTk9UIGluY2x1ZGUg
YSBmcmFnbWVudCBjb21wb25lbnQuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBTaW5jZSBy
ZXF1ZXN0cyB0byB0aGUgdG9rZW4gZW5kcG9pbnQgcmVzdWx0IGluIHRoZSB0cmFuc21pc3Npb24g
b2YgY2xlYXItdGV4dCBjcmVkZW50aWFscwogICAgICAgICAgKGluIHRoZSBIVFRQIHJlcXVlc3Qg
YW5kIHJlc3BvbnNlKSwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgcmVxdWlyZSB0aGUg
dXNlIG9mIFRMUwogICAgICAgICAgYXMgZGVzY3JpYmVkIGluIDxhIGNsYXNzPSdpbmZvJyBocmVm
PScjdGxzJz5TZWN0aW9uJm5ic3A7MS42PHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8n
PlRMUyBWZXJzaW9uPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPiB3aGVuIHNlbmRpbmcgcmVxdWVz
dHMgdG8gdGhlIHRva2VuIGVuZHBvaW50LgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgVGhl
IGNsaWVudCBNVVNUIHVzZSB0aGUgSFRUUCA8dHQ+UE9TVDwvdHQ+IG1ldGhvZCB3aGVuIG1ha2lu
ZyBhY2Nlc3MKICAgICAgICAgIHRva2VuIHJlcXVlc3RzLgogICAgICAgIAo8L3A+CjxwPgogICAg
ICAgICAgUGFyYW1ldGVycyBzZW50IHdpdGhvdXQgYSB2YWx1ZSBNVVNUIGJlIHRyZWF0ZWQgYXMg
aWYgdGhleSB3ZXJlIG9taXR0ZWQgZnJvbSB0aGUgcmVxdWVzdC4KICAgICAgICAgIFRoZSBhdXRo
b3JpemF0aW9uIHNlcnZlciBNVVNUIGlnbm9yZSB1bnJlY29nbml6ZWQgcmVxdWVzdCBwYXJhbWV0
ZXJzLiBSZXF1ZXN0IGFuZAogICAgICAgICAgcmVzcG9uc2UgcGFyYW1ldGVycyBNVVNUIE5PVCBi
ZSBpbmNsdWRlZCBtb3JlIHRoYW4gb25jZS4KICAgICAgICAKPC9wPgo8YSBuYW1lPSJ0b2tlbi1l
bmRwb2ludC1hdXRoIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNl
bGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0
Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwv
YT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMy4yLjEiPjwvYT48aDM+
My4yLjEuJm5ic3A7CkNsaWVudCBBdXRoZW50aWNhdGlvbjwvaDM+Cgo8cD4KICAgICAgICAgICAg
Q29uZmlkZW50aWFsIGNsaWVudHMgb3Igb3RoZXIgY2xpZW50cyBpc3N1ZWQgY2xpZW50IGNyZWRl
bnRpYWxzIE1VU1QgYXV0aGVudGljYXRlIHdpdGgKICAgICAgICAgICAgdGhlIGF1dGhvcml6YXRp
b24gc2VydmVyIGFzIGRlc2NyaWJlZCBpbiA8YSBjbGFzcz0naW5mbycgaHJlZj0nI2NsaWVudC1h
dXRoZW50aWNhdGlvbic+U2VjdGlvbiZuYnNwOzIuMzxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNz
PSdpbmZvJz5DbGllbnQgQXV0aGVudGljYXRpb248L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+IHdo
ZW4KICAgICAgICAgICAgbWFraW5nIHJlcXVlc3RzIHRvIHRoZSB0b2tlbiBlbmRwb2ludC4gQ2xp
ZW50IGF1dGhlbnRpY2F0aW9uIGlzIHVzZWQgZm9yOgogICAgICAgICAgCjwvcD4KPHA+CiAgICAg
ICAgICAgIDwvcD4KPHVsIGNsYXNzPSJ0ZXh0Ij4KPGxpPgogICAgICAgICAgICAgICAgRW5mb3Jj
aW5nIHRoZSBiaW5kaW5nIG9mIHJlZnJlc2ggdG9rZW5zIGFuZCBhdXRob3JpemF0aW9uIGNvZGVz
IHRvIHRoZSBjbGllbnQgdGhleQogICAgICAgICAgICAgICAgd2VyZSBpc3N1ZWQgdG8uIENsaWVu
dCBhdXRoZW50aWNhdGlvbiBpcyBjcml0aWNhbCB3aGVuIGFuIGF1dGhvcml6YXRpb24gY29kZSBp
cwogICAgICAgICAgICAgICAgdHJhbnNtaXR0ZWQgdG8gdGhlIHJlZGlyZWN0aW9uIGVuZHBvaW50
IG92ZXIgYW4gaW5zZWN1cmUgY2hhbm5lbCwgb3Igd2hlbiB0aGUKICAgICAgICAgICAgICAgIHJl
ZGlyZWN0aW9uIFVSSSBoYXMgbm90IGJlZW4gcmVnaXN0ZXJlZCBpbiBmdWxsLgogICAgICAgICAg
ICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBSZWNvdmVyaW5nIGZyb20gYSBjb21wcm9t
aXNlZCBjbGllbnQgYnkgZGlzYWJsaW5nIHRoZSBjbGllbnQgb3IgY2hhbmdpbmcgaXRzCiAgICAg
ICAgICAgICAgICBjcmVkZW50aWFscywgdGh1cyBwcmV2ZW50aW5nIGFuIGF0dGFja2VyIGZyb20g
YWJ1c2luZyBzdG9sZW4gcmVmcmVzaCB0b2tlbnMuIENoYW5naW5nCiAgICAgICAgICAgICAgICBh
IHNpbmdsZSBzZXQgb2YgY2xpZW50IGNyZWRlbnRpYWxzIGlzIHNpZ25pZmljYW50bHkgZmFzdGVy
IHRoYW4gcmV2b2tpbmcgYW4gZW50aXJlCiAgICAgICAgICAgICAgICBzZXQgb2YgcmVmcmVzaCB0
b2tlbnMuCiAgICAgICAgICAgICAgCjwvbGk+CjxsaT4KICAgICAgICAgICAgICAgIEltcGxlbWVu
dGluZyBhdXRoZW50aWNhdGlvbiBtYW5hZ2VtZW50IGJlc3QgcHJhY3RpY2VzIHdoaWNoIHJlcXVp
cmUgcGVyaW9kaWMKICAgICAgICAgICAgICAgIGNyZWRlbnRpYWwgcm90YXRpb24uIFJvdGF0aW9u
IG9mIGFuIGVudGlyZSBzZXQgb2YgcmVmcmVzaCB0b2tlbnMgY2FuIGJlCiAgICAgICAgICAgICAg
ICBjaGFsbGVuZ2luZywgd2hpbGUgcm90YXRpb24gb2YgYSBzaW5nbGUgc2V0IG9mIGNsaWVudCBj
cmVkZW50aWFscyBpcyBzaWduaWZpY2FudGx5CiAgICAgICAgICAgICAgICBlYXNpZXIuCiAgICAg
ICAgICAgICAgCjwvbGk+CjwvdWw+PHA+CiAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAg
QSBwdWJsaWMgY2xpZW50IHRoYXQgd2FzIG5vdCBpc3N1ZWQgYSBjbGllbnQgcGFzc3dvcmQgTUFZ
IHVzZSB0aGUKICAgICAgICAgICAgPHR0PmNsaWVudF9pZDwvdHQ+IHJlcXVlc3QgcGFyYW1ldGVy
IHRvIGlkZW50aWZ5IGl0c2VsZiB3aGVuIHNlbmRpbmcKICAgICAgICAgICAgcmVxdWVzdHMgdG8g
dGhlIHRva2VuIGVuZHBvaW50IChlLmcuIGZvciB0aGUgcHVycG9zZSBvZiBwcm92aWRpbmcgZW5k
LXVzZXIgY29udGV4dCwKICAgICAgICAgICAgY2xpZW50IHVzYWdlIHN0YXRpc3RpY3MpLgogICAg
ICAgICAgCjwvcD4KPGEgbmFtZT0ic2NvcGUiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1h
cnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVn
IiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5i
c3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi4z
LjMiPjwvYT48aDM+My4zLiZuYnNwOwpBY2Nlc3MgVG9rZW4gU2NvcGU8L2gzPgoKPHA+CiAgICAg
ICAgICBUaGUgYXV0aG9yaXphdGlvbiBhbmQgdG9rZW4gZW5kcG9pbnRzIGFsbG93IHRoZSBjbGll
bnQgdG8gc3BlY2lmeSB0aGUgc2NvcGUgb2YgdGhlIGFjY2VzcwogICAgICAgICAgcmVxdWVzdCB1
c2luZyB0aGUgPHR0PnNjb3BlPC90dD4gcmVxdWVzdCBwYXJhbWV0ZXIuIEluIHR1cm4sIHRoZQog
ICAgICAgICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgdXNlcyB0aGUgPHR0PnNjb3BlPC90dD4gcmVz
cG9uc2UgcGFyYW1ldGVyIHRvCiAgICAgICAgICBpbmZvcm0gdGhlIGNsaWVudCBvZiB0aGUgc2Nv
cGUgb2YgdGhlIGFjY2VzcyB0b2tlbiBpc3N1ZWQuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAg
ICBUaGUgdmFsdWUgb2YgdGhlIHNjb3BlIHBhcmFtZXRlciBpcyBleHByZXNzZWQgYXMgYSBsaXN0
IG9mIHNwYWNlLWRlbGltaXRlZCwgY2FzZQogICAgICAgICAgc2Vuc2l0aXZlIHN0cmluZ3MuIFRo
ZSBzdHJpbmdzIGFyZSBkZWZpbmVkIGJ5IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4gSWYgdGhl
IHZhbHVlCiAgICAgICAgICBjb250YWlucyBtdWx0aXBsZSBzcGFjZS1kZWxpbWl0ZWQgc3RyaW5n
cywgdGhlaXIgb3JkZXIgZG9lcyBub3QgbWF0dGVyLCBhbmQgZWFjaCBzdHJpbmcKICAgICAgICAg
IGFkZHMgYW4gYWRkaXRpb25hbCBhY2Nlc3MgcmFuZ2UgdG8gdGhlIHJlcXVlc3RlZCBzY29wZS4K
ICAgICAgICAKPC9wPjxkaXYgc3R5bGU9J2Rpc3BsYXk6IHRhYmxlOyB3aWR0aDogMDsgbWFyZ2lu
LWxlZnQ6IDNlbTsgbWFyZ2luLXJpZ2h0OiBhdXRvJz48cHJlPgoKICBzY29wZSAgICAgICA9IHNj
b3BlLXRva2VuICooIFNQIHNjb3BlLXRva2VuICkKICBzY29wZS10b2tlbiA9IDEqKCAleDIxIC8g
JXgyMy01QiAvICV4NUQtN0UgKQoKPC9wcmU+PC9kaXY+CjxwPgogICAgICAgICAgVGhlIGF1dGhv
cml6YXRpb24gc2VydmVyIE1BWSBmdWxseSBvciBwYXJ0aWFsbHkgaWdub3JlIHRoZSBzY29wZSBy
ZXF1ZXN0ZWQgYnkgdGhlIGNsaWVudAogICAgICAgICAgYmFzZWQgb24gdGhlIGF1dGhvcml6YXRp
b24gc2VydmVyIHBvbGljeSBvciB0aGUgcmVzb3VyY2Ugb3duZXIncyBpbnN0cnVjdGlvbnMuIElm
IHRoZQogICAgICAgICAgaXNzdWVkIGFjY2VzcyB0b2tlbiBzY29wZSBpcyBkaWZmZXJlbnQgZnJv
bSB0aGUgb25lIHJlcXVlc3RlZCBieSB0aGUgY2xpZW50LCB0aGUKICAgICAgICAgIGF1dGhvcml6
YXRpb24gc2VydmVyIE1VU1QgaW5jbHVkZSB0aGUgPHR0PnNjb3BlPC90dD4gcmVzcG9uc2UKICAg
ICAgICAgIHBhcmFtZXRlciB0byBpbmZvcm0gdGhlIGNsaWVudCBvZiB0aGUgYWN0dWFsIHNjb3Bl
IGdyYW50ZWQuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBJZiB0aGUgY2xpZW50IG9taXRz
IHRoZSBzY29wZSBwYXJhbWV0ZXIgd2hlbiByZXF1ZXN0aW5nIGF1dGhvcml6YXRpb24sIHRoZSBh
dXRob3JpemF0aW9uCiAgICAgICAgICBzZXJ2ZXIgTVVTVCBlaXRoZXIgcHJvY2VzcyB0aGUgcmVx
dWVzdCB1c2luZyBhIHByZS1kZWZpbmVkIGRlZmF1bHQgdmFsdWUsIG9yIGZhaWwgdGhlCiAgICAg
ICAgICByZXF1ZXN0IGluZGljYXRpbmcgYW4gaW52YWxpZCBzY29wZS4gVGhlIGF1dGhvcml6YXRp
b24gc2VydmVyIFNIT1VMRCBkb2N1bWVudCBpdHMgc2NvcGUKICAgICAgICAgIHJlcXVpcmVtZW50
cyBhbmQgZGVmYXVsdCB2YWx1ZSAoaWYgZGVmaW5lZCkuCiAgICAgICAgCjwvcD4KPGEgbmFtZT0i
YW5jaG9yMjciPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBh
ZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0
cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwv
dGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi40Ij48L2E+PGgzPjQuJm5ic3A7
Ck9idGFpbmluZyBBdXRob3JpemF0aW9uPC9oMz4KCjxwPgogICAgICAgIFRvIHJlcXVlc3QgYW4g
YWNjZXNzIHRva2VuLCB0aGUgY2xpZW50IG9idGFpbnMgYXV0aG9yaXphdGlvbiBmcm9tIHRoZSBy
ZXNvdXJjZSBvd25lci4gVGhlCiAgICAgICAgYXV0aG9yaXphdGlvbiBpcyBleHByZXNzZWQgaW4g
dGhlIGZvcm0gb2YgYW4gYXV0aG9yaXphdGlvbiBncmFudCB3aGljaCB0aGUgY2xpZW50IHVzZXMg
dG8KICAgICAgICByZXF1ZXN0IHRoZSBhY2Nlc3MgdG9rZW4uIE9BdXRoIGRlZmluZXMgZm91ciBn
cmFudCB0eXBlczogYXV0aG9yaXphdGlvbiBjb2RlLCBpbXBsaWNpdCwKICAgICAgICByZXNvdXJj
ZSBvd25lciBwYXNzd29yZCBjcmVkZW50aWFscywgYW5kIGNsaWVudCBjcmVkZW50aWFscy4gSXQg
YWxzbyBwcm92aWRlcyBhbiBleHRlbnNpb24KICAgICAgICBtZWNoYW5pc20gZm9yIGRlZmluaW5n
IGFkZGl0aW9uYWwgZ3JhbnQgdHlwZXMuCiAgICAgIAo8L3A+CjxhIG5hbWU9ImdyYW50LWNvZGUi
PjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAi
IGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xh
c3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48
L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi40LjEiPjwvYT48aDM+NC4xLiZuYnNwOwpBdXRo
b3JpemF0aW9uIENvZGUgR3JhbnQ8L2gzPgoKPHA+CiAgICAgICAgICBUaGUgYXV0aG9yaXphdGlv
biBjb2RlIGdyYW50IHR5cGUgaXMgdXNlZCB0byBvYnRhaW4gYm90aCBhY2Nlc3MgdG9rZW5zIGFu
ZCByZWZyZXNoCiAgICAgICAgICB0b2tlbnMgYW5kIGlzIG9wdGltaXplZCBmb3IgY29uZmlkZW50
aWFsIGNsaWVudHMuIEFzIGEgcmVkaXJlY3Rpb24tYmFzZWQgZmxvdywgdGhlIGNsaWVudAogICAg
ICAgICAgbXVzdCBiZSBjYXBhYmxlIG9mIGludGVyYWN0aW5nIHdpdGggdGhlIHJlc291cmNlIG93
bmVyJ3MgdXNlci1hZ2VudCAodHlwaWNhbGx5IGEgd2ViCiAgICAgICAgICBicm93c2VyKSBhbmQg
Y2FwYWJsZSBvZiByZWNlaXZpbmcgaW5jb21pbmcgcmVxdWVzdHMgKHZpYSByZWRpcmVjdGlvbikg
ZnJvbSB0aGUKICAgICAgICAgIGF1dGhvcml6YXRpb24gc2VydmVyLgogICAgICAgIAo8L3A+PGJy
IC8+PGhyIGNsYXNzPSJpbnNlcnQiIC8+CjxhIG5hbWU9IkZpZ3VyZS0zIj48L2E+CjxkaXYgc3R5
bGU9J2Rpc3BsYXk6IHRhYmxlOyB3aWR0aDogMDsgbWFyZ2luLWxlZnQ6IDNlbTsgbWFyZ2luLXJp
Z2h0OiBhdXRvJz48cHJlPgoKICArLS0tLS0tLS0tLSsKICB8IHJlc291cmNlIHwKICB8ICAgb3du
ZXIgIHwKICB8ICAgICAgICAgIHwKICArLS0tLS0tLS0tLSsKICAgICAgIF4KICAgICAgIHwKICAg
ICAgKEIpCiAgKy0tLS18LS0tLS0rICAgICAgICAgIENsaWVudCBJZGVudGlmaWVyICAgICAgKy0t
LS0tLS0tLS0tLS0tLSsKICB8ICAgICAgICAgLSstLS0tKEEpLS0gJmFtcDsgUmVkaXJlY3Rpb24g
VVJJIC0tLS0mZ3Q7fCAgICAgICAgICAgICAgIHwKICB8ICBVc2VyLSAgIHwgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICB8IEF1dGhvcml6YXRpb24gfAogIHwgIEFnZW50ICAtKy0tLS0o
QiktLSBVc2VyIGF1dGhlbnRpY2F0ZXMgLS0tJmd0O3wgICAgIFNlcnZlciAgICB8CiAgfCAgICAg
ICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgICAgICAgICAgICAgIHwK
ICB8ICAgICAgICAgLSstLS0tKEMpLS0gQXV0aG9yaXphdGlvbiBDb2RlIC0tLSZsdDt8ICAgICAg
ICAgICAgICAgfAogICstfC0tLS18LS0tKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICstLS0tLS0tLS0tLS0tLS0rCiAgICB8ICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgIF4gICAgICB2CiAgIChBKSAgKEMpICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgIHwgICAgICB8CiAgICB8ICAgIHwgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgIHwgICAgICB8CiAgICBeICAgIHYgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgIHwgICAgICB8CiAgKy0tLS0tLS0tLSsgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgICB8CiAgfCAgICAgICAgIHwmZ3Q7LS0tKEQp
LS0gQXV0aG9yaXphdGlvbiBDb2RlIC0tLS0tLS0tLScgICAgICB8CiAgfCAgQ2xpZW50IHwgICAg
ICAgICAgJmFtcDsgUmVkaXJlY3Rpb24gVVJJICAgICAgICAgICAgICAgICAgfAogIHwgICAgICAg
ICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfAogIHwgICAg
ICAgICB8Jmx0Oy0tLShFKS0tLS0tIEFjY2VzcyBUb2tlbiAtLS0tLS0tLS0tLS0tLS0tLS0tJwog
ICstLS0tLS0tLS0rICAgICAgICh3LyBPcHRpb25hbCBSZWZyZXNoIFRva2VuKQoKPC9wcmU+PC9k
aXY+CjxwPgogICAgICAgICAgICBOb3RlOiBUaGUgbGluZXMgaWxsdXN0cmF0aW5nIHN0ZXBzIEEs
IEIsIGFuZCBDIGFyZSBicm9rZW4gaW50byB0d28gcGFydHMgYXMgdGhleSBwYXNzCiAgICAgICAg
ICAgIHRocm91Z2ggdGhlIHVzZXItYWdlbnQuCiAgICAgICAgICAKPC9wPjx0YWJsZSBib3JkZXI9
IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgYWxpZ249ImNlbnRlciI+PHRyPjx0
ZCBhbGlnbj0iY2VudGVyIj48Zm9udCBmYWNlPSJtb25hY28sIE1TIFNhbnMgU2VyaWYiIHNpemU9
IjEiPjxiPiZuYnNwO0ZpZ3VyZSZuYnNwOzM6IEF1dGhvcml6YXRpb24gQ29kZSBGbG93Jm5ic3A7
PC9iPjwvZm9udD48YnIgLz48L3RkPjwvdHI+PC90YWJsZT48aHIgY2xhc3M9Imluc2VydCIgLz4K
CjxwPgogICAgICAgICAgVGhlIGZsb3cgaWxsdXN0cmF0ZWQgaW4gPGEgY2xhc3M9J2luZm8nIGhy
ZWY9JyNGaWd1cmUtMyc+RmlndXJlJm5ic3A7MzxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdp
bmZvJz5BdXRob3JpemF0aW9uIENvZGUgRmxvdzwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4gaW5j
bHVkZXMgdGhlIGZvbGxvd2luZyBzdGVwczoKICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIDwv
cD4KPGJsb2NrcXVvdGUgY2xhc3M9InRleHQiPjxkbD4KPGR0PihBKTwvZHQ+CjxkZD4KICAgICAg
ICAgICAgICBUaGUgY2xpZW50IGluaXRpYXRlcyB0aGUgZmxvdyBieSBkaXJlY3RpbmcgdGhlIHJl
c291cmNlIG93bmVyJ3MgdXNlci1hZ2VudCB0byB0aGUKICAgICAgICAgICAgICBhdXRob3JpemF0
aW9uIGVuZHBvaW50LiBUaGUgY2xpZW50IGluY2x1ZGVzIGl0cyBjbGllbnQgaWRlbnRpZmllciwg
cmVxdWVzdGVkCiAgICAgICAgICAgICAgc2NvcGUsIGxvY2FsIHN0YXRlLCBhbmQgYSByZWRpcmVj
dGlvbiBVUkkgdG8gd2hpY2ggdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHdpbGwgc2VuZAogICAg
ICAgICAgICAgIHRoZSB1c2VyLWFnZW50IGJhY2sgb25jZSBhY2Nlc3MgaXMgZ3JhbnRlZCAob3Ig
ZGVuaWVkKS4KICAgICAgICAgICAgCjwvZGQ+CjxkdD4oQik8L2R0Pgo8ZGQ+CiAgICAgICAgICAg
ICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGF1dGhlbnRpY2F0ZXMgdGhlIHJlc291cmNlIG93
bmVyICh2aWEgdGhlIHVzZXItYWdlbnQpIGFuZAogICAgICAgICAgICAgIGVzdGFibGlzaGVzIHdo
ZXRoZXIgdGhlIHJlc291cmNlIG93bmVyIGdyYW50cyBvciBkZW5pZXMgdGhlIGNsaWVudCdzIGFj
Y2VzcyByZXF1ZXN0LgogICAgICAgICAgICAKPC9kZD4KPGR0PihDKTwvZHQ+CjxkZD4KICAgICAg
ICAgICAgICBBc3N1bWluZyB0aGUgcmVzb3VyY2Ugb3duZXIgZ3JhbnRzIGFjY2VzcywgdGhlIGF1
dGhvcml6YXRpb24gc2VydmVyIHJlZGlyZWN0cyB0aGUKICAgICAgICAgICAgICB1c2VyLWFnZW50
IGJhY2sgdG8gdGhlIGNsaWVudCB1c2luZyB0aGUgcmVkaXJlY3Rpb24gVVJJIHByb3ZpZGVkIGVh
cmxpZXIgKGluIHRoZQogICAgICAgICAgICAgIHJlcXVlc3Qgb3IgZHVyaW5nIGNsaWVudCByZWdp
c3RyYXRpb24pLiBUaGUgcmVkaXJlY3Rpb24gVVJJIGluY2x1ZGVzIGFuIGF1dGhvcml6YXRpb24K
ICAgICAgICAgICAgICBjb2RlIGFuZCBhbnkgbG9jYWwgc3RhdGUgcHJvdmlkZWQgYnkgdGhlIGNs
aWVudCBlYXJsaWVyLgogICAgICAgICAgICAKPC9kZD4KPGR0PihEKTwvZHQ+CjxkZD4KICAgICAg
ICAgICAgICBUaGUgY2xpZW50IHJlcXVlc3RzIGFuIGFjY2VzcyB0b2tlbiBmcm9tIHRoZSBhdXRo
b3JpemF0aW9uIHNlcnZlcidzIHRva2VuIGVuZHBvaW50CiAgICAgICAgICAgICAgYnkgaW5jbHVk
aW5nIHRoZSBhdXRob3JpemF0aW9uIGNvZGUgcmVjZWl2ZWQgaW4gdGhlIHByZXZpb3VzIHN0ZXAu
IFdoZW4gbWFraW5nIHRoZQogICAgICAgICAgICAgIHJlcXVlc3QsIHRoZSBjbGllbnQgYXV0aGVu
dGljYXRlcyB3aXRoIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4gVGhlIGNsaWVudCBpbmNsdWRl
cwogICAgICAgICAgICAgIHRoZSByZWRpcmVjdGlvbiBVUkkgdXNlZCB0byBvYnRhaW4gdGhlIGF1
dGhvcml6YXRpb24gY29kZSBmb3IgdmVyaWZpY2F0aW9uLgogICAgICAgICAgICAKPC9kZD4KPGR0
PihFKTwvZHQ+CjxkZD4KICAgICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXV0
aGVudGljYXRlcyB0aGUgY2xpZW50LCB2YWxpZGF0ZXMgdGhlIGF1dGhvcml6YXRpb24gY29kZSwK
ICAgICAgICAgICAgICBhbmQgZW5zdXJlcyB0aGUgcmVkaXJlY3Rpb24gVVJJIHJlY2VpdmVkIG1h
dGNoZXMgdGhlIFVSSSB1c2VkIHRvIHJlZGlyZWN0IHRoZSBjbGllbnQKICAgICAgICAgICAgICBp
biBzdGVwIChDKS4gSWYgdmFsaWQsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciByZXNwb25kcyBi
YWNrIHdpdGggYW4gYWNjZXNzIHRva2VuCiAgICAgICAgICAgICAgYW5kIG9wdGlvbmFsbHksIGEg
cmVmcmVzaCB0b2tlbi4KICAgICAgICAgICAgCjwvZGQ+CjwvZGw+PC9ibG9ja3F1b3RlPjxwPgog
ICAgICAgIAo8L3A+CjxhIG5hbWU9ImNvZGUtYXV0aHotcmVxIj48L2E+PGJyIC8+PGhyIC8+Cjx0
YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xh
c3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9
IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZj
LnNlY3Rpb24uNC4xLjEiPjwvYT48aDM+NC4xLjEuJm5ic3A7CkF1dGhvcml6YXRpb24gUmVxdWVz
dDwvaDM+Cgo8cD4KICAgICAgICAgICAgVGhlIGNsaWVudCBjb25zdHJ1Y3RzIHRoZSByZXF1ZXN0
IFVSSSBieSBhZGRpbmcgdGhlIGZvbGxvd2luZyBwYXJhbWV0ZXJzIHRvIHRoZQogICAgICAgICAg
ICBxdWVyeSBjb21wb25lbnQgb2YgdGhlIGF1dGhvcml6YXRpb24gZW5kcG9pbnQgVVJJIHVzaW5n
IHRoZQogICAgICAgICAgICA8dHQ+YXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkPC90
dD4gZm9ybWF0IGFzIGRlZmluZWQgYnkKICAgICAgICAgICAgPGEgY2xhc3M9J2luZm8nIGhyZWY9
JyNXM0MuUkVDLWh0bWw0MDEtMTk5OTEyMjQnPltXM0MuUkVDJiM4MjA5O2h0bWw0MDEmIzgyMDk7
MTk5OTEyMjRdPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkhvcnMsIEEuLCBSYWdn
ZXR0LCBELiwgYW5kIEkuIEphY29icywgJmxkcXVvO0hUTUwgNC4wMSBTcGVjaWZpY2F0aW9uLCZy
ZHF1bzsgRGVjZW1iZXImbmJzcDsxOTk5Ljwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT46CiAgICAg
ICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgPC9wPgo8YmxvY2txdW90ZSBjbGFzcz0idGV4dCI+
PGRsPgo8ZHQ+cmVzcG9uc2VfdHlwZTwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgIAogICAgICAg
ICAgICAgICAgUkVRVUlSRUQuIFZhbHVlIE1VU1QgYmUgc2V0IHRvIDx0dD5jb2RlPC90dD4uCiAg
ICAgICAgICAgICAgCjwvZGQ+CjxkdD5jbGllbnRfaWQ8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAg
ICAKICAgICAgICAgICAgICAgIFJFUVVJUkVELiBUaGUgY2xpZW50IGlkZW50aWZpZXIgYXMgZGVz
Y3JpYmVkIGluCiAgICAgICAgICAgICAgICA8YSBjbGFzcz0naW5mbycgaHJlZj0nI2NsaWVudC1p
ZGVudGlmaWVyJz5TZWN0aW9uJm5ic3A7Mi4yPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2lu
Zm8nPkNsaWVudCBJZGVudGlmaWVyPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4KICAgICAgICAg
ICAgICAKPC9kZD4KPGR0PnJlZGlyZWN0X3VyaTwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgIAog
ICAgICAgICAgICAgICAgT1BUSU9OQUwuIEFzIGRlc2NyaWJlZCBpbiA8YSBjbGFzcz0naW5mbycg
aHJlZj0nI3JlZGlyZWN0LXVyaSc+U2VjdGlvbiZuYnNwOzMuMS4yPHNwYW4+ICg8L3NwYW4+PHNw
YW4gY2xhc3M9J2luZm8nPlJlZGlyZWN0aW9uIEVuZHBvaW50PC9zcGFuPjxzcGFuPik8L3NwYW4+
PC9hPi4KICAgICAgICAgICAgICAKPC9kZD4KPGR0PnNjb3BlPC9kdD4KPGRkPgogICAgICAgICAg
ICAgICAgCiAgICAgICAgICAgICAgICBPUFRJT05BTC4gVGhlIHNjb3BlIG9mIHRoZSBhY2Nlc3Mg
cmVxdWVzdCBhcyBkZXNjcmliZWQgYnkgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNzY29wZSc+U2Vj
dGlvbiZuYnNwOzMuMzxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5BY2Nlc3MgVG9r
ZW4gU2NvcGU8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LgogICAgICAgICAgICAgIAo8L2RkPgo8
ZHQ+c3RhdGU8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgIFJFQ09N
TUVOREVELiBBbiBvcGFxdWUgdmFsdWUgdXNlZCBieSB0aGUgY2xpZW50IHRvIG1haW50YWluIHN0
YXRlIGJldHdlZW4gdGhlIHJlcXVlc3QKICAgICAgICAgICAgICAgIGFuZCBjYWxsYmFjay4gVGhl
IGF1dGhvcml6YXRpb24gc2VydmVyIGluY2x1ZGVzIHRoaXMgdmFsdWUgd2hlbiByZWRpcmVjdGlu
ZyB0aGUKICAgICAgICAgICAgICAgIHVzZXItYWdlbnQgYmFjayB0byB0aGUgY2xpZW50LiBUaGUg
cGFyYW1ldGVyIFNIT1VMRCBiZSB1c2VkIGZvciBwcmV2ZW50aW5nCiAgICAgICAgICAgICAgICBj
cm9zcy1zaXRlIHJlcXVlc3QgZm9yZ2VyeSBhcyBkZXNjcmliZWQgaW4gPGEgY2xhc3M9J2luZm8n
IGhyZWY9JyNDU1JGJz5TZWN0aW9uJm5ic3A7MTAuMTI8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFz
cz0naW5mbyc+Q3Jvc3MtU2l0ZSBSZXF1ZXN0IEZvcmdlcnk8L3NwYW4+PHNwYW4+KTwvc3Bhbj48
L2E+LgogICAgICAgICAgICAgIAo8L2RkPgo8L2RsPjwvYmxvY2txdW90ZT48cD4KICAgICAgICAg
IAo8L3A+CjxwPgogICAgICAgICAgICBUaGUgY2xpZW50IGRpcmVjdHMgdGhlIHJlc291cmNlIG93
bmVyIHRvIHRoZSBjb25zdHJ1Y3RlZCBVUkkgdXNpbmcgYW4gSFRUUCByZWRpcmVjdGlvbgogICAg
ICAgICAgICByZXNwb25zZSwgb3IgYnkgb3RoZXIgbWVhbnMgYXZhaWxhYmxlIHRvIGl0IHZpYSB0
aGUgdXNlci1hZ2VudC4KICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICAgIEZvciBleGFt
cGxlLCB0aGUgY2xpZW50IGRpcmVjdHMgdGhlIHVzZXItYWdlbnQgdG8gbWFrZSB0aGUgZm9sbG93
aW5nIEhUVFAgcmVxdWVzdAogICAgICAgICAgICAgIHVzaW5nIFRMUyAoZXh0cmEgbGluZSBicmVh
a3MgYXJlIGZvciBkaXNwbGF5IHB1cnBvc2VzIG9ubHkpOgogICAgICAgICAgICAKPC9wPjxkaXYg
c3R5bGU9J2Rpc3BsYXk6IHRhYmxlOyB3aWR0aDogMDsgbWFyZ2luLWxlZnQ6IDNlbTsgbWFyZ2lu
LXJpZ2h0OiBhdXRvJz48cHJlPgoKICBHRVQgL2F1dGhvcml6ZT9yZXNwb25zZV90eXBlPWNvZGUm
YW1wO2NsaWVudF9pZD1zNkJoZFJrcXQzJmFtcDtzdGF0ZT14eXoKICAgICAgJmFtcDtyZWRpcmVj
dF91cmk9aHR0cHMlM0ElMkYlMkZjbGllbnQlMkVleGFtcGxlJTJFY29tJTJGY2IgSFRUUC8xLjEK
ICBIb3N0OiBzZXJ2ZXIuZXhhbXBsZS5jb20KCjwvcHJlPjwvZGl2Pgo8cD4KICAgICAgICAgICAg
VGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHZhbGlkYXRlcyB0aGUgcmVxdWVzdCB0byBlbnN1cmUg
YWxsIHJlcXVpcmVkIHBhcmFtZXRlcnMgYXJlCiAgICAgICAgICAgIHByZXNlbnQgYW5kIHZhbGlk
LiBJZiB0aGUgcmVxdWVzdCBpcyB2YWxpZCwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGF1dGhl
bnRpY2F0ZXMgdGhlCiAgICAgICAgICAgIHJlc291cmNlIG93bmVyIGFuZCBvYnRhaW5zIGFuIGF1
dGhvcml6YXRpb24gZGVjaXNpb24gKGJ5IGFza2luZyB0aGUgcmVzb3VyY2Ugb3duZXIgb3IKICAg
ICAgICAgICAgYnkgZXN0YWJsaXNoaW5nIGFwcHJvdmFsIHZpYSBvdGhlciBtZWFucykuCiAgICAg
ICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgV2hlbiBhIGRlY2lzaW9uIGlzIGVzdGFibGlzaGVk
LCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgZGlyZWN0cyB0aGUgdXNlci1hZ2VudCB0byB0aGUK
ICAgICAgICAgICAgcHJvdmlkZWQgY2xpZW50IHJlZGlyZWN0aW9uIFVSSSB1c2luZyBhbiBIVFRQ
IHJlZGlyZWN0aW9uIHJlc3BvbnNlLCBvciBieSBvdGhlciBtZWFucwogICAgICAgICAgICBhdmFp
bGFibGUgdG8gaXQgdmlhIHRoZSB1c2VyLWFnZW50LgogICAgICAgICAgCjwvcD4KPGEgbmFtZT0i
YW5jaG9yMjgiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBh
ZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0
cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwv
dGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi40LjEuMiI+PC9hPjxoMz40LjEu
Mi4mbmJzcDsKQXV0aG9yaXphdGlvbiBSZXNwb25zZTwvaDM+Cgo8cD4KICAgICAgICAgICAgSWYg
dGhlIHJlc291cmNlIG93bmVyIGdyYW50cyB0aGUgYWNjZXNzIHJlcXVlc3QsIHRoZSBhdXRob3Jp
emF0aW9uIHNlcnZlciBpc3N1ZXMgYW4KICAgICAgICAgICAgYXV0aG9yaXphdGlvbiBjb2RlIGFu
ZCBkZWxpdmVycyBpdCB0byB0aGUgY2xpZW50IGJ5IGFkZGluZyB0aGUgZm9sbG93aW5nIHBhcmFt
ZXRlcnMgdG8KICAgICAgICAgICAgdGhlIHF1ZXJ5IGNvbXBvbmVudCBvZiB0aGUgcmVkaXJlY3Rp
b24gVVJJIHVzaW5nIHRoZQogICAgICAgICAgICA8dHQ+YXBwbGljYXRpb24veC13d3ctZm9ybS11
cmxlbmNvZGVkPC90dD4gZm9ybWF0OgogICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgIDwv
cD4KPGJsb2NrcXVvdGUgY2xhc3M9InRleHQiPjxkbD4KPGR0PmNvZGU8L2R0Pgo8ZGQ+CiAgICAg
ICAgICAgICAgICAKICAgICAgICAgICAgICAgIFJFUVVJUkVELiBUaGUgYXV0aG9yaXphdGlvbiBj
b2RlIGdlbmVyYXRlZCBieSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuIFRoZQogICAgICAgICAg
ICAgICAgYXV0aG9yaXphdGlvbiBjb2RlIE1VU1QgZXhwaXJlIHNob3J0bHkgYWZ0ZXIgaXQgaXMg
aXNzdWVkIHRvIG1pdGlnYXRlIHRoZSByaXNrIG9mCiAgICAgICAgICAgICAgICBsZWFrcy4gQSBt
YXhpbXVtIGF1dGhvcml6YXRpb24gY29kZSBsaWZldGltZSBvZiAxMCBtaW51dGVzIGlzIFJFQ09N
TUVOREVELiBUaGUKICAgICAgICAgICAgICAgIGNsaWVudCBNVVNUIE5PVCB1c2UgdGhlIGF1dGhv
cml6YXRpb24gY29kZSBtb3JlIHRoYW4gb25jZS4gSWYgYW4gYXV0aG9yaXphdGlvbiBjb2RlCiAg
ICAgICAgICAgICAgICBpcyB1c2VkIG1vcmUgdGhhbiBvbmNlLCB0aGUgYXV0aG9yaXphdGlvbiBz
ZXJ2ZXIgTVVTVCBkZW55IHRoZSByZXF1ZXN0IGFuZCBTSE9VTEQKICAgICAgICAgICAgICAgIHJl
dm9rZSAod2hlbiBwb3NzaWJsZSkgYWxsIHRva2VucyBwcmV2aW91c2x5IGlzc3VlZCBiYXNlZCBv
biB0aGF0IGF1dGhvcml6YXRpb24KICAgICAgICAgICAgICAgIGNvZGUuIFRoZSBhdXRob3JpemF0
aW9uIGNvZGUgaXMgYm91bmQgdG8gdGhlIGNsaWVudCBpZGVudGlmaWVyIGFuZCByZWRpcmVjdGlv
biBVUkkuCiAgICAgICAgICAgICAgCjwvZGQ+CjxkdD5zdGF0ZTwvZHQ+CjxkZD4KICAgICAgICAg
ICAgICAgIAogICAgICAgICAgICAgICAgUkVRVUlSRUQgaWYgdGhlIDx0dD5zdGF0ZTwvdHQ+IHBh
cmFtZXRlciB3YXMgcHJlc2VudCBpbiB0aGUKICAgICAgICAgICAgICAgIGNsaWVudCBhdXRob3Jp
emF0aW9uIHJlcXVlc3QuIFRoZSBleGFjdCB2YWx1ZSByZWNlaXZlZCBmcm9tIHRoZSBjbGllbnQu
CiAgICAgICAgICAgICAgCjwvZGQ+CjwvZGw+PC9ibG9ja3F1b3RlPjxwPgogICAgICAgICAgCjwv
cD4KPHA+CiAgICAgICAgICAgICAgRm9yIGV4YW1wbGUsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZl
ciByZWRpcmVjdHMgdGhlIHVzZXItYWdlbnQgYnkgc2VuZGluZyB0aGUKICAgICAgICAgICAgICBm
b2xsb3dpbmcgSFRUUCByZXNwb25zZToKICAgICAgICAgICAgCjwvcD48ZGl2IHN0eWxlPSdkaXNw
bGF5OiB0YWJsZTsgd2lkdGg6IDA7IG1hcmdpbi1sZWZ0OiAzZW07IG1hcmdpbi1yaWdodDogYXV0
byc+PHByZT4KCiAgSFRUUC8xLjEgMzAyIEZvdW5kCiAgTG9jYXRpb246IGh0dHBzOi8vY2xpZW50
LmV4YW1wbGUuY29tL2NiP2NvZGU9U3BseGxPQmVaUVFZYllTNld4U2JJQQogICAgICAgICAgICAm
YW1wO3N0YXRlPXh5egoKPC9wcmU+PC9kaXY+CjxwPgogICAgICAgICAgICBUaGUgY2xpZW50IE1V
U1QgaWdub3JlIHVucmVjb2duaXplZCByZXNwb25zZSBwYXJhbWV0ZXJzLiBUaGUgYXV0aG9yaXph
dGlvbiBjb2RlCiAgICAgICAgICAgIHN0cmluZyBzaXplIGlzIGxlZnQgdW5kZWZpbmVkIGJ5IHRo
aXMgc3BlY2lmaWNhdGlvbi4gVGhlIGNsaWVudCBzaG91bGQgYXZvaWQgbWFraW5nCiAgICAgICAg
ICAgIGFzc3VtcHRpb25zIGFib3V0IGNvZGUgdmFsdWUgc2l6ZXMuIFRoZSBhdXRob3JpemF0aW9u
IHNlcnZlciBTSE9VTEQgZG9jdW1lbnQgdGhlIHNpemUKICAgICAgICAgICAgb2YgYW55IHZhbHVl
IGl0IGlzc3Vlcy4KICAgICAgICAgIAo8L3A+CjxhIG5hbWU9ImNvZGUtYXV0aHotZXJyb3IiPjwv
YT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNl
bGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9
IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3Rh
YmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi40LjEuMi4xIj48L2E+PGgzPjQuMS4yLjEuJm5ic3A7
CkVycm9yIFJlc3BvbnNlPC9oMz4KCjxwPgogICAgICAgICAgICAgIElmIHRoZSByZXF1ZXN0IGZh
aWxzIGR1ZSB0byBhIG1pc3NpbmcsIGludmFsaWQsIG9yIG1pc21hdGNoaW5nIHJlZGlyZWN0aW9u
IFVSSSwgb3IgaWYKICAgICAgICAgICAgICB0aGUgY2xpZW50IGlkZW50aWZpZXIgaXMgbWlzc2lu
ZyBvciBpbnZhbGlkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgU0hPVUxEIGluZm9ybQogICAg
ICAgICAgICAgIHRoZSByZXNvdXJjZSBvd25lciBvZiB0aGUgZXJyb3IsIGFuZCBNVVNUIE5PVCBh
dXRvbWF0aWNhbGx5IHJlZGlyZWN0IHRoZSB1c2VyLWFnZW50CiAgICAgICAgICAgICAgdG8gdGhl
IGludmFsaWQgcmVkaXJlY3Rpb24gVVJJLgogICAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAg
ICAgICBJZiB0aGUgcmVzb3VyY2Ugb3duZXIgZGVuaWVzIHRoZSBhY2Nlc3MgcmVxdWVzdCBvciBp
ZiB0aGUgcmVxdWVzdCBmYWlscyBmb3IgcmVhc29ucwogICAgICAgICAgICAgIG90aGVyIHRoYW4g
YSBtaXNzaW5nIG9yIGludmFsaWQgcmVkaXJlY3Rpb24gVVJJLCB0aGUgYXV0aG9yaXphdGlvbiBz
ZXJ2ZXIgaW5mb3JtcyB0aGUKICAgICAgICAgICAgICBjbGllbnQgYnkgYWRkaW5nIHRoZSBmb2xs
b3dpbmcgcGFyYW1ldGVycyB0byB0aGUgcXVlcnkgY29tcG9uZW50IG9mIHRoZSByZWRpcmVjdGlv
bgogICAgICAgICAgICAgIFVSSSB1c2luZyB0aGUgPHR0PmFwcGxpY2F0aW9uL3gtd3d3LWZvcm0t
dXJsZW5jb2RlZDwvdHQ+IGZvcm1hdDoKICAgICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAg
ICAgPC9wPgo8YmxvY2txdW90ZSBjbGFzcz0idGV4dCI+PGRsPgo8ZHQ+ZXJyb3I8L2R0Pgo8ZGQ+
CiAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICBSRVFVSVJFRC4gQSBzaW5nbGUg
QVNDSUkgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNVU0FTQ0lJJz5bVVNBU0NJSV08c3Bhbj4gKDwv
c3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+QW1lcmljYW4gTmF0aW9uYWwgU3RhbmRhcmRzIEluc3Rp
dHV0ZSwgJmxkcXVvO0NvZGVkIENoYXJhY3RlciBTZXQgLS0gNy1iaXQgQW1lcmljYW4gU3RhbmRh
cmQgQ29kZSBmb3IgSW5mb3JtYXRpb24gSW50ZXJjaGFuZ2UsJnJkcXVvOyAxOTg2Ljwvc3Bhbj48
c3Bhbj4pPC9zcGFuPjwvYT4gZXJyb3IgY29kZSBmcm9tIHRoZSBmb2xsb3dpbmc6CgogICAgICAg
ICAgICAgICAgICAKPGJsb2NrcXVvdGUgY2xhc3M9InRleHQiPjxkbD4KPGR0PmludmFsaWRfcmVx
dWVzdDwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAg
ICAgVGhlIHJlcXVlc3QgaXMgbWlzc2luZyBhIHJlcXVpcmVkIHBhcmFtZXRlciwgaW5jbHVkZXMg
YW4gaW52YWxpZAogICAgICAgICAgICAgICAgICAgICAgcGFyYW1ldGVyIHZhbHVlLCBpbmNsdWRl
cyBhIHBhcmFtZXRlciBtb3JlIHRoYW4gb25jZSwgb3IgaXMgb3RoZXJ3aXNlCiAgICAgICAgICAg
ICAgICAgICAgICBtYWxmb3JtZWQuCiAgICAgICAgICAgICAgICAgICAgCjwvZGQ+CjxkdD51bmF1
dGhvcml6ZWRfY2xpZW50PC9kdD4KPGRkPgogICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAg
ICAgICAgICAgICAgICBUaGUgY2xpZW50IGlzIG5vdCBhdXRob3JpemVkIHRvIHJlcXVlc3QgYW4g
YXV0aG9yaXphdGlvbiBjb2RlIHVzaW5nIHRoaXMKICAgICAgICAgICAgICAgICAgICAgIG1ldGhv
ZC4KICAgICAgICAgICAgICAgICAgICAKPC9kZD4KPGR0PmFjY2Vzc19kZW5pZWQ8L2R0Pgo8ZGQ+
CiAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgIFRoZSByZXNvdXJj
ZSBvd25lciBvciBhdXRob3JpemF0aW9uIHNlcnZlciBkZW5pZWQgdGhlIHJlcXVlc3QuCiAgICAg
ICAgICAgICAgICAgICAgCjwvZGQ+CjxkdD51bnN1cHBvcnRlZF9yZXNwb25zZV90eXBlPC9kdD4K
PGRkPgogICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICBUaGUgYXV0
aG9yaXphdGlvbiBzZXJ2ZXIgZG9lcyBub3Qgc3VwcG9ydCBvYnRhaW5pbmcgYW4gYXV0aG9yaXph
dGlvbiBjb2RlCiAgICAgICAgICAgICAgICAgICAgICB1c2luZyB0aGlzIG1ldGhvZC4KICAgICAg
ICAgICAgICAgICAgICAKPC9kZD4KPGR0PmludmFsaWRfc2NvcGU8L2R0Pgo8ZGQ+CiAgICAgICAg
ICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgIFRoZSByZXF1ZXN0ZWQgc2NvcGUg
aXMgaW52YWxpZCwgdW5rbm93biwgb3IgbWFsZm9ybWVkLgogICAgICAgICAgICAgICAgICAgIAo8
L2RkPgo8ZHQ+c2VydmVyX2Vycm9yPC9kdD4KPGRkPgogICAgICAgICAgICAgICAgICAgICAgCiAg
ICAgICAgICAgICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgZW5jb3VudGVyZWQg
YW4gdW5leHBlY3RlZCBjb25kaXRpb24gd2hpY2ggcHJldmVudGVkCiAgICAgICAgICAgICAgICAg
ICAgICBpdCBmcm9tIGZ1bGZpbGxpbmcgdGhlIHJlcXVlc3QuCiAgICAgICAgICAgICAgICAgICAg
CjwvZGQ+CjxkdD50ZW1wb3JhcmlseV91bmF2YWlsYWJsZTwvZHQ+CjxkZD4KICAgICAgICAgICAg
ICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVy
IGlzIGN1cnJlbnRseSB1bmFibGUgdG8gaGFuZGxlIHRoZSByZXF1ZXN0IGR1ZSB0byBhCiAgICAg
ICAgICAgICAgICAgICAgICB0ZW1wb3Jhcnkgb3ZlcmxvYWRpbmcgb3IgbWFpbnRlbmFuY2Ugb2Yg
dGhlIHNlcnZlci4KICAgICAgICAgICAgICAgICAgICAKPC9kZD4KPC9kbD48L2Jsb2NrcXVvdGU+
CgoJCSAgVmFsdWVzIGZvciB0aGUgPHR0PmVycm9yPC90dD4gcGFyYW1ldGVyIE1VU1QgTk9UIGlu
Y2x1ZGUKCQkgIGNoYXJhY3RlcnMgb3V0c2lkZSB0aGUgc2V0ICV4MjAtMjEgLyAleDIzLTVCIC8g
JXg1RC03RS4KICAgICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+ZXJyb3JfZGVzY3JpcHRpb248L2R0
Pgo8ZGQ+CiAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICBPUFRJT05BTC4gQSBo
dW1hbi1yZWFkYWJsZSBBU0NJSSA8YSBjbGFzcz0naW5mbycgaHJlZj0nI1VTQVNDSUknPltVU0FT
Q0lJXTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5BbWVyaWNhbiBOYXRpb25hbCBT
dGFuZGFyZHMgSW5zdGl0dXRlLCAmbGRxdW87Q29kZWQgQ2hhcmFjdGVyIFNldCAtLSA3LWJpdCBB
bWVyaWNhbiBTdGFuZGFyZCBDb2RlIGZvciBJbmZvcm1hdGlvbiBJbnRlcmNoYW5nZSwmcmRxdW87
IDE5ODYuPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPiB0ZXh0IHByb3ZpZGluZyBhZGRpdGlvbmFs
IGluZm9ybWF0aW9uLAogICAgICAgICAgICAgICAgICB1c2VkIHRvIGFzc2lzdCB0aGUgY2xpZW50
IGRldmVsb3BlciBpbiB1bmRlcnN0YW5kaW5nIHRoZSBlcnJvciB0aGF0IG9jY3VycmVkLgoJCSAg
PGJyIC8+CgoJCSAgVmFsdWVzIGZvciB0aGUgPHR0PmVycm9yX2Rlc2NyaXB0aW9uPC90dD4gcGFy
YW1ldGVyIE1VU1QgTk9UIGluY2x1ZGUKCQkgIGNoYXJhY3RlcnMgb3V0c2lkZSB0aGUgc2V0ICV4
MjAtMjEgLyAleDIzLTVCIC8gJXg1RC03RS4KICAgICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+ZXJy
b3JfdXJpPC9kdD4KPGRkPgogICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgT1BU
SU9OQUwuIEEgVVJJIGlkZW50aWZ5aW5nIGEgaHVtYW4tcmVhZGFibGUgd2ViIHBhZ2Ugd2l0aCBp
bmZvcm1hdGlvbiBhYm91dCB0aGUKICAgICAgICAgICAgICAgICAgZXJyb3IsIHVzZWQgdG8gcHJv
dmlkZSB0aGUgY2xpZW50IGRldmVsb3BlciB3aXRoIGFkZGl0aW9uYWwgaW5mb3JtYXRpb24gYWJv
dXQgdGhlCiAgICAgICAgICAgICAgICAgIGVycm9yLgoJCSAgPGJyIC8+CgoJCSAgVmFsdWVzIGZv
ciB0aGUgPHR0PmVycm9yX3VyaTwvdHQ+IHBhcmFtZXRlcgoJCSAgTVVTVCBjb25mb3JtIHRvIHRo
ZSBVUkktUmVmZXJlbmNlIHN5bnRheCwgYW5kIHRodXMgTVVTVCBOT1QgaW5jbHVkZQoJCSAgY2hh
cmFjdGVycyBvdXRzaWRlIHRoZSBzZXQgJXgyMSAvICV4MjMtNUIgLyAleDVELTdFLgogICAgICAg
ICAgICAgICAgCjwvZGQ+CjxkdD5zdGF0ZTwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgICAgCiAg
ICAgICAgICAgICAgICAgIFJFUVVJUkVEIGlmIGEgPHR0PnN0YXRlPC90dD4gcGFyYW1ldGVyIHdh
cyBwcmVzZW50IGluIHRoZQogICAgICAgICAgICAgICAgICBjbGllbnQgYXV0aG9yaXphdGlvbiBy
ZXF1ZXN0LiBUaGUgZXhhY3QgdmFsdWUgcmVjZWl2ZWQgZnJvbSB0aGUgY2xpZW50LgogICAgICAg
ICAgICAgICAgCjwvZGQ+CjwvZGw+PC9ibG9ja3F1b3RlPjxwPgogICAgICAgICAgICAKPC9wPgo8
cD4KICAgICAgICAgICAgICAgIEZvciBleGFtcGxlLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIg
cmVkaXJlY3RzIHRoZSB1c2VyLWFnZW50IGJ5IHNlbmRpbmcgdGhlCiAgICAgICAgICAgICAgICBm
b2xsb3dpbmcgSFRUUCByZXNwb25zZToKICAgICAgICAgICAgICAKPC9wPjxkaXYgc3R5bGU9J2Rp
c3BsYXk6IHRhYmxlOyB3aWR0aDogMDsgbWFyZ2luLWxlZnQ6IDNlbTsgbWFyZ2luLXJpZ2h0OiBh
dXRvJz48cHJlPgoKICBIVFRQLzEuMSAzMDIgRm91bmQKICBMb2NhdGlvbjogaHR0cHM6Ly9jbGll
bnQuZXhhbXBsZS5jb20vY2I/ZXJyb3I9YWNjZXNzX2RlbmllZCZhbXA7c3RhdGU9eHl6Cgo8L3By
ZT48L2Rpdj4KPGEgbmFtZT0iYW5jaG9yMjkiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1h
cnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVn
IiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5i
c3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi40
LjEuMyI+PC9hPjxoMz40LjEuMy4mbmJzcDsKQWNjZXNzIFRva2VuIFJlcXVlc3Q8L2gzPgoKPHA+
CiAgICAgICAgICAgIFRoZSBjbGllbnQgbWFrZXMgYSByZXF1ZXN0IHRvIHRoZSB0b2tlbiBlbmRw
b2ludCBieSBhZGRpbmcgdGhlIGZvbGxvd2luZyBwYXJhbWV0ZXJzCiAgICAgICAgICAgIHVzaW5n
IHRoZSA8dHQ+YXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkPC90dD4gZm9ybWF0IGlu
IHRoZQogICAgICAgICAgICBIVFRQIHJlcXVlc3QgZW50aXR5LWJvZHk6CiAgICAgICAgICAKPC9w
Pgo8cD4KICAgICAgICAgICAgPC9wPgo8YmxvY2txdW90ZSBjbGFzcz0idGV4dCI+PGRsPgo8ZHQ+
Z3JhbnRfdHlwZTwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgUkVR
VUlSRUQuIFZhbHVlIE1VU1QgYmUgc2V0IHRvIDx0dD5hdXRob3JpemF0aW9uX2NvZGU8L3R0Pi4K
ICAgICAgICAgICAgICAKPC9kZD4KPGR0PmNvZGU8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAK
ICAgICAgICAgICAgICAgIFJFUVVJUkVELiBUaGUgYXV0aG9yaXphdGlvbiBjb2RlIHJlY2VpdmVk
IGZyb20gdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLgogICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+
cmVkaXJlY3RfdXJpPC9kdD4KPGRkPgogICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBS
RVFVSVJFRCwgaWYgdGhlIDx0dD5yZWRpcmVjdF91cmk8L3R0PiBwYXJhbWV0ZXIgd2FzIGluY2x1
ZGVkIGluCiAgICAgICAgICAgICAgICB0aGUgYXV0aG9yaXphdGlvbiByZXF1ZXN0IGFzIGRlc2Ny
aWJlZCBpbiA8YSBjbGFzcz0naW5mbycgaHJlZj0nI2NvZGUtYXV0aHotcmVxJz5TZWN0aW9uJm5i
c3A7NC4xLjE8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+QXV0aG9yaXphdGlvbiBS
ZXF1ZXN0PC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPiwgYW5kCiAgICAgICAgICAgICAgICB0aGVp
ciB2YWx1ZXMgTVVTVCBiZSBpZGVudGljYWwuCiAgICAgICAgICAgICAgCjwvZGQ+CjwvZGw+PC9i
bG9ja3F1b3RlPjxwPgogICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgIElmIHRoZSBjbGll
bnQgdHlwZSBpcyBjb25maWRlbnRpYWwgb3IgdGhlIGNsaWVudCB3YXMgaXNzdWVkIGNsaWVudCBj
cmVkZW50aWFscyAob3IKICAgICAgICAgICAgYXNzaWduZWQgb3RoZXIgYXV0aGVudGljYXRpb24g
cmVxdWlyZW1lbnRzKSwgdGhlIGNsaWVudCBNVVNUIGF1dGhlbnRpY2F0ZSB3aXRoIHRoZQogICAg
ICAgICAgICBhdXRob3JpemF0aW9uIHNlcnZlciBhcyBkZXNjcmliZWQgaW4gPGEgY2xhc3M9J2lu
Zm8nIGhyZWY9JyN0b2tlbi1lbmRwb2ludC1hdXRoJz5TZWN0aW9uJm5ic3A7My4yLjE8c3Bhbj4g
KDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+Q2xpZW50IEF1dGhlbnRpY2F0aW9uPC9zcGFuPjxz
cGFuPik8L3NwYW4+PC9hPi4KICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICAgIEZvciBl
eGFtcGxlLCB0aGUgY2xpZW50IG1ha2VzIHRoZSBmb2xsb3dpbmcgSFRUUCByZXF1ZXN0IHVzaW5n
IFRMUyAoZXh0cmEgbGluZSBicmVha3MKICAgICAgICAgICAgICBhcmUgZm9yIGRpc3BsYXkgcHVy
cG9zZXMgb25seSk6CiAgICAgICAgICAgIAo8L3A+PGRpdiBzdHlsZT0nZGlzcGxheTogdGFibGU7
IHdpZHRoOiAwOyBtYXJnaW4tbGVmdDogM2VtOyBtYXJnaW4tcmlnaHQ6IGF1dG8nPjxwcmU+Cgog
IFBPU1QgL3Rva2VuIEhUVFAvMS4xCiAgSG9zdDogc2VydmVyLmV4YW1wbGUuY29tCiAgQXV0aG9y
aXphdGlvbjogQmFzaWMgY3paQ2FHUlNhM0YwTXpwbldERm1RbUYwTTJKVwogIENvbnRlbnQtVHlw
ZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkO2NoYXJzZXQ9VVRGLTgKCiAgZ3Jh
bnRfdHlwZT1hdXRob3JpemF0aW9uX2NvZGUmYW1wO2NvZGU9U3BseGxPQmVaUVFZYllTNld4U2JJ
QQogICZhbXA7cmVkaXJlY3RfdXJpPWh0dHBzJTNBJTJGJTJGY2xpZW50JTJFZXhhbXBsZSUyRWNv
bSUyRmNiCgo8L3ByZT48L2Rpdj4KPHA+CiAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNl
cnZlciBNVVNUOgogICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgIDwvcD4KPHVsIGNsYXNz
PSJ0ZXh0Ij4KPGxpPgogICAgICAgICAgICAgICAgcmVxdWlyZSBjbGllbnQgYXV0aGVudGljYXRp
b24gZm9yIGNvbmZpZGVudGlhbCBjbGllbnRzIG9yIGZvciBhbnkgY2xpZW50IHRoYXQgd2FzCiAg
ICAgICAgICAgICAgICBpc3N1ZWQgY2xpZW50IGNyZWRlbnRpYWxzIChvciB3aXRoIG90aGVyIGF1
dGhlbnRpY2F0aW9uIHJlcXVpcmVtZW50cyksCiAgICAgICAgICAgICAgCjwvbGk+CjxsaT4KICAg
ICAgICAgICAgICAgIGF1dGhlbnRpY2F0ZSB0aGUgY2xpZW50IGlmIGNsaWVudCBhdXRoZW50aWNh
dGlvbiBpcyBpbmNsdWRlZCBhbmQgZW5zdXJlIHRoZQogICAgICAgICAgICAgICAgYXV0aG9yaXph
dGlvbiBjb2RlIHdhcyBpc3N1ZWQgdG8gdGhlIGF1dGhlbnRpY2F0ZWQgY2xpZW50LAogICAgICAg
ICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICB2ZXJpZnkgdGhhdCB0aGUgYXV0aG9y
aXphdGlvbiBjb2RlIGlzIHZhbGlkLCBhbmQKICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAg
ICAgICAgICAgICAgZW5zdXJlIHRoYXQgdGhlIDx0dD5yZWRpcmVjdF91cmk8L3R0PiBwYXJhbWV0
ZXIgaXMgcHJlc2VudCBpZgogICAgICAgICAgICAgICAgdGhlIDx0dD5yZWRpcmVjdF91cmk8L3R0
PiBwYXJhbWV0ZXIgd2FzIGluY2x1ZGVkIGluIHRoZSBpbml0aWFsCiAgICAgICAgICAgICAgICBh
dXRob3JpemF0aW9uIHJlcXVlc3QgYXMgZGVzY3JpYmVkIGluIDxhIGNsYXNzPSdpbmZvJyBocmVm
PScjY29kZS1hdXRoei1yZXEnPlNlY3Rpb24mbmJzcDs0LjEuMTxzcGFuPiAoPC9zcGFuPjxzcGFu
IGNsYXNzPSdpbmZvJz5BdXRob3JpemF0aW9uIFJlcXVlc3Q8L3NwYW4+PHNwYW4+KTwvc3Bhbj48
L2E+LCBhbmQgaWYKICAgICAgICAgICAgICAgIGluY2x1ZGVkIGVuc3VyZSB0aGVpciB2YWx1ZXMg
YXJlIGlkZW50aWNhbC4KICAgICAgICAgICAgICAKPC9saT4KPC91bD48cD4KICAgICAgICAgIAo8
L3A+CjxhIG5hbWU9ImFuY2hvcjMwIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJs
YXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxp
Z249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RP
QyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uNC4xLjQi
PjwvYT48aDM+NC4xLjQuJm5ic3A7CkFjY2VzcyBUb2tlbiBSZXNwb25zZTwvaDM+Cgo8cD4KICAg
ICAgICAgICAgSWYgdGhlIGFjY2VzcyB0b2tlbiByZXF1ZXN0IGlzIHZhbGlkIGFuZCBhdXRob3Jp
emVkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgaXNzdWVzIGFuCiAgICAgICAgICAgIGFjY2Vz
cyB0b2tlbiBhbmQgb3B0aW9uYWwgcmVmcmVzaCB0b2tlbiBhcyBkZXNjcmliZWQgaW4gPGEgY2xh
c3M9J2luZm8nIGhyZWY9JyN0b2tlbi1yZXNwb25zZSc+U2VjdGlvbiZuYnNwOzUuMTxzcGFuPiAo
PC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5TdWNjZXNzZnVsIFJlc3BvbnNlPC9zcGFuPjxzcGFu
Pik8L3NwYW4+PC9hPi4KICAgICAgICAgICAgSWYgdGhlIHJlcXVlc3QgY2xpZW50IGF1dGhlbnRp
Y2F0aW9uIGZhaWxlZCBvciBpcyBpbnZhbGlkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgcmV0
dXJucwogICAgICAgICAgICBhbiBlcnJvciByZXNwb25zZSBhcyBkZXNjcmliZWQgaW4gPGEgY2xh
c3M9J2luZm8nIGhyZWY9JyN0b2tlbi1lcnJvcnMnPlNlY3Rpb24mbmJzcDs1LjI8c3Bhbj4gKDwv
c3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+RXJyb3IgUmVzcG9uc2U8L3NwYW4+PHNwYW4+KTwvc3Bh
bj48L2E+LgogICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgICAgQW4gZXhhbXBsZSBzdWNj
ZXNzZnVsIHJlc3BvbnNlOgogICAgICAgICAgICAKPC9wPjxkaXYgc3R5bGU9J2Rpc3BsYXk6IHRh
YmxlOyB3aWR0aDogMDsgbWFyZ2luLWxlZnQ6IDNlbTsgbWFyZ2luLXJpZ2h0OiBhdXRvJz48cHJl
PgoKICBIVFRQLzEuMSAyMDAgT0sKICBDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb247Y2hh
cnNldD1VVEYtOAogIENhY2hlLUNvbnRyb2w6IG5vLXN0b3JlCiAgUHJhZ21hOiBuby1jYWNoZQoK
ICB7CiAgICAiYWNjZXNzX3Rva2VuIjoiMllvdG5GWkZFanIxekNzaWNNV3BBQSIsCiAgICAidG9r
ZW5fdHlwZSI6ImV4YW1wbGUiLAogICAgImV4cGlyZXNfaW4iOjM2MDAsCiAgICAicmVmcmVzaF90
b2tlbiI6InRHenYzSk9rRjBYRzVReDJUbEtXSUEiLAogICAgImV4YW1wbGVfcGFyYW1ldGVyIjoi
ZXhhbXBsZV92YWx1ZSIKICB9Cgo8L3ByZT48L2Rpdj4KPGEgbmFtZT0iZ3JhbnQtaW1wbGljaXQi
PjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAi
IGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xh
c3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48
L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi40LjIiPjwvYT48aDM+NC4yLiZuYnNwOwpJbXBs
aWNpdCBHcmFudDwvaDM+Cgo8cD4KICAgICAgICAgIFRoZSBpbXBsaWNpdCBncmFudCB0eXBlIGlz
IHVzZWQgdG8gb2J0YWluIGFjY2VzcyB0b2tlbnMgKGl0IGRvZXMgbm90IHN1cHBvcnQgdGhlIGlz
c3VhbmNlCiAgICAgICAgICBvZiByZWZyZXNoIHRva2VucykgYW5kIGlzIG9wdGltaXplZCBmb3Ig
cHVibGljIGNsaWVudHMga25vd24gdG8gb3BlcmF0ZSBhIHBhcnRpY3VsYXIKICAgICAgICAgIHJl
ZGlyZWN0aW9uIFVSSS4gVGhlc2UgY2xpZW50cyBhcmUgdHlwaWNhbGx5IGltcGxlbWVudGVkIGlu
IGEgYnJvd3NlciB1c2luZyBhIHNjcmlwdGluZwogICAgICAgICAgbGFuZ3VhZ2Ugc3VjaCBhcyBK
YXZhU2NyaXB0LgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgQXMgYSByZWRpcmVjdGlvbi1i
YXNlZCBmbG93LCB0aGUgY2xpZW50IG11c3QgYmUgY2FwYWJsZSBvZiBpbnRlcmFjdGluZyB3aXRo
IHRoZQogICAgICAgICAgcmVzb3VyY2Ugb3duZXIncyB1c2VyLWFnZW50ICh0eXBpY2FsbHkgYSB3
ZWIgYnJvd3NlcikgYW5kIGNhcGFibGUgb2YgcmVjZWl2aW5nIGluY29taW5nCiAgICAgICAgICBy
ZXF1ZXN0cyAodmlhIHJlZGlyZWN0aW9uKSBmcm9tIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4K
ICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIFVubGlrZSB0aGUgYXV0aG9yaXphdGlvbiBjb2Rl
IGdyYW50IHR5cGUgaW4gd2hpY2ggdGhlIGNsaWVudCBtYWtlcyBzZXBhcmF0ZSByZXF1ZXN0cyBm
b3IKICAgICAgICAgIGF1dGhvcml6YXRpb24gYW5kIGFjY2VzcyB0b2tlbiwgdGhlIGNsaWVudCBy
ZWNlaXZlcyB0aGUgYWNjZXNzIHRva2VuIGFzIHRoZSByZXN1bHQgb2YgdGhlCiAgICAgICAgICBh
dXRob3JpemF0aW9uIHJlcXVlc3QuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBUaGUgaW1w
bGljaXQgZ3JhbnQgdHlwZSBkb2VzIG5vdCBpbmNsdWRlIGNsaWVudCBhdXRoZW50aWNhdGlvbiwg
YW5kIHJlbGllcyBvbiB0aGUKICAgICAgICAgIHByZXNlbmNlIG9mIHRoZSByZXNvdXJjZSBvd25l
ciBhbmQgdGhlIHJlZ2lzdHJhdGlvbiBvZiB0aGUgcmVkaXJlY3Rpb24gVVJJLiBCZWNhdXNlIHRo
ZQogICAgICAgICAgYWNjZXNzIHRva2VuIGlzIGVuY29kZWQgaW50byB0aGUgcmVkaXJlY3Rpb24g
VVJJLCBpdCBtYXkgYmUgZXhwb3NlZCB0byB0aGUgcmVzb3VyY2Ugb3duZXIKICAgICAgICAgIGFu
ZCBvdGhlciBhcHBsaWNhdGlvbnMgcmVzaWRpbmcgb24gdGhlIHNhbWUgZGV2aWNlLgogICAgICAg
IAo8L3A+PGJyIC8+PGhyIGNsYXNzPSJpbnNlcnQiIC8+CjxhIG5hbWU9IkZpZ3VyZS00Ij48L2E+
CjxkaXYgc3R5bGU9J2Rpc3BsYXk6IHRhYmxlOyB3aWR0aDogMDsgbWFyZ2luLWxlZnQ6IDNlbTsg
bWFyZ2luLXJpZ2h0OiBhdXRvJz48cHJlPgoKICArLS0tLS0tLS0tLSsKICB8IFJlc291cmNlIHwK
ICB8ICBPd25lciAgIHwKICB8ICAgICAgICAgIHwKICArLS0tLS0tLS0tLSsKICAgICAgIF4KICAg
ICAgIHwKICAgICAgKEIpCiAgKy0tLS18LS0tLS0rICAgICAgICAgIENsaWVudCBJZGVudGlmaWVy
ICAgICArLS0tLS0tLS0tLS0tLS0tKwogIHwgICAgICAgICAtKy0tLS0oQSktLSAmYW1wOyBSZWRp
cmVjdGlvbiBVUkkgLS0tJmd0O3wgICAgICAgICAgICAgICB8CiAgfCAgVXNlci0gICB8ICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICB8IEF1dGhvcml6YXRpb24gfAogIHwgIEFnZW50ICAt
fC0tLS0oQiktLSBVc2VyIGF1dGhlbnRpY2F0ZXMgLS0mZ3Q7fCAgICAgU2VydmVyICAgIHwKICB8
ICAgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgICAgICAgICAg
ICB8CiAgfCAgICAgICAgICB8Jmx0Oy0tLShDKS0tLSBSZWRpcmVjdGlvbiBVUkkgLS0tLSZsdDt8
ICAgICAgICAgICAgICAgfAogIHwgICAgICAgICAgfCAgICAgICAgICB3aXRoIEFjY2VzcyBUb2tl
biAgICAgKy0tLS0tLS0tLS0tLS0tLSsKICB8ICAgICAgICAgIHwgICAgICAgICAgICBpbiBGcmFn
bWVudAogIHwgICAgICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKy0tLS0t
LS0tLS0tLS0tLSsKICB8ICAgICAgICAgIHwtLS0tKEQpLS0tIFJlZGlyZWN0aW9uIFVSSSAtLS0t
Jmd0O3wgICBXZWItSG9zdGVkICB8CiAgfCAgICAgICAgICB8ICAgICAgICAgIHdpdGhvdXQgRnJh
Z21lbnQgICAgICB8ICAgICBDbGllbnQgICAgfAogIHwgICAgICAgICAgfCAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgfCAgICBSZXNvdXJjZSAgIHwKICB8ICAgICAoRikgIHwmbHQ7LS0t
KEUpLS0tLS0tLSBTY3JpcHQgLS0tLS0tLS0tJmx0O3wgICAgICAgICAgICAgICB8CiAgfCAgICAg
ICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tKwog
ICstfC0tLS0tLS0tKwogICAgfCAgICB8CiAgIChBKSAgKEcpIEFjY2VzcyBUb2tlbgogICAgfCAg
ICB8CiAgICBeICAgIHYKICArLS0tLS0tLS0tKwogIHwgICAgICAgICB8CiAgfCAgQ2xpZW50IHwK
ICB8ICAgICAgICAgfAogICstLS0tLS0tLS0rCgo8L3ByZT48L2Rpdj4KPHA+CiAgICAgICAgICAg
IE5vdGU6IFRoZSBsaW5lcyBpbGx1c3RyYXRpbmcgc3RlcHMgQSBhbmQgQiBhcmUgYnJva2VuIGlu
dG8gdHdvIHBhcnRzIGFzIHRoZXkgcGFzcwogICAgICAgICAgICB0aHJvdWdoIHRoZSB1c2VyLWFn
ZW50LgogICAgICAgICAgCjwvcD48dGFibGUgYm9yZGVyPSIwIiBjZWxscGFkZGluZz0iMCIgY2Vs
bHNwYWNpbmc9IjIiIGFsaWduPSJjZW50ZXIiPjx0cj48dGQgYWxpZ249ImNlbnRlciI+PGZvbnQg
ZmFjZT0ibW9uYWNvLCBNUyBTYW5zIFNlcmlmIiBzaXplPSIxIj48Yj4mbmJzcDtGaWd1cmUmbmJz
cDs0OiBJbXBsaWNpdCBHcmFudCBGbG93Jm5ic3A7PC9iPjwvZm9udD48YnIgLz48L3RkPjwvdHI+
PC90YWJsZT48aHIgY2xhc3M9Imluc2VydCIgLz4KCjxwPgogICAgICAgICAgVGhlIGZsb3cgaWxs
dXN0cmF0ZWQgaW4gPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNGaWd1cmUtNCc+RmlndXJlJm5ic3A7
NDxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5JbXBsaWNpdCBHcmFudCBGbG93PC9z
cGFuPjxzcGFuPik8L3NwYW4+PC9hPiBpbmNsdWRlcyB0aGUgZm9sbG93aW5nIHN0ZXBzOgogICAg
ICAgIAo8L3A+CjxwPgogICAgICAgICAgPC9wPgo8YmxvY2txdW90ZSBjbGFzcz0idGV4dCI+PGRs
Pgo8ZHQ+KEEpPC9kdD4KPGRkPgogICAgICAgICAgICAgIFRoZSBjbGllbnQgaW5pdGlhdGVzIHRo
ZSBmbG93IGJ5IGRpcmVjdGluZyB0aGUgcmVzb3VyY2Ugb3duZXIncyB1c2VyLWFnZW50IHRvIHRo
ZQogICAgICAgICAgICAgIGF1dGhvcml6YXRpb24gZW5kcG9pbnQuIFRoZSBjbGllbnQgaW5jbHVk
ZXMgaXRzIGNsaWVudCBpZGVudGlmaWVyLCByZXF1ZXN0ZWQKICAgICAgICAgICAgICBzY29wZSwg
bG9jYWwgc3RhdGUsIGFuZCBhIHJlZGlyZWN0aW9uIFVSSSB0byB3aGljaCB0aGUgYXV0aG9yaXph
dGlvbiBzZXJ2ZXIgd2lsbCBzZW5kCiAgICAgICAgICAgICAgdGhlIHVzZXItYWdlbnQgYmFjayBv
bmNlIGFjY2VzcyBpcyBncmFudGVkIChvciBkZW5pZWQpLgogICAgICAgICAgICAKPC9kZD4KPGR0
PihCKTwvZHQ+CjxkZD4KICAgICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXV0
aGVudGljYXRlcyB0aGUgcmVzb3VyY2Ugb3duZXIgKHZpYSB0aGUgdXNlci1hZ2VudCkgYW5kCiAg
ICAgICAgICAgICAgZXN0YWJsaXNoZXMgd2hldGhlciB0aGUgcmVzb3VyY2Ugb3duZXIgZ3JhbnRz
IG9yIGRlbmllcyB0aGUgY2xpZW50J3MgYWNjZXNzIHJlcXVlc3QuCiAgICAgICAgICAgIAo8L2Rk
Pgo8ZHQ+KEMpPC9kdD4KPGRkPgogICAgICAgICAgICAgIEFzc3VtaW5nIHRoZSByZXNvdXJjZSBv
d25lciBncmFudHMgYWNjZXNzLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgcmVkaXJlY3RzIHRo
ZQogICAgICAgICAgICAgIHVzZXItYWdlbnQgYmFjayB0byB0aGUgY2xpZW50IHVzaW5nIHRoZSBy
ZWRpcmVjdGlvbiBVUkkgcHJvdmlkZWQgZWFybGllci4gVGhlCiAgICAgICAgICAgICAgcmVkaXJl
Y3Rpb24gVVJJIGluY2x1ZGVzIHRoZSBhY2Nlc3MgdG9rZW4gaW4gdGhlIFVSSSBmcmFnbWVudC4K
ICAgICAgICAgICAgCjwvZGQ+CjxkdD4oRCk8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgVGhlIHVz
ZXItYWdlbnQgZm9sbG93cyB0aGUgcmVkaXJlY3Rpb24gaW5zdHJ1Y3Rpb25zIGJ5IG1ha2luZyBh
IHJlcXVlc3QgdG8gdGhlCiAgICAgICAgICAgICAgd2ViLWhvc3RlZCBjbGllbnQgcmVzb3VyY2Ug
KHdoaWNoIGRvZXMgbm90IGluY2x1ZGUgdGhlIGZyYWdtZW50IHBlcgogICAgICAgICAgICAgIDxh
IGNsYXNzPSdpbmZvJyBocmVmPScjUkZDMjYxNic+W1JGQzI2MTZdPHNwYW4+ICg8L3NwYW4+PHNw
YW4gY2xhc3M9J2luZm8nPkZpZWxkaW5nLCBSLiwgR2V0dHlzLCBKLiwgTW9ndWwsIEouLCBGcnlz
dHlrLCBILiwgTWFzaW50ZXIsIEwuLCBMZWFjaCwgUC4sIGFuZCBULiBCZXJuZXJzLUxlZSwgJmxk
cXVvO0h5cGVydGV4dCBUcmFuc2ZlciBQcm90b2NvbCAtLSBIVFRQLzEuMSwmcmRxdW87IEp1bmUm
bmJzcDsxOTk5Ljwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4pLiBUaGUgdXNlci1hZ2VudCByZXRh
aW5zIHRoZSBmcmFnbWVudCBpbmZvcm1hdGlvbiBsb2NhbGx5LgogICAgICAgICAgICAKPC9kZD4K
PGR0PihFKTwvZHQ+CjxkZD4KICAgICAgICAgICAgICBUaGUgd2ViLWhvc3RlZCBjbGllbnQgcmVz
b3VyY2UgcmV0dXJucyBhIHdlYiBwYWdlICh0eXBpY2FsbHkgYW4gSFRNTCBkb2N1bWVudCB3aXRo
IGFuCiAgICAgICAgICAgICAgZW1iZWRkZWQgc2NyaXB0KSBjYXBhYmxlIG9mIGFjY2Vzc2luZyB0
aGUgZnVsbCByZWRpcmVjdGlvbiBVUkkgaW5jbHVkaW5nIHRoZSBmcmFnbWVudAogICAgICAgICAg
ICAgIHJldGFpbmVkIGJ5IHRoZSB1c2VyLWFnZW50LCBhbmQgZXh0cmFjdGluZyB0aGUgYWNjZXNz
IHRva2VuIChhbmQgb3RoZXIgcGFyYW1ldGVycykKICAgICAgICAgICAgICBjb250YWluZWQgaW4g
dGhlIGZyYWdtZW50LgogICAgICAgICAgICAKPC9kZD4KPGR0PihGKTwvZHQ+CjxkZD4KICAgICAg
ICAgICAgICBUaGUgdXNlci1hZ2VudCBleGVjdXRlcyB0aGUgc2NyaXB0IHByb3ZpZGVkIGJ5IHRo
ZSB3ZWItaG9zdGVkIGNsaWVudCByZXNvdXJjZQogICAgICAgICAgICAgIGxvY2FsbHksIHdoaWNo
IGV4dHJhY3RzIHRoZSBhY2Nlc3MgdG9rZW4gYW5kIHBhc3NlcyBpdCB0byB0aGUgY2xpZW50Lgog
ICAgICAgICAgICAKPC9kZD4KPC9kbD48L2Jsb2NrcXVvdGU+PHA+CiAgICAgICAgCjwvcD4KPGEg
bmFtZT0iaW1wbGljaXQtYXV0aHotcmVxIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5
PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIg
YWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNw
O1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uNC4y
LjEiPjwvYT48aDM+NC4yLjEuJm5ic3A7CkF1dGhvcml6YXRpb24gUmVxdWVzdDwvaDM+Cgo8cD4K
ICAgICAgICAgICAgVGhlIGNsaWVudCBjb25zdHJ1Y3RzIHRoZSByZXF1ZXN0IFVSSSBieSBhZGRp
bmcgdGhlIGZvbGxvd2luZyBwYXJhbWV0ZXJzIHRvIHRoZQogICAgICAgICAgICBxdWVyeSBjb21w
b25lbnQgb2YgdGhlIGF1dGhvcml6YXRpb24gZW5kcG9pbnQgVVJJIHVzaW5nIHRoZQogICAgICAg
ICAgICA8dHQ+YXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkPC90dD4gZm9ybWF0Ogog
ICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgIDwvcD4KPGJsb2NrcXVvdGUgY2xhc3M9InRl
eHQiPjxkbD4KPGR0PnJlc3BvbnNlX3R5cGU8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAKICAg
ICAgICAgICAgICAgIFJFUVVJUkVELiBWYWx1ZSBNVVNUIGJlIHNldCB0byA8dHQ+dG9rZW48L3R0
Pi4KICAgICAgICAgICAgICAKPC9kZD4KPGR0PmNsaWVudF9pZDwvZHQ+CjxkZD4KICAgICAgICAg
ICAgICAgIAogICAgICAgICAgICAgICAgUkVRVUlSRUQuIFRoZSBjbGllbnQgaWRlbnRpZmllciBh
cyBkZXNjcmliZWQgaW4KICAgICAgICAgICAgICAgIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjY2xp
ZW50LWlkZW50aWZpZXInPlNlY3Rpb24mbmJzcDsyLjI8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFz
cz0naW5mbyc+Q2xpZW50IElkZW50aWZpZXI8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LgogICAg
ICAgICAgICAgIAo8L2RkPgo8ZHQ+cmVkaXJlY3RfdXJpPC9kdD4KPGRkPgogICAgICAgICAgICAg
ICAgCiAgICAgICAgICAgICAgICBPUFRJT05BTC4gQXMgZGVzY3JpYmVkIGluIDxhIGNsYXNzPSdp
bmZvJyBocmVmPScjcmVkaXJlY3QtdXJpJz5TZWN0aW9uJm5ic3A7My4xLjI8c3Bhbj4gKDwvc3Bh
bj48c3BhbiBjbGFzcz0naW5mbyc+UmVkaXJlY3Rpb24gRW5kcG9pbnQ8L3NwYW4+PHNwYW4+KTwv
c3Bhbj48L2E+LgogICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+c2NvcGU8L2R0Pgo8ZGQ+CiAgICAg
ICAgICAgICAgICAKICAgICAgICAgICAgICAgIE9QVElPTkFMLiBUaGUgc2NvcGUgb2YgdGhlIGFj
Y2VzcyByZXF1ZXN0IGFzIGRlc2NyaWJlZCBieSA8YSBjbGFzcz0naW5mbycgaHJlZj0nI3Njb3Bl
Jz5TZWN0aW9uJm5ic3A7My4zPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkFjY2Vz
cyBUb2tlbiBTY29wZTwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4uCiAgICAgICAgICAgICAgCjwv
ZGQ+CjxkdD5zdGF0ZTwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAg
UkVDT01NRU5ERUQuIEFuIG9wYXF1ZSB2YWx1ZSB1c2VkIGJ5IHRoZSBjbGllbnQgdG8gbWFpbnRh
aW4gc3RhdGUgYmV0d2VlbiB0aGUgcmVxdWVzdAogICAgICAgICAgICAgICAgYW5kIGNhbGxiYWNr
LiBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgaW5jbHVkZXMgdGhpcyB2YWx1ZSB3aGVuIHJlZGly
ZWN0aW5nIHRoZQogICAgICAgICAgICAgICAgdXNlci1hZ2VudCBiYWNrIHRvIHRoZSBjbGllbnQu
IFRoZSBwYXJhbWV0ZXIgU0hPVUxEIGJlIHVzZWQgZm9yIHByZXZlbnRpbmcKICAgICAgICAgICAg
ICAgIGNyb3NzLXNpdGUgcmVxdWVzdCBmb3JnZXJ5IGFzIGRlc2NyaWJlZCBpbiA8YSBjbGFzcz0n
aW5mbycgaHJlZj0nI0NTUkYnPlNlY3Rpb24mbmJzcDsxMC4xMjxzcGFuPiAoPC9zcGFuPjxzcGFu
IGNsYXNzPSdpbmZvJz5Dcm9zcy1TaXRlIFJlcXVlc3QgRm9yZ2VyeTwvc3Bhbj48c3Bhbj4pPC9z
cGFuPjwvYT4uCiAgICAgICAgICAgICAgCjwvZGQ+CjwvZGw+PC9ibG9ja3F1b3RlPjxwPgogICAg
ICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgIFRoZSBjbGllbnQgZGlyZWN0cyB0aGUgcmVzb3Vy
Y2Ugb3duZXIgdG8gdGhlIGNvbnN0cnVjdGVkIFVSSSB1c2luZyBhbiBIVFRQIHJlZGlyZWN0aW9u
CiAgICAgICAgICAgIHJlc3BvbnNlLCBvciBieSBvdGhlciBtZWFucyBhdmFpbGFibGUgdG8gaXQg
dmlhIHRoZSB1c2VyLWFnZW50LgogICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgICAgRm9y
IGV4YW1wbGUsIHRoZSBjbGllbnQgZGlyZWN0cyB0aGUgdXNlci1hZ2VudCB0byBtYWtlIHRoZSBm
b2xsb3dpbmcgSFRUUCByZXF1ZXN0CiAgICAgICAgICAgICAgdXNpbmcgVExTIChleHRyYSBsaW5l
IGJyZWFrcyBhcmUgZm9yIGRpc3BsYXkgcHVycG9zZXMgb25seSk6CiAgICAgICAgICAgIAo8L3A+
PGRpdiBzdHlsZT0nZGlzcGxheTogdGFibGU7IHdpZHRoOiAwOyBtYXJnaW4tbGVmdDogM2VtOyBt
YXJnaW4tcmlnaHQ6IGF1dG8nPjxwcmU+CgogIEdFVCAvYXV0aG9yaXplP3Jlc3BvbnNlX3R5cGU9
dG9rZW4mYW1wO2NsaWVudF9pZD1zNkJoZFJrcXQzJmFtcDtzdGF0ZT14eXoKICAgICAgJmFtcDty
ZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZjbGllbnQlMkVleGFtcGxlJTJFY29tJTJGY2IgSFRU
UC8xLjEKICBIb3N0OiBzZXJ2ZXIuZXhhbXBsZS5jb20KCjwvcHJlPjwvZGl2Pgo8cD4KICAgICAg
ICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHZhbGlkYXRlcyB0aGUgcmVxdWVzdCB0byBl
bnN1cmUgYWxsIHJlcXVpcmVkIHBhcmFtZXRlcnMgYXJlCiAgICAgICAgICAgIHByZXNlbnQgYW5k
IHZhbGlkLiBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCB2ZXJpZnkgdGhhdCB0aGUgcmVk
aXJlY3Rpb24gVVJJIHRvIHdoaWNoCiAgICAgICAgICAgIGl0IHdpbGwgcmVkaXJlY3QgdGhlIGFj
Y2VzcyB0b2tlbiBtYXRjaGVzIGEgcmVkaXJlY3Rpb24gVVJJIHJlZ2lzdGVyZWQgYnkgdGhlIGNs
aWVudCBhcwogICAgICAgICAgICBkZXNjcmliZWQgaW4gPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNy
ZWRpcmVjdC11cmknPlNlY3Rpb24mbmJzcDszLjEuMjxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNz
PSdpbmZvJz5SZWRpcmVjdGlvbiBFbmRwb2ludDwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4uCiAg
ICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgSWYgdGhlIHJlcXVlc3QgaXMgdmFsaWQsIHRo
ZSBhdXRob3JpemF0aW9uIHNlcnZlciBhdXRoZW50aWNhdGVzIHRoZSByZXNvdXJjZSBvd25lciBh
bmQKICAgICAgICAgICAgb2J0YWlucyBhbiBhdXRob3JpemF0aW9uIGRlY2lzaW9uIChieSBhc2tp
bmcgdGhlIHJlc291cmNlIG93bmVyIG9yIGJ5IGVzdGFibGlzaGluZwogICAgICAgICAgICBhcHBy
b3ZhbCB2aWEgb3RoZXIgbWVhbnMpLgogICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgIFdo
ZW4gYSBkZWNpc2lvbiBpcyBlc3RhYmxpc2hlZCwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGRp
cmVjdHMgdGhlIHVzZXItYWdlbnQgdG8gdGhlCiAgICAgICAgICAgIHByb3ZpZGVkIGNsaWVudCBy
ZWRpcmVjdGlvbiBVUkkgdXNpbmcgYW4gSFRUUCByZWRpcmVjdGlvbiByZXNwb25zZSwgb3IgYnkg
b3RoZXIgbWVhbnMKICAgICAgICAgICAgYXZhaWxhYmxlIHRvIGl0IHZpYSB0aGUgdXNlci1hZ2Vu
dC4KICAgICAgICAgIAo8L3A+CjxhIG5hbWU9ImFuY2hvcjMxIj48L2E+PGJyIC8+PGhyIC8+Cjx0
YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xh
c3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9
IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZj
LnNlY3Rpb24uNC4yLjIiPjwvYT48aDM+NC4yLjIuJm5ic3A7CkFjY2VzcyBUb2tlbiBSZXNwb25z
ZTwvaDM+Cgo8cD4KICAgICAgICAgICAgSWYgdGhlIHJlc291cmNlIG93bmVyIGdyYW50cyB0aGUg
YWNjZXNzIHJlcXVlc3QsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBpc3N1ZXMgYW4KICAgICAg
ICAgICAgYWNjZXNzIHRva2VuIGFuZCBkZWxpdmVycyBpdCB0byB0aGUgY2xpZW50IGJ5IGFkZGlu
ZyB0aGUgZm9sbG93aW5nIHBhcmFtZXRlcnMgdG8KICAgICAgICAgICAgdGhlIGZyYWdtZW50IGNv
bXBvbmVudCBvZiB0aGUgcmVkaXJlY3Rpb24gVVJJIHVzaW5nIHRoZQogICAgICAgICAgICA8dHQ+
YXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkPC90dD4gZm9ybWF0OgogICAgICAgICAg
CjwvcD4KPHA+CiAgICAgICAgICAgIDwvcD4KPGJsb2NrcXVvdGUgY2xhc3M9InRleHQiPjxkbD4K
PGR0PmFjY2Vzc190b2tlbjwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgIAogICAgICAgICAgICAg
ICAgUkVRVUlSRUQuIFRoZSBhY2Nlc3MgdG9rZW4gaXNzdWVkIGJ5IHRoZSBhdXRob3JpemF0aW9u
IHNlcnZlci4KICAgICAgICAgICAgICAKPC9kZD4KPGR0PnRva2VuX3R5cGU8L2R0Pgo8ZGQ+CiAg
ICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgIFJFUVVJUkVELiBUaGUgdHlwZSBvZiB0aGUg
dG9rZW4gaXNzdWVkIGFzIGRlc2NyaWJlZCBpbgogICAgICAgICAgICAgICAgPGEgY2xhc3M9J2lu
Zm8nIGhyZWY9JyN0b2tlbi10eXBlcyc+U2VjdGlvbiZuYnNwOzcuMTxzcGFuPiAoPC9zcGFuPjxz
cGFuIGNsYXNzPSdpbmZvJz5BY2Nlc3MgVG9rZW4gVHlwZXM8L3NwYW4+PHNwYW4+KTwvc3Bhbj48
L2E+LiBWYWx1ZSBpcyBjYXNlIGluc2Vuc2l0aXZlLgogICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+
ZXhwaXJlc19pbjwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgUkVD
T01NRU5ERUQuIFRoZSBsaWZldGltZSBpbiBzZWNvbmRzIG9mIHRoZSBhY2Nlc3MgdG9rZW4uIEZv
ciBleGFtcGxlLCB0aGUgdmFsdWUKICAgICAgICAgICAgICAgIDx0dD4zNjAwPC90dD4gZGVub3Rl
cyB0aGF0IHRoZSBhY2Nlc3MgdG9rZW4gd2lsbCBleHBpcmUgaW4gb25lCiAgICAgICAgICAgICAg
ICBob3VyIGZyb20gdGhlIHRpbWUgdGhlIHJlc3BvbnNlIHdhcyBnZW5lcmF0ZWQuIElmIG9taXR0
ZWQsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcgogICAgICAgICAgICAgICAgU0hPVUxEIHByb3Zp
ZGUgdGhlIGV4cGlyYXRpb24gdGltZSB2aWEgb3RoZXIgbWVhbnMgb3IgZG9jdW1lbnQgdGhlIGRl
ZmF1bHQgdmFsdWUuCiAgICAgICAgICAgICAgCjwvZGQ+CjxkdD5zY29wZTwvZHQ+CjxkZD4KICAg
ICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgT1BUSU9OQUwsIGlmIGlkZW50aWNhbCB0byB0
aGUgc2NvcGUgcmVxdWVzdGVkIGJ5IHRoZSBjbGllbnQsIG90aGVyd2lzZSBSRVFVSVJFRC4gVGhl
CiAgICAgICAgICAgICAgICBzY29wZSBvZiB0aGUgYWNjZXNzIHRva2VuIGFzIGRlc2NyaWJlZCBi
eSA8YSBjbGFzcz0naW5mbycgaHJlZj0nI3Njb3BlJz5TZWN0aW9uJm5ic3A7My4zPHNwYW4+ICg8
L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkFjY2VzcyBUb2tlbiBTY29wZTwvc3Bhbj48c3Bhbj4p
PC9zcGFuPjwvYT4uCiAgICAgICAgICAgICAgCjwvZGQ+CjxkdD5zdGF0ZTwvZHQ+CjxkZD4KICAg
ICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgUkVRVUlSRUQgaWYgdGhlIDx0dD5zdGF0ZTwv
dHQ+IHBhcmFtZXRlciB3YXMgcHJlc2VudCBpbiB0aGUKICAgICAgICAgICAgICAgIGNsaWVudCBh
dXRob3JpemF0aW9uIHJlcXVlc3QuIFRoZSBleGFjdCB2YWx1ZSByZWNlaXZlZCBmcm9tIHRoZSBj
bGllbnQuCiAgICAgICAgICAgICAgCjwvZGQ+CjwvZGw+PC9ibG9ja3F1b3RlPjxwPgogICAgICAg
ICAgCjwvcD4KPHA+CiAgICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIE5P
VCBpc3N1ZSBhIHJlZnJlc2ggdG9rZW4uCiAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAg
ICBGb3IgZXhhbXBsZSwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHJlZGlyZWN0cyB0aGUgdXNl
ci1hZ2VudCBieSBzZW5kaW5nIHRoZQogICAgICAgICAgICAgIGZvbGxvd2luZyBIVFRQIHJlc3Bv
bnNlIChVUkkgZXh0cmEgbGluZSBicmVha3MgYXJlIGZvciBkaXNwbGF5IHB1cnBvc2VzIG9ubHkp
OgogICAgICAgICAgICAKPC9wPjxkaXYgc3R5bGU9J2Rpc3BsYXk6IHRhYmxlOyB3aWR0aDogMDsg
bWFyZ2luLWxlZnQ6IDNlbTsgbWFyZ2luLXJpZ2h0OiBhdXRvJz48cHJlPgoKICBIVFRQLzEuMSAz
MDIgRm91bmQKICBMb2NhdGlvbjogaHR0cDovL2V4YW1wbGUuY29tL2NiI2FjY2Vzc190b2tlbj0y
WW90bkZaRkVqcjF6Q3NpY01XcEFBCiAgICAgICAgICAgICZhbXA7c3RhdGU9eHl6JmFtcDt0b2tl
bl90eXBlPWV4YW1wbGUmYW1wO2V4cGlyZXNfaW49MzYwMAoKPC9wcmU+PC9kaXY+CjxwPgogICAg
ICAgICAgICAgIERldmVsb3BlcnMgc2hvdWxkIG5vdGUgdGhhdCBzb21lIHVzZXItYWdlbnRzIGRv
IG5vdCBzdXBwb3J0IHRoZSBpbmNsdXNpb24gb2YgYQogICAgICAgICAgICAgIGZyYWdtZW50IGNv
bXBvbmVudCBpbiB0aGUgSFRUUCA8dHQ+TG9jYXRpb248L3R0PiByZXNwb25zZSBoZWFkZXIKICAg
ICAgICAgICAgICBmaWVsZC4gU3VjaCBjbGllbnRzIHdpbGwgcmVxdWlyZSB1c2luZyBvdGhlciBt
ZXRob2RzIGZvciByZWRpcmVjdGluZyB0aGUgY2xpZW50IHRoYW4KICAgICAgICAgICAgICBhIDN4
eCByZWRpcmVjdGlvbiByZXNwb25zZS4gRm9yIGV4YW1wbGUsIHJldHVybmluZyBhbiBIVE1MIHBh
Z2Ugd2hpY2ggaW5jbHVkZXMgYQogICAgICAgICAgICAgICdjb250aW51ZScgYnV0dG9uIHdpdGgg
YW4gYWN0aW9uIGxpbmtlZCB0byB0aGUgcmVkaXJlY3Rpb24gVVJJLgogICAgICAgICAgICAKPC9w
Pgo8cD4KICAgICAgICAgICAgVGhlIGNsaWVudCBNVVNUIGlnbm9yZSB1bnJlY29nbml6ZWQgcmVz
cG9uc2UgcGFyYW1ldGVycy4gVGhlIGFjY2VzcyB0b2tlbiBzdHJpbmcgc2l6ZQogICAgICAgICAg
ICBpcyBsZWZ0IHVuZGVmaW5lZCBieSB0aGlzIHNwZWNpZmljYXRpb24uIFRoZSBjbGllbnQgc2hv
dWxkIGF2b2lkIG1ha2luZyBhc3N1bXB0aW9ucwogICAgICAgICAgICBhYm91dCB2YWx1ZSBzaXpl
cy4gVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCBkb2N1bWVudCB0aGUgc2l6ZSBvZiBh
bnkgdmFsdWUgaXQKICAgICAgICAgICAgaXNzdWVzLgogICAgICAgICAgCjwvcD4KPGEgbmFtZT0i
aW1wbGljaXQtYXV0aHotZXJyb3IiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9Imxh
eW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGln
bj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9D
Jm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi40LjIuMi4x
Ij48L2E+PGgzPjQuMi4yLjEuJm5ic3A7CkVycm9yIFJlc3BvbnNlPC9oMz4KCjxwPgogICAgICAg
ICAgICAgIElmIHRoZSByZXF1ZXN0IGZhaWxzIGR1ZSB0byBhIG1pc3NpbmcsIGludmFsaWQsIG9y
IG1pc21hdGNoaW5nIHJlZGlyZWN0aW9uIFVSSSwgb3IgaWYKICAgICAgICAgICAgICB0aGUgY2xp
ZW50IGlkZW50aWZpZXIgaXMgbWlzc2luZyBvciBpbnZhbGlkLCB0aGUgYXV0aG9yaXphdGlvbiBz
ZXJ2ZXIgU0hPVUxEIGluZm9ybQogICAgICAgICAgICAgIHRoZSByZXNvdXJjZSBvd25lciBvZiB0
aGUgZXJyb3IsIGFuZCBNVVNUIE5PVCBhdXRvbWF0aWNhbGx5IHJlZGlyZWN0IHRoZSB1c2VyLWFn
ZW50CiAgICAgICAgICAgICAgdG8gdGhlIGludmFsaWQgcmVkaXJlY3Rpb24gVVJJLgogICAgICAg
ICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgICBJZiB0aGUgcmVzb3VyY2Ugb3duZXIgZGVuaWVz
IHRoZSBhY2Nlc3MgcmVxdWVzdCBvciBpZiB0aGUgcmVxdWVzdCBmYWlscyBmb3IgcmVhc29ucwog
ICAgICAgICAgICAgIG90aGVyIHRoYW4gYSBtaXNzaW5nIG9yIGludmFsaWQgcmVkaXJlY3Rpb24g
VVJJLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgaW5mb3JtcyB0aGUKICAgICAgICAgICAgICBj
bGllbnQgYnkgYWRkaW5nIHRoZSBmb2xsb3dpbmcgcGFyYW1ldGVycyB0byB0aGUgZnJhZ21lbnQg
Y29tcG9uZW50IG9mIHRoZQogICAgICAgICAgICAgIHJlZGlyZWN0aW9uIFVSSSB1c2luZyB0aGUK
ICAgICAgICAgICAgICA8dHQ+YXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkPC90dD4g
Zm9ybWF0OgogICAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgICA8L3A+CjxibG9ja3F1
b3RlIGNsYXNzPSJ0ZXh0Ij48ZGw+CjxkdD5lcnJvcjwvZHQ+CjxkZD4KICAgICAgICAgICAgICAg
ICAgCiAgICAgICAgICAgICAgICAgIFJFUVVJUkVELiBBIHNpbmdsZSBBU0NJSSA8YSBjbGFzcz0n
aW5mbycgaHJlZj0nI1VTQVNDSUknPltVU0FTQ0lJXTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNz
PSdpbmZvJz5BbWVyaWNhbiBOYXRpb25hbCBTdGFuZGFyZHMgSW5zdGl0dXRlLCAmbGRxdW87Q29k
ZWQgQ2hhcmFjdGVyIFNldCAtLSA3LWJpdCBBbWVyaWNhbiBTdGFuZGFyZCBDb2RlIGZvciBJbmZv
cm1hdGlvbiBJbnRlcmNoYW5nZSwmcmRxdW87IDE5ODYuPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9h
PiBlcnJvciBjb2RlIGZyb20gdGhlIGZvbGxvd2luZzoKCiAgICAgICAgICAgICAgICAgIAo8Ymxv
Y2txdW90ZSBjbGFzcz0idGV4dCI+PGRsPgo8ZHQ+aW52YWxpZF9yZXF1ZXN0PC9kdD4KPGRkPgog
ICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICBUaGUgcmVxdWVzdCBp
cyBtaXNzaW5nIGEgcmVxdWlyZWQgcGFyYW1ldGVyLCBpbmNsdWRlcyBhbiBpbnZhbGlkCiAgICAg
ICAgICAgICAgICAgICAgICBwYXJhbWV0ZXIgdmFsdWUsIGluY2x1ZGVzIGEgcGFyYW1ldGVyIG1v
cmUgdGhhbiBvbmNlLCBvciBpcyBvdGhlcndpc2UgbWFsZm9ybWVkLgogICAgICAgICAgICAgICAg
ICAgIAo8L2RkPgo8ZHQ+dW5hdXRob3JpemVkX2NsaWVudDwvZHQ+CjxkZD4KICAgICAgICAgICAg
ICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgVGhlIGNsaWVudCBpcyBub3QgYXV0aG9y
aXplZCB0byByZXF1ZXN0IGFuIGFjY2VzcyB0b2tlbiB1c2luZyB0aGlzIG1ldGhvZC4KICAgICAg
ICAgICAgICAgICAgICAKPC9kZD4KPGR0PmFjY2Vzc19kZW5pZWQ8L2R0Pgo8ZGQ+CiAgICAgICAg
ICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgIFRoZSByZXNvdXJjZSBvd25lciBv
ciBhdXRob3JpemF0aW9uIHNlcnZlciBkZW5pZWQgdGhlIHJlcXVlc3QuCiAgICAgICAgICAgICAg
ICAgICAgCjwvZGQ+CjxkdD51bnN1cHBvcnRlZF9yZXNwb25zZV90eXBlPC9kdD4KPGRkPgogICAg
ICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlv
biBzZXJ2ZXIgZG9lcyBub3Qgc3VwcG9ydCBvYnRhaW5pbmcgYW4gYWNjZXNzIHRva2VuIHVzaW5n
CiAgICAgICAgICAgICAgICAgICAgICB0aGlzIG1ldGhvZC4KICAgICAgICAgICAgICAgICAgICAK
PC9kZD4KPGR0PmludmFsaWRfc2NvcGU8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAgICAgICAK
ICAgICAgICAgICAgICAgICAgICAgIFRoZSByZXF1ZXN0ZWQgc2NvcGUgaXMgaW52YWxpZCwgdW5r
bm93biwgb3IgbWFsZm9ybWVkLgogICAgICAgICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+c2VydmVy
X2Vycm9yPC9kdD4KPGRkPgogICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAg
ICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgZW5jb3VudGVyZWQgYW4gdW5leHBlY3RlZCBj
b25kaXRpb24gd2hpY2ggcHJldmVudGVkCiAgICAgICAgICAgICAgICAgICAgICBpdCBmcm9tIGZ1
bGZpbGxpbmcgdGhlIHJlcXVlc3QuCiAgICAgICAgICAgICAgICAgICAgCjwvZGQ+CjxkdD50ZW1w
b3JhcmlseV91bmF2YWlsYWJsZTwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgICAgICAgIAogICAg
ICAgICAgICAgICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGlzIGN1cnJlbnRseSB1
bmFibGUgdG8gaGFuZGxlIHRoZSByZXF1ZXN0IGR1ZSB0byBhCiAgICAgICAgICAgICAgICAgICAg
ICB0ZW1wb3Jhcnkgb3ZlcmxvYWRpbmcgb3IgbWFpbnRlbmFuY2Ugb2YgdGhlIHNlcnZlci4KICAg
ICAgICAgICAgICAgICAgICAKPC9kZD4KPC9kbD48L2Jsb2NrcXVvdGU+CgoJCSAgVmFsdWVzIGZv
ciB0aGUgPHR0PmVycm9yPC90dD4gcGFyYW1ldGVyIE1VU1QgTk9UIGluY2x1ZGUKCQkgIGNoYXJh
Y3RlcnMgb3V0c2lkZSB0aGUgc2V0ICV4MjAtMjEgLyAleDIzLTVCIC8gJXg1RC03RS4KICAgICAg
ICAgICAgICAgIAo8L2RkPgo8ZHQ+ZXJyb3JfZGVzY3JpcHRpb248L2R0Pgo8ZGQ+CiAgICAgICAg
ICAgICAgICAgIAogICAgICAgICAgICAgICAgICBPUFRJT05BTC4gQSBodW1hbi1yZWFkYWJsZSBB
U0NJSSA8YSBjbGFzcz0naW5mbycgaHJlZj0nI1VTQVNDSUknPltVU0FTQ0lJXTxzcGFuPiAoPC9z
cGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5BbWVyaWNhbiBOYXRpb25hbCBTdGFuZGFyZHMgSW5zdGl0
dXRlLCAmbGRxdW87Q29kZWQgQ2hhcmFjdGVyIFNldCAtLSA3LWJpdCBBbWVyaWNhbiBTdGFuZGFy
ZCBDb2RlIGZvciBJbmZvcm1hdGlvbiBJbnRlcmNoYW5nZSwmcmRxdW87IDE5ODYuPC9zcGFuPjxz
cGFuPik8L3NwYW4+PC9hPiB0ZXh0IHByb3ZpZGluZyBhZGRpdGlvbmFsIGluZm9ybWF0aW9uLAog
ICAgICAgICAgICAgICAgICB1c2VkIHRvIGFzc2lzdCB0aGUgY2xpZW50IGRldmVsb3BlciBpbiB1
bmRlcnN0YW5kaW5nIHRoZSBlcnJvciB0aGF0IG9jY3VycmVkLgoJCSAgPGJyIC8+CgoJCSAgVmFs
dWVzIGZvciB0aGUgPHR0PmVycm9yX2Rlc2NyaXB0aW9uPC90dD4gcGFyYW1ldGVyIE1VU1QgTk9U
IGluY2x1ZGUKCQkgIGNoYXJhY3RlcnMgb3V0c2lkZSB0aGUgc2V0ICV4MjAtMjEgLyAleDIzLTVC
IC8gJXg1RC03RS4KICAgICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+ZXJyb3JfdXJpPC9kdD4KPGRk
PgogICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgT1BUSU9OQUwuIEEgVVJJIGlk
ZW50aWZ5aW5nIGEgaHVtYW4tcmVhZGFibGUgd2ViIHBhZ2Ugd2l0aCBpbmZvcm1hdGlvbiBhYm91
dCB0aGUKICAgICAgICAgICAgICAgICAgZXJyb3IsIHVzZWQgdG8gcHJvdmlkZSB0aGUgY2xpZW50
IGRldmVsb3BlciB3aXRoIGFkZGl0aW9uYWwgaW5mb3JtYXRpb24gYWJvdXQgdGhlCiAgICAgICAg
ICAgICAgICAgIGVycm9yLgoJCSAgPGJyIC8+CgoJCSAgVmFsdWVzIGZvciB0aGUgPHR0PmVycm9y
X3VyaTwvdHQ+IHBhcmFtZXRlcgoJCSAgTVVTVCBjb25mb3JtIHRvIHRoZSBVUkktUmVmZXJlbmNl
IHN5bnRheCwgYW5kIHRodXMgTVVTVCBOT1QgaW5jbHVkZQoJCSAgY2hhcmFjdGVycyBvdXRzaWRl
IHRoZSBzZXQgJXgyMSAvICV4MjMtNUIgLyAleDVELTdFLgogICAgICAgICAgICAgICAgCjwvZGQ+
CjxkdD5zdGF0ZTwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAg
IFJFUVVJUkVEIGlmIGEgPHR0PnN0YXRlPC90dD4gcGFyYW1ldGVyIHdhcyBwcmVzZW50IGluIHRo
ZQogICAgICAgICAgICAgICAgICBjbGllbnQgYXV0aG9yaXphdGlvbiByZXF1ZXN0LiBUaGUgZXhh
Y3QgdmFsdWUgcmVjZWl2ZWQgZnJvbSB0aGUgY2xpZW50LgogICAgICAgICAgICAgICAgCjwvZGQ+
CjwvZGw+PC9ibG9ja3F1b3RlPjxwPgogICAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAg
ICAgIEZvciBleGFtcGxlLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgcmVkaXJlY3RzIHRoZSB1
c2VyLWFnZW50IGJ5IHNlbmRpbmcgdGhlCiAgICAgICAgICAgICAgICBmb2xsb3dpbmcgSFRUUCBy
ZXNwb25zZToKICAgICAgICAgICAgICAKPC9wPjxkaXYgc3R5bGU9J2Rpc3BsYXk6IHRhYmxlOyB3
aWR0aDogMDsgbWFyZ2luLWxlZnQ6IDNlbTsgbWFyZ2luLXJpZ2h0OiBhdXRvJz48cHJlPgoKICBI
VFRQLzEuMSAzMDIgRm91bmQKICBMb2NhdGlvbjogaHR0cHM6Ly9jbGllbnQuZXhhbXBsZS5jb20v
Y2IjZXJyb3I9YWNjZXNzX2RlbmllZCZhbXA7c3RhdGU9eHl6Cgo8L3ByZT48L2Rpdj4KPGEgbmFt
ZT0iZ3JhbnQtcGFzc3dvcmQiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91
dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0i
cmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5i
c3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi40LjMiPjwvYT48
aDM+NC4zLiZuYnNwOwpSZXNvdXJjZSBPd25lciBQYXNzd29yZCBDcmVkZW50aWFscyBHcmFudDwv
aDM+Cgo8cD4KICAgICAgICAgIFRoZSByZXNvdXJjZSBvd25lciBwYXNzd29yZCBjcmVkZW50aWFs
cyBncmFudCB0eXBlIGlzIHN1aXRhYmxlIGluIGNhc2VzIHdoZXJlIHRoZQogICAgICAgICAgcmVz
b3VyY2Ugb3duZXIgaGFzIGEgdHJ1c3QgcmVsYXRpb25zaGlwIHdpdGggdGhlIGNsaWVudCwgc3Vj
aCBhcyB0aGUgZGV2aWNlIG9wZXJhdGluZwogICAgICAgICAgc3lzdGVtIG9yIGEgaGlnaGx5IHBy
aXZpbGVnZWQgYXBwbGljYXRpb24uIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBzaG91bGQgdGFr
ZSBzcGVjaWFsCiAgICAgICAgICBjYXJlIHdoZW4gZW5hYmxpbmcgdGhpcyBncmFudCB0eXBlLCBh
bmQgb25seSBhbGxvdyBpdCB3aGVuIG90aGVyIGZsb3dzIGFyZSBub3QgdmlhYmxlLgogICAgICAg
IAo8L3A+CjxwPgogICAgICAgICAgVGhlIGdyYW50IHR5cGUgaXMgc3VpdGFibGUgZm9yIGNsaWVu
dHMgY2FwYWJsZSBvZiBvYnRhaW5pbmcgdGhlIHJlc291cmNlIG93bmVyJ3MKICAgICAgICAgIGNy
ZWRlbnRpYWxzICh1c2VybmFtZSBhbmQgcGFzc3dvcmQsIHR5cGljYWxseSB1c2luZyBhbiBpbnRl
cmFjdGl2ZSBmb3JtKS4gSXQgaXMgYWxzbyB1c2VkCiAgICAgICAgICB0byBtaWdyYXRlIGV4aXN0
aW5nIGNsaWVudHMgdXNpbmcgZGlyZWN0IGF1dGhlbnRpY2F0aW9uIHNjaGVtZXMgc3VjaCBhcyBI
VFRQIEJhc2ljIG9yCiAgICAgICAgICBEaWdlc3QgYXV0aGVudGljYXRpb24gdG8gT0F1dGggYnkg
Y29udmVydGluZyB0aGUgc3RvcmVkIGNyZWRlbnRpYWxzIHRvIGFuIGFjY2VzcyB0b2tlbi4KICAg
ICAgICAKPC9wPjxiciAvPjxociBjbGFzcz0iaW5zZXJ0IiAvPgo8YSBuYW1lPSJGaWd1cmUtNSI+
PC9hPgo8ZGl2IHN0eWxlPSdkaXNwbGF5OiB0YWJsZTsgd2lkdGg6IDA7IG1hcmdpbi1sZWZ0OiAz
ZW07IG1hcmdpbi1yaWdodDogYXV0byc+PHByZT4KCiAgKy0tLS0tLS0tLS0rCiAgfCBSZXNvdXJj
ZSB8CiAgfCAgT3duZXIgICB8CiAgfCAgICAgICAgICB8CiAgKy0tLS0tLS0tLS0rCiAgICAgICB2
CiAgICAgICB8ICAgIFJlc291cmNlIE93bmVyCiAgICAgIChBKSBQYXNzd29yZCBDcmVkZW50aWFs
cwogICAgICAgfAogICAgICAgdgogICstLS0tLS0tLS0rICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICstLS0tLS0tLS0tLS0tLS0rCiAgfCAgICAgICAgIHwmZ3Q7LS0oQiktLS0tIFJl
c291cmNlIE93bmVyIC0tLS0tLS0mZ3Q7fCAgICAgICAgICAgICAgIHwKICB8ICAgICAgICAgfCAg
ICAgICAgIFBhc3N3b3JkIENyZWRlbnRpYWxzICAgICB8IEF1dGhvcml6YXRpb24gfAogIHwgQ2xp
ZW50ICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgIFNlcnZlciAgICB8
CiAgfCAgICAgICAgIHwmbHQ7LS0oQyktLS0tIEFjY2VzcyBUb2tlbiAtLS0tLS0tLS0mbHQ7fCAg
ICAgICAgICAgICAgIHwKICB8ICAgICAgICAgfCAgICAody8gT3B0aW9uYWwgUmVmcmVzaCBUb2tl
bikgICB8ICAgICAgICAgICAgICAgfAogICstLS0tLS0tLS0rICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICstLS0tLS0tLS0tLS0tLS0rCgo8L3ByZT48L2Rpdj48dGFibGUgYm9yZGVy
PSIwIiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGFsaWduPSJjZW50ZXIiPjx0cj48
dGQgYWxpZ249ImNlbnRlciI+PGZvbnQgZmFjZT0ibW9uYWNvLCBNUyBTYW5zIFNlcmlmIiBzaXpl
PSIxIj48Yj4mbmJzcDtGaWd1cmUmbmJzcDs1OiBSZXNvdXJjZSBPd25lciBQYXNzd29yZCBDcmVk
ZW50aWFscyBGbG93Jm5ic3A7PC9iPjwvZm9udD48YnIgLz48L3RkPjwvdHI+PC90YWJsZT48aHIg
Y2xhc3M9Imluc2VydCIgLz4KCjxwPgogICAgICAgICAgVGhlIGZsb3cgaWxsdXN0cmF0ZWQgaW4g
PGEgY2xhc3M9J2luZm8nIGhyZWY9JyNGaWd1cmUtNSc+RmlndXJlJm5ic3A7NTxzcGFuPiAoPC9z
cGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5SZXNvdXJjZSBPd25lciBQYXNzd29yZCBDcmVkZW50aWFs
cyBGbG93PC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPiBpbmNsdWRlcyB0aGUgZm9sbG93aW5nIHN0
ZXBzOgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgPC9wPgo8YmxvY2txdW90ZSBjbGFzcz0i
dGV4dCI+PGRsPgo8ZHQ+KEEpPC9kdD4KPGRkPgogICAgICAgICAgICAgIFRoZSByZXNvdXJjZSBv
d25lciBwcm92aWRlcyB0aGUgY2xpZW50IHdpdGggaXRzIHVzZXJuYW1lIGFuZCBwYXNzd29yZC4K
ICAgICAgICAgICAgCjwvZGQ+CjxkdD4oQik8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgVGhlIGNs
aWVudCByZXF1ZXN0cyBhbiBhY2Nlc3MgdG9rZW4gZnJvbSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2
ZXIncyB0b2tlbiBlbmRwb2ludCBieQogICAgICAgICAgICAgIGluY2x1ZGluZyB0aGUgY3JlZGVu
dGlhbHMgcmVjZWl2ZWQgZnJvbSB0aGUgcmVzb3VyY2Ugb3duZXIuIFdoZW4gbWFraW5nIHRoZSBy
ZXF1ZXN0LAogICAgICAgICAgICAgIHRoZSBjbGllbnQgYXV0aGVudGljYXRlcyB3aXRoIHRoZSBh
dXRob3JpemF0aW9uIHNlcnZlci4KICAgICAgICAgICAgCjwvZGQ+CjxkdD4oQyk8L2R0Pgo8ZGQ+
CiAgICAgICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGF1dGhlbnRpY2F0ZXMgdGhl
IGNsaWVudCBhbmQgdmFsaWRhdGVzIHRoZSByZXNvdXJjZSBvd25lcgogICAgICAgICAgICAgIGNy
ZWRlbnRpYWxzLCBhbmQgaWYgdmFsaWQgaXNzdWVzIGFuIGFjY2VzcyB0b2tlbi4KICAgICAgICAg
ICAgCjwvZGQ+CjwvZGw+PC9ibG9ja3F1b3RlPjxwPgogICAgICAgIAo8L3A+CjxhIG5hbWU9ImFu
Y2hvcjMyIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRk
aW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+
PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3Rk
PjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uNC4zLjEiPjwvYT48aDM+NC4zLjEu
Jm5ic3A7CkF1dGhvcml6YXRpb24gUmVxdWVzdCBhbmQgUmVzcG9uc2U8L2gzPgoKPHA+CiAgICAg
ICAgICAgIFRoZSBtZXRob2QgdGhyb3VnaCB3aGljaCB0aGUgY2xpZW50IG9idGFpbnMgdGhlIHJl
c291cmNlIG93bmVyIGNyZWRlbnRpYWxzIGlzIGJleW9uZAogICAgICAgICAgICB0aGUgc2NvcGUg
b2YgdGhpcyBzcGVjaWZpY2F0aW9uLiBUaGUgY2xpZW50IE1VU1QgZGlzY2FyZCB0aGUgY3JlZGVu
dGlhbHMgb25jZSBhbiBhY2Nlc3MKICAgICAgICAgICAgdG9rZW4gaGFzIGJlZW4gb2J0YWluZWQu
CiAgICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3IzMyI+PC9hPjxiciAvPjxociAvPgo8dGFi
bGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNz
PSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIj
dG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5z
ZWN0aW9uLjQuMy4yIj48L2E+PGgzPjQuMy4yLiZuYnNwOwpBY2Nlc3MgVG9rZW4gUmVxdWVzdDwv
aDM+Cgo8cD4KICAgICAgICAgICAgVGhlIGNsaWVudCBtYWtlcyBhIHJlcXVlc3QgdG8gdGhlIHRv
a2VuIGVuZHBvaW50IGJ5IGFkZGluZyB0aGUgZm9sbG93aW5nIHBhcmFtZXRlcnMKICAgICAgICAg
ICAgdXNpbmcgdGhlIDx0dD5hcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ8L3R0PiBm
b3JtYXQgaW4gdGhlCiAgICAgICAgICAgIEhUVFAgcmVxdWVzdCBlbnRpdHktYm9keToKICAgICAg
ICAgIAo8L3A+CjxwPgogICAgICAgICAgICA8L3A+CjxibG9ja3F1b3RlIGNsYXNzPSJ0ZXh0Ij48
ZGw+CjxkdD5ncmFudF90eXBlPC9kdD4KPGRkPgogICAgICAgICAgICAgICAgCiAgICAgICAgICAg
ICAgICBSRVFVSVJFRC4gVmFsdWUgTVVTVCBiZSBzZXQgdG8gPHR0PnBhc3N3b3JkPC90dD4uCiAg
ICAgICAgICAgICAgCjwvZGQ+CjxkdD51c2VybmFtZTwvZHQ+CjxkZD4KICAgICAgICAgICAgICAg
IAogICAgICAgICAgICAgICAgUkVRVUlSRUQuIFRoZSByZXNvdXJjZSBvd25lciB1c2VybmFtZSwg
ZW5jb2RlZCBhcyBVVEYtOC4KICAgICAgICAgICAgICAKPC9kZD4KPGR0PnBhc3N3b3JkPC9kdD4K
PGRkPgogICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBSRVFVSVJFRC4gVGhlIHJlc291
cmNlIG93bmVyIHBhc3N3b3JkLCBlbmNvZGVkIGFzIFVURi04LgogICAgICAgICAgICAgIAo8L2Rk
Pgo8ZHQ+c2NvcGU8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgIE9Q
VElPTkFMLiBUaGUgc2NvcGUgb2YgdGhlIGFjY2VzcyByZXF1ZXN0IGFzIGRlc2NyaWJlZCBieSA8
YSBjbGFzcz0naW5mbycgaHJlZj0nI3Njb3BlJz5TZWN0aW9uJm5ic3A7My4zPHNwYW4+ICg8L3Nw
YW4+PHNwYW4gY2xhc3M9J2luZm8nPkFjY2VzcyBUb2tlbiBTY29wZTwvc3Bhbj48c3Bhbj4pPC9z
cGFuPjwvYT4uCiAgICAgICAgICAgICAgCjwvZGQ+CjwvZGw+PC9ibG9ja3F1b3RlPjxwPgogICAg
ICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgIElmIHRoZSBjbGllbnQgdHlwZSBpcyBjb25maWRl
bnRpYWwgb3IgdGhlIGNsaWVudCB3YXMgaXNzdWVkIGNsaWVudCBjcmVkZW50aWFscyAob3IKICAg
ICAgICAgICAgYXNzaWduZWQgb3RoZXIgYXV0aGVudGljYXRpb24gcmVxdWlyZW1lbnRzKSwgdGhl
IGNsaWVudCBNVVNUIGF1dGhlbnRpY2F0ZSB3aXRoIHRoZQogICAgICAgICAgICBhdXRob3JpemF0
aW9uIHNlcnZlciBhcyBkZXNjcmliZWQgaW4gPGEgY2xhc3M9J2luZm8nIGhyZWY9JyN0b2tlbi1l
bmRwb2ludC1hdXRoJz5TZWN0aW9uJm5ic3A7My4yLjE8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFz
cz0naW5mbyc+Q2xpZW50IEF1dGhlbnRpY2F0aW9uPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4K
ICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICAgIEZvciBleGFtcGxlLCB0aGUgY2xpZW50
IG1ha2VzIHRoZSBmb2xsb3dpbmcgSFRUUCByZXF1ZXN0IHVzaW5nIHRyYW5zcG9ydC1sYXllcgog
ICAgICAgICAgICAgIHNlY3VyaXR5IChleHRyYSBsaW5lIGJyZWFrcyBhcmUgZm9yIGRpc3BsYXkg
cHVycG9zZXMgb25seSk6CiAgICAgICAgICAgIAo8L3A+PGRpdiBzdHlsZT0nZGlzcGxheTogdGFi
bGU7IHdpZHRoOiAwOyBtYXJnaW4tbGVmdDogM2VtOyBtYXJnaW4tcmlnaHQ6IGF1dG8nPjxwcmU+
CgogIFBPU1QgL3Rva2VuIEhUVFAvMS4xCiAgSG9zdDogc2VydmVyLmV4YW1wbGUuY29tCiAgQXV0
aG9yaXphdGlvbjogQmFzaWMgY3paQ2FHUlNhM0YwTXpwbldERm1RbUYwTTJKVwogIENvbnRlbnQt
VHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkO2NoYXJzZXQ9VVRGLTgKCiAg
Z3JhbnRfdHlwZT1wYXNzd29yZCZhbXA7dXNlcm5hbWU9am9obmRvZSZhbXA7cGFzc3dvcmQ9QTNk
ZGozdwoKPC9wcmU+PC9kaXY+CjxwPgogICAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2
ZXIgTVVTVDoKICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICA8L3A+Cjx1bCBjbGFzcz0i
dGV4dCI+CjxsaT4KICAgICAgICAgICAgICAgIHJlcXVpcmUgY2xpZW50IGF1dGhlbnRpY2F0aW9u
IGZvciBjb25maWRlbnRpYWwgY2xpZW50cyBvciBmb3IgYW55IGNsaWVudCB0aGF0IHdhcwogICAg
ICAgICAgICAgICAgaXNzdWVkIGNsaWVudCBjcmVkZW50aWFscyAob3Igd2l0aCBvdGhlciBhdXRo
ZW50aWNhdGlvbiByZXF1aXJlbWVudHMpLAogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAg
ICAgICAgICAgICBhdXRoZW50aWNhdGUgdGhlIGNsaWVudCBpZiBjbGllbnQgYXV0aGVudGljYXRp
b24gaXMgaW5jbHVkZWQsIGFuZAogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAg
ICAgICB2YWxpZGF0ZSB0aGUgcmVzb3VyY2Ugb3duZXIgcGFzc3dvcmQgY3JlZGVudGlhbHMgdXNp
bmcgaXRzIGV4aXN0aW5nIHBhc3N3b3JkCiAgICAgICAgICAgICAgICB2YWxpZGF0aW9uIGFsZ29y
aXRobS4KICAgICAgICAgICAgICAKPC9saT4KPC91bD48cD4KICAgICAgICAgIAo8L3A+CjxwPgog
ICAgICAgICAgICBTaW5jZSB0aGlzIGFjY2VzcyB0b2tlbiByZXF1ZXN0IHV0aWxpemVzIHRoZSBy
ZXNvdXJjZSBvd25lcidzIHBhc3N3b3JkLCB0aGUKICAgICAgICAgICAgYXV0aG9yaXphdGlvbiBz
ZXJ2ZXIgTVVTVCBwcm90ZWN0IHRoZSBlbmRwb2ludCBhZ2FpbnN0IGJydXRlIGZvcmNlIGF0dGFj
a3MgKGUuZy4gdXNpbmcKICAgICAgICAgICAgcmF0ZS1saW1pdGF0aW9uIG9yIGdlbmVyYXRpbmcg
YWxlcnRzKS4KICAgICAgICAgIAo8L3A+CjxhIG5hbWU9ImFuY2hvcjM0Ij48L2E+PGJyIC8+PGhy
IC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0i
MiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxh
IGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFt
ZT0icmZjLnNlY3Rpb24uNC4zLjMiPjwvYT48aDM+NC4zLjMuJm5ic3A7CkFjY2VzcyBUb2tlbiBS
ZXNwb25zZTwvaDM+Cgo8cD4KICAgICAgICAgICAgSWYgdGhlIGFjY2VzcyB0b2tlbiByZXF1ZXN0
IGlzIHZhbGlkIGFuZCBhdXRob3JpemVkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgaXNzdWVz
IGFuCiAgICAgICAgICAgIGFjY2VzcyB0b2tlbiBhbmQgb3B0aW9uYWwgcmVmcmVzaCB0b2tlbiBh
cyBkZXNjcmliZWQgaW4gPGEgY2xhc3M9J2luZm8nIGhyZWY9JyN0b2tlbi1yZXNwb25zZSc+U2Vj
dGlvbiZuYnNwOzUuMTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5TdWNjZXNzZnVs
IFJlc3BvbnNlPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4KICAgICAgICAgICAgSWYgdGhlIHJl
cXVlc3QgZmFpbGVkIGNsaWVudCBhdXRoZW50aWNhdGlvbiBvciBpcyBpbnZhbGlkLCB0aGUgYXV0
aG9yaXphdGlvbiBzZXJ2ZXIgcmV0dXJucwogICAgICAgICAgICBhbiBlcnJvciByZXNwb25zZSBh
cyBkZXNjcmliZWQgaW4gPGEgY2xhc3M9J2luZm8nIGhyZWY9JyN0b2tlbi1lcnJvcnMnPlNlY3Rp
b24mbmJzcDs1LjI8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+RXJyb3IgUmVzcG9u
c2U8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LgogICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAg
ICAgICAgQW4gZXhhbXBsZSBzdWNjZXNzZnVsIHJlc3BvbnNlOgogICAgICAgICAgICAKPC9wPjxk
aXYgc3R5bGU9J2Rpc3BsYXk6IHRhYmxlOyB3aWR0aDogMDsgbWFyZ2luLWxlZnQ6IDNlbTsgbWFy
Z2luLXJpZ2h0OiBhdXRvJz48cHJlPgoKICBIVFRQLzEuMSAyMDAgT0sKICBDb250ZW50LVR5cGU6
IGFwcGxpY2F0aW9uL2pzb247Y2hhcnNldD1VVEYtOAogIENhY2hlLUNvbnRyb2w6IG5vLXN0b3Jl
CiAgUHJhZ21hOiBuby1jYWNoZQoKICB7CiAgICAiYWNjZXNzX3Rva2VuIjoiMllvdG5GWkZFanIx
ekNzaWNNV3BBQSIsCiAgICAidG9rZW5fdHlwZSI6ImV4YW1wbGUiLAogICAgImV4cGlyZXNfaW4i
OjM2MDAsCiAgICAicmVmcmVzaF90b2tlbiI6InRHenYzSk9rRjBYRzVReDJUbEtXSUEiLAogICAg
ImV4YW1wbGVfcGFyYW1ldGVyIjoiZXhhbXBsZV92YWx1ZSIKICB9Cgo8L3ByZT48L2Rpdj4KPGEg
bmFtZT0iZ3JhbnQtY2xpZW50Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlv
dXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249
InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZu
YnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uNC40Ij48L2E+
PGgzPjQuNC4mbmJzcDsKQ2xpZW50IENyZWRlbnRpYWxzIEdyYW50PC9oMz4KCjxwPgogICAgICAg
ICAgVGhlIGNsaWVudCBjYW4gcmVxdWVzdCBhbiBhY2Nlc3MgdG9rZW4gdXNpbmcgb25seSBpdHMg
Y2xpZW50IGNyZWRlbnRpYWxzIChvciBvdGhlcgogICAgICAgICAgc3VwcG9ydGVkIG1lYW5zIG9m
IGF1dGhlbnRpY2F0aW9uKSB3aGVuIHRoZSBjbGllbnQgaXMgcmVxdWVzdGluZyBhY2Nlc3MgdG8g
dGhlCiAgICAgICAgICBwcm90ZWN0ZWQgcmVzb3VyY2VzIHVuZGVyIGl0cyBjb250cm9sLCBvciB0
aG9zZSBvZiBhbm90aGVyIHJlc291cmNlIG93bmVyIHdoaWNoIGhhcyBiZWVuCiAgICAgICAgICBw
cmV2aW91c2x5IGFycmFuZ2VkIHdpdGggdGhlIGF1dGhvcml6YXRpb24gc2VydmVyICh0aGUgbWV0
aG9kIG9mIHdoaWNoIGlzIGJleW9uZCB0aGUKICAgICAgICAgIHNjb3BlIG9mIHRoaXMgc3BlY2lm
aWNhdGlvbikuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBUaGUgY2xpZW50IGNyZWRlbnRp
YWxzIGdyYW50IHR5cGUgTVVTVCBvbmx5IGJlIHVzZWQgYnkgY29uZmlkZW50aWFsIGNsaWVudHMu
CiAgICAgICAgCjwvcD48YnIgLz48aHIgY2xhc3M9Imluc2VydCIgLz4KPGEgbmFtZT0iRmlndXJl
LTYiPjwvYT4KPGRpdiBzdHlsZT0nZGlzcGxheTogdGFibGU7IHdpZHRoOiAwOyBtYXJnaW4tbGVm
dDogM2VtOyBtYXJnaW4tcmlnaHQ6IGF1dG8nPjxwcmU+CgogICstLS0tLS0tLS0rICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICstLS0tLS0tLS0tLS0tLS0rCiAgfCAgICAgICAgIHwg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgICAgICAgICAgICAgIHwKICB8ICAg
ICAgICAgfCZndDstLShBKS0gQ2xpZW50IEF1dGhlbnRpY2F0aW9uIC0tLSZndDt8IEF1dGhvcml6
YXRpb24gfAogIHwgQ2xpZW50ICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwg
ICAgIFNlcnZlciAgICB8CiAgfCAgICAgICAgIHwmbHQ7LS0oQiktLS0tIEFjY2VzcyBUb2tlbiAt
LS0tLS0tLS0mbHQ7fCAgICAgICAgICAgICAgIHwKICB8ICAgICAgICAgfCAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICB8ICAgICAgICAgICAgICAgfAogICstLS0tLS0tLS0rICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICstLS0tLS0tLS0tLS0tLS0rCgo8L3ByZT48L2Rp
dj48dGFibGUgYm9yZGVyPSIwIiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGFsaWdu
PSJjZW50ZXIiPjx0cj48dGQgYWxpZ249ImNlbnRlciI+PGZvbnQgZmFjZT0ibW9uYWNvLCBNUyBT
YW5zIFNlcmlmIiBzaXplPSIxIj48Yj4mbmJzcDtGaWd1cmUmbmJzcDs2OiBDbGllbnQgQ3JlZGVu
dGlhbHMgRmxvdyZuYnNwOzwvYj48L2ZvbnQ+PGJyIC8+PC90ZD48L3RyPjwvdGFibGU+PGhyIGNs
YXNzPSJpbnNlcnQiIC8+Cgo8cD4KICAgICAgICAgIFRoZSBmbG93IGlsbHVzdHJhdGVkIGluIDxh
IGNsYXNzPSdpbmZvJyBocmVmPScjRmlndXJlLTYnPkZpZ3VyZSZuYnNwOzY8c3Bhbj4gKDwvc3Bh
bj48c3BhbiBjbGFzcz0naW5mbyc+Q2xpZW50IENyZWRlbnRpYWxzIEZsb3c8L3NwYW4+PHNwYW4+
KTwvc3Bhbj48L2E+IGluY2x1ZGVzIHRoZSBmb2xsb3dpbmcgc3RlcHM6CiAgICAgICAgCjwvcD4K
PHA+CiAgICAgICAgICA8L3A+CjxibG9ja3F1b3RlIGNsYXNzPSJ0ZXh0Ij48ZGw+CjxkdD4oQSk8
L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgVGhlIGNsaWVudCBhdXRoZW50aWNhdGVzIHdpdGggdGhl
IGF1dGhvcml6YXRpb24gc2VydmVyIGFuZCByZXF1ZXN0cyBhbiBhY2Nlc3MgdG9rZW4KICAgICAg
ICAgICAgICBmcm9tIHRoZSB0b2tlbiBlbmRwb2ludC4KICAgICAgICAgICAgCjwvZGQ+CjxkdD4o
Qik8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGF1dGhl
bnRpY2F0ZXMgdGhlIGNsaWVudCwgYW5kIGlmIHZhbGlkIGlzc3VlcyBhbiBhY2Nlc3MKICAgICAg
ICAgICAgICB0b2tlbi4KICAgICAgICAgICAgCjwvZGQ+CjwvZGw+PC9ibG9ja3F1b3RlPjxwPgog
ICAgICAgIAo8L3A+CjxhIG5hbWU9ImFuY2hvcjM1Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBz
dW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRP
Q2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2Mi
PiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rp
b24uNC40LjEiPjwvYT48aDM+NC40LjEuJm5ic3A7CkF1dGhvcml6YXRpb24gUmVxdWVzdCBhbmQg
UmVzcG9uc2U8L2gzPgoKPHA+CiAgICAgICAgICAgIFNpbmNlIHRoZSBjbGllbnQgYXV0aGVudGlj
YXRpb24gaXMgdXNlZCBhcyB0aGUgYXV0aG9yaXphdGlvbiBncmFudCwgbm8gYWRkaXRpb25hbAog
ICAgICAgICAgICBhdXRob3JpemF0aW9uIHJlcXVlc3QgaXMgbmVlZGVkLgogICAgICAgICAgCjwv
cD4KPGEgbmFtZT0iYW5jaG9yMzYiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9Imxh
eW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGln
bj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9D
Jm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi40LjQuMiI+
PC9hPjxoMz40LjQuMi4mbmJzcDsKQWNjZXNzIFRva2VuIFJlcXVlc3Q8L2gzPgoKPHA+CiAgICAg
ICAgICAgIFRoZSBjbGllbnQgbWFrZXMgYSByZXF1ZXN0IHRvIHRoZSB0b2tlbiBlbmRwb2ludCBi
eSBhZGRpbmcgdGhlIGZvbGxvd2luZyBwYXJhbWV0ZXJzCiAgICAgICAgICAgIHVzaW5nIHRoZSA8
dHQ+YXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkPC90dD4gZm9ybWF0IGluIHRoZQog
ICAgICAgICAgICBIVFRQIHJlcXVlc3QgZW50aXR5LWJvZHk6CiAgICAgICAgICAKPC9wPgo8cD4K
ICAgICAgICAgICAgPC9wPgo8YmxvY2txdW90ZSBjbGFzcz0idGV4dCI+PGRsPgo8ZHQ+Z3JhbnRf
dHlwZTwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgUkVRVUlSRUQu
IFZhbHVlIE1VU1QgYmUgc2V0IHRvIDx0dD5jbGllbnRfY3JlZGVudGlhbHM8L3R0Pi4KICAgICAg
ICAgICAgICAKPC9kZD4KPGR0PnNjb3BlPC9kdD4KPGRkPgogICAgICAgICAgICAgICAgCiAgICAg
ICAgICAgICAgICBPUFRJT05BTC4gVGhlIHNjb3BlIG9mIHRoZSBhY2Nlc3MgcmVxdWVzdCBhcyBk
ZXNjcmliZWQgYnkgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNzY29wZSc+U2VjdGlvbiZuYnNwOzMu
MzxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5BY2Nlc3MgVG9rZW4gU2NvcGU8L3Nw
YW4+PHNwYW4+KTwvc3Bhbj48L2E+LgogICAgICAgICAgICAgIAo8L2RkPgo8L2RsPjwvYmxvY2tx
dW90ZT48cD4KICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICBUaGUgY2xpZW50IE1VU1Qg
YXV0aGVudGljYXRlIHdpdGggdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGFzIGRlc2NyaWJlZCBp
bgogICAgICAgICAgICA8YSBjbGFzcz0naW5mbycgaHJlZj0nI3Rva2VuLWVuZHBvaW50LWF1dGgn
PlNlY3Rpb24mbmJzcDszLjIuMTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5DbGll
bnQgQXV0aGVudGljYXRpb248L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LgogICAgICAgICAgCjwv
cD4KPHA+CiAgICAgICAgICAgICAgRm9yIGV4YW1wbGUsIHRoZSBjbGllbnQgbWFrZXMgdGhlIGZv
bGxvd2luZyBIVFRQIHJlcXVlc3QgdXNpbmcgdHJhbnNwb3J0LWxheWVyCiAgICAgICAgICAgICAg
c2VjdXJpdHkgKGV4dHJhIGxpbmUgYnJlYWtzIGFyZSBmb3IgZGlzcGxheSBwdXJwb3NlcyBvbmx5
KToKICAgICAgICAgICAgCjwvcD48ZGl2IHN0eWxlPSdkaXNwbGF5OiB0YWJsZTsgd2lkdGg6IDA7
IG1hcmdpbi1sZWZ0OiAzZW07IG1hcmdpbi1yaWdodDogYXV0byc+PHByZT4KCiAgUE9TVCAvdG9r
ZW4gSFRUUC8xLjEKICBIb3N0OiBzZXJ2ZXIuZXhhbXBsZS5jb20KICBBdXRob3JpemF0aW9uOiBC
YXNpYyBjelpDYUdSU2EzRjBNenBuV0RGbVFtRjBNMkpXCiAgQ29udGVudC1UeXBlOiBhcHBsaWNh
dGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ7Y2hhcnNldD1VVEYtOAoKICBncmFudF90eXBlPWNs
aWVudF9jcmVkZW50aWFscwoKPC9wcmU+PC9kaXY+CjxwPgogICAgICAgICAgICBUaGUgYXV0aG9y
aXphdGlvbiBzZXJ2ZXIgTVVTVCBhdXRoZW50aWNhdGUgdGhlIGNsaWVudC4KICAgICAgICAgIAo8
L3A+CjxhIG5hbWU9ImFuY2hvcjM3Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJs
YXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxp
Z249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RP
QyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uNC40LjMi
PjwvYT48aDM+NC40LjMuJm5ic3A7CkFjY2VzcyBUb2tlbiBSZXNwb25zZTwvaDM+Cgo8cD4KICAg
ICAgICAgICAgSWYgdGhlIGFjY2VzcyB0b2tlbiByZXF1ZXN0IGlzIHZhbGlkIGFuZCBhdXRob3Jp
emVkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgaXNzdWVzIGFuCiAgICAgICAgICAgIGFjY2Vz
cyB0b2tlbiBhcyBkZXNjcmliZWQgaW4gPGEgY2xhc3M9J2luZm8nIGhyZWY9JyN0b2tlbi1yZXNw
b25zZSc+U2VjdGlvbiZuYnNwOzUuMTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5T
dWNjZXNzZnVsIFJlc3BvbnNlPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4gQSByZWZyZXNoIHRv
a2VuIFNIT1VMRAogICAgICAgICAgICBOT1QgYmUgaW5jbHVkZWQuIElmIHRoZSByZXF1ZXN0IGZh
aWxlZCBjbGllbnQgYXV0aGVudGljYXRpb24gb3IgaXMgaW52YWxpZCwgdGhlCiAgICAgICAgICAg
IGF1dGhvcml6YXRpb24gc2VydmVyIHJldHVybnMgYW4gZXJyb3IgcmVzcG9uc2UgYXMgZGVzY3Jp
YmVkIGluCiAgICAgICAgICAgIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjdG9rZW4tZXJyb3JzJz5T
ZWN0aW9uJm5ic3A7NS4yPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkVycm9yIFJl
c3BvbnNlPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4KICAgICAgICAgIAo8L3A+CjxwPgogICAg
ICAgICAgICAgIEFuIGV4YW1wbGUgc3VjY2Vzc2Z1bCByZXNwb25zZToKICAgICAgICAgICAgCjwv
cD48ZGl2IHN0eWxlPSdkaXNwbGF5OiB0YWJsZTsgd2lkdGg6IDA7IG1hcmdpbi1sZWZ0OiAzZW07
IG1hcmdpbi1yaWdodDogYXV0byc+PHByZT4KCiAgSFRUUC8xLjEgMjAwIE9LCiAgQ29udGVudC1U
eXBlOiBhcHBsaWNhdGlvbi9qc29uO2NoYXJzZXQ9VVRGLTgKICBDYWNoZS1Db250cm9sOiBuby1z
dG9yZQogIFByYWdtYTogbm8tY2FjaGUKCiAgewogICAgImFjY2Vzc190b2tlbiI6IjJZb3RuRlpG
RWpyMXpDc2ljTVdwQUEiLAogICAgInRva2VuX3R5cGUiOiJleGFtcGxlIiwKICAgICJleHBpcmVz
X2luIjozNjAwLAogICAgImV4YW1wbGVfcGFyYW1ldGVyIjoiZXhhbXBsZV92YWx1ZSIKICB9Cgo8
L3ByZT48L2Rpdj4KPGEgbmFtZT0iYW5jaG9yMzgiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1
bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9D
YnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+
Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlv
bi40LjUiPjwvYT48aDM+NC41LiZuYnNwOwpFeHRlbnNpb24gR3JhbnRzPC9oMz4KCjxwPgogICAg
ICAgICAgVGhlIGNsaWVudCB1c2VzIGFuIGV4dGVuc2lvbiBncmFudCB0eXBlIGJ5IHNwZWNpZnlp
bmcgdGhlIGdyYW50IHR5cGUgdXNpbmcgYW4KICAgICAgICAgIGFic29sdXRlIFVSSSAoZGVmaW5l
ZCBieSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIpIGFzIHRoZSB2YWx1ZSBvZiB0aGUKICAgICAg
ICAgIDx0dD5ncmFudF90eXBlPC90dD4gcGFyYW1ldGVyIG9mIHRoZSB0b2tlbiBlbmRwb2ludCwg
YW5kIGJ5CiAgICAgICAgICBhZGRpbmcgYW55IGFkZGl0aW9uYWwgcGFyYW1ldGVycyBuZWNlc3Nh
cnkuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgIEZvciBleGFtcGxlLCB0byByZXF1ZXN0
IGFuIGFjY2VzcyB0b2tlbiB1c2luZyBhIFNBTUwgMi4wIGFzc2VydGlvbiBncmFudCB0eXBlIGFz
CiAgICAgICAgICAgIGRlZmluZWQgYnkgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNJLUQuaWV0Zi1v
YXV0aC1zYW1sMi1iZWFyZXInPltJJiM4MjA5O0QuaWV0ZiYjODIwOTtvYXV0aCYjODIwOTtzYW1s
MiYjODIwOTtiZWFyZXJdPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPk1vcnRpbW9y
ZSwgQy4sICZsZHF1bztTQU1MIDIuMCBCZWFyZXIgQXNzZXJ0aW9uIFByb2ZpbGVzIGZvciBPQXV0
aCAyLjAsJnJkcXVvOyBNYXkmbmJzcDsyMDEyLjwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4sIHRo
ZSBjbGllbnQgbWFrZXMgdGhlCiAgICAgICAgICAgIGZvbGxvd2luZyBIVFRQIHJlcXVlc3QgdXNp
bmcgVExTIChsaW5lIGJyZWFrcyBhcmUgZm9yIGRpc3BsYXkgcHVycG9zZXMgb25seSk6CiAgICAg
ICAgICAKPC9wPjxkaXYgc3R5bGU9J2Rpc3BsYXk6IHRhYmxlOyB3aWR0aDogMDsgbWFyZ2luLWxl
ZnQ6IDNlbTsgbWFyZ2luLXJpZ2h0OiBhdXRvJz48cHJlPgoKICBQT1NUIC90b2tlbiBIVFRQLzEu
MQogIEhvc3Q6IHNlcnZlci5leGFtcGxlLmNvbQogIENvbnRlbnQtVHlwZTogYXBwbGljYXRpb24v
eC13d3ctZm9ybS11cmxlbmNvZGVkO2NoYXJzZXQ9VVRGLTgKCiAgZ3JhbnRfdHlwZT11cm4lM0Fp
ZXRmJTNBcGFyYW1zJTNBb2F1dGglM0FncmFudC10eXBlJTNBc2FtbDItCiAgYmVhcmVyJmFtcDth
c3NlcnRpb249UEVGemMyVnlkR2x2YmlCSmMzTjFaVWx1YzNSaGJuUTlJakl3TVRFdE1EVQogIFsu
Li5vbWl0dGVkIGZvciBicmV2aXR5Li4uXWFHNVRkR0YwWlcxbGJuUS1QQzlCYzNObGNuUnBiMjQt
Cgo8L3ByZT48L2Rpdj4KPHA+CiAgICAgICAgICBJZiB0aGUgYWNjZXNzIHRva2VuIHJlcXVlc3Qg
aXMgdmFsaWQgYW5kIGF1dGhvcml6ZWQsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBpc3N1ZXMg
YW4KICAgICAgICAgIGFjY2VzcyB0b2tlbiBhbmQgb3B0aW9uYWwgcmVmcmVzaCB0b2tlbiBhcyBk
ZXNjcmliZWQgaW4gPGEgY2xhc3M9J2luZm8nIGhyZWY9JyN0b2tlbi1yZXNwb25zZSc+U2VjdGlv
biZuYnNwOzUuMTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5TdWNjZXNzZnVsIFJl
c3BvbnNlPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4KICAgICAgICAgIElmIHRoZSByZXF1ZXN0
IGZhaWxlZCBjbGllbnQgYXV0aGVudGljYXRpb24gb3IgaXMgaW52YWxpZCwgdGhlIGF1dGhvcml6
YXRpb24gc2VydmVyIHJldHVybnMKICAgICAgICAgIGFuIGVycm9yIHJlc3BvbnNlIGFzIGRlc2Ny
aWJlZCBpbiA8YSBjbGFzcz0naW5mbycgaHJlZj0nI3Rva2VuLWVycm9ycyc+U2VjdGlvbiZuYnNw
OzUuMjxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5FcnJvciBSZXNwb25zZTwvc3Bh
bj48c3Bhbj4pPC9zcGFuPjwvYT4uCiAgICAgICAgCjwvcD4KPGEgbmFtZT0idG9rZW4taXNzdWUi
PjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAi
IGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xh
c3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48
L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi41Ij48L2E+PGgzPjUuJm5ic3A7Cklzc3Vpbmcg
YW4gQWNjZXNzIFRva2VuPC9oMz4KCjxwPgogICAgICAgIElmIHRoZSBhY2Nlc3MgdG9rZW4gcmVx
dWVzdCBpcyB2YWxpZCBhbmQgYXV0aG9yaXplZCwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGlz
c3VlcyBhbgogICAgICAgIGFjY2VzcyB0b2tlbiBhbmQgb3B0aW9uYWwgcmVmcmVzaCB0b2tlbiBh
cyBkZXNjcmliZWQgaW4gPGEgY2xhc3M9J2luZm8nIGhyZWY9JyN0b2tlbi1yZXNwb25zZSc+U2Vj
dGlvbiZuYnNwOzUuMTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5TdWNjZXNzZnVs
IFJlc3BvbnNlPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4KICAgICAgICBJZiB0aGUgcmVxdWVz
dCBmYWlsZWQgY2xpZW50IGF1dGhlbnRpY2F0aW9uIG9yIGlzIGludmFsaWQsIHRoZSBhdXRob3Jp
emF0aW9uIHNlcnZlciByZXR1cm5zCiAgICAgICAgYW4gZXJyb3IgcmVzcG9uc2UgYXMgZGVzY3Jp
YmVkIGluIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjdG9rZW4tZXJyb3JzJz5TZWN0aW9uJm5ic3A7
NS4yPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkVycm9yIFJlc3BvbnNlPC9zcGFu
PjxzcGFuPik8L3NwYW4+PC9hPi4KICAgICAgCjwvcD4KPGEgbmFtZT0idG9rZW4tcmVzcG9uc2Ui
PjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAi
IGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xh
c3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48
L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi41LjEiPjwvYT48aDM+NS4xLiZuYnNwOwpTdWNj
ZXNzZnVsIFJlc3BvbnNlPC9oMz4KCjxwPgogICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2Vy
dmVyIGlzc3VlcyBhbiBhY2Nlc3MgdG9rZW4gYW5kIG9wdGlvbmFsIHJlZnJlc2ggdG9rZW4sIGFu
ZAogICAgICAgICAgY29uc3RydWN0cyB0aGUgcmVzcG9uc2UgYnkgYWRkaW5nIHRoZSBmb2xsb3dp
bmcgcGFyYW1ldGVycyB0byB0aGUgZW50aXR5IGJvZHkgb2YgdGhlIEhUVFAKICAgICAgICAgIHJl
c3BvbnNlIHdpdGggYSAyMDAgKE9LKSBzdGF0dXMgY29kZToKICAgICAgICAKPC9wPgo8cD4KICAg
ICAgICAgIDwvcD4KPGJsb2NrcXVvdGUgY2xhc3M9InRleHQiPjxkbD4KPGR0PmFjY2Vzc190b2tl
bjwvZHQ+CjxkZD4KICAgICAgICAgICAgICAKICAgICAgICAgICAgICBSRVFVSVJFRC4gVGhlIGFj
Y2VzcyB0b2tlbiBpc3N1ZWQgYnkgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyLgogICAgICAgICAg
ICAKPC9kZD4KPGR0PnRva2VuX3R5cGU8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgCiAgICAgICAg
ICAgICAgUkVRVUlSRUQuIFRoZSB0eXBlIG9mIHRoZSB0b2tlbiBpc3N1ZWQgYXMgZGVzY3JpYmVk
IGluIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjdG9rZW4tdHlwZXMnPlNlY3Rpb24mbmJzcDs3LjE8
c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+QWNjZXNzIFRva2VuIFR5cGVzPC9zcGFu
PjxzcGFuPik8L3NwYW4+PC9hPi4KICAgICAgICAgICAgICBWYWx1ZSBpcyBjYXNlIGluc2Vuc2l0
aXZlLgogICAgICAgICAgICAKPC9kZD4KPGR0PmV4cGlyZXNfaW48L2R0Pgo8ZGQ+CiAgICAgICAg
ICAgICAgCiAgICAgICAgICAgICAgUkVDT01NRU5ERUQuIFRoZSBsaWZldGltZSBpbiBzZWNvbmRz
IG9mIHRoZSBhY2Nlc3MgdG9rZW4uIEZvciBleGFtcGxlLCB0aGUgdmFsdWUKICAgICAgICAgICAg
ICA8dHQ+MzYwMDwvdHQ+IGRlbm90ZXMgdGhhdCB0aGUgYWNjZXNzIHRva2VuIHdpbGwgZXhwaXJl
IGluIG9uZQogICAgICAgICAgICAgIGhvdXIgZnJvbSB0aGUgdGltZSB0aGUgcmVzcG9uc2Ugd2Fz
IGdlbmVyYXRlZC4gSWYgb21pdHRlZCwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyCiAgICAgICAg
ICAgICAgU0hPVUxEIHByb3ZpZGUgdGhlIGV4cGlyYXRpb24gdGltZSB2aWEgb3RoZXIgbWVhbnMg
b3IgZG9jdW1lbnQgdGhlIGRlZmF1bHQgdmFsdWUuCiAgICAgICAgICAgIAo8L2RkPgo8ZHQ+cmVm
cmVzaF90b2tlbjwvZHQ+CjxkZD4KICAgICAgICAgICAgICAKICAgICAgICAgICAgICBPUFRJT05B
TC4gVGhlIHJlZnJlc2ggdG9rZW4gd2hpY2ggY2FuIGJlIHVzZWQgdG8gb2J0YWluIG5ldyBhY2Nl
c3MgdG9rZW5zIHVzaW5nIHRoZQogICAgICAgICAgICAgIHNhbWUgYXV0aG9yaXphdGlvbiBncmFu
dCBhcyBkZXNjcmliZWQgaW4gPGEgY2xhc3M9J2luZm8nIGhyZWY9JyN0b2tlbi1yZWZyZXNoJz5T
ZWN0aW9uJm5ic3A7NjxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5SZWZyZXNoaW5n
IGFuIEFjY2VzcyBUb2tlbjwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4uCiAgICAgICAgICAgIAo8
L2RkPgo8ZHQ+c2NvcGU8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgT1BU
SU9OQUwsIGlmIGlkZW50aWNhbCB0byB0aGUgc2NvcGUgcmVxdWVzdGVkIGJ5IHRoZSBjbGllbnQs
IG90aGVyd2lzZSBSRVFVSVJFRC4gVGhlCiAgICAgICAgICAgICAgc2NvcGUgb2YgdGhlIGFjY2Vz
cyB0b2tlbiBhcyBkZXNjcmliZWQgYnkgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNzY29wZSc+U2Vj
dGlvbiZuYnNwOzMuMzxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5BY2Nlc3MgVG9r
ZW4gU2NvcGU8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LgogICAgICAgICAgICAKPC9kZD4KPC9k
bD48L2Jsb2NrcXVvdGU+PHA+CiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBUaGUgcGFyYW1l
dGVycyBhcmUgaW5jbHVkZWQgaW4gdGhlIGVudGl0eSBib2R5IG9mIHRoZSBIVFRQIHJlc3BvbnNl
IHVzaW5nIHRoZQogICAgICAgICAgPHR0PmFwcGxpY2F0aW9uL2pzb248L3R0PiBtZWRpYSB0eXBl
IGFzIGRlZmluZWQgYnkKICAgICAgICAgIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjUkZDNDYyNyc+
W1JGQzQ2MjddPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkNyb2NrZm9yZCwgRC4s
ICZsZHF1bztUaGUgYXBwbGljYXRpb24vanNvbiBNZWRpYSBUeXBlIGZvciBKYXZhU2NyaXB0IE9i
amVjdCBOb3RhdGlvbiAoSlNPTiksJnJkcXVvOyBKdWx5Jm5ic3A7MjAwNi48L3NwYW4+PHNwYW4+
KTwvc3Bhbj48L2E+LiBUaGUgcGFyYW1ldGVycyBhcmUgc2VyaWFsaXplZCBpbnRvIGEgSlNPTiBz
dHJ1Y3R1cmUgYnkKICAgICAgICAgIGFkZGluZyBlYWNoIHBhcmFtZXRlciBhdCB0aGUgaGlnaGVz
dCBzdHJ1Y3R1cmUgbGV2ZWwuIFBhcmFtZXRlciBuYW1lcyBhbmQgc3RyaW5nIHZhbHVlcwogICAg
ICAgICAgYXJlIGluY2x1ZGVkIGFzIEpTT04gc3RyaW5ncy4gTnVtZXJpY2FsIHZhbHVlcyBhcmUg
aW5jbHVkZWQgYXMgSlNPTiBudW1iZXJzLiBUaGUgb3JkZXIgb2YKICAgICAgICAgIHBhcmFtZXRl
cnMgZG9lcyBub3QgbWF0dGVyIGFuZCBjYW4gdmFyeS4KICAgICAgICAKPC9wPgo8cD4KICAgICAg
ICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIGluY2x1ZGUgdGhlIEhUVFAKICAgICAg
ICAgIDx0dD5DYWNoZS1Db250cm9sPC90dD4gcmVzcG9uc2UgaGVhZGVyIGZpZWxkIDxhIGNsYXNz
PSdpbmZvJyBocmVmPScjUkZDMjYxNic+W1JGQzI2MTZdPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xh
c3M9J2luZm8nPkZpZWxkaW5nLCBSLiwgR2V0dHlzLCBKLiwgTW9ndWwsIEouLCBGcnlzdHlrLCBI
LiwgTWFzaW50ZXIsIEwuLCBMZWFjaCwgUC4sIGFuZCBULiBCZXJuZXJzLUxlZSwgJmxkcXVvO0h5
cGVydGV4dCBUcmFuc2ZlciBQcm90b2NvbCAtLSBIVFRQLzEuMSwmcmRxdW87IEp1bmUmbmJzcDsx
OTk5Ljwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4KICAgICAgICAgIHdpdGggYSB2YWx1ZSBvZiA8
dHQ+bm8tc3RvcmU8L3R0PiBpbiBhbnkgcmVzcG9uc2UgY29udGFpbmluZyB0b2tlbnMsCiAgICAg
ICAgICBjcmVkZW50aWFscywgb3Igb3RoZXIgc2Vuc2l0aXZlIGluZm9ybWF0aW9uLCBhcyB3ZWxs
IGFzIHRoZQogICAgICAgICAgPHR0PlByYWdtYTwvdHQ+IHJlc3BvbnNlIGhlYWRlciBmaWVsZCA8
YSBjbGFzcz0naW5mbycgaHJlZj0nI1JGQzI2MTYnPltSRkMyNjE2XTxzcGFuPiAoPC9zcGFuPjxz
cGFuIGNsYXNzPSdpbmZvJz5GaWVsZGluZywgUi4sIEdldHR5cywgSi4sIE1vZ3VsLCBKLiwgRnJ5
c3R5aywgSC4sIE1hc2ludGVyLCBMLiwgTGVhY2gsIFAuLCBhbmQgVC4gQmVybmVycy1MZWUsICZs
ZHF1bztIeXBlcnRleHQgVHJhbnNmZXIgUHJvdG9jb2wgLS0gSFRUUC8xLjEsJnJkcXVvOyBKdW5l
Jm5ic3A7MTk5OS48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+IHdpdGggYQogICAgICAgICAgdmFs
dWUgb2YgPHR0Pm5vLWNhY2hlPC90dD4uCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgIEZv
ciBleGFtcGxlOgogICAgICAgICAgCjwvcD48ZGl2IHN0eWxlPSdkaXNwbGF5OiB0YWJsZTsgd2lk
dGg6IDA7IG1hcmdpbi1sZWZ0OiAzZW07IG1hcmdpbi1yaWdodDogYXV0byc+PHByZT4KCiAgSFRU
UC8xLjEgMjAwIE9LCiAgQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9qc29uO2NoYXJzZXQ9VVRG
LTgKICBDYWNoZS1Db250cm9sOiBuby1zdG9yZQogIFByYWdtYTogbm8tY2FjaGUKCiAgewogICAg
ImFjY2Vzc190b2tlbiI6IjJZb3RuRlpGRWpyMXpDc2ljTVdwQUEiLAogICAgInRva2VuX3R5cGUi
OiJleGFtcGxlIiwKICAgICJleHBpcmVzX2luIjozNjAwLAogICAgInJlZnJlc2hfdG9rZW4iOiJ0
R3p2M0pPa0YwWEc1UXgyVGxLV0lBIiwKICAgICJleGFtcGxlX3BhcmFtZXRlciI6ImV4YW1wbGVf
dmFsdWUiCiAgfQoKPC9wcmU+PC9kaXY+CjxwPgogICAgICAgICAgVGhlIGNsaWVudCBNVVNUIGln
bm9yZSB1bnJlY29nbml6ZWQgdmFsdWUgbmFtZXMgaW4gdGhlIHJlc3BvbnNlLiBUaGUgc2l6ZXMg
b2YgdG9rZW5zIGFuZAogICAgICAgICAgb3RoZXIgdmFsdWVzIHJlY2VpdmVkIGZyb20gdGhlIGF1
dGhvcml6YXRpb24gc2VydmVyIGFyZSBsZWZ0IHVuZGVmaW5lZC4gVGhlIGNsaWVudCBzaG91bGQK
ICAgICAgICAgIGF2b2lkIG1ha2luZyBhc3N1bXB0aW9ucyBhYm91dCB2YWx1ZSBzaXplcy4gVGhl
IGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCBkb2N1bWVudCB0aGUKICAgICAgICAgIHNpemUg
b2YgYW55IHZhbHVlIGl0IGlzc3Vlcy4KICAgICAgICAKPC9wPgo8YSBuYW1lPSJ0b2tlbi1lcnJv
cnMiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9
IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQg
Y2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90
cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi41LjIiPjwvYT48aDM+NS4yLiZuYnNwOwpF
cnJvciBSZXNwb25zZTwvaDM+Cgo8cD4KICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZl
ciByZXNwb25kcyB3aXRoIGFuIEhUVFAgNDAwIChCYWQgUmVxdWVzdCkgc3RhdHVzIGNvZGUgKHVu
bGVzcwogICAgICAgICAgc3BlY2lmaWVkIG90aGVyd2lzZSkgYW5kIGluY2x1ZGVzIHRoZSBmb2xs
b3dpbmcgcGFyYW1ldGVycyB3aXRoIHRoZSByZXNwb25zZToKICAgICAgICAKPC9wPgo8cD4KICAg
ICAgICAgIDwvcD4KPGJsb2NrcXVvdGUgY2xhc3M9InRleHQiPjxkbD4KPGR0PmVycm9yPC9kdD4K
PGRkPgogICAgICAgICAgICAgIAogICAgICAgICAgICAgIFJFUVVJUkVELiBBIHNpbmdsZSBBU0NJ
SSA8YSBjbGFzcz0naW5mbycgaHJlZj0nI1VTQVNDSUknPltVU0FTQ0lJXTxzcGFuPiAoPC9zcGFu
PjxzcGFuIGNsYXNzPSdpbmZvJz5BbWVyaWNhbiBOYXRpb25hbCBTdGFuZGFyZHMgSW5zdGl0dXRl
LCAmbGRxdW87Q29kZWQgQ2hhcmFjdGVyIFNldCAtLSA3LWJpdCBBbWVyaWNhbiBTdGFuZGFyZCBD
b2RlIGZvciBJbmZvcm1hdGlvbiBJbnRlcmNoYW5nZSwmcmRxdW87IDE5ODYuPC9zcGFuPjxzcGFu
Pik8L3NwYW4+PC9hPiBlcnJvciBjb2RlIGZyb20gdGhlIGZvbGxvd2luZzoKCiAgICAgICAgICAg
ICAgCjxibG9ja3F1b3RlIGNsYXNzPSJ0ZXh0Ij48ZGw+CjxkdD5pbnZhbGlkX3JlcXVlc3Q8L2R0
Pgo8ZGQ+CiAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICBUaGUgcmVxdWVzdCBp
cyBtaXNzaW5nIGEgcmVxdWlyZWQgcGFyYW1ldGVyLCBpbmNsdWRlcyBhbiB1bnN1cHBvcnRlZAog
ICAgICAgICAgICAgICAgICBwYXJhbWV0ZXIgdmFsdWUgKG90aGVyIHRoYW4gZ3JhbnQgdHlwZSks
IHJlcGVhdHMgYSBwYXJhbWV0ZXIsIGluY2x1ZGVzIG11bHRpcGxlCiAgICAgICAgICAgICAgICAg
IGNyZWRlbnRpYWxzLCB1dGlsaXplcyBtb3JlIHRoYW4gb25lIG1lY2hhbmlzbSBmb3IgYXV0aGVu
dGljYXRpbmcgdGhlIGNsaWVudCwKICAgICAgICAgICAgICAgICAgb3IgaXMgb3RoZXJ3aXNlIG1h
bGZvcm1lZC4KICAgICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+aW52YWxpZF9jbGllbnQ8L2R0Pgo8
ZGQ+CiAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICBDbGllbnQgYXV0aGVudGlj
YXRpb24gZmFpbGVkIChlLmcuIHVua25vd24gY2xpZW50LCBubyBjbGllbnQgYXV0aGVudGljYXRp
b24KICAgICAgICAgICAgICAgICAgaW5jbHVkZWQsIG9yIHVuc3VwcG9ydGVkIGF1dGhlbnRpY2F0
aW9uIG1ldGhvZCkuIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNQVkKICAgICAgICAgICAgICAg
ICAgcmV0dXJuIGFuIEhUVFAgNDAxIChVbmF1dGhvcml6ZWQpIHN0YXR1cyBjb2RlIHRvIGluZGlj
YXRlIHdoaWNoIEhUVFAKICAgICAgICAgICAgICAgICAgYXV0aGVudGljYXRpb24gc2NoZW1lcyBh
cmUgc3VwcG9ydGVkLiBJZiB0aGUgY2xpZW50IGF0dGVtcHRlZCB0byBhdXRoZW50aWNhdGUgdmlh
CiAgICAgICAgICAgICAgICAgIHRoZSA8dHQ+QXV0aG9yaXphdGlvbjwvdHQ+IHJlcXVlc3QgaGVh
ZGVyIGZpZWxkLAogICAgICAgICAgICAgICAgICB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVT
VCByZXNwb25kIHdpdGggYW4gSFRUUCA0MDEgKFVuYXV0aG9yaXplZCkgc3RhdHVzCiAgICAgICAg
ICAgICAgICAgIGNvZGUsIGFuZCBpbmNsdWRlIHRoZSA8dHQ+V1dXLUF1dGhlbnRpY2F0ZTwvdHQ+
IHJlc3BvbnNlCiAgICAgICAgICAgICAgICAgIGhlYWRlciBmaWVsZCBtYXRjaGluZyB0aGUgYXV0
aGVudGljYXRpb24gc2NoZW1lIHVzZWQgYnkgdGhlIGNsaWVudC4KICAgICAgICAgICAgICAgIAo8
L2RkPgo8ZHQ+aW52YWxpZF9ncmFudDwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgICAgCiAgICAg
ICAgICAgICAgICAgIFRoZSBwcm92aWRlZCBhdXRob3JpemF0aW9uIGdyYW50IChlLmcuIGF1dGhv
cml6YXRpb24gY29kZSwgcmVzb3VyY2Ugb3duZXIKICAgICAgICAgICAgICAgICAgY3JlZGVudGlh
bHMpIG9yIHJlZnJlc2ggdG9rZW4gaXMgaW52YWxpZCwgZXhwaXJlZCwgcmV2b2tlZCwgZG9lcyBu
b3QgbWF0Y2ggdGhlCiAgICAgICAgICAgICAgICAgIHJlZGlyZWN0aW9uIFVSSSB1c2VkIGluIHRo
ZSBhdXRob3JpemF0aW9uIHJlcXVlc3QsIG9yIHdhcyBpc3N1ZWQgdG8gYW5vdGhlcgogICAgICAg
ICAgICAgICAgICBjbGllbnQuCiAgICAgICAgICAgICAgICAKPC9kZD4KPGR0PnVuYXV0aG9yaXpl
ZF9jbGllbnQ8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICBU
aGUgYXV0aGVudGljYXRlZCBjbGllbnQgaXMgbm90IGF1dGhvcml6ZWQgdG8gdXNlIHRoaXMgYXV0
aG9yaXphdGlvbiBncmFudCB0eXBlLgogICAgICAgICAgICAgICAgCjwvZGQ+CjxkdD51bnN1cHBv
cnRlZF9ncmFudF90eXBlPC9kdD4KPGRkPgogICAgICAgICAgICAgICAgICAKICAgICAgICAgICAg
ICAgICAgVGhlIGF1dGhvcml6YXRpb24gZ3JhbnQgdHlwZSBpcyBub3Qgc3VwcG9ydGVkIGJ5IHRo
ZSBhdXRob3JpemF0aW9uIHNlcnZlci4KICAgICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+aW52YWxp
ZF9zY29wZTwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgIFRo
ZSByZXF1ZXN0ZWQgc2NvcGUgaXMgaW52YWxpZCwgdW5rbm93biwgbWFsZm9ybWVkLCBvciBleGNl
ZWRzIHRoZSBzY29wZSBncmFudGVkCiAgICAgICAgICAgICAgICAgIGJ5IHRoZSByZXNvdXJjZSBv
d25lci4KICAgICAgICAgICAgICAgIAo8L2RkPgo8L2RsPjwvYmxvY2txdW90ZT4KCgkgICAgICBW
YWx1ZXMgZm9yIHRoZSA8dHQ+ZXJyb3I8L3R0PiBwYXJhbWV0ZXIgTVVTVCBOT1QgaW5jbHVkZQoJ
ICAgICAgY2hhcmFjdGVycyBvdXRzaWRlIHRoZSBzZXQgJXgyMC0yMSAvICV4MjMtNUIgLyAleDVE
LTdFLgogICAgICAgICAgICAKPC9kZD4KPGR0PmVycm9yX2Rlc2NyaXB0aW9uPC9kdD4KPGRkPgog
ICAgICAgICAgICAgIAogICAgICAgICAgICAgIE9QVElPTkFMLiBBIGh1bWFuLXJlYWRhYmxlIEFT
Q0lJIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjVVNBU0NJSSc+W1VTQVNDSUldPHNwYW4+ICg8L3Nw
YW4+PHNwYW4gY2xhc3M9J2luZm8nPkFtZXJpY2FuIE5hdGlvbmFsIFN0YW5kYXJkcyBJbnN0aXR1
dGUsICZsZHF1bztDb2RlZCBDaGFyYWN0ZXIgU2V0IC0tIDctYml0IEFtZXJpY2FuIFN0YW5kYXJk
IENvZGUgZm9yIEluZm9ybWF0aW9uIEludGVyY2hhbmdlLCZyZHF1bzsgMTk4Ni48L3NwYW4+PHNw
YW4+KTwvc3Bhbj48L2E+IHRleHQgcHJvdmlkaW5nIGFkZGl0aW9uYWwgaW5mb3JtYXRpb24sCiAg
ICAgICAgICAgICAgdXNlZCB0byBhc3Npc3QgdGhlIGNsaWVudCBkZXZlbG9wZXIgaW4gdW5kZXJz
dGFuZGluZyB0aGUgZXJyb3IgdGhhdCBvY2N1cnJlZC4KCSAgICAgIDxiciAvPgoKCSAgICAgIFZh
bHVlcyBmb3IgdGhlIDx0dD5lcnJvcl9kZXNjcmlwdGlvbjwvdHQ+IHBhcmFtZXRlciBNVVNUIE5P
VCBpbmNsdWRlCgkgICAgICBjaGFyYWN0ZXJzIG91dHNpZGUgdGhlIHNldCAleDIwLTIxIC8gJXgy
My01QiAvICV4NUQtN0UuCiAgICAgICAgICAgIAo8L2RkPgo8ZHQ+ZXJyb3JfdXJpPC9kdD4KPGRk
PgogICAgICAgICAgICAgIAogICAgICAgICAgICAgIE9QVElPTkFMLiBBIFVSSSBpZGVudGlmeWlu
ZyBhIGh1bWFuLXJlYWRhYmxlIHdlYiBwYWdlIHdpdGggaW5mb3JtYXRpb24gYWJvdXQgdGhlCiAg
ICAgICAgICAgICAgZXJyb3IsIHVzZWQgdG8gcHJvdmlkZSB0aGUgY2xpZW50IGRldmVsb3BlciB3
aXRoIGFkZGl0aW9uYWwgaW5mb3JtYXRpb24gYWJvdXQgdGhlCiAgICAgICAgICAgICAgZXJyb3Iu
CgkgICAgICA8YnIgLz4KCgkgICAgICBWYWx1ZXMgZm9yIHRoZSA8dHQ+ZXJyb3JfdXJpPC90dD4g
cGFyYW1ldGVyCgkgICAgICBNVVNUIGNvbmZvcm0gdG8gdGhlIFVSSS1SZWZlcmVuY2Ugc3ludGF4
LCBhbmQgdGh1cyBNVVNUIE5PVCBpbmNsdWRlCgkgICAgICBjaGFyYWN0ZXJzIG91dHNpZGUgdGhl
IHNldCAleDIxIC8gJXgyMy01QiAvICV4NUQtN0UuCiAgICAgICAgICAgIAo8L2RkPgo8L2RsPjwv
YmxvY2txdW90ZT48cD4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIFRoZSBwYXJhbWV0ZXJz
IGFyZSBpbmNsdWRlZCBpbiB0aGUgZW50aXR5IGJvZHkgb2YgdGhlIEhUVFAgcmVzcG9uc2UgdXNp
bmcgdGhlCiAgICAgICAgICA8dHQ+YXBwbGljYXRpb24vanNvbjwvdHQ+IG1lZGlhIHR5cGUgYXMg
ZGVmaW5lZCBieQogICAgICAgICAgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNSRkM0NjI3Jz5bUkZD
NDYyN108c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+Q3JvY2tmb3JkLCBELiwgJmxk
cXVvO1RoZSBhcHBsaWNhdGlvbi9qc29uIE1lZGlhIFR5cGUgZm9yIEphdmFTY3JpcHQgT2JqZWN0
IE5vdGF0aW9uIChKU09OKSwmcmRxdW87IEp1bHkmbmJzcDsyMDA2Ljwvc3Bhbj48c3Bhbj4pPC9z
cGFuPjwvYT4uIFRoZSBwYXJhbWV0ZXJzIGFyZSBzZXJpYWxpemVkIGludG8gYSBKU09OIHN0cnVj
dHVyZSBieQogICAgICAgICAgYWRkaW5nIGVhY2ggcGFyYW1ldGVyIGF0IHRoZSBoaWdoZXN0IHN0
cnVjdHVyZSBsZXZlbC4gUGFyYW1ldGVyIG5hbWVzIGFuZCBzdHJpbmcgdmFsdWVzCiAgICAgICAg
ICBhcmUgaW5jbHVkZWQgYXMgSlNPTiBzdHJpbmdzLiBOdW1lcmljYWwgdmFsdWVzIGFyZSBpbmNs
dWRlZCBhcyBKU09OIG51bWJlcnMuIFRoZSBvcmRlciBvZgogICAgICAgICAgcGFyYW1ldGVycyBk
b2VzIG5vdCBtYXR0ZXIgYW5kIGNhbiB2YXJ5LgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAg
ICBGb3IgZXhhbXBsZToKICAgICAgICAgIAo8L3A+PGRpdiBzdHlsZT0nZGlzcGxheTogdGFibGU7
IHdpZHRoOiAwOyBtYXJnaW4tbGVmdDogM2VtOyBtYXJnaW4tcmlnaHQ6IGF1dG8nPjxwcmU+Cgog
IEhUVFAvMS4xIDQwMCBCYWQgUmVxdWVzdAogIENvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vanNv
bjtjaGFyc2V0PVVURi04CiAgQ2FjaGUtQ29udHJvbDogbm8tc3RvcmUKICBQcmFnbWE6IG5vLWNh
Y2hlCgogIHsKICAgICJlcnJvciI6ImludmFsaWRfcmVxdWVzdCIKICB9Cgo8L3ByZT48L2Rpdj4K
PGEgbmFtZT0idG9rZW4tcmVmcmVzaCI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0i
bGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFs
aWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtU
T0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjYiPjwv
YT48aDM+Ni4mbmJzcDsKUmVmcmVzaGluZyBhbiBBY2Nlc3MgVG9rZW48L2gzPgoKPHA+CiAgICAg
ICAgSWYgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIGlzc3VlZCBhIHJlZnJlc2ggdG9rZW4gdG8g
dGhlIGNsaWVudCwgdGhlIGNsaWVudCBtYWtlcyBhCiAgICAgICAgcmVmcmVzaCByZXF1ZXN0IHRv
IHRoZSB0b2tlbiBlbmRwb2ludCBieSBhZGRpbmcgdGhlIGZvbGxvd2luZyBwYXJhbWV0ZXJzIHVz
aW5nIHRoZQogICAgICAgIDx0dD5hcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ8L3R0
PiBmb3JtYXQgaW4gdGhlIEhUVFAgcmVxdWVzdAogICAgICAgIGVudGl0eS1ib2R5OgogICAgICAK
PC9wPgo8cD4KICAgICAgICA8L3A+CjxibG9ja3F1b3RlIGNsYXNzPSJ0ZXh0Ij48ZGw+CjxkdD5n
cmFudF90eXBlPC9kdD4KPGRkPgogICAgICAgICAgICAKICAgICAgICAgICAgUkVRVUlSRUQuIFZh
bHVlIE1VU1QgYmUgc2V0IHRvIDx0dD5yZWZyZXNoX3Rva2VuPC90dD4uCiAgICAgICAgICAKPC9k
ZD4KPGR0PnJlZnJlc2hfdG9rZW48L2R0Pgo8ZGQ+CiAgICAgICAgICAgIAogICAgICAgICAgICBS
RVFVSVJFRC4gVGhlIHJlZnJlc2ggdG9rZW4gaXNzdWVkIHRvIHRoZSBjbGllbnQuCiAgICAgICAg
ICAKPC9kZD4KPGR0PnNjb3BlPC9kdD4KPGRkPgogICAgICAgICAgICAKICAgICAgICAgICAgT1BU
SU9OQUwuIFRoZSBzY29wZSBvZiB0aGUgYWNjZXNzIHJlcXVlc3QgYXMgZGVzY3JpYmVkIGJ5IDxh
IGNsYXNzPSdpbmZvJyBocmVmPScjc2NvcGUnPlNlY3Rpb24mbmJzcDszLjM8c3Bhbj4gKDwvc3Bh
bj48c3BhbiBjbGFzcz0naW5mbyc+QWNjZXNzIFRva2VuIFNjb3BlPC9zcGFuPjxzcGFuPik8L3Nw
YW4+PC9hPi4KICAgICAgICAgICAgVGhlIHJlcXVlc3RlZCBzY29wZSBNVVNUIE5PVCBpbmNsdWRl
IGFueSBzY29wZSBub3Qgb3JpZ2luYWxseSBncmFudGVkIGJ5IHRoZSByZXNvdXJjZQogICAgICAg
ICAgICBvd25lciwgYW5kIGlmIG9taXR0ZWQgaXMgdHJlYXRlZCBhcyBlcXVhbCB0byB0aGUgc2Nv
cGUgb3JpZ2luYWxseSBncmFudGVkIGJ5IHRoZQogICAgICAgICAgICByZXNvdXJjZSBvd25lci4K
ICAgICAgICAgIAo8L2RkPgo8L2RsPjwvYmxvY2txdW90ZT48cD4KICAgICAgCjwvcD4KPHA+CiAg
ICAgICAgQmVjYXVzZSByZWZyZXNoIHRva2VucyBhcmUgdHlwaWNhbGx5IGxvbmctbGFzdGluZyBj
cmVkZW50aWFscyB1c2VkIHRvIHJlcXVlc3QgYWRkaXRpb25hbAogICAgICAgIGFjY2VzcyB0b2tl
bnMsIHRoZSByZWZyZXNoIHRva2VuIGlzIGJvdW5kIHRvIHRoZSBjbGllbnQgd2hpY2ggaXQgd2Fz
IGlzc3VlZC4gSWYgdGhlIGNsaWVudCB0eXBlCiAgICAgICAgaXMgY29uZmlkZW50aWFsIG9yIHRo
ZSBjbGllbnQgd2FzIGlzc3VlZCBjbGllbnQgY3JlZGVudGlhbHMgKG9yIGFzc2lnbmVkIG90aGVy
CiAgICAgICAgYXV0aGVudGljYXRpb24gcmVxdWlyZW1lbnRzKSwgdGhlIGNsaWVudCBNVVNUIGF1
dGhlbnRpY2F0ZSB3aXRoIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBhcwogICAgICAgIGRlc2Ny
aWJlZCBpbiA8YSBjbGFzcz0naW5mbycgaHJlZj0nI3Rva2VuLWVuZHBvaW50LWF1dGgnPlNlY3Rp
b24mbmJzcDszLjIuMTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5DbGllbnQgQXV0
aGVudGljYXRpb248L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+LgogICAgICAKPC9wPgo8cD4KICAg
ICAgICAgIEZvciBleGFtcGxlLCB0aGUgY2xpZW50IG1ha2VzIHRoZSBmb2xsb3dpbmcgSFRUUCBy
ZXF1ZXN0IHVzaW5nIHRyYW5zcG9ydC1sYXllcgogICAgICAgICAgc2VjdXJpdHkgKGV4dHJhIGxp
bmUgYnJlYWtzIGFyZSBmb3IgZGlzcGxheSBwdXJwb3NlcyBvbmx5KToKICAgICAgICAKPC9wPjxk
aXYgc3R5bGU9J2Rpc3BsYXk6IHRhYmxlOyB3aWR0aDogMDsgbWFyZ2luLWxlZnQ6IDNlbTsgbWFy
Z2luLXJpZ2h0OiBhdXRvJz48cHJlPgoKICBQT1NUIC90b2tlbiBIVFRQLzEuMQogIEhvc3Q6IHNl
cnZlci5leGFtcGxlLmNvbQogIEF1dGhvcml6YXRpb246IEJhc2ljIGN6WkNhR1JTYTNGME16cG5X
REZtUW1GME0ySlcKICBDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5j
b2RlZDtjaGFyc2V0PVVURi04CgogIGdyYW50X3R5cGU9cmVmcmVzaF90b2tlbiZhbXA7cmVmcmVz
aF90b2tlbj10R3p2M0pPa0YwWEc1UXgyVGxLV0lBCgo8L3ByZT48L2Rpdj4KPHA+CiAgICAgICAg
VGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1Q6CiAgICAgIAo8L3A+CjxwPgogICAgICAgIDwv
cD4KPHVsIGNsYXNzPSJ0ZXh0Ij4KPGxpPgogICAgICAgICAgICByZXF1aXJlIGNsaWVudCBhdXRo
ZW50aWNhdGlvbiBmb3IgY29uZmlkZW50aWFsIGNsaWVudHMgb3IgZm9yIGFueSBjbGllbnQgdGhh
dCB3YXMKICAgICAgICAgICAgaXNzdWVkIGNsaWVudCBjcmVkZW50aWFscyAob3Igd2l0aCBvdGhl
ciBhdXRoZW50aWNhdGlvbiByZXF1aXJlbWVudHMpLAogICAgICAgICAgCjwvbGk+CjxsaT4KICAg
ICAgICAgICAgYXV0aGVudGljYXRlIHRoZSBjbGllbnQgaWYgY2xpZW50IGF1dGhlbnRpY2F0aW9u
IGlzIGluY2x1ZGVkIGFuZCBlbnN1cmUgdGhlCiAgICAgICAgICAgIHJlZnJlc2ggdG9rZW4gd2Fz
IGlzc3VlZCB0byB0aGUgYXV0aGVudGljYXRlZCBjbGllbnQsIGFuZAogICAgICAgICAgCjwvbGk+
CjxsaT4KICAgICAgICAgICAgdmFsaWRhdGUgdGhlIHJlZnJlc2ggdG9rZW4uCiAgICAgICAgICAK
PC9saT4KPC91bD48cD4KICAgICAgCjwvcD4KPHA+CiAgICAgICAgSWYgdmFsaWQgYW5kIGF1dGhv
cml6ZWQsIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBpc3N1ZXMgYW4gYWNjZXNzIHRva2VuIGFz
IGRlc2NyaWJlZCBpbgogICAgICAgIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjdG9rZW4tcmVzcG9u
c2UnPlNlY3Rpb24mbmJzcDs1LjE8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+U3Vj
Y2Vzc2Z1bCBSZXNwb25zZTwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4uIElmIHRoZSByZXF1ZXN0
IGZhaWxlZCB2ZXJpZmljYXRpb24gb3IgaXMgaW52YWxpZCwgdGhlCiAgICAgICAgYXV0aG9yaXph
dGlvbiBzZXJ2ZXIgcmV0dXJucyBhbiBlcnJvciByZXNwb25zZSBhcyBkZXNjcmliZWQgaW4KICAg
ICAgICA8YSBjbGFzcz0naW5mbycgaHJlZj0nI3Rva2VuLWVycm9ycyc+U2VjdGlvbiZuYnNwOzUu
MjxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5FcnJvciBSZXNwb25zZTwvc3Bhbj48
c3Bhbj4pPC9zcGFuPjwvYT4uCiAgICAgIAo8L3A+CjxwPgogICAgICAgIFRoZSBhdXRob3JpemF0
aW9uIHNlcnZlciBNQVkgaXNzdWUgYSBuZXcgcmVmcmVzaCB0b2tlbiwgaW4gd2hpY2ggY2FzZSB0
aGUgY2xpZW50IE1VU1QKICAgICAgICBkaXNjYXJkIHRoZSBvbGQgcmVmcmVzaCB0b2tlbiBhbmQg
cmVwbGFjZSBpdCB3aXRoIHRoZSBuZXcgcmVmcmVzaCB0b2tlbi4gVGhlIGF1dGhvcml6YXRpb24K
ICAgICAgICBzZXJ2ZXIgTUFZIHJldm9rZSB0aGUgb2xkIHJlZnJlc2ggdG9rZW4gYWZ0ZXIgaXNz
dWluZyBhIG5ldyByZWZyZXNoIHRva2VuIHRvIHRoZSBjbGllbnQuIElmCiAgICAgICAgYSBuZXcg
cmVmcmVzaCB0b2tlbiBpcyBpc3N1ZWQsIHRoZSByZWZyZXNoIHRva2VuIHNjb3BlIE1VU1QgYmUg
aWRlbnRpY2FsIHRvIHRoYXQgb2YgdGhlCiAgICAgICAgcmVmcmVzaCB0b2tlbiBpbmNsdWRlZCBi
eSB0aGUgY2xpZW50IGluIHRoZSByZXF1ZXN0LgogICAgICAKPC9wPgo8YSBuYW1lPSJhY2Nlc3Mt
cmVzb3VyY2UiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBh
ZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0
cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwv
dGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi43Ij48L2E+PGgzPjcuJm5ic3A7
CkFjY2Vzc2luZyBQcm90ZWN0ZWQgUmVzb3VyY2VzPC9oMz4KCjxwPgogICAgICAgIFRoZSBjbGll
bnQgYWNjZXNzZXMgcHJvdGVjdGVkIHJlc291cmNlcyBieSBwcmVzZW50aW5nIHRoZSBhY2Nlc3Mg
dG9rZW4gdG8gdGhlIHJlc291cmNlCiAgICAgICAgc2VydmVyLiBUaGUgcmVzb3VyY2Ugc2VydmVy
IE1VU1QgdmFsaWRhdGUgdGhlIGFjY2VzcyB0b2tlbiBhbmQgZW5zdXJlIGl0IGhhcyBub3QgZXhw
aXJlZAogICAgICAgIGFuZCB0aGF0IGl0cyBzY29wZSBjb3ZlcnMgdGhlIHJlcXVlc3RlZCByZXNv
dXJjZS4gVGhlIG1ldGhvZHMgdXNlZCBieSB0aGUgcmVzb3VyY2Ugc2VydmVyCiAgICAgICAgdG8g
dmFsaWRhdGUgdGhlIGFjY2VzcyB0b2tlbiAoYXMgd2VsbCBhcyBhbnkgZXJyb3IgcmVzcG9uc2Vz
KSBhcmUgYmV5b25kIHRoZSBzY29wZSBvZiB0aGlzCiAgICAgICAgc3BlY2lmaWNhdGlvbiwgYnV0
IGdlbmVyYWxseSBpbnZvbHZlIGFuIGludGVyYWN0aW9uIG9yIGNvb3JkaW5hdGlvbiBiZXR3ZWVu
IHRoZSByZXNvdXJjZQogICAgICAgIHNlcnZlciBhbmQgdGhlIGF1dGhvcml6YXRpb24gc2VydmVy
LgogICAgICAKPC9wPgo8cD4KICAgICAgICBUaGUgbWV0aG9kIGluIHdoaWNoIHRoZSBjbGllbnQg
dXRpbGl6ZXMgdGhlIGFjY2VzcyB0b2tlbiB0byBhdXRoZW50aWNhdGUgd2l0aCB0aGUgcmVzb3Vy
Y2UKICAgICAgICBzZXJ2ZXIgZGVwZW5kcyBvbiB0aGUgdHlwZSBvZiBhY2Nlc3MgdG9rZW4gaXNz
dWVkIGJ5IHRoZSBhdXRob3JpemF0aW9uIHNlcnZlci4gVHlwaWNhbGx5LAogICAgICAgIGl0IGlu
dm9sdmVzIHVzaW5nIHRoZSBIVFRQIDx0dD5BdXRob3JpemF0aW9uPC90dD4gcmVxdWVzdCBoZWFk
ZXIgZmllbGQKICAgICAgICA8YSBjbGFzcz0naW5mbycgaHJlZj0nI1JGQzI2MTcnPltSRkMyNjE3
XTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5GcmFua3MsIEouLCBIYWxsYW0tQmFr
ZXIsIFAuLCBIb3N0ZXRsZXIsIEouLCBMYXdyZW5jZSwgUy4sIExlYWNoLCBQLiwgTHVvdG9uZW4s
IEEuLCBhbmQgTC4gU3Rld2FydCwgJmxkcXVvO0hUVFAgQXV0aGVudGljYXRpb246IEJhc2ljIGFu
ZCBEaWdlc3QgQWNjZXNzIEF1dGhlbnRpY2F0aW9uLCZyZHF1bzsgSnVuZSZuYnNwOzE5OTkuPC9z
cGFuPjxzcGFuPik8L3NwYW4+PC9hPiB3aXRoIGFuIGF1dGhlbnRpY2F0aW9uIHNjaGVtZSBkZWZp
bmVkIGJ5IHRoZSBhY2Nlc3MgdG9rZW4gdHlwZQogICAgICAgIHNwZWNpZmljYXRpb24uCiAgICAg
IAo8L3A+CjxhIG5hbWU9InRva2VuLXR5cGVzIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1t
YXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1
ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZu
YnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24u
Ny4xIj48L2E+PGgzPjcuMS4mbmJzcDsKQWNjZXNzIFRva2VuIFR5cGVzPC9oMz4KCjxwPgogICAg
ICAgICAgVGhlIGFjY2VzcyB0b2tlbiB0eXBlIHByb3ZpZGVzIHRoZSBjbGllbnQgd2l0aCB0aGUg
aW5mb3JtYXRpb24gcmVxdWlyZWQgdG8gc3VjY2Vzc2Z1bGx5CiAgICAgICAgICB1dGlsaXplIHRo
ZSBhY2Nlc3MgdG9rZW4gdG8gbWFrZSBhIHByb3RlY3RlZCByZXNvdXJjZSByZXF1ZXN0IChhbG9u
ZyB3aXRoIHR5cGUtc3BlY2lmaWMKICAgICAgICAgIGF0dHJpYnV0ZXMpLiBUaGUgY2xpZW50IE1V
U1QgTk9UIHVzZSBhbiBhY2Nlc3MgdG9rZW4gaWYgaXQgZG9lcyBub3QgdW5kZXJzdGFuZCB0aGUg
dG9rZW4KICAgICAgICAgIHR5cGUuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgIEZvciBl
eGFtcGxlLCB0aGUgPHR0PmJlYXJlcjwvdHQ+IHRva2VuIHR5cGUgZGVmaW5lZCBpbgogICAgICAg
ICAgICA8YSBjbGFzcz0naW5mbycgaHJlZj0nI0ktRC5pZXRmLW9hdXRoLXYyLWJlYXJlcic+W0km
IzgyMDk7RC5pZXRmJiM4MjA5O29hdXRoJiM4MjA5O3YyJiM4MjA5O2JlYXJlcl08c3Bhbj4gKDwv
c3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+Sm9uZXMsIE0uLCBIYXJkdCwgRC4sIGFuZCBELiBSZWNv
cmRvbiwgJmxkcXVvO1RoZSBPQXV0aCAyLjAgQXV0aG9yaXphdGlvbiBQcm90b2NvbDogQmVhcmVy
IFRva2VucywmcmRxdW87IEFwcmlsJm5ic3A7MjAxMi48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+
IGlzIHV0aWxpemVkIGJ5IHNpbXBseSBpbmNsdWRpbmcgdGhlIGFjY2VzcwogICAgICAgICAgICB0
b2tlbiBzdHJpbmcgaW4gdGhlIHJlcXVlc3Q6CiAgICAgICAgICAKPC9wPjxkaXYgc3R5bGU9J2Rp
c3BsYXk6IHRhYmxlOyB3aWR0aDogMDsgbWFyZ2luLWxlZnQ6IDNlbTsgbWFyZ2luLXJpZ2h0OiBh
dXRvJz48cHJlPgoKICBHRVQgL3Jlc291cmNlLzEgSFRUUC8xLjEKICBIb3N0OiBleGFtcGxlLmNv
bQogIEF1dGhvcml6YXRpb246IEJlYXJlciBtRl85LkI1Zi00LjFKcU0KCjwvcHJlPjwvZGl2Pgo8
cD4KICAgICAgICAgICAgd2hpbGUgdGhlIDx0dD5tYWM8L3R0PiB0b2tlbiB0eXBlIGRlZmluZWQg
aW4KICAgICAgICAgICAgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNJLUQuaWV0Zi1vYXV0aC12Mi1o
dHRwLW1hYyc+W0kmIzgyMDk7RC5pZXRmJiM4MjA5O29hdXRoJiM4MjA5O3YyJiM4MjA5O2h0dHAm
IzgyMDk7bWFjXTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5IYW1tZXItTGFoYXYs
IEUuLCAmbGRxdW87SFRUUCBBdXRoZW50aWNhdGlvbjogTUFDIEFjY2VzcyBBdXRoZW50aWNhdGlv
biwmcmRxdW87IEZlYnJ1YXJ5Jm5ic3A7MjAxMi48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+IGlz
IHV0aWxpemVkIGJ5IGlzc3VpbmcgYSBNQUMga2V5CiAgICAgICAgICAgIHRvZ2V0aGVyIHdpdGgg
dGhlIGFjY2VzcyB0b2tlbiB3aGljaCBpcyB1c2VkIHRvIHNpZ24gY2VydGFpbiBjb21wb25lbnRz
IG9mIHRoZSBIVFRQCiAgICAgICAgICAgIHJlcXVlc3RzOgogICAgICAgICAgCjwvcD48ZGl2IHN0
eWxlPSdkaXNwbGF5OiB0YWJsZTsgd2lkdGg6IDA7IG1hcmdpbi1sZWZ0OiAzZW07IG1hcmdpbi1y
aWdodDogYXV0byc+PHByZT4KCiAgR0VUIC9yZXNvdXJjZS8xIEhUVFAvMS4xCiAgSG9zdDogZXhh
bXBsZS5jb20KICBBdXRob3JpemF0aW9uOiBNQUMgaWQ9Img0ODBkanM5M2hkOCIsCiAgICAgICAg
ICAgICAgICAgICAgIG5vbmNlPSIyNzQzMTI6ZGo4M2hzOXMiLAogICAgICAgICAgICAgICAgICAg
ICBtYWM9ImtEWnZkZGtuZHh2aEdSWFpodnVEakVXaEdlRT0iCgo8L3ByZT48L2Rpdj4KPHA+CiAg
ICAgICAgICBUaGUgYWJvdmUgZXhhbXBsZXMgYXJlIHByb3ZpZGVkIGZvciBpbGx1c3RyYXRpb24g
cHVycG9zZXMgb25seS4gRGV2ZWxvcGVycyBhcmUgYWR2aXNlZCB0bwogICAgICAgICAgY29uc3Vs
dCB0aGUgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNJLUQuaWV0Zi1vYXV0aC12Mi1iZWFyZXInPltJ
JiM4MjA5O0QuaWV0ZiYjODIwOTtvYXV0aCYjODIwOTt2MiYjODIwOTtiZWFyZXJdPHNwYW4+ICg8
L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkpvbmVzLCBNLiwgSGFyZHQsIEQuLCBhbmQgRC4gUmVj
b3Jkb24sICZsZHF1bztUaGUgT0F1dGggMi4wIEF1dGhvcml6YXRpb24gUHJvdG9jb2w6IEJlYXJl
ciBUb2tlbnMsJnJkcXVvOyBBcHJpbCZuYnNwOzIwMTIuPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9h
PiBhbmQKICAgICAgICAgIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjSS1ELmlldGYtb2F1dGgtdjIt
aHR0cC1tYWMnPltJJiM4MjA5O0QuaWV0ZiYjODIwOTtvYXV0aCYjODIwOTt2MiYjODIwOTtodHRw
JiM4MjA5O21hY108c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+SGFtbWVyLUxhaGF2
LCBFLiwgJmxkcXVvO0hUVFAgQXV0aGVudGljYXRpb246IE1BQyBBY2Nlc3MgQXV0aGVudGljYXRp
b24sJnJkcXVvOyBGZWJydWFyeSZuYnNwOzIwMTIuPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPiBz
cGVjaWZpY2F0aW9ucyBiZWZvcmUgdXNlLgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgRWFj
aCBhY2Nlc3MgdG9rZW4gdHlwZSBkZWZpbml0aW9uIHNwZWNpZmllcyB0aGUgYWRkaXRpb25hbCBh
dHRyaWJ1dGVzIChpZiBhbnkpIHNlbnQgdG8KICAgICAgICAgIHRoZSBjbGllbnQgdG9nZXRoZXIg
d2l0aCB0aGUgPHR0PmFjY2Vzc190b2tlbjwvdHQ+IHJlc3BvbnNlIHBhcmFtZXRlci4KICAgICAg
ICAgIEl0IGFsc28gZGVmaW5lcyB0aGUgSFRUUCBhdXRoZW50aWNhdGlvbiBtZXRob2QgdXNlZCB0
byBpbmNsdWRlIHRoZSBhY2Nlc3MgdG9rZW4gd2hlbgogICAgICAgICAgbWFraW5nIGEgcHJvdGVj
dGVkIHJlc291cmNlIHJlcXVlc3QuCiAgICAgICAgCjwvcD4KPGEgbmFtZT0icmVzb3VyY2UtZXJy
b3JzIj48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5n
PSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRk
IGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwv
dHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uNy4yIj48L2E+PGgzPjcuMi4mbmJzcDsK
RXJyb3IgUmVzcG9uc2U8L2gzPgoKPHA+CgkgIElmIGEgcmVzb3VyY2UgYWNjZXNzIHJlcXVlc3Qg
ZmFpbHMsIHRoZSByZXNvdXJjZSBzZXJ2ZXIgU0hPVUxEIGluZm9ybQoJICB0aGUgY2xpZW50IG9m
IHRoZSBlcnJvci4gIFdoaWxlIHRoZSBzcGVjaWZpYyBlcnJvciByZXNwb25zZXMgcG9zc2libGUK
CSAgYW5kIG1ldGhvZHMgZm9yIHRyYW5zbWl0dGluZyB0aG9zZSBlcnJvcnMgd2hlbiB1c2luZyBh
bnkgcGFydGljdWxhcgoJICBhY2Nlc3MgdG9rZW4gdHlwZSBhcmUgYmV5b25kIHRoZSBzY29wZSBv
ZiB0aGlzIHNwZWNpZmljYXRpb24sCgkgIGFueSA8dHQ+ZXJyb3I8L3R0PiBjb2RlIHZhbHVlcyBk
ZWZpbmVkIGZvciB1c2Ugd2l0aAoJICBPQXV0aCByZXNvdXJjZSBhY2Nlc3MgbWV0aG9kcyBNVVNU
IGJlIHJlZ2lzdGVyZWQKCSAgKGZvbGxvd2luZyB0aGUgcHJvY2VkdXJlcyBpbiA8YSBjbGFzcz0n
aW5mbycgaHJlZj0nI2Vycm9yLXJlZ2lzdHJ5Jz5TZWN0aW9uJm5ic3A7MTEuNDxzcGFuPiAoPC9z
cGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5UaGUgT0F1dGggRXh0ZW5zaW9ucyBFcnJvciBSZWdpc3Ry
eTwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4pLgoJCjwvcD4KPHA+CgkgIFNwZWNpZmljYWxseSwg
d2hlbiB0aGUgT0F1dGggcmVzb3VyY2UgYWNjZXNzIG1ldGhvZCB1c2VzIGFuCgkgIDx0dD5lcnJv
cjwvdHQ+IHJlc3VsdCBwYXJhbWV0ZXIgdG8gcmV0dXJuCgkgIGFuIGVycm9yIGNvZGUgdmFsdWUg
dGhhdCBpbmRpY2F0ZXMgdGhlIHJlc291cmNlIGFjY2VzcyBlcnJvcgoJICBlbmNvdW50ZXJlZCwg
dGhlbiB0aGVzZSBlcnJvciBjb2RlIHZhbHVlcyBNVVNUIGJlIHJlZ2lzdGVyZWQuCgkgIFZhbHVl
cyBmb3IgdGhlc2UgPHR0PmVycm9yPC90dD4gY29kZXMgTVVTVCBOT1QgaW5jbHVkZQoJICBjaGFy
YWN0ZXJzIG91dHNpZGUgdGhlIHNldCAleDIwLTIxIC8gJXgyMy01QiAvICV4NUQtN0UuCgkgIFdo
ZW4gYW4gIDx0dD5lcnJvcjwvdHQ+IGNvZGUgdmFsdWUgaXMgcmVnaXN0ZXJlZAoJICBmb3IgdXNl
IGJ5IGFuIE9BdXRoIHJlc291cmNlIGFjY2VzcyBtZXRob2QsIHNob3VsZCB0aGF0IHNhbWUgY29k
ZSBhbHJlYWR5CgkgIGJlIHJlZ2lzdGVyZWQgZm9yIHVzZSBieSBhbm90aGVyIE9BdXRoIHJlc291
cmNlIGFjY2VzcyBtZXRob2Qgb3IgYXQKCSAgYSBkaWZmZXJlbnQgT0F1dGggZXJyb3IgdXNhZ2Ug
bG9jYXRpb24sIHRoZW4gdGhlIG1lYW5pbmcgb2YgdGhhdCBlcnJvciBjb2RlCgkgIHZhbHVlIGlu
IGluIHRoZSBuZXcgcmVnaXN0cmF0aW9uIE1VU1QgYmUgY29uc2lzdGVudCB3aXRoIHRoZSBpdHMg
bWVhbmluZwoJICBpbiBwcmlvciByZWdpc3RyYXRpb25zLgoJCjwvcD4KPHA+CgkgIFRoZSBPQXV0
aCByZXNvdXJjZSBhY2Nlc3MgZXJyb3IgcmVnaXN0cmF0aW9uIHJlcXVpcmVtZW50IGFwcGxpZXMg
b25seSB0bwoJICA8dHQ+ZXJyb3I8L3R0PiBjb2RlIHZhbHVlcyBhbmQgbm90IHRvIG90aGVyCgkg
IG1lYW5zIG9mIHJldHVybmluZyBlcnJvciBpbmRpY2F0aW9ucywgaW5jbHVkaW5nIEhUVFAgc3Rh
dHVzIGNvZGVzLAoJICBvciBvdGhlciBlcnJvci1yZWxhdGVkIHJlc3VsdCBwYXJhbWV0ZXJzLCBz
dWNoIGFzCgkgIDx0dD5lcnJvcl9kZXNjcmlwdGlvbjwvdHQ+LAoJICA8dHQ+ZXJyb3JfdXJpPC90
dD4sIG9yIG90aGVyIGtpbmRzIG9mIGVycm9yCgkgIHN0YXR1cyByZXR1cm4gbWV0aG9kcyB0aGF0
IG1heSBiZSBlbXBsb3llZCBieSB0aGUgcmVzb3VyY2UgYWNjZXNzIG1ldGhvZC4KCSAgVGhlcmUg
aXMgbm8gcmVxdWlyZW1lbnQgdGhhdCBPQXV0aCByZXNvdXJjZSBhY2Nlc3MgbWV0aG9kcwoJICBl
bXBsb3kgYW4gPHR0PmVycm9yPC90dD4gcGFyYW1ldGVyLgoJCjwvcD4KPGEgbmFtZT0iZXh0ZW5z
aW9ucyI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGlu
Zz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0
ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48
L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjgiPjwvYT48aDM+OC4mbmJzcDsKRXh0
ZW5zaWJpbGl0eTwvaDM+Cgo8YSBuYW1lPSJuZXctdHlwZXMiPjwvYT48YnIgLz48aHIgLz4KPHRh
YmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFz
cz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0i
I3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMu
c2VjdGlvbi44LjEiPjwvYT48aDM+OC4xLiZuYnNwOwpEZWZpbmluZyBBY2Nlc3MgVG9rZW4gVHlw
ZXM8L2gzPgoKPHA+CiAgICAgICAgICBBY2Nlc3MgdG9rZW4gdHlwZXMgY2FuIGJlIGRlZmluZWQg
aW4gb25lIG9mIHR3byB3YXlzOiByZWdpc3RlcmVkIGluIHRoZSBhY2Nlc3MgdG9rZW4gdHlwZQog
ICAgICAgICAgcmVnaXN0cnkgKGZvbGxvd2luZyB0aGUgcHJvY2VkdXJlcyBpbiA8YSBjbGFzcz0n
aW5mbycgaHJlZj0nI3R5cGUtcmVnaXN0cnknPlNlY3Rpb24mbmJzcDsxMS4xPHNwYW4+ICg8L3Nw
YW4+PHNwYW4gY2xhc3M9J2luZm8nPlRoZSBPQXV0aCBBY2Nlc3MgVG9rZW4gVHlwZSBSZWdpc3Ry
eTwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4pLCBvciBieSB1c2luZyBhCiAgICAgICAgICB1bmlx
dWUgYWJzb2x1dGUgVVJJIGFzIGl0cyBuYW1lLgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAg
VHlwZXMgdXRpbGl6aW5nIGEgVVJJIG5hbWUgU0hPVUxEIGJlIGxpbWl0ZWQgdG8gdmVuZG9yLXNw
ZWNpZmljIGltcGxlbWVudGF0aW9ucyB0aGF0IGFyZQogICAgICAgICAgbm90IGNvbW1vbmx5IGFw
cGxpY2FibGUsIGFuZCBhcmUgc3BlY2lmaWMgdG8gdGhlIGltcGxlbWVudGF0aW9uIGRldGFpbHMg
b2YgdGhlIHJlc291cmNlCiAgICAgICAgICBzZXJ2ZXIgd2hlcmUgdGhleSBhcmUgdXNlZC4KICAg
ICAgICAKPC9wPgo8cD4KICAgICAgICAgIEFsbCBvdGhlciB0eXBlcyBNVVNUIGJlIHJlZ2lzdGVy
ZWQuIFR5cGUgbmFtZXMgTVVTVCBjb25mb3JtIHRvIHRoZSB0eXBlLW5hbWUgQUJORi4gSWYgdGhl
CiAgICAgICAgICB0eXBlIGRlZmluaXRpb24gaW5jbHVkZXMgYSBuZXcgSFRUUCBhdXRoZW50aWNh
dGlvbiBzY2hlbWUsIHRoZSB0eXBlIG5hbWUgU0hPVUxEIGJlCiAgICAgICAgICBpZGVudGljYWwg
dG8gdGhlIEhUVFAgYXV0aGVudGljYXRpb24gc2NoZW1lIG5hbWUgKGFzIGRlZmluZWQgYnkgPGEg
Y2xhc3M9J2luZm8nIGhyZWY9JyNSRkMyNjE3Jz5bUkZDMjYxN108c3Bhbj4gKDwvc3Bhbj48c3Bh
biBjbGFzcz0naW5mbyc+RnJhbmtzLCBKLiwgSGFsbGFtLUJha2VyLCBQLiwgSG9zdGV0bGVyLCBK
LiwgTGF3cmVuY2UsIFMuLCBMZWFjaCwgUC4sIEx1b3RvbmVuLCBBLiwgYW5kIEwuIFN0ZXdhcnQs
ICZsZHF1bztIVFRQIEF1dGhlbnRpY2F0aW9uOiBCYXNpYyBhbmQgRGlnZXN0IEFjY2VzcyBBdXRo
ZW50aWNhdGlvbiwmcmRxdW87IEp1bmUmbmJzcDsxOTk5Ljwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwv
YT4pLgogICAgICAgICAgVGhlIHRva2VuIHR5cGUgPHR0PmV4YW1wbGU8L3R0PiBpcyByZXNlcnZl
ZCBmb3IgdXNlIGluIGV4YW1wbGVzLgogICAgICAgIAo8L3A+PGRpdiBzdHlsZT0nZGlzcGxheTog
dGFibGU7IHdpZHRoOiAwOyBtYXJnaW4tbGVmdDogM2VtOyBtYXJnaW4tcmlnaHQ6IGF1dG8nPjxw
cmU+CgogIHR5cGUtbmFtZSAgPSAxKm5hbWUtY2hhcgogIG5hbWUtY2hhciAgID0gIi0iIC8gIi4i
IC8gIl8iIC8gRElHSVQgLyBBTFBIQQoKPC9wcmU+PC9kaXY+CjxhIG5hbWU9ImFuY2hvcjM5Ij48
L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBj
ZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNz
PSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90
YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uOC4yIj48L2E+PGgzPjguMi4mbmJzcDsKRGVmaW5p
bmcgTmV3IEVuZHBvaW50IFBhcmFtZXRlcnM8L2gzPgoKPHA+CiAgICAgICAgICBOZXcgcmVxdWVz
dCBvciByZXNwb25zZSBwYXJhbWV0ZXJzIGZvciB1c2Ugd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBl
bmRwb2ludCBvciB0aGUgdG9rZW4KICAgICAgICAgIGVuZHBvaW50IGFyZSBkZWZpbmVkIGFuZCBy
ZWdpc3RlcmVkIGluIHRoZSBwYXJhbWV0ZXJzIHJlZ2lzdHJ5IGZvbGxvd2luZyB0aGUgcHJvY2Vk
dXJlIGluCiAgICAgICAgICA8YSBjbGFzcz0naW5mbycgaHJlZj0nI3BhcmFtZXRlcnMtcmVnaXN0
cnknPlNlY3Rpb24mbmJzcDsxMS4yPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPlRo
ZSBPQXV0aCBQYXJhbWV0ZXJzIFJlZ2lzdHJ5PC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4KICAg
ICAgICAKPC9wPgo8cD4KICAgICAgICAgIFBhcmFtZXRlciBuYW1lcyBNVVNUIGNvbmZvcm0gdG8g
dGhlIHBhcmFtLW5hbWUgQUJORiBhbmQgcGFyYW1ldGVyIHZhbHVlcyBzeW50YXggTVVTVCBiZQog
ICAgICAgICAgd2VsbC1kZWZpbmVkIChlLmcuLCB1c2luZyBBQk5GLCBvciBhIHJlZmVyZW5jZSB0
byB0aGUgc3ludGF4IG9mIGFuIGV4aXN0aW5nIHBhcmFtZXRlcikuCiAgICAgICAgCjwvcD48ZGl2
IHN0eWxlPSdkaXNwbGF5OiB0YWJsZTsgd2lkdGg6IDA7IG1hcmdpbi1sZWZ0OiAzZW07IG1hcmdp
bi1yaWdodDogYXV0byc+PHByZT4KCiAgcGFyYW0tbmFtZSAgPSAxKm5hbWUtY2hhcgogIG5hbWUt
Y2hhciAgID0gIi0iIC8gIi4iIC8gIl8iIC8gRElHSVQgLyBBTFBIQQoKPC9wcmU+PC9kaXY+Cjxw
PgogICAgICAgICAgVW5yZWdpc3RlcmVkIHZlbmRvci1zcGVjaWZpYyBwYXJhbWV0ZXIgZXh0ZW5z
aW9ucyB0aGF0IGFyZSBub3QgY29tbW9ubHkgYXBwbGljYWJsZSwgYW5kCiAgICAgICAgICBhcmUg
c3BlY2lmaWMgdG8gdGhlIGltcGxlbWVudGF0aW9uIGRldGFpbHMgb2YgdGhlIGF1dGhvcml6YXRp
b24gc2VydmVyIHdoZXJlIHRoZXkgYXJlCiAgICAgICAgICB1c2VkIFNIT1VMRCB1dGlsaXplIGEg
dmVuZG9yLXNwZWNpZmljIHByZWZpeCB0aGF0IGlzIG5vdCBsaWtlbHkgdG8gY29uZmxpY3Qgd2l0
aCBvdGhlcgogICAgICAgICAgcmVnaXN0ZXJlZCB2YWx1ZXMgKGUuZy4gYmVnaW4gd2l0aCAnY29t
cGFueW5hbWVfJykuCiAgICAgICAgCjwvcD4KPGEgbmFtZT0iYW5jaG9yNDAiPjwvYT48YnIgLz48
aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5n
PSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+
PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBu
YW1lPSJyZmMuc2VjdGlvbi44LjMiPjwvYT48aDM+OC4zLiZuYnNwOwpEZWZpbmluZyBOZXcgQXV0
aG9yaXphdGlvbiBHcmFudCBUeXBlczwvaDM+Cgo8cD4KICAgICAgICAgIE5ldyBhdXRob3JpemF0
aW9uIGdyYW50IHR5cGVzIGNhbiBiZSBkZWZpbmVkIGJ5IGFzc2lnbmluZyB0aGVtIGEgdW5pcXVl
IGFic29sdXRlIFVSSSBmb3IKICAgICAgICAgIHVzZSB3aXRoIHRoZSA8dHQ+Z3JhbnRfdHlwZTwv
dHQ+IHBhcmFtZXRlci4gSWYgdGhlIGV4dGVuc2lvbiBncmFudAogICAgICAgICAgdHlwZSByZXF1
aXJlcyBhZGRpdGlvbmFsIHRva2VuIGVuZHBvaW50IHBhcmFtZXRlcnMsIHRoZXkgTVVTVCBiZSBy
ZWdpc3RlcmVkIGluIHRoZSBPQXV0aAogICAgICAgICAgcGFyYW1ldGVycyByZWdpc3RyeSBhcyBk
ZXNjcmliZWQgYnkgPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNwYXJhbWV0ZXJzLXJlZ2lzdHJ5Jz5T
ZWN0aW9uJm5ic3A7MTEuMjxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5UaGUgT0F1
dGggUGFyYW1ldGVycyBSZWdpc3RyeTwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4uCiAgICAgICAg
CjwvcD4KPGEgbmFtZT0icmVzcG9uc2UtdHlwZS1leHQiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxl
IHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0i
VE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3Rv
YyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2Vj
dGlvbi44LjQiPjwvYT48aDM+OC40LiZuYnNwOwpEZWZpbmluZyBOZXcgQXV0aG9yaXphdGlvbiBF
bmRwb2ludCBSZXNwb25zZSBUeXBlczwvaDM+Cgo8cD4KICAgICAgICAgIE5ldyByZXNwb25zZSB0
eXBlcyBmb3IgdXNlIHdpdGggdGhlIGF1dGhvcml6YXRpb24gZW5kcG9pbnQgYXJlIGRlZmluZWQg
YW5kIHJlZ2lzdGVyZWQgaW4KICAgICAgICAgIHRoZSBhdXRob3JpemF0aW9uIGVuZHBvaW50IHJl
c3BvbnNlIHR5cGUgcmVnaXN0cnkgZm9sbG93aW5nIHRoZSBwcm9jZWR1cmUgaW4KICAgICAgICAg
IDxhIGNsYXNzPSdpbmZvJyBocmVmPScjcmVzcG9uc2UtdHlwZS1yZWdpc3RyeSc+U2VjdGlvbiZu
YnNwOzExLjM8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+VGhlIE9BdXRoIEF1dGhv
cml6YXRpb24gRW5kcG9pbnQgUmVzcG9uc2UgVHlwZSBSZWdpc3RyeTwvc3Bhbj48c3Bhbj4pPC9z
cGFuPjwvYT4uIFJlc3BvbnNlIHR5cGUgbmFtZXMgTVVTVCBjb25mb3JtIHRvIHRoZQogICAgICAg
ICAgcmVzcG9uc2UtdHlwZSBBQk5GLgogICAgICAgIAo8L3A+PGRpdiBzdHlsZT0nZGlzcGxheTog
dGFibGU7IHdpZHRoOiAwOyBtYXJnaW4tbGVmdDogM2VtOyBtYXJnaW4tcmlnaHQ6IGF1dG8nPjxw
cmU+CgogIHJlc3BvbnNlLXR5cGUgID0gcmVzcG9uc2UtbmFtZSAqKCBTUCByZXNwb25zZS1uYW1l
ICkKICByZXNwb25zZS1uYW1lICA9IDEqcmVzcG9uc2UtY2hhcgogIHJlc3BvbnNlLWNoYXIgID0g
Il8iIC8gRElHSVQgLyBBTFBIQQoKPC9wcmU+PC9kaXY+CjxwPgogICAgICAgICAgSWYgYSByZXNw
b25zZSB0eXBlIGNvbnRhaW5zIG9uZSBvciBtb3JlIHNwYWNlIGNoYXJhY3RlcnMgKCV4MjApLCBp
dCBpcyBjb21wYXJlZCBhcyBhCiAgICAgICAgICBzcGFjZS1kZWxpbWl0ZWQgbGlzdCBvZiB2YWx1
ZXMgaW4gd2hpY2ggdGhlIG9yZGVyIG9mIHZhbHVlcyBkb2VzIG5vdCBtYXR0ZXIuIE9ubHkgb25l
CiAgICAgICAgICBvcmRlciBvZiB2YWx1ZXMgY2FuIGJlIHJlZ2lzdGVyZWQsIHdoaWNoIGNvdmVy
cyBhbGwgb3RoZXIgYXJyYW5nZW1lbnRzIG9mIHRoZSBzYW1lIHNldCBvZgogICAgICAgICAgdmFs
dWVzLgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgRm9yIGV4YW1wbGUsIHRoZSByZXNwb25z
ZSB0eXBlIDx0dD50b2tlbiBjb2RlPC90dD4gaXMgbGVmdCB1bmRlZmluZWQKICAgICAgICAgIGJ5
IHRoaXMgc3BlY2lmaWNhdGlvbi4gSG93ZXZlciwgYW4gZXh0ZW5zaW9uIGNhbiBkZWZpbmUgYW5k
IHJlZ2lzdGVyIHRoZQogICAgICAgICAgPHR0PnRva2VuIGNvZGU8L3R0PiByZXNwb25zZSB0eXBl
LiBPbmNlIHJlZ2lzdGVyZWQsIHRoZSBzYW1lCiAgICAgICAgICBjb21iaW5hdGlvbiBjYW5ub3Qg
YmUgcmVnaXN0ZXJlZCBhcyA8dHQ+Y29kZSB0b2tlbjwvdHQ+LCBidXQgYm90aAogICAgICAgICAg
dmFsdWVzIGNhbiBiZSB1c2VkIHRvIGRlbm90ZSB0aGUgc2FtZSByZXNwb25zZSB0eXBlLgogICAg
ICAgIAo8L3A+CjxhIG5hbWU9Im5ldy1lcnJvcnMiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1
bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9D
YnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+
Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlv
bi44LjUiPjwvYT48aDM+OC41LiZuYnNwOwpEZWZpbmluZyBBZGRpdGlvbmFsIEVycm9yIENvZGVz
PC9oMz4KCjxwPgogICAgICAgICAgSW4gY2FzZXMgd2hlcmUgcHJvdG9jb2wgZXh0ZW5zaW9ucyAo
aS5lLiBhY2Nlc3MgdG9rZW4gdHlwZXMsIGV4dGVuc2lvbiBwYXJhbWV0ZXJzLCBvcgogICAgICAg
ICAgZXh0ZW5zaW9uIGdyYW50IHR5cGVzKSByZXF1aXJlIGFkZGl0aW9uYWwgZXJyb3IgY29kZXMg
dG8gYmUgdXNlZCB3aXRoIHRoZSBhdXRob3JpemF0aW9uCiAgICAgICAgICBjb2RlIGdyYW50IGVy
cm9yIHJlc3BvbnNlICg8YSBjbGFzcz0naW5mbycgaHJlZj0nI2NvZGUtYXV0aHotZXJyb3InPlNl
Y3Rpb24mbmJzcDs0LjEuMi4xPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPkVycm9y
IFJlc3BvbnNlPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPiksIHRoZSBpbXBsaWNpdCBncmFudCBl
cnJvcgogICAgICAgICAgcmVzcG9uc2UgKDxhIGNsYXNzPSdpbmZvJyBocmVmPScjaW1wbGljaXQt
YXV0aHotZXJyb3InPlNlY3Rpb24mbmJzcDs0LjIuMi4xPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xh
c3M9J2luZm8nPkVycm9yIFJlc3BvbnNlPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPiksIHRoZSB0
b2tlbiBlcnJvciByZXNwb25zZQogICAgICAgICAgKDxhIGNsYXNzPSdpbmZvJyBocmVmPScjdG9r
ZW4tZXJyb3JzJz5TZWN0aW9uJm5ic3A7NS4yPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2lu
Zm8nPkVycm9yIFJlc3BvbnNlPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPiksCgkgIG9yIHRoZSBy
ZXNvdXJjZSBhY2Nlc3MgZXJyb3IgcmVzcG9uc2UgKDxhIGNsYXNzPSdpbmZvJyBocmVmPScjcmVz
b3VyY2UtZXJyb3JzJz5TZWN0aW9uJm5ic3A7Ny4yPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9
J2luZm8nPkVycm9yIFJlc3BvbnNlPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPiksCgkgIHN1Y2gg
ZXJyb3IgY29kZXMgTUFZIGJlIGRlZmluZWQuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBF
eHRlbnNpb24gZXJyb3IgY29kZXMgTVVTVCBiZSByZWdpc3RlcmVkIChmb2xsb3dpbmcgdGhlIHBy
b2NlZHVyZXMgaW4KICAgICAgICAgIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjZXJyb3ItcmVnaXN0
cnknPlNlY3Rpb24mbmJzcDsxMS40PHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPlRo
ZSBPQXV0aCBFeHRlbnNpb25zIEVycm9yIFJlZ2lzdHJ5PC9zcGFuPjxzcGFuPik8L3NwYW4+PC9h
PikgaWYgdGhlIGV4dGVuc2lvbiB0aGV5IGFyZSB1c2VkIGluIGNvbmp1bmN0aW9uIHdpdGggaXMK
ICAgICAgICAgIGEgcmVnaXN0ZXJlZCBhY2Nlc3MgdG9rZW4gdHlwZSwgYSByZWdpc3RlcmVkIGVu
ZHBvaW50IHBhcmFtZXRlciwgb3IgYW4gZXh0ZW5zaW9uIGdyYW50CiAgICAgICAgICB0eXBlLiBF
cnJvciBjb2RlcyB1c2VkIHdpdGggdW5yZWdpc3RlcmVkIGV4dGVuc2lvbnMgTUFZIGJlIHJlZ2lz
dGVyZWQuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBFcnJvciBjb2RlcyBNVVNUIGNvbmZv
cm0gdG8gdGhlIGVycm9yLWNvZGUgQUJORiwgYW5kIFNIT1VMRCBiZSBwcmVmaXhlZCBieSBhbiBp
ZGVudGlmeWluZwogICAgICAgICAgbmFtZSB3aGVuIHBvc3NpYmxlLiBGb3IgZXhhbXBsZSwgYW4g
ZXJyb3IgaWRlbnRpZnlpbmcgYW4gaW52YWxpZCB2YWx1ZSBzZXQgdG8gdGhlCiAgICAgICAgICBl
eHRlbnNpb24gcGFyYW1ldGVyIDx0dD5leGFtcGxlPC90dD4gU0hPVUxEIGJlIG5hbWVkCiAgICAg
ICAgICA8dHQ+ZXhhbXBsZV9pbnZhbGlkPC90dD4uCiAgICAgICAgCjwvcD48ZGl2IHN0eWxlPSdk
aXNwbGF5OiB0YWJsZTsgd2lkdGg6IDA7IG1hcmdpbi1sZWZ0OiAzZW07IG1hcmdpbi1yaWdodDog
YXV0byc+PHByZT4KCiAgZXJyb3ItY29kZSAgID0gQUxQSEEgKmVycm9yLWNoYXIKICBlcnJvci1j
aGFyICAgPSAiLSIgLyAiLiIgLyAiXyIgLyBESUdJVCAvIEFMUEhBCgo8L3ByZT48L2Rpdj4KPGEg
bmFtZT0iYW5jaG9yNDEiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIg
Y2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmln
aHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7
PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi45Ij48L2E+PGgzPjku
Jm5ic3A7Ck5hdGl2ZSBBcHBsaWNhdGlvbnM8L2gzPgoKPHA+CiAgICAgICAgTmF0aXZlIGFwcGxp
Y2F0aW9ucyBhcmUgY2xpZW50cyBpbnN0YWxsZWQgYW5kIGV4ZWN1dGVkIG9uIHRoZSBkZXZpY2Ug
dXNlZCBieSB0aGUgcmVzb3VyY2UKICAgICAgICBvd25lciAoaS5lLiBkZXNrdG9wIGFwcGxpY2F0
aW9uLCBuYXRpdmUgbW9iaWxlIGFwcGxpY2F0aW9uKS4gTmF0aXZlIGFwcGxpY2F0aW9ucyByZXF1
aXJlCiAgICAgICAgc3BlY2lhbCBjb25zaWRlcmF0aW9uIHJlbGF0ZWQgdG8gc2VjdXJpdHksIHBs
YXRmb3JtIGNhcGFiaWxpdGllcywgYW5kIG92ZXJhbGwgZW5kLXVzZXIKICAgICAgICBleHBlcmll
bmNlLgogICAgICAKPC9wPgo8cD4KICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBlbmRwb2ludCBy
ZXF1aXJlcyBpbnRlcmFjdGlvbiBiZXR3ZWVuIHRoZSBjbGllbnQgYW5kIHRoZSByZXNvdXJjZQog
ICAgICAgIG93bmVyJ3MgdXNlci1hZ2VudC4gTmF0aXZlIGFwcGxpY2F0aW9ucyBjYW4gaW52b2tl
IGFuIGV4dGVybmFsIHVzZXItYWdlbnQgb3IgZW1iZWQgYQogICAgICAgIHVzZXItYWdlbnQgd2l0
aGluIHRoZSBhcHBsaWNhdGlvbi4gRm9yIGV4YW1wbGU6CiAgICAgIAo8L3A+CjxwPgogICAgICAg
IDwvcD4KPHVsIGNsYXNzPSJ0ZXh0Ij4KPGxpPgogICAgICAgICAgICBFeHRlcm5hbCB1c2VyLWFn
ZW50IC0gdGhlIG5hdGl2ZSBhcHBsaWNhdGlvbiBjYW4gY2FwdHVyZSB0aGUgcmVzcG9uc2UgZnJv
bSB0aGUKICAgICAgICAgICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgdXNpbmcgYSByZWRpcmVjdGlv
biBVUkkgd2l0aCBhIHNjaGVtZSByZWdpc3RlcmVkIHdpdGggdGhlCiAgICAgICAgICAgIG9wZXJh
dGluZyBzeXN0ZW0gdG8gaW52b2tlIHRoZSBjbGllbnQgYXMgdGhlIGhhbmRsZXIsIG1hbnVhbCBj
b3B5LWFuZC1wYXN0ZSBvZiB0aGUKICAgICAgICAgICAgY3JlZGVudGlhbHMsIHJ1bm5pbmcgYSBs
b2NhbCB3ZWIgc2VydmVyLCBpbnN0YWxsaW5nIGEgdXNlci1hZ2VudCBleHRlbnNpb24sIG9yIGJ5
CiAgICAgICAgICAgIHByb3ZpZGluZyBhIHJlZGlyZWN0aW9uIFVSSSBpZGVudGlmeWluZyBhIHNl
cnZlci1ob3N0ZWQgcmVzb3VyY2UgdW5kZXIgdGhlIGNsaWVudCdzCiAgICAgICAgICAgIGNvbnRy
b2wsIHdoaWNoIGluIHR1cm4gbWFrZXMgdGhlIHJlc3BvbnNlIGF2YWlsYWJsZSB0byB0aGUgbmF0
aXZlIGFwcGxpY2F0aW9uLgogICAgICAgICAgCjwvbGk+CjxsaT4KICAgICAgICAgICAgRW1iZWRk
ZWQgdXNlci1hZ2VudCAtIHRoZSBuYXRpdmUgYXBwbGljYXRpb24gb2J0YWlucyB0aGUgcmVzcG9u
c2UgYnkgZGlyZWN0bHkKICAgICAgICAgICAgY29tbXVuaWNhdGluZyB3aXRoIHRoZSBlbWJlZGRl
ZCB1c2VyLWFnZW50IGJ5IG1vbml0b3Jpbmcgc3RhdGUgY2hhbmdlcyBlbWl0dGVkIGR1cmluZwog
ICAgICAgICAgICB0aGUgcmVzb3VyY2UgbG9hZCwgb3IgYWNjZXNzaW5nIHRoZSB1c2VyLWFnZW50
J3MgY29va2llcyBzdG9yYWdlLgogICAgICAgICAgCjwvbGk+CjwvdWw+PHA+CiAgICAgIAo8L3A+
CjxwPgogICAgICAgIFdoZW4gY2hvb3NpbmcgYmV0d2VlbiBhbiBleHRlcm5hbCBvciBlbWJlZGRl
ZCB1c2VyLWFnZW50LCBkZXZlbG9wZXJzIHNob3VsZCBjb25zaWRlcjoKICAgICAgCjwvcD4KPHA+
CiAgICAgICAgPC9wPgo8dWwgY2xhc3M9InRleHQiPgo8bGk+CiAgICAgICAgICAgIEFuIEV4dGVy
bmFsIHVzZXItYWdlbnQgbWF5IGltcHJvdmUgY29tcGxldGlvbiByYXRlIGFzIHRoZSByZXNvdXJj
ZSBvd25lciBtYXkgYWxyZWFkeSBoYXZlCiAgICAgICAgICAgIGFuIGFjdGl2ZSBzZXNzaW9uIHdp
dGggdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIHJlbW92aW5nIHRoZSBuZWVkIHRvIHJlLWF1dGhl
bnRpY2F0ZS4gSXQKICAgICAgICAgICAgcHJvdmlkZXMgYSBmYW1pbGlhciBlbmQtdXNlciBleHBl
cmllbmNlIGFuZCBmdW5jdGlvbmFsaXR5LiBUaGUgcmVzb3VyY2Ugb3duZXIgbWF5IGFsc28KICAg
ICAgICAgICAgcmVseSBvbiB1c2VyLWFnZW50IGZlYXR1cmVzIG9yIGV4dGVuc2lvbnMgdG8gYXNz
aXN0IHdpdGggYXV0aGVudGljYXRpb24gKGUuZy4gcGFzc3dvcmQKICAgICAgICAgICAgbWFuYWdl
ciwgMi1mYWN0b3IgZGV2aWNlIHJlYWRlcikuCiAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAg
ICAgICBBbiBlbWJlZGRlZCB1c2VyLWFnZW50IG1heSBvZmZlciBpbXByb3ZlZCB1c2FiaWxpdHks
IGFzIGl0IHJlbW92ZXMgdGhlIG5lZWQgdG8gc3dpdGNoCiAgICAgICAgICAgIGNvbnRleHQgYW5k
IG9wZW4gbmV3IHdpbmRvd3MuCiAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICBBbiBl
bWJlZGRlZCB1c2VyLWFnZW50IHBvc2VzIGEgc2VjdXJpdHkgY2hhbGxlbmdlIGJlY2F1c2UgcmVz
b3VyY2Ugb3duZXJzIGFyZQogICAgICAgICAgICBhdXRoZW50aWNhdGluZyBpbiBhbiB1bmlkZW50
aWZpZWQgd2luZG93IHdpdGhvdXQgYWNjZXNzIHRvIHRoZSB2aXN1YWwgcHJvdGVjdGlvbnMgZm91
bmQKICAgICAgICAgICAgaW4gbW9zdCBleHRlcm5hbCB1c2VyLWFnZW50cy4gQW4gZW1iZWRkZWQg
dXNlci1hZ2VudCBlZHVjYXRlcyBlbmQtdXNlcnMgdG8gdHJ1c3QKICAgICAgICAgICAgdW5pZGVu
dGlmaWVkIHJlcXVlc3RzIGZvciBhdXRoZW50aWNhdGlvbiAobWFraW5nIHBoaXNoaW5nIGF0dGFj
a3MgZWFzaWVyIHRvIGV4ZWN1dGUpLgogICAgICAgICAgCjwvbGk+CjwvdWw+PHA+CiAgICAgIAo8
L3A+CjxwPgogICAgICAgIFdoZW4gY2hvb3NpbmcgYmV0d2VlbiB0aGUgaW1wbGljaXQgZ3JhbnQg
dHlwZSBhbmQgdGhlIGF1dGhvcml6YXRpb24gY29kZSBncmFudCB0eXBlLCB0aGUKICAgICAgICBm
b2xsb3dpbmcgc2hvdWxkIGJlIGNvbnNpZGVyZWQ6CiAgICAgIAo8L3A+CjxwPgogICAgICAgIDwv
cD4KPHVsIGNsYXNzPSJ0ZXh0Ij4KPGxpPgogICAgICAgICAgICBOYXRpdmUgYXBwbGljYXRpb25z
IHRoYXQgdXNlIHRoZSBhdXRob3JpemF0aW9uIGNvZGUgZ3JhbnQgdHlwZSBTSE9VTEQgZG8gc28g
d2l0aG91dAogICAgICAgICAgICB1c2luZyBjbGllbnQgY3JlZGVudGlhbHMsIGR1ZSB0byB0aGUg
bmF0aXZlIGFwcGxpY2F0aW9uJ3MgaW5hYmlsaXR5IHRvIGtlZXAgY2xpZW50CiAgICAgICAgICAg
IGNyZWRlbnRpYWxzIGNvbmZpZGVudGlhbC4KICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAg
ICAgIFdoZW4gdXNpbmcgdGhlIGltcGxpY2l0IGdyYW50IHR5cGUgZmxvdyBhIHJlZnJlc2ggdG9r
ZW4gaXMgbm90IHJldHVybmVkIHdoaWNoIHJlcXVpcmVzCiAgICAgICAgICAgIHJlcGVhdGluZyB0
aGUgYXV0aG9yaXphdGlvbiBwcm9jZXNzIG9uY2UgdGhlIGFjY2VzcyB0b2tlbiBleHBpcmVzLgog
ICAgICAgICAgCjwvbGk+CjwvdWw+PHA+CiAgICAgIAo8L3A+CjxhIG5hbWU9ImFuY2hvcjQyIj48
L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBj
ZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNz
PSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90
YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMTAiPjwvYT48aDM+MTAuJm5ic3A7ClNlY3VyaXR5
IENvbnNpZGVyYXRpb25zPC9oMz4KCjxwPgogICAgICAgIEFzIGEgZmxleGlibGUgYW5kIGV4dGVu
c2libGUgZnJhbWV3b3JrLCBPQXV0aCdzIHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zIGRlcGVuZCBv
biBtYW55CiAgICAgICAgZmFjdG9ycy4gVGhlIGZvbGxvd2luZyBzZWN0aW9ucyBwcm92aWRlIGlt
cGxlbWVudGVycyB3aXRoIHNlY3VyaXR5IGd1aWRlbGluZXMgZm9jdXNlZCBvbgogICAgICAgIHRo
ZSB0aHJlZSBjbGllbnQgcHJvZmlsZXMgZGVzY3JpYmVkIGluIDxhIGNsYXNzPSdpbmZvJyBocmVm
PScjY2xpZW50LXR5cGVzJz5TZWN0aW9uJm5ic3A7Mi4xPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xh
c3M9J2luZm8nPkNsaWVudCBUeXBlczwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT46IHdlYiBhcHBs
aWNhdGlvbiwKICAgICAgICB1c2VyLWFnZW50LWJhc2VkIGFwcGxpY2F0aW9uLCBhbmQgbmF0aXZl
IGFwcGxpY2F0aW9uLgogICAgICAKPC9wPgo8cD4KICAgICAgICBBIGNvbXByZWhlbnNpdmUgT0F1
dGggc2VjdXJpdHkgbW9kZWwgYW5kIGFuYWx5c2lzLCBhcyB3ZWxsIGFzIGJhY2tncm91bmQgZm9y
IHRoZSBwcm90b2NvbAogICAgICAgIGRlc2lnbiBpcyBwcm92aWRlZCBieSA8YSBjbGFzcz0naW5m
bycgaHJlZj0nI0ktRC5pZXRmLW9hdXRoLXYyLXRocmVhdG1vZGVsJz5bSSYjODIwOTtELmlldGYm
IzgyMDk7b2F1dGgmIzgyMDk7djImIzgyMDk7dGhyZWF0bW9kZWxdPHNwYW4+ICg8L3NwYW4+PHNw
YW4gY2xhc3M9J2luZm8nPk1jR2xvaW4sIE0uLCBIdW50LCBQLiwgYW5kIFQuIExvZGRlcnN0ZWR0
LCAmbGRxdW87T0F1dGggMi4wIFRocmVhdCBNb2RlbCBhbmQgU2VjdXJpdHkgQ29uc2lkZXJhdGlv
bnMsJnJkcXVvOyBGZWJydWFyeSZuYnNwOzIwMTIuPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4K
ICAgICAgCjwvcD4KPGEgbmFtZT0iYW5jaG9yNDMiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1
bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9D
YnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+
Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlv
bi4xMC4xIj48L2E+PGgzPjEwLjEuJm5ic3A7CkNsaWVudCBBdXRoZW50aWNhdGlvbjwvaDM+Cgo8
cD4KICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBlc3RhYmxpc2hlcyBjbGllbnQg
Y3JlZGVudGlhbHMgd2l0aCB3ZWIgYXBwbGljYXRpb24gY2xpZW50cyBmb3IKICAgICAgICAgIHRo
ZSBwdXJwb3NlIG9mIGNsaWVudCBhdXRoZW50aWNhdGlvbi4gVGhlIGF1dGhvcml6YXRpb24gc2Vy
dmVyIGlzIGVuY291cmFnZWQgdG8gY29uc2lkZXIKICAgICAgICAgIHN0cm9uZ2VyIGNsaWVudCBh
dXRoZW50aWNhdGlvbiBtZWFucyB0aGFuIGEgY2xpZW50IHBhc3N3b3JkLiBXZWIgYXBwbGljYXRp
b24gY2xpZW50cyBNVVNUCiAgICAgICAgICBlbnN1cmUgY29uZmlkZW50aWFsaXR5IG9mIGNsaWVu
dCBwYXNzd29yZHMgYW5kIG90aGVyIGNsaWVudCBjcmVkZW50aWFscy4KICAgICAgICAKPC9wPgo8
cD4KICAgICAgICAgIFRoZSBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIE5PVCBpc3N1ZSBjbGll
bnQgcGFzc3dvcmRzIG9yIG90aGVyIGNsaWVudCBjcmVkZW50aWFscyB0bwogICAgICAgICAgbmF0
aXZlIGFwcGxpY2F0aW9uIG9yIHVzZXItYWdlbnQtYmFzZWQgYXBwbGljYXRpb24gY2xpZW50cyBm
b3IgdGhlIHB1cnBvc2Ugb2YgY2xpZW50CiAgICAgICAgICBhdXRoZW50aWNhdGlvbi4gVGhlIGF1
dGhvcml6YXRpb24gc2VydmVyIE1BWSBpc3N1ZSBhIGNsaWVudCBwYXNzd29yZCBvciBvdGhlciBj
cmVkZW50aWFscwogICAgICAgICAgZm9yIGEgc3BlY2lmaWMgaW5zdGFsbGF0aW9uIG9mIGEgbmF0
aXZlIGFwcGxpY2F0aW9uIGNsaWVudCBvbiBhIHNwZWNpZmljIGRldmljZS4KICAgICAgICAKPC9w
Pgo8cD4KICAgICAgICAgIFdoZW4gY2xpZW50IGF1dGhlbnRpY2F0aW9uIGlzIG5vdCBwb3NzaWJs
ZSwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCBlbXBsb3kgb3RoZXIKICAgICAgICAg
IG1lYW5zIHRvIHZhbGlkYXRlIHRoZSBjbGllbnQncyBpZGVudGl0eS4gRm9yIGV4YW1wbGUsIGJ5
IHJlcXVpcmluZyB0aGUgcmVnaXN0cmF0aW9uIG9mCiAgICAgICAgICB0aGUgY2xpZW50IHJlZGly
ZWN0aW9uIFVSSSBvciBlbmxpc3RpbmcgdGhlIHJlc291cmNlIG93bmVyIHRvIGNvbmZpcm0gaWRl
bnRpdHkuIEEgdmFsaWQKICAgICAgICAgIHJlZGlyZWN0aW9uIFVSSSBpcyBub3Qgc3VmZmljaWVu
dCB0byB2ZXJpZnkgdGhlIGNsaWVudCdzIGlkZW50aXR5IHdoZW4gYXNraW5nIGZvcgogICAgICAg
ICAgcmVzb3VyY2Ugb3duZXIgYXV0aG9yaXphdGlvbiwgYnV0IGNhbiBiZSB1c2VkIHRvIHByZXZl
bnQgZGVsaXZlcmluZyBjcmVkZW50aWFscyB0byBhCiAgICAgICAgICBjb3VudGVyZmVpdCBjbGll
bnQgYWZ0ZXIgb2J0YWluaW5nIHJlc291cmNlIG93bmVyIGF1dGhvcml6YXRpb24uCiAgICAgICAg
CjwvcD4KPHA+CiAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgbXVzdCBjb25zaWRl
ciB0aGUgc2VjdXJpdHkgaW1wbGljYXRpb25zIG9mIGludGVyYWN0aW5nIHdpdGgKICAgICAgICAg
IHVuYXV0aGVudGljYXRlZCBjbGllbnRzIGFuZCB0YWtlIG1lYXN1cmVzIHRvIGxpbWl0IHRoZSBw
b3RlbnRpYWwgZXhwb3N1cmUgb2Ygb3RoZXIKICAgICAgICAgIGNyZWRlbnRpYWxzIChlLmcuIHJl
ZnJlc2ggdG9rZW5zKSBpc3N1ZWQgdG8gc3VjaCBjbGllbnRzLgogICAgICAgIAo8L3A+CjxhIG5h
bWU9ImFuY2hvcjQ0Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNl
bGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0
Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwv
YT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMTAuMiI+PC9hPjxoMz4x
MC4yLiZuYnNwOwpDbGllbnQgSW1wZXJzb25hdGlvbjwvaDM+Cgo8cD4KICAgICAgICAgIEEgbWFs
aWNpb3VzIGNsaWVudCBjYW4gaW1wZXJzb25hdGUgYW5vdGhlciBjbGllbnQgYW5kIG9idGFpbiBh
Y2Nlc3MgdG8gcHJvdGVjdGVkCiAgICAgICAgICByZXNvdXJjZXMsIGlmIHRoZSBpbXBlcnNvbmF0
ZWQgY2xpZW50IGZhaWxzIHRvLCBvciBpcyB1bmFibGUgdG8sIGtlZXAgaXRzIGNsaWVudAogICAg
ICAgICAgY3JlZGVudGlhbHMgY29uZmlkZW50aWFsLgogICAgICAgIAo8L3A+CjxwPgogICAgICAg
ICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgYXV0aGVudGljYXRlIHRoZSBjbGllbnQg
d2hlbmV2ZXIgcG9zc2libGUuIElmIHRoZQogICAgICAgICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIg
Y2Fubm90IGF1dGhlbnRpY2F0ZSB0aGUgY2xpZW50IGR1ZSB0byB0aGUgY2xpZW50J3MgbmF0dXJl
LCB0aGUKICAgICAgICAgIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgcmVxdWlyZSB0aGUgcmVn
aXN0cmF0aW9uIG9mIGFueSByZWRpcmVjdGlvbiBVUkkgdXNlZCBmb3IKICAgICAgICAgIHJlY2Vp
dmluZyBhdXRob3JpemF0aW9uIHJlc3BvbnNlcywgYW5kIFNIT1VMRCB1dGlsaXplIG90aGVyIG1l
YW5zIHRvIHByb3RlY3QgcmVzb3VyY2UKICAgICAgICAgIG93bmVycyBmcm9tIHN1Y2ggcG90ZW50
aWFsbHkgbWFsaWNpb3VzIGNsaWVudHMuIEZvciBleGFtcGxlLCB0aGUgYXV0aG9yaXphdGlvbiBz
ZXJ2ZXIKICAgICAgICAgIGNhbiBlbmdhZ2UgdGhlIHJlc291cmNlIG93bmVyIHRvIGFzc2lzdCBp
biBpZGVudGlmeWluZyB0aGUgY2xpZW50IGFuZCBpdHMgb3JpZ2luLgogICAgICAgIAo8L3A+Cjxw
PgogICAgICAgICAgVGhlIGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCBlbmZvcmNlIGV4cGxp
Y2l0IHJlc291cmNlIG93bmVyIGF1dGhlbnRpY2F0aW9uIGFuZAogICAgICAgICAgcHJvdmlkZSB0
aGUgcmVzb3VyY2Ugb3duZXIgd2l0aCBpbmZvcm1hdGlvbiBhYm91dCB0aGUgY2xpZW50IGFuZCB0
aGUgcmVxdWVzdGVkCiAgICAgICAgICBhdXRob3JpemF0aW9uIHNjb3BlIGFuZCBsaWZldGltZS4g
SXQgaXMgdXAgdG8gdGhlIHJlc291cmNlIG93bmVyIHRvIHJldmlldyB0aGUKICAgICAgICAgIGlu
Zm9ybWF0aW9uIGluIHRoZSBjb250ZXh0IG9mIHRoZSBjdXJyZW50IGNsaWVudCwgYW5kIGF1dGhv
cml6ZSBvciBkZW55IHRoZSByZXF1ZXN0LgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgVGhl
IGF1dGhvcml6YXRpb24gc2VydmVyIFNIT1VMRCBOT1QgcHJvY2VzcyByZXBlYXRlZCBhdXRob3Jp
emF0aW9uIHJlcXVlc3RzCiAgICAgICAgICBhdXRvbWF0aWNhbGx5ICh3aXRob3V0IGFjdGl2ZSBy
ZXNvdXJjZSBvd25lciBpbnRlcmFjdGlvbikgd2l0aG91dCBhdXRoZW50aWNhdGluZyB0aGUKICAg
ICAgICAgIGNsaWVudCBvciByZWx5aW5nIG9uIG90aGVyIG1lYXN1cmVzIHRvIGVuc3VyZSB0aGUg
cmVwZWF0ZWQgcmVxdWVzdCBjb21lcyBmcm9tIHRoZQogICAgICAgICAgb3JpZ2luYWwgY2xpZW50
IGFuZCBub3QgYW4gaW1wZXJzb25hdG9yLgogICAgICAgIAo8L3A+CjxhIG5hbWU9ImFuY2hvcjQ1
Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIw
IiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNs
YXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+
PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMTAuMyI+PC9hPjxoMz4xMC4zLiZuYnNwOwpB
Y2Nlc3MgVG9rZW5zPC9oMz4KCjxwPgogICAgICAgICAgQWNjZXNzIHRva2VuIGNyZWRlbnRpYWxz
IChhcyB3ZWxsIGFzIGFueSBjb25maWRlbnRpYWwgYWNjZXNzIHRva2VuIGF0dHJpYnV0ZXMpIE1V
U1QgYmUKICAgICAgICAgIGtlcHQgY29uZmlkZW50aWFsIGluIHRyYW5zaXQgYW5kIHN0b3JhZ2Us
IGFuZCBvbmx5IHNoYXJlZCBhbW9uZyB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIsCiAgICAgICAg
ICB0aGUgcmVzb3VyY2Ugc2VydmVycyB0aGUgYWNjZXNzIHRva2VuIGlzIHZhbGlkIGZvciwgYW5k
IHRoZSBjbGllbnQgdG8gd2hvbSB0aGUgYWNjZXNzCiAgICAgICAgICB0b2tlbiBpcyBpc3N1ZWQu
IEFjY2VzcyB0b2tlbiBjcmVkZW50aWFscyBNVVNUIG9ubHkgYmUgdHJhbnNtaXR0ZWQgdXNpbmcg
VExTIGFzIGRlc2NyaWJlZAogICAgICAgICAgaW4gPGEgY2xhc3M9J2luZm8nIGhyZWY9JyN0bHMn
PlNlY3Rpb24mbmJzcDsxLjY8c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+VExTIFZl
cnNpb248L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+IHdpdGggc2VydmVyIGF1dGhlbnRpY2F0aW9u
IGFzIGRlZmluZWQgYnkKICAgICAgICAgIDxhIGNsYXNzPSdpbmZvJyBocmVmPScjUkZDMjgxOCc+
W1JGQzI4MThdPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPlJlc2NvcmxhLCBFLiwg
JmxkcXVvO0hUVFAgT3ZlciBUTFMsJnJkcXVvOyBNYXkmbmJzcDsyMDAwLjwvc3Bhbj48c3Bhbj4p
PC9zcGFuPjwvYT4uCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBXaGVuIHVzaW5nIHRoZSBp
bXBsaWNpdCBncmFudCB0eXBlLCB0aGUgYWNjZXNzIHRva2VuIGlzIHRyYW5zbWl0dGVkIGluIHRo
ZSBVUkkgZnJhZ21lbnQsCiAgICAgICAgICB3aGljaCBjYW4gZXhwb3NlIGl0IHRvIHVuYXV0aG9y
aXplZCBwYXJ0aWVzLgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgVGhlIGF1dGhvcml6YXRp
b24gc2VydmVyIE1VU1QgZW5zdXJlIHRoYXQgYWNjZXNzIHRva2VucyBjYW5ub3QgYmUgZ2VuZXJh
dGVkLCBtb2RpZmllZCwgb3IKICAgICAgICAgIGd1ZXNzZWQgdG8gcHJvZHVjZSB2YWxpZCBhY2Nl
c3MgdG9rZW5zIGJ5IHVuYXV0aG9yaXplZCBwYXJ0aWVzLgogICAgICAgIAo8L3A+CjxwPgogICAg
ICAgICAgVGhlIGNsaWVudCBTSE9VTEQgcmVxdWVzdCBhY2Nlc3MgdG9rZW5zIHdpdGggdGhlIG1p
bmltYWwgc2NvcGUgbmVjZXNzYXJ5LiBUaGUKICAgICAgICAgIGF1dGhvcml6YXRpb24gc2VydmVy
IFNIT1VMRCB0YWtlIHRoZSBjbGllbnQgaWRlbnRpdHkgaW50byBhY2NvdW50IHdoZW4gY2hvb3Np
bmcgaG93CiAgICAgICAgICB0byBob25vciB0aGUgcmVxdWVzdGVkIHNjb3BlLCBhbmQgTUFZIGlz
c3VlIGFuIGFjY2VzcyB0b2tlbiB3aXRoIGEgbGVzcyByaWdodHMgdGhhbgogICAgICAgICAgcmVx
dWVzdGVkLgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgVGhpcyBzcGVjaWZpY2F0aW9uIGRv
ZXMgbm90IHByb3ZpZGUgYW55IG1ldGhvZHMgZm9yIHRoZSByZXNvdXJjZSBzZXJ2ZXIgdG8gZW5z
dXJlIHRoYXQgYW4KICAgICAgICAgIGFjY2VzcyB0b2tlbiBwcmVzZW50ZWQgdG8gaXQgYnkgYSBn
aXZlbiBjbGllbnQsIHdhcyBpc3N1ZWQgdG8gdGhlIHRoYXQgY2xpZW50IGJ5IHRoZQogICAgICAg
ICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIuCiAgICAgICAgCjwvcD4KPGEgbmFtZT0iYW5jaG9yNDYi
PjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAi
IGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xh
c3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48
L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi4xMC40Ij48L2E+PGgzPjEwLjQuJm5ic3A7ClJl
ZnJlc2ggVG9rZW5zPC9oMz4KCjxwPgogICAgICAgICAgQXV0aG9yaXphdGlvbiBzZXJ2ZXJzIE1B
WSBpc3N1ZSByZWZyZXNoIHRva2VucyB0byB3ZWIgYXBwbGljYXRpb24gY2xpZW50cyBhbmQgbmF0
aXZlCiAgICAgICAgICBhcHBsaWNhdGlvbiBjbGllbnRzLgogICAgICAgIAo8L3A+CjxwPgogICAg
ICAgICAgUmVmcmVzaCB0b2tlbnMgTVVTVCBiZSBrZXB0IGNvbmZpZGVudGlhbCBpbiB0cmFuc2l0
IGFuZCBzdG9yYWdlLCBhbmQgc2hhcmVkIG9ubHkgYW1vbmcKICAgICAgICAgIHRoZSBhdXRob3Jp
emF0aW9uIHNlcnZlciBhbmQgdGhlIGNsaWVudCB0byB3aG9tIHRoZSByZWZyZXNoIHRva2VucyB3
ZXJlIGlzc3VlZC4gVGhlCiAgICAgICAgICBhdXRob3JpemF0aW9uIHNlcnZlciBNVVNUIG1haW50
YWluIHRoZSBiaW5kaW5nIGJldHdlZW4gYSByZWZyZXNoIHRva2VuIGFuZCB0aGUgY2xpZW50IHRv
CiAgICAgICAgICB3aG9tIGl0IHdhcyBpc3N1ZWQuIFJlZnJlc2ggdG9rZW5zIE1VU1Qgb25seSBi
ZSB0cmFuc21pdHRlZCB1c2luZyBUTFMgYXMgZGVzY3JpYmVkIGluCiAgICAgICAgICA8YSBjbGFz
cz0naW5mbycgaHJlZj0nI3Rscyc+U2VjdGlvbiZuYnNwOzEuNjxzcGFuPiAoPC9zcGFuPjxzcGFu
IGNsYXNzPSdpbmZvJz5UTFMgVmVyc2lvbjwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4gd2l0aCBz
ZXJ2ZXIgYXV0aGVudGljYXRpb24gYXMgZGVmaW5lZCBieSA8YSBjbGFzcz0naW5mbycgaHJlZj0n
I1JGQzI4MTgnPltSRkMyODE4XTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5SZXNj
b3JsYSwgRS4sICZsZHF1bztIVFRQIE92ZXIgVExTLCZyZHF1bzsgTWF5Jm5ic3A7MjAwMC48L3Nw
YW4+PHNwYW4+KTwvc3Bhbj48L2E+LgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgVGhlIGF1
dGhvcml6YXRpb24gc2VydmVyIE1VU1QgdmVyaWZ5IHRoZSBiaW5kaW5nIGJldHdlZW4gdGhlIHJl
ZnJlc2ggdG9rZW4gYW5kIGNsaWVudAogICAgICAgICAgaWRlbnRpdHkgd2hlbmV2ZXIgdGhlIGNs
aWVudCBpZGVudGl0eSBjYW4gYmUgYXV0aGVudGljYXRlZC4gV2hlbiBjbGllbnQgYXV0aGVudGlj
YXRpb24gaXMKICAgICAgICAgIG5vdCBwb3NzaWJsZSwgdGhlIGF1dGhvcml6YXRpb24gc2VydmVy
IFNIT1VMRCBkZXBsb3kgb3RoZXIgbWVhbnMgdG8gZGV0ZWN0IHJlZnJlc2ggdG9rZW4KICAgICAg
ICAgIGFidXNlLgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgRm9yIGV4YW1wbGUsIHRoZSBh
dXRob3JpemF0aW9uIHNlcnZlciBjb3VsZCBlbXBsb3kgcmVmcmVzaCB0b2tlbiByb3RhdGlvbiBp
biB3aGljaCBhIG5ldwogICAgICAgICAgcmVmcmVzaCB0b2tlbiBpcyBpc3N1ZWQgd2l0aCBldmVy
eSBhY2Nlc3MgdG9rZW4gcmVmcmVzaCByZXNwb25zZS4gVGhlIHByZXZpb3VzIHJlZnJlc2gKICAg
ICAgICAgIHRva2VuIGlzIGludmFsaWRhdGVkIGJ1dCByZXRhaW5lZCBieSB0aGUgYXV0aG9yaXph
dGlvbiBzZXJ2ZXIuIElmIGEgcmVmcmVzaCB0b2tlbiBpcwogICAgICAgICAgY29tcHJvbWlzZWQg
YW5kIHN1YnNlcXVlbnRseSB1c2VkIGJ5IGJvdGggdGhlIGF0dGFja2VyIGFuZCB0aGUgbGVnaXRp
bWF0ZSBjbGllbnQsIG9uZSBvZgogICAgICAgICAgdGhlbSB3aWxsIHByZXNlbnQgYW4gaW52YWxp
ZGF0ZWQgcmVmcmVzaCB0b2tlbiB3aGljaCB3aWxsIGluZm9ybSB0aGUgYXV0aG9yaXphdGlvbiBz
ZXJ2ZXIKICAgICAgICAgIG9mIHRoZSBicmVhY2guCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAg
ICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCBlbnN1cmUgdGhhdCByZWZyZXNoIHRva2Vu
cyBjYW5ub3QgYmUgZ2VuZXJhdGVkLCBtb2RpZmllZCwKICAgICAgICAgIG9yIGd1ZXNzZWQgdG8g
cHJvZHVjZSB2YWxpZCByZWZyZXNoIHRva2VucyBieSB1bmF1dGhvcml6ZWQgcGFydGllcy4KICAg
ICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3I0NyI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3Vt
bWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0Ni
dWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4m
bmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9u
LjEwLjUiPjwvYT48aDM+MTAuNS4mbmJzcDsKQXV0aG9yaXphdGlvbiBDb2RlczwvaDM+Cgo8cD4K
ICAgICAgICAgIFRoZSB0cmFuc21pc3Npb24gb2YgYXV0aG9yaXphdGlvbiBjb2RlcyBTSE9VTEQg
YmUgbWFkZSBvdmVyIGEgc2VjdXJlIGNoYW5uZWwsIGFuZCB0aGUKICAgICAgICAgIGNsaWVudCBT
SE9VTEQgcmVxdWlyZSB0aGUgdXNlIG9mIFRMUyB3aXRoIGl0cyByZWRpcmVjdGlvbiBVUkkgaWYg
dGhlIFVSSSBpZGVudGlmaWVzIGEKICAgICAgICAgIG5ldHdvcmsgcmVzb3VyY2UuIFNpbmNlIGF1
dGhvcml6YXRpb24gY29kZXMgYXJlIHRyYW5zbWl0dGVkIHZpYSB1c2VyLWFnZW50IHJlZGlyZWN0
aW9ucywKICAgICAgICAgIHRoZXkgY291bGQgcG90ZW50aWFsbHkgYmUgZGlzY2xvc2VkIHRocm91
Z2ggdXNlci1hZ2VudCBoaXN0b3J5IGFuZCBIVFRQIHJlZmVycmVyIGhlYWRlcnMuCiAgICAgICAg
CjwvcD4KPHA+CiAgICAgICAgICBBdXRob3JpemF0aW9uIGNvZGVzIG9wZXJhdGUgYXMgcGxhaW50
ZXh0IGJlYXJlciBjcmVkZW50aWFscywgdXNlZCB0byB2ZXJpZnkgdGhhdCB0aGUKICAgICAgICAg
IHJlc291cmNlIG93bmVyIHdobyBncmFudGVkIGF1dGhvcml6YXRpb24gYXQgdGhlIGF1dGhvcml6
YXRpb24gc2VydmVyIGlzIHRoZSBzYW1lCiAgICAgICAgICByZXNvdXJjZSBvd25lciByZXR1cm5p
bmcgdG8gdGhlIGNsaWVudCB0byBjb21wbGV0ZSB0aGUgcHJvY2Vzcy4gVGhlcmVmb3JlLCBpZiB0
aGUgY2xpZW50CiAgICAgICAgICByZWxpZXMgb24gdGhlIGF1dGhvcml6YXRpb24gY29kZSBmb3Ig
aXRzIG93biByZXNvdXJjZSBvd25lciBhdXRoZW50aWNhdGlvbiwgdGhlIGNsaWVudAogICAgICAg
ICAgcmVkaXJlY3Rpb24gZW5kcG9pbnQgTVVTVCByZXF1aXJlIHRoZSB1c2Ugb2YgVExTLgogICAg
ICAgIAo8L3A+CjxwPgogICAgICAgICAgQXV0aG9yaXphdGlvbiBjb2RlcyBNVVNUIGJlIHNob3J0
IGxpdmVkIGFuZCBzaW5nbGUgdXNlLiBJZiB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIKICAgICAg
ICAgIG9ic2VydmVzIG11bHRpcGxlIGF0dGVtcHRzIHRvIGV4Y2hhbmdlIGFuIGF1dGhvcml6YXRp
b24gY29kZSBmb3IgYW4gYWNjZXNzIHRva2VuLCB0aGUKICAgICAgICAgIGF1dGhvcml6YXRpb24g
c2VydmVyIFNIT1VMRCBhdHRlbXB0IHRvIHJldm9rZSBhbGwgYWNjZXNzIHRva2VucyBhbHJlYWR5
IGdyYW50ZWQgYmFzZWQgb24KICAgICAgICAgIHRoZSBjb21wcm9taXNlZCBhdXRob3JpemF0aW9u
IGNvZGUuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBJZiB0aGUgY2xpZW50IGNhbiBiZSBh
dXRoZW50aWNhdGVkLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXJzIE1VU1QgYXV0aGVudGljYXRl
IHRoZQogICAgICAgICAgY2xpZW50IGFuZCBlbnN1cmUgdGhhdCB0aGUgYXV0aG9yaXphdGlvbiBj
b2RlIHdhcyBpc3N1ZWQgdG8gdGhlIHNhbWUgY2xpZW50LgogICAgICAgIAo8L3A+CjxhIG5hbWU9
ImFuY2hvcjQ4Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxw
YWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48
dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48
L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMTAuNiI+PC9hPjxoMz4xMC42
LiZuYnNwOwpBdXRob3JpemF0aW9uIENvZGUgUmVkaXJlY3Rpb24gVVJJIE1hbmlwdWxhdGlvbjwv
aDM+Cgo8cD4KICAgICAgICAgIFdoZW4gcmVxdWVzdGluZyBhdXRob3JpemF0aW9uIHVzaW5nIHRo
ZSBhdXRob3JpemF0aW9uIGNvZGUgZ3JhbnQgdHlwZSwgdGhlIGNsaWVudCBjYW4KICAgICAgICAg
IHNwZWNpZnkgYSByZWRpcmVjdGlvbiBVUkkgdmlhIHRoZSA8dHQ+cmVkaXJlY3RfdXJpPC90dD4g
cGFyYW1ldGVyLgogICAgICAgICAgSWYgYW4gYXR0YWNrZXIgY2FuIG1hbmlwdWxhdGUgdGhlIHZh
bHVlIG9mIHRoZSByZWRpcmVjdGlvbiBVUkksIGl0IGNhbiBjYXVzZSB0aGUKICAgICAgICAgIGF1
dGhvcml6YXRpb24gc2VydmVyIHRvIHJlZGlyZWN0IHRoZSByZXNvdXJjZSBvd25lciB1c2VyLWFn
ZW50IHRvIGEgVVJJIHVuZGVyIHRoZSBjb250cm9sCiAgICAgICAgICBvZiB0aGUgYXR0YWNrZXIg
d2l0aCB0aGUgYXV0aG9yaXphdGlvbiBjb2RlLgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAg
QW4gYXR0YWNrZXIgY2FuIGNyZWF0ZSBhbiBhY2NvdW50IGF0IGEgbGVnaXRpbWF0ZSBjbGllbnQg
YW5kIGluaXRpYXRlIHRoZSBhdXRob3JpemF0aW9uCiAgICAgICAgICBmbG93LiBXaGVuIHRoZSBh
dHRhY2tlcidzIHVzZXItYWdlbnQgaXMgc2VudCB0byB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIg
dG8gZ3JhbnQgYWNjZXNzLAogICAgICAgICAgdGhlIGF0dGFja2VyIGdyYWJzIHRoZSBhdXRob3Jp
emF0aW9uIFVSSSBwcm92aWRlZCBieSB0aGUgbGVnaXRpbWF0ZSBjbGllbnQsIGFuZCByZXBsYWNl
cwogICAgICAgICAgdGhlIGNsaWVudCdzIHJlZGlyZWN0aW9uIFVSSSB3aXRoIGEgVVJJIHVuZGVy
IHRoZSBjb250cm9sIG9mIHRoZSBhdHRhY2tlci4gVGhlIGF0dGFja2VyCiAgICAgICAgICB0aGVu
IHRyaWNrcyB0aGUgdmljdGltIGludG8gZm9sbG93aW5nIHRoZSBtYW5pcHVsYXRlZCBsaW5rIHRv
IGF1dGhvcml6ZSBhY2Nlc3MgdG8gdGhlCiAgICAgICAgICBsZWdpdGltYXRlIGNsaWVudC4KICAg
ICAgICAKPC9wPgo8cD4KICAgICAgICAgIE9uY2UgYXQgdGhlIGF1dGhvcml6YXRpb24gc2VydmVy
LCB0aGUgdmljdGltIGlzIHByb21wdGVkIHdpdGggYSBub3JtYWwsIHZhbGlkIHJlcXVlc3Qgb24K
ICAgICAgICAgIGJlaGFsZiBvZiBhIGxlZ2l0aW1hdGUgYW5kIHRydXN0ZWQgY2xpZW50LCBhbmQg
YXV0aG9yaXplcyB0aGUgcmVxdWVzdC4gVGhlIHZpY3RpbSBpcwogICAgICAgICAgdGhlbiByZWRp
cmVjdGVkIHRvIGFuIGVuZHBvaW50IHVuZGVyIHRoZSBjb250cm9sIG9mIHRoZSBhdHRhY2tlciB3
aXRoIHRoZSBhdXRob3JpemF0aW9uCiAgICAgICAgICBjb2RlLiBUaGUgYXR0YWNrZXIgY29tcGxl
dGVzIHRoZSBhdXRob3JpemF0aW9uIGZsb3cgYnkgc2VuZGluZyB0aGUgYXV0aG9yaXphdGlvbiBj
b2RlIHRvCiAgICAgICAgICB0aGUgY2xpZW50IHVzaW5nIHRoZSBvcmlnaW5hbCByZWRpcmVjdGlv
biBVUkkgcHJvdmlkZWQgYnkgdGhlIGNsaWVudC4gVGhlIGNsaWVudAogICAgICAgICAgZXhjaGFu
Z2VzIHRoZSBhdXRob3JpemF0aW9uIGNvZGUgd2l0aCBhbiBhY2Nlc3MgdG9rZW4gYW5kIGxpbmtz
IGl0IHRvIHRoZSBhdHRhY2tlcidzCiAgICAgICAgICBjbGllbnQgYWNjb3VudCB3aGljaCBjYW4g
bm93IGdhaW4gYWNjZXNzIHRvIHRoZSBwcm90ZWN0ZWQgcmVzb3VyY2VzIGF1dGhvcml6ZWQgYnkg
dGhlCiAgICAgICAgICB2aWN0aW0gKHZpYSB0aGUgY2xpZW50KS4KICAgICAgICAKPC9wPgo8cD4K
ICAgICAgICAgIEluIG9yZGVyIHRvIHByZXZlbnQgc3VjaCBhbiBhdHRhY2ssIHRoZSBhdXRob3Jp
emF0aW9uIHNlcnZlciBNVVNUIGVuc3VyZSB0aGF0IHRoZQogICAgICAgICAgcmVkaXJlY3Rpb24g
VVJJIHVzZWQgdG8gb2J0YWluIHRoZSBhdXRob3JpemF0aW9uIGNvZGUgaXMgaWRlbnRpY2FsIHRv
IHRoZSByZWRpcmVjdGlvbiBVUkkKICAgICAgICAgIHByb3ZpZGVkIHdoZW4gZXhjaGFuZ2luZyB0
aGUgYXV0aG9yaXphdGlvbiBjb2RlIGZvciBhbiBhY2Nlc3MgdG9rZW4uIFRoZSBhdXRob3JpemF0
aW9uCiAgICAgICAgICBzZXJ2ZXIgTVVTVCByZXF1aXJlIHB1YmxpYyBjbGllbnRzIGFuZCBTSE9V
TEQgcmVxdWlyZSBjb25maWRlbnRpYWwgY2xpZW50cyB0byByZWdpc3RlcgogICAgICAgICAgdGhl
aXIgcmVkaXJlY3Rpb24gVVJJcy4gSWYgYSByZWRpcmVjdGlvbiBVUkkgaXMgcHJvdmlkZWQgaW4g
dGhlIHJlcXVlc3QsIHRoZQogICAgICAgICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCB2YWxp
ZGF0ZSBpdCBhZ2FpbnN0IHRoZSByZWdpc3RlcmVkIHZhbHVlLgogICAgICAgIAo8L3A+CjxhIG5h
bWU9ImFuY2hvcjQ5Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNl
bGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0
Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwv
YT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMTAuNyI+PC9hPjxoMz4x
MC43LiZuYnNwOwpSZXNvdXJjZSBPd25lciBQYXNzd29yZCBDcmVkZW50aWFsczwvaDM+Cgo8cD4K
ICAgICAgICAgIFRoZSByZXNvdXJjZSBvd25lciBwYXNzd29yZCBjcmVkZW50aWFscyBncmFudCB0
eXBlIGlzIG9mdGVuIHVzZWQgZm9yIGxlZ2FjeSBvciBtaWdyYXRpb24KICAgICAgICAgIHJlYXNv
bnMuIEl0IHJlZHVjZXMgdGhlIG92ZXJhbGwgcmlzayBvZiBzdG9yaW5nIHVzZXJuYW1lIGFuZCBw
YXNzd29yZCBieSB0aGUgY2xpZW50LCBidXQKICAgICAgICAgIGRvZXMgbm90IGVsaW1pbmF0ZSB0
aGUgbmVlZCB0byBleHBvc2UgaGlnaGx5IHByaXZpbGVnZWQgY3JlZGVudGlhbHMgdG8gdGhlIGNs
aWVudC4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIFRoaXMgZ3JhbnQgdHlwZSBjYXJyaWVz
IGEgaGlnaGVyIHJpc2sgdGhhbiBvdGhlciBncmFudCB0eXBlcyBiZWNhdXNlIGl0IG1haW50YWlu
cyB0aGUKICAgICAgICAgIHBhc3N3b3JkIGFudGktcGF0dGVybiB0aGlzIHByb3RvY29sIHNlZWtz
IHRvIGF2b2lkLiBUaGUgY2xpZW50IGNvdWxkIGFidXNlIHRoZSBwYXNzd29yZAogICAgICAgICAg
b3IgdGhlIHBhc3N3b3JkIGNvdWxkIHVuaW50ZW50aW9uYWxseSBiZSBkaXNjbG9zZWQgdG8gYW4g
YXR0YWNrZXIgKGUuZy4gdmlhIGxvZyBmaWxlcyBvcgogICAgICAgICAgb3RoZXIgcmVjb3JkcyBr
ZXB0IGJ5IHRoZSBjbGllbnQpLgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgQWRkaXRpb25h
bGx5LCBiZWNhdXNlIHRoZSByZXNvdXJjZSBvd25lciBkb2VzIG5vdCBoYXZlIGNvbnRyb2wgb3Zl
ciB0aGUgYXV0aG9yaXphdGlvbgogICAgICAgICAgcHJvY2VzcyAodGhlIHJlc291cmNlIG93bmVy
IGludm9sdmVtZW50IGVuZHMgd2hlbiBpdCBoYW5kcyBvdmVyIGl0cyBjcmVkZW50aWFscyB0byB0
aGUKICAgICAgICAgIGNsaWVudCksIHRoZSBjbGllbnQgY2FuIG9idGFpbiBhY2Nlc3MgdG9rZW5z
IHdpdGggYSBicm9hZGVyIHNjb3BlIHRoYW4gZGVzaXJlZCBieSB0aGUKICAgICAgICAgIHJlc291
cmNlIG93bmVyLiBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgc2hvdWxkIGNvbnNpZGVyIHRoZSBz
Y29wZSBhbmQgbGlmZXRpbWUgb2YKICAgICAgICAgIGFjY2VzcyB0b2tlbnMgaXNzdWVkIHZpYSB0
aGlzIGdyYW50IHR5cGUuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBUaGUgYXV0aG9yaXph
dGlvbiBzZXJ2ZXIgYW5kIGNsaWVudCBTSE9VTEQgbWluaW1pemUgdXNlIG9mIHRoaXMgZ3JhbnQg
dHlwZSBhbmQgdXRpbGl6ZQogICAgICAgICAgb3RoZXIgZ3JhbnQgdHlwZXMgd2hlbmV2ZXIgcG9z
c2libGUuCiAgICAgICAgCjwvcD4KPGEgbmFtZT0iYW5jaG9yNTAiPjwvYT48YnIgLz48aHIgLz4K
PHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBj
bGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJl
Zj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJy
ZmMuc2VjdGlvbi4xMC44Ij48L2E+PGgzPjEwLjguJm5ic3A7ClJlcXVlc3QgQ29uZmlkZW50aWFs
aXR5PC9oMz4KCjxwPgogICAgICAgICAgQWNjZXNzIHRva2VucywgcmVmcmVzaCB0b2tlbnMsIHJl
c291cmNlIG93bmVyIHBhc3N3b3JkcywgYW5kIGNsaWVudCBjcmVkZW50aWFscyBNVVNUIE5PVAog
ICAgICAgICAgYmUgdHJhbnNtaXR0ZWQgaW4gdGhlIGNsZWFyLiBBdXRob3JpemF0aW9uIGNvZGVz
IFNIT1VMRCBOT1QgYmUgdHJhbnNtaXR0ZWQgaW4gdGhlIGNsZWFyLgogICAgICAgIAo8L3A+Cjxw
PgogICAgICAgICAgVGhlIDx0dD5zdGF0ZTwvdHQ+IGFuZCA8dHQ+c2NvcGU8L3R0PiBwYXJhbWV0
ZXJzCiAgICAgICAgICBTSE9VTEQgTk9UIGluY2x1ZGUgc2Vuc2l0aXZlIGNsaWVudCBvciByZXNv
dXJjZSBvd25lciBpbmZvcm1hdGlvbiBpbiBwbGFpbiB0ZXh0IGFzIHRoZXkKICAgICAgICAgIGNh
biBiZSB0cmFuc21pdHRlZCBvdmVyIGluc2VjdXJlIGNoYW5uZWxzIG9yIHN0b3JlZCBpbnNlY3Vy
ZWx5LgogICAgICAgIAo8L3A+CjxhIG5hbWU9ImFuY2hvcjUxIj48L2E+PGJyIC8+PGhyIC8+Cjx0
YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xh
c3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9
IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZj
LnNlY3Rpb24uMTAuOSI+PC9hPjxoMz4xMC45LiZuYnNwOwpFbmRwb2ludHMgQXV0aGVudGljaXR5
PC9oMz4KCjxwPgogICAgICAgICAgSW4gb3JkZXIgdG8gcHJldmVudCBtYW4taW4tdGhlLW1pZGRs
ZSBhdHRhY2tzLCB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCByZXF1aXJlIHRoZQogICAg
ICAgICAgdXNlIG9mIFRMUyB3aXRoIHNlcnZlciBhdXRoZW50aWNhdGlvbiBhcyBkZWZpbmVkIGJ5
IDxhIGNsYXNzPSdpbmZvJyBocmVmPScjUkZDMjgxOCc+W1JGQzI4MThdPHNwYW4+ICg8L3NwYW4+
PHNwYW4gY2xhc3M9J2luZm8nPlJlc2NvcmxhLCBFLiwgJmxkcXVvO0hUVFAgT3ZlciBUTFMsJnJk
cXVvOyBNYXkmbmJzcDsyMDAwLjwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4gZm9yCiAgICAgICAg
ICBhbnkgcmVxdWVzdCBzZW50IHRvIHRoZSBhdXRob3JpemF0aW9uIGFuZCB0b2tlbiBlbmRwb2lu
dHMuIFRoZSBjbGllbnQgTVVTVCB2YWxpZGF0ZSB0aGUKICAgICAgICAgIGF1dGhvcml6YXRpb24g
c2VydmVyJ3MgVExTIGNlcnRpZmljYXRlIGFzIGRlZmluZWQgYnkgPGEgY2xhc3M9J2luZm8nIGhy
ZWY9JyNSRkM2MTI1Jz5bUkZDNjEyNV08c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+
U2FpbnQtQW5kcmUsIFAuIGFuZCBKLiBIb2RnZXMsICZsZHF1bztSZXByZXNlbnRhdGlvbiBhbmQg
VmVyaWZpY2F0aW9uIG9mIERvbWFpbi1CYXNlZCBBcHBsaWNhdGlvbiBTZXJ2aWNlIElkZW50aXR5
IHdpdGhpbiBJbnRlcm5ldCBQdWJsaWMgS2V5IEluZnJhc3RydWN0dXJlIFVzaW5nIFguNTA5IChQ
S0lYKSBDZXJ0aWZpY2F0ZXMgaW4gdGhlIENvbnRleHQgb2YgVHJhbnNwb3J0IExheWVyIFNlY3Vy
aXR5IChUTFMpLCZyZHF1bzsgTWFyY2gmbmJzcDsyMDExLjwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwv
YT4sIGFuZCBpbgogICAgICAgICAgYWNjb3JkYW5jZSB3aXRoIGl0cyByZXF1aXJlbWVudHMgZm9y
IHNlcnZlciBpZGVudGl0eSBhdXRoZW50aWNhdGlvbi4KICAgICAgICAKPC9wPgo8YSBuYW1lPSJh
bnRocm9weSI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFk
ZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRy
Pjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90
ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjEwLjEwIj48L2E+PGgzPjEwLjEw
LiZuYnNwOwpDcmVkZW50aWFscyBHdWVzc2luZyBBdHRhY2tzPC9oMz4KCjxwPgogICAgICAgICAg
VGhlIGF1dGhvcml6YXRpb24gc2VydmVyIE1VU1QgcHJldmVudCBhdHRhY2tlcnMgZnJvbSBndWVz
c2luZyBhY2Nlc3MgdG9rZW5zLAogICAgICAgICAgYXV0aG9yaXphdGlvbiBjb2RlcywgcmVmcmVz
aCB0b2tlbnMsIHJlc291cmNlIG93bmVyIHBhc3N3b3JkcywgYW5kIGNsaWVudCBjcmVkZW50aWFs
cy4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIFRoZSBwcm9iYWJpbGl0eSBvZiBhbiBhdHRh
Y2tlciBndWVzc2luZyBnZW5lcmF0ZWQgdG9rZW5zIChhbmQgb3RoZXIgY3JlZGVudGlhbHMgbm90
CiAgICAgICAgICBpbnRlbmRlZCBmb3IgaGFuZGxpbmcgYnkgZW5kLXVzZXJzKSBNVVNUIGJlIGxl
c3MgdGhhbiBvciBlcXVhbCB0byAyXigtMTI4KSBhbmQgU0hPVUxEIGJlCiAgICAgICAgICBsZXNz
IHRoYW4gb3IgZXF1YWwgdG8gMl4oLTE2MCkuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBU
aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgTVVTVCB1dGlsaXplIG90aGVyIG1lYW5zIHRvIHByb3Rl
Y3QgY3JlZGVudGlhbHMgaW50ZW5kZWQgZm9yCiAgICAgICAgICBlbmQtdXNlciB1c2FnZS4KICAg
ICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3I1MiI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3Vt
bWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0Ni
dWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4m
bmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9u
LjEwLjExIj48L2E+PGgzPjEwLjExLiZuYnNwOwpQaGlzaGluZyBBdHRhY2tzPC9oMz4KCjxwPgog
ICAgICAgICAgV2lkZSBkZXBsb3ltZW50IG9mIHRoaXMgYW5kIHNpbWlsYXIgcHJvdG9jb2xzIG1h
eSBjYXVzZSBlbmQtdXNlcnMgdG8gYmVjb21lIGludXJlZAogICAgICAgICAgdG8gdGhlIHByYWN0
aWNlIG9mIGJlaW5nIHJlZGlyZWN0ZWQgdG8gd2Vic2l0ZXMgd2hlcmUgdGhleSBhcmUgYXNrZWQg
dG8gZW50ZXIgdGhlaXIKICAgICAgICAgIHBhc3N3b3Jkcy4gSWYgZW5kLXVzZXJzIGFyZSBub3Qg
Y2FyZWZ1bCB0byB2ZXJpZnkgdGhlIGF1dGhlbnRpY2l0eSBvZiB0aGVzZSB3ZWJzaXRlcwogICAg
ICAgICAgYmVmb3JlIGVudGVyaW5nIHRoZWlyIGNyZWRlbnRpYWxzLCBpdCB3aWxsIGJlIHBvc3Np
YmxlIGZvciBhdHRhY2tlcnMgdG8gZXhwbG9pdCB0aGlzCiAgICAgICAgICBwcmFjdGljZSB0byBz
dGVhbCByZXNvdXJjZSBvd25lcnMnIHBhc3N3b3Jkcy4KICAgICAgICAKPC9wPgo8cD4KICAgICAg
ICAgIFNlcnZpY2UgcHJvdmlkZXJzIHNob3VsZCBhdHRlbXB0IHRvIGVkdWNhdGUgZW5kLXVzZXJz
IGFib3V0IHRoZSByaXNrcyBwaGlzaGluZyBhdHRhY2tzCiAgICAgICAgICBwb3NlLCBhbmQgc2hv
dWxkIHByb3ZpZGUgbWVjaGFuaXNtcyB0aGF0IG1ha2UgaXQgZWFzeSBmb3IgZW5kLXVzZXJzIHRv
IGNvbmZpcm0gdGhlCiAgICAgICAgICBhdXRoZW50aWNpdHkgb2YgdGhlaXIgc2l0ZXMuIENsaWVu
dCBkZXZlbG9wZXJzIHNob3VsZCBjb25zaWRlciB0aGUgc2VjdXJpdHkgaW1wbGljYXRpb25zCiAg
ICAgICAgICBvZiBob3cgdGhleSBpbnRlcmFjdCB3aXRoIHRoZSB1c2VyLWFnZW50IChlLmcuLCBl
eHRlcm5hbCwgZW1iZWRkZWQpLCBhbmQgdGhlIGFiaWxpdHkgb2YKICAgICAgICAgIHRoZSBlbmQt
dXNlciB0byB2ZXJpZnkgdGhlIGF1dGhlbnRpY2l0eSBvZiB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2
ZXIuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBUbyByZWR1Y2UgdGhlIHJpc2sgb2YgcGhp
c2hpbmcgYXR0YWNrcywgdGhlIGF1dGhvcml6YXRpb24gc2VydmVycyBNVVNUIHJlcXVpcmUgdGhl
IHVzZSBvZgogICAgICAgICAgVExTIG9uIGV2ZXJ5IGVuZHBvaW50IHVzZWQgZm9yIGVuZC11c2Vy
IGludGVyYWN0aW9uLgogICAgICAgIAo8L3A+CjxhIG5hbWU9IkNTUkYiPjwvYT48YnIgLz48aHIg
Lz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIy
IiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEg
aHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1l
PSJyZmMuc2VjdGlvbi4xMC4xMiI+PC9hPjxoMz4xMC4xMi4mbmJzcDsKQ3Jvc3MtU2l0ZSBSZXF1
ZXN0IEZvcmdlcnk8L2gzPgoKPHA+CiAgICAgICAgICBDcm9zcy1zaXRlIHJlcXVlc3QgZm9yZ2Vy
eSAoQ1NSRikgaXMgYW4gZXhwbG9pdCBpbiB3aGljaCBhbiBhdHRhY2tlciBjYXVzZXMgdGhlCiAg
ICAgICAgICB1c2VyLWFnZW50IG9mIGEgdmljdGltIGVuZC11c2VyIHRvIGZvbGxvdyBhIG1hbGlj
aW91cyBVUkkgKGUuZy4gcHJvdmlkZWQgdG8gdGhlCiAgICAgICAgICB1c2VyLWFnZW50IGFzIGEg
bWlzbGVhZGluZyBsaW5rLCBpbWFnZSwgb3IgcmVkaXJlY3Rpb24pIHRvIGEgdHJ1c3Rpbmcgc2Vy
dmVyICh1c3VhbGx5CiAgICAgICAgICBlc3RhYmxpc2hlZCB2aWEgdGhlIHByZXNlbmNlIG9mIGEg
dmFsaWQgc2Vzc2lvbiBjb29raWUpLgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgQSBDU1JG
IGF0dGFjayBhZ2FpbnN0IHRoZSBjbGllbnQncyByZWRpcmVjdGlvbiBVUkkgYWxsb3dzIGFuIGF0
dGFja2VyIHRvIGluamVjdCB0aGVpciBvd24KICAgICAgICAgIGF1dGhvcml6YXRpb24gY29kZSBv
ciBhY2Nlc3MgdG9rZW4sIHdoaWNoIGNhbiByZXN1bHQgaW4gdGhlIGNsaWVudCB1c2luZyBhbiBh
Y2Nlc3MgdG9rZW4KICAgICAgICAgIGFzc29jaWF0ZWQgd2l0aCB0aGUgYXR0YWNrZXIncyBwcm90
ZWN0ZWQgcmVzb3VyY2VzIHJhdGhlciB0aGFuIHRoZSB2aWN0aW0ncyAoZS5nLiBzYXZlCiAgICAg
ICAgICB0aGUgdmljdGltJ3MgYmFuayBhY2NvdW50IGluZm9ybWF0aW9uIHRvIGEgcHJvdGVjdGVk
IHJlc291cmNlIGNvbnRyb2xsZWQgYnkgdGhlCiAgICAgICAgICBhdHRhY2tlcikuCiAgICAgICAg
CjwvcD4KPHA+CiAgICAgICAgICBUaGUgY2xpZW50IE1VU1QgaW1wbGVtZW50IENTUkYgcHJvdGVj
dGlvbiBmb3IgaXRzIHJlZGlyZWN0aW9uIFVSSS4gVGhpcyBpcyB0eXBpY2FsbHkKICAgICAgICAg
IGFjY29tcGxpc2hlZCBieSByZXF1aXJpbmcgYW55IHJlcXVlc3Qgc2VudCB0byB0aGUgcmVkaXJl
Y3Rpb24gVVJJIGVuZHBvaW50IHRvIGluY2x1ZGUgYQogICAgICAgICAgdmFsdWUgdGhhdCBiaW5k
cyB0aGUgcmVxdWVzdCB0byB0aGUgdXNlci1hZ2VudCdzIGF1dGhlbnRpY2F0ZWQgc3RhdGUgKGUu
Zy4gYSBoYXNoIG9mIHRoZQogICAgICAgICAgc2Vzc2lvbiBjb29raWUgdXNlZCB0byBhdXRoZW50
aWNhdGUgdGhlIHVzZXItYWdlbnQpLiBUaGUgY2xpZW50IFNIT1VMRCB1dGlsaXplIHRoZQogICAg
ICAgICAgPHR0PnN0YXRlPC90dD4gcmVxdWVzdCBwYXJhbWV0ZXIgdG8gZGVsaXZlciB0aGlzIHZh
bHVlIHRvIHRoZQogICAgICAgICAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgd2hlbiBtYWtpbmcgYW4g
YXV0aG9yaXphdGlvbiByZXF1ZXN0LgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgT25jZSBh
dXRob3JpemF0aW9uIGhhcyBiZWVuIG9idGFpbmVkIGZyb20gdGhlIGVuZC11c2VyLCB0aGUgYXV0
aG9yaXphdGlvbiBzZXJ2ZXIKICAgICAgICAgIHJlZGlyZWN0cyB0aGUgZW5kLXVzZXIncyB1c2Vy
LWFnZW50IGJhY2sgdG8gdGhlIGNsaWVudCB3aXRoIHRoZSByZXF1aXJlZCBiaW5kaW5nIHZhbHVl
CiAgICAgICAgICBjb250YWluZWQgaW4gdGhlIDx0dD5zdGF0ZTwvdHQ+IHBhcmFtZXRlci4gVGhl
IGJpbmRpbmcgdmFsdWUgZW5hYmxlcwogICAgICAgICAgdGhlIGNsaWVudCB0byB2ZXJpZnkgdGhl
IHZhbGlkaXR5IG9mIHRoZSByZXF1ZXN0IGJ5IG1hdGNoaW5nIHRoZSBiaW5kaW5nIHZhbHVlIHRv
IHRoZQogICAgICAgICAgdXNlci1hZ2VudCdzIGF1dGhlbnRpY2F0ZWQgc3RhdGUuIFRoZSBiaW5k
aW5nIHZhbHVlIHVzZWQgZm9yIENTUkYgcHJvdGVjdGlvbiBNVVNUIGNvbnRhaW4KICAgICAgICAg
IGEgbm9uLWd1ZXNzYWJsZSB2YWx1ZSAoYXMgZGVzY3JpYmVkIGluIDxhIGNsYXNzPSdpbmZvJyBo
cmVmPScjYW50aHJvcHknPlNlY3Rpb24mbmJzcDsxMC4xMDxzcGFuPiAoPC9zcGFuPjxzcGFuIGNs
YXNzPSdpbmZvJz5DcmVkZW50aWFscyBHdWVzc2luZyBBdHRhY2tzPC9zcGFuPjxzcGFuPik8L3Nw
YW4+PC9hPiksIGFuZCB0aGUgdXNlci1hZ2VudCdzCiAgICAgICAgICBhdXRoZW50aWNhdGVkIHN0
YXRlIChlLmcuIHNlc3Npb24gY29va2llLCBIVE1MNSBsb2NhbCBzdG9yYWdlKSBNVVNUIGJlIGtl
cHQgaW4gYSBsb2NhdGlvbgogICAgICAgICAgYWNjZXNzaWJsZSBvbmx5IHRvIHRoZSBjbGllbnQg
YW5kIHRoZSB1c2VyLWFnZW50IChpLmUuLCBwcm90ZWN0ZWQgYnkgc2FtZS1vcmlnaW4gcG9saWN5
KS4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIEEgQ1NSRiBhdHRhY2sgYWdhaW5zdCB0aGUg
YXV0aG9yaXphdGlvbiBzZXJ2ZXIncyBhdXRob3JpemF0aW9uIGVuZHBvaW50IGNhbiByZXN1bHQg
aW4gYW4KICAgICAgICAgIGF0dGFja2VyIG9idGFpbmluZyBlbmQtdXNlciBhdXRob3JpemF0aW9u
IGZvciBhIG1hbGljaW91cyBjbGllbnQgd2l0aG91dCBpbnZvbHZpbmcgb3IKICAgICAgICAgIGFs
ZXJ0aW5nIHRoZSBlbmQtdXNlci4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIFRoZSBhdXRo
b3JpemF0aW9uIHNlcnZlciBNVVNUIGltcGxlbWVudCBDU1JGIHByb3RlY3Rpb24gZm9yIGl0cyBh
dXRob3JpemF0aW9uIGVuZHBvaW50LAogICAgICAgICAgYW5kIGVuc3VyZSB0aGF0IGEgbWFsaWNp
b3VzIGNsaWVudCBjYW5ub3Qgb2J0YWluIGF1dGhvcml6YXRpb24gd2l0aG91dCB0aGUgYXdhcmVu
ZXNzIGFuZAogICAgICAgICAgZXhwbGljaXQgY29uc2VudCBvZiB0aGUgcmVzb3VyY2Ugb3duZXIu
CiAgICAgICAgCjwvcD4KPGEgbmFtZT0iYW5jaG9yNTMiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxl
IHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0i
VE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3Rv
YyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2Vj
dGlvbi4xMC4xMyI+PC9hPjxoMz4xMC4xMy4mbmJzcDsKQ2xpY2tqYWNraW5nPC9oMz4KCjxwPgog
ICAgICAgICAgSW4gYSBjbGlja2phY2tpbmcgYXR0YWNrLCBhbiBhdHRhY2tlciByZWdpc3RlcnMg
YSBsZWdpdGltYXRlIGNsaWVudCBhbmQgdGhlbiBjb25zdHJ1Y3RzIGEKICAgICAgICAgIG1hbGlj
aW91cyBzaXRlIGluIHdoaWNoIGl0IGxvYWRzIHRoZSBhdXRob3JpemF0aW9uIHNlcnZlcidzIGF1
dGhvcml6YXRpb24gZW5kcG9pbnQgd2ViCiAgICAgICAgICBwYWdlIGluIGEgdHJhbnNwYXJlbnQg
aWZyYW1lIG92ZXJsYWlkIG9uIHRvcCBvZiBhIHNldCBvZiBkdW1teSBidXR0b25zIHdoaWNoIGFy
ZQogICAgICAgICAgY2FyZWZ1bGx5IGNvbnN0cnVjdGVkIHRvIGJlIHBsYWNlZCBkaXJlY3RseSB1
bmRlciBpbXBvcnRhbnQgYnV0dG9ucyBvbiB0aGUgYXV0aG9yaXphdGlvbgogICAgICAgICAgcGFn
ZS4gV2hlbiBhbiBlbmQtdXNlciBjbGlja3MgYSBtaXNsZWFkaW5nIHZpc2libGUgYnV0dG9uLCB0
aGUgZW5kLXVzZXIgaXMgYWN0dWFsbHkKICAgICAgICAgIGNsaWNraW5nIGFuIGludmlzaWJsZSBi
dXR0b24gb24gdGhlIGF1dGhvcml6YXRpb24gcGFnZSAoc3VjaCBhcyBhbiAiQXV0aG9yaXplIiBi
dXR0b24pLgogICAgICAgICAgVGhpcyBhbGxvd3MgYW4gYXR0YWNrZXIgdG8gdHJpY2sgYSByZXNv
dXJjZSBvd25lciBpbnRvIGdyYW50aW5nIGl0cyBjbGllbnQgYWNjZXNzIHdpdGhvdXQKICAgICAg
ICAgIHRoZWlyIGtub3dsZWRnZS4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIFRvIHByZXZl
bnQgdGhpcyBmb3JtIG9mIGF0dGFjaywgbmF0aXZlIGFwcGxpY2F0aW9ucyBTSE9VTEQgdXNlIGV4
dGVybmFsIGJyb3dzZXJzIGluc3RlYWQKICAgICAgICAgIG9mIGVtYmVkZGluZyBicm93c2VycyB3
aXRoaW4gdGhlIGFwcGxpY2F0aW9uIHdoZW4gcmVxdWVzdGluZyBlbmQtdXNlciBhdXRob3JpemF0
aW9uLiBGb3IKICAgICAgICAgIG1vc3QgbmV3ZXIgYnJvd3NlcnMsIGF2b2lkYW5jZSBvZiBpZnJh
bWVzIGNhbiBiZSBlbmZvcmNlZCBieSB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIKICAgICAgICAg
IHVzaW5nIHRoZSAobm9uLXN0YW5kYXJkKSA8dHQ+eC1mcmFtZS1vcHRpb25zPC90dD4gaGVhZGVy
LiBUaGlzIGhlYWRlcgogICAgICAgICAgY2FuIGhhdmUgdHdvIHZhbHVlcywgPHR0PmRlbnk8L3R0
PiBhbmQKICAgICAgICAgIDx0dD5zYW1lb3JpZ2luPC90dD4sIHdoaWNoIHdpbGwgYmxvY2sgYW55
IGZyYW1pbmcsIG9yIGZyYW1pbmcgYnkgc2l0ZXMKICAgICAgICAgIHdpdGggYSBkaWZmZXJlbnQg
b3JpZ2luLCByZXNwZWN0aXZlbHkuIEZvciBvbGRlciBicm93c2VycywgamF2YXNjcmlwdCBmcmFt
ZWJ1c3RpbmcKICAgICAgICAgIHRlY2huaXF1ZXMgY2FuIGJlIHVzZWQgYnV0IG1heSBub3QgYmUg
ZWZmZWN0aXZlIGluIGFsbCBicm93c2Vycy4KICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3I1
NCI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0i
MCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBj
bGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3Ry
PjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjEwLjE0Ij48L2E+PGgzPjEwLjE0LiZuYnNw
OwpDb2RlIEluamVjdGlvbiBhbmQgSW5wdXQgVmFsaWRhdGlvbjwvaDM+Cgo8cD4KICAgICAgICAg
IEEgY29kZSBpbmplY3Rpb24gYXR0YWNrIG9jY3VycyB3aGVuIGFuIGlucHV0IG9yIG90aGVyd2lz
ZSBleHRlcm5hbCB2YXJpYWJsZSBpcyB1c2VkIGJ5IGFuCiAgICAgICAgICBhcHBsaWNhdGlvbiB1
bnNhbml0aXplZCBhbmQgY2F1c2VzIG1vZGlmaWNhdGlvbiB0byB0aGUgYXBwbGljYXRpb24gbG9n
aWMuIFRoaXMgbWF5IGFsbG93CiAgICAgICAgICBhbiBhdHRhY2tlciB0byBnYWluIGFjY2VzcyB0
byB0aGUgYXBwbGljYXRpb24gZGV2aWNlIG9yIGl0cyBkYXRhLCBjYXVzZSBkZW5pYWwgb2YKICAg
ICAgICAgIHNlcnZpY2UsIG9yIGEgd2lkZSByYW5nZSBvZiBtYWxpY2lvdXMgc2lkZS1lZmZlY3Rz
LgogICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgVGhlIEF1dGhvcml6YXRpb24gc2VydmVyIGFu
ZCBjbGllbnQgTVVTVCBzYW5pdGl6ZSAoYW5kIHZhbGlkYXRlIHdoZW4gcG9zc2libGUpIGFueSB2
YWx1ZQogICAgICAgICAgcmVjZWl2ZWQsIGluIHBhcnRpY3VsYXIsIHRoZSB2YWx1ZSBvZiB0aGUg
PHR0PnN0YXRlPC90dD4gYW5kCiAgICAgICAgICA8dHQ+cmVkaXJlY3RfdXJpPC90dD4gcGFyYW1l
dGVycy4KICAgICAgICAKPC9wPgo8YSBuYW1lPSJvcGVuLXJlZGlyZWN0Ij48L2E+PGJyIC8+PGhy
IC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0i
MiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxh
IGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFt
ZT0icmZjLnNlY3Rpb24uMTAuMTUiPjwvYT48aDM+MTAuMTUuJm5ic3A7Ck9wZW4gUmVkaXJlY3Rv
cnM8L2gzPgoKPHA+CiAgICAgICAgICBUaGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIgYXV0aG9yaXph
dGlvbiBlbmRwb2ludCBhbmQgdGhlIGNsaWVudCByZWRpcmVjdGlvbiBlbmRwb2ludCBjYW4KICAg
ICAgICAgIGJlIGltcHJvcGVybHkgY29uZmlndXJlZCBhbmQgb3BlcmF0ZSBhcyBvcGVuIHJlZGly
ZWN0b3JzLiBBbiBvcGVuIHJlZGlyZWN0b3IgaXMgYW4KICAgICAgICAgIGVuZHBvaW50IHVzaW5n
IGEgcGFyYW1ldGVyIHRvIGF1dG9tYXRpY2FsbHkgcmVkaXJlY3QgYSB1c2VyLWFnZW50IHRvIHRo
ZSBsb2NhdGlvbgogICAgICAgICAgc3BlY2lmaWVkIGJ5IHRoZSBwYXJhbWV0ZXIgdmFsdWUgd2l0
aG91dCBhbnkgdmFsaWRhdGlvbi4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIE9wZW4gcmVk
aXJlY3RvcnMgY2FuIGJlIHVzZWQgaW4gcGhpc2hpbmcgYXR0YWNrcywgb3IgYnkgYW4gYXR0YWNr
ZXIgdG8gZ2V0IGVuZC11c2VycyB0bwogICAgICAgICAgdmlzaXQgbWFsaWNpb3VzIHNpdGVzIGJ5
IG1ha2luZyB0aGUgVVJJJ3MgYXV0aG9yaXR5IGxvb2sgbGlrZSBhIGZhbWlsaWFyIGFuZCB0cnVz
dGVkCiAgICAgICAgICBkZXN0aW5hdGlvbi4gSW4gYWRkaXRpb24sIGlmIHRoZSBhdXRob3JpemF0
aW9uIHNlcnZlciBhbGxvd3MgdGhlIGNsaWVudCB0byByZWdpc3RlciBvbmx5CiAgICAgICAgICBw
YXJ0IG9mIHRoZSByZWRpcmVjdGlvbiBVUkksIGFuIGF0dGFja2VyIGNhbiB1c2UgYW4gb3BlbiBy
ZWRpcmVjdG9yIG9wZXJhdGVkIGJ5IHRoZQogICAgICAgICAgY2xpZW50IHRvIGNvbnN0cnVjdCBh
IHJlZGlyZWN0aW9uIFVSSSB0aGF0IHdpbGwgcGFzcyB0aGUgYXV0aG9yaXphdGlvbiBzZXJ2ZXIg
dmFsaWRhdGlvbgogICAgICAgICAgYnV0IHdpbGwgc2VuZCB0aGUgYXV0aG9yaXphdGlvbiBjb2Rl
IG9yIGFjY2VzcyB0b2tlbiB0byBhbiBlbmRwb2ludCB1bmRlciB0aGUgY29udHJvbCBvZgogICAg
ICAgICAgdGhlIGF0dGFja2VyLgogICAgICAgIAo8L3A+CjxhIG5hbWU9ImFuY2hvcjU1Ij48L2E+
PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxs
c3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJU
T0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJs
ZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMTEiPjwvYT48aDM+MTEuJm5ic3A7CklBTkEgQ29uc2lk
ZXJhdGlvbnM8L2gzPgoKPGEgbmFtZT0idHlwZS1yZWdpc3RyeSI+PC9hPjxiciAvPjxociAvPgo8
dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNs
YXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVm
PSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJm
Yy5zZWN0aW9uLjExLjEiPjwvYT48aDM+MTEuMS4mbmJzcDsKVGhlIE9BdXRoIEFjY2VzcyBUb2tl
biBUeXBlIFJlZ2lzdHJ5PC9oMz4KCjxwPgogICAgICAgICAgVGhpcyBzcGVjaWZpY2F0aW9uIGVz
dGFibGlzaGVzIHRoZSBPQXV0aCBhY2Nlc3MgdG9rZW4gdHlwZSByZWdpc3RyeS4KICAgICAgICAK
PC9wPgo8cD4KICAgICAgICAgIEFjY2VzcyB0b2tlbiB0eXBlcyBhcmUgcmVnaXN0ZXJlZCB3aXRo
IGEgU3BlY2lmaWNhdGlvbiBSZXF1aXJlZAogICAgICAgICAgKDxhIGNsYXNzPSdpbmZvJyBocmVm
PScjUkZDNTIyNic+W1JGQzUyMjZdPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPk5h
cnRlbiwgVC4gYW5kIEguIEFsdmVzdHJhbmQsICZsZHF1bztHdWlkZWxpbmVzIGZvciBXcml0aW5n
IGFuIElBTkEgQ29uc2lkZXJhdGlvbnMgU2VjdGlvbiBpbiBSRkNzLCZyZHF1bzsgTWF5Jm5ic3A7
MjAwOC48L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+KSBhZnRlciBhIHR3byB3ZWVrcyByZXZpZXcg
cGVyaW9kIG9uIHRoZSBbVEJEXUBpZXRmLm9yZyBtYWlsaW5nCiAgICAgICAgICBsaXN0LCBvbiB0
aGUgYWR2aWNlIG9mIG9uZSBvciBtb3JlIERlc2lnbmF0ZWQgRXhwZXJ0cy4gSG93ZXZlciwgdG8g
YWxsb3cgZm9yIHRoZQogICAgICAgICAgYWxsb2NhdGlvbiBvZiB2YWx1ZXMgcHJpb3IgdG8gcHVi
bGljYXRpb24sIHRoZSBEZXNpZ25hdGVkIEV4cGVydChzKSBtYXkgYXBwcm92ZQogICAgICAgICAg
cmVnaXN0cmF0aW9uIG9uY2UgdGhleSBhcmUgc2F0aXNmaWVkIHRoYXQgc3VjaCBhIHNwZWNpZmlj
YXRpb24gd2lsbCBiZSBwdWJsaXNoZWQuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBSZWdp
c3RyYXRpb24gcmVxdWVzdHMgbXVzdCBiZSBzZW50IHRvIHRoZSBbVEJEXUBpZXRmLm9yZyBtYWls
aW5nIGxpc3QgZm9yIHJldmlldyBhbmQKICAgICAgICAgIGNvbW1lbnQsIHdpdGggYW4gYXBwcm9w
cmlhdGUgc3ViamVjdCAoZS5nLiwgIlJlcXVlc3QgZm9yIGFjY2VzcyB0b2tlbiB0eXBlOiBleGFt
cGxlIikuCiAgICAgICAgICBbWyBOb3RlIHRvIFJGQy1FRElUT1I6IFRoZSBuYW1lIG9mIHRoZSBt
YWlsaW5nIGxpc3Qgc2hvdWxkIGJlIGRldGVybWluZWQgaW4gY29uc3VsdGF0aW9uCiAgICAgICAg
ICB3aXRoIHRoZSBJRVNHIGFuZCBJQU5BLiBTdWdnZXN0ZWQgbmFtZTogb2F1dGgtZXh0LXJldmll
dy4gXV0KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIFdpdGhpbiB0aGUgcmV2aWV3IHBlcmlv
ZCwgdGhlIERlc2lnbmF0ZWQgRXhwZXJ0KHMpIHdpbGwgZWl0aGVyIGFwcHJvdmUgb3IKICAgICAg
ICAgIGRlbnkgdGhlIHJlZ2lzdHJhdGlvbiByZXF1ZXN0LCBjb21tdW5pY2F0aW5nIHRoaXMgZGVj
aXNpb24gdG8gdGhlIHJldmlldyBsaXN0IGFuZCBJQU5BLgogICAgICAgICAgRGVuaWFscyBzaG91
bGQgaW5jbHVkZSBhbiBleHBsYW5hdGlvbiBhbmQsIGlmIGFwcGxpY2FibGUsIHN1Z2dlc3Rpb25z
IGFzIHRvIGhvdyB0byBtYWtlCiAgICAgICAgICB0aGUgcmVxdWVzdCBzdWNjZXNzZnVsLgogICAg
ICAgIAo8L3A+CjxwPgogICAgICAgICAgSUFOQSBtdXN0IG9ubHkgYWNjZXB0IHJlZ2lzdHJ5IHVw
ZGF0ZXMgZnJvbSB0aGUgRGVzaWduYXRlZCBFeHBlcnQocyksIGFuZCBzaG91bGQgZGlyZWN0CiAg
ICAgICAgICBhbGwgcmVxdWVzdHMgZm9yIHJlZ2lzdHJhdGlvbiB0byB0aGUgcmV2aWV3IG1haWxp
bmcgbGlzdC4KICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3I1NiI+PC9hPjxiciAvPjxociAv
Pgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIi
IGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBo
cmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9
InJmYy5zZWN0aW9uLjExLjEuMSI+PC9hPjxoMz4xMS4xLjEuJm5ic3A7ClJlZ2lzdHJhdGlvbiBU
ZW1wbGF0ZTwvaDM+Cgo8cD4KICAgICAgICAgICAgPC9wPgo8YmxvY2txdW90ZSBjbGFzcz0idGV4
dCI+PGRsPgo8ZHQ+VHlwZSBuYW1lOjwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgIAogICAgICAg
ICAgICAgICAgVGhlIG5hbWUgcmVxdWVzdGVkIChlLmcuLCAiZXhhbXBsZSIpLgogICAgICAgICAg
ICAgIAo8L2RkPgo8ZHQ+QWRkaXRpb25hbCBUb2tlbiBFbmRwb2ludCBSZXNwb25zZSBQYXJhbWV0
ZXJzOjwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgQWRkaXRpb25h
bCByZXNwb25zZSBwYXJhbWV0ZXJzIHJldHVybmVkIHRvZ2V0aGVyIHdpdGggdGhlCiAgICAgICAg
ICAgICAgICA8dHQ+YWNjZXNzX3Rva2VuPC90dD4gcGFyYW1ldGVyLiBOZXcgcGFyYW1ldGVycyBN
VVNUIGJlCiAgICAgICAgICAgICAgICBzZXBhcmF0ZWx5IHJlZ2lzdGVyZWQgaW4gdGhlIE9BdXRo
IHBhcmFtZXRlcnMgcmVnaXN0cnkgYXMgZGVzY3JpYmVkIGJ5CiAgICAgICAgICAgICAgICA8YSBj
bGFzcz0naW5mbycgaHJlZj0nI3BhcmFtZXRlcnMtcmVnaXN0cnknPlNlY3Rpb24mbmJzcDsxMS4y
PHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPlRoZSBPQXV0aCBQYXJhbWV0ZXJzIFJl
Z2lzdHJ5PC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPi4KICAgICAgICAgICAgICAKPC9kZD4KPGR0
PkhUVFAgQXV0aGVudGljYXRpb24gU2NoZW1lKHMpOjwvZHQ+CjxkZD4KICAgICAgICAgICAgICAg
IAogICAgICAgICAgICAgICAgVGhlIEhUVFAgYXV0aGVudGljYXRpb24gc2NoZW1lIG5hbWUocyks
IGlmIGFueSwgdXNlZCB0byBhdXRoZW50aWNhdGUgcHJvdGVjdGVkCiAgICAgICAgICAgICAgICBy
ZXNvdXJjZXMgcmVxdWVzdHMgdXNpbmcgYWNjZXNzIHRva2VucyBvZiB0aGlzIHR5cGUuCiAgICAg
ICAgICAgICAgCjwvZGQ+CjxkdD5DaGFuZ2UgY29udHJvbGxlcjo8L2R0Pgo8ZGQ+CiAgICAgICAg
ICAgICAgICAKICAgICAgICAgICAgICAgIEZvciBzdGFuZGFyZHMtdHJhY2sgUkZDcywgc3RhdGUg
IklFVEYiLiBGb3Igb3RoZXJzLCBnaXZlIHRoZSBuYW1lIG9mIHRoZQogICAgICAgICAgICAgICAg
cmVzcG9uc2libGUgcGFydHkuIE90aGVyIGRldGFpbHMgKGUuZy4sIHBvc3RhbCBhZGRyZXNzLCBl
LW1haWwgYWRkcmVzcywgaG9tZSBwYWdlCiAgICAgICAgICAgICAgICBVUkkpIG1heSBhbHNvIGJl
IGluY2x1ZGVkLgogICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+U3BlY2lmaWNhdGlvbiBkb2N1bWVu
dChzKTo8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgIFJlZmVyZW5j
ZSB0byB0aGUgZG9jdW1lbnQgdGhhdCBzcGVjaWZpZXMgdGhlIHBhcmFtZXRlciwgcHJlZmVyYWJs
eSBpbmNsdWRpbmcgYSBVUkkgdGhhdAogICAgICAgICAgICAgICAgY2FuIGJlIHVzZWQgdG8gcmV0
cmlldmUgYSBjb3B5IG9mIHRoZSBkb2N1bWVudC4gQW4gaW5kaWNhdGlvbiBvZiB0aGUgcmVsZXZh
bnQKICAgICAgICAgICAgICAgIHNlY3Rpb25zIG1heSBhbHNvIGJlIGluY2x1ZGVkLCBidXQgaXMg
bm90IHJlcXVpcmVkLgogICAgICAgICAgICAgIAo8L2RkPgo8L2RsPjwvYmxvY2txdW90ZT48cD4K
ICAgICAgICAgIAo8L3A+CjxhIG5hbWU9InBhcmFtZXRlcnMtcmVnaXN0cnkiPjwvYT48YnIgLz48
aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5n
PSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+
PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBu
YW1lPSJyZmMuc2VjdGlvbi4xMS4yIj48L2E+PGgzPjExLjIuJm5ic3A7ClRoZSBPQXV0aCBQYXJh
bWV0ZXJzIFJlZ2lzdHJ5PC9oMz4KCjxwPgogICAgICAgICAgVGhpcyBzcGVjaWZpY2F0aW9uIGVz
dGFibGlzaGVzIHRoZSBPQXV0aCBwYXJhbWV0ZXJzIHJlZ2lzdHJ5LgogICAgICAgIAo8L3A+Cjxw
PgogICAgICAgICAgQWRkaXRpb25hbCBwYXJhbWV0ZXJzIGZvciBpbmNsdXNpb24gaW4gdGhlIGF1
dGhvcml6YXRpb24gZW5kcG9pbnQgcmVxdWVzdCwgdGhlCiAgICAgICAgICBhdXRob3JpemF0aW9u
IGVuZHBvaW50IHJlc3BvbnNlLCB0aGUgdG9rZW4gZW5kcG9pbnQgcmVxdWVzdCwgb3IgdGhlIHRv
a2VuIGVuZHBvaW50CiAgICAgICAgICByZXNwb25zZSBhcmUgcmVnaXN0ZXJlZCB3aXRoIGEgU3Bl
Y2lmaWNhdGlvbiBSZXF1aXJlZAogICAgICAgICAgKDxhIGNsYXNzPSdpbmZvJyBocmVmPScjUkZD
NTIyNic+W1JGQzUyMjZdPHNwYW4+ICg8L3NwYW4+PHNwYW4gY2xhc3M9J2luZm8nPk5hcnRlbiwg
VC4gYW5kIEguIEFsdmVzdHJhbmQsICZsZHF1bztHdWlkZWxpbmVzIGZvciBXcml0aW5nIGFuIElB
TkEgQ29uc2lkZXJhdGlvbnMgU2VjdGlvbiBpbiBSRkNzLCZyZHF1bzsgTWF5Jm5ic3A7MjAwOC48
L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+KSBhZnRlciBhIHR3byB3ZWVrcyByZXZpZXcgcGVyaW9k
IG9uIHRoZSBbVEJEXUBpZXRmLm9yZyBtYWlsaW5nCiAgICAgICAgICBsaXN0LCBvbiB0aGUgYWR2
aWNlIG9mIG9uZSBvciBtb3JlIERlc2lnbmF0ZWQgRXhwZXJ0cy4gSG93ZXZlciwgdG8gYWxsb3cg
Zm9yIHRoZQogICAgICAgICAgYWxsb2NhdGlvbiBvZiB2YWx1ZXMgcHJpb3IgdG8gcHVibGljYXRp
b24sIHRoZSBEZXNpZ25hdGVkIEV4cGVydChzKSBtYXkgYXBwcm92ZQogICAgICAgICAgcmVnaXN0
cmF0aW9uIG9uY2UgdGhleSBhcmUgc2F0aXNmaWVkIHRoYXQgc3VjaCBhIHNwZWNpZmljYXRpb24g
d2lsbCBiZSBwdWJsaXNoZWQuCiAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICBSZWdpc3RyYXRp
b24gcmVxdWVzdHMgbXVzdCBiZSBzZW50IHRvIHRoZSBbVEJEXUBpZXRmLm9yZyBtYWlsaW5nIGxp
c3QgZm9yIHJldmlldyBhbmQKICAgICAgICAgIGNvbW1lbnQsIHdpdGggYW4gYXBwcm9wcmlhdGUg
c3ViamVjdCAoZS5nLiwgIlJlcXVlc3QgZm9yIHBhcmFtZXRlcjogZXhhbXBsZSIpLgogICAgICAg
ICAgW1sgTm90ZSB0byBSRkMtRURJVE9SOiBUaGUgbmFtZSBvZiB0aGUgbWFpbGluZyBsaXN0IHNo
b3VsZCBiZSBkZXRlcm1pbmVkIGluIGNvbnN1bHRhdGlvbgogICAgICAgICAgd2l0aCB0aGUgSUVT
RyBhbmQgSUFOQS4gU3VnZ2VzdGVkIG5hbWU6IG9hdXRoLWV4dC1yZXZpZXcuIF1dCiAgICAgICAg
CjwvcD4KPHA+CiAgICAgICAgICBXaXRoaW4gdGhlIHJldmlldyBwZXJpb2QsIHRoZSBEZXNpZ25h
dGVkIEV4cGVydChzKSB3aWxsIGVpdGhlciBhcHByb3ZlIG9yCiAgICAgICAgICBkZW55IHRoZSBy
ZWdpc3RyYXRpb24gcmVxdWVzdCwgY29tbXVuaWNhdGluZyB0aGlzIGRlY2lzaW9uIHRvIHRoZSBy
ZXZpZXcgbGlzdCBhbmQgSUFOQS4KICAgICAgICAgIERlbmlhbHMgc2hvdWxkIGluY2x1ZGUgYW4g
ZXhwbGFuYXRpb24gYW5kLCBpZiBhcHBsaWNhYmxlLCBzdWdnZXN0aW9ucyBhcyB0byBob3cgdG8g
bWFrZQogICAgICAgICAgdGhlIHJlcXVlc3Qgc3VjY2Vzc2Z1bC4KICAgICAgICAKPC9wPgo8cD4K
ICAgICAgICAgIElBTkEgbXVzdCBvbmx5IGFjY2VwdCByZWdpc3RyeSB1cGRhdGVzIGZyb20gdGhl
IERlc2lnbmF0ZWQgRXhwZXJ0KHMpLCBhbmQgc2hvdWxkIGRpcmVjdAogICAgICAgICAgYWxsIHJl
cXVlc3RzIGZvciByZWdpc3RyYXRpb24gdG8gdGhlIHJldmlldyBtYWlsaW5nIGxpc3QuCiAgICAg
ICAgCjwvcD4KPGEgbmFtZT0iYW5jaG9yNTciPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1h
cnk9ImxheW91dCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVn
IiBhbGlnbj0icmlnaHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5i
c3A7VE9DJm5ic3A7PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi4x
MS4yLjEiPjwvYT48aDM+MTEuMi4xLiZuYnNwOwpSZWdpc3RyYXRpb24gVGVtcGxhdGU8L2gzPgoK
PHA+CiAgICAgICAgICAgIDwvcD4KPGJsb2NrcXVvdGUgY2xhc3M9InRleHQiPjxkbD4KPGR0PlBh
cmFtZXRlciBuYW1lOjwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAg
VGhlIG5hbWUgcmVxdWVzdGVkIChlLmcuLCAiZXhhbXBsZSIpLgogICAgICAgICAgICAgIAo8L2Rk
Pgo8ZHQ+UGFyYW1ldGVyIHVzYWdlIGxvY2F0aW9uOjwvZHQ+CjxkZD4KICAgICAgICAgICAgICAg
IAogICAgICAgICAgICAgICAgVGhlIGxvY2F0aW9uKHMpIHdoZXJlIHBhcmFtZXRlciBjYW4gYmUg
dXNlZC4gVGhlIHBvc3NpYmxlIGxvY2F0aW9ucyBhcmU6CiAgICAgICAgICAgICAgICBhdXRob3Jp
emF0aW9uIHJlcXVlc3QsIGF1dGhvcml6YXRpb24gcmVzcG9uc2UsIHRva2VuIHJlcXVlc3QsIG9y
IHRva2VuIHJlc3BvbnNlLgogICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+Q2hhbmdlIGNvbnRyb2xs
ZXI6PC9kdD4KPGRkPgogICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBGb3Igc3RhbmRh
cmRzLXRyYWNrIFJGQ3MsIHN0YXRlICJJRVRGIi4gRm9yIG90aGVycywgZ2l2ZSB0aGUgbmFtZSBv
ZiB0aGUKICAgICAgICAgICAgICAgIHJlc3BvbnNpYmxlIHBhcnR5LiBPdGhlciBkZXRhaWxzIChl
LmcuLCBwb3N0YWwgYWRkcmVzcywgZS1tYWlsIGFkZHJlc3MsIGhvbWUgcGFnZQogICAgICAgICAg
ICAgICAgVVJJKSBtYXkgYWxzbyBiZSBpbmNsdWRlZC4KICAgICAgICAgICAgICAKPC9kZD4KPGR0
PlNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6PC9kdD4KPGRkPgogICAgICAgICAgICAgICAgCiAg
ICAgICAgICAgICAgICBSZWZlcmVuY2UgdG8gdGhlIGRvY3VtZW50IHRoYXQgc3BlY2lmaWVzIHRo
ZSBwYXJhbWV0ZXIsIHByZWZlcmFibHkgaW5jbHVkaW5nIGEgVVJJIHRoYXQKICAgICAgICAgICAg
ICAgIGNhbiBiZSB1c2VkIHRvIHJldHJpZXZlIGEgY29weSBvZiB0aGUgZG9jdW1lbnQuIEFuIGlu
ZGljYXRpb24gb2YgdGhlIHJlbGV2YW50CiAgICAgICAgICAgICAgICBzZWN0aW9ucyBtYXkgYWxz
byBiZSBpbmNsdWRlZCwgYnV0IGlzIG5vdCByZXF1aXJlZC4KICAgICAgICAgICAgICAKPC9kZD4K
PC9kbD48L2Jsb2NrcXVvdGU+PHA+CiAgICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3I1OCI+
PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIg
Y2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFz
cz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwv
dGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjExLjIuMiI+PC9hPjxoMz4xMS4yLjIuJm5ic3A7
CkluaXRpYWwgUmVnaXN0cnkgQ29udGVudHM8L2gzPgoKPHA+CiAgICAgICAgICAgIFRoZSBPQXV0
aCBQYXJhbWV0ZXJzIFJlZ2lzdHJ5J3MgaW5pdGlhbCBjb250ZW50cyBhcmU6CiAgICAgICAgICAK
PC9wPgo8cD4KICAgICAgICAgICAgPC9wPgo8dWwgY2xhc3M9InRleHQiPgo8bGk+CiAgICAgICAg
ICAgICAgICBQYXJhbWV0ZXIgbmFtZTogY2xpZW50X2lkCiAgICAgICAgICAgICAgCjwvbGk+Cjxs
aT4KICAgICAgICAgICAgICAgIFBhcmFtZXRlciB1c2FnZSBsb2NhdGlvbjogYXV0aG9yaXphdGlv
biByZXF1ZXN0LCB0b2tlbiByZXF1ZXN0CiAgICAgICAgICAgICAgCjwvbGk+CjxsaT4KICAgICAg
ICAgICAgICAgIENoYW5nZSBjb250cm9sbGVyOiBJRVRGCiAgICAgICAgICAgICAgCjwvbGk+Cjxs
aT4KICAgICAgICAgICAgICAgIFNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6IFtbIHRoaXMgZG9j
dW1lbnQgXV0KICAgICAgICAgICAgICAKPC9saT4KPC91bD48cD4KICAgICAgICAgIAo8L3A+Cjxw
PgogICAgICAgICAgICA8L3A+Cjx1bCBjbGFzcz0idGV4dCI+CjxsaT4KICAgICAgICAgICAgICAg
IFBhcmFtZXRlciBuYW1lOiBjbGllbnRfc2VjcmV0CiAgICAgICAgICAgICAgCjwvbGk+CjxsaT4K
ICAgICAgICAgICAgICAgIFBhcmFtZXRlciB1c2FnZSBsb2NhdGlvbjogdG9rZW4gcmVxdWVzdAog
ICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBDaGFuZ2UgY29udHJvbGxl
cjogSUVURgogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBTcGVjaWZp
Y2F0aW9uIGRvY3VtZW50KHMpOiBbWyB0aGlzIGRvY3VtZW50IF1dCiAgICAgICAgICAgICAgCjwv
bGk+CjwvdWw+PHA+CiAgICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgPC9wPgo8dWwgY2xh
c3M9InRleHQiPgo8bGk+CiAgICAgICAgICAgICAgICBQYXJhbWV0ZXIgbmFtZTogcmVzcG9uc2Vf
dHlwZQogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBQYXJhbWV0ZXIg
dXNhZ2UgbG9jYXRpb246IGF1dGhvcml6YXRpb24gcmVxdWVzdAogICAgICAgICAgICAgIAo8L2xp
Pgo8bGk+CiAgICAgICAgICAgICAgICBDaGFuZ2UgY29udHJvbGxlcjogSUVURgogICAgICAgICAg
ICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMp
OiBbWyB0aGlzIGRvY3VtZW50IF1dCiAgICAgICAgICAgICAgCjwvbGk+CjwvdWw+PHA+CiAgICAg
ICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgPC9wPgo8dWwgY2xhc3M9InRleHQiPgo8bGk+CiAg
ICAgICAgICAgICAgICBQYXJhbWV0ZXIgbmFtZTogcmVkaXJlY3RfdXJpCiAgICAgICAgICAgICAg
CjwvbGk+CjxsaT4KICAgICAgICAgICAgICAgIFBhcmFtZXRlciB1c2FnZSBsb2NhdGlvbjogYXV0
aG9yaXphdGlvbiByZXF1ZXN0LCB0b2tlbiByZXF1ZXN0CiAgICAgICAgICAgICAgCjwvbGk+Cjxs
aT4KICAgICAgICAgICAgICAgIENoYW5nZSBjb250cm9sbGVyOiBJRVRGCiAgICAgICAgICAgICAg
CjwvbGk+CjxsaT4KICAgICAgICAgICAgICAgIFNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6IFtb
IHRoaXMgZG9jdW1lbnQgXV0KICAgICAgICAgICAgICAKPC9saT4KPC91bD48cD4KICAgICAgICAg
IAo8L3A+CjxwPgogICAgICAgICAgICA8L3A+Cjx1bCBjbGFzcz0idGV4dCI+CjxsaT4KICAgICAg
ICAgICAgICAgIFBhcmFtZXRlciBuYW1lOiBzY29wZQogICAgICAgICAgICAgIAo8L2xpPgo8bGk+
CiAgICAgICAgICAgICAgICBQYXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb246IGF1dGhvcml6YXRpb24g
cmVxdWVzdCwgYXV0aG9yaXphdGlvbiByZXNwb25zZSwgdG9rZW4KICAgICAgICAgICAgICAgIHJl
cXVlc3QsIHRva2VuIHJlc3BvbnNlCiAgICAgICAgICAgICAgCjwvbGk+CjxsaT4KICAgICAgICAg
ICAgICAgIENoYW5nZSBjb250cm9sbGVyOiBJRVRGCiAgICAgICAgICAgICAgCjwvbGk+CjxsaT4K
ICAgICAgICAgICAgICAgIFNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6IFtbIHRoaXMgZG9jdW1l
bnQgXV0KICAgICAgICAgICAgICAKPC9saT4KPC91bD48cD4KICAgICAgICAgIAo8L3A+CjxwPgog
ICAgICAgICAgICA8L3A+Cjx1bCBjbGFzcz0idGV4dCI+CjxsaT4KICAgICAgICAgICAgICAgIFBh
cmFtZXRlciBuYW1lOiBzdGF0ZQogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAg
ICAgICBQYXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb246IGF1dGhvcml6YXRpb24gcmVxdWVzdCwgYXV0
aG9yaXphdGlvbiByZXNwb25zZQogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAg
ICAgICBDaGFuZ2UgY29udHJvbGxlcjogSUVURgogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAg
ICAgICAgICAgICAgICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOiBbWyB0aGlzIGRvY3VtZW50
IF1dCiAgICAgICAgICAgICAgCjwvbGk+CjwvdWw+PHA+CiAgICAgICAgICAKPC9wPgo8cD4KICAg
ICAgICAgICAgPC9wPgo8dWwgY2xhc3M9InRleHQiPgo8bGk+CiAgICAgICAgICAgICAgICBQYXJh
bWV0ZXIgbmFtZTogY29kZQogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAg
ICBQYXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb246IGF1dGhvcml6YXRpb24gcmVzcG9uc2UsIHRva2Vu
IHJlcXVlc3QKICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAgQ2hhbmdl
IGNvbnRyb2xsZXI6IElFVEYKICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAg
ICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBdXQogICAgICAg
ICAgICAgIAo8L2xpPgo8L3VsPjxwPgogICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgIDwv
cD4KPHVsIGNsYXNzPSJ0ZXh0Ij4KPGxpPgogICAgICAgICAgICAgICAgUGFyYW1ldGVyIG5hbWU6
IGVycm9yX2Rlc2NyaXB0aW9uCiAgICAgICAgICAgICAgCjwvbGk+CjxsaT4KICAgICAgICAgICAg
ICAgIFBhcmFtZXRlciB1c2FnZSBsb2NhdGlvbjogYXV0aG9yaXphdGlvbiByZXNwb25zZSwgdG9r
ZW4gcmVzcG9uc2UKICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAgQ2hh
bmdlIGNvbnRyb2xsZXI6IElFVEYKICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAg
ICAgICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBdXQogICAg
ICAgICAgICAgIAo8L2xpPgo8L3VsPjxwPgogICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAg
IDwvcD4KPHVsIGNsYXNzPSJ0ZXh0Ij4KPGxpPgogICAgICAgICAgICAgICAgUGFyYW1ldGVyIG5h
bWU6IGVycm9yX3VyaQogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBQ
YXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb246IGF1dGhvcml6YXRpb24gcmVzcG9uc2UsIHRva2VuIHJl
c3BvbnNlCiAgICAgICAgICAgICAgCjwvbGk+CjxsaT4KICAgICAgICAgICAgICAgIENoYW5nZSBj
b250cm9sbGVyOiBJRVRGCiAgICAgICAgICAgICAgCjwvbGk+CjxsaT4KICAgICAgICAgICAgICAg
IFNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6IFtbIHRoaXMgZG9jdW1lbnQgXV0KICAgICAgICAg
ICAgICAKPC9saT4KPC91bD48cD4KICAgICAgICAgIAo8L3A+CjxwPgogICAgICAgICAgICA8L3A+
Cjx1bCBjbGFzcz0idGV4dCI+CjxsaT4KICAgICAgICAgICAgICAgIFBhcmFtZXRlciBuYW1lOiBn
cmFudF90eXBlCiAgICAgICAgICAgICAgCjwvbGk+CjxsaT4KICAgICAgICAgICAgICAgIFBhcmFt
ZXRlciB1c2FnZSBsb2NhdGlvbjogdG9rZW4gcmVxdWVzdAogICAgICAgICAgICAgIAo8L2xpPgo8
bGk+CiAgICAgICAgICAgICAgICBDaGFuZ2UgY29udHJvbGxlcjogSUVURgogICAgICAgICAgICAg
IAo8L2xpPgo8bGk+CiAgICAgICAgICAgICAgICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOiBb
WyB0aGlzIGRvY3VtZW50IF1dCiAgICAgICAgICAgICAgCjwvbGk+CjwvdWw+PHA+CiAgICAgICAg
ICAKPC9wPgo8cD4KICAgICAgICAgICAgPC9wPgo8dWwgY2xhc3M9InRleHQiPgo8bGk+CiAgICAg
ICAgICAgICAgICBQYXJhbWV0ZXIgbmFtZTogYWNjZXNzX3Rva2VuCiAgICAgICAgICAgICAgCjwv
bGk+CjxsaT4KICAgICAgICAgICAgICAgIFBhcmFtZXRlciB1c2FnZSBsb2NhdGlvbjogYXV0aG9y
aXphdGlvbiByZXNwb25zZSwgdG9rZW4gcmVzcG9uc2UKICAgICAgICAgICAgICAKPC9saT4KPGxp
PgogICAgICAgICAgICAgICAgQ2hhbmdlIGNvbnRyb2xsZXI6IElFVEYKICAgICAgICAgICAgICAK
PC9saT4KPGxpPgogICAgICAgICAgICAgICAgU3BlY2lmaWNhdGlvbiBkb2N1bWVudChzKTogW1sg
dGhpcyBkb2N1bWVudCBdXQogICAgICAgICAgICAgIAo8L2xpPgo8L3VsPjxwPgogICAgICAgICAg
CjwvcD4KPHA+CiAgICAgICAgICAgIDwvcD4KPHVsIGNsYXNzPSJ0ZXh0Ij4KPGxpPgogICAgICAg
ICAgICAgICAgUGFyYW1ldGVyIG5hbWU6IHRva2VuX3R5cGUKICAgICAgICAgICAgICAKPC9saT4K
PGxpPgogICAgICAgICAgICAgICAgUGFyYW1ldGVyIHVzYWdlIGxvY2F0aW9uOiBhdXRob3JpemF0
aW9uIHJlc3BvbnNlLCB0b2tlbiByZXNwb25zZQogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAg
ICAgICAgICAgICAgICBDaGFuZ2UgY29udHJvbGxlcjogSUVURgogICAgICAgICAgICAgIAo8L2xp
Pgo8bGk+CiAgICAgICAgICAgICAgICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOiBbWyB0aGlz
IGRvY3VtZW50IF1dCiAgICAgICAgICAgICAgCjwvbGk+CjwvdWw+PHA+CiAgICAgICAgICAKPC9w
Pgo8cD4KICAgICAgICAgICAgPC9wPgo8dWwgY2xhc3M9InRleHQiPgo8bGk+CiAgICAgICAgICAg
ICAgICBQYXJhbWV0ZXIgbmFtZTogZXhwaXJlc19pbgogICAgICAgICAgICAgIAo8L2xpPgo8bGk+
CiAgICAgICAgICAgICAgICBQYXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb246IGF1dGhvcml6YXRpb24g
cmVzcG9uc2UsIHRva2VuIHJlc3BvbnNlCiAgICAgICAgICAgICAgCjwvbGk+CjxsaT4KICAgICAg
ICAgICAgICAgIENoYW5nZSBjb250cm9sbGVyOiBJRVRGCiAgICAgICAgICAgICAgCjwvbGk+Cjxs
aT4KICAgICAgICAgICAgICAgIFNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6IFtbIHRoaXMgZG9j
dW1lbnQgXV0KICAgICAgICAgICAgICAKPC9saT4KPC91bD48cD4KICAgICAgICAgIAo8L3A+Cjxw
PgogICAgICAgICAgICA8L3A+Cjx1bCBjbGFzcz0idGV4dCI+CjxsaT4KICAgICAgICAgICAgICAg
IFBhcmFtZXRlciBuYW1lOiB1c2VybmFtZQogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAg
ICAgICAgICAgICBQYXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb246IHRva2VuIHJlcXVlc3QKICAgICAg
ICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAgQ2hhbmdlIGNvbnRyb2xsZXI6IElF
VEYKICAgICAgICAgICAgICAKPC9saT4KPGxpPgogICAgICAgICAgICAgICAgU3BlY2lmaWNhdGlv
biBkb2N1bWVudChzKTogW1sgdGhpcyBkb2N1bWVudCBdXQogICAgICAgICAgICAgIAo8L2xpPgo8
L3VsPjxwPgogICAgICAgICAgCjwvcD4KPHA+CiAgICAgICAgICAgIDwvcD4KPHVsIGNsYXNzPSJ0
ZXh0Ij4KPGxpPgogICAgICAgICAgICAgICAgUGFyYW1ldGVyIG5hbWU6IHBhc3N3b3JkCiAgICAg
ICAgICAgICAgCjwvbGk+CjxsaT4KICAgICAgICAgICAgICAgIFBhcmFtZXRlciB1c2FnZSBsb2Nh
dGlvbjogdG9rZW4gcmVxdWVzdAogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAgICAgICAg
ICAgICBDaGFuZ2UgY29udHJvbGxlcjogSUVURgogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAg
ICAgICAgICAgICAgICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOiBbWyB0aGlzIGRvY3VtZW50
IF1dCiAgICAgICAgICAgICAgCjwvbGk+CjwvdWw+PHA+CiAgICAgICAgICAKPC9wPgo8cD4KICAg
ICAgICAgICAgPC9wPgo8dWwgY2xhc3M9InRleHQiPgo8bGk+CiAgICAgICAgICAgICAgICBQYXJh
bWV0ZXIgbmFtZTogcmVmcmVzaF90b2tlbgogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAgICAg
ICAgICAgICAgICBQYXJhbWV0ZXIgdXNhZ2UgbG9jYXRpb246IHRva2VuIHJlcXVlc3QsIHRva2Vu
IHJlc3BvbnNlCiAgICAgICAgICAgICAgCjwvbGk+CjxsaT4KICAgICAgICAgICAgICAgIENoYW5n
ZSBjb250cm9sbGVyOiBJRVRGCiAgICAgICAgICAgICAgCjwvbGk+CjxsaT4KICAgICAgICAgICAg
ICAgIFNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6IFtbIHRoaXMgZG9jdW1lbnQgXV0KICAgICAg
ICAgICAgICAKPC9saT4KPC91bD48cD4KICAgICAgICAgIAo8L3A+CjxhIG5hbWU9InJlc3BvbnNl
LXR5cGUtcmVnaXN0cnkiPjwvYT48YnIgLz48aHIgLz4KPHRhYmxlIHN1bW1hcnk9ImxheW91dCIg
Y2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIyIiBjbGFzcz0iVE9DYnVnIiBhbGlnbj0icmln
aHQiPjx0cj48dGQgY2xhc3M9IlRPQ2J1ZyI+PGEgaHJlZj0iI3RvYyI+Jm5ic3A7VE9DJm5ic3A7
PC9hPjwvdGQ+PC90cj48L3RhYmxlPgo8YSBuYW1lPSJyZmMuc2VjdGlvbi4xMS4zIj48L2E+PGgz
PjExLjMuJm5ic3A7ClRoZSBPQXV0aCBBdXRob3JpemF0aW9uIEVuZHBvaW50IFJlc3BvbnNlIFR5
cGUgUmVnaXN0cnk8L2gzPgoKPHA+CiAgICAgICAgICBUaGlzIHNwZWNpZmljYXRpb24gZXN0YWJs
aXNoZXMgdGhlIE9BdXRoIGF1dGhvcml6YXRpb24gZW5kcG9pbnQgcmVzcG9uc2UgdHlwZSByZWdp
c3RyeS4KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgICAgQWRkaXRpb25hbCByZXNwb25zZSB0
eXBlIGZvciB1c2Ugd2l0aCB0aGUgYXV0aG9yaXphdGlvbiBlbmRwb2ludCBhcmUgcmVnaXN0ZXJl
ZCB3aXRoIGEKICAgICAgICAgICAgU3BlY2lmaWNhdGlvbiBSZXF1aXJlZCAoPGEgY2xhc3M9J2lu
Zm8nIGhyZWY9JyNSRkM1MjI2Jz5bUkZDNTIyNl08c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0n
aW5mbyc+TmFydGVuLCBULiBhbmQgSC4gQWx2ZXN0cmFuZCwgJmxkcXVvO0d1aWRlbGluZXMgZm9y
IFdyaXRpbmcgYW4gSUFOQSBDb25zaWRlcmF0aW9ucyBTZWN0aW9uIGluIFJGQ3MsJnJkcXVvOyBN
YXkmbmJzcDsyMDA4Ljwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4pIGFmdGVyIGEgdHdvIHdlZWtz
IHJldmlldyBwZXJpb2Qgb24KICAgICAgICAgICAgdGhlIFtUQkRdQGlldGYub3JnIG1haWxpbmcg
bGlzdCwgb24gdGhlIGFkdmljZSBvZiBvbmUgb3IgbW9yZSBEZXNpZ25hdGVkIEV4cGVydHMuCiAg
ICAgICAgICAgIEhvd2V2ZXIsIHRvIGFsbG93IGZvciB0aGUgYWxsb2NhdGlvbiBvZiB2YWx1ZXMg
cHJpb3IgdG8gcHVibGljYXRpb24sIHRoZSBEZXNpZ25hdGVkCiAgICAgICAgICAgIEV4cGVydChz
KSBtYXkgYXBwcm92ZSByZWdpc3RyYXRpb24gb25jZSB0aGV5IGFyZSBzYXRpc2ZpZWQgdGhhdCBz
dWNoIGEgc3BlY2lmaWNhdGlvbgogICAgICAgICAgICB3aWxsIGJlIHB1Ymxpc2hlZC4KICAgICAg
ICAgIAo8L3A+CjxwPgogICAgICAgICAgICBSZWdpc3RyYXRpb24gcmVxdWVzdHMgbXVzdCBiZSBz
ZW50IHRvIHRoZSBbVEJEXUBpZXRmLm9yZyBtYWlsaW5nIGxpc3QgZm9yIHJldmlldyBhbmQKICAg
ICAgICAgICAgY29tbWVudCwgd2l0aCBhbiBhcHByb3ByaWF0ZSBzdWJqZWN0IChlLmcuLCAiUmVx
dWVzdCBmb3IgcmVzcG9uc2UgdHlwZTogZXhhbXBsZSIpLgogICAgICAgICAgICBbWyBOb3RlIHRv
IFJGQy1FRElUT1I6IFRoZSBuYW1lIG9mIHRoZSBtYWlsaW5nIGxpc3Qgc2hvdWxkIGJlIGRldGVy
bWluZWQgaW4gY29uc3VsdGF0aW9uCiAgICAgICAgICAgIHdpdGggdGhlIElFU0cgYW5kIElBTkEu
IFN1Z2dlc3RlZCBuYW1lOiBvYXV0aC1leHQtcmV2aWV3LiBdXQogICAgICAgICAgCjwvcD4KPHA+
CiAgICAgICAgICAgIFdpdGhpbiB0aGUgcmV2aWV3IHBlcmlvZCwgdGhlIERlc2lnbmF0ZWQgRXhw
ZXJ0KHMpIHdpbGwgZWl0aGVyIGFwcHJvdmUgb3IKICAgICAgICAgICAgZGVueSB0aGUgcmVnaXN0
cmF0aW9uIHJlcXVlc3QsIGNvbW11bmljYXRpbmcgdGhpcyBkZWNpc2lvbiB0byB0aGUgcmV2aWV3
IGxpc3QgYW5kIElBTkEuCiAgICAgICAgICAgIERlbmlhbHMgc2hvdWxkIGluY2x1ZGUgYW4gZXhw
bGFuYXRpb24gYW5kLCBpZiBhcHBsaWNhYmxlLCBzdWdnZXN0aW9ucyBhcyB0byBob3cgdG8gbWFr
ZQogICAgICAgICAgICB0aGUgcmVxdWVzdCBzdWNjZXNzZnVsLgogICAgICAgICAgCjwvcD4KPHA+
CiAgICAgICAgICAgIElBTkEgbXVzdCBvbmx5IGFjY2VwdCByZWdpc3RyeSB1cGRhdGVzIGZyb20g
dGhlIERlc2lnbmF0ZWQgRXhwZXJ0KHMpLCBhbmQgc2hvdWxkIGRpcmVjdAogICAgICAgICAgICBh
bGwgcmVxdWVzdHMgZm9yIHJlZ2lzdHJhdGlvbiB0byB0aGUgcmV2aWV3IG1haWxpbmcgbGlzdC4K
ICAgICAgICAgIAo8L3A+CjxhIG5hbWU9ImFuY2hvcjU5Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJs
ZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9
IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0
b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNl
Y3Rpb24uMTEuMy4xIj48L2E+PGgzPjExLjMuMS4mbmJzcDsKUmVnaXN0cmF0aW9uIFRlbXBsYXRl
PC9oMz4KCjxwPgogICAgICAgICAgICA8L3A+CjxibG9ja3F1b3RlIGNsYXNzPSJ0ZXh0Ij48ZGw+
CjxkdD5SZXNwb25zZSB0eXBlIG5hbWU6PC9kdD4KPGRkPgogICAgICAgICAgICAgICAgCiAgICAg
ICAgICAgICAgICBUaGUgbmFtZSByZXF1ZXN0ZWQgKGUuZy4sICJleGFtcGxlIikuCiAgICAgICAg
ICAgICAgCjwvZGQ+CjxkdD5DaGFuZ2UgY29udHJvbGxlcjo8L2R0Pgo8ZGQ+CiAgICAgICAgICAg
ICAgICAKICAgICAgICAgICAgICAgIEZvciBzdGFuZGFyZHMtdHJhY2sgUkZDcywgc3RhdGUgIklF
VEYiLiBGb3Igb3RoZXJzLCBnaXZlIHRoZSBuYW1lIG9mIHRoZQogICAgICAgICAgICAgICAgcmVz
cG9uc2libGUgcGFydHkuIE90aGVyIGRldGFpbHMgKGUuZy4sIHBvc3RhbCBhZGRyZXNzLCBlLW1h
aWwgYWRkcmVzcywgaG9tZSBwYWdlCiAgICAgICAgICAgICAgICBVUkkpIG1heSBhbHNvIGJlIGlu
Y2x1ZGVkLgogICAgICAgICAgICAgIAo8L2RkPgo8ZHQ+U3BlY2lmaWNhdGlvbiBkb2N1bWVudChz
KTo8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgIFJlZmVyZW5jZSB0
byB0aGUgZG9jdW1lbnQgdGhhdCBzcGVjaWZpZXMgdGhlIHR5cGUsIHByZWZlcmFibHkgaW5jbHVk
aW5nIGEgVVJJIHRoYXQKICAgICAgICAgICAgICAgIGNhbiBiZSB1c2VkIHRvIHJldHJpZXZlIGEg
Y29weSBvZiB0aGUgZG9jdW1lbnQuIEFuIGluZGljYXRpb24gb2YgdGhlIHJlbGV2YW50CiAgICAg
ICAgICAgICAgICBzZWN0aW9ucyBtYXkgYWxzbyBiZSBpbmNsdWRlZCwgYnV0IGlzIG5vdCByZXF1
aXJlZC4KICAgICAgICAgICAgICAKPC9kZD4KPC9kbD48L2Jsb2NrcXVvdGU+PHA+CiAgICAgICAg
ICAKPC9wPgo8YSBuYW1lPSJhbmNob3I2MCI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFy
eT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWci
IGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJz
cDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLjEx
LjMuMiI+PC9hPjxoMz4xMS4zLjIuJm5ic3A7CkluaXRpYWwgUmVnaXN0cnkgQ29udGVudHM8L2gz
PgoKPHA+CiAgICAgICAgICAgIFRoZSBPQXV0aCBBdXRob3JpemF0aW9uIEVuZHBvaW50IFJlc3Bv
bnNlIFR5cGUgUmVnaXN0cnkncyBpbml0aWFsIGNvbnRlbnRzIGFyZToKICAgICAgICAgIAo8L3A+
CjxwPgogICAgICAgICAgICA8L3A+Cjx1bCBjbGFzcz0idGV4dCI+CjxsaT4KICAgICAgICAgICAg
ICAgIFJlc3BvbnNlIHR5cGUgbmFtZTogY29kZQogICAgICAgICAgICAgIAo8L2xpPgo8bGk+CiAg
ICAgICAgICAgICAgICBDaGFuZ2UgY29udHJvbGxlcjogSUVURgogICAgICAgICAgICAgIAo8L2xp
Pgo8bGk+CiAgICAgICAgICAgICAgICBTcGVjaWZpY2F0aW9uIGRvY3VtZW50KHMpOiBbWyB0aGlz
IGRvY3VtZW50IF1dCiAgICAgICAgICAgICAgCjwvbGk+CjwvdWw+PHA+CiAgICAgICAgICAKPC9w
Pgo8cD4KICAgICAgICAgICAgPC9wPgo8dWwgY2xhc3M9InRleHQiPgo8bGk+CiAgICAgICAgICAg
ICAgICBSZXNwb25zZSB0eXBlIG5hbWU6IHRva2VuCiAgICAgICAgICAgICAgCjwvbGk+CjxsaT4K
ICAgICAgICAgICAgICAgIENoYW5nZSBjb250cm9sbGVyOiBJRVRGCiAgICAgICAgICAgICAgCjwv
bGk+CjxsaT4KICAgICAgICAgICAgICAgIFNwZWNpZmljYXRpb24gZG9jdW1lbnQocyk6IFtbIHRo
aXMgZG9jdW1lbnQgXV0KICAgICAgICAgICAgICAKPC9saT4KPC91bD48cD4KICAgICAgICAgIAo8
L3A+CjxhIG5hbWU9ImVycm9yLXJlZ2lzdHJ5Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1t
YXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1
ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZu
YnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24u
MTEuNCI+PC9hPjxoMz4xMS40LiZuYnNwOwpUaGUgT0F1dGggRXh0ZW5zaW9ucyBFcnJvciBSZWdp
c3RyeTwvaDM+Cgo8cD4KICAgICAgICAgIFRoaXMgc3BlY2lmaWNhdGlvbiBlc3RhYmxpc2hlcyB0
aGUgT0F1dGggZXh0ZW5zaW9ucyBlcnJvciByZWdpc3RyeS4KICAgICAgICAKPC9wPgo8cD4KICAg
ICAgICAgIEFkZGl0aW9uYWwgZXJyb3IgY29kZXMgdXNlZCB0b2dldGhlciB3aXRoIG90aGVyIHBy
b3RvY29sIGV4dGVuc2lvbnMgKGkuZS4gZXh0ZW5zaW9uIGdyYW50CiAgICAgICAgICB0eXBlcywg
YWNjZXNzIHRva2VuIHR5cGVzLCBvciBleHRlbnNpb24gcGFyYW1ldGVycykgYXJlIHJlZ2lzdGVy
ZWQgd2l0aCBhIFNwZWNpZmljYXRpb24KICAgICAgICAgIFJlcXVpcmVkICg8YSBjbGFzcz0naW5m
bycgaHJlZj0nI1JGQzUyMjYnPltSRkM1MjI2XTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdp
bmZvJz5OYXJ0ZW4sIFQuIGFuZCBILiBBbHZlc3RyYW5kLCAmbGRxdW87R3VpZGVsaW5lcyBmb3Ig
V3JpdGluZyBhbiBJQU5BIENvbnNpZGVyYXRpb25zIFNlY3Rpb24gaW4gUkZDcywmcmRxdW87IE1h
eSZuYnNwOzIwMDguPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPikgYWZ0ZXIgYSB0d28gd2Vla3Mg
cmV2aWV3IHBlcmlvZCBvbiB0aGUKICAgICAgICAgIFtUQkRdQGlldGYub3JnIG1haWxpbmcgbGlz
dCwgb24gdGhlIGFkdmljZSBvZiBvbmUgb3IgbW9yZSBEZXNpZ25hdGVkIEV4cGVydHMuIEhvd2V2
ZXIsIHRvCiAgICAgICAgICBhbGxvdyBmb3IgdGhlIGFsbG9jYXRpb24gb2YgdmFsdWVzIHByaW9y
IHRvIHB1YmxpY2F0aW9uLCB0aGUgRGVzaWduYXRlZCBFeHBlcnQocykgbWF5CiAgICAgICAgICBh
cHByb3ZlIHJlZ2lzdHJhdGlvbiBvbmNlIHRoZXkgYXJlIHNhdGlzZmllZCB0aGF0IHN1Y2ggYSBz
cGVjaWZpY2F0aW9uIHdpbGwgYmUgcHVibGlzaGVkLgogICAgICAgIAo8L3A+CjxwPgogICAgICAg
ICAgUmVnaXN0cmF0aW9uIHJlcXVlc3RzIG11c3QgYmUgc2VudCB0byB0aGUgW1RCRF1AaWV0Zi5v
cmcgbWFpbGluZyBsaXN0IGZvciByZXZpZXcgYW5kCiAgICAgICAgICBjb21tZW50LCB3aXRoIGFu
IGFwcHJvcHJpYXRlIHN1YmplY3QgKGUuZy4sICJSZXF1ZXN0IGZvciBlcnJvciBjb2RlOiBleGFt
cGxlIikuCiAgICAgICAgICBbWyBOb3RlIHRvIFJGQy1FRElUT1I6IFRoZSBuYW1lIG9mIHRoZSBt
YWlsaW5nIGxpc3Qgc2hvdWxkIGJlIGRldGVybWluZWQgaW4gY29uc3VsdGF0aW9uCiAgICAgICAg
ICB3aXRoIHRoZSBJRVNHIGFuZCBJQU5BLiBTdWdnZXN0ZWQgbmFtZTogb2F1dGgtZXh0LXJldmll
dy4gXV0KICAgICAgICAKPC9wPgo8cD4KICAgICAgICAgIFdpdGhpbiB0aGUgcmV2aWV3IHBlcmlv
ZCwgdGhlIERlc2lnbmF0ZWQgRXhwZXJ0KHMpIHdpbGwgZWl0aGVyIGFwcHJvdmUgb3IKICAgICAg
ICAgIGRlbnkgdGhlIHJlZ2lzdHJhdGlvbiByZXF1ZXN0LCBjb21tdW5pY2F0aW5nIHRoaXMgZGVj
aXNpb24gdG8gdGhlIHJldmlldyBsaXN0IGFuZCBJQU5BLgogICAgICAgICAgRGVuaWFscyBzaG91
bGQgaW5jbHVkZSBhbiBleHBsYW5hdGlvbiBhbmQsIGlmIGFwcGxpY2FibGUsIHN1Z2dlc3Rpb25z
IGFzIHRvIGhvdyB0byBtYWtlCiAgICAgICAgICB0aGUgcmVxdWVzdCBzdWNjZXNzZnVsLgogICAg
ICAgIAo8L3A+CjxwPgogICAgICAgICAgSUFOQSBtdXN0IG9ubHkgYWNjZXB0IHJlZ2lzdHJ5IHVw
ZGF0ZXMgZnJvbSB0aGUgRGVzaWduYXRlZCBFeHBlcnQocyksIGFuZCBzaG91bGQgZGlyZWN0CiAg
ICAgICAgICBhbGwgcmVxdWVzdHMgZm9yIHJlZ2lzdHJhdGlvbiB0byB0aGUgcmV2aWV3IG1haWxp
bmcgbGlzdC4KICAgICAgICAKPC9wPgo8YSBuYW1lPSJhbmNob3I2MSI+PC9hPjxiciAvPjxociAv
Pgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIi
IGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBo
cmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9
InJmYy5zZWN0aW9uLjExLjQuMSI+PC9hPjxoMz4xMS40LjEuJm5ic3A7ClJlZ2lzdHJhdGlvbiBU
ZW1wbGF0ZTwvaDM+Cgo8cD4KICAgICAgICAgICAgPC9wPgo8YmxvY2txdW90ZSBjbGFzcz0idGV4
dCI+PGRsPgo8ZHQ+RXJyb3IgbmFtZTo8L2R0Pgo8ZGQ+CiAgICAgICAgICAgICAgICAKICAgICAg
ICAgICAgICAgIFRoZSBuYW1lIHJlcXVlc3RlZCAoZS5nLiwgImV4YW1wbGUiKS4KICAgICAgICAg
ICAgICAKPC9kZD4KPGR0PkVycm9yIHVzYWdlIGxvY2F0aW9uOjwvZHQ+CjxkZD4KICAgICAgICAg
ICAgICAgIAogICAgICAgICAgICAgICAgVGhlIGxvY2F0aW9uKHMpIHdoZXJlIHRoZSBlcnJvciBj
YW4gYmUgdXNlZC4gVGhlIHBvc3NpYmxlIGxvY2F0aW9ucyBhcmU6CiAgICAgICAgICAgICAgICBh
dXRob3JpemF0aW9uIGNvZGUgZ3JhbnQgZXJyb3IgcmVzcG9uc2UgKDxhIGNsYXNzPSdpbmZvJyBo
cmVmPScjY29kZS1hdXRoei1lcnJvcic+U2VjdGlvbiZuYnNwOzQuMS4yLjE8c3Bhbj4gKDwvc3Bh
bj48c3BhbiBjbGFzcz0naW5mbyc+RXJyb3IgUmVzcG9uc2U8L3NwYW4+PHNwYW4+KTwvc3Bhbj48
L2E+KSwKICAgICAgICAgICAgICAgIGltcGxpY2l0IGdyYW50IGVycm9yIHJlc3BvbnNlICg8YSBj
bGFzcz0naW5mbycgaHJlZj0nI2ltcGxpY2l0LWF1dGh6LWVycm9yJz5TZWN0aW9uJm5ic3A7NC4y
LjIuMTxzcGFuPiAoPC9zcGFuPjxzcGFuIGNsYXNzPSdpbmZvJz5FcnJvciBSZXNwb25zZTwvc3Bh
bj48c3Bhbj4pPC9zcGFuPjwvYT4pLAoJCXRva2VuIGVycm9yIHJlc3BvbnNlICg8YSBjbGFzcz0n
aW5mbycgaHJlZj0nI3Rva2VuLWVycm9ycyc+U2VjdGlvbiZuYnNwOzUuMjxzcGFuPiAoPC9zcGFu
PjxzcGFuIGNsYXNzPSdpbmZvJz5FcnJvciBSZXNwb25zZTwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwv
YT4pLCBvcgoJCXJlc291cmNlIGFjY2VzcyBlcnJvciByZXNwb25zZSAoPGEgY2xhc3M9J2luZm8n
IGhyZWY9JyNyZXNvdXJjZS1lcnJvcnMnPlNlY3Rpb24mbmJzcDs3LjI8c3Bhbj4gKDwvc3Bhbj48
c3BhbiBjbGFzcz0naW5mbyc+RXJyb3IgUmVzcG9uc2U8L3NwYW4+PHNwYW4+KTwvc3Bhbj48L2E+
KS4KICAgICAgICAgICAgICAKPC9kZD4KPGR0PlJlbGF0ZWQgcHJvdG9jb2wgZXh0ZW5zaW9uOjwv
ZHQ+CjxkZD4KICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgVGhlIG5hbWUgb2YgdGhl
IGV4dGVuc2lvbiBncmFudCB0eXBlLCBhY2Nlc3MgdG9rZW4gdHlwZSwgb3IgZXh0ZW5zaW9uIHBh
cmFtZXRlciwKICAgICAgICAgICAgICAgIHRoZSBlcnJvciBjb2RlIGlzIHVzZWQgaW4gY29uanVu
Y3Rpb24gd2l0aC4KICAgICAgICAgICAgICAKPC9kZD4KPGR0PkNoYW5nZSBjb250cm9sbGVyOjwv
ZHQ+CjxkZD4KICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgRm9yIHN0YW5kYXJkcy10
cmFjayBSRkNzLCBzdGF0ZSAiSUVURiIuIEZvciBvdGhlcnMsIGdpdmUgdGhlIG5hbWUgb2YgdGhl
CiAgICAgICAgICAgICAgICByZXNwb25zaWJsZSBwYXJ0eS4gT3RoZXIgZGV0YWlscyAoZS5nLiwg
cG9zdGFsIGFkZHJlc3MsIGUtbWFpbCBhZGRyZXNzLCBob21lIHBhZ2UKICAgICAgICAgICAgICAg
IFVSSSkgbWF5IGFsc28gYmUgaW5jbHVkZWQuCiAgICAgICAgICAgICAgCjwvZGQ+CjxkdD5TcGVj
aWZpY2F0aW9uIGRvY3VtZW50KHMpOjwvZHQ+CjxkZD4KICAgICAgICAgICAgICAgIAogICAgICAg
ICAgICAgICAgUmVmZXJlbmNlIHRvIHRoZSBkb2N1bWVudCB0aGF0IHNwZWNpZmllcyB0aGUgZXJy
b3IgY29kZSwgcHJlZmVyYWJseSBpbmNsdWRpbmcgYSBVUkkKICAgICAgICAgICAgICAgIHRoYXQg
Y2FuIGJlIHVzZWQgdG8gcmV0cmlldmUgYSBjb3B5IG9mIHRoZSBkb2N1bWVudC4gQW4gaW5kaWNh
dGlvbiBvZiB0aGUgcmVsZXZhbnQKICAgICAgICAgICAgICAgIHNlY3Rpb25zIG1heSBhbHNvIGJl
IGluY2x1ZGVkLCBidXQgaXMgbm90IHJlcXVpcmVkLgogICAgICAgICAgICAgIAo8L2RkPgo8L2Rs
PjwvYmxvY2txdW90ZT48cD4KICAgICAgICAgIAo8L3A+CjxhIG5hbWU9InJmYy5yZWZlcmVuY2Vz
Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIw
IiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNs
YXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+
PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uMTIiPjwvYT48aDM+MTIuJm5ic3A7ClJlZmVy
ZW5jZXM8L2gzPgoKPGEgbmFtZT0icmZjLnJlZmVyZW5jZXMxIj48L2E+PGJyIC8+PGhyIC8+Cjx0
YWJsZSBzdW1tYXJ5PSJsYXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xh
c3M9IlRPQ2J1ZyIgYWxpZ249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9
IiN0b2MiPiZuYnNwO1RPQyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGgzPjEyLjEuJm5i
c3A7Tm9ybWF0aXZlIFJlZmVyZW5jZXM8L2gzPgo8dGFibGUgd2lkdGg9Ijk5JSIgYm9yZGVyPSIw
Ij4KPHRyPjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiIHZhbGlnbj0idG9wIj48YSBuYW1lPSJSRkMy
MTE5Ij5bUkZDMjExOV08L2E+PC90ZD4KPHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+PGEgaHJlZj0i
bWFpbHRvOnNvYkBoYXJ2YXJkLmVkdSI+QnJhZG5lciwgUy48L2E+LCAmbGRxdW87PGEgaHJlZj0i
aHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvcmZjMjExOSI+S2V5IHdvcmRzIGZvciB1c2UgaW4g
UkZDcyB0byBJbmRpY2F0ZSBSZXF1aXJlbWVudCBMZXZlbHM8L2E+LCZyZHF1bzsgQkNQJm5ic3A7
MTQsIFJGQyZuYnNwOzIxMTksIE1hcmNoJm5ic3A7MTk5NyAoPGEgaHJlZj0iaHR0cDovL3d3dy5y
ZmMtZWRpdG9yLm9yZy9yZmMvcmZjMjExOS50eHQiPlRYVDwvYT4sIDxhIGhyZWY9Imh0dHA6Ly94
bWwucmVzb3VyY2Uub3JnL3B1YmxpYy9yZmMvaHRtbC9yZmMyMTE5Lmh0bWwiPkhUTUw8L2E+LCA8
YSBocmVmPSJodHRwOi8veG1sLnJlc291cmNlLm9yZy9wdWJsaWMvcmZjL3htbC9yZmMyMTE5Lnht
bCI+WE1MPC9hPikuPC90ZD48L3RyPgo8dHI+PHRkIGNsYXNzPSJhdXRob3ItdGV4dCIgdmFsaWdu
PSJ0b3AiPjxhIG5hbWU9IlJGQzIyNDYiPltSRkMyMjQ2XTwvYT48L3RkPgo8dGQgY2xhc3M9ImF1
dGhvci10ZXh0Ij48YSBocmVmPSJtYWlsdG86dGRpZXJrc0BjZXJ0aWNvbS5jb20iPkRpZXJrcywg
VC48L2E+IGFuZCA8YSBocmVmPSJtYWlsdG86Y2FsbGVuQGNlcnRpY29tLmNvbSI+Qy4gQWxsZW48
L2E+LCAmbGRxdW87PGEgaHJlZj0iaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvcmZjMjI0NiI+
VGhlIFRMUyBQcm90b2NvbCBWZXJzaW9uIDEuMDwvYT4sJnJkcXVvOyBSRkMmbmJzcDsyMjQ2LCBK
YW51YXJ5Jm5ic3A7MTk5OSAoPGEgaHJlZj0iaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9yZy9yZmMv
cmZjMjI0Ni50eHQiPlRYVDwvYT4pLjwvdGQ+PC90cj4KPHRyPjx0ZCBjbGFzcz0iYXV0aG9yLXRl
eHQiIHZhbGlnbj0idG9wIj48YSBuYW1lPSJSRkMyNjE2Ij5bUkZDMjYxNl08L2E+PC90ZD4KPHRk
IGNsYXNzPSJhdXRob3ItdGV4dCI+PGEgaHJlZj0ibWFpbHRvOmZpZWxkaW5nQGljcy51Y2kuZWR1
Ij5GaWVsZGluZywgUi48L2E+LCA8YSBocmVmPSJtYWlsdG86amdAdzMub3JnIj5HZXR0eXMsIEou
PC9hPiwgPGEgaHJlZj0ibWFpbHRvOm1vZ3VsQHdybC5kZWMuY29tIj5Nb2d1bCwgSi48L2E+LCA8
YSBocmVmPSJtYWlsdG86ZnJ5c3R5a0B3My5vcmciPkZyeXN0eWssIEguPC9hPiwgPGEgaHJlZj0i
bWFpbHRvOm1hc2ludGVyQHBhcmMueGVyb3guY29tIj5NYXNpbnRlciwgTC48L2E+LCA8YSBocmVm
PSJtYWlsdG86cGF1bGxlQG1pY3Jvc29mdC5jb20iPkxlYWNoLCBQLjwvYT4sIGFuZCA8YSBocmVm
PSJtYWlsdG86dGltYmxAdzMub3JnIj5ULiBCZXJuZXJzLUxlZTwvYT4sICZsZHF1bzs8YSBocmVm
PSJodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9yZmMyNjE2Ij5IeXBlcnRleHQgVHJhbnNmZXIg
UHJvdG9jb2wgLS0gSFRUUC8xLjE8L2E+LCZyZHF1bzsgUkZDJm5ic3A7MjYxNiwgSnVuZSZuYnNw
OzE5OTkgKDxhIGhyZWY9Imh0dHA6Ly93d3cucmZjLWVkaXRvci5vcmcvcmZjL3JmYzI2MTYudHh0
Ij5UWFQ8L2E+LCA8YSBocmVmPSJodHRwOi8vd3d3LnJmYy1lZGl0b3Iub3JnL3JmYy9yZmMyNjE2
LnBzIj5QUzwvYT4sIDxhIGhyZWY9Imh0dHA6Ly93d3cucmZjLWVkaXRvci5vcmcvcmZjL3JmYzI2
MTYucGRmIj5QREY8L2E+LCA8YSBocmVmPSJodHRwOi8veG1sLnJlc291cmNlLm9yZy9wdWJsaWMv
cmZjL2h0bWwvcmZjMjYxNi5odG1sIj5IVE1MPC9hPiwgPGEgaHJlZj0iaHR0cDovL3htbC5yZXNv
dXJjZS5vcmcvcHVibGljL3JmYy94bWwvcmZjMjYxNi54bWwiPlhNTDwvYT4pLjwvdGQ+PC90cj4K
PHRyPjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiIHZhbGlnbj0idG9wIj48YSBuYW1lPSJSRkMyNjE3
Ij5bUkZDMjYxN108L2E+PC90ZD4KPHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+PGEgaHJlZj0ibWFp
bHRvOmpvaG5AbWF0aC5ud3UuZWR1Ij5GcmFua3MsIEouPC9hPiwgPGEgaHJlZj0ibWFpbHRvOnBi
YWtlckB2ZXJpc2lnbi5jb20iPkhhbGxhbS1CYWtlciwgUC48L2E+LCA8YSBocmVmPSJtYWlsdG86
amVmZkBBYmlTb3VyY2UuY29tIj5Ib3N0ZXRsZXIsIEouPC9hPiwgPGEgaHJlZj0ibWFpbHRvOmxh
d3JlbmNlQGFncmFuYXQuY29tIj5MYXdyZW5jZSwgUy48L2E+LCA8YSBocmVmPSJtYWlsdG86cGF1
bGxlQG1pY3Jvc29mdC5jb20iPkxlYWNoLCBQLjwvYT4sIEx1b3RvbmVuLCBBLiwgYW5kIDxhIGhy
ZWY9Im1haWx0bzpzdGV3YXJ0QE9wZW5NYXJrZXQuY29tIj5MLiBTdGV3YXJ0PC9hPiwgJmxkcXVv
OzxhIGhyZWY9Imh0dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL3JmYzI2MTciPkhUVFAgQXV0aGVu
dGljYXRpb246IEJhc2ljIGFuZCBEaWdlc3QgQWNjZXNzIEF1dGhlbnRpY2F0aW9uPC9hPiwmcmRx
dW87IFJGQyZuYnNwOzI2MTcsIEp1bmUmbmJzcDsxOTk5ICg8YSBocmVmPSJodHRwOi8vd3d3LnJm
Yy1lZGl0b3Iub3JnL3JmYy9yZmMyNjE3LnR4dCI+VFhUPC9hPiwgPGEgaHJlZj0iaHR0cDovL3ht
bC5yZXNvdXJjZS5vcmcvcHVibGljL3JmYy9odG1sL3JmYzI2MTcuaHRtbCI+SFRNTDwvYT4sIDxh
IGhyZWY9Imh0dHA6Ly94bWwucmVzb3VyY2Uub3JnL3B1YmxpYy9yZmMveG1sL3JmYzI2MTcueG1s
Ij5YTUw8L2E+KS48L3RkPjwvdHI+Cjx0cj48dGQgY2xhc3M9ImF1dGhvci10ZXh0IiB2YWxpZ249
InRvcCI+PGEgbmFtZT0iUkZDMjgxOCI+W1JGQzI4MThdPC9hPjwvdGQ+Cjx0ZCBjbGFzcz0iYXV0
aG9yLXRleHQiPlJlc2NvcmxhLCBFLiwgJmxkcXVvOzxhIGhyZWY9Imh0dHA6Ly90b29scy5pZXRm
Lm9yZy9odG1sL3JmYzI4MTgiPkhUVFAgT3ZlciBUTFM8L2E+LCZyZHF1bzsgUkZDJm5ic3A7Mjgx
OCwgTWF5Jm5ic3A7MjAwMCAoPGEgaHJlZj0iaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9yZy9yZmMv
cmZjMjgxOC50eHQiPlRYVDwvYT4pLjwvdGQ+PC90cj4KPHRyPjx0ZCBjbGFzcz0iYXV0aG9yLXRl
eHQiIHZhbGlnbj0idG9wIj48YSBuYW1lPSJSRkMzOTg2Ij5bUkZDMzk4Nl08L2E+PC90ZD4KPHRk
IGNsYXNzPSJhdXRob3ItdGV4dCI+PGEgaHJlZj0ibWFpbHRvOnRpbWJsQHczLm9yZyI+QmVybmVy
cy1MZWUsIFQuPC9hPiwgPGEgaHJlZj0ibWFpbHRvOmZpZWxkaW5nQGdiaXYuY29tIj5GaWVsZGlu
ZywgUi48L2E+LCBhbmQgPGEgaHJlZj0ibWFpbHRvOkxNTUBhY20ub3JnIj5MLiBNYXNpbnRlcjwv
YT4sICZsZHF1bzs8YSBocmVmPSJodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9yZmMzOTg2Ij5V
bmlmb3JtIFJlc291cmNlIElkZW50aWZpZXIgKFVSSSk6IEdlbmVyaWMgU3ludGF4PC9hPiwmcmRx
dW87IFNURCZuYnNwOzY2LCBSRkMmbmJzcDszOTg2LCBKYW51YXJ5Jm5ic3A7MjAwNSAoPGEgaHJl
Zj0iaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9yZy9yZmMvcmZjMzk4Ni50eHQiPlRYVDwvYT4sIDxh
IGhyZWY9Imh0dHA6Ly94bWwucmVzb3VyY2Uub3JnL3B1YmxpYy9yZmMvaHRtbC9yZmMzOTg2Lmh0
bWwiPkhUTUw8L2E+LCA8YSBocmVmPSJodHRwOi8veG1sLnJlc291cmNlLm9yZy9wdWJsaWMvcmZj
L3htbC9yZmMzOTg2LnhtbCI+WE1MPC9hPikuPC90ZD48L3RyPgo8dHI+PHRkIGNsYXNzPSJhdXRo
b3ItdGV4dCIgdmFsaWduPSJ0b3AiPjxhIG5hbWU9IlJGQzQ2MjciPltSRkM0NjI3XTwvYT48L3Rk
Pgo8dGQgY2xhc3M9ImF1dGhvci10ZXh0Ij5Dcm9ja2ZvcmQsIEQuLCAmbGRxdW87PGEgaHJlZj0i
aHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvcmZjNDYyNyI+VGhlIGFwcGxpY2F0aW9uL2pzb24g
TWVkaWEgVHlwZSBmb3IgSmF2YVNjcmlwdCBPYmplY3QgTm90YXRpb24gKEpTT04pPC9hPiwmcmRx
dW87IFJGQyZuYnNwOzQ2MjcsIEp1bHkmbmJzcDsyMDA2ICg8YSBocmVmPSJodHRwOi8vd3d3LnJm
Yy1lZGl0b3Iub3JnL3JmYy9yZmM0NjI3LnR4dCI+VFhUPC9hPikuPC90ZD48L3RyPgo8dHI+PHRk
IGNsYXNzPSJhdXRob3ItdGV4dCIgdmFsaWduPSJ0b3AiPjxhIG5hbWU9IlJGQzQ5NDkiPltSRkM0
OTQ5XTwvYT48L3RkPgo8dGQgY2xhc3M9ImF1dGhvci10ZXh0Ij5TaGlyZXksIFIuLCAmbGRxdW87
PGEgaHJlZj0iaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvcmZjNDk0OSI+SW50ZXJuZXQgU2Vj
dXJpdHkgR2xvc3NhcnksIFZlcnNpb24gMjwvYT4sJnJkcXVvOyBSRkMmbmJzcDs0OTQ5LCBBdWd1
c3QmbmJzcDsyMDA3ICg8YSBocmVmPSJodHRwOi8vd3d3LnJmYy1lZGl0b3Iub3JnL3JmYy9yZmM0
OTQ5LnR4dCI+VFhUPC9hPikuPC90ZD48L3RyPgo8dHI+PHRkIGNsYXNzPSJhdXRob3ItdGV4dCIg
dmFsaWduPSJ0b3AiPjxhIG5hbWU9IlJGQzUyMjYiPltSRkM1MjI2XTwvYT48L3RkPgo8dGQgY2xh
c3M9ImF1dGhvci10ZXh0Ij5OYXJ0ZW4sIFQuIGFuZCBILiBBbHZlc3RyYW5kLCAmbGRxdW87PGEg
aHJlZj0iaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvcmZjNTIyNiI+R3VpZGVsaW5lcyBmb3Ig
V3JpdGluZyBhbiBJQU5BIENvbnNpZGVyYXRpb25zIFNlY3Rpb24gaW4gUkZDczwvYT4sJnJkcXVv
OyBCQ1AmbmJzcDsyNiwgUkZDJm5ic3A7NTIyNiwgTWF5Jm5ic3A7MjAwOCAoPGEgaHJlZj0iaHR0
cDovL3d3dy5yZmMtZWRpdG9yLm9yZy9yZmMvcmZjNTIyNi50eHQiPlRYVDwvYT4pLjwvdGQ+PC90
cj4KPHRyPjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiIHZhbGlnbj0idG9wIj48YSBuYW1lPSJSRkM1
MjM0Ij5bUkZDNTIzNF08L2E+PC90ZD4KPHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+Q3JvY2tlciwg
RC4gYW5kIFAuIE92ZXJlbGwsICZsZHF1bzs8YSBocmVmPSJodHRwOi8vdG9vbHMuaWV0Zi5vcmcv
aHRtbC9yZmM1MjM0Ij5BdWdtZW50ZWQgQk5GIGZvciBTeW50YXggU3BlY2lmaWNhdGlvbnM6IEFC
TkY8L2E+LCZyZHF1bzsgU1REJm5ic3A7NjgsIFJGQyZuYnNwOzUyMzQsIEphbnVhcnkmbmJzcDsy
MDA4ICg8YSBocmVmPSJodHRwOi8vd3d3LnJmYy1lZGl0b3Iub3JnL3JmYy9yZmM1MjM0LnR4dCI+
VFhUPC9hPikuPC90ZD48L3RyPgo8dHI+PHRkIGNsYXNzPSJhdXRob3ItdGV4dCIgdmFsaWduPSJ0
b3AiPjxhIG5hbWU9IlJGQzUyNDYiPltSRkM1MjQ2XTwvYT48L3RkPgo8dGQgY2xhc3M9ImF1dGhv
ci10ZXh0Ij5EaWVya3MsIFQuIGFuZCBFLiBSZXNjb3JsYSwgJmxkcXVvOzxhIGhyZWY9Imh0dHA6
Ly90b29scy5pZXRmLm9yZy9odG1sL3JmYzUyNDYiPlRoZSBUcmFuc3BvcnQgTGF5ZXIgU2VjdXJp
dHkgKFRMUykgUHJvdG9jb2wgVmVyc2lvbiAxLjI8L2E+LCZyZHF1bzsgUkZDJm5ic3A7NTI0Niwg
QXVndXN0Jm5ic3A7MjAwOCAoPGEgaHJlZj0iaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9yZy9yZmMv
cmZjNTI0Ni50eHQiPlRYVDwvYT4pLjwvdGQ+PC90cj4KPHRyPjx0ZCBjbGFzcz0iYXV0aG9yLXRl
eHQiIHZhbGlnbj0idG9wIj48YSBuYW1lPSJSRkM2MTI1Ij5bUkZDNjEyNV08L2E+PC90ZD4KPHRk
IGNsYXNzPSJhdXRob3ItdGV4dCI+U2FpbnQtQW5kcmUsIFAuIGFuZCBKLiBIb2RnZXMsICZsZHF1
bzs8YSBocmVmPSJodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9yZmM2MTI1Ij5SZXByZXNlbnRh
dGlvbiBhbmQgVmVyaWZpY2F0aW9uIG9mIERvbWFpbi1CYXNlZCBBcHBsaWNhdGlvbiBTZXJ2aWNl
IElkZW50aXR5IHdpdGhpbiBJbnRlcm5ldCBQdWJsaWMgS2V5IEluZnJhc3RydWN0dXJlIFVzaW5n
IFguNTA5IChQS0lYKSBDZXJ0aWZpY2F0ZXMgaW4gdGhlIENvbnRleHQgb2YgVHJhbnNwb3J0IExh
eWVyIFNlY3VyaXR5IChUTFMpPC9hPiwmcmRxdW87IFJGQyZuYnNwOzYxMjUsIE1hcmNoJm5ic3A7
MjAxMSAoPGEgaHJlZj0iaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9yZy9yZmMvcmZjNjEyNS50eHQi
PlRYVDwvYT4pLjwvdGQ+PC90cj4KPHRyPjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiIHZhbGlnbj0i
dG9wIj48YSBuYW1lPSJVU0FTQ0lJIj5bVVNBU0NJSV08L2E+PC90ZD4KPHRkIGNsYXNzPSJhdXRo
b3ItdGV4dCI+QW1lcmljYW4gTmF0aW9uYWwgU3RhbmRhcmRzIEluc3RpdHV0ZSwgJmxkcXVvO0Nv
ZGVkIENoYXJhY3RlciBTZXQgLS0gNy1iaXQgQW1lcmljYW4gU3RhbmRhcmQgQ29kZSBmb3IgSW5m
b3JtYXRpb24gSW50ZXJjaGFuZ2UsJnJkcXVvOyBBTlNJJm5ic3A7WDMuNCwgMTk4Ni48L3RkPjwv
dHI+Cjx0cj48dGQgY2xhc3M9ImF1dGhvci10ZXh0IiB2YWxpZ249InRvcCI+PGEgbmFtZT0iVzND
LlJFQy1odG1sNDAxLTE5OTkxMjI0Ij5bVzNDLlJFQy1odG1sNDAxLTE5OTkxMjI0XTwvYT48L3Rk
Pgo8dGQgY2xhc3M9ImF1dGhvci10ZXh0Ij5Ib3JzLCBBLiwgUmFnZ2V0dCwgRC4sIGFuZCBJLiBK
YWNvYnMsICZsZHF1bzs8YSBocmVmPSJodHRwOi8vd3d3LnczLm9yZy9UUi8xOTk5L1JFQy1odG1s
NDAxLTE5OTkxMjI0Ij5IVE1MIDQuMDEgU3BlY2lmaWNhdGlvbjwvYT4sJnJkcXVvOyBXb3JsZCBX
aWRlIFdlYiBDb25zb3J0aXVtIFJlY29tbWVuZGF0aW9uJm5ic3A7UkVDLWh0bWw0MDEtMTk5OTEy
MjQsIERlY2VtYmVyJm5ic3A7MTk5OSAoPGEgaHJlZj0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5
OS9SRUMtaHRtbDQwMS0xOTk5MTIyNCI+SFRNTDwvYT4pLjwvdGQ+PC90cj4KPC90YWJsZT4KCjxh
IG5hbWU9InJmYy5yZWZlcmVuY2VzMiI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0i
bGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFs
aWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtU
T0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxoMz4xMi4yLiZuYnNwO0luZm9ybWF0aXZl
IFJlZmVyZW5jZXM8L2gzPgo8dGFibGUgd2lkdGg9Ijk5JSIgYm9yZGVyPSIwIj4KPHRyPjx0ZCBj
bGFzcz0iYXV0aG9yLXRleHQiIHZhbGlnbj0idG9wIj48YSBuYW1lPSJJLUQuZHJhZnQtaGFyZHQt
b2F1dGgtMDEiPltJLUQuZHJhZnQtaGFyZHQtb2F1dGgtMDFdPC9hPjwvdGQ+Cjx0ZCBjbGFzcz0i
YXV0aG9yLXRleHQiPkhhcmR0LCBELiwgRWQuLCBUb20sIEEuLCBFYXRvbiwgQi4sIGFuZCBZLiBH
b2xhbmQsICZsZHF1bzs8YSBocmVmPSJodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1o
YXJkdC1vYXV0aC0wMSI+T0F1dGggV2ViIFJlc291cmNlIEF1dGhvcml6YXRpb24gUHJvZmlsZXM8
L2E+LCZyZHF1bzsgSmFudWFyeSZuYnNwOzIwMTAuPC90ZD48L3RyPgo8dHI+PHRkIGNsYXNzPSJh
dXRob3ItdGV4dCIgdmFsaWduPSJ0b3AiPjxhIG5hbWU9IkktRC5pZXRmLW9hdXRoLXNhbWwyLWJl
YXJlciI+W0ktRC5pZXRmLW9hdXRoLXNhbWwyLWJlYXJlcl08L2E+PC90ZD4KPHRkIGNsYXNzPSJh
dXRob3ItdGV4dCI+TW9ydGltb3JlLCBDLiwgJmxkcXVvOzxhIGhyZWY9Imh0dHA6Ly90b29scy5p
ZXRmLm9yZy9odG1sL2RyYWZ0LWlldGYtb2F1dGgtc2FtbDItYmVhcmVyLTEyIj5TQU1MIDIuMCBC
ZWFyZXIgQXNzZXJ0aW9uIFByb2ZpbGVzIGZvciBPQXV0aCAyLjA8L2E+LCZyZHF1bzsgZHJhZnQt
aWV0Zi1vYXV0aC1zYW1sMi1iZWFyZXItMTIgKHdvcmsgaW4gcHJvZ3Jlc3MpLCBNYXkmbmJzcDsy
MDEyICg8YSBocmVmPSJodHRwOi8vd3d3LmlldGYub3JnL2ludGVybmV0LWRyYWZ0cy9kcmFmdC1p
ZXRmLW9hdXRoLXNhbWwyLWJlYXJlci0xMi50eHQiPlRYVDwvYT4pLjwvdGQ+PC90cj4KPHRyPjx0
ZCBjbGFzcz0iYXV0aG9yLXRleHQiIHZhbGlnbj0idG9wIj48YSBuYW1lPSJJLUQuaWV0Zi1vYXV0
aC12Mi1iZWFyZXIiPltJLUQuaWV0Zi1vYXV0aC12Mi1iZWFyZXJdPC9hPjwvdGQ+Cjx0ZCBjbGFz
cz0iYXV0aG9yLXRleHQiPkpvbmVzLCBNLiwgSGFyZHQsIEQuLCBhbmQgRC4gUmVjb3Jkb24sICZs
ZHF1bzs8YSBocmVmPSJodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLW9hdXRo
LXYyLWJlYXJlci0xOSI+VGhlIE9BdXRoIDIuMCBBdXRob3JpemF0aW9uIFByb3RvY29sOiBCZWFy
ZXIgVG9rZW5zPC9hPiwmcmRxdW87IGRyYWZ0LWlldGYtb2F1dGgtdjItYmVhcmVyLTE5ICh3b3Jr
IGluIHByb2dyZXNzKSwgQXByaWwmbmJzcDsyMDEyICg8YSBocmVmPSJodHRwOi8vd3d3LmlldGYu
b3JnL2ludGVybmV0LWRyYWZ0cy9kcmFmdC1pZXRmLW9hdXRoLXYyLWJlYXJlci0xOS50eHQiPlRY
VDwvYT4sIDxhIGhyZWY9Imh0dHA6Ly93d3cuaWV0Zi5vcmcvaW50ZXJuZXQtZHJhZnRzL2RyYWZ0
LWlldGYtb2F1dGgtdjItYmVhcmVyLTE5LnBkZiI+UERGPC9hPikuPC90ZD48L3RyPgo8dHI+PHRk
IGNsYXNzPSJhdXRob3ItdGV4dCIgdmFsaWduPSJ0b3AiPjxhIG5hbWU9IkktRC5pZXRmLW9hdXRo
LXYyLWh0dHAtbWFjIj5bSS1ELmlldGYtb2F1dGgtdjItaHR0cC1tYWNdPC9hPjwvdGQ+Cjx0ZCBj
bGFzcz0iYXV0aG9yLXRleHQiPkhhbW1lci1MYWhhdiwgRS4sICZsZHF1bzs8YSBocmVmPSJodHRw
Oi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLW9hdXRoLXYyLWh0dHAtbWFjLTAxIj5I
VFRQIEF1dGhlbnRpY2F0aW9uOiBNQUMgQWNjZXNzIEF1dGhlbnRpY2F0aW9uPC9hPiwmcmRxdW87
IGRyYWZ0LWlldGYtb2F1dGgtdjItaHR0cC1tYWMtMDEgKHdvcmsgaW4gcHJvZ3Jlc3MpLCBGZWJy
dWFyeSZuYnNwOzIwMTIgKDxhIGhyZWY9Imh0dHA6Ly93d3cuaWV0Zi5vcmcvaW50ZXJuZXQtZHJh
ZnRzL2RyYWZ0LWlldGYtb2F1dGgtdjItaHR0cC1tYWMtMDEudHh0Ij5UWFQ8L2E+LCA8YSBocmVm
PSJodHRwOi8vd3d3LmlldGYub3JnL2ludGVybmV0LWRyYWZ0cy9kcmFmdC1pZXRmLW9hdXRoLXYy
LWh0dHAtbWFjLTAxLnBkZiI+UERGPC9hPikuPC90ZD48L3RyPgo8dHI+PHRkIGNsYXNzPSJhdXRo
b3ItdGV4dCIgdmFsaWduPSJ0b3AiPjxhIG5hbWU9IkktRC5pZXRmLW9hdXRoLXYyLXRocmVhdG1v
ZGVsIj5bSS1ELmlldGYtb2F1dGgtdjItdGhyZWF0bW9kZWxdPC9hPjwvdGQ+Cjx0ZCBjbGFzcz0i
YXV0aG9yLXRleHQiPk1jR2xvaW4sIE0uLCBIdW50LCBQLiwgYW5kIFQuIExvZGRlcnN0ZWR0LCAm
bGRxdW87PGEgaHJlZj0iaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1vYXV0
aC12Mi10aHJlYXRtb2RlbC0wMiI+T0F1dGggMi4wIFRocmVhdCBNb2RlbCBhbmQgU2VjdXJpdHkg
Q29uc2lkZXJhdGlvbnM8L2E+LCZyZHF1bzsgZHJhZnQtaWV0Zi1vYXV0aC12Mi10aHJlYXRtb2Rl
bC0wMiAod29yayBpbiBwcm9ncmVzcyksIEZlYnJ1YXJ5Jm5ic3A7MjAxMiAoPGEgaHJlZj0iaHR0
cDovL3d3dy5pZXRmLm9yZy9pbnRlcm5ldC1kcmFmdHMvZHJhZnQtaWV0Zi1vYXV0aC12Mi10aHJl
YXRtb2RlbC0wMi50eHQiPlRYVDwvYT4pLjwvdGQ+PC90cj4KPHRyPjx0ZCBjbGFzcz0iYXV0aG9y
LXRleHQiIHZhbGlnbj0idG9wIj48YSBuYW1lPSJPQVNJUy5zYW1sLWNvcmUtMi4wLW9zIj5bT0FT
SVMuc2FtbC1jb3JlLTIuMC1vc108L2E+PC90ZD4KPHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+PGEg
aHJlZj0ibWFpbHRvOmNhbnRvci4yQG9zdS5lZHUiPkNhbnRvciwgUy48L2E+LCA8YSBocmVmPSJt
YWlsdG86Sm9obi5LZW1wQG5va2lhLmNvbSI+S2VtcCwgSi48L2E+LCA8YSBocmVmPSJtYWlsdG86
cnBoaWxwb3R0QHJzYXNlY3VyaXR5LmNvbSI+UGhpbHBvdHQsIFIuPC9hPiwgYW5kIDxhIGhyZWY9
Im1haWx0bzpldmUubWFsZXJAc3VuLmNvbSI+RS4gTWFsZXI8L2E+LCAmbGRxdW87PGEgaHJlZj0i
aHR0cDovL2RvY3Mub2FzaXMtb3Blbi5vcmcvc2VjdXJpdHkvc2FtbC92Mi4wL3NhbWwtY29yZS0y
LjAtb3MucGRmIj5Bc3NlcnRpb25zIGFuZCBQcm90b2NvbCBmb3IgdGhlIE9BU0lTIFNlY3VyaXR5
IEFzc2VydGlvbiBNYXJrdXAgTGFuZ3VhZ2UKICAgICAgICAgICAgKFNBTUwpIFYyLjA8L2E+LCZy
ZHF1bzsgT0FTSVMgU3RhbmRhcmQmbmJzcDtzYW1sLWNvcmUtMi4wLW9zLCBNYXJjaCZuYnNwOzIw
MDUuPC90ZD48L3RyPgo8dHI+PHRkIGNsYXNzPSJhdXRob3ItdGV4dCIgdmFsaWduPSJ0b3AiPjxh
IG5hbWU9IlJGQzU4NDkiPltSRkM1ODQ5XTwvYT48L3RkPgo8dGQgY2xhc3M9ImF1dGhvci10ZXh0
Ij5IYW1tZXItTGFoYXYsIEUuLCAmbGRxdW87PGEgaHJlZj0iaHR0cDovL3Rvb2xzLmlldGYub3Jn
L2h0bWwvcmZjNTg0OSI+VGhlIE9BdXRoIDEuMCBQcm90b2NvbDwvYT4sJnJkcXVvOyBSRkMmbmJz
cDs1ODQ5LCBBcHJpbCZuYnNwOzIwMTAgKDxhIGhyZWY9Imh0dHA6Ly93d3cucmZjLWVkaXRvci5v
cmcvcmZjL3JmYzU4NDkudHh0Ij5UWFQ8L2E+KS48L3RkPjwvdHI+CjwvdGFibGU+Cgo8YSBuYW1l
PSJhbmNob3I2NCI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFyeT0ibGF5b3V0IiBjZWxs
cGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWciIGFsaWduPSJyaWdodCI+
PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJzcDtUT0MmbmJzcDs8L2E+
PC90ZD48L3RyPjwvdGFibGU+CjxhIG5hbWU9InJmYy5zZWN0aW9uLkEiPjwvYT48aDM+QXBwZW5k
aXggQS4mbmJzcDsKQWNrbm93bGVkZ2VtZW50czwvaDM+Cgo8cD4KICAgICAgICBUaGUgaW5pdGlh
bCBPQXV0aCAyLjAgcHJvdG9jb2wgc3BlY2lmaWNhdGlvbiB3YXMgZWRpdGVkIGJ5IERhdmlkIFJl
Y29yZG9uLCBiYXNlZCBvbiB0d28KICAgICAgICBwcmV2aW91cyBwdWJsaWNhdGlvbnM6IHRoZSBP
QXV0aCAxLjAgY29tbXVuaXR5IHNwZWNpZmljYXRpb24gPGEgY2xhc3M9J2luZm8nIGhyZWY9JyNS
RkM1ODQ5Jz5bUkZDNTg0OV08c3Bhbj4gKDwvc3Bhbj48c3BhbiBjbGFzcz0naW5mbyc+SGFtbWVy
LUxhaGF2LCBFLiwgJmxkcXVvO1RoZSBPQXV0aCAxLjAgUHJvdG9jb2wsJnJkcXVvOyBBcHJpbCZu
YnNwOzIwMTAuPC9zcGFuPjxzcGFuPik8L3NwYW4+PC9hPiwgYW5kCiAgICAgICAgT0F1dGggV1JB
UCAoT0F1dGggV2ViIFJlc291cmNlIEF1dGhvcml6YXRpb24gUHJvZmlsZXMpCiAgICAgICAgPGEg
Y2xhc3M9J2luZm8nIGhyZWY9JyNJLUQuZHJhZnQtaGFyZHQtb2F1dGgtMDEnPltJJiM4MjA5O0Qu
ZHJhZnQmIzgyMDk7aGFyZHQmIzgyMDk7b2F1dGgmIzgyMDk7MDFdPHNwYW4+ICg8L3NwYW4+PHNw
YW4gY2xhc3M9J2luZm8nPkhhcmR0LCBELiwgRWQuLCBUb20sIEEuLCBFYXRvbiwgQi4sIGFuZCBZ
LiBHb2xhbmQsICZsZHF1bztPQXV0aCBXZWIgUmVzb3VyY2UgQXV0aG9yaXphdGlvbiBQcm9maWxl
cywmcmRxdW87IEphbnVhcnkmbmJzcDsyMDEwLjwvc3Bhbj48c3Bhbj4pPC9zcGFuPjwvYT4uIFRo
ZSBTZWN1cml0eSBDb25zaWRlcmF0aW9ucyBzZWN0aW9uIHdhcyBkcmFmdGVkCiAgICAgICAgYnkg
VG9yc3RlbiBMb2RkZXJzdGVkdCwgTWFyayBNY0dsb2luLCBQaGlsIEh1bnQsIGFuZCBBbnRob255
IE5hZGFsaW4uCiAgICAgIAo8L3A+CjxwPgogICAgICAgIFRoZSBPQXV0aCAxLjAgY29tbXVuaXR5
IHNwZWNpZmljYXRpb24gd2FzIGVkaXRlZCBieSBFcmFuIEhhbW1lciBhbmQgYXV0aG9yZWQgYnkK
ICAgICAgICBNYXJrIEF0d29vZCwgRGlyayBCYWxmYW56LCBEYXJyZW4gQm91bmRzLCBSaWNoYXJk
IE0uIENvbmxhbiwgQmxhaW5lIENvb2ssIExlYWggQ3VsdmVyLAogICAgICAgIEJyZW5vIGRlIE1l
ZGVpcm9zLCBCcmlhbiBFYXRvbiwgS2VsbGFuIEVsbGlvdHQtTWNDcmVhLCBMYXJyeSBIYWxmZiwg
RXJhbiBIYW1tZXIsCiAgICAgICAgQmVuIExhdXJpZSwgQ2hyaXMgTWVzc2luYSwgSm9obiBQYW56
ZXIsIFNhbSBRdWlnbGV5LCBEYXZpZCBSZWNvcmRvbiwgRXJhbiBTYW5kbGVyLAogICAgICAgIEpv
bmF0aGFuIFNlcmdlbnQsIFRvZGQgU2llbGluZywgQnJpYW4gU2xlc2luc2t5LCBhbmQgQW5keSBT
bWl0aC4KICAgICAgCjwvcD4KPHA+CiAgICAgICAgVGhlIE9BdXRoIFdSQVAgc3BlY2lmaWNhdGlv
biB3YXMgZWRpdGVkIGJ5IERpY2sgSGFyZHQgYW5kIGF1dGhvcmVkIGJ5IEJyaWFuIEVhdG9uLAog
ICAgICAgIFlhcm9uIFkuIEdvbGFuZCwgRGljayBIYXJkdCwgYW5kIEFsbGVuIFRvbS4KICAgICAg
CjwvcD4KPHA+CiAgICAgICAgVGhpcyBzcGVjaWZpY2F0aW9uIGlzIHRoZSB3b3JrIG9mIHRoZSBP
QXV0aCBXb3JraW5nIEdyb3VwIHdoaWNoIGluY2x1ZGVzIGRvemVucyBvZiBhY3RpdmUKICAgICAg
ICBhbmQgZGVkaWNhdGVkIHBhcnRpY2lwYW50cy4gSW4gcGFydGljdWxhciwgdGhlIGZvbGxvd2lu
ZyBpbmRpdmlkdWFscyBjb250cmlidXRlZCBpZGVhcywKICAgICAgICBmZWVkYmFjaywgYW5kIHdv
cmRpbmcgd2hpY2ggc2hhcGVkIGFuZCBmb3JtZWQgdGhlIGZpbmFsIHNwZWNpZmljYXRpb246CiAg
ICAgIAo8L3A+CjxwPgogICAgICAgIE1pY2hhZWwgQWRhbXMsIEFtYW5kYSBBbmdhbmVzLCBBbmRy
ZXcgQXJub3R0LCBEaXJrIEJhbGZhbnosIEFpZGVuIEJlbGwsIEJyaWFuIENhbXBiZWxsLAogICAg
ICAgIFNjb3R0IENhbnRvciwgTWFyY29zIENhY2VyZXMsIEJsYWluZSBDb29rLCBSb2dlciBDcmV3
LCBCcmlhbiBFYXRvbiwgV2VzbGV5IEVkZHksIExlYWggQ3VsdmVyLAogICAgICAgIEJpbGwgZGUg
aE9yYSwgQW5kcmUgRGVNYXJyZSwgQnJpYW4gRWF0b24sIFdvbHRlciBFbGRlcmluZywgQnJpYW4g
RWxsaW4sIElnb3IgRmF5bmJlcmcsCiAgICAgICAgR2VvcmdlIEZsZXRjaGVyLCBUaW0gRnJlZW1h
biwgTHVjYSBGcm9zaW5pLCBFdmFuIEdpbGJlcnQsIFlhcm9uIFkuIEdvbGFuZCwgQnJlbnQgR29s
ZG1hbiwKICAgICAgICBLcmlzdG9mZmVyIEdyb25vd3NraSwgSnVzdGluIEhhcnQsIERpY2sgSGFy
ZHQsIENyYWlnIEhlYXRoLCBQaGlsIEh1bnQsIE1pY2hhZWwgQi4gSm9uZXMsCiAgICAgICAgVGVy
cnkgSm9uZXMsIEpvaG4gS2VtcCwgTWFyayBLZW50LCBSYWZmaSBLcmlrb3JpYW4sIENoYXNlbiBM
ZSBIYXJhLCBSYXNtdXMgTGVyZG9yZiwKICAgICAgICBUb3JzdGVuIExvZGRlcnN0ZWR0LCBIdWkt
TGFuIEx1LCBDYXNleSBMdWNhcywgUGF1bCBNYWRzZW4sIEFsYXN0YWlyIE1haXIsIEV2ZSBNYWxl
ciwKICAgICAgICBKYW1lcyBNYW5nZXIsIE1hcmsgTWNHbG9pbiwgTGF1cmVuY2UgTWlhbywgV2ls
bGlhbSBNaWxscywgQ2h1Y2sgTW9ydGltb3JlLCBBbnRob255IE5hZGFsaW4sCiAgICAgICAgSnVs
aWFuIFJlc2Noa2UsIEp1c3RpbiBSaWNoZXIsIFBldGVyIFNhaW50LUFuZHJlLCBOYXQgU2FraW11
cmEsIFJvYiBTYXlyZSwKICAgICAgICBNYXJpdXMgU2N1cnRlc2N1LCBOYWl0aWsgU2hhaCwgTHVr
ZSBTaGVwYXJkLCBWbGFkIFNrdm9ydHNvdiwgSnVzdGluIFNtaXRoLCBIYWliaW4gU29uZywKICAg
ICAgICBOaXYgU3RlaW5nYXJ0ZW4sIENocmlzdGlhbiBTdHVibmVyLCBKZXJlbXkgU3VyaWVsLCBQ
YXVsIFRhcmphbiwgQ2hyaXN0b3BoZXIgVGhvbWFzLAogICAgICAgIEhlbnJ5IFMuIFRob21wc29u
LCBBbGxlbiBUb20sIEZyYW5rbGluIFRzZSwgTmljayBXYWxrZXIsIFNoYW5lIFdlZWRlbiwgYW5k
IFNreWxhciBXb29kd2FyZC4KICAgICAgCjwvcD4KPHA+CiAgICAgICAgVGhpcyBkb2N1bWVudCB3
YXMgcHJvZHVjZWQgdW5kZXIgdGhlIGNoYWlybWFuc2hpcCBvZiBCbGFpbmUgQ29vaywgUGV0ZXIg
U2FpbnQtQW5kcmUsCiAgICAgICAgSGFubmVzIFRzY2hvZmVuaWcsIEJhcnJ5IExlaWJhLCBhbmQg
RGVyZWsgQXRraW5zLiBUaGUgYXJlYSBkaXJlY3RvcnMgaW5jbHVkZWQgTGlzYSBEdXNzZWF1bHQs
CiAgICAgICAgUGV0ZXIgU2FpbnQtQW5kcmUsIGFuZCBTdGVwaGVuIEZhcnJlbGwuCiAgICAgIAo8
L3A+CjxhIG5hbWU9ImFuY2hvcjY1Ij48L2E+PGJyIC8+PGhyIC8+Cjx0YWJsZSBzdW1tYXJ5PSJs
YXlvdXQiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMiIgY2xhc3M9IlRPQ2J1ZyIgYWxp
Z249InJpZ2h0Ij48dHI+PHRkIGNsYXNzPSJUT0NidWciPjxhIGhyZWY9IiN0b2MiPiZuYnNwO1RP
QyZuYnNwOzwvYT48L3RkPjwvdHI+PC90YWJsZT4KPGEgbmFtZT0icmZjLnNlY3Rpb24uQiI+PC9h
PjxoMz5BcHBlbmRpeCBCLiZuYnNwOwpFZGl0b3IncyBOb3RlczwvaDM+Cgo8cD4KICAgICAgICBX
aGlsZSBtYW55IHBlb3BsZSBjb250cmlidXRlZCB0byB0aGlzIHNwZWNpZmljYXRpb24gdGhyb3Vn
aG91dCBpdHMgbG9uZyBqb3VybmV5LCB0aGUgZWRpdG9yCiAgICAgICAgd291bGQgbGlrZSB0byBh
Y2tub3dsZWRnZSBhbmQgdGhhbmsgYSBmZXcgaW5kaXZpZHVhbHMgZm9yIHRoZWlyIG91dHN0YW5k
aW5nIGFuZCBpbnZhbHVhYmxlCiAgICAgICAgZWZmb3J0cyBsZWFkaW5nIHVwIHRvIHRoZSBwdWJs
aWNhdGlvbiBvZiB0aGlzIHNwZWNpZmljYXRpb24uCiAgICAgIAo8L3A+CjxwPgogICAgICAgIERh
dmlkIFJlY29yZG9uIGZvciBjb250aW51b3VzbHkgYmVpbmcgb25lIG9mIE9BdXRoJ3MgbW9zdCB2
YWx1YWJsZSBhc3NldHMsIGJyaW5naW5nCiAgICAgICAgcHJhZ21hdGlzbSBhbmQgdXJnZW5jeSB0
byB0aGUgd29yaywgYW5kIGhlbHBpbmcgc2hhcGUgaXQgZnJvbSBpdHMgdmVyeSBiZWdpbm5pbmcs
IGFzIHdlbGwKICAgICAgICBhcyBiZWluZyBvbmUgb2YgdGhlIGJlc3QgY29sbGFib3JhdG9ycyBJ
IGhhZCB0aGUgcGxlYXN1cmUgb2Ygd29ya2luZyB3aXRoLgogICAgICAKPC9wPgo8cD4KICAgICAg
ICBKYW1lcyBNYW5nZXIgZm9yIGhpcyBjcmVhdGl2ZSBpZGVhcyBhbmQgYWx3YXlzIGluc2lnaHRm
dWwgZmVlZGJhY2suIEJyaWFuIENhbXBiZWxsLAogICAgICAgIFRvcnN0ZW4gTG9kZGVyc3RlZHQs
IENodWNrIE1vcnRpbW9yZSwgSnVzdGluIFJpY2hlciwgTWFyaXVzIFNjdXJ0ZXNjdSwgYW5kIEx1
a2UgU2hlcGFyZCBmb3IKICAgICAgICB0aGVpciBjb250aW51ZWQgcGFydGljaXBhdGlvbiBhbmQg
dmFsdWFibGUgZmVlZGJhY2suCiAgICAgIAo8L3A+CjxwPgogICAgICAgIFNwZWNpYWwgdGhhbmtz
IGdvZXMgdG8gTWlrZSBDdXJ0aXMgYW5kIFlhaG9vISBmb3IgdGhlaXIgdW5jb25kaXRpb25hbCBz
dXBwb3J0IG9mIHRoaXMgd29yawogICAgICAgIGZvciBvdmVyIHRocmVlIHllYXJzLgogICAgICAK
PC9wPgo8YSBuYW1lPSJyZmMuYXV0aG9ycyI+PC9hPjxiciAvPjxociAvPgo8dGFibGUgc3VtbWFy
eT0ibGF5b3V0IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjIiIGNsYXNzPSJUT0NidWci
IGFsaWduPSJyaWdodCI+PHRyPjx0ZCBjbGFzcz0iVE9DYnVnIj48YSBocmVmPSIjdG9jIj4mbmJz
cDtUT0MmbmJzcDs8L2E+PC90ZD48L3RyPjwvdGFibGU+CjxoMz5BdXRob3JzJyBBZGRyZXNzZXM8
L2gzPgo8dGFibGUgd2lkdGg9Ijk5JSIgYm9yZGVyPSIwIiBjZWxscGFkZGluZz0iMCIgY2VsbHNw
YWNpbmc9IjAiPgo8dHI+PHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+Jm5ic3A7PC90ZD4KPHRkIGNs
YXNzPSJhdXRob3ItdGV4dCI+RXJhbiBIYW1tZXIgKGVkaXRvcik8L3RkPjwvdHI+Cjx0cj48dGQg
Y2xhc3M9ImF1dGhvciIgYWxpZ249InJpZ2h0Ij5FbWFpbDombmJzcDs8L3RkPgo8dGQgY2xhc3M9
ImF1dGhvci10ZXh0Ij48YSBocmVmPSJtYWlsdG86ZXJhbkBodWVuaXZlcnNlLmNvbSI+ZXJhbkBo
dWVuaXZlcnNlLmNvbTwvYT48L3RkPjwvdHI+Cjx0cj48dGQgY2xhc3M9ImF1dGhvciIgYWxpZ249
InJpZ2h0Ij5VUkk6Jm5ic3A7PC90ZD4KPHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+PGEgaHJlZj0i
aHR0cDovL2h1ZW5pdmVyc2UuY29tIj5odHRwOi8vaHVlbml2ZXJzZS5jb208L2E+PC90ZD48L3Ry
Pgo8dHIgY2VsbHBhZGRpbmc9IjMiPjx0ZD4mbmJzcDs8L3RkPjx0ZD4mbmJzcDs8L3RkPjwvdHI+
Cjx0cj48dGQgY2xhc3M9ImF1dGhvci10ZXh0Ij4mbmJzcDs8L3RkPgo8dGQgY2xhc3M9ImF1dGhv
ci10ZXh0Ij5EYXZpZCBSZWNvcmRvbjwvdGQ+PC90cj4KPHRyPjx0ZCBjbGFzcz0iYXV0aG9yLXRl
eHQiPiZuYnNwOzwvdGQ+Cjx0ZCBjbGFzcz0iYXV0aG9yLXRleHQiPkZhY2Vib29rPC90ZD48L3Ry
Pgo8dHI+PHRkIGNsYXNzPSJhdXRob3IiIGFsaWduPSJyaWdodCI+RW1haWw6Jm5ic3A7PC90ZD4K
PHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+PGEgaHJlZj0ibWFpbHRvOmRyQGZiLmNvbSI+ZHJAZmIu
Y29tPC9hPjwvdGQ+PC90cj4KPHRyPjx0ZCBjbGFzcz0iYXV0aG9yIiBhbGlnbj0icmlnaHQiPlVS
STombmJzcDs8L3RkPgo8dGQgY2xhc3M9ImF1dGhvci10ZXh0Ij48YSBocmVmPSJodHRwOi8vd3d3
LmRhdmlkcmVjb3Jkb24uY29tLyI+aHR0cDovL3d3dy5kYXZpZHJlY29yZG9uLmNvbS88L2E+PC90
ZD48L3RyPgo8dHIgY2VsbHBhZGRpbmc9IjMiPjx0ZD4mbmJzcDs8L3RkPjx0ZD4mbmJzcDs8L3Rk
PjwvdHI+Cjx0cj48dGQgY2xhc3M9ImF1dGhvci10ZXh0Ij4mbmJzcDs8L3RkPgo8dGQgY2xhc3M9
ImF1dGhvci10ZXh0Ij5EaWNrIEhhcmR0PC90ZD48L3RyPgo8dHI+PHRkIGNsYXNzPSJhdXRob3It
dGV4dCI+Jm5ic3A7PC90ZD4KPHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+TWljcm9zb2Z0PC90ZD48
L3RyPgo8dHI+PHRkIGNsYXNzPSJhdXRob3IiIGFsaWduPSJyaWdodCI+RW1haWw6Jm5ic3A7PC90
ZD4KPHRkIGNsYXNzPSJhdXRob3ItdGV4dCI+PGEgaHJlZj0ibWFpbHRvOmRpY2suaGFyZHRAZ21h
aWwuY29tIj5kaWNrLmhhcmR0QGdtYWlsLmNvbTwvYT48L3RkPjwvdHI+Cjx0cj48dGQgY2xhc3M9
ImF1dGhvciIgYWxpZ249InJpZ2h0Ij5VUkk6Jm5ic3A7PC90ZD4KPHRkIGNsYXNzPSJhdXRob3It
dGV4dCI+PGEgaHJlZj0iaHR0cDovL2RpY2toYXJkdC5vcmcvIj5odHRwOi8vZGlja2hhcmR0Lm9y
Zy88L2E+PC90ZD48L3RyPgo8L3RhYmxlPgo8L2JvZHk+PC9odG1sPgo=

--_006_4E1F6AAD24975D4BA5B16804296739436651E440TK5EX14MBXC284r_--

From cmortimore@salesforce.com  Tue May 29 16:52:35 2012
Return-Path: <cmortimore@salesforce.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 466FF11E8160 for <oauth@ietfa.amsl.com>; Tue, 29 May 2012 16:52:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.598
X-Spam-Level: 
X-Spam-Status: No, score=-6.598 tagged_above=-999 required=5 tests=[AWL=0.001,  BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6R8lIx399Bpi for <oauth@ietfa.amsl.com>; Tue, 29 May 2012 16:52:34 -0700 (PDT)
Received: from exprod8og116.obsmtp.com (exprod8og116.obsmtp.com [64.18.3.32]) by ietfa.amsl.com (Postfix) with SMTP id 6B64311E8125 for <oauth@ietf.org>; Tue, 29 May 2012 16:52:34 -0700 (PDT)
Received: from exsfm-hub4.internal.salesforce.com ([204.14.239.239]) by exprod8ob116.postini.com ([64.18.7.12]) with SMTP ID DSNKT8VhQbhD1spR9uHLjqX5tE+PUSHm9lKF@postini.com; Tue, 29 May 2012 16:52:34 PDT
Received: from EXSFM-MB03.internal.salesforce.com ([10.1.127.58]) by exsfm-hub4.internal.salesforce.com ([10.1.127.8]) with mapi; Tue, 29 May 2012 16:52:33 -0700
From: Chuck Mortimore <cmortimore@salesforce.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Date: Tue, 29 May 2012 16:52:33 -0700
Thread-Topic: [OAUTH-WG] Review of draft-ietf-oauth-assertions-03
Thread-Index: Ac099h3DR9ADYWaMSkWj6kUtbnwUEw==
Message-ID: <1C8F2127-0CC7-4E3B-B0E0-CEC5D91A0F10@salesforce.com>
References: <699C916A-F8B1-40E8-8C3B-FCC9CBCC2C9F@gmx.net>
In-Reply-To: <699C916A-F8B1-40E8-8C3B-FCC9CBCC2C9F@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Review of draft-ietf-oauth-assertions-03
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 May 2012 23:52:35 -0000

Just catching up here - thanks for the comments Hannes.   Did you merge the=
se in by yourself?

-cmort

On May 24, 2012, at 11:39 AM, Hannes Tschofenig wrote:

> Hi Chuck, Mike, Brian, and Yaron,
>=20
> I reviewed the document as part of my shepherding role and I believe ther=
e is still room for improvement with the document. I think the document suf=
fers from the problem that you essentially want to cover every possible use=
 case in a single document. So, let me start with a high-level mail.
>=20
> You are covering two quite different usage scenarios that are only relate=
d to each other by the usage of assertions, namely
>=20
> 1. Using Assertions for Client Authentication
>=20
> 2. Using Assertions as Authorization Grants
>=20
> (Of course these two usages can happen in the same protocol exchange; thi=
s means that you have two assertions in the same message obtained from diff=
erent entities with potentially very different properties.)
>=20
> It is OK to have these two cases in a single document but the introductio=
n and section 3 need to untangle them and to describe the use cases to the =
reader. In fact, the second part of the document (from section 4 onwards) d=
oes a better job in separating the two cases. I was also wondering what use=
 cases you guys find most interested among all the options I list below? Wh=
at have you implemented and deployed (I need that info for the shepherd wri=
teup)? Maybe we should highlight them in the intro.
>=20
> Regarding the security aspects: I assume that the assertions is always si=
gned. (I guess you make this assumption as well.)
>=20
> There are a few considerations:
>=20
> a) Who creates and signs the assertion?
>=20
> You sometimes use the term "Security Token Service (STS)" but it is not i=
ntroduced in the terminology. Let us assume that this is a third party enti=
ty (and not a role the client can take).
>=20
> So, we have two cases:
>=20
> -- Assertions obtained from the STS
>=20
> -- Assertions self-generated by the client
>=20
> Needless to say that the security properties are different between the tw=
o. In the second case the party receiving the assertion cannot trust the co=
ntent in the assertion since it had been minted by the client, an untrusted=
 party.
>=20
> Also note that the protocol for obtaining the assertion from the STS may =
not have been standardized, which consequently does not necessarily increas=
e interoperability when deploying such a solution. Any story for this? How =
did you handle this in your implementations & deployments?=20
>=20
> Let us focus on the cases where the assertion is obtained from an STS. Th=
en, the assertion is signed by the STS (hopefully) and if the client presen=
ts it then it can do that in two ways:
>=20
>  -- Conveying the assertion as a Bearer Assertion (i.e., possession is th=
e security) and hopefully the exchange runs over TLS. Replay protection can=
 be provided via the parameters in the assertion assuming the client has a =
capability to obtain assertions on the fly using some protocol to essential=
ly present a refresh assertion with (almost) every exchange since otherwise=
 the provided security really suffers.
>=20
>  -- Using the assertion together with a holder-of-the-key concept. In thi=
s case the assertion would be signed by the STS and then the client in addi=
tion needs to show possession of a secret (which is bound to the token). Th=
is secret (either a shared key or a public/private key pair had been obtain=
ed somehow).
>=20
> Furthermore, the document at various places talks about the great securit=
y properties and I believe that this is a bit misleading. The great securit=
y properties are only there when you either use
>=20
> * a STS obtained assertion with a holder-of-a-key assertion, or
>=20
> * let the client sign the assertion (in which case the assertion is quite=
 degenerated*).
>=20
> It may also be worth noting that not all assertions can be signed with sy=
mmetric as well as asymmetric credentials. A SAML assertion, for example, c=
an only be signed with an asymmetric credential (at last to my knowledge).
>=20
> Ciao
> Hannes
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


From ustc.songwei@gmail.com  Tue May 29 22:10:28 2012
Return-Path: <ustc.songwei@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9139B21F8642 for <oauth@ietfa.amsl.com>; Tue, 29 May 2012 22:10:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level: 
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_05=-1.11, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nTWF+eSY-f+k for <oauth@ietfa.amsl.com>; Tue, 29 May 2012 22:10:27 -0700 (PDT)
Received: from mail-vc0-f172.google.com (mail-vc0-f172.google.com [209.85.220.172]) by ietfa.amsl.com (Postfix) with ESMTP id 63BE321F8623 for <oauth@ietf.org>; Tue, 29 May 2012 22:10:24 -0700 (PDT)
Received: by vcqp1 with SMTP id p1so3032508vcq.31 for <oauth@ietf.org>; Tue, 29 May 2012 22:10:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=p6inkWdnKq1pdE49P57JN1lNHh8h4a4f3po7SFBK/QQ=; b=o0gAXpuvkubacDZ/uZnSN2vTRgzYh4aKc1vLn8THzwQGhEe74wBLlFk/BT99AoYA0d 2Ane6VLt8sn7Nu9ZPlmYHyO+Gi94boi2qazWtnEEUi1JB2r65oSPViKA/B47XENYK/1z sOOrjuqUXLtikkfe/Lbsp6ZpZnuX/Nfgbq+fUjO9Wt2IBLDt7xMVQJQTnODl3Zjtg0/R 1P5ZFij7tpOuJ4ZUlPEvfE7+qqSDY9LaLon6OlgQm52gFWnHMIagizt8IKG0KbvSuaga 6la26f0MCB2dEeO3lD50QeRQ/biE8OyJQWk3yZMk1ImGjRJCDTISRQHiMHipnf3K98kI 5UmQ==
MIME-Version: 1.0
Received: by 10.52.29.69 with SMTP id i5mr13169876vdh.84.1338354623731; Tue, 29 May 2012 22:10:23 -0700 (PDT)
Received: by 10.220.117.194 with HTTP; Tue, 29 May 2012 22:10:23 -0700 (PDT)
Date: Wed, 30 May 2012 13:10:23 +0800
Message-ID: <CAEDihCTMAxqK3jsCUxHRfeR=S8piXf-om3rYk+V4HEpHkrLWng@mail.gmail.com>
From: Djb4ke <ustc.songwei@gmail.com>
To: oauth@ietf.org
Content-Type: multipart/alternative; boundary=20cf307d06baee58f004c139f736
X-Mailman-Approved-At: Wed, 30 May 2012 08:51:06 -0700
Subject: [OAUTH-WG] About oauth2 usage in tightly integration
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 May 2012 06:41:39 -0000

--20cf307d06baee58f004c139f736
Content-Type: text/plain; charset=ISO-8859-1

Hi Guys,

I have a question about tightly integration by OAuth2.

*The scenario is:*

   1. A and B are two independent web services in one company.
   2. They have their own identity store and authentication service.
   3. There is a mapping relationship between A's user/org and B's
   user/org, in another word, A can get user's userid in B by this means.
   4. A and B want to do tightly integration. A can get user's token in B
   in backend and call B's api. From end user, he/she regard as A and B are
   one service.


*Old Solution:*

   1. By Saml2, A sent a saml assertion to B.
   2. B verify the assrtion and generate the user token by nameid
   3. It's complex solution and need a lot of conguration.


*My idea by OAuth2:*

Client Credentials Grant is suitable for this scenario, but this grant
doesn't contain user's info, then can't get user's token by this flow.
I want to register a grant type for this purpose, and username is included
in this grant type.
*Here is the proposal:*

grant_type: urn:company:tightly_client_credentials
client_id and client_secret: in Authorization Head Basic or Post params
username: user's nameid
scope: [OPTIONAL] The scope of the access request

*Demo:
    Request:
*

POST /token HTTP/1.1
Host: server.example.com

Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW

Content-Type: application/x-www-form-urlencoded;charset=UTF-8


grant_type=urn:company:tightly_client_credentials&username=johndoe

*    Response:
*

HTTP/1.1 200 OK

 Content-Type: application/json;charset=UTF-8

 Cache-Control: no-store

 Pragma: no-cache


 {

   "access_token":"2YotnFZFEjr1zCsicMWpAA",

   "token_type":"example",

   "expires_in":3600,

   "example_parameter":"example_value"

 }

In back end ,when I got this requst, I will check if this client is very
confidential client for tightly integration, then issue a user token.
Is it reasonable solution for this use case?
Do you have any suggestion.


Thanks and Regards
Darcy

--20cf307d06baee58f004c139f736
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Hi Guys,<div><br></div><div>I have a question about tightly integration by =
OAuth2.<br><div><br></div><div><b>The=A0scenario is:</b></div><div><ol><li>=
A and B are two independent=A0web services in one company.</li><li>They hav=
e their own identity store and authentication service.</li>
<li>There is a=A0mapping relationship between A&#39;s user/org and B&#39;s =
user/org, in another word, A can get user&#39;s userid in B by this means.<=
/li>

<li>A and B want to do tightly integration. A can get user&#39;s token in B=
 in backend and call B&#39;s api. From end user, he/she regard as A and B a=
re one service.</li></ol><div><br></div><div><b>Old Solution:</b></div>
</div><div><ol><li>By Saml2, A sent a saml assertion to B.</li>

<li>B verify the assrtion and generate the user token by nameid</li><li>It&=
#39;s complex solution and need a lot of conguration.</li></ol><div><br></d=
iv></div><div><b>My idea by OAuth2:</b></div><blockquote style=3D"margin:0 =
0 0 40px;border:none;padding:0px">
<div>Client Credentials Grant is suitable for this scenario, but this grant=
 doesn&#39;t contain user&#39;s info, then can&#39;t get user&#39;s token b=
y this flow.</div><div>I want to register a grant type for this purpose, an=
d username is included in this grant type.</div>
<div><b>Here is the=A0proposal:</b></div></blockquote><blockquote style=3D"=
margin:0 0 0 40px;border:none;padding:0px"><blockquote style=3D"margin:0 0 =
0 40px;border:none;padding:0px"><div>grant_type: urn:company:tightly_<span =
style=3D"font-size:1em">client_credentials</span></div>
<div><span style=3D"font-size:1em">client_id and client_secret: in=A0</span=
><span style=3D"font-size:1em">Authorization Head Basic or Post params</spa=
n></div><div><span style=3D"font-size:1em">username: user&#39;s nameid</spa=
n></div>
<div>scope: [<span style=3D"font-size:1em">OPTIONAL</span>] The scope of th=
e access request</div><div><br></div></blockquote><b>Demo:<br>=A0 =A0 Reque=
st:<br></b><blockquote style=3D"margin:0 0 0 40px;border:none;padding:0px">=
POST /token HTTP/1.1<br>
Host: <a href=3D"http://server.example.com">server.example.com</a></blockqu=
ote><blockquote style=3D"margin:0 0 0 40px;border:none;padding:0px">Authori=
zation: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW</blockquote><blockquote style=3D=
"margin:0 0 0 40px;border:none;padding:0px">
Content-Type: application/x-www-form-urlencoded;charset=3DUTF-8</blockquote=
><blockquote style=3D"margin:0 0 0 40px;border:none;padding:0px"><br></bloc=
kquote><blockquote style=3D"margin:0 0 0 40px;border:none;padding:0px">gran=
t_type=3Durn:company:tightly_<span style=3D"font-size:1em">client_credentia=
ls</span>&amp;username=3Djohndoe<br>
<br></blockquote><b>=A0 =A0 Response:<br></b><blockquote style=3D"margin:0 =
0 0 40px;border:none;padding:0px">HTTP/1.1 200 OK</blockquote><blockquote s=
tyle=3D"margin:0 0 0 40px;border:none;padding:0px">=A0Content-Type: applica=
tion/json;charset=3DUTF-8</blockquote>
<blockquote style=3D"margin:0 0 0 40px;border:none;padding:0px">=A0Cache-Co=
ntrol: no-store</blockquote><blockquote style=3D"margin:0 0 0 40px;border:n=
one;padding:0px">=A0Pragma: no-cache</blockquote><blockquote style=3D"margi=
n:0 0 0 40px;border:none;padding:0px">
<br></blockquote><blockquote style=3D"margin:0 0 0 40px;border:none;padding=
:0px">=A0{</blockquote><blockquote style=3D"margin:0 0 0 40px;border:none;p=
adding:0px">=A0 =A0&quot;access_token&quot;:&quot;2YotnFZFEjr1zCsicMWpAA&qu=
ot;,</blockquote>
<blockquote style=3D"margin:0 0 0 40px;border:none;padding:0px">=A0 =A0&quo=
t;token_type&quot;:&quot;example&quot;,</blockquote><blockquote style=3D"ma=
rgin:0 0 0 40px;border:none;padding:0px">=A0 =A0&quot;expires_in&quot;:3600=
,</blockquote>
<blockquote style=3D"margin:0 0 0 40px;border:none;padding:0px">=A0 =A0&quo=
t;example_parameter&quot;:&quot;example_value&quot;</blockquote><blockquote=
 style=3D"margin:0 0 0 40px;border:none;padding:0px">=A0}<br><br></blockquo=
te></blockquote>
In back end ,when I got this requst, I will check if this client is very co=
nfidential client for tightly integration, then issue a user token.=A0<br>I=
s it reasonable solution for this use case?</div><div>Do you have any sugge=
stion.<div>
<br></div><div><br></div><div>Thanks and Regards</div><div>Darcy</div><div>=
<div><blockquote style=3D"margin:0 0 0 40px;border:none;padding:0px"><block=
quote style=3D"margin:0 0 0 40px;border:none;padding:0px"><br><br></blockqu=
ote>
<blockquote style=3D"margin:0 0 0 40px;border:none;padding:0px"><div><br></=
div></blockquote></blockquote><blockquote style=3D"margin:0 0 0 40px;border=
:none;padding:0px"><div><pre class=3D"newpage" style=3D"font-size:1em;margi=
n-top:0px;margin-bottom:0px">
<br></pre></div></blockquote><div><br></div><div><br></div>
</div></div></div>

--20cf307d06baee58f004c139f736--

From bcampbell@pingidentity.com  Wed May 30 13:46:57 2012
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 011A521F8748 for <oauth@ietfa.amsl.com>; Wed, 30 May 2012 13:46:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.977
X-Spam-Level: 
X-Spam-Status: No, score=-5.977 tagged_above=-999 required=5 tests=[AWL=-0.001, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1qp61W2W9R1v for <oauth@ietfa.amsl.com>; Wed, 30 May 2012 13:46:55 -0700 (PDT)
Received: from na3sys009aog125.obsmtp.com (na3sys009aog125.obsmtp.com [74.125.149.153]) by ietfa.amsl.com (Postfix) with ESMTP id D9DD821F8747 for <oauth@ietf.org>; Wed, 30 May 2012 13:46:54 -0700 (PDT)
Received: from mail-vc0-f176.google.com ([209.85.220.176]) (using TLSv1) by na3sys009aob125.postini.com ([74.125.148.12]) with SMTP ID DSNKT8aHPk8guIs4doXamdfL2JuW9NjKq+Y+@postini.com; Wed, 30 May 2012 13:46:54 PDT
Received: by vcbfo14 with SMTP id fo14so241260vcb.21 for <oauth@ietf.org>; Wed, 30 May 2012 13:46:53 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:x-gm-message-state; bh=iSPMibGw4A9z2K8VtAWzZedvlxCXInRb/gmex/qJuFY=; b=XfmEuad7DVxDWbNniL77aPSdQOfzlger+XvovaP4RNsWfCNZHnAfbQov8JCG90dBs2 Eyo1LkQPRiATm7pexcehf77urVBdbdKA1VhTswzmN+i2iIgYr0SImrhKF0rqN3JQWXRT sAtUD4AGZg+PJ3hVm37L2BzQmIp4RSg7qAa1uFHgFo7SY3JbVPkMkmCTTCbCK2XC4ZXX sOJ+PwiSxNOaAAuOGQYLJL2BAtn8ZuiSR8gMxXj7Huahdxelj9A2DUA7tOq4Mycy8WeO vlJSrvVZuLQI/TNoASBr8zEFgwlilnP6UR1pu/HEElLly0mu2Kl7Avl1qtpP4mkZ0tig ouIQ==
Received: by 10.52.100.229 with SMTP id fb5mr15603966vdb.102.1338410813370; Wed, 30 May 2012 13:46:53 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.182.68 with HTTP; Wed, 30 May 2012 13:46:23 -0700 (PDT)
In-Reply-To: <699C916A-F8B1-40E8-8C3B-FCC9CBCC2C9F@gmx.net>
References: <699C916A-F8B1-40E8-8C3B-FCC9CBCC2C9F@gmx.net>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Wed, 30 May 2012 14:46:23 -0600
Message-ID: <CA+k3eCQUdc1Mgm6Dd9zMTbPaKuiqntHUKM2ai=hfVWJJ7J9wCA@mail.gmail.com>
To: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
Content-Type: multipart/alternative; boundary=20cf307f343e18301a04c1470d26
X-Gm-Message-State: ALoCoQkEIoQoLVYD7fxLyXodzj0i+QNgKU0qSt12Nt+dZl4TzG41wdMB9AmW9sH1u79jRum0/L4S
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Review of draft-ietf-oauth-assertions-03
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 May 2012 20:46:57 -0000

--20cf307f343e18301a04c1470d26
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Thanks for the comments Hannes. I've attempted to answer some of your
questions/comments inline below (or at least provide some additional info,
context or explanation).

On Thu, May 24, 2012 at 12:39 PM, Hannes Tschofenig <
Hannes.Tschofenig@gmx.net> wrote:

> Hi Chuck, Mike, Brian, and Yaron,
>
> I reviewed the document as part of my shepherding role and I believe ther=
e
> is still room for improvement with the document. I think the document
> suffers from the problem that you essentially want to cover every possibl=
e
> use case in a single document. So, let me start with a high-level mail.
>
> You are covering two quite different usage scenarios that are only relate=
d
> to each other by the usage of assertions, namely
>
> 1. Using Assertions for Client Authentication
>
> 2. Using Assertions as Authorization Grants
>
> (Of course these two usages can happen in the same protocol exchange; thi=
s
> means that you have two assertions in the same message obtained from
> different entities with potentially very different properties.)
>
> It is OK to have these two cases in a single document but the introductio=
n
> and section 3 need to untangle them and to describe the use cases to the
> reader. In fact, the second part of the document (from section 4 onwards)
> does a better job in separating the two cases.


Yeah, putting them together has its advantages and disadvantages and
causing confusing between the two cases is one of the biggest downsides.
Proposed text that helps untangle the two usages for the reader/implementer
would most definitely be welcomed.



> I was also wondering what use cases you guys find most interested among
> all the options I list below? What have you implemented and deployed (I
> need that info for the shepherd writeup)? Maybe we should highlight them =
in
> the intro.
>


The primary case I've seen deployed is in an "enterprise to SaaS" model
using SAML assertions as authorization grants.  The enterprise has some
kind of STS that can issue assertions and trust has been established
between the STS and the enterprise's accounts at the SaaS. The client
presents some kind local authentication/authorization to the STS and
receives a suitable assertion in exchange. That exchange is via WS-Trust in
the deployments I've seen but that's far from the only way it can be done.
Once the client has the assertion, the OAuth assertion profile/grant type
can be employed to get an OAuth access token from the AS at the SaaS. Then
that token be used to access the SaaS's protected resources/APIs. The trust
established between the enterprise STS and the SaaS is usually already in
place and being used to facilitate Web SSO traffic.

For the sake of disclosure, my company offers a product that acts in the
STS role described above and one of my co-author's companies is very often
the SaaS. Our product also supports the AS role in that exchange to help
enable organizations to do what the aforementioned SaaS is doing.

In my experience there has been more initial interest in assertions as
grants than for client authentication. But I'll note that OpenID Connect
specifically calls out the JWT assertion profile as one option for client
authentication.



>
> Regarding the security aspects: I assume that the assertions is always
> signed. (I guess you make this assumption as well.)
>

Yes and the draft should say as much. The end of =A75.2 explicit says "The
Authorization Server MUST validate the assertion's signature..."  and there
are a number of other places where the text would seem to imply that the
token/assertion is always singed. Do you think it needs to be made more
explicit?


> There are a few considerations:
>
> a) Who creates and signs the assertion?
>

It really depends on the situation.  The draft in =A75.1 defines it as the
Issuer and attempts to give some ideas about how that might work without
being overly prescriptive or restrictive.


>
> You sometimes use the term "Security Token Service (STS)" but it is not
> introduced in the terminology. Let us assume that this is a third party
> entity (and not a role the client can take).
>
> So, we have two cases:
>
>  -- Assertions obtained from the STS
>
>  -- Assertions self-generated by the client
>
> Needless to say that the security properties are different between the
> two. In the second case the party receiving the assertion cannot trust th=
e
> content in the assertion since it had been minted by the client, an
> untrusted party.
>

The client is not necessarily untrusted.  In the case where the client is
the issuer, it really needs to be trusted for it to work. That probably
makes the most sense when using assertions as client authentication where
the client sends an assertion that demonstrates possession of a (symmetric
or asymmetric) secret. But it really depends on the situation so that's
just one possibility.


>
> Also note that the protocol for obtaining the assertion from the STS may
> not have been standardized, which consequently does not necessarily
> increase interoperability when deploying such a solution. Any story for
> this? How did you handle this in your implementations & deployments?
>

Interoperability between the client and the AS is the primary goal of this
spec (and the SAML/JWT incarnations of it). That may impose some
requirements on the STS with respect to the actual content and format of
the assertion. However, the rest of the client <-> STS exchange should have
no bearing on interop (other than between those two parties but that is out
of scope here).

For what it's worth, as I mentioned earlier, my product offers WS-Trust as
a means for obtaining the assertion. It's not the only way and it's
arguably not ideal. But it is a standard for token exchange and it was
something we already had a lot of infrastructure in place to support in our
product.


>
> Let us focus on the cases where the assertion is obtained from an STS.
> Then, the assertion is signed by the STS (hopefully) and if the client
> presents it then it can do that in two ways:
>
>  -- Conveying the assertion as a Bearer Assertion (i.e., possession is th=
e
> security) and hopefully the exchange runs over TLS. Replay protection can
> be provided via the parameters in the assertion assuming the client has a
> capability to obtain assertions on the fly using some protocol to
> essentially present a refresh assertion with (almost) every exchange sinc=
e
> otherwise the provided security really suffers.
>

FWIW, this whole document more or less assumes that the assertion will be a
bearer assertion. I don't think there's anything necessarily preventing a
holder of key profile from being written on top of it but the SAML/JWT
realizations of this draft are explicitly and intentionally limited in
scope to the bearer case.

And yes, this exchange must run over TLS (OAuth core at
http://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-3.2 mandates it
for the token endpoint which then is inherited by this spec).


>
>  -- Using the assertion together with a holder-of-the-key concept. In thi=
s
> case the assertion would be signed by the STS and then the client in
> addition needs to show possession of a secret (which is bound to the
> token). This secret (either a shared key or a public/private key pair had
> been obtained somehow).
>

Again, I think a HoK assertion/confirmation could be profiled from this
draft but it hasn't been done yet and I really haven't heard anyone asking
for it.


>
> Furthermore, the document at various places talks about the great securit=
y
> properties and I believe that this is a bit misleading. The great securit=
y
> properties are only there when you either use
>
>  * a STS obtained assertion with a holder-of-a-key assertion, or
>
>  * let the client sign the assertion (in which case the assertion is quit=
e
> degenerated*).
>

I believe those security benefits are really only particularly relevant for
[H]MAC'd assertion being used for client authentication as an alternative
to sending the client secret directly via HTTP Basic or as a parameter.
This should probably be made more clear so as not to be misleading.


> It may also be worth noting that not all assertions can be signed with
> symmetric as well as asymmetric credentials. A SAML assertion, for exampl=
e,
> can only be signed with an asymmetric credential (at last to my knowledge=
).
>
>

That is standard practice with SAML and the only thing I've ever seen
implemented/deployed but there is nothing that actually mandates asymmetric
signatures in SAML.



> Ciao
> Hannes
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>

--20cf307f343e18301a04c1470d26
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Thanks for the comments Hannes. I&#39;ve attempted to answer some of your q=
uestions/comments inline below (or at least provide some additional info,=
=A0 context or explanation).<br><br><div class=3D"gmail_quote">On Thu, May =
24, 2012 at 12:39 PM, Hannes Tschofenig <span dir=3D"ltr">&lt;<a href=3D"ma=
ilto:Hannes.Tschofenig@gmx.net" target=3D"_blank">Hannes.Tschofenig@gmx.net=
</a>&gt;</span> wrote:<br>



<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">Hi Chuck, Mike, Brian, and Yaron,<br>
<br>
I reviewed the document as part of my shepherding role and I believe there =
is still room for improvement with the document. I think the document suffe=
rs from the problem that you essentially want to cover every possible use c=
ase in a single document. So, let me start with a high-level mail.<br>




<br>
You are covering two quite different usage scenarios that are only related =
to each other by the usage of assertions, namely<br>
<br>
1. Using Assertions for Client Authentication<br>
<br>
2. Using Assertions as Authorization Grants<br>
<br>
(Of course these two usages can happen in the same protocol exchange; this =
means that you have two assertions in the same message obtained from differ=
ent entities with potentially very different properties.)<br>
<br>
It is OK to have these two cases in a single document but the introduction =
and section 3 need to untangle them and to describe the use cases to the re=
ader. In fact, the second part of the document (from section 4 onwards) doe=
s a better job in separating the two cases. </blockquote>



<div><br>Yeah, putting them together has its advantages and disadvantages a=
nd causing confusing between the two cases is one of the biggest downsides.=
 Proposed text that helps untangle the two usages for the reader/implemente=
r would most definitely be welcomed. <br>



<br>=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0pt 0pt 0pt =
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">I was also w=
ondering what use cases you guys find most interested among all the options=
 I list below? What have you implemented and deployed (I need that info for=
 the shepherd writeup)? Maybe we should highlight them in the intro.<br>



</blockquote><div><br><br>The primary case I&#39;ve seen deployed is in an =
&quot;enterprise to SaaS&quot; model using SAML assertions as authorization=
 grants.=A0 The enterprise has some kind of STS that can issue assertions a=
nd trust has been established between the STS and the enterprise&#39;s acco=
unts at the SaaS. The client presents some kind local authentication/author=
ization to the STS and receives a suitable assertion in exchange. That exch=
ange is via WS-Trust in the deployments I&#39;ve seen but that&#39;s far fr=
om the only way it can be done. Once the client has the assertion, the OAut=
h assertion profile/grant type can be employed to get an OAuth access token=
 from the AS at the SaaS. Then that token be used to access the SaaS&#39;s =
protected resources/APIs. The trust established between the enterprise STS =
and the SaaS is usually already in place and being used to facilitate Web S=
SO traffic.<br>



<br>For the sake of disclosure, my company offers a product that acts in th=
e STS role described above and one of my co-author&#39;s companies is very =
often the SaaS. Our product also supports the AS role in that exchange to h=
elp enable organizations to do what the aforementioned SaaS is doing.=A0 <b=
r>



<br>In my experience there has been more initial interest in assertions as =
grants than for client authentication. But I&#39;ll note that OpenID Connec=
t specifically calls out the JWT assertion profile as one option for client=
 authentication.<br>



<br>=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0pt 0pt 0pt =
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Regarding the security aspects: I assume that the assertions is always sign=
ed. (I guess you make this assumption as well.)<br></blockquote><div><br>Ye=
s and the draft should say as much. The end of =A75.2 explicit says &quot;T=
he Authorization Server MUST validate the assertion&#39;s signature...&quot=
;=A0 and there are a number of other places where the text would seem to im=
ply that the token/assertion is always singed. Do you think it needs to be =
made more explicit?<br>



<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0pt 0pt 0pt 0.8=
ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
There are a few considerations:<br>
<br>
a) Who creates and signs the assertion?<br></blockquote><div><br>It really =
depends on the situation.=A0 The draft in =A75.1 defines it as the Issuer a=
nd attempts to give some ideas about how that might work without being over=
ly prescriptive or restrictive.<br>



=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0pt 0pt 0pt 0.8e=
x;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
You sometimes use the term &quot;Security Token Service (STS)&quot; but it =
is not introduced in the terminology. Let us assume that this is a third pa=
rty entity (and not a role the client can take).<br>
<br>
So, we have two cases:<br>
<br>
=A0-- Assertions obtained from the STS<br>
<br>
=A0-- Assertions self-generated by the client<br>
<br>
Needless to say that the security properties are different between the two.=
 In the second case the party receiving the assertion cannot trust the cont=
ent in the assertion since it had been minted by the client, an untrusted p=
arty.<br>



</blockquote><div><br>The client is not necessarily untrusted.=A0 In the ca=
se where the client is the issuer, it really needs to be trusted for it to =
work. That probably makes the most sense when using assertions as client au=
thentication where the client sends an assertion that demonstrates possessi=
on of a (symmetric or asymmetric) secret. But it really depends on the situ=
ation so that&#39;s just one possibility. <br>



=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0pt 0pt 0pt 0.8e=
x;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Also note that the protocol for obtaining the assertion from the STS may no=
t have been standardized, which consequently does not necessarily increase =
interoperability when deploying such a solution. Any story for this? How di=
d you handle this in your implementations &amp; deployments?<br>



</blockquote><div><br>Interoperability between the client and the AS is the=
 primary goal of this spec (and the SAML/JWT incarnations of it). That may =
impose some requirements on the STS with respect to the actual content and =
format of the assertion. However, the rest of the client &lt;-&gt; STS exch=
ange should have no bearing on interop (other than between those two partie=
s but that is out of scope here).=A0 <br>



<br>For what it&#39;s worth, as I mentioned earlier, my product offers WS-T=
rust as a means for obtaining the assertion. It&#39;s not the only way and =
it&#39;s arguably not ideal. But it is a standard for token exchange and it=
 was something we already had a lot of infrastructure in place to support i=
n our product.<br>



=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0pt 0pt 0pt 0.8e=
x;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Let us focus on the cases where the assertion is obtained from an STS. Then=
, the assertion is signed by the STS (hopefully) and if the client presents=
 it then it can do that in two ways:<br>
<br>
 =A0-- Conveying the assertion as a Bearer Assertion (i.e., possession is t=
he security) and hopefully the exchange runs over TLS. Replay protection ca=
n be provided via the parameters in the assertion assuming the client has a=
 capability to obtain assertions on the fly using some protocol to essentia=
lly present a refresh assertion with (almost) every exchange since otherwis=
e the provided security really suffers.<br>



</blockquote><div><br>FWIW, this whole document more or less assumes that t=
he assertion will be a bearer assertion. I don&#39;t think there&#39;s anyt=
hing necessarily preventing a holder of key profile from being written on t=
op of it but the SAML/JWT realizations of this draft are explicitly and int=
entionally limited in scope to the bearer case.<br>



<br>And yes, this exchange must run over TLS (OAuth core at <a href=3D"http=
://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-3.2" target=3D"_blank=
">http://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-3.2</a> mandate=
s it for the token endpoint which then is inherited by this spec).<br>



=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0pt 0pt 0pt 0.8e=
x;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
 =A0-- Using the assertion together with a holder-of-the-key concept. In th=
is case the assertion would be signed by the STS and then the client in add=
ition needs to show possession of a secret (which is bound to the token). T=
his secret (either a shared key or a public/private key pair had been obtai=
ned somehow).<br>



</blockquote><div><br>Again, I think a HoK assertion/confirmation could be =
profiled from this draft but it hasn&#39;t been done yet and I really haven=
&#39;t heard anyone asking for it.<br>=A0</div><blockquote class=3D"gmail_q=
uote" style=3D"margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,2=
04);padding-left:1ex">




<br>
Furthermore, the document at various places talks about the great security =
properties and I believe that this is a bit misleading. The great security =
properties are only there when you either use<br>
<br>
=A0* a STS obtained assertion with a holder-of-a-key assertion, or<br>
<br>
=A0* let the client sign the assertion (in which case the assertion is quit=
e degenerated*).<br></blockquote><div><br>I believe those security benefits=
 are really only particularly relevant for [H]MAC&#39;d assertion being use=
d for client authentication as an alternative to sending the client secret =
directly via HTTP Basic or as a parameter. This should probably be made mor=
e clear so as not to be misleading.<br>



<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0pt 0pt 0pt 0.8=
ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
It may also be worth noting that not all assertions can be signed with symm=
etric as well as asymmetric credentials. A SAML assertion, for example, can=
 only be signed with an asymmetric credential (at last to my knowledge).<br=
>




<br></blockquote><div><br><br>That is standard practice with SAML and the o=
nly thing I&#39;ve ever seen implemented/deployed but there is nothing that=
 actually mandates asymmetric signatures in SAML.<br><br>=A0</div><blockquo=
te class=3D"gmail_quote" style=3D"margin:0pt 0pt 0pt 0.8ex;border-left:1px =
solid rgb(204,204,204);padding-left:1ex">




Ciao<br>
Hannes<br>
_______________________________________________<br>
OAuth mailing list<br>
<a href=3D"mailto:OAuth@ietf.org" target=3D"_blank">OAuth@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/oauth" target=3D"_blank">h=
ttps://www.ietf.org/mailman/listinfo/oauth</a><br>
</blockquote></div><br>

--20cf307f343e18301a04c1470d26--

From hannes.tschofenig@gmx.net  Thu May 31 10:20:33 2012
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3E8221F872A for <oauth@ietfa.amsl.com>; Thu, 31 May 2012 10:20:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hHn4zGMjKXwg for <oauth@ietfa.amsl.com>; Thu, 31 May 2012 10:20:31 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id D352621F8731 for <oauth@ietf.org>; Thu, 31 May 2012 10:20:30 -0700 (PDT)
Received: (qmail invoked by alias); 31 May 2012 17:20:28 -0000
Received: from a88-115-216-191.elisa-laajakaista.fi (EHLO [192.168.100.101]) [88.115.216.191] by mail.gmx.net (mp004) with SMTP; 31 May 2012 19:20:28 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1+9/2gH68C941csraiyK3DqwZK5SxF4sdv1YQaRwX /o/0o/MD3T3cJI
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=windows-1252
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739436651E440@TK5EX14MBXC284.redmond.corp.microsoft.com>
Date: Thu, 31 May 2012 20:20:27 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <C306A031-C2F0-4912-8341-312DFF4973BD@gmx.net>
References: <FADC0EB3-75F7-45E8-93B8-A9C3A07E2E88@gmx.net> <4E1F6AAD24975D4BA5B168042967394366516960@TK5EX14MBXC284.redmond.corp.microsoft.com> <CAB_mRgMumU5qzEJF0KCWNCx+R4MAzVawiJGKj2YBpJFzrxkomQ@mail.gmail.com> <0CBAEB56DDB3A140BA8E8C124C04ECA20104B3A1@P3PWEX2MB008.ex2.secureserver.net> <4E1F6AAD24975D4BA5B16804296739436651E440@TK5EX14MBXC284.redmond.corp.microsoft.com>
To: Mike Jones <Michael.Jones@microsoft.com>
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Error Encoding: Conclusion
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 May 2012 17:20:33 -0000

Hi Mike,=20

thank you for compiling the text. It looks good to me. I have not seen =
anyone from the working group screaming either.=20

Eran, can you incorporate these changes into the next draft version?

Ciao
Hannes

On May 30, 2012, at 2:10 AM, Mike Jones wrote:

> I=92ve made another set of updates to a copy of Core -26 to address =
the questions raised by Eran and David below (attached).
> =20
> An unrelated change that you should probably pick up, Eran is adding =
this to the <front> section, so that the heading shows that the draft is =
a product of the =93OAuth Working Group=94 rather than the =93Network =
Working Group=94:
>     <area>Security</area>
>     <workgroup>OAuth Working Group</workgroup>
> =20
> One change I didn=92t make, but that should be considered, is to =
delete the reference to OASIS.saml-core-2.0-os, since it is used by no =
<xref> in the document.
> =20
> The new proposed text for Section 7.2 follows:
> =20
> 7.2.  Error Response
> =20
>    If a resource access request fails, the resource server SHOULD =
inform
>    the client of the error.  While the specific error responses =
possible
>    and methods for transmitting those errors when using any particular
>    access token type are beyond the scope of this specification, any
>    "error" code values defined for use with OAuth resource access
>    methods MUST be registered (following the procedures in
>    Section 11.4).
> =20
>    Specifically, when the OAuth resource access method uses an "error"
>    result parameter to return an error code value that indicates the
>    resource access error encountered, then these error code values =
MUST
>    be registered.  Values for these "error" codes MUST NOT include
>    characters outside the set %x20-21 / %x23-5B / %x5D-7E. When an
>    "error" code value is registered for use by an OAuth resource =
access
>    method, should that same code already be registered for use by
>    another OAuth resource access method or at a different OAuth error
>    usage location, then the meaning of that error code value in in the
>    new registration MUST be consistent with the its meaning in prior
>    registrations.
> =20
>    The OAuth resource access error registration requirement applies =
only
>    to "error" code values and not to other means of returning error
>    indications, including HTTP status codes, or other error-related
>    result parameters, such as "error_description", "error_uri", or =
other
>    kinds of error status return methods that may be employed by the
>    resource access method.  There is no requirement that OAuth =
resource
>    access methods employ an "error" parameter.
> =20
> Hopefully incorporating these changes will enable us to close the =
remaining DISCUSS issues on both the Core and Bearer drafts.
> =20
>                                                                 Thanks =
all,
>                                                                 -- =
Mike
> =20
> =20
> From: Eran Hammer [mailto:eran@hueniverse.com]=20
> Sent: Wednesday, May 23, 2012 11:45 PM
> To: David Recordon; Mike Jones; Hannes Tschofenig
> Cc: oauth@ietf.org WG
> Subject: RE: [OAUTH-WG] Error Encoding: Conclusion
> =20
> With the exception of section 7.2, the changes look reasonable and =
will be applied in the next revision.
> =20
> The new section 7.2 is confusion and does not explain the new =
registry. The section introduces a new requirement to register =91any =
error codes defined for use with OAuth resource access methods=92. This =
requirement is too vague.
> =20
> I have no clue how to (for example) apply this text to the MAC draft. =
Adding to David=92s list below:
> =20
> * Should the HTTP status codes used by the MAC spec as currently =
written be registered (since no guidance is given to the use of an error =
parameter)?
> * Does this introduce a requirement to add an error parameter?
> * Does the parameter need to / should be called =91error=92?
> * What about future methods in which errors are not simply expressed =
in the form of a fixes string?
> =20
> EH
> =20
> =20
> From: David Recordon [mailto:recordond@gmail.com]=20
> Sent: Wednesday, May 23, 2012 11:38 PM
> To: Mike Jones; Hannes Tschofenig; Eran Hammer
> Cc: oauth@ietf.org WG
> Subject: Re: [OAUTH-WG] Error Encoding: Conclusion
> =20
> Honestly still trying to fully wrap my head around what's going on =
here since it seems far more complex than the threads are alluding to. =
In any case, does Mike's text address what Eran brought up as needed in =
the thread Hannes referenced or is Eran wrong?
> =20
> The core spec currently provides full guidance and definition for =
error extensibility. Extending the registry's scope means the need for =
non-trivial new text that:
> =20
> * explains the process of adding new errors for endpoints not defined =
by this specification,
> * finds a common ground for value restrictions beyond what is already =
listed,
> * guide authors of future HTTP authentication schemes meant for use =
with OAuth (e.g. MAC) for their requirements for using the error =
registry, and
> * address the very likely scenario of the same error code carrying =
different meanings in different endpoints, or an extension that adds a =
location to a code already defined elsewhere - something very likely to =
happen if you cross the two very different domains (OAuth endpoints, =
Protected resource endpoints). This requires changing the entire =
structure of the registry to create separate records for each =
code/location pair.
> =20
> Thanks,
> --David
>=20
> On Wed, May 23, 2012 at 10:22 PM, Mike Jones =
<Michael.Jones@microsoft.com> wrote:
> Thanks Hannes.  In the interest of hopefully completing the edits to =
remove the DISCUSS issues for the Bearer and Core specs in the next few =
days so that we can send the docs to the RFC editors, I'd like to =
propose specific language for the Core spec to address both of the =
consensus call issue resolutions.  After there's consensus on the =
specific text for Core, it will be easy for us to add a reference in =
Bearer to the language in Core for the error syntax restrictions and to =
use the OAuth errors registry.  I'll do that in parallel with the =
discussions on the proposed core language changes.
>=20
> =20
>=20
> A summary of the changes I made in response to the consensus call =
conclusions are:
>=20
> =B7        Add syntax restrictions for =93error=94, =
=93error_description=94, and =93error_uri=94 from Bearer to Core
>=20
> =B7        Add section 7.2 about error responses from resource access =
requests
>=20
> =B7        Add =93resource access error response=94 to the category of =
OAuth errors that can be registered
>=20
> =20
>=20
> Additional editorial changes that I made as I encountered issues in =
the document were:
>=20
> =B7        Updated out of date references, especially the =
draft-hardt-oauth-01 reference, which contained an invalid link
>=20
> =B7        Added Derek Atkins to the list of chairs
>=20
> =B7        Added Yaron Goland=92s middle initial Y. (since he prefers =
to include it in publications)
>=20
> =B7        Replaced use of the deprecated <appendix> element, which =
prevented the spec from building with strict checking, with a <section> =
element in the <back> section (which creates an appendix)
>=20
> =20
>=20
> To make it easy to incorporate these changes into the document and so =
the proposed changes are unambiguous, I produced an edited version of =
Core -26 containing these changes.  The xml, txt, and html versions are =
attached to facilitate review.  Pertinent diffs from the .txt version =
follow.
>=20
> =20
>=20
>                                                             Cheers,
>=20
>                                                             -- Mike
>=20
> =20
>=20
> 683c683,684
>=20
> <    notation of [RFC5234].
>=20
> ---
>=20
> >    notation of [RFC5234].  Additionally, the rule URI-Reference is
>=20
> >    included from Uniform Resource Identifier (URI) [RFC3986].
>=20
> 1441c1441,1442
>=20
> <          REQUIRED.  A single error code from the following:
>=20
> ---
>=20
> >          REQUIRED.  A single ASCII [USASCII] error code from the
>=20
> >          following:
>=20
> 1474a1475,1476
>=20
> >          Values for the "error" parameter MUST NOT include =
characters
>=20
> >          outside the set %x20-21 / %x23-5B / %x5D-7E.
>=20
> 1476c1478
>=20
> <          OPTIONAL.  A human-readable UTF-8 encoded text providing
>=20
> ---
>=20
> >          OPTIONAL.  A human-readable ASCII [USASCII] text providing
>=20
> 1478a1481,1482
>=20
> >          Values for the "error_description" parameter MUST NOT =
include
>=20
> >          characters outside the set %x20-21 / %x23-5B / %x5D-7E.
>=20
> 1482a1487,1489
>=20
> >          Values for the "error_uri" parameter MUST conform to the =
URI-
>=20
> >          Reference syntax, and thus MUST NOT include characters =
outside
>=20
> >          the set %x21 / %x23-5B / %x5D-7E.
>=20
> 1840c1840,1841
>=20
> <          REQUIRED.  A single error code from the following:
>=20
> ---
>=20
> >          REQUIRED.  A single ASCII [USASCII] error code from the
>=20
> >          following:
>=20
> 1873a1874,1875
>=20
> >          Values for the "error" parameter MUST NOT include =
characters
>=20
> >          outside the set %x20-21 / %x23-5B / %x5D-7E.
>=20
> 1875c1877
>=20
> <          OPTIONAL.  A human-readable UTF-8 encoded text providing
>=20
> ---
>=20
> >          OPTIONAL.  A human-readable ASCII [USASCII] text providing
>=20
> 1877a1880,1881
>=20
> >          Values for the "error_description" parameter MUST NOT =
include
>=20
> >          characters outside the set %x20-21 / %x23-5B / %x5D-7E.
>=20
> 1881a1886,1888
>=20
> >          Values for the "error_uri" parameter MUST conform to the =
URI-
>=20
> >          Reference syntax, and thus MUST NOT include characters =
outside
>=20
> >          the set %x21 / %x23-5B / %x5D-7E.
>=20
> <          REQUIRED.  A single error code from the following:
>=20
> ---
>=20
> >          REQUIRED.  A single ASCII [USASCII] error code from the
>=20
> >          following:
>=20
> 2325a2326,2327
>=20
> >          Values for the "error" parameter MUST NOT include =
characters
>=20
> >          outside the set %x20-21 / %x23-5B / %x5D-7E.
>=20
> 2327c2329
>=20
> <          OPTIONAL.  A human-readable UTF-8 encoded text providing
>=20
> ---
>=20
> >          OPTIONAL.  A human-readable ASCII [USASCII] text providing
>=20
> 2329a2332,2333
>=20
> >          Values for the "error_description" parameter MUST NOT =
include
>=20
> >          characters outside the set %x20-21 / %x23-5B / %x5D-7E.
>=20
> 2333a2338,2340
>=20
> >          Values for the "error_uri" parameter MUST conform to the =
URI-
>=20
> >          Reference syntax, and thus MUST NOT include characters =
outside
>=20
> >          the set %x21 / %x23-5B / %x5D-7E.
>=20
> 2450c2460,2468
>=20
> <    The method in which the client utilized the access token to
>=20
> ---
>=20
> >    The method in which the client utilizes the access token to
>=20
> 2479c2489
>=20
> <      Authorization: Bearer 7Fjfp0ZBr1KtDRbnfVdmIw
>=20
> ---
>=20
> >      Authorization: Bearer mF_9.B5f-4.1JqM
>=20
> 2503a2514,2533
>=20
> >
>=20
> > 7.2.  Error Response
>=20
> >
>=20
> >    If a resource access request fails, the resource server SHOULD =
inform
>=20
> >    the client of the error.  While the specific error responses =
possible
>=20
> >    and methods for transmitting those errors when using any =
particular
>=20
> >    access token type are beyond the scope of this specification, any
>=20
> >    error codes defined for use with OAuth resource access methods =
MUST
>=20
> >    be registered (following the procedures in Section 11.4).
>=20
> >
>=20
> >
>=20
> 2602,2603c2624,2626
>=20
> <    (Section 4.2.2.1), or the token error response (Section 5.2), =
such
>=20
> <    error codes MAY be defined.
>=20
> ---
>=20
> >    (Section 4.2.2.1), the token error response (Section 5.2), or the
>=20
> >    resource access error response (Section 7.2), such error codes =
MAY be
>=20
> >    defined.
>=20
> 3444c3484,3485
>=20
> <       (Section 4.2.2.1), or token error response (Section 5.2).
>=20
> ---
>=20
> >       (Section 4.2.2.1), token error response (Section 5.2), or =
resource
>=20
> >       access error response (Section 7.2).
>=20
> 3596a3554,3557
>=20
> >    [USASCII]  American National Standards Institute, "Coded =
Character
>=20
> >               Set -- 7-bit American Standard Code for Information
>=20
> >               Interchange", ANSI X3.4, 1986.
>=20
> >
>=20
> 3611,3612c3572,3573
>=20
> <               OAuth 2.0", draft-ietf-oauth-saml2-bearer-08 (work in
>=20
> <               progress), August 2011.
>=20
> ---
>=20
> >               OAuth 2.0", draft-ietf-oauth-saml2-bearer-12 (work in
>=20
> >               progress), May 2012.
>=20
> 3616,3617c3577,3579
>=20
> <               Protocol: Bearer Tokens", =
draft-ietf-oauth-v2-bearer-08
>=20
> <               (work in progress), July 2011.
>=20
> ---
>=20
> >               Authorization Protocol: Bearer Tokens",
>=20
> >               draft-ietf-oauth-v2-bearer-19 (work in progress),
>=20
> >               April 2012.
>=20
> 3620,3623c3589,3591
>=20
> <               Hammer-Lahav, E., Barth, A., and B. Adida, "HTTP
>=20
> <               Authentication: MAC Access Authentication",
>=20
> <               draft-ietf-oauth-v2-http-mac-00 (work in progress),
>=20
> <               May 2011.
>=20
> ---
>=20
> >               Hammer-Lahav, E., "HTTP Authentication: MAC Access
>=20
> >               Authentication", draft-ietf-oauth-v2-http-mac-01 (work =
in
>=20
> >               progress), February 2012.
>=20
> 3626c3594
>=20
> <               Lodderstedt, T., McGloin, M., and P. Hunt, "OAuth 2.0
>=20
> ---
>=20
> >               McGloin, M., Hunt, P., and T. Lodderstedt, "OAuth 2.0
>=20
> 3628,3629c3596,3597
>=20
> <               draft-ietf-oauth-v2-threatmodel-00 (work in progress),
>=20
> <               July 2011.
>=20
> ---
>=20
> >               draft-ietf-oauth-v2-threatmodel-02 (work in progress),
>=20
> >               February 2012.
>=20
> 3468,3546d3503
>=20
> <    Brian Eaton, Yaron Goland, Dick Hardt, and Allen Tom.
>=20
> 3639c3609,3639
>=20
> >    Brian Eaton, Yaron Y. Goland, Dick Hardt, and Allen Tom.
>=20
> 3468,3546d3503
>=20
> <    Yaron Goland, Brent Goldman, Kristoffer Gronowski, Justin Hart,
>=20
> 3644,3645c3644,3656
>=20
> >    Yaron Y. Goland, Brent Goldman, Kristoffer Gronowski, Justin =
Hart,
>=20
> 3468,3546d3503
>=20
> <    This document was produced under the chairmanship of Blaine Cook,
>=20
> <    Peter Saint-Andre, Hannes Tschofenig, and Barry Leiba.  The area
>=20
> <    directors included Lisa Dusseault, Peter Saint-Andre, and Stephen
>=20
> <    Farrell.
>=20
> 3646a3658,3661
>=20
> >    This document was produced under the chairmanship of Blaine Cook,
>=20
> >    Peter Saint-Andre, Hannes Tschofenig, Barry Leiba, and Derek =
Atkins.
>=20
> >    The area directors included Lisa Dusseault, Peter Saint-Andre, =
and
>=20
> >    Stephen Farrell.
>=20
> =20
>=20
> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf =
Of Hannes Tschofenig
> Sent: Wednesday, May 23, 2012 11:27 AM
> To: oauth@ietf.org WG
> Subject: [OAUTH-WG] Error Encoding: Conclusion
>=20
> =20
>=20
> Hi all,
>=20
> =20
>=20
> on May 10th we called for consensus on an open issue regarding the =
error encoding. Here is the link to the call:
>=20
> http://www.ietf.org/mail-archive/web/oauth/current/msg08994.html
>=20
> =20
>=20
> Thank you all for the feedback. The conclusion of the consensus call =
was to harmonize the encoding between the two specifications by =
incorporating the restrictions from the bearer specification into the =
base specification. The error encoding will go into the core =
specification and the bearer specification will reference it.
>=20
> =20
>=20
> Ciao
>=20
> Hannes & Derek
>=20
> =20
>=20
> _______________________________________________
>=20
> OAuth mailing list
>=20
> OAuth@ietf.org
>=20
> https://www.ietf.org/mailman/listinfo/oauth
>=20
> =20
>=20
>=20
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>=20
> =20
> =
<draft-ietf-oauth-v2-26+mbj-2.xml><draft-ietf-oauth-v2-26+mbj-2.txt><draft=
-ietf-oauth-v2-26+mbj-2.html>


From hannes.tschofenig@gmx.net  Thu May 31 10:54:19 2012
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5561021F8621 for <oauth@ietfa.amsl.com>; Thu, 31 May 2012 10:54:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1QM0ZUDmCObI for <oauth@ietfa.amsl.com>; Thu, 31 May 2012 10:54:18 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id 6FA8A21F861C for <oauth@ietf.org>; Thu, 31 May 2012 10:54:17 -0700 (PDT)
Received: (qmail invoked by alias); 31 May 2012 17:54:11 -0000
Received: from a88-115-216-191.elisa-laajakaista.fi (EHLO [192.168.100.101]) [88.115.216.191] by mail.gmx.net (mp001) with SMTP; 31 May 2012 19:54:11 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX19bxcRoPvtbRV9UPcxKcyqvHvNOlNOUJqAM+dvMEC Dvud26CIoyTfER
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=windows-1252
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
In-Reply-To: <C306A031-C2F0-4912-8341-312DFF4973BD@gmx.net>
Date: Thu, 31 May 2012 20:54:10 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <869336FE-0265-4982-B9DE-E2FAE06CD545@gmx.net>
References: <FADC0EB3-75F7-45E8-93B8-A9C3A07E2E88@gmx.net> <4E1F6AAD24975D4BA5B168042967394366516960@TK5EX14MBXC284.redmond.corp.microsoft.com> <CAB_mRgMumU5qzEJF0KCWNCx+R4MAzVawiJGKj2YBpJFzrxkomQ@mail.gmail.com> <0CBAEB56DDB3A140BA8E8C124C04ECA20104B3A1@P3PWEX2MB008.ex2.secureserver.net> <4E1F6AAD24975D4BA5B16804296739436651E440@TK5EX14MBXC284.redmond.corp.microsoft.com> <C306A031-C2F0-4912-8341-312DFF4973BD@gmx.net>
To: Eran Hammer <eran@hueniverse.com>
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Error Encoding: Conclusion
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 May 2012 17:54:19 -0000

Eran, could you publish a new draft version by Sunday with these changes =
incorporated? That should give the working group enough time to look at =
these few paragraphs.=20

In the meanwhile we are working on addressing the ABNF issue Sean raised =
and we will then go for another update.=20

Ciao
Hannes

On May 31, 2012, at 8:20 PM, Hannes Tschofenig wrote:

> Hi Mike,=20
>=20
> thank you for compiling the text. It looks good to me. I have not seen =
anyone from the working group screaming either.=20
>=20
> Eran, can you incorporate these changes into the next draft version?
>=20
> Ciao
> Hannes
>=20
> On May 30, 2012, at 2:10 AM, Mike Jones wrote:
>=20
>> I=92ve made another set of updates to a copy of Core -26 to address =
the questions raised by Eran and David below (attached).
>>=20
>> An unrelated change that you should probably pick up, Eran is adding =
this to the <front> section, so that the heading shows that the draft is =
a product of the =93OAuth Working Group=94 rather than the =93Network =
Working Group=94:
>>    <area>Security</area>
>>    <workgroup>OAuth Working Group</workgroup>
>>=20
>> One change I didn=92t make, but that should be considered, is to =
delete the reference to OASIS.saml-core-2.0-os, since it is used by no =
<xref> in the document.
>>=20
>> The new proposed text for Section 7.2 follows:
>>=20
>> 7.2.  Error Response
>>=20
>>   If a resource access request fails, the resource server SHOULD =
inform
>>   the client of the error.  While the specific error responses =
possible
>>   and methods for transmitting those errors when using any particular
>>   access token type are beyond the scope of this specification, any
>>   "error" code values defined for use with OAuth resource access
>>   methods MUST be registered (following the procedures in
>>   Section 11.4).
>>=20
>>   Specifically, when the OAuth resource access method uses an "error"
>>   result parameter to return an error code value that indicates the
>>   resource access error encountered, then these error code values =
MUST
>>   be registered.  Values for these "error" codes MUST NOT include
>>   characters outside the set %x20-21 / %x23-5B / %x5D-7E. When an
>>   "error" code value is registered for use by an OAuth resource =
access
>>   method, should that same code already be registered for use by
>>   another OAuth resource access method or at a different OAuth error
>>   usage location, then the meaning of that error code value in in the
>>   new registration MUST be consistent with the its meaning in prior
>>   registrations.
>>=20
>>   The OAuth resource access error registration requirement applies =
only
>>   to "error" code values and not to other means of returning error
>>   indications, including HTTP status codes, or other error-related
>>   result parameters, such as "error_description", "error_uri", or =
other
>>   kinds of error status return methods that may be employed by the
>>   resource access method.  There is no requirement that OAuth =
resource
>>   access methods employ an "error" parameter.
>>=20
>> Hopefully incorporating these changes will enable us to close the =
remaining DISCUSS issues on both the Core and Bearer drafts.
>>=20
>>                                                                Thanks =
all,
>>                                                                -- =
Mike
>>=20
>>=20
>> From: Eran Hammer [mailto:eran@hueniverse.com]=20
>> Sent: Wednesday, May 23, 2012 11:45 PM
>> To: David Recordon; Mike Jones; Hannes Tschofenig
>> Cc: oauth@ietf.org WG
>> Subject: RE: [OAUTH-WG] Error Encoding: Conclusion
>>=20
>> With the exception of section 7.2, the changes look reasonable and =
will be applied in the next revision.
>>=20
>> The new section 7.2 is confusion and does not explain the new =
registry. The section introduces a new requirement to register =91any =
error codes defined for use with OAuth resource access methods=92. This =
requirement is too vague.
>>=20
>> I have no clue how to (for example) apply this text to the MAC draft. =
Adding to David=92s list below:
>>=20
>> * Should the HTTP status codes used by the MAC spec as currently =
written be registered (since no guidance is given to the use of an error =
parameter)?
>> * Does this introduce a requirement to add an error parameter?
>> * Does the parameter need to / should be called =91error=92?
>> * What about future methods in which errors are not simply expressed =
in the form of a fixes string?
>>=20
>> EH
>>=20
>>=20
>> From: David Recordon [mailto:recordond@gmail.com]=20
>> Sent: Wednesday, May 23, 2012 11:38 PM
>> To: Mike Jones; Hannes Tschofenig; Eran Hammer
>> Cc: oauth@ietf.org WG
>> Subject: Re: [OAUTH-WG] Error Encoding: Conclusion
>>=20
>> Honestly still trying to fully wrap my head around what's going on =
here since it seems far more complex than the threads are alluding to. =
In any case, does Mike's text address what Eran brought up as needed in =
the thread Hannes referenced or is Eran wrong?
>>=20
>> The core spec currently provides full guidance and definition for =
error extensibility. Extending the registry's scope means the need for =
non-trivial new text that:
>>=20
>> * explains the process of adding new errors for endpoints not defined =
by this specification,
>> * finds a common ground for value restrictions beyond what is already =
listed,
>> * guide authors of future HTTP authentication schemes meant for use =
with OAuth (e.g. MAC) for their requirements for using the error =
registry, and
>> * address the very likely scenario of the same error code carrying =
different meanings in different endpoints, or an extension that adds a =
location to a code already defined elsewhere - something very likely to =
happen if you cross the two very different domains (OAuth endpoints, =
Protected resource endpoints). This requires changing the entire =
structure of the registry to create separate records for each =
code/location pair.
>>=20
>> Thanks,
>> --David
>>=20
>> On Wed, May 23, 2012 at 10:22 PM, Mike Jones =
<Michael.Jones@microsoft.com> wrote:
>> Thanks Hannes.  In the interest of hopefully completing the edits to =
remove the DISCUSS issues for the Bearer and Core specs in the next few =
days so that we can send the docs to the RFC editors, I'd like to =
propose specific language for the Core spec to address both of the =
consensus call issue resolutions.  After there's consensus on the =
specific text for Core, it will be easy for us to add a reference in =
Bearer to the language in Core for the error syntax restrictions and to =
use the OAuth errors registry.  I'll do that in parallel with the =
discussions on the proposed core language changes.
>>=20
>>=20
>>=20
>> A summary of the changes I made in response to the consensus call =
conclusions are:
>>=20
>> =B7        Add syntax restrictions for =93error=94, =
=93error_description=94, and =93error_uri=94 from Bearer to Core
>>=20
>> =B7        Add section 7.2 about error responses from resource access =
requests
>>=20
>> =B7        Add =93resource access error response=94 to the category =
of OAuth errors that can be registered
>>=20
>>=20
>>=20
>> Additional editorial changes that I made as I encountered issues in =
the document were:
>>=20
>> =B7        Updated out of date references, especially the =
draft-hardt-oauth-01 reference, which contained an invalid link
>>=20
>> =B7        Added Derek Atkins to the list of chairs
>>=20
>> =B7        Added Yaron Goland=92s middle initial Y. (since he prefers =
to include it in publications)
>>=20
>> =B7        Replaced use of the deprecated <appendix> element, which =
prevented the spec from building with strict checking, with a <section> =
element in the <back> section (which creates an appendix)
>>=20
>>=20
>>=20
>> To make it easy to incorporate these changes into the document and so =
the proposed changes are unambiguous, I produced an edited version of =
Core -26 containing these changes.  The xml, txt, and html versions are =
attached to facilitate review.  Pertinent diffs from the .txt version =
follow.
>>=20
>>=20
>>=20
>>                                                            Cheers,
>>=20
>>                                                            -- Mike
>>=20
>>=20
>>=20
>> 683c683,684
>>=20
>> <    notation of [RFC5234].
>>=20
>> ---
>>=20
>>>   notation of [RFC5234].  Additionally, the rule URI-Reference is
>>=20
>>>   included from Uniform Resource Identifier (URI) [RFC3986].
>>=20
>> 1441c1441,1442
>>=20
>> <          REQUIRED.  A single error code from the following:
>>=20
>> ---
>>=20
>>>         REQUIRED.  A single ASCII [USASCII] error code from the
>>=20
>>>         following:
>>=20
>> 1474a1475,1476
>>=20
>>>         Values for the "error" parameter MUST NOT include characters
>>=20
>>>         outside the set %x20-21 / %x23-5B / %x5D-7E.
>>=20
>> 1476c1478
>>=20
>> <          OPTIONAL.  A human-readable UTF-8 encoded text providing
>>=20
>> ---
>>=20
>>>         OPTIONAL.  A human-readable ASCII [USASCII] text providing
>>=20
>> 1478a1481,1482
>>=20
>>>         Values for the "error_description" parameter MUST NOT =
include
>>=20
>>>         characters outside the set %x20-21 / %x23-5B / %x5D-7E.
>>=20
>> 1482a1487,1489
>>=20
>>>         Values for the "error_uri" parameter MUST conform to the =
URI-
>>=20
>>>         Reference syntax, and thus MUST NOT include characters =
outside
>>=20
>>>         the set %x21 / %x23-5B / %x5D-7E.
>>=20
>> 1840c1840,1841
>>=20
>> <          REQUIRED.  A single error code from the following:
>>=20
>> ---
>>=20
>>>         REQUIRED.  A single ASCII [USASCII] error code from the
>>=20
>>>         following:
>>=20
>> 1873a1874,1875
>>=20
>>>         Values for the "error" parameter MUST NOT include characters
>>=20
>>>         outside the set %x20-21 / %x23-5B / %x5D-7E.
>>=20
>> 1875c1877
>>=20
>> <          OPTIONAL.  A human-readable UTF-8 encoded text providing
>>=20
>> ---
>>=20
>>>         OPTIONAL.  A human-readable ASCII [USASCII] text providing
>>=20
>> 1877a1880,1881
>>=20
>>>         Values for the "error_description" parameter MUST NOT =
include
>>=20
>>>         characters outside the set %x20-21 / %x23-5B / %x5D-7E.
>>=20
>> 1881a1886,1888
>>=20
>>>         Values for the "error_uri" parameter MUST conform to the =
URI-
>>=20
>>>         Reference syntax, and thus MUST NOT include characters =
outside
>>=20
>>>         the set %x21 / %x23-5B / %x5D-7E.
>>=20
>> <          REQUIRED.  A single error code from the following:
>>=20
>> ---
>>=20
>>>         REQUIRED.  A single ASCII [USASCII] error code from the
>>=20
>>>         following:
>>=20
>> 2325a2326,2327
>>=20
>>>         Values for the "error" parameter MUST NOT include characters
>>=20
>>>         outside the set %x20-21 / %x23-5B / %x5D-7E.
>>=20
>> 2327c2329
>>=20
>> <          OPTIONAL.  A human-readable UTF-8 encoded text providing
>>=20
>> ---
>>=20
>>>         OPTIONAL.  A human-readable ASCII [USASCII] text providing
>>=20
>> 2329a2332,2333
>>=20
>>>         Values for the "error_description" parameter MUST NOT =
include
>>=20
>>>         characters outside the set %x20-21 / %x23-5B / %x5D-7E.
>>=20
>> 2333a2338,2340
>>=20
>>>         Values for the "error_uri" parameter MUST conform to the =
URI-
>>=20
>>>         Reference syntax, and thus MUST NOT include characters =
outside
>>=20
>>>         the set %x21 / %x23-5B / %x5D-7E.
>>=20
>> 2450c2460,2468
>>=20
>> <    The method in which the client utilized the access token to
>>=20
>> ---
>>=20
>>>   The method in which the client utilizes the access token to
>>=20
>> 2479c2489
>>=20
>> <      Authorization: Bearer 7Fjfp0ZBr1KtDRbnfVdmIw
>>=20
>> ---
>>=20
>>>     Authorization: Bearer mF_9.B5f-4.1JqM
>>=20
>> 2503a2514,2533
>>=20
>>>=20
>>=20
>>> 7.2.  Error Response
>>=20
>>>=20
>>=20
>>>   If a resource access request fails, the resource server SHOULD =
inform
>>=20
>>>   the client of the error.  While the specific error responses =
possible
>>=20
>>>   and methods for transmitting those errors when using any =
particular
>>=20
>>>   access token type are beyond the scope of this specification, any
>>=20
>>>   error codes defined for use with OAuth resource access methods =
MUST
>>=20
>>>   be registered (following the procedures in Section 11.4).
>>=20
>>>=20
>>=20
>>>=20
>>=20
>> 2602,2603c2624,2626
>>=20
>> <    (Section 4.2.2.1), or the token error response (Section 5.2), =
such
>>=20
>> <    error codes MAY be defined.
>>=20
>> ---
>>=20
>>>   (Section 4.2.2.1), the token error response (Section 5.2), or the
>>=20
>>>   resource access error response (Section 7.2), such error codes MAY =
be
>>=20
>>>   defined.
>>=20
>> 3444c3484,3485
>>=20
>> <       (Section 4.2.2.1), or token error response (Section 5.2).
>>=20
>> ---
>>=20
>>>      (Section 4.2.2.1), token error response (Section 5.2), or =
resource
>>=20
>>>      access error response (Section 7.2).
>>=20
>> 3596a3554,3557
>>=20
>>>   [USASCII]  American National Standards Institute, "Coded Character
>>=20
>>>              Set -- 7-bit American Standard Code for Information
>>=20
>>>              Interchange", ANSI X3.4, 1986.
>>=20
>>>=20
>>=20
>> 3611,3612c3572,3573
>>=20
>> <               OAuth 2.0", draft-ietf-oauth-saml2-bearer-08 (work in
>>=20
>> <               progress), August 2011.
>>=20
>> ---
>>=20
>>>              OAuth 2.0", draft-ietf-oauth-saml2-bearer-12 (work in
>>=20
>>>              progress), May 2012.
>>=20
>> 3616,3617c3577,3579
>>=20
>> <               Protocol: Bearer Tokens", =
draft-ietf-oauth-v2-bearer-08
>>=20
>> <               (work in progress), July 2011.
>>=20
>> ---
>>=20
>>>              Authorization Protocol: Bearer Tokens",
>>=20
>>>              draft-ietf-oauth-v2-bearer-19 (work in progress),
>>=20
>>>              April 2012.
>>=20
>> 3620,3623c3589,3591
>>=20
>> <               Hammer-Lahav, E., Barth, A., and B. Adida, "HTTP
>>=20
>> <               Authentication: MAC Access Authentication",
>>=20
>> <               draft-ietf-oauth-v2-http-mac-00 (work in progress),
>>=20
>> <               May 2011.
>>=20
>> ---
>>=20
>>>              Hammer-Lahav, E., "HTTP Authentication: MAC Access
>>=20
>>>              Authentication", draft-ietf-oauth-v2-http-mac-01 (work =
in
>>=20
>>>              progress), February 2012.
>>=20
>> 3626c3594
>>=20
>> <               Lodderstedt, T., McGloin, M., and P. Hunt, "OAuth 2.0
>>=20
>> ---
>>=20
>>>              McGloin, M., Hunt, P., and T. Lodderstedt, "OAuth 2.0
>>=20
>> 3628,3629c3596,3597
>>=20
>> <               draft-ietf-oauth-v2-threatmodel-00 (work in =
progress),
>>=20
>> <               July 2011.
>>=20
>> ---
>>=20
>>>              draft-ietf-oauth-v2-threatmodel-02 (work in progress),
>>=20
>>>              February 2012.
>>=20
>> 3468,3546d3503
>>=20
>> <    Brian Eaton, Yaron Goland, Dick Hardt, and Allen Tom.
>>=20
>> 3639c3609,3639
>>=20
>>>   Brian Eaton, Yaron Y. Goland, Dick Hardt, and Allen Tom.
>>=20
>> 3468,3546d3503
>>=20
>> <    Yaron Goland, Brent Goldman, Kristoffer Gronowski, Justin Hart,
>>=20
>> 3644,3645c3644,3656
>>=20
>>>   Yaron Y. Goland, Brent Goldman, Kristoffer Gronowski, Justin Hart,
>>=20
>> 3468,3546d3503
>>=20
>> <    This document was produced under the chairmanship of Blaine =
Cook,
>>=20
>> <    Peter Saint-Andre, Hannes Tschofenig, and Barry Leiba.  The area
>>=20
>> <    directors included Lisa Dusseault, Peter Saint-Andre, and =
Stephen
>>=20
>> <    Farrell.
>>=20
>> 3646a3658,3661
>>=20
>>>   This document was produced under the chairmanship of Blaine Cook,
>>=20
>>>   Peter Saint-Andre, Hannes Tschofenig, Barry Leiba, and Derek =
Atkins.
>>=20
>>>   The area directors included Lisa Dusseault, Peter Saint-Andre, and
>>=20
>>>   Stephen Farrell.
>>=20
>>=20
>>=20
>> -----Original Message-----
>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On =
Behalf Of Hannes Tschofenig
>> Sent: Wednesday, May 23, 2012 11:27 AM
>> To: oauth@ietf.org WG
>> Subject: [OAUTH-WG] Error Encoding: Conclusion
>>=20
>>=20
>>=20
>> Hi all,
>>=20
>>=20
>>=20
>> on May 10th we called for consensus on an open issue regarding the =
error encoding. Here is the link to the call:
>>=20
>> http://www.ietf.org/mail-archive/web/oauth/current/msg08994.html
>>=20
>>=20
>>=20
>> Thank you all for the feedback. The conclusion of the consensus call =
was to harmonize the encoding between the two specifications by =
incorporating the restrictions from the bearer specification into the =
base specification. The error encoding will go into the core =
specification and the bearer specification will reference it.
>>=20
>>=20
>>=20
>> Ciao
>>=20
>> Hannes & Derek
>>=20
>>=20
>>=20
>> _______________________________________________
>>=20
>> OAuth mailing list
>>=20
>> OAuth@ietf.org
>>=20
>> https://www.ietf.org/mailman/listinfo/oauth
>>=20
>>=20
>>=20
>>=20
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>=20
>>=20
>> =
<draft-ietf-oauth-v2-26+mbj-2.xml><draft-ietf-oauth-v2-26+mbj-2.txt><draft=
-ietf-oauth-v2-26+mbj-2.html>
>=20


From eran@hueniverse.com  Thu May 31 12:35:32 2012
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 131BF21F86D4 for <oauth@ietfa.amsl.com>; Thu, 31 May 2012 12:35:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hg9u2Xbt2+ul for <oauth@ietfa.amsl.com>; Thu, 31 May 2012 12:35:30 -0700 (PDT)
Received: from p3plex2out04.prod.phx3.secureserver.net (p3plex2out04.prod.phx3.secureserver.net [184.168.131.18]) by ietfa.amsl.com (Postfix) with ESMTP id 7DFDC21F86D3 for <oauth@ietf.org>; Thu, 31 May 2012 12:35:30 -0700 (PDT)
Received: from P3PWEX2HT001.ex2.secureserver.net ([184.168.131.9]) by p3plex2out04.prod.phx3.secureserver.net with bizsmtp id GjbT1j0030CJzpC01jbTfp; Thu, 31 May 2012 12:35:27 -0700
Received: from P3PWEX2MB008.ex2.secureserver.net ([169.254.8.66]) by P3PWEX2HT001.ex2.secureserver.net ([184.168.131.9]) with mapi id 14.02.0247.003; Thu, 31 May 2012 12:35:27 -0700
From: Eran Hammer <eran@hueniverse.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Thread-Topic: [OAUTH-WG] Error Encoding: Conclusion
Thread-Index: AQHNORGtuzciwTXPbU2x0B3Abs7zkpbYRq5QgACsJID//4uLsIAJZTAAgAJh//qAABEIwA==
Date: Thu, 31 May 2012 19:35:26 +0000
Message-ID: <0CBAEB56DDB3A140BA8E8C124C04ECA20105888A@P3PWEX2MB008.ex2.secureserver.net>
References: <FADC0EB3-75F7-45E8-93B8-A9C3A07E2E88@gmx.net> <4E1F6AAD24975D4BA5B168042967394366516960@TK5EX14MBXC284.redmond.corp.microsoft.com> <CAB_mRgMumU5qzEJF0KCWNCx+R4MAzVawiJGKj2YBpJFzrxkomQ@mail.gmail.com> <0CBAEB56DDB3A140BA8E8C124C04ECA20104B3A1@P3PWEX2MB008.ex2.secureserver.net> <4E1F6AAD24975D4BA5B16804296739436651E440@TK5EX14MBXC284.redmond.corp.microsoft.com> <C306A031-C2F0-4912-8341-312DFF4973BD@gmx.net> <869336FE-0265-4982-B9DE-E2FAE06CD545@gmx.net>
In-Reply-To: <869336FE-0265-4982-B9DE-E2FAE06CD545@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [64.74.213.174]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Error Encoding: Conclusion
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 May 2012 19:35:32 -0000

I'll first review the proposed text (as a WG member) and raise any issues r=
emaining (if any).

I will wait until the ABNF text is provided before publishing another versi=
on.

EH

> -----Original Message-----
> From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net]
> Sent: Thursday, May 31, 2012 10:54 AM
> To: Eran Hammer
> Cc: Mike Jones; oauth@ietf.org WG; Hannes Tschofenig
> Subject: Re: [OAUTH-WG] Error Encoding: Conclusion
>=20
> Eran, could you publish a new draft version by Sunday with these changes
> incorporated? That should give the working group enough time to look at
> these few paragraphs.
>=20
> In the meanwhile we are working on addressing the ABNF issue Sean raised
> and we will then go for another update.
>=20
> Ciao
> Hannes
>=20
> On May 31, 2012, at 8:20 PM, Hannes Tschofenig wrote:
>=20
> > Hi Mike,
> >
> > thank you for compiling the text. It looks good to me. I have not seen
> anyone from the working group screaming either.
> >
> > Eran, can you incorporate these changes into the next draft version?
> >
> > Ciao
> > Hannes
> >
> > On May 30, 2012, at 2:10 AM, Mike Jones wrote:
> >
> >> I've made another set of updates to a copy of Core -26 to address the
> questions raised by Eran and David below (attached).
> >>
> >> An unrelated change that you should probably pick up, Eran is adding t=
his
> to the <front> section, so that the heading shows that the draft is a pro=
duct
> of the "OAuth Working Group" rather than the "Network Working Group":
> >>    <area>Security</area>
> >>    <workgroup>OAuth Working Group</workgroup>
> >>
> >> One change I didn't make, but that should be considered, is to delete =
the
> reference to OASIS.saml-core-2.0-os, since it is used by no <xref> in the
> document.
> >>
> >> The new proposed text for Section 7.2 follows:
> >>
> >> 7.2.  Error Response
> >>
> >>   If a resource access request fails, the resource server SHOULD infor=
m
> >>   the client of the error.  While the specific error responses possibl=
e
> >>   and methods for transmitting those errors when using any particular
> >>   access token type are beyond the scope of this specification, any
> >>   "error" code values defined for use with OAuth resource access
> >>   methods MUST be registered (following the procedures in
> >>   Section 11.4).
> >>
> >>   Specifically, when the OAuth resource access method uses an "error"
> >>   result parameter to return an error code value that indicates the
> >>   resource access error encountered, then these error code values MUST
> >>   be registered.  Values for these "error" codes MUST NOT include
> >>   characters outside the set %x20-21 / %x23-5B / %x5D-7E. When an
> >>   "error" code value is registered for use by an OAuth resource access
> >>   method, should that same code already be registered for use by
> >>   another OAuth resource access method or at a different OAuth error
> >>   usage location, then the meaning of that error code value in in the
> >>   new registration MUST be consistent with the its meaning in prior
> >>   registrations.
> >>
> >>   The OAuth resource access error registration requirement applies onl=
y
> >>   to "error" code values and not to other means of returning error
> >>   indications, including HTTP status codes, or other error-related
> >>   result parameters, such as "error_description", "error_uri", or othe=
r
> >>   kinds of error status return methods that may be employed by the
> >>   resource access method.  There is no requirement that OAuth resource
> >>   access methods employ an "error" parameter.
> >>
> >> Hopefully incorporating these changes will enable us to close the
> remaining DISCUSS issues on both the Core and Bearer drafts.
> >>
> >>                                                                Thanks =
all,
> >>                                                                -- Mike
> >>
> >>
> >> From: Eran Hammer [mailto:eran@hueniverse.com]
> >> Sent: Wednesday, May 23, 2012 11:45 PM
> >> To: David Recordon; Mike Jones; Hannes Tschofenig
> >> Cc: oauth@ietf.org WG
> >> Subject: RE: [OAUTH-WG] Error Encoding: Conclusion
> >>
> >> With the exception of section 7.2, the changes look reasonable and wil=
l be
> applied in the next revision.
> >>
> >> The new section 7.2 is confusion and does not explain the new registry=
.
> The section introduces a new requirement to register 'any error codes
> defined for use with OAuth resource access methods'. This requirement is
> too vague.
> >>
> >> I have no clue how to (for example) apply this text to the MAC draft.
> Adding to David's list below:
> >>
> >> * Should the HTTP status codes used by the MAC spec as currently writt=
en
> be registered (since no guidance is given to the use of an error paramete=
r)?
> >> * Does this introduce a requirement to add an error parameter?
> >> * Does the parameter need to / should be called 'error'?
> >> * What about future methods in which errors are not simply expressed i=
n
> the form of a fixes string?
> >>
> >> EH
> >>
> >>
> >> From: David Recordon [mailto:recordond@gmail.com]
> >> Sent: Wednesday, May 23, 2012 11:38 PM
> >> To: Mike Jones; Hannes Tschofenig; Eran Hammer
> >> Cc: oauth@ietf.org WG
> >> Subject: Re: [OAUTH-WG] Error Encoding: Conclusion
> >>
> >> Honestly still trying to fully wrap my head around what's going on her=
e
> since it seems far more complex than the threads are alluding to. In any =
case,
> does Mike's text address what Eran brought up as needed in the thread
> Hannes referenced or is Eran wrong?
> >>
> >> The core spec currently provides full guidance and definition for erro=
r
> extensibility. Extending the registry's scope means the need for non-triv=
ial
> new text that:
> >>
> >> * explains the process of adding new errors for endpoints not defined =
by
> this specification,
> >> * finds a common ground for value restrictions beyond what is already
> listed,
> >> * guide authors of future HTTP authentication schemes meant for use
> with OAuth (e.g. MAC) for their requirements for using the error registry=
,
> and
> >> * address the very likely scenario of the same error code carrying
> different meanings in different endpoints, or an extension that adds a
> location to a code already defined elsewhere - something very likely to
> happen if you cross the two very different domains (OAuth endpoints,
> Protected resource endpoints). This requires changing the entire structur=
e of
> the registry to create separate records for each code/location pair.
> >>
> >> Thanks,
> >> --David
> >>
> >> On Wed, May 23, 2012 at 10:22 PM, Mike Jones
> <Michael.Jones@microsoft.com> wrote:
> >> Thanks Hannes.  In the interest of hopefully completing the edits to
> remove the DISCUSS issues for the Bearer and Core specs in the next few
> days so that we can send the docs to the RFC editors, I'd like to propose
> specific language for the Core spec to address both of the consensus call
> issue resolutions.  After there's consensus on the specific text for Core=
, it will
> be easy for us to add a reference in Bearer to the language in Core for t=
he
> error syntax restrictions and to use the OAuth errors registry.  I'll do =
that in
> parallel with the discussions on the proposed core language changes.
> >>
> >>
> >>
> >> A summary of the changes I made in response to the consensus call
> conclusions are:
> >>
> >> *        Add syntax restrictions for "error", "error_description", and
> "error_uri" from Bearer to Core
> >>
> >> *        Add section 7.2 about error responses from resource access re=
quests
> >>
> >> *        Add "resource access error response" to the category of OAuth
> errors that can be registered
> >>
> >>
> >>
> >> Additional editorial changes that I made as I encountered issues in th=
e
> document were:
> >>
> >> *        Updated out of date references, especially the draft-hardt-oa=
uth-01
> reference, which contained an invalid link
> >>
> >> *        Added Derek Atkins to the list of chairs
> >>
> >> *        Added Yaron Goland's middle initial Y. (since he prefers to i=
nclude it
> in publications)
> >>
> >> *        Replaced use of the deprecated <appendix> element, which
> prevented the spec from building with strict checking, with a <section>
> element in the <back> section (which creates an appendix)
> >>
> >>
> >>
> >> To make it easy to incorporate these changes into the document and so
> the proposed changes are unambiguous, I produced an edited version of
> Core -26 containing these changes.  The xml, txt, and html versions are
> attached to facilitate review.  Pertinent diffs from the .txt version fol=
low.
> >>
> >>
> >>
> >>                                                            Cheers,
> >>
> >>                                                            -- Mike
> >>
> >>
> >>
> >> 683c683,684
> >>
> >> <    notation of [RFC5234].
> >>
> >> ---
> >>
> >>>   notation of [RFC5234].  Additionally, the rule URI-Reference is
> >>
> >>>   included from Uniform Resource Identifier (URI) [RFC3986].
> >>
> >> 1441c1441,1442
> >>
> >> <          REQUIRED.  A single error code from the following:
> >>
> >> ---
> >>
> >>>         REQUIRED.  A single ASCII [USASCII] error code from the
> >>
> >>>         following:
> >>
> >> 1474a1475,1476
> >>
> >>>         Values for the "error" parameter MUST NOT include characters
> >>
> >>>         outside the set %x20-21 / %x23-5B / %x5D-7E.
> >>
> >> 1476c1478
> >>
> >> <          OPTIONAL.  A human-readable UTF-8 encoded text providing
> >>
> >> ---
> >>
> >>>         OPTIONAL.  A human-readable ASCII [USASCII] text providing
> >>
> >> 1478a1481,1482
> >>
> >>>         Values for the "error_description" parameter MUST NOT include
> >>
> >>>         characters outside the set %x20-21 / %x23-5B / %x5D-7E.
> >>
> >> 1482a1487,1489
> >>
> >>>         Values for the "error_uri" parameter MUST conform to the URI-
> >>
> >>>         Reference syntax, and thus MUST NOT include characters outsid=
e
> >>
> >>>         the set %x21 / %x23-5B / %x5D-7E.
> >>
> >> 1840c1840,1841
> >>
> >> <          REQUIRED.  A single error code from the following:
> >>
> >> ---
> >>
> >>>         REQUIRED.  A single ASCII [USASCII] error code from the
> >>
> >>>         following:
> >>
> >> 1873a1874,1875
> >>
> >>>         Values for the "error" parameter MUST NOT include characters
> >>
> >>>         outside the set %x20-21 / %x23-5B / %x5D-7E.
> >>
> >> 1875c1877
> >>
> >> <          OPTIONAL.  A human-readable UTF-8 encoded text providing
> >>
> >> ---
> >>
> >>>         OPTIONAL.  A human-readable ASCII [USASCII] text providing
> >>
> >> 1877a1880,1881
> >>
> >>>         Values for the "error_description" parameter MUST NOT include
> >>
> >>>         characters outside the set %x20-21 / %x23-5B / %x5D-7E.
> >>
> >> 1881a1886,1888
> >>
> >>>         Values for the "error_uri" parameter MUST conform to the URI-
> >>
> >>>         Reference syntax, and thus MUST NOT include characters outsid=
e
> >>
> >>>         the set %x21 / %x23-5B / %x5D-7E.
> >>
> >> <          REQUIRED.  A single error code from the following:
> >>
> >> ---
> >>
> >>>         REQUIRED.  A single ASCII [USASCII] error code from the
> >>
> >>>         following:
> >>
> >> 2325a2326,2327
> >>
> >>>         Values for the "error" parameter MUST NOT include characters
> >>
> >>>         outside the set %x20-21 / %x23-5B / %x5D-7E.
> >>
> >> 2327c2329
> >>
> >> <          OPTIONAL.  A human-readable UTF-8 encoded text providing
> >>
> >> ---
> >>
> >>>         OPTIONAL.  A human-readable ASCII [USASCII] text providing
> >>
> >> 2329a2332,2333
> >>
> >>>         Values for the "error_description" parameter MUST NOT include
> >>
> >>>         characters outside the set %x20-21 / %x23-5B / %x5D-7E.
> >>
> >> 2333a2338,2340
> >>
> >>>         Values for the "error_uri" parameter MUST conform to the URI-
> >>
> >>>         Reference syntax, and thus MUST NOT include characters outsid=
e
> >>
> >>>         the set %x21 / %x23-5B / %x5D-7E.
> >>
> >> 2450c2460,2468
> >>
> >> <    The method in which the client utilized the access token to
> >>
> >> ---
> >>
> >>>   The method in which the client utilizes the access token to
> >>
> >> 2479c2489
> >>
> >> <      Authorization: Bearer 7Fjfp0ZBr1KtDRbnfVdmIw
> >>
> >> ---
> >>
> >>>     Authorization: Bearer mF_9.B5f-4.1JqM
> >>
> >> 2503a2514,2533
> >>
> >>>
> >>
> >>> 7.2.  Error Response
> >>
> >>>
> >>
> >>>   If a resource access request fails, the resource server SHOULD info=
rm
> >>
> >>>   the client of the error.  While the specific error responses possib=
le
> >>
> >>>   and methods for transmitting those errors when using any particular
> >>
> >>>   access token type are beyond the scope of this specification, any
> >>
> >>>   error codes defined for use with OAuth resource access methods MUST
> >>
> >>>   be registered (following the procedures in Section 11.4).
> >>
> >>>
> >>
> >>>
> >>
> >> 2602,2603c2624,2626
> >>
> >> <    (Section 4.2.2.1), or the token error response (Section 5.2), suc=
h
> >>
> >> <    error codes MAY be defined.
> >>
> >> ---
> >>
> >>>   (Section 4.2.2.1), the token error response (Section 5.2), or the
> >>
> >>>   resource access error response (Section 7.2), such error codes MAY =
be
> >>
> >>>   defined.
> >>
> >> 3444c3484,3485
> >>
> >> <       (Section 4.2.2.1), or token error response (Section 5.2).
> >>
> >> ---
> >>
> >>>      (Section 4.2.2.1), token error response (Section 5.2), or resour=
ce
> >>
> >>>      access error response (Section 7.2).
> >>
> >> 3596a3554,3557
> >>
> >>>   [USASCII]  American National Standards Institute, "Coded Character
> >>
> >>>              Set -- 7-bit American Standard Code for Information
> >>
> >>>              Interchange", ANSI X3.4, 1986.
> >>
> >>>
> >>
> >> 3611,3612c3572,3573
> >>
> >> <               OAuth 2.0", draft-ietf-oauth-saml2-bearer-08 (work in
> >>
> >> <               progress), August 2011.
> >>
> >> ---
> >>
> >>>              OAuth 2.0", draft-ietf-oauth-saml2-bearer-12 (work in
> >>
> >>>              progress), May 2012.
> >>
> >> 3616,3617c3577,3579
> >>
> >> <               Protocol: Bearer Tokens", draft-ietf-oauth-v2-bearer-0=
8
> >>
> >> <               (work in progress), July 2011.
> >>
> >> ---
> >>
> >>>              Authorization Protocol: Bearer Tokens",
> >>
> >>>              draft-ietf-oauth-v2-bearer-19 (work in progress),
> >>
> >>>              April 2012.
> >>
> >> 3620,3623c3589,3591
> >>
> >> <               Hammer-Lahav, E., Barth, A., and B. Adida, "HTTP
> >>
> >> <               Authentication: MAC Access Authentication",
> >>
> >> <               draft-ietf-oauth-v2-http-mac-00 (work in progress),
> >>
> >> <               May 2011.
> >>
> >> ---
> >>
> >>>              Hammer-Lahav, E., "HTTP Authentication: MAC Access
> >>
> >>>              Authentication", draft-ietf-oauth-v2-http-mac-01 (work i=
n
> >>
> >>>              progress), February 2012.
> >>
> >> 3626c3594
> >>
> >> <               Lodderstedt, T., McGloin, M., and P. Hunt, "OAuth 2.0
> >>
> >> ---
> >>
> >>>              McGloin, M., Hunt, P., and T. Lodderstedt, "OAuth 2.0
> >>
> >> 3628,3629c3596,3597
> >>
> >> <               draft-ietf-oauth-v2-threatmodel-00 (work in progress),
> >>
> >> <               July 2011.
> >>
> >> ---
> >>
> >>>              draft-ietf-oauth-v2-threatmodel-02 (work in progress),
> >>
> >>>              February 2012.
> >>
> >> 3468,3546d3503
> >>
> >> <    Brian Eaton, Yaron Goland, Dick Hardt, and Allen Tom.
> >>
> >> 3639c3609,3639
> >>
> >>>   Brian Eaton, Yaron Y. Goland, Dick Hardt, and Allen Tom.
> >>
> >> 3468,3546d3503
> >>
> >> <    Yaron Goland, Brent Goldman, Kristoffer Gronowski, Justin Hart,
> >>
> >> 3644,3645c3644,3656
> >>
> >>>   Yaron Y. Goland, Brent Goldman, Kristoffer Gronowski, Justin Hart,
> >>
> >> 3468,3546d3503
> >>
> >> <    This document was produced under the chairmanship of Blaine Cook,
> >>
> >> <    Peter Saint-Andre, Hannes Tschofenig, and Barry Leiba.  The area
> >>
> >> <    directors included Lisa Dusseault, Peter Saint-Andre, and Stephen
> >>
> >> <    Farrell.
> >>
> >> 3646a3658,3661
> >>
> >>>   This document was produced under the chairmanship of Blaine Cook,
> >>
> >>>   Peter Saint-Andre, Hannes Tschofenig, Barry Leiba, and Derek Atkins=
.
> >>
> >>>   The area directors included Lisa Dusseault, Peter Saint-Andre, and
> >>
> >>>   Stephen Farrell.
> >>
> >>
> >>
> >> -----Original Message-----
> >> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On
> Behalf Of Hannes Tschofenig
> >> Sent: Wednesday, May 23, 2012 11:27 AM
> >> To: oauth@ietf.org WG
> >> Subject: [OAUTH-WG] Error Encoding: Conclusion
> >>
> >>
> >>
> >> Hi all,
> >>
> >>
> >>
> >> on May 10th we called for consensus on an open issue regarding the err=
or
> encoding. Here is the link to the call:
> >>
> >> http://www.ietf.org/mail-archive/web/oauth/current/msg08994.html
> >>
> >>
> >>
> >> Thank you all for the feedback. The conclusion of the consensus call w=
as
> to harmonize the encoding between the two specifications by incorporating
> the restrictions from the bearer specification into the base specificatio=
n. The
> error encoding will go into the core specification and the bearer specifi=
cation
> will reference it.
> >>
> >>
> >>
> >> Ciao
> >>
> >> Hannes & Derek
> >>
> >>
> >>
> >> _______________________________________________
> >>
> >> OAuth mailing list
> >>
> >> OAuth@ietf.org
> >>
> >> https://www.ietf.org/mailman/listinfo/oauth
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> OAuth mailing list
> >> OAuth@ietf.org
> >> https://www.ietf.org/mailman/listinfo/oauth
> >>
> >>
> >> <draft-ietf-oauth-v2-26+mbj-2.xml><draft-ietf-oauth-v2-26+mbj-
> 2.txt><draft-ietf-oauth-v2-26+mbj-2.html>
> >


From Michael.Jones@microsoft.com  Thu May 31 13:53:06 2012
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25AF411E8081 for <oauth@ietfa.amsl.com>; Thu, 31 May 2012 13:53:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.612
X-Spam-Level: 
X-Spam-Status: No, score=-3.612 tagged_above=-999 required=5 tests=[AWL=-0.013, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PbLL7OZMP5ni for <oauth@ietfa.amsl.com>; Thu, 31 May 2012 13:53:04 -0700 (PDT)
Received: from am1outboundpool.messaging.microsoft.com (am1ehsobe001.messaging.microsoft.com [213.199.154.204]) by ietfa.amsl.com (Postfix) with ESMTP id 7F1AD11E8080 for <oauth@ietf.org>; Thu, 31 May 2012 13:53:03 -0700 (PDT)
Received: from mail60-am1-R.bigfish.com (10.3.201.247) by AM1EHSOBE005.bigfish.com (10.3.204.25) with Microsoft SMTP Server id 14.1.225.23; Thu, 31 May 2012 20:52:33 +0000
Received: from mail60-am1 (localhost [127.0.0.1])	by mail60-am1-R.bigfish.com (Postfix) with ESMTP id 7172720496; Thu, 31 May 2012 20:52:33 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC104.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -43
X-BigFish: VS-43(zz9371I179cM14ffI542M1432N1418I98dK4015Izz1202hzz1033IL8275bh8275dhz2fh2a8h668h839h944hd25hf0ah)
Received-SPF: pass (mail60-am1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14MLTC104.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail60-am1 (localhost.localdomain [127.0.0.1]) by mail60-am1 (MessageSwitch) id 1338497550459697_12081; Thu, 31 May 2012 20:52:30 +0000 (UTC)
Received: from AM1EHSMHS017.bigfish.com (unknown [10.3.201.244])	by mail60-am1.bigfish.com (Postfix) with ESMTP id 6E4A0A0046; Thu, 31 May 2012 20:52:30 +0000 (UTC)
Received: from TK5EX14MLTC104.redmond.corp.microsoft.com (131.107.125.8) by AM1EHSMHS017.bigfish.com (10.3.207.155) with Microsoft SMTP Server (TLS) id 14.1.225.23; Thu, 31 May 2012 20:52:28 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.189]) by TK5EX14MLTC104.redmond.corp.microsoft.com ([157.54.79.159]) with mapi id 14.02.0298.005; Thu, 31 May 2012 20:52:53 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Eran Hammer <eran@hueniverse.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>
Thread-Topic: [OAUTH-WG] Error Encoding: Conclusion
Thread-Index: AQHNORGtuzciwTXPbU2x0B3Abs7zkpbYRq5QgAA2y4CAAAHMgIAI6/dggALF+ICAAAlrAIAAHEsAgAAVMWA=
Date: Thu, 31 May 2012 20:52:52 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739436652221D@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <FADC0EB3-75F7-45E8-93B8-A9C3A07E2E88@gmx.net> <4E1F6AAD24975D4BA5B168042967394366516960@TK5EX14MBXC284.redmond.corp.microsoft.com> <CAB_mRgMumU5qzEJF0KCWNCx+R4MAzVawiJGKj2YBpJFzrxkomQ@mail.gmail.com> <0CBAEB56DDB3A140BA8E8C124C04ECA20104B3A1@P3PWEX2MB008.ex2.secureserver.net> <4E1F6AAD24975D4BA5B16804296739436651E440@TK5EX14MBXC284.redmond.corp.microsoft.com> <C306A031-C2F0-4912-8341-312DFF4973BD@gmx.net> <869336FE-0265-4982-B9DE-E2FAE06CD545@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA20105888A@P3PWEX2MB008.ex2.secureserver.net>
In-Reply-To: <0CBAEB56DDB3A140BA8E8C124C04ECA20105888A@P3PWEX2MB008.ex2.secureserver.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.78]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Error Encoding: Conclusion
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 May 2012 20:53:06 -0000

Actually, could you please publish before the ABNF is done so that I can pu=
blish a version of Bearer referencing the new text in Core, so it can be re=
viewed by the WG in parallel with the ABNF work happening?  I think that wa=
s Hannes' intent in asking you to publish soon.  Version numbers are cheap.=
..

				Thanks,
				-- Mike

-----Original Message-----
From: Eran Hammer [mailto:eran@hueniverse.com]=20
Sent: Thursday, May 31, 2012 12:35 PM
To: Hannes Tschofenig
Cc: Mike Jones; oauth@ietf.org WG
Subject: RE: [OAUTH-WG] Error Encoding: Conclusion

I'll first review the proposed text (as a WG member) and raise any issues r=
emaining (if any).

I will wait until the ABNF text is provided before publishing another versi=
on.

EH

> -----Original Message-----
> From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net]
> Sent: Thursday, May 31, 2012 10:54 AM
> To: Eran Hammer
> Cc: Mike Jones; oauth@ietf.org WG; Hannes Tschofenig
> Subject: Re: [OAUTH-WG] Error Encoding: Conclusion
>=20
> Eran, could you publish a new draft version by Sunday with these=20
> changes incorporated? That should give the working group enough time=20
> to look at these few paragraphs.
>=20
> In the meanwhile we are working on addressing the ABNF issue Sean=20
> raised and we will then go for another update.
>=20
> Ciao
> Hannes
>=20
> On May 31, 2012, at 8:20 PM, Hannes Tschofenig wrote:
>=20
> > Hi Mike,
> >
> > thank you for compiling the text. It looks good to me. I have not=20
> > seen
> anyone from the working group screaming either.
> >
> > Eran, can you incorporate these changes into the next draft version?
> >
> > Ciao
> > Hannes
> >
> > On May 30, 2012, at 2:10 AM, Mike Jones wrote:
> >
> >> I've made another set of updates to a copy of Core -26 to address=20
> >> the
> questions raised by Eran and David below (attached).
> >>
> >> An unrelated change that you should probably pick up, Eran is=20
> >> adding this
> to the <front> section, so that the heading shows that the draft is a=20
> product of the "OAuth Working Group" rather than the "Network Working Gro=
up":
> >>    <area>Security</area>
> >>    <workgroup>OAuth Working Group</workgroup>
> >>
> >> One change I didn't make, but that should be considered, is to=20
> >> delete the
> reference to OASIS.saml-core-2.0-os, since it is used by no <xref> in=20
> the document.
> >>
> >> The new proposed text for Section 7.2 follows:
> >>
> >> 7.2.  Error Response
> >>
> >>   If a resource access request fails, the resource server SHOULD infor=
m
> >>   the client of the error.  While the specific error responses possibl=
e
> >>   and methods for transmitting those errors when using any particular
> >>   access token type are beyond the scope of this specification, any
> >>   "error" code values defined for use with OAuth resource access
> >>   methods MUST be registered (following the procedures in
> >>   Section 11.4).
> >>
> >>   Specifically, when the OAuth resource access method uses an "error"
> >>   result parameter to return an error code value that indicates the
> >>   resource access error encountered, then these error code values MUST
> >>   be registered.  Values for these "error" codes MUST NOT include
> >>   characters outside the set %x20-21 / %x23-5B / %x5D-7E. When an
> >>   "error" code value is registered for use by an OAuth resource access
> >>   method, should that same code already be registered for use by
> >>   another OAuth resource access method or at a different OAuth error
> >>   usage location, then the meaning of that error code value in in the
> >>   new registration MUST be consistent with the its meaning in prior
> >>   registrations.
> >>
> >>   The OAuth resource access error registration requirement applies onl=
y
> >>   to "error" code values and not to other means of returning error
> >>   indications, including HTTP status codes, or other error-related
> >>   result parameters, such as "error_description", "error_uri", or othe=
r
> >>   kinds of error status return methods that may be employed by the
> >>   resource access method.  There is no requirement that OAuth resource
> >>   access methods employ an "error" parameter.
> >>
> >> Hopefully incorporating these changes will enable us to close the
> remaining DISCUSS issues on both the Core and Bearer drafts.
> >>
> >>                                                                Thanks =
all,
> >>                                                                --=20
> >> Mike
> >>
> >>
> >> From: Eran Hammer [mailto:eran@hueniverse.com]
> >> Sent: Wednesday, May 23, 2012 11:45 PM
> >> To: David Recordon; Mike Jones; Hannes Tschofenig
> >> Cc: oauth@ietf.org WG
> >> Subject: RE: [OAUTH-WG] Error Encoding: Conclusion
> >>
> >> With the exception of section 7.2, the changes look reasonable and=20
> >> will be
> applied in the next revision.
> >>
> >> The new section 7.2 is confusion and does not explain the new registry=
.
> The section introduces a new requirement to register 'any error codes=20
> defined for use with OAuth resource access methods'. This requirement=20
> is too vague.
> >>
> >> I have no clue how to (for example) apply this text to the MAC draft.
> Adding to David's list below:
> >>
> >> * Should the HTTP status codes used by the MAC spec as currently=20
> >> written
> be registered (since no guidance is given to the use of an error paramete=
r)?
> >> * Does this introduce a requirement to add an error parameter?
> >> * Does the parameter need to / should be called 'error'?
> >> * What about future methods in which errors are not simply=20
> >> expressed in
> the form of a fixes string?
> >>
> >> EH
> >>
> >>
> >> From: David Recordon [mailto:recordond@gmail.com]
> >> Sent: Wednesday, May 23, 2012 11:38 PM
> >> To: Mike Jones; Hannes Tschofenig; Eran Hammer
> >> Cc: oauth@ietf.org WG
> >> Subject: Re: [OAUTH-WG] Error Encoding: Conclusion
> >>
> >> Honestly still trying to fully wrap my head around what's going on=20
> >> here
> since it seems far more complex than the threads are alluding to. In=20
> any case, does Mike's text address what Eran brought up as needed in=20
> the thread Hannes referenced or is Eran wrong?
> >>
> >> The core spec currently provides full guidance and definition for=20
> >> error
> extensibility. Extending the registry's scope means the need for=20
> non-trivial new text that:
> >>
> >> * explains the process of adding new errors for endpoints not=20
> >> defined by
> this specification,
> >> * finds a common ground for value restrictions beyond what is=20
> >> already
> listed,
> >> * guide authors of future HTTP authentication schemes meant for use
> with OAuth (e.g. MAC) for their requirements for using the error=20
> registry, and
> >> * address the very likely scenario of the same error code carrying
> different meanings in different endpoints, or an extension that adds a=20
> location to a code already defined elsewhere - something very likely=20
> to happen if you cross the two very different domains (OAuth=20
> endpoints, Protected resource endpoints). This requires changing the=20
> entire structure of the registry to create separate records for each code=
/location pair.
> >>
> >> Thanks,
> >> --David
> >>
> >> On Wed, May 23, 2012 at 10:22 PM, Mike Jones
> <Michael.Jones@microsoft.com> wrote:
> >> Thanks Hannes.  In the interest of hopefully completing the edits=20
> >> to
> remove the DISCUSS issues for the Bearer and Core specs in the next=20
> few days so that we can send the docs to the RFC editors, I'd like to=20
> propose specific language for the Core spec to address both of the=20
> consensus call issue resolutions.  After there's consensus on the=20
> specific text for Core, it will be easy for us to add a reference in=20
> Bearer to the language in Core for the error syntax restrictions and=20
> to use the OAuth errors registry.  I'll do that in parallel with the disc=
ussions on the proposed core language changes.
> >>
> >>
> >>
> >> A summary of the changes I made in response to the consensus call
> conclusions are:
> >>
> >> *        Add syntax restrictions for "error", "error_description", and
> "error_uri" from Bearer to Core
> >>
> >> *        Add section 7.2 about error responses from resource access re=
quests
> >>
> >> *        Add "resource access error response" to the category of OAuth
> errors that can be registered
> >>
> >>
> >>
> >> Additional editorial changes that I made as I encountered issues in=20
> >> the
> document were:
> >>
> >> *        Updated out of date references, especially the draft-hardt-oa=
uth-01
> reference, which contained an invalid link
> >>
> >> *        Added Derek Atkins to the list of chairs
> >>
> >> *        Added Yaron Goland's middle initial Y. (since he prefers to i=
nclude it
> in publications)
> >>
> >> *        Replaced use of the deprecated <appendix> element, which
> prevented the spec from building with strict checking, with a=20
> <section> element in the <back> section (which creates an appendix)
> >>
> >>
> >>
> >> To make it easy to incorporate these changes into the document and=20
> >> so
> the proposed changes are unambiguous, I produced an edited version of=20
> Core -26 containing these changes.  The xml, txt, and html versions=20
> are attached to facilitate review.  Pertinent diffs from the .txt version=
 follow.
> >>
> >>
> >>
> >>                                                            Cheers,
> >>
> >>                                                            -- Mike
> >>
> >>
> >>
> >> 683c683,684
> >>
> >> <    notation of [RFC5234].
> >>
> >> ---
> >>
> >>>   notation of [RFC5234].  Additionally, the rule URI-Reference is
> >>
> >>>   included from Uniform Resource Identifier (URI) [RFC3986].
> >>
> >> 1441c1441,1442
> >>
> >> <          REQUIRED.  A single error code from the following:
> >>
> >> ---
> >>
> >>>         REQUIRED.  A single ASCII [USASCII] error code from the
> >>
> >>>         following:
> >>
> >> 1474a1475,1476
> >>
> >>>         Values for the "error" parameter MUST NOT include=20
> >>> characters
> >>
> >>>         outside the set %x20-21 / %x23-5B / %x5D-7E.
> >>
> >> 1476c1478
> >>
> >> <          OPTIONAL.  A human-readable UTF-8 encoded text providing
> >>
> >> ---
> >>
> >>>         OPTIONAL.  A human-readable ASCII [USASCII] text providing
> >>
> >> 1478a1481,1482
> >>
> >>>         Values for the "error_description" parameter MUST NOT=20
> >>> include
> >>
> >>>         characters outside the set %x20-21 / %x23-5B / %x5D-7E.
> >>
> >> 1482a1487,1489
> >>
> >>>         Values for the "error_uri" parameter MUST conform to the=20
> >>> URI-
> >>
> >>>         Reference syntax, and thus MUST NOT include characters=20
> >>> outside
> >>
> >>>         the set %x21 / %x23-5B / %x5D-7E.
> >>
> >> 1840c1840,1841
> >>
> >> <          REQUIRED.  A single error code from the following:
> >>
> >> ---
> >>
> >>>         REQUIRED.  A single ASCII [USASCII] error code from the
> >>
> >>>         following:
> >>
> >> 1873a1874,1875
> >>
> >>>         Values for the "error" parameter MUST NOT include=20
> >>> characters
> >>
> >>>         outside the set %x20-21 / %x23-5B / %x5D-7E.
> >>
> >> 1875c1877
> >>
> >> <          OPTIONAL.  A human-readable UTF-8 encoded text providing
> >>
> >> ---
> >>
> >>>         OPTIONAL.  A human-readable ASCII [USASCII] text providing
> >>
> >> 1877a1880,1881
> >>
> >>>         Values for the "error_description" parameter MUST NOT=20
> >>> include
> >>
> >>>         characters outside the set %x20-21 / %x23-5B / %x5D-7E.
> >>
> >> 1881a1886,1888
> >>
> >>>         Values for the "error_uri" parameter MUST conform to the=20
> >>> URI-
> >>
> >>>         Reference syntax, and thus MUST NOT include characters=20
> >>> outside
> >>
> >>>         the set %x21 / %x23-5B / %x5D-7E.
> >>
> >> <          REQUIRED.  A single error code from the following:
> >>
> >> ---
> >>
> >>>         REQUIRED.  A single ASCII [USASCII] error code from the
> >>
> >>>         following:
> >>
> >> 2325a2326,2327
> >>
> >>>         Values for the "error" parameter MUST NOT include=20
> >>> characters
> >>
> >>>         outside the set %x20-21 / %x23-5B / %x5D-7E.
> >>
> >> 2327c2329
> >>
> >> <          OPTIONAL.  A human-readable UTF-8 encoded text providing
> >>
> >> ---
> >>
> >>>         OPTIONAL.  A human-readable ASCII [USASCII] text providing
> >>
> >> 2329a2332,2333
> >>
> >>>         Values for the "error_description" parameter MUST NOT=20
> >>> include
> >>
> >>>         characters outside the set %x20-21 / %x23-5B / %x5D-7E.
> >>
> >> 2333a2338,2340
> >>
> >>>         Values for the "error_uri" parameter MUST conform to the=20
> >>> URI-
> >>
> >>>         Reference syntax, and thus MUST NOT include characters=20
> >>> outside
> >>
> >>>         the set %x21 / %x23-5B / %x5D-7E.
> >>
> >> 2450c2460,2468
> >>
> >> <    The method in which the client utilized the access token to
> >>
> >> ---
> >>
> >>>   The method in which the client utilizes the access token to
> >>
> >> 2479c2489
> >>
> >> <      Authorization: Bearer 7Fjfp0ZBr1KtDRbnfVdmIw
> >>
> >> ---
> >>
> >>>     Authorization: Bearer mF_9.B5f-4.1JqM
> >>
> >> 2503a2514,2533
> >>
> >>>
> >>
> >>> 7.2.  Error Response
> >>
> >>>
> >>
> >>>   If a resource access request fails, the resource server SHOULD=20
> >>> inform
> >>
> >>>   the client of the error.  While the specific error responses=20
> >>> possible
> >>
> >>>   and methods for transmitting those errors when using any=20
> >>> particular
> >>
> >>>   access token type are beyond the scope of this specification,=20
> >>> any
> >>
> >>>   error codes defined for use with OAuth resource access methods=20
> >>> MUST
> >>
> >>>   be registered (following the procedures in Section 11.4).
> >>
> >>>
> >>
> >>>
> >>
> >> 2602,2603c2624,2626
> >>
> >> <    (Section 4.2.2.1), or the token error response (Section 5.2), suc=
h
> >>
> >> <    error codes MAY be defined.
> >>
> >> ---
> >>
> >>>   (Section 4.2.2.1), the token error response (Section 5.2), or=20
> >>> the
> >>
> >>>   resource access error response (Section 7.2), such error codes=20
> >>> MAY be
> >>
> >>>   defined.
> >>
> >> 3444c3484,3485
> >>
> >> <       (Section 4.2.2.1), or token error response (Section 5.2).
> >>
> >> ---
> >>
> >>>      (Section 4.2.2.1), token error response (Section 5.2), or=20
> >>> resource
> >>
> >>>      access error response (Section 7.2).
> >>
> >> 3596a3554,3557
> >>
> >>>   [USASCII]  American National Standards Institute, "Coded=20
> >>> Character
> >>
> >>>              Set -- 7-bit American Standard Code for Information
> >>
> >>>              Interchange", ANSI X3.4, 1986.
> >>
> >>>
> >>
> >> 3611,3612c3572,3573
> >>
> >> <               OAuth 2.0", draft-ietf-oauth-saml2-bearer-08 (work in
> >>
> >> <               progress), August 2011.
> >>
> >> ---
> >>
> >>>              OAuth 2.0", draft-ietf-oauth-saml2-bearer-12 (work in
> >>
> >>>              progress), May 2012.
> >>
> >> 3616,3617c3577,3579
> >>
> >> <               Protocol: Bearer Tokens", draft-ietf-oauth-v2-bearer-0=
8
> >>
> >> <               (work in progress), July 2011.
> >>
> >> ---
> >>
> >>>              Authorization Protocol: Bearer Tokens",
> >>
> >>>              draft-ietf-oauth-v2-bearer-19 (work in progress),
> >>
> >>>              April 2012.
> >>
> >> 3620,3623c3589,3591
> >>
> >> <               Hammer-Lahav, E., Barth, A., and B. Adida, "HTTP
> >>
> >> <               Authentication: MAC Access Authentication",
> >>
> >> <               draft-ietf-oauth-v2-http-mac-00 (work in progress),
> >>
> >> <               May 2011.
> >>
> >> ---
> >>
> >>>              Hammer-Lahav, E., "HTTP Authentication: MAC Access
> >>
> >>>              Authentication", draft-ietf-oauth-v2-http-mac-01=20
> >>> (work in
> >>
> >>>              progress), February 2012.
> >>
> >> 3626c3594
> >>
> >> <               Lodderstedt, T., McGloin, M., and P. Hunt, "OAuth 2.0
> >>
> >> ---
> >>
> >>>              McGloin, M., Hunt, P., and T. Lodderstedt, "OAuth 2.0
> >>
> >> 3628,3629c3596,3597
> >>
> >> <               draft-ietf-oauth-v2-threatmodel-00 (work in progress),
> >>
> >> <               July 2011.
> >>
> >> ---
> >>
> >>>              draft-ietf-oauth-v2-threatmodel-02 (work in=20
> >>> progress),
> >>
> >>>              February 2012.
> >>
> >> 3468,3546d3503
> >>
> >> <    Brian Eaton, Yaron Goland, Dick Hardt, and Allen Tom.
> >>
> >> 3639c3609,3639
> >>
> >>>   Brian Eaton, Yaron Y. Goland, Dick Hardt, and Allen Tom.
> >>
> >> 3468,3546d3503
> >>
> >> <    Yaron Goland, Brent Goldman, Kristoffer Gronowski, Justin Hart,
> >>
> >> 3644,3645c3644,3656
> >>
> >>>   Yaron Y. Goland, Brent Goldman, Kristoffer Gronowski, Justin=20
> >>> Hart,
> >>
> >> 3468,3546d3503
> >>
> >> <    This document was produced under the chairmanship of Blaine Cook,
> >>
> >> <    Peter Saint-Andre, Hannes Tschofenig, and Barry Leiba.  The area
> >>
> >> <    directors included Lisa Dusseault, Peter Saint-Andre, and Stephen
> >>
> >> <    Farrell.
> >>
> >> 3646a3658,3661
> >>
> >>>   This document was produced under the chairmanship of Blaine=20
> >>> Cook,
> >>
> >>>   Peter Saint-Andre, Hannes Tschofenig, Barry Leiba, and Derek Atkins=
.
> >>
> >>>   The area directors included Lisa Dusseault, Peter Saint-Andre,=20
> >>> and
> >>
> >>>   Stephen Farrell.
> >>
> >>
> >>
> >> -----Original Message-----
> >> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On
> Behalf Of Hannes Tschofenig
> >> Sent: Wednesday, May 23, 2012 11:27 AM
> >> To: oauth@ietf.org WG
> >> Subject: [OAUTH-WG] Error Encoding: Conclusion
> >>
> >>
> >>
> >> Hi all,
> >>
> >>
> >>
> >> on May 10th we called for consensus on an open issue regarding the=20
> >> error
> encoding. Here is the link to the call:
> >>
> >> http://www.ietf.org/mail-archive/web/oauth/current/msg08994.html
> >>
> >>
> >>
> >> Thank you all for the feedback. The conclusion of the consensus=20
> >> call was
> to harmonize the encoding between the two specifications by=20
> incorporating the restrictions from the bearer specification into the=20
> base specification. The error encoding will go into the core=20
> specification and the bearer specification will reference it.
> >>
> >>
> >>
> >> Ciao
> >>
> >> Hannes & Derek
> >>
> >>
> >>
> >> _______________________________________________
> >>
> >> OAuth mailing list
> >>
> >> OAuth@ietf.org
> >>
> >> https://www.ietf.org/mailman/listinfo/oauth
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> OAuth mailing list
> >> OAuth@ietf.org
> >> https://www.ietf.org/mailman/listinfo/oauth
> >>
> >>
> >> <draft-ietf-oauth-v2-26+mbj-2.xml><draft-ietf-oauth-v2-26+mbj-
> 2.txt><draft-ietf-oauth-v2-26+mbj-2.html>
> >




From eran@hueniverse.com  Thu May 31 19:47:39 2012
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B18911E80E3 for <oauth@ietfa.amsl.com>; Thu, 31 May 2012 19:47:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MB0Z3enzxy0v for <oauth@ietfa.amsl.com>; Thu, 31 May 2012 19:47:38 -0700 (PDT)
Received: from p3plex2out02.prod.phx3.secureserver.net (p3plex2out02.prod.phx3.secureserver.net [184.168.131.14]) by ietfa.amsl.com (Postfix) with ESMTP id 0450C11E8072 for <oauth@ietf.org>; Thu, 31 May 2012 19:47:37 -0700 (PDT)
Received: from P3PWEX2HT001.ex2.secureserver.net ([184.168.131.9]) by p3plex2out02.prod.phx3.secureserver.net with bizsmtp id Gqnd1j0030CJzpC01qndtw; Thu, 31 May 2012 19:47:37 -0700
Received: from P3PWEX2MB008.ex2.secureserver.net ([169.254.8.66]) by P3PWEX2HT001.ex2.secureserver.net ([184.168.131.9]) with mapi id 14.02.0247.003; Thu, 31 May 2012 19:47:36 -0700
From: Eran Hammer <eran@hueniverse.com>
To: Mike Jones <Michael.Jones@microsoft.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>
Thread-Topic: [OAUTH-WG] Error Encoding: Conclusion
Thread-Index: AQHNORGtuzciwTXPbU2x0B3Abs7zkpbYRq5QgACsJID//4uLsIAJZTAAgAJh//qAABEIwIAAi1IA///tYpA=
Date: Fri, 1 Jun 2012 02:47:36 +0000
Message-ID: <0CBAEB56DDB3A140BA8E8C124C04ECA2010597A3@P3PWEX2MB008.ex2.secureserver.net>
References: <FADC0EB3-75F7-45E8-93B8-A9C3A07E2E88@gmx.net> <4E1F6AAD24975D4BA5B168042967394366516960@TK5EX14MBXC284.redmond.corp.microsoft.com> <CAB_mRgMumU5qzEJF0KCWNCx+R4MAzVawiJGKj2YBpJFzrxkomQ@mail.gmail.com> <0CBAEB56DDB3A140BA8E8C124C04ECA20104B3A1@P3PWEX2MB008.ex2.secureserver.net> <4E1F6AAD24975D4BA5B16804296739436651E440@TK5EX14MBXC284.redmond.corp.microsoft.com> <C306A031-C2F0-4912-8341-312DFF4973BD@gmx.net> <869336FE-0265-4982-B9DE-E2FAE06CD545@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA20105888A@P3PWEX2MB008.ex2.secureserver.net> <4E1F6AAD24975D4BA5B16804296739436652221D@TK5EX14MBXC284.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739436652221D@TK5EX14MBXC284.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [64.74.213.174]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Error Encoding: Conclusion
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Jun 2012 02:47:39 -0000

> -----Original Message-----
> From: Mike Jones [mailto:Michael.Jones@microsoft.com]
> Sent: Thursday, May 31, 2012 1:53 PM
> To: Eran Hammer; Hannes Tschofenig
> Cc: oauth@ietf.org WG
> Subject: RE: [OAUTH-WG] Error Encoding: Conclusion
>=20
> Actually, could you please publish before the ABNF is done so that I can
> publish a version of Bearer referencing the new text in Core, so it can b=
e
> reviewed by the WG in parallel with the ABNF work happening?  I think tha=
t
> was Hannes' intent in asking you to publish soon.

I'll review the text and will reply back as to publishing schedule.

> Version numbers are
> cheap...

My time isn't.

EH

> 				Thanks,
> 				-- Mike
>=20
> -----Original Message-----
> From: Eran Hammer [mailto:eran@hueniverse.com]
> Sent: Thursday, May 31, 2012 12:35 PM
> To: Hannes Tschofenig
> Cc: Mike Jones; oauth@ietf.org WG
> Subject: RE: [OAUTH-WG] Error Encoding: Conclusion
>=20
> I'll first review the proposed text (as a WG member) and raise any issues
> remaining (if any).
>=20
> I will wait until the ABNF text is provided before publishing another ver=
sion.
>=20
> EH
>=20
> > -----Original Message-----
> > From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net]
> > Sent: Thursday, May 31, 2012 10:54 AM
> > To: Eran Hammer
> > Cc: Mike Jones; oauth@ietf.org WG; Hannes Tschofenig
> > Subject: Re: [OAUTH-WG] Error Encoding: Conclusion
> >
> > Eran, could you publish a new draft version by Sunday with these
> > changes incorporated? That should give the working group enough time
> > to look at these few paragraphs.
> >
> > In the meanwhile we are working on addressing the ABNF issue Sean
> > raised and we will then go for another update.
> >
> > Ciao
> > Hannes
> >
> > On May 31, 2012, at 8:20 PM, Hannes Tschofenig wrote:
> >
> > > Hi Mike,
> > >
> > > thank you for compiling the text. It looks good to me. I have not
> > > seen
> > anyone from the working group screaming either.
> > >
> > > Eran, can you incorporate these changes into the next draft version?
> > >
> > > Ciao
> > > Hannes
> > >
> > > On May 30, 2012, at 2:10 AM, Mike Jones wrote:
> > >
> > >> I've made another set of updates to a copy of Core -26 to address
> > >> the
> > questions raised by Eran and David below (attached).
> > >>
> > >> An unrelated change that you should probably pick up, Eran is
> > >> adding this
> > to the <front> section, so that the heading shows that the draft is a
> > product of the "OAuth Working Group" rather than the "Network Working
> Group":
> > >>    <area>Security</area>
> > >>    <workgroup>OAuth Working Group</workgroup>
> > >>
> > >> One change I didn't make, but that should be considered, is to
> > >> delete the
> > reference to OASIS.saml-core-2.0-os, since it is used by no <xref> in
> > the document.
> > >>
> > >> The new proposed text for Section 7.2 follows:
> > >>
> > >> 7.2.  Error Response
> > >>
> > >>   If a resource access request fails, the resource server SHOULD inf=
orm
> > >>   the client of the error.  While the specific error responses possi=
ble
> > >>   and methods for transmitting those errors when using any particula=
r
> > >>   access token type are beyond the scope of this specification, any
> > >>   "error" code values defined for use with OAuth resource access
> > >>   methods MUST be registered (following the procedures in
> > >>   Section 11.4).
> > >>
> > >>   Specifically, when the OAuth resource access method uses an "error=
"
> > >>   result parameter to return an error code value that indicates the
> > >>   resource access error encountered, then these error code values
> MUST
> > >>   be registered.  Values for these "error" codes MUST NOT include
> > >>   characters outside the set %x20-21 / %x23-5B / %x5D-7E. When an
> > >>   "error" code value is registered for use by an OAuth resource acce=
ss
> > >>   method, should that same code already be registered for use by
> > >>   another OAuth resource access method or at a different OAuth error
> > >>   usage location, then the meaning of that error code value in in th=
e
> > >>   new registration MUST be consistent with the its meaning in prior
> > >>   registrations.
> > >>
> > >>   The OAuth resource access error registration requirement applies o=
nly
> > >>   to "error" code values and not to other means of returning error
> > >>   indications, including HTTP status codes, or other error-related
> > >>   result parameters, such as "error_description", "error_uri", or ot=
her
> > >>   kinds of error status return methods that may be employed by the
> > >>   resource access method.  There is no requirement that OAuth resour=
ce
> > >>   access methods employ an "error" parameter.
> > >>
> > >> Hopefully incorporating these changes will enable us to close the
> > remaining DISCUSS issues on both the Core and Bearer drafts.
> > >>
> > >>                                                                Thank=
s all,
> > >>                                                                --
> > >> Mike
> > >>
> > >>
> > >> From: Eran Hammer [mailto:eran@hueniverse.com]
> > >> Sent: Wednesday, May 23, 2012 11:45 PM
> > >> To: David Recordon; Mike Jones; Hannes Tschofenig
> > >> Cc: oauth@ietf.org WG
> > >> Subject: RE: [OAUTH-WG] Error Encoding: Conclusion
> > >>
> > >> With the exception of section 7.2, the changes look reasonable and
> > >> will be
> > applied in the next revision.
> > >>
> > >> The new section 7.2 is confusion and does not explain the new regist=
ry.
> > The section introduces a new requirement to register 'any error codes
> > defined for use with OAuth resource access methods'. This requirement
> > is too vague.
> > >>
> > >> I have no clue how to (for example) apply this text to the MAC draft=
.
> > Adding to David's list below:
> > >>
> > >> * Should the HTTP status codes used by the MAC spec as currently
> > >> written
> > be registered (since no guidance is given to the use of an error parame=
ter)?
> > >> * Does this introduce a requirement to add an error parameter?
> > >> * Does the parameter need to / should be called 'error'?
> > >> * What about future methods in which errors are not simply
> > >> expressed in
> > the form of a fixes string?
> > >>
> > >> EH
> > >>
> > >>
> > >> From: David Recordon [mailto:recordond@gmail.com]
> > >> Sent: Wednesday, May 23, 2012 11:38 PM
> > >> To: Mike Jones; Hannes Tschofenig; Eran Hammer
> > >> Cc: oauth@ietf.org WG
> > >> Subject: Re: [OAUTH-WG] Error Encoding: Conclusion
> > >>
> > >> Honestly still trying to fully wrap my head around what's going on
> > >> here
> > since it seems far more complex than the threads are alluding to. In
> > any case, does Mike's text address what Eran brought up as needed in
> > the thread Hannes referenced or is Eran wrong?
> > >>
> > >> The core spec currently provides full guidance and definition for
> > >> error
> > extensibility. Extending the registry's scope means the need for
> > non-trivial new text that:
> > >>
> > >> * explains the process of adding new errors for endpoints not
> > >> defined by
> > this specification,
> > >> * finds a common ground for value restrictions beyond what is
> > >> already
> > listed,
> > >> * guide authors of future HTTP authentication schemes meant for use
> > with OAuth (e.g. MAC) for their requirements for using the error
> > registry, and
> > >> * address the very likely scenario of the same error code carrying
> > different meanings in different endpoints, or an extension that adds a
> > location to a code already defined elsewhere - something very likely
> > to happen if you cross the two very different domains (OAuth
> > endpoints, Protected resource endpoints). This requires changing the
> > entire structure of the registry to create separate records for each
> code/location pair.
> > >>
> > >> Thanks,
> > >> --David
> > >>
> > >> On Wed, May 23, 2012 at 10:22 PM, Mike Jones
> > <Michael.Jones@microsoft.com> wrote:
> > >> Thanks Hannes.  In the interest of hopefully completing the edits
> > >> to
> > remove the DISCUSS issues for the Bearer and Core specs in the next
> > few days so that we can send the docs to the RFC editors, I'd like to
> > propose specific language for the Core spec to address both of the
> > consensus call issue resolutions.  After there's consensus on the
> > specific text for Core, it will be easy for us to add a reference in
> > Bearer to the language in Core for the error syntax restrictions and
> > to use the OAuth errors registry.  I'll do that in parallel with the di=
scussions
> on the proposed core language changes.
> > >>
> > >>
> > >>
> > >> A summary of the changes I made in response to the consensus call
> > conclusions are:
> > >>
> > >> *        Add syntax restrictions for "error", "error_description", a=
nd
> > "error_uri" from Bearer to Core
> > >>
> > >> *        Add section 7.2 about error responses from resource access
> requests
> > >>
> > >> *        Add "resource access error response" to the category of OAu=
th
> > errors that can be registered
> > >>
> > >>
> > >>
> > >> Additional editorial changes that I made as I encountered issues in
> > >> the
> > document were:
> > >>
> > >> *        Updated out of date references, especially the draft-hardt-=
oauth-
> 01
> > reference, which contained an invalid link
> > >>
> > >> *        Added Derek Atkins to the list of chairs
> > >>
> > >> *        Added Yaron Goland's middle initial Y. (since he prefers to=
 include
> it
> > in publications)
> > >>
> > >> *        Replaced use of the deprecated <appendix> element, which
> > prevented the spec from building with strict checking, with a
> > <section> element in the <back> section (which creates an appendix)
> > >>
> > >>
> > >>
> > >> To make it easy to incorporate these changes into the document and
> > >> so
> > the proposed changes are unambiguous, I produced an edited version of
> > Core -26 containing these changes.  The xml, txt, and html versions
> > are attached to facilitate review.  Pertinent diffs from the .txt versi=
on
> follow.
> > >>
> > >>
> > >>
> > >>                                                            Cheers,
> > >>
> > >>                                                            -- Mike
> > >>
> > >>
> > >>
> > >> 683c683,684
> > >>
> > >> <    notation of [RFC5234].
> > >>
> > >> ---
> > >>
> > >>>   notation of [RFC5234].  Additionally, the rule URI-Reference is
> > >>
> > >>>   included from Uniform Resource Identifier (URI) [RFC3986].
> > >>
> > >> 1441c1441,1442
> > >>
> > >> <          REQUIRED.  A single error code from the following:
> > >>
> > >> ---
> > >>
> > >>>         REQUIRED.  A single ASCII [USASCII] error code from the
> > >>
> > >>>         following:
> > >>
> > >> 1474a1475,1476
> > >>
> > >>>         Values for the "error" parameter MUST NOT include
> > >>> characters
> > >>
> > >>>         outside the set %x20-21 / %x23-5B / %x5D-7E.
> > >>
> > >> 1476c1478
> > >>
> > >> <          OPTIONAL.  A human-readable UTF-8 encoded text providing
> > >>
> > >> ---
> > >>
> > >>>         OPTIONAL.  A human-readable ASCII [USASCII] text providing
> > >>
> > >> 1478a1481,1482
> > >>
> > >>>         Values for the "error_description" parameter MUST NOT
> > >>> include
> > >>
> > >>>         characters outside the set %x20-21 / %x23-5B / %x5D-7E.
> > >>
> > >> 1482a1487,1489
> > >>
> > >>>         Values for the "error_uri" parameter MUST conform to the
> > >>> URI-
> > >>
> > >>>         Reference syntax, and thus MUST NOT include characters
> > >>> outside
> > >>
> > >>>         the set %x21 / %x23-5B / %x5D-7E.
> > >>
> > >> 1840c1840,1841
> > >>
> > >> <          REQUIRED.  A single error code from the following:
> > >>
> > >> ---
> > >>
> > >>>         REQUIRED.  A single ASCII [USASCII] error code from the
> > >>
> > >>>         following:
> > >>
> > >> 1873a1874,1875
> > >>
> > >>>         Values for the "error" parameter MUST NOT include
> > >>> characters
> > >>
> > >>>         outside the set %x20-21 / %x23-5B / %x5D-7E.
> > >>
> > >> 1875c1877
> > >>
> > >> <          OPTIONAL.  A human-readable UTF-8 encoded text providing
> > >>
> > >> ---
> > >>
> > >>>         OPTIONAL.  A human-readable ASCII [USASCII] text providing
> > >>
> > >> 1877a1880,1881
> > >>
> > >>>         Values for the "error_description" parameter MUST NOT
> > >>> include
> > >>
> > >>>         characters outside the set %x20-21 / %x23-5B / %x5D-7E.
> > >>
> > >> 1881a1886,1888
> > >>
> > >>>         Values for the "error_uri" parameter MUST conform to the
> > >>> URI-
> > >>
> > >>>         Reference syntax, and thus MUST NOT include characters
> > >>> outside
> > >>
> > >>>         the set %x21 / %x23-5B / %x5D-7E.
> > >>
> > >> <          REQUIRED.  A single error code from the following:
> > >>
> > >> ---
> > >>
> > >>>         REQUIRED.  A single ASCII [USASCII] error code from the
> > >>
> > >>>         following:
> > >>
> > >> 2325a2326,2327
> > >>
> > >>>         Values for the "error" parameter MUST NOT include
> > >>> characters
> > >>
> > >>>         outside the set %x20-21 / %x23-5B / %x5D-7E.
> > >>
> > >> 2327c2329
> > >>
> > >> <          OPTIONAL.  A human-readable UTF-8 encoded text providing
> > >>
> > >> ---
> > >>
> > >>>         OPTIONAL.  A human-readable ASCII [USASCII] text providing
> > >>
> > >> 2329a2332,2333
> > >>
> > >>>         Values for the "error_description" parameter MUST NOT
> > >>> include
> > >>
> > >>>         characters outside the set %x20-21 / %x23-5B / %x5D-7E.
> > >>
> > >> 2333a2338,2340
> > >>
> > >>>         Values for the "error_uri" parameter MUST conform to the
> > >>> URI-
> > >>
> > >>>         Reference syntax, and thus MUST NOT include characters
> > >>> outside
> > >>
> > >>>         the set %x21 / %x23-5B / %x5D-7E.
> > >>
> > >> 2450c2460,2468
> > >>
> > >> <    The method in which the client utilized the access token to
> > >>
> > >> ---
> > >>
> > >>>   The method in which the client utilizes the access token to
> > >>
> > >> 2479c2489
> > >>
> > >> <      Authorization: Bearer 7Fjfp0ZBr1KtDRbnfVdmIw
> > >>
> > >> ---
> > >>
> > >>>     Authorization: Bearer mF_9.B5f-4.1JqM
> > >>
> > >> 2503a2514,2533
> > >>
> > >>>
> > >>
> > >>> 7.2.  Error Response
> > >>
> > >>>
> > >>
> > >>>   If a resource access request fails, the resource server SHOULD
> > >>> inform
> > >>
> > >>>   the client of the error.  While the specific error responses
> > >>> possible
> > >>
> > >>>   and methods for transmitting those errors when using any
> > >>> particular
> > >>
> > >>>   access token type are beyond the scope of this specification,
> > >>> any
> > >>
> > >>>   error codes defined for use with OAuth resource access methods
> > >>> MUST
> > >>
> > >>>   be registered (following the procedures in Section 11.4).
> > >>
> > >>>
> > >>
> > >>>
> > >>
> > >> 2602,2603c2624,2626
> > >>
> > >> <    (Section 4.2.2.1), or the token error response (Section 5.2), s=
uch
> > >>
> > >> <    error codes MAY be defined.
> > >>
> > >> ---
> > >>
> > >>>   (Section 4.2.2.1), the token error response (Section 5.2), or
> > >>> the
> > >>
> > >>>   resource access error response (Section 7.2), such error codes
> > >>> MAY be
> > >>
> > >>>   defined.
> > >>
> > >> 3444c3484,3485
> > >>
> > >> <       (Section 4.2.2.1), or token error response (Section 5.2).
> > >>
> > >> ---
> > >>
> > >>>      (Section 4.2.2.1), token error response (Section 5.2), or
> > >>> resource
> > >>
> > >>>      access error response (Section 7.2).
> > >>
> > >> 3596a3554,3557
> > >>
> > >>>   [USASCII]  American National Standards Institute, "Coded
> > >>> Character
> > >>
> > >>>              Set -- 7-bit American Standard Code for Information
> > >>
> > >>>              Interchange", ANSI X3.4, 1986.
> > >>
> > >>>
> > >>
> > >> 3611,3612c3572,3573
> > >>
> > >> <               OAuth 2.0", draft-ietf-oauth-saml2-bearer-08 (work i=
n
> > >>
> > >> <               progress), August 2011.
> > >>
> > >> ---
> > >>
> > >>>              OAuth 2.0", draft-ietf-oauth-saml2-bearer-12 (work in
> > >>
> > >>>              progress), May 2012.
> > >>
> > >> 3616,3617c3577,3579
> > >>
> > >> <               Protocol: Bearer Tokens", draft-ietf-oauth-v2-bearer=
-08
> > >>
> > >> <               (work in progress), July 2011.
> > >>
> > >> ---
> > >>
> > >>>              Authorization Protocol: Bearer Tokens",
> > >>
> > >>>              draft-ietf-oauth-v2-bearer-19 (work in progress),
> > >>
> > >>>              April 2012.
> > >>
> > >> 3620,3623c3589,3591
> > >>
> > >> <               Hammer-Lahav, E., Barth, A., and B. Adida, "HTTP
> > >>
> > >> <               Authentication: MAC Access Authentication",
> > >>
> > >> <               draft-ietf-oauth-v2-http-mac-00 (work in progress),
> > >>
> > >> <               May 2011.
> > >>
> > >> ---
> > >>
> > >>>              Hammer-Lahav, E., "HTTP Authentication: MAC Access
> > >>
> > >>>              Authentication", draft-ietf-oauth-v2-http-mac-01
> > >>> (work in
> > >>
> > >>>              progress), February 2012.
> > >>
> > >> 3626c3594
> > >>
> > >> <               Lodderstedt, T., McGloin, M., and P. Hunt, "OAuth 2.=
0
> > >>
> > >> ---
> > >>
> > >>>              McGloin, M., Hunt, P., and T. Lodderstedt, "OAuth 2.0
> > >>
> > >> 3628,3629c3596,3597
> > >>
> > >> <               draft-ietf-oauth-v2-threatmodel-00 (work in progress=
),
> > >>
> > >> <               July 2011.
> > >>
> > >> ---
> > >>
> > >>>              draft-ietf-oauth-v2-threatmodel-02 (work in
> > >>> progress),
> > >>
> > >>>              February 2012.
> > >>
> > >> 3468,3546d3503
> > >>
> > >> <    Brian Eaton, Yaron Goland, Dick Hardt, and Allen Tom.
> > >>
> > >> 3639c3609,3639
> > >>
> > >>>   Brian Eaton, Yaron Y. Goland, Dick Hardt, and Allen Tom.
> > >>
> > >> 3468,3546d3503
> > >>
> > >> <    Yaron Goland, Brent Goldman, Kristoffer Gronowski, Justin Hart,
> > >>
> > >> 3644,3645c3644,3656
> > >>
> > >>>   Yaron Y. Goland, Brent Goldman, Kristoffer Gronowski, Justin
> > >>> Hart,
> > >>
> > >> 3468,3546d3503
> > >>
> > >> <    This document was produced under the chairmanship of Blaine
> Cook,
> > >>
> > >> <    Peter Saint-Andre, Hannes Tschofenig, and Barry Leiba.  The are=
a
> > >>
> > >> <    directors included Lisa Dusseault, Peter Saint-Andre, and Steph=
en
> > >>
> > >> <    Farrell.
> > >>
> > >> 3646a3658,3661
> > >>
> > >>>   This document was produced under the chairmanship of Blaine
> > >>> Cook,
> > >>
> > >>>   Peter Saint-Andre, Hannes Tschofenig, Barry Leiba, and Derek Atki=
ns.
> > >>
> > >>>   The area directors included Lisa Dusseault, Peter Saint-Andre,
> > >>> and
> > >>
> > >>>   Stephen Farrell.
> > >>
> > >>
> > >>
> > >> -----Original Message-----
> > >> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On
> > Behalf Of Hannes Tschofenig
> > >> Sent: Wednesday, May 23, 2012 11:27 AM
> > >> To: oauth@ietf.org WG
> > >> Subject: [OAUTH-WG] Error Encoding: Conclusion
> > >>
> > >>
> > >>
> > >> Hi all,
> > >>
> > >>
> > >>
> > >> on May 10th we called for consensus on an open issue regarding the
> > >> error
> > encoding. Here is the link to the call:
> > >>
> > >> http://www.ietf.org/mail-archive/web/oauth/current/msg08994.html
> > >>
> > >>
> > >>
> > >> Thank you all for the feedback. The conclusion of the consensus
> > >> call was
> > to harmonize the encoding between the two specifications by
> > incorporating the restrictions from the bearer specification into the
> > base specification. The error encoding will go into the core
> > specification and the bearer specification will reference it.
> > >>
> > >>
> > >>
> > >> Ciao
> > >>
> > >> Hannes & Derek
> > >>
> > >>
> > >>
> > >> _______________________________________________
> > >>
> > >> OAuth mailing list
> > >>
> > >> OAuth@ietf.org
> > >>
> > >> https://www.ietf.org/mailman/listinfo/oauth
> > >>
> > >>
> > >>
> > >>
> > >> _______________________________________________
> > >> OAuth mailing list
> > >> OAuth@ietf.org
> > >> https://www.ietf.org/mailman/listinfo/oauth
> > >>
> > >>
> > >> <draft-ietf-oauth-v2-26+mbj-2.xml><draft-ietf-oauth-v2-26+mbj-
> > 2.txt><draft-ietf-oauth-v2-26+mbj-2.html>
> > >
>=20
>=20


From wmills@yahoo-inc.com  Thu May 31 21:31:43 2012
Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1AA8D11E80A6 for <oauth@ietfa.amsl.com>; Thu, 31 May 2012 21:31:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.598
X-Spam-Level: 
X-Spam-Status: No, score=-17.598 tagged_above=-999 required=5 tests=[AWL=-0.001, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vM82tNiQ8lik for <oauth@ietfa.amsl.com>; Thu, 31 May 2012 21:31:40 -0700 (PDT)
Received: from nm2-vm0.bullet.mail.ne1.yahoo.com (nm2-vm0.bullet.mail.ne1.yahoo.com [98.138.91.39]) by ietfa.amsl.com (Postfix) with SMTP id 9505911E8086 for <oauth@ietf.org>; Thu, 31 May 2012 21:31:31 -0700 (PDT)
Received: from [98.138.90.52] by nm2.bullet.mail.ne1.yahoo.com with NNFMP; 01 Jun 2012 04:31:28 -0000
Received: from [98.138.89.192] by tm5.bullet.mail.ne1.yahoo.com with NNFMP; 01 Jun 2012 04:31:27 -0000
Received: from [127.0.0.1] by omp1050.mail.ne1.yahoo.com with NNFMP; 01 Jun 2012 04:31:27 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 980615.76576.bm@omp1050.mail.ne1.yahoo.com
Received: (qmail 69359 invoked by uid 60001); 1 Jun 2012 04:31:27 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1338525087; bh=lELxrWG2Oo78ftZsFc7PGlHjMX+E9XOAgsxtx6VziQM=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=Rb7/EV0szUcYniD+OOiotGIy7XjkQFCCkP1bO/0yZ4Pt7NmEcKynhS6/aLFKpPhFMXmm5uADRNm6cbsfIaPS9UhEQgDxwOuEmDyMzMTva/p22oDWvmAobRTPndVRlunYhhwdH8D9XxdqSL/X0wTQPB6Gn9xEPGtc684+VEkVz4s=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=Gpez4UpMhrstg7O36GoIvYpbaX5O8B+a5HwFDFJyG/Qm+IubUEE4LYgFhmHntgrE7EwoHtlSJ6RVoWmV7/WiTX5zYY0fid4dcTdFjdqF65Y5SvVk+IkOwV7FhD9z2Gvo1eWkqFVZs/MsmV0kPsq6q9+TXITZmJwT8Rls1zEINNM=;
X-YMail-OSG: t6BSPOwVM1n9fA32Yr9Mp2g0YxE0eoeyn6.doAPoTIrUzcX ZW7g2IeqxKc2q0gEW1YV6TU.AA8lLT.S3kOvLjB51qGQm9AnxRKhKjwkw2vJ OTswKFVC_5Bj1Y_IQg1Zg6pTzuT_I1epz.4TXK52COVqqJ1rBQ9ZT6RBjTgs rMGqfMUi1MWEkfgO3SvkL.caSFACf3DYHDQT9qmSc42CAxdsgYN48QXy7FS3 T5_Stgn65BxYcKSxZljrylifVMDWWu_FkMlKLfGSbfoPcL1eiyyjpdNDYz6e WlOclZlgpQoi7JzBx5p_WEJ6qbN9aFxafy0QK4ZTmyzBGrzPbwy7SYF92MZg FVUd3bWamScRUoQze6M.VTzr1zohJJQlnwa02oqsyuXP12v0pCBXYi.SaGMS qs8A7EX8X6N2zehvVmlVmYyuQh5lAirA-
Received: from [99.31.212.42] by web31813.mail.mud.yahoo.com via HTTP; Thu, 31 May 2012 21:31:27 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.118.349524
References: <FADC0EB3-75F7-45E8-93B8-A9C3A07E2E88@gmx.net> <4E1F6AAD24975D4BA5B168042967394366516960@TK5EX14MBXC284.redmond.corp.microsoft.com> <CAB_mRgMumU5qzEJF0KCWNCx+R4MAzVawiJGKj2YBpJFzrxkomQ@mail.gmail.com> <0CBAEB56DDB3A140BA8E8C124C04ECA20104B3A1@P3PWEX2MB008.ex2.secureserver.net> <4E1F6AAD24975D4BA5B16804296739436651E440@TK5EX14MBXC284.redmond.corp.microsoft.com> <C306A031-C2F0-4912-8341-312DFF4973BD@gmx.net> <869336FE-0265-4982-B9DE-E2FAE06CD545@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA20105888A@P3PWEX2MB008.ex2.secureserver.net> <4E1F6AAD24975D4BA5B16804296739436652221D@TK5EX14MBXC284.redmond.corp.microsoft.com> <0CBAEB56DDB3A140BA8E8C124C04ECA2010597A3@P3PWEX2MB008.ex2.secureserver.net>
Message-ID: <1338525087.63468.YahooMailNeo@web31813.mail.mud.yahoo.com>
Date: Thu, 31 May 2012 21:31:27 -0700 (PDT)
From: William Mills <wmills@yahoo-inc.com>
To: Eran Hammer <eran@hueniverse.com>, Mike Jones <Michael.Jones@microsoft.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>
In-Reply-To: <0CBAEB56DDB3A140BA8E8C124C04ECA2010597A3@P3PWEX2MB008.ex2.secureserver.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="767760015-360248941-1338525087=:63468"
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: [OAUTH-WG] ABNF Re:  Error Encoding: Conclusion
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills@yahoo-inc.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Jun 2012 04:31:43 -0000

--767760015-360248941-1338525087=:63468
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

The current OAuth core spec section 8.5 has:=0Aerror-code   =3D ALPHA *erro=
r-char error-char   =3D "-" / "." / "_" / DIGIT / ALPHA =0AMike's proposal =
would nominally be:=0A=0Aerror-code   =3D *error-char=0A     error-char   =
=3D %x20-21 / %x23-5B / %x5D-7E =0AThis is the set of ASCII characters from=
 SPACE to '~' excluding '\' and '"'.  I'm not =0Ain love with that, but it'=
s clear.  I'd prefer:=0A=0Aerror-code   =3D ALPHA *error-char=0A     error-=
char   =3D %x20-21 / %x23-5B / %x5D-7E =0A-bill =0A=0A=0A=0A=0A>___________=
_____________________=0A> From: Eran Hammer <eran@hueniverse.com>=0A>To: Mi=
ke Jones <Michael.Jones@microsoft.com>; Hannes Tschofenig <hannes.tschofeni=
g@gmx.net> =0A>Cc: "oauth@ietf.org WG" <oauth@ietf.org> =0A>Sent: Thursday,=
 May 31, 2012 7:47 PM=0A>Subject: Re: [OAUTH-WG] Error Encoding: Conclusion=
=0A> =0A>=0A>=0A>> -----Original Message-----=0A>> From: Mike Jones [mailto=
:Michael.Jones@microsoft.com]=0A>> Sent: Thursday, May 31, 2012 1:53 PM=0A>=
> To: Eran Hammer; Hannes Tschofenig=0A>> Cc: oauth@ietf.org WG=0A>> Subjec=
t: RE: [OAUTH-WG] Error Encoding: Conclusion=0A>> =0A>> Actually, could you=
 please publish before the ABNF is done so that I can=0A>> publish a versio=
n of Bearer referencing the new text in Core, so it can be=0A>> reviewed by=
 the WG in parallel with the ABNF work happening?=A0 I think that=0A>> was =
Hannes' intent in asking you to publish soon.=0A>=0A>I'll review the text a=
nd will reply back as to publishing schedule.=0A>=0A>> Version numbers are=
=0A>> cheap...=0A>=0A>My time isn't.=0A>=0A>EH=0A>=0A>> =A0=A0=A0 =A0=A0=A0=
 =A0=A0=A0 =A0=A0=A0 Thanks,=0A>> =A0=A0=A0 =A0=A0=A0 =A0=A0=A0 =A0=A0=A0 -=
- Mike=0A>> =0A>> -----Original Message-----=0A>> From: Eran Hammer [mailto=
:eran@hueniverse.com]=0A>> Sent: Thursday, May 31, 2012 12:35 PM=0A>> To: H=
annes Tschofenig=0A>> Cc: Mike Jones; oauth@ietf.org WG=0A>> Subject: RE: [=
OAUTH-WG] Error Encoding: Conclusion=0A>> =0A>> I'll first review the propo=
sed text (as a WG member) and raise any issues=0A>> remaining (if any).=0A>=
> =0A>> I will wait until the ABNF text is provided before publishing anoth=
er version.=0A>> =0A>> EH=0A>> =0A>> > -----Original Message-----=0A>> > Fr=
om: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net]=0A>> > Sent: Thurs=
day, May 31, 2012 10:54 AM=0A>> > To: Eran Hammer=0A>> > Cc: Mike Jones; oa=
uth@ietf.org WG; Hannes Tschofenig=0A>> > Subject: Re: [OAUTH-WG] Error Enc=
oding: Conclusion=0A>> >=0A>> > Eran, could you publish a new draft version=
 by Sunday with these=0A>> > changes incorporated? That should give the wor=
king group enough time=0A>> > to look at these few paragraphs.=0A>> >=0A>> =
> In the meanwhile we are working on addressing the ABNF issue Sean=0A>> > =
raised and we will then go for another update.=0A>> >=0A>> > Ciao=0A>> > Ha=
nnes=0A>> >=0A>> > On May 31, 2012, at 8:20 PM, Hannes Tschofenig wrote:=0A=
>> >=0A>> > > Hi Mike,=0A>> > >=0A>> > > thank you for compiling the text. =
It looks good to me. I have not=0A>> > > seen=0A>> > anyone from the workin=
g group screaming either.=0A>> > >=0A>> > > Eran, can you incorporate these=
 changes into the next draft version?=0A>> > >=0A>> > > Ciao=0A>> > > Hanne=
s=0A>> > >=0A>> > > On May 30, 2012, at 2:10 AM, Mike Jones wrote:=0A>> > >=
=0A>> > >> I've made another set of updates to a copy of Core -26 to addres=
s=0A>> > >> the=0A>> > questions raised by Eran and David below (attached).=
=0A>> > >>=0A>> > >> An unrelated change that you should probably pick up, =
Eran is=0A>> > >> adding this=0A>> > to the <front> section, so that the he=
ading shows that the draft is a=0A>> > product of the "OAuth Working Group"=
 rather than the "Network Working=0A>> Group":=0A>> > >>=A0 =A0 <area>Secur=
ity</area>=0A>> > >>=A0 =A0 <workgroup>OAuth Working Group</workgroup>=0A>>=
 > >>=0A>> > >> One change I didn't make, but that should be considered, is=
 to=0A>> > >> delete the=0A>> > reference to OASIS.saml-core-2.0-os, since =
it is used by no <xref> in=0A>> > the document.=0A>> > >>=0A>> > >> The new=
 proposed text for Section 7.2 follows:=0A>> > >>=0A>> > >> 7.2.=A0 Error R=
esponse=0A>> > >>=0A>> > >>=A0  If a resource access request fails, the res=
ource server SHOULD inform=0A>> > >>=A0  the client of the error.=A0 While =
the specific error responses possible=0A>> > >>=A0  and methods for transmi=
tting those errors when using any particular=0A>> > >>=A0  access token typ=
e are beyond the scope of this specification, any=0A>> > >>=A0  "error" cod=
e values defined for use with OAuth resource access=0A>> > >>=A0  methods M=
UST be registered (following the procedures in=0A>> > >>=A0  Section 11.4).=
=0A>> > >>=0A>> > >>=A0  Specifically, when the OAuth resource access metho=
d uses an "error"=0A>> > >>=A0  result parameter to return an error code va=
lue that indicates the=0A>> > >>=A0  resource access error encountered, the=
n these error code values=0A>> MUST=0A>> > >>=A0  be registered.=A0 Values =
for these "error" codes MUST NOT include=0A>> > >>=A0  characters outside t=
he set %x20-21 / %x23-5B / %x5D-7E. When an=0A>> > >>=A0  "error" code valu=
e is registered for use by an OAuth resource access=0A>> > >>=A0  method, s=
hould that same code already be registered for use by=0A>> > >>=A0  another=
 OAuth resource access method or at a different OAuth error=0A>> > >>=A0  u=
sage location, then the meaning of that error code value in in the=0A>> > >=
>=A0  new registration MUST be consistent with the its meaning in prior=0A>=
> > >>=A0  registrations.=0A>> > >>=0A>> > >>=A0  The OAuth resource access=
 error registration requirement applies only=0A>> > >>=A0  to "error" code =
values and not to other means of returning error=0A>> > >>=A0  indications,=
 including HTTP status codes, or other error-related=0A>> > >>=A0  result p=
arameters, such as "error_description", "error_uri", or other=0A>> > >>=A0 =
 kinds of error status return methods that may be employed by the=0A>> > >>=
=A0  resource access method.=A0 There is no requirement that OAuth resource=
=0A>> > >>=A0  access methods employ an "error" parameter.=0A>> > >>=0A>> >=
 >> Hopefully incorporating these changes will enable us to close the=0A>> =
> remaining DISCUSS issues on both the Core and Bearer drafts.=0A>> > >>=0A=
>> > >>=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 Thanks all,=0A>=
> > >>=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 --=0A>> > >> Mi=
ke=0A>> > >>=0A>> > >>=0A>> > >> From: Eran Hammer [mailto:eran@hueniverse.=
com]=0A>> > >> Sent: Wednesday, May 23, 2012 11:45 PM=0A>> > >> To: David R=
ecordon; Mike Jones; Hannes Tschofenig=0A>> > >> Cc: oauth@ietf.org WG=0A>>=
 > >> Subject: RE: [OAUTH-WG] Error Encoding: Conclusion=0A>> > >>=0A>> > >=
> With the exception of section 7.2, the changes look reasonable and=0A>> >=
 >> will be=0A>> > applied in the next revision.=0A>> > >>=0A>> > >> The ne=
w section 7.2 is confusion and does not explain the new registry.=0A>> > Th=
e section introduces a new requirement to register 'any error codes=0A>> > =
defined for use with OAuth resource access methods'. This requirement=0A>> =
> is too vague.=0A>> > >>=0A>> > >> I have no clue how to (for example) app=
ly this text to the MAC draft.=0A>> > Adding to David's list below:=0A>> > =
>>=0A>> > >> * Should the HTTP status codes used by the MAC spec as current=
ly=0A>> > >> written=0A>> > be registered (since no guidance is given to th=
e use of an error parameter)?=0A>> > >> * Does this introduce a requirement=
 to add an error parameter?=0A>> > >> * Does the parameter need to / should=
 be called 'error'?=0A>> > >> * What about future methods in which errors a=
re not simply=0A>> > >> expressed in=0A>> > the form of a fixes string?=0A>=
> > >>=0A>> > >> EH=0A>> > >>=0A>> > >>=0A>> > >> From: David Recordon [mai=
lto:recordond@gmail.com]=0A>> > >> Sent: Wednesday, May 23, 2012 11:38 PM=
=0A>> > >> To: Mike Jones; Hannes Tschofenig; Eran Hammer=0A>> > >> Cc: oau=
th@ietf.org WG=0A>> > >> Subject: Re: [OAUTH-WG] Error Encoding: Conclusion=
=0A>> > >>=0A>> > >> Honestly still trying to fully wrap my head around wha=
t's going on=0A>> > >> here=0A>> > since it seems far more complex than the=
 threads are alluding to. In=0A>> > any case, does Mike's text address what=
 Eran brought up as needed in=0A>> > the thread Hannes referenced or is Era=
n wrong?=0A>> > >>=0A>> > >> The core spec currently provides full guidance=
 and definition for=0A>> > >> error=0A>> > extensibility. Extending the reg=
istry's scope means the need for=0A>> > non-trivial new text that:=0A>> > >=
>=0A>> > >> * explains the process of adding new errors for endpoints not=
=0A>> > >> defined by=0A>> > this specification,=0A>> > >> * finds a common=
 ground for value restrictions beyond what is=0A>> > >> already=0A>> > list=
ed,=0A>> > >> * guide authors of future HTTP authentication schemes meant f=
or use=0A>> > with OAuth (e.g. MAC) for their requirements for using the er=
ror=0A>> > registry, and=0A>> > >> * address the very likely scenario of th=
e same error code carrying=0A>> > different meanings in different endpoints=
, or an extension that adds a=0A>> > location to a code already defined els=
ewhere - something very likely=0A>> > to happen if you cross the two very d=
ifferent domains (OAuth=0A>> > endpoints, Protected resource endpoints). Th=
is requires changing the=0A>> > entire structure of the registry to create =
separate records for each=0A>> code/location pair.=0A>> > >>=0A>> > >> Than=
ks,=0A>> > >> --David=0A>> > >>=0A>> > >> On Wed, May 23, 2012 at 10:22 PM,=
 Mike Jones=0A>> > <Michael.Jones@microsoft.com> wrote:=0A>> > >> Thanks Ha=
nnes.=A0 In the interest of hopefully completing the edits=0A>> > >> to=0A>=
> > remove the DISCUSS issues for the Bearer and Core specs in the next=0A>=
> > few days so that we can send the docs to the RFC editors, I'd like to=
=0A>> > propose specific language for the Core spec to address both of the=
=0A>> > consensus call issue resolutions.=A0 After there's consensus on the=
=0A>> > specific text for Core, it will be easy for us to add a reference i=
n=0A>> > Bearer to the language in Core for the error syntax restrictions a=
nd=0A>> > to use the OAuth errors registry.=A0 I'll do that in parallel wit=
h the discussions=0A>> on the proposed core language changes.=0A>> > >>=0A>=
> > >>=0A>> > >>=0A>> > >> A summary of the changes I made in response to t=
he consensus call=0A>> > conclusions are:=0A>> > >>=0A>> > >> *=A0 =A0 =A0 =
=A0 Add syntax restrictions for "error", "error_description", and=0A>> > "e=
rror_uri" from Bearer to Core=0A>> > >>=0A>> > >> *=A0 =A0 =A0 =A0 Add sect=
ion 7.2 about error responses from resource access=0A>> requests=0A>> > >>=
=0A>> > >> *=A0 =A0 =A0 =A0 Add "resource access error response" to the cat=
egory of OAuth=0A>> > errors that can be registered=0A>> > >>=0A>> > >>=0A>=
> > >>=0A>> > >> Additional editorial changes that I made as I encountered =
issues in=0A>> > >> the=0A>> > document were:=0A>> > >>=0A>> > >> *=A0 =A0 =
=A0 =A0 Updated out of date references, especially the draft-hardt-oauth-=
=0A>> 01=0A>> > reference, which contained an invalid link=0A>> > >>=0A>> >=
 >> *=A0 =A0 =A0 =A0 Added Derek Atkins to the list of chairs=0A>> > >>=0A>=
> > >> *=A0 =A0 =A0 =A0 Added Yaron Goland's middle initial Y. (since he pr=
efers to include=0A>> it=0A>> > in publications)=0A>> > >>=0A>> > >> *=A0 =
=A0 =A0 =A0 Replaced use of the deprecated <appendix> element, which=0A>> >=
 prevented the spec from building with strict checking, with a=0A>> > <sect=
ion> element in the <back> section (which creates an appendix)=0A>> > >>=0A=
>> > >>=0A>> > >>=0A>> > >> To make it easy to incorporate these changes in=
to the document and=0A>> > >> so=0A>> > the proposed changes are unambiguou=
s, I produced an edited version of=0A>> > Core -26 containing these changes=
.=A0 The xml, txt, and html versions=0A>> > are attached to facilitate revi=
ew.=A0 Pertinent diffs from the .txt version=0A>> follow.=0A>> > >>=0A>> > =
>>=0A>> > >>=0A>> > >>=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 Cheers,=
=0A>> > >>=0A>> > >>=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0=
 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 -- Mike=0A=
>> > >>=0A>> > >>=0A>> > >>=0A>> > >> 683c683,684=0A>> > >>=0A>> > >> <=A0 =
=A0 notation of [RFC5234].=0A>> > >>=0A>> > >> ---=0A>> > >>=0A>> > >>>=A0 =
 notation of [RFC5234].=A0 Additionally, the rule URI-Reference is=0A>> > >=
>=0A>> > >>>=A0  included from Uniform Resource Identifier (URI) [RFC3986].=
=0A>> > >>=0A>> > >> 1441c1441,1442=0A>> > >>=0A>> > >> <=A0 =A0 =A0 =A0 =
=A0 REQUIRED.=A0 A single error code from the following:=0A>> > >>=0A>> > >=
> ---=0A>> > >>=0A>> > >>>=A0 =A0 =A0 =A0  REQUIRED.=A0 A single ASCII [USA=
SCII] error code from the=0A>> > >>=0A>> > >>>=A0 =A0 =A0 =A0  following:=
=0A>> > >>=0A>> > >> 1474a1475,1476=0A>> > >>=0A>> > >>>=A0 =A0 =A0 =A0  Va=
lues for the "error" parameter MUST NOT include=0A>> > >>> characters=0A>> =
> >>=0A>> > >>>=A0 =A0 =A0 =A0  outside the set %x20-21 / %x23-5B / %x5D-7E=
.=0A>> > >>=0A>> > >> 1476c1478=0A>> > >>=0A>> > >> <=A0 =A0 =A0 =A0 =A0 OP=
TIONAL.=A0 A human-readable UTF-8 encoded text providing=0A>> > >>=0A>> > >=
> ---=0A>> > >>=0A>> > >>>=A0 =A0 =A0 =A0  OPTIONAL.=A0 A human-readable AS=
CII [USASCII] text providing=0A>> > >>=0A>> > >> 1478a1481,1482=0A>> > >>=
=0A>> > >>>=A0 =A0 =A0 =A0  Values for the "error_description" parameter MU=
ST NOT=0A>> > >>> include=0A>> > >>=0A>> > >>>=A0 =A0 =A0 =A0  characters o=
utside the set %x20-21 / %x23-5B / %x5D-7E.=0A>> > >>=0A>> > >> 1482a1487,1=
489=0A>> > >>=0A>> > >>>=A0 =A0 =A0 =A0  Values for the "error_uri" paramet=
er MUST conform to the=0A>> > >>> URI-=0A>> > >>=0A>> > >>>=A0 =A0 =A0 =A0 =
 Reference syntax, and thus MUST NOT include characters=0A>> > >>> outside=
=0A>> > >>=0A>> > >>>=A0 =A0 =A0 =A0  the set %x21 / %x23-5B / %x5D-7E.=0A>=
> > >>=0A>> > >> 1840c1840,1841=0A>> > >>=0A>> > >> <=A0 =A0 =A0 =A0 =A0 RE=
QUIRED.=A0 A single error code from the following:=0A>> > >>=0A>> > >> ---=
=0A>> > >>=0A>> > >>>=A0 =A0 =A0 =A0  REQUIRED.=A0 A single ASCII [USASCII]=
 error code from the=0A>> > >>=0A>> > >>>=A0 =A0 =A0 =A0  following:=0A>> >=
 >>=0A>> > >> 1873a1874,1875=0A>> > >>=0A>> > >>>=A0 =A0 =A0 =A0  Values fo=
r the "error" parameter MUST NOT include=0A>> > >>> characters=0A>> > >>=0A=
>> > >>>=A0 =A0 =A0 =A0  outside the set %x20-21 / %x23-5B / %x5D-7E.=0A>> =
> >>=0A>> > >> 1875c1877=0A>> > >>=0A>> > >> <=A0 =A0 =A0 =A0 =A0 OPTIONAL.=
=A0 A human-readable UTF-8 encoded text providing=0A>> > >>=0A>> > >> ---=
=0A>> > >>=0A>> > >>>=A0 =A0 =A0 =A0  OPTIONAL.=A0 A human-readable ASCII [=
USASCII] text providing=0A>> > >>=0A>> > >> 1877a1880,1881=0A>> > >>=0A>> >=
 >>>=A0 =A0 =A0 =A0  Values for the "error_description" parameter MUST NOT=
=0A>> > >>> include=0A>> > >>=0A>> > >>>=A0 =A0 =A0 =A0  characters outside=
 the set %x20-21 / %x23-5B / %x5D-7E.=0A>> > >>=0A>> > >> 1881a1886,1888=0A=
>> > >>=0A>> > >>>=A0 =A0 =A0 =A0  Values for the "error_uri" parameter MUS=
T conform to the=0A>> > >>> URI-=0A>> > >>=0A>> > >>>=A0 =A0 =A0 =A0  Refer=
ence syntax, and thus MUST NOT include characters=0A>> > >>> outside=0A>> >=
 >>=0A>> > >>>=A0 =A0 =A0 =A0  the set %x21 / %x23-5B / %x5D-7E.=0A>> > >>=
=0A>> > >> <=A0 =A0 =A0 =A0 =A0 REQUIRED.=A0 A single error code from the f=
ollowing:=0A>> > >>=0A>> > >> ---=0A>> > >>=0A>> > >>>=A0 =A0 =A0 =A0  REQU=
IRED.=A0 A single ASCII [USASCII] error code from the=0A>> > >>=0A>> > >>>=
=A0 =A0 =A0 =A0  following:=0A>> > >>=0A>> > >> 2325a2326,2327=0A>> > >>=0A=
>> > >>>=A0 =A0 =A0 =A0  Values for the "error" parameter MUST NOT include=
=0A>> > >>> characters=0A>> > >>=0A>> > >>>=A0 =A0 =A0 =A0  outside the set=
 %x20-21 / %x23-5B / %x5D-7E.=0A>> > >>=0A>> > >> 2327c2329=0A>> > >>=0A>> =
> >> <=A0 =A0 =A0 =A0 =A0 OPTIONAL.=A0 A human-readable UTF-8 encoded text =
providing=0A>> > >>=0A>> > >> ---=0A>> > >>=0A>> > >>>=A0 =A0 =A0 =A0  OPTI=
ONAL.=A0 A human-readable ASCII [USASCII] text providing=0A>> > >>=0A>> > >=
> 2329a2332,2333=0A>> > >>=0A>> > >>>=A0 =A0 =A0 =A0  Values for the "error=
_description" parameter MUST NOT=0A>> > >>> include=0A>> > >>=0A>> > >>>=A0=
 =A0 =A0 =A0  characters outside the set %x20-21 / %x23-5B / %x5D-7E.=0A>> =
> >>=0A>> > >> 2333a2338,2340=0A>> > >>=0A>> > >>>=A0 =A0 =A0 =A0  Values f=
or the "error_uri" parameter MUST conform to the=0A>> > >>> URI-=0A>> > >>=
=0A>> > >>>=A0 =A0 =A0 =A0  Reference syntax, and thus MUST NOT include cha=
racters=0A>> > >>> outside=0A>> > >>=0A>> > >>>=A0 =A0 =A0 =A0  the set %x2=
1 / %x23-5B / %x5D-7E.=0A>> > >>=0A>> > >> 2450c2460,2468=0A>> > >>=0A>> > =
>> <=A0 =A0 The method in which the client utilized the access token to=0A>=
> > >>=0A>> > >> ---=0A>> > >>=0A>> > >>>=A0  The method in which the clien=
t utilizes the access token to=0A>> > >>=0A>> > >> 2479c2489=0A>> > >>=0A>>=
 > >> <=A0 =A0 =A0 Authorization: Bearer 7Fjfp0ZBr1KtDRbnfVdmIw=0A>> > >>=
=0A>> > >> ---=0A>> > >>=0A>> > >>>=A0 =A0  Authorization: Bearer mF_9.B5f-=
4.1JqM=0A>> > >>=0A>> > >> 2503a2514,2533=0A>> > >>=0A>> > >>>=0A>> > >>=0A=
>> > >>> 7.2.=A0 Error Response=0A>> > >>=0A>> > >>>=0A>> > >>=0A>> > >>>=
=A0  If a resource access request fails, the resource server SHOULD=0A>> > =
>>> inform=0A>> > >>=0A>> > >>>=A0  the client of the error.=A0 While the s=
pecific error responses=0A>> > >>> possible=0A>> > >>=0A>> > >>>=A0  and me=
thods for transmitting those errors when using any=0A>> > >>> particular=0A=
>> > >>=0A>> > >>>=A0  access token type are beyond the scope of this speci=
fication,=0A>> > >>> any=0A>> > >>=0A>> > >>>=A0  error codes defined for u=
se with OAuth resource access methods=0A>> > >>> MUST=0A>> > >>=0A>> > >>>=
=A0  be registered (following the procedures in Section 11.4).=0A>> > >>=0A=
>> > >>>=0A>> > >>=0A>> > >>>=0A>> > >>=0A>> > >> 2602,2603c2624,2626=0A>> =
> >>=0A>> > >> <=A0 =A0 (Section 4.2.2.1), or the token error response (Sec=
tion 5.2), such=0A>> > >>=0A>> > >> <=A0 =A0 error codes MAY be defined.=0A=
>> > >>=0A>> > >> ---=0A>> > >>=0A>> > >>>=A0  (Section 4.2.2.1), the token=
 error response (Section 5.2), or=0A>> > >>> the=0A>> > >>=0A>> > >>>=A0  r=
esource access error response (Section 7.2), such error codes=0A>> > >>> MA=
Y be=0A>> > >>=0A>> > >>>=A0  defined.=0A>> > >>=0A>> > >> 3444c3484,3485=
=0A>> > >>=0A>> > >> <=A0 =A0 =A0  (Section 4.2.2.1), or token error respon=
se (Section 5.2).=0A>> > >>=0A>> > >> ---=0A>> > >>=0A>> > >>>=A0 =A0 =A0 (=
Section 4.2.2.1), token error response (Section 5.2), or=0A>> > >>> resourc=
e=0A>> > >>=0A>> > >>>=A0 =A0 =A0 access error response (Section 7.2).=0A>>=
 > >>=0A>> > >> 3596a3554,3557=0A>> > >>=0A>> > >>>=A0  [USASCII]=A0 Americ=
an National Standards Institute, "Coded=0A>> > >>> Character=0A>> > >>=0A>>=
 > >>>=A0 =A0 =A0 =A0 =A0 =A0 =A0 Set -- 7-bit American Standard Code for I=
nformation=0A>> > >>=0A>> > >>>=A0 =A0 =A0 =A0 =A0 =A0 =A0 Interchange", AN=
SI X3.4, 1986.=0A>> > >>=0A>> > >>>=0A>> > >>=0A>> > >> 3611,3612c3572,3573=
=0A>> > >>=0A>> > >> <=A0 =A0 =A0 =A0 =A0 =A0 =A0  OAuth 2.0", draft-ietf-o=
auth-saml2-bearer-08 (work in=0A>> > >>=0A>> > >> <=A0 =A0 =A0 =A0 =A0 =A0 =
=A0  progress), August 2011.=0A>> > >>=0A>> > >> ---=0A>> > >>=0A>> > >>>=
=A0 =A0 =A0 =A0 =A0 =A0 =A0 OAuth 2.0", draft-ietf-oauth-saml2-bearer-12 (w=
ork in=0A>> > >>=0A>> > >>>=A0 =A0 =A0 =A0 =A0 =A0 =A0 progress), May 2012.=
=0A>> > >>=0A>> > >> 3616,3617c3577,3579=0A>> > >>=0A>> > >> <=A0 =A0 =A0 =
=A0 =A0 =A0 =A0  Protocol: Bearer Tokens", draft-ietf-oauth-v2-bearer-08=0A=
>> > >>=0A>> > >> <=A0 =A0 =A0 =A0 =A0 =A0 =A0  (work in progress), July 20=
11.=0A>> > >>=0A>> > >> ---=0A>> > >>=0A>> > >>>=A0 =A0 =A0 =A0 =A0 =A0 =A0=
 Authorization Protocol: Bearer Tokens",=0A>> > >>=0A>> > >>>=A0 =A0 =A0 =
=A0 =A0 =A0 =A0 draft-ietf-oauth-v2-bearer-19 (work in progress),=0A>> > >>=
=0A>> > >>>=A0 =A0 =A0 =A0 =A0 =A0 =A0 April 2012.=0A>> > >>=0A>> > >> 3620=
,3623c3589,3591=0A>> > >>=0A>> > >> <=A0 =A0 =A0 =A0 =A0 =A0 =A0  Hammer-La=
hav, E., Barth, A., and B. Adida, "HTTP=0A>> > >>=0A>> > >> <=A0 =A0 =A0 =
=A0 =A0 =A0 =A0  Authentication: MAC Access Authentication",=0A>> > >>=0A>>=
 > >> <=A0 =A0 =A0 =A0 =A0 =A0 =A0  draft-ietf-oauth-v2-http-mac-00 (work i=
n progress),=0A>> > >>=0A>> > >> <=A0 =A0 =A0 =A0 =A0 =A0 =A0  May 2011.=0A=
>> > >>=0A>> > >> ---=0A>> > >>=0A>> > >>>=A0 =A0 =A0 =A0 =A0 =A0 =A0 Hamme=
r-Lahav, E., "HTTP Authentication: MAC Access=0A>> > >>=0A>> > >>>=A0 =A0 =
=A0 =A0 =A0 =A0 =A0 Authentication", draft-ietf-oauth-v2-http-mac-01=0A>> >=
 >>> (work in=0A>> > >>=0A>> > >>>=A0 =A0 =A0 =A0 =A0 =A0 =A0 progress), Fe=
bruary 2012.=0A>> > >>=0A>> > >> 3626c3594=0A>> > >>=0A>> > >> <=A0 =A0 =A0=
 =A0 =A0 =A0 =A0  Lodderstedt, T., McGloin, M., and P. Hunt, "OAuth 2.0=0A>=
> > >>=0A>> > >> ---=0A>> > >>=0A>> > >>>=A0 =A0 =A0 =A0 =A0 =A0 =A0 McGloi=
n, M., Hunt, P., and T. Lodderstedt, "OAuth 2.0=0A>> > >>=0A>> > >> 3628,36=
29c3596,3597=0A>> > >>=0A>> > >> <=A0 =A0 =A0 =A0 =A0 =A0 =A0  draft-ietf-o=
auth-v2-threatmodel-00 (work in progress),=0A>> > >>=0A>> > >> <=A0 =A0 =A0=
 =A0 =A0 =A0 =A0  July 2011.=0A>> > >>=0A>> > >> ---=0A>> > >>=0A>> > >>>=
=A0 =A0 =A0 =A0 =A0 =A0 =A0 draft-ietf-oauth-v2-threatmodel-02 (work in=0A>=
> > >>> progress),=0A>> > >>=0A>> > >>>=A0 =A0 =A0 =A0 =A0 =A0 =A0 February=
 2012.=0A>> > >>=0A>> > >> 3468,3546d3503=0A>> > >>=0A>> > >> <=A0 =A0 Bria=
n Eaton, Yaron Goland, Dick Hardt, and Allen Tom.=0A>> > >>=0A>> > >> 3639c=
3609,3639=0A>> > >>=0A>> > >>>=A0  Brian Eaton, Yaron Y. Goland, Dick Hardt=
, and Allen Tom.=0A>> > >>=0A>> > >> 3468,3546d3503=0A>> > >>=0A>> > >> <=
=A0 =A0 Yaron Goland, Brent Goldman, Kristoffer Gronowski, Justin Hart,=0A>=
> > >>=0A>> > >> 3644,3645c3644,3656=0A>> > >>=0A>> > >>>=A0  Yaron Y. Gola=
nd, Brent Goldman, Kristoffer Gronowski, Justin=0A>> > >>> Hart,=0A>> > >>=
=0A>> > >> 3468,3546d3503=0A>> > >>=0A>> > >> <=A0 =A0 This document was pr=
oduced under the chairmanship of Blaine=0A>> Cook,=0A>> > >>=0A>> > >> <=A0=
 =A0 Peter Saint-Andre, Hannes Tschofenig, and Barry Leiba.=A0 The area=0A>=
> > >>=0A>> > >> <=A0 =A0 directors included Lisa Dusseault, Peter Saint-An=
dre, and Stephen=0A>> > >>=0A>> > >> <=A0 =A0 Farrell.=0A>> > >>=0A>> > >> =
3646a3658,3661=0A>> > >>=0A>> > >>>=A0  This document was produced under th=
e chairmanship of Blaine=0A>> > >>> Cook,=0A>> > >>=0A>> > >>>=A0  Peter Sa=
int-Andre, Hannes Tschofenig, Barry Leiba, and Derek Atkins.=0A>> > >>=0A>>=
 > >>>=A0  The area directors included Lisa Dusseault, Peter Saint-Andre,=
=0A>> > >>> and=0A>> > >>=0A>> > >>>=A0  Stephen Farrell.=0A>> > >>=0A>> > =
>>=0A>> > >>=0A>> > >> -----Original Message-----=0A>> > >> From: oauth-bou=
nces@ietf.org [mailto:oauth-bounces@ietf.org] On=0A>> > Behalf Of Hannes Ts=
chofenig=0A>> > >> Sent: Wednesday, May 23, 2012 11:27 AM=0A>> > >> To: oau=
th@ietf.org WG=0A>> > >> Subject: [OAUTH-WG] Error Encoding: Conclusion=0A>=
> > >>=0A>> > >>=0A>> > >>=0A>> > >> Hi all,=0A>> > >>=0A>> > >>=0A>> > >>=
=0A>> > >> on May 10th we called for consensus on an open issue regarding t=
he=0A>> > >> error=0A>> > encoding. Here is the link to the call:=0A>> > >>=
=0A>> > >> http://www.ietf.org/mail-archive/web/oauth/current/msg08994.html=
=0A>> > >>=0A>> > >>=0A>> > >>=0A>> > >> Thank you all for the feedback. Th=
e conclusion of the consensus=0A>> > >> call was=0A>> > to harmonize the en=
coding between the two specifications by=0A>> > incorporating the restricti=
ons from the bearer specification into the=0A>> > base specification. The e=
rror encoding will go into the core=0A>> > specification and the bearer spe=
cification will reference it.=0A>> > >>=0A>> > >>=0A>> > >>=0A>> > >> Ciao=
=0A>> > >>=0A>> > >> Hannes & Derek=0A>> > >>=0A>> > >>=0A>> > >>=0A>> > >>=
 _______________________________________________=0A>> > >>=0A>> > >> OAuth =
mailing list=0A>> > >>=0A>> > >> OAuth@ietf.org=0A>> > >>=0A>> > >> https:/=
/www.ietf.org/mailman/listinfo/oauth=0A>> > >>=0A>> > >>=0A>> > >>=0A>> > >=
>=0A>> > >> _______________________________________________=0A>> > >> OAuth=
 mailing list=0A>> > >> OAuth@ietf.org=0A>> > >> https://www.ietf.org/mailm=
an/listinfo/oauth=0A>> > >>=0A>> > >>=0A>> > >> <draft-ietf-oauth-v2-26+mbj=
-2.xml><draft-ietf-oauth-v2-26+mbj-=0A>> > 2.txt><draft-ietf-oauth-v2-26+mb=
j-2.html>=0A>> > >=0A>> =0A>> =0A>=0A>_____________________________________=
__________=0A>OAuth mailing list=0A>OAuth@ietf.org=0A>https://www.ietf.org/=
mailman/listinfo/oauth=0A>=0A>=0A>
--767760015-360248941-1338525087=:63468
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

<html><body><div style=3D"color:#000; background-color:#fff; font-family:Co=
urier New, courier, monaco, monospace, sans-serif;font-size:14pt"><div><spa=
n>The current OAuth core spec section 8.5 has:</span></div><pre class=3D"ne=
wpage">     error-code   =3D ALPHA *error-char=0A     error-char   =3D "-" =
/ "." / "_" / DIGIT / ALPHA=0A<br>Mike's proposal would nominally be:<br><b=
r>     error-code   =3D *error-char=0A     error-char   =3D %x20-21 / %x23-=
5B / %x5D-7E=0A<br>This is the set of ASCII characters from SPACE to '~' ex=
cluding '\' and '"'.  I'm not <br>in love with that, but it's clear.  I'd p=
refer:<br><br>     error-code   =3D ALPHA *error-char=0A     error-char   =
=3D %x20-21 / %x23-5B / %x5D-7E=0A<br>-bill=0A<br></pre><div><br><blockquot=
e style=3D"border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; margi=
n-top: 5px; padding-left: 5px;">  <div style=3D"font-family: Courier New, c=
ourier, monaco, monospace, sans-serif; font-size: 14pt;"> <div style=3D"fon=
t-family: times new roman, new york, times, serif; font-size: 12pt;"> <div =
dir=3D"ltr"> <font face=3D"Arial" size=3D"2"> <hr size=3D"1">  <b><span sty=
le=3D"font-weight:bold;">From:</span></b> Eran Hammer &lt;eran@hueniverse.c=
om&gt;<br> <b><span style=3D"font-weight: bold;">To:</span></b> Mike Jones =
&lt;Michael.Jones@microsoft.com&gt;; Hannes Tschofenig &lt;hannes.tschofeni=
g@gmx.net&gt; <br><b><span style=3D"font-weight: bold;">Cc:</span></b> "oau=
th@ietf.org WG" &lt;oauth@ietf.org&gt; <br> <b><span style=3D"font-weight: =
bold;">Sent:</span></b> Thursday, May 31, 2012 7:47 PM<br> <b><span style=
=3D"font-weight: bold;">Subject:</span></b> Re: [OAUTH-WG] Error Encoding: =
Conclusion<br> </font> </div> <br><br><br>&gt; -----Original
 Message-----<br>&gt; From: Mike Jones [mailto:<a ymailto=3D"mailto:Michael=
.Jones@microsoft.com" href=3D"mailto:Michael.Jones@microsoft.com">Michael.J=
ones@microsoft.com</a>]<br>&gt; Sent: Thursday, May 31, 2012 1:53 PM<br>&gt=
; To: Eran Hammer; Hannes Tschofenig<br>&gt; Cc: <a ymailto=3D"mailto:oauth=
@ietf.org" href=3D"mailto:oauth@ietf.org">oauth@ietf.org</a> WG<br>&gt; Sub=
ject: RE: [OAUTH-WG] Error Encoding: Conclusion<br>&gt; <br>&gt; Actually, =
could you please publish before the ABNF is done so that I can<br>&gt; publ=
ish a version of Bearer referencing the new text in Core, so it can be<br>&=
gt; reviewed by the WG in parallel with the ABNF work happening?&nbsp; I th=
ink that<br>&gt; was Hannes' intent in asking you to publish soon.<br><br>I=
'll review the text and will reply back as to publishing schedule.<br><br>&=
gt; Version numbers are<br>&gt; cheap...<br><br>My time isn't.<br><br>EH<br=
><br>&gt; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
 &nbsp;&nbsp;&nbsp; Thanks,<br>&gt; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &=
nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; -- Mike<br>&gt; <br>&gt; -----Original=
 Message-----<br>&gt; From: Eran Hammer [mailto:<a ymailto=3D"mailto:eran@h=
ueniverse.com" href=3D"mailto:eran@hueniverse.com">eran@hueniverse.com</a>]=
<br>&gt; Sent: Thursday, May 31, 2012 12:35 PM<br>&gt; To: Hannes Tschofeni=
g<br>&gt; Cc: Mike Jones; <a ymailto=3D"mailto:oauth@ietf.org" href=3D"mail=
to:oauth@ietf.org">oauth@ietf.org</a> WG<br>&gt; Subject: RE: [OAUTH-WG] Er=
ror Encoding: Conclusion<br>&gt; <br>&gt; I'll first review the proposed te=
xt (as a WG member) and raise any issues<br>&gt; remaining (if any).<br>&gt=
; <br>&gt; I will wait until the ABNF text is provided before publishing an=
other version.<br>&gt; <br>&gt; EH<br>&gt; <br>&gt; &gt; -----Original Mess=
age-----<br>&gt; &gt; From: Hannes Tschofenig [mailto:<a ymailto=3D"mailto:=
hannes.tschofenig@gmx.net"
 href=3D"mailto:hannes.tschofenig@gmx.net">hannes.tschofenig@gmx.net</a>]<b=
r>&gt; &gt; Sent: Thursday, May 31, 2012 10:54 AM<br>&gt; &gt; To: Eran Ham=
mer<br>&gt; &gt; Cc: Mike Jones; <a ymailto=3D"mailto:oauth@ietf.org" href=
=3D"mailto:oauth@ietf.org">oauth@ietf.org</a> WG; Hannes Tschofenig<br>&gt;=
 &gt; Subject: Re: [OAUTH-WG] Error Encoding: Conclusion<br>&gt; &gt;<br>&g=
t; &gt; Eran, could you publish a new draft version by Sunday with these<br=
>&gt; &gt; changes incorporated? That should give the working group enough =
time<br>&gt; &gt; to look at these few paragraphs.<br>&gt; &gt;<br>&gt; &gt=
; In the meanwhile we are working on addressing the ABNF issue Sean<br>&gt;=
 &gt; raised and we will then go for another update.<br>&gt; &gt;<br>&gt; &=
gt; Ciao<br>&gt; &gt; Hannes<br>&gt; &gt;<br>&gt; &gt; On May 31, 2012, at =
8:20 PM, Hannes Tschofenig wrote:<br>&gt; &gt;<br>&gt; &gt; &gt; Hi Mike,<b=
r>&gt; &gt; &gt;<br>&gt; &gt; &gt; thank you for compiling the text. It
 looks good to me. I have not<br>&gt; &gt; &gt; seen<br>&gt; &gt; anyone fr=
om the working group screaming either.<br>&gt; &gt; &gt;<br>&gt; &gt; &gt; =
Eran, can you incorporate these changes into the next draft version?<br>&gt=
; &gt; &gt;<br>&gt; &gt; &gt; Ciao<br>&gt; &gt; &gt; Hannes<br>&gt; &gt; &g=
t;<br>&gt; &gt; &gt; On May 30, 2012, at 2:10 AM, Mike Jones wrote:<br>&gt;=
 &gt; &gt;<br>&gt; &gt; &gt;&gt; I've made another set of updates to a copy=
 of Core -26 to address<br>&gt; &gt; &gt;&gt; the<br>&gt; &gt; questions ra=
ised by Eran and David below (attached).<br>&gt; &gt; &gt;&gt;<br>&gt; &gt;=
 &gt;&gt; An unrelated change that you should probably pick up, Eran is<br>=
&gt; &gt; &gt;&gt; adding this<br>&gt; &gt; to the &lt;front&gt; section, s=
o that the heading shows that the draft is a<br>&gt; &gt; product of the "O=
Auth Working Group" rather than the "Network Working<br>&gt; Group":<br>&gt=
; &gt; &gt;&gt;&nbsp; &nbsp;
 &lt;area&gt;Security&lt;/area&gt;<br>&gt; &gt; &gt;&gt;&nbsp; &nbsp; &lt;w=
orkgroup&gt;OAuth Working Group&lt;/workgroup&gt;<br>&gt; &gt; &gt;&gt;<br>=
&gt; &gt; &gt;&gt; One change I didn't make, but that should be considered,=
 is to<br>&gt; &gt; &gt;&gt; delete the<br>&gt; &gt; reference to OASIS.sam=
l-core-2.0-os, since it is used by no &lt;xref&gt; in<br>&gt; &gt; the docu=
ment.<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; The new proposed text for=
 Section 7.2 follows:<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; 7.2.&nbsp=
; Error Response<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&nbsp;  If a re=
source access request fails, the resource server SHOULD inform<br>&gt; &gt;=
 &gt;&gt;&nbsp;  the client of the error.&nbsp; While the specific error re=
sponses possible<br>&gt; &gt; &gt;&gt;&nbsp;  and methods for transmitting =
those errors when using any particular<br>&gt; &gt; &gt;&gt;&nbsp;  access =
token type are beyond the scope of this specification, any<br>&gt;
 &gt; &gt;&gt;&nbsp;  "error" code values defined for use with OAuth resour=
ce access<br>&gt; &gt; &gt;&gt;&nbsp;  methods MUST be registered (followin=
g the procedures in<br>&gt; &gt; &gt;&gt;&nbsp;  Section 11.4).<br>&gt; &gt=
; &gt;&gt;<br>&gt; &gt; &gt;&gt;&nbsp;  Specifically, when the OAuth resour=
ce access method uses an "error"<br>&gt; &gt; &gt;&gt;&nbsp;  result parame=
ter to return an error code value that indicates the<br>&gt; &gt; &gt;&gt;&=
nbsp;  resource access error encountered, then these error code values<br>&=
gt; MUST<br>&gt; &gt; &gt;&gt;&nbsp;  be registered.&nbsp; Values for these=
 "error" codes MUST NOT include<br>&gt; &gt; &gt;&gt;&nbsp;  characters out=
side the set %x20-21 / %x23-5B / %x5D-7E. When an<br>&gt; &gt; &gt;&gt;&nbs=
p;  "error" code value is registered for use by an OAuth resource access<br=
>&gt; &gt; &gt;&gt;&nbsp;  method, should that same code already be registe=
red for use by<br>&gt; &gt; &gt;&gt;&nbsp;  another OAuth resource
 access method or at a different OAuth error<br>&gt; &gt; &gt;&gt;&nbsp;  u=
sage location, then the meaning of that error code value in in the<br>&gt; =
&gt; &gt;&gt;&nbsp;  new registration MUST be consistent with the its meani=
ng in prior<br>&gt; &gt; &gt;&gt;&nbsp;  registrations.<br>&gt; &gt; &gt;&g=
t;<br>&gt; &gt; &gt;&gt;&nbsp;  The OAuth resource access error registratio=
n requirement applies only<br>&gt; &gt; &gt;&gt;&nbsp;  to "error" code val=
ues and not to other means of returning error<br>&gt; &gt; &gt;&gt;&nbsp;  =
indications, including HTTP status codes, or other error-related<br>&gt; &g=
t; &gt;&gt;&nbsp;  result parameters, such as "error_description", "error_u=
ri", or other<br>&gt; &gt; &gt;&gt;&nbsp;  kinds of error status return met=
hods that may be employed by the<br>&gt; &gt; &gt;&gt;&nbsp;  resource acce=
ss method.&nbsp; There is no requirement that OAuth resource<br>&gt; &gt; &=
gt;&gt;&nbsp;  access methods employ an "error" parameter.<br>&gt;
 &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; Hopefully incorporating these changes =
will enable us to close the<br>&gt; &gt; remaining DISCUSS issues on both t=
he Core and Bearer drafts.<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&nbsp=
; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nb=
sp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &=
nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Thanks=
 all,<br>&gt; &gt; &gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;=
 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbs=
p; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &n=
bsp; &nbsp; &nbsp; &nbsp; --<br>&gt; &gt; &gt;&gt; Mike<br>&gt; &gt; &gt;&g=
t;<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; From: Eran Hammer [mailto:<a=
 ymailto=3D"mailto:eran@hueniverse.com" href=3D"mailto:eran@hueniverse.com"=
>eran@hueniverse.com</a>]<br>&gt; &gt; &gt;&gt; Sent: Wednesday, May 23,
 2012 11:45 PM<br>&gt; &gt; &gt;&gt; To: David Recordon; Mike Jones; Hannes=
 Tschofenig<br>&gt; &gt; &gt;&gt; Cc: <a ymailto=3D"mailto:oauth@ietf.org" =
href=3D"mailto:oauth@ietf.org">oauth@ietf.org</a> WG<br>&gt; &gt; &gt;&gt; =
Subject: RE: [OAUTH-WG] Error Encoding: Conclusion<br>&gt; &gt; &gt;&gt;<br=
>&gt; &gt; &gt;&gt; With the exception of section 7.2, the changes look rea=
sonable and<br>&gt; &gt; &gt;&gt; will be<br>&gt; &gt; applied in the next =
revision.<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; The new section 7.2 i=
s confusion and does not explain the new registry.<br>&gt; &gt; The section=
 introduces a new requirement to register 'any error codes<br>&gt; &gt; def=
ined for use with OAuth resource access methods'. This requirement<br>&gt; =
&gt; is too vague.<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; I have no cl=
ue how to (for example) apply this text to the MAC draft.<br>&gt; &gt; Addi=
ng to David's list below:<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; *
 Should the HTTP status codes used by the MAC spec as currently<br>&gt; &gt=
; &gt;&gt; written<br>&gt; &gt; be registered (since no guidance is given t=
o the use of an error parameter)?<br>&gt; &gt; &gt;&gt; * Does this introdu=
ce a requirement to add an error parameter?<br>&gt; &gt; &gt;&gt; * Does th=
e parameter need to / should be called 'error'?<br>&gt; &gt; &gt;&gt; * Wha=
t about future methods in which errors are not simply<br>&gt; &gt; &gt;&gt;=
 expressed in<br>&gt; &gt; the form of a fixes string?<br>&gt; &gt; &gt;&gt=
;<br>&gt; &gt; &gt;&gt; EH<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;<br>&=
gt; &gt; &gt;&gt; From: David Recordon [mailto:<a ymailto=3D"mailto:recordo=
nd@gmail.com" href=3D"mailto:recordond@gmail.com">recordond@gmail.com</a>]<=
br>&gt; &gt; &gt;&gt; Sent: Wednesday, May 23, 2012 11:38 PM<br>&gt; &gt; &=
gt;&gt; To: Mike Jones; Hannes Tschofenig; Eran Hammer<br>&gt; &gt; &gt;&gt=
; Cc: <a ymailto=3D"mailto:oauth@ietf.org"
 href=3D"mailto:oauth@ietf.org">oauth@ietf.org</a> WG<br>&gt; &gt; &gt;&gt;=
 Subject: Re: [OAUTH-WG] Error Encoding: Conclusion<br>&gt; &gt; &gt;&gt;<b=
r>&gt; &gt; &gt;&gt; Honestly still trying to fully wrap my head around wha=
t's going on<br>&gt; &gt; &gt;&gt; here<br>&gt; &gt; since it seems far mor=
e complex than the threads are alluding to. In<br>&gt; &gt; any case, does =
Mike's text address what Eran brought up as needed in<br>&gt; &gt; the thre=
ad Hannes referenced or is Eran wrong?<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &=
gt;&gt; The core spec currently provides full guidance and definition for<b=
r>&gt; &gt; &gt;&gt; error<br>&gt; &gt; extensibility. Extending the regist=
ry's scope means the need for<br>&gt; &gt; non-trivial new text that:<br>&g=
t; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; * explains the process of adding new=
 errors for endpoints not<br>&gt; &gt; &gt;&gt; defined by<br>&gt; &gt; thi=
s specification,<br>&gt; &gt; &gt;&gt; * finds a common ground for
 value restrictions beyond what is<br>&gt; &gt; &gt;&gt; already<br>&gt; &g=
t; listed,<br>&gt; &gt; &gt;&gt; * guide authors of future HTTP authenticat=
ion schemes meant for use<br>&gt; &gt; with OAuth (e.g. MAC) for their requ=
irements for using the error<br>&gt; &gt; registry, and<br>&gt; &gt; &gt;&g=
t; * address the very likely scenario of the same error code carrying<br>&g=
t; &gt; different meanings in different endpoints, or an extension that add=
s a<br>&gt; &gt; location to a code already defined elsewhere - something v=
ery likely<br>&gt; &gt; to happen if you cross the two very different domai=
ns (OAuth<br>&gt; &gt; endpoints, Protected resource endpoints). This requi=
res changing the<br>&gt; &gt; entire structure of the registry to create se=
parate records for each<br>&gt; code/location pair.<br>&gt; &gt; &gt;&gt;<b=
r>&gt; &gt; &gt;&gt; Thanks,<br>&gt; &gt; &gt;&gt; --David<br>&gt; &gt; &gt=
;&gt;<br>&gt; &gt; &gt;&gt; On Wed, May 23, 2012 at 10:22 PM, Mike
 Jones<br>&gt; &gt; &lt;<a ymailto=3D"mailto:Michael.Jones@microsoft.com" h=
ref=3D"mailto:Michael.Jones@microsoft.com">Michael.Jones@microsoft.com</a>&=
gt; wrote:<br>&gt; &gt; &gt;&gt; Thanks Hannes.&nbsp; In the interest of ho=
pefully completing the edits<br>&gt; &gt; &gt;&gt; to<br>&gt; &gt; remove t=
he DISCUSS issues for the Bearer and Core specs in the next<br>&gt; &gt; fe=
w days so that we can send the docs to the RFC editors, I'd like to<br>&gt;=
 &gt; propose specific language for the Core spec to address both of the<br=
>&gt; &gt; consensus call issue resolutions.&nbsp; After there's consensus =
on the<br>&gt; &gt; specific text for Core, it will be easy for us to add a=
 reference in<br>&gt; &gt; Bearer to the language in Core for the error syn=
tax restrictions and<br>&gt; &gt; to use the OAuth errors registry.&nbsp; I=
'll do that in parallel with the discussions<br>&gt; on the proposed core l=
anguage changes.<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;<br>&gt;
 &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; A summary of the changes I made in res=
ponse to the consensus call<br>&gt; &gt; conclusions are:<br>&gt; &gt; &gt;=
&gt;<br>&gt; &gt; &gt;&gt; *&nbsp; &nbsp; &nbsp; &nbsp; Add syntax restrict=
ions for "error", "error_description", and<br>&gt; &gt; "error_uri" from Be=
arer to Core<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; *&nbsp; &nbsp; &nb=
sp; &nbsp; Add section 7.2 about error responses from resource access<br>&g=
t; requests<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; *&nbsp; &nbsp; &nbs=
p; &nbsp; Add "resource access error response" to the category of OAuth<br>=
&gt; &gt; errors that can be registered<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; =
&gt;&gt;<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; Additional editorial c=
hanges that I made as I encountered issues in<br>&gt; &gt; &gt;&gt; the<br>=
&gt; &gt; document were:<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; *&nbsp=
; &nbsp; &nbsp; &nbsp; Updated out of date references, especially
 the draft-hardt-oauth-<br>&gt; 01<br>&gt; &gt; reference, which contained =
an invalid link<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; *&nbsp; &nbsp; =
&nbsp; &nbsp; Added Derek Atkins to the list of chairs<br>&gt; &gt; &gt;&gt=
;<br>&gt; &gt; &gt;&gt; *&nbsp; &nbsp; &nbsp; &nbsp; Added Yaron Goland's m=
iddle initial Y. (since he prefers to include<br>&gt; it<br>&gt; &gt; in pu=
blications)<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; *&nbsp; &nbsp; &nbs=
p; &nbsp; Replaced use of the deprecated &lt;appendix&gt; element, which<br=
>&gt; &gt; prevented the spec from building with strict checking, with a<br=
>&gt; &gt; &lt;section&gt; element in the &lt;back&gt; section (which creat=
es an appendix)<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &g=
t;&gt;<br>&gt; &gt; &gt;&gt; To make it easy to incorporate these changes i=
nto the document and<br>&gt; &gt; &gt;&gt; so<br>&gt; &gt; the proposed cha=
nges are unambiguous, I produced an edited version of<br>&gt; &gt;
 Core -26 containing these changes.&nbsp; The xml, txt, and html versions<b=
r>&gt; &gt; are attached to facilitate review.&nbsp; Pertinent diffs from t=
he .txt version<br>&gt; follow.<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;=
<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nb=
sp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &=
nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;=
 &nbsp; &nbsp; &nbsp; &nbsp; Cheers,<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt=
;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; =
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp=
; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; -- Mike<br=
>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;<br>&gt; &gt=
; &gt;&gt; 683c683,684<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; &lt;&nbs=
p; &nbsp; notation of [RFC5234].<br>&gt; &gt; &gt;&gt;<br>&gt; &gt;
 &gt;&gt; ---<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp;  notati=
on of [RFC5234].&nbsp; Additionally, the rule URI-Reference is<br>&gt; &gt;=
 &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp;  included from Uniform Resource I=
dentifier (URI) [RFC3986].<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; 1441=
c1441,1442<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &n=
bsp; &nbsp; &nbsp; REQUIRED.&nbsp; A single error code from the following:<=
br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; ---<br>&gt; &gt; &gt;&gt;<br>&g=
t; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp;  REQUIRED.&nbsp; A single A=
SCII [USASCII] error code from the<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&=
gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp;  following:<br>&gt; &gt; &gt;&gt;<br>&gt=
; &gt; &gt;&gt; 1474a1475,1476<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&=
gt;&nbsp; &nbsp; &nbsp; &nbsp;  Values for the "error" parameter MUST NOT i=
nclude<br>&gt; &gt; &gt;&gt;&gt; characters<br>&gt; &gt;
 &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp;  outside the=
 set %x20-21 / %x23-5B / %x5D-7E.<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&g=
t; 1476c1478<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; =
&nbsp; &nbsp; &nbsp; OPTIONAL.&nbsp; A human-readable UTF-8 encoded text pr=
oviding<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; ---<br>&gt; &gt; &gt;&g=
t;<br>&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp;  OPTIONAL.&nbsp; A =
human-readable ASCII [USASCII] text providing<br>&gt; &gt; &gt;&gt;<br>&gt;=
 &gt; &gt;&gt; 1478a1481,1482<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&g=
t;&nbsp; &nbsp; &nbsp; &nbsp;  Values for the "error_description" parameter=
 MUST NOT<br>&gt; &gt; &gt;&gt;&gt; include<br>&gt; &gt; &gt;&gt;<br>&gt; &=
gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp;  characters outside the set %x2=
0-21 / %x23-5B / %x5D-7E.<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; 1482a=
1487,1489<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp;
 &nbsp; &nbsp; &nbsp;  Values for the "error_uri" parameter MUST conform to=
 the<br>&gt; &gt; &gt;&gt;&gt; URI-<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;=
&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp;  Reference syntax, and thus MUST NOT in=
clude characters<br>&gt; &gt; &gt;&gt;&gt; outside<br>&gt; &gt; &gt;&gt;<br=
>&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp;  the set %x21 / %x23-5B =
/ %x5D-7E.<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; 1840c1840,1841<br>&g=
t; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbs=
p; REQUIRED.&nbsp; A single error code from the following:<br>&gt; &gt; &gt=
;&gt;<br>&gt; &gt; &gt;&gt; ---<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;=
&gt;&nbsp; &nbsp; &nbsp; &nbsp;  REQUIRED.&nbsp; A single ASCII [USASCII] e=
rror code from the<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp; &n=
bsp; &nbsp; &nbsp;  following:<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; =
1873a1874,1875<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp;
 &nbsp; &nbsp; &nbsp;  Values for the "error" parameter MUST NOT include<br=
>&gt; &gt; &gt;&gt;&gt; characters<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&=
gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp;  outside the set %x20-21 / %x23-5B / %x5=
D-7E.<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; 1875c1877<br>&gt; &gt; &g=
t;&gt;<br>&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; OPTIONA=
L.&nbsp; A human-readable UTF-8 encoded text providing<br>&gt; &gt; &gt;&gt=
;<br>&gt; &gt; &gt;&gt; ---<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;=
&nbsp; &nbsp; &nbsp; &nbsp;  OPTIONAL.&nbsp; A human-readable ASCII [USASCI=
I] text providing<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; 1877a1880,188=
1<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp=
;  Values for the "error_description" parameter MUST NOT<br>&gt; &gt; &gt;&=
gt;&gt; include<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp=
; &nbsp; &nbsp;  characters outside the set %x20-21 / %x23-5B /
 %x5D-7E.<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; 1881a1886,1888<br>&gt=
; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp;  Value=
s for the "error_uri" parameter MUST conform to the<br>&gt; &gt; &gt;&gt;&g=
t; URI-<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp;=
 &nbsp;  Reference syntax, and thus MUST NOT include characters<br>&gt; &gt=
; &gt;&gt;&gt; outside<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp=
; &nbsp; &nbsp; &nbsp;  the set %x21 / %x23-5B / %x5D-7E.<br>&gt; &gt; &gt;=
&gt;<br>&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; REQUIRED.=
&nbsp; A single error code from the following:<br>&gt; &gt; &gt;&gt;<br>&gt=
; &gt; &gt;&gt; ---<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp; &=
nbsp; &nbsp; &nbsp;  REQUIRED.&nbsp; A single ASCII [USASCII] error code fr=
om the<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; =
&nbsp;  following:<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;
 2325a2326,2327<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp=
; &nbsp; &nbsp;  Values for the "error" parameter MUST NOT include<br>&gt; =
&gt; &gt;&gt;&gt; characters<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt=
;&nbsp; &nbsp; &nbsp; &nbsp;  outside the set %x20-21 / %x23-5B / %x5D-7E.<=
br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; 2327c2329<br>&gt; &gt; &gt;&gt;=
<br>&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; OPTIONAL.&nbs=
p; A human-readable UTF-8 encoded text providing<br>&gt; &gt; &gt;&gt;<br>&=
gt; &gt; &gt;&gt; ---<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp;=
 &nbsp; &nbsp; &nbsp;  OPTIONAL.&nbsp; A human-readable ASCII [USASCII] tex=
t providing<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; 2329a2332,2333<br>&=
gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp;  Val=
ues for the "error_description" parameter MUST NOT<br>&gt; &gt; &gt;&gt;&gt=
; include<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp;
 &nbsp; &nbsp; &nbsp;  characters outside the set %x20-21 / %x23-5B / %x5D-=
7E.<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; 2333a2338,2340<br>&gt; &gt;=
 &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp;  Values for =
the "error_uri" parameter MUST conform to the<br>&gt; &gt; &gt;&gt;&gt; URI=
-<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp=
;  Reference syntax, and thus MUST NOT include characters<br>&gt; &gt; &gt;=
&gt;&gt; outside<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp; &nbs=
p; &nbsp; &nbsp;  the set %x21 / %x23-5B / %x5D-7E.<br>&gt; &gt; &gt;&gt;<b=
r>&gt; &gt; &gt;&gt; 2450c2460,2468<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;=
&gt; &lt;&nbsp; &nbsp; The method in which the client utilized the access t=
oken to<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; ---<br>&gt; &gt; &gt;&g=
t;<br>&gt; &gt; &gt;&gt;&gt;&nbsp;  The method in which the client utilizes=
 the access token to<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;
 2479c2489<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &n=
bsp; Authorization: Bearer 7Fjfp0ZBr1KtDRbnfVdmIw<br>&gt; &gt; &gt;&gt;<br>=
&gt; &gt; &gt;&gt; ---<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp=
; &nbsp;  Authorization: Bearer mF_9.B5f-4.1JqM<br>&gt; &gt; &gt;&gt;<br>&g=
t; &gt; &gt;&gt; 2503a2514,2533<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;=
&gt;<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt; 7.2.&nbsp; Error Respo=
nse<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;<br>&gt; &gt; &gt;&gt;<b=
r>&gt; &gt; &gt;&gt;&gt;&nbsp;  If a resource access request fails, the res=
ource server SHOULD<br>&gt; &gt; &gt;&gt;&gt; inform<br>&gt; &gt; &gt;&gt;<=
br>&gt; &gt; &gt;&gt;&gt;&nbsp;  the client of the error.&nbsp; While the s=
pecific error responses<br>&gt; &gt; &gt;&gt;&gt; possible<br>&gt; &gt; &gt=
;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp;  and methods for transmitting those e=
rrors when using any<br>&gt; &gt; &gt;&gt;&gt; particular<br>&gt;
 &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp;  access token type are beyon=
d the scope of this specification,<br>&gt; &gt; &gt;&gt;&gt; any<br>&gt; &g=
t; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp;  error codes defined for use wi=
th OAuth resource access methods<br>&gt; &gt; &gt;&gt;&gt; MUST<br>&gt; &gt=
; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp;  be registered (following the pr=
ocedures in Section 11.4).<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;<=
br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;<br>&gt; &gt; &gt;&gt;<br>&g=
t; &gt; &gt;&gt; 2602,2603c2624,2626<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt=
;&gt; &lt;&nbsp; &nbsp; (Section 4.2.2.1), or the token error response (Sec=
tion 5.2), such<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; &lt;&nbsp; &nbs=
p; error codes MAY be defined.<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; =
---<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp;  (Section 4.2.2.1=
), the token error response (Section 5.2), or<br>&gt; &gt;
 &gt;&gt;&gt; the<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp;  re=
source access error response (Section 7.2), such error codes<br>&gt; &gt; &=
gt;&gt;&gt; MAY be<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp;  d=
efined.<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; 3444c3484,3485<br>&gt; =
&gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp;  (Section 4.2.=
2.1), or token error response (Section 5.2).<br>&gt; &gt; &gt;&gt;<br>&gt; =
&gt; &gt;&gt; ---<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp; &nb=
sp; &nbsp; (Section 4.2.2.1), token error response (Section 5.2), or<br>&gt=
; &gt; &gt;&gt;&gt; resource<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt=
;&nbsp; &nbsp; &nbsp; access error response (Section 7.2).<br>&gt; &gt; &gt=
;&gt;<br>&gt; &gt; &gt;&gt; 3596a3554,3557<br>&gt; &gt; &gt;&gt;<br>&gt; &g=
t; &gt;&gt;&gt;&nbsp;  [USASCII]&nbsp; American National Standards Institut=
e, "Coded<br>&gt; &gt; &gt;&gt;&gt; Character<br>&gt; &gt;
 &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp=
; &nbsp; Set -- 7-bit American Standard Code for Information<br>&gt; &gt; &=
gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; =
&nbsp; Interchange", ANSI X3.4, 1986.<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &g=
t;&gt;&gt;<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; 3611,3612c3572,3573<=
br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp; &nbsp;=
 &nbsp; &nbsp; &nbsp;  OAuth 2.0", draft-ietf-oauth-saml2-bearer-08 (work i=
n<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp; &nbs=
p; &nbsp; &nbsp; &nbsp;  progress), August 2011.<br>&gt; &gt; &gt;&gt;<br>&=
gt; &gt; &gt;&gt; ---<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp;=
 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; OAuth 2.0", draft-ietf-oauth-sam=
l2-bearer-12 (work in<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp;=
 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; progress), May
 2012.<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; 3616,3617c3577,3579<br>&=
gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nb=
sp; &nbsp; &nbsp;  Protocol: Bearer Tokens", draft-ietf-oauth-v2-bearer-08<=
br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp; &nbsp;=
 &nbsp; &nbsp; &nbsp;  (work in progress), July 2011.<br>&gt; &gt; &gt;&gt;=
<br>&gt; &gt; &gt;&gt; ---<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&=
nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Authorization Protocol: Bea=
rer Tokens",<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &=
nbsp; &nbsp; &nbsp; &nbsp; &nbsp; draft-ietf-oauth-v2-bearer-19 (work in pr=
ogress),<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp=
; &nbsp; &nbsp; &nbsp; &nbsp; April 2012.<br>&gt; &gt; &gt;&gt;<br>&gt; &gt=
; &gt;&gt; 3620,3623c3589,3591<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; =
&lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;  Hammer-Lahav,
 E., Barth, A., and B. Adida, "HTTP<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;=
&gt; &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;  Authentication: =
MAC Access Authentication",<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; &lt=
;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;  draft-ietf-oauth-v2-http=
-mac-00 (work in progress),<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; &lt=
;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;  May 2011.<br>&gt; &gt; &=
gt;&gt;<br>&gt; &gt; &gt;&gt; ---<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&g=
t;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Hammer-Lahav, E., "H=
TTP Authentication: MAC Access<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&=
gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Authentication", draft-=
ietf-oauth-v2-http-mac-01<br>&gt; &gt; &gt;&gt;&gt; (work in<br>&gt; &gt; &=
gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; =
&nbsp; progress), February 2012.<br>&gt; &gt; &gt;&gt;<br>&gt; &gt;
 &gt;&gt; 3626c3594<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; &lt;&nbsp; =
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;  Lodderstedt, T., McGloin, M., an=
d P. Hunt, "OAuth 2.0<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; ---<br>&g=
t; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp=
; &nbsp; &nbsp; McGloin, M., Hunt, P., and T. Lodderstedt, "OAuth 2.0<br>&g=
t; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; 3628,3629c3596,3597<br>&gt; &gt; &gt=
;&gt;<br>&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &=
nbsp;  draft-ietf-oauth-v2-threatmodel-00 (work in progress),<br>&gt; &gt; =
&gt;&gt;<br>&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp=
; &nbsp;  July 2011.<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; ---<br>&gt=
; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;=
 &nbsp; &nbsp; draft-ietf-oauth-v2-threatmodel-02 (work in<br>&gt; &gt; &gt=
;&gt;&gt; progress),<br>&gt; &gt; &gt;&gt;<br>&gt; &gt;
 &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; February 2012=
.<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; 3468,3546d3503<br>&gt; &gt; &=
gt;&gt;<br>&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; Brian Eaton, Yaron Goland, =
Dick Hardt, and Allen Tom.<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; 3639=
c3609,3639<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp;  Brian Eat=
on, Yaron Y. Goland, Dick Hardt, and Allen Tom.<br>&gt; &gt; &gt;&gt;<br>&g=
t; &gt; &gt;&gt; 3468,3546d3503<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;=
 &lt;&nbsp; &nbsp; Yaron Goland, Brent Goldman, Kristoffer Gronowski, Justi=
n Hart,<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; 3644,3645c3644,3656<br>=
&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp;  Yaron Y. Goland, Brent =
Goldman, Kristoffer Gronowski, Justin<br>&gt; &gt; &gt;&gt;&gt; Hart,<br>&g=
t; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; 3468,3546d3503<br>&gt; &gt; &gt;&gt;=
<br>&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; This document was produced
 under the chairmanship of Blaine<br>&gt; Cook,<br>&gt; &gt; &gt;&gt;<br>&g=
t; &gt; &gt;&gt; &lt;&nbsp; &nbsp; Peter Saint-Andre, Hannes Tschofenig, an=
d Barry Leiba.&nbsp; The area<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; &=
lt;&nbsp; &nbsp; directors included Lisa Dusseault, Peter Saint-Andre, and =
Stephen<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; Farre=
ll.<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; 3646a3658,3661<br>&gt; &gt;=
 &gt;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp;  This document was produced under=
 the chairmanship of Blaine<br>&gt; &gt; &gt;&gt;&gt; Cook,<br>&gt; &gt; &g=
t;&gt;<br>&gt; &gt; &gt;&gt;&gt;&nbsp;  Peter Saint-Andre, Hannes Tschofeni=
g, Barry Leiba, and Derek Atkins.<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&g=
t;&gt;&nbsp;  The area directors included Lisa Dusseault, Peter Saint-Andre=
,<br>&gt; &gt; &gt;&gt;&gt; and<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;=
&gt;&nbsp;  Stephen Farrell.<br>&gt; &gt; &gt;&gt;<br>&gt; &gt;
 &gt;&gt;<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; -----Original Message=
-----<br>&gt; &gt; &gt;&gt; From: <a ymailto=3D"mailto:oauth-bounces@ietf.o=
rg" href=3D"mailto:oauth-bounces@ietf.org">oauth-bounces@ietf.org</a> [mail=
to:<a ymailto=3D"mailto:oauth-bounces@ietf.org" href=3D"mailto:oauth-bounce=
s@ietf.org">oauth-bounces@ietf.org</a>] On<br>&gt; &gt; Behalf Of Hannes Ts=
chofenig<br>&gt; &gt; &gt;&gt; Sent: Wednesday, May 23, 2012 11:27 AM<br>&g=
t; &gt; &gt;&gt; To: <a ymailto=3D"mailto:oauth@ietf.org" href=3D"mailto:oa=
uth@ietf.org">oauth@ietf.org</a> WG<br>&gt; &gt; &gt;&gt; Subject: [OAUTH-W=
G] Error Encoding: Conclusion<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;<b=
r>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; Hi all,<br>&gt; &gt; &gt;&gt;<br=
>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; on May 10th=
 we called for consensus on an open issue regarding the<br>&gt; &gt; &gt;&g=
t; error<br>&gt; &gt; encoding. Here is the link to the call:<br>&gt; &gt;
 &gt;&gt;<br>&gt; &gt; &gt;&gt; <a href=3D"http://www.ietf.org/mail-archive=
/web/oauth/current/msg08994.html" target=3D"_blank">http://www.ietf.org/mai=
l-archive/web/oauth/current/msg08994.html</a><br>&gt; &gt; &gt;&gt;<br>&gt;=
 &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; Thank you all fo=
r the feedback. The conclusion of the consensus<br>&gt; &gt; &gt;&gt; call =
was<br>&gt; &gt; to harmonize the encoding between the two specifications b=
y<br>&gt; &gt; incorporating the restrictions from the bearer specification=
 into the<br>&gt; &gt; base specification. The error encoding will go into =
the core<br>&gt; &gt; specification and the bearer specification will refer=
ence it.<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;<=
br>&gt; &gt; &gt;&gt; Ciao<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; Hann=
es &amp; Derek<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt=
;&gt;<br>&gt; &gt; &gt;&gt;
 _______________________________________________<br>&gt; &gt; &gt;&gt;<br>&=
gt; &gt; &gt;&gt; OAuth mailing list<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt=
;&gt; <a ymailto=3D"mailto:OAuth@ietf.org" href=3D"mailto:OAuth@ietf.org">O=
Auth@ietf.org</a><br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; <a href=3D"ht=
tps://www.ietf.org/mailman/listinfo/oauth" target=3D"_blank">https://www.ie=
tf.org/mailman/listinfo/oauth</a><br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&g=
t;<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;&gt; ______=
_________________________________________<br>&gt; &gt; &gt;&gt; OAuth maili=
ng list<br>&gt; &gt; &gt;&gt; <a ymailto=3D"mailto:OAuth@ietf.org" href=3D"=
mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>&gt; &gt; &gt;&gt; <a href=3D"=
https://www.ietf.org/mailman/listinfo/oauth" target=3D"_blank">https://www.=
ietf.org/mailman/listinfo/oauth</a><br>&gt; &gt; &gt;&gt;<br>&gt; &gt; &gt;=
&gt;<br>&gt; &gt; &gt;&gt;
 &lt;draft-ietf-oauth-v2-26+mbj-2.xml&gt;&lt;draft-ietf-oauth-v2-26+mbj-<br=
>&gt; &gt; 2.txt&gt;&lt;draft-ietf-oauth-v2-26+mbj-2.html&gt;<br>&gt; &gt; =
&gt;<br>&gt; <br>&gt; <br><br>_____________________________________________=
__<br>OAuth mailing list<br><a ymailto=3D"mailto:OAuth@ietf.org" href=3D"ma=
ilto:OAuth@ietf.org">OAuth@ietf.org</a><br><a href=3D"https://www.ietf.org/=
mailman/listinfo/oauth" target=3D"_blank">https://www.ietf.org/mailman/list=
info/oauth</a><br><br><br> </div> </div> </blockquote></div>   </div></body=
></html>
--767760015-360248941-1338525087=:63468--

From Michael.Jones@microsoft.com  Thu May 31 21:45:47 2012
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50D5221F8503 for <oauth@ietfa.amsl.com>; Thu, 31 May 2012 21:45:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.111
X-Spam-Level: 
X-Spam-Status: No, score=-5.111 tagged_above=-999 required=5 tests=[AWL=1.487,  BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aoVF8+UNhjVT for <oauth@ietfa.amsl.com>; Thu, 31 May 2012 21:45:42 -0700 (PDT)
Received: from tx2outboundpool.messaging.microsoft.com (tx2ehsobe005.messaging.microsoft.com [65.55.88.15]) by ietfa.amsl.com (Postfix) with ESMTP id AF44221F8501 for <oauth@ietf.org>; Thu, 31 May 2012 21:45:41 -0700 (PDT)
Received: from mail181-tx2-R.bigfish.com (10.9.14.254) by TX2EHSOBE003.bigfish.com (10.9.40.23) with Microsoft SMTP Server id 14.1.225.23; Fri, 1 Jun 2012 04:45:11 +0000
Received: from mail181-tx2 (localhost [127.0.0.1])	by mail181-tx2-R.bigfish.com (Postfix) with ESMTP id 02A77340386; Fri,  1 Jun 2012 04:45:11 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC101.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -43
X-BigFish: VS-43(zz9371Ic85fh179cM14ffI542M1432N1418I98dK4015Izz1202hzz8275ch1033IL8275bh8275dhz2fh2a8h668h839hd25hf0ah)
Received-SPF: pass (mail181-tx2: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14MLTC101.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail181-tx2 (localhost.localdomain [127.0.0.1]) by mail181-tx2 (MessageSwitch) id 1338525907794470_2005; Fri,  1 Jun 2012 04:45:07 +0000 (UTC)
Received: from TX2EHSMHS024.bigfish.com (unknown [10.9.14.240])	by mail181-tx2.bigfish.com (Postfix) with ESMTP id B2C7F8004C; Fri,  1 Jun 2012 04:45:07 +0000 (UTC)
Received: from TK5EX14MLTC101.redmond.corp.microsoft.com (131.107.125.8) by TX2EHSMHS024.bigfish.com (10.9.99.124) with Microsoft SMTP Server (TLS) id 14.1.225.23; Fri, 1 Jun 2012 04:45:07 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.189]) by TK5EX14MLTC101.redmond.corp.microsoft.com ([157.54.79.178]) with mapi id 14.02.0298.005; Fri, 1 Jun 2012 04:45:36 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: William Mills <wmills@yahoo-inc.com>, Eran Hammer <eran@hueniverse.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>
Thread-Topic: ABNF Re: [OAUTH-WG] Error Encoding: Conclusion
Thread-Index: AQHNORGtuzciwTXPbU2x0B3Abs7zkpbYRq5QgAA2y4CAAAHMgIAI6/dggALF+ICAAAlrAIAAHEsAgAAVMWCAAGOOAIAAHQSAgAACYYA=
Date: Fri, 1 Jun 2012 04:45:35 +0000
Message-ID: <4E1F6AAD24975D4BA5B168042967394366522F1B@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <FADC0EB3-75F7-45E8-93B8-A9C3A07E2E88@gmx.net> <4E1F6AAD24975D4BA5B168042967394366516960@TK5EX14MBXC284.redmond.corp.microsoft.com> <CAB_mRgMumU5qzEJF0KCWNCx+R4MAzVawiJGKj2YBpJFzrxkomQ@mail.gmail.com> <0CBAEB56DDB3A140BA8E8C124C04ECA20104B3A1@P3PWEX2MB008.ex2.secureserver.net> <4E1F6AAD24975D4BA5B16804296739436651E440@TK5EX14MBXC284.redmond.corp.microsoft.com> <C306A031-C2F0-4912-8341-312DFF4973BD@gmx.net> <869336FE-0265-4982-B9DE-E2FAE06CD545@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA20105888A@P3PWEX2MB008.ex2.secureserver.net> <4E1F6AAD24975D4BA5B16804296739436652221D@TK5EX14MBXC284.redmond.corp.microsoft.com> <0CBAEB56DDB3A140BA8E8C124C04ECA2010597A3@P3PWEX2MB008.ex2.secureserver.net> <1338525087.63468.YahooMailNeo@web31813.mail.mud.yahoo.com>
In-Reply-To: <1338525087.63468.YahooMailNeo@web31813.mail.mud.yahoo.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.37]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B168042967394366522F1BTK5EX14MBXC284r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] ABNF Re:  Error Encoding: Conclusion
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Jun 2012 04:45:47 -0000

--_000_4E1F6AAD24975D4BA5B168042967394366522F1BTK5EX14MBXC284r_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Your proposal differs both from what's in Bearer and what's in Core at pres=
ent.  By using the syntax restrictions from Bearer (which were already sign=
ificantly discussed by the WG) in Core, developers have consistent rules, w=
hich was the point of the DISCUSS.

I don't believe that changing both sets of syntax restrictions was on the t=
able at this point based upon the DISCUSS (but of course, the working group=
 can still obviously do anything that there's clear consensus to do).

                                                            My two cents wo=
rth...
                                                            -- Mike

From: William Mills [mailto:wmills@yahoo-inc.com]
Sent: Thursday, May 31, 2012 9:31 PM
To: Eran Hammer; Mike Jones; Hannes Tschofenig
Cc: oauth@ietf.org WG
Subject: ABNF Re: [OAUTH-WG] Error Encoding: Conclusion

The current OAuth core spec section 8.5 has:

     error-code   =3D ALPHA *error-char

     error-char   =3D "-" / "." / "_" / DIGIT / ALPHA

Mike's proposal would nominally be:

     error-code   =3D *error-char

     error-char   =3D %x20-21 / %x23-5B / %x5D-7E

This is the set of ASCII characters from SPACE to '~' excluding '\' and '"'=
.  I'm not
in love with that, but it's clear.  I'd prefer:

     error-code   =3D ALPHA *error-char

     error-char   =3D %x20-21 / %x23-5B / %x5D-7E

-bill



________________________________
From: Eran Hammer <eran@hueniverse.com<mailto:eran@hueniverse.com>>
To: Mike Jones <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.=
com>>; Hannes Tschofenig <hannes.tschofenig@gmx.net<mailto:hannes.tschofeni=
g@gmx.net>>
Cc: "oauth@ietf.org WG<mailto:oauth@ietf.org%20WG>" <oauth@ietf.org<mailto:=
oauth@ietf.org>>
Sent: Thursday, May 31, 2012 7:47 PM
Subject: Re: [OAUTH-WG] Error Encoding: Conclusion



> -----Original Message-----
> From: Mike Jones [mailto:Michael.Jones@microsoft.com<mailto:Michael.Jones=
@microsoft.com>]
> Sent: Thursday, May 31, 2012 1:53 PM
> To: Eran Hammer; Hannes Tschofenig
> Cc: oauth@ietf.org<mailto:oauth@ietf.org> WG
> Subject: RE: [OAUTH-WG] Error Encoding: Conclusion
>
> Actually, could you please publish before the ABNF is done so that I can
> publish a version of Bearer referencing the new text in Core, so it can b=
e
> reviewed by the WG in parallel with the ABNF work happening?  I think tha=
t
> was Hannes' intent in asking you to publish soon.

I'll review the text and will reply back as to publishing schedule.

> Version numbers are
> cheap...

My time isn't.

EH

>                 Thanks,
>                 -- Mike
>
> -----Original Message-----
> From: Eran Hammer [mailto:eran@hueniverse.com<mailto:eran@hueniverse.com>=
]
> Sent: Thursday, May 31, 2012 12:35 PM
> To: Hannes Tschofenig
> Cc: Mike Jones; oauth@ietf.org<mailto:oauth@ietf.org> WG
> Subject: RE: [OAUTH-WG] Error Encoding: Conclusion
>
> I'll first review the proposed text (as a WG member) and raise any issues
> remaining (if any).
>
> I will wait until the ABNF text is provided before publishing another ver=
sion.
>
> EH
>
> > -----Original Message-----
> > From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net<mailto:hannes=
.tschofenig@gmx.net>]
> > Sent: Thursday, May 31, 2012 10:54 AM
> > To: Eran Hammer
> > Cc: Mike Jones; oauth@ietf.org<mailto:oauth@ietf.org> WG; Hannes Tschof=
enig
> > Subject: Re: [OAUTH-WG] Error Encoding: Conclusion
> >
> > Eran, could you publish a new draft version by Sunday with these
> > changes incorporated? That should give the working group enough time
> > to look at these few paragraphs.
> >
> > In the meanwhile we are working on addressing the ABNF issue Sean
> > raised and we will then go for another update.
> >
> > Ciao
> > Hannes
> >
> > On May 31, 2012, at 8:20 PM, Hannes Tschofenig wrote:
> >
> > > Hi Mike,
> > >
> > > thank you for compiling the text. It looks good to me. I have not
> > > seen
> > anyone from the working group screaming either.
> > >
> > > Eran, can you incorporate these changes into the next draft version?
> > >
> > > Ciao
> > > Hannes
> > >
> > > On May 30, 2012, at 2:10 AM, Mike Jones wrote:
> > >
> > >> I've made another set of updates to a copy of Core -26 to address
> > >> the
> > questions raised by Eran and David below (attached).
> > >>
> > >> An unrelated change that you should probably pick up, Eran is
> > >> adding this
> > to the <front> section, so that the heading shows that the draft is a
> > product of the "OAuth Working Group" rather than the "Network Working
> Group":
> > >>    <area>Security</area>
> > >>    <workgroup>OAuth Working Group</workgroup>
> > >>
> > >> One change I didn't make, but that should be considered, is to
> > >> delete the
> > reference to OASIS.saml-core-2.0-os, since it is used by no <xref> in
> > the document.
> > >>
> > >> The new proposed text for Section 7.2 follows:
> > >>
> > >> 7.2.  Error Response
> > >>
> > >>  If a resource access request fails, the resource server SHOULD info=
rm
> > >>  the client of the error.  While the specific error responses possib=
le
> > >>  and methods for transmitting those errors when using any particular
> > >>  access token type are beyond the scope of this specification, any
> > >>  "error" code values defined for use with OAuth resource access
> > >>  methods MUST be registered (following the procedures in
> > >>  Section 11.4).
> > >>
> > >>  Specifically, when the OAuth resource access method uses an "error"
> > >>  result parameter to return an error code value that indicates the
> > >>  resource access error encountered, then these error code values
> MUST
> > >>  be registered.  Values for these "error" codes MUST NOT include
> > >>  characters outside the set %x20-21 / %x23-5B / %x5D-7E. When an
> > >>  "error" code value is registered for use by an OAuth resource acces=
s
> > >>  method, should that same code already be registered for use by
> > >>  another OAuth resource access method or at a different OAuth error
> > >>  usage location, then the meaning of that error code value in in the
> > >>  new registration MUST be consistent with the its meaning in prior
> > >>  registrations.
> > >>
> > >>  The OAuth resource access error registration requirement applies on=
ly
> > >>  to "error" code values and not to other means of returning error
> > >>  indications, including HTTP status codes, or other error-related
> > >>  result parameters, such as "error_description", "error_uri", or oth=
er
> > >>  kinds of error status return methods that may be employed by the
> > >>  resource access method.  There is no requirement that OAuth resourc=
e
> > >>  access methods employ an "error" parameter.
> > >>
> > >> Hopefully incorporating these changes will enable us to close the
> > remaining DISCUSS issues on both the Core and Bearer drafts.
> > >>
> > >>                                                                Thank=
s all,
> > >>                                                                --
> > >> Mike
> > >>
> > >>
> > >> From: Eran Hammer [mailto:eran@hueniverse.com<mailto:eran@hueniverse=
.com>]
> > >> Sent: Wednesday, May 23, 2012 11:45 PM
> > >> To: David Recordon; Mike Jones; Hannes Tschofenig
> > >> Cc: oauth@ietf.org<mailto:oauth@ietf.org> WG
> > >> Subject: RE: [OAUTH-WG] Error Encoding: Conclusion
> > >>
> > >> With the exception of section 7.2, the changes look reasonable and
> > >> will be
> > applied in the next revision.
> > >>
> > >> The new section 7.2 is confusion and does not explain the new regist=
ry.
> > The section introduces a new requirement to register 'any error codes
> > defined for use with OAuth resource access methods'. This requirement
> > is too vague.
> > >>
> > >> I have no clue how to (for example) apply this text to the MAC draft=
.
> > Adding to David's list below:
> > >>
> > >> * Should the HTTP status codes used by the MAC spec as currently
> > >> written
> > be registered (since no guidance is given to the use of an error parame=
ter)?
> > >> * Does this introduce a requirement to add an error parameter?
> > >> * Does the parameter need to / should be called 'error'?
> > >> * What about future methods in which errors are not simply
> > >> expressed in
> > the form of a fixes string?
> > >>
> > >> EH
> > >>
> > >>
> > >> From: David Recordon [mailto:recordond@gmail.com<mailto:recordond@gm=
ail.com>]
> > >> Sent: Wednesday, May 23, 2012 11:38 PM
> > >> To: Mike Jones; Hannes Tschofenig; Eran Hammer
> > >> Cc: oauth@ietf.org<mailto:oauth@ietf.org> WG
> > >> Subject: Re: [OAUTH-WG] Error Encoding: Conclusion
> > >>
> > >> Honestly still trying to fully wrap my head around what's going on
> > >> here
> > since it seems far more complex than the threads are alluding to. In
> > any case, does Mike's text address what Eran brought up as needed in
> > the thread Hannes referenced or is Eran wrong?
> > >>
> > >> The core spec currently provides full guidance and definition for
> > >> error
> > extensibility. Extending the registry's scope means the need for
> > non-trivial new text that:
> > >>
> > >> * explains the process of adding new errors for endpoints not
> > >> defined by
> > this specification,
> > >> * finds a common ground for value restrictions beyond what is
> > >> already
> > listed,
> > >> * guide authors of future HTTP authentication schemes meant for use
> > with OAuth (e.g. MAC) for their requirements for using the error
> > registry, and
> > >> * address the very likely scenario of the same error code carrying
> > different meanings in different endpoints, or an extension that adds a
> > location to a code already defined elsewhere - something very likely
> > to happen if you cross the two very different domains (OAuth
> > endpoints, Protected resource endpoints). This requires changing the
> > entire structure of the registry to create separate records for each
> code/location pair.
> > >>
> > >> Thanks,
> > >> --David
> > >>
> > >> On Wed, May 23, 2012 at 10:22 PM, Mike Jones
> > <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>> wrote=
:
> > >> Thanks Hannes.  In the interest of hopefully completing the edits
> > >> to
> > remove the DISCUSS issues for the Bearer and Core specs in the next
> > few days so that we can send the docs to the RFC editors, I'd like to
> > propose specific language for the Core spec to address both of the
> > consensus call issue resolutions.  After there's consensus on the
> > specific text for Core, it will be easy for us to add a reference in
> > Bearer to the language in Core for the error syntax restrictions and
> > to use the OAuth errors registry.  I'll do that in parallel with the di=
scussions
> on the proposed core language changes.
> > >>
> > >>
> > >>
> > >> A summary of the changes I made in response to the consensus call
> > conclusions are:
> > >>
> > >> *        Add syntax restrictions for "error", "error_description", a=
nd
> > "error_uri" from Bearer to Core
> > >>
> > >> *        Add section 7.2 about error responses from resource access
> requests
> > >>
> > >> *        Add "resource access error response" to the category of OAu=
th
> > errors that can be registered
> > >>
> > >>
> > >>
> > >> Additional editorial changes that I made as I encountered issues in
> > >> the
> > document were:
> > >>
> > >> *        Updated out of date references, especially the draft-hardt-=
oauth-
> 01
> > reference, which contained an invalid link
> > >>
> > >> *        Added Derek Atkins to the list of chairs
> > >>
> > >> *        Added Yaron Goland's middle initial Y. (since he prefers to=
 include
> it
> > in publications)
> > >>
> > >> *        Replaced use of the deprecated <appendix> element, which
> > prevented the spec from building with strict checking, with a
> > <section> element in the <back> section (which creates an appendix)
> > >>
> > >>
> > >>
> > >> To make it easy to incorporate these changes into the document and
> > >> so
> > the proposed changes are unambiguous, I produced an edited version of
> > Core -26 containing these changes.  The xml, txt, and html versions
> > are attached to facilitate review.  Pertinent diffs from the .txt versi=
on
> follow.
> > >>
> > >>
> > >>
> > >>                                                            Cheers,
> > >>
> > >>                                                            -- Mike
> > >>
> > >>
> > >>
> > >> 683c683,684
> > >>
> > >> <    notation of [RFC5234].
> > >>
> > >> ---
> > >>
> > >>>  notation of [RFC5234].  Additionally, the rule URI-Reference is
> > >>
> > >>>  included from Uniform Resource Identifier (URI) [RFC3986].
> > >>
> > >> 1441c1441,1442
> > >>
> > >> <          REQUIRED.  A single error code from the following:
> > >>
> > >> ---
> > >>
> > >>>        REQUIRED.  A single ASCII [USASCII] error code from the
> > >>
> > >>>        following:
> > >>
> > >> 1474a1475,1476
> > >>
> > >>>        Values for the "error" parameter MUST NOT include
> > >>> characters
> > >>
> > >>>        outside the set %x20-21 / %x23-5B / %x5D-7E.
> > >>
> > >> 1476c1478
> > >>
> > >> <          OPTIONAL.  A human-readable UTF-8 encoded text providing
> > >>
> > >> ---
> > >>
> > >>>        OPTIONAL.  A human-readable ASCII [USASCII] text providing
> > >>
> > >> 1478a1481,1482
> > >>
> > >>>        Values for the "error_description" parameter MUST NOT
> > >>> include
> > >>
> > >>>        characters outside the set %x20-21 / %x23-5B / %x5D-7E.
> > >>
> > >> 1482a1487,1489
> > >>
> > >>>        Values for the "error_uri" parameter MUST conform to the
> > >>> URI-
> > >>
> > >>>        Reference syntax, and thus MUST NOT include characters
> > >>> outside
> > >>
> > >>>        the set %x21 / %x23-5B / %x5D-7E.
> > >>
> > >> 1840c1840,1841
> > >>
> > >> <          REQUIRED.  A single error code from the following:
> > >>
> > >> ---
> > >>
> > >>>        REQUIRED.  A single ASCII [USASCII] error code from the
> > >>
> > >>>        following:
> > >>
> > >> 1873a1874,1875
> > >>
> > >>>        Values for the "error" parameter MUST NOT include
> > >>> characters
> > >>
> > >>>        outside the set %x20-21 / %x23-5B / %x5D-7E.
> > >>
> > >> 1875c1877
> > >>
> > >> <          OPTIONAL.  A human-readable UTF-8 encoded text providing
> > >>
> > >> ---
> > >>
> > >>>        OPTIONAL.  A human-readable ASCII [USASCII] text providing
> > >>
> > >> 1877a1880,1881
> > >>
> > >>>        Values for the "error_description" parameter MUST NOT
> > >>> include
> > >>
> > >>>        characters outside the set %x20-21 / %x23-5B / %x5D-7E.
> > >>
> > >> 1881a1886,1888
> > >>
> > >>>        Values for the "error_uri" parameter MUST conform to the
> > >>> URI-
> > >>
> > >>>        Reference syntax, and thus MUST NOT include characters
> > >>> outside
> > >>
> > >>>        the set %x21 / %x23-5B / %x5D-7E.
> > >>
> > >> <          REQUIRED.  A single error code from the following:
> > >>
> > >> ---
> > >>
> > >>>        REQUIRED.  A single ASCII [USASCII] error code from the
> > >>
> > >>>        following:
> > >>
> > >> 2325a2326,2327
> > >>
> > >>>        Values for the "error" parameter MUST NOT include
> > >>> characters
> > >>
> > >>>        outside the set %x20-21 / %x23-5B / %x5D-7E.
> > >>
> > >> 2327c2329
> > >>
> > >> <          OPTIONAL.  A human-readable UTF-8 encoded text providing
> > >>
> > >> ---
> > >>
> > >>>        OPTIONAL.  A human-readable ASCII [USASCII] text providing
> > >>
> > >> 2329a2332,2333
> > >>
> > >>>        Values for the "error_description" parameter MUST NOT
> > >>> include
> > >>
> > >>>        characters outside the set %x20-21 / %x23-5B / %x5D-7E.
> > >>
> > >> 2333a2338,2340
> > >>
> > >>>        Values for the "error_uri" parameter MUST conform to the
> > >>> URI-
> > >>
> > >>>        Reference syntax, and thus MUST NOT include characters
> > >>> outside
> > >>
> > >>>        the set %x21 / %x23-5B / %x5D-7E.
> > >>
> > >> 2450c2460,2468
> > >>
> > >> <    The method in which the client utilized the access token to
> > >>
> > >> ---
> > >>
> > >>>  The method in which the client utilizes the access token to
> > >>
> > >> 2479c2489
> > >>
> > >> <      Authorization: Bearer 7Fjfp0ZBr1KtDRbnfVdmIw
> > >>
> > >> ---
> > >>
> > >>>    Authorization: Bearer mF_9.B5f-4.1JqM
> > >>
> > >> 2503a2514,2533
> > >>
> > >>>
> > >>
> > >>> 7.2.  Error Response
> > >>
> > >>>
> > >>
> > >>>  If a resource access request fails, the resource server SHOULD
> > >>> inform
> > >>
> > >>>  the client of the error.  While the specific error responses
> > >>> possible
> > >>
> > >>>  and methods for transmitting those errors when using any
> > >>> particular
> > >>
> > >>>  access token type are beyond the scope of this specification,
> > >>> any
> > >>
> > >>>  error codes defined for use with OAuth resource access methods
> > >>> MUST
> > >>
> > >>>  be registered (following the procedures in Section 11.4).
> > >>
> > >>>
> > >>
> > >>>
> > >>
> > >> 2602,2603c2624,2626
> > >>
> > >> <    (Section 4.2.2.1), or the token error response (Section 5.2), s=
uch
> > >>
> > >> <    error codes MAY be defined.
> > >>
> > >> ---
> > >>
> > >>>  (Section 4.2.2.1), the token error response (Section 5.2), or
> > >>> the
> > >>
> > >>>  resource access error response (Section 7.2), such error codes
> > >>> MAY be
> > >>
> > >>>  defined.
> > >>
> > >> 3444c3484,3485
> > >>
> > >> <      (Section 4.2.2.1), or token error response (Section 5.2).
> > >>
> > >> ---
> > >>
> > >>>      (Section 4.2.2.1), token error response (Section 5.2), or
> > >>> resource
> > >>
> > >>>      access error response (Section 7.2).
> > >>
> > >> 3596a3554,3557
> > >>
> > >>>  [USASCII]  American National Standards Institute, "Coded
> > >>> Character
> > >>
> > >>>              Set -- 7-bit American Standard Code for Information
> > >>
> > >>>              Interchange", ANSI X3.4, 1986.
> > >>
> > >>>
> > >>
> > >> 3611,3612c3572,3573
> > >>
> > >> <              OAuth 2.0", draft-ietf-oauth-saml2-bearer-08 (work in
> > >>
> > >> <              progress), August 2011.
> > >>
> > >> ---
> > >>
> > >>>              OAuth 2.0", draft-ietf-oauth-saml2-bearer-12 (work in
> > >>
> > >>>              progress), May 2012.
> > >>
> > >> 3616,3617c3577,3579
> > >>
> > >> <              Protocol: Bearer Tokens", draft-ietf-oauth-v2-bearer-=
08
> > >>
> > >> <              (work in progress), July 2011.
> > >>
> > >> ---
> > >>
> > >>>              Authorization Protocol: Bearer Tokens",
> > >>
> > >>>              draft-ietf-oauth-v2-bearer-19 (work in progress),
> > >>
> > >>>              April 2012.
> > >>
> > >> 3620,3623c3589,3591
> > >>
> > >> <              Hammer-Lahav, E., Barth, A., and B. Adida, "HTTP
> > >>
> > >> <              Authentication: MAC Access Authentication",
> > >>
> > >> <              draft-ietf-oauth-v2-http-mac-00 (work in progress),
> > >>
> > >> <              May 2011.
> > >>
> > >> ---
> > >>
> > >>>              Hammer-Lahav, E., "HTTP Authentication: MAC Access
> > >>
> > >>>              Authentication", draft-ietf-oauth-v2-http-mac-01
> > >>> (work in
> > >>
> > >>>              progress), February 2012.
> > >>
> > >> 3626c3594
> > >>
> > >> <              Lodderstedt, T., McGloin, M., and P. Hunt, "OAuth 2.0
> > >>
> > >> ---
> > >>
> > >>>              McGloin, M., Hunt, P., and T. Lodderstedt, "OAuth 2.0
> > >>
> > >> 3628,3629c3596,3597
> > >>
> > >> <              draft-ietf-oauth-v2-threatmodel-00 (work in progress)=
,
> > >>
> > >> <              July 2011.
> > >>
> > >> ---
> > >>
> > >>>              draft-ietf-oauth-v2-threatmodel-02 (work in
> > >>> progress),
> > >>
> > >>>              February 2012.
> > >>
> > >> 3468,3546d3503
> > >>
> > >> <    Brian Eaton, Yaron Goland, Dick Hardt, and Allen Tom.
> > >>
> > >> 3639c3609,3639
> > >>
> > >>>  Brian Eaton, Yaron Y. Goland, Dick Hardt, and Allen Tom.
> > >>
> > >> 3468,3546d3503
> > >>
> > >> <    Yaron Goland, Brent Goldman, Kristoffer Gronowski, Justin Hart,
> > >>
> > >> 3644,3645c3644,3656
> > >>
> > >>>  Yaron Y. Goland, Brent Goldman, Kristoffer Gronowski, Justin
> > >>> Hart,
> > >>
> > >> 3468,3546d3503
> > >>
> > >> <    This document was produced under the chairmanship of Blaine
> Cook,
> > >>
> > >> <    Peter Saint-Andre, Hannes Tschofenig, and Barry Leiba.  The are=
a
> > >>
> > >> <    directors included Lisa Dusseault, Peter Saint-Andre, and Steph=
en
> > >>
> > >> <    Farrell.
> > >>
> > >> 3646a3658,3661
> > >>
> > >>>  This document was produced under the chairmanship of Blaine
> > >>> Cook,
> > >>
> > >>>  Peter Saint-Andre, Hannes Tschofenig, Barry Leiba, and Derek Atkin=
s.
> > >>
> > >>>  The area directors included Lisa Dusseault, Peter Saint-Andre,
> > >>> and
> > >>
> > >>>  Stephen Farrell.
> > >>
> > >>
> > >>
> > >> -----Original Message-----
> > >> From: oauth-bounces@ietf.org<mailto:oauth-bounces@ietf.org> [mailto:=
oauth-bounces@ietf.org<mailto:oauth-bounces@ietf.org>] On
> > Behalf Of Hannes Tschofenig
> > >> Sent: Wednesday, May 23, 2012 11:27 AM
> > >> To: oauth@ietf.org<mailto:oauth@ietf.org> WG
> > >> Subject: [OAUTH-WG] Error Encoding: Conclusion
> > >>
> > >>
> > >>
> > >> Hi all,
> > >>
> > >>
> > >>
> > >> on May 10th we called for consensus on an open issue regarding the
> > >> error
> > encoding. Here is the link to the call:
> > >>
> > >> http://www.ietf.org/mail-archive/web/oauth/current/msg08994.html
> > >>
> > >>
> > >>
> > >> Thank you all for the feedback. The conclusion of the consensus
> > >> call was
> > to harmonize the encoding between the two specifications by
> > incorporating the restrictions from the bearer specification into the
> > base specification. The error encoding will go into the core
> > specification and the bearer specification will reference it.
> > >>
> > >>
> > >>
> > >> Ciao
> > >>
> > >> Hannes & Derek
> > >>
> > >>
> > >>
> > >> _______________________________________________
> > >>
> > >> OAuth mailing list
> > >>
> > >> OAuth@ietf.org<mailto:OAuth@ietf.org>
> > >>
> > >> https://www.ietf.org/mailman/listinfo/oauth
> > >>
> > >>
> > >>
> > >>
> > >> _______________________________________________
> > >> OAuth mailing list
> > >> OAuth@ietf.org<mailto:OAuth@ietf.org>
> > >> https://www.ietf.org/mailman/listinfo/oauth
> > >>
> > >>
> > >> <draft-ietf-oauth-v2-26+mbj-2.xml><draft-ietf-oauth-v2-26+mbj-
> > 2.txt><draft-ietf-oauth-v2-26+mbj-2.html>
> > >
>
>

_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth


--_000_4E1F6AAD24975D4BA5B168042967394366522F1BTK5EX14MBXC284r_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
	{font-family:Consolas;
	panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
pre
	{mso-style-priority:99;
	mso-style-link:"HTML Preformatted Char";
	margin:0in;
	margin-bottom:.0001pt;
	font-size:10.0pt;
	font-family:"Courier New";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
	{mso-style-priority:99;
	mso-style-link:"Balloon Text Char";
	margin:0in;
	margin-bottom:.0001pt;
	font-size:8.0pt;
	font-family:"Tahoma","sans-serif";}
span.HTMLPreformattedChar
	{mso-style-name:"HTML Preformatted Char";
	mso-style-priority:99;
	mso-style-link:"HTML Preformatted";
	font-family:"Consolas","serif";}
span.EmailStyle19
	{mso-style-type:personal-reply;
	font-family:"Calibri","sans-serif";
	color:#1F497D;}
span.BalloonTextChar
	{mso-style-name:"Balloon Text Char";
	mso-style-priority:99;
	mso-style-link:"Balloon Text";
	font-family:"Tahoma","sans-serif";}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:10.0pt;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1F497D">Your proposal differs bot=
h from what&#8217;s in Bearer and what&#8217;s in Core at present.&nbsp; By=
 using the syntax restrictions from Bearer (which were already significantl=
y
 discussed by the WG) in Core, developers have consistent rules, which was =
the point of the DISCUSS.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1F497D"><o:p>&nbsp;</o:p></span><=
/p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1F497D">I don&#8217;t believe tha=
t changing both sets of syntax restrictions was on the table at this point =
based upon the DISCUSS (but of course, the working group can still
 obviously do anything that there&#8217;s clear consensus to do). <o:p></o:=
p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1F497D"><o:p>&nbsp;</o:p></span><=
/p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1F497D">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp; My two cents worth&#8230;<o:p></o:p></span></=
p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1F497D">&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -- Mike<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1F497D"><o:p>&nbsp;</o:p></span><=
/p>
<div>
<div style=3D"border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in =
0in 0in">
<p class=3D"MsoNormal"><b><span style=3D"font-size:10.0pt;font-family:&quot=
;Tahoma&quot;,&quot;sans-serif&quot;">From:</span></b><span style=3D"font-s=
ize:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;"> William =
Mills [mailto:wmills@yahoo-inc.com]
<br>
<b>Sent:</b> Thursday, May 31, 2012 9:31 PM<br>
<b>To:</b> Eran Hammer; Mike Jones; Hannes Tschofenig<br>
<b>Cc:</b> oauth@ietf.org WG<br>
<b>Subject:</b> ABNF Re: [OAUTH-WG] Error Encoding: Conclusion<o:p></o:p></=
span></p>
</div>
</div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<div>
<div>
<p class=3D"MsoNormal" style=3D"background:white"><span style=3D"font-size:=
14.0pt;font-family:&quot;Courier New&quot;;color:black">The current OAuth c=
ore spec section 8.5 has:<o:p></o:p></span></p>
</div>
<pre style=3D"background:white"><span style=3D"color:black">&nbsp;&nbsp;&nb=
sp;&nbsp; error-code&nbsp;&nbsp; =3D ALPHA *error-char<o:p></o:p></span></p=
re>
<pre style=3D"background:white"><span style=3D"color:black">&nbsp;&nbsp;&nb=
sp;&nbsp; error-char&nbsp;&nbsp; =3D &quot;-&quot; / &quot;.&quot; / &quot;=
_&quot; / DIGIT / ALPHA<o:p></o:p></span></pre>
<pre style=3D"background:white"><span style=3D"color:black"><br>Mike's prop=
osal would nominally be:<br><br>&nbsp;&nbsp;&nbsp;&nbsp; error-code&nbsp;&n=
bsp; =3D *error-char<o:p></o:p></span></pre>
<pre style=3D"background:white"><span style=3D"color:black">&nbsp;&nbsp;&nb=
sp;&nbsp; error-char&nbsp;&nbsp; =3D %x20-21 / %x23-5B / %x5D-7E<o:p></o:p>=
</span></pre>
<pre style=3D"background:white"><span style=3D"color:black"><br>This is the=
 set of ASCII characters from SPACE to '~' excluding '\' and '&quot;'.&nbsp=
; I'm not <br>in love with that, but it's clear.&nbsp; I'd prefer:<br><br>&=
nbsp;&nbsp;&nbsp;&nbsp; error-code&nbsp;&nbsp; =3D ALPHA *error-char<o:p></=
o:p></span></pre>
<pre style=3D"background:white"><span style=3D"color:black">&nbsp;&nbsp;&nb=
sp;&nbsp; error-char&nbsp;&nbsp; =3D %x20-21 / %x23-5B / %x5D-7E<o:p></o:p>=
</span></pre>
<pre style=3D"background:white"><span style=3D"color:black"><br>-bill<o:p><=
/o:p></span></pre>
<pre style=3D"background:white"><span style=3D"color:black"><o:p>&nbsp;</o:=
p></span></pre>
<div>
<blockquote style=3D"border:none;border-left:solid #1010FF 1.5pt;padding:0i=
n 0in 0in 4.0pt;margin-left:3.75pt;margin-top:3.75pt;margin-bottom:5.0pt">
<p class=3D"MsoNormal" style=3D"background:white"><span style=3D"font-size:=
14.0pt;font-family:&quot;Courier New&quot;;color:black"><o:p>&nbsp;</o:p></=
span></p>
<div>
<div>
<div>
<div class=3D"MsoNormal" align=3D"center" style=3D"text-align:center;backgr=
ound:white">
<span style=3D"font-size:10.0pt;font-family:&quot;Arial&quot;,&quot;sans-se=
rif&quot;;color:black">
<hr size=3D"1" width=3D"100%" align=3D"center">
</span></div>
<p class=3D"MsoNormal" style=3D"background:white"><b><span style=3D"font-si=
ze:10.0pt;font-family:&quot;Arial&quot;,&quot;sans-serif&quot;;color:black"=
>From:</span></b><span style=3D"font-size:10.0pt;font-family:&quot;Arial&qu=
ot;,&quot;sans-serif&quot;;color:black"> Eran Hammer &lt;<a href=3D"mailto:=
eran@hueniverse.com">eran@hueniverse.com</a>&gt;<br>
<b>To:</b> Mike Jones &lt;<a href=3D"mailto:Michael.Jones@microsoft.com">Mi=
chael.Jones@microsoft.com</a>&gt;; Hannes Tschofenig &lt;<a href=3D"mailto:=
hannes.tschofenig@gmx.net">hannes.tschofenig@gmx.net</a>&gt;
<br>
<b>Cc:</b> &quot;<a href=3D"mailto:oauth@ietf.org%20WG">oauth@ietf.org WG</=
a>&quot; &lt;<a href=3D"mailto:oauth@ietf.org">oauth@ietf.org</a>&gt;
<br>
<b>Sent:</b> Thursday, May 31, 2012 7:47 PM<br>
<b>Subject:</b> Re: [OAUTH-WG] Error Encoding: Conclusion</span><span style=
=3D"color:black"><o:p></o:p></span></p>
</div>
<p class=3D"MsoNormal" style=3D"margin-bottom:12.0pt;background:white"><spa=
n style=3D"color:black"><br>
<br>
<br>
&gt; -----Original Message-----<br>
&gt; From: Mike Jones [mailto:<a href=3D"mailto:Michael.Jones@microsoft.com=
">Michael.Jones@microsoft.com</a>]<br>
&gt; Sent: Thursday, May 31, 2012 1:53 PM<br>
&gt; To: Eran Hammer; Hannes Tschofenig<br>
&gt; Cc: <a href=3D"mailto:oauth@ietf.org">oauth@ietf.org</a> WG<br>
&gt; Subject: RE: [OAUTH-WG] Error Encoding: Conclusion<br>
&gt; <br>
&gt; Actually, could you please publish before the ABNF is done so that I c=
an<br>
&gt; publish a version of Bearer referencing the new text in Core, so it ca=
n be<br>
&gt; reviewed by the WG in parallel with the ABNF work happening?&nbsp; I t=
hink that<br>
&gt; was Hannes' intent in asking you to publish soon.<br>
<br>
I'll review the text and will reply back as to publishing schedule.<br>
<br>
&gt; Version numbers are<br>
&gt; cheap...<br>
<br>
My time isn't.<br>
<br>
EH<br>
<br>
&gt; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&=
nbsp; Thanks,<br>
&gt; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&=
nbsp; -- Mike<br>
&gt; <br>
&gt; -----Original Message-----<br>
&gt; From: Eran Hammer [mailto:<a href=3D"mailto:eran@hueniverse.com">eran@=
hueniverse.com</a>]<br>
&gt; Sent: Thursday, May 31, 2012 12:35 PM<br>
&gt; To: Hannes Tschofenig<br>
&gt; Cc: Mike Jones; <a href=3D"mailto:oauth@ietf.org">oauth@ietf.org</a> W=
G<br>
&gt; Subject: RE: [OAUTH-WG] Error Encoding: Conclusion<br>
&gt; <br>
&gt; I'll first review the proposed text (as a WG member) and raise any iss=
ues<br>
&gt; remaining (if any).<br>
&gt; <br>
&gt; I will wait until the ABNF text is provided before publishing another =
version.<br>
&gt; <br>
&gt; EH<br>
&gt; <br>
&gt; &gt; -----Original Message-----<br>
&gt; &gt; From: Hannes Tschofenig [mailto:<a href=3D"mailto:hannes.tschofen=
ig@gmx.net">hannes.tschofenig@gmx.net</a>]<br>
&gt; &gt; Sent: Thursday, May 31, 2012 10:54 AM<br>
&gt; &gt; To: Eran Hammer<br>
&gt; &gt; Cc: Mike Jones; <a href=3D"mailto:oauth@ietf.org">oauth@ietf.org<=
/a> WG; Hannes Tschofenig<br>
&gt; &gt; Subject: Re: [OAUTH-WG] Error Encoding: Conclusion<br>
&gt; &gt;<br>
&gt; &gt; Eran, could you publish a new draft version by Sunday with these<=
br>
&gt; &gt; changes incorporated? That should give the working group enough t=
ime<br>
&gt; &gt; to look at these few paragraphs.<br>
&gt; &gt;<br>
&gt; &gt; In the meanwhile we are working on addressing the ABNF issue Sean=
<br>
&gt; &gt; raised and we will then go for another update.<br>
&gt; &gt;<br>
&gt; &gt; Ciao<br>
&gt; &gt; Hannes<br>
&gt; &gt;<br>
&gt; &gt; On May 31, 2012, at 8:20 PM, Hannes Tschofenig wrote:<br>
&gt; &gt;<br>
&gt; &gt; &gt; Hi Mike,<br>
&gt; &gt; &gt;<br>
&gt; &gt; &gt; thank you for compiling the text. It looks good to me. I hav=
e not<br>
&gt; &gt; &gt; seen<br>
&gt; &gt; anyone from the working group screaming either.<br>
&gt; &gt; &gt;<br>
&gt; &gt; &gt; Eran, can you incorporate these changes into the next draft =
version?<br>
&gt; &gt; &gt;<br>
&gt; &gt; &gt; Ciao<br>
&gt; &gt; &gt; Hannes<br>
&gt; &gt; &gt;<br>
&gt; &gt; &gt; On May 30, 2012, at 2:10 AM, Mike Jones wrote:<br>
&gt; &gt; &gt;<br>
&gt; &gt; &gt;&gt; I've made another set of updates to a copy of Core -26 t=
o address<br>
&gt; &gt; &gt;&gt; the<br>
&gt; &gt; questions raised by Eran and David below (attached).<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; An unrelated change that you should probably pick up, Er=
an is<br>
&gt; &gt; &gt;&gt; adding this<br>
&gt; &gt; to the &lt;front&gt; section, so that the heading shows that the =
draft is a<br>
&gt; &gt; product of the &quot;OAuth Working Group&quot; rather than the &q=
uot;Network Working<br>
&gt; Group&quot;:<br>
&gt; &gt; &gt;&gt;&nbsp; &nbsp; &lt;area&gt;Security&lt;/area&gt;<br>
&gt; &gt; &gt;&gt;&nbsp; &nbsp; &lt;workgroup&gt;OAuth Working Group&lt;/wo=
rkgroup&gt;<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; One change I didn't make, but that should be considered,=
 is to<br>
&gt; &gt; &gt;&gt; delete the<br>
&gt; &gt; reference to OASIS.saml-core-2.0-os, since it is used by no &lt;x=
ref&gt; in<br>
&gt; &gt; the document.<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; The new proposed text for Section 7.2 follows:<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; 7.2.&nbsp; Error Response<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&nbsp; If a resource access request fails, the resource s=
erver SHOULD inform<br>
&gt; &gt; &gt;&gt;&nbsp; the client of the error.&nbsp; While the specific =
error responses possible<br>
&gt; &gt; &gt;&gt;&nbsp; and methods for transmitting those errors when usi=
ng any particular<br>
&gt; &gt; &gt;&gt;&nbsp; access token type are beyond the scope of this spe=
cification, any<br>
&gt; &gt; &gt;&gt;&nbsp; &quot;error&quot; code values defined for use with=
 OAuth resource access<br>
&gt; &gt; &gt;&gt;&nbsp; methods MUST be registered (following the procedur=
es in<br>
&gt; &gt; &gt;&gt;&nbsp; Section 11.4).<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&nbsp; Specifically, when the OAuth resource access metho=
d uses an &quot;error&quot;<br>
&gt; &gt; &gt;&gt;&nbsp; result parameter to return an error code value tha=
t indicates the<br>
&gt; &gt; &gt;&gt;&nbsp; resource access error encountered, then these erro=
r code values<br>
&gt; MUST<br>
&gt; &gt; &gt;&gt;&nbsp; be registered.&nbsp; Values for these &quot;error&=
quot; codes MUST NOT include<br>
&gt; &gt; &gt;&gt;&nbsp; characters outside the set %x20-21 / %x23-5B / %x5=
D-7E. When an<br>
&gt; &gt; &gt;&gt;&nbsp; &quot;error&quot; code value is registered for use=
 by an OAuth resource access<br>
&gt; &gt; &gt;&gt;&nbsp; method, should that same code already be registere=
d for use by<br>
&gt; &gt; &gt;&gt;&nbsp; another OAuth resource access method or at a diffe=
rent OAuth error<br>
&gt; &gt; &gt;&gt;&nbsp; usage location, then the meaning of that error cod=
e value in in the<br>
&gt; &gt; &gt;&gt;&nbsp; new registration MUST be consistent with the its m=
eaning in prior<br>
&gt; &gt; &gt;&gt;&nbsp; registrations.<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&nbsp; The OAuth resource access error registration requi=
rement applies only<br>
&gt; &gt; &gt;&gt;&nbsp; to &quot;error&quot; code values and not to other =
means of returning error<br>
&gt; &gt; &gt;&gt;&nbsp; indications, including HTTP status codes, or other=
 error-related<br>
&gt; &gt; &gt;&gt;&nbsp; result parameters, such as &quot;error_description=
&quot;, &quot;error_uri&quot;, or other<br>
&gt; &gt; &gt;&gt;&nbsp; kinds of error status return methods that may be e=
mployed by the<br>
&gt; &gt; &gt;&gt;&nbsp; resource access method.&nbsp; There is no requirem=
ent that OAuth resource<br>
&gt; &gt; &gt;&gt;&nbsp; access methods employ an &quot;error&quot; paramet=
er.<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; Hopefully incorporating these changes will enable us to =
close the<br>
&gt; &gt; remaining DISCUSS issues on both the Core and Bearer drafts.<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &=
nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;=
 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbs=
p; &nbsp; &nbsp; Thanks all,<br>
&gt; &gt; &gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &=
nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;=
 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbs=
p; &nbsp; &nbsp; --<br>
&gt; &gt; &gt;&gt; Mike<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; From: Eran Hammer [mailto:<a href=3D"mailto:eran@huenive=
rse.com">eran@hueniverse.com</a>]<br>
&gt; &gt; &gt;&gt; Sent: Wednesday, May 23, 2012 11:45 PM<br>
&gt; &gt; &gt;&gt; To: David Recordon; Mike Jones; Hannes Tschofenig<br>
&gt; &gt; &gt;&gt; Cc: <a href=3D"mailto:oauth@ietf.org">oauth@ietf.org</a>=
 WG<br>
&gt; &gt; &gt;&gt; Subject: RE: [OAUTH-WG] Error Encoding: Conclusion<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; With the exception of section 7.2, the changes look reas=
onable and<br>
&gt; &gt; &gt;&gt; will be<br>
&gt; &gt; applied in the next revision.<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; The new section 7.2 is confusion and does not explain th=
e new registry.<br>
&gt; &gt; The section introduces a new requirement to register 'any error c=
odes<br>
&gt; &gt; defined for use with OAuth resource access methods'. This require=
ment<br>
&gt; &gt; is too vague.<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; I have no clue how to (for example) apply this text to t=
he MAC draft.<br>
&gt; &gt; Adding to David's list below:<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; * Should the HTTP status codes used by the MAC spec as c=
urrently<br>
&gt; &gt; &gt;&gt; written<br>
&gt; &gt; be registered (since no guidance is given to the use of an error =
parameter)?<br>
&gt; &gt; &gt;&gt; * Does this introduce a requirement to add an error para=
meter?<br>
&gt; &gt; &gt;&gt; * Does the parameter need to / should be called 'error'?=
<br>
&gt; &gt; &gt;&gt; * What about future methods in which errors are not simp=
ly<br>
&gt; &gt; &gt;&gt; expressed in<br>
&gt; &gt; the form of a fixes string?<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; EH<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; From: David Recordon [mailto:<a href=3D"mailto:recordond=
@gmail.com">recordond@gmail.com</a>]<br>
&gt; &gt; &gt;&gt; Sent: Wednesday, May 23, 2012 11:38 PM<br>
&gt; &gt; &gt;&gt; To: Mike Jones; Hannes Tschofenig; Eran Hammer<br>
&gt; &gt; &gt;&gt; Cc: <a href=3D"mailto:oauth@ietf.org">oauth@ietf.org</a>=
 WG<br>
&gt; &gt; &gt;&gt; Subject: Re: [OAUTH-WG] Error Encoding: Conclusion<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; Honestly still trying to fully wrap my head around what'=
s going on<br>
&gt; &gt; &gt;&gt; here<br>
&gt; &gt; since it seems far more complex than the threads are alluding to.=
 In<br>
&gt; &gt; any case, does Mike's text address what Eran brought up as needed=
 in<br>
&gt; &gt; the thread Hannes referenced or is Eran wrong?<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; The core spec currently provides full guidance and defin=
ition for<br>
&gt; &gt; &gt;&gt; error<br>
&gt; &gt; extensibility. Extending the registry's scope means the need for<=
br>
&gt; &gt; non-trivial new text that:<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; * explains the process of adding new errors for endpoint=
s not<br>
&gt; &gt; &gt;&gt; defined by<br>
&gt; &gt; this specification,<br>
&gt; &gt; &gt;&gt; * finds a common ground for value restrictions beyond wh=
at is<br>
&gt; &gt; &gt;&gt; already<br>
&gt; &gt; listed,<br>
&gt; &gt; &gt;&gt; * guide authors of future HTTP authentication schemes me=
ant for use<br>
&gt; &gt; with OAuth (e.g. MAC) for their requirements for using the error<=
br>
&gt; &gt; registry, and<br>
&gt; &gt; &gt;&gt; * address the very likely scenario of the same error cod=
e carrying<br>
&gt; &gt; different meanings in different endpoints, or an extension that a=
dds a<br>
&gt; &gt; location to a code already defined elsewhere - something very lik=
ely<br>
&gt; &gt; to happen if you cross the two very different domains (OAuth<br>
&gt; &gt; endpoints, Protected resource endpoints). This requires changing =
the<br>
&gt; &gt; entire structure of the registry to create separate records for e=
ach<br>
&gt; code/location pair.<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; Thanks,<br>
&gt; &gt; &gt;&gt; --David<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; On Wed, May 23, 2012 at 10:22 PM, Mike Jones<br>
&gt; &gt; &lt;<a href=3D"mailto:Michael.Jones@microsoft.com">Michael.Jones@=
microsoft.com</a>&gt; wrote:<br>
&gt; &gt; &gt;&gt; Thanks Hannes.&nbsp; In the interest of hopefully comple=
ting the edits<br>
&gt; &gt; &gt;&gt; to<br>
&gt; &gt; remove the DISCUSS issues for the Bearer and Core specs in the ne=
xt<br>
&gt; &gt; few days so that we can send the docs to the RFC editors, I'd lik=
e to<br>
&gt; &gt; propose specific language for the Core spec to address both of th=
e<br>
&gt; &gt; consensus call issue resolutions.&nbsp; After there's consensus o=
n the<br>
&gt; &gt; specific text for Core, it will be easy for us to add a reference=
 in<br>
&gt; &gt; Bearer to the language in Core for the error syntax restrictions =
and<br>
&gt; &gt; to use the OAuth errors registry.&nbsp; I'll do that in parallel =
with the discussions<br>
&gt; on the proposed core language changes.<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; A summary of the changes I made in response to the conse=
nsus call<br>
&gt; &gt; conclusions are:<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; *&nbsp; &nbsp; &nbsp; &nbsp; Add syntax restrictions for=
 &quot;error&quot;, &quot;error_description&quot;, and<br>
&gt; &gt; &quot;error_uri&quot; from Bearer to Core<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; *&nbsp; &nbsp; &nbsp; &nbsp; Add section 7.2 about error=
 responses from resource access<br>
&gt; requests<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; *&nbsp; &nbsp; &nbsp; &nbsp; Add &quot;resource access e=
rror response&quot; to the category of OAuth<br>
&gt; &gt; errors that can be registered<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; Additional editorial changes that I made as I encountere=
d issues in<br>
&gt; &gt; &gt;&gt; the<br>
&gt; &gt; document were:<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; *&nbsp; &nbsp; &nbsp; &nbsp; Updated out of date referen=
ces, especially the draft-hardt-oauth-<br>
&gt; 01<br>
&gt; &gt; reference, which contained an invalid link<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; *&nbsp; &nbsp; &nbsp; &nbsp; Added Derek Atkins to the l=
ist of chairs<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; *&nbsp; &nbsp; &nbsp; &nbsp; Added Yaron Goland's middle=
 initial Y. (since he prefers to include<br>
&gt; it<br>
&gt; &gt; in publications)<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; *&nbsp; &nbsp; &nbsp; &nbsp; Replaced use of the depreca=
ted &lt;appendix&gt; element, which<br>
&gt; &gt; prevented the spec from building with strict checking, with a<br>
&gt; &gt; &lt;section&gt; element in the &lt;back&gt; section (which create=
s an appendix)<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; To make it easy to incorporate these changes into the do=
cument and<br>
&gt; &gt; &gt;&gt; so<br>
&gt; &gt; the proposed changes are unambiguous, I produced an edited versio=
n of<br>
&gt; &gt; Core -26 containing these changes.&nbsp; The xml, txt, and html v=
ersions<br>
&gt; &gt; are attached to facilitate review.&nbsp; Pertinent diffs from the=
 .txt version<br>
&gt; follow.<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &=
nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;=
 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbs=
p; Cheers,<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &=
nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;=
 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbs=
p; -- Mike<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; 683c683,684<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; notation of [RFC5234].<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; ---<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; notation of [RFC5234].&nbsp; Additionally, the=
 rule URI-Reference is<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; included from Uniform Resource Identifier (URI=
) [RFC3986].<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; 1441c1441,1442<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; REQUIRED.&nbsp; A=
 single error code from the following:<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; ---<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; REQUIRED.&nbsp; A single =
ASCII [USASCII] error code from the<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; following:<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; 1474a1475,1476<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; Values for the &quot;erro=
r&quot; parameter MUST NOT include<br>
&gt; &gt; &gt;&gt;&gt; characters<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; outside the set %x20-21 /=
 %x23-5B / %x5D-7E.<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; 1476c1478<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; OPTIONAL.&nbsp; A=
 human-readable UTF-8 encoded text providing<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; ---<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; OPTIONAL.&nbsp; A human-r=
eadable ASCII [USASCII] text providing<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; 1478a1481,1482<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; Values for the &quot;erro=
r_description&quot; parameter MUST NOT<br>
&gt; &gt; &gt;&gt;&gt; include<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; characters outside the se=
t %x20-21 / %x23-5B / %x5D-7E.<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; 1482a1487,1489<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; Values for the &quot;erro=
r_uri&quot; parameter MUST conform to the<br>
&gt; &gt; &gt;&gt;&gt; URI-<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; Reference syntax, and thu=
s MUST NOT include characters<br>
&gt; &gt; &gt;&gt;&gt; outside<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; the set %x21 / %x23-5B / =
%x5D-7E.<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; 1840c1840,1841<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; REQUIRED.&nbsp; A=
 single error code from the following:<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; ---<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; REQUIRED.&nbsp; A single =
ASCII [USASCII] error code from the<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; following:<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; 1873a1874,1875<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; Values for the &quot;erro=
r&quot; parameter MUST NOT include<br>
&gt; &gt; &gt;&gt;&gt; characters<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; outside the set %x20-21 /=
 %x23-5B / %x5D-7E.<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; 1875c1877<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; OPTIONAL.&nbsp; A=
 human-readable UTF-8 encoded text providing<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; ---<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; OPTIONAL.&nbsp; A human-r=
eadable ASCII [USASCII] text providing<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; 1877a1880,1881<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; Values for the &quot;erro=
r_description&quot; parameter MUST NOT<br>
&gt; &gt; &gt;&gt;&gt; include<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; characters outside the se=
t %x20-21 / %x23-5B / %x5D-7E.<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; 1881a1886,1888<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; Values for the &quot;erro=
r_uri&quot; parameter MUST conform to the<br>
&gt; &gt; &gt;&gt;&gt; URI-<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; Reference syntax, and thu=
s MUST NOT include characters<br>
&gt; &gt; &gt;&gt;&gt; outside<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; the set %x21 / %x23-5B / =
%x5D-7E.<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; REQUIRED.&nbsp; A=
 single error code from the following:<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; ---<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; REQUIRED.&nbsp; A single =
ASCII [USASCII] error code from the<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; following:<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; 2325a2326,2327<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; Values for the &quot;erro=
r&quot; parameter MUST NOT include<br>
&gt; &gt; &gt;&gt;&gt; characters<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; outside the set %x20-21 /=
 %x23-5B / %x5D-7E.<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; 2327c2329<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; OPTIONAL.&nbsp; A=
 human-readable UTF-8 encoded text providing<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; ---<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; OPTIONAL.&nbsp; A human-r=
eadable ASCII [USASCII] text providing<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; 2329a2332,2333<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; Values for the &quot;erro=
r_description&quot; parameter MUST NOT<br>
&gt; &gt; &gt;&gt;&gt; include<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; characters outside the se=
t %x20-21 / %x23-5B / %x5D-7E.<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; 2333a2338,2340<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; Values for the &quot;erro=
r_uri&quot; parameter MUST conform to the<br>
&gt; &gt; &gt;&gt;&gt; URI-<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; Reference syntax, and thu=
s MUST NOT include characters<br>
&gt; &gt; &gt;&gt;&gt; outside<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; the set %x21 / %x23-5B / =
%x5D-7E.<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; 2450c2460,2468<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; The method in which the client utilize=
d the access token to<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; ---<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; The method in which the client utilizes the ac=
cess token to<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; 2479c2489<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp; Authorization: Bearer 7Fjfp0ZBr=
1KtDRbnfVdmIw<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; ---<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; Authorization: Bearer mF_9.B5f-4.1JqM<b=
r>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; 2503a2514,2533<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt; 7.2.&nbsp; Error Response<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; If a resource access request fails, the resour=
ce server SHOULD<br>
&gt; &gt; &gt;&gt;&gt; inform<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; the client of the error.&nbsp; While the speci=
fic error responses<br>
&gt; &gt; &gt;&gt;&gt; possible<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; and methods for transmitting those errors when=
 using any<br>
&gt; &gt; &gt;&gt;&gt; particular<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; access token type are beyond the scope of this=
 specification,<br>
&gt; &gt; &gt;&gt;&gt; any<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; error codes defined for use with OAuth resourc=
e access methods<br>
&gt; &gt; &gt;&gt;&gt; MUST<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; be registered (following the procedures in Sec=
tion 11.4).<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; 2602,2603c2624,2626<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; (Section 4.2.2.1), or the token error =
response (Section 5.2), such<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; error codes MAY be defined.<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; ---<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; (Section 4.2.2.1), the token error response (S=
ection 5.2), or<br>
&gt; &gt; &gt;&gt;&gt; the<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; resource access error response (Section 7.2), =
such error codes<br>
&gt; &gt; &gt;&gt;&gt; MAY be<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; defined.<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; 3444c3484,3485<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp; (Section 4.2.2.1), or token err=
or response (Section 5.2).<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; ---<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; (Section 4.2.2.1), token error r=
esponse (Section 5.2), or<br>
&gt; &gt; &gt;&gt;&gt; resource<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; access error response (Section 7=
.2).<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; 3596a3554,3557<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; [USASCII]&nbsp; American National Standards In=
stitute, &quot;Coded<br>
&gt; &gt; &gt;&gt;&gt; Character<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Set =
-- 7-bit American Standard Code for Information<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Inte=
rchange&quot;, ANSI X3.4, 1986.<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; 3611,3612c3572,3573<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; OAu=
th 2.0&quot;, draft-ietf-oauth-saml2-bearer-08 (work in<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; pro=
gress), August 2011.<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; ---<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; OAut=
h 2.0&quot;, draft-ietf-oauth-saml2-bearer-12 (work in<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; prog=
ress), May 2012.<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; 3616,3617c3577,3579<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Pro=
tocol: Bearer Tokens&quot;, draft-ietf-oauth-v2-bearer-08<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; (wo=
rk in progress), July 2011.<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; ---<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Auth=
orization Protocol: Bearer Tokens&quot;,<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; draf=
t-ietf-oauth-v2-bearer-19 (work in progress),<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Apri=
l 2012.<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; 3620,3623c3589,3591<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Ham=
mer-Lahav, E., Barth, A., and B. Adida, &quot;HTTP<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Aut=
hentication: MAC Access Authentication&quot;,<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dra=
ft-ietf-oauth-v2-http-mac-00 (work in progress),<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; May=
 2011.<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; ---<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Hamm=
er-Lahav, E., &quot;HTTP Authentication: MAC Access<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Auth=
entication&quot;, draft-ietf-oauth-v2-http-mac-01<br>
&gt; &gt; &gt;&gt;&gt; (work in<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; prog=
ress), February 2012.<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; 3626c3594<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Lod=
derstedt, T., McGloin, M., and P. Hunt, &quot;OAuth 2.0<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; ---<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; McGl=
oin, M., Hunt, P., and T. Lodderstedt, &quot;OAuth 2.0<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; 3628,3629c3596,3597<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dra=
ft-ietf-oauth-v2-threatmodel-00 (work in progress),<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Jul=
y 2011.<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; ---<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; draf=
t-ietf-oauth-v2-threatmodel-02 (work in<br>
&gt; &gt; &gt;&gt;&gt; progress),<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Febr=
uary 2012.<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; 3468,3546d3503<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; Brian Eaton, Yaron Goland, Dick Hardt,=
 and Allen Tom.<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; 3639c3609,3639<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; Brian Eaton, Yaron Y. Goland, Dick Hardt, and =
Allen Tom.<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; 3468,3546d3503<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; Yaron Goland, Brent Goldman, Kristoffe=
r Gronowski, Justin Hart,<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; 3644,3645c3644,3656<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; Yaron Y. Goland, Brent Goldman, Kristoffer Gro=
nowski, Justin<br>
&gt; &gt; &gt;&gt;&gt; Hart,<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; 3468,3546d3503<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; This document was produced under the c=
hairmanship of Blaine<br>
&gt; Cook,<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; Peter Saint-Andre, Hannes Tschofenig, =
and Barry Leiba.&nbsp; The area<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; directors included Lisa Dusseault, Pet=
er Saint-Andre, and Stephen<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; Farrell.<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; 3646a3658,3661<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; This document was produced under the chairmans=
hip of Blaine<br>
&gt; &gt; &gt;&gt;&gt; Cook,<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; Peter Saint-Andre, Hannes Tschofenig, Barry Le=
iba, and Derek Atkins.<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; The area directors included Lisa Dusseault, Pe=
ter Saint-Andre,<br>
&gt; &gt; &gt;&gt;&gt; and<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;&gt;&nbsp; Stephen Farrell.<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; -----Original Message-----<br>
&gt; &gt; &gt;&gt; From: <a href=3D"mailto:oauth-bounces@ietf.org">oauth-bo=
unces@ietf.org</a> [mailto:<a href=3D"mailto:oauth-bounces@ietf.org">oauth-=
bounces@ietf.org</a>] On<br>
&gt; &gt; Behalf Of Hannes Tschofenig<br>
&gt; &gt; &gt;&gt; Sent: Wednesday, May 23, 2012 11:27 AM<br>
&gt; &gt; &gt;&gt; To: <a href=3D"mailto:oauth@ietf.org">oauth@ietf.org</a>=
 WG<br>
&gt; &gt; &gt;&gt; Subject: [OAUTH-WG] Error Encoding: Conclusion<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; Hi all,<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; on May 10th we called for consensus on an open issue reg=
arding the<br>
&gt; &gt; &gt;&gt; error<br>
&gt; &gt; encoding. Here is the link to the call:<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; <a href=3D"http://www.ietf.org/mail-archive/web/oauth/cu=
rrent/msg08994.html" target=3D"_blank">
http://www.ietf.org/mail-archive/web/oauth/current/msg08994.html</a><br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; Thank you all for the feedback. The conclusion of the co=
nsensus<br>
&gt; &gt; &gt;&gt; call was<br>
&gt; &gt; to harmonize the encoding between the two specifications by<br>
&gt; &gt; incorporating the restrictions from the bearer specification into=
 the<br>
&gt; &gt; base specification. The error encoding will go into the core<br>
&gt; &gt; specification and the bearer specification will reference it.<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; Ciao<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; Hannes &amp; Derek<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; _______________________________________________<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; OAuth mailing list<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; <a href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; <a href=3D"https://www.ietf.org/mailman/listinfo/oauth" =
target=3D"_blank">https://www.ietf.org/mailman/listinfo/oauth</a><br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; _______________________________________________<br>
&gt; &gt; &gt;&gt; OAuth mailing list<br>
&gt; &gt; &gt;&gt; <a href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>
&gt; &gt; &gt;&gt; <a href=3D"https://www.ietf.org/mailman/listinfo/oauth" =
target=3D"_blank">https://www.ietf.org/mailman/listinfo/oauth</a><br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt;<br>
&gt; &gt; &gt;&gt; &lt;draft-ietf-oauth-v2-26&#43;mbj-2.xml&gt;&lt;draft-ie=
tf-oauth-v2-26&#43;mbj-<br>
&gt; &gt; 2.txt&gt;&lt;draft-ietf-oauth-v2-26&#43;mbj-2.html&gt;<br>
&gt; &gt; &gt;<br>
&gt; <br>
&gt; <br>
<br>
_______________________________________________<br>
OAuth mailing list<br>
<a href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/oauth" target=3D"_blank">h=
ttps://www.ietf.org/mailman/listinfo/oauth</a><br>
<br>
<o:p></o:p></span></p>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</body>
</html>

--_000_4E1F6AAD24975D4BA5B168042967394366522F1BTK5EX14MBXC284r_--

From wmills@yahoo-inc.com  Thu May 31 21:55:59 2012
Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE31D21F8555 for <oauth@ietfa.amsl.com>; Thu, 31 May 2012 21:55:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.598
X-Spam-Level: 
X-Spam-Status: No, score=-17.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IvjaU4Kpf-Fk for <oauth@ietfa.amsl.com>; Thu, 31 May 2012 21:55:56 -0700 (PDT)
Received: from nm24-vm0.bullet.mail.sp2.yahoo.com (nm24-vm0.bullet.mail.sp2.yahoo.com [98.139.91.226]) by ietfa.amsl.com (Postfix) with SMTP id 6CB1221F8552 for <oauth@ietf.org>; Thu, 31 May 2012 21:55:56 -0700 (PDT)
Received: from [98.139.91.69] by nm24.bullet.mail.sp2.yahoo.com with NNFMP; 01 Jun 2012 04:55:53 -0000
Received: from [98.139.91.35] by tm9.bullet.mail.sp2.yahoo.com with NNFMP; 01 Jun 2012 04:55:53 -0000
Received: from [127.0.0.1] by omp1035.mail.sp2.yahoo.com with NNFMP; 01 Jun 2012 04:55:53 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 593279.96381.bm@omp1035.mail.sp2.yahoo.com
Received: (qmail 54776 invoked by uid 60001); 1 Jun 2012 04:55:52 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1338526552; bh=brWA0RnkJCyCqBuWI89MeCIsUrQ3b1D0i/NJ6DkRckg=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=KuY0dgdRSQqeDHle4/ldNVBIsUPwJkGVTfCBhGYuPNePx+h9G6HFTfMRr91sXXnRG59rW7WxJmhnLwD1hAxB3wRio8y/LctyrjO4mA9If4XgzuxhaMZ0Kf4GjIh41hpat7p5PKbIam4GOtfTbEMDeidgRB+odidT6EfH+gm7TDU=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=Eg6PnQRoh9F92E/thmSxXRnlj4Rrld571l7iDopJ/KQgo4YaIds8Xe1t0IQ34tmq+Z4XbeMV2pbE32uCh8o4u9G7HPphK0yZ9JuA5W0CvOtt7wDKi4mAeFhDKnh2nXv76U/1FNjmAmPEQB0Tq+DtroJZEBQofhRbsmPSfHlxuN8=;
X-YMail-OSG: VCPf1akVM1ka4aFpxNVx39uo6zAHi.l12ERuhEv_JGgqSZU OYuxpTYckY2rANx2IV3RdfRgTGi1Bair7ZXr9g5ji1RdgdQ81nK1hsKIty6s PFQ9b8phrIS3fdCDOMxertc8esxRv1HzB7q4I9UQ0CqoxwgkMhH_4B.QJ3vR fZAtWUbOsLR6Wiy1LtM0wmsZDM2eTw4e3Vm2pNcsGpOJnG.UsajmkJPoWmq5 TZ9bXmpHndgUwcHZ_EmK2Bly5v6qj84BX_AfBkPMyYsXOf9ZhiSTuRMPWJqc iKuYF9UpYlWl4K3fpF3bQITT.9XsUDZ_5ITdbaTHhMcqH4_9dSLf_TixV.iJ 7dB46FyTdNU2v4.aUyVxPSxqs_mLRHbMyJGZyzy2mI1gNVkhCD1pdvCbMG1s bvCbSrZ_Ut.NV_z_K5t_0ggrK9Tg3mA--
Received: from [99.31.212.42] by web31812.mail.mud.yahoo.com via HTTP; Thu, 31 May 2012 21:55:52 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.118.349524
References: <FADC0EB3-75F7-45E8-93B8-A9C3A07E2E88@gmx.net> <4E1F6AAD24975D4BA5B168042967394366516960@TK5EX14MBXC284.redmond.corp.microsoft.com> <CAB_mRgMumU5qzEJF0KCWNCx+R4MAzVawiJGKj2YBpJFzrxkomQ@mail.gmail.com> <0CBAEB56DDB3A140BA8E8C124C04ECA20104B3A1@P3PWEX2MB008.ex2.secureserver.net> <4E1F6AAD24975D4BA5B16804296739436651E440@TK5EX14MBXC284.redmond.corp.microsoft.com> <C306A031-C2F0-4912-8341-312DFF4973BD@gmx.net> <869336FE-0265-4982-B9DE-E2FAE06CD545@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA20105888A@P3PWEX2MB008.ex2.secureserver.net> <4E1F6AAD24975D4BA5B16804296739436652221D@TK5EX14MBXC284.redmond.corp.microsoft.com> <0CBAEB56DDB3A140BA8E8C124C04ECA2010597A3@P3PWEX2MB008.ex2.secureserver.net> <1338525087.63468.YahooMailNeo@web31813.mail.mud.yahoo.com> <4E1F6AAD24975D4BA5B168042967394366522F1B@TK5EX14MBXC284.redmond.corp.microsoft.com>
Message-ID: <1338526552.51981.YahooMailNeo@web31812.mail.mud.yahoo.com>
Date: Thu, 31 May 2012 21:55:52 -0700 (PDT)
From: William Mills <wmills@yahoo-inc.com>
To: Mike Jones <Michael.Jones@microsoft.com>, Eran Hammer <eran@hueniverse.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>
In-Reply-To: <4E1F6AAD24975D4BA5B168042967394366522F1B@TK5EX14MBXC284.redmond.corp.microsoft.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="1458549034-280224819-1338526552=:51981"
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] ABNF Re:  Error Encoding: Conclusion
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills@yahoo-inc.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Jun 2012 04:55:59 -0000

--1458549034-280224819-1338526552=:51981
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

So are you saying that =0A=0A=0A1) I got your syntax right in the second on=
e?=0A2) You like your syntax and don't want to limit it to a leading ALPHA?=
=0A=0A-bill=0A=0A=0A=0A=0A>________________________________=0A> From: Mike =
Jones <Michael.Jones@microsoft.com>=0A>To: William Mills <wmills@yahoo-inc.=
com>; Eran Hammer <eran@hueniverse.com>; Hannes Tschofenig <hannes.tschofen=
ig@gmx.net> =0A>Cc: "oauth@ietf.org WG" <oauth@ietf.org> =0A>Sent: Thursday=
, May 31, 2012 9:45 PM=0A>Subject: RE: ABNF Re: [OAUTH-WG] Error Encoding: =
Conclusion=0A> =0A>=0A> =0A>Your proposal differs both from what=E2=80=99s =
in Bearer and what=E2=80=99s in Core at present.=C2=A0 By using the syntax =
restrictions from Bearer (which were already significantly discussed by the=
 WG) in Core, developers have consistent rules, which was the point of the =
DISCUSS.=0A>=C2=A0=0A>I don=E2=80=99t believe that changing both sets of sy=
ntax restrictions was on the table at this point based upon the DISCUSS (bu=
t of course, the working group can still obviously do anything that there=
=E2=80=99s clear consensus to do). =0A>=C2=A0=0A>=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 My two cents worth=E2=80=A6=0A>=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 -- Mike=0A>=C2=A0=0A>From:Willia=
m Mills [mailto:wmills@yahoo-inc.com] =0A>Sent: Thursday, May 31, 2012 9:31=
 PM=0A>To: Eran Hammer; Mike Jones; Hannes Tschofenig=0A>Cc: oauth@ietf.org=
 WG=0A>Subject: ABNF Re: [OAUTH-WG] Error Encoding: Conclusion=0A>=C2=A0=0A=
>The current OAuth core spec section 8.5 has:=0A>=C2=A0=C2=A0=C2=A0=C2=A0 e=
rror-code=C2=A0=C2=A0 =3D ALPHA *error-char=0A>=C2=A0=C2=A0=C2=A0=C2=A0 err=
or-char=C2=A0=C2=A0 =3D "-" / "." / "_" / DIGIT / ALPHA=0A>=0A>Mike's propo=
sal would nominally be:=0A>=0A>=C2=A0=C2=A0=C2=A0=C2=A0 error-code=C2=A0=C2=
=A0 =3D *error-char=0A>=C2=A0=C2=A0=C2=A0=C2=A0 error-char=C2=A0=C2=A0 =3D =
%x20-21 / %x23-5B / %x5D-7E=0A>=0A>This is the set of ASCII characters from=
 SPACE to '~' excluding '\' and '"'.=C2=A0 I'm not =0A>in love with that, b=
ut it's clear.=C2=A0 I'd prefer:=0A>=0A>=C2=A0=C2=A0=C2=A0=C2=A0 error-code=
=C2=A0=C2=A0 =3D ALPHA *error-char=0A>=C2=A0=C2=A0=C2=A0=C2=A0 error-char=
=C2=A0=C2=A0 =3D %x20-21 / %x23-5B / %x5D-7E=0A>=0A>-bill=0A>=C2=A0=0A>=C2=
=A0=0A>>=0A>>________________________________=0A>> =0A>>From:Eran Hammer <e=
ran@hueniverse.com>=0A>>To: Mike Jones <Michael.Jones@microsoft.com>; Hanne=
s Tschofenig <hannes.tschofenig@gmx.net> =0A>>Cc: "oauth@ietf.org WG" <oaut=
h@ietf.org> =0A>>Sent: Thursday, May 31, 2012 7:47 PM=0A>>Subject: Re: [OAU=
TH-WG] Error Encoding: Conclusion=0A>>=0A>>=0A>>=0A>>> -----Original Messag=
e-----=0A>>> From: Mike Jones [mailto:Michael.Jones@microsoft.com]=0A>>> Se=
nt: Thursday, May 31, 2012 1:53 PM=0A>>> To: Eran Hammer; Hannes Tschofenig=
=0A>>> Cc: oauth@ietf.org WG=0A>>> Subject: RE: [OAUTH-WG] Error Encoding: =
Conclusion=0A>>> =0A>>> Actually, could you please publish before the ABNF =
is done so that I can=0A>>> publish a version of Bearer referencing the new=
 text in Core, so it can be=0A>>> reviewed by the WG in parallel with the A=
BNF work happening?=C2=A0 I think that=0A>>> was Hannes' intent in asking y=
ou to publish soon.=0A>>=0A>>I'll review the text and will reply back as to=
 publishing schedule.=0A>>=0A>>> Version numbers are=0A>>> cheap...=0A>>=0A=
>>My time isn't.=0A>>=0A>>EH=0A>>=0A>>> =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=
=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 Thanks,=0A>>> =C2=A0=C2=A0=C2=A0 =
=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 -- Mike=0A>>> =0A>=
>> -----Original Message-----=0A>>> From: Eran Hammer [mailto:eran@hueniver=
se.com]=0A>>> Sent: Thursday, May 31, 2012 12:35 PM=0A>>> To: Hannes Tschof=
enig=0A>>> Cc: Mike Jones; oauth@ietf.org WG=0A>>> Subject: RE: [OAUTH-WG] =
Error Encoding: Conclusion=0A>>> =0A>>> I'll first review the proposed text=
 (as a WG member) and raise any issues=0A>>> remaining (if any).=0A>>> =0A>=
>> I will wait until the ABNF text is provided before publishing another ve=
rsion.=0A>>> =0A>>> EH=0A>>> =0A>>> > -----Original Message-----=0A>>> > Fr=
om: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net]=0A>>> > Sent: Thur=
sday, May 31, 2012 10:54 AM=0A>>> > To: Eran Hammer=0A>>> > Cc: Mike Jones;=
 oauth@ietf.org WG; Hannes Tschofenig=0A>>> > Subject: Re: [OAUTH-WG] Error=
 Encoding: Conclusion=0A>>> >=0A>>> > Eran, could you publish a new draft v=
ersion by Sunday with these=0A>>> > changes incorporated? That should give =
the working group enough time=0A>>> > to look at these few paragraphs.=0A>>=
> >=0A>>> > In the meanwhile we are working on addressing the ABNF issue Se=
an=0A>>> > raised and we will then go for another update.=0A>>> >=0A>>> > C=
iao=0A>>> > Hannes=0A>>> >=0A>>> > On May 31, 2012, at 8:20 PM, Hannes Tsch=
ofenig wrote:=0A>>> >=0A>>> > > Hi Mike,=0A>>> > >=0A>>> > > thank you for =
compiling the text. It looks good to me. I have not=0A>>> > > seen=0A>>> > =
anyone from the working group screaming either.=0A>>> > >=0A>>> > > Eran, c=
an you incorporate these changes into the next draft version?=0A>>> > >=0A>=
>> > > Ciao=0A>>> > > Hannes=0A>>> > >=0A>>> > > On May 30, 2012, at 2:10 A=
M, Mike Jones wrote:=0A>>> > >=0A>>> > >> I've made another set of updates =
to a copy of Core -26 to address=0A>>> > >> the=0A>>> > questions raised by=
 Eran and David below (attached).=0A>>> > >>=0A>>> > >> An unrelated change=
 that you should probably pick up, Eran is=0A>>> > >> adding this=0A>>> > t=
o the <front> section, so that the heading shows that the draft is a=0A>>> =
> product of the "OAuth Working Group" rather than the "Network Working=0A>=
>> Group":=0A>>> > >>=C2=A0 =C2=A0 <area>Security</area>=0A>>> > >>=C2=A0 =
=C2=A0 <workgroup>OAuth Working Group</workgroup>=0A>>> > >>=0A>>> > >> One=
 change I didn't make, but that should be considered, is to=0A>>> > >> dele=
te the=0A>>> > reference to OASIS.saml-core-2.0-os, since it is used by no =
<xref> in=0A>>> > the document.=0A>>> > >>=0A>>> > >> The new proposed text=
 for Section 7.2 follows:=0A>>> > >>=0A>>> > >> 7.2.=C2=A0 Error Response=
=0A>>> > >>=0A>>> > >>=C2=A0 If a resource access request fails, the resour=
ce server SHOULD inform=0A>>> > >>=C2=A0 the client of the error.=C2=A0 Whi=
le the specific error responses possible=0A>>> > >>=C2=A0 and methods for t=
ransmitting those errors when using any particular=0A>>> > >>=C2=A0 access =
token type are beyond the scope of this specification, any=0A>>> > >>=C2=A0=
 "error" code values defined for use with OAuth resource access=0A>>> > >>=
=C2=A0 methods MUST be registered (following the procedures in=0A>>> > >>=
=C2=A0 Section 11.4).=0A>>> > >>=0A>>> > >>=C2=A0 Specifically, when the OA=
uth resource access method uses an "error"=0A>>> > >>=C2=A0 result paramete=
r to return an error code value that indicates the=0A>>> > >>=C2=A0 resourc=
e access error encountered, then these error code values=0A>>> MUST=0A>>> >=
 >>=C2=A0 be registered.=C2=A0 Values for these "error" codes MUST NOT incl=
ude=0A>>> > >>=C2=A0 characters outside the set %x20-21 / %x23-5B / %x5D-7E=
. When an=0A>>> > >>=C2=A0 "error" code value is registered for use by an O=
Auth resource access=0A>>> > >>=C2=A0 method, should that same code already=
 be registered for use by=0A>>> > >>=C2=A0 another OAuth resource access me=
thod or at a different OAuth error=0A>>> > >>=C2=A0 usage location, then th=
e meaning of that error code value in in the=0A>>> > >>=C2=A0 new registrat=
ion MUST be consistent with the its meaning in prior=0A>>> > >>=C2=A0 regis=
trations.=0A>>> > >>=0A>>> > >>=C2=A0 The OAuth resource access error regis=
tration requirement applies only=0A>>> > >>=C2=A0 to "error" code values an=
d not to other means of returning error=0A>>> > >>=C2=A0 indications, inclu=
ding HTTP status codes, or other error-related=0A>>> > >>=C2=A0 result para=
meters, such as "error_description", "error_uri", or other=0A>>> > >>=C2=A0=
 kinds of error status return methods that may be employed by the=0A>>> > >=
>=C2=A0 resource access method.=C2=A0 There is no requirement that OAuth re=
source=0A>>> > >>=C2=A0 access methods employ an "error" parameter.=0A>>> >=
 >>=0A>>> > >> Hopefully incorporating these changes will enable us to clos=
e the=0A>>> > remaining DISCUSS issues on both the Core and Bearer drafts.=
=0A>>> > >>=0A>>> > >>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 Thanks all,=0A>>> > >>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 --=0A>>> > >> Mike=0A>>> >=
 >>=0A>>> > >>=0A>>> > >> From: Eran Hammer [mailto:eran@hueniverse.com]=0A=
>>> > >> Sent: Wednesday, May 23, 2012 11:45 PM=0A>>> > >> To: David Record=
on; Mike Jones; Hannes Tschofenig=0A>>> > >> Cc: oauth@ietf.org WG=0A>>> > =
>> Subject: RE: [OAUTH-WG] Error Encoding: Conclusion=0A>>> > >>=0A>>> > >>=
 With the exception of section 7.2, the changes look reasonable and=0A>>> >=
 >> will be=0A>>> > applied in the next revision.=0A>>> > >>=0A>>> > >> The=
 new section 7.2 is confusion and does not explain the new registry.=0A>>> =
> The section introduces a new requirement to register 'any error codes=0A>=
>> > defined for use with OAuth resource access methods'. This requirement=
=0A>>> > is too vague.=0A>>> > >>=0A>>> > >> I have no clue how to (for exa=
mple) apply this text to the MAC draft.=0A>>> > Adding to David's list belo=
w:=0A>>> > >>=0A>>> > >> * Should the HTTP status codes used by the MAC spe=
c as currently=0A>>> > >> written=0A>>> > be registered (since no guidance =
is given to the use of an error parameter)?=0A>>> > >> * Does this introduc=
e a requirement to add an error parameter?=0A>>> > >> * Does the parameter =
need to / should be called 'error'?=0A>>> > >> * What about future methods =
in which errors are not simply=0A>>> > >> expressed in=0A>>> > the form of =
a fixes string?=0A>>> > >>=0A>>> > >> EH=0A>>> > >>=0A>>> > >>=0A>>> > >> F=
rom: David Recordon [mailto:recordond@gmail.com]=0A>>> > >> Sent: Wednesday=
, May 23, 2012 11:38 PM=0A>>> > >> To: Mike Jones; Hannes Tschofenig; Eran =
Hammer=0A>>> > >> Cc: oauth@ietf.org WG=0A>>> > >> Subject: Re: [OAUTH-WG] =
Error Encoding: Conclusion=0A>>> > >>=0A>>> > >> Honestly still trying to f=
ully wrap my head around what's going on=0A>>> > >> here=0A>>> > since it s=
eems far more complex than the threads are alluding to. In=0A>>> > any case=
, does Mike's text address what Eran brought up as needed in=0A>>> > the th=
read Hannes referenced or is Eran wrong?=0A>>> > >>=0A>>> > >> The core spe=
c currently provides full guidance and definition for=0A>>> > >> error=0A>>=
> > extensibility. Extending the registry's scope means the need for=0A>>> =
> non-trivial new text that:=0A>>> > >>=0A>>> > >> * explains the process o=
f adding new errors for endpoints not=0A>>> > >> defined by=0A>>> > this sp=
ecification,=0A>>> > >> * finds a common ground for value restrictions beyo=
nd what is=0A>>> > >> already=0A>>> > listed,=0A>>> > >> * guide authors of=
 future HTTP authentication schemes meant for use=0A>>> > with OAuth (e.g. =
MAC) for their requirements for using the error=0A>>> > registry, and=0A>>>=
 > >> * address the very likely scenario of the same error code carrying=0A=
>>> > different meanings in different endpoints, or an extension that adds =
a=0A>>> > location to a code already defined elsewhere - something very lik=
ely=0A>>> > to happen if you cross the two very different domains (OAuth=0A=
>>> > endpoints, Protected resource endpoints). This requires changing the=
=0A>>> > entire structure of the registry to create separate records for ea=
ch=0A>>> code/location pair.=0A>>> > >>=0A>>> > >> Thanks,=0A>>> > >> --Dav=
id=0A>>> > >>=0A>>> > >> On Wed, May 23, 2012 at 10:22 PM, Mike Jones=0A>>>=
 > <Michael.Jones@microsoft.com> wrote:=0A>>> > >> Thanks Hannes.=C2=A0 In =
the interest of hopefully completing the edits=0A>>> > >> to=0A>>> > remove=
 the DISCUSS issues for the Bearer and Core specs in the next=0A>>> > few d=
ays so that we can send the docs to the RFC editors, I'd like to=0A>>> > pr=
opose specific language for the Core spec to address both of the=0A>>> > co=
nsensus call issue resolutions.=C2=A0 After there's consensus on the=0A>>> =
> specific text for Core, it will be easy for us to add a reference in=0A>>=
> > Bearer to the language in Core for the error syntax restrictions and=0A=
>>> > to use the OAuth errors registry.=C2=A0 I'll do that in parallel with=
 the discussions=0A>>> on the proposed core language changes.=0A>>> > >>=0A=
>>> > >>=0A>>> > >>=0A>>> > >> A summary of the changes I made in response =
to the consensus call=0A>>> > conclusions are:=0A>>> > >>=0A>>> > >> *=C2=
=A0 =C2=A0 =C2=A0 =C2=A0 Add syntax restrictions for "error", "error_descri=
ption", and=0A>>> > "error_uri" from Bearer to Core=0A>>> > >>=0A>>> > >> *=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Add section 7.2 about error responses from reso=
urce access=0A>>> requests=0A>>> > >>=0A>>> > >> *=C2=A0 =C2=A0 =C2=A0 =C2=
=A0 Add "resource access error response" to the category of OAuth=0A>>> > e=
rrors that can be registered=0A>>> > >>=0A>>> > >>=0A>>> > >>=0A>>> > >> Ad=
ditional editorial changes that I made as I encountered issues in=0A>>> > >=
> the=0A>>> > document were:=0A>>> > >>=0A>>> > >> *=C2=A0 =C2=A0 =C2=A0 =
=C2=A0 Updated out of date references, especially the draft-hardt-oauth-=0A=
>>> 01=0A>>> > reference, which contained an invalid link=0A>>> > >>=0A>>> =
> >> *=C2=A0 =C2=A0 =C2=A0 =C2=A0 Added Derek Atkins to the list of chairs=
=0A>>> > >>=0A>>> > >> *=C2=A0 =C2=A0 =C2=A0 =C2=A0 Added Yaron Goland's mi=
ddle initial Y. (since he prefers to include=0A>>> it=0A>>> > in publicatio=
ns)=0A>>> > >>=0A>>> > >> *=C2=A0 =C2=A0 =C2=A0 =C2=A0 Replaced use of the =
deprecated <appendix> element, which=0A>>> > prevented the spec from buildi=
ng with strict checking, with a=0A>>> > <section> element in the <back> sec=
tion (which creates an appendix)=0A>>> > >>=0A>>> > >>=0A>>> > >>=0A>>> > >=
> To make it easy to incorporate these changes into the document and=0A>>> =
> >> so=0A>>> > the proposed changes are unambiguous, I produced an edited =
version of=0A>>> > Core -26 containing these changes.=C2=A0 The xml, txt, a=
nd html versions=0A>>> > are attached to facilitate review.=C2=A0 Pertinent=
 diffs from the .txt version=0A>>> follow.=0A>>> > >>=0A>>> > >>=0A>>> > >>=
=0A>>> > >>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 C=
heers,=0A>>> > >>=0A>>> > >>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 -- Mike=0A>>> > >>=0A>>> > >>=0A>>> > >>=0A>>> > >> 683c6=
83,684=0A>>> > >>=0A>>> > >> <=C2=A0 =C2=A0 notation of [RFC5234].=0A>>> > =
>>=0A>>> > >> ---=0A>>> > >>=0A>>> > >>>=C2=A0 notation of [RFC5234].=C2=A0=
 Additionally, the rule URI-Reference is=0A>>> > >>=0A>>> > >>>=C2=A0 inclu=
ded from Uniform Resource Identifier (URI) [RFC3986].=0A>>> > >>=0A>>> > >>=
 1441c1441,1442=0A>>> > >>=0A>>> > >> <=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 R=
EQUIRED.=C2=A0 A single error code from the following:=0A>>> > >>=0A>>> > >=
> ---=0A>>> > >>=0A>>> > >>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 REQUIRED.=C2=A0 A s=
ingle ASCII [USASCII] error code from the=0A>>> > >>=0A>>> > >>>=C2=A0 =C2=
=A0 =C2=A0 =C2=A0 following:=0A>>> > >>=0A>>> > >> 1474a1475,1476=0A>>> > >=
>=0A>>> > >>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 Values for the "error" parameter M=
UST NOT include=0A>>> > >>> characters=0A>>> > >>=0A>>> > >>>=C2=A0 =C2=A0 =
=C2=A0 =C2=A0 outside the set %x20-21 / %x23-5B / %x5D-7E.=0A>>> > >>=0A>>>=
 > >> 1476c1478=0A>>> > >>=0A>>> > >> <=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 O=
PTIONAL.=C2=A0 A human-readable UTF-8 encoded text providing=0A>>> > >>=0A>=
>> > >> ---=0A>>> > >>=0A>>> > >>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 OPTIONAL.=C2=
=A0 A human-readable ASCII [USASCII] text providing=0A>>> > >>=0A>>> > >> 1=
478a1481,1482=0A>>> > >>=0A>>> > >>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 Values for =
the "error_description" parameter MUST NOT=0A>>> > >>> include=0A>>> > >>=
=0A>>> > >>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 characters outside the set %x20-21 =
/ %x23-5B / %x5D-7E.=0A>>> > >>=0A>>> > >> 1482a1487,1489=0A>>> > >>=0A>>> =
> >>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 Values for the "error_uri" parameter MUST =
conform to the=0A>>> > >>> URI-=0A>>> > >>=0A>>> > >>>=C2=A0 =C2=A0 =C2=A0 =
=C2=A0 Reference syntax, and thus MUST NOT include characters=0A>>> > >>> o=
utside=0A>>> > >>=0A>>> > >>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 the set %x21 / %x2=
3-5B / %x5D-7E.=0A>>> > >>=0A>>> > >> 1840c1840,1841=0A>>> > >>=0A>>> > >> =
<=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 REQUIRED.=C2=A0 A single error code fro=
m the following:=0A>>> > >>=0A>>> > >> ---=0A>>> > >>=0A>>> > >>>=C2=A0 =C2=
=A0 =C2=A0 =C2=A0 REQUIRED.=C2=A0 A single ASCII [USASCII] error code from =
the=0A>>> > >>=0A>>> > >>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 following:=0A>>> > >>=
=0A>>> > >> 1873a1874,1875=0A>>> > >>=0A>>> > >>>=C2=A0 =C2=A0 =C2=A0 =C2=
=A0 Values for the "error" parameter MUST NOT include=0A>>> > >>> character=
s=0A>>> > >>=0A>>> > >>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 outside the set %x20-21=
 / %x23-5B / %x5D-7E.=0A>>> > >>=0A>>> > >> 1875c1877=0A>>> > >>=0A>>> > >>=
 <=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 OPTIONAL.=C2=A0 A human-readable UTF-8=
 encoded text providing=0A>>> > >>=0A>>> > >> ---=0A>>> > >>=0A>>> > >>>=C2=
=A0 =C2=A0 =C2=A0 =C2=A0 OPTIONAL.=C2=A0 A human-readable ASCII [USASCII] t=
ext providing=0A>>> > >>=0A>>> > >> 1877a1880,1881=0A>>> > >>=0A>>> > >>>=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Values for the "error_description" parameter MU=
ST NOT=0A>>> > >>> include=0A>>> > >>=0A>>> > >>>=C2=A0 =C2=A0 =C2=A0 =C2=
=A0 characters outside the set %x20-21 / %x23-5B / %x5D-7E.=0A>>> > >>=0A>>=
> > >> 1881a1886,1888=0A>>> > >>=0A>>> > >>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 Val=
ues for the "error_uri" parameter MUST conform to the=0A>>> > >>> URI-=0A>>=
> > >>=0A>>> > >>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 Reference syntax, and thus MU=
ST NOT include characters=0A>>> > >>> outside=0A>>> > >>=0A>>> > >>>=C2=A0 =
=C2=A0 =C2=A0 =C2=A0 the set %x21 / %x23-5B / %x5D-7E.=0A>>> > >>=0A>>> > >=
> <=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 REQUIRED.=C2=A0 A single error code f=
rom the following:=0A>>> > >>=0A>>> > >> ---=0A>>> > >>=0A>>> > >>>=C2=A0 =
=C2=A0 =C2=A0 =C2=A0 REQUIRED.=C2=A0 A single ASCII [USASCII] error code fr=
om the=0A>>> > >>=0A>>> > >>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 following:=0A>>> >=
 >>=0A>>> > >> 2325a2326,2327=0A>>> > >>=0A>>> > >>>=C2=A0 =C2=A0 =C2=A0 =
=C2=A0 Values for the "error" parameter MUST NOT include=0A>>> > >>> charac=
ters=0A>>> > >>=0A>>> > >>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 outside the set %x20=
-21 / %x23-5B / %x5D-7E.=0A>>> > >>=0A>>> > >> 2327c2329=0A>>> > >>=0A>>> >=
 >> <=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 OPTIONAL.=C2=A0 A human-readable UT=
F-8 encoded text providing=0A>>> > >>=0A>>> > >> ---=0A>>> > >>=0A>>> > >>>=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 OPTIONAL.=C2=A0 A human-readable ASCII [USASCII=
] text providing=0A>>> > >>=0A>>> > >> 2329a2332,2333=0A>>> > >>=0A>>> > >>=
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 Values for the "error_description" parameter M=
UST NOT=0A>>> > >>> include=0A>>> > >>=0A>>> > >>>=C2=A0 =C2=A0 =C2=A0 =C2=
=A0 characters outside the set %x20-21 / %x23-5B / %x5D-7E.=0A>>> > >>=0A>>=
> > >> 2333a2338,2340=0A>>> > >>=0A>>> > >>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 Val=
ues for the "error_uri" parameter MUST conform to the=0A>>> > >>> URI-=0A>>=
> > >>=0A>>> > >>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 Reference syntax, and thus MU=
ST NOT include characters=0A>>> > >>> outside=0A>>> > >>=0A>>> > >>>=C2=A0 =
=C2=A0 =C2=A0 =C2=A0 the set %x21 / %x23-5B / %x5D-7E.=0A>>> > >>=0A>>> > >=
> 2450c2460,2468=0A>>> > >>=0A>>> > >> <=C2=A0 =C2=A0 The method in which t=
he client utilized the access token to=0A>>> > >>=0A>>> > >> ---=0A>>> > >>=
=0A>>> > >>>=C2=A0 The method in which the client utilizes the access token=
 to=0A>>> > >>=0A>>> > >> 2479c2489=0A>>> > >>=0A>>> > >> <=C2=A0 =C2=A0 =
=C2=A0 Authorization: Bearer 7Fjfp0ZBr1KtDRbnfVdmIw=0A>>> > >>=0A>>> > >> -=
--=0A>>> > >>=0A>>> > >>>=C2=A0 =C2=A0 Authorization: Bearer mF_9.B5f-4.1Jq=
M=0A>>> > >>=0A>>> > >> 2503a2514,2533=0A>>> > >>=0A>>> > >>>=0A>>> > >>=0A=
>>> > >>> 7.2.=C2=A0 Error Response=0A>>> > >>=0A>>> > >>>=0A>>> > >>=0A>>>=
 > >>>=C2=A0 If a resource access request fails, the resource server SHOULD=
=0A>>> > >>> inform=0A>>> > >>=0A>>> > >>>=C2=A0 the client of the error.=
=C2=A0 While the specific error responses=0A>>> > >>> possible=0A>>> > >>=
=0A>>> > >>>=C2=A0 and methods for transmitting those errors when using any=
=0A>>> > >>> particular=0A>>> > >>=0A>>> > >>>=C2=A0 access token type are =
beyond the scope of this specification,=0A>>> > >>> any=0A>>> > >>=0A>>> > =
>>>=C2=A0 error codes defined for use with OAuth resource access methods=0A=
>>> > >>> MUST=0A>>> > >>=0A>>> > >>>=C2=A0 be registered (following the pr=
ocedures in Section 11.4).=0A>>> > >>=0A>>> > >>>=0A>>> > >>=0A>>> > >>>=0A=
>>> > >>=0A>>> > >> 2602,2603c2624,2626=0A>>> > >>=0A>>> > >> <=C2=A0 =C2=
=A0 (Section 4.2.2.1), or the token error response (Section 5.2), such=0A>>=
> > >>=0A>>> > >> <=C2=A0 =C2=A0 error codes MAY be defined.=0A>>> > >>=0A>=
>> > >> ---=0A>>> > >>=0A>>> > >>>=C2=A0 (Section 4.2.2.1), the token error=
 response (Section 5.2), or=0A>>> > >>> the=0A>>> > >>=0A>>> > >>>=C2=A0 re=
source access error response (Section 7.2), such error codes=0A>>> > >>> MA=
Y be=0A>>> > >>=0A>>> > >>>=C2=A0 defined.=0A>>> > >>=0A>>> > >> 3444c3484,=
3485=0A>>> > >>=0A>>> > >> <=C2=A0 =C2=A0 =C2=A0 (Section 4.2.2.1), or toke=
n error response (Section 5.2).=0A>>> > >>=0A>>> > >> ---=0A>>> > >>=0A>>> =
> >>>=C2=A0 =C2=A0 =C2=A0 (Section 4.2.2.1), token error response (Section =
5.2), or=0A>>> > >>> resource=0A>>> > >>=0A>>> > >>>=C2=A0 =C2=A0 =C2=A0 ac=
cess error response (Section 7.2).=0A>>> > >>=0A>>> > >> 3596a3554,3557=0A>=
>> > >>=0A>>> > >>>=C2=A0 [USASCII]=C2=A0 American National Standards Insti=
tute, "Coded=0A>>> > >>> Character=0A>>> > >>=0A>>> > >>>=C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Set -- 7-bit American Standard Code for Inf=
ormation=0A>>> > >>=0A>>> > >>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 Interchange", ANSI X3.4, 1986.=0A>>> > >>=0A>>> > >>>=0A>>> > >>=0A>=
>> > >> 3611,3612c3572,3573=0A>>> > >>=0A>>> > >> <=C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 OAuth 2.0", draft-ietf-oauth-saml2-bearer-08 (work=
 in=0A>>> > >>=0A>>> > >> <=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 progress), August 2011.=0A>>> > >>=0A>>> > >> ---=0A>>> > >>=0A>>> > >>>=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 OAuth 2.0", draft-ietf-oau=
th-saml2-bearer-12 (work in=0A>>> > >>=0A>>> > >>>=C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 progress), May 2012.=0A>>> > >>=0A>>> > >> 3616,36=
17c3577,3579=0A>>> > >>=0A>>> > >> <=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 Protocol: Bearer Tokens", draft-ietf-oauth-v2-bearer-08=0A>>> > =
>>=0A>>> > >> <=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 (work in pr=
ogress), July 2011.=0A>>> > >>=0A>>> > >> ---=0A>>> > >>=0A>>> > >>>=C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Authorization Protocol: Bearer To=
kens",=0A>>> > >>=0A>>> > >>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 draft-ietf-oauth-v2-bearer-19 (work in progress),=0A>>> > >>=0A>>> > >>=
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 April 2012.=0A>>> > >>=0A=
>>> > >> 3620,3623c3589,3591=0A>>> > >>=0A>>> > >> <=C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Hammer-Lahav, E., Barth, A., and B. Adida, "HTT=
P=0A>>> > >>=0A>>> > >> <=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 A=
uthentication: MAC Access Authentication",=0A>>> > >>=0A>>> > >> <=C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 draft-ietf-oauth-v2-http-mac-00 (=
work in progress),=0A>>> > >>=0A>>> > >> <=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 May 2011.=0A>>> > >>=0A>>> > >> ---=0A>>> > >>=0A>>> > >>=
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Hammer-Lahav, E., "HTTP A=
uthentication: MAC Access=0A>>> > >>=0A>>> > >>>=C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 Authentication", draft-ietf-oauth-v2-http-mac-01=0A>>=
> > >>> (work in=0A>>> > >>=0A>>> > >>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 progress), February 2012.=0A>>> > >>=0A>>> > >> 3626c3594=0A>=
>> > >>=0A>>> > >> <=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Lodder=
stedt, T., McGloin, M., and P. Hunt, "OAuth 2.0=0A>>> > >>=0A>>> > >> ---=
=0A>>> > >>=0A>>> > >>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 McG=
loin, M., Hunt, P., and T. Lodderstedt, "OAuth 2.0=0A>>> > >>=0A>>> > >> 36=
28,3629c3596,3597=0A>>> > >>=0A>>> > >> <=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 draft-ietf-oauth-v2-threatmodel-00 (work in progress),=0A>>>=
 > >>=0A>>> > >> <=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 July 201=
1.=0A>>> > >>=0A>>> > >> ---=0A>>> > >>=0A>>> > >>>=C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 draft-ietf-oauth-v2-threatmodel-02 (work in=0A>>> =
> >>> progress),=0A>>> > >>=0A>>> > >>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 February 2012.=0A>>> > >>=0A>>> > >> 3468,3546d3503=0A>>> > >=
>=0A>>> > >> <=C2=A0 =C2=A0 Brian Eaton, Yaron Goland, Dick Hardt, and Alle=
n Tom.=0A>>> > >>=0A>>> > >> 3639c3609,3639=0A>>> > >>=0A>>> > >>>=C2=A0 Br=
ian Eaton, Yaron Y. Goland, Dick Hardt, and Allen Tom.=0A>>> > >>=0A>>> > >=
> 3468,3546d3503=0A>>> > >>=0A>>> > >> <=C2=A0 =C2=A0 Yaron Goland, Brent G=
oldman, Kristoffer Gronowski, Justin Hart,=0A>>> > >>=0A>>> > >> 3644,3645c=
3644,3656=0A>>> > >>=0A>>> > >>>=C2=A0 Yaron Y. Goland, Brent Goldman, Kris=
toffer Gronowski, Justin=0A>>> > >>> Hart,=0A>>> > >>=0A>>> > >> 3468,3546d=
3503=0A>>> > >>=0A>>> > >> <=C2=A0 =C2=A0 This document was produced under =
the chairmanship of Blaine=0A>>> Cook,=0A>>> > >>=0A>>> > >> <=C2=A0 =C2=A0=
 Peter Saint-Andre, Hannes Tschofenig, and Barry Leiba.=C2=A0 The area=0A>>=
> > >>=0A>>> > >> <=C2=A0 =C2=A0 directors included Lisa Dusseault, Peter S=
aint-Andre, and Stephen=0A>>> > >>=0A>>> > >> <=C2=A0 =C2=A0 Farrell.=0A>>>=
 > >>=0A>>> > >> 3646a3658,3661=0A>>> > >>=0A>>> > >>>=C2=A0 This document =
was produced under the chairmanship of Blaine=0A>>> > >>> Cook,=0A>>> > >>=
=0A>>> > >>>=C2=A0 Peter Saint-Andre, Hannes Tschofenig, Barry Leiba, and D=
erek Atkins.=0A>>> > >>=0A>>> > >>>=C2=A0 The area directors included Lisa =
Dusseault, Peter Saint-Andre,=0A>>> > >>> and=0A>>> > >>=0A>>> > >>>=C2=A0 =
Stephen Farrell.=0A>>> > >>=0A>>> > >>=0A>>> > >>=0A>>> > >> -----Original =
Message-----=0A>>> > >> From: oauth-bounces@ietf.org [mailto:oauth-bounces@=
ietf.org] On=0A>>> > Behalf Of Hannes Tschofenig=0A>>> > >> Sent: Wednesday=
, May 23, 2012 11:27 AM=0A>>> > >> To: oauth@ietf.org WG=0A>>> > >> Subject=
: [OAUTH-WG] Error Encoding: Conclusion=0A>>> > >>=0A>>> > >>=0A>>> > >>=0A=
>>> > >> Hi all,=0A>>> > >>=0A>>> > >>=0A>>> > >>=0A>>> > >> on May 10th we=
 called for consensus on an open issue regarding the=0A>>> > >> error=0A>>>=
 > encoding. Here is the link to the call:=0A>>> > >>=0A>>> > >> http://www=
.ietf.org/mail-archive/web/oauth/current/msg08994.html=0A>>> > >>=0A>>> > >=
>=0A>>> > >>=0A>>> > >> Thank you all for the feedback. The conclusion of t=
he consensus=0A>>> > >> call was=0A>>> > to harmonize the encoding between =
the two specifications by=0A>>> > incorporating the restrictions from the b=
earer specification into the=0A>>> > base specification. The error encoding=
 will go into the core=0A>>> > specification and the bearer specification w=
ill reference it.=0A>>> > >>=0A>>> > >>=0A>>> > >>=0A>>> > >> Ciao=0A>>> > =
>>=0A>>> > >> Hannes & Derek=0A>>> > >>=0A>>> > >>=0A>>> > >>=0A>>> > >> __=
_____________________________________________=0A>>> > >>=0A>>> > >> OAuth m=
ailing list=0A>>> > >>=0A>>> > >> OAuth@ietf.org=0A>>> > >>=0A>>> > >> http=
s://www.ietf.org/mailman/listinfo/oauth=0A>>> > >>=0A>>> > >>=0A>>> > >>=0A=
>>> > >>=0A>>> > >> _______________________________________________=0A>>> >=
 >> OAuth mailing list=0A>>> > >> OAuth@ietf.org=0A>>> > >> https://www.iet=
f.org/mailman/listinfo/oauth=0A>>> > >>=0A>>> > >>=0A>>> > >> <draft-ietf-o=
auth-v2-26+mbj-2.xml><draft-ietf-oauth-v2-26+mbj-=0A>>> > 2.txt><draft-ietf=
-oauth-v2-26+mbj-2.html>=0A>>> > >=0A>>> =0A>>> =0A>>=0A>>_________________=
______________________________=0A>>OAuth mailing list=0A>>OAuth@ietf.org=0A=
>>https://www.ietf.org/mailman/listinfo/oauth=0A>>=0A>>=0A>=0A>
--1458549034-280224819-1338526552=:51981
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html><body><div style=3D"color:#000; background-color:#fff; font-family:Co=
urier New, courier, monaco, monospace, sans-serif;font-size:14pt"><div><spa=
n>So are you saying that <br></span></div><div><br><span></span></div><div>=
<span>1) I got your syntax right in the second one?</span></div><div><span>=
2) You like your syntax and don't want to limit it to a leading ALPHA?</spa=
n></div><div><br><span></span></div><div><span>-bill</span></div><div><br><=
blockquote style=3D"border-left: 2px solid rgb(16, 16, 255); margin-left: 5=
px; margin-top: 5px; padding-left: 5px;">  <div style=3D"font-family: Couri=
er New, courier, monaco, monospace, sans-serif; font-size: 14pt;"> <div sty=
le=3D"font-family: times new roman, new york, times, serif; font-size: 12pt=
;"> <div dir=3D"ltr"> <font face=3D"Arial" size=3D"2"> <hr size=3D"1">  <b>=
<span style=3D"font-weight:bold;">From:</span></b> Mike Jones &lt;Michael.J=
ones@microsoft.com&gt;<br> <b><span style=3D"font-weight: bold;">To:</span>=
</b> William
 Mills &lt;wmills@yahoo-inc.com&gt;; Eran Hammer &lt;eran@hueniverse.com&gt=
;; Hannes Tschofenig &lt;hannes.tschofenig@gmx.net&gt; <br><b><span style=
=3D"font-weight: bold;">Cc:</span></b> "oauth@ietf.org WG" &lt;oauth@ietf.o=
rg&gt; <br> <b><span style=3D"font-weight: bold;">Sent:</span></b> Thursday=
, May 31, 2012 9:45 PM<br> <b><span style=3D"font-weight: bold;">Subject:</=
span></b> RE: ABNF Re: [OAUTH-WG] Error Encoding: Conclusion<br> </font> </=
div> <br><div id=3D"yiv283608885">=0A=0A =0A =0A<style><!--=0A#yiv283608885=
  =0A _filtered #yiv283608885 {font-family:Calibri;panose-1:2 15 5 2 2 2 4 =
3 2 4;}=0A _filtered #yiv283608885 {font-family:Tahoma;panose-1:2 11 6 4 3 =
5 4 4 2 4;}=0A _filtered #yiv283608885 {font-family:Consolas;panose-1:2 11 =
6 9 2 2 4 3 2 4;}=0A#yiv283608885  =0A#yiv283608885 p.yiv283608885MsoNormal=
, #yiv283608885 li.yiv283608885MsoNormal, #yiv283608885 div.yiv283608885Mso=
Normal=0A=09{margin:0in;margin-bottom:.0001pt;font-size:12.0pt;font-family:=
"serif";}=0A#yiv283608885 a:link, #yiv283608885 span.yiv283608885MsoHyperli=
nk=0A=09{color:blue;text-decoration:underline;}=0A#yiv283608885 a:visited, =
#yiv283608885 span.yiv283608885MsoHyperlinkFollowed=0A=09{color:purple;text=
-decoration:underline;}=0A#yiv283608885 pre=0A=09{margin:0in;margin-bottom:=
.0001pt;font-size:10.0pt;font-family:"Courier New";}=0A#yiv283608885 p.yiv2=
83608885MsoAcetate, #yiv283608885 li.yiv283608885MsoAcetate, #yiv283608885 =
div.yiv283608885MsoAcetate=0A=09{margin:0in;margin-bottom:.0001pt;font-size=
:8.0pt;font-family:"sans-serif";}=0A#yiv283608885 span.yiv283608885HTMLPref=
ormattedChar=0A=09{font-family:"serif";}=0A#yiv283608885 span.yiv283608885E=
mailStyle19=0A=09{font-family:"sans-serif";color:#1F497D;}=0A#yiv283608885 =
span.yiv283608885BalloonTextChar=0A=09{font-family:"sans-serif";}=0A#yiv283=
608885 .yiv283608885MsoChpDefault=0A=09{font-size:10.0pt;}=0A _filtered #yi=
v283608885 {margin:1.0in 1.0in 1.0in 1.0in;}=0A#yiv283608885 div.yiv2836088=
85WordSection1=0A=09{}=0A--></style>=0A=0A<div>=0A<div class=3D"yiv28360888=
5WordSection1">=0A<div class=3D"yiv283608885MsoNormal"><span style=3D"font-=
size:11.0pt;color:#1F497D;">Your proposal differs both from what=E2=80=99s =
in Bearer and what=E2=80=99s in Core at present.&nbsp; By using the syntax =
restrictions from Bearer (which were already significantly=0A discussed by =
the WG) in Core, developers have consistent rules, which was the point of t=
he DISCUSS.</span></div> =0A<div class=3D"yiv283608885MsoNormal"><span styl=
e=3D"font-size:11.0pt;color:#1F497D;"> &nbsp;</span></div> =0A<div class=3D=
"yiv283608885MsoNormal"><span style=3D"font-size:11.0pt;color:#1F497D;">I d=
on=E2=80=99t believe that changing both sets of syntax restrictions was on =
the table at this point based upon the DISCUSS (but of course, the working =
group can still=0A obviously do anything that there=E2=80=99s clear consens=
us to do). </span></div> =0A<div class=3D"yiv283608885MsoNormal"><span styl=
e=3D"font-size:11.0pt;color:#1F497D;"> &nbsp;</span></div> =0A<div class=3D=
"yiv283608885MsoNormal"><span style=3D"font-size:11.0pt;color:#1F497D;">&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; My two cents worth=E2=
=80=A6</span></div> =0A<div class=3D"yiv283608885MsoNormal"><span style=3D"=
font-size:11.0pt;color:#1F497D;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp; -- Mike</span></div> =0A<div class=3D"yiv283608885MsoNormal"><=
span style=3D"font-size:11.0pt;color:#1F497D;"> &nbsp;</span></div> =0A<div=
>=0A<div style=3D"border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt =
0in 0in 0in;">=0A<div class=3D"yiv283608885MsoNormal"><b><span style=3D"fon=
t-size:10.0pt;">From:</span></b><span style=3D"font-size:10.0pt;"> William =
Mills [mailto:wmills@yahoo-inc.com]=0A<br>=0A<b>Sent:</b> Thursday, May 31,=
 2012 9:31 PM<br>=0A<b>To:</b> Eran Hammer; Mike Jones; Hannes Tschofenig<b=
r>=0A<b>Cc:</b> oauth@ietf.org WG<br>=0A<b>Subject:</b> ABNF Re: [OAUTH-WG]=
 Error Encoding: Conclusion</span></div> =0A</div>=0A</div>=0A<div class=3D=
"yiv283608885MsoNormal"> &nbsp;</div> =0A<div>=0A<div>=0A<div class=3D"yiv2=
83608885MsoNormal" style=3D"background:white;"><span style=3D"font-size:14.=
0pt;color:black;">The current OAuth core spec section 8.5 has:</span></div>=
 =0A</div>=0A<pre style=3D"background:white;"><span style=3D"color:black;">=
&nbsp;&nbsp;&nbsp;&nbsp; error-code&nbsp;&nbsp; =3D ALPHA *error-char</span=
></pre> =0A<pre style=3D"background:white;"><span style=3D"color:black;">&n=
bsp;&nbsp;&nbsp;&nbsp; error-char&nbsp;&nbsp; =3D "-" / "." / "_" / DIGIT /=
 ALPHA</span></pre> =0A<pre style=3D"background:white;"><span style=3D"colo=
r:black;"><br>Mike's proposal would nominally be:<br><br>&nbsp;&nbsp;&nbsp;=
&nbsp; error-code&nbsp;&nbsp; =3D *error-char</span></pre> =0A<pre style=3D=
"background:white;"><span style=3D"color:black;">&nbsp;&nbsp;&nbsp;&nbsp; e=
rror-char&nbsp;&nbsp; =3D %x20-21 / %x23-5B / %x5D-7E</span></pre> =0A<pre =
style=3D"background:white;"><span style=3D"color:black;"><br>This is the se=
t of ASCII characters from SPACE to '~' excluding '\' and '"'.&nbsp; I'm no=
t <br>in love with that, but it's clear.&nbsp; I'd prefer:<br><br>&nbsp;&nb=
sp;&nbsp;&nbsp; error-code&nbsp;&nbsp; =3D ALPHA *error-char</span></pre> =
=0A<pre style=3D"background:white;"><span style=3D"color:black;">&nbsp;&nbs=
p;&nbsp;&nbsp; error-char&nbsp;&nbsp; =3D %x20-21 / %x23-5B / %x5D-7E</span=
></pre> =0A<pre style=3D"background:white;"><span style=3D"color:black;"><b=
r>-bill</span></pre> =0A<pre style=3D"background:white;"><span style=3D"col=
or:black;"> &nbsp;</span></pre> =0A<div>=0A<blockquote style=3D"border:none=
;border-left:solid #1010FF 1.5pt;padding:0in 0in 0in 4.0pt;margin-left:3.75=
pt;margin-top:3.75pt;margin-bottom:5.0pt;">=0A<div class=3D"yiv283608885Mso=
Normal" style=3D"background:white;"><span style=3D"font-size:14.0pt;color:b=
lack;"> &nbsp;</span></div> =0A<div>=0A<div>=0A<div>=0A<div class=3D"yiv283=
608885MsoNormal" style=3D"text-align:center;background:white;" align=3D"cen=
ter">=0A<span style=3D"font-size:10.0pt;color:black;">=0A<hr align=3D"cente=
r" size=3D"1" width=3D"100%">=0A</span></div>=0A<div class=3D"yiv283608885M=
soNormal" style=3D"background:white;"><b><span style=3D"font-size:10.0pt;co=
lor:black;">From:</span></b><span style=3D"font-size:10.0pt;color:black;"> =
Eran Hammer &lt;<a rel=3D"nofollow" ymailto=3D"mailto:eran@hueniverse.com" =
target=3D"_blank" href=3D"mailto:eran@hueniverse.com">eran@hueniverse.com</=
a>&gt;<br>=0A<b>To:</b> Mike Jones &lt;<a rel=3D"nofollow" ymailto=3D"mailt=
o:Michael.Jones@microsoft.com" target=3D"_blank" href=3D"mailto:Michael.Jon=
es@microsoft.com">Michael.Jones@microsoft.com</a>&gt;; Hannes Tschofenig &l=
t;<a rel=3D"nofollow" ymailto=3D"mailto:hannes.tschofenig@gmx.net" target=
=3D"_blank" href=3D"mailto:hannes.tschofenig@gmx.net">hannes.tschofenig@gmx=
.net</a>&gt;=0A<br>=0A<b>Cc:</b> "<a rel=3D"nofollow" ymailto=3D"mailto:oau=
th@ietf.org%20WG" target=3D"_blank" href=3D"mailto:oauth@ietf.org%20WG">oau=
th@ietf.org WG</a>" &lt;<a rel=3D"nofollow" ymailto=3D"mailto:oauth@ietf.or=
g" target=3D"_blank" href=3D"mailto:oauth@ietf.org">oauth@ietf.org</a>&gt;=
=0A<br>=0A<b>Sent:</b> Thursday, May 31, 2012 7:47 PM<br>=0A<b>Subject:</b>=
 Re: [OAUTH-WG] Error Encoding: Conclusion</span><span style=3D"color:black=
;"></span></div> =0A</div>=0A<div class=3D"yiv283608885MsoNormal" style=3D"=
margin-bottom:12.0pt;background:white;"><span style=3D"color:black;"><br>=
=0A<br>=0A<br>=0A&gt; -----Original Message-----<br>=0A&gt; From: Mike Jone=
s [mailto:<a rel=3D"nofollow" ymailto=3D"mailto:Michael.Jones@microsoft.com=
" target=3D"_blank" href=3D"mailto:Michael.Jones@microsoft.com">Michael.Jon=
es@microsoft.com</a>]<br>=0A&gt; Sent: Thursday, May 31, 2012 1:53 PM<br>=
=0A&gt; To: Eran Hammer; Hannes Tschofenig<br>=0A&gt; Cc: <a rel=3D"nofollo=
w" ymailto=3D"mailto:oauth@ietf.org" target=3D"_blank" href=3D"mailto:oauth=
@ietf.org">oauth@ietf.org</a> WG<br>=0A&gt; Subject: RE: [OAUTH-WG] Error E=
ncoding: Conclusion<br>=0A&gt; <br>=0A&gt; Actually, could you please publi=
sh before the ABNF is done so that I can<br>=0A&gt; publish a version of Be=
arer referencing the new text in Core, so it can be<br>=0A&gt; reviewed by =
the WG in parallel with the ABNF work happening?&nbsp; I think that<br>=0A&=
gt; was Hannes' intent in asking you to publish soon.<br>=0A<br>=0AI'll rev=
iew the text and will reply back as to publishing schedule.<br>=0A<br>=0A&g=
t; Version numbers are<br>=0A&gt; cheap...<br>=0A<br>=0AMy time isn't.<br>=
=0A<br>=0AEH<br>=0A<br>=0A&gt; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;=
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; Thanks,<br>=0A&gt; &nbsp;&nbsp;&nbsp; &nbsp=
;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; -- Mike<br>=0A&gt; <br>=
=0A&gt; -----Original Message-----<br>=0A&gt; From: Eran Hammer [mailto:<a =
rel=3D"nofollow" ymailto=3D"mailto:eran@hueniverse.com" target=3D"_blank" h=
ref=3D"mailto:eran@hueniverse.com">eran@hueniverse.com</a>]<br>=0A&gt; Sent=
: Thursday, May 31, 2012 12:35 PM<br>=0A&gt; To: Hannes Tschofenig<br>=0A&g=
t; Cc: Mike Jones; <a rel=3D"nofollow" ymailto=3D"mailto:oauth@ietf.org" ta=
rget=3D"_blank" href=3D"mailto:oauth@ietf.org">oauth@ietf.org</a> WG<br>=0A=
&gt; Subject: RE: [OAUTH-WG] Error Encoding: Conclusion<br>=0A&gt; <br>=0A&=
gt; I'll first review the proposed text (as a WG member) and raise any issu=
es<br>=0A&gt; remaining (if any).<br>=0A&gt; <br>=0A&gt; I will wait until =
the ABNF text is provided before publishing another version.<br>=0A&gt; <br=
>=0A&gt; EH<br>=0A&gt; <br>=0A&gt; &gt; -----Original Message-----<br>=0A&g=
t; &gt; From: Hannes Tschofenig [mailto:<a rel=3D"nofollow" ymailto=3D"mail=
to:hannes.tschofenig@gmx.net" target=3D"_blank" href=3D"mailto:hannes.tscho=
fenig@gmx.net">hannes.tschofenig@gmx.net</a>]<br>=0A&gt; &gt; Sent: Thursda=
y, May 31, 2012 10:54 AM<br>=0A&gt; &gt; To: Eran Hammer<br>=0A&gt; &gt; Cc=
: Mike Jones; <a rel=3D"nofollow" ymailto=3D"mailto:oauth@ietf.org" target=
=3D"_blank" href=3D"mailto:oauth@ietf.org">oauth@ietf.org</a> WG; Hannes Ts=
chofenig<br>=0A&gt; &gt; Subject: Re: [OAUTH-WG] Error Encoding: Conclusion=
<br>=0A&gt; &gt;<br>=0A&gt; &gt; Eran, could you publish a new draft versio=
n by Sunday with these<br>=0A&gt; &gt; changes incorporated? That should gi=
ve the working group enough time<br>=0A&gt; &gt; to look at these few parag=
raphs.<br>=0A&gt; &gt;<br>=0A&gt; &gt; In the meanwhile we are working on a=
ddressing the ABNF issue Sean<br>=0A&gt; &gt; raised and we will then go fo=
r another update.<br>=0A&gt; &gt;<br>=0A&gt; &gt; Ciao<br>=0A&gt; &gt; Hann=
es<br>=0A&gt; &gt;<br>=0A&gt; &gt; On May 31, 2012, at 8:20 PM, Hannes Tsch=
ofenig wrote:<br>=0A&gt; &gt;<br>=0A&gt; &gt; &gt; Hi Mike,<br>=0A&gt; &gt;=
 &gt;<br>=0A&gt; &gt; &gt; thank you for compiling the text. It looks good =
to me. I have not<br>=0A&gt; &gt; &gt; seen<br>=0A&gt; &gt; anyone from the=
 working group screaming either.<br>=0A&gt; &gt; &gt;<br>=0A&gt; &gt; &gt; =
Eran, can you incorporate these changes into the next draft version?<br>=0A=
&gt; &gt; &gt;<br>=0A&gt; &gt; &gt; Ciao<br>=0A&gt; &gt; &gt; Hannes<br>=0A=
&gt; &gt; &gt;<br>=0A&gt; &gt; &gt; On May 30, 2012, at 2:10 AM, Mike Jones=
 wrote:<br>=0A&gt; &gt; &gt;<br>=0A&gt; &gt; &gt;&gt; I've made another set=
 of updates to a copy of Core -26 to address<br>=0A&gt; &gt; &gt;&gt; the<b=
r>=0A&gt; &gt; questions raised by Eran and David below (attached).<br>=0A&=
gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; An unrelated change that you sho=
uld probably pick up, Eran is<br>=0A&gt; &gt; &gt;&gt; adding this<br>=0A&g=
t; &gt; to the &lt;front&gt; section, so that the heading shows that the dr=
aft is a<br>=0A&gt; &gt; product of the "OAuth Working Group" rather than t=
he "Network Working<br>=0A&gt; Group":<br>=0A&gt; &gt; &gt;&gt;&nbsp; &nbsp=
; &lt;area&gt;Security&lt;/area&gt;<br>=0A&gt; &gt; &gt;&gt;&nbsp; &nbsp; &=
lt;workgroup&gt;OAuth Working Group&lt;/workgroup&gt;<br>=0A&gt; &gt; &gt;&=
gt;<br>=0A&gt; &gt; &gt;&gt; One change I didn't make, but that should be c=
onsidered, is to<br>=0A&gt; &gt; &gt;&gt; delete the<br>=0A&gt; &gt; refere=
nce to OASIS.saml-core-2.0-os, since it is used by no &lt;xref&gt; in<br>=
=0A&gt; &gt; the document.<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt=
; The new proposed text for Section 7.2 follows:<br>=0A&gt; &gt; &gt;&gt;<b=
r>=0A&gt; &gt; &gt;&gt; 7.2.&nbsp; Error Response<br>=0A&gt; &gt; &gt;&gt;<=
br>=0A&gt; &gt; &gt;&gt;&nbsp; If a resource access request fails, the reso=
urce server SHOULD inform<br>=0A&gt; &gt; &gt;&gt;&nbsp; the client of the =
error.&nbsp; While the specific error responses possible<br>=0A&gt; &gt; &g=
t;&gt;&nbsp; and methods for transmitting those errors when using any parti=
cular<br>=0A&gt; &gt; &gt;&gt;&nbsp; access token type are beyond the scope=
 of this specification, any<br>=0A&gt; &gt; &gt;&gt;&nbsp; "error" code val=
ues defined for use with OAuth resource access<br>=0A&gt; &gt; &gt;&gt;&nbs=
p; methods MUST be registered (following the procedures in<br>=0A&gt; &gt; =
&gt;&gt;&nbsp; Section 11.4).<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;=
&gt;&nbsp; Specifically, when the OAuth resource access method uses an "err=
or"<br>=0A&gt; &gt; &gt;&gt;&nbsp; result parameter to return an error code=
 value that indicates the<br>=0A&gt; &gt; &gt;&gt;&nbsp; resource access er=
ror encountered, then these error code values<br>=0A&gt; MUST<br>=0A&gt; &g=
t; &gt;&gt;&nbsp; be registered.&nbsp; Values for these "error" codes MUST =
NOT include<br>=0A&gt; &gt; &gt;&gt;&nbsp; characters outside the set %x20-=
21 / %x23-5B / %x5D-7E. When an<br>=0A&gt; &gt; &gt;&gt;&nbsp; "error" code=
 value is registered for use by an OAuth resource access<br>=0A&gt; &gt; &g=
t;&gt;&nbsp; method, should that same code already be registered for use by=
<br>=0A&gt; &gt; &gt;&gt;&nbsp; another OAuth resource access method or at =
a different OAuth error<br>=0A&gt; &gt; &gt;&gt;&nbsp; usage location, then=
 the meaning of that error code value in in the<br>=0A&gt; &gt; &gt;&gt;&nb=
sp; new registration MUST be consistent with the its meaning in prior<br>=
=0A&gt; &gt; &gt;&gt;&nbsp; registrations.<br>=0A&gt; &gt; &gt;&gt;<br>=0A&=
gt; &gt; &gt;&gt;&nbsp; The OAuth resource access error registration requir=
ement applies only<br>=0A&gt; &gt; &gt;&gt;&nbsp; to "error" code values an=
d not to other means of returning error<br>=0A&gt; &gt; &gt;&gt;&nbsp; indi=
cations, including HTTP status codes, or other error-related<br>=0A&gt; &gt=
; &gt;&gt;&nbsp; result parameters, such as "error_description", "error_uri=
", or other<br>=0A&gt; &gt; &gt;&gt;&nbsp; kinds of error status return met=
hods that may be employed by the<br>=0A&gt; &gt; &gt;&gt;&nbsp; resource ac=
cess method.&nbsp; There is no requirement that OAuth resource<br>=0A&gt; &=
gt; &gt;&gt;&nbsp; access methods employ an "error" parameter.<br>=0A&gt; &=
gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; Hopefully incorporating these changes=
 will enable us to close the<br>=0A&gt; &gt; remaining DISCUSS issues on bo=
th the Core and Bearer drafts.<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt=
;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; =
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp=
; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nb=
sp; Thanks all,<br>=0A&gt; &gt; &gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; =
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp=
; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nb=
sp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; --<br>=0A&gt; &gt; &gt;&gt; Mike<br>=
=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; Fro=
m: Eran Hammer [mailto:<a rel=3D"nofollow" ymailto=3D"mailto:eran@huenivers=
e.com" target=3D"_blank" href=3D"mailto:eran@hueniverse.com">eran@huenivers=
e.com</a>]<br>=0A&gt; &gt; &gt;&gt; Sent: Wednesday, May 23, 2012 11:45 PM<=
br>=0A&gt; &gt; &gt;&gt; To: David Recordon; Mike Jones; Hannes Tschofenig<=
br>=0A&gt; &gt; &gt;&gt; Cc: <a rel=3D"nofollow" ymailto=3D"mailto:oauth@ie=
tf.org" target=3D"_blank" href=3D"mailto:oauth@ietf.org">oauth@ietf.org</a>=
 WG<br>=0A&gt; &gt; &gt;&gt; Subject: RE: [OAUTH-WG] Error Encoding: Conclu=
sion<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; With the exception o=
f section 7.2, the changes look reasonable and<br>=0A&gt; &gt; &gt;&gt; wil=
l be<br>=0A&gt; &gt; applied in the next revision.<br>=0A&gt; &gt; &gt;&gt;=
<br>=0A&gt; &gt; &gt;&gt; The new section 7.2 is confusion and does not exp=
lain the new registry.<br>=0A&gt; &gt; The section introduces a new require=
ment to register 'any error codes<br>=0A&gt; &gt; defined for use with OAut=
h resource access methods'. This requirement<br>=0A&gt; &gt; is too vague.<=
br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; I have no clue how to (fo=
r example) apply this text to the MAC draft.<br>=0A&gt; &gt; Adding to Davi=
d's list below:<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; * Should =
the HTTP status codes used by the MAC spec as currently<br>=0A&gt; &gt; &gt=
;&gt; written<br>=0A&gt; &gt; be registered (since no guidance is given to =
the use of an error parameter)?<br>=0A&gt; &gt; &gt;&gt; * Does this introd=
uce a requirement to add an error parameter?<br>=0A&gt; &gt; &gt;&gt; * Doe=
s the parameter need to / should be called 'error'?<br>=0A&gt; &gt; &gt;&gt=
; * What about future methods in which errors are not simply<br>=0A&gt; &gt=
; &gt;&gt; expressed in<br>=0A&gt; &gt; the form of a fixes string?<br>=0A&=
gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; EH<br>=0A&gt; &gt; &gt;&gt;<br>=
=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; From: David Recordon [mailto=
:<a rel=3D"nofollow" ymailto=3D"mailto:recordond@gmail.com" target=3D"_blan=
k" href=3D"mailto:recordond@gmail.com">recordond@gmail.com</a>]<br>=0A&gt; =
&gt; &gt;&gt; Sent: Wednesday, May 23, 2012 11:38 PM<br>=0A&gt; &gt; &gt;&g=
t; To: Mike Jones; Hannes Tschofenig; Eran Hammer<br>=0A&gt; &gt; &gt;&gt; =
Cc: <a rel=3D"nofollow" ymailto=3D"mailto:oauth@ietf.org" target=3D"_blank"=
 href=3D"mailto:oauth@ietf.org">oauth@ietf.org</a> WG<br>=0A&gt; &gt; &gt;&=
gt; Subject: Re: [OAUTH-WG] Error Encoding: Conclusion<br>=0A&gt; &gt; &gt;=
&gt;<br>=0A&gt; &gt; &gt;&gt; Honestly still trying to fully wrap my head a=
round what's going on<br>=0A&gt; &gt; &gt;&gt; here<br>=0A&gt; &gt; since i=
t seems far more complex than the threads are alluding to. In<br>=0A&gt; &g=
t; any case, does Mike's text address what Eran brought up as needed in<br>=
=0A&gt; &gt; the thread Hannes referenced or is Eran wrong?<br>=0A&gt; &gt;=
 &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; The core spec currently provides full gu=
idance and definition for<br>=0A&gt; &gt; &gt;&gt; error<br>=0A&gt; &gt; ex=
tensibility. Extending the registry's scope means the need for<br>=0A&gt; &=
gt; non-trivial new text that:<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt=
;&gt; * explains the process of adding new errors for endpoints not<br>=0A&=
gt; &gt; &gt;&gt; defined by<br>=0A&gt; &gt; this specification,<br>=0A&gt;=
 &gt; &gt;&gt; * finds a common ground for value restrictions beyond what i=
s<br>=0A&gt; &gt; &gt;&gt; already<br>=0A&gt; &gt; listed,<br>=0A&gt; &gt; =
&gt;&gt; * guide authors of future HTTP authentication schemes meant for us=
e<br>=0A&gt; &gt; with OAuth (e.g. MAC) for their requirements for using th=
e error<br>=0A&gt; &gt; registry, and<br>=0A&gt; &gt; &gt;&gt; * address th=
e very likely scenario of the same error code carrying<br>=0A&gt; &gt; diff=
erent meanings in different endpoints, or an extension that adds a<br>=0A&g=
t; &gt; location to a code already defined elsewhere - something very likel=
y<br>=0A&gt; &gt; to happen if you cross the two very different domains (OA=
uth<br>=0A&gt; &gt; endpoints, Protected resource endpoints). This requires=
 changing the<br>=0A&gt; &gt; entire structure of the registry to create se=
parate records for each<br>=0A&gt; code/location pair.<br>=0A&gt; &gt; &gt;=
&gt;<br>=0A&gt; &gt; &gt;&gt; Thanks,<br>=0A&gt; &gt; &gt;&gt; --David<br>=
=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; On Wed, May 23, 2012 at 10:2=
2 PM, Mike Jones<br>=0A&gt; &gt; &lt;<a rel=3D"nofollow" ymailto=3D"mailto:=
Michael.Jones@microsoft.com" target=3D"_blank" href=3D"mailto:Michael.Jones=
@microsoft.com">Michael.Jones@microsoft.com</a>&gt; wrote:<br>=0A&gt; &gt; =
&gt;&gt; Thanks Hannes.&nbsp; In the interest of hopefully completing the e=
dits<br>=0A&gt; &gt; &gt;&gt; to<br>=0A&gt; &gt; remove the DISCUSS issues =
for the Bearer and Core specs in the next<br>=0A&gt; &gt; few days so that =
we can send the docs to the RFC editors, I'd like to<br>=0A&gt; &gt; propos=
e specific language for the Core spec to address both of the<br>=0A&gt; &gt=
; consensus call issue resolutions.&nbsp; After there's consensus on the<br=
>=0A&gt; &gt; specific text for Core, it will be easy for us to add a refer=
ence in<br>=0A&gt; &gt; Bearer to the language in Core for the error syntax=
 restrictions and<br>=0A&gt; &gt; to use the OAuth errors registry.&nbsp; I=
'll do that in parallel with the discussions<br>=0A&gt; on the proposed cor=
e language changes.<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;<br>=
=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; A summary of the changes I m=
ade in response to the consensus call<br>=0A&gt; &gt; conclusions are:<br>=
=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; *&nbsp; &nbsp; &nbsp; &nbsp;=
 Add syntax restrictions for "error", "error_description", and<br>=0A&gt; &=
gt; "error_uri" from Bearer to Core<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt=
; &gt;&gt; *&nbsp; &nbsp; &nbsp; &nbsp; Add section 7.2 about error respons=
es from resource access<br>=0A&gt; requests<br>=0A&gt; &gt; &gt;&gt;<br>=0A=
&gt; &gt; &gt;&gt; *&nbsp; &nbsp; &nbsp; &nbsp; Add "resource access error =
response" to the category of OAuth<br>=0A&gt; &gt; errors that can be regis=
tered<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt=
;&gt;<br>=0A&gt; &gt; &gt;&gt; Additional editorial changes that I made as =
I encountered issues in<br>=0A&gt; &gt; &gt;&gt; the<br>=0A&gt; &gt; docume=
nt were:<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; *&nbsp; &nbsp; &=
nbsp; &nbsp; Updated out of date references, especially the draft-hardt-oau=
th-<br>=0A&gt; 01<br>=0A&gt; &gt; reference, which contained an invalid lin=
k<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; *&nbsp; &nbsp; &nbsp; &=
nbsp; Added Derek Atkins to the list of chairs<br>=0A&gt; &gt; &gt;&gt;<br>=
=0A&gt; &gt; &gt;&gt; *&nbsp; &nbsp; &nbsp; &nbsp; Added Yaron Goland's mid=
dle initial Y. (since he prefers to include<br>=0A&gt; it<br>=0A&gt; &gt; i=
n publications)<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; *&nbsp; &=
nbsp; &nbsp; &nbsp; Replaced use of the deprecated &lt;appendix&gt; element=
, which<br>=0A&gt; &gt; prevented the spec from building with strict checki=
ng, with a<br>=0A&gt; &gt; &lt;section&gt; element in the &lt;back&gt; sect=
ion (which creates an appendix)<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &g=
t;&gt;<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; To make it easy to=
 incorporate these changes into the document and<br>=0A&gt; &gt; &gt;&gt; s=
o<br>=0A&gt; &gt; the proposed changes are unambiguous, I produced an edite=
d version of<br>=0A&gt; &gt; Core -26 containing these changes.&nbsp; The x=
ml, txt, and html versions<br>=0A&gt; &gt; are attached to facilitate revie=
w.&nbsp; Pertinent diffs from the .txt version<br>=0A&gt; follow.<br>=0A&gt=
; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt=
; &gt; &gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbs=
p; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &n=
bsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; =
Cheers,<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&nbsp; &nbsp; &nbs=
p; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &n=
bsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; =
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; -- Mike<br>=0A&gt; &gt; &gt;&gt;<=
br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; =
683c683,684<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; &lt;&nbsp; &n=
bsp; notation of [RFC5234].<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&g=
t; ---<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; notation=
 of [RFC5234].&nbsp; Additionally, the rule URI-Reference is<br>=0A&gt; &gt=
; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; included from Uniform Resourc=
e Identifier (URI) [RFC3986].<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;=
&gt; 1441c1441,1442<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; &lt;&=
nbsp; &nbsp; &nbsp; &nbsp; &nbsp; REQUIRED.&nbsp; A single error code from =
the following:<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; ---<br>=0A=
&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; =
REQUIRED.&nbsp; A single ASCII [USASCII] error code from the<br>=0A&gt; &gt=
; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; followin=
g:<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; 1474a1475,1476<br>=0A&=
gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; V=
alues for the "error" parameter MUST NOT include<br>=0A&gt; &gt; &gt;&gt;&g=
t; characters<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; &=
nbsp; &nbsp; &nbsp; outside the set %x20-21 / %x23-5B / %x5D-7E.<br>=0A&gt;=
 &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; 1476c1478<br>=0A&gt; &gt; &gt;&gt;<=
br>=0A&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; OPTIONAL.&n=
bsp; A human-readable UTF-8 encoded text providing<br>=0A&gt; &gt; &gt;&gt;=
<br>=0A&gt; &gt; &gt;&gt; ---<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;=
&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; OPTIONAL.&nbsp; A human-readable ASCII =
[USASCII] text providing<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; =
1478a1481,1482<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; =
&nbsp; &nbsp; &nbsp; Values for the "error_description" parameter MUST NOT<=
br>=0A&gt; &gt; &gt;&gt;&gt; include<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &g=
t; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; characters outside the set %x20-=
21 / %x23-5B / %x5D-7E.<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; 1=
482a1487,1489<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; &=
nbsp; &nbsp; &nbsp; Values for the "error_uri" parameter MUST conform to th=
e<br>=0A&gt; &gt; &gt;&gt;&gt; URI-<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt=
; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; Reference syntax, and thus MUST N=
OT include characters<br>=0A&gt; &gt; &gt;&gt;&gt; outside<br>=0A&gt; &gt; =
&gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; the set %x=
21 / %x23-5B / %x5D-7E.<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; 1=
840c1840,1841<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; &lt;&nbsp; =
&nbsp; &nbsp; &nbsp; &nbsp; REQUIRED.&nbsp; A single error code from the fo=
llowing:<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; ---<br>=0A&gt; &=
gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; REQUIR=
ED.&nbsp; A single ASCII [USASCII] error code from the<br>=0A&gt; &gt; &gt;=
&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; following:<br>=
=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; 1873a1874,1875<br>=0A&gt; &g=
t; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; Values =
for the "error" parameter MUST NOT include<br>=0A&gt; &gt; &gt;&gt;&gt; cha=
racters<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; =
&nbsp; &nbsp; outside the set %x20-21 / %x23-5B / %x5D-7E.<br>=0A&gt; &gt; =
&gt;&gt;<br>=0A&gt; &gt; &gt;&gt; 1875c1877<br>=0A&gt; &gt; &gt;&gt;<br>=0A=
&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; OPTIONAL.&nbsp; A=
 human-readable UTF-8 encoded text providing<br>=0A&gt; &gt; &gt;&gt;<br>=
=0A&gt; &gt; &gt;&gt; ---<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;=
&gt;&nbsp; &nbsp; &nbsp; &nbsp; OPTIONAL.&nbsp; A human-readable ASCII [USA=
SCII] text providing<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; 1877=
a1880,1881<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; &nbs=
p; &nbsp; &nbsp; Values for the "error_description" parameter MUST NOT<br>=
=0A&gt; &gt; &gt;&gt;&gt; include<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; =
&gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; characters outside the set %x20-21 =
/ %x23-5B / %x5D-7E.<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; 1881=
a1886,1888<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; &nbs=
p; &nbsp; &nbsp; Values for the "error_uri" parameter MUST conform to the<b=
r>=0A&gt; &gt; &gt;&gt;&gt; URI-<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &=
gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; Reference syntax, and thus MUST NOT =
include characters<br>=0A&gt; &gt; &gt;&gt;&gt; outside<br>=0A&gt; &gt; &gt=
;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; the set %x21 =
/ %x23-5B / %x5D-7E.<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; &lt;=
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; REQUIRED.&nbsp; A single error code from=
 the following:<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; ---<br>=
=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbs=
p; REQUIRED.&nbsp; A single ASCII [USASCII] error code from the<br>=0A&gt; =
&gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; follo=
wing:<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; 2325a2326,2327<br>=
=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbs=
p; Values for the "error" parameter MUST NOT include<br>=0A&gt; &gt; &gt;&g=
t;&gt; characters<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbs=
p; &nbsp; &nbsp; &nbsp; outside the set %x20-21 / %x23-5B / %x5D-7E.<br>=0A=
&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; 2327c2329<br>=0A&gt; &gt; &gt;&=
gt;<br>=0A&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; OPTIONA=
L.&nbsp; A human-readable UTF-8 encoded text providing<br>=0A&gt; &gt; &gt;=
&gt;<br>=0A&gt; &gt; &gt;&gt; ---<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; =
&gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; OPTIONAL.&nbsp; A human-readable AS=
CII [USASCII] text providing<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&=
gt; 2329a2332,2333<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nb=
sp; &nbsp; &nbsp; &nbsp; Values for the "error_description" parameter MUST =
NOT<br>=0A&gt; &gt; &gt;&gt;&gt; include<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt=
; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; characters outside the set %=
x20-21 / %x23-5B / %x5D-7E.<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&g=
t; 2333a2338,2340<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbs=
p; &nbsp; &nbsp; &nbsp; Values for the "error_uri" parameter MUST conform t=
o the<br>=0A&gt; &gt; &gt;&gt;&gt; URI-<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt;=
 &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; Reference syntax, and thus MU=
ST NOT include characters<br>=0A&gt; &gt; &gt;&gt;&gt; outside<br>=0A&gt; &=
gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; the se=
t %x21 / %x23-5B / %x5D-7E.<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&g=
t; 2450c2460,2468<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; &lt;&nb=
sp; &nbsp; The method in which the client utilized the access token to<br>=
=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; ---<br>=0A&gt; &gt; &gt;&gt;=
<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; The method in which the client utilizes=
 the access token to<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; 2479=
c2489<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &=
nbsp; Authorization: Bearer 7Fjfp0ZBr1KtDRbnfVdmIw<br>=0A&gt; &gt; &gt;&gt;=
<br>=0A&gt; &gt; &gt;&gt; ---<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;=
&gt;&gt;&nbsp; &nbsp; Authorization: Bearer mF_9.B5f-4.1JqM<br>=0A&gt; &gt;=
 &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; 2503a2514,2533<br>=0A&gt; &gt; &gt;&gt;<=
br>=0A&gt; &gt; &gt;&gt;&gt;<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&=
gt;&gt; 7.2.&nbsp; Error Response<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; =
&gt;&gt;&gt;<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; If=
 a resource access request fails, the resource server SHOULD<br>=0A&gt; &gt=
; &gt;&gt;&gt; inform<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;=
&nbsp; the client of the error.&nbsp; While the specific error responses<br=
>=0A&gt; &gt; &gt;&gt;&gt; possible<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt=
; &gt;&gt;&gt;&nbsp; and methods for transmitting those errors when using a=
ny<br>=0A&gt; &gt; &gt;&gt;&gt; particular<br>=0A&gt; &gt; &gt;&gt;<br>=0A&=
gt; &gt; &gt;&gt;&gt;&nbsp; access token type are beyond the scope of this =
specification,<br>=0A&gt; &gt; &gt;&gt;&gt; any<br>=0A&gt; &gt; &gt;&gt;<br=
>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; error codes defined for use with OAuth res=
ource access methods<br>=0A&gt; &gt; &gt;&gt;&gt; MUST<br>=0A&gt; &gt; &gt;=
&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; be registered (following the proced=
ures in Section 11.4).<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt=
;<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;<br>=0A&gt; &gt; &gt=
;&gt;<br>=0A&gt; &gt; &gt;&gt; 2602,2603c2624,2626<br>=0A&gt; &gt; &gt;&gt;=
<br>=0A&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; (Section 4.2.2.1), or the token=
 error response (Section 5.2), such<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt=
; &gt;&gt; &lt;&nbsp; &nbsp; error codes MAY be defined.<br>=0A&gt; &gt; &g=
t;&gt;<br>=0A&gt; &gt; &gt;&gt; ---<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt=
; &gt;&gt;&gt;&nbsp; (Section 4.2.2.1), the token error response (Section 5=
.2), or<br>=0A&gt; &gt; &gt;&gt;&gt; the<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt=
; &gt; &gt;&gt;&gt;&nbsp; resource access error response (Section 7.2), suc=
h error codes<br>=0A&gt; &gt; &gt;&gt;&gt; MAY be<br>=0A&gt; &gt; &gt;&gt;<=
br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; defined.<br>=0A&gt; &gt; &gt;&gt;<br>=0A=
&gt; &gt; &gt;&gt; 3444c3484,3485<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; =
&gt;&gt; &lt;&nbsp; &nbsp; &nbsp; (Section 4.2.2.1), or token error respons=
e (Section 5.2).<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; ---<br>=
=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; (Sec=
tion 4.2.2.1), token error response (Section 5.2), or<br>=0A&gt; &gt; &gt;&=
gt;&gt; resource<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp=
; &nbsp; &nbsp; access error response (Section 7.2).<br>=0A&gt; &gt; &gt;&g=
t;<br>=0A&gt; &gt; &gt;&gt; 3596a3554,3557<br>=0A&gt; &gt; &gt;&gt;<br>=0A&=
gt; &gt; &gt;&gt;&gt;&nbsp; [USASCII]&nbsp; American National Standards Ins=
titute, "Coded<br>=0A&gt; &gt; &gt;&gt;&gt; Character<br>=0A&gt; &gt; &gt;&=
gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &=
nbsp; Set -- 7-bit American Standard Code for Information<br>=0A&gt; &gt; &=
gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbs=
p; &nbsp; Interchange", ANSI X3.4, 1986.<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt=
; &gt; &gt;&gt;&gt;<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; 3611,=
3612c3572,3573<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; &lt;&nbsp;=
 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; OAuth 2.0", draft-ietf-oauth-sam=
l2-bearer-08 (work in<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; &lt=
;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; progress), August 2011.<b=
r>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; ---<br>=0A&gt; &gt; &gt;&g=
t;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &n=
bsp; OAuth 2.0", draft-ietf-oauth-saml2-bearer-12 (work in<br>=0A&gt; &gt; =
&gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nb=
sp; &nbsp; progress), May 2012.<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &g=
t;&gt; 3616,3617c3577,3579<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt=
; &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Protocol: Bearer Tok=
ens", draft-ietf-oauth-v2-bearer-08<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt=
; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; (work in pr=
ogress), July 2011.<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; ---<b=
r>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &n=
bsp; &nbsp; &nbsp; &nbsp; Authorization Protocol: Bearer Tokens",<br>=0A&gt=
; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nb=
sp; &nbsp; &nbsp; draft-ietf-oauth-v2-bearer-19 (work in progress),<br>=0A&=
gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &=
nbsp; &nbsp; &nbsp; April 2012.<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &g=
t;&gt; 3620,3623c3589,3591<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt=
; &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Hammer-Lahav, E., Ba=
rth, A., and B. Adida, "HTTP<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&=
gt; &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Authentication: MA=
C Access Authentication",<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;=
 &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; draft-ietf-oauth-v2-h=
ttp-mac-00 (work in progress),<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt=
;&gt; &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; May 2011.<br>=0A=
&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; ---<br>=0A&gt; &gt; &gt;&gt;<br=
>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; =
Hammer-Lahav, E., "HTTP Authentication: MAC Access<br>=0A&gt; &gt; &gt;&gt;=
<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbs=
p; Authentication", draft-ietf-oauth-v2-http-mac-01<br>=0A&gt; &gt; &gt;&gt=
;&gt; (work in<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; =
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; progress), February 2012.<br>=0A&=
gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; 3626c3594<br>=0A&gt; &gt; &gt;&g=
t;<br>=0A&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &=
nbsp; Lodderstedt, T., McGloin, M., and P. Hunt, "OAuth 2.0<br>=0A&gt; &gt;=
 &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; ---<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; =
&gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; McGloin, =
M., Hunt, P., and T. Lodderstedt, "OAuth 2.0<br>=0A&gt; &gt; &gt;&gt;<br>=
=0A&gt; &gt; &gt;&gt; 3628,3629c3596,3597<br>=0A&gt; &gt; &gt;&gt;<br>=0A&g=
t; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; draft=
-ietf-oauth-v2-threatmodel-00 (work in progress),<br>=0A&gt; &gt; &gt;&gt;<=
br>=0A&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbs=
p; July 2011.<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; ---<br>=0A&=
gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &=
nbsp; &nbsp; &nbsp; draft-ietf-oauth-v2-threatmodel-02 (work in<br>=0A&gt; =
&gt; &gt;&gt;&gt; progress),<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&=
gt;&gt;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; February 2012.<br>=
=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; 3468,3546d3503<br>=0A&gt; &g=
t; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; Brian Eaton, Yaron G=
oland, Dick Hardt, and Allen Tom.<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; =
&gt;&gt; 3639c3609,3639<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&g=
t;&nbsp; Brian Eaton, Yaron Y. Goland, Dick Hardt, and Allen Tom.<br>=0A&gt=
; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; 3468,3546d3503<br>=0A&gt; &gt; &gt=
;&gt;<br>=0A&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; Yaron Goland, Brent Goldma=
n, Kristoffer Gronowski, Justin Hart,<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &=
gt; &gt;&gt; 3644,3645c3644,3656<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &=
gt;&gt;&gt;&nbsp; Yaron Y. Goland, Brent Goldman, Kristoffer Gronowski, Jus=
tin<br>=0A&gt; &gt; &gt;&gt;&gt; Hart,<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; =
&gt; &gt;&gt; 3468,3546d3503<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&=
gt; &lt;&nbsp; &nbsp; This document was produced under the chairmanship of =
Blaine<br>=0A&gt; Cook,<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; &=
lt;&nbsp; &nbsp; Peter Saint-Andre, Hannes Tschofenig, and Barry Leiba.&nbs=
p; The area<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; &lt;&nbsp; &n=
bsp; directors included Lisa Dusseault, Peter Saint-Andre, and Stephen<br>=
=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; &lt;&nbsp; &nbsp; Farrell.<b=
r>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; 3646a3658,3661<br>=0A&gt; =
&gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; This document was produced=
 under the chairmanship of Blaine<br>=0A&gt; &gt; &gt;&gt;&gt; Cook,<br>=0A=
&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; Peter Saint-Andre, Ha=
nnes Tschofenig, Barry Leiba, and Derek Atkins.<br>=0A&gt; &gt; &gt;&gt;<br=
>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; The area directors included Lisa Dusseault=
, Peter Saint-Andre,<br>=0A&gt; &gt; &gt;&gt;&gt; and<br>=0A&gt; &gt; &gt;&=
gt;<br>=0A&gt; &gt; &gt;&gt;&gt;&nbsp; Stephen Farrell.<br>=0A&gt; &gt; &gt=
;&gt;<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt=
;&gt; -----Original Message-----<br>=0A&gt; &gt; &gt;&gt; From: <a rel=3D"n=
ofollow" ymailto=3D"mailto:oauth-bounces@ietf.org" target=3D"_blank" href=
=3D"mailto:oauth-bounces@ietf.org">oauth-bounces@ietf.org</a> [mailto:<a re=
l=3D"nofollow" ymailto=3D"mailto:oauth-bounces@ietf.org" target=3D"_blank" =
href=3D"mailto:oauth-bounces@ietf.org">oauth-bounces@ietf.org</a>] On<br>=
=0A&gt; &gt; Behalf Of Hannes Tschofenig<br>=0A&gt; &gt; &gt;&gt; Sent: Wed=
nesday, May 23, 2012 11:27 AM<br>=0A&gt; &gt; &gt;&gt; To: <a rel=3D"nofoll=
ow" ymailto=3D"mailto:oauth@ietf.org" target=3D"_blank" href=3D"mailto:oaut=
h@ietf.org">oauth@ietf.org</a> WG<br>=0A&gt; &gt; &gt;&gt; Subject: [OAUTH-=
WG] Error Encoding: Conclusion<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt=
;&gt;<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; Hi all,<br>=0A&gt; =
&gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; =
&gt; &gt;&gt; on May 10th we called for consensus on an open issue regardin=
g the<br>=0A&gt; &gt; &gt;&gt; error<br>=0A&gt; &gt; encoding. Here is the =
link to the call:<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; <a rel=
=3D"nofollow" target=3D"_blank" href=3D"http://www.ietf.org/mail-archive/we=
b/oauth/current/msg08994.html">=0Ahttp://www.ietf.org/mail-archive/web/oaut=
h/current/msg08994.html</a><br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&g=
t;<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; Thank you all for the =
feedback. The conclusion of the consensus<br>=0A&gt; &gt; &gt;&gt; call was=
<br>=0A&gt; &gt; to harmonize the encoding between the two specifications b=
y<br>=0A&gt; &gt; incorporating the restrictions from the bearer specificat=
ion into the<br>=0A&gt; &gt; base specification. The error encoding will go=
 into the core<br>=0A&gt; &gt; specification and the bearer specification w=
ill reference it.<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;<br>=0A&=
gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; Ciao<br>=0A&gt; &gt; &gt;&gt;<br=
>=0A&gt; &gt; &gt;&gt; Hannes &amp; Derek<br>=0A&gt; &gt; &gt;&gt;<br>=0A&g=
t; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; ________=
_______________________________________<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt;=
 &gt; &gt;&gt; OAuth mailing list<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; =
&gt;&gt; <a rel=3D"nofollow" ymailto=3D"mailto:OAuth@ietf.org" target=3D"_b=
lank" href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>=0A&gt; &gt; &gt=
;&gt;<br>=0A&gt; &gt; &gt;&gt; <a rel=3D"nofollow" target=3D"_blank" href=
=3D"https://www.ietf.org/mailman/listinfo/oauth">https://www.ietf.org/mailm=
an/listinfo/oauth</a><br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;<br>=
=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt; ___=
____________________________________________<br>=0A&gt; &gt; &gt;&gt; OAuth=
 mailing list<br>=0A&gt; &gt; &gt;&gt; <a rel=3D"nofollow" ymailto=3D"mailt=
o:OAuth@ietf.org" target=3D"_blank" href=3D"mailto:OAuth@ietf.org">OAuth@ie=
tf.org</a><br>=0A&gt; &gt; &gt;&gt; <a rel=3D"nofollow" target=3D"_blank" h=
ref=3D"https://www.ietf.org/mailman/listinfo/oauth">https://www.ietf.org/ma=
ilman/listinfo/oauth</a><br>=0A&gt; &gt; &gt;&gt;<br>=0A&gt; &gt; &gt;&gt;<=
br>=0A&gt; &gt; &gt;&gt; &lt;draft-ietf-oauth-v2-26+mbj-2.xml&gt;&lt;draft-=
ietf-oauth-v2-26+mbj-<br>=0A&gt; &gt; 2.txt&gt;&lt;draft-ietf-oauth-v2-26+m=
bj-2.html&gt;<br>=0A&gt; &gt; &gt;<br>=0A&gt; <br>=0A&gt; <br>=0A<br>=0A___=
____________________________________________<br>=0AOAuth mailing list<br>=
=0A<a rel=3D"nofollow" ymailto=3D"mailto:OAuth@ietf.org" target=3D"_blank" =
href=3D"mailto:OAuth@ietf.org">OAuth@ietf.org</a><br>=0A<a rel=3D"nofollow"=
 target=3D"_blank" href=3D"https://www.ietf.org/mailman/listinfo/oauth">htt=
ps://www.ietf.org/mailman/listinfo/oauth</a><br>=0A<br>=0A</span></div> =0A=
</div>=0A</div>=0A</blockquote>=0A</div>=0A</div>=0A</div>=0A</div>=0A=0A</=
div><br><br> </div> </div> </blockquote></div>   </div></body></html>
--1458549034-280224819-1338526552=:51981--

From Michael.Jones@microsoft.com  Thu May 31 22:41:47 2012
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 663E621F85D4 for <oauth@ietfa.amsl.com>; Thu, 31 May 2012 22:41:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.673
X-Spam-Level: 
X-Spam-Status: No, score=-3.673 tagged_above=-999 required=5 tests=[AWL=-0.075, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bc+ird5j3G8B for <oauth@ietfa.amsl.com>; Thu, 31 May 2012 22:41:44 -0700 (PDT)
Received: from ch1outboundpool.messaging.microsoft.com (ch1ehsobe002.messaging.microsoft.com [216.32.181.182]) by ietfa.amsl.com (Postfix) with ESMTP id BCE8221F85D5 for <oauth@ietf.org>; Thu, 31 May 2012 22:41:43 -0700 (PDT)
Received: from mail134-ch1-R.bigfish.com (10.43.68.249) by CH1EHSOBE006.bigfish.com (10.43.70.56) with Microsoft SMTP Server id 14.1.225.23; Fri, 1 Jun 2012 05:41:13 +0000
Received: from mail134-ch1 (localhost [127.0.0.1])	by mail134-ch1-R.bigfish.com (Postfix) with ESMTP id 165E4E00CB; Fri,  1 Jun 2012 05:41:13 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC103.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -43
X-BigFish: VS-43(zz9371Ic89bh179cM14ffI542M1432N1418Ic857h98dK4015Izz1202hzz8275ch1033IL8275bh8275dhz2fh2a8h668h839hd25hf0ah)
Received-SPF: pass (mail134-ch1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14MLTC103.redmond.corp.microsoft.com ; icrosoft.com ; 
Received: from mail134-ch1 (localhost.localdomain [127.0.0.1]) by mail134-ch1 (MessageSwitch) id 1338529269801263_19345; Fri,  1 Jun 2012 05:41:09 +0000 (UTC)
Received: from CH1EHSMHS025.bigfish.com (snatpool1.int.messaging.microsoft.com [10.43.68.251])	by mail134-ch1.bigfish.com (Postfix) with ESMTP id C09223C0046;	Fri,  1 Jun 2012 05:41:09 +0000 (UTC)
Received: from TK5EX14MLTC103.redmond.corp.microsoft.com (131.107.125.8) by CH1EHSMHS025.bigfish.com (10.43.70.25) with Microsoft SMTP Server (TLS) id 14.1.225.23; Fri, 1 Jun 2012 05:41:08 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.189]) by TK5EX14MLTC103.redmond.corp.microsoft.com ([157.54.79.174]) with mapi id 14.02.0298.005; Fri, 1 Jun 2012 05:41:36 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: William Mills <wmills@yahoo-inc.com>, Eran Hammer <eran@hueniverse.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>
Thread-Topic: ABNF Re: [OAUTH-WG] Error Encoding: Conclusion
Thread-Index: AQHNORGtuzciwTXPbU2x0B3Abs7zkpbYRq5QgAA2y4CAAAHMgIAI6/dggALF+ICAAAlrAIAAHEsAgAAVMWCAAGOOAIAAHQSAgAACYYCAAARyAIAACjwQ
Date: Fri, 1 Jun 2012 05:41:35 +0000
Message-ID: <4E1F6AAD24975D4BA5B168042967394366523066@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <FADC0EB3-75F7-45E8-93B8-A9C3A07E2E88@gmx.net> <4E1F6AAD24975D4BA5B168042967394366516960@TK5EX14MBXC284.redmond.corp.microsoft.com> <CAB_mRgMumU5qzEJF0KCWNCx+R4MAzVawiJGKj2YBpJFzrxkomQ@mail.gmail.com> <0CBAEB56DDB3A140BA8E8C124C04ECA20104B3A1@P3PWEX2MB008.ex2.secureserver.net> <4E1F6AAD24975D4BA5B16804296739436651E440@TK5EX14MBXC284.redmond.corp.microsoft.com> <C306A031-C2F0-4912-8341-312DFF4973BD@gmx.net> <869336FE-0265-4982-B9DE-E2FAE06CD545@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA20105888A@P3PWEX2MB008.ex2.secureserver.net> <4E1F6AAD24975D4BA5B16804296739436652221D@TK5EX14MBXC284.redmond.corp.microsoft.com> <0CBAEB56DDB3A140BA8E8C124C04ECA2010597A3@P3PWEX2MB008.ex2.secureserver.net> <1338525087.63468.YahooMailNeo@web31813.mail.mud.yahoo.com> <4E1F6AAD24975D4BA5B168042967394366522F1B@TK5EX14MBXC284.redmond.corp.microsoft.com> <1338526552.51981.YahooMailNeo@web31812.mail.mud.yahoo.com>
In-Reply-To: <1338526552.51981.YahooMailNeo@web31812.mail.mud.yahoo.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.37]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B168042967394366523066TK5EX14MBXC284r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] ABNF Re:  Error Encoding: Conclusion
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Jun 2012 05:41:47 -0000

--_000_4E1F6AAD24975D4BA5B168042967394366523066TK5EX14MBXC284r_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

WWVzLCAoMSkgeW91IGdvdCB0aGUgQmVhcmVyIHN5bnRheCByaWdodCBpbiB0aGUgc2Vjb25kIG9u
ZSAoYWx0aG91Z2ggSSB3b3VsZCBzYXkgdGhhdCBpdOKAmXMgdGhlIHdvcmtpbmcgZ3JvdXDigJlz
IGNvbnNlbnN1cyBzeW50YXgsIHJhdGhlciB0aGFuIHRha2luZyBwZXJzb25hbCBjcmVkaXQgZm9y
IGl0LCBzbyBJIGRpZmZlciBmcm9tIHVzZSBvZiDigJx5b3Vy4oCdKSBhbmQgKDIpIHllcywgdGhl
IHdvcmtpbmcgZ3JvdXAgZGlkbuKAmXQgc2VlIGEgcmVhc29uIHRvIGxpbWl0IHRoZSBzeW50YXgg
dG8gcmVxdWlyaW5nIGEgbGVhZGluZyBhbHBoYSBjaGFyYWN0ZXIuDQoNCkluZGVlZCwgYXMgYW4g
aW5kaXZpZHVhbCwgSSBjYW4gZWFzaWx5IGVudmlzaW9uIG1lYW5pbmdmdWwgZXJyb3IgY29kZXMg
dGhhdCBkb27igJl0IHN0YXJ0IHdpdGggYW4gYWxwaGEgY2hhcmFjdGVyLCBzdWNoIGFzIOKAnDQw
M+KAnSwg4oCcNDAxKGspX25vdF9hdmFpbGFibGXigJ0sIOKAnC0x4oCdLCBvciDigJxfY2xhaW1f
c291cmNlcy1pbnZhbGlk4oCdLiAgSSBkb27igJl0IHNlZSBhbnkgcmVhc29uIHRvIHByb2hpYml0
IHRoZW0sIG5vciBkbyBJIHRoaW5rIGl04oCZcyBwcm9kdWN0aXZlIHRvIGhhdmUgYSBkaXNjdXNz
aW9uIG9uIGNoYW5naW5nIHRoZSBzeW50YXggYXQgdGhpcyBzdGFnZSBpbiB0aGUgc3BlYyBkZXZl
bG9wbWVudCwgd2hlcmUgd2XigJlyZSBjbG9zZSB0byBjbG9zaW5nIGFsbCB0aGUgRElTQ1VTUyBp
c3N1ZXMgYW5kIHNlbmRpbmcgdGhlIHNwZWNzIHRvIHRoZSBSRkMgZWRpdG9yLg0KDQogICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBCZXN0
IHdpc2hlcywNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgIC0tIE1pa2UNCg0KRnJvbTogV2lsbGlhbSBNaWxscyBbbWFpbHRvOndtaWxs
c0B5YWhvby1pbmMuY29tXQ0KU2VudDogVGh1cnNkYXksIE1heSAzMSwgMjAxMiA5OjU2IFBNDQpU
bzogTWlrZSBKb25lczsgRXJhbiBIYW1tZXI7IEhhbm5lcyBUc2Nob2ZlbmlnDQpDYzogb2F1dGhA
aWV0Zi5vcmcgV0cNClN1YmplY3Q6IFJlOiBBQk5GIFJlOiBbT0FVVEgtV0ddIEVycm9yIEVuY29k
aW5nOiBDb25jbHVzaW9uDQoNClNvIGFyZSB5b3Ugc2F5aW5nIHRoYXQNCg0KMSkgSSBnb3QgeW91
ciBzeW50YXggcmlnaHQgaW4gdGhlIHNlY29uZCBvbmU/DQoyKSBZb3UgbGlrZSB5b3VyIHN5bnRh
eCBhbmQgZG9uJ3Qgd2FudCB0byBsaW1pdCBpdCB0byBhIGxlYWRpbmcgQUxQSEE/DQoNCi1iaWxs
DQoNCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQpGcm9tOiBNaWtlIEpvbmVzIDxN
aWNoYWVsLkpvbmVzQG1pY3Jvc29mdC5jb208bWFpbHRvOk1pY2hhZWwuSm9uZXNAbWljcm9zb2Z0
LmNvbT4+DQpUbzogV2lsbGlhbSBNaWxscyA8d21pbGxzQHlhaG9vLWluYy5jb208bWFpbHRvOndt
aWxsc0B5YWhvby1pbmMuY29tPj47IEVyYW4gSGFtbWVyIDxlcmFuQGh1ZW5pdmVyc2UuY29tPG1h
aWx0bzplcmFuQGh1ZW5pdmVyc2UuY29tPj47IEhhbm5lcyBUc2Nob2ZlbmlnIDxoYW5uZXMudHNj
aG9mZW5pZ0BnbXgubmV0PG1haWx0bzpoYW5uZXMudHNjaG9mZW5pZ0BnbXgubmV0Pj4NCkNjOiAi
b2F1dGhAaWV0Zi5vcmcgV0c8bWFpbHRvOm9hdXRoQGlldGYub3JnJTIwV0c+IiA8b2F1dGhAaWV0
Zi5vcmc8bWFpbHRvOm9hdXRoQGlldGYub3JnPj4NClNlbnQ6IFRodXJzZGF5LCBNYXkgMzEsIDIw
MTIgOTo0NSBQTQ0KU3ViamVjdDogUkU6IEFCTkYgUmU6IFtPQVVUSC1XR10gRXJyb3IgRW5jb2Rp
bmc6IENvbmNsdXNpb24NCg0KWW91ciBwcm9wb3NhbCBkaWZmZXJzIGJvdGggZnJvbSB3aGF04oCZ
cyBpbiBCZWFyZXIgYW5kIHdoYXTigJlzIGluIENvcmUgYXQgcHJlc2VudC4gIEJ5IHVzaW5nIHRo
ZSBzeW50YXggcmVzdHJpY3Rpb25zIGZyb20gQmVhcmVyICh3aGljaCB3ZXJlIGFscmVhZHkgc2ln
bmlmaWNhbnRseSBkaXNjdXNzZWQgYnkgdGhlIFdHKSBpbiBDb3JlLCBkZXZlbG9wZXJzIGhhdmUg
Y29uc2lzdGVudCBydWxlcywgd2hpY2ggd2FzIHRoZSBwb2ludCBvZiB0aGUgRElTQ1VTUy4NCg0K
SSBkb27igJl0IGJlbGlldmUgdGhhdCBjaGFuZ2luZyBib3RoIHNldHMgb2Ygc3ludGF4IHJlc3Ry
aWN0aW9ucyB3YXMgb24gdGhlIHRhYmxlIGF0IHRoaXMgcG9pbnQgYmFzZWQgdXBvbiB0aGUgRElT
Q1VTUyAoYnV0IG9mIGNvdXJzZSwgdGhlIHdvcmtpbmcgZ3JvdXAgY2FuIHN0aWxsIG9idmlvdXNs
eSBkbyBhbnl0aGluZyB0aGF0IHRoZXJl4oCZcyBjbGVhciBjb25zZW5zdXMgdG8gZG8pLg0KDQog
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICBNeSB0d28gY2VudHMgd29ydGjigKYNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgIC0tIE1pa2UNCg0KRnJvbTogV2lsbGlhbSBNaWxs
cyBbbWFpbHRvOndtaWxsc0B5YWhvby1pbmMuY29tXTxtYWlsdG86W21haWx0bzp3bWlsbHNAeWFo
b28taW5jLmNvbV0+DQpTZW50OiBUaHVyc2RheSwgTWF5IDMxLCAyMDEyIDk6MzEgUE0NClRvOiBF
cmFuIEhhbW1lcjsgTWlrZSBKb25lczsgSGFubmVzIFRzY2hvZmVuaWcNCkNjOiBvYXV0aEBpZXRm
Lm9yZzxtYWlsdG86b2F1dGhAaWV0Zi5vcmc+IFdHDQpTdWJqZWN0OiBBQk5GIFJlOiBbT0FVVEgt
V0ddIEVycm9yIEVuY29kaW5nOiBDb25jbHVzaW9uDQoNClRoZSBjdXJyZW50IE9BdXRoIGNvcmUg
c3BlYyBzZWN0aW9uIDguNSBoYXM6DQoNCiAgICAgZXJyb3ItY29kZSAgID0gQUxQSEEgKmVycm9y
LWNoYXINCg0KICAgICBlcnJvci1jaGFyICAgPSAiLSIgLyAiLiIgLyAiXyIgLyBESUdJVCAvIEFM
UEhBDQoNCk1pa2UncyBwcm9wb3NhbCB3b3VsZCBub21pbmFsbHkgYmU6DQoNCiAgICAgZXJyb3It
Y29kZSAgID0gKmVycm9yLWNoYXINCg0KICAgICBlcnJvci1jaGFyICAgPSAleDIwLTIxIC8gJXgy
My01QiAvICV4NUQtN0UNCg0KVGhpcyBpcyB0aGUgc2V0IG9mIEFTQ0lJIGNoYXJhY3RlcnMgZnJv
bSBTUEFDRSB0byAnficgZXhjbHVkaW5nICdcJyBhbmQgJyInLiAgSSdtIG5vdA0KaW4gbG92ZSB3
aXRoIHRoYXQsIGJ1dCBpdCdzIGNsZWFyLiAgSSdkIHByZWZlcjoNCg0KICAgICBlcnJvci1jb2Rl
ICAgPSBBTFBIQSAqZXJyb3ItY2hhcg0KDQogICAgIGVycm9yLWNoYXIgICA9ICV4MjAtMjEgLyAl
eDIzLTVCIC8gJXg1RC03RQ0KDQotYmlsbA0KDQoNCg0KX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX18NCkZyb206IEVyYW4gSGFtbWVyIDxlcmFuQGh1ZW5pdmVyc2UuY29tPG1haWx0bzpl
cmFuQGh1ZW5pdmVyc2UuY29tPj4NClRvOiBNaWtlIEpvbmVzIDxNaWNoYWVsLkpvbmVzQG1pY3Jv
c29mdC5jb208bWFpbHRvOk1pY2hhZWwuSm9uZXNAbWljcm9zb2Z0LmNvbT4+OyBIYW5uZXMgVHNj
aG9mZW5pZyA8aGFubmVzLnRzY2hvZmVuaWdAZ214Lm5ldDxtYWlsdG86aGFubmVzLnRzY2hvZmVu
aWdAZ214Lm5ldD4+DQpDYzogIm9hdXRoQGlldGYub3JnIFdHPG1haWx0bzpvYXV0aEBpZXRmLm9y
ZyUyMFdHPiIgPG9hdXRoQGlldGYub3JnPG1haWx0bzpvYXV0aEBpZXRmLm9yZz4+DQpTZW50OiBU
aHVyc2RheSwgTWF5IDMxLCAyMDEyIDc6NDcgUE0NClN1YmplY3Q6IFJlOiBbT0FVVEgtV0ddIEVy
cm9yIEVuY29kaW5nOiBDb25jbHVzaW9uDQoNCg0KDQo+IC0tLS0tT3JpZ2luYWwgTWVzc2FnZS0t
LS0tDQo+IEZyb206IE1pa2UgSm9uZXMgW21haWx0bzpNaWNoYWVsLkpvbmVzQG1pY3Jvc29mdC5j
b208bWFpbHRvOk1pY2hhZWwuSm9uZXNAbWljcm9zb2Z0LmNvbT5dDQo+IFNlbnQ6IFRodXJzZGF5
LCBNYXkgMzEsIDIwMTIgMTo1MyBQTQ0KPiBUbzogRXJhbiBIYW1tZXI7IEhhbm5lcyBUc2Nob2Zl
bmlnDQo+IENjOiBvYXV0aEBpZXRmLm9yZzxtYWlsdG86b2F1dGhAaWV0Zi5vcmc+IFdHDQo+IFN1
YmplY3Q6IFJFOiBbT0FVVEgtV0ddIEVycm9yIEVuY29kaW5nOiBDb25jbHVzaW9uDQo+DQo+IEFj
dHVhbGx5LCBjb3VsZCB5b3UgcGxlYXNlIHB1Ymxpc2ggYmVmb3JlIHRoZSBBQk5GIGlzIGRvbmUg
c28gdGhhdCBJIGNhbg0KPiBwdWJsaXNoIGEgdmVyc2lvbiBvZiBCZWFyZXIgcmVmZXJlbmNpbmcg
dGhlIG5ldyB0ZXh0IGluIENvcmUsIHNvIGl0IGNhbiBiZQ0KPiByZXZpZXdlZCBieSB0aGUgV0cg
aW4gcGFyYWxsZWwgd2l0aCB0aGUgQUJORiB3b3JrIGhhcHBlbmluZz8gIEkgdGhpbmsgdGhhdA0K
PiB3YXMgSGFubmVzJyBpbnRlbnQgaW4gYXNraW5nIHlvdSB0byBwdWJsaXNoIHNvb24uDQoNCkkn
bGwgcmV2aWV3IHRoZSB0ZXh0IGFuZCB3aWxsIHJlcGx5IGJhY2sgYXMgdG8gcHVibGlzaGluZyBz
Y2hlZHVsZS4NCg0KPiBWZXJzaW9uIG51bWJlcnMgYXJlDQo+IGNoZWFwLi4uDQoNCk15IHRpbWUg
aXNuJ3QuDQoNCkVIDQoNCj4gICAgICAgICAgICAgICAgIFRoYW5rcywNCj4gICAgICAgICAgICAg
ICAgIC0tIE1pa2UNCj4NCj4gLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCj4gRnJvbTogRXJh
biBIYW1tZXIgW21haWx0bzplcmFuQGh1ZW5pdmVyc2UuY29tPG1haWx0bzplcmFuQGh1ZW5pdmVy
c2UuY29tPl0NCj4gU2VudDogVGh1cnNkYXksIE1heSAzMSwgMjAxMiAxMjozNSBQTQ0KPiBUbzog
SGFubmVzIFRzY2hvZmVuaWcNCj4gQ2M6IE1pa2UgSm9uZXM7IG9hdXRoQGlldGYub3JnPG1haWx0
bzpvYXV0aEBpZXRmLm9yZz4gV0cNCj4gU3ViamVjdDogUkU6IFtPQVVUSC1XR10gRXJyb3IgRW5j
b2Rpbmc6IENvbmNsdXNpb24NCj4NCj4gSSdsbCBmaXJzdCByZXZpZXcgdGhlIHByb3Bvc2VkIHRl
eHQgKGFzIGEgV0cgbWVtYmVyKSBhbmQgcmFpc2UgYW55IGlzc3Vlcw0KPiByZW1haW5pbmcgKGlm
IGFueSkuDQo+DQo+IEkgd2lsbCB3YWl0IHVudGlsIHRoZSBBQk5GIHRleHQgaXMgcHJvdmlkZWQg
YmVmb3JlIHB1Ymxpc2hpbmcgYW5vdGhlciB2ZXJzaW9uLg0KPg0KPiBFSA0KPg0KPiA+IC0tLS0t
T3JpZ2luYWwgTWVzc2FnZS0tLS0tDQo+ID4gRnJvbTogSGFubmVzIFRzY2hvZmVuaWcgW21haWx0
bzpoYW5uZXMudHNjaG9mZW5pZ0BnbXgubmV0PG1haWx0bzpoYW5uZXMudHNjaG9mZW5pZ0BnbXgu
bmV0Pl0NCj4gPiBTZW50OiBUaHVyc2RheSwgTWF5IDMxLCAyMDEyIDEwOjU0IEFNDQo+ID4gVG86
IEVyYW4gSGFtbWVyDQo+ID4gQ2M6IE1pa2UgSm9uZXM7IG9hdXRoQGlldGYub3JnPG1haWx0bzpv
YXV0aEBpZXRmLm9yZz4gV0c7IEhhbm5lcyBUc2Nob2ZlbmlnDQo+ID4gU3ViamVjdDogUmU6IFtP
QVVUSC1XR10gRXJyb3IgRW5jb2Rpbmc6IENvbmNsdXNpb24NCj4gPg0KPiA+IEVyYW4sIGNvdWxk
IHlvdSBwdWJsaXNoIGEgbmV3IGRyYWZ0IHZlcnNpb24gYnkgU3VuZGF5IHdpdGggdGhlc2UNCj4g
PiBjaGFuZ2VzIGluY29ycG9yYXRlZD8gVGhhdCBzaG91bGQgZ2l2ZSB0aGUgd29ya2luZyBncm91
cCBlbm91Z2ggdGltZQ0KPiA+IHRvIGxvb2sgYXQgdGhlc2UgZmV3IHBhcmFncmFwaHMuDQo+ID4N
Cj4gPiBJbiB0aGUgbWVhbndoaWxlIHdlIGFyZSB3b3JraW5nIG9uIGFkZHJlc3NpbmcgdGhlIEFC
TkYgaXNzdWUgU2Vhbg0KPiA+IHJhaXNlZCBhbmQgd2Ugd2lsbCB0aGVuIGdvIGZvciBhbm90aGVy
IHVwZGF0ZS4NCj4gPg0KPiA+IENpYW8NCj4gPiBIYW5uZXMNCj4gPg0KPiA+IE9uIE1heSAzMSwg
MjAxMiwgYXQgODoyMCBQTSwgSGFubmVzIFRzY2hvZmVuaWcgd3JvdGU6DQo+ID4NCj4gPiA+IEhp
IE1pa2UsDQo+ID4gPg0KPiA+ID4gdGhhbmsgeW91IGZvciBjb21waWxpbmcgdGhlIHRleHQuIEl0
IGxvb2tzIGdvb2QgdG8gbWUuIEkgaGF2ZSBub3QNCj4gPiA+IHNlZW4NCj4gPiBhbnlvbmUgZnJv
bSB0aGUgd29ya2luZyBncm91cCBzY3JlYW1pbmcgZWl0aGVyLg0KPiA+ID4NCj4gPiA+IEVyYW4s
IGNhbiB5b3UgaW5jb3Jwb3JhdGUgdGhlc2UgY2hhbmdlcyBpbnRvIHRoZSBuZXh0IGRyYWZ0IHZl
cnNpb24/DQo+ID4gPg0KPiA+ID4gQ2lhbw0KPiA+ID4gSGFubmVzDQo+ID4gPg0KPiA+ID4gT24g
TWF5IDMwLCAyMDEyLCBhdCAyOjEwIEFNLCBNaWtlIEpvbmVzIHdyb3RlOg0KPiA+ID4NCj4gPiA+
PiBJJ3ZlIG1hZGUgYW5vdGhlciBzZXQgb2YgdXBkYXRlcyB0byBhIGNvcHkgb2YgQ29yZSAtMjYg
dG8gYWRkcmVzcw0KPiA+ID4+IHRoZQ0KPiA+IHF1ZXN0aW9ucyByYWlzZWQgYnkgRXJhbiBhbmQg
RGF2aWQgYmVsb3cgKGF0dGFjaGVkKS4NCj4gPiA+Pg0KPiA+ID4+IEFuIHVucmVsYXRlZCBjaGFu
Z2UgdGhhdCB5b3Ugc2hvdWxkIHByb2JhYmx5IHBpY2sgdXAsIEVyYW4gaXMNCj4gPiA+PiBhZGRp
bmcgdGhpcw0KPiA+IHRvIHRoZSA8ZnJvbnQ+IHNlY3Rpb24sIHNvIHRoYXQgdGhlIGhlYWRpbmcg
c2hvd3MgdGhhdCB0aGUgZHJhZnQgaXMgYQ0KPiA+IHByb2R1Y3Qgb2YgdGhlICJPQXV0aCBXb3Jr
aW5nIEdyb3VwIiByYXRoZXIgdGhhbiB0aGUgIk5ldHdvcmsgV29ya2luZw0KPiBHcm91cCI6DQo+
ID4gPj4gICAgPGFyZWE+U2VjdXJpdHk8L2FyZWE+DQo+ID4gPj4gICAgPHdvcmtncm91cD5PQXV0
aCBXb3JraW5nIEdyb3VwPC93b3JrZ3JvdXA+DQo+ID4gPj4NCj4gPiA+PiBPbmUgY2hhbmdlIEkg
ZGlkbid0IG1ha2UsIGJ1dCB0aGF0IHNob3VsZCBiZSBjb25zaWRlcmVkLCBpcyB0bw0KPiA+ID4+
IGRlbGV0ZSB0aGUNCj4gPiByZWZlcmVuY2UgdG8gT0FTSVMuc2FtbC1jb3JlLTIuMC1vcywgc2lu
Y2UgaXQgaXMgdXNlZCBieSBubyA8eHJlZj4gaW4NCj4gPiB0aGUgZG9jdW1lbnQuDQo+ID4gPj4N
Cj4gPiA+PiBUaGUgbmV3IHByb3Bvc2VkIHRleHQgZm9yIFNlY3Rpb24gNy4yIGZvbGxvd3M6DQo+
ID4gPj4NCj4gPiA+PiA3LjIuICBFcnJvciBSZXNwb25zZQ0KPiA+ID4+DQo+ID4gPj4gIElmIGEg
cmVzb3VyY2UgYWNjZXNzIHJlcXVlc3QgZmFpbHMsIHRoZSByZXNvdXJjZSBzZXJ2ZXIgU0hPVUxE
IGluZm9ybQ0KPiA+ID4+ICB0aGUgY2xpZW50IG9mIHRoZSBlcnJvci4gIFdoaWxlIHRoZSBzcGVj
aWZpYyBlcnJvciByZXNwb25zZXMgcG9zc2libGUNCj4gPiA+PiAgYW5kIG1ldGhvZHMgZm9yIHRy
YW5zbWl0dGluZyB0aG9zZSBlcnJvcnMgd2hlbiB1c2luZyBhbnkgcGFydGljdWxhcg0KPiA+ID4+
ICBhY2Nlc3MgdG9rZW4gdHlwZSBhcmUgYmV5b25kIHRoZSBzY29wZSBvZiB0aGlzIHNwZWNpZmlj
YXRpb24sIGFueQ0KPiA+ID4+ICAiZXJyb3IiIGNvZGUgdmFsdWVzIGRlZmluZWQgZm9yIHVzZSB3
aXRoIE9BdXRoIHJlc291cmNlIGFjY2Vzcw0KPiA+ID4+ICBtZXRob2RzIE1VU1QgYmUgcmVnaXN0
ZXJlZCAoZm9sbG93aW5nIHRoZSBwcm9jZWR1cmVzIGluDQo+ID4gPj4gIFNlY3Rpb24gMTEuNCku
DQo+ID4gPj4NCj4gPiA+PiAgU3BlY2lmaWNhbGx5LCB3aGVuIHRoZSBPQXV0aCByZXNvdXJjZSBh
Y2Nlc3MgbWV0aG9kIHVzZXMgYW4gImVycm9yIg0KPiA+ID4+ICByZXN1bHQgcGFyYW1ldGVyIHRv
IHJldHVybiBhbiBlcnJvciBjb2RlIHZhbHVlIHRoYXQgaW5kaWNhdGVzIHRoZQ0KPiA+ID4+ICBy
ZXNvdXJjZSBhY2Nlc3MgZXJyb3IgZW5jb3VudGVyZWQsIHRoZW4gdGhlc2UgZXJyb3IgY29kZSB2
YWx1ZXMNCj4gTVVTVA0KPiA+ID4+ICBiZSByZWdpc3RlcmVkLiAgVmFsdWVzIGZvciB0aGVzZSAi
ZXJyb3IiIGNvZGVzIE1VU1QgTk9UIGluY2x1ZGUNCj4gPiA+PiAgY2hhcmFjdGVycyBvdXRzaWRl
IHRoZSBzZXQgJXgyMC0yMSAvICV4MjMtNUIgLyAleDVELTdFLiBXaGVuIGFuDQo+ID4gPj4gICJl
cnJvciIgY29kZSB2YWx1ZSBpcyByZWdpc3RlcmVkIGZvciB1c2UgYnkgYW4gT0F1dGggcmVzb3Vy
Y2UgYWNjZXNzDQo+ID4gPj4gIG1ldGhvZCwgc2hvdWxkIHRoYXQgc2FtZSBjb2RlIGFscmVhZHkg
YmUgcmVnaXN0ZXJlZCBmb3IgdXNlIGJ5DQo+ID4gPj4gIGFub3RoZXIgT0F1dGggcmVzb3VyY2Ug
YWNjZXNzIG1ldGhvZCBvciBhdCBhIGRpZmZlcmVudCBPQXV0aCBlcnJvcg0KPiA+ID4+ICB1c2Fn
ZSBsb2NhdGlvbiwgdGhlbiB0aGUgbWVhbmluZyBvZiB0aGF0IGVycm9yIGNvZGUgdmFsdWUgaW4g
aW4gdGhlDQo+ID4gPj4gIG5ldyByZWdpc3RyYXRpb24gTVVTVCBiZSBjb25zaXN0ZW50IHdpdGgg
dGhlIGl0cyBtZWFuaW5nIGluIHByaW9yDQo+ID4gPj4gIHJlZ2lzdHJhdGlvbnMuDQo+ID4gPj4N
Cj4gPiA+PiAgVGhlIE9BdXRoIHJlc291cmNlIGFjY2VzcyBlcnJvciByZWdpc3RyYXRpb24gcmVx
dWlyZW1lbnQgYXBwbGllcyBvbmx5DQo+ID4gPj4gIHRvICJlcnJvciIgY29kZSB2YWx1ZXMgYW5k
IG5vdCB0byBvdGhlciBtZWFucyBvZiByZXR1cm5pbmcgZXJyb3INCj4gPiA+PiAgaW5kaWNhdGlv
bnMsIGluY2x1ZGluZyBIVFRQIHN0YXR1cyBjb2Rlcywgb3Igb3RoZXIgZXJyb3ItcmVsYXRlZA0K
PiA+ID4+ICByZXN1bHQgcGFyYW1ldGVycywgc3VjaCBhcyAiZXJyb3JfZGVzY3JpcHRpb24iLCAi
ZXJyb3JfdXJpIiwgb3Igb3RoZXINCj4gPiA+PiAga2luZHMgb2YgZXJyb3Igc3RhdHVzIHJldHVy
biBtZXRob2RzIHRoYXQgbWF5IGJlIGVtcGxveWVkIGJ5IHRoZQ0KPiA+ID4+ICByZXNvdXJjZSBh
Y2Nlc3MgbWV0aG9kLiAgVGhlcmUgaXMgbm8gcmVxdWlyZW1lbnQgdGhhdCBPQXV0aCByZXNvdXJj
ZQ0KPiA+ID4+ICBhY2Nlc3MgbWV0aG9kcyBlbXBsb3kgYW4gImVycm9yIiBwYXJhbWV0ZXIuDQo+
ID4gPj4NCj4gPiA+PiBIb3BlZnVsbHkgaW5jb3Jwb3JhdGluZyB0aGVzZSBjaGFuZ2VzIHdpbGwg
ZW5hYmxlIHVzIHRvIGNsb3NlIHRoZQ0KPiA+IHJlbWFpbmluZyBESVNDVVNTIGlzc3VlcyBvbiBi
b3RoIHRoZSBDb3JlIGFuZCBCZWFyZXIgZHJhZnRzLg0KPiA+ID4+DQo+ID4gPj4gICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVGhh
bmtzIGFsbCwNCj4gPiA+PiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAtLQ0KPiA+ID4+IE1pa2UNCj4gPiA+Pg0KPiA+ID4+DQo+
ID4gPj4gRnJvbTogRXJhbiBIYW1tZXIgW21haWx0bzplcmFuQGh1ZW5pdmVyc2UuY29tPG1haWx0
bzplcmFuQGh1ZW5pdmVyc2UuY29tPl0NCj4gPiA+PiBTZW50OiBXZWRuZXNkYXksIE1heSAyMywg
MjAxMiAxMTo0NSBQTQ0KPiA+ID4+IFRvOiBEYXZpZCBSZWNvcmRvbjsgTWlrZSBKb25lczsgSGFu
bmVzIFRzY2hvZmVuaWcNCj4gPiA+PiBDYzogb2F1dGhAaWV0Zi5vcmc8bWFpbHRvOm9hdXRoQGll
dGYub3JnPiBXRw0KPiA+ID4+IFN1YmplY3Q6IFJFOiBbT0FVVEgtV0ddIEVycm9yIEVuY29kaW5n
OiBDb25jbHVzaW9uDQo+ID4gPj4NCj4gPiA+PiBXaXRoIHRoZSBleGNlcHRpb24gb2Ygc2VjdGlv
biA3LjIsIHRoZSBjaGFuZ2VzIGxvb2sgcmVhc29uYWJsZSBhbmQNCj4gPiA+PiB3aWxsIGJlDQo+
ID4gYXBwbGllZCBpbiB0aGUgbmV4dCByZXZpc2lvbi4NCj4gPiA+Pg0KPiA+ID4+IFRoZSBuZXcg
c2VjdGlvbiA3LjIgaXMgY29uZnVzaW9uIGFuZCBkb2VzIG5vdCBleHBsYWluIHRoZSBuZXcgcmVn
aXN0cnkuDQo+ID4gVGhlIHNlY3Rpb24gaW50cm9kdWNlcyBhIG5ldyByZXF1aXJlbWVudCB0byBy
ZWdpc3RlciAnYW55IGVycm9yIGNvZGVzDQo+ID4gZGVmaW5lZCBmb3IgdXNlIHdpdGggT0F1dGgg
cmVzb3VyY2UgYWNjZXNzIG1ldGhvZHMnLiBUaGlzIHJlcXVpcmVtZW50DQo+ID4gaXMgdG9vIHZh
Z3VlLg0KPiA+ID4+DQo+ID4gPj4gSSBoYXZlIG5vIGNsdWUgaG93IHRvIChmb3IgZXhhbXBsZSkg
YXBwbHkgdGhpcyB0ZXh0IHRvIHRoZSBNQUMgZHJhZnQuDQo+ID4gQWRkaW5nIHRvIERhdmlkJ3Mg
bGlzdCBiZWxvdzoNCj4gPiA+Pg0KPiA+ID4+ICogU2hvdWxkIHRoZSBIVFRQIHN0YXR1cyBjb2Rl
cyB1c2VkIGJ5IHRoZSBNQUMgc3BlYyBhcyBjdXJyZW50bHkNCj4gPiA+PiB3cml0dGVuDQo+ID4g
YmUgcmVnaXN0ZXJlZCAoc2luY2Ugbm8gZ3VpZGFuY2UgaXMgZ2l2ZW4gdG8gdGhlIHVzZSBvZiBh
biBlcnJvciBwYXJhbWV0ZXIpPw0KPiA+ID4+ICogRG9lcyB0aGlzIGludHJvZHVjZSBhIHJlcXVp
cmVtZW50IHRvIGFkZCBhbiBlcnJvciBwYXJhbWV0ZXI/DQo+ID4gPj4gKiBEb2VzIHRoZSBwYXJh
bWV0ZXIgbmVlZCB0byAvIHNob3VsZCBiZSBjYWxsZWQgJ2Vycm9yJz8NCj4gPiA+PiAqIFdoYXQg
YWJvdXQgZnV0dXJlIG1ldGhvZHMgaW4gd2hpY2ggZXJyb3JzIGFyZSBub3Qgc2ltcGx5DQo+ID4g
Pj4gZXhwcmVzc2VkIGluDQo+ID4gdGhlIGZvcm0gb2YgYSBmaXhlcyBzdHJpbmc/DQo+ID4gPj4N
Cj4gPiA+PiBFSA0KPiA+ID4+DQo+ID4gPj4NCj4gPiA+PiBGcm9tOiBEYXZpZCBSZWNvcmRvbiBb
bWFpbHRvOnJlY29yZG9uZEBnbWFpbC5jb208bWFpbHRvOnJlY29yZG9uZEBnbWFpbC5jb20+XQ0K
PiA+ID4+IFNlbnQ6IFdlZG5lc2RheSwgTWF5IDIzLCAyMDEyIDExOjM4IFBNDQo+ID4gPj4gVG86
IE1pa2UgSm9uZXM7IEhhbm5lcyBUc2Nob2ZlbmlnOyBFcmFuIEhhbW1lcg0KPiA+ID4+IENjOiBv
YXV0aEBpZXRmLm9yZzxtYWlsdG86b2F1dGhAaWV0Zi5vcmc+IFdHDQo+ID4gPj4gU3ViamVjdDog
UmU6IFtPQVVUSC1XR10gRXJyb3IgRW5jb2Rpbmc6IENvbmNsdXNpb24NCj4gPiA+Pg0KPiA+ID4+
IEhvbmVzdGx5IHN0aWxsIHRyeWluZyB0byBmdWxseSB3cmFwIG15IGhlYWQgYXJvdW5kIHdoYXQn
cyBnb2luZyBvbg0KPiA+ID4+IGhlcmUNCj4gPiBzaW5jZSBpdCBzZWVtcyBmYXIgbW9yZSBjb21w
bGV4IHRoYW4gdGhlIHRocmVhZHMgYXJlIGFsbHVkaW5nIHRvLiBJbg0KPiA+IGFueSBjYXNlLCBk
b2VzIE1pa2UncyB0ZXh0IGFkZHJlc3Mgd2hhdCBFcmFuIGJyb3VnaHQgdXAgYXMgbmVlZGVkIGlu
DQo+ID4gdGhlIHRocmVhZCBIYW5uZXMgcmVmZXJlbmNlZCBvciBpcyBFcmFuIHdyb25nPw0KPiA+
ID4+DQo+ID4gPj4gVGhlIGNvcmUgc3BlYyBjdXJyZW50bHkgcHJvdmlkZXMgZnVsbCBndWlkYW5j
ZSBhbmQgZGVmaW5pdGlvbiBmb3INCj4gPiA+PiBlcnJvcg0KPiA+IGV4dGVuc2liaWxpdHkuIEV4
dGVuZGluZyB0aGUgcmVnaXN0cnkncyBzY29wZSBtZWFucyB0aGUgbmVlZCBmb3INCj4gPiBub24t
dHJpdmlhbCBuZXcgdGV4dCB0aGF0Og0KPiA+ID4+DQo+ID4gPj4gKiBleHBsYWlucyB0aGUgcHJv
Y2VzcyBvZiBhZGRpbmcgbmV3IGVycm9ycyBmb3IgZW5kcG9pbnRzIG5vdA0KPiA+ID4+IGRlZmlu
ZWQgYnkNCj4gPiB0aGlzIHNwZWNpZmljYXRpb24sDQo+ID4gPj4gKiBmaW5kcyBhIGNvbW1vbiBn
cm91bmQgZm9yIHZhbHVlIHJlc3RyaWN0aW9ucyBiZXlvbmQgd2hhdCBpcw0KPiA+ID4+IGFscmVh
ZHkNCj4gPiBsaXN0ZWQsDQo+ID4gPj4gKiBndWlkZSBhdXRob3JzIG9mIGZ1dHVyZSBIVFRQIGF1
dGhlbnRpY2F0aW9uIHNjaGVtZXMgbWVhbnQgZm9yIHVzZQ0KPiA+IHdpdGggT0F1dGggKGUuZy4g
TUFDKSBmb3IgdGhlaXIgcmVxdWlyZW1lbnRzIGZvciB1c2luZyB0aGUgZXJyb3INCj4gPiByZWdp
c3RyeSwgYW5kDQo+ID4gPj4gKiBhZGRyZXNzIHRoZSB2ZXJ5IGxpa2VseSBzY2VuYXJpbyBvZiB0
aGUgc2FtZSBlcnJvciBjb2RlIGNhcnJ5aW5nDQo+ID4gZGlmZmVyZW50IG1lYW5pbmdzIGluIGRp
ZmZlcmVudCBlbmRwb2ludHMsIG9yIGFuIGV4dGVuc2lvbiB0aGF0IGFkZHMgYQ0KPiA+IGxvY2F0
aW9uIHRvIGEgY29kZSBhbHJlYWR5IGRlZmluZWQgZWxzZXdoZXJlIC0gc29tZXRoaW5nIHZlcnkg
bGlrZWx5DQo+ID4gdG8gaGFwcGVuIGlmIHlvdSBjcm9zcyB0aGUgdHdvIHZlcnkgZGlmZmVyZW50
IGRvbWFpbnMgKE9BdXRoDQo+ID4gZW5kcG9pbnRzLCBQcm90ZWN0ZWQgcmVzb3VyY2UgZW5kcG9p
bnRzKS4gVGhpcyByZXF1aXJlcyBjaGFuZ2luZyB0aGUNCj4gPiBlbnRpcmUgc3RydWN0dXJlIG9m
IHRoZSByZWdpc3RyeSB0byBjcmVhdGUgc2VwYXJhdGUgcmVjb3JkcyBmb3IgZWFjaA0KPiBjb2Rl
L2xvY2F0aW9uIHBhaXIuDQo+ID4gPj4NCj4gPiA+PiBUaGFua3MsDQo+ID4gPj4gLS1EYXZpZA0K
PiA+ID4+DQo+ID4gPj4gT24gV2VkLCBNYXkgMjMsIDIwMTIgYXQgMTA6MjIgUE0sIE1pa2UgSm9u
ZXMNCj4gPiA8TWljaGFlbC5Kb25lc0BtaWNyb3NvZnQuY29tPG1haWx0bzpNaWNoYWVsLkpvbmVz
QG1pY3Jvc29mdC5jb20+PiB3cm90ZToNCj4gPiA+PiBUaGFua3MgSGFubmVzLiAgSW4gdGhlIGlu
dGVyZXN0IG9mIGhvcGVmdWxseSBjb21wbGV0aW5nIHRoZSBlZGl0cw0KPiA+ID4+IHRvDQo+ID4g
cmVtb3ZlIHRoZSBESVNDVVNTIGlzc3VlcyBmb3IgdGhlIEJlYXJlciBhbmQgQ29yZSBzcGVjcyBp
biB0aGUgbmV4dA0KPiA+IGZldyBkYXlzIHNvIHRoYXQgd2UgY2FuIHNlbmQgdGhlIGRvY3MgdG8g
dGhlIFJGQyBlZGl0b3JzLCBJJ2QgbGlrZSB0bw0KPiA+IHByb3Bvc2Ugc3BlY2lmaWMgbGFuZ3Vh
Z2UgZm9yIHRoZSBDb3JlIHNwZWMgdG8gYWRkcmVzcyBib3RoIG9mIHRoZQ0KPiA+IGNvbnNlbnN1
cyBjYWxsIGlzc3VlIHJlc29sdXRpb25zLiAgQWZ0ZXIgdGhlcmUncyBjb25zZW5zdXMgb24gdGhl
DQo+ID4gc3BlY2lmaWMgdGV4dCBmb3IgQ29yZSwgaXQgd2lsbCBiZSBlYXN5IGZvciB1cyB0byBh
ZGQgYSByZWZlcmVuY2UgaW4NCj4gPiBCZWFyZXIgdG8gdGhlIGxhbmd1YWdlIGluIENvcmUgZm9y
IHRoZSBlcnJvciBzeW50YXggcmVzdHJpY3Rpb25zIGFuZA0KPiA+IHRvIHVzZSB0aGUgT0F1dGgg
ZXJyb3JzIHJlZ2lzdHJ5LiAgSSdsbCBkbyB0aGF0IGluIHBhcmFsbGVsIHdpdGggdGhlIGRpc2N1
c3Npb25zDQo+IG9uIHRoZSBwcm9wb3NlZCBjb3JlIGxhbmd1YWdlIGNoYW5nZXMuDQo+ID4gPj4N
Cj4gPiA+Pg0KPiA+ID4+DQo+ID4gPj4gQSBzdW1tYXJ5IG9mIHRoZSBjaGFuZ2VzIEkgbWFkZSBp
biByZXNwb25zZSB0byB0aGUgY29uc2Vuc3VzIGNhbGwNCj4gPiBjb25jbHVzaW9ucyBhcmU6DQo+
ID4gPj4NCj4gPiA+PiAqICAgICAgICBBZGQgc3ludGF4IHJlc3RyaWN0aW9ucyBmb3IgImVycm9y
IiwgImVycm9yX2Rlc2NyaXB0aW9uIiwgYW5kDQo+ID4gImVycm9yX3VyaSIgZnJvbSBCZWFyZXIg
dG8gQ29yZQ0KPiA+ID4+DQo+ID4gPj4gKiAgICAgICAgQWRkIHNlY3Rpb24gNy4yIGFib3V0IGVy
cm9yIHJlc3BvbnNlcyBmcm9tIHJlc291cmNlIGFjY2Vzcw0KPiByZXF1ZXN0cw0KPiA+ID4+DQo+
ID4gPj4gKiAgICAgICAgQWRkICJyZXNvdXJjZSBhY2Nlc3MgZXJyb3IgcmVzcG9uc2UiIHRvIHRo
ZSBjYXRlZ29yeSBvZiBPQXV0aA0KPiA+IGVycm9ycyB0aGF0IGNhbiBiZSByZWdpc3RlcmVkDQo+
ID4gPj4NCj4gPiA+Pg0KPiA+ID4+DQo+ID4gPj4gQWRkaXRpb25hbCBlZGl0b3JpYWwgY2hhbmdl
cyB0aGF0IEkgbWFkZSBhcyBJIGVuY291bnRlcmVkIGlzc3VlcyBpbg0KPiA+ID4+IHRoZQ0KPiA+
IGRvY3VtZW50IHdlcmU6DQo+ID4gPj4NCj4gPiA+PiAqICAgICAgICBVcGRhdGVkIG91dCBvZiBk
YXRlIHJlZmVyZW5jZXMsIGVzcGVjaWFsbHkgdGhlIGRyYWZ0LWhhcmR0LW9hdXRoLQ0KPiAwMQ0K
PiA+IHJlZmVyZW5jZSwgd2hpY2ggY29udGFpbmVkIGFuIGludmFsaWQgbGluaw0KPiA+ID4+DQo+
ID4gPj4gKiAgICAgICAgQWRkZWQgRGVyZWsgQXRraW5zIHRvIHRoZSBsaXN0IG9mIGNoYWlycw0K
PiA+ID4+DQo+ID4gPj4gKiAgICAgICAgQWRkZWQgWWFyb24gR29sYW5kJ3MgbWlkZGxlIGluaXRp
YWwgWS4gKHNpbmNlIGhlIHByZWZlcnMgdG8gaW5jbHVkZQ0KPiBpdA0KPiA+IGluIHB1YmxpY2F0
aW9ucykNCj4gPiA+Pg0KPiA+ID4+ICogICAgICAgIFJlcGxhY2VkIHVzZSBvZiB0aGUgZGVwcmVj
YXRlZCA8YXBwZW5kaXg+IGVsZW1lbnQsIHdoaWNoDQo+ID4gcHJldmVudGVkIHRoZSBzcGVjIGZy
b20gYnVpbGRpbmcgd2l0aCBzdHJpY3QgY2hlY2tpbmcsIHdpdGggYQ0KPiA+IDxzZWN0aW9uPiBl
bGVtZW50IGluIHRoZSA8YmFjaz4gc2VjdGlvbiAod2hpY2ggY3JlYXRlcyBhbiBhcHBlbmRpeCkN
Cj4gPiA+Pg0KPiA+ID4+DQo+ID4gPj4NCj4gPiA+PiBUbyBtYWtlIGl0IGVhc3kgdG8gaW5jb3Jw
b3JhdGUgdGhlc2UgY2hhbmdlcyBpbnRvIHRoZSBkb2N1bWVudCBhbmQNCj4gPiA+PiBzbw0KPiA+
IHRoZSBwcm9wb3NlZCBjaGFuZ2VzIGFyZSB1bmFtYmlndW91cywgSSBwcm9kdWNlZCBhbiBlZGl0
ZWQgdmVyc2lvbiBvZg0KPiA+IENvcmUgLTI2IGNvbnRhaW5pbmcgdGhlc2UgY2hhbmdlcy4gIFRo
ZSB4bWwsIHR4dCwgYW5kIGh0bWwgdmVyc2lvbnMNCj4gPiBhcmUgYXR0YWNoZWQgdG8gZmFjaWxp
dGF0ZSByZXZpZXcuICBQZXJ0aW5lbnQgZGlmZnMgZnJvbSB0aGUgLnR4dCB2ZXJzaW9uDQo+IGZv
bGxvdy4NCj4gPiA+Pg0KPiA+ID4+DQo+ID4gPj4NCj4gPiA+PiAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoZWVycywNCj4gPiA+Pg0K
PiA+ID4+ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgLS0gTWlrZQ0KPiA+ID4+DQo+ID4gPj4NCj4gPiA+Pg0KPiA+ID4+IDY4M2M2ODMs
Njg0DQo+ID4gPj4NCj4gPiA+PiA8ICAgIG5vdGF0aW9uIG9mIFtSRkM1MjM0XS4NCj4gPiA+Pg0K
PiA+ID4+IC0tLQ0KPiA+ID4+DQo+ID4gPj4+ICBub3RhdGlvbiBvZiBbUkZDNTIzNF0uICBBZGRp
dGlvbmFsbHksIHRoZSBydWxlIFVSSS1SZWZlcmVuY2UgaXMNCj4gPiA+Pg0KPiA+ID4+PiAgaW5j
bHVkZWQgZnJvbSBVbmlmb3JtIFJlc291cmNlIElkZW50aWZpZXIgKFVSSSkgW1JGQzM5ODZdLg0K
PiA+ID4+DQo+ID4gPj4gMTQ0MWMxNDQxLDE0NDINCj4gPiA+Pg0KPiA+ID4+IDwgICAgICAgICAg
UkVRVUlSRUQuICBBIHNpbmdsZSBlcnJvciBjb2RlIGZyb20gdGhlIGZvbGxvd2luZzoNCj4gPiA+
Pg0KPiA+ID4+IC0tLQ0KPiA+ID4+DQo+ID4gPj4+ICAgICAgICBSRVFVSVJFRC4gIEEgc2luZ2xl
IEFTQ0lJIFtVU0FTQ0lJXSBlcnJvciBjb2RlIGZyb20gdGhlDQo+ID4gPj4NCj4gPiA+Pj4gICAg
ICAgIGZvbGxvd2luZzoNCj4gPiA+Pg0KPiA+ID4+IDE0NzRhMTQ3NSwxNDc2DQo+ID4gPj4NCj4g
PiA+Pj4gICAgICAgIFZhbHVlcyBmb3IgdGhlICJlcnJvciIgcGFyYW1ldGVyIE1VU1QgTk9UIGlu
Y2x1ZGUNCj4gPiA+Pj4gY2hhcmFjdGVycw0KPiA+ID4+DQo+ID4gPj4+ICAgICAgICBvdXRzaWRl
IHRoZSBzZXQgJXgyMC0yMSAvICV4MjMtNUIgLyAleDVELTdFLg0KPiA+ID4+DQo+ID4gPj4gMTQ3
NmMxNDc4DQo+ID4gPj4NCj4gPiA+PiA8ICAgICAgICAgIE9QVElPTkFMLiAgQSBodW1hbi1yZWFk
YWJsZSBVVEYtOCBlbmNvZGVkIHRleHQgcHJvdmlkaW5nDQo+ID4gPj4NCj4gPiA+PiAtLS0NCj4g
PiA+Pg0KPiA+ID4+PiAgICAgICAgT1BUSU9OQUwuICBBIGh1bWFuLXJlYWRhYmxlIEFTQ0lJIFtV
U0FTQ0lJXSB0ZXh0IHByb3ZpZGluZw0KPiA+ID4+DQo+ID4gPj4gMTQ3OGExNDgxLDE0ODINCj4g
PiA+Pg0KPiA+ID4+PiAgICAgICAgVmFsdWVzIGZvciB0aGUgImVycm9yX2Rlc2NyaXB0aW9uIiBw
YXJhbWV0ZXIgTVVTVCBOT1QNCj4gPiA+Pj4gaW5jbHVkZQ0KPiA+ID4+DQo+ID4gPj4+ICAgICAg
ICBjaGFyYWN0ZXJzIG91dHNpZGUgdGhlIHNldCAleDIwLTIxIC8gJXgyMy01QiAvICV4NUQtN0Uu
DQo+ID4gPj4NCj4gPiA+PiAxNDgyYTE0ODcsMTQ4OQ0KPiA+ID4+DQo+ID4gPj4+ICAgICAgICBW
YWx1ZXMgZm9yIHRoZSAiZXJyb3JfdXJpIiBwYXJhbWV0ZXIgTVVTVCBjb25mb3JtIHRvIHRoZQ0K
PiA+ID4+PiBVUkktDQo+ID4gPj4NCj4gPiA+Pj4gICAgICAgIFJlZmVyZW5jZSBzeW50YXgsIGFu
ZCB0aHVzIE1VU1QgTk9UIGluY2x1ZGUgY2hhcmFjdGVycw0KPiA+ID4+PiBvdXRzaWRlDQo+ID4g
Pj4NCj4gPiA+Pj4gICAgICAgIHRoZSBzZXQgJXgyMSAvICV4MjMtNUIgLyAleDVELTdFLg0KPiA+
ID4+DQo+ID4gPj4gMTg0MGMxODQwLDE4NDENCj4gPiA+Pg0KPiA+ID4+IDwgICAgICAgICAgUkVR
VUlSRUQuICBBIHNpbmdsZSBlcnJvciBjb2RlIGZyb20gdGhlIGZvbGxvd2luZzoNCj4gPiA+Pg0K
PiA+ID4+IC0tLQ0KPiA+ID4+DQo+ID4gPj4+ICAgICAgICBSRVFVSVJFRC4gIEEgc2luZ2xlIEFT
Q0lJIFtVU0FTQ0lJXSBlcnJvciBjb2RlIGZyb20gdGhlDQo+ID4gPj4NCj4gPiA+Pj4gICAgICAg
IGZvbGxvd2luZzoNCj4gPiA+Pg0KPiA+ID4+IDE4NzNhMTg3NCwxODc1DQo+ID4gPj4NCj4gPiA+
Pj4gICAgICAgIFZhbHVlcyBmb3IgdGhlICJlcnJvciIgcGFyYW1ldGVyIE1VU1QgTk9UIGluY2x1
ZGUNCj4gPiA+Pj4gY2hhcmFjdGVycw0KPiA+ID4+DQo+ID4gPj4+ICAgICAgICBvdXRzaWRlIHRo
ZSBzZXQgJXgyMC0yMSAvICV4MjMtNUIgLyAleDVELTdFLg0KPiA+ID4+DQo+ID4gPj4gMTg3NWMx
ODc3DQo+ID4gPj4NCj4gPiA+PiA8ICAgICAgICAgIE9QVElPTkFMLiAgQSBodW1hbi1yZWFkYWJs
ZSBVVEYtOCBlbmNvZGVkIHRleHQgcHJvdmlkaW5nDQo+ID4gPj4NCj4gPiA+PiAtLS0NCj4gPiA+
Pg0KPiA+ID4+PiAgICAgICAgT1BUSU9OQUwuICBBIGh1bWFuLXJlYWRhYmxlIEFTQ0lJIFtVU0FT
Q0lJXSB0ZXh0IHByb3ZpZGluZw0KPiA+ID4+DQo+ID4gPj4gMTg3N2ExODgwLDE4ODENCj4gPiA+
Pg0KPiA+ID4+PiAgICAgICAgVmFsdWVzIGZvciB0aGUgImVycm9yX2Rlc2NyaXB0aW9uIiBwYXJh
bWV0ZXIgTVVTVCBOT1QNCj4gPiA+Pj4gaW5jbHVkZQ0KPiA+ID4+DQo+ID4gPj4+ICAgICAgICBj
aGFyYWN0ZXJzIG91dHNpZGUgdGhlIHNldCAleDIwLTIxIC8gJXgyMy01QiAvICV4NUQtN0UuDQo+
ID4gPj4NCj4gPiA+PiAxODgxYTE4ODYsMTg4OA0KPiA+ID4+DQo+ID4gPj4+ICAgICAgICBWYWx1
ZXMgZm9yIHRoZSAiZXJyb3JfdXJpIiBwYXJhbWV0ZXIgTVVTVCBjb25mb3JtIHRvIHRoZQ0KPiA+
ID4+PiBVUkktDQo+ID4gPj4NCj4gPiA+Pj4gICAgICAgIFJlZmVyZW5jZSBzeW50YXgsIGFuZCB0
aHVzIE1VU1QgTk9UIGluY2x1ZGUgY2hhcmFjdGVycw0KPiA+ID4+PiBvdXRzaWRlDQo+ID4gPj4N
Cj4gPiA+Pj4gICAgICAgIHRoZSBzZXQgJXgyMSAvICV4MjMtNUIgLyAleDVELTdFLg0KPiA+ID4+
DQo+ID4gPj4gPCAgICAgICAgICBSRVFVSVJFRC4gIEEgc2luZ2xlIGVycm9yIGNvZGUgZnJvbSB0
aGUgZm9sbG93aW5nOg0KPiA+ID4+DQo+ID4gPj4gLS0tDQo+ID4gPj4NCj4gPiA+Pj4gICAgICAg
IFJFUVVJUkVELiAgQSBzaW5nbGUgQVNDSUkgW1VTQVNDSUldIGVycm9yIGNvZGUgZnJvbSB0aGUN
Cj4gPiA+Pg0KPiA+ID4+PiAgICAgICAgZm9sbG93aW5nOg0KPiA+ID4+DQo+ID4gPj4gMjMyNWEy
MzI2LDIzMjcNCj4gPiA+Pg0KPiA+ID4+PiAgICAgICAgVmFsdWVzIGZvciB0aGUgImVycm9yIiBw
YXJhbWV0ZXIgTVVTVCBOT1QgaW5jbHVkZQ0KPiA+ID4+PiBjaGFyYWN0ZXJzDQo+ID4gPj4NCj4g
PiA+Pj4gICAgICAgIG91dHNpZGUgdGhlIHNldCAleDIwLTIxIC8gJXgyMy01QiAvICV4NUQtN0Uu
DQo+ID4gPj4NCj4gPiA+PiAyMzI3YzIzMjkNCj4gPiA+Pg0KPiA+ID4+IDwgICAgICAgICAgT1BU
SU9OQUwuICBBIGh1bWFuLXJlYWRhYmxlIFVURi04IGVuY29kZWQgdGV4dCBwcm92aWRpbmcNCj4g
PiA+Pg0KPiA+ID4+IC0tLQ0KPiA+ID4+DQo+ID4gPj4+ICAgICAgICBPUFRJT05BTC4gIEEgaHVt
YW4tcmVhZGFibGUgQVNDSUkgW1VTQVNDSUldIHRleHQgcHJvdmlkaW5nDQo+ID4gPj4NCj4gPiA+
PiAyMzI5YTIzMzIsMjMzMw0KPiA+ID4+DQo+ID4gPj4+ICAgICAgICBWYWx1ZXMgZm9yIHRoZSAi
ZXJyb3JfZGVzY3JpcHRpb24iIHBhcmFtZXRlciBNVVNUIE5PVA0KPiA+ID4+PiBpbmNsdWRlDQo+
ID4gPj4NCj4gPiA+Pj4gICAgICAgIGNoYXJhY3RlcnMgb3V0c2lkZSB0aGUgc2V0ICV4MjAtMjEg
LyAleDIzLTVCIC8gJXg1RC03RS4NCj4gPiA+Pg0KPiA+ID4+IDIzMzNhMjMzOCwyMzQwDQo+ID4g
Pj4NCj4gPiA+Pj4gICAgICAgIFZhbHVlcyBmb3IgdGhlICJlcnJvcl91cmkiIHBhcmFtZXRlciBN
VVNUIGNvbmZvcm0gdG8gdGhlDQo+ID4gPj4+IFVSSS0NCj4gPiA+Pg0KPiA+ID4+PiAgICAgICAg
UmVmZXJlbmNlIHN5bnRheCwgYW5kIHRodXMgTVVTVCBOT1QgaW5jbHVkZSBjaGFyYWN0ZXJzDQo+
ID4gPj4+IG91dHNpZGUNCj4gPiA+Pg0KPiA+ID4+PiAgICAgICAgdGhlIHNldCAleDIxIC8gJXgy
My01QiAvICV4NUQtN0UuDQo+ID4gPj4NCj4gPiA+PiAyNDUwYzI0NjAsMjQ2OA0KPiA+ID4+DQo+
ID4gPj4gPCAgICBUaGUgbWV0aG9kIGluIHdoaWNoIHRoZSBjbGllbnQgdXRpbGl6ZWQgdGhlIGFj
Y2VzcyB0b2tlbiB0bw0KPiA+ID4+DQo+ID4gPj4gLS0tDQo+ID4gPj4NCj4gPiA+Pj4gIFRoZSBt
ZXRob2QgaW4gd2hpY2ggdGhlIGNsaWVudCB1dGlsaXplcyB0aGUgYWNjZXNzIHRva2VuIHRvDQo+
ID4gPj4NCj4gPiA+PiAyNDc5YzI0ODkNCj4gPiA+Pg0KPiA+ID4+IDwgICAgICBBdXRob3JpemF0
aW9uOiBCZWFyZXIgN0ZqZnAwWkJyMUt0RFJibmZWZG1Jdw0KPiA+ID4+DQo+ID4gPj4gLS0tDQo+
ID4gPj4NCj4gPiA+Pj4gICAgQXV0aG9yaXphdGlvbjogQmVhcmVyIG1GXzkuQjVmLTQuMUpxTQ0K
PiA+ID4+DQo+ID4gPj4gMjUwM2EyNTE0LDI1MzMNCj4gPiA+Pg0KPiA+ID4+Pg0KPiA+ID4+DQo+
ID4gPj4+IDcuMi4gIEVycm9yIFJlc3BvbnNlDQo+ID4gPj4NCj4gPiA+Pj4NCj4gPiA+Pg0KPiA+
ID4+PiAgSWYgYSByZXNvdXJjZSBhY2Nlc3MgcmVxdWVzdCBmYWlscywgdGhlIHJlc291cmNlIHNl
cnZlciBTSE9VTEQNCj4gPiA+Pj4gaW5mb3JtDQo+ID4gPj4NCj4gPiA+Pj4gIHRoZSBjbGllbnQg
b2YgdGhlIGVycm9yLiAgV2hpbGUgdGhlIHNwZWNpZmljIGVycm9yIHJlc3BvbnNlcw0KPiA+ID4+
PiBwb3NzaWJsZQ0KPiA+ID4+DQo+ID4gPj4+ICBhbmQgbWV0aG9kcyBmb3IgdHJhbnNtaXR0aW5n
IHRob3NlIGVycm9ycyB3aGVuIHVzaW5nIGFueQ0KPiA+ID4+PiBwYXJ0aWN1bGFyDQo+ID4gPj4N
Cj4gPiA+Pj4gIGFjY2VzcyB0b2tlbiB0eXBlIGFyZSBiZXlvbmQgdGhlIHNjb3BlIG9mIHRoaXMg
c3BlY2lmaWNhdGlvbiwNCj4gPiA+Pj4gYW55DQo+ID4gPj4NCj4gPiA+Pj4gIGVycm9yIGNvZGVz
IGRlZmluZWQgZm9yIHVzZSB3aXRoIE9BdXRoIHJlc291cmNlIGFjY2VzcyBtZXRob2RzDQo+ID4g
Pj4+IE1VU1QNCj4gPiA+Pg0KPiA+ID4+PiAgYmUgcmVnaXN0ZXJlZCAoZm9sbG93aW5nIHRoZSBw
cm9jZWR1cmVzIGluIFNlY3Rpb24gMTEuNCkuDQo+ID4gPj4NCj4gPiA+Pj4NCj4gPiA+Pg0KPiA+
ID4+Pg0KPiA+ID4+DQo+ID4gPj4gMjYwMiwyNjAzYzI2MjQsMjYyNg0KPiA+ID4+DQo+ID4gPj4g
PCAgICAoU2VjdGlvbiA0LjIuMi4xKSwgb3IgdGhlIHRva2VuIGVycm9yIHJlc3BvbnNlIChTZWN0
aW9uIDUuMiksIHN1Y2gNCj4gPiA+Pg0KPiA+ID4+IDwgICAgZXJyb3IgY29kZXMgTUFZIGJlIGRl
ZmluZWQuDQo+ID4gPj4NCj4gPiA+PiAtLS0NCj4gPiA+Pg0KPiA+ID4+PiAgKFNlY3Rpb24gNC4y
LjIuMSksIHRoZSB0b2tlbiBlcnJvciByZXNwb25zZSAoU2VjdGlvbiA1LjIpLCBvcg0KPiA+ID4+
PiB0aGUNCj4gPiA+Pg0KPiA+ID4+PiAgcmVzb3VyY2UgYWNjZXNzIGVycm9yIHJlc3BvbnNlIChT
ZWN0aW9uIDcuMiksIHN1Y2ggZXJyb3IgY29kZXMNCj4gPiA+Pj4gTUFZIGJlDQo+ID4gPj4NCj4g
PiA+Pj4gIGRlZmluZWQuDQo+ID4gPj4NCj4gPiA+PiAzNDQ0YzM0ODQsMzQ4NQ0KPiA+ID4+DQo+
ID4gPj4gPCAgICAgIChTZWN0aW9uIDQuMi4yLjEpLCBvciB0b2tlbiBlcnJvciByZXNwb25zZSAo
U2VjdGlvbiA1LjIpLg0KPiA+ID4+DQo+ID4gPj4gLS0tDQo+ID4gPj4NCj4gPiA+Pj4gICAgICAo
U2VjdGlvbiA0LjIuMi4xKSwgdG9rZW4gZXJyb3IgcmVzcG9uc2UgKFNlY3Rpb24gNS4yKSwgb3IN
Cj4gPiA+Pj4gcmVzb3VyY2UNCj4gPiA+Pg0KPiA+ID4+PiAgICAgIGFjY2VzcyBlcnJvciByZXNw
b25zZSAoU2VjdGlvbiA3LjIpLg0KPiA+ID4+DQo+ID4gPj4gMzU5NmEzNTU0LDM1NTcNCj4gPiA+
Pg0KPiA+ID4+PiAgW1VTQVNDSUldICBBbWVyaWNhbiBOYXRpb25hbCBTdGFuZGFyZHMgSW5zdGl0
dXRlLCAiQ29kZWQNCj4gPiA+Pj4gQ2hhcmFjdGVyDQo+ID4gPj4NCj4gPiA+Pj4gICAgICAgICAg
ICAgIFNldCAtLSA3LWJpdCBBbWVyaWNhbiBTdGFuZGFyZCBDb2RlIGZvciBJbmZvcm1hdGlvbg0K
PiA+ID4+DQo+ID4gPj4+ICAgICAgICAgICAgICBJbnRlcmNoYW5nZSIsIEFOU0kgWDMuNCwgMTk4
Ni4NCj4gPiA+Pg0KPiA+ID4+Pg0KPiA+ID4+DQo+ID4gPj4gMzYxMSwzNjEyYzM1NzIsMzU3Mw0K
PiA+ID4+DQo+ID4gPj4gPCAgICAgICAgICAgICAgT0F1dGggMi4wIiwgZHJhZnQtaWV0Zi1vYXV0
aC1zYW1sMi1iZWFyZXItMDggKHdvcmsgaW4NCj4gPiA+Pg0KPiA+ID4+IDwgICAgICAgICAgICAg
IHByb2dyZXNzKSwgQXVndXN0IDIwMTEuDQo+ID4gPj4NCj4gPiA+PiAtLS0NCj4gPiA+Pg0KPiA+
ID4+PiAgICAgICAgICAgICAgT0F1dGggMi4wIiwgZHJhZnQtaWV0Zi1vYXV0aC1zYW1sMi1iZWFy
ZXItMTIgKHdvcmsgaW4NCj4gPiA+Pg0KPiA+ID4+PiAgICAgICAgICAgICAgcHJvZ3Jlc3MpLCBN
YXkgMjAxMi4NCj4gPiA+Pg0KPiA+ID4+IDM2MTYsMzYxN2MzNTc3LDM1NzkNCj4gPiA+Pg0KPiA+
ID4+IDwgICAgICAgICAgICAgIFByb3RvY29sOiBCZWFyZXIgVG9rZW5zIiwgZHJhZnQtaWV0Zi1v
YXV0aC12Mi1iZWFyZXItMDgNCj4gPiA+Pg0KPiA+ID4+IDwgICAgICAgICAgICAgICh3b3JrIGlu
IHByb2dyZXNzKSwgSnVseSAyMDExLg0KPiA+ID4+DQo+ID4gPj4gLS0tDQo+ID4gPj4NCj4gPiA+
Pj4gICAgICAgICAgICAgIEF1dGhvcml6YXRpb24gUHJvdG9jb2w6IEJlYXJlciBUb2tlbnMiLA0K
PiA+ID4+DQo+ID4gPj4+ICAgICAgICAgICAgICBkcmFmdC1pZXRmLW9hdXRoLXYyLWJlYXJlci0x
OSAod29yayBpbiBwcm9ncmVzcyksDQo+ID4gPj4NCj4gPiA+Pj4gICAgICAgICAgICAgIEFwcmls
IDIwMTIuDQo+ID4gPj4NCj4gPiA+PiAzNjIwLDM2MjNjMzU4OSwzNTkxDQo+ID4gPj4NCj4gPiA+
PiA8ICAgICAgICAgICAgICBIYW1tZXItTGFoYXYsIEUuLCBCYXJ0aCwgQS4sIGFuZCBCLiBBZGlk
YSwgIkhUVFANCj4gPiA+Pg0KPiA+ID4+IDwgICAgICAgICAgICAgIEF1dGhlbnRpY2F0aW9uOiBN
QUMgQWNjZXNzIEF1dGhlbnRpY2F0aW9uIiwNCj4gPiA+Pg0KPiA+ID4+IDwgICAgICAgICAgICAg
IGRyYWZ0LWlldGYtb2F1dGgtdjItaHR0cC1tYWMtMDAgKHdvcmsgaW4gcHJvZ3Jlc3MpLA0KPiA+
ID4+DQo+ID4gPj4gPCAgICAgICAgICAgICAgTWF5IDIwMTEuDQo+ID4gPj4NCj4gPiA+PiAtLS0N
Cj4gPiA+Pg0KPiA+ID4+PiAgICAgICAgICAgICAgSGFtbWVyLUxhaGF2LCBFLiwgIkhUVFAgQXV0
aGVudGljYXRpb246IE1BQyBBY2Nlc3MNCj4gPiA+Pg0KPiA+ID4+PiAgICAgICAgICAgICAgQXV0
aGVudGljYXRpb24iLCBkcmFmdC1pZXRmLW9hdXRoLXYyLWh0dHAtbWFjLTAxDQo+ID4gPj4+ICh3
b3JrIGluDQo+ID4gPj4NCj4gPiA+Pj4gICAgICAgICAgICAgIHByb2dyZXNzKSwgRmVicnVhcnkg
MjAxMi4NCj4gPiA+Pg0KPiA+ID4+IDM2MjZjMzU5NA0KPiA+ID4+DQo+ID4gPj4gPCAgICAgICAg
ICAgICAgTG9kZGVyc3RlZHQsIFQuLCBNY0dsb2luLCBNLiwgYW5kIFAuIEh1bnQsICJPQXV0aCAy
LjANCj4gPiA+Pg0KPiA+ID4+IC0tLQ0KPiA+ID4+DQo+ID4gPj4+ICAgICAgICAgICAgICBNY0ds
b2luLCBNLiwgSHVudCwgUC4sIGFuZCBULiBMb2RkZXJzdGVkdCwgIk9BdXRoIDIuMA0KPiA+ID4+
DQo+ID4gPj4gMzYyOCwzNjI5YzM1OTYsMzU5Nw0KPiA+ID4+DQo+ID4gPj4gPCAgICAgICAgICAg
ICAgZHJhZnQtaWV0Zi1vYXV0aC12Mi10aHJlYXRtb2RlbC0wMCAod29yayBpbiBwcm9ncmVzcyks
DQo+ID4gPj4NCj4gPiA+PiA8ICAgICAgICAgICAgICBKdWx5IDIwMTEuDQo+ID4gPj4NCj4gPiA+
PiAtLS0NCj4gPiA+Pg0KPiA+ID4+PiAgICAgICAgICAgICAgZHJhZnQtaWV0Zi1vYXV0aC12Mi10
aHJlYXRtb2RlbC0wMiAod29yayBpbg0KPiA+ID4+PiBwcm9ncmVzcyksDQo+ID4gPj4NCj4gPiA+
Pj4gICAgICAgICAgICAgIEZlYnJ1YXJ5IDIwMTIuDQo+ID4gPj4NCj4gPiA+PiAzNDY4LDM1NDZk
MzUwMw0KPiA+ID4+DQo+ID4gPj4gPCAgICBCcmlhbiBFYXRvbiwgWWFyb24gR29sYW5kLCBEaWNr
IEhhcmR0LCBhbmQgQWxsZW4gVG9tLg0KPiA+ID4+DQo+ID4gPj4gMzYzOWMzNjA5LDM2MzkNCj4g
PiA+Pg0KPiA+ID4+PiAgQnJpYW4gRWF0b24sIFlhcm9uIFkuIEdvbGFuZCwgRGljayBIYXJkdCwg
YW5kIEFsbGVuIFRvbS4NCj4gPiA+Pg0KPiA+ID4+IDM0NjgsMzU0NmQzNTAzDQo+ID4gPj4NCj4g
PiA+PiA8ICAgIFlhcm9uIEdvbGFuZCwgQnJlbnQgR29sZG1hbiwgS3Jpc3RvZmZlciBHcm9ub3dz
a2ksIEp1c3RpbiBIYXJ0LA0KPiA+ID4+DQo+ID4gPj4gMzY0NCwzNjQ1YzM2NDQsMzY1Ng0KPiA+
ID4+DQo+ID4gPj4+ICBZYXJvbiBZLiBHb2xhbmQsIEJyZW50IEdvbGRtYW4sIEtyaXN0b2ZmZXIg
R3Jvbm93c2tpLCBKdXN0aW4NCj4gPiA+Pj4gSGFydCwNCj4gPiA+Pg0KPiA+ID4+IDM0NjgsMzU0
NmQzNTAzDQo+ID4gPj4NCj4gPiA+PiA8ICAgIFRoaXMgZG9jdW1lbnQgd2FzIHByb2R1Y2VkIHVu
ZGVyIHRoZSBjaGFpcm1hbnNoaXAgb2YgQmxhaW5lDQo+IENvb2ssDQo+ID4gPj4NCj4gPiA+PiA8
ICAgIFBldGVyIFNhaW50LUFuZHJlLCBIYW5uZXMgVHNjaG9mZW5pZywgYW5kIEJhcnJ5IExlaWJh
LiAgVGhlIGFyZWENCj4gPiA+Pg0KPiA+ID4+IDwgICAgZGlyZWN0b3JzIGluY2x1ZGVkIExpc2Eg
RHVzc2VhdWx0LCBQZXRlciBTYWludC1BbmRyZSwgYW5kIFN0ZXBoZW4NCj4gPiA+Pg0KPiA+ID4+
IDwgICAgRmFycmVsbC4NCj4gPiA+Pg0KPiA+ID4+IDM2NDZhMzY1OCwzNjYxDQo+ID4gPj4NCj4g
PiA+Pj4gIFRoaXMgZG9jdW1lbnQgd2FzIHByb2R1Y2VkIHVuZGVyIHRoZSBjaGFpcm1hbnNoaXAg
b2YgQmxhaW5lDQo+ID4gPj4+IENvb2ssDQo+ID4gPj4NCj4gPiA+Pj4gIFBldGVyIFNhaW50LUFu
ZHJlLCBIYW5uZXMgVHNjaG9mZW5pZywgQmFycnkgTGVpYmEsIGFuZCBEZXJlayBBdGtpbnMuDQo+
ID4gPj4NCj4gPiA+Pj4gIFRoZSBhcmVhIGRpcmVjdG9ycyBpbmNsdWRlZCBMaXNhIER1c3NlYXVs
dCwgUGV0ZXIgU2FpbnQtQW5kcmUsDQo+ID4gPj4+IGFuZA0KPiA+ID4+DQo+ID4gPj4+ICBTdGVw
aGVuIEZhcnJlbGwuDQo+ID4gPj4NCj4gPiA+Pg0KPiA+ID4+DQo+ID4gPj4gLS0tLS1PcmlnaW5h
bCBNZXNzYWdlLS0tLS0NCj4gPiA+PiBGcm9tOiBvYXV0aC1ib3VuY2VzQGlldGYub3JnPG1haWx0
bzpvYXV0aC1ib3VuY2VzQGlldGYub3JnPiBbbWFpbHRvOm9hdXRoLWJvdW5jZXNAaWV0Zi5vcmc8
bWFpbHRvOm9hdXRoLWJvdW5jZXNAaWV0Zi5vcmc+XSBPbg0KPiA+IEJlaGFsZiBPZiBIYW5uZXMg
VHNjaG9mZW5pZw0KPiA+ID4+IFNlbnQ6IFdlZG5lc2RheSwgTWF5IDIzLCAyMDEyIDExOjI3IEFN
DQo+ID4gPj4gVG86IG9hdXRoQGlldGYub3JnPG1haWx0bzpvYXV0aEBpZXRmLm9yZz4gV0cNCj4g
PiA+PiBTdWJqZWN0OiBbT0FVVEgtV0ddIEVycm9yIEVuY29kaW5nOiBDb25jbHVzaW9uDQo+ID4g
Pj4NCj4gPiA+Pg0KPiA+ID4+DQo+ID4gPj4gSGkgYWxsLA0KPiA+ID4+DQo+ID4gPj4NCj4gPiA+
Pg0KPiA+ID4+IG9uIE1heSAxMHRoIHdlIGNhbGxlZCBmb3IgY29uc2Vuc3VzIG9uIGFuIG9wZW4g
aXNzdWUgcmVnYXJkaW5nIHRoZQ0KPiA+ID4+IGVycm9yDQo+ID4gZW5jb2RpbmcuIEhlcmUgaXMg
dGhlIGxpbmsgdG8gdGhlIGNhbGw6DQo+ID4gPj4NCj4gPiA+PiBodHRwOi8vd3d3LmlldGYub3Jn
L21haWwtYXJjaGl2ZS93ZWIvb2F1dGgvY3VycmVudC9tc2cwODk5NC5odG1sDQo+ID4gPj4NCj4g
PiA+Pg0KPiA+ID4+DQo+ID4gPj4gVGhhbmsgeW91IGFsbCBmb3IgdGhlIGZlZWRiYWNrLiBUaGUg
Y29uY2x1c2lvbiBvZiB0aGUgY29uc2Vuc3VzDQo+ID4gPj4gY2FsbCB3YXMNCj4gPiB0byBoYXJt
b25pemUgdGhlIGVuY29kaW5nIGJldHdlZW4gdGhlIHR3byBzcGVjaWZpY2F0aW9ucyBieQ0KPiA+
IGluY29ycG9yYXRpbmcgdGhlIHJlc3RyaWN0aW9ucyBmcm9tIHRoZSBiZWFyZXIgc3BlY2lmaWNh
dGlvbiBpbnRvIHRoZQ0KPiA+IGJhc2Ugc3BlY2lmaWNhdGlvbi4gVGhlIGVycm9yIGVuY29kaW5n
IHdpbGwgZ28gaW50byB0aGUgY29yZQ0KPiA+IHNwZWNpZmljYXRpb24gYW5kIHRoZSBiZWFyZXIg
c3BlY2lmaWNhdGlvbiB3aWxsIHJlZmVyZW5jZSBpdC4NCj4gPiA+Pg0KPiA+ID4+DQo+ID4gPj4N
Cj4gPiA+PiBDaWFvDQo+ID4gPj4NCj4gPiA+PiBIYW5uZXMgJiBEZXJlaw0KPiA+ID4+DQo+ID4g
Pj4NCj4gPiA+Pg0KPiA+ID4+IF9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fDQo+ID4gPj4NCj4gPiA+PiBPQXV0aCBtYWlsaW5nIGxpc3QNCj4gPiA+Pg0KPiA+
ID4+IE9BdXRoQGlldGYub3JnPG1haWx0bzpPQXV0aEBpZXRmLm9yZz4NCj4gPiA+Pg0KPiA+ID4+
IGh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vb2F1dGgNCj4gPiA+Pg0KPiA+
ID4+DQo+ID4gPj4NCj4gPiA+Pg0KPiA+ID4+IF9fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fDQo+ID4gPj4gT0F1dGggbWFpbGluZyBsaXN0DQo+ID4gPj4gT0F1
dGhAaWV0Zi5vcmc8bWFpbHRvOk9BdXRoQGlldGYub3JnPg0KPiA+ID4+IGh0dHBzOi8vd3d3Lmll
dGYub3JnL21haWxtYW4vbGlzdGluZm8vb2F1dGgNCj4gPiA+Pg0KPiA+ID4+DQo+ID4gPj4gPGRy
YWZ0LWlldGYtb2F1dGgtdjItMjYrbWJqLTIueG1sPjxkcmFmdC1pZXRmLW9hdXRoLXYyLTI2K21i
ai0NCj4gPiAyLnR4dD48ZHJhZnQtaWV0Zi1vYXV0aC12Mi0yNittYmotMi5odG1sPg0KPiA+ID4N
Cj4NCj4NCg0KX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18N
Ck9BdXRoIG1haWxpbmcgbGlzdA0KT0F1dGhAaWV0Zi5vcmc8bWFpbHRvOk9BdXRoQGlldGYub3Jn
Pg0KaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9vYXV0aA0KDQo=

--_000_4E1F6AAD24975D4BA5B168042967394366523066TK5EX14MBXC284r_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTQgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPCEtLVtp
ZiAhbXNvXT48c3R5bGU+dlw6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0Kb1w6KiB7
YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0Kd1w6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0
I1ZNTCk7fQ0KLnNoYXBlIHtiZWhhdmlvcjp1cmwoI2RlZmF1bHQjVk1MKTt9DQo8L3N0eWxlPjwh
W2VuZGlmXS0tPjxzdHlsZT48IS0tDQovKiBGb250IERlZmluaXRpb25zICovDQpAZm9udC1mYWNl
DQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAyIDQ7
fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpUYWhvbWE7DQoJcGFub3NlLTE6MiAxMSA2IDQg
MyA1IDQgNCAyIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpDb25zb2xhczsNCglwYW5v
c2UtMToyIDExIDYgOSAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5N
c29Ob3JtYWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0KCW1h
cmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTIuMHB0Ow0KCWZvbnQtZmFtaWx5OiJU
aW1lcyBOZXcgUm9tYW4iLCJzZXJpZiI7fQ0KYTpsaW5rLCBzcGFuLk1zb0h5cGVybGluaw0KCXtt
c28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6Ymx1ZTsNCgl0ZXh0LWRlY29yYXRpb246dW5k
ZXJsaW5lO30NCmE6dmlzaXRlZCwgc3Bhbi5Nc29IeXBlcmxpbmtGb2xsb3dlZA0KCXttc28tc3R5
bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6cHVycGxlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxp
bmU7fQ0KcHJlDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgltc28tc3R5bGUtbGluazoiSFRN
TCBQcmVmb3JtYXR0ZWQgQ2hhciI7DQoJbWFyZ2luOjBpbjsNCgltYXJnaW4tYm90dG9tOi4wMDAx
cHQ7DQoJZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseToiQ291cmllciBOZXciO30NCnAu
TXNvQWNldGF0ZSwgbGkuTXNvQWNldGF0ZSwgZGl2Lk1zb0FjZXRhdGUNCgl7bXNvLXN0eWxlLXBy
aW9yaXR5Ojk5Ow0KCW1zby1zdHlsZS1saW5rOiJCYWxsb29uIFRleHQgQ2hhciI7DQoJbWFyZ2lu
OjBpbjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjguMHB0Ow0KCWZvbnQt
ZmFtaWx5OiJUYWhvbWEiLCJzYW5zLXNlcmlmIjt9DQpzcGFuLkhUTUxQcmVmb3JtYXR0ZWRDaGFy
DQoJe21zby1zdHlsZS1uYW1lOiJIVE1MIFByZWZvcm1hdHRlZCBDaGFyIjsNCgltc28tc3R5bGUt
cHJpb3JpdHk6OTk7DQoJbXNvLXN0eWxlLWxpbms6IkhUTUwgUHJlZm9ybWF0dGVkIjsNCglmb250
LWZhbWlseTpDb25zb2xhczt9DQpwLnlpdjI4MzYwODg4NW1zb2FjZXRhdGUsIGxpLnlpdjI4MzYw
ODg4NW1zb2FjZXRhdGUsIGRpdi55aXYyODM2MDg4ODVtc29hY2V0YXRlDQoJe21zby1zdHlsZS1u
YW1lOnlpdjI4MzYwODg4NW1zb2FjZXRhdGU7DQoJbXNvLW1hcmdpbi10b3AtYWx0OmF1dG87DQoJ
bWFyZ2luLXJpZ2h0OjBpbjsNCgltc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0bzsNCgltYXJnaW4t
bGVmdDowaW47DQoJZm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWlseToiVGltZXMgTmV3IFJv
bWFuIiwic2VyaWYiO30NCnAueWl2MjgzNjA4ODg1bXNvbm9ybWFsLCBsaS55aXYyODM2MDg4ODVt
c29ub3JtYWwsIGRpdi55aXYyODM2MDg4ODVtc29ub3JtYWwNCgl7bXNvLXN0eWxlLW5hbWU6eWl2
MjgzNjA4ODg1bXNvbm9ybWFsOw0KCW1zby1tYXJnaW4tdG9wLWFsdDphdXRvOw0KCW1hcmdpbi1y
aWdodDowaW47DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87DQoJbWFyZ2luLWxlZnQ6MGlu
Ow0KCWZvbnQtc2l6ZToxMi4wcHQ7DQoJZm9udC1mYW1pbHk6IlRpbWVzIE5ldyBSb21hbiIsInNl
cmlmIjt9DQpwLnlpdjI4MzYwODg4NW1zb2NocGRlZmF1bHQsIGxpLnlpdjI4MzYwODg4NW1zb2No
cGRlZmF1bHQsIGRpdi55aXYyODM2MDg4ODVtc29jaHBkZWZhdWx0DQoJe21zby1zdHlsZS1uYW1l
OnlpdjI4MzYwODg4NW1zb2NocGRlZmF1bHQ7DQoJbXNvLW1hcmdpbi10b3AtYWx0OmF1dG87DQoJ
bWFyZ2luLXJpZ2h0OjBpbjsNCgltc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0bzsNCgltYXJnaW4t
bGVmdDowaW47DQoJZm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWlseToiVGltZXMgTmV3IFJv
bWFuIiwic2VyaWYiO30NCnNwYW4ueWl2MjgzNjA4ODg1bXNvaHlwZXJsaW5rDQoJe21zby1zdHls
ZS1uYW1lOnlpdjI4MzYwODg4NW1zb2h5cGVybGluazt9DQpzcGFuLnlpdjI4MzYwODg4NW1zb2h5
cGVybGlua2ZvbGxvd2VkDQoJe21zby1zdHlsZS1uYW1lOnlpdjI4MzYwODg4NW1zb2h5cGVybGlu
a2ZvbGxvd2VkO30NCnNwYW4ueWl2MjgzNjA4ODg1aHRtbHByZWZvcm1hdHRlZGNoYXINCgl7bXNv
LXN0eWxlLW5hbWU6eWl2MjgzNjA4ODg1aHRtbHByZWZvcm1hdHRlZGNoYXI7fQ0Kc3Bhbi55aXYy
ODM2MDg4ODVlbWFpbHN0eWxlMTkNCgl7bXNvLXN0eWxlLW5hbWU6eWl2MjgzNjA4ODg1ZW1haWxz
dHlsZTE5O30NCnNwYW4ueWl2MjgzNjA4ODg1YmFsbG9vbnRleHRjaGFyDQoJe21zby1zdHlsZS1u
YW1lOnlpdjI4MzYwODg4NWJhbGxvb250ZXh0Y2hhcjt9DQpwLnlpdjI4MzYwODg4NW1zb25vcm1h
bDEsIGxpLnlpdjI4MzYwODg4NW1zb25vcm1hbDEsIGRpdi55aXYyODM2MDg4ODVtc29ub3JtYWwx
DQoJe21zby1zdHlsZS1uYW1lOnlpdjI4MzYwODg4NW1zb25vcm1hbDE7DQoJbWFyZ2luOjBpbjsN
CgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWls
eToiVGltZXMgTmV3IFJvbWFuIiwic2VyaWYiO30NCnNwYW4ueWl2MjgzNjA4ODg1bXNvaHlwZXJs
aW5rMQ0KCXttc28tc3R5bGUtbmFtZTp5aXYyODM2MDg4ODVtc29oeXBlcmxpbmsxOw0KCWNvbG9y
OmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpzcGFuLnlpdjI4MzYwODg4NW1z
b2h5cGVybGlua2ZvbGxvd2VkMQ0KCXttc28tc3R5bGUtbmFtZTp5aXYyODM2MDg4ODVtc29oeXBl
cmxpbmtmb2xsb3dlZDE7DQoJY29sb3I6cHVycGxlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxp
bmU7fQ0KcC55aXYyODM2MDg4ODVtc29hY2V0YXRlMSwgbGkueWl2MjgzNjA4ODg1bXNvYWNldGF0
ZTEsIGRpdi55aXYyODM2MDg4ODVtc29hY2V0YXRlMQ0KCXttc28tc3R5bGUtbmFtZTp5aXYyODM2
MDg4ODVtc29hY2V0YXRlMTsNCgltYXJnaW46MGluOw0KCW1hcmdpbi1ib3R0b206LjAwMDFwdDsN
Cglmb250LXNpemU6OC4wcHQ7DQoJZm9udC1mYW1pbHk6IkFyaWFsIiwic2Fucy1zZXJpZiI7fQ0K
c3Bhbi55aXYyODM2MDg4ODVodG1scHJlZm9ybWF0dGVkY2hhcjENCgl7bXNvLXN0eWxlLW5hbWU6
eWl2MjgzNjA4ODg1aHRtbHByZWZvcm1hdHRlZGNoYXIxOw0KCWZvbnQtZmFtaWx5OiJUaW1lcyBO
ZXcgUm9tYW4iLCJzZXJpZiI7fQ0Kc3Bhbi55aXYyODM2MDg4ODVlbWFpbHN0eWxlMTkxDQoJe21z
by1zdHlsZS1uYW1lOnlpdjI4MzYwODg4NWVtYWlsc3R5bGUxOTE7DQoJZm9udC1mYW1pbHk6IkFy
aWFsIiwic2Fucy1zZXJpZiI7DQoJY29sb3I6IzFGNDk3RDt9DQpzcGFuLnlpdjI4MzYwODg4NWJh
bGxvb250ZXh0Y2hhcjENCgl7bXNvLXN0eWxlLW5hbWU6eWl2MjgzNjA4ODg1YmFsbG9vbnRleHRj
aGFyMTsNCglmb250LWZhbWlseToiQXJpYWwiLCJzYW5zLXNlcmlmIjt9DQpwLnlpdjI4MzYwODg4
NW1zb2NocGRlZmF1bHQxLCBsaS55aXYyODM2MDg4ODVtc29jaHBkZWZhdWx0MSwgZGl2LnlpdjI4
MzYwODg4NW1zb2NocGRlZmF1bHQxDQoJe21zby1zdHlsZS1uYW1lOnlpdjI4MzYwODg4NW1zb2No
cGRlZmF1bHQxOw0KCW1zby1tYXJnaW4tdG9wLWFsdDphdXRvOw0KCW1hcmdpbi1yaWdodDowaW47
DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87DQoJbWFyZ2luLWxlZnQ6MGluOw0KCWZvbnQt
c2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6IlRpbWVzIE5ldyBSb21hbiIsInNlcmlmIjt9DQpz
cGFuLkVtYWlsU3R5bGUzNQ0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1yZXBseTsNCglmb250
LWZhbWlseToiQ2FsaWJyaSIsInNhbnMtc2VyaWYiOw0KCWNvbG9yOiMxRjQ5N0Q7fQ0Kc3Bhbi5C
YWxsb29uVGV4dENoYXINCgl7bXNvLXN0eWxlLW5hbWU6IkJhbGxvb24gVGV4dCBDaGFyIjsNCglt
c28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJbXNvLXN0eWxlLWxpbms6IkJhbGxvb24gVGV4dCI7DQoJ
Zm9udC1mYW1pbHk6IlRhaG9tYSIsInNhbnMtc2VyaWYiO30NCi5Nc29DaHBEZWZhdWx0DQoJe21z
by1zdHlsZS10eXBlOmV4cG9ydC1vbmx5Ow0KCWZvbnQtc2l6ZToxMC4wcHQ7fQ0KQHBhZ2UgV29y
ZFNlY3Rpb24xDQoJe3NpemU6OC41aW4gMTEuMGluOw0KCW1hcmdpbjoxLjBpbiAxLjBpbiAxLjBp
biAxLjBpbjt9DQpkaXYuV29yZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0tPjwv
c3R5bGU+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PSJl
ZGl0IiBzcGlkbWF4PSIxMDI2IiAvPg0KPC94bWw+PCFbZW5kaWZdLS0+PCEtLVtpZiBndGUgbXNv
IDldPjx4bWw+DQo8bzpzaGFwZWxheW91dCB2OmV4dD0iZWRpdCI+DQo8bzppZG1hcCB2OmV4dD0i
ZWRpdCIgZGF0YT0iMSIgLz4NCjwvbzpzaGFwZWxheW91dD48L3htbD48IVtlbmRpZl0tLT4NCjwv
aGVhZD4NCjxib2R5IGxhbmc9IkVOLVVTIiBsaW5rPSJibHVlIiB2bGluaz0icHVycGxlIj4NCjxk
aXYgY2xhc3M9IldvcmRTZWN0aW9uMSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls
ZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90
O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+WWVzLCAoMSkgeW91IGdvdCB0aGUgQmVh
cmVyIHN5bnRheCByaWdodCBpbiB0aGUgc2Vjb25kIG9uZSAoYWx0aG91Z2ggSSB3b3VsZCBzYXkg
dGhhdCBpdOKAmXMgdGhlIHdvcmtpbmcgZ3JvdXDigJlzIGNvbnNlbnN1cyBzeW50YXgsIHJhdGhl
ciB0aGFuIHRha2luZyBwZXJzb25hbA0KIGNyZWRpdCBmb3IgaXQsIHNvIEkgZGlmZmVyIGZyb20g
dXNlIG9mIOKAnHlvdXLigJ0pIGFuZCAoMikgeWVzLCB0aGUgd29ya2luZyBncm91cCBkaWRu4oCZ
dCBzZWUgYSByZWFzb24gdG8gbGltaXQgdGhlIHN5bnRheCB0byByZXF1aXJpbmcgYSBsZWFkaW5n
IGFscGhhIGNoYXJhY3Rlci48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y
bWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxp
YnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJz
cDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZv
bnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5z
LXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPkluZGVlZCwgYXMgYW4gaW5kaXZpZHVhbCwgSSBj
YW4gZWFzaWx5IGVudmlzaW9uIG1lYW5pbmdmdWwgZXJyb3IgY29kZXMgdGhhdCBkb27igJl0IHN0
YXJ0IHdpdGggYW4gYWxwaGEgY2hhcmFjdGVyLCBzdWNoIGFzIOKAnDQwM+KAnSwg4oCcNDAxKGsp
X25vdF9hdmFpbGFibGXigJ0sIOKAnC0x4oCdLA0KIG9yIOKAnF9jbGFpbV9zb3VyY2VzLWludmFs
aWTigJ0uJm5ic3A7IEkgZG9u4oCZdCBzZWUgYW55IHJlYXNvbiB0byBwcm9oaWJpdCB0aGVtLCBu
b3IgZG8gSSB0aGluayBpdOKAmXMgcHJvZHVjdGl2ZSB0byBoYXZlIGEgZGlzY3Vzc2lvbiBvbiBj
aGFuZ2luZyB0aGUgc3ludGF4IGF0IHRoaXMgc3RhZ2UgaW4gdGhlIHNwZWMgZGV2ZWxvcG1lbnQs
IHdoZXJlIHdl4oCZcmUgY2xvc2UgdG8gY2xvc2luZyBhbGwgdGhlIERJU0NVU1MgaXNzdWVzIGFu
ZCBzZW5kaW5nIHRoZSBzcGVjcw0KIHRvIHRoZSBSRkMgZWRpdG9yLjxvOnA+PC9vOnA+PC9zcGFu
PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0
O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztj
b2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv
Tm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtD
YWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+Jm5ic3A7
Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7
Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7
Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7
Jm5ic3A7IEJlc3Qgd2lzaGVzLDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29O
b3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0Nh
bGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj4mbmJzcDsm
bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz
cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm
bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz
cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm
bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz
cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm
bmJzcDsgLS0gTWlrZTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi
PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkm
cXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwv
bzpwPjwvc3Bhbj48L3A+DQo8ZGl2Pg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLXRv
cDpzb2xpZCAjQjVDNERGIDEuMHB0O3BhZGRpbmc6My4wcHQgMGluIDBpbiAwaW4iPg0KPHAgY2xh
c3M9Ik1zb05vcm1hbCI+PGI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1p
bHk6JnF1b3Q7VGFob21hJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPkZyb206PC9zcGFu
PjwvYj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtUYWhv
bWEmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+IFdpbGxpYW0gTWlsbHMgW21haWx0bzp3
bWlsbHNAeWFob28taW5jLmNvbV0NCjxicj4NCjxiPlNlbnQ6PC9iPiBUaHVyc2RheSwgTWF5IDMx
LCAyMDEyIDk6NTYgUE08YnI+DQo8Yj5Ubzo8L2I+IE1pa2UgSm9uZXM7IEVyYW4gSGFtbWVyOyBI
YW5uZXMgVHNjaG9mZW5pZzxicj4NCjxiPkNjOjwvYj4gb2F1dGhAaWV0Zi5vcmcgV0c8YnI+DQo8
Yj5TdWJqZWN0OjwvYj4gUmU6IEFCTkYgUmU6IFtPQVVUSC1XR10gRXJyb3IgRW5jb2Rpbmc6IENv
bmNsdXNpb248bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgY2xhc3M9
Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNz
PSJNc29Ob3JtYWwiIHN0eWxlPSJiYWNrZ3JvdW5kOndoaXRlIj48c3BhbiBzdHlsZT0iZm9udC1z
aXplOjE0LjBwdDtmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjpibGFj
ayI+U28gYXJlIHlvdSBzYXlpbmcgdGhhdA0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+
DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImJhY2tncm91bmQ6d2hpdGUiPjxz
cGFuIHN0eWxlPSJmb250LXNpemU6MTQuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3
JnF1b3Q7O2NvbG9yOmJsYWNrIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4N
CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0iYmFja2dyb3VuZDp3aGl0ZSI+PHNw
YW4gc3R5bGU9ImZvbnQtc2l6ZToxNC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcm
cXVvdDs7Y29sb3I6YmxhY2siPjEpIEkgZ290IHlvdXIgc3ludGF4IHJpZ2h0IGluIHRoZSBzZWNv
bmQgb25lPzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN
c29Ob3JtYWwiIHN0eWxlPSJiYWNrZ3JvdW5kOndoaXRlIj48c3BhbiBzdHlsZT0iZm9udC1zaXpl
OjE0LjBwdDtmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjpibGFjayI+
MikgWW91IGxpa2UgeW91ciBzeW50YXggYW5kIGRvbid0IHdhbnQgdG8gbGltaXQgaXQgdG8gYSBs
ZWFkaW5nIEFMUEhBPzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNs
YXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJiYWNrZ3JvdW5kOndoaXRlIj48c3BhbiBzdHlsZT0iZm9u
dC1zaXplOjE0LjBwdDtmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjpi
bGFjayI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh
c3M9Ik1zb05vcm1hbCIgc3R5bGU9ImJhY2tncm91bmQ6d2hpdGUiPjxzcGFuIHN0eWxlPSJmb250
LXNpemU6MTQuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9yOmJs
YWNrIj4tYmlsbDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxibG9ja3F1
b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjMTAxMEZGIDEuNXB0O3Bh
ZGRpbmc6MGluIDBpbiAwaW4gNC4wcHQ7bWFyZ2luLWxlZnQ6My43NXB0O21hcmdpbi10b3A6My43
NXB0O21hcmdpbi1ib3R0b206NS4wcHQiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImJh
Y2tncm91bmQ6d2hpdGUiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTQuMHB0O2ZvbnQtZmFtaWx5
OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9yOmJsYWNrIj48bzpwPiZuYnNwOzwvbzpwPjwv
c3Bhbj48L3A+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8ZGl2IGNsYXNzPSJNc29Ob3JtYWwiIGFs
aWduPSJjZW50ZXIiIHN0eWxlPSJ0ZXh0LWFsaWduOmNlbnRlcjtiYWNrZ3JvdW5kOndoaXRlIj4N
CjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1
b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6YmxhY2siPg0KPGhyIHNpemU9IjEiIHdp
ZHRoPSIxMDAlIiBhbGlnbj0iY2VudGVyIj4NCjwvc3Bhbj48L2Rpdj4NCjxwIGNsYXNzPSJNc29O
b3JtYWwiIHN0eWxlPSJiYWNrZ3JvdW5kOndoaXRlIj48Yj48c3BhbiBzdHlsZT0iZm9udC1zaXpl
OjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1
b3Q7O2NvbG9yOmJsYWNrIj5Gcm9tOjwvc3Bhbj48L2I+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox
MC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90
Oztjb2xvcjpibGFjayI+IE1pa2UgSm9uZXMgJmx0OzxhIGhyZWY9Im1haWx0bzpNaWNoYWVsLkpv
bmVzQG1pY3Jvc29mdC5jb20iPk1pY2hhZWwuSm9uZXNAbWljcm9zb2Z0LmNvbTwvYT4mZ3Q7PGJy
Pg0KPGI+VG86PC9iPiBXaWxsaWFtIE1pbGxzICZsdDs8YSBocmVmPSJtYWlsdG86d21pbGxzQHlh
aG9vLWluYy5jb20iPndtaWxsc0B5YWhvby1pbmMuY29tPC9hPiZndDs7IEVyYW4gSGFtbWVyICZs
dDs8YSBocmVmPSJtYWlsdG86ZXJhbkBodWVuaXZlcnNlLmNvbSI+ZXJhbkBodWVuaXZlcnNlLmNv
bTwvYT4mZ3Q7OyBIYW5uZXMgVHNjaG9mZW5pZyAmbHQ7PGEgaHJlZj0ibWFpbHRvOmhhbm5lcy50
c2Nob2ZlbmlnQGdteC5uZXQiPmhhbm5lcy50c2Nob2ZlbmlnQGdteC5uZXQ8L2E+Jmd0Ow0KPGJy
Pg0KPGI+Q2M6PC9iPiAmcXVvdDs8YSBocmVmPSJtYWlsdG86b2F1dGhAaWV0Zi5vcmclMjBXRyI+
b2F1dGhAaWV0Zi5vcmcgV0c8L2E+JnF1b3Q7ICZsdDs8YSBocmVmPSJtYWlsdG86b2F1dGhAaWV0
Zi5vcmciPm9hdXRoQGlldGYub3JnPC9hPiZndDsNCjxicj4NCjxiPlNlbnQ6PC9iPiBUaHVyc2Rh
eSwgTWF5IDMxLCAyMDEyIDk6NDUgUE08YnI+DQo8Yj5TdWJqZWN0OjwvYj4gUkU6IEFCTkYgUmU6
IFtPQVVUSC1XR10gRXJyb3IgRW5jb2Rpbmc6IENvbmNsdXNpb248L3NwYW4+PHNwYW4gc3R5bGU9
ImNvbG9yOmJsYWNrIj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxwIGNsYXNzPSJN
c29Ob3JtYWwiIHN0eWxlPSJiYWNrZ3JvdW5kOndoaXRlIj48c3BhbiBzdHlsZT0iY29sb3I6Ymxh
Y2siPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXYgaWQ9InlpdjI4MzYwODg4NSI+
DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0iYmFja2dy
b3VuZDp3aGl0ZSI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Y29sb3I6IzFGNDk3RCI+
WW91ciBwcm9wb3NhbCBkaWZmZXJzIGJvdGggZnJvbSB3aGF04oCZcyBpbiBCZWFyZXIgYW5kIHdo
YXTigJlzIGluIENvcmUgYXQgcHJlc2VudC4mbmJzcDsgQnkgdXNpbmcgdGhlIHN5bnRheCByZXN0
cmljdGlvbnMgZnJvbSBCZWFyZXIgKHdoaWNoIHdlcmUgYWxyZWFkeSBzaWduaWZpY2FudGx5IGRp
c2N1c3NlZA0KIGJ5IHRoZSBXRykgaW4gQ29yZSwgZGV2ZWxvcGVycyBoYXZlIGNvbnNpc3RlbnQg
cnVsZXMsIHdoaWNoIHdhcyB0aGUgcG9pbnQgb2YgdGhlIERJU0NVU1MuPC9zcGFuPjxzcGFuIHN0
eWxlPSJjb2xvcjpibGFjayI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K
PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImJhY2tncm91bmQ6d2hpdGUiPjxzcGFuIHN0eWxl
PSJmb250LXNpemU6MTEuMHB0O2NvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48c3BhbiBzdHls
ZT0iY29sb3I6YmxhY2siPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw
IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJiYWNrZ3JvdW5kOndoaXRlIj48c3BhbiBzdHlsZT0i
Zm9udC1zaXplOjExLjBwdDtjb2xvcjojMUY0OTdEIj5JIGRvbuKAmXQgYmVsaWV2ZSB0aGF0IGNo
YW5naW5nIGJvdGggc2V0cyBvZiBzeW50YXggcmVzdHJpY3Rpb25zIHdhcyBvbiB0aGUgdGFibGUg
YXQgdGhpcyBwb2ludCBiYXNlZCB1cG9uIHRoZSBESVNDVVNTIChidXQgb2YgY291cnNlLCB0aGUg
d29ya2luZyBncm91cCBjYW4gc3RpbGwgb2J2aW91c2x5DQogZG8gYW55dGhpbmcgdGhhdCB0aGVy
ZeKAmXMgY2xlYXIgY29uc2Vuc3VzIHRvIGRvKS4gPC9zcGFuPjxzcGFuIHN0eWxlPSJjb2xvcjpi
bGFjayI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z
b05vcm1hbCIgc3R5bGU9ImJhY2tncm91bmQ6d2hpdGUiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6
MTEuMHB0O2NvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48c3BhbiBzdHlsZT0iY29sb3I6Ymxh
Y2siPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O
b3JtYWwiIHN0eWxlPSJiYWNrZ3JvdW5kOndoaXRlIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEx
LjBwdDtjb2xvcjojMUY0OTdEIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm
bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz
cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm
bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz
cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm
bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz
cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgTXkgdHdvIGNlbnRzIHdvcnRo4oCmPC9z
cGFuPjxzcGFuIHN0eWxlPSJjb2xvcjpibGFjayI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9k
aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImJhY2tncm91bmQ6d2hpdGUi
PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2NvbG9yOiMxRjQ5N0QiPiZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu
YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu
YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu
YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OyAtLSBNaWtlPC9zcGFuPjxzcGFuIHN0eWxlPSJjb2xvcjpibGFjayI+PG86cD48L286cD48L3Nw
YW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImJhY2tn
cm91bmQ6d2hpdGUiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2NvbG9yOiMxRjQ5N0Qi
PiZuYnNwOzwvc3Bhbj48c3BhbiBzdHlsZT0iY29sb3I6YmxhY2siPjxvOnA+PC9vOnA+PC9zcGFu
PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci10b3A6
c29saWQgI0I1QzRERiAxLjBwdDtwYWRkaW5nOjMuMHB0IDBpbiAwaW4gMGluIj4NCjxkaXY+DQo8
cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0iYmFja2dyb3VuZDp3aGl0ZSI+PGI+PHNwYW4gc3R5
bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Y29sb3I6YmxhY2siPkZyb206PC9zcGFuPjwvYj48c3BhbiBz
dHlsZT0iZm9udC1zaXplOjEwLjBwdDtjb2xvcjpibGFjayI+IFdpbGxpYW0gTWlsbHMNCjxhIGhy
ZWY9Im1haWx0bzpbbWFpbHRvOndtaWxsc0B5YWhvby1pbmMuY29tXSI+W21haWx0bzp3bWlsbHNA
eWFob28taW5jLmNvbV08L2E+IDxicj4NCjxiPlNlbnQ6PC9iPiBUaHVyc2RheSwgTWF5IDMxLCAy
MDEyIDk6MzEgUE08YnI+DQo8Yj5Ubzo8L2I+IEVyYW4gSGFtbWVyOyBNaWtlIEpvbmVzOyBIYW5u
ZXMgVHNjaG9mZW5pZzxicj4NCjxiPkNjOjwvYj4gPGEgaHJlZj0ibWFpbHRvOm9hdXRoQGlldGYu
b3JnIj5vYXV0aEBpZXRmLm9yZzwvYT4gV0c8YnI+DQo8Yj5TdWJqZWN0OjwvYj4gQUJORiBSZTog
W09BVVRILVdHXSBFcnJvciBFbmNvZGluZzogQ29uY2x1c2lvbjwvc3Bhbj48c3BhbiBzdHlsZT0i
Y29sb3I6YmxhY2siPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rp
dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0iYmFja2dyb3VuZDp3aGl0ZSI+
PHNwYW4gc3R5bGU9ImNvbG9yOmJsYWNrIj4mbmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8
L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJi
YWNrZ3JvdW5kOndoaXRlIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjE0LjBwdDtjb2xvcjpibGFj
ayI+VGhlIGN1cnJlbnQgT0F1dGggY29yZSBzcGVjIHNlY3Rpb24gOC41IGhhczo8L3NwYW4+PHNw
YW4gc3R5bGU9ImNvbG9yOmJsYWNrIj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwv
ZGl2Pg0KPHByZSBzdHlsZT0iYmFja2dyb3VuZDp3aGl0ZSI+PHNwYW4gc3R5bGU9ImNvbG9yOmJs
YWNrIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgZXJyb3ItY29kZSZuYnNwOyZuYnNwOyA9IEFM
UEhBICplcnJvci1jaGFyPG86cD48L286cD48L3NwYW4+PC9wcmU+DQo8cHJlIHN0eWxlPSJiYWNr
Z3JvdW5kOndoaXRlIj48c3BhbiBzdHlsZT0iY29sb3I6YmxhY2siPiZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOyBlcnJvci1jaGFyJm5ic3A7Jm5ic3A7ID0gJnF1b3Q7LSZxdW90OyAvICZxdW90Oy4m
cXVvdDsgLyAmcXVvdDtfJnF1b3Q7IC8gRElHSVQgLyBBTFBIQTxvOnA+PC9vOnA+PC9zcGFuPjwv
cHJlPg0KPHByZSBzdHlsZT0iYmFja2dyb3VuZDp3aGl0ZSI+PHNwYW4gc3R5bGU9ImNvbG9yOmJs
YWNrIj48YnI+TWlrZSdzIHByb3Bvc2FsIHdvdWxkIG5vbWluYWxseSBiZTo8YnI+PGJyPiZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOyBlcnJvci1jb2RlJm5ic3A7Jm5ic3A7ID0gKmVycm9yLWNoYXI8
bzpwPjwvbzpwPjwvc3Bhbj48L3ByZT4NCjxwcmUgc3R5bGU9ImJhY2tncm91bmQ6d2hpdGUiPjxz
cGFuIHN0eWxlPSJjb2xvcjpibGFjayI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IGVycm9yLWNo
YXImbmJzcDsmbmJzcDsgPSAleDIwLTIxIC8gJXgyMy01QiAvICV4NUQtN0U8bzpwPjwvbzpwPjwv
c3Bhbj48L3ByZT4NCjxwcmUgc3R5bGU9ImJhY2tncm91bmQ6d2hpdGUiPjxzcGFuIHN0eWxlPSJj
b2xvcjpibGFjayI+PGJyPlRoaXMgaXMgdGhlIHNldCBvZiBBU0NJSSBjaGFyYWN0ZXJzIGZyb20g
U1BBQ0UgdG8gJ34nIGV4Y2x1ZGluZyAnXCcgYW5kICcmcXVvdDsnLiZuYnNwOyBJJ20gbm90IDxi
cj5pbiBsb3ZlIHdpdGggdGhhdCwgYnV0IGl0J3MgY2xlYXIuJm5ic3A7IEknZCBwcmVmZXI6PGJy
Pjxicj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgZXJyb3ItY29kZSZuYnNwOyZuYnNwOyA9IEFM
UEhBICplcnJvci1jaGFyPG86cD48L286cD48L3NwYW4+PC9wcmU+DQo8cHJlIHN0eWxlPSJiYWNr
Z3JvdW5kOndoaXRlIj48c3BhbiBzdHlsZT0iY29sb3I6YmxhY2siPiZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOyBlcnJvci1jaGFyJm5ic3A7Jm5ic3A7ID0gJXgyMC0yMSAvICV4MjMtNUIgLyAleDVE
LTdFPG86cD48L286cD48L3NwYW4+PC9wcmU+DQo8cHJlIHN0eWxlPSJiYWNrZ3JvdW5kOndoaXRl
Ij48c3BhbiBzdHlsZT0iY29sb3I6YmxhY2siPjxicj4tYmlsbDxvOnA+PC9vOnA+PC9zcGFuPjwv
cHJlPg0KPHByZSBzdHlsZT0iYmFja2dyb3VuZDp3aGl0ZSI+PHNwYW4gc3R5bGU9ImNvbG9yOmJs
YWNrIj4gJm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wcmU+DQo8ZGl2Pg0KPGJsb2NrcXVvdGUg
c3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkICMxMDEwRkYgMS41cHQ7cGFkZGlu
ZzowaW4gMGluIDBpbiA0LjBwdDttYXJnaW4tbGVmdDozLjc1cHQ7bWFyZ2luLXRvcDozLjc1cHQ7
bWFyZ2luLWJvdHRvbTo1LjBwdCI+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9
ImJhY2tncm91bmQ6d2hpdGUiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTQuMHB0O2NvbG9yOmJs
YWNrIj4mbmJzcDs8L3NwYW4+PHNwYW4gc3R5bGU9ImNvbG9yOmJsYWNrIj48bzpwPjwvbzpwPjwv
c3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0KPGRpdj4NCjxkaXYgY2xhc3M9Ik1zb05v
cm1hbCIgYWxpZ249ImNlbnRlciIgc3R5bGU9InRleHQtYWxpZ246Y2VudGVyO2JhY2tncm91bmQ6
d2hpdGUiPg0KPHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Y29sb3I6YmxhY2siPg0KPGhy
IHNpemU9IjEiIHdpZHRoPSIxMDAlIiBhbGlnbj0iY2VudGVyIj4NCjwvc3Bhbj48L2Rpdj4NCjxk
aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0iYmFja2dyb3VuZDp3aGl0ZSI+PGI+PHNw
YW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Y29sb3I6YmxhY2siPkZyb206PC9zcGFuPjwvYj48
c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtjb2xvcjpibGFjayI+IEVyYW4gSGFtbWVyICZs
dDs8YSBocmVmPSJtYWlsdG86ZXJhbkBodWVuaXZlcnNlLmNvbSIgdGFyZ2V0PSJfYmxhbmsiPmVy
YW5AaHVlbml2ZXJzZS5jb208L2E+Jmd0Ozxicj4NCjxiPlRvOjwvYj4gTWlrZSBKb25lcyAmbHQ7
PGEgaHJlZj0ibWFpbHRvOk1pY2hhZWwuSm9uZXNAbWljcm9zb2Z0LmNvbSIgdGFyZ2V0PSJfYmxh
bmsiPk1pY2hhZWwuSm9uZXNAbWljcm9zb2Z0LmNvbTwvYT4mZ3Q7OyBIYW5uZXMgVHNjaG9mZW5p
ZyAmbHQ7PGEgaHJlZj0ibWFpbHRvOmhhbm5lcy50c2Nob2ZlbmlnQGdteC5uZXQiIHRhcmdldD0i
X2JsYW5rIj5oYW5uZXMudHNjaG9mZW5pZ0BnbXgubmV0PC9hPiZndDsNCjxicj4NCjxiPkNjOjwv
Yj4gJnF1b3Q7PGEgaHJlZj0ibWFpbHRvOm9hdXRoQGlldGYub3JnJTIwV0ciIHRhcmdldD0iX2Js
YW5rIj5vYXV0aEBpZXRmLm9yZyBXRzwvYT4mcXVvdDsgJmx0OzxhIGhyZWY9Im1haWx0bzpvYXV0
aEBpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPm9hdXRoQGlldGYub3JnPC9hPiZndDsNCjxicj4N
CjxiPlNlbnQ6PC9iPiBUaHVyc2RheSwgTWF5IDMxLCAyMDEyIDc6NDcgUE08YnI+DQo8Yj5TdWJq
ZWN0OjwvYj4gUmU6IFtPQVVUSC1XR10gRXJyb3IgRW5jb2Rpbmc6IENvbmNsdXNpb248L3NwYW4+
PHNwYW4gc3R5bGU9ImNvbG9yOmJsYWNrIj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4N
CjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luLWJvdHRvbToxMi4wcHQiPg0KPHAgY2xhc3M9Ik1z
b05vcm1hbCIgc3R5bGU9Im1hcmdpbi1ib3R0b206MTIuMHB0O2JhY2tncm91bmQ6d2hpdGUiPjxz
cGFuIHN0eWxlPSJjb2xvcjpibGFjayI+PGJyPg0KPGJyPg0KPGJyPg0KJmd0OyAtLS0tLU9yaWdp
bmFsIE1lc3NhZ2UtLS0tLTxicj4NCiZndDsgRnJvbTogTWlrZSBKb25lcyBbbWFpbHRvOjxhIGhy
ZWY9Im1haWx0bzpNaWNoYWVsLkpvbmVzQG1pY3Jvc29mdC5jb20iIHRhcmdldD0iX2JsYW5rIj5N
aWNoYWVsLkpvbmVzQG1pY3Jvc29mdC5jb208L2E+XTxicj4NCiZndDsgU2VudDogVGh1cnNkYXks
IE1heSAzMSwgMjAxMiAxOjUzIFBNPGJyPg0KJmd0OyBUbzogRXJhbiBIYW1tZXI7IEhhbm5lcyBU
c2Nob2ZlbmlnPGJyPg0KJmd0OyBDYzogPGEgaHJlZj0ibWFpbHRvOm9hdXRoQGlldGYub3JnIiB0
YXJnZXQ9Il9ibGFuayI+b2F1dGhAaWV0Zi5vcmc8L2E+IFdHPGJyPg0KJmd0OyBTdWJqZWN0OiBS
RTogW09BVVRILVdHXSBFcnJvciBFbmNvZGluZzogQ29uY2x1c2lvbjxicj4NCiZndDsgPGJyPg0K
Jmd0OyBBY3R1YWxseSwgY291bGQgeW91IHBsZWFzZSBwdWJsaXNoIGJlZm9yZSB0aGUgQUJORiBp
cyBkb25lIHNvIHRoYXQgSSBjYW48YnI+DQomZ3Q7IHB1Ymxpc2ggYSB2ZXJzaW9uIG9mIEJlYXJl
ciByZWZlcmVuY2luZyB0aGUgbmV3IHRleHQgaW4gQ29yZSwgc28gaXQgY2FuIGJlPGJyPg0KJmd0
OyByZXZpZXdlZCBieSB0aGUgV0cgaW4gcGFyYWxsZWwgd2l0aCB0aGUgQUJORiB3b3JrIGhhcHBl
bmluZz8mbmJzcDsgSSB0aGluayB0aGF0PGJyPg0KJmd0OyB3YXMgSGFubmVzJyBpbnRlbnQgaW4g
YXNraW5nIHlvdSB0byBwdWJsaXNoIHNvb24uPGJyPg0KPGJyPg0KSSdsbCByZXZpZXcgdGhlIHRl
eHQgYW5kIHdpbGwgcmVwbHkgYmFjayBhcyB0byBwdWJsaXNoaW5nIHNjaGVkdWxlLjxicj4NCjxi
cj4NCiZndDsgVmVyc2lvbiBudW1iZXJzIGFyZTxicj4NCiZndDsgY2hlYXAuLi48YnI+DQo8YnI+
DQpNeSB0aW1lIGlzbid0Ljxicj4NCjxicj4NCkVIPGJyPg0KPGJyPg0KJmd0OyAmbmJzcDsmbmJz
cDsmbmJzcDsgJm5ic3A7Jm5ic3A7Jm5ic3A7ICZuYnNwOyZuYnNwOyZuYnNwOyAmbmJzcDsmbmJz
cDsmbmJzcDsgVGhhbmtzLDxicj4NCiZndDsgJm5ic3A7Jm5ic3A7Jm5ic3A7ICZuYnNwOyZuYnNw
OyZuYnNwOyAmbmJzcDsmbmJzcDsmbmJzcDsgJm5ic3A7Jm5ic3A7Jm5ic3A7IC0tIE1pa2U8YnI+
DQomZ3Q7IDxicj4NCiZndDsgLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS08YnI+DQomZ3Q7IEZy
b206IEVyYW4gSGFtbWVyIFttYWlsdG86PGEgaHJlZj0ibWFpbHRvOmVyYW5AaHVlbml2ZXJzZS5j
b20iIHRhcmdldD0iX2JsYW5rIj5lcmFuQGh1ZW5pdmVyc2UuY29tPC9hPl08YnI+DQomZ3Q7IFNl
bnQ6IFRodXJzZGF5LCBNYXkgMzEsIDIwMTIgMTI6MzUgUE08YnI+DQomZ3Q7IFRvOiBIYW5uZXMg
VHNjaG9mZW5pZzxicj4NCiZndDsgQ2M6IE1pa2UgSm9uZXM7IDxhIGhyZWY9Im1haWx0bzpvYXV0
aEBpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPm9hdXRoQGlldGYub3JnPC9hPiBXRzxicj4NCiZn
dDsgU3ViamVjdDogUkU6IFtPQVVUSC1XR10gRXJyb3IgRW5jb2Rpbmc6IENvbmNsdXNpb248YnI+
DQomZ3Q7IDxicj4NCiZndDsgSSdsbCBmaXJzdCByZXZpZXcgdGhlIHByb3Bvc2VkIHRleHQgKGFz
IGEgV0cgbWVtYmVyKSBhbmQgcmFpc2UgYW55IGlzc3Vlczxicj4NCiZndDsgcmVtYWluaW5nIChp
ZiBhbnkpLjxicj4NCiZndDsgPGJyPg0KJmd0OyBJIHdpbGwgd2FpdCB1bnRpbCB0aGUgQUJORiB0
ZXh0IGlzIHByb3ZpZGVkIGJlZm9yZSBwdWJsaXNoaW5nIGFub3RoZXIgdmVyc2lvbi48YnI+DQom
Z3Q7IDxicj4NCiZndDsgRUg8YnI+DQomZ3Q7IDxicj4NCiZndDsgJmd0OyAtLS0tLU9yaWdpbmFs
IE1lc3NhZ2UtLS0tLTxicj4NCiZndDsgJmd0OyBGcm9tOiBIYW5uZXMgVHNjaG9mZW5pZyBbbWFp
bHRvOjxhIGhyZWY9Im1haWx0bzpoYW5uZXMudHNjaG9mZW5pZ0BnbXgubmV0IiB0YXJnZXQ9Il9i
bGFuayI+aGFubmVzLnRzY2hvZmVuaWdAZ214Lm5ldDwvYT5dPGJyPg0KJmd0OyAmZ3Q7IFNlbnQ6
IFRodXJzZGF5LCBNYXkgMzEsIDIwMTIgMTA6NTQgQU08YnI+DQomZ3Q7ICZndDsgVG86IEVyYW4g
SGFtbWVyPGJyPg0KJmd0OyAmZ3Q7IENjOiBNaWtlIEpvbmVzOyA8YSBocmVmPSJtYWlsdG86b2F1
dGhAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5vYXV0aEBpZXRmLm9yZzwvYT4gV0c7IEhhbm5l
cyBUc2Nob2ZlbmlnPGJyPg0KJmd0OyAmZ3Q7IFN1YmplY3Q6IFJlOiBbT0FVVEgtV0ddIEVycm9y
IEVuY29kaW5nOiBDb25jbHVzaW9uPGJyPg0KJmd0OyAmZ3Q7PGJyPg0KJmd0OyAmZ3Q7IEVyYW4s
IGNvdWxkIHlvdSBwdWJsaXNoIGEgbmV3IGRyYWZ0IHZlcnNpb24gYnkgU3VuZGF5IHdpdGggdGhl
c2U8YnI+DQomZ3Q7ICZndDsgY2hhbmdlcyBpbmNvcnBvcmF0ZWQ/IFRoYXQgc2hvdWxkIGdpdmUg
dGhlIHdvcmtpbmcgZ3JvdXAgZW5vdWdoIHRpbWU8YnI+DQomZ3Q7ICZndDsgdG8gbG9vayBhdCB0
aGVzZSBmZXcgcGFyYWdyYXBocy48YnI+DQomZ3Q7ICZndDs8YnI+DQomZ3Q7ICZndDsgSW4gdGhl
IG1lYW53aGlsZSB3ZSBhcmUgd29ya2luZyBvbiBhZGRyZXNzaW5nIHRoZSBBQk5GIGlzc3VlIFNl
YW48YnI+DQomZ3Q7ICZndDsgcmFpc2VkIGFuZCB3ZSB3aWxsIHRoZW4gZ28gZm9yIGFub3RoZXIg
dXBkYXRlLjxicj4NCiZndDsgJmd0Ozxicj4NCiZndDsgJmd0OyBDaWFvPGJyPg0KJmd0OyAmZ3Q7
IEhhbm5lczxicj4NCiZndDsgJmd0Ozxicj4NCiZndDsgJmd0OyBPbiBNYXkgMzEsIDIwMTIsIGF0
IDg6MjAgUE0sIEhhbm5lcyBUc2Nob2ZlbmlnIHdyb3RlOjxicj4NCiZndDsgJmd0Ozxicj4NCiZn
dDsgJmd0OyAmZ3Q7IEhpIE1pa2UsPGJyPg0KJmd0OyAmZ3Q7ICZndDs8YnI+DQomZ3Q7ICZndDsg
Jmd0OyB0aGFuayB5b3UgZm9yIGNvbXBpbGluZyB0aGUgdGV4dC4gSXQgbG9va3MgZ29vZCB0byBt
ZS4gSSBoYXZlIG5vdDxicj4NCiZndDsgJmd0OyAmZ3Q7IHNlZW48YnI+DQomZ3Q7ICZndDsgYW55
b25lIGZyb20gdGhlIHdvcmtpbmcgZ3JvdXAgc2NyZWFtaW5nIGVpdGhlci48YnI+DQomZ3Q7ICZn
dDsgJmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7IEVyYW4sIGNhbiB5b3UgaW5jb3Jwb3JhdGUgdGhl
c2UgY2hhbmdlcyBpbnRvIHRoZSBuZXh0IGRyYWZ0IHZlcnNpb24/PGJyPg0KJmd0OyAmZ3Q7ICZn
dDs8YnI+DQomZ3Q7ICZndDsgJmd0OyBDaWFvPGJyPg0KJmd0OyAmZ3Q7ICZndDsgSGFubmVzPGJy
Pg0KJmd0OyAmZ3Q7ICZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyBPbiBNYXkgMzAsIDIwMTIsIGF0
IDI6MTAgQU0sIE1pa2UgSm9uZXMgd3JvdGU6PGJyPg0KJmd0OyAmZ3Q7ICZndDs8YnI+DQomZ3Q7
ICZndDsgJmd0OyZndDsgSSd2ZSBtYWRlIGFub3RoZXIgc2V0IG9mIHVwZGF0ZXMgdG8gYSBjb3B5
IG9mIENvcmUgLTI2IHRvIGFkZHJlc3M8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsgdGhlPGJyPg0K
Jmd0OyAmZ3Q7IHF1ZXN0aW9ucyByYWlzZWQgYnkgRXJhbiBhbmQgRGF2aWQgYmVsb3cgKGF0dGFj
aGVkKS48YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsgQW4g
dW5yZWxhdGVkIGNoYW5nZSB0aGF0IHlvdSBzaG91bGQgcHJvYmFibHkgcGljayB1cCwgRXJhbiBp
czxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyBhZGRpbmcgdGhpczxicj4NCiZndDsgJmd0OyB0byB0
aGUgJmx0O2Zyb250Jmd0OyBzZWN0aW9uLCBzbyB0aGF0IHRoZSBoZWFkaW5nIHNob3dzIHRoYXQg
dGhlIGRyYWZ0IGlzIGE8YnI+DQomZ3Q7ICZndDsgcHJvZHVjdCBvZiB0aGUgJnF1b3Q7T0F1dGgg
V29ya2luZyBHcm91cCZxdW90OyByYXRoZXIgdGhhbiB0aGUgJnF1b3Q7TmV0d29yayBXb3JraW5n
PGJyPg0KJmd0OyBHcm91cCZxdW90Ozo8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsmbmJzcDsgJm5i
c3A7ICZsdDthcmVhJmd0O1NlY3VyaXR5Jmx0Oy9hcmVhJmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7
Jmd0OyZuYnNwOyAmbmJzcDsgJmx0O3dvcmtncm91cCZndDtPQXV0aCBXb3JraW5nIEdyb3VwJmx0
Oy93b3JrZ3JvdXAmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZn
dDsmZ3Q7IE9uZSBjaGFuZ2UgSSBkaWRuJ3QgbWFrZSwgYnV0IHRoYXQgc2hvdWxkIGJlIGNvbnNp
ZGVyZWQsIGlzIHRvPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7IGRlbGV0ZSB0aGU8YnI+DQomZ3Q7
ICZndDsgcmVmZXJlbmNlIHRvIE9BU0lTLnNhbWwtY29yZS0yLjAtb3MsIHNpbmNlIGl0IGlzIHVz
ZWQgYnkgbm8gJmx0O3hyZWYmZ3Q7IGluPGJyPg0KJmd0OyAmZ3Q7IHRoZSBkb2N1bWVudC48YnI+
DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsgVGhlIG5ldyBwcm9w
b3NlZCB0ZXh0IGZvciBTZWN0aW9uIDcuMiBmb2xsb3dzOjxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0
Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyA3LjIuJm5ic3A7IEVycm9yIFJlc3BvbnNlPGJyPg0K
Jmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7Jm5ic3A7IElmIGEgcmVz
b3VyY2UgYWNjZXNzIHJlcXVlc3QgZmFpbHMsIHRoZSByZXNvdXJjZSBzZXJ2ZXIgU0hPVUxEIGlu
Zm9ybTxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyZuYnNwOyB0aGUgY2xpZW50IG9mIHRoZSBlcnJv
ci4mbmJzcDsgV2hpbGUgdGhlIHNwZWNpZmljIGVycm9yIHJlc3BvbnNlcyBwb3NzaWJsZTxicj4N
CiZndDsgJmd0OyAmZ3Q7Jmd0OyZuYnNwOyBhbmQgbWV0aG9kcyBmb3IgdHJhbnNtaXR0aW5nIHRo
b3NlIGVycm9ycyB3aGVuIHVzaW5nIGFueSBwYXJ0aWN1bGFyPGJyPg0KJmd0OyAmZ3Q7ICZndDsm
Z3Q7Jm5ic3A7IGFjY2VzcyB0b2tlbiB0eXBlIGFyZSBiZXlvbmQgdGhlIHNjb3BlIG9mIHRoaXMg
c3BlY2lmaWNhdGlvbiwgYW55PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7Jm5ic3A7ICZxdW90O2Vy
cm9yJnF1b3Q7IGNvZGUgdmFsdWVzIGRlZmluZWQgZm9yIHVzZSB3aXRoIE9BdXRoIHJlc291cmNl
IGFjY2Vzczxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyZuYnNwOyBtZXRob2RzIE1VU1QgYmUgcmVn
aXN0ZXJlZCAoZm9sbG93aW5nIHRoZSBwcm9jZWR1cmVzIGluPGJyPg0KJmd0OyAmZ3Q7ICZndDsm
Z3Q7Jm5ic3A7IFNlY3Rpb24gMTEuNCkuPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0
OyAmZ3Q7ICZndDsmZ3Q7Jm5ic3A7IFNwZWNpZmljYWxseSwgd2hlbiB0aGUgT0F1dGggcmVzb3Vy
Y2UgYWNjZXNzIG1ldGhvZCB1c2VzIGFuICZxdW90O2Vycm9yJnF1b3Q7PGJyPg0KJmd0OyAmZ3Q7
ICZndDsmZ3Q7Jm5ic3A7IHJlc3VsdCBwYXJhbWV0ZXIgdG8gcmV0dXJuIGFuIGVycm9yIGNvZGUg
dmFsdWUgdGhhdCBpbmRpY2F0ZXMgdGhlPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7Jm5ic3A7IHJl
c291cmNlIGFjY2VzcyBlcnJvciBlbmNvdW50ZXJlZCwgdGhlbiB0aGVzZSBlcnJvciBjb2RlIHZh
bHVlczxicj4NCiZndDsgTVVTVDxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyZuYnNwOyBiZSByZWdp
c3RlcmVkLiZuYnNwOyBWYWx1ZXMgZm9yIHRoZXNlICZxdW90O2Vycm9yJnF1b3Q7IGNvZGVzIE1V
U1QgTk9UIGluY2x1ZGU8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsmbmJzcDsgY2hhcmFjdGVycyBv
dXRzaWRlIHRoZSBzZXQgJXgyMC0yMSAvICV4MjMtNUIgLyAleDVELTdFLiBXaGVuIGFuPGJyPg0K
Jmd0OyAmZ3Q7ICZndDsmZ3Q7Jm5ic3A7ICZxdW90O2Vycm9yJnF1b3Q7IGNvZGUgdmFsdWUgaXMg
cmVnaXN0ZXJlZCBmb3IgdXNlIGJ5IGFuIE9BdXRoIHJlc291cmNlIGFjY2Vzczxicj4NCiZndDsg
Jmd0OyAmZ3Q7Jmd0OyZuYnNwOyBtZXRob2QsIHNob3VsZCB0aGF0IHNhbWUgY29kZSBhbHJlYWR5
IGJlIHJlZ2lzdGVyZWQgZm9yIHVzZSBieTxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyZuYnNwOyBh
bm90aGVyIE9BdXRoIHJlc291cmNlIGFjY2VzcyBtZXRob2Qgb3IgYXQgYSBkaWZmZXJlbnQgT0F1
dGggZXJyb3I8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsmbmJzcDsgdXNhZ2UgbG9jYXRpb24sIHRo
ZW4gdGhlIG1lYW5pbmcgb2YgdGhhdCBlcnJvciBjb2RlIHZhbHVlIGluIGluIHRoZTxicj4NCiZn
dDsgJmd0OyAmZ3Q7Jmd0OyZuYnNwOyBuZXcgcmVnaXN0cmF0aW9uIE1VU1QgYmUgY29uc2lzdGVu
dCB3aXRoIHRoZSBpdHMgbWVhbmluZyBpbiBwcmlvcjxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyZu
YnNwOyByZWdpc3RyYXRpb25zLjxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0
OyAmZ3Q7Jmd0OyZuYnNwOyBUaGUgT0F1dGggcmVzb3VyY2UgYWNjZXNzIGVycm9yIHJlZ2lzdHJh
dGlvbiByZXF1aXJlbWVudCBhcHBsaWVzIG9ubHk8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsmbmJz
cDsgdG8gJnF1b3Q7ZXJyb3ImcXVvdDsgY29kZSB2YWx1ZXMgYW5kIG5vdCB0byBvdGhlciBtZWFu
cyBvZiByZXR1cm5pbmcgZXJyb3I8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsmbmJzcDsgaW5kaWNh
dGlvbnMsIGluY2x1ZGluZyBIVFRQIHN0YXR1cyBjb2Rlcywgb3Igb3RoZXIgZXJyb3ItcmVsYXRl
ZDxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyZuYnNwOyByZXN1bHQgcGFyYW1ldGVycywgc3VjaCBh
cyAmcXVvdDtlcnJvcl9kZXNjcmlwdGlvbiZxdW90OywgJnF1b3Q7ZXJyb3JfdXJpJnF1b3Q7LCBv
ciBvdGhlcjxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyZuYnNwOyBraW5kcyBvZiBlcnJvciBzdGF0
dXMgcmV0dXJuIG1ldGhvZHMgdGhhdCBtYXkgYmUgZW1wbG95ZWQgYnkgdGhlPGJyPg0KJmd0OyAm
Z3Q7ICZndDsmZ3Q7Jm5ic3A7IHJlc291cmNlIGFjY2VzcyBtZXRob2QuJm5ic3A7IFRoZXJlIGlz
IG5vIHJlcXVpcmVtZW50IHRoYXQgT0F1dGggcmVzb3VyY2U8YnI+DQomZ3Q7ICZndDsgJmd0OyZn
dDsmbmJzcDsgYWNjZXNzIG1ldGhvZHMgZW1wbG95IGFuICZxdW90O2Vycm9yJnF1b3Q7IHBhcmFt
ZXRlci48YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsgSG9w
ZWZ1bGx5IGluY29ycG9yYXRpbmcgdGhlc2UgY2hhbmdlcyB3aWxsIGVuYWJsZSB1cyB0byBjbG9z
ZSB0aGU8YnI+DQomZ3Q7ICZndDsgcmVtYWluaW5nIERJU0NVU1MgaXNzdWVzIG9uIGJvdGggdGhl
IENvcmUgYW5kIEJlYXJlciBkcmFmdHMuPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0
OyAmZ3Q7ICZndDsmZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsg
Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAm
bmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZu
YnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5i
c3A7ICZuYnNwOyBUaGFua3MgYWxsLDxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyZuYnNwOyAmbmJz
cDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNw
OyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7
ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsg
Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgLS08YnI+DQomZ3Q7ICZn
dDsgJmd0OyZndDsgTWlrZTxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAm
Z3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyBGcm9tOiBFcmFuIEhhbW1lciBbbWFpbHRv
OjxhIGhyZWY9Im1haWx0bzplcmFuQGh1ZW5pdmVyc2UuY29tIiB0YXJnZXQ9Il9ibGFuayI+ZXJh
bkBodWVuaXZlcnNlLmNvbTwvYT5dPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7IFNlbnQ6IFdlZG5l
c2RheSwgTWF5IDIzLCAyMDEyIDExOjQ1IFBNPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7IFRvOiBE
YXZpZCBSZWNvcmRvbjsgTWlrZSBKb25lczsgSGFubmVzIFRzY2hvZmVuaWc8YnI+DQomZ3Q7ICZn
dDsgJmd0OyZndDsgQ2M6IDxhIGhyZWY9Im1haWx0bzpvYXV0aEBpZXRmLm9yZyIgdGFyZ2V0PSJf
YmxhbmsiPm9hdXRoQGlldGYub3JnPC9hPiBXRzxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyBTdWJq
ZWN0OiBSRTogW09BVVRILVdHXSBFcnJvciBFbmNvZGluZzogQ29uY2x1c2lvbjxicj4NCiZndDsg
Jmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyBXaXRoIHRoZSBleGNlcHRpb24g
b2Ygc2VjdGlvbiA3LjIsIHRoZSBjaGFuZ2VzIGxvb2sgcmVhc29uYWJsZSBhbmQ8YnI+DQomZ3Q7
ICZndDsgJmd0OyZndDsgd2lsbCBiZTxicj4NCiZndDsgJmd0OyBhcHBsaWVkIGluIHRoZSBuZXh0
IHJldmlzaW9uLjxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0
OyBUaGUgbmV3IHNlY3Rpb24gNy4yIGlzIGNvbmZ1c2lvbiBhbmQgZG9lcyBub3QgZXhwbGFpbiB0
aGUgbmV3IHJlZ2lzdHJ5Ljxicj4NCiZndDsgJmd0OyBUaGUgc2VjdGlvbiBpbnRyb2R1Y2VzIGEg
bmV3IHJlcXVpcmVtZW50IHRvIHJlZ2lzdGVyICdhbnkgZXJyb3IgY29kZXM8YnI+DQomZ3Q7ICZn
dDsgZGVmaW5lZCBmb3IgdXNlIHdpdGggT0F1dGggcmVzb3VyY2UgYWNjZXNzIG1ldGhvZHMnLiBU
aGlzIHJlcXVpcmVtZW50PGJyPg0KJmd0OyAmZ3Q7IGlzIHRvbyB2YWd1ZS48YnI+DQomZ3Q7ICZn
dDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsgSSBoYXZlIG5vIGNsdWUgaG93IHRv
IChmb3IgZXhhbXBsZSkgYXBwbHkgdGhpcyB0ZXh0IHRvIHRoZSBNQUMgZHJhZnQuPGJyPg0KJmd0
OyAmZ3Q7IEFkZGluZyB0byBEYXZpZCdzIGxpc3QgYmVsb3c6PGJyPg0KJmd0OyAmZ3Q7ICZndDsm
Z3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7ICogU2hvdWxkIHRoZSBIVFRQIHN0YXR1cyBjb2Rl
cyB1c2VkIGJ5IHRoZSBNQUMgc3BlYyBhcyBjdXJyZW50bHk8YnI+DQomZ3Q7ICZndDsgJmd0OyZn
dDsgd3JpdHRlbjxicj4NCiZndDsgJmd0OyBiZSByZWdpc3RlcmVkIChzaW5jZSBubyBndWlkYW5j
ZSBpcyBnaXZlbiB0byB0aGUgdXNlIG9mIGFuIGVycm9yIHBhcmFtZXRlcik/PGJyPg0KJmd0OyAm
Z3Q7ICZndDsmZ3Q7ICogRG9lcyB0aGlzIGludHJvZHVjZSBhIHJlcXVpcmVtZW50IHRvIGFkZCBh
biBlcnJvciBwYXJhbWV0ZXI/PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7ICogRG9lcyB0aGUgcGFy
YW1ldGVyIG5lZWQgdG8gLyBzaG91bGQgYmUgY2FsbGVkICdlcnJvcic/PGJyPg0KJmd0OyAmZ3Q7
ICZndDsmZ3Q7ICogV2hhdCBhYm91dCBmdXR1cmUgbWV0aG9kcyBpbiB3aGljaCBlcnJvcnMgYXJl
IG5vdCBzaW1wbHk8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsgZXhwcmVzc2VkIGluPGJyPg0KJmd0
OyAmZ3Q7IHRoZSBmb3JtIG9mIGEgZml4ZXMgc3RyaW5nPzxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0
Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyBFSDxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4N
CiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyBGcm9tOiBEYXZpZCBS
ZWNvcmRvbiBbbWFpbHRvOjxhIGhyZWY9Im1haWx0bzpyZWNvcmRvbmRAZ21haWwuY29tIiB0YXJn
ZXQ9Il9ibGFuayI+cmVjb3Jkb25kQGdtYWlsLmNvbTwvYT5dPGJyPg0KJmd0OyAmZ3Q7ICZndDsm
Z3Q7IFNlbnQ6IFdlZG5lc2RheSwgTWF5IDIzLCAyMDEyIDExOjM4IFBNPGJyPg0KJmd0OyAmZ3Q7
ICZndDsmZ3Q7IFRvOiBNaWtlIEpvbmVzOyBIYW5uZXMgVHNjaG9mZW5pZzsgRXJhbiBIYW1tZXI8
YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsgQ2M6IDxhIGhyZWY9Im1haWx0bzpvYXV0aEBpZXRmLm9y
ZyIgdGFyZ2V0PSJfYmxhbmsiPm9hdXRoQGlldGYub3JnPC9hPiBXRzxicj4NCiZndDsgJmd0OyAm
Z3Q7Jmd0OyBTdWJqZWN0OiBSZTogW09BVVRILVdHXSBFcnJvciBFbmNvZGluZzogQ29uY2x1c2lv
bjxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyBIb25lc3Rs
eSBzdGlsbCB0cnlpbmcgdG8gZnVsbHkgd3JhcCBteSBoZWFkIGFyb3VuZCB3aGF0J3MgZ29pbmcg
b248YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsgaGVyZTxicj4NCiZndDsgJmd0OyBzaW5jZSBpdCBz
ZWVtcyBmYXIgbW9yZSBjb21wbGV4IHRoYW4gdGhlIHRocmVhZHMgYXJlIGFsbHVkaW5nIHRvLiBJ
bjxicj4NCiZndDsgJmd0OyBhbnkgY2FzZSwgZG9lcyBNaWtlJ3MgdGV4dCBhZGRyZXNzIHdoYXQg
RXJhbiBicm91Z2h0IHVwIGFzIG5lZWRlZCBpbjxicj4NCiZndDsgJmd0OyB0aGUgdGhyZWFkIEhh
bm5lcyByZWZlcmVuY2VkIG9yIGlzIEVyYW4gd3Jvbmc/PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7
PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7IFRoZSBjb3JlIHNwZWMgY3VycmVudGx5IHByb3ZpZGVz
IGZ1bGwgZ3VpZGFuY2UgYW5kIGRlZmluaXRpb24gZm9yPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7
IGVycm9yPGJyPg0KJmd0OyAmZ3Q7IGV4dGVuc2liaWxpdHkuIEV4dGVuZGluZyB0aGUgcmVnaXN0
cnkncyBzY29wZSBtZWFucyB0aGUgbmVlZCBmb3I8YnI+DQomZ3Q7ICZndDsgbm9uLXRyaXZpYWwg
bmV3IHRleHQgdGhhdDo8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0
OyZndDsgKiBleHBsYWlucyB0aGUgcHJvY2VzcyBvZiBhZGRpbmcgbmV3IGVycm9ycyBmb3IgZW5k
cG9pbnRzIG5vdDxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyBkZWZpbmVkIGJ5PGJyPg0KJmd0OyAm
Z3Q7IHRoaXMgc3BlY2lmaWNhdGlvbiw8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsgKiBmaW5kcyBh
IGNvbW1vbiBncm91bmQgZm9yIHZhbHVlIHJlc3RyaWN0aW9ucyBiZXlvbmQgd2hhdCBpczxicj4N
CiZndDsgJmd0OyAmZ3Q7Jmd0OyBhbHJlYWR5PGJyPg0KJmd0OyAmZ3Q7IGxpc3RlZCw8YnI+DQom
Z3Q7ICZndDsgJmd0OyZndDsgKiBndWlkZSBhdXRob3JzIG9mIGZ1dHVyZSBIVFRQIGF1dGhlbnRp
Y2F0aW9uIHNjaGVtZXMgbWVhbnQgZm9yIHVzZTxicj4NCiZndDsgJmd0OyB3aXRoIE9BdXRoIChl
LmcuIE1BQykgZm9yIHRoZWlyIHJlcXVpcmVtZW50cyBmb3IgdXNpbmcgdGhlIGVycm9yPGJyPg0K
Jmd0OyAmZ3Q7IHJlZ2lzdHJ5LCBhbmQ8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsgKiBhZGRyZXNz
IHRoZSB2ZXJ5IGxpa2VseSBzY2VuYXJpbyBvZiB0aGUgc2FtZSBlcnJvciBjb2RlIGNhcnJ5aW5n
PGJyPg0KJmd0OyAmZ3Q7IGRpZmZlcmVudCBtZWFuaW5ncyBpbiBkaWZmZXJlbnQgZW5kcG9pbnRz
LCBvciBhbiBleHRlbnNpb24gdGhhdCBhZGRzIGE8YnI+DQomZ3Q7ICZndDsgbG9jYXRpb24gdG8g
YSBjb2RlIGFscmVhZHkgZGVmaW5lZCBlbHNld2hlcmUgLSBzb21ldGhpbmcgdmVyeSBsaWtlbHk8
YnI+DQomZ3Q7ICZndDsgdG8gaGFwcGVuIGlmIHlvdSBjcm9zcyB0aGUgdHdvIHZlcnkgZGlmZmVy
ZW50IGRvbWFpbnMgKE9BdXRoPGJyPg0KJmd0OyAmZ3Q7IGVuZHBvaW50cywgUHJvdGVjdGVkIHJl
c291cmNlIGVuZHBvaW50cykuIFRoaXMgcmVxdWlyZXMgY2hhbmdpbmcgdGhlPGJyPg0KJmd0OyAm
Z3Q7IGVudGlyZSBzdHJ1Y3R1cmUgb2YgdGhlIHJlZ2lzdHJ5IHRvIGNyZWF0ZSBzZXBhcmF0ZSBy
ZWNvcmRzIGZvciBlYWNoPGJyPg0KJmd0OyBjb2RlL2xvY2F0aW9uIHBhaXIuPGJyPg0KJmd0OyAm
Z3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7IFRoYW5rcyw8YnI+DQomZ3Q7ICZn
dDsgJmd0OyZndDsgLS1EYXZpZDxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0
OyAmZ3Q7Jmd0OyBPbiBXZWQsIE1heSAyMywgMjAxMiBhdCAxMDoyMiBQTSwgTWlrZSBKb25lczxi
cj4NCiZndDsgJmd0OyAmbHQ7PGEgaHJlZj0ibWFpbHRvOk1pY2hhZWwuSm9uZXNAbWljcm9zb2Z0
LmNvbSIgdGFyZ2V0PSJfYmxhbmsiPk1pY2hhZWwuSm9uZXNAbWljcm9zb2Z0LmNvbTwvYT4mZ3Q7
IHdyb3RlOjxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyBUaGFua3MgSGFubmVzLiZuYnNwOyBJbiB0
aGUgaW50ZXJlc3Qgb2YgaG9wZWZ1bGx5IGNvbXBsZXRpbmcgdGhlIGVkaXRzPGJyPg0KJmd0OyAm
Z3Q7ICZndDsmZ3Q7IHRvPGJyPg0KJmd0OyAmZ3Q7IHJlbW92ZSB0aGUgRElTQ1VTUyBpc3N1ZXMg
Zm9yIHRoZSBCZWFyZXIgYW5kIENvcmUgc3BlY3MgaW4gdGhlIG5leHQ8YnI+DQomZ3Q7ICZndDsg
ZmV3IGRheXMgc28gdGhhdCB3ZSBjYW4gc2VuZCB0aGUgZG9jcyB0byB0aGUgUkZDIGVkaXRvcnMs
IEknZCBsaWtlIHRvPGJyPg0KJmd0OyAmZ3Q7IHByb3Bvc2Ugc3BlY2lmaWMgbGFuZ3VhZ2UgZm9y
IHRoZSBDb3JlIHNwZWMgdG8gYWRkcmVzcyBib3RoIG9mIHRoZTxicj4NCiZndDsgJmd0OyBjb25z
ZW5zdXMgY2FsbCBpc3N1ZSByZXNvbHV0aW9ucy4mbmJzcDsgQWZ0ZXIgdGhlcmUncyBjb25zZW5z
dXMgb24gdGhlPGJyPg0KJmd0OyAmZ3Q7IHNwZWNpZmljIHRleHQgZm9yIENvcmUsIGl0IHdpbGwg
YmUgZWFzeSBmb3IgdXMgdG8gYWRkIGEgcmVmZXJlbmNlIGluPGJyPg0KJmd0OyAmZ3Q7IEJlYXJl
ciB0byB0aGUgbGFuZ3VhZ2UgaW4gQ29yZSBmb3IgdGhlIGVycm9yIHN5bnRheCByZXN0cmljdGlv
bnMgYW5kPGJyPg0KJmd0OyAmZ3Q7IHRvIHVzZSB0aGUgT0F1dGggZXJyb3JzIHJlZ2lzdHJ5LiZu
YnNwOyBJJ2xsIGRvIHRoYXQgaW4gcGFyYWxsZWwgd2l0aCB0aGUgZGlzY3Vzc2lvbnM8YnI+DQom
Z3Q7IG9uIHRoZSBwcm9wb3NlZCBjb3JlIGxhbmd1YWdlIGNoYW5nZXMuPGJyPg0KJmd0OyAmZ3Q7
ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7
PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7IEEgc3VtbWFyeSBvZiB0aGUgY2hhbmdlcyBJIG1hZGUg
aW4gcmVzcG9uc2UgdG8gdGhlIGNvbnNlbnN1cyBjYWxsPGJyPg0KJmd0OyAmZ3Q7IGNvbmNsdXNp
b25zIGFyZTo8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsg
KiZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyBBZGQgc3ludGF4IHJlc3RyaWN0aW9ucyBmb3Ig
JnF1b3Q7ZXJyb3ImcXVvdDssICZxdW90O2Vycm9yX2Rlc2NyaXB0aW9uJnF1b3Q7LCBhbmQ8YnI+
DQomZ3Q7ICZndDsgJnF1b3Q7ZXJyb3JfdXJpJnF1b3Q7IGZyb20gQmVhcmVyIHRvIENvcmU8YnI+
DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsgKiZuYnNwOyAmbmJz
cDsgJm5ic3A7ICZuYnNwOyBBZGQgc2VjdGlvbiA3LjIgYWJvdXQgZXJyb3IgcmVzcG9uc2VzIGZy
b20gcmVzb3VyY2UgYWNjZXNzPGJyPg0KJmd0OyByZXF1ZXN0czxicj4NCiZndDsgJmd0OyAmZ3Q7
Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyAqJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7
IEFkZCAmcXVvdDtyZXNvdXJjZSBhY2Nlc3MgZXJyb3IgcmVzcG9uc2UmcXVvdDsgdG8gdGhlIGNh
dGVnb3J5IG9mIE9BdXRoPGJyPg0KJmd0OyAmZ3Q7IGVycm9ycyB0aGF0IGNhbiBiZSByZWdpc3Rl
cmVkPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0K
Jmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7IEFkZGl0aW9uYWwgZWRp
dG9yaWFsIGNoYW5nZXMgdGhhdCBJIG1hZGUgYXMgSSBlbmNvdW50ZXJlZCBpc3N1ZXMgaW48YnI+
DQomZ3Q7ICZndDsgJmd0OyZndDsgdGhlPGJyPg0KJmd0OyAmZ3Q7IGRvY3VtZW50IHdlcmU6PGJy
Pg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7ICombmJzcDsgJm5i
c3A7ICZuYnNwOyAmbmJzcDsgVXBkYXRlZCBvdXQgb2YgZGF0ZSByZWZlcmVuY2VzLCBlc3BlY2lh
bGx5IHRoZSBkcmFmdC1oYXJkdC1vYXV0aC08YnI+DQomZ3Q7IDAxPGJyPg0KJmd0OyAmZ3Q7IHJl
ZmVyZW5jZSwgd2hpY2ggY29udGFpbmVkIGFuIGludmFsaWQgbGluazxicj4NCiZndDsgJmd0OyAm
Z3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyAqJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5i
c3A7IEFkZGVkIERlcmVrIEF0a2lucyB0byB0aGUgbGlzdCBvZiBjaGFpcnM8YnI+DQomZ3Q7ICZn
dDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsgKiZuYnNwOyAmbmJzcDsgJm5ic3A7
ICZuYnNwOyBBZGRlZCBZYXJvbiBHb2xhbmQncyBtaWRkbGUgaW5pdGlhbCBZLiAoc2luY2UgaGUg
cHJlZmVycyB0byBpbmNsdWRlPGJyPg0KJmd0OyBpdDxicj4NCiZndDsgJmd0OyBpbiBwdWJsaWNh
dGlvbnMpPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7ICom
bmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgUmVwbGFjZWQgdXNlIG9mIHRoZSBkZXByZWNhdGVk
ICZsdDthcHBlbmRpeCZndDsgZWxlbWVudCwgd2hpY2g8YnI+DQomZ3Q7ICZndDsgcHJldmVudGVk
IHRoZSBzcGVjIGZyb20gYnVpbGRpbmcgd2l0aCBzdHJpY3QgY2hlY2tpbmcsIHdpdGggYTxicj4N
CiZndDsgJmd0OyAmbHQ7c2VjdGlvbiZndDsgZWxlbWVudCBpbiB0aGUgJmx0O2JhY2smZ3Q7IHNl
Y3Rpb24gKHdoaWNoIGNyZWF0ZXMgYW4gYXBwZW5kaXgpPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7
PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0
OyAmZ3Q7ICZndDsmZ3Q7IFRvIG1ha2UgaXQgZWFzeSB0byBpbmNvcnBvcmF0ZSB0aGVzZSBjaGFu
Z2VzIGludG8gdGhlIGRvY3VtZW50IGFuZDxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyBzbzxicj4N
CiZndDsgJmd0OyB0aGUgcHJvcG9zZWQgY2hhbmdlcyBhcmUgdW5hbWJpZ3VvdXMsIEkgcHJvZHVj
ZWQgYW4gZWRpdGVkIHZlcnNpb24gb2Y8YnI+DQomZ3Q7ICZndDsgQ29yZSAtMjYgY29udGFpbmlu
ZyB0aGVzZSBjaGFuZ2VzLiZuYnNwOyBUaGUgeG1sLCB0eHQsIGFuZCBodG1sIHZlcnNpb25zPGJy
Pg0KJmd0OyAmZ3Q7IGFyZSBhdHRhY2hlZCB0byBmYWNpbGl0YXRlIHJldmlldy4mbmJzcDsgUGVy
dGluZW50IGRpZmZzIGZyb20gdGhlIC50eHQgdmVyc2lvbjxicj4NCiZndDsgZm9sbG93Ljxicj4N
CiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0
OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZu
YnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5i
c3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJz
cDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNw
OyAmbmJzcDsgJm5ic3A7IENoZWVycyw8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7
ICZndDsgJmd0OyZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAm
bmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZu
YnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5i
c3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAtLSBN
aWtlPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0K
Jmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7IDY4M2M2ODMsNjg0PGJy
Pg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7ICZsdDsmbmJzcDsg
Jm5ic3A7IG5vdGF0aW9uIG9mIFtSRkM1MjM0XS48YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+
DQomZ3Q7ICZndDsgJmd0OyZndDsgLS0tPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0
OyAmZ3Q7ICZndDsmZ3Q7Jmd0OyZuYnNwOyBub3RhdGlvbiBvZiBbUkZDNTIzNF0uJm5ic3A7IEFk
ZGl0aW9uYWxseSwgdGhlIHJ1bGUgVVJJLVJlZmVyZW5jZSBpczxicj4NCiZndDsgJmd0OyAmZ3Q7
Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyZndDsmbmJzcDsgaW5jbHVkZWQgZnJvbSBVbmlm
b3JtIFJlc291cmNlIElkZW50aWZpZXIgKFVSSSkgW1JGQzM5ODZdLjxicj4NCiZndDsgJmd0OyAm
Z3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyAxNDQxYzE0NDEsMTQ0Mjxicj4NCiZndDsg
Jmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyAmbHQ7Jm5ic3A7ICZuYnNwOyAm
bmJzcDsgJm5ic3A7ICZuYnNwOyBSRVFVSVJFRC4mbmJzcDsgQSBzaW5nbGUgZXJyb3IgY29kZSBm
cm9tIHRoZSBmb2xsb3dpbmc6PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7
ICZndDsmZ3Q7IC0tLTxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7
Jmd0OyZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgUkVRVUlSRUQuJm5ic3A7IEEgc2lu
Z2xlIEFTQ0lJIFtVU0FTQ0lJXSBlcnJvciBjb2RlIGZyb20gdGhlPGJyPg0KJmd0OyAmZ3Q7ICZn
dDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7Jmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZu
YnNwOyBmb2xsb3dpbmc6PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZn
dDsmZ3Q7IDE0NzRhMTQ3NSwxNDc2PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAm
Z3Q7ICZndDsmZ3Q7Jmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyBWYWx1ZXMgZm9yIHRo
ZSAmcXVvdDtlcnJvciZxdW90OyBwYXJhbWV0ZXIgTVVTVCBOT1QgaW5jbHVkZTxicj4NCiZndDsg
Jmd0OyAmZ3Q7Jmd0OyZndDsgY2hhcmFjdGVyczxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4N
CiZndDsgJmd0OyAmZ3Q7Jmd0OyZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgb3V0c2lk
ZSB0aGUgc2V0ICV4MjAtMjEgLyAleDIzLTVCIC8gJXg1RC03RS48YnI+DQomZ3Q7ICZndDsgJmd0
OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsgMTQ3NmMxNDc4PGJyPg0KJmd0OyAmZ3Q7ICZn
dDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7ICZsdDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAm
bmJzcDsgJm5ic3A7IE9QVElPTkFMLiZuYnNwOyBBIGh1bWFuLXJlYWRhYmxlIFVURi04IGVuY29k
ZWQgdGV4dCBwcm92aWRpbmc8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsg
Jmd0OyZndDsgLS0tPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsm
Z3Q7Jmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyBPUFRJT05BTC4mbmJzcDsgQSBodW1h
bi1yZWFkYWJsZSBBU0NJSSBbVVNBU0NJSV0gdGV4dCBwcm92aWRpbmc8YnI+DQomZ3Q7ICZndDsg
Jmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsgMTQ3OGExNDgxLDE0ODI8YnI+DQomZ3Q7
ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsmZ3Q7Jm5ic3A7ICZuYnNwOyAm
bmJzcDsgJm5ic3A7IFZhbHVlcyBmb3IgdGhlICZxdW90O2Vycm9yX2Rlc2NyaXB0aW9uJnF1b3Q7
IHBhcmFtZXRlciBNVVNUIE5PVDxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyZndDsgaW5jbHVkZTxi
cj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyZndDsmbmJzcDsg
Jm5ic3A7ICZuYnNwOyAmbmJzcDsgY2hhcmFjdGVycyBvdXRzaWRlIHRoZSBzZXQgJXgyMC0yMSAv
ICV4MjMtNUIgLyAleDVELTdFLjxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0
OyAmZ3Q7Jmd0OyAxNDgyYTE0ODcsMTQ4OTxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZn
dDsgJmd0OyAmZ3Q7Jmd0OyZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgVmFsdWVzIGZv
ciB0aGUgJnF1b3Q7ZXJyb3JfdXJpJnF1b3Q7IHBhcmFtZXRlciBNVVNUIGNvbmZvcm0gdG8gdGhl
PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7Jmd0OyBVUkktPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7
PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7Jmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyBS
ZWZlcmVuY2Ugc3ludGF4LCBhbmQgdGh1cyBNVVNUIE5PVCBpbmNsdWRlIGNoYXJhY3RlcnM8YnI+
DQomZ3Q7ICZndDsgJmd0OyZndDsmZ3Q7IG91dHNpZGU8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8
YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsmZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7IHRo
ZSBzZXQgJXgyMSAvICV4MjMtNUIgLyAleDVELTdFLjxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxi
cj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyAxODQwYzE4NDAsMTg0MTxicj4NCiZndDsgJmd0OyAmZ3Q7
Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyAmbHQ7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5i
c3A7ICZuYnNwOyBSRVFVSVJFRC4mbmJzcDsgQSBzaW5nbGUgZXJyb3IgY29kZSBmcm9tIHRoZSBm
b2xsb3dpbmc6PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7
IC0tLTxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyZndDsm
bmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgUkVRVUlSRUQuJm5ic3A7IEEgc2luZ2xlIEFTQ0lJ
IFtVU0FTQ0lJXSBlcnJvciBjb2RlIGZyb20gdGhlPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJy
Pg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7Jmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyBmb2xs
b3dpbmc6PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7IDE4
NzNhMTg3NCwxODc1PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsm
Z3Q7Jmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyBWYWx1ZXMgZm9yIHRoZSAmcXVvdDtl
cnJvciZxdW90OyBwYXJhbWV0ZXIgTVVTVCBOT1QgaW5jbHVkZTxicj4NCiZndDsgJmd0OyAmZ3Q7
Jmd0OyZndDsgY2hhcmFjdGVyczxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0
OyAmZ3Q7Jmd0OyZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgb3V0c2lkZSB0aGUgc2V0
ICV4MjAtMjEgLyAleDIzLTVCIC8gJXg1RC03RS48YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+
DQomZ3Q7ICZndDsgJmd0OyZndDsgMTg3NWMxODc3PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJy
Pg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7ICZsdDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5i
c3A7IE9QVElPTkFMLiZuYnNwOyBBIGh1bWFuLXJlYWRhYmxlIFVURi04IGVuY29kZWQgdGV4dCBw
cm92aWRpbmc8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsg
LS0tPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7Jmd0OyZu
YnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyBPUFRJT05BTC4mbmJzcDsgQSBodW1hbi1yZWFkYWJs
ZSBBU0NJSSBbVVNBU0NJSV0gdGV4dCBwcm92aWRpbmc8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8
YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsgMTg3N2ExODgwLDE4ODE8YnI+DQomZ3Q7ICZndDsgJmd0
OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsmZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5i
c3A7IFZhbHVlcyBmb3IgdGhlICZxdW90O2Vycm9yX2Rlc2NyaXB0aW9uJnF1b3Q7IHBhcmFtZXRl
ciBNVVNUIE5PVDxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyZndDsgaW5jbHVkZTxicj4NCiZndDsg
Jmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyZndDsmbmJzcDsgJm5ic3A7ICZu
YnNwOyAmbmJzcDsgY2hhcmFjdGVycyBvdXRzaWRlIHRoZSBzZXQgJXgyMC0yMSAvICV4MjMtNUIg
LyAleDVELTdFLjxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0
OyAxODgxYTE4ODYsMTg4ODxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAm
Z3Q7Jmd0OyZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgVmFsdWVzIGZvciB0aGUgJnF1
b3Q7ZXJyb3JfdXJpJnF1b3Q7IHBhcmFtZXRlciBNVVNUIGNvbmZvcm0gdG8gdGhlPGJyPg0KJmd0
OyAmZ3Q7ICZndDsmZ3Q7Jmd0OyBVUkktPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0
OyAmZ3Q7ICZndDsmZ3Q7Jmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyBSZWZlcmVuY2Ug
c3ludGF4LCBhbmQgdGh1cyBNVVNUIE5PVCBpbmNsdWRlIGNoYXJhY3RlcnM8YnI+DQomZ3Q7ICZn
dDsgJmd0OyZndDsmZ3Q7IG91dHNpZGU8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7
ICZndDsgJmd0OyZndDsmZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7IHRoZSBzZXQgJXgy
MSAvICV4MjMtNUIgLyAleDVELTdFLjxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsg
Jmd0OyAmZ3Q7Jmd0OyAmbHQ7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyBSRVFV
SVJFRC4mbmJzcDsgQSBzaW5nbGUgZXJyb3IgY29kZSBmcm9tIHRoZSBmb2xsb3dpbmc6PGJyPg0K
Jmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7IC0tLTxicj4NCiZndDsg
Jmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyZndDsmbmJzcDsgJm5ic3A7ICZu
YnNwOyAmbmJzcDsgUkVRVUlSRUQuJm5ic3A7IEEgc2luZ2xlIEFTQ0lJIFtVU0FTQ0lJXSBlcnJv
ciBjb2RlIGZyb20gdGhlPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZn
dDsmZ3Q7Jmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyBmb2xsb3dpbmc6PGJyPg0KJmd0
OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7IDIzMjVhMjMyNiwyMzI3PGJy
Pg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7Jmd0OyZuYnNwOyAm
bmJzcDsgJm5ic3A7ICZuYnNwOyBWYWx1ZXMgZm9yIHRoZSAmcXVvdDtlcnJvciZxdW90OyBwYXJh
bWV0ZXIgTVVTVCBOT1QgaW5jbHVkZTxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyZndDsgY2hhcmFj
dGVyczxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyZndDsm
bmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgb3V0c2lkZSB0aGUgc2V0ICV4MjAtMjEgLyAleDIz
LTVCIC8gJXg1RC03RS48YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0
OyZndDsgMjMyN2MyMzI5PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZn
dDsmZ3Q7ICZsdDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7IE9QVElPTkFMLiZu
YnNwOyBBIGh1bWFuLXJlYWRhYmxlIFVURi04IGVuY29kZWQgdGV4dCBwcm92aWRpbmc8YnI+DQom
Z3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsgLS0tPGJyPg0KJmd0OyAm
Z3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7Jmd0OyZuYnNwOyAmbmJzcDsgJm5i
c3A7ICZuYnNwOyBPUFRJT05BTC4mbmJzcDsgQSBodW1hbi1yZWFkYWJsZSBBU0NJSSBbVVNBU0NJ
SV0gdGV4dCBwcm92aWRpbmc8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsg
Jmd0OyZndDsgMjMyOWEyMzMyLDIzMzM8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7
ICZndDsgJmd0OyZndDsmZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7IFZhbHVlcyBmb3Ig
dGhlICZxdW90O2Vycm9yX2Rlc2NyaXB0aW9uJnF1b3Q7IHBhcmFtZXRlciBNVVNUIE5PVDxicj4N
CiZndDsgJmd0OyAmZ3Q7Jmd0OyZndDsgaW5jbHVkZTxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxi
cj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgY2hh
cmFjdGVycyBvdXRzaWRlIHRoZSBzZXQgJXgyMC0yMSAvICV4MjMtNUIgLyAleDVELTdFLjxicj4N
CiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyAyMzMzYTIzMzgsMjM0
MDxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyZndDsmbmJz
cDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgVmFsdWVzIGZvciB0aGUgJnF1b3Q7ZXJyb3JfdXJpJnF1
b3Q7IHBhcmFtZXRlciBNVVNUIGNvbmZvcm0gdG8gdGhlPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7
Jmd0OyBVUkktPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7
Jmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyBSZWZlcmVuY2Ugc3ludGF4LCBhbmQgdGh1
cyBNVVNUIE5PVCBpbmNsdWRlIGNoYXJhY3RlcnM8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsmZ3Q7
IG91dHNpZGU8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsm
Z3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7IHRoZSBzZXQgJXgyMSAvICV4MjMtNUIgLyAl
eDVELTdFLjxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyAy
NDUwYzI0NjAsMjQ2ODxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7
Jmd0OyAmbHQ7Jm5ic3A7ICZuYnNwOyBUaGUgbWV0aG9kIGluIHdoaWNoIHRoZSBjbGllbnQgdXRp
bGl6ZWQgdGhlIGFjY2VzcyB0b2tlbiB0bzxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZn
dDsgJmd0OyAmZ3Q7Jmd0OyAtLS08YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZn
dDsgJmd0OyZndDsmZ3Q7Jm5ic3A7IFRoZSBtZXRob2QgaW4gd2hpY2ggdGhlIGNsaWVudCB1dGls
aXplcyB0aGUgYWNjZXNzIHRva2VuIHRvPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0
OyAmZ3Q7ICZndDsmZ3Q7IDI0NzljMjQ4OTxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZn
dDsgJmd0OyAmZ3Q7Jmd0OyAmbHQ7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgQXV0aG9yaXphdGlvbjog
QmVhcmVyIDdGamZwMFpCcjFLdERSYm5mVmRtSXc8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+
DQomZ3Q7ICZndDsgJmd0OyZndDsgLS0tPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0
OyAmZ3Q7ICZndDsmZ3Q7Jmd0OyZuYnNwOyAmbmJzcDsgQXV0aG9yaXphdGlvbjogQmVhcmVyIG1G
XzkuQjVmLTQuMUpxTTxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7
Jmd0OyAyNTAzYTI1MTQsMjUzMzxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0
OyAmZ3Q7Jmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0
OyZndDsmZ3Q7IDcuMi4mbmJzcDsgRXJyb3IgUmVzcG9uc2U8YnI+DQomZ3Q7ICZndDsgJmd0OyZn
dDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJy
Pg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7Jmd0OyZuYnNwOyBJZiBhIHJlc291cmNlIGFjY2VzcyByZXF1
ZXN0IGZhaWxzLCB0aGUgcmVzb3VyY2Ugc2VydmVyIFNIT1VMRDxicj4NCiZndDsgJmd0OyAmZ3Q7
Jmd0OyZndDsgaW5mb3JtPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZn
dDsmZ3Q7Jmd0OyZuYnNwOyB0aGUgY2xpZW50IG9mIHRoZSBlcnJvci4mbmJzcDsgV2hpbGUgdGhl
IHNwZWNpZmljIGVycm9yIHJlc3BvbnNlczxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyZndDsgcG9z
c2libGU8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsmZ3Q7
Jm5ic3A7IGFuZCBtZXRob2RzIGZvciB0cmFuc21pdHRpbmcgdGhvc2UgZXJyb3JzIHdoZW4gdXNp
bmcgYW55PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7Jmd0OyBwYXJ0aWN1bGFyPGJyPg0KJmd0OyAm
Z3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7Jmd0OyZuYnNwOyBhY2Nlc3MgdG9r
ZW4gdHlwZSBhcmUgYmV5b25kIHRoZSBzY29wZSBvZiB0aGlzIHNwZWNpZmljYXRpb24sPGJyPg0K
Jmd0OyAmZ3Q7ICZndDsmZ3Q7Jmd0OyBhbnk8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQom
Z3Q7ICZndDsgJmd0OyZndDsmZ3Q7Jm5ic3A7IGVycm9yIGNvZGVzIGRlZmluZWQgZm9yIHVzZSB3
aXRoIE9BdXRoIHJlc291cmNlIGFjY2VzcyBtZXRob2RzPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7
Jmd0OyBNVVNUPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7
Jmd0OyZuYnNwOyBiZSByZWdpc3RlcmVkIChmb2xsb3dpbmcgdGhlIHByb2NlZHVyZXMgaW4gU2Vj
dGlvbiAxMS40KS48YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZn
dDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7Jmd0
Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyAyNjAyLDI2
MDNjMjYyNCwyNjI2PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsm
Z3Q7ICZsdDsmbmJzcDsgJm5ic3A7IChTZWN0aW9uIDQuMi4yLjEpLCBvciB0aGUgdG9rZW4gZXJy
b3IgcmVzcG9uc2UgKFNlY3Rpb24gNS4yKSwgc3VjaDxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxi
cj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyAmbHQ7Jm5ic3A7ICZuYnNwOyBlcnJvciBjb2RlcyBNQVkg
YmUgZGVmaW5lZC48YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZn
dDsgLS0tPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7Jmd0
OyZuYnNwOyAoU2VjdGlvbiA0LjIuMi4xKSwgdGhlIHRva2VuIGVycm9yIHJlc3BvbnNlIChTZWN0
aW9uIDUuMiksIG9yPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7Jmd0OyB0aGU8YnI+DQomZ3Q7ICZn
dDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsmZ3Q7Jm5ic3A7IHJlc291cmNlIGFj
Y2VzcyBlcnJvciByZXNwb25zZSAoU2VjdGlvbiA3LjIpLCBzdWNoIGVycm9yIGNvZGVzPGJyPg0K
Jmd0OyAmZ3Q7ICZndDsmZ3Q7Jmd0OyBNQVkgYmU8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+
DQomZ3Q7ICZndDsgJmd0OyZndDsmZ3Q7Jm5ic3A7IGRlZmluZWQuPGJyPg0KJmd0OyAmZ3Q7ICZn
dDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7IDM0NDRjMzQ4NCwzNDg1PGJyPg0KJmd0OyAm
Z3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7ICZsdDsmbmJzcDsgJm5ic3A7ICZu
YnNwOyAoU2VjdGlvbiA0LjIuMi4xKSwgb3IgdG9rZW4gZXJyb3IgcmVzcG9uc2UgKFNlY3Rpb24g
NS4yKS48YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsgLS0t
PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7Jmd0OyZuYnNw
OyAmbmJzcDsgJm5ic3A7IChTZWN0aW9uIDQuMi4yLjEpLCB0b2tlbiBlcnJvciByZXNwb25zZSAo
U2VjdGlvbiA1LjIpLCBvcjxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyZndDsgcmVzb3VyY2U8YnI+
DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsmZ3Q7Jm5ic3A7ICZu
YnNwOyAmbmJzcDsgYWNjZXNzIGVycm9yIHJlc3BvbnNlIChTZWN0aW9uIDcuMikuPGJyPg0KJmd0
OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7IDM1OTZhMzU1NCwzNTU3PGJy
Pg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7Jmd0OyZuYnNwOyBb
VVNBU0NJSV0mbmJzcDsgQW1lcmljYW4gTmF0aW9uYWwgU3RhbmRhcmRzIEluc3RpdHV0ZSwgJnF1
b3Q7Q29kZWQ8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsmZ3Q7IENoYXJhY3Rlcjxicj4NCiZndDsg
Jmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyZndDsmbmJzcDsgJm5ic3A7ICZu
YnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgU2V0IC0tIDctYml0IEFtZXJpY2FuIFN0
YW5kYXJkIENvZGUgZm9yIEluZm9ybWF0aW9uPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0K
Jmd0OyAmZ3Q7ICZndDsmZ3Q7Jmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsg
Jm5ic3A7ICZuYnNwOyBJbnRlcmNoYW5nZSZxdW90OywgQU5TSSBYMy40LCAxOTg2Ljxicj4NCiZn
dDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyZndDs8YnI+DQomZ3Q7ICZn
dDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsgMzYxMSwzNjEyYzM1NzIsMzU3Mzxi
cj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyAmbHQ7Jm5ic3A7
ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7IE9BdXRoIDIuMCZxdW90
OywgZHJhZnQtaWV0Zi1vYXV0aC1zYW1sMi1iZWFyZXItMDggKHdvcmsgaW48YnI+DQomZ3Q7ICZn
dDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsgJmx0OyZuYnNwOyAmbmJzcDsgJm5i
c3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyBwcm9ncmVzcyksIEF1Z3VzdCAyMDExLjxi
cj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyAtLS08YnI+DQom
Z3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsmZ3Q7Jm5ic3A7ICZuYnNw
OyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7IE9BdXRoIDIuMCZxdW90OywgZHJh
ZnQtaWV0Zi1vYXV0aC1zYW1sMi1iZWFyZXItMTIgKHdvcmsgaW48YnI+DQomZ3Q7ICZndDsgJmd0
OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsmZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5i
c3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7IHByb2dyZXNzKSwgTWF5IDIwMTIuPGJyPg0KJmd0OyAm
Z3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7IDM2MTYsMzYxN2MzNTc3LDM1Nzk8
YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsgJmx0OyZuYnNw
OyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyBQcm90b2NvbDogQmVh
cmVyIFRva2VucyZxdW90OywgZHJhZnQtaWV0Zi1vYXV0aC12Mi1iZWFyZXItMDg8YnI+DQomZ3Q7
ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsgJmx0OyZuYnNwOyAmbmJzcDsg
Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAod29yayBpbiBwcm9ncmVzcyksIEp1
bHkgMjAxMS48YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsg
LS0tPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7Jmd0OyZu
YnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyBBdXRob3JpemF0
aW9uIFByb3RvY29sOiBCZWFyZXIgVG9rZW5zJnF1b3Q7LDxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0
Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsg
Jm5ic3A7ICZuYnNwOyAmbmJzcDsgZHJhZnQtaWV0Zi1vYXV0aC12Mi1iZWFyZXItMTkgKHdvcmsg
aW4gcHJvZ3Jlc3MpLDxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7
Jmd0OyZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsg
QXByaWwgMjAxMi48YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZn
dDsgMzYyMCwzNjIzYzM1ODksMzU5MTxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsg
Jmd0OyAmZ3Q7Jmd0OyAmbHQ7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJz
cDsgJm5ic3A7IEhhbW1lci1MYWhhdiwgRS4sIEJhcnRoLCBBLiwgYW5kIEIuIEFkaWRhLCAmcXVv
dDtIVFRQPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7ICZs
dDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgQXV0aGVu
dGljYXRpb246IE1BQyBBY2Nlc3MgQXV0aGVudGljYXRpb24mcXVvdDssPGJyPg0KJmd0OyAmZ3Q7
ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7ICZsdDsmbmJzcDsgJm5ic3A7ICZuYnNw
OyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgZHJhZnQtaWV0Zi1vYXV0aC12Mi1odHRwLW1h
Yy0wMCAod29yayBpbiBwcm9ncmVzcyksPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0
OyAmZ3Q7ICZndDsmZ3Q7ICZsdDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZu
YnNwOyAmbmJzcDsgTWF5IDIwMTEuPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAm
Z3Q7ICZndDsmZ3Q7IC0tLTxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAm
Z3Q7Jmd0OyZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJz
cDsgSGFtbWVyLUxhaGF2LCBFLiwgJnF1b3Q7SFRUUCBBdXRoZW50aWNhdGlvbjogTUFDIEFjY2Vz
czxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyZndDsmbmJz
cDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgQXV0aGVudGljYXRp
b24mcXVvdDssIGRyYWZ0LWlldGYtb2F1dGgtdjItaHR0cC1tYWMtMDE8YnI+DQomZ3Q7ICZndDsg
Jmd0OyZndDsmZ3Q7ICh3b3JrIGluPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAm
Z3Q7ICZndDsmZ3Q7Jmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7
ICZuYnNwOyBwcm9ncmVzcyksIEZlYnJ1YXJ5IDIwMTIuPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7
PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7IDM2MjZjMzU5NDxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0
Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyAmbHQ7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7
ICZuYnNwOyAmbmJzcDsgJm5ic3A7IExvZGRlcnN0ZWR0LCBULiwgTWNHbG9pbiwgTS4sIGFuZCBQ
LiBIdW50LCAmcXVvdDtPQXV0aCAyLjA8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7
ICZndDsgJmd0OyZndDsgLS0tPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7
ICZndDsmZ3Q7Jmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZu
YnNwOyBNY0dsb2luLCBNLiwgSHVudCwgUC4sIGFuZCBULiBMb2RkZXJzdGVkdCwgJnF1b3Q7T0F1
dGggMi4wPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7IDM2
MjgsMzYyOWMzNTk2LDM1OTc8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsg
Jmd0OyZndDsgJmx0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZu
YnNwOyBkcmFmdC1pZXRmLW9hdXRoLXYyLXRocmVhdG1vZGVsLTAwICh3b3JrIGluIHByb2dyZXNz
KSw8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsgJmx0OyZu
YnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyBKdWx5IDIwMTEu
PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7IC0tLTxicj4N
CiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyZndDsmbmJzcDsgJm5i
c3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgZHJhZnQtaWV0Zi1vYXV0aC12
Mi10aHJlYXRtb2RlbC0wMiAod29yayBpbjxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyZndDsgcHJv
Z3Jlc3MpLDxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyZn
dDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgRmVicnVh
cnkgMjAxMi48YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsg
MzQ2OCwzNTQ2ZDM1MDM8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0
OyZndDsgJmx0OyZuYnNwOyAmbmJzcDsgQnJpYW4gRWF0b24sIFlhcm9uIEdvbGFuZCwgRGljayBI
YXJkdCwgYW5kIEFsbGVuIFRvbS48YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZn
dDsgJmd0OyZndDsgMzYzOWMzNjA5LDM2Mzk8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQom
Z3Q7ICZndDsgJmd0OyZndDsmZ3Q7Jm5ic3A7IEJyaWFuIEVhdG9uLCBZYXJvbiBZLiBHb2xhbmQs
IERpY2sgSGFyZHQsIGFuZCBBbGxlbiBUb20uPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0K
Jmd0OyAmZ3Q7ICZndDsmZ3Q7IDM0NjgsMzU0NmQzNTAzPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7
PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7ICZsdDsmbmJzcDsgJm5ic3A7IFlhcm9uIEdvbGFuZCwg
QnJlbnQgR29sZG1hbiwgS3Jpc3RvZmZlciBHcm9ub3dza2ksIEp1c3RpbiBIYXJ0LDxicj4NCiZn
dDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyAzNjQ0LDM2NDVjMzY0NCwz
NjU2PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7Jmd0OyZu
YnNwOyBZYXJvbiBZLiBHb2xhbmQsIEJyZW50IEdvbGRtYW4sIEtyaXN0b2ZmZXIgR3Jvbm93c2tp
LCBKdXN0aW48YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsmZ3Q7IEhhcnQsPGJyPg0KJmd0OyAmZ3Q7
ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7IDM0NjgsMzU0NmQzNTAzPGJyPg0KJmd0
OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7ICZsdDsmbmJzcDsgJm5ic3A7
IFRoaXMgZG9jdW1lbnQgd2FzIHByb2R1Y2VkIHVuZGVyIHRoZSBjaGFpcm1hbnNoaXAgb2YgQmxh
aW5lPGJyPg0KJmd0OyBDb29rLDxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0
OyAmZ3Q7Jmd0OyAmbHQ7Jm5ic3A7ICZuYnNwOyBQZXRlciBTYWludC1BbmRyZSwgSGFubmVzIFRz
Y2hvZmVuaWcsIGFuZCBCYXJyeSBMZWliYS4mbmJzcDsgVGhlIGFyZWE8YnI+DQomZ3Q7ICZndDsg
Jmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsgJmx0OyZuYnNwOyAmbmJzcDsgZGlyZWN0
b3JzIGluY2x1ZGVkIExpc2EgRHVzc2VhdWx0LCBQZXRlciBTYWludC1BbmRyZSwgYW5kIFN0ZXBo
ZW48YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsgJmx0OyZu
YnNwOyAmbmJzcDsgRmFycmVsbC48YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZn
dDsgJmd0OyZndDsgMzY0NmEzNjU4LDM2NjE8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQom
Z3Q7ICZndDsgJmd0OyZndDsmZ3Q7Jm5ic3A7IFRoaXMgZG9jdW1lbnQgd2FzIHByb2R1Y2VkIHVu
ZGVyIHRoZSBjaGFpcm1hbnNoaXAgb2YgQmxhaW5lPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7Jmd0
OyBDb29rLDxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyZn
dDsmbmJzcDsgUGV0ZXIgU2FpbnQtQW5kcmUsIEhhbm5lcyBUc2Nob2ZlbmlnLCBCYXJyeSBMZWli
YSwgYW5kIERlcmVrIEF0a2lucy48YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZn
dDsgJmd0OyZndDsmZ3Q7Jm5ic3A7IFRoZSBhcmVhIGRpcmVjdG9ycyBpbmNsdWRlZCBMaXNhIER1
c3NlYXVsdCwgUGV0ZXIgU2FpbnQtQW5kcmUsPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7Jmd0OyBh
bmQ8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsmZ3Q7Jm5i
c3A7IFN0ZXBoZW4gRmFycmVsbC48YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZn
dDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZn
dDsgLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS08YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsgRnJv
bTogPGEgaHJlZj0ibWFpbHRvOm9hdXRoLWJvdW5jZXNAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5r
Ij5vYXV0aC1ib3VuY2VzQGlldGYub3JnPC9hPiBbbWFpbHRvOjxhIGhyZWY9Im1haWx0bzpvYXV0
aC1ib3VuY2VzQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+b2F1dGgtYm91bmNlc0BpZXRmLm9y
ZzwvYT5dIE9uPGJyPg0KJmd0OyAmZ3Q7IEJlaGFsZiBPZiBIYW5uZXMgVHNjaG9mZW5pZzxicj4N
CiZndDsgJmd0OyAmZ3Q7Jmd0OyBTZW50OiBXZWRuZXNkYXksIE1heSAyMywgMjAxMiAxMToyNyBB
TTxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyBUbzogPGEgaHJlZj0ibWFpbHRvOm9hdXRoQGlldGYu
b3JnIiB0YXJnZXQ9Il9ibGFuayI+b2F1dGhAaWV0Zi5vcmc8L2E+IFdHPGJyPg0KJmd0OyAmZ3Q7
ICZndDsmZ3Q7IFN1YmplY3Q6IFtPQVVUSC1XR10gRXJyb3IgRW5jb2Rpbmc6IENvbmNsdXNpb248
YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7
ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsgSGkgYWxsLDxicj4NCiZndDsg
Jmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7
Jmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0OyBvbiBNYXkgMTB0aCB3ZSBjYWxsZWQgZm9yIGNv
bnNlbnN1cyBvbiBhbiBvcGVuIGlzc3VlIHJlZ2FyZGluZyB0aGU8YnI+DQomZ3Q7ICZndDsgJmd0
OyZndDsgZXJyb3I8YnI+DQomZ3Q7ICZndDsgZW5jb2RpbmcuIEhlcmUgaXMgdGhlIGxpbmsgdG8g
dGhlIGNhbGw6PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7
IDxhIGhyZWY9Imh0dHA6Ly93d3cuaWV0Zi5vcmcvbWFpbC1hcmNoaXZlL3dlYi9vYXV0aC9jdXJy
ZW50L21zZzA4OTk0Lmh0bWwiIHRhcmdldD0iX2JsYW5rIj4NCmh0dHA6Ly93d3cuaWV0Zi5vcmcv
bWFpbC1hcmNoaXZlL3dlYi9vYXV0aC9jdXJyZW50L21zZzA4OTk0Lmh0bWw8L2E+PGJyPg0KJmd0
OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZn
dDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7IFRoYW5rIHlvdSBhbGwgZm9yIHRoZSBmZWVk
YmFjay4gVGhlIGNvbmNsdXNpb24gb2YgdGhlIGNvbnNlbnN1czxicj4NCiZndDsgJmd0OyAmZ3Q7
Jmd0OyBjYWxsIHdhczxicj4NCiZndDsgJmd0OyB0byBoYXJtb25pemUgdGhlIGVuY29kaW5nIGJl
dHdlZW4gdGhlIHR3byBzcGVjaWZpY2F0aW9ucyBieTxicj4NCiZndDsgJmd0OyBpbmNvcnBvcmF0
aW5nIHRoZSByZXN0cmljdGlvbnMgZnJvbSB0aGUgYmVhcmVyIHNwZWNpZmljYXRpb24gaW50byB0
aGU8YnI+DQomZ3Q7ICZndDsgYmFzZSBzcGVjaWZpY2F0aW9uLiBUaGUgZXJyb3IgZW5jb2Rpbmcg
d2lsbCBnbyBpbnRvIHRoZSBjb3JlPGJyPg0KJmd0OyAmZ3Q7IHNwZWNpZmljYXRpb24gYW5kIHRo
ZSBiZWFyZXIgc3BlY2lmaWNhdGlvbiB3aWxsIHJlZmVyZW5jZSBpdC48YnI+DQomZ3Q7ICZndDsg
Jmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8
YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsgQ2lhbzxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4N
CiZndDsgJmd0OyAmZ3Q7Jmd0OyBIYW5uZXMgJmFtcDsgRGVyZWs8YnI+DQomZ3Q7ICZndDsgJmd0
OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+
DQomZ3Q7ICZndDsgJmd0OyZndDsgX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX188YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZn
dDsgT0F1dGggbWFpbGluZyBsaXN0PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAm
Z3Q7ICZndDsmZ3Q7IDxhIGhyZWY9Im1haWx0bzpPQXV0aEBpZXRmLm9yZyIgdGFyZ2V0PSJfYmxh
bmsiPk9BdXRoQGlldGYub3JnPC9hPjxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsg
Jmd0OyAmZ3Q7Jmd0OyA8YSBocmVmPSJodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3Rp
bmZvL29hdXRoIiB0YXJnZXQ9Il9ibGFuayI+aHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9s
aXN0aW5mby9vYXV0aDwvYT48YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsg
Jmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8
YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsgX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX188YnI+DQomZ3Q7ICZndDsgJmd0OyZndDsgT0F1dGggbWFpbGluZyBsaXN0
PGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7IDxhIGhyZWY9Im1haWx0bzpPQXV0aEBpZXRmLm9yZyIg
dGFyZ2V0PSJfYmxhbmsiPk9BdXRoQGlldGYub3JnPC9hPjxicj4NCiZndDsgJmd0OyAmZ3Q7Jmd0
OyA8YSBocmVmPSJodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL29hdXRoIiB0
YXJnZXQ9Il9ibGFuayI+aHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9vYXV0
aDwvYT48YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZndDs8YnI+
DQomZ3Q7ICZndDsgJmd0OyZndDsgJmx0O2RyYWZ0LWlldGYtb2F1dGgtdjItMjYmIzQzO21iai0y
LnhtbCZndDsmbHQ7ZHJhZnQtaWV0Zi1vYXV0aC12Mi0yNiYjNDM7bWJqLTxicj4NCiZndDsgJmd0
OyAyLnR4dCZndDsmbHQ7ZHJhZnQtaWV0Zi1vYXV0aC12Mi0yNiYjNDM7bWJqLTIuaHRtbCZndDs8
YnI+DQomZ3Q7ICZndDsgJmd0Ozxicj4NCiZndDsgPGJyPg0KJmd0OyA8YnI+DQo8YnI+DQpfX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXzxicj4NCk9BdXRoIG1h
aWxpbmcgbGlzdDxicj4NCjxhIGhyZWY9Im1haWx0bzpPQXV0aEBpZXRmLm9yZyIgdGFyZ2V0PSJf
YmxhbmsiPk9BdXRoQGlldGYub3JnPC9hPjxicj4NCjxhIGhyZWY9Imh0dHBzOi8vd3d3LmlldGYu
b3JnL21haWxtYW4vbGlzdGluZm8vb2F1dGgiIHRhcmdldD0iX2JsYW5rIj5odHRwczovL3d3dy5p
ZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL29hdXRoPC9hPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N
CjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjwvZGl2Pg0KPC9kaXY+DQo8
L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2lu
LWJvdHRvbToxMi4wcHQ7YmFja2dyb3VuZDp3aGl0ZSI+PHNwYW4gc3R5bGU9ImNvbG9yOmJsYWNr
Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ibG9ja3F1
b3RlPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K

--_000_4E1F6AAD24975D4BA5B168042967394366523066TK5EX14MBXC284r_--